pool/MozillaThunderbird
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 1066604 from mozilla:Factory

Browse Source 
- Mozilla Thunderbird 102.8.0
  * https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes
  MFSA 2023-07 (bsc#1208144)
  * CVE-2023-0616 (bmo#1806507)
    User Interface lockup with messages combining S/MIME and OpenPGP
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Thunderbird with
    some device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25742 (bmo#1813424)
    Web Crypto ImportKey crashes tab
  * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628,
    bmo#1810536)

OBS-URL: https://build.opensuse.org/request/show/1066604
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=304
This commit is contained in:
Dominique Leuenberger 2023-02-19 17:19:17 +00:00 committed by Git OBS Bridge
commit acf3a2ecce
9 changed files with 68 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
MozillaThunderbird.changes
View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Wed Feb 15 07:46:58 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 102.8.0
* https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes
MFSA 2023-07 (bsc#1208144)
* CVE-2023-0616 (bmo#1806507)
User Interface lockup with messages combining S/MIME and OpenPGP
* CVE-2023-25728 (bmo#1790345)
Content security policy leak in violation reports using iframes
* CVE-2023-25730 (bmo#1794622)
Screen hijack via browser fullscreen mode
* CVE-2023-0767 (bmo#1804640)
Arbitrary memory write via PKCS 12 in NSS
* CVE-2023-25735 (bmo#1810711)
Potential use-after-free from compartment mismatch in SpiderMonkey
* CVE-2023-25737 (bmo#1811464)
Invalid downcast in SVGUtils::SetupStrokeGeometry
* CVE-2023-25738 (bmo#1811852)
Printing on Windows could potentially crash Thunderbird with
some device drivers
* CVE-2023-25739 (bmo#1811939)
Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
* CVE-2023-25729 (bmo#1792138)
Extensions could have opened external schemes without user knowledge
* CVE-2023-25732 (bmo#1804564)
Out of bounds memory write from EncodeInputStream
* CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
Opening local .url files could cause unexpected network loads
* CVE-2023-25742 (bmo#1813424)
Web Crypto ImportKey crashes tab
* CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628,
bmo#1810536)
Memory safety bugs fixed in Thunderbird 102.8
- requires
NSPR >= 4.34.1
NSS >= 3.79.4
-------------------------------------------------------------------
Wed Feb 8 07:59:46 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>

8
MozillaThunderbird.spec
View File

@ -29,8 +29,8 @@
# major 69
# mainver %major.99
%define major 102
%define mainver %major.7.2
%define orig_version 102.7.2
%define mainver %major.8.0
%define orig_version 102.8.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}
@ -108,8 +108,8 @@ BuildRequires: ccache
%endif
BuildRequires: libXcomposite-devel
BuildRequires: libcurl-devel
BuildRequires: mozilla-nspr-devel >= 4.34
BuildRequires: mozilla-nss-devel >= 3.79
BuildRequires: mozilla-nspr-devel >= 4.34.1
BuildRequires: mozilla-nss-devel >= 3.79.4
BuildRequires: nasm >= 2.14
BuildRequires: nodejs >= 10.22.1
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000

3
l10n-102.7.2.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e69b500cf5a4f6c65627c605d1de31308f6ac4b708cd2cf94b829b0182cdd866
size 35195724

3
l10n-102.8.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f10fca8ebcb416a90e1c31917e1401520c93be6e45f828782cee3ea7862ab8b9
size 35799724

8
tar_stamps
View File

@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr102"
VERSION="102.7.2"
VERSION="102.8.0"
VERSION_SUFFIX=""
PREV_VERSION="102.7.1"
PREV_VERSION="102.7.2"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"
RELEASE_TAG="0f6deed0752b618055c34e06c268af3da9d1548d"
RELEASE_TIMESTAMP="20230206162758"
RELEASE_TAG="d2f3330ed11584d3f02ba72cf2fbaa397cd5f3f4"
RELEASE_TIMESTAMP="20230214184313"

3
thunderbird-102.7.2.source.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:73713a19226a2bee353f5fc4f1e00e5b2df45c35ac8c3866d98094b00995386f
size 502932420

16
thunderbird-102.7.2.source.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmPhdFYACgkQ6+QekPbx
L20LrQ/+KjnWBPwPAJlfyXzCGUCz+1TA5eOz+eci066ZCTkBD+2BnU2CK/tpTg9X
4SFLZyqEEy4SgRGZJIh9aHHabSMB7m0jmKd11GSCBNgBV8bpjQIx/PoAasgnrX7X
BN/6sqwAeu3TWgMVNSKdTinlas1hQUaWlkZL1cmFhfzshRysnXb9VjQ5PJ3cKUbj
5/O9QD9M7l3pJihW2orjLpsEU4A7PuTwyOHZPNsl1ruN57ocm2xrS2+VKZZGsmUo
BqO1HjA5efteeDiF06Cycb6ZwVJbWS+a65AdSxxxHxcDCsiCDNj9T/Q9WjAcTZhB
0w5uF6B+xXAtXyvy1bKgKKMtU375OPWy69780H9GY5KCTn9XX9DZrt2ruqDiMGZB
ieDULWarYYp+t1voe/QeZa9jkmF+yUrHX3svm14ZPyYVYa4OmS6CrctCHy3ZwVw5
rwMJu7jGOYQJsgOXMo2zlONv2XCARq0kk4JAYC1ddLrGogo+LNGS2AFtcJ6iCddG
fSuwrSHRGaqmjVpQFm/MUw308GhFBbSFKQZejDJePEe1hzkMearEP++MxD7mXar6
yrDHlrdzx+wHpavG4jtOUOefnxXMVRLsCOusxmTEXCsRxER8mMt9dS7t8Zu9UTHH
3AtlZNkgzY+XaZgSMPr+vTsDc/k80nUFPKoFsFhKbAoA6grsuQU=
=ywyC
-----END PGP SIGNATURE-----

3
thunderbird-102.8.0.source.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:12221faeb425490b799df12aa420ff9017eba573812b119b97ae1a1ed2727fc3
size 506030440

16
thunderbird-102.8.0.source.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmPsBZsACgkQ6+QekPbx
L23CrhAAm21whlxopurD2H7xTbPF6XJc2MSyKOWR8MtQWzSbVsvJ8Nzio/vc3SyC
cWzbSopjrF7DvrnytZviiU9/iLV4pGrl7sq8plXPYTOA5b1Ue9v1fXcagD3RiASI
j5RZfajqqw8QMVQLWbzXooRDQJOmsRpV4EYiM6Y47XRbsTXq1qQgA963Et6X7O3U
YQNEPYuNQqW2nnDWk4YRdf2yRg4xFwxAyTl3mUkbHHkOrBfV35zipdHv+cdiAkIl
9gkZ/uPBJ21zVHHNCMIKjQbClDQZaE/t5DssFt7W2bJRrVSPBI5U5z3v7Z9uaKGt
nuSJMPQN+WU/BQAwQhndVHCgeEj92F0AMRXtEdU9QcyaQCC0SGnZ7sxdSq6QRsbB
zOzOu1qZ/jH0/w5lJRhNF4tnLbVmyGgAbYnUBhSiE6/Kx0hdf1pX/5Z0xZEJ9Ay9
IO138PucoHHPBo+NU5VCzsqU21rREG7FucUh5GbZqRQWfVHqVPm7vWBYbCKAA8sX
D+p8jb6G1GG1qt6KtiV/KaEAgmJEAZKHEHx44zPwqjWsW+oHn6w3Iaf2rmSYoQNd
CmMzDYloutqie55ywvcrypjSlNlRJbixvUe5oHy7hsjO0mfMNvk1YCsWMr9Vqk6r
F7yNdyFwVGRhb3JVby+QJDDrHRrcZZfv42eVQsb4V8lwg613fJQ=
=NJbk
-----END PGP SIGNATURE-----