Accepting request 936365 from mozilla:Factory

- Mozilla Thunderbird 91.4.0 * several fixes as outlined here https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes MFSA 2021-54 (bsc#1193485) * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43545 (bmo#1720926) Denial of Service when using the Location API in a loop * CVE-2021-43546 (bmo#1737751) Cursor spoofing could overlay user interface when native cursor is zoomed * CVE-2021-43528 (bmo#1742579) JavaScript unexpectedly enabled for the composition area * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, bmo#1737009, bmo#1739372, bmo#1739421) OBS-URL: https://build.opensuse.org/request/show/936365 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=268
2021-12-11 23:56:10 +00:00 · 2021-12-11 23:56:10 +00:00 · 0c16f1e785
commit 0c16f1e785
parent 3f64f2e29a a14190f4f1
9 changed files with 70 additions and 29 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,9 +1,51 @@
+-------------------------------------------------------------------
+Thu Dec  2 08:55:33 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 91.4.0
+  * several fixes as outlined here
+    https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
+  MFSA 2021-54 (bsc#1193485)
+  * CVE-2021-43536 (bmo#1730120)
+    URL leakage when navigating while executing asynchronous
+    function
+  * CVE-2021-43537 (bmo#1738237)
+    Heap buffer overflow when using structured clone
+  * CVE-2021-43538 (bmo#1739091)
+    Missing fullscreen and pointer lock notification when
+    requesting both
+  * CVE-2021-43539 (bmo#1739683)
+    GC rooting failure when calling wasm instance methods
+  * CVE-2021-43541 (bmo#1696685)
+    External protocol handler parameters were unescaped
+  * CVE-2021-43542 (bmo#1723281)
+    XMLHttpRequest error codes could have leaked the existence of
+    an external protocol handler
+  * CVE-2021-43543 (bmo#1738418)
+    Bypass of CSP sandbox directive when embedding
+  * CVE-2021-43545 (bmo#1720926)
+    Denial of Service when using the Location API in a loop
+  * CVE-2021-43546 (bmo#1737751)
+    Cursor spoofing could overlay user interface when native
+    cursor is zoomed
+  * CVE-2021-43528 (bmo#1742579)
+    JavaScript unexpectedly enabled for the composition area
+  * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
+    bmo#1737009, bmo#1739372, bmo#1739421)
+    Memory safety bugs fixed in Thunderbird 91.4.0
+
+-------------------------------------------------------------------
+Thu Nov 25 20:25:29 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Drop unused libidl-devel BuildRequires.
+
 -------------------------------------------------------------------
 Sat Nov 20 18:57:39 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>

 - Mozilla Thunderbird 91.3.2
  * Date selection in Calendar print settings widget changed to use
    mini calendar widget
+  * OpenPGP: Botan updated to 2.18.2; addresses CVE-2021-40529
+    boo#1189244
  * Bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.3.2/releasenotes/

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          91
-%define mainver        %major.3.2
-%define orig_version   91.3.2
+%define mainver        %major.4.0
+%define orig_version   91.4.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@ -104,7 +104,6 @@ BuildRequires:  ccache
 %endif
 BuildRequires:  libXcomposite-devel
 BuildRequires:  libcurl-devel
-BuildRequires:  libidl-devel
 BuildRequires:  mozilla-nspr-devel >= 4.32
 BuildRequires:  mozilla-nss-devel >= 3.68
 BuildRequires:  nasm >= 2.14
--- a/l10n-91.3.2.tar.xz
+++ b/l10n-91.3.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:82cbb3bb06cccec4ca961fa3b44f04900ca1274b1b58c3f75fa2a3a227c8821b
-size 28692036
--- a/l10n-91.4.0.tar.xz
+++ b/l10n-91.4.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9581d0d2100170cdd918fa986c72b5c52dc925f69dafb6cbd29d17a371cf644d
+size 28620444
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr91"
-VERSION="91.3.2"
+VERSION="91.4.0"
 VERSION_SUFFIX=""
-PREV_VERSION="91.3.1"
+PREV_VERSION="91.3.2"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
-RELEASE_TAG="c35def313c0c2bd0341e3e058f862f02390269c4"
-RELEASE_TIMESTAMP="20211117150618"
+RELEASE_TAG="ab6dfcf3a37bf53aac1a9d632d45ee51047050bb"
+RELEASE_TIMESTAMP="20211203141721"
--- a/thunderbird-91.3.2.source.tar.xz
+++ b/thunderbird-91.3.2.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:37bedce79458531ce55806b194669f6e270e4bc3b0fa0949577af1822e57b11d
-size 407454432
--- a/thunderbird-91.3.2.source.tar.xz.asc
+++ b/thunderbird-91.3.2.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGVfBkACgkQ6+QekPbx
-L22N/RAAiJ2VXte196UfW8kF4cb1iOqqs5Nx5X5eMUN7dP3/BzwQ4cEbPKUqOA6H
-7eY2ih4gdjS9Vso+ikP70bMTOyZf5yjL5wATvHuqIwtsx285eBreWOWdIQpaD20P
-dGMXMXuCyUsw1PKsv4AUfDFJJNBqWDaHgIXLyEeUFly3U4yCRYvrP3p/zvCz6A3O
-q54Qa9HANRyUfNirqXFVYrvPtNCTuR9sPRlXt6h48TICDHemca2mcI1M5ibzGye4
-FzL0YwbQHO05sCfavYqPQH5XI4Ml1duk8rJr0x0B7VbXzpFpjbGwBf1dniLe0dLD
-KHgN4p463ZWdpgshT9GPpMMaLJNkwRqt+Hdo1fP84NgMXZ7ISsEpwtTbhPdlOJTc
-PQ6/AImWDpLvkOtIR9kpOFywF/1m1/vc5sW2+gsXAMe+Ln7AUslG0oKQV+U1kGpM
-W3dAIYh0YGQYfeu+hVCqaikYvGibKdjb04KoG8FGqbwOhXa7EYbQIivflnxq6qgK
-bfBAJdDii2gWkjn0GHVL6tkG+BLR9bK/zDRxbQ4EntOX7WGb1gztXf+4lJf38x0Y
-z2oXKEL0Q9zlR0drNvEHSbzTb4gtrHMBOQSgssos9yRpGcv3dZrHUh6FYDUR/9FU
-vhiMN2NkaimExjKvETStxXt8aYduicfiPvH08FO4EONl34xwkM8=
-=FRQM
-----END PGP SIGNATURE-----
--- a/thunderbird-91.4.0.source.tar.xz
+++ b/thunderbird-91.4.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3cb5280b32e66e178f37fd1b57cc4390f2c986ea4162972cc277c45a253de1a6
+size 401512224
--- a/thunderbird-91.4.0.source.tar.xz.asc
+++ b/thunderbird-91.4.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGriOoACgkQ6+QekPbx
+L21RwA/+PMqc/8FZxCidkcU0mLyaYtngSqwtE9ghirZ2oJ/FbRdMreUiiJwgcuXi
+X5x9QeByiKWJxoVBS+DrSDbUV3X9+BmstTX0RvMyVqKnWw1GQLBY49II1CY3PM3y
+L0Y+vtUGDXpL4v/M2f6KIQsQKe0q2Sucozt9MNZKfdQtqKAJXWTVsx7nxKfzrrQm
+hEfLsRwHJtDVBQmh7Cij+96NxRnw+gdmca5PXuqajiUV5ZAl/LyfyxHZ56Figg07
+R0I3UjQekaWK10KtiM9cH4drCnGWsM/ihjutbtKGG4tOKraWkfe3P/pPEiGNjh9T
+rs3+yhkPbHn5bGX2n186ZJt1u/5vSF6nkkcj0Oagek9dHxl+yJM89vk0Uluiu4V/
+HLKTgoTfFOHYv9rLodL8/cm7Z7BmeSzJwYffuEPU46J/rzsBR3SeLUtwOd5R594/
+L60K0Dyo7d/bftuOwtT6jdaPk7Qc5IlSCpq520fLLzJPYIUScnEiwwZJH2ZLHP88
+rDRWT1Nv6omRVaXSv0zU9B8fXQr6TX+yAFe0kQW1a9JBhJDJCxu9QeIHEX26BC+F
+lyBAVlTbhlVaFQVJUSGq2rjGYGny2c9zUJ7c/oDGaDGKXSsgyRXgvGOKqIw1+cFo
+S/5pPa6yeCWtoO4yk1Cw2Ybk/EIA52DlON/3DGtxi5eYtvWDiis=
+=QIzD
+-----END PGP SIGNATURE-----