- Mozilla Thunderbird 78.10.0

MFSA 2021-14 (bsc#1184960)
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29948 (bmo#1692899)
    Race condition when reading from disk while verifying
    signatures
- recommend libotr5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=586

MozillaThunderbird.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Sun Apr 18 07:21:01 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 78.10.0
+  MFSA 2021-14 (bsc#1184960)
+  * CVE-2021-23994 (bmo#1699077)
+    Out of bound write due to lazy initialization
+  * CVE-2021-23995 (bmo#1699835)
+    Use-after-free in Responsive Design Mode
+  * CVE-2021-23998 (bmo#1667456)
+    Secure Lock icon could have been spoofed
+  * CVE-2021-23961 (bmo#1677940)
+    More internal network hosts could have been probed by a
+    malicious webpage
+  * CVE-2021-23999 (bmo#1691153)
+    Blob URLs may have been granted additional privileges
+  * CVE-2021-24002 (bmo#1702374)
+    Arbitrary FTP command execution on FTP servers using an
+    encoded URL
+  * CVE-2021-29945 (bmo#1700690)
+    Incorrect size computation in WebAssembly JIT could lead to
+    null-reads
+  * CVE-2021-29946 (bmo#1698503)
+    Port blocking could be bypassed
+  * CVE-2021-29948 (bmo#1692899)
+    Race condition when reading from disk while verifying
+    signatures
+- recommend libotr5
+
 -------------------------------------------------------------------
 Sat Apr 10 11:39:37 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaThunderbird.spec

@@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          78
-%define mainver        %major.9.1
-%define orig_version   78.9.1
+%define mainver        %major.10.0
+%define orig_version   78.10.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@@ -212,6 +212,7 @@ PreReq:         textutils
 %requires_ge    mozilla-nss
 %requires_ge    libfreetype6
 Recommends:     libcanberra0
+Recommends:     libotr5
 Recommends:     libpulse0
 Requires(post): desktop-file-utils
 Requires(postun):desktop-file-utils

l10n-78.10.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:818e75ee4dd22518794fb278cac1caeac9d668a94c43efa3383159107d2cc9de
+size 29110752

l10n-78.9.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:668c8a0192f6860291b21a0677ec7fd760d93880c6a7d1648d55f43b407d0ade
-size 29063968

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr78"
-VERSION="78.9.1"
+VERSION="78.10.0"
 VERSION_SUFFIX=""
-PREV_VERSION="78.9.0"
+PREV_VERSION="78.9.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78"
-RELEASE_TAG="f3f1f4a0e32abbc74dfac8c697044c10d0d25cad"
-RELEASE_TIMESTAMP="20210406220621"
+RELEASE_TAG="ca53556517b609ca2e9a8b7578a4f4dc1273b32f"
+RELEASE_TIMESTAMP="20210415215055"

thunderbird-78.10.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:65d79a557027a3b52cc672ab9aea8da7131e6373f94657d03f6d6b9c7b36fb45
+size 351422752

thunderbird-78.10.0.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmB4z9wACgkQ8aZmj7t9
+Vy5RwQ/+N4gx0AsnxWUvD4lQrSmnTd81jL2HEgR6wks54ZFV9loI5QuACX2mNbVI
+sAd8jApPvfgf4CVkKIgxblhr2dH+IztgWRUg4FuMdcbKZehVu+b7vX+OQnii0EOP
+OqVcpMztS/Anepq357c+tBIfpq3aLXjmD7ATRKSRvxTwkQ0ygIjmFVkeuD3HUoVi
+5bnG72DhxV7A4fekf8kyi0+x/QwlJj3/kbtUsejjQTixjF4yg7Gy2LjaBfEOoiAF
+q0xnOBpVFVrsw8MvueaSPI8KGjVQvaunMgWeiI29F0FkHyZbxtEEyF196+zv4j2+
+mu5IUS0lXeeZqpqzRghCT+QR7bq/+EqleydY05AFfmVPR7+80AFLi/BqBSA1heGP
+cbmkw3oUAwK9m80qf6vvXjqpDDbBFHsG2V43qHqgQ8uAJsvsW8Hal7/aElACrBHp
+14ttQjajdA5mIuTlyQvFlNhdEeI4Gjio63OqOcsCHG3oaWzMzsYN/cPteukGYjWH
+BOXQS4e8xUUE4JLcrkV7R+Q+zk2cLkuKqdNAZ02EhJ7bZzfhnvW2xlG8KoHbCE85
+gD2maI+HROsteiE4TdcIu6pVi1nCXNJ8jlALEjDvwLAyODpozvfnTLZ/1DWj5A08
+rMlS8NRQGxra6eRBEEFGsChE1qfW99SZ2Zgv92GQOShp9XOsowc=
+=IS6u
+-----END PGP SIGNATURE-----

thunderbird-78.9.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6be0daf439ea5aeef0fd1619511cb1af4f1ba056823910475adc17e60069317d
-size 358277740

thunderbird-78.9.1.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmBtDnYACgkQ8aZmj7t9
-Vy6aFBAAk6+BtL2bIuUb6HqrddNEimR+357IS4KCYBE6iojdQJlCxBhvQ/X2FvHT
-GPcgntd/eECQrw1ubDPASCThiGmTF29C8kFMmt91gM+q1ddkqHeQEQxH3dMyIdf3
-e+fuygTXMB/CWBUz0e0/NXnOrDwWJ2wW8/xK6Rztt0F87N8db9VVyJDH5rGVKZ0P
-I3uI/HKWHJbtAuxbtdd0Bhnd2DcRkPwu+OJDJJo+7uDfnuxpGLS1iYQ9/VvW+0J0
-1g+OzgLOAHD/UY0tkonsW1WlxN7OkcKMEDzZEpEyFVtoyY7lnJLTZXy3tP58fAX6
-TXFBNa6eTmVqIXMT6OdA32RCh+X4sNUZujtSjTsRs93dQf4m3jnp1n6t3WiV8Y1e
-WPCf8TIITmVHP+Y391Gk4XlOz2B1x76LEFKT7YnsiscxYEcCC4lTPwuPmZRWOQfg
-PnMTqyTU+cB3WoJjsukmupTEfEkRqGV4hTqdFWolkpjXwh/J81IsxjiN2Dwf05Ss
-7K0jvWCV+qjMzpOMZTU+K6+pm60LGurnnevXqjarjD1E4eVBLFaLxuD2ruLtdAbG
-gXWRJ4nccwAuDX/PP8nHWBFT+DqHkdM18TlMtScL6RIub8EknFD219FP8hUri2+i
-g40SG2iPJb/F5L0cTbhCWuujOoVYqegWUQpf+K4ra3BTSLONbew=
-=TXIb
------END PGP SIGNATURE-----