Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2025-03-07 16:39:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19136 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Fri Mar 7 16:39:26 2025 rev:449 rq:1251116 version:136.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2025-02-05 12:40:14.484093406 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19136/MozillaFirefox.changes 2025-03-07 16:40:39.949583514 +0100 @@ -1,0 +2,47 @@ +Thu Mar 6 07:18:59 UTC 2025 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 136.0 + https://www.mozilla.org/en-US/firefox/136.0/releasenotes/ + MFSA 2025-14 (bsc#1237683) + * CVE-2025-1930 (bmo#1902309) + AudioIPC StreamData could trigger a use-after-free in the + Browser process + * CVE-2025-1939 (bmo#1928334) + Tapjacking in Android Custom Tabs using transition animations + * CVE-2025-1931 (bmo#1944126) + Use-after-free in WebTransportChild + * CVE-2025-1932 (bmo#1944313) + Inconsistent comparator in XSLT sorting led to out-of-bounds access + * CVE-2025-1933 (bmo#1946004) + JIT corruption of WASM i32 return values on 64-bit CPUs + * CVE-2025-1940 (bmo#1908488) + Android Intent confirmation prompt tapjacking using Select options + * CVE-2024-9956 (bmo#1922357) + Passkey phishing within Bluetooth range + * CVE-2025-1934 (bmo#1942881) + Unexpected GC during RegExp bailout processing + * CVE-2025-1941 (bmo#1944665) + Lock screen setting bypass in Firefox Focus for Android + * CVE-2025-1942 (bmo#1947139) + Disclosure of uninitialized memory when .toUpperCase() causes + string to get longer + * CVE-2025-1935 (bmo#1866661) + Clickjacking the registerProtocolHandler info-bar + * CVE-2025-1936 (bmo#1940027) + Adding %00 and a fake extension to a jar: URL changed the + interpretation of the contents + * CVE-2025-1937 (bmo#1938471, bmo#1940716) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 + * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586, + bmo#1943912, bmo#1948111) + Memory safety bugs fixed in Firefox 136, Thunderbird 136, + Firefox ESR 128.8, and Thunderbird 128.8 + * CVE-2025-1943 (bmo#1869650, bmo#1938451, bmo#1940326, + bmo#1944052, bmo#1944063, bmo#1947281) + Memory safety bugs fixed in Firefox 136 and Thunderbird 136 +- requires + * NSS 3.108 + * rust 1.84 + +------------------------------------------------------------------- Old: ---- firefox-135.0.source.tar.xz firefox-135.0.source.tar.xz.asc l10n-135.0.tar.xz New: ---- firefox-136.0.source.tar.xz firefox-136.0.source.tar.xz.asc l10n-136.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.KYMYB0/_old 2025-03-07 16:40:55.738244194 +0100 +++ /var/tmp/diff_new_pack.KYMYB0/_new 2025-03-07 16:40:55.742244361 +0100 @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 135 +%define major 136 %define mainver %major.0 -%define orig_version 135.0 +%define orig_version 136.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -103,8 +103,8 @@ %else BuildRequires: gcc-c++ %endif -BuildRequires: cargo1.83 -BuildRequires: rust1.83 +BuildRequires: cargo1.84 +BuildRequires: rust1.84 %if 0%{useccache} != 0 BuildRequires: ccache %endif @@ -114,7 +114,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.36 -BuildRequires: mozilla-nss-devel >= 3.107 +BuildRequires: mozilla-nss-devel >= 3.108 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -722,10 +722,10 @@ %{progdir}/platform.ini %if %crashreporter %{progdir}/crashreporter -#%{progdir}/crashreporter.ini -#%{progdir}/Throbber-small.gif -#%{progdir}/minidump-analyzer -#%{progdir}/browser/crashreporter-override.ini +#%%{progdir}/crashreporter.ini +#%%{progdir}/Throbber-small.gif +#%%{progdir}/minidump-analyzer +#%%{progdir}/browser/crashreporter-override.ini %endif %{_datadir}/applications/%{desktop_file_name}.desktop %{_datadir}/mime/packages/%{progname}.xml ++++++ firefox-135.0.source.tar.xz -> firefox-136.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-135.0.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19136/firefox-136.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-135.0.tar.xz -> l10n-136.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-135.0.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19136/l10n-136.0.tar.xz differ: char 15, line 1 ++++++ mozilla-silence-no-return-type.patch ++++++ ++++ 1299 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/MozillaFirefox/mozilla-silence-no-return-type.patch ++++ and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19136/mozilla-silence-no-return-type.patch ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.KYMYB0/_old 2025-03-07 16:40:56.090258924 +0100 +++ /var/tmp/diff_new_pack.KYMYB0/_new 2025-03-07 16:40:56.094259091 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="135.0" +VERSION="136.0" VERSION_SUFFIX="" -PREV_VERSION="134.0.2" +PREV_VERSION="1354.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"; -RELEASE_TAG="17c38d56ca552e154046a33a3ec8d3bb56ae00a1" -RELEASE_TIMESTAMP="20250130195129" +RELEASE_TAG="2da0b1797683d2fa353390e70080c29b97a63a91" +RELEASE_TIMESTAMP="20250227124745"
