From 39595480b12ace5fa8d9d4e2d9a254b0ae2b6cbc Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Wed, 23 Apr 2025 14:20:49 +0800
Subject: [PATCH] [CVE] FIX multiple CVEs

to #19578
update to 128.9.0 to fix CVE-2024-8176 CVE-2024-26282 CVE-2024-10474 CVE-2025-1937 CVE-2025-2368 CVE-2025-2584 CVE-2025-29927 CVE-2025-3034 CVE-2025-2857 CVE-2025-3030 CVE-2025-3028 CVE-2025-3033 CVE-2025-3032 CVE-2025-3029 CVE-2025-3031 CVE-2025-0245 CVE-2025-0244 CVE-2025-0246 CVE-2025-30218 CVE-2025-3028 CVE-2025-3028 CVE-2025-3029 CVE-2024-51479 CVE-2025-3028 CVE-2024-7531
Project: TC2024080204
Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
---
 download     | 4 ++--
 firefox.spec | 9 ++++++---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/download b/download
index 41409f3..5541cde 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-8d2e8b9115580dcbdeafeee60699ec81  firefox-128.3.1esr.source.tar.xz
+828d266587cade88bc2e028483332f44  firefox-128.9.0esr.source.tar.xz
+fcfc7957f33934068b81ef12265a3e96  firefox-langpacks-128.9.0esr-20250331.tar.xz
 fc25f988b87b5187d4e2f006efa699a3  cbindgen-vendor.tar.xz
 b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
-cb946f6aae2abd13f4141ecb2872c343  firefox-langpacks-128.3.1esr-20241009.tar.xz
diff --git a/firefox.spec b/firefox.spec
index 458edbe..86af44f 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 1
 %define homepage %(grep '^HOME_URL\s*=' /etc/os-release | sed 's/^HOME_URL\s*=//;s/^\s*"//;s/"\s*$//')
 
 # Produce debug (non-optimized) package build. Suitable for debugging only
@@ -60,7 +60,7 @@
 
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        128.3.1
+Version:        128.9.0
 Release:        %{anolis_release}%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
@@ -72,7 +72,7 @@ License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%%{version}%%{?pre_version}/source/firefox-%%{version}%%{?pre_version}.source.tar.xz
 Source0:        https://ftp.mozilla.org/pub/firefox/releases/%{version}esr/source/firefox-%{version}esr.source.tar.xz
 %if %{with langpacks}
-Source1:        firefox-langpacks-%{version}%{?pre_version}-20241009.tar.xz
+Source1:        firefox-langpacks-%{version}%{?pre_version}-20250331.tar.xz
 %endif
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
@@ -1575,6 +1575,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 #---------------------------------------------------------------------
 %changelog
+* Wed Apr 23 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 128.9.0-1
+- Update to 128.9.0 to fix CVE-2024-8176 CVE-2024-26282 CVE-2024-10474 CVE-2025-1937 CVE-2025-2368 CVE-2025-2584 CVE-2025-29927 CVE-2025-3034 CVE-2025-2857 CVE-2025-3030 CVE-2025-3028 CVE-2025-3033 CVE-2025-3032 CVE-2025-3029 CVE-2025-3031 CVE-2025-0245 CVE-2025-0244 CVE-2025-0246 CVE-2025-30218 CVE-2025-3028 CVE-2025-3028 CVE-2025-3029 CVE-2024-51479 CVE-2025-3028 CVE-2024-7531
+
 * Fri Feb  7 2025 Wenlong Zhang <zhangwenlong@loongson.cn> - 128.3.1-3
 - fix libpng skia build failed for loongarch64
 
-- 
Gitee