From 4fb117d27dd8d08b98659042c21bc18086192c12f5a65b201808ea7db9c1de1e Mon Sep 17 00:00:00 2001
From: changeme <changeme@change.me>
Date: Fri, 9 Jan 2026 11:43:23 +0100
Subject: [PATCH] Update to the new upstream version 140.6.0esr
 (mozilla:Factory)

---
 MozillaThunderbird.changes               | 28 ++++++++++++++++++++++++
 MozillaThunderbird.spec                  |  4 ++--
 l10n-140.5.0esr.tar.xz                   |  3 ---
 l10n-140.6.0esr.tar.xz                   |  3 +++
 tar_stamps                               |  8 +++----
 thunderbird-140.5.0esr.source.tar.xz     |  3 ---
 thunderbird-140.5.0esr.source.tar.xz.asc | 16 --------------
 thunderbird-140.6.0esr.source.tar.xz     |  3 +++
 thunderbird-140.6.0esr.source.tar.xz.asc | 16 ++++++++++++++
 9 files changed, 56 insertions(+), 28 deletions(-)
 delete mode 100644 l10n-140.5.0esr.tar.xz
 create mode 100644 l10n-140.6.0esr.tar.xz
 delete mode 100644 thunderbird-140.5.0esr.source.tar.xz
 delete mode 100644 thunderbird-140.5.0esr.source.tar.xz.asc
 create mode 100644 thunderbird-140.6.0esr.source.tar.xz
 create mode 100644 thunderbird-140.6.0esr.source.tar.xz.asc

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 7ed3f5c..fc0c895 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Wed Dec 10 06:48:11 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 140.6.0 ESR
+  MFSA 2025-96 (bsc#1254551)
+  * CVE-2025-14321 (bmo#1992760)
+    Use-after-free in the WebRTC: Signaling component
+  * CVE-2025-14322 (bmo#1996473)
+    Sandbox escape due to incorrect boundary conditions in the
+    Graphics: CanvasWebGL component
+  * CVE-2025-14323 (bmo#1996555)
+    Privilege escalation in the DOM: Notifications component
+  * CVE-2025-14324 (bmo#1996840)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14325 (bmo#1998050)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14328 (bmo#1996761)
+    Privilege escalation in the Netmonitor component
+  * CVE-2025-14329 (bmo#1997018)
+    Privilege escalation in the Netmonitor component
+  * CVE-2025-14330 (bmo#1997503)
+    JIT miscompilation in the JavaScript Engine: JIT component
+  * CVE-2025-14331 (bmo#2000218)
+    Same-origin policy bypass in the Request Handling component
+  * CVE-2025-14333 (bmo#1966501, bmo#1997639)
+    Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird
+    ESR 140.6, Firefox 146 and Thunderbird 146
+
 -------------------------------------------------------------------
 Mon Nov 17 10:52:31 UTC 2025 - Yoshio Sato <vasua.ukraine@gmail.com>
 
diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index f0b7780..6dc9791 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -30,8 +30,8 @@
 # major 69
 # mainver %%major.99
 %define major          140
-%define mainver        %major.5.0
-%define orig_version   140.5.0
+%define mainver        %major.6.0
+%define orig_version   140.6.0
 %define orig_suffix    esr
 %define update_channel esr
 %define source_prefix  thunderbird-%{orig_version}
diff --git a/l10n-140.5.0esr.tar.xz b/l10n-140.5.0esr.tar.xz
deleted file mode 100644
index 8650187..0000000
--- a/l10n-140.5.0esr.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:aaa717e3b9c03fda3f9b9deb48b2de1fea82e3e74619c7b5dee1d8fcb32494b2
-size 33342304
diff --git a/l10n-140.6.0esr.tar.xz b/l10n-140.6.0esr.tar.xz
new file mode 100644
index 0000000..9367cd9
--- /dev/null
+++ b/l10n-140.6.0esr.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a6edc77d4d95fc7c7bc8e82471f7bce7cb179b5965fa88fb0629b3a0faf46483
+size 33526756
diff --git a/tar_stamps b/tar_stamps
index dccecab..264321b 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr140"
-VERSION="140.5.0"
+VERSION="140.6.0"
 VERSION_SUFFIX="esr"
-REV_VERSION="140.4.0"
+REV_VERSION="140.5.0"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"
-RELEASE_TAG="6a3011b7161c6f3a36d5116f2608d51b19fb4d58"
-RELEASE_TIMESTAMP="20251108022659"
+RELEASE_TAG="a9fbb23767a6f5f6b6c07a0b713b18b86a9a169c"
+RELEASE_TIMESTAMP="20251208204945"
diff --git a/thunderbird-140.5.0esr.source.tar.xz b/thunderbird-140.5.0esr.source.tar.xz
deleted file mode 100644
index fddcfa0..0000000
--- a/thunderbird-140.5.0esr.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cb8d10693bbc04c4bfc539c4560779fb436b40326bf70df4c0823ac125b815e5
-size 747338592
diff --git a/thunderbird-140.5.0esr.source.tar.xz.asc b/thunderbird-140.5.0esr.source.tar.xz.asc
deleted file mode 100644
index 44a668e..0000000
--- a/thunderbird-140.5.0esr.source.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmkOzIQACgkQXstkl8Gi
-AlasTQ/+JbrEW3aHRhVa1xBwFx5aUXroEAcufGOovpwlmb8wYmmyeuELWbzsrQRv
-SX7HqLrF8FYfZOgy8qHbz7W8zIHSi5K312u2WuDdguj4SkUdJp5Qimnq6uW+eBBo
-bVrKXFSvUvseuswutCjBLha/A49VHvJehz6f9ITCyva3yiK8LOVEeX/QNkP9Ust7
-8Ry+cgrmWGw3vN991OqYvg3mwKKGuQHk//11gaUaRU2yO6r6bkLWB+bMedGWZWhb
-WC+o3Weu1jR5piNKLTrZZjKV5PK4va7bIW13amu+t+XiNBGt/CMnXr2isTJ+qRIs
-F7P9yk+mjEoFo3RDslCZorSLv+8VHglIhtw4Ont4KMDzuXru76/RwIa7qaG8vINp
-Dx2BOKmIde26X63Nva87+KdEf4x+DoVkPr4yqWUxEugUlWuVXGvBLEhszfbmEqA5
-E8XdYLX4fnrG9kAAg4pGccIYJ4LIu/n82ZDKU7u/vea2Sdcemdcgn35/8jnbs3oV
-MNDduQ/ISxIzGuYbosfIIk7oMWUpc7bwnnNb+PuB4GOHNl/PjGXO0iOFgx8iUEPQ
-jLHYNVDnPCI2Cdqx5JsObv6zlN9NyJKNVEnDKh9fLmqolkdiy97wSn/Hjz1EwmjG
-MlOCr6YByB9kUPPEVYYh852J2yUirgxzc5eA0TuuM9GeL+wQClY=
-=wq2n
------END PGP SIGNATURE-----
diff --git a/thunderbird-140.6.0esr.source.tar.xz b/thunderbird-140.6.0esr.source.tar.xz
new file mode 100644
index 0000000..f8e7e4e
--- /dev/null
+++ b/thunderbird-140.6.0esr.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c5ff00249b032009f34486c927e0d6566ac9c5f0b1d036548b5a880d4bbbddc6
+size 750981904
diff --git a/thunderbird-140.6.0esr.source.tar.xz.asc b/thunderbird-140.6.0esr.source.tar.xz.asc
new file mode 100644
index 0000000..a7a2be9
--- /dev/null
+++ b/thunderbird-140.6.0esr.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmk3fIYACgkQXstkl8Gi
+AlZGMxAAmuzS0DxKtwoD/KviE4guv3R4rduDZ0H9D/M/q9ULRcPWN8XlolNaHe9z
+3SRuYwHDyI1hhNzA0AwMj4szSZlMGPwCjmk1arcLuZxcok6nH244opXqkxw3f1S1
+zpPmOl8QHVYUHe9+QwEdTd1yjpWNr2CtdhvF/jyEbPiJBj+4gOrN14YXDvNEk212
+kJZjQsCTvT+esmlfXjwd8p6tOf5Si+Kai64DdFxst0+IlYRXRjHmTHa/URmh5Ksc
+FWRgCqa3vxTsnqbcInbTe7bzA8/kDui6pxEzLVaW2ccK0tMMK9dVX3/9n1fl68o8
+dy+Tmk+pdKPc0CN3AkbLAt+8dOKUD6+50FzmXfBrlzAYb1qSOQo1GsNtgSqffs2T
+ueuUG6xK0eI/4vVrzhPh2PRaoju9XrvBsCwSTshw94G3yGjPTKd0ikM4DAYlY6oQ
+V/H2tDeWC5Z8hLFT3udu088zVyPbqii84hstoLNUr5DCf7iL7vjSxT/nldzJg68M
+6u/Yk4+049GEuHBKDVIHlPLVRrnfMBG8YMS7t/ZPe+e6kNQKJ731ycaJwPvugskY
+OqAzGexRg4J4ISz5In4p7EMHizJXe4H2Ms1drWYyLtm1VZKSje7LR9jgUmxHtObR
+4S2IYPaV9zqa2StH9QDe3q6pB1E1hjCI8z1VVor+vkkFziZl+NQ=
+=YYwr
+-----END PGP SIGNATURE-----
-- 
2.51.1