From 7785aebfca71b99a12e2cc9939af6f96e7ced04d Mon Sep 17 00:00:00 2001 From: wk333 <13474090681@163.com> Date: Wed, 30 Apr 2025 02:38:17 +0000 Subject: [PATCH] Update to 128.10.0 for fix CVE-2025-2817 CVE-2025-4083 CVE-2025-4084 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093 (cherry picked from commit 53dc3c9d47bf5fd0a0d4930e6148939692fe9032) --- firefox-128.10.0esr.source.tar.xz | 3 ++ firefox-128.10.0esr.source.tar.xz.asc | 16 +++++++++ firefox-128.9.0esr.source.tar.xz | 3 -- firefox-128.9.0esr.source.tar.xz.asc | 16 --------- firefox-langpacks-128.10.0esr.tar.xz | 3 ++ firefox-langpacks-128.9.0esr.tar.xz | 3 -- firefox.spec | 6 +++- mozilla.keyring | 50 +++++++++++++++++++++++---- 8 files changed, 70 insertions(+), 30 deletions(-) create mode 100644 firefox-128.10.0esr.source.tar.xz create mode 100644 firefox-128.10.0esr.source.tar.xz.asc delete mode 100644 firefox-128.9.0esr.source.tar.xz delete mode 100644 firefox-128.9.0esr.source.tar.xz.asc create mode 100644 firefox-langpacks-128.10.0esr.tar.xz delete mode 100644 firefox-langpacks-128.9.0esr.tar.xz diff --git a/firefox-128.10.0esr.source.tar.xz b/firefox-128.10.0esr.source.tar.xz new file mode 100644 index 0000000..9e252f0 --- /dev/null +++ b/firefox-128.10.0esr.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2ed83e26e41a8b3e2c7c0d13448a84dbb9b7ed65ed46bc162d629b0c6b071caf +size 556644356 diff --git a/firefox-128.10.0esr.source.tar.xz.asc b/firefox-128.10.0esr.source.tar.xz.asc new file mode 100644 index 0000000..c0067c6 --- /dev/null +++ b/firefox-128.10.0esr.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmgGmOcACgkQ4207E/PZ +MnS31xAArb9xta0NzRHPYBv5Vsibc4w2ESwkOsrVf4atwTEeHpozX517+Dkcb77v +AvuDg5RqT1WReZsecEisifA5Mj4qiNcUtGBKk4LBhbSIXNgrN7r4UXpBcerBWupj +ZMpkDcf6o6Iqrz5sRELvd+mJB17NnWBMEtpxEk4ECyfwX7q3+z+bBjcBtP8uTe74 +Nlv2o4s51QOv5Z3u79ggkn1R9cmTnjZCf+cMXiuFfJRuHf+EFotbS4YGmvKi0Zv7 +BobEuT7M1sxkdTP06prBFm9iFiNL4xqU5wU2DwztkPK6oEKQ69fNsEQ0vqRqupDN ++dUFlZEnp5yJKyl4QnKTbTmH8oIeKIwT1WX1JGTPMa6lonVy2lM/Wv2WvnTv8Nrr +AZoqxZYtzaT4bkRaFsZhFIZaHUNBx5m6hAtWcQN3qHiQt375nVolN68dfsquthe0 +c9zu1VmYW4KpS9duasETGPl7XB4f8SKCdyQOz4MBF0tlxVUPdfznOp0g2BndVl6e +hJoUFg8J7mJxhlficD0H/BZ2nuuRD09u8aLCkvqAmJ0HgL2pPrpgk0OzL+LGkrh1 +73ikxX+Xx/4EpKqYjJGvSDN3QczS0bT8deVxjuKkTgEKesJZagAkkYHyEJANagWC +GNqg/J9/24oWZtS5ruNc5FMfm+aA4v6XLl+KqBqB8iylDSJ4xqM= +=bEc8 +-----END PGP SIGNATURE----- diff --git a/firefox-128.9.0esr.source.tar.xz b/firefox-128.9.0esr.source.tar.xz deleted file mode 100644 index 95109eb..0000000 --- a/firefox-128.9.0esr.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d04661c6cc0bfdd0f280b62f81d2fb79ab3cbd7f9e8a7b34042db1cf8cc6805 -size 562959584 diff --git a/firefox-128.9.0esr.source.tar.xz.asc b/firefox-128.9.0esr.source.tar.xz.asc deleted file mode 100644 index 743a04d..0000000 --- a/firefox-128.9.0esr.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmflY6AACgkQ4207E/PZ -MnSQwQ//RflYutwyVX/nU+yf2q2GBhVxgHAnuDOZwOIG/WN/PMIcnuRcqlDVIBtV -4YDpWtCVqrHsulCjMsDNfS2ONSjqm22Rnh1N2PAYND2X+w7/EfShSxlASGt73z3L -ewhkQANFTc7xjGb62je2IWGyXhszcGU+Mf12uKzRhE/8kP440QOtF7J0fdAEP5eX -lmU+7RaPQSCAEZRERDz/9hy1hgm50uGn2w7PtJMwlREXkrXo9RQGJULksVDG7U7h -4bU3ms95kfC/W3DnVmtQ902WTWQWmr3U/fEu3Z8SJJNMsH0W7yhGS9lGTyEythcI -Dox9XpRA/leZNhcACdqLrgiujhw00MraM3ziaWxLxUCzKDfjvepjdaLbiLuvNAJa -Cqv3A/tTbgmD8hLRJ6AyBN6w8J+EQwWYxvRbD0OvodK+tcfzVe6loewYODwXXpxm -nLg6mQ/TpYkxXyQMbsQJlPIY06nftZ5fpdRpHOvV+NW/j62z254Yk8/TDyiLcYtO -yVyd/BMVgKwY7mSI64tMq8q0sWDxyqdtdDO824EANjLUMRJ5vZL9ObIc84xNz699 -ZMqwqNhMY4k+zvEvpidO7vY3autoQ6/Wq8qEpQ8P4NZB97H7KEpvoitFMsmVRYRv -qfgXr9zA55kS0GnV39iVe0Q65XJo2THtjMNbvUf20tU3hWQ81Lc= -=16lb ------END PGP SIGNATURE----- diff --git a/firefox-langpacks-128.10.0esr.tar.xz b/firefox-langpacks-128.10.0esr.tar.xz new file mode 100644 index 0000000..7fe9b27 --- /dev/null +++ b/firefox-langpacks-128.10.0esr.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d040964a6c0a7ff2c88a2666c8d1204ce4bbe73af8a3753a2da37a37c22900f7 +size 53427648 diff --git a/firefox-langpacks-128.9.0esr.tar.xz b/firefox-langpacks-128.9.0esr.tar.xz deleted file mode 100644 index c7df8d8..0000000 --- a/firefox-langpacks-128.9.0esr.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c0532e5596d266a9bfa137b8ed3b4bd69a287e8509459267f2745bb2ff6d831e -size 53228412 diff --git a/firefox.spec b/firefox.spec index f9490dc..13a7ffb 100644 --- a/firefox.spec +++ b/firefox.spec @@ -44,7 +44,7 @@ Summary: Mozilla Firefox Web browser Name: firefox -Version: 128.9.0 +Version: 128.10.0 Release: 1 URL: https://www.mozilla.org/firefox/ License: MPL-1.1 or GPL-2.0-or-later or LGPL-2.0-or-later @@ -924,6 +924,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog +* Wed Apr 30 2025 wangkai <13474090681@163.com> - 128.10.0-1 +- Update to 128.10.0 +- Fix CVE-2025-2817 CVE-2025-4083 CVE-2025-4084 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093 + * Wed Apr 02 2025 wangkai <13474090681@163.com> - 128.9.0-1 - Update to 128.9.0 - Fix CVE-2025-3028 CVE-2025-3029 CVE-2025-3030 diff --git a/mozilla.keyring b/mozilla.keyring index 569811f..62d635a 100644 --- a/mozilla.keyring +++ b/mozilla.keyring @@ -2,19 +2,20 @@ This file contains the public PGP key that is used to sign builds and artifacts of Mozilla projects (such as Firefox and Thunderbird). Please realize that this file itself or the public key servers may be -compromised. You are encouraged to validate the authenticity of these keys in -an out-of-band manner. +compromised. You are encouraged to validate the authenticity of these +keys in an out-of-band manner. -Mozilla users: pgp < KEY +gpg --show-keys < KEY pub rsa4096 2015-07-17 [SC] 14F26682D0916CDD81E37B6D61B7B526D98F0353 -uid [ full ] Mozilla Software Releases +uid Mozilla Software Releases +sub rsa4096 2021-05-17 [S] [expired: 2023-05-17] sub rsa4096 2015-07-17 [S] [expired: 2017-07-16] sub rsa4096 2017-06-22 [S] [expired: 2019-06-22] sub rsa4096 2019-05-30 [S] [expired: 2021-05-29] -sub rsa4096 2021-05-17 [S] [expired: 2023-05-17] sub rsa4096 2023-05-05 [S] [expires: 2025-05-04] +sub rsa4096 2025-03-13 [S] [expires: 2027-03-13] -----BEGIN PGP PUBLIC KEY BLOCK----- @@ -400,6 +401,41 @@ W81ABx4ASBktXAf1IweRbbxqW8OgMhG6xHTeiEjjav7SmlD0XVOxjhI+qBoNPovW lChqONxablBkuh0Jd6kdNiaSEM9cd60kK3GT/dBMyv0yVhhLci6HQZ+Mf4cbn0Kt ayzuQLOcdRCN3FF/JNQH3v6LA1MdRfmJlgC4UdiepBb1uCgtVIPizRuXWDjyjzeP ZRN/AqaUbEoNBHhIz0nKhQGDbst4ugIzJWIX+6UokwPC3jvJqQQttccjAy6kXBmx -fxyRMB5BEeLY0+qVPyvOxpXEGnlSHYmdIS4= -=ZEQW +fxyRMB5BEeLY0+qVPyvOxpXEGnlSHYmdIS65Ag0EZ9KQfQEQAOVIyh0sZPPFLWxo +FT0WhPzHw8BhgnCBNdZAh9+SM0Apq2VcQKSjBjKiterOTtc6EVh0K2ikbGKHQ1Sv +wNdsYL01cSkJSJORig/1Du1eh+2nlo8nut7xT//V+2FQyWFCLDeQvLlAs3QHMrMY +xTcwNk3qi/z1Z5Q4e6Re2aKRU00LtSomD6CKWy9nAaqTRNzzdndJwIyCyshX4bbU +zAzE7Wbgh/E0/FgBGw87LYITqyU6US4lvoUXB+89XxwMxO9I74L118gXEyybz+JN +0/w87hXAKnaKjasSvobKE4mau8SXqmOO66MxiMaF4Xsmr3oIwo8q9W5d+hA+t225 +ipq2rZZErmPL44deMCeKmepjLTa9CoxX2oVpDWGOYFRyJRkLDyyH4O3gCo/5qv4r +OTJqPFfKPtrjWFJKGf4P4UD0GSBX2Q+mOf2XHWsMJE4t8T7jxQCSAQUMwt6M18h1 +auIqcfkuNvdJhcl2GvJyCMIbkA3AoiuKaSPgoVCmJdbc6Ao9ydmMUB5Q1rYpMNKC +MsuVP9OcX8FoHEVMXOvr0f6Wfj+iHytfO2VTqrw/cqoCyuPoSrgxjs1/cRSz5g9f +Z0zrOtQyNB5yJ3YPTG3va1/XLflrjPcT4ZUkej9nkFpCNWdEZVWD/z3vXBGSV11N +9Cdy60QbD4yZvDjV2GQ+dwAF1o1BABEBAAGJBHIEGAEKACYWIQQU8maC0JFs3YHj +e21ht7Um2Y8DUwUCZ9KQfQIbAgUJA8JnAAJACRBht7Um2Y8DU8F0IAQZAQoAHRYh +BAm+7WPzRiot/6s7h17LZJfBogJWBQJn0pB9AAoJEF7LZJfBogJW9I4QAJbv4Rhb +4x6Jl75x2Lfp46/e3fZVDhzUdLjK8A/acRF7JRBuJVJRaijJ5tngdknmlmbzfqly +zsMWUciAwVJRvijNFDeicet5zJpBRsXEUAug3iVCD1KlVvLzjCi9Eb9s6xCQjSJ8 +DZE020s41wdqtb1nziDASAkg+YH2DzpTEaZVNM39uNDKbaJLYIjKA9MV1YHArqUl +dFsoofBe4zIZRFyvMD7Gmr7Xm0IWYLrfmnenm1JJYIkvGUeVoP8dEonAVhLVwvww +ufobV0qdtMfhZsgFwf1XSHI9MtD4yAVtBqBTkfFeRLnBjJK/ywYxGqbadt1b57I4 +ywTQ16oXNrlTF1Su0I8i/fo0i/9ohNl3opN3LbaEbhT37M4xpy4MgL2Fthddc2gW +vF/8TFRaXw7LaLSR7HwO+Y0CpOtV/Ct4RzKEulY5DpV9b1JQJhpLcjMz+pBDAM3K +JuiV6Bcfoz5PZowFy74UmE02Vzk/oyuI/o4KMihy0UzWQVkOZTTu4eONktgGiZOn +RFdiLKVgeLEDXTLdhbuwGS2+wX3I7lLP9AWpK8Ahc81eUwU6MwdbfwfJ1ELtKaa/ +JmMjaWkr5aGrp88d8ePR9jYA47Z2q0esB67pRJVe0McVJlu9GQGq05S7lZKs6mi9 +dHTzeHwua//IXHMK0s3WhMU7vGwJ3E2+pTstf8AQALSwkezD3QchPV+5CAUYY7Cm +MXB6zzIU18wCS61Y8QdDvqmtWHdMVTp4xT14fS6cvB4uFzacGQJ7CVIWeZgwEFzZ +iev3dKpnUOGg0WQSwmQQA0JCg6/qS0AeUPINjhWtNcR7voCqAYeRcjo47UJclD/K +KNTCn27btHRaEmpTdTtC6sxiVElFObb3a9tHXqwLWp8gJ+NZ+6mlrvvH2hm1CAyQ +TDRYC7nN69QJrKHR8HA3AeR5figQHLwvmfQlV2erZE17GT+L5t0HxX/HKZCim91P +Apqa+7iY0eKPAG5iacABrBi9zzh/ex0ovvuxsBDKUFCSu7HIivnAVrdS/kbO1qJ5 +I3MBMp0dlQ6PS6LeZIRhxts0aPPZedsXytoL7kFLISfJ55AuhJpskz+55uviJhp/ +H3zNBYtQ+dmFmp4RRk/Nvu0zv6OGtaZy6M5X24Pbzb/OApBML84cEmb3iZie9J2Z +YW68/D96sP09x6GItCJlCIdQZkRcwmkQwgtq9sJDw92/vSGeYdRn+oCAxJ14eObC +sVwcfJARLt45btEnx+zRCAHAHQHpV6qTGT6nqg57XuM9iNNdyTGKRU+Iklgb9LRx +VAQfbn5uXYb5j2ox5pjxtbXTf9Lbo7RkygcWSKZPWmYgGsKS6jmXkDa/TyOlPxkb +aknpPbYMBztRT4Ju0VU4 +=4Dnl -----END PGP PUBLIC KEY BLOCK-----