From a14190f4f19deba7ca4329ccb256671347005593c8b9d67f7f783c8953db8c29 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 7 Dec 2021 21:16:26 +0000 Subject: [PATCH] - Mozilla Thunderbird 91.4.0 * several fixes as outlined here https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes MFSA 2021-54 (bsc#1193485) * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43545 (bmo#1720926) Denial of Service when using the Location API in a loop * CVE-2021-43546 (bmo#1737751) Cursor spoofing could overlay user interface when native cursor is zoomed * CVE-2021-43528 (bmo#1742579) JavaScript unexpectedly enabled for the composition area * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, bmo#1737009, bmo#1739372, bmo#1739421) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=617 --- MozillaThunderbird.changes | 35 ++++++++++++++++++++++++++++ MozillaThunderbird.spec | 4 ++-- l10n-91.3.2.tar.xz | 3 --- l10n-91.4.0.tar.xz | 3 +++ tar_stamps | 8 +++---- thunderbird-91.3.2.source.tar.xz | 3 --- thunderbird-91.3.2.source.tar.xz.asc | 16 ------------- thunderbird-91.4.0.source.tar.xz | 3 +++ thunderbird-91.4.0.source.tar.xz.asc | 16 +++++++++++++ 9 files changed, 63 insertions(+), 28 deletions(-) delete mode 100644 l10n-91.3.2.tar.xz create mode 100644 l10n-91.4.0.tar.xz delete mode 100644 thunderbird-91.3.2.source.tar.xz delete mode 100644 thunderbird-91.3.2.source.tar.xz.asc create mode 100644 thunderbird-91.4.0.source.tar.xz create mode 100644 thunderbird-91.4.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 32a7255..fa31bbf 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Thu Dec 2 08:55:33 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Thunderbird 91.4.0 + * several fixes as outlined here + https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes + MFSA 2021-54 (bsc#1193485) + * CVE-2021-43536 (bmo#1730120) + URL leakage when navigating while executing asynchronous + function + * CVE-2021-43537 (bmo#1738237) + Heap buffer overflow when using structured clone + * CVE-2021-43538 (bmo#1739091) + Missing fullscreen and pointer lock notification when + requesting both + * CVE-2021-43539 (bmo#1739683) + GC rooting failure when calling wasm instance methods + * CVE-2021-43541 (bmo#1696685) + External protocol handler parameters were unescaped + * CVE-2021-43542 (bmo#1723281) + XMLHttpRequest error codes could have leaked the existence of + an external protocol handler + * CVE-2021-43543 (bmo#1738418) + Bypass of CSP sandbox directive when embedding + * CVE-2021-43545 (bmo#1720926) + Denial of Service when using the Location API in a loop + * CVE-2021-43546 (bmo#1737751) + Cursor spoofing could overlay user interface when native + cursor is zoomed + * CVE-2021-43528 (bmo#1742579) + JavaScript unexpectedly enabled for the composition area + * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, + bmo#1737009, bmo#1739372, bmo#1739421) + Memory safety bugs fixed in Thunderbird 91.4.0 + ------------------------------------------------------------------- Thu Nov 25 20:25:29 UTC 2021 - Bjørn Lie diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index c87be19..0df094c 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 91 -%define mainver %major.3.2 -%define orig_version 91.3.2 +%define mainver %major.4.0 +%define orig_version 91.4.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} diff --git a/l10n-91.3.2.tar.xz b/l10n-91.3.2.tar.xz deleted file mode 100644 index 5beae89..0000000 --- a/l10n-91.3.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:82cbb3bb06cccec4ca961fa3b44f04900ca1274b1b58c3f75fa2a3a227c8821b -size 28692036 diff --git a/l10n-91.4.0.tar.xz b/l10n-91.4.0.tar.xz new file mode 100644 index 0000000..925befb --- /dev/null +++ b/l10n-91.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9581d0d2100170cdd918fa986c72b5c52dc925f69dafb6cbd29d17a371cf644d +size 28620444 diff --git a/tar_stamps b/tar_stamps index d7176fe..e7d248b 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr91" -VERSION="91.3.2" +VERSION="91.4.0" VERSION_SUFFIX="" -PREV_VERSION="91.3.1" +PREV_VERSION="91.3.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91" -RELEASE_TAG="c35def313c0c2bd0341e3e058f862f02390269c4" -RELEASE_TIMESTAMP="20211117150618" +RELEASE_TAG="ab6dfcf3a37bf53aac1a9d632d45ee51047050bb" +RELEASE_TIMESTAMP="20211203141721" diff --git a/thunderbird-91.3.2.source.tar.xz b/thunderbird-91.3.2.source.tar.xz deleted file mode 100644 index 655b032..0000000 --- a/thunderbird-91.3.2.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:37bedce79458531ce55806b194669f6e270e4bc3b0fa0949577af1822e57b11d -size 407454432 diff --git a/thunderbird-91.3.2.source.tar.xz.asc b/thunderbird-91.3.2.source.tar.xz.asc deleted file mode 100644 index 570714c..0000000 --- a/thunderbird-91.3.2.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGVfBkACgkQ6+QekPbx -L22N/RAAiJ2VXte196UfW8kF4cb1iOqqs5Nx5X5eMUN7dP3/BzwQ4cEbPKUqOA6H -7eY2ih4gdjS9Vso+ikP70bMTOyZf5yjL5wATvHuqIwtsx285eBreWOWdIQpaD20P -dGMXMXuCyUsw1PKsv4AUfDFJJNBqWDaHgIXLyEeUFly3U4yCRYvrP3p/zvCz6A3O -q54Qa9HANRyUfNirqXFVYrvPtNCTuR9sPRlXt6h48TICDHemca2mcI1M5ibzGye4 -FzL0YwbQHO05sCfavYqPQH5XI4Ml1duk8rJr0x0B7VbXzpFpjbGwBf1dniLe0dLD -KHgN4p463ZWdpgshT9GPpMMaLJNkwRqt+Hdo1fP84NgMXZ7ISsEpwtTbhPdlOJTc -PQ6/AImWDpLvkOtIR9kpOFywF/1m1/vc5sW2+gsXAMe+Ln7AUslG0oKQV+U1kGpM -W3dAIYh0YGQYfeu+hVCqaikYvGibKdjb04KoG8FGqbwOhXa7EYbQIivflnxq6qgK -bfBAJdDii2gWkjn0GHVL6tkG+BLR9bK/zDRxbQ4EntOX7WGb1gztXf+4lJf38x0Y -z2oXKEL0Q9zlR0drNvEHSbzTb4gtrHMBOQSgssos9yRpGcv3dZrHUh6FYDUR/9FU -vhiMN2NkaimExjKvETStxXt8aYduicfiPvH08FO4EONl34xwkM8= -=FRQM ------END PGP SIGNATURE----- diff --git a/thunderbird-91.4.0.source.tar.xz b/thunderbird-91.4.0.source.tar.xz new file mode 100644 index 0000000..61d57ba --- /dev/null +++ b/thunderbird-91.4.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3cb5280b32e66e178f37fd1b57cc4390f2c986ea4162972cc277c45a253de1a6 +size 401512224 diff --git a/thunderbird-91.4.0.source.tar.xz.asc b/thunderbird-91.4.0.source.tar.xz.asc new file mode 100644 index 0000000..2e66b92 --- /dev/null +++ b/thunderbird-91.4.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGriOoACgkQ6+QekPbx +L21RwA/+PMqc/8FZxCidkcU0mLyaYtngSqwtE9ghirZ2oJ/FbRdMreUiiJwgcuXi +X5x9QeByiKWJxoVBS+DrSDbUV3X9+BmstTX0RvMyVqKnWw1GQLBY49II1CY3PM3y +L0Y+vtUGDXpL4v/M2f6KIQsQKe0q2Sucozt9MNZKfdQtqKAJXWTVsx7nxKfzrrQm +hEfLsRwHJtDVBQmh7Cij+96NxRnw+gdmca5PXuqajiUV5ZAl/LyfyxHZ56Figg07 +R0I3UjQekaWK10KtiM9cH4drCnGWsM/ihjutbtKGG4tOKraWkfe3P/pPEiGNjh9T +rs3+yhkPbHn5bGX2n186ZJt1u/5vSF6nkkcj0Oagek9dHxl+yJM89vk0Uluiu4V/ +HLKTgoTfFOHYv9rLodL8/cm7Z7BmeSzJwYffuEPU46J/rzsBR3SeLUtwOd5R594/ +L60K0Dyo7d/bftuOwtT6jdaPk7Qc5IlSCpq520fLLzJPYIUScnEiwwZJH2ZLHP88 +rDRWT1Nv6omRVaXSv0zU9B8fXQr6TX+yAFe0kQW1a9JBhJDJCxu9QeIHEX26BC+F +lyBAVlTbhlVaFQVJUSGq2rjGYGny2c9zUJ7c/oDGaDGKXSsgyRXgvGOKqIw1+cFo +S/5pPa6yeCWtoO4yk1Cw2Ybk/EIA52DlON/3DGtxi5eYtvWDiis= +=QIzD +-----END PGP SIGNATURE-----