Change log for firefox-esr package in Debian

firefox-esr (128.5.1esr-1) unstable; urgency=medium

  * New upstream release.

  * debian/rules: Switch to clang as the compiler for trixie.

  * python/mach/mach/site.py: Fix virtual environment sysconfig path
    calculation. bz#1935621.

 -- Mike Hommey <email address hidden>  Wed, 11 Dec 2024 08:52:21 +0900

firefox-esr (128.5.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-64, also known as:
    CVE-2024-11691, CVE-2024-11692, CVE-2024-11694, CVE-2024-11695,
    CVE-2024-11696, CVE-2024-11697, CVE-2024-11699.

  * debian/control*: Build depend on libdbus-1-dev rather than
    libdbus-glib-1-dev. Closes: #955891.

 -- Mike Hommey <email address hidden>  Wed, 27 Nov 2024 09:12:42 +0900

firefox-esr (128.3.1esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-51, also known as CVE-2024-9680.

  * js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h,
    js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp,
    js/src/jit/mips-shared/MacroAssembler-mips-shared.h,
    js/src/jit/mips64/MacroAssembler-mips64.cpp,
    js/src/jit/mips64/MacroAssembler-mips64.h,
    js/src/wasm/WasmGenerator.cpp, js/src/wasm/WasmSummarizeInsn.cpp: Fix
    FTBFS on mipsel64. bz#1855960.

 -- Mike Hommey <email address hidden>  Thu, 10 Oct 2024 06:42:03 +0900

firefox-esr (115.15.0esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-41, also known as:
    CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384.

 -- Mike Hommey <email address hidden>  Wed, 04 Sep 2024 05:28:04 +0900

firefox-esr (128.4.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-56, also known as:
    CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461,
    CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465,
    CVE-2024-10466, CVE-2024-10467.

 -- Mike Hommey <email address hidden>  Wed, 30 Oct 2024 06:15:11 +0900

firefox-esr (128.3.1esr-2) unstable; urgency=medium

  * debian/rules: Exclude -g from CXXFLAGS too. It's handled by the upstream
    build system, and leaving it there breaks the build on 32-bits platforms
    because the debug info is just too large to handle for the address space.
    That's how it was before the changes in 128.3.1esr-1 anyways.

 -- Mike Hommey <email address hidden>  Thu, 10 Oct 2024 11:17:26 +0900

firefox-esr (128.3.1esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-51, also known as CVE-2024-9680.

  * debian/rules: Get CXXFLAGS from dpkg-buildflags directly instead of
    deriving it from CFLAGS.
  * debian/control*: Remove build dependency on yasm.
  * debian/browser.lintian-overrides.in: Adjust lintian overrides for
    the lintian version in unstable.

 -- Mike Hommey <email address hidden>  Thu, 10 Oct 2024 05:46:02 +0900

firefox-esr (128.3.0esr-2) unstable; urgency=medium

  * debian/watch: Refreshed for firefox-esr.
  * debian/rules:
    - Fixed manual page header for firefox-esr.
    - Use a single virtualenv for preprocessing and build.
  * debian/iceweasel.*: Remove the remaining iceweasel files.
  * debian/control*:
    - Remove unnecessary dependency on autotools-dev.
    - Remove explicit dependency on dpkg-dev.
    - Remove Breaks: xul-ext-torbutton. The package was removed in bug
      #796316, 9 years ago.
  * debian/browser.lintian-overrides.in: Updated.
  * debian/source/lintian-overrides: Updated.
  * debian/copyright: Updated.

  * js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h,
    js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp,
    js/src/jit/mips-shared/MacroAssembler-mips-shared.h,
    js/src/jit/mips64/MacroAssembler-mips64.cpp,
    js/src/jit/mips64/MacroAssembler-mips64.h,
    js/src/wasm/WasmGenerator.cpp, js/src/wasm/WasmSummarizeInsn.cpp: Fix
    FTBFS on mipsel64. bz#1855960.

 -- Mike Hommey <email address hidden>  Sat, 05 Oct 2024 11:11:02 +0900

firefox-esr (128.3.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-47, also known as:
    CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-8900,
    CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399,
    CVE-2024-9400, CVE-2024-9401, CVE-2024-9402.

  * debian/control.in: Use rustc-web and cbindgen-web on bookworm and bullseye.
  * debian/control.in, debian/rules: Use gcc-11 on bookworm, working around
    #1056561.
  * debian/browser.mozconfig.in, debian/browser.preinst.in, debian/control.in,
    debian/l10n/browser-l10n.control, debian/l10n/browser-l10n.control.in,
    debian/l10n/gen, debian/rules, debian/upstream.mk: Remove support for
    buster.

 -- Mike Hommey <email address hidden>  Wed, 02 Oct 2024 07:53:32 +0900

firefox-esr (115.15.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-41, also known as:
    CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384.

 -- Mike Hommey <email address hidden>  Wed, 04 Sep 2024 05:28:04 +0900

firefox-esr (115.14.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-34, also known as:
    CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524,
    CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529,
    CVE-2024-7531.

 -- Mike Hommey <email address hidden>  Wed, 07 Aug 2024 07:10:56 +0900

firefox-esr (115.14.0esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-34, also known as:
    CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524,
    CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529,
    CVE-2024-7531.

 -- Mike Hommey <email address hidden>  Wed, 07 Aug 2024 07:10:56 +0900

firefox-esr (115.14.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-34, also known as:
    CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524,
    CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529,
    CVE-2024-7531.

 -- Mike Hommey <email address hidden>  Wed, 07 Aug 2024 07:10:56 +0900

firefox-esr (115.13.0esr-2) unstable; urgency=medium

  * gfx/cairo/libpixman/src/pixman-arm-simd-asm.S: Adjust arm assembly for
    binutils change.

 -- Mike Hommey <email address hidden>  Wed, 24 Jul 2024 08:00:28 +0900

firefox-esr (115.13.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-30, also known as:
    CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603,
    CVE-2024-6604.

  * debian/repack.py, debian/upstream.mk: Handle the upstream l10n migration
    to github.

 -- Mike Hommey <email address hidden>  Wed, 10 Jul 2024 05:11:05 +0900

firefox-esr (115.12.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-26, also known as:
    CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
    CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.

 -- Mike Hommey <email address hidden>  Wed, 12 Jun 2024 05:41:00 +0900

firefox-esr (115.12.0esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-26, also known as:
    CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
    CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.

 -- Mike Hommey <email address hidden>  Wed, 12 Jun 2024 05:41:00 +0900

firefox-esr (115.12.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-26, also known as:
    CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
    CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.

 -- Mike Hommey <email address hidden>  Wed, 12 Jun 2024 05:41:00 +0900

firefox-esr (115.11.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-22, also known as:
    CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769,
    CVE-2024-4770, CVE-2024-4777.

 -- Mike Hommey <email address hidden>  Wed, 15 May 2024 05:05:03 +0900

firefox-esr (115.10.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-19, also known as:
    CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609,
    CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864.

 -- Mike Hommey <email address hidden>  Wed, 17 Apr 2024 05:35:49 +0900

firefox-esr (115.9.1esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-16, also known as CVE-2024-29944.

 -- Mike Hommey <email address hidden>  Sat, 23 Mar 2024 05:09:32 +0900

firefox-esr (115.9.0esr-2) unstable; urgency=medium

  * debian/control*, debian/rules: Undo workaround for bug 1052002.

 -- Mike Hommey <email address hidden>  Thu, 21 Mar 2024 14:01:10 +0900

firefox-esr (115.9.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-13, also known as:
    CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616,
    CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612,
    CVE-2024-2614.

 -- Mike Hommey <email address hidden>  Wed, 20 Mar 2024 05:59:40 +0900

firefox-esr (115.8.0esr-1) unstable; urgency=medium

  * New upstream release.
    - Fixed FTBFS with python 3.12. Closes: #1061437.
  * Fixes for mfsa2024-06, also known as:
    CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549,
    CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553.

 -- Mike Hommey <email address hidden>  Wed, 21 Feb 2024 06:08:41 +0900

firefox-esr (115.7.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-02, also known as:
    CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747,
    CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
    CVE-2024-0755.

 -- Mike Hommey <email address hidden>  Wed, 24 Jan 2024 05:44:58 +0900

firefox-esr (115.7.0esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-02, also known as:
    CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747,
    CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
    CVE-2024-0755.

 -- Mike Hommey <email address hidden>  Wed, 24 Jan 2024 05:44:58 +0900

firefox-esr (115.7.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2024-02, also known as:
    CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747,
    CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
    CVE-2024-0755.

 -- Mike Hommey <email address hidden>  Wed, 24 Jan 2024 05:44:58 +0900

firefox-esr (115.6.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-54, also known as:
    CVE-2023-6856, CVE-2023-6865, CVE-2023-6857, CVE-2023-6858,
    CVE-2023-6859, CVE-2023-6860, CVE-2023-6867, CVE-2023-6861,
    CVE-2023-6862, CVE-2023-6863, CVE-2023-6864.

  * intl/locale/rust/oxilangtag-ffi/src/lib.rs: Allow to build with
    rustc < 1.65.

 -- Mike Hommey <email address hidden>  Wed, 20 Dec 2023 08:49:25 +0900

firefox-esr (115.5.0esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-50, also known as:
    CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207,
    CVE-2023-6208, CVE-2023-6209, CVE-2023-6212.

 -- Mike Hommey <email address hidden>  Wed, 22 Nov 2023 05:32:16 +0900

firefox-esr (115.5.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-50, also known as:
    CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207,
    CVE-2023-6208, CVE-2023-6209, CVE-2023-6212.

 -- Mike Hommey <email address hidden>  Wed, 22 Nov 2023 05:32:16 +0900

firefox-esr (115.4.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-46, also known as:
    CVE-2023-5721, CVE-2023-5732, CVE-2023-5724, CVE-2023-5725,
    CVE-2023-5728, CVE-2023-5730.

 -- Mike Hommey <email address hidden>  Wed, 25 Oct 2023 06:21:28 +0900

firefox-esr (102.15.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-35, also known as:
    CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4581,
    CVE-2023-4584.

 -- Mike Hommey <email address hidden>  Wed, 30 Aug 2023 05:40:53 +0900

firefox-esr (102.15.1esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fix for mfsa2023-40, also known as CVE-2023-4863.

 -- Mike Hommey <email address hidden>  Wed, 13 Sep 2023 06:24:13 +0900

firefox-esr (115.3.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-42, also known as:
    CVE-2023-5169, CVE-2023-5171, CVE-2023-5176.

  * debian/control*, debian/rules: Work around bug 1052002 by force-using
    clang-14.

 -- Mike Hommey <email address hidden>  Wed, 27 Sep 2023 05:43:46 +0900

firefox-esr (115.2.1esr-1) unstable; urgency=medium

  * New upstream release.
  * Fix for mfsa2023-40, also known as CVE-2023-4863.

  * debian/upstream.mk, debian/repack.py: Get l10n sources from zip archives.
    Thanks David Turner for the initial implementation.

 -- Mike Hommey <email address hidden>  Wed, 13 Sep 2023 06:30:23 +0900

firefox-esr (115.2.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-36, also known as:
    CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4577,
    CVE-2023-4051, CVE-2023-4578, CVE-2023-4053, CVE-2023-4580,
    CVE-2023-4581, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585.

  * debian/watch: Refresh.

 -- Mike Hommey <email address hidden>  Wed, 30 Aug 2023 06:03:46 +0900

firefox-esr (115.1.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-31, also known as:
    CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048,
    CVE-2023-4049, CVE-2023-4050, CVE-2023-4055, CVE-2023-4056,
    CVE-2023-4057.

 -- Mike Hommey <email address hidden>  Wed, 02 Aug 2023 06:15:06 +0900

firefox-esr (102.13.0esr-1~deb12u1) bookworm-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-23, also known as:
    CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-2023-37208,
    CVE-2023-37211.

  * debian/rules, media/ffvpx/config_unix64.h: Work around
    https://sourceware.org/bugzilla/show_bug.cgi?id=30578.
  * debian/upstream.mk: Unstable is trixie.

 -- Mike Hommey <email address hidden>  Wed, 05 Jul 2023 05:33:32 +0900

firefox-esr (115.0.2esr-1) unstable; urgency=medium

  * New upstream release.

  * security/nss/lib/freebl/unix_rand.c,
    security/nss/cmd/shlibsign/shlibsign.c: Unapply changes for Hurd, as
    there is no rustc there.

 -- Mike Hommey <email address hidden>  Fri, 14 Jul 2023 13:40:53 +0900

firefox-esr (102.13.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-23, also known as:
    CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-2023-37208,
    CVE-2023-37211.

  * debian/rules, media/ffvpx/config_unix64.h: Work around
    https://sourceware.org/bugzilla/show_bug.cgi?id=30578.
  * debian/upstream.mk: Unstable is trixie.

 -- Mike Hommey <email address hidden>  Wed, 05 Jul 2023 05:33:32 +0900

firefox-esr (102.12.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-19, also known as:
    CVE-2023-34414, CVE-2023-34416.

 -- Mike Hommey <email address hidden>  Wed, 07 Jun 2023 05:34:19 +0900

firefox-esr (102.11.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-17, also known as:
    CVE-2023-32205, CVE-2023-32206, CVE-2023-32207, CVE-2023-32211,
    CVE-2023-32212, CVE-2023-32213, CVE-2023-32215.

 -- Mike Hommey <email address hidden>  Wed, 10 May 2023 06:32:15 +0900

firefox-esr (102.10.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-14, also known as:
    CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539,
    CVE-2023-29541, CVE-2023-1945, CVE-2023-29548, CVE-2023-29550.

  * gfx/skia/generate_mozbuild.py, gfx/skia/moz.build: Remove explicit NEON
    flags from skia build. Closes: #982794. Thanks Emanuele Rocca.

 -- Mike Hommey <email address hidden>  Wed, 12 Apr 2023 06:37:17 +0900

firefox-esr (102.10.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-14, also known as:
    CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539,
    CVE-2023-29541, CVE-2023-1945, CVE-2023-29548, CVE-2023-29550.

 -- Mike Hommey <email address hidden>  Wed, 12 Apr 2023 06:37:17 +0900

firefox-esr (102.9.0esr-2) unstable; urgency=medium

  * gfx/skia/generate_mozbuild.py, gfx/skia/moz.build: Remove explicit NEON
    flags from skia build. Closes: #982794. Thanks Emanuele Rocca.

 -- Mike Hommey <email address hidden>  Sat, 18 Mar 2023 06:53:38 +0900

firefox-esr (102.9.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-10, also known as:
    CVE-2023-25751, CVE-2023-28164, CVE-2023-28162, CVE-2023-25752,
    CVE-2023-28176.

  * debian/browser.mozconfig.in: Disable wasm sandboxing on s390x for now.
    It doesn't work at the moment.

 -- Mike Hommey <email address hidden>  Wed, 15 Mar 2023 07:26:00 +0900

firefox-esr (102.8.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-06, also known as:
    CVE-2023-25728, CVE-2023-25730, CVE-2023-0767, CVE-2023-25735,
    CVE-2023-25737, CVE-2023-25739, CVE-2023-25729, CVE-2023-25732,
    CVE-2023-25742, CVE-2023-25744, CVE-2023-25746.

  * third_party/wasm2c/src/common.h,
    third_party/wasm2c/src/prebuilt/wasm2c.include.c,
    third_party/wasm2c/src/wasm2c.c.tmpl: Use compiler macros to detect big
    endian.

 -- Mike Hommey <email address hidden>  Wed, 15 Feb 2023 08:45:08 +0900

firefox-esr (102.7.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2023-02, also known as:
    CVE-2022-46871, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602,
    CVE-2022-46877, CVE-2023-23603, CVE-2023-23605.

  * debian/browser.mozconfig.in, debian/control*: Enable wasm sandboxing
    on bookworm.

  * dom/base/usecounters.py,
    python/mozbuild/mozbuild/action/process_define_files.py,
    python/mozbuild/mozbuild/backend/base.py,
    python/mozbuild/mozbuild/preprocessor.py,
    python/mozbuild/mozbuild/util.py,
    python/mozbuild/mozpack/files.py,
    xpcom/idl-parser/xpidl/xpidl.py: Fix FTBFS with python 3.11.
    bz#1769631, bz#1799982, Closes: #1028809.
  * build/moz.configure/compilers-util.configure,
    toolkit/moz.configure: Add more configure checks for the wasm toolchain
    setup. bz#1747145.
    toolkit/moz.configure: Allow to build without a wasi sysroot. bz#1810627

 -- Mike Hommey <email address hidden>  Wed, 18 Jan 2023 05:33:36 +0900

firefox-esr (102.6.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-52, also known as:
    CVE-2022-46880, CVE-2022-46872, CVE-2022-46881, CVE-2022-46874,
    CVE-2022-46882, CVE-2022-46878.

 -- Mike Hommey <email address hidden>  Wed, 14 Dec 2022 07:48:39 +0900

firefox-esr (102.5.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-48, also known as:
    CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406,
    CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411,
    CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420,
    CVE-2022-45421.

  * debian/rules:
    - Use internal libevent on buster.
    - Invoke python with PYTHONDONTWRITEBYTECODE instead of -B.

  * ipc/chromium/src/third_party/libevent/linux/event2/event-config.h,
    toolkit/crashreporter/client/ping.cpp: Avoid build bustage when
    building against glibc 2.36 or newer. bz#1782988.

 -- Mike Hommey <email address hidden>  Wed, 16 Nov 2022 06:20:30 +0900

firefox-esr (102.4.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-45, also known as:
    CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932.

 -- Mike Hommey <email address hidden>  Wed, 19 Oct 2022 05:04:39 +0900

firefox-esr (102.3.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-41, also known as:
    CVE-2022-40959, CVE-2022-40960, CVE-2022-40958, CVE-2022-40956,
    CVE-2022-40957, CVE-2022-40962.

 -- Mike Hommey <email address hidden>  Wed, 21 Sep 2022 06:58:15 +0900

firefox-esr (91.12.0esr-1~deb10u1) buster-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-29, also known as:
    CVE-2022-36319, CVE-2022-36318.

 -- Mike Hommey <email address hidden>  Wed, 27 Jul 2022 09:08:20 +0900

firefox-esr (78.15.0esr-1~deb10u1) buster-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2021-44, also known as CVE-2021-38496, CVE-2021-38500.

 -- Mike Hommey <email address hidden>  Wed, 06 Oct 2021 06:18:02 +0900

firefox-esr (91.13.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-35, also known as:
    CVE-2022-38472, CVE-2022-38473, CVE-2022-38478.

 -- Mike Hommey <email address hidden>  Wed, 24 Aug 2022 06:09:13 +0900

firefox-esr (102.2.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-34, also known as:
    CVE-2022-38472, CVE-2022-38473, CVE-2022-38477, CVE-2022-38478.

  * debian/rules, debian/control: Fix libavcodec recommends. Closes: #1017782.
  * debian/control*: Bump nss build dependency.

 -- Mike Hommey <email address hidden>  Wed, 24 Aug 2022 06:35:58 +0900

firefox-esr (102.1.0esr-2) unstable; urgency=medium

  * debian/rules: Remove old and now unnecessary workarounds.

  * intl/icu/source/common/unicode/std_string.h,
    intl/icu/source/common/utypeinfo.h,
    intl/icu/source/io/unicode/ustream.h: Remove workaround for old libstdc++
    problem, which now causes problems with GCC 12 on arm.
  * third_party/libwebrtc/moz.build: Add missing webrtc directory for ppc64el
    (bz#1775202).

 -- Mike Hommey <email address hidden>  Mon, 15 Aug 2022 15:46:49 +0900

firefox-esr (102.1.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-28, also known as:
    CVE-2022-36319, CVE-2022-36318, CVE-2022-36315, CVE-2022-36316,
    CVE-2022-36320, CVE-2022-2505.

  * debian/rules:
    - Improve detection of known failing cases on armhf and mipsel.
    - Use thinLTO for rust on armhf, to stay in the memory budget with an
      armhf toolchain.
    - Use MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=none instead of
      MACH_USE_SYSTEM_PYTHON=1.
  * debian/rules, debian/watch, debian/watch.in: Generate debian/watch and
    fix it.

  * third_party/libwebrtc/moz.build: Work around bz#1775202 to fix FTBFS on
    ppc64el.
  * config/makefiles/rust.mk: Allow to override rust LTO flag.

 -- Mike Hommey <email address hidden>  Sun, 14 Aug 2022 16:59:19 +0900

firefox-esr (91.12.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-29, also known as:
    CVE-2022-36319, CVE-2022-36318.

 -- Mike Hommey <email address hidden>  Wed, 27 Jul 2022 09:08:20 +0900

firefox-esr (91.11.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-25, also known as:
    CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34481,
    CVE-2022-31744, CVE-2022-34472, CVE-2022-2200, CVE-2022-34484.

  * build/moz.configure/bindgen.configure,
    gfx/webrender_bindings/webrender_ffi.h: Work around build failure with
    newer cbindgen. bz#1773259

 -- Mike Hommey <email address hidden>  Wed, 29 Jun 2022 06:30:12 +0900

firefox-esr (91.11.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-25, also known as:
    CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34481,
    CVE-2022-31744, CVE-2022-34472, CVE-2022-2200, CVE-2022-34484.

  * build/moz.configure/bindgen.configure,
    gfx/webrender_bindings/webrender_ffi.h: Work around build failure with
    newer cbindgen. bz#1773259

 -- Mike Hommey <email address hidden>  Wed, 29 Jun 2022 06:30:12 +0900

firefox-esr (91.10.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-21, also known as:
    CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740,
    CVE-2022-31741, CVE-2022-31742, CVE-2022-31747.

 -- Mike Hommey <email address hidden>  Wed, 01 Jun 2022 05:24:22 +0900

firefox-esr (91.9.1esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-19, also known as CVE-2022-1802 and CVE-2022-1529.

 -- Mike Hommey <email address hidden>  Sat, 21 May 2022 06:22:04 +0900

firefox-esr (91.9.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-17, also known as
    CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911,
    CVE-2022-29912, CVE-2022-29917.

 -- Mike Hommey <email address hidden>  Wed, 04 May 2022 06:43:23 +0900

firefox-esr (91.8.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-14, also known as
    CVE-2022-1097, CVE-2022-28281, CVE-2022-1196, CVE-2022-28282,
    CVE-2022-28285, CVE-2022-28286, CVE-2022-24713, CVE-2022-28289.

 -- Mike Hommey <email address hidden>  Wed, 06 Apr 2022 08:13:44 +0900

firefox-esr (91.7.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-11, also known as
    CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381,
    CVE-2022-26386.

 -- Mike Hommey <email address hidden>  Wed, 09 Mar 2022 06:47:37 +0900

firefox-esr (91.6.1esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-09, also known as CVE-2022-26485, CVE-2022-26486.

 -- Mike Hommey <email address hidden>  Sun, 06 Mar 2022 07:31:23 +0900

firefox-esr (91.6.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-05, also known as:
    CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760,
    CVE-2022-22761, CVE-2022-22763, CVE-2022-22764.

 -- Mike Hommey <email address hidden>  Wed, 09 Feb 2022 07:37:27 +0900

firefox-esr (91.5.1esr-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey <email address hidden>  Mon, 31 Jan 2022 07:18:30 +0900

firefox-esr (91.5.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2022-02, also known as:
    CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740,
    CVE-2022-22738, CVE-2022-22737, CVE-2021-4140, CVE-2022-22748,
    CVE-2022-22745, CVE-2022-22747, CVE-2022-22739, CVE-2022-22751.

  * netwerk/base/SimpleChannel.*, netwerk/base/nsBaseChannel.*,
    netwerk/protocol/res/ExtensionProtocolHandler.cpp,
    netwerk/protocol/res/PageThumbProtocolHandler.cpp,
    toolkit/components/places/nsAnnoProtocolHandler.cpp,
    dom/file/ipc/RemoteLazyInputStream.cpp: Apply upstream patches to fix
    excessive CPU usage in web extensions. bz#1706594, bz#1735899.
    Closes: #1002868.

 -- Mike Hommey <email address hidden>  Wed, 12 Jan 2022 06:58:53 +0900

firefox-esr (78.15.0esr-1~deb11u1) bullseye-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2021-44, also known as CVE-2021-38496, CVE-2021-38500.

 -- Mike Hommey <email address hidden>  Wed, 06 Oct 2021 06:18:02 +0900

firefox-esr (91.4.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes cubeb deadlock. Closes: #998679.
  * Fixes for mfsa2021-53, also known as:
    CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,
    CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545,
    CVE-2021-43546, MOZ-2021-0009.

 -- Mike Hommey <email address hidden>  Wed, 08 Dec 2021 06:38:58 +0900

firefox-esr (91.3.0esr-2) unstable; urgency=medium

  * debian/firefox.in: Use `command -v` instead of `which`. Closes: #996455.

  * modules/fdlibm/src/math_private.h: Fix FTBFS on i386. bz#1729459.
  * .cargo/config.in, Cargo.lock, Cargo.toml,
    third_party/rust/cc/.cargo-checksum.json,
    third_party/rust/cc/Cargo.toml, third_party/rust/cc/src/lib.rs,
    third_party/rust/cc/src/windows_registry.rs: Update cc crate to
    b2f6b146b75299c444e05bbde50d03705c7c4b6e, aka 1.0.71 + GCC-11 fix for
    armhf. bz#1739040.

 -- Mike Hommey <email address hidden>  Sat, 27 Nov 2021 06:50:56 +0900

firefox-esr (91.3.0esr-1) unstable; urgency=medium

  * New upstream release.
  * Fixes for mfsa2021-49, also known as:
    CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
    MOZ-2021-0008, CVE-2021-38508, CVE-2021-38509, MOZ-2021-0007.
    (MOZ-* pending CVE assignment)

 -- Mike Hommey <email address hidden>  Wed, 03 Nov 2021 06:04:59 +0900

firefox-esr (78.14.0esr-1~deb10u1) buster-security; urgency=medium

  * New upstream release.
  * Fixes for mfsa2021-39, also known as CVE-2021-38493.

  * debian/import-tar.py, debian/repack.py: Fixed for python 3.9.

 -- Mike Hommey <email address hidden>  Wed, 08 Sep 2021 06:35:55 +0900