diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 49e2f2d..1eee8fd 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Sat Mar 14 13:16:23 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Thunderbird 68.6.0 + MFSA 2020-10 (bsc#1166238) + * CVE-2020-6805 (bmo#1610880) + Use-after-free when removing data about origins + * CVE-2020-6806 (bmo#1612308) + BodyStream::OnInputStreamReady was missing protections against + state confusion + * CVE-2020-6807 (bmo#1614971) + Use-after-free in cubeb during stream destruction + * CVE-2020-6811 (bmo#1607742) + Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to command injection + * CVE-2019-20503 (bmo#1613765) + Out of bounds reads in sctp_load_addresses_from_init + * CVE-2020-6812 (bmo#1616661) + The names of AirPods with personally identifiable information + were exposed to websites with camera or microphone permission + * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636, + bmo#1614339) + Memory safety bugs fixed in Thunderbird 68.6 +- requires NSS >= 3.44.3 + ------------------------------------------------------------------- Mon Feb 10 21:55:19 UTC 2020 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 983269f..26060cc 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 68 -%define mainver %major.5.0 -%define orig_version 68.5.0 +%define mainver %major.6.0 +%define orig_version 68.6.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{mainver} @@ -77,7 +77,7 @@ BuildRequires: libidl-devel BuildRequires: libnotify-devel BuildRequires: memory-constraints BuildRequires: mozilla-nspr-devel >= 4.21 -BuildRequires: mozilla-nss-devel >= 3.44.1 +BuildRequires: mozilla-nss-devel >= 3.44.3 BuildRequires: nasm >= 2.13 BuildRequires: nodejs8 >= 8.11 BuildRequires: python-devel diff --git a/l10n-68.5.0.tar.xz b/l10n-68.5.0.tar.xz deleted file mode 100644 index 65f68c0..0000000 --- a/l10n-68.5.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a6f99cc36d8d3cbf7b09264dcf5bfa07ed034a1d5be9c382135fe0b2b40015b7 -size 28513256 diff --git a/l10n-68.6.0.tar.xz b/l10n-68.6.0.tar.xz new file mode 100644 index 0000000..e9aa98f --- /dev/null +++ b/l10n-68.6.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8be406890885e5af55a044919e2502db2e877882870b95baeec0d06562d9f50a +size 28509340 diff --git a/tar_stamps b/tar_stamps index 8a07d23..71c1924 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr68" -VERSION="68.5.0" +VERSION="68.6.0" VERSION_SUFFIX="" -PREV_VERSION="68.4.2" +PREV_VERSION="68.5.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68" -RELEASE_TAG="c25a4ce1e7569bddaafbdbc8ff09de82d852303a" -RELEASE_TIMESTAMP="20200210021033" +RELEASE_TAG="5b1af38dba8628ef5ff2c395dc62fb10d52aa012" +RELEASE_TIMESTAMP="20200310192757" diff --git a/thunderbird-68.5.0.source.tar.xz b/thunderbird-68.5.0.source.tar.xz deleted file mode 100644 index 1830470..0000000 --- a/thunderbird-68.5.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8b2c02a08c7f6e20e141461710dcd442426fd875c44d39d9b369eb82d965026d -size 331328840 diff --git a/thunderbird-68.5.0.source.tar.xz.asc b/thunderbird-68.5.0.source.tar.xz.asc deleted file mode 100644 index b6c6b4d..0000000 --- a/thunderbird-68.5.0.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl5BGJgACgkQ8aZmj7t9 -Vy40uQ//WyoIWHRofidun8Wn28iieFu/wI6791yr+aWMNnjzrdJJk2mK67nUVLJh -4coZ1moTVMGiBCnZ/sLXxi9sA5ywGxEGeTbKDBzIGosMlexCWvqkFUOuEl7qSh4U -bPanDYFOpwiNQ648CtSYuuOfpb+BCorY9gZGXGJUz7VEWbQs0EOk7Y45h9vLrT9D -Q3kMESli5Xg+JjSjdEwzxFUvsf+tzvXlKyFBWCDn+Kv1D7j+EkmieUknBV2pCeqP -OkG4JiEY7dRB4p5pLX2mWe9e566WzAZTJNc8LKn7j7J3BjbUEH0tv/InYHQx1Rhu -urOMGoQ2JjkNJRf6ihSeMj9WqbonqLljAHihuis/ORkVcjSjLdUUBFex+XyXjsXG -3fNGdW3hImEdb4d6RMP/iUOCv+HAuUe6MzfxV+XGtfLCD89bCb5oV0rB77h27bwZ -hvr7D7bzydsCF4sD2XGFugt3Xh1Llt80GlNdc6IiqEV3sqKJBFYq7TxJFKQjOoW8 -59pvmUTxJiZgvcwprmPsBbFdDy2vGThX35g8fZkKqf8U3ukrF7v5+Q5VeDAOYEhY -JVeOPEEOhOoI79XdmAKdEtrGlYGBDvKkdn/KuwQF/jWqDjJ1fiZ3d0UGWsPRPWfK -hz3thIYeVkyNmDQrCSma/N4IJBKq3tdkDFaow98stQuekcV2OBc= -=qJ0M ------END PGP SIGNATURE----- diff --git a/thunderbird-68.6.0.source.tar.xz b/thunderbird-68.6.0.source.tar.xz new file mode 100644 index 0000000..aa5accd --- /dev/null +++ b/thunderbird-68.6.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4e3b8fdcfae12e7d49232a9c324e82d47ed94b371031f31baf69b2f7c2fb5b51 +size 339643212 diff --git a/thunderbird-68.6.0.source.tar.xz.asc b/thunderbird-68.6.0.source.tar.xz.asc new file mode 100644 index 0000000..c8adbea --- /dev/null +++ b/thunderbird-68.6.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl5oAY8ACgkQ8aZmj7t9 +Vy4asQ/+PcLQFYT/fLT4zY4aBkzo4pULKtjXD7bL10rnHGBqo73XZRKfAh/A35Uz +derK7MMfkebF1loM3XOHOFFOtcaRDgiK8+gC62llip3oOICZlK0Vj3T4EiqtrE9Q +4QfLwfghbSaNKHYz8zUBBlWA8YHI7lcH5y+4U31D3R1ObWTGDabJFNDnJ4cchUVO +DpBoFxPs62f/BSe2MoSHZty/9p2XHw+ReNN/IA1sTVpuHAxnk+z9DmlYsGDSJ06b +6eb253dafSyRf/djQbeKruLIwisQc4JHbewL5Vu5bqlEDTR+a32g7eK8S/6EU4qn +xH5SuL4NPvfUy/4QQ9hd4hAmGE249kWstoLY4CwYsHa9kEGgTFztmGdRjqJ5XzjL +k9j/ZnDEu4TiLsrgTVesOIintSuAfSS4jl/BY3tZo0W5h9WyrhfiM7Ax3G3CVMRu +a2lzCRD6uY8R7KvV/KVu7ofE/ZOrh+XG+WGyRrNxLvHxiPAqIKEWZjsG18EulMd/ +mT/fXRbKA/vd1Ma0z7yszQDxBwhEW2R8v416YO56kegeCu37Lt/H2Y7CLZOXnzEy +cNqK2GuzVOOSNW/uqJfnLhXK+SlaApVukK2/UV9qfr7g3F6i6wlSJRWLz3Fl2BSW +LANBCkCaKdH5JN8zdZEEwXMRFY9S/lVKmIkfhXZoKFsR/y3QJS8= +=m6Zj +-----END PGP SIGNATURE-----