Accepting request 1114452 from mozilla:Factory

- Mozilla Thunderbird 115.3.1
  MFSA 2023-45 (bsc#1215814)
  * CVE-2023-5217 (bmo#1855550)
    Heap buffer overflow in libvpx
- Add mozilla-bmo1846703.patch

OBS-URL: https://build.opensuse.org/request/show/1114452
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=319

MozillaThunderbird.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Sep 29 06:44:26 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 115.3.1
+  MFSA 2023-45 (bsc#1215814)
+  * CVE-2023-5217 (bmo#1855550)
+    Heap buffer overflow in libvpx
+- Add mozilla-bmo1846703.patch
+
 -------------------------------------------------------------------
 Tue Sep 26 07:15:31 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaThunderbird.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          115
-%define mainver        %major.3.0
-%define orig_version   115.3.0
+%define mainver        %major.3.1
+%define orig_version   115.3.1
 %define orig_suffix    %nil
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@@ -203,6 +203,7 @@ Patch19:        svg-rendering.patch
 Patch20:        mozilla-partial-revert-1768632.patch
 Patch21:        mozilla-bmo1775202.patch
 Patch22:        mozilla-rust-disable-future-incompat.patch
+Patch23:        mozilla-bmo1846703.patch
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /bin/sh

mozilla-bmo1846703.patch

@@ -0,0 +1,59 @@
+diff -rup a/media/ffvpx/libavcodec/x86/mathops.h b/media/ffvpx/libavcodec/x86/mathops.h
+--- a/media/ffvpx/libavcodec/x86/mathops.h	2023-09-28 20:57:25.994782086 +0200
++++ b/media/ffvpx/libavcodec/x86/mathops.h	2023-09-28 20:57:50.084785348 +0200
+@@ -35,12 +35,20 @@
+ static av_always_inline av_const int MULL(int a, int b, unsigned shift)
+ {
+     int rt, dummy;
++    if (__builtin_constant_p(shift))
+     __asm__ (
+         "imull %3               \n\t"
+         "shrdl %4, %%edx, %%eax \n\t"
+         :"=a"(rt), "=d"(dummy)
+-        :"a"(a), "rm"(b), "ci"((uint8_t)shift)
++        :"a"(a), "rm"(b), "i"(shift & 0x1F)
+     );
++    else
++        __asm__ (
++            "imull %3               \n\t"
++            "shrdl %4, %%edx, %%eax \n\t"
++            :"=a"(rt), "=d"(dummy)
++            :"a"(a), "rm"(b), "c"((uint8_t)shift)
++        );
+     return rt;
+ }
+ 
+@@ -113,19 +121,31 @@ __asm__ volatile(\
+ // avoid +32 for shift optimization (gcc should do that ...)
+ #define NEG_SSR32 NEG_SSR32
+ static inline  int32_t NEG_SSR32( int32_t a, int8_t s){
++    if (__builtin_constant_p(s))
+     __asm__ ("sarl %1, %0\n\t"
+          : "+r" (a)
+-         : "ic" ((uint8_t)(-s))
++         : "i" (-s & 0x1F)
+     );
++    else
++        __asm__ ("sarl %1, %0\n\t"
++               : "+r" (a)
++               : "c" ((uint8_t)(-s))
++        );
+     return a;
+ }
+ 
+ #define NEG_USR32 NEG_USR32
+ static inline uint32_t NEG_USR32(uint32_t a, int8_t s){
++    if (__builtin_constant_p(s))
+     __asm__ ("shrl %1, %0\n\t"
+          : "+r" (a)
+-         : "ic" ((uint8_t)(-s))
++         : "i" (-s & 0x1F)
+     );
++    else
++        __asm__ ("shrl %1, %0\n\t"
++               : "+r" (a)
++               : "c" ((uint8_t)(-s))
++        );
+     return a;
+ }
+ 

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr115"
-VERSION="115.3.0"
+VERSION="115.3.1"
 VERSION_SUFFIX=""
-PREV_VERSION="115.2.3"
+PREV_VERSION="115.3.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115"
-RELEASE_TAG="1218aebde8d83fe28bbdfe39c63d7a10044829c2"
-RELEASE_TIMESTAMP="20230926115257"
+RELEASE_TAG="42b3addbca70f64493bdbede7f3f66dc40641a0a"
+RELEASE_TIMESTAMP="20230928194049"

thunderbird-115.3.0.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2b9ba16d737fdfb91055d75e43e20cd457254e9fa5b097cecdc1b0cc64818fc3
-size 533553340

thunderbird-115.3.0.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUTBusACgkQ4207E/PZ
-MnQMEg//X6gbwYqlxVzPkNtpSOlQC06Pbsvkad6uvEDhZ0vZqdWXXP3sOlA/xe+e
-btcGsPy9NZbTIwkTp2ExBquoWRzJUnnb8WukG9Wz5R37cxeyI+WXoW/BEmHmWVy4
-Wu1it9pWHbEHgw5edo7WM67AVg4Vk5D9p3iatu0RR6LyftbpQ+dALvq6NeB2E8Ag
-NsbFciO+Vnau1id4cTDJSTuUvmGYB6obGlFkM7uzPh13S9OcrWffgu+hq6Dy/ODI
-dv7DpNZcpzczfW5N7t2wNxOAr2oB+xSHJdVBDeLou6MwAlOmPPUvL0ndeVJqHcYn
-lRx67qtCvl7xhK4NsvQTWrsfIhdfs8cIHbSK63iGcVSp/p+neGc3SyqQjSCOxQW+
-V2JENVtZQx8sIeLUyNixd4PIEcffXAFJZvM6GpGsuUzhgCHWD/CeiS/UlGMdeoIc
-giZo8ofO29zzh+Ii3b2/u/FqH4+W/AargpE4DX2YYmlKrbnoMoj+kcM6OKh6ncS4
-8uquqVwKuYDOX8m1CRTNb9n+HfBvCcJOobvhUt0/zzWfR4s7PYcbBFxP1wvaQuLE
-N3Of8rZ5aV08uzZ4O+ntb9i2FJmSafhVzc2gdn1YK+BELg2JjuS0dMZ9SifkNZUp
-HKQTdKuwMGHI2pBHxQwtDl6KVQamD1OGNzZszGXviTSwKuCEvMQ=
-=9vWg
------END PGP SIGNATURE-----

thunderbird-115.3.1.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c2fd640ec6ab005c2acb6d7594b90751b1ef684ca038f0d3919044baafe736de
+size 530392392

thunderbird-115.3.1.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUWBbMACgkQ4207E/PZ
+MnRyOBAAgWEKYNzmnc1Z1+uYkIcImPLobEem1q4JH8rbBjsTiAEek4zBsuHf9UrG
+LnzpvtxBwyxXOE5sx7DzxpXvqhb2cr2mdXCWs8jXnZNlZI6nfRd+0cmlpL0GN9tv
+ny3r9nFB2Sohh8Y6IMRle18vC9rveGY549SXTmowL5pNpj3qldGI2tuPvZMzK2oO
+OxcCQNQ9rnULJR+Piv5mm0wq8rOU6erIf/5VhJOzr2Di6AuLZY0qk+57h4FBWmL8
+96MaoeXARdM+FkJrcn7TaNcZ4FBWb/bbWkroSiiebSKNzaOml2yhXRBbcMeD0Lky
+j+LuDxGCQBQM2eSEotnDmSGQPBUBlaPzRizQekz3eKEAqs4ZqkWEwAi6JgGRDD51
+uLvsTxXQNL7uMS0Ml33a6CB7gJAakHhWR3t/4N+1e45gTjWuzfJwcjnddnM+e6ff
+1f0USvj9wuiToBckHVJlXZvTVQ3Zo2L7OSlI7abff8xZR2wreX3hAXFKtm3AafRI
+L1SBkAlQLrbfBRoYNbDpVi5nScDIyKEP7eDFSvG3sZKyitCuvEM9aiupqCI3uHbC
+97TyR68qr6aLwvNU2F0I7nP27kqfQQGVMD+Dto56H3lwoaxjBmD3OBgKgfZcNBNa
+TiZYINsLLAVkw//Q9Yus8fl0QJvMfeuGA98eoeh2wV47TZ+H6+g=
+=jCNA
+-----END PGP SIGNATURE-----