Accepting request 867009 from mozilla:Factory

- Mozilla Thunderbird 78.7.0
  MFSA 2021-05 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2020-15685 (bmo#1622640)
    IMAP Response Injection when using STARTTLS
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
    bmo#1685260, bmo#1685925)
    Memory safety bugs fixed in Thunderbird 78.7

- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
  rpm versions in TW remove everything there as the first action
  of %install

OBS-URL: https://build.opensuse.org/request/show/867009
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=247

MozillaThunderbird.changes

@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Tue Jan 26 07:47:13 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 78.7.0
+  MFSA 2021-05 (bsc#1181414)
+  * CVE-2021-23953 (bmo#1683940)
+    Cross-origin information leakage via redirected PDF requests
+  * CVE-2021-23954 (bmo#1684020)
+    Type confusion when using logical assignment operators in
+    JavaScript switch statements
+  * CVE-2020-15685 (bmo#1622640)
+    IMAP Response Injection when using STARTTLS
+  * CVE-2020-26976 (bmo#1674343)
+    HTTPS pages could have been intercepted by a registered
+    service worker when they should not have been
+  * CVE-2021-23960 (bmo#1675755)
+    Use-after-poison for incorrectly redeclared JavaScript
+    variables during GC
+  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
+    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
+    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
+    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
+    bmo#1685260, bmo#1685925)
+    Memory safety bugs fixed in Thunderbird 78.7
+
+-------------------------------------------------------------------
+Sun Jan 24 09:33:04 UTC 2021 - Manfred Hollstein <manfred.h@gmx.net>
+
+- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
+  rpm versions in TW remove everything there as the first action
+  of %install
+
 -------------------------------------------------------------------
 Mon Jan 11 16:35:00 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaThunderbird.spec

@@ -2,7 +2,7 @@
 # spec file for package MozillaThunderbird
 #
 # Copyright (c) 2021 SUSE LLC
-#               2006-2020 Wolfgang Rosenauer <wr@rosenauer.org>
+#               2006-2021 Wolfgang Rosenauer <wr@rosenauer.org>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          78
-%define mainver        %major.6.1
-%define orig_version   78.6.1
+%define mainver        %major.7.0
+%define orig_version   78.7.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@@ -477,7 +477,6 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \
 
 # build additional locales
 %if %localize
-mkdir -p %{buildroot}%{progdir}/extensions/
 truncate -s 0 %{_tmppath}/translations.{common,other}
 # langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943)
 # Therefore, we have to have a separate obj-dir for each language

l10n-78.6.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c2f5e058346036259d0d945dc41f4cb0e56f8bd54b2eae9c6d47423574b57171
-size 29061960

l10n-78.7.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c083f95410c69dd7d2fa4ea2619be0c0d6e33c2e4630431a521aef6a58b79a4
+size 29102224

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr78"
-VERSION="78.6.1"
+VERSION="78.7.0"
 VERSION_SUFFIX=""
-PREV_VERSION="78.6.0"
+PREV_VERSION="78.6.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78"
-RELEASE_TAG="f99e82f3f3cae6af48006c39fceb3beeabccd6f6"
-RELEASE_TIMESTAMP="20210107201950"
+RELEASE_TAG="d4c4077a3ef9b3221984f2d0b42f1d96c35776e8"
+RELEASE_TIMESTAMP="20210126033722"

thunderbird-78.6.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:870b544d26f5e52c187499d134e49eded2943a4a029269ae86aba6a69c53dcc6
-size 351971732

thunderbird-78.6.1.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/3lTcACgkQ8aZmj7t9
-Vy6EDA//c6wZ8M/Nv73rHw3Vudq+vJiX7JsS0JyCQwalznTD9JAFGQbPSyrigtZ5
-iLbCeNxA9AAg+lO+oYW6TUQq+ZXJxB2bxYi/gygTmhSeYXKJEdXFXnZSyMo6imSc
-Ctdzm23IumZ2SQ7q0rOQrsTTTDzSWHYT0TSwKQI7m91wJmXzate9fObYhOvQa1Lo
-EX5WEe9ArnKAS/xrDGjXVvrXoLlT3sG+r4EdGX7ZzLqaifEvVX/yaKF8iVWapFaQ
-eGJWvHZ9zr4MHLoS6Ca0DN7bpntfuGNB2U0++cxaJG8+QUc5DmnAH7A4aKPDq+Ji
-hbwHo6O/8OFDOJCiir7CnyV9fQLkV92vuFKwFzanp1jP4hgOArMxHkt7E/eE4Ylw
-jruNv3lFZ9d+LGqjxpyEtsH0Z71UvqbyM2rbq6oxB9DqOMvVGBKNS7eVXq3jFZkB
-z7EsDbr8jDoKjkPMMrPO658yu4Pcx3tK0poTchzE/Rgj5hYHD/b8g9/yBOjNi1v2
-LMWhg3QCr9inp0LByMO+2SxoOqB/+4Kg/z0d+fic2pVSTaaRS93nvGfCrXrUmHCF
-Yxd4L7/LtP6XUqsjJEcpvXH4GFPk850c+yHtaTyT0SbI0XGuCjT2ZVshtHj9yTD2
-5sia7yo/zl6e8GR8qgLmJXRM7SCnmmFqj1MhlKx5g9MTKv15y5k=
-=NR/e
------END PGP SIGNATURE-----

thunderbird-78.7.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:77b6da5cab9107cc1650f95be8593f6344bfe04d7e4395a28fde64a4fc301c08
+size 353095828

thunderbird-78.7.0.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmAPlFUACgkQ8aZmj7t9
+Vy6c+BAAkA9+Dr4VwW2dKtQN7K30zuJncy2WKJN7RYyvOLsk2m252HKQ3W9eB3gi
+9v9LEFRwLi4vqb7+tB4FziNe4vmfmG3GEOthvHps/wH0RHcKivT2nr77bcJirWgM
+VJP9pDCCui7D5bKOz7nTXM/fWqzek8VJ729ta5mclIpiJ+J+LHO4VXPdxchdmcW2
+6cktZxBUkb8lSJixO12wdjBLMwROK0xGS8qijamX7x2rD8fMRW1sh9rVdG5KDzNO
+ko3i7gkjx3k03RgjIwzIvTti39lUb2pyh67BatB3oFAr4g7Z1jGQcUJjnUQRq3qI
+eavYaQA2y0hpJkPlfCIPpQ1MTPGsexScFzhl3w0guQB88hZd2M4L1mkQhIohV2SY
+iRZ/rys+CSTiLDV2ONAgF/uiIiLN6xHM4x2QWsJ/jjRkhl+OM6fxBFEHxtuZ5vJs
+0ASjwSiALE48Y7ejW/8cWwOvU/Xfgpet3x2qNiA2yqmHISOFfhtmMGcKyiGQq50d
+1qQ8CeBMSNthQNZdQ/752pHt5qTsX1K9LtNLGMlw14mVKBqk9RZGEkAdXcMGoLS6
+eJpJajXIhKvCbwxVwK4Iknnkr/E8zWCq9WwDFyLxVVmc/p+3r4lP00YaCqbUbZZY
+qJvYppMzRl/ksWAguEi0TluB1cjmOT/hhkBmVwsNsUdXb/QTdmY=
+=un1E
+-----END PGP SIGNATURE-----