Accepting request 1000596 from mozilla:Factory

- Mozilla Thunderbird 102.2.1 MFSA 2022-38 (bsc#1203007) * CVE-2022-3033 (bmo#1784838) Leaking of sensitive information when composing a response to an HTML email with a META refresh tag * CVE-2022-3032 (bmo#1783831) Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked * CVE-2022-3034 (bmo#1745751) An iframe element in an HTML email could trigger a network request * CVE-2022-36059 (bmo#1787741) Matrix SDK bundled with Thunderbird vulnerable to denial-of- service attack OBS-URL: https://build.opensuse.org/request/show/1000596 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=287
2022-09-02 19:56:12 +00:00 · 2022-09-02 19:56:12 +00:00 · 61e1c5b9ce
commit 61e1c5b9ce
parent 080375fd1c bff7539280
9 changed files with 46 additions and 28 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Sep  1 06:48:28 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 102.2.1
+  MFSA 2022-38 (bsc#1203007)
+  * CVE-2022-3033 (bmo#1784838)
+    Leaking of sensitive information when composing a response to
+    an HTML email with a META refresh tag
+  * CVE-2022-3032 (bmo#1783831)
+    Remote content specified in an HTML document that was nested
+    inside an iframe's srcdoc attribute was not blocked
+  * CVE-2022-3034 (bmo#1745751)
+    An iframe element in an HTML email could trigger a network
+    request
+  * CVE-2022-36059 (bmo#1787741)
+    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
+    service attack
+
 -------------------------------------------------------------------
 Fri Aug 19 18:24:06 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          102
-%define mainver        %major.2.0
-%define orig_version   102.2.0
+%define mainver        %major.2.1
+%define orig_version   102.2.1
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
--- a/l10n-102.2.0.tar.xz
+++ b/l10n-102.2.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6233333f16c7487a93c430638ec4d4f704cb8dc4b0db1901cf88d2aaa501ffe8
-size 29350268
--- a/l10n-102.2.1.tar.xz
+++ b/l10n-102.2.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5dac0272d9f0a97811eb73a8320f11292d620375a5f7904ee906e7d8d5f9ad72
+size 29359668
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr102"
-VERSION="102.2.0"
+VERSION="102.2.1"
 VERSION_SUFFIX=""
-PREV_VERSION="102.1.2"
+PREV_VERSION="102.2.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"
-RELEASE_TAG="89ba701459beaaffd4216e142b9502b8ee460159"
-RELEASE_TIMESTAMP="20220822195114"
+RELEASE_TAG="b606061ac37965c6fa7b2f3c1c3d1f849d4f404c"
+RELEASE_TIMESTAMP="20220831174222"
--- a/thunderbird-102.2.0.source.tar.xz
+++ b/thunderbird-102.2.0.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:39cded4efd28d63c8f2bb4d46250b624aad29bd47b49eae85eff5a4746180e6c
-size 500331516
--- a/thunderbird-102.2.0.source.tar.xz.asc
+++ b/thunderbird-102.2.0.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmMD8ggACgkQ6+QekPbx
-L23NiRAAhzVEmvrB14Xs2CIAjuGRcne2uz34yiACQnS3ZOOOTc8LvBlbG5fMIrVG
-o/2ejlBsxnihLaesjf1XCT58R0aWidbJF6IVqOeNXrJ5+egexHuE+x1UvQKIQZDG
-zOvErwH9rPG60pbBRVbfdfHUbAPCxN2RZ8Ae7xgaySu4cJPm/OUX6JQS/uN2l6HD
-7Ad6HOv1SkD9WUdmu9W/RUMa+iPkcbgaFczXA9NWKhzInVgwEeDaUK4siFP0B9JP
-KMpOY4As9rDCKqYg8GwRDB5OhrikWjXpG6KQ5kxUBYVChPNolbWs4pSDZn5n1MCn
-lyfIsIX/PI0xVB4mpf0lV/8KKMLXnFPCdwJ2fRawLKd/HtxBbFCjnHqkoR2NPiUc
-kap9QpXs/HErAMEjZsUBKMKo3XAUKIZfHmC41MHMUddcwGELF3DdTPQ8osini4tF
-k6vBXbSGcGQ8k+2YAsTdaaGv8Msgh0yO8eTYt23G4uXf/NRGSGoPhgoLHAZFmnjI
-fAgMIHpm//YSuAVj4ghAzfrwC+LBUyO+NaXX+1/oNGLbIcBn4Cz301SesSkn+jB0
-ej6oLn90YcyiI78wwZJIgY9tz/M4WEts5vwJMNmf9ucNNes6hXKpsT+e144ebfdT
-9ZEC5yDNwgrMiI5gIuIJK3hDCkZpVzPayJct5kVrQk39tokCw2M=
-=2BJ5
-----END PGP SIGNATURE-----
--- a/thunderbird-102.2.1.source.tar.xz
+++ b/thunderbird-102.2.1.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ae61fb1e58d5e44ef929aea28e8979dddace9ecb4f43c7d56dc09cb8ea3eb521
+size 501438680
--- a/thunderbird-102.2.1.source.tar.xz.asc
+++ b/thunderbird-102.2.1.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmMPzYQACgkQ6+QekPbx
+L21xtw//fxN+M4T/wK8MGsl07voUa5eLksnpfyDtrokacdBAKK6qClX62WH9X2O0
+2FDMQXra5E/x0QesT5JR6MRb+S0w0L1Dw6AV1iBECEiLWHzWm3W8IoqGlCQwU2bx
+THEM+wrQ3ET/I0NGk16FqYQe49GFFHYmlM+qyEQOs+Sk21BGK6NbL2tgitdYDZLw
+Z9G/sY6yxhCmaI+EQLsyVDxYM1B6wU035FLh8Br5KGr8LFflqnx22HO0hROTtryR
+WMnL/+O3zpid5ViL7at15xtGrvf/ZuMjKznlZ6O1VuAnkBCdMtUng5JIeyJZl/tC
+VQuaETffVk2IxxWb6FlD4CSSlWzCFR092ofsZvxnZGJ2Gfjs82U+7lxE9fYn/H+A
+21RPP+4E8Mcqha0VkI46q5LPzqYvvye+Cf83GbHYUF8u0sI4x5dJSJDn1h09IoT+
+dA9zdpMCFKYIcwNKMx6DkZ6UtwCvoVEx6oSeFu3kLb4xo89ps1R11DLh+ppn6agA
+GyM9yAZz8tcM4Sqgm8xpU5sFgFHdDMTvQO0s/BbHCVW8jglXKts9HM/m3iRrzbmm
+qoLyX7/ISVi4hvcCZjuayIEcCzJu7zBLAk5zGwJXaD+bCGW6tO14/tRnNhmJ6ySq
+wE6wBg7KF4m9ZkvY4fvb3ZacEshkao8unWuZMMTaUhHqOA6O+4Y=
+=OT/c
+-----END PGP SIGNATURE-----