From b3e6d400923850441d6f0e01483fc9506115e10c Mon Sep 17 00:00:00 2001
From: wenxin <wx02272781@alibaba-inc.com>
Date: Mon, 22 Dec 2025 11:02:08 +0800
Subject: [PATCH] update to 140.6.0 to fix cves

---
 download     |  4 ++--
 firefox.spec | 12 +++++++++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/download b/download
index 95a9f13..b6efc45 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-c9b54b9d49c18146a3aada80bc8de65f  firefox-140.5.0esr.source.tar.xz
-439c7c2acf5cfd4d730f4c6b14fd10ce  firefox-langpacks-140.5.0esr.tar.xz
+54b8da734171a55493683440b7ce6cb9  firefox-140.6.0esr.source.tar.xz
+cd7adad68cb7283eff01d9abd0451aad  firefox-langpacks-140.6.0esr.tar.xz
 67056dedd58324bc0f08727400bb5273  cbindgen-vendor.tar.xz
 b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
diff --git a/firefox.spec b/firefox.spec
index 175214f..e563a51 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 1
 %define homepage %(grep '^HOME_URL\s*=' /etc/os-release | sed 's/^HOME_URL\s*=//;s/^\s*"//;s/"\s*$//')
 
 # Produce debug (non-optimized) package build. Suitable for debugging only
@@ -60,7 +60,7 @@
 
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        140.5.0
+Version:        140.6.0
 #128.14.0
 Release:        %{anolis_release}%{?dist}
 URL:            https://www.mozilla.org/firefox/
@@ -73,7 +73,7 @@ License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%%{version}%%{?pre_version}/source/firefox-%%{version}%%{?pre_version}.source.tar.xz
 Source0:        https://ftp.mozilla.org/pub/firefox/releases/%{version}esr/source/firefox-%{version}esr.source.tar.xz
 %if %{with langpacks}
-Source1:        firefox-langpacks-140.5.0esr.tar.xz
+Source1:        firefox-langpacks-%{version}esr.tar.xz
 %endif
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
@@ -1573,6 +1573,12 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 #---------------------------------------------------------------------
 %changelog
+* Mon Dec 22 2025 wenxin <wx02272781@alibaba-inc.com> - 140.6.0-1
+- update to 140.6.0
+- fix CVE-2025-14321,CVE-2025-14322,CVE-2025-14323,CVE-2025-14324,
+  CVE-2025-14325,CVE-2025-14328,CVE-2025-14329,CVE-2025-14330,
+  CVE-2025-14331.CVE-2025-14333
+
 * Fri Dec 05 2025 mgb01105731 <mgb01105731@alibaba-inc.com> 140.5.0-2
 - Enable loongarch
 
-- 
Gitee