- Mozilla Thunderbird 91.10.0

* Various UX and theme improvements
  MFSA 2022-22 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded
    files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-1834 (bmo#1767816)
    Braille space character caused incorrect sender email to be
    shown for a digitally signed email
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of
    allowCredential entries may have leaked cross-origin
    information
  * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
    bmo#1767365, bmo#1768559, bmo#1768734)
    Memory safety bugs fixed in Thunderbird 91.10

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=638

MozillaThunderbird.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Thu May 26 07:56:09 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 91.10.0
+  * Various UX and theme improvements
+  MFSA 2022-22 (bsc#1200027)
+  * CVE-2022-31736 (bmo#1735923)
+    Cross-Origin resource's length leaked
+  * CVE-2022-31737 (bmo#1743767)
+    Heap buffer overflow in WebGL
+  * CVE-2022-31738 (bmo#1756388)
+    Browser window spoof using fullscreen mode
+  * CVE-2022-31739 (bmo#1765049)
+    Attacker-influenced path traversal when saving downloaded
+    files
+  * CVE-2022-31740 (bmo#1766806)
+    Register allocation problem in WASM on arm64
+  * CVE-2022-31741 (bmo#1767590)
+    Uninitialized variable leads to invalid memory read
+  * CVE-2022-1834 (bmo#1767816)
+    Braille space character caused incorrect sender email to be
+    shown for a digitally signed email
+  * CVE-2022-31742 (bmo#1730434)
+    Querying a WebAuthn token with a large number of
+    allowCredential entries may have leaked cross-origin
+    information
+  * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
+    bmo#1767365, bmo#1768559, bmo#1768734)
+    Memory safety bugs fixed in Thunderbird 91.10
+
 -------------------------------------------------------------------
 Sat May 21 06:36:17 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaThunderbird.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          91
-%define mainver        %major.9.1
-%define orig_version   91.9.1
+%define mainver        %major.10.0
+%define orig_version   91.10.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@@ -105,7 +105,7 @@ BuildRequires:  ccache
 BuildRequires:  libXcomposite-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  mozilla-nspr-devel >= 4.32
-BuildRequires:  mozilla-nss-devel >= 3.68
+BuildRequires:  mozilla-nss-devel >= 3.68.4
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 10.22.1
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000

tar_stamps

@@ -1,8 +1,8 @@
 PRODUCT="thunderbird"
 CHANNEL="esr91"
-VERSION="91.9.1"
+VERSION="91.10.0"
 VERSION_SUFFIX=""
-PREV_VERSION="91.9.0"
+PREV_VERSION="91.9.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"

thunderbird-91.10.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a0dbf9a8083a4dff8a0506b5f4c6910f681476e2c5fce081beda4493168e66f9
+size 413952892

thunderbird-91.10.0.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKOpnwACgkQ6+QekPbx
+L20tdw//XSN3MPmfipHx+sG7ttpoohrt4olNI4fu255iIwN+oY5c3bsnW9ZmVLG/
+jGqgSbiDfC13ZUlIRb8eWAkRQSJm59KWqMGsio8n2VTc4sIsbkt/jRcyOYSA8zEk
+M3DEI+MVPYPxu6VIiIsZhRrG1udB9Iptg3nvgy1+zhHvmWC4EZVLeZA+17gs9LnA
+CD1C6a87bSjzZP0B9cYiUv4j/QZQDq98NXDz62QzcgvvMA817WhDXaNol2NiHa1z
+IIKw0VSBWuIB6UnM3qyxUtVnLaznq4M+DMCrJzUrVOBOBzYh7KmKUcgak/KseojV
+YjvQ4YVu553EAG7yl89A15FND6IVl9/T5s9GQL3CeMptK1HJFIs1xEjmalNzdUYZ
+IXIPm5WdDr8btApEms1xTlZF3glq6971ZxeJXqoDJKWJD/vEepiu38tImxUx3jsA
+63gncutNJJdPVe5gSjGZXKDNLMG9Hg0BEVoWg7IhkuDP3h8u1vo98awRJez3Qc0u
+lQSGtG6b+rVMHHRNS0qb8Gy6wk1BO380HXLPnZFotN8oGcopmU59+sOtloEwyJYV
+5MoP9se1jWVUTdqQsvO+uHgV5kH5xC7GM7Sq4j/DDxy+SdbLa902NS6JAxeCrzho
+z7vMHfPu+PxUHlCQxvrkMqzy2+Nk/LfbVMFH1ZU9vYBNKi+qcY0=
+=q9Z/
+-----END PGP SIGNATURE-----

thunderbird-91.9.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d598f774c26b60d63bdd35535f88081b7f5897bfce6eb91ba8f9792141c492e6
-size 402851656

thunderbird-91.9.1.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKG/+kACgkQ6+QekPbx
-L21a+hAAh5nPXDFZEb06T+ip8E5MvtCabR6YWCqPau3ZQKepMhK3tAmS2apBqT0w
-an21/pRt6+WtAxLc4THOHa/pZx2BQo48VgsM6SpQx8SqkxMZaN79b+fkOFcceEDT
-jBo9GcWO212JQRTUpp0HHYfK5AIJWRMB6mbUl8SJwBJxn/dO2YKnaXYCC99EGj9v
-NVdoswr9kWLmTheyyayqiOIpuRgS1PPavvlhsSgSJrBQY88A+vbGGvOYo14tWN9v
-OiUc0CJU6kfxEQ7mkilzm4YW1hLXodQBGSlWXs4cxNqfr4dOP+XS82+Cmenm1vbq
-Ooe+PEZVDsc8WnmjcYp0QeMTMI2NfHitUbQOfXOq6Mn0cJkSlENPHCLwThismDsj
-ct2W553yz7OogFtXx7/gxQDy5WIYv7ppBGYFwW6K/sqZ+R9S5InBZDN09pHzzKIa
-5RPOspUX2zg4+PLWLqXyBiHGuz6SNsPL+egOdr2mMr8poPpyFq44/11gwL7P1KlJ
-WESVl2LB2rIKg289r4+8izBFfps/WfCLWbf7gOQ78EYgrPS8DWFTVEUuA5Uk4Vf0
-t5S3ZbBFwy6wthN+GLHYDoZDWcu+xZTFf7vmOO9cvZOGY08Q/LX9RP8egLO8mAEc
-en148yc4KCB6ovaeq5xh+NrYlh/4rvessaiN4ejq2xL3GgiNxb4=
-=W9fG
------END PGP SIGNATURE-----