- Mozilla Thunderbird 91.6.0

* TB will now offer to send large forwarded attachments via FileLink * Partially signed unencrypted messages displayed an incorrect "parrtially encrypted" notification * Attachments filenames were not sanitized before saving to disk * In the attachment bar, the "Import OpenPGP Key" item displayed for public keys displayed an error and did not import the key * "Open with" attachment dialog did not have a selected radio button option MFSA 2022-06 (bsc#1195682) * CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows via Maintenance Service * CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission confirmation during update * CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have resulted in the dropped object being an executable * CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed script if the parent appended elements * CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could be distinguished between script and non-script content-types * CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy directive was not enforced for framed extension pages * CVE-2022-22763 (bmo#1740534) Script Execution during invalid object state OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=623
2022-02-11 22:30:53 +00:00 · 2022-02-11 22:30:53 +00:00 · 5e8c474a19
commit 5e8c474a19
parent c34bf76e06
10 changed files with 71 additions and 52 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,42 @@
 -------------------------------------------------------------------
 Sat Feb  5 14:11:31 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 91.6.0
  * TB will now offer to send large forwarded attachments via FileLink
  * Partially signed unencrypted messages displayed an incorrect
    "parrtially encrypted" notification
  * Attachments filenames were not sanitized before saving to disk
  * In the attachment bar, the "Import OpenPGP Key" item displayed
    for public keys displayed an error and did not import the key
  * "Open with" attachment dialog did not have a selected radio
    button option
  MFSA 2022-06 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance
    Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during
    update
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22763 (bmo#1740534)
    Script Execution during invalid object state
  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
    bmo#1748210, bmo#1748279)
    Memory safety bugs fixed in Thunderbird 91.6
 - do not use ccache by default
 - removed obsolete mozilla-bmo1745560.patch
 -------------------------------------------------------------------
 Sat Jan 22 09:57:59 UTC 2022 - Manfred Hollstein <manfred.h@gmx.net>
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -2,7 +2,7 @@
 # spec file
 #
 # Copyright (c) 2022 SUSE LLC
-#               2006-2021 Wolfgang Rosenauer <wr@rosenauer.org>
+#               2006-2022 Wolfgang Rosenauer <wr@rosenauer.org>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          91
-%define mainver        %major.5.1
+%define mainver        %major.6.0
-%define orig_version   91.5.1
+%define orig_version   91.6.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@ -38,9 +38,6 @@
 # upstream default is clang (to use gcc for large parts set to 0)
 %define clang_build    0
 # PIE, full relro
 %define build_hardened 1
 %bcond_with only_print_mozconfig
 %bcond_without mozilla_tb_kde4
@ -48,7 +45,7 @@
 %bcond_without mozilla_tb_optimize_for_size
 # define if ccache should be used or not
-%define useccache     1
+%define useccache     0
 # Firefox only supports i686
 %ifarch %ix86
@ -207,7 +204,6 @@ Patch28:        mozilla-libavcodec58_91.patch
 Patch29:        mozilla-silence-no-return-type.patch
 Patch30:        mozilla-bmo531915.patch
 Patch31:        mozilla-bmo1724679.patch
 Patch32:        mozilla-bmo1745560.patch
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /bin/sh
@ -310,7 +306,6 @@ fi
 %patch29 -p1
 %patch30 -p1
 %patch31 -p1
 %patch32 -p1
 %endif
 %build
@ -366,9 +361,7 @@ export CFLAGS="$CFLAGS -fimplicit-constexpr"
 # Limit RAM usage during link
 export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
 %endif
 %if 0%{?build_hardened}
 export LDFLAGS="${LDFLAGS} -fPIC -Wl,-z,relro,-z,now"
 %endif
 %ifarch ppc64 ppc64le
 %if 0%{?clang_build} == 0
 export CFLAGS="$CFLAGS -mminimal-toc"
@ -530,9 +523,10 @@ sed -r '/^(ja-JP-mac|en-US|$)/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/m
          >> %{_tmppath}/translations.$_l10ntarget
 ' -- {}
 %endif
-
+%if 0%{useccache} != 0
 ccache -s
 %endif
 %endif
 %install
 cd $RPM_BUILD_DIR/obj
--- a/l10n-91.5.1.tar.xz
+++ b/l10n-91.5.1.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:bf372dd234e130669ceca5b15b2a312893b03f6d7a7e14bcb3c8b10822943ff8
 size 28849860
--- a/l10n-91.6.0.tar.xz
+++ b/l10n-91.6.0.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2a949123ba7b07ac78562ebb9038b691b072823c0237d1644c05fd4464319cfc
 size 28819616
--- a/mozilla-bmo1745560.patch
+++ b/mozilla-bmo1745560.patch
@ -1,14 +0,0 @@
 diff --git a/widget/gtk/mozwayland/mozwayland.c b/widget/gtk/mozwayland/mozwayland.c
 --- a/widget/gtk/mozwayland/mozwayland.c
 +++ b/widget/gtk/mozwayland/mozwayland.c
@@ -200,3 +200,10 @@
 MOZ_EXPORT void wl_list_insert_list(struct wl_list* list,
                                     struct wl_list* other) {}
 +
 +MOZ_EXPORT struct wl_proxy* wl_proxy_marshal_flags(
 +    struct wl_proxy* proxy, uint32_t opcode,
 +    const struct wl_interface* interface, uint32_t version, uint32_t flags,
 +    ...) {
 +  return NULL;
 +}
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr91"
-VERSION="91.5.1"
+VERSION="91.6.0"
 VERSION_SUFFIX=""
-PREV_VERSION="91.5.0"
+PREV_VERSION="91.5.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
-RELEASE_TAG="46a4af6b62978ae76a41fcf57bc3309c4d9bb22e"
+RELEASE_TAG="676bfbddd4b3ed77f818b6b07d9d8a79c61be4da"
-RELEASE_TIMESTAMP="20220120011414"
+RELEASE_TIMESTAMP="20220204195633"
--- a/thunderbird-91.5.1.source.tar.xz
+++ b/thunderbird-91.5.1.source.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:15918d48c59988ddeba3c7b5d98cf483db9c38a782dfbf6472dc889fed9b9c8a
 size 405332676
--- a/thunderbird-91.5.1.source.tar.xz.asc
+++ b/thunderbird-91.5.1.source.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmHqDckACgkQ6+QekPbx
 L22h3g/9Gtqoij3wrjH4hRjcaoq7/kLdouDTLXLWUs8yO3UdPJlsssdkFrYHpvXB
 /WjXSDS7FY6mPxVWIDgeF2N8s07fIeDFB5tCAzJhpb4hpkYIrszGJXed7vvuJZmC
 BzXqPZdhLi6njo6iHwtPFWoidrT+fOEM4tdFUG2pVSjrUNr5A3QbQySzyuwh5G1W
 sj5SmtqotwZY60r3tx2j81PcxU3pn29piU7NJ9ma/PTmxj3vI6xZWfsvYk3UJnNK
 RbMlVwyj10qQKAHYB7mLba7GzSqWBGezeyysTtTinR7qMC3CPopYfOSfwcL+FJul
 lUFvYhIQlcXRIRcp1AHTspfGGIHgpVrJBQK2iIcsFmxXpCNkJq6m2Z7O//YyQslN
 uxJpMCMXtEr1ULATJVMoI963e+3C0bJz4FpzcN3Xoh++GmifKeo+DhW0Hq7uR/Yq
 PJr9ci99ti4wtsDVm4UKgqx7PQm1Mg3Gp8c1EKx05pRMjg64zBzAL84wa+oi8lTM
 LyVFFyIn5Jslt9izudQrgB1TXcCChEt+HK8yPRWUBqAqMXNuCj7gaSA2CN1yXKsx
 tO5ijyXX2XP4NgVfn9p+iI48geEfKB4YJMmNFzfXbhOp1yQ48uGd0kYoLFl9K79m
 5ysFEzl5qXH586YPYECMQheFZmKI3679EGzDgq4JawXnE1swshU=
 =n0Mf
 -----END PGP SIGNATURE-----
--- a/thunderbird-91.6.0.source.tar.xz
+++ b/thunderbird-91.6.0.source.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e9c6a82a41c869ce291d50352250856cbb3e9be8e603038be72cd5bc52438afb
 size 404738672
--- a/thunderbird-91.6.0.source.tar.xz.asc
+++ b/thunderbird-91.6.0.source.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmH9ursACgkQ6+QekPbx
 L22lAQ/+KaxdNSpa33jrG9KtWEk/gPpSQAKyeZmqpKuNpnlPowM8gAb5cehPEhtm
 olzcdZV3CNS2KPIkd7fa+UuncV3Ze9zoD3HlDmGobduzpP0NZtDiW4xPnidFDrKG
 d1YvLoCR7lSD9TSN+yhNwqWkyqJdeFkyZ4tiJhIzz0sPjdOf+DzaQVIokZ4aOLR5
 I9Yn7LB5Q3ijt+NhZeGKPVgHgWwQxwyI/xW4pHxGQX1nSyHQHTmMLp3QToEej0OU
 tAwA3ZlPMNhbl+G6wejXQPJZUigfUQxme6hE6//CAmVlIJWdgmqY6zEDJMwHk+A9
 VEHaVp1bnUaV9FSrHYpCo17zgwdia2MXeQUJWLllUwiOJQh/leXu4MP5yMGOL4ll
 i9bu7avAT077m1wpwMxqV39bVf2YR0o3KpAUa5sx46TuusUBzSpxb95c4dsapP8q
 rywnJxUACIo5jP3v97GLkrE/481YNSjtdYIoKJn3oEIOMgKQfOs7fAK+IyEc35LD
 JHf/87v3015k95s1eYpqYvR3LbJrbei72SbtrIURYy+4fiz1G7CYOa0gfvinM/S6
 b8+8ND/E/qg9UySofyRzSSMY2mlHBmfoFCe8P99kuwNVGNTMeuB40HK/UuZS7MXH
 PxXy97LbPmNoBZPLaK1NY3bk64gJNyr8DD1fE1QO1fdSwh0Tx6A=
 =kv22
 -----END PGP SIGNATURE-----