- New version (3.121).
- Certificate Authority Changes:
  + Add CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497

- mozilla: sync with nss-3.121.

- Add new installer-common-base-stage2 to the squashfs packages.

- New version (147.0.2).
- Fixes:
  + CVE-2026-24868: Mitigation bypass in the Privacy: Anti-Tracking component
  + CVE-2026-24869: Use-after-free in the Layout: Scrolling and Overflow component

- New version (147.0.1).

- Update from p10 to p11 branch.

- editions/education: up license version 11.0 -> 11.1

- components/education-robotics: set arch x86_64 for gz-sim

- Remove duplicate link to Yandex zen channel Basealt in indexhtml.
- Update product-logo.png.
- Update grub.jpg.
- Return grub config and remove language setting up in grub.

- New version (3.119).

- mozilla: sync with nss-3.118.1.

- Fix the verification in checkinstall with an extra space in label start.

- New version.

- New version (146.0.1).
- Fixes:
  + CVE-2025-14860: Use-after-free in the Disability Access APIs component
  + CVE-2025-14861: Memory safety bugs fixed in Firefox 146.0.1

- New version.
- Fixes:
  + CVE-2025-13021: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13022: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13012: Race condition in the Graphics component
  + CVE-2025-13023: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2025-13024: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-13025: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13026: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component
  + CVE-2025-13018: Mitigation bypass in the DOM: Security component
  + CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component
  + CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component
  + CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component
  + CVE-2025-13014: Use-after-free in the Audio/Video component
  + CVE-2025-13015: Spoofing issue in Thunderbird
  + CVE-2025-13027: Memory safety bugs fixed in Firefox 145 and Thunderbird 145

- Add a new built-in "debug" step.

- New version (145.0).
- Fixes:
  + CVE-2025-13021: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13022: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13012: Race condition in the Graphics component
  + CVE-2025-13023: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2025-13024: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-13025: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13026: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component
  + CVE-2025-13018: Mitigation bypass in the DOM: Security component
  + CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component
  + CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component
  + CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component
  + CVE-2025-13014: Use-after-free in the Audio/Video component
  + CVE-2025-13015: Spoofing issue in Firefox
  + CVE-2025-13027: Memory safety bugs fixed in Firefox 145 and Thunderbird 145

- alterator-kopidel: update help for 1.0.6

- New version.
- Fix the new_argv to match the standard argv format in the wrapper.

- New version (144.0).
- Fixes:
  + CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
  + CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures
  + CVE-2025-11710: Cross-process information leaked due to malicious IPC messages
  + CVE-2025-11711: Some non-writable Object properties could be modified
  + CVE-2025-11716: Sandboxed iframes allowed links to open in external apps (Android only)
  + CVE-2025-11717: The password edit screen was not hidden in Android card view
  + CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
  + CVE-2025-11718: Address bar could be spoofed on Android using visibilitychange
  + CVE-2025-11713: Potential user-assisted code execution in "Copy as cURL" command
  + CVE-2025-11719: Use-after-free caused by the native messaging web extension API on Windows
  + CVE-2025-11720: Spoofing risk in Android custom tabs
  + CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11721: Memory safety bug fixed in Firefox 144 and Thunderbird 144

- components: remove alt-domain-server from education-server-apps

- server-apps: Stop requiring alt-domain-server.

- steps: add sysconfig-proxy

- installer-steps: Replace vm-blonde with vm-ortodox.
- installer-steps: Move sysconfig-proxy step after installer-network step.

- Improve logging.
- Stop installer and print error message if failed to mount_chroot.
- Check archive availability also in /usr/share/install2/metadata.
- Remove installing grub action.
- Add Vcs tag to the spec file.
- Stop joining the parts in copied-fs.tar (thx to alterator-kopidel 1.0.0):
  + Increase the speed of system installation.
  + Reduce the required disk space.

- alterator-kopidel:
  + enhance russian translations (Closes: 56362)
  + new translations from 1.0.5

- CLI: Disable debug output.
- Wait until all the queued udev events are processed for the dev in use only.

- New version (3.117).
- Fix FTBFS in mozilla products.
- Certificate Authority Changes:
  + Add CN=OISTE Client Root ECC G1
  + Add CN=OISTE Client Root RSA G1
  + Add CN=OISTE Server Root ECC G1
  + Add CN=OISTE Server Root RSA G1

- mozilla: sync with nss-3.115.1.

- New version (1.89.0).
- Add wasm32-unknown-unknown target support (Closes: 55591).

- New version.
- Fixes:
  + CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
  + CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
  + CVE-2025-10529: Same-origin policy bypass in the Layout component
  + CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android
  + CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component
  + CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component
  + CVE-2025-10533: Integer overflow in the SVG component
  + CVE-2025-10534: Spoofing issue in the Site Permissions component
  + CVE-2025-10536: Information disclosure in the Networking: Cache component
  + CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143

- New version (143.0).
- Fixes:
  + CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
  + CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
  + CVE-2025-10529: Same-origin policy bypass in the Layout component
  + CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android
  + CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component
  + CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component
  + CVE-2025-10533: Integer overflow in the SVG component
  + CVE-2025-10534: Spoofing issue in the Site Permissions component
  + CVE-2025-10535: Information disclosure, mitigation bypass in the Privacy component in Firefox for Android
  + CVE-2025-10536: Information disclosure in the Networking: Cache component
  + CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143

- Fixed FTBFS (temporarily xfail nss dbm tests).

- 0.79.20 -> 0.79.21.

- Backported fixes for https://github.com/389ds/389-ds-base/issues/6857

- Update to 25.07.5.

- fix FTBFS (Closes: #55722)

- NMU: Add 'Conflicts: grass' (Closes: #55046)

- new version

- 2.8.1

- 9.32.0
- drop rgmanager and heartbeat support

- Update to new version 20.1.7 (thanks nash@).

- New version.

- Backport new version with security fixes to p11 branch.

- New ESR version.
- Security fixes:
  + CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance()
  + CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures
  + CVE-2025-11710 Cross-process information leaked due to malicious IPC messages
  + CVE-2025-11711 Some non-writable Object properties could be modified
  + CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
  + CVE-2025-11713 Potential user-assisted code execution in 'Copy as cURL' command
  + CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144

- Update links and navigation in the "About" page (indexhtml):
  + Update telegram channel link URL.
  + Update links to English pages.
  + Remove the course schedule URL because it leads to a 404 error.
  + Update feedback link URL.
  + Improve navigation and add new links.

- New version (141.0.2).

- New version.
- Fixes:
  + CVE-2025-8027: JavaScript engine only wrote partial return value to stack
  + CVE-2025-8028: Large branch table could lead to truncated instruction
  + CVE-2025-8029: javascript: URLs executed on object and embed tags
  + CVE-2025-8036: DNS rebinding circumvents CORS
  + CVE-2025-8037: Nameless cookies shadow secure cookies
  + CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command
  + CVE-2025-8043: Incorrect URL truncation
  + CVE-2025-8031: Incorrect URL stripping in CSP reports
  + CVE-2025-8032: XSLT documents could bypass CSP
  + CVE-2025-8038: CSP frame-src was not correctly enforced for paths
  + CVE-2025-8039: Search terms persisted in URL bar
  + CVE-2025-8033: Incorrect JavaScript state machine for generators
  + CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141
  + CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
  + CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
  + CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

- Update to 20.1.7.

- New version (1.88.0).

- Fix FTBFS: backport new version to p11 branch.

- New version.
- Security fixes:
  + CVE-2025-5986: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

- Use %thunderbird_arch to specify supported architectures.

- New version (3.113).

- New version.

- New version (140.0.2).

- Add a working directory check to the CLI.
- Fix create_disk_partition_info for BTRFS only subvolume setup.
- Stop using stdbuf to handle steps stdout.
- Add support for translating the menuentry in grub.

- New version (1.87.0).

- New version (3.110).

- New version.
- Change group tag from File tools to Development/Tools.
- Update VCS, URL and summary.

- New version (138.0.1).
- Disable sponsored shortcuts on the New Tab page.
- Security fixes:
  + CVE-2025-2817: Privilege escalation in Firefox Updater
  + CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS
  + CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames
  + CVE-2025-4085: Potential information leakage and privilege escalation in UITour actor
  + CVE-2025-4086: Specially crafted filename could be used to obscure download type
  + CVE-2025-4087: Unsafe attribute access during XPath parsing
  + CVE-2025-4088: Cross-site request forgery via storage access API redirects
  + CVE-2025-4089: Potential local code execution in "copy as cURL" command
  + CVE-2025-4090: Leaked library paths in Firefox for Android
  + CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10
  + CVE-2025-4092: Memory safety bugs fixed in Firefox 138 and Thunderbird 138

- First build for ALT.

- New version.
- Disable debug mode.
- Stop putting commonDialogs.properties into shared memory (closes: 50737).

- FTBFS: fixed build with new thunderbird.

- New version.

- New version.
- Remove duplication in the desktop file (closes: 52475).
- Security fixes:
  + CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL
  + CVE-2025-2830: Information Disclosure of /tmp directory listing
  + CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL

- New version (1.86.0).

- NMU: Fix FTBFS with rust 1.86.0.

- New version.
- Set the MOZ_APP_REMOTINGNAME variable.
- Security fixes:
  + CVE-2025-3028: Use-after-free triggered by XSLTProcessor
  + CVE-2025-3031: JIT optimization bug with different stack slot sizes
  + CVE-2025-3032: Leaking file descriptors from the fork server
  + CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
  + CVE-2025-3033: Opening local .url files could lead to another file being opened
  + CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
  + CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

- mozilla: sync with nss-3.108.

- New version (3.109).

- New version (136.0.2).
- Set the MOZ_APP_REMOTINGNAME variable (closes: 52594, 53117).
- Update desktop file.

- New version (1.85.1).

- New version (1.85.0).

- NMU:
  + remove unnecessary BuildRequires and Requires
  + rog-gui: add Requires on asusctl
  + add Vcs

- Ignore all NFS when copying (thx protvin@).

- New version.
- Security fixes:
  + CVE-2024-43097: Overflow when growing an SkRegion's RunArray
  + CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process
  + CVE-2025-1931: Use-after-free in WebTransportChild
  + CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access
  + CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
  + CVE-2025-1934: Unexpected GC during RegExp bailout processing
  + CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
  + CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
  + CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
  + CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

- New version.

- New version (135.0.1).
- Security fixes:
  + CVE-2025-1414: Memory safety bugs fixed in Firefox 135.0.1

- Add ISO9660 level 3 images support (thanks proskur@).
- Fix License tag according to SPDX.

- New version (1.84.1).

- Fix the Russian translation of the character '&&' (logical AND).

- New version (3.107).
- Certificate Authority Changes:
  + Remove CN=SecureSign RootCA11
  + Remove CN=Security Communication RootCA3

- mozilla: sync with nss-3.107.

- New version (134.0.2).

- New version (1.84.0).

- New version.
- Use an upstream service.

- New version (1.83.0).
- Change the llvm version to 18.
- Leave libstd.so in rustlib.

- new version 1.10.1

- New version.

- New version.
- Configurator: add Russian translation to PolicyKit file.

- New ESR version.

- New version (133.0.0).
- Security fixes:
  + CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
  + CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation on Android
  + CVE-2024-11692: Select list elements could be shown over another site
  + CVE-2024-11701: Misleading Address Bar State During Navigation Interruption
  + CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing Mode on Android
  + CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows
  + CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
  + CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  + CVE-2024-11703: Password access without authentication via PIN bypass on Android
  + CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
  + CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog
  + CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
  + CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
  + CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
  + CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
  + CVE-2024-11708: Data race with PlaybackParams
  + CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5

- New ESR version.
- Security fixes:
  + CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
  + CVE-2024-11692: Select list elements could be shown over another site
  + CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows
  + CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
  + CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  + CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
  + CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog
  + CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
  + CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5

- New version.
- Security fixes:
  + CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
  + CVE-2024-11692: Select list elements could be shown over another site
  + CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows
  + CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
  + CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  + CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
  + CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog
  + CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
  + CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5

- New version (1.82.0).

- New version.

- New version.

- New version.
- Fix the unknown version output with the --version flag.