Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2025-03-04 18:33:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.19136 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Tue Mar 4 18:33:53 2025 rev:4 rq:1250101 version:128.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/firefox-esr.changes 2025-02-04 18:15:34.331061090 +0100 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.19136/firefox-esr.changes 2025-03-04 18:34:26.194574131 +0100 @@ -1,0 +2,35 @@ +Tue Mar 4 13:25:21 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 128.8.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 128.8.0 + https://www.mozilla.org/security/advisories/mfsa2025-16 + MFSA 2025-16 (boo#1237683) + * CVE-2024-43097 (bmo#1945624) + Overflow when growing an SkRegion's RunArray + * CVE-2025-1930 (bmo#1902309) + AudioIPC StreamData could trigger a use-after-free in the + Browser process + * CVE-2025-1931 (bmo#1944126) + Use-after-free in WebTransportChild + * CVE-2025-1932 (bmo#1944313) + Inconsistent comparator in XSLT sorting led to out-of-bounds + access + * CVE-2025-1933 (bmo#1946004) + JIT corruption of WASM i32 return values on 64-bit CPUs + * CVE-2025-1934 (bmo#1942881) + Unexpected GC during RegExp bailout processing + * CVE-2025-1935 (bmo#1866661) + Clickjacking the registerProtocolHandler info-bar + * CVE-2025-1936 (bmo#1940027) + Adding %00 and a fake extension to a jar: URL changed the + interpretation of the contents + * CVE-2025-1937 (bmo#1938471, bmo#1940716) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 + * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586, + bmo#1943912, bmo#1948111) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 128.8, and Thunderbird 128.8 + +------------------------------------------------------------------- Old: ---- firefox-128.7.0esr.source.tar.xz firefox-128.7.0esr.source.tar.xz.asc l10n-128.7.0esr.tar.xz New: ---- firefox-128.8.0esr.source.tar.xz firefox-128.8.0esr.source.tar.xz.asc l10n-128.8.0esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.xkpO2u/_old 2025-03-04 18:34:28.986690871 +0100 +++ /var/tmp/diff_new_pack.xkpO2u/_new 2025-03-04 18:34:28.990691038 +0100 @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 128 -%define mainver %major.7.0 -%define orig_version 128.7.0 +%define mainver %major.8.0 +%define orig_version 128.8.0 %define orig_suffix esr %define update_channel esr %define branding 1 ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.xkpO2u/_old 2025-03-04 18:34:29.090695219 +0100 +++ /var/tmp/diff_new_pack.xkpO2u/_new 2025-03-04 18:34:29.098695554 +0100 @@ -1,4 +1,39 @@ ------------------------------------------------------------------- +Tue Mar 4 13:25:21 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 128.8.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 128.8.0 + https://www.mozilla.org/security/advisories/mfsa2025-16 + MFSA 2025-16 (boo#1237683) + * CVE-2024-43097 (bmo#1945624) + Overflow when growing an SkRegion's RunArray + * CVE-2025-1930 (bmo#1902309) + AudioIPC StreamData could trigger a use-after-free in the + Browser process + * CVE-2025-1931 (bmo#1944126) + Use-after-free in WebTransportChild + * CVE-2025-1932 (bmo#1944313) + Inconsistent comparator in XSLT sorting led to out-of-bounds + access + * CVE-2025-1933 (bmo#1946004) + JIT corruption of WASM i32 return values on 64-bit CPUs + * CVE-2025-1934 (bmo#1942881) + Unexpected GC during RegExp bailout processing + * CVE-2025-1935 (bmo#1866661) + Clickjacking the registerProtocolHandler info-bar + * CVE-2025-1936 (bmo#1940027) + Adding %00 and a fake extension to a jar: URL changed the + interpretation of the contents + * CVE-2025-1937 (bmo#1938471, bmo#1940716) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 + * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586, + bmo#1943912, bmo#1948111) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 128.8, and Thunderbird 128.8 + +------------------------------------------------------------------- Mon Feb 3 15:12:37 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> - Firefox Extended Support Release 128.7.0 ESR ++++++ firefox-128.7.0esr.source.tar.xz -> firefox-128.8.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-128.7.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.19136/firefox-128.8.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.xkpO2u/_old 2025-03-04 18:34:29.206700069 +0100 +++ /var/tmp/diff_new_pack.xkpO2u/_new 2025-03-04 18:34:29.210700237 +0100 @@ -1,4 +1,39 @@ ------------------------------------------------------------------- +Tue Mar 4 13:25:21 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 128.8.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 128.8.0 + https://www.mozilla.org/security/advisories/mfsa2025-16 + MFSA 2025-16 (boo#1237683) + * CVE-2024-43097 (bmo#1945624) + Overflow when growing an SkRegion's RunArray + * CVE-2025-1930 (bmo#1902309) + AudioIPC StreamData could trigger a use-after-free in the + Browser process + * CVE-2025-1931 (bmo#1944126) + Use-after-free in WebTransportChild + * CVE-2025-1932 (bmo#1944313) + Inconsistent comparator in XSLT sorting led to out-of-bounds + access + * CVE-2025-1933 (bmo#1946004) + JIT corruption of WASM i32 return values on 64-bit CPUs + * CVE-2025-1934 (bmo#1942881) + Unexpected GC during RegExp bailout processing + * CVE-2025-1935 (bmo#1866661) + Clickjacking the registerProtocolHandler info-bar + * CVE-2025-1936 (bmo#1940027) + Adding %00 and a fake extension to a jar: URL changed the + interpretation of the contents + * CVE-2025-1937 (bmo#1938471, bmo#1940716) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 + * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586, + bmo#1943912, bmo#1948111) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 128.8, and Thunderbird 128.8 + +------------------------------------------------------------------- Mon Feb 3 15:12:37 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> - Firefox Extended Support Release 128.7.0 ESR ++++++ l10n-128.7.0esr.tar.xz -> l10n-128.8.0esr.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/l10n-128.7.0esr.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.19136/l10n-128.8.0esr.tar.xz differ: char 13, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.xkpO2u/_old 2025-03-04 18:34:29.418708934 +0100 +++ /var/tmp/diff_new_pack.xkpO2u/_new 2025-03-04 18:34:29.422709101 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr128" -VERSION="128.7.0" +VERSION="128.8.0" VERSION_SUFFIX="esr" -PREV_VERSION="128.6.0" +PREV_VERSION="128.7.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr128"; -RELEASE_TAG="f3783ad20bf40a11fb4b7ed088236c1a9f7be362" -RELEASE_TIMESTAMP="20250127191809" +RELEASE_TAG="c685d5844a0e4f99ac535b6ffc641fbd07696c68" +RELEASE_TIMESTAMP="20250224130137"
