Accepting request 929062 from mozilla:Factory
- Mozilla Thunderbird 91.3.0
* several fixes as outlined here
https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
MFSA 2021-50 (bsc#1192250)
* CVE-2021-38503 (bmo#1729517)
iframe sandbox rules did not apply to XSLT stylesheets
* CVE-2021-38504 (bmo#1730156)
Use-after-free in file picker dialog
* CVE-2021-38505 (bmo#1730194)
Windows 10 Cloud Clipboard may have recorded sensitive user data
* CVE-2021-38506 (bmo#1730750)
Thunderbird could be coaxed into going into fullscreen mode
without notification or warning
* CVE-2021-38507 (bmo#1730935)
Opportunistic Encryption in HTTP2 could be used to bypass the
Same-Origin-Policy on services hosted on other ports
* MOZ-2021-0008 (bmo#1667102)
Use-after-free in HTTP2 Session object
* CVE-2021-38508 (bmo#1366818)
Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
* CVE-2021-38509 (bmo#1718571)
Javascript alert box could have been spoofed onto an
arbitrary domain
* CVE-2021-38510 (bmo#1731779)
Download Protections were bypassed by .inetloc files on Mac OS
* MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
bmo#1735152)
Memory safety bugs fixed in Thunderbird ESR 91.3
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
OBS-URL: https://build.opensuse.org/request/show/929062
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=266
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
0925e9ee97
@ -1,3 +1,37 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Oct 31 17:49:23 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
|
||||
- Mozilla Thunderbird 91.3.0
|
||||
* several fixes as outlined here
|
||||
https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
|
||||
MFSA 2021-50 (bsc#1192250)
|
||||
* CVE-2021-38503 (bmo#1729517)
|
||||
iframe sandbox rules did not apply to XSLT stylesheets
|
||||
* CVE-2021-38504 (bmo#1730156)
|
||||
Use-after-free in file picker dialog
|
||||
* CVE-2021-38505 (bmo#1730194)
|
||||
Windows 10 Cloud Clipboard may have recorded sensitive user data
|
||||
* CVE-2021-38506 (bmo#1730750)
|
||||
Thunderbird could be coaxed into going into fullscreen mode
|
||||
without notification or warning
|
||||
* CVE-2021-38507 (bmo#1730935)
|
||||
Opportunistic Encryption in HTTP2 could be used to bypass the
|
||||
Same-Origin-Policy on services hosted on other ports
|
||||
* MOZ-2021-0008 (bmo#1667102)
|
||||
Use-after-free in HTTP2 Session object
|
||||
* CVE-2021-38508 (bmo#1366818)
|
||||
Permission Prompt could be overlaid, resulting in user
|
||||
confusion and potential spoofing
|
||||
* CVE-2021-38509 (bmo#1718571)
|
||||
Javascript alert box could have been spoofed onto an
|
||||
arbitrary domain
|
||||
* CVE-2021-38510 (bmo#1731779)
|
||||
Download Protections were bypassed by .inetloc files on Mac OS
|
||||
* MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
|
||||
bmo#1735152)
|
||||
Memory safety bugs fixed in Thunderbird ESR 91.3
|
||||
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 22 21:27:02 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
|
||||
|
||||
@ -26,8 +26,8 @@
|
||||
# major 69
|
||||
# mainver %major.99
|
||||
%define major 91
|
||||
%define mainver %major.2.1
|
||||
%define orig_version 91.2.1
|
||||
%define mainver %major.3.0
|
||||
%define orig_version 91.3.0
|
||||
%define orig_suffix %{nil}
|
||||
%define update_channel release
|
||||
%define source_prefix thunderbird-%{orig_version}
|
||||
@ -134,7 +134,6 @@ BuildRequires: clang6-devel
|
||||
%else
|
||||
BuildRequires: clang-devel >= 5
|
||||
%endif
|
||||
BuildRequires: pkgconfig(gdk-x11-2.0)
|
||||
BuildRequires: pkgconfig(glib-2.0) >= 2.22
|
||||
BuildRequires: pkgconfig(gobject-2.0)
|
||||
BuildRequires: pkgconfig(gtk+-3.0) >= 3.14.0
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f8cfd9fb8189a656d319c5004f42484e7a701257817049d9e6840621fd9b1203
|
||||
size 28636552
|
||||
3
l10n-91.3.0.tar.xz
Normal file
3
l10n-91.3.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d59cdda3c56dd241265b4f8578e07113bca717fb3da4d9d117c000dc6c0fbffe
|
||||
size 28724504
|
||||
@ -7,7 +7,7 @@ bsc#1174284 - Firefox tab just crashed in FIPS mode
|
||||
diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
|
||||
--- a/security/sandbox/linux/Sandbox.cpp
|
||||
+++ b/security/sandbox/linux/Sandbox.cpp
|
||||
@@ -647,16 +647,17 @@ void SetMediaPluginSandbox(const char* a
|
||||
@@ -650,16 +650,17 @@ void SetMediaPluginSandbox(const char* a
|
||||
SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
|
||||
strerror(errno));
|
||||
MOZ_CRASH("failed while trying to open the plugin file ");
|
||||
@ -15,8 +15,8 @@ diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox
|
||||
|
||||
auto files = new SandboxOpenedFiles();
|
||||
files->Add(std::move(plugin));
|
||||
files->Add("/dev/urandom", true);
|
||||
+ files->Add("/dev/random", true);
|
||||
files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
|
||||
+ files->Add("/dev/random", SandboxOpenedFile::Dup::YES);
|
||||
files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey.
|
||||
files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
|
||||
files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
|
||||
@ -28,7 +28,7 @@ diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox
|
||||
diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
|
||||
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
|
||||
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
|
||||
@@ -308,16 +308,18 @@ void SandboxBrokerPolicyFactory::InitCon
|
||||
@@ -315,16 +315,18 @@ void SandboxBrokerPolicyFactory::InitCon
|
||||
policy->AddDir(rdwr, "/dev/dri");
|
||||
}
|
||||
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
PRODUCT="thunderbird"
|
||||
CHANNEL="esr91"
|
||||
VERSION="91.2.0"
|
||||
VERSION="91.3.0"
|
||||
VERSION_SUFFIX=""
|
||||
PREV_VERSION="91.1.2"
|
||||
PREV_VERSION="91.2.1"
|
||||
PREV_VERSION_SUFFIX=""
|
||||
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
|
||||
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
|
||||
RELEASE_TAG="70572101c3d1709979b8c3e318b7f5449229a37d"
|
||||
RELEASE_TIMESTAMP="20211004152603"
|
||||
RELEASE_TAG="bea1eb4e98a3aa0624fcf83d4ddb32855e9563f8"
|
||||
RELEASE_TIMESTAMP="20211101223011"
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:425dacc0ae227a4209b77daf674b33295262f2ecf36022216cd07724954e9e6d
|
||||
size 405405688
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmFvlyMACgkQ6+QekPbx
|
||||
L212GRAArUXsgwb8krkx/Kv4jNM5lQjNqkHJ8DKkXBX/CGBX6rui/6xetLJFFzJo
|
||||
h+KmfCa7/Bl4KJk0+IKCNI53SvLAvgc4LJME2ohLrD2k/IJ8t1HI6XeHpDV18nTL
|
||||
LRWs+6vq61fTunxJahRHe20dmUT4unGEp30LS7Y9K4EYNRBNTBEwBoFRzDKQTYdL
|
||||
Z6MQd5qttutSPRB46zDOEmYmXze7eJPiVcdaGwFCbKyvtUfw7ZKXDUkjpMtmwk1d
|
||||
C1+bA5Dio9kHoQdSvP/d53MnY8iEdXs66lUektpKHs2730xrnAKHg3rBCXzj+Sos
|
||||
X68X50zzz2K6l1/WTQQilFaHT74Yb3KTU/c6RrwADqHxZzS+9AEBe2Kj3z8OdLxv
|
||||
PsQ8uBH2/fFpugYaSzOCCnQUTAAc6I3Ycnf53OQ6KrgUcn2TPu2bzG4TblnTpXm6
|
||||
lrf9jRM99VH6smRsYesPX8nGO2/FVVdrixAt3AoNvcX+kiBnggGgI6ac29b/Vl+i
|
||||
myAlwDovnkP8GhXDI6QkmuDPQyveHjHqDzxAfmEfZG8HscPLBrkrTTtggqg3GveH
|
||||
pOwACu3vdEX/43gJUVMa/1SPKjsGIPaSwsoQ8q18mRZWEUTIV7VX9K2zvKUcFYYw
|
||||
CrAatZDl7SX9uxCJLZfM5kDTp/eqRfFBOtftCcz3EKw3+MpRM3g=
|
||||
=k1/A
|
||||
-----END PGP SIGNATURE-----
|
||||
3
thunderbird-91.3.0.source.tar.xz
Normal file
3
thunderbird-91.3.0.source.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d3abcf55637fb21bd9d68a19c01780edd82e6e72b5e850b31de186dddc2708ad
|
||||
size 403256924
|
||||
16
thunderbird-91.3.0.source.tar.xz.asc
Normal file
16
thunderbird-91.3.0.source.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGAgroACgkQ6+QekPbx
|
||||
L21ZZQ//brfDAZXT1JRf4+xmSD6kehieNhNXInTnXTrq8ksSdoU18F6++8t0A5W0
|
||||
WnpXZgAMSCJ9z0pcXPjwzvJp+einQKXY4Y2tFHaaxdDrdwWy2OltZ5icbGB5xxZo
|
||||
9Rh5PQKYPp1uHVp/OHlGfoOg0DymS+cjlesk4ks0neQ059P1AC+JR449/QvF6gVr
|
||||
dQEBOu9zTWePV+UhldD/zNmjB2eQPnlDVEPkiWBWEnVg215T8j4o4itXAqxppj37
|
||||
BYvi7M+EtS9QNiiSbWFFHh7Vn2NtBxRzZ8nFD0ja5K+A5N9klIMwqtT2/Vv7XBog
|
||||
3/201rK7kc/7shJCmwQJ+WC7K3OzUyvxEi3gLgQ/EFWSGRvV0W6N1cIvir9B4MpW
|
||||
vPmP6Whm7Pxd/L4m4AyCJcO8CmprDHouUQFVjD05GJPX8y568pyH1uA9Bc4qWjAg
|
||||
s7Vfo8OqsNt684Gi+PkeOlnEg4A6VeVnfp6wLiJNjLKevIh+9tGsY2dH6K0+OCi/
|
||||
2KBUXxM+2CbI8cLGauVHjbtNE7TPA4prnn3/wiKhKCPpGo2zvJYYplEjshGnKeeM
|
||||
+f+OW69zMrWfhO6O/c7ehhvc8kXLpI11YbOHlJCaymvtnyOff9BSkWbLb7RhrZdz
|
||||
I047XWFvSHzezg6ylijeVU+DCGhvBaV7Oc5Dufs5nMs9J3HD9Ic=
|
||||
=uozt
|
||||
-----END PGP SIGNATURE-----
|
||||
Loading…
Reference in New Issue
Block a user