Accepting request 1219576 from mozilla:Factory

- Mozilla Thunderbird 128.4.0
  * Export Thunderbird account settings to Thunderbird Mobile via QRCode
  Bugfixes:
  * Unable to send an unencrypted response to an OpenPGP encrypted message
  MFSA 2024-58 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
    bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4

OBS-URL: https://build.opensuse.org/request/show/1219576
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=345

MozillaThunderbird.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Wed Oct 30 13:51:30 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 128.4.0
+  * Export Thunderbird account settings to Thunderbird Mobile via QRCode
+  Bugfixes:
+  * Unable to send an unencrypted response to an OpenPGP encrypted message
+  MFSA 2024-58 (bsc#1231879)
+  * CVE-2024-10458 (bmo#1921733)
+    Permission leak via embed or object elements
+  * CVE-2024-10459 (bmo#1919087)
+    Use-after-free in layout with accessibility
+  * CVE-2024-10460 (bmo#1912537)
+    Confusing display of origin for external protocol handler prompt
+  * CVE-2024-10461 (bmo#1914521)
+    XSS due to Content-Disposition being ignored in
+    multipart/x-mixed-replace response
+  * CVE-2024-10462 (bmo#1920423)
+    Origin of permission prompt could be spoofed by long URL
+  * CVE-2024-10463 (bmo#1920800)
+    Cross origin video frame leak
+  * CVE-2024-10464 (bmo#1913000)
+    History interface could have been used to cause a Denial of
+    Service condition in the browser
+  * CVE-2024-10465 (bmo#1918853)
+    Clipboard "paste" button persisted across tabs
+  * CVE-2024-10466 (bmo#1924154)
+    DOM push subscription message could hang Firefox
+  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
+    bmo#1917742, bmo#1919809, bmo#1923706)
+    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
+    Firefox ESR 128.4, and Thunderbird 128.4
+
 -------------------------------------------------------------------
 Wed Oct 23 06:45:00 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 

MozillaThunderbird.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          128
-%define mainver        %major.3.3
-%define orig_version   128.3.3
+%define mainver        %major.4.0
+%define orig_version   128.4.0
 %define orig_suffix    esr
 %define update_channel esr
 %define source_prefix  thunderbird-%{orig_version}

l10n-128.3.3esr.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc89755949f0321bf52d3a63cee91a3355faeaf65d7a926f1fdb9a79c8e4f85e
-size 30492540

l10n-128.4.0esr.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:977b4e8d0e7f7f3e4ea493fdd5418ddc449259e5241b4589444cbedf0d8edb6f
+size 30573364

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr128"
-VERSION="128.3.3"
+VERSION="128.4.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="128.3.2"
+PREV_VERSION="128.3.3"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr128"
-RELEASE_TAG="7791b5d54344169bb5e9c35f93868b18e40a4b5f"
-RELEASE_TIMESTAMP="20241021172958"
+RELEASE_TAG="6c9a5fd8ba8d5956ce0cca04af0bb8f14c4c0f03"
+RELEASE_TIMESTAMP="20241025175304"

thunderbird-128.3.3esr.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ddb5ab460d79ab3094197d1c4821a17e36775601a3bd33351b82e61770b4b221
-size 679424276

thunderbird-128.3.3esr.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmcW0Z8ACgkQ4207E/PZ
-MnTzYw/+LOmWjNV2XaAQSvZioQnV5jjuamEXcCRW0QeYguzFM8qxBQUV/4dyKPJc
-lmUsTqL4nolwPyYgh4iBAIP0WkrN39ypJuojECNNPGNBUe7R/AvSuP8yqUT0+BP3
-kU25F0hOP9e47pyrx3efbFhGJcQiUzt1mDfe2B/sPuqfjmBuhtoDH5y6PRluL+Q+
-p+mABWOy/Y+YaC4h7RyLiYG5N8iR5bThLwYVxyHuqMGrrohUzxShW4jIiE51DlLD
-qlLHOwlTjV7bURx37CsfN+02pQYsHPlOVqW0OaCgZG3LwiAvSbdcp/74Ywsa0JU9
-tE6v/1JIddRojMPwMj6OEHTnJO27q8/EE7ybzdBELNpVMhMIBRPbTtp/gJHUfHOf
-2RnmFG8kQUvnx7iiXeczFyZaRc7cExRBEDXtl+AAGaYt34yxjL7NsthXQlP2DaJq
-XZwFbRDm9RUlSp3uog+9lqhi6huPfgwypnK4qmn5yKomp0jTd0O3stSP/StuAWAq
-0orNxDd8NWrzfDLRxOVA3C+LIP4KEq1t1XM3Qq1NaXhy7MvfwG4rPtJbAktDuJam
-qxEzRkD9bgaR1hX8UmGGI0+jtQf2qXjUmp5ytoOfQmKyIJofnWgrCmjHhzYuUPzU
-qNSiwcwFM2e1gFVgqZCtbCLBYQK6vKK6Mux8MN45FG+gmHy3pSc=
-=KF9v
------END PGP SIGNATURE-----

thunderbird-128.4.0esr.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81f43a2680412a6afdb5fdf6b8296c92d0d6812892399b174723c4f753d5429f
+size 672888608

thunderbird-128.4.0esr.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmccK9QACgkQ4207E/PZ
+MnR2QxAAkgK4UuUluI1Y00cvBIUu9xww5qWKs9Uy8bdjgVApe3Wem1ZM1ua+uCEQ
+gNr077kGoVEsrINlOT/+VXjsELVehD6cuyGlha/oZ21P6fkJYVyG7Z9tDAIxXVVD
+wqC1ziMVHaYlNWvYo4w3fSTnr3YT9DhDRK2nj3KtCRsIbWPYU/FirUfTZUisZ6yr
+/Pv3a3hlNsXkT6742xOkwScjIV50SPZWlAEKjyG9fpQVtv3/nvRQ/GhE9/fjE0LV
+TzrBt8+sWY9AaC0qBf9yUEDPmzieyhrhipzQZ6I80v7UgRGSta3/gU5Peg3wuZ9p
+wDmJjH27gykzhrxDKUWiTgWVo5l5qgOz4csiQnBMMzxB1CTT8Q05EUSqnfi3oetk
+R23/DRNqzeVBWzWGvFVzwgMxsqOtyzheIq6n0/rk4dloR6j+1yCx52+zC0TDEWV4
+UZTlsp0Z2O1l+wLG/Uc2IUwy7QQf1eS9Es+aFWg+U8hFdCOpb1T/yfPX2dZYaBHd
+5Bo2URoG+h3JcavxMpI303lO4SZ2Wcdqi+XdHdXqt0zWw2nbAYTJw1KniPk+XDoL
+bkk+szsOa1Bmyja2+bFOirlcbKbnTHLmRpBMhqnylU4H59IIk80nWo5fzpqB4A7L
+kmj8/1ci/FOkhN6tq9tyW0GpBPfBZ5/xacpb97xoSYJTi4DyPXk=
+=I1Xu
+-----END PGP SIGNATURE-----