From 0f9647dbd2cfc4e97d01d911851a7e71cdda2dd1 Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Fri, 17 Apr 2026 16:40:30 +0800
Subject: [PATCH] [CVE][Upstream] Update to firefox-140.9.1 to fix
 CVE-2026-33416, CVE-2026-5734, CVE-2026-5732, CVE-2026-4723, CVE-2026-3713

To #bug32916, #bug32993, #bug32905, #bug33228, #bug32895
Update firefox to firefox-140.9.1 to fix CVE-2026-33416, CVE-2026-5734, CVE-2026-5732, CVE-2026-4723, CVE-2026-3713
Project: TC2024080204
Signed-off-by: tomcruiseqi <tomcruiseqi@inspur.com>
---
 download     |  6 +++---
 firefox.spec | 10 +++++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/download b/download
index fa572a8..6821d39 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-2212716729d8e809528a59180515454e  firefox-140.9.0esr.source.tar.xz
-a132be6b071854eeabc283c5faa535b3  firefox-langpacks-140.9.0esr.tar.xz
+103fe7c744de0328e6c957ea399ef76b  firefox-140.9.1esr.source.tar.xz
+67b22313e94311cb3b8d8c086d6982d8  firefox-langpacks-140.9.1esr-20260408.tar.xz
 67056dedd58324bc0f08727400bb5273  cbindgen-vendor.tar.xz
-b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
+b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
\ No newline at end of file
diff --git a/firefox.spec b/firefox.spec
index d3f8a3c..7e60692 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -60,7 +60,7 @@
 
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        140.9.0
+Version:        140.9.1
 #128.14.0
 Release:        %{anolis_release}%{?dist}
 URL:            https://www.mozilla.org/firefox/
@@ -73,7 +73,7 @@ License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%%{version}%%{?pre_version}/source/firefox-%%{version}%%{?pre_version}.source.tar.xz
 Source0:        https://ftp.mozilla.org/pub/firefox/releases/%{version}esr/source/firefox-%{version}esr.source.tar.xz
 %if %{with langpacks}
-Source1:        firefox-langpacks-%{version}esr.tar.xz
+Source1:        firefox-langpacks-%{version}esr-20260408.tar.xz
 %endif
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
@@ -1594,6 +1594,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 #---------------------------------------------------------------------
 %changelog
+* Fri Apr 17 2026 tomcruiseqi <tomcruiseqi@inspur.com> - 140.9.1-1
+- Update to firefox-140.9.1
+- Fix CVE-2026-33416, CVE-2026-5734, CVE-2026-5732, CVE-2026-4723, CVE-2026-3713
+
 * Fri Mar 27 2026 lzq11122 <lzq02303433@alibaba-inc.com> - 140.9.0-1
 - Update to 140.9.0 to fix cves
 
@@ -1686,4 +1690,4 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 - change firefox-anolis-default-prefs.js url
 
 * Fri Apr 21 2023 Chunmei Xu <xuchunmei@linux.alibaba.com> - 112.0.1-1
-- init from upstream
+- init from upstream
\ No newline at end of file
-- 
Gitee