- Firefox Extended Support Release 128.6.0 ESR

* Fixed: Various security fixes. - Mozilla Firefox ESR 128.6.0 https://www.mozilla.org/security/advisories/mfsa2025-02 MFSA 2025-02 (boo#1234991) * CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 * CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 - Firefox Extended Support Release 128.5.2 ESR * Fixed: Fixed a crash experienced by Windows users with Qihoo 360 Total Security Antivirus software installed (bmo#1934258) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=32
2025-01-07 16:21:28 +00:00
parent a58ec43e06
commit 9b62e72a5a
8 changed files with 132 additions and 8 deletions
--- a/MozillaFirefox.changes.txt
+++ b/MozillaFirefox.changes.txt
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Tue Jan  7 09:24:50 UTC 2025 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Firefox Extended Support Release 128.6.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 128.6.0
+  https://www.mozilla.org/security/advisories/mfsa2025-02
+  MFSA 2025-02 (boo#1234991)
+  * CVE-2025-0237 (bmo#1915257)
+    WebChannel APIs susceptible to confused deputy attack
+  * CVE-2025-0238 (bmo#1915535)
+    Use-after-free when breaking lines in text
+  * CVE-2025-0239 (bmo#1929156)
+    Alt-Svc ALPN validation failure when redirected
+  * CVE-2025-0240 (bmo#1929623)
+    Compartment mismatch when parsing JavaScript JSON module
+  * CVE-2025-0241 (bmo#1933023)
+    Memory corruption when using JavaScript Text Segmentation
+  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873,
+    bmo#1932169)
+    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
+    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
+    and Thunderbird 128.6
+  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
+    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
+    Firefox ESR 128.6, and Thunderbird 128.6
+
+-------------------------------------------------------------------
+Fri Dec 13 08:39:09 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Firefox Extended Support Release 128.5.2 ESR
+  * Fixed: Fixed a crash experienced by Windows users with Qihoo
+    360 Total Security Antivirus software installed (bmo#1934258)
+
 -------------------------------------------------------------------
 Wed Dec 11 15:24:36 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>

--- a/firefox-128.6.0esr.source.tar.xz
+++ b/firefox-128.6.0esr.source.tar.xz
--- a/firefox-128.6.0esr.source.tar.xz.asc
+++ b/firefox-128.6.0esr.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmdi9D8ACgkQ4207E/PZ
+MnRZcw/+J/br+8V7X7gqH/BxM+MZjcJRmD4+9ZMjEza5zSnT+9XR8G2W7HcwQwqA
+9EPOXjhyGx0ff/KoUNMbvWtnqr6aFcIVBTCXD359CnywzBG3QmVSwAEDqsw2T+qS
+NfO1qBhOiUw/jdb37B3XHJ6pPMXDYeRkLuVvHaFRARJx/bP1ZK+FIOhx9Ou0Py3J
+7dijVR8oYSlz9jNRbwSu3qh7CZm1KiZ0FLVl3R95WokVHsZHBTY+i3eHaKrPPO0r
+xjgK0CIHs/7wWR9iF9rG8+Lpaj9lJBE5IlYUNbB+hu1OIGp43pt+7+1puapOTfJh
+W2n4oZ401cFrlM5PNY3GO2k5o9iPWsBCPd264cj4G3543iYbIVksYavN6TmxUVZz
+eVBkORYhAKpMGXhOQSSq7UEP3jv7ZdJfI09dKZf1iLemghCrqvslAIjOmrkzdrWr
+x/0oYIk+jY5mD9iPiojsOp/23uKNlfN5bY/CMRYNdfVcLt+AkMfbC7qE9H9GN6xe
+Vu6krMMfLDhl6MkYVhLVJOOyxzhGqMF7j6wxDRJIi+hiOyxm0oBu2iwQsB8457PI
+0VdiUSJwumOT4RPs1v4w0uxc8WaE0QkShfRnVXVFNbkVXQnxI3oUZy5HuoEp/3yK
+SKaEvdM2OFoTOU5rgOsZc6CCe2EZJmYCMoZf509r7179FbD11uk=
+=GBwt
+-----END PGP SIGNATURE-----
--- a/firefox-esr.changes
+++ b/firefox-esr.changes
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Tue Jan  7 09:24:50 UTC 2025 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Firefox Extended Support Release 128.6.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 128.6.0
+  https://www.mozilla.org/security/advisories/mfsa2025-02
+  MFSA 2025-02 (boo#1234991)
+  * CVE-2025-0237 (bmo#1915257)
+    WebChannel APIs susceptible to confused deputy attack
+  * CVE-2025-0238 (bmo#1915535)
+    Use-after-free when breaking lines in text
+  * CVE-2025-0239 (bmo#1929156)
+    Alt-Svc ALPN validation failure when redirected
+  * CVE-2025-0240 (bmo#1929623)
+    Compartment mismatch when parsing JavaScript JSON module
+  * CVE-2025-0241 (bmo#1933023)
+    Memory corruption when using JavaScript Text Segmentation
+  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873,
+    bmo#1932169)
+    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
+    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
+    and Thunderbird 128.6
+  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
+    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
+    Firefox ESR 128.6, and Thunderbird 128.6
+
+-------------------------------------------------------------------
+Fri Dec 13 08:39:09 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Firefox Extended Support Release 128.5.2 ESR
+  * Fixed: Fixed a crash experienced by Windows users with Qihoo
+    360 Total Security Antivirus software installed (bmo#1934258)
+
 -------------------------------------------------------------------
 Wed Dec 11 15:24:36 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>

--- a/firefox-esr.changes.txt
+++ b/firefox-esr.changes.txt
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Tue Jan  7 09:24:50 UTC 2025 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Firefox Extended Support Release 128.6.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 128.6.0
+  https://www.mozilla.org/security/advisories/mfsa2025-02
+  MFSA 2025-02 (boo#1234991)
+  * CVE-2025-0237 (bmo#1915257)
+    WebChannel APIs susceptible to confused deputy attack
+  * CVE-2025-0238 (bmo#1915535)
+    Use-after-free when breaking lines in text
+  * CVE-2025-0239 (bmo#1929156)
+    Alt-Svc ALPN validation failure when redirected
+  * CVE-2025-0240 (bmo#1929623)
+    Compartment mismatch when parsing JavaScript JSON module
+  * CVE-2025-0241 (bmo#1933023)
+    Memory corruption when using JavaScript Text Segmentation
+  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873,
+    bmo#1932169)
+    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
+    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
+    and Thunderbird 128.6
+  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
+    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
+    Firefox ESR 128.6, and Thunderbird 128.6
+
+-------------------------------------------------------------------
+Fri Dec 13 08:39:09 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Firefox Extended Support Release 128.5.2 ESR
+  * Fixed: Fixed a crash experienced by Windows users with Qihoo
+    360 Total Security Antivirus software installed (bmo#1934258)
+
 -------------------------------------------------------------------
 Wed Dec 11 15:24:36 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>

--- a/firefox-esr.spec
+++ b/firefox-esr.spec
@@ -1,8 +1,8 @@
 #
 # spec file for package firefox-esr
 #
-# Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2006-2024 Wolfgang Rosenauer <wr@rosenauer.org>
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2006-2025 Wolfgang Rosenauer <wr@rosenauer.org>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -41,8 +41,8 @@
 # major 69
 # mainver %%major.99
 %define major          128
-%define mainver        %major.5.1
-%define orig_version   128.5.1
+%define mainver        %major.6.0
+%define orig_version   128.6.0
 %define orig_suffix    esr
 %define update_channel esr
 %define branding       1
--- a/l10n-128.6.0esr.tar.xz
+++ b/l10n-128.6.0esr.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:adc97fe34ba0d08b62ecd0e45bff671dde7d310ff09e7243582bfb3c4ed22310
+size 33147652
--- a/8
+++ b/8
@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="esr128"
-VERSION="128.5.1"
+VERSION="128.6.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="128.5.0"
+PREV_VERSION="128.5.2"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr128"
-RELEASE_TAG="a6cdcd2ed9ec3e256f358010672bafd1674b0b8b"
-RELEASE_TIMESTAMP="20241128151741"
+RELEASE_TAG="4f008c71b12e001ae54b7fcd4787b266764c28bf"
+RELEASE_TIMESTAMP="20241218153108"