Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2026-06-18 18:39:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Thu Jun 18 18:39:17 2026 rev:37 rq:1360085 version:140.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes 2026-05-19 17:51:55.092476296 +0200 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1981/MozillaFirefox.changes 2026-06-18 18:39:58.463404598 +0200 @@ -1,0 +2,87 @@ +Wed Jun 17 16:23:29 UTC 2026 - Manfred Hollstein <[email protected]> + +- Enable clang_build to allow building with the latest versions of + llvm/clang due to them dropping support for update-alternatives. + +------------------------------------------------------------------- +Tue Jun 16 11:52:50 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.12.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.12.0 + https://www.mozilla.org/security/advisories/mfsa2026-58 + MFSA 2026-58 (boo#1268071) + * CVE-2026-12289 (bmo#2023443) + Privilege escalation in the Graphics: WebRender component + * CVE-2026-12290 (bmo#2024852) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12291 (bmo#2036929) + Use-after-free in the Networking: HTTP component + * CVE-2026-12292 (bmo#2038465) + Incorrect boundary conditions in the Web Audio component + * CVE-2026-12294 (bmo#2039873) + Sandbox escape in the DOM: Workers component + * CVE-2026-12295 (bmo#2040160) + Sandbox escape in the DOM: Navigation component + * CVE-2026-12298 (bmo#2041981) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12296 (bmo#2040515) + Sandbox escape in the Security: Process Sandboxing component + * CVE-2026-12297 (bmo#2041610) + Sandbox escape due to incorrect boundary conditions in the + Networking component + * CVE-2026-12299 (bmo#2043139) + JIT miscompilation in the DOM: Core & HTML component + * CVE-2026-12329 (bmo#2044738) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12302 (bmo#2034489) + Mitigation bypass in the DOM: Security component + * CVE-2026-12304 (bmo#2034944) + Same-origin policy bypass in the Networking: Cookies + component + * CVE-2026-12305 (bmo#2037290) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12306 (bmo#2037323) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12307 (bmo#2038133) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12308 (bmo#2038302) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12309 (bmo#2038476) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12310 (bmo#2039707) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12311 (bmo#2040177) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12312 (bmo#2040383) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12313 (bmo#2040477) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12314 (bmo#2041856) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12315 (bmo#2042058) + Mitigation bypass in the DOM: Security component + * CVE-2026-12330 (bmo#2029326) + Incorrect boundary conditions in the Internationalization + component + * CVE-2026-12324 (bmo#2038444) + Incorrect boundary conditions in the Graphics: CanvasWebGL + component + * CVE-2026-12325 (bmo#2039443) + Denial-of-service in the Graphics: ImageLib component + * CVE-2026-12327 (bmo#2011842, bmo#2023902, bmo#2025512, + bmo#2027312, bmo#2029444, bmo#2036571, bmo#2036900, + bmo#2036936, bmo#2037995, bmo#2038551, bmo#2040717, + bmo#2042724) + Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird + ESR 140.12, Firefox 152 and Thunderbird 152 + * CVE-2026-12328 (bmo#2029402, bmo#2038477, bmo#2039726, + bmo#2041373, bmo#2042268, bmo#2042451, bmo#2042782, + bmo#2042858, bmo#2042929, bmo#2042965, bmo#2043213) + Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR + 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird + 152 + +------------------------------------------------------------------- firefox-esr.changes: same change Old: ---- firefox-140.11.0esr.source.tar.xz firefox-140.11.0esr.source.tar.xz.asc l10n-140.11.0esr.tar.xz New: ---- firefox-140.12.0esr.source.tar.xz firefox-140.12.0esr.source.tar.xz.asc l10n-140.12.0esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.nhko3w/_old 2026-06-18 18:40:19.736292071 +0200 +++ /var/tmp/diff_new_pack.nhko3w/_new 2026-06-18 18:40:19.736292071 +0200 @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.11.0 -%define orig_version 140.11.0 +%define mainver %major.12.0 +%define orig_version 140.12.0 %define orig_suffix esr %define update_channel esr %define branding 1 @@ -52,7 +52,7 @@ %define do_profiling 0 # upstream default is clang (to use gcc for large parts set to 0) -%define clang_build 0 +%define clang_build 1 %bcond_with only_print_mozconfig @@ -116,8 +116,10 @@ %if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600 BuildRequires: gcc13 BuildRequires: gcc13-c++ +BuildRequires: libstdc++6-devel-gcc13 %else -BuildRequires: gcc-c++ +BuildRequires: gcc15-c++ +BuildRequires: libstdc++6-devel-gcc15 %endif BuildRequires: cargo1.86 BuildRequires: rust1.86 @@ -167,11 +169,9 @@ %if 0%{?suse_version} < 1550 BuildRequires: pkgconfig(gconf-2.0) >= 1.2.1 %endif +BuildRequires: clang19-devel %if 0%{?suse_version} > 1600 -BuildRequires: clang21-devel -BuildRequires: llvm21-libclang13 -%else -BuildRequires: clang-devel +BuildRequires: llvm19-libclang13 %endif #!BuildIgnore: clang-tools BuildRequires: pkgconfig(glib-2.0) >= 2.22 @@ -423,13 +423,31 @@ export MOZ_TELEMETRY_REPORTING=1 export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system export CFLAGS="%{optflags}" +%if 0%{?clang_build} != 0 +export CC=clang-19 +export CXX=clang++-19 +export AR=llvm-ar-19 +export NM=llvm-nm-19 +export OBJCOPY=llvm-objcopy-19 +export OBJDUMP=llvm-objdump-19 +export RANLIB=llvm-ranlib-19 +export READELF=llvm-readelf-19 +export LLVM_AR=llvm-ar-19 +export LLVM_NM=llvm-nm-19 +export LLVM_OBJCOPY=llvm-objcopy-19 +export LLVM_OBJDUMP=llvm-objdump-19 +export LLVM_RANLIB=llvm-ranlib-19 +export LLVM_READELF=llvm-readelf-19 +%else %if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600 export CC=gcc-13 export CXX=g++-13 %else -%if 0%{?clang_build} == 0 -export CC=gcc -export CXX=g++ +export CC=gcc-15 +export CXX=g++-15 +export AR=gcc-ar-15 +export NM=gcc-nm-15 +export RANLIB=gcc-ranlib-15 %endif %endif %ifarch %arm %ix86 ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.nhko3w/_old 2026-06-18 18:40:19.880298078 +0200 +++ /var/tmp/diff_new_pack.nhko3w/_new 2026-06-18 18:40:19.892298579 +0200 @@ -1,4 +1,91 @@ ------------------------------------------------------------------- +Wed Jun 17 16:23:29 UTC 2026 - Manfred Hollstein <[email protected]> + +- Enable clang_build to allow building with the latest versions of + llvm/clang due to them dropping support for update-alternatives. + +------------------------------------------------------------------- +Tue Jun 16 11:52:50 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.12.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.12.0 + https://www.mozilla.org/security/advisories/mfsa2026-58 + MFSA 2026-58 (boo#1268071) + * CVE-2026-12289 (bmo#2023443) + Privilege escalation in the Graphics: WebRender component + * CVE-2026-12290 (bmo#2024852) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12291 (bmo#2036929) + Use-after-free in the Networking: HTTP component + * CVE-2026-12292 (bmo#2038465) + Incorrect boundary conditions in the Web Audio component + * CVE-2026-12294 (bmo#2039873) + Sandbox escape in the DOM: Workers component + * CVE-2026-12295 (bmo#2040160) + Sandbox escape in the DOM: Navigation component + * CVE-2026-12298 (bmo#2041981) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12296 (bmo#2040515) + Sandbox escape in the Security: Process Sandboxing component + * CVE-2026-12297 (bmo#2041610) + Sandbox escape due to incorrect boundary conditions in the + Networking component + * CVE-2026-12299 (bmo#2043139) + JIT miscompilation in the DOM: Core & HTML component + * CVE-2026-12329 (bmo#2044738) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12302 (bmo#2034489) + Mitigation bypass in the DOM: Security component + * CVE-2026-12304 (bmo#2034944) + Same-origin policy bypass in the Networking: Cookies + component + * CVE-2026-12305 (bmo#2037290) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12306 (bmo#2037323) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12307 (bmo#2038133) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12308 (bmo#2038302) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12309 (bmo#2038476) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12310 (bmo#2039707) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12311 (bmo#2040177) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12312 (bmo#2040383) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12313 (bmo#2040477) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12314 (bmo#2041856) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12315 (bmo#2042058) + Mitigation bypass in the DOM: Security component + * CVE-2026-12330 (bmo#2029326) + Incorrect boundary conditions in the Internationalization + component + * CVE-2026-12324 (bmo#2038444) + Incorrect boundary conditions in the Graphics: CanvasWebGL + component + * CVE-2026-12325 (bmo#2039443) + Denial-of-service in the Graphics: ImageLib component + * CVE-2026-12327 (bmo#2011842, bmo#2023902, bmo#2025512, + bmo#2027312, bmo#2029444, bmo#2036571, bmo#2036900, + bmo#2036936, bmo#2037995, bmo#2038551, bmo#2040717, + bmo#2042724) + Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird + ESR 140.12, Firefox 152 and Thunderbird 152 + * CVE-2026-12328 (bmo#2029402, bmo#2038477, bmo#2039726, + bmo#2041373, bmo#2042268, bmo#2042451, bmo#2042782, + bmo#2042858, bmo#2042929, bmo#2042965, bmo#2043213) + Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR + 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird + 152 + +------------------------------------------------------------------- Tue May 19 12:41:51 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.11.0 ESR ++++++ firefox-140.11.0esr.source.tar.xz -> firefox-140.12.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-140.11.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.1981/firefox-140.12.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.nhko3w/_old 2026-06-18 18:40:20.036304587 +0200 +++ /var/tmp/diff_new_pack.nhko3w/_new 2026-06-18 18:40:20.040304754 +0200 @@ -1,4 +1,91 @@ ------------------------------------------------------------------- +Wed Jun 17 16:23:29 UTC 2026 - Manfred Hollstein <[email protected]> + +- Enable clang_build to allow building with the latest versions of + llvm/clang due to them dropping support for update-alternatives. + +------------------------------------------------------------------- +Tue Jun 16 11:52:50 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.12.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.12.0 + https://www.mozilla.org/security/advisories/mfsa2026-58 + MFSA 2026-58 (boo#1268071) + * CVE-2026-12289 (bmo#2023443) + Privilege escalation in the Graphics: WebRender component + * CVE-2026-12290 (bmo#2024852) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12291 (bmo#2036929) + Use-after-free in the Networking: HTTP component + * CVE-2026-12292 (bmo#2038465) + Incorrect boundary conditions in the Web Audio component + * CVE-2026-12294 (bmo#2039873) + Sandbox escape in the DOM: Workers component + * CVE-2026-12295 (bmo#2040160) + Sandbox escape in the DOM: Navigation component + * CVE-2026-12298 (bmo#2041981) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12296 (bmo#2040515) + Sandbox escape in the Security: Process Sandboxing component + * CVE-2026-12297 (bmo#2041610) + Sandbox escape due to incorrect boundary conditions in the + Networking component + * CVE-2026-12299 (bmo#2043139) + JIT miscompilation in the DOM: Core & HTML component + * CVE-2026-12329 (bmo#2044738) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12302 (bmo#2034489) + Mitigation bypass in the DOM: Security component + * CVE-2026-12304 (bmo#2034944) + Same-origin policy bypass in the Networking: Cookies + component + * CVE-2026-12305 (bmo#2037290) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12306 (bmo#2037323) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12307 (bmo#2038133) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12308 (bmo#2038302) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12309 (bmo#2038476) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12310 (bmo#2039707) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12311 (bmo#2040177) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12312 (bmo#2040383) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12313 (bmo#2040477) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12314 (bmo#2041856) + Memory safety bug fixed in Firefox ESR 140.12 + * CVE-2026-12315 (bmo#2042058) + Mitigation bypass in the DOM: Security component + * CVE-2026-12330 (bmo#2029326) + Incorrect boundary conditions in the Internationalization + component + * CVE-2026-12324 (bmo#2038444) + Incorrect boundary conditions in the Graphics: CanvasWebGL + component + * CVE-2026-12325 (bmo#2039443) + Denial-of-service in the Graphics: ImageLib component + * CVE-2026-12327 (bmo#2011842, bmo#2023902, bmo#2025512, + bmo#2027312, bmo#2029444, bmo#2036571, bmo#2036900, + bmo#2036936, bmo#2037995, bmo#2038551, bmo#2040717, + bmo#2042724) + Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird + ESR 140.12, Firefox 152 and Thunderbird 152 + * CVE-2026-12328 (bmo#2029402, bmo#2038477, bmo#2039726, + bmo#2041373, bmo#2042268, bmo#2042451, bmo#2042782, + bmo#2042858, bmo#2042929, bmo#2042965, bmo#2043213) + Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR + 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird + 152 + +------------------------------------------------------------------- Tue May 19 12:41:51 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.11.0 ESR ++++++ l10n-140.11.0esr.tar.xz -> l10n-140.12.0esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.nhko3w/_old 2026-06-18 18:40:20.364318271 +0200 +++ /var/tmp/diff_new_pack.nhko3w/_new 2026-06-18 18:40:20.368318438 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr140" -VERSION="140.11.0" +VERSION="140.12.0" VERSION_SUFFIX="esr" -PREV_VERSION="140.10.2" +PREV_VERSION="140.11.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; -RELEASE_TAG="2e36c464a92f1942683abbed6ceb442308db5eb0" -RELEASE_TIMESTAMP="20260514160037" +RELEASE_TAG="7df86525c2c876c7c92320e49c3e0771f7a605c0" +RELEASE_TIMESTAMP="20260609153453"
