Сопровождающий Ajrat Makhmutov в ветке sisyphus: Информация

- Update from p10 to p11 branch.
- editions/education: up license version 11.0 -> 11.1
- components/education-robotics: set arch x86_64 for gz-sim
- Remove sysconfig-proxy step from installer steps.
- Remove duplicate link to Yandex zen channel Basealt in indexhtml.
- Update product-logo.png.
- Update grub.jpg.
- Return grub config and remove language setting up in grub.
- New version.
- Remove yandex from education edition.
- New version.
- New version (146.0.1).
- Fixes:
  + CVE-2025-14860: Use-after-free in the Disability Access APIs component
  + CVE-2025-14861: Memory safety bugs fixed in Firefox 146.0.1
- Remove outdated "Requires" tags (Closes: 57148).
- New version.
- Fixes:
  + CVE-2025-14321: Use-after-free in the WebRTC: Signaling component
  + CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
  + CVE-2025-14323: Privilege escalation in the DOM: Notifications component
  + CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14326: Use-after-free in the Audio/Video: GMP component
  + CVE-2025-14327: Spoofing issue in the Downloads Panel component
  + CVE-2025-14328: Privilege escalation in the Netmonitor component
  + CVE-2025-14329: Privilege escalation in the Netmonitor component
  + CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14331: Same-origin policy bypass in the Request Handling component
  + CVE-2025-14332: Memory safety bugs fixed in Firefox 146 and Thunderbird 146
  + CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
- New version (146.0).
- Fixes:
  + CVE-2025-14321: Use-after-free in the WebRTC: Signaling component
  + CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
  + CVE-2025-14323: Privilege escalation in the DOM: Notifications component
  + CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14326: Use-after-free in the Audio/Video: GMP component
  + CVE-2025-14327: Spoofing issue in the Downloads Panel component
  + CVE-2025-14328: Privilege escalation in the Netmonitor component
  + CVE-2025-14329: Privilege escalation in the Netmonitor component
  + CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14331: Same-origin policy bypass in the Request Handling component
  + CVE-2025-14332: Memory safety bugs fixed in Firefox 146 and Thunderbird 146
  + CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
- New version (3.119).
- New version.
- New version.
- New version.
- New version.
- New version.
- New version (3.118.1).
- Certificate Authority Changes:
  + Remove CN=CommScope Public Trust ECC Root-01
  + Remove CN=CommScope Public Trust ECC Root-02
  + Remove CN=CommScope Public Trust RSA Root-01
  + Remove CN=CommScope Public Trust RSA Root-02
- mozilla: sync with nss-3.118.1.
- Fix the verification in checkinstall with an extra space in label start.
- New version.
- New version.
- New version (145.0.1).
- New version.
- Fixes:
  + CVE-2025-13021: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13022: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13012: Race condition in the Graphics component
  + CVE-2025-13023: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2025-13024: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-13025: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13026: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component
  + CVE-2025-13018: Mitigation bypass in the DOM: Security component
  + CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component
  + CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component
  + CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component
  + CVE-2025-13014: Use-after-free in the Audio/Video component
  + CVE-2025-13015: Spoofing issue in Thunderbird
  + CVE-2025-13027: Memory safety bugs fixed in Firefox 145 and Thunderbird 145
- alterator-kopidel: update help for 1.0.6
- New version (145.0).
- Fixes:
  + CVE-2025-13021: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13022: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13012: Race condition in the Graphics component
  + CVE-2025-13023: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2025-13024: JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-13025: Incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13026: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
  + CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component
  + CVE-2025-13018: Mitigation bypass in the DOM: Security component
  + CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component
  + CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component
  + CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component
  + CVE-2025-13014: Use-after-free in the Audio/Video component
  + CVE-2025-13015: Spoofing issue in Firefox
  + CVE-2025-13027: Memory safety bugs fixed in Firefox 145 and Thunderbird 145
- Stop renaming the jar file.
- New version after being removed from sisyphus.
- Build from the upstream git repo.
- Build with the xgradle.
- New version after being removed from sisyphus.
- Build from the upstream git repo.
- Build with the xgradle.
- Build without javadoc.
- New version.
- New version (144.0.2).
- Fixes:
  + CVE-2025-12380: Use-after-free in WebGPU internals triggered from a compromised child process
- New version.
- New version.
- First build for ALT.
- CLI: Disable debug output.
- Wait until all the queued udev events are processed for the dev in use only.
- components: remove alt-domain-server from education-server-apps
- server-apps: Stop requiring alt-domain-server.
- CLI: Specify that the -s, --step flag is for testing only (Closes: 56014).
- alterator-kopidel:
  + enhance russian translations (Closes: 56362)
  + new translations from 1.0.5
- Fix FTBFS on x86_64 with GCC 14 by adding PIC flags.
- New version.
- Fix the new_argv to match the standard argv format in the wrapper.
- Speed up the search for ignored files
  when using regular expressions (Closes: 55999).
- Remove fonts-ttf-ms from education edition.
- Fix the changelog for the 0.9.2-alt1.
- New version.
- Fixes:
  + CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
  + CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures
  + CVE-2025-11710: Cross-process information leaked due to malicious IPC messages
  + CVE-2025-11711: Some non-writable Object properties could be modified
  + CVE-2025-11716: Sandboxed iframes allowed links to open in external apps (Android only)
  + CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
  + CVE-2025-11713: Potential user-assisted code execution in "Copy as cURL" command
  + CVE-2025-11719: Use-after-free caused by the native messaging web extension API on Windows
  + CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11721: Memory safety bug fixed in Firefox 144 and Thunderbird 144
- New version (144.0).
- Fixes:
  + CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
  + CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures
  + CVE-2025-11710: Cross-process information leaked due to malicious IPC messages
  + CVE-2025-11711: Some non-writable Object properties could be modified
  + CVE-2025-11716: Sandboxed iframes allowed links to open in external apps (Android only)
  + CVE-2025-11717: The password edit screen was not hidden in Android card view
  + CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
  + CVE-2025-11718: Address bar could be spoofed on Android using visibilitychange
  + CVE-2025-11713: Potential user-assisted code execution in "Copy as cURL" command
  + CVE-2025-11719: Use-after-free caused by the native messaging web extension API on Windows
  + CVE-2025-11720: Spoofing risk in Android custom tabs
  + CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11721: Memory safety bug fixed in Firefox 144 and Thunderbird 144
- New version (3.117).
- Fix FTBFS in mozilla products.
- Certificate Authority Changes:
  + Add CN=OISTE Client Root ECC G1
  + Add CN=OISTE Client Root RSA G1
  + Add CN=OISTE Server Root ECC G1
  + Add CN=OISTE Server Root RSA G1
- New version.
- New version (143.0.4).
- Fix not ignoring regular expressions from
  the default-ignored-files.txt (Closes: 56016).
- UI: Fix the compression warning when switching
  to another image creating method (Closes: 55998).
- libexec/check-fs-features.sh: Remove ntfs from BAD_FS (Closes: 55997).
- Add the ability to run the kopidel from a regular user (Closes: 55996).
- Add the restart of the alteratord service after installation.
- alterator-kopidel: Fix the russian translation
  of the custom list of ignored files
- xfce: Replace the requirement from xfce4-full to xfce4-default.
- xfce: Get rid of xfce4-dict.
- installer-steps: Replace vm-blonde with vm-ortodox.
- installer-steps: Move sysconfig-proxy step after installer-network step.
- Enable going back to change package set in vm/blonde.
- Add default edition to os-release and dconf.
- Return indexhtml to menu and desktop.
- steps: add sysconfig-proxy
- installer-steps:
  + Add sysconfig-proxy step.
  + Select additional applications before
    partitioning the disk and check for free space.
- Components: replace components module with alt-components launcher (Closes: 54844, 56088).
- New version (3.116).
- New version.
- Fixes:
  + CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
  + CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
  + CVE-2025-10529: Same-origin policy bypass in the Layout component
  + CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android
  + CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component
  + CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component
  + CVE-2025-10533: Integer overflow in the SVG component
  + CVE-2025-10534: Spoofing issue in the Site Permissions component
  + CVE-2025-10536: Information disclosure in the Networking: Cache component
  + CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
- New version (143.0).
- Fixes:
  + CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
  + CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
  + CVE-2025-10529: Same-origin policy bypass in the Layout component
  + CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android
  + CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component
  + CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component
  + CVE-2025-10533: Integer overflow in the SVG component
  + CVE-2025-10534: Spoofing issue in the Site Permissions component
  + CVE-2025-10535: Information disclosure, mitigation bypass in the Privacy component in Firefox for Android
  + CVE-2025-10536: Information disclosure in the Networking: Cache component
  + CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143

Сопровождающий Ajrat Makhmutov в ветке sisyphus: Информация

Последние изменения

#404884 отправлено Ajrat Makhmutov

#404192 отправлено Ajrat Makhmutov

#404017 отправлено Ajrat Makhmutov

#403619 отправлено Ajrat Makhmutov

#403600 отправлено Ajrat Makhmutov

#403450 отправлено Ajrat Makhmutov

#403407 отправлено Ajrat Makhmutov

#403398 отправлено Ajrat Makhmutov

#403400 отправлено Ajrat Makhmutov

#403405 отправлено Ajrat Makhmutov

#402523 отправлено Ajrat Makhmutov

#402524 отправлено Ajrat Makhmutov

#402027 отправлено Ajrat Makhmutov

#402514 отправлено Ajrat Makhmutov

#402303 отправлено Ajrat Makhmutov

#402029 отправлено Ajrat Makhmutov

#402031 отправлено Ajrat Makhmutov

#401729 отправлено Ajrat Makhmutov

#400858 отправлено Ajrat Makhmutov

#401112 отправлено Ajrat Makhmutov

#400930 отправлено Ajrat Makhmutov

#400702 отправлено Ajrat Makhmutov

#400266 отправлено Ajrat Makhmutov

#400012 отправлено Ajrat Makhmutov

#399841 отправлено Ajrat Makhmutov

#399634 отправлено Ajrat Makhmutov

#399091 отправлено Ajrat Makhmutov

#398651 отправлено Ajrat Makhmutov

#398221 отправлено Ajrat Makhmutov

#397931 отправлено Ajrat Makhmutov

#397866 отправлено Ajrat Makhmutov

#397810 отправлено Ajrat Makhmutov

#397726 отправлено Ajrat Makhmutov

#397700 отправлено Ajrat Makhmutov

#397661 отправлено Ajrat Makhmutov

#397425 отправлено Ajrat Makhmutov

#397372 отправлено Ajrat Makhmutov

#397240 отправлено Ajrat Makhmutov

#397210 отправлено Ajrat Makhmutov

#397202 отправлено Ajrat Makhmutov

#396308 отправлено Ajrat Makhmutov

#396895 отправлено Ajrat Makhmutov

#396668 отправлено Ajrat Makhmutov

#396511 отправлено Ajrat Makhmutov

#396509 отправлено Ajrat Makhmutov

#396147 отправлено Ajrat Makhmutov

#395983 отправлено Ajrat Makhmutov

#395482 отправлено Ajrat Makhmutov

#395218 отправлено Ajrat Makhmutov

#395219 отправлено Ajrat Makhmutov