MozillaThunderbird/tar_stamps

PRODUCT="thunderbird"
CHANNEL="esr78"
VERSION="78.7.0"
VERSION_SUFFIX=""
PREV_VERSION="78.6.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78"
RELEASE_TAG="d4c4077a3ef9b3221984f2d0b42f1d96c35776e8"
RELEASE_TIMESTAMP="20210126033722"
- Mozilla Thunderbird 68.1.0 add-on is required for this account type. IMAP still exists as alternative. * several bugfixes MFSA 2019-30 * CVE-2019-11739 (bmo#1571481) Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-11743 (bmo#1560495) Cross-origin access to unload event attributes * CVE-2019-11740 (bmo#1563133,bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 - removed upstreamed fix-build-after-y2038-changes-in-glibc.patch - added thunderbird-locale-build.patch to fix locale build - Add -L flag to the stat call for checking file size of %{SOURCE4}. - Add fix-missing-return-warning.patch to silence a compiler warning. - Mozilla Thunderbird 68.0 * based on Firefox ESR 68 * File link attachments can now be linked to again instead of OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483 2019-09-13 22:15:12 +02:00			`PRODUCT="thunderbird"`
- Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120) - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 (bmo#1641487) Download origin spoofing via redirect * CVE-2020-15676 (bmo#1646140) XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 (bmo#1660211) When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 (bmo#1648493, bmo#1660800) Memory safety bugs fixed in Thunderbird 78.3 - requires NSPR >= 4.25.1 - removed obsolete thunderbird-bmo1664607.patch - Mozilla Thunderbird 78.2.2 https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes - added thunderbird-bmo1664607.patch required for builds w/o updater (boo#1176384) - Mozilla Thunderbird 78.2.1 * based on Mozilla's 78 ESR codebase * many new and changed features https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew * built-in OpenPGP support (enigmail neither required nor supported) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=549 2020-09-25 08:32:50 +02:00			`CHANNEL="esr78"`
- Mozilla Thunderbird 78.7.0 MFSA 2021-05 (bsc#1181414) * CVE-2021-23953 (bmo#1683940) Cross-origin information leakage via redirected PDF requests * CVE-2021-23954 (bmo#1684020) Type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-15685 (bmo#1622640) IMAP Response Injection when using STARTTLS * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960 (bmo#1675755) Use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736, bmo#1685260, bmo#1685925) Memory safety bugs fixed in Thunderbird 78.7 - MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer rpm versions in TW remove everything there as the first action of %install OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=574 2021-01-26 22:46:33 +01:00			`VERSION="78.7.0"`
- Mozilla Thunderbird 68.1.0 add-on is required for this account type. IMAP still exists as alternative. * several bugfixes MFSA 2019-30 * CVE-2019-11739 (bmo#1571481) Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-11743 (bmo#1560495) Cross-origin access to unload event attributes * CVE-2019-11740 (bmo#1563133,bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 - removed upstreamed fix-build-after-y2038-changes-in-glibc.patch - added thunderbird-locale-build.patch to fix locale build - Add -L flag to the stat call for checking file size of %{SOURCE4}. - Add fix-missing-return-warning.patch to silence a compiler warning. - Mozilla Thunderbird 68.0 * based on Firefox ESR 68 * File link attachments can now be linked to again instead of OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483 2019-09-13 22:15:12 +02:00			`VERSION_SUFFIX=""`
- Mozilla Thunderbird 78.7.0 MFSA 2021-05 (bsc#1181414) * CVE-2021-23953 (bmo#1683940) Cross-origin information leakage via redirected PDF requests * CVE-2021-23954 (bmo#1684020) Type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-15685 (bmo#1622640) IMAP Response Injection when using STARTTLS * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960 (bmo#1675755) Use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736, bmo#1685260, bmo#1685925) Memory safety bugs fixed in Thunderbird 78.7 - MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer rpm versions in TW remove everything there as the first action of %install OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=574 2021-01-26 22:46:33 +01:00			`PREV_VERSION="78.6.1"`
- Mozilla Thunderbird 68.1.0 add-on is required for this account type. IMAP still exists as alternative. * several bugfixes MFSA 2019-30 * CVE-2019-11739 (bmo#1571481) Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-11743 (bmo#1560495) Cross-origin access to unload event attributes * CVE-2019-11740 (bmo#1563133,bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 - removed upstreamed fix-build-after-y2038-changes-in-glibc.patch - added thunderbird-locale-build.patch to fix locale build - Add -L flag to the stat call for checking file size of %{SOURCE4}. - Add fix-missing-return-warning.patch to silence a compiler warning. - Mozilla Thunderbird 68.0 * based on Firefox ESR 68 * File link attachments can now be linked to again instead of OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483 2019-09-13 22:15:12 +02:00			`PREV_VERSION_SUFFIX=""`
			`#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation`
- Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120) - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 (bmo#1641487) Download origin spoofing via redirect * CVE-2020-15676 (bmo#1646140) XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 (bmo#1660211) When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 (bmo#1648493, bmo#1660800) Memory safety bugs fixed in Thunderbird 78.3 - requires NSPR >= 4.25.1 - removed obsolete thunderbird-bmo1664607.patch - Mozilla Thunderbird 78.2.2 https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes - added thunderbird-bmo1664607.patch required for builds w/o updater (boo#1176384) - Mozilla Thunderbird 78.2.1 * based on Mozilla's 78 ESR codebase * many new and changed features https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew * built-in OpenPGP support (enigmail neither required nor supported) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=549 2020-09-25 08:32:50 +02:00			`RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78"`
- Mozilla Thunderbird 78.7.0 MFSA 2021-05 (bsc#1181414) * CVE-2021-23953 (bmo#1683940) Cross-origin information leakage via redirected PDF requests * CVE-2021-23954 (bmo#1684020) Type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-15685 (bmo#1622640) IMAP Response Injection when using STARTTLS * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960 (bmo#1675755) Use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736, bmo#1685260, bmo#1685925) Memory safety bugs fixed in Thunderbird 78.7 - MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer rpm versions in TW remove everything there as the first action of %install OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=574 2021-01-26 22:46:33 +01:00			`RELEASE_TAG="d4c4077a3ef9b3221984f2d0b42f1d96c35776e8"`
			`RELEASE_TIMESTAMP="20210126033722"`