- Mozilla Thunderbird 102.6.0
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/ MFSA 2022-53 (bsc#1206242) * CVE-2022-46880 (bmo#1749292) Use-after-free in WebGL * CVE-2022-46872 (bmo#1799156) Arbitrary file read from a compromised content process * CVE-2022-46881 (bmo#1770930) Memory corruption in WebGL * CVE-2022-46874 (bmo#1746139) Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46875 (bmo#1786188) Download Protections were bypassed by .atloc and .ftploc files on Mac OS * CVE-2022-46882 (bmo#1789371) Use-after-free in WebGL * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685, bmo#1801102, bmo#1801315, bmo#1802395) Memory safety bugs fixed in Thunderbird 102.6 - removed obsolete patches mozilla-newer-cbindgen.patch mozilla-glibc236.patch OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=680
This commit is contained in:
parent
8e5a394a01
commit
16ebad9cce
@ -1,3 +1,30 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 13 13:49:09 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
|
||||
- Mozilla Thunderbird 102.6.0
|
||||
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
|
||||
MFSA 2022-53 (bsc#1206242)
|
||||
* CVE-2022-46880 (bmo#1749292)
|
||||
Use-after-free in WebGL
|
||||
* CVE-2022-46872 (bmo#1799156)
|
||||
Arbitrary file read from a compromised content process
|
||||
* CVE-2022-46881 (bmo#1770930)
|
||||
Memory corruption in WebGL
|
||||
* CVE-2022-46874 (bmo#1746139)
|
||||
Drag and Dropped Filenames could have been truncated to
|
||||
malicious extensions
|
||||
* CVE-2022-46875 (bmo#1786188)
|
||||
Download Protections were bypassed by .atloc and .ftploc
|
||||
files on Mac OS
|
||||
* CVE-2022-46882 (bmo#1789371)
|
||||
Use-after-free in WebGL
|
||||
* CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
|
||||
bmo#1801102, bmo#1801315, bmo#1802395)
|
||||
Memory safety bugs fixed in Thunderbird 102.6
|
||||
- removed obsolete patches
|
||||
mozilla-newer-cbindgen.patch
|
||||
mozilla-glibc236.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 30 20:49:28 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
|
||||
|
@ -29,8 +29,8 @@
|
||||
# major 69
|
||||
# mainver %major.99
|
||||
%define major 102
|
||||
%define mainver %major.5.1
|
||||
%define orig_version 102.5.1
|
||||
%define mainver %major.6.0
|
||||
%define orig_version 102.6.0
|
||||
%define orig_suffix %{nil}
|
||||
%define update_channel release
|
||||
%define source_prefix thunderbird-%{orig_version}
|
||||
@ -206,8 +206,6 @@ Patch19: mozilla-silence-no-return-type.patch
|
||||
Patch20: mozilla-bmo531915.patch
|
||||
Patch21: one_swizzle_to_rule_them_all.patch
|
||||
Patch22: svg-rendering.patch
|
||||
Patch23: mozilla-newer-cbindgen.patch
|
||||
Patch24: mozilla-glibc236.patch
|
||||
%endif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: /bin/sh
|
||||
@ -296,8 +294,6 @@ fi
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%endif
|
||||
|
||||
%build
|
||||
|
@ -1,101 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Mike Hommey <mh+mozilla@glandium.org>
|
||||
# Date 1660077764 0
|
||||
# Node ID 970ebbe54477a0e518bfee8aeddf487ad9bd4365
|
||||
# Parent caca601f2f5e87dd660434f3db2156e950151adb
|
||||
Bug 1782988 - Avoid build bustage when building against glibc 2.36 or newer. r=RyanVM
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D153716
|
||||
|
||||
diff --git a/ipc/chromium/src/third_party/libevent/README.mozilla b/ipc/chromium/src/third_party/libevent/README.mozilla
|
||||
--- a/ipc/chromium/src/third_party/libevent/README.mozilla
|
||||
+++ b/ipc/chromium/src/third_party/libevent/README.mozilla
|
||||
@@ -17,11 +17,15 @@ evconfig-private.h can be found in the r
|
||||
|
||||
You then need to modify the EVENT__SIZEOF_* constants in the generated Linux,
|
||||
Android, and BSD headers to be appropriate for both 32-bit and 64-bit platforms.
|
||||
Mac doesn't need this since only 64-bit is supported. Use __LP64__ to
|
||||
distinguish the two cases. If you get something wrong, the CHECK_EVENT_SIZEOF
|
||||
static assertions in message_pump_libevent.cc will fail. If a new constant is
|
||||
added, also add a static assertion for it to message_pump_libevent.cc.
|
||||
|
||||
+You also need to modify the EVENT__HAVE_ARC4RANDOM and EVENT__HAVE_ARC4RANDOM_BUF
|
||||
+constants in the generated Linux header to account for the results of the arc4random
|
||||
+and arc4random_buf configure checks.
|
||||
+
|
||||
2. No additional patches are needed at this time, but be careful to avoid
|
||||
clobbering changes to the various event-config.h files which have been customized
|
||||
over time to avoid various build bustages.
|
||||
diff --git a/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h b/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h
|
||||
--- a/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h
|
||||
+++ b/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h
|
||||
@@ -24,24 +24,28 @@
|
||||
/* #undef EVENT__DISABLE_THREAD_SUPPORT */
|
||||
|
||||
/* Define to 1 if you have the `accept4' function. */
|
||||
#define EVENT__HAVE_ACCEPT4 1
|
||||
|
||||
/* Define to 1 if you have the <afunix.h> header file. */
|
||||
/* #undef EVENT__HAVE_AFUNIX_H 1 */
|
||||
|
||||
+#ifdef HAVE_ARC4RANDOM
|
||||
/* Define to 1 if you have the `arc4random' function. */
|
||||
-/* #undef EVENT__HAVE_ARC4RANDOM */
|
||||
+#define EVENT__HAVE_ARC4RANDOM 1
|
||||
+#endif
|
||||
|
||||
/* Define to 1 if you have the `arc4random_addrandom' function. */
|
||||
/* #undef EVENT__HAVE_ARC4RANDOM_ADDRANDOM */
|
||||
|
||||
+#ifdef HAVE_ARC4RANDOM_BUF
|
||||
/* Define to 1 if you have the `arc4random_buf' function. */
|
||||
-/* #undef EVENT__HAVE_ARC4RANDOM_BUF */
|
||||
+#define EVENT__HAVE_ARC4RANDOM_BUF 1
|
||||
+#endif
|
||||
|
||||
/* Define to 1 if you have the <arpa/inet.h> header file. */
|
||||
#define EVENT__HAVE_ARPA_INET_H 1
|
||||
|
||||
/* Define to 1 if you have the `clock_gettime' function. */
|
||||
#define EVENT__HAVE_CLOCK_GETTIME 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `CTL_KERN', and to 0 if you
|
||||
|
||||
|
||||
# HG changeset patch
|
||||
# User Mike Hommey <mh+mozilla@glandium.org>
|
||||
# Date 1660077764 0
|
||||
# Node ID a61813bd9f0a0048b84a2c56a77a06eb5e269ab2
|
||||
# Parent 970ebbe54477a0e518bfee8aeddf487ad9bd4365
|
||||
Bug 1782988 - Fix use of arc4random_buf use in ping.cpp. r=gsvelto
|
||||
|
||||
The code was probably never built before glibc 2.36, because before
|
||||
that, only Android and some BSDs had arc4random_buf, but none of those
|
||||
actually built this code.
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D154024
|
||||
|
||||
diff --git a/toolkit/crashreporter/client/ping.cpp b/toolkit/crashreporter/client/ping.cpp
|
||||
--- a/toolkit/crashreporter/client/ping.cpp
|
||||
+++ b/toolkit/crashreporter/client/ping.cpp
|
||||
@@ -48,17 +48,17 @@ static string GenerateUUID() {
|
||||
return "";
|
||||
}
|
||||
|
||||
CFUUIDBytes bytes = CFUUIDGetUUIDBytes(uuid);
|
||||
memcpy(&id, &bytes, sizeof(UUID));
|
||||
|
||||
CFRelease(uuid);
|
||||
#elif defined(HAVE_ARC4RANDOM_BUF) // Android, BSD, ...
|
||||
- arc4random_buf(id, sizeof(UUID));
|
||||
+ arc4random_buf(&id, sizeof(UUID));
|
||||
#else // Linux
|
||||
int fd = open("/dev/urandom", O_RDONLY);
|
||||
|
||||
if (fd == -1) {
|
||||
return "";
|
||||
}
|
||||
|
||||
if (read(fd, &id, sizeof(UUID)) != sizeof(UUID)) {
|
||||
|
@ -1,18 +0,0 @@
|
||||
Description: Remove an extra constant definition that is now being generated by newer versions of cbindgen (0.24), and causing build failures because it is defined in several places.
|
||||
Author: Olivier Tilloy <olivier.tilloy@canonical.com>
|
||||
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1773259
|
||||
Forwarded: not-needed
|
||||
|
||||
diff --git a/gfx/webrender_bindings/webrender_ffi.h b/gfx/webrender_bindings/webrender_ffi.h
|
||||
index b1d67b1..eb79974 100644
|
||||
--- a/gfx/webrender_bindings/webrender_ffi.h
|
||||
+++ b/gfx/webrender_bindings/webrender_ffi.h
|
||||
@@ -73,8 +73,6 @@ struct WrPipelineInfo;
|
||||
struct WrPipelineIdAndEpoch;
|
||||
using WrPipelineIdEpochs = nsTArray<WrPipelineIdAndEpoch>;
|
||||
|
||||
-const uint64_t ROOT_CLIP_CHAIN = ~0;
|
||||
-
|
||||
} // namespace wr
|
||||
} // namespace mozilla
|
||||
|
@ -1,10 +1,10 @@
|
||||
PRODUCT="thunderbird"
|
||||
CHANNEL="esr102"
|
||||
VERSION="102.5.1"
|
||||
VERSION="102.6.0"
|
||||
VERSION_SUFFIX=""
|
||||
PREV_VERSION="102.5.0"
|
||||
PREV_VERSION="102.5.1"
|
||||
PREV_VERSION_SUFFIX=""
|
||||
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
|
||||
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"
|
||||
RELEASE_TAG="bbf216e50e6a8cb4362b2b77feeb8ca4a1d78914"
|
||||
RELEASE_TIMESTAMP="20221129154640"
|
||||
RELEASE_TAG="563cc2baf242975fda41000da903db513713dc65"
|
||||
RELEASE_TIMESTAMP="20221208182320"
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d8de843fffcd10b23c348c5726bff7215c983220ab9e63a5eb7e25aa33901528
|
||||
size 509550884
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmOGQ1QACgkQ6+QekPbx
|
||||
L21k3RAAodADilQf37+PPu3LWF4xyPgpwfnPct27TsZF2+8hDDgkxBLFfKVHhjmD
|
||||
w2KWN+rwTxhCtwZ8KUZUjCR2BJoyJh/oYuMDrCSdmRey+SzAr1vwqWi2CqJmJ4gO
|
||||
8zDyixKgnrkkG1XLEVzIbPOCaudI/VLSfPgjN7ILOoHaUQnFjoVc6SLlU8qWJ7MB
|
||||
UBrq7oPeu+lpDEYJGbq0ugULCi+Z2iRp9TTqreqlSdxRfF2IntmCjg+oSzUS8UuZ
|
||||
7zUhuxXsB9WB9z3aK96v20mCXlgZCRMbM9sfEtxG3/YgMLdsWbIpxwu3F/LW1Yoe
|
||||
hQ2VT0LK6RqTdjsgpXFDy/4PGNEnSjROYJG4Ao2eEzJDbkj34JA/8ZZqhUGcinUT
|
||||
r/WBmTjHv3Jh9ysG7JxXE45+RAXFORMrnJbUZyggIV3wx1CLzU47JTL29rehFCwC
|
||||
0KkBM1L5tvaRJAzXVjWMBHEyrUPolE7oNktZcCWPtj2GwllEJJ5/hUDXeRa75HfH
|
||||
oe1Xi3G3ZiCrZ5KEN04/JeBkK1NRP68P21MwheVjp/yi18QK6aOupn3svYneyCVr
|
||||
yOQ9l9xcg6a/7UbtCFiHWf3shrByeqzm5H37ZCen8vcYqkmGk3NNxpYYAWM59E3k
|
||||
igzi6+hH7sUo3m5ROCWXBBJbeMmD1L+CSrOZkl62OBY1EWxxPd4=
|
||||
=E0W0
|
||||
-----END PGP SIGNATURE-----
|
3
thunderbird-102.6.0.source.tar.xz
Normal file
3
thunderbird-102.6.0.source.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f5847083281cde16a486f1449dc5c0a8cad689e2db2b34ae486d1795f8d43c2e
|
||||
size 503321152
|
16
thunderbird-102.6.0.source.tar.xz.asc
Normal file
16
thunderbird-102.6.0.source.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmOXoEwACgkQ6+QekPbx
|
||||
L23wLQ/8DORhGSUWd7vSojz0cRis26xQA0XK0S+G+v6F2ec2XTHR1Ae18cLv9a0L
|
||||
l+d6XiizhFl0Xrg7zSVCHao5ivxzSGvbqeDEPL7Qc7RExBqhWfkjqGPy6RzVxADI
|
||||
T4AmCCeh2B248YHds8OdWULUANxQIR3ZDmyukBZKid6bkY+5EyufvXMzrJvrMopf
|
||||
QqjyOVUUzQ0hqFErpUUzLGw/f+Be6lUZrtTk/w1j0+5HRteyf37nU7kxPpH2LrnA
|
||||
3Duj7hfM7OHOQumpXSNhfgjNZIF7fs0rKr68DfDryh4zID4HG/oqd5E2tH+5Hf7F
|
||||
erhlv/U9GUzrU7FF88KOs045wu3SzxDxax+74ifxdsWUS+K/v1dwtCiU2gwxCneT
|
||||
jP8yQueQItNCscyigwXTy7xZ9zEjsnq9K2pN0m7rSasSuW8Gbat0i4PV6NcWRZ0H
|
||||
zrgt/7mEAi4hqp+yLPQMaCQIhOzfLrSZM7fkMnkJs01Gn3moNepbSxreHram38E5
|
||||
mHhuDcjwOFLsb4GbVd3NIYPMl5px0qHBuSCV+dXcPXZxfHLKdHBHBZK72pp8Koco
|
||||
fgGvYPObCDbg6N3nDmccnQ5x1PEW3tytpuGVUkcPwQECHoBRnuVyMPXTUGQpzxVP
|
||||
qwYr81xwI1UkH1HBqVij6JjS7ErwxHamVVvEpv2T1OXSBh66VHk=
|
||||
=1NJn
|
||||
-----END PGP SIGNATURE-----
|
Loading…
Reference in New Issue
Block a user