Accepting request 669999 from mozilla:Factory

- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
  MFSA 2019-03 (bsc#1122983)
  * CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches

  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295

OBS-URL: https://build.opensuse.org/request/show/669999
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=204
This commit is contained in:
Stephan Kulow 2019-02-08 11:05:39 +00:00 committed by Git OBS Bridge
commit 46b2e6acbb
16 changed files with 768 additions and 357 deletions

View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Fri Jan 25 14:40:21 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- MozillaThunderbird 60.5.0:
* FileLink provider WeTransfer to upload large attachments
* Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user inferface: [+] button
to select a file an add, [-] to remove.
* More search engines: Google and DuckDuckGo available by default
in some locales
* During account creation, Thunderbird will now detect servers
using the Microsoft Exchange protocol. It will offer the
installation of a 3rd party add-on (Owl) which supports that
protocol.
* Thunderbird now compatible with other WebExtension-based
FileLink add-ons like the Dropbox add-on
MFSA 2019-03 (bsc#1122983)
* CVE-2018-18500 bmo#1510114
Use-after-free parsing HTML5 stream
* CVE-2018-18505 bmo#1497749
Privilege escalation through IPC channel messages
* CVE-2016-5824 bmo#1275400
DoS (use-after-free) via a crafted ics file
* CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
bmo#1502871 bmo#1516738 bmo#1516514
Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- requires NSS 3.36.7
- removed obsolete patch
mozilla-no-stdcxx-check.patch
- rebased patches
-------------------------------------------------------------------
Fri Dec 21 19:50:56 UTC 2018 - astieger@suse.com
@ -8,8 +39,25 @@ Fri Dec 21 19:50:56 UTC 2018 - astieger@suse.com
* New messages in the drafts folder (and other special or virtual
folders) will no longer be included in the new messages
notification
MFSA 2018-31
* CVE-2018-17466 bmo#1488295
Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
* CVE-2018-18492 bmo#1499861
Use-after-free with select element
* CVE-2018-18493 bmo#1504452
Buffer overflow in accelerated 2D canvas with Skia
* CVE-2018-18494 bmo#1487964
Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
* CVE-2018-18498 bmo#1500011
Integer overflow when calculating buffer sizes for images
* CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4
- requires NSS 3.36.6
-------------------------------------------------------------------
Tue Dec 4 21:04:50 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>

View File

@ -1,8 +1,8 @@
#
# spec file for package MozillaThunderbird
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# 2006-2018 Wolfgang Rosenauer <wr@rosenauer.org>
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# 2006-2019 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,9 +17,9 @@
#
%define mainversion 60.4.0
%define mainversion 60.5.0
%define update_channel release
%define releasedate 20181217101353
%define releasedate 20190122170039
%bcond_without mozilla_tb_kde4
%bcond_with mozilla_tb_valgrind
@ -44,7 +44,7 @@ BuildRequires: libidl-devel
BuildRequires: libnotify-devel
BuildRequires: memory-constraints
BuildRequires: mozilla-nspr-devel >= 4.19
BuildRequires: mozilla-nss-devel >= 3.36.6
BuildRequires: mozilla-nss-devel >= 3.36.7
BuildRequires: python
BuildRequires: python2-xml
BuildRequires: rust >= 1.24
@ -116,7 +116,6 @@ Source14: http://ftp.mozilla.org/pub/thunderbird/releases/%{version}/KEY#/
# Gecko/Toolkit
Patch2: mozilla-nongnome-proxies.patch
Patch3: mozilla-kde.patch
Patch5: mozilla-no-stdcxx-check.patch
Patch6: mozilla-aarch64-startup-crash.patch
Patch7: mozilla-bmo1375074.patch
Patch8: mozilla-bmo1464766.patch
@ -198,7 +197,6 @@ symbols meant for upload to Mozilla's crash collector database.
%if %{with mozilla_tb_kde4}
%patch3 -p1
%endif
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
@ -481,6 +479,7 @@ exit 0
%{progdir}/defaults/
%dir %{progdir}/extensions/
%{progdir}/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
%{progdir}/features/
%{progdir}/isp/
%{_datadir}/appdata/
%{_datadir}/applications/%{desktop_file_name}.desktop

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76b44663f5a7f687f38d32b193bc1d1d34c3bb904a2c8cbfef307e1e4ff4f6a0
size 28848
oid sha256:fd6d08ed498da4259c30da63101d5a554d56ec02495f438119254fa25df55d8f
size 28408

View File

@ -2,9 +2,9 @@
CHANNEL="esr60"
BRANCH="releases/comm-$CHANNEL"
RELEASE_TAG="945fb5fce3d3"
MOZ_RELEASE_TAG="c23331af8ac635f86d748c0eb1e5bbb8fcfd86d9"
VERSION="60.4.0"
RELEASE_TAG="0afc082591ad"
MOZ_RELEASE_TAG="111144372339ec2c9e5c899656c2919c90f56f08"
VERSION="60.5.0"
VERSION_SUFFIX=""
LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0610239ed30b87b9b2a304a635aaaa56a85b46c961bdb3f328ad7e6650d46667
size 29672564

3
l10n-60.5.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:46c9bbf5f4b7a4e2ae53ab6d2ba708873f766a3cfaa8e33a3663298adaca2ab4
size 27451012

View File

@ -1,12 +1,13 @@
# HG changeset patch
# Parent a5cfa3aa11a9d3391df49de6fc5a0e5232c12c10
# Parent 3005da37da3f1e2c568b1675307d10860182d214
# Parent 85c2e07d2a9ec3e45f55d0e482c7b663626bfc8a
Bug 991344 - Rpi3: Firefox crashes after a few seconds of usage
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -887,17 +887,23 @@ nsIOService::NewChannelFromURIWithProxyF
@@ -874,18 +874,23 @@ nsresult nsIOService::NewChannelFromURIW
u"Http channel implementation "
"doesn't support nsIUploadChannel2. An extension has "
"supplied a non-functional http protocol handler. This will "
"break behavior and in future releases not work at all.");
@ -14,7 +15,7 @@ diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
gHasWarnedUploadChannel2 = true;
}
}
-
+#if defined(__aarch64__)
+ if (result) {
+ channel.forget(result);
@ -26,7 +27,7 @@ diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
}
NS_IMETHODIMP
nsIOService::NewChannelFromURIWithProxyFlags2(nsIURI* aURI,
nsIURI* aProxyURI,
uint32_t aProxyFlags,
nsIDOMNode* aLoadingNode,
nsIOService::NewChannelFromURIWithProxyFlags2(
nsIURI *aURI, nsIURI *aProxyURI, uint32_t aProxyFlags,
nsIDOMNode *aLoadingNode, nsIPrincipal *aLoadingPrincipal,
nsIPrincipal *aTriggeringPrincipal, uint32_t aSecurityFlags,

View File

@ -3,7 +3,7 @@
# User Lars T Hansen <lhansen@mozilla.com>
# Date 1519822672 -3600
# Node ID 800abe66894d6b07b24bccecbf6a65e2261076f6
# Parent 223c97459e96183eb616aed39147207bdb953ba8
# Parent 13ecd3214b18e4cab73c54e12e16071d58bed11e
Bug 1375074 - Save and restore non-volatile x28 on ARM64 for generated unboxed object constructor. r=sstangl
diff --git a/js/src/jit-test/tests/bug1375074.js b/js/src/jit-test/tests/bug1375074.js
@ -32,7 +32,7 @@ new file mode 100644
diff --git a/js/src/vm/UnboxedObject.cpp b/js/src/vm/UnboxedObject.cpp
--- a/js/src/vm/UnboxedObject.cpp
+++ b/js/src/vm/UnboxedObject.cpp
@@ -90,17 +90,25 @@ UnboxedLayout::makeConstructorCode(JSCon
@@ -81,18 +81,25 @@ static const uintptr_t CLEAR_CONSTRUCTOR
masm.loadPtr(Address(masm.getStackPointer(), sizeof(void*)), propertiesReg);
masm.loadPtr(Address(masm.getStackPointer(), 2 * sizeof(void*)), newKindReg);
#else
@ -41,7 +41,8 @@ diff --git a/js/src/vm/UnboxedObject.cpp b/js/src/vm/UnboxedObject.cpp
#endif
#ifdef JS_CODEGEN_ARM64
- // ARM64 communicates stack address via sp, but uses a pseudo-sp for addressing.
- // ARM64 communicates stack address via sp, but uses a pseudo-sp for
- // addressing.
+ // ARM64 communicates stack address via sp, but uses a pseudo-sp (PSP) for
+ // addressing. The register we use for PSP may however also be used by
+ // calling code, and it is nonvolatile, so save it. Do this as a special
@ -59,13 +60,13 @@ diff --git a/js/src/vm/UnboxedObject.cpp b/js/src/vm/UnboxedObject.cpp
AllocatableGeneralRegisterSet regs(GeneralRegisterSet::All());
regs.take(propertiesReg);
@@ -228,17 +236,32 @@ UnboxedLayout::makeConstructorCode(JSCon
if (object != ReturnReg)
masm.movePtr(object, ReturnReg);
@@ -234,17 +241,32 @@ static const uintptr_t CLEAR_CONSTRUCTOR
masm.bind(&done);
if (object != ReturnReg) masm.movePtr(object, ReturnReg);
// Restore non-volatile registers which were saved on entry.
if (ScratchDoubleReg.volatile_())
masm.pop(ScratchDoubleReg);
if (ScratchDoubleReg.volatile_()) masm.pop(ScratchDoubleReg);
masm.PopRegsInMask(savedNonVolatileRegisters);
+#ifdef JS_CODEGEN_ARM64
@ -92,4 +93,3 @@ diff --git a/js/src/vm/UnboxedObject.cpp b/js/src/vm/UnboxedObject.cpp
// return null.
masm.initUnboxedObjectContents(object, templateObject);

View File

@ -3,7 +3,7 @@
# User Mike Hommey <mh+mozilla@glandium.org>
# Date 1526871862 -32400
# Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43
# Parent 1800b8895c08bc0c60302775dc0a4b5ea4deb310
# Parent 4a2e8085417fe782738bfd736b69806d9ed19d6a
Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons
For some reason, GNU as is not happy with the assembly generated after
@ -12,12 +12,11 @@ bug 1238661 anymore on Debian armel.
OTOH, as mentioned in bug 1238661 comment 4, we actually don't need this
workaround anymore, so let's just kill it.
diff --git a/mfbt/LinuxSignal.h b/mfbt/LinuxSignal.h
deleted file mode 100644
--- a/mfbt/LinuxSignal.h
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -1,38 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@ -38,18 +37,11 @@ deleted file mode 100644
-// will be skipped over.
-
-template <void (*H)(int, siginfo_t*, void*)>
-__attribute__((naked)) void
-SignalTrampoline(int aSignal, siginfo_t* aInfo, void* aContext)
-{
- asm volatile (
- "nop; nop; nop; nop"
- : : : "memory");
-__attribute__((naked)) void SignalTrampoline(int aSignal, siginfo_t* aInfo,
- void* aContext) {
- asm volatile("nop; nop; nop; nop" : : : "memory");
-
- asm volatile (
- "b %0"
- :
- : "X"(H)
- : "memory");
- asm volatile("b %0" : : "X"(H) : "memory");
-}
-
-#define MOZ_SIGNAL_TRAMPOLINE(h) (mozilla::SignalTrampoline<h>)
@ -66,7 +58,7 @@ deleted file mode 100644
diff --git a/mfbt/moz.build b/mfbt/moz.build
--- a/mfbt/moz.build
+++ b/mfbt/moz.build
@@ -117,20 +117,16 @@ EXPORTS["double-conversion"] = [
@@ -115,20 +115,16 @@ EXPORTS["double-conversion"] = [
LOCAL_INCLUDES += [
'/mfbt/double-conversion',
]
@ -108,7 +100,7 @@ diff --git a/tools/profiler/core/platform-linux-android.cpp b/tools/profiler/cor
using namespace mozilla;
@@ -272,17 +271,17 @@ Sampler::Sampler(PSLockRef aLock)
@@ -248,17 +247,17 @@ Sampler::Sampler(PSLockRef aLock)
// NOTE: We don't initialize LUL here, instead initializing it in
// SamplerThread's constructor. This is because with the
@ -126,5 +118,4 @@ diff --git a/tools/profiler/core/platform-linux-android.cpp b/tools/profiler/cor
}
}
void
void Sampler::Disable(PSLockRef aLock) {

File diff suppressed because it is too large Load Diff

View File

@ -1,25 +0,0 @@
# HG changeset patch
# User Wolfgang Rosenauer <wr@rosenauer.org>
# Parent f62746698c37af9593338fe75fbff6b319cd370c
diff --git a/config/config.mk b/config/config.mk
--- a/config/config.mk
+++ b/config/config.mk
@@ -471,17 +471,16 @@ ifeq ($(MOZ_WIDGET_TOOLKIT),android)
# of the linker command line), if libmozglue.so ends up after libc.so, all
# hell breaks loose, so better safe than sorry, and check it's actually the
# case.
CHECK_MOZGLUE_ORDER = @$(TOOLCHAIN_PREFIX)readelf -d $(1) | grep NEEDED | awk '{ libs[$$NF] = ++n } END { if (libs["[libmozglue.so]"] && libs["[libc.so]"] < libs["[libmozglue.so]"]) { print "libmozglue.so must be linked before libc.so"; exit 1 } }'
endif
define CHECK_BINARY
$(call CHECK_GLIBC,$(1))
-$(call CHECK_STDCXX,$(1))
$(call CHECK_TEXTREL,$(1))
$(call LOCAL_CHECKS,$(1))
$(call CHECK_MOZGLUE_ORDER,$(1))
endef
# autoconf.mk sets OBJ_SUFFIX to an error to avoid use before including
# this file
OBJ_SUFFIX := $(_OBJ_SUFFIX)

View File

@ -9,18 +9,19 @@ retrieving revision 1.1
diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
--- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
+++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
@@ -54,23 +54,27 @@ nsUnixSystemProxySettings::GetMainThread
// dbus prevents us from being threadsafe, but this routine should not block anyhow
@@ -55,24 +55,27 @@ NS_IMETHODIMP
nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) {
// dbus prevents us from being threadsafe, but this routine should not block
// anyhow
*aMainThreadOnly = true;
return NS_OK;
}
nsresult
nsUnixSystemProxySettings::Init()
{
nsresult nsUnixSystemProxySettings::Init() {
- mGSettings = do_GetService(NS_GSETTINGSSERVICE_CONTRACTID);
- if (mGSettings) {
- mGSettings->GetCollectionForSchema(NS_LITERAL_CSTRING("org.gnome.system.proxy"),
- mGSettings->GetCollectionForSchema(
- NS_LITERAL_CSTRING("org.gnome.system.proxy"),
- getter_AddRefs(mProxySettings));
- }
- if (!mProxySettings) {
@ -41,6 +42,6 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy
return NS_OK;
}
bool
nsUnixSystemProxySettings::IsProxyMode(const char* aMode)
{
bool nsUnixSystemProxySettings::IsProxyMode(const char* aMode) {
nsAutoCString mode;
return NS_SUCCEEDED(mGConf->GetString(

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:27a6cdd9cfdd7ce70b1d193c64739db6be6b39eec308f0122d8472a6cd243e75
size 284938284

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAABCAAGBQJcF7OsAAoJELu+vbskxvNV3jgQALg/OzG/qv/8LO7p/tQYD0EX
EAk0mg+NAbtynHUzVUWRMMLMWAne9Tpv1XEkAjlKN+1dK6vRpUt+DPsQDet0vWkO
iP8xwut5wYKbWSoNRa9jBVUwNsuxZo/mGFYM/Bk0F6dMTkBaqT6mEghtLp7pUIeI
Uiz/2a08E/KuNZnVd4eH6Pv2w7OvWVl9AxJwP2DO1Oks9WprfG2UwRunTEOV6353
iIxcsvr2BtyLjGqMu2grhWUI/b8zt2+0fBO2uflZBid+iqTppNGXHTyrfWwT7EQ0
HUR8Zf4e+DSuMpZOzaG0ga7Sg7NqmUme4w2RZx05uRyaBAK+vhkXcHaVk+uFTAUu
b3nX9K23zpFCWYc7M5GUZ4TLHfSpldmeg/A8RDjM0Y8hkLUJIYfcvan8pSte3LSa
/Qg7ckvRxT08ldg1gn80MT+LucwHQdJM/sXkrM7LlOMlsPHSrrqD5z9DN4pySYpJ
EMY282mRV0ccRa0qlO11U619nuJPcdU3dAKHn7ayTKHYp+JlPfX7WptWgvQpW/Kg
zmeJEzT8j32hTidHEioP67saZ2eUUyFc69JUNBeG2xF4Up2xVdMUKuspZRDwj/Vb
ZUdLSkENJ4Z0PEMIPRA27uSdqkZwv4hmLpCcFL9TMP6t8Vd2e4/UeDSN3AhDC1lI
qUF3xf7pW692FfJyd3xZ
=cpIQ
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6f96e87e832e4089c69418db64e19afd54a0acefe3e0364087a8bc6f442b9566
size 285636196

View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAABCAAGBQJcR3PQAAoJELu+vbskxvNV3OgP/Rk4x2u5TRdmv8ubjKb6mrLr
yx583WYhzlhAir1ou0I4GiKjZvg0HthzgURnfqPsn/46w9SiT0vgMeBIjyx6nn42
pvhKt7gGzCZUtxehltbbbG4e0ZnRHyqf2Z+N7rDgaZ4kqtrCKxQvN/0rBR2gKKVS
Uikil83DMr/5rZQmaSdzeEsw07PynP0fQJ/OYsY6+uVfwYf6b812zE8xuykvyOZm
fKMxY7HeC2Tdqt2L2jDliT93YKEcZsKhZLUVzjJ80WlItuJ3bUUatbOlnwUX8UJu
olMt4FqcDkrh0BQWPNo87aYbNZtWSQr1D/dxJdTqjwQoNbzVhFlmxyyaQzge24vW
gSk4ordI2SM3G0R+qztlJfaSvOid3LwolgTsjsULL6VA9tUSOlpEnYxwCqM5YaBS
rS3LJzjiWAWEUD7yHVFHLM+W7KBXODm3C+te1GlMXzxDwD42PkRknU2Ioobm8962
I27xvzr86ZSM3jSW69NFcbcn/g0RYPYaQWAfxFJ6Ns53cWX/U8Ywjei32jWEE3K8
f2uXYB0q4dG1laswB6f4NHzzahR6PVOQQkZDiU18hYucNlXRQvbHRB9q5BbxVxVF
gNeeoWVJkdJqmaeG0/wSL2GbsfYb6ttRBu5Ehc/x9Tyumsy3/rdlpP9L0GGrN77S
eW0G0sgcVKzvfU/IV6Hf
=E5Md
-----END PGP SIGNATURE-----