Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2026-05-08 16:43:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Fri May 8 16:43:50 2026 rev:35 rq:1351465 version:140.10.2 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes 2026-05-05 15:18:01.161669734 +0200 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1966/MozillaFirefox.changes 2026-05-08 16:44:36.831283689 +0200 @@ -1,0 +2,25 @@ +Thu May 7 14:24:15 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.10.2 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.10.2 + https://www.mozilla.org/security/advisories/mfsa2026-41 + MFSA 2026-41 (boo#1264378) + * CVE-2026-8090 (bmo#2034352) + Use-after-free in the DOM: Networking component + * CVE-2026-8091 (bmo#2029301) + Incorrect boundary conditions in the Audio/Video: Playback + component + * CVE-2026-8094 (bmo#2035939) + Other issue in the WebRTC component + * CVE-2026-8092 (bmo#1806249, bmo#2021977, bmo#2022576, + bmo#2022722, bmo#2024439, bmo#2027883, bmo#2029463, + bmo#2030323, bmo#2032042, bmo#2032043, bmo#2033270, + bmo#2033637, bmo#2034422, bmo#2034496, bmo#2035879, + bmo#2036516) + Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR + 140.10.2 and Firefox 150.0.2 +- Refresh mozilla-libavcodec58_91.patch +- Update MozillaFirefox.desktop from a current build in Factory + +------------------------------------------------------------------- firefox-esr.changes: same change Old: ---- firefox-140.10.1esr.source.tar.xz firefox-140.10.1esr.source.tar.xz.asc l10n-140.10.1esr.tar.xz New: ---- firefox-140.10.2esr.source.tar.xz firefox-140.10.2esr.source.tar.xz.asc l10n-140.10.2esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.rdti2g/_old 2026-05-08 16:44:58.316178722 +0200 +++ /var/tmp/diff_new_pack.rdti2g/_new 2026-05-08 16:44:58.320178889 +0200 @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.10.1 -%define orig_version 140.10.1 +%define mainver %major.10.2 +%define orig_version 140.10.2 %define orig_suffix esr %define update_channel esr %define branding 1 ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.rdti2g/_old 2026-05-08 16:44:58.492186055 +0200 +++ /var/tmp/diff_new_pack.rdti2g/_new 2026-05-08 16:44:58.500186388 +0200 @@ -1,4 +1,29 @@ ------------------------------------------------------------------- +Thu May 7 14:24:15 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.10.2 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.10.2 + https://www.mozilla.org/security/advisories/mfsa2026-41 + MFSA 2026-41 (boo#1264378) + * CVE-2026-8090 (bmo#2034352) + Use-after-free in the DOM: Networking component + * CVE-2026-8091 (bmo#2029301) + Incorrect boundary conditions in the Audio/Video: Playback + component + * CVE-2026-8094 (bmo#2035939) + Other issue in the WebRTC component + * CVE-2026-8092 (bmo#1806249, bmo#2021977, bmo#2022576, + bmo#2022722, bmo#2024439, bmo#2027883, bmo#2029463, + bmo#2030323, bmo#2032042, bmo#2032043, bmo#2033270, + bmo#2033637, bmo#2034422, bmo#2034496, bmo#2035879, + bmo#2036516) + Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR + 140.10.2 and Firefox 150.0.2 +- Refresh mozilla-libavcodec58_91.patch +- Update MozillaFirefox.desktop from a current build in Factory + +------------------------------------------------------------------- Mon May 4 15:11:55 UTC 2026 - Manfred Hollstein <[email protected]> - Add patches to address glibc-2.43 related issues: ++++++ MozillaFirefox.desktop ++++++ --- /var/tmp/diff_new_pack.rdti2g/_old 2026-05-08 16:44:58.568189221 +0200 +++ /var/tmp/diff_new_pack.rdti2g/_new 2026-05-08 16:44:58.572189387 +0200 @@ -14,7 +14,7 @@ Name[gl]=Firefox Name[hu]=Firefox Name[id]=Firefox -Name[it]=Firefox +Name[it]=Firefox ESR Name[ja]=Firefox ESR Name[ka]=Firefox ESR Name[kab]=Firefox ESR @@ -336,6 +336,7 @@ Name[ga]=Bainisteoir Cuntas Name[gl]=Xestor de perfís Name[he]=ניהול פרופילים +Name[it]=Gestore profilo Name[ja]=プロファイルマネージャ Name[ka]=პროფილების მმართველი Name[kab]=Amsefrak n umaɣnu ++++++ firefox-140.10.1esr.source.tar.xz -> firefox-140.10.2esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-140.10.1esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.1966/firefox-140.10.2esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.rdti2g/_old 2026-05-08 16:44:58.724195720 +0200 +++ /var/tmp/diff_new_pack.rdti2g/_new 2026-05-08 16:44:58.732196053 +0200 @@ -1,4 +1,29 @@ ------------------------------------------------------------------- +Thu May 7 14:24:15 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.10.2 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.10.2 + https://www.mozilla.org/security/advisories/mfsa2026-41 + MFSA 2026-41 (boo#1264378) + * CVE-2026-8090 (bmo#2034352) + Use-after-free in the DOM: Networking component + * CVE-2026-8091 (bmo#2029301) + Incorrect boundary conditions in the Audio/Video: Playback + component + * CVE-2026-8094 (bmo#2035939) + Other issue in the WebRTC component + * CVE-2026-8092 (bmo#1806249, bmo#2021977, bmo#2022576, + bmo#2022722, bmo#2024439, bmo#2027883, bmo#2029463, + bmo#2030323, bmo#2032042, bmo#2032043, bmo#2033270, + bmo#2033637, bmo#2034422, bmo#2034496, bmo#2035879, + bmo#2036516) + Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR + 140.10.2 and Firefox 150.0.2 +- Refresh mozilla-libavcodec58_91.patch +- Update MozillaFirefox.desktop from a current build in Factory + +------------------------------------------------------------------- Mon May 4 15:11:55 UTC 2026 - Manfred Hollstein <[email protected]> - Add patches to address glibc-2.43 related issues: ++++++ l10n-140.10.1esr.tar.xz -> l10n-140.10.2esr.tar.xz ++++++ ++++++ mozilla-libavcodec58_91.patch ++++++ --- /var/tmp/diff_new_pack.rdti2g/_old 2026-05-08 16:44:58.972206052 +0200 +++ /var/tmp/diff_new_pack.rdti2g/_new 2026-05-08 16:44:58.980206385 +0200 @@ -1,15 +1,7 @@ -# HG changeset patch -# Parent fdc16b43f28c2e974929ca702563aaac52799654 - -diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp ---- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp -+++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp -@@ -44,16 +44,18 @@ static const char* sLibs[] = { - "libavcodec.53.dylib", - #elif defined(XP_OPENBSD) - "libavcodec.so", // OpenBSD hardly controls the major/minor library version - // of ffmpeg and update it regulary on ABI/API changes - #else +diff -rup a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp +--- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp 2026-05-06 14:54:38.000000000 +0000 ++++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp 2026-05-07 14:42:53.481977081 +0000 +@@ -53,6 +53,8 @@ static const char* sLibs[] = { "libavcodec.so.61", "libavcodec.so.60", "libavcodec.so.59", @@ -18,9 +10,4 @@ "libavcodec.so.58", "libavcodec-ffmpeg.so.58", "libavcodec-ffmpeg.so.57", - "libavcodec-ffmpeg.so.56", - "libavcodec.so.57", - "libavcodec.so.56", - "libavcodec.so.55", - "libavcodec.so.54", ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.rdti2g/_old 2026-05-08 16:44:59.092211051 +0200 +++ /var/tmp/diff_new_pack.rdti2g/_new 2026-05-08 16:44:59.100211384 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr140" -VERSION="140.10.1" +VERSION="140.10.2" VERSION_SUFFIX="esr" -PREV_VERSION="140.10.0" +PREV_VERSION="140.10.1" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; -RELEASE_TAG="a24e9e115e02794f72dab9ef6081244403b0183a" -RELEASE_TIMESTAMP="20260427105827" +RELEASE_TAG="6220f392be743517c45c0a46b455d7a57c0b9891" +RELEASE_TIMESTAMP="20260506114755"
