diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 48d3f71..7b5ef48 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Sun Mar 12 09:52:40 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Thunderbird 102.9.0 + * https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes + MFSA 2023-11 (bsc#1209173)) + * CVE-2023-25751 (bmo#1814899) + Incorrect code generation during JIT compilation + * CVE-2023-28164 (bmo#1809122) + URL being dragged from a removed cross-origin iframe into the + same tab triggered navigation + * CVE-2023-28162 (bmo#1811327) + Invalid downcast in Worklets + * CVE-2023-25752 (bmo#1811627) + Potential out-of-bounds when accessing throttled streams + * CVE-2023-28163 (bmo#1817768) + Windows Save As dialog resolved environment variables + * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, + bmo#1817442, bmo#1818674) + Memory safety bugs fixed in Thunderbird 102.9 +- update create-tar.sh +- build using rust 1.67 + +------------------------------------------------------------------- +Tue Mar 7 18:30:09 UTC 2023 - Manfred Hollstein + +- Ensure gcc11-c++ gets used on Leap 15.5, too. + ------------------------------------------------------------------- Wed Feb 15 07:46:58 UTC 2023 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index d4c9678..99ee187 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -29,8 +29,8 @@ # major 69 # mainver %major.99 %define major 102 -%define mainver %major.8.0 -%define orig_version 102.8.0 +%define mainver %major.9.0 +%define orig_version 102.9.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -85,7 +85,7 @@ BuildRequires: autoconf213 BuildRequires: dbus-1-glib-devel BuildRequires: fdupes BuildRequires: memory-constraints -%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150400 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150500 BuildRequires: gcc11-c++ %else BuildRequires: gcc-c++ @@ -100,8 +100,8 @@ BuildRequires: rust >= 1.59 # minimal requirement: BuildRequires: rust+cargo >= 1.59 # actually used upstream: -BuildRequires: cargo1.63 -BuildRequires: rust1.63 +BuildRequires: cargo1.67 +BuildRequires: rust1.67 %endif %if 0%{useccache} != 0 BuildRequires: ccache @@ -180,7 +180,7 @@ Source6: suse-default-prefs.js Source7: l10n-%{orig_version}%{orig_suffix}.tar.xz Source9: thunderbird.appdata.xml Source13: spellcheck.js -Source14: https://github.com/openSUSE/firefox-scripts/raw/f4363ab1d76e173666e56408d44fe00af16ddbd8/create-tar.sh +Source14: https://github.com/openSUSE/firefox-scripts/raw/9b77cf0/create-tar.sh Source20: https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/source/%{srcname}-%{orig_version}%{orig_suffix}.source.tar.xz.asc Source21: https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/KEY#/mozilla.keyring # Gecko/Toolkit @@ -334,7 +334,7 @@ export BUILD_OFFICIAL=1 export MOZ_TELEMETRY_REPORTING=1 export MOZ_REQUIRE_SIGNING= export MACH_USE_SYSTEM_PYTHON=1 -%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150400 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150500 export CC=gcc-11 %else %if 0%{?clang_build} == 0 diff --git a/create-tar.sh b/create-tar.sh index d92c7c2..9114700 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -16,10 +16,17 @@ function main() { set_internal_variables - check_what_changed + check_what_to_do_with_source_tarballs download_upstream_source_tarballs - create_locales_tarballs + if [ -z ${SKIP_LOCALES+x} ]; then + check_what_to_do_with_locales_tarballs + create_locales_tarballs + else + printf "%-40s: User forced skip (SKIP_LOCALES set)\n" "locales" + fi + + clean_up_old_tarballs } function print_usage_and_exit() { @@ -64,7 +71,9 @@ function set_internal_variables() { else FF_LOCALE_FILE="thunderbird-$VERSION/browser/locales/l10n-changesets.json" TB_LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json" - L10N_STRING_PATTERNS="thunderbird-$VERSION/python/l10n/tbxchannel/l10n_merge.py" + FF_PREV_LOCALE_FILE="thunderbird-$PREV_VERSION/browser/locales/l10n-changesets.json" + TB_PREV_LOCALE_FILE="thunderbird-$PREV_VERSION/comm/mail/locales/l10n-changesets.json" + L10N_STRING_PATTERNS="thunderbird-$VERSION/comm/python/l10n/tbxchannel/l10n_merge.py" fi SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz" @@ -93,7 +102,7 @@ function check_tarball_source () { local CANDIDATE_TARBALL_LOCATION="" CANDIDATE_TARBALL_LOCATION="$(printf "%s/%s/source/%s" "$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX")" "$BUILD_ID" "$TARBALL" )" if wget --spider "$CANDIDATE_TARBALL_LOCATION" 2> /dev/null; then - echo "Download UNRELEASED candidate" + echo "Download UNRELEASED candidate ($BUILD_ID)" else echo "Mercurial checkout" fi @@ -119,13 +128,13 @@ function check_for_binary() { } function get_source_stamp() { - CURR_BUILD_ID="$1" - FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX") - FTP_CANDIDATES_JSON_SUFFIX="${CURR_BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json" - BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1; - REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp) - SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo) - TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid) + local CURR_BUILD_ID="$1" + local FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX") + local FTP_CANDIDATES_JSON_SUFFIX="${CURR_BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json" + local BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1; + local REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp) + local SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo) + local TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid) echo "Extending $TAR_STAMP with:" echo "RELEASE_REPO=${SOURCE_REPO}" echo "RELEASE_TAG=${REV}" @@ -170,9 +179,9 @@ function get_build_number() { } function locales_get() { - CURR_PRODUCT="$1" - TMP_VERSION="$2" - CURR_BUILD_ID="$3" + local CURR_PRODUCT="$1" + local TMP_VERSION="$2" + local CURR_BUILD_ID="$3" # Make first letter of CURR_PRODUCT upper case CURR_PRODUCT_CAP="${CURR_PRODUCT^}" URL_TO_CHECK="${LOCALES_URL}/${CURR_PRODUCT_CAP}-${TMP_VERSION}" @@ -216,9 +225,9 @@ function extract_locales_file() { } function locales_unchanged() { - CURR_PRODUCT="$1" - CURR_BUILD_ID="$2" - PREV_BUILD_ID=$(get_build_number "$CURR_PRODUCT" "$PREV_VERSION$PREV_VERSION_SUFFIX") + local CURR_PRODUCT="$1" + local CURR_BUILD_ID="$2" + local PREV_BUILD_ID=$(get_build_number "$CURR_PRODUCT" "$PREV_VERSION$PREV_VERSION_SUFFIX") # If no json-file for one of the versions can be found, we say "they changed" prev_url=$(locales_get "$CURR_PRODUCT" "$PREV_VERSION$PREV_VERSION_SUFFIX" "$PREV_BUILD_ID") || return 1 prev_content=$(locales_parse_url "$prev_url") || exit 1 @@ -284,32 +293,10 @@ function create_and_copy_locales() { done } -function check_what_changed() { +function check_what_to_do_with_source_tarballs() { # Get ID BUILD_ID=$(get_build_number "$PRODUCT" "$VERSION$VERSION_SUFFIX") - if [ -z ${SKIP_LOCALES+x} ]; then - LOCALES_CHANGED=1 - if [ "$PREV_VERSION" != "" ]; then - # If we have a previous version, check either FF or (TB and FF) - if [ "$PRODUCT" = "firefox" ]; then - locales_unchanged "$PRODUCT" "$BUILD_ID" - else - FF_BUILD_ID=$(get_build_number "firefox" "$VERSION$VERSION_SUFFIX") - locales_unchanged "$PRODUCT" "$BUILD_ID" && locales_unchanged "firefox" "$FF_BUILD_ID" - fi - LOCALES_CHANGED=$? - fi - - if [ $LOCALES_CHANGED -eq 1 ]; then - printf "%-40s: Need to download.\n" "locales" - else - printf "%-40s: Did not change. Skipping.\n" "locales" - fi - else - printf "%-40s: User forced skip (SKIP_LOCALES set)\n" "locales" - fi - # Check what is going to be done and ask for consent for ff in $SOURCE_TARBALL $SOURCE_TARBALL.asc; do printf "%-40s: %s\n" "$ff" "$(check_tarball_source $ff)" @@ -318,6 +305,47 @@ function check_what_changed() { ask_cont_abort_question "Is this ok?" || exit 0 } +function check_what_to_do_with_locales_tarballs() { + LOCALES_CHANGED=1 + + extract_locales_file + + if [ "$PREV_VERSION" != "" ]; then + # If we have a previous version, check either FF or (TB and FF) + if [ "$PRODUCT" = "firefox" ]; then + locales_unchanged "$PRODUCT" "$BUILD_ID" + else + # Currently, upstream 'forgets' which Firefox-locales get used for which Thunderbird-release upon release + # so, instead of parsing upstream JSON-files, we rely on the previous tarball being there and comparing + # the lang-files directly + # FF_BUILD_ID=$(get_build_number "firefox" "$VERSION$VERSION_SUFFIX") + # locales_unchanged "$PRODUCT" "$BUILD_ID" && locales_unchanged "firefox" "$FF_BUILD_ID" + if [ -e "$PREV_SOURCE_TARBALL" ]; then + echo "extract previous locale changesets" + tar -xf "$PREV_SOURCE_TARBALL" "$FF_PREV_LOCALE_FILE" "$TB_PREV_LOCALE_FILE" + + curr_ff_content=$(locales_parse_file "$FF_LOCALE_FILE") || exit 1 + prev_ff_content=$(locales_parse_file "$FF_PREV_LOCALE_FILE") || exit 1 + curr_tb_content=$(locales_parse_file "$TB_LOCALE_FILE") || exit 1 + prev_tb_content=$(locales_parse_file "$TB_PREV_LOCALE_FILE") || exit 1 + + diff -y --suppress-common-lines -d <(echo "$prev_ff_content") <(echo "$curr_ff_content") || + diff -y --suppress-common-lines -d <(echo "$prev_tb_content") <(echo "$curr_tb_content") + fi + fi + LOCALES_CHANGED=$? + fi + + # New line for better visibility + echo "" + if [ $LOCALES_CHANGED -eq 1 ]; then + printf "%-40s: Need to download.\n" "locales" + ask_cont_abort_question "Is this ok?" || exit 0 + else + printf "%-40s: Did not change. Skipping.\n" "locales" + fi +} + function download_release_or_candidate_file() { local upstream_file="$1" if [ -e "$upstream_file" ]; then @@ -338,9 +366,6 @@ function download_upstream_source_tarballs() { # we might have an upstream archive already and can skip the checkout if [ -e "$SOURCE_TARBALL" ]; then - if [ -z ${SKIP_LOCALES+x} ] && [ $LOCALES_CHANGED -ne 0 ]; then - extract_locales_file - fi get_source_stamp "$BUILD_ID" else # We are working on a version that is not yet published on the mozilla mirror @@ -386,9 +411,9 @@ function clone_and_repackage_sources() { hg update --check "$FF_RELEASE_TAG" [ "$FF_RELEASE_TAG" == "default" ] || hg update -r "$FF_RELEASE_TAG" # get repo and source stamp - REV=$(hg -R . parent --template="{node|short}\n") - SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/") - TIMESTAMP=$(date +%Y%m%d%H%M%S) + local REV=$(hg -R . parent --template="{node|short}\n") + local SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/") + local TIMESTAMP=$(date +%Y%m%d%H%M%S) if [ "$PRODUCT" = "thunderbird" ]; then pushd comm || exit 1 @@ -412,7 +437,8 @@ function clone_and_repackage_sources() { echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP" echo "creating archive..." - tar "$compression" -cf "$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz" --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS "$PRODUCT-$VERSION" + tar "$compression" -cf "$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz" --exclude-vcs "$PRODUCT-$VERSION" + ALREADY_EXTRACTED_LOCALES_FILE=1 } function create_locales_tarballs() { @@ -420,7 +446,7 @@ function create_locales_tarballs() { echo "Skipping locales-creation." exit 0 fi - + if [ "$LOCALES_CHANGED" -ne 0 ]; then clone_and_repackage_locales elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then @@ -492,13 +518,11 @@ function clone_and_repackage_locales() { esac done echo "creating l10n archive..." + local TAR_FLAGS="--exclude-vcs" if [ "$PRODUCT" = "thunderbird" ]; then - TB_TAR_FLAGS="--exclude=suite" + TAR_FLAGS="$TAR_FLAGS --exclude=suite" fi - tar "$compression" -cf "l10n-$VERSION$VERSION_SUFFIX.tar.xz" \ - --exclude=.hgtags --exclude=.hgignore --exclude=.hg \ - "$TB_TAR_FLAGS" \ - "$FINAL_L10N_BASE" + tar "$compression" -cf "l10n-$VERSION$VERSION_SUFFIX.tar.xz" $TAR_FLAGS "$FINAL_L10N_BASE" } function clean_up_old_tarballs() { diff --git a/l10n-102.8.0.tar.xz b/l10n-102.9.0.tar.xz similarity index 100% rename from l10n-102.8.0.tar.xz rename to l10n-102.9.0.tar.xz diff --git a/tar_stamps b/tar_stamps index 1df9e19..2ca86f2 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr102" -VERSION="102.8.0" +VERSION="102.9.0" VERSION_SUFFIX="" -PREV_VERSION="102.7.2" +PREV_VERSION="102.8.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102" -RELEASE_TAG="d2f3330ed11584d3f02ba72cf2fbaa397cd5f3f4" -RELEASE_TIMESTAMP="20230214184313" +RELEASE_TAG="db735c436e680abf21cc67f9a29b42fdf30d416d" +RELEASE_TIMESTAMP="20230310165821" diff --git a/thunderbird-102.8.0.source.tar.xz b/thunderbird-102.8.0.source.tar.xz deleted file mode 100644 index ec02932..0000000 --- a/thunderbird-102.8.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:12221faeb425490b799df12aa420ff9017eba573812b119b97ae1a1ed2727fc3 -size 506030440 diff --git a/thunderbird-102.8.0.source.tar.xz.asc b/thunderbird-102.8.0.source.tar.xz.asc deleted file mode 100644 index 975229b..0000000 --- a/thunderbird-102.8.0.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmPsBZsACgkQ6+QekPbx -L23CrhAAm21whlxopurD2H7xTbPF6XJc2MSyKOWR8MtQWzSbVsvJ8Nzio/vc3SyC -cWzbSopjrF7DvrnytZviiU9/iLV4pGrl7sq8plXPYTOA5b1Ue9v1fXcagD3RiASI -j5RZfajqqw8QMVQLWbzXooRDQJOmsRpV4EYiM6Y47XRbsTXq1qQgA963Et6X7O3U -YQNEPYuNQqW2nnDWk4YRdf2yRg4xFwxAyTl3mUkbHHkOrBfV35zipdHv+cdiAkIl -9gkZ/uPBJ21zVHHNCMIKjQbClDQZaE/t5DssFt7W2bJRrVSPBI5U5z3v7Z9uaKGt -nuSJMPQN+WU/BQAwQhndVHCgeEj92F0AMRXtEdU9QcyaQCC0SGnZ7sxdSq6QRsbB -zOzOu1qZ/jH0/w5lJRhNF4tnLbVmyGgAbYnUBhSiE6/Kx0hdf1pX/5Z0xZEJ9Ay9 -IO138PucoHHPBo+NU5VCzsqU21rREG7FucUh5GbZqRQWfVHqVPm7vWBYbCKAA8sX -D+p8jb6G1GG1qt6KtiV/KaEAgmJEAZKHEHx44zPwqjWsW+oHn6w3Iaf2rmSYoQNd -CmMzDYloutqie55ywvcrypjSlNlRJbixvUe5oHy7hsjO0mfMNvk1YCsWMr9Vqk6r -F7yNdyFwVGRhb3JVby+QJDDrHRrcZZfv42eVQsb4V8lwg613fJQ= -=NJbk ------END PGP SIGNATURE----- diff --git a/thunderbird-102.9.0.source.tar.xz b/thunderbird-102.9.0.source.tar.xz new file mode 100644 index 0000000..4098e6a --- /dev/null +++ b/thunderbird-102.9.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ecb34de765d548ed26ea24d4d617567a7896230d7c8379c1ef76be8ca05d6fef +size 503081436 diff --git a/thunderbird-102.9.0.source.tar.xz.asc b/thunderbird-102.9.0.source.tar.xz.asc new file mode 100644 index 0000000..322d34b --- /dev/null +++ b/thunderbird-102.9.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmQLrkIACgkQ6+QekPbx +L22h1g/+LXtjCm9UdWsufMQ6GWhNkdHXdhL7Uog6c8Z/vcyfotKNShUYzk8up9Rm +yUTZQ/vOPZPRt3MmONpE1KvOstThYncUPAdv9ZbIFQEF2eLQ73fiXSP/g5uGFThk +ZoXCEZt/pnDm6Uv7P/ufh+VYRkNu9TxpYTw5OH5u0YFbwazbyKHdwP2XwHmDqlff +ObbHyNy7m3+X1jrAb3ayWnK/PUqcw/GbbAdwdtM0eF3RttTO60d/8P+MQ/qxuM1a +OuVkgAQIpVJiJexbJXMVSUl/c2OwLXDwSX9Q0JKcCqGH1ruv2hss/6Hp9pIdazZs +85ko0g16DEx5EOTvNFmkYAaSnCAjNZOEqzv/hN71n5V+cvBQNF5U6rFM7qJOzeT6 +As8DI813YsAefHXo620Q+UQXBLXvwwnsuUS7CzzcLX2V+njhrZIKbGB2C5tgEwTg +FuSK6+0kWEpbYPXQDrrvzOWAJbs5lJNBdWX2WUeX7sNpeaUH/FPBULNo2LRuTgFG +qiZxaxQfaJ86ZZu29jdkmBQzC90e5dyw2PwipNDRu8FDbinod1vEcEJ1AhQywt2E +KnX7lp1A/7nMW+b1YbqGTk6w7NLpqGzW0XdfjYdvw2BYCJwtpVl2y8CaZYBxzOBl +dg+ibkdDRr5gk6XycidonfHVu4xZqEYZd2h62lVlnnTErV10YeE= +=4xjl +-----END PGP SIGNATURE-----