From c1979ea7d9c6b73d04fe9fdd6c5574045347b6f9f5b7eff99c3d36b3e8558c3c Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 29 Sep 2023 20:44:41 +0000 Subject: [PATCH] - Mozilla Thunderbird 115.3.1 MFSA 2023-45 (bsc#1215814) * CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx - Add mozilla-bmo1846703.patch OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=723 --- MozillaThunderbird.changes | 9 ++++ MozillaThunderbird.spec | 5 +- l10n-115.3.0.tar.xz => l10n-115.3.1.tar.xz | 0 mozilla-bmo1846703.patch | 59 ++++++++++++++++++++++ tar_stamps | 8 +-- thunderbird-115.3.0.source.tar.xz | 3 -- thunderbird-115.3.0.source.tar.xz.asc | 16 ------ thunderbird-115.3.1.source.tar.xz | 3 ++ thunderbird-115.3.1.source.tar.xz.asc | 16 ++++++ 9 files changed, 94 insertions(+), 25 deletions(-) rename l10n-115.3.0.tar.xz => l10n-115.3.1.tar.xz (100%) create mode 100644 mozilla-bmo1846703.patch delete mode 100644 thunderbird-115.3.0.source.tar.xz delete mode 100644 thunderbird-115.3.0.source.tar.xz.asc create mode 100644 thunderbird-115.3.1.source.tar.xz create mode 100644 thunderbird-115.3.1.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index c77deff..3404c72 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Sep 29 06:44:26 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Thunderbird 115.3.1 + MFSA 2023-45 (bsc#1215814) + * CVE-2023-5217 (bmo#1855550) + Heap buffer overflow in libvpx +- Add mozilla-bmo1846703.patch + ------------------------------------------------------------------- Tue Sep 26 07:15:31 UTC 2023 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index b2d2c18..f838d36 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -29,8 +29,8 @@ # major 69 # mainver %%major.99 %define major 115 -%define mainver %major.3.0 -%define orig_version 115.3.0 +%define mainver %major.3.1 +%define orig_version 115.3.1 %define orig_suffix %nil %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -203,6 +203,7 @@ Patch19: svg-rendering.patch Patch20: mozilla-partial-revert-1768632.patch Patch21: mozilla-bmo1775202.patch Patch22: mozilla-rust-disable-future-incompat.patch +Patch23: mozilla-bmo1846703.patch %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /bin/sh diff --git a/l10n-115.3.0.tar.xz b/l10n-115.3.1.tar.xz similarity index 100% rename from l10n-115.3.0.tar.xz rename to l10n-115.3.1.tar.xz diff --git a/mozilla-bmo1846703.patch b/mozilla-bmo1846703.patch new file mode 100644 index 0000000..7f1a1fb --- /dev/null +++ b/mozilla-bmo1846703.patch @@ -0,0 +1,59 @@ +diff -rup a/media/ffvpx/libavcodec/x86/mathops.h b/media/ffvpx/libavcodec/x86/mathops.h +--- a/media/ffvpx/libavcodec/x86/mathops.h 2023-09-28 20:57:25.994782086 +0200 ++++ b/media/ffvpx/libavcodec/x86/mathops.h 2023-09-28 20:57:50.084785348 +0200 +@@ -35,12 +35,20 @@ + static av_always_inline av_const int MULL(int a, int b, unsigned shift) + { + int rt, dummy; ++ if (__builtin_constant_p(shift)) + __asm__ ( + "imull %3 \n\t" + "shrdl %4, %%edx, %%eax \n\t" + :"=a"(rt), "=d"(dummy) +- :"a"(a), "rm"(b), "ci"((uint8_t)shift) ++ :"a"(a), "rm"(b), "i"(shift & 0x1F) + ); ++ else ++ __asm__ ( ++ "imull %3 \n\t" ++ "shrdl %4, %%edx, %%eax \n\t" ++ :"=a"(rt), "=d"(dummy) ++ :"a"(a), "rm"(b), "c"((uint8_t)shift) ++ ); + return rt; + } + +@@ -113,19 +121,31 @@ __asm__ volatile(\ + // avoid +32 for shift optimization (gcc should do that ...) + #define NEG_SSR32 NEG_SSR32 + static inline int32_t NEG_SSR32( int32_t a, int8_t s){ ++ if (__builtin_constant_p(s)) + __asm__ ("sarl %1, %0\n\t" + : "+r" (a) +- : "ic" ((uint8_t)(-s)) ++ : "i" (-s & 0x1F) + ); ++ else ++ __asm__ ("sarl %1, %0\n\t" ++ : "+r" (a) ++ : "c" ((uint8_t)(-s)) ++ ); + return a; + } + + #define NEG_USR32 NEG_USR32 + static inline uint32_t NEG_USR32(uint32_t a, int8_t s){ ++ if (__builtin_constant_p(s)) + __asm__ ("shrl %1, %0\n\t" + : "+r" (a) +- : "ic" ((uint8_t)(-s)) ++ : "i" (-s & 0x1F) + ); ++ else ++ __asm__ ("shrl %1, %0\n\t" ++ : "+r" (a) ++ : "c" ((uint8_t)(-s)) ++ ); + return a; + } + diff --git a/tar_stamps b/tar_stamps index 960cf76..08088bb 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr115" -VERSION="115.3.0" +VERSION="115.3.1" VERSION_SUFFIX="" -PREV_VERSION="115.2.3" +PREV_VERSION="115.3.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115" -RELEASE_TAG="1218aebde8d83fe28bbdfe39c63d7a10044829c2" -RELEASE_TIMESTAMP="20230926115257" +RELEASE_TAG="42b3addbca70f64493bdbede7f3f66dc40641a0a" +RELEASE_TIMESTAMP="20230928194049" diff --git a/thunderbird-115.3.0.source.tar.xz b/thunderbird-115.3.0.source.tar.xz deleted file mode 100644 index cf8eddc..0000000 --- a/thunderbird-115.3.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2b9ba16d737fdfb91055d75e43e20cd457254e9fa5b097cecdc1b0cc64818fc3 -size 533553340 diff --git a/thunderbird-115.3.0.source.tar.xz.asc b/thunderbird-115.3.0.source.tar.xz.asc deleted file mode 100644 index 8b3dcb8..0000000 --- a/thunderbird-115.3.0.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUTBusACgkQ4207E/PZ -MnQMEg//X6gbwYqlxVzPkNtpSOlQC06Pbsvkad6uvEDhZ0vZqdWXXP3sOlA/xe+e -btcGsPy9NZbTIwkTp2ExBquoWRzJUnnb8WukG9Wz5R37cxeyI+WXoW/BEmHmWVy4 -Wu1it9pWHbEHgw5edo7WM67AVg4Vk5D9p3iatu0RR6LyftbpQ+dALvq6NeB2E8Ag -NsbFciO+Vnau1id4cTDJSTuUvmGYB6obGlFkM7uzPh13S9OcrWffgu+hq6Dy/ODI -dv7DpNZcpzczfW5N7t2wNxOAr2oB+xSHJdVBDeLou6MwAlOmPPUvL0ndeVJqHcYn -lRx67qtCvl7xhK4NsvQTWrsfIhdfs8cIHbSK63iGcVSp/p+neGc3SyqQjSCOxQW+ -V2JENVtZQx8sIeLUyNixd4PIEcffXAFJZvM6GpGsuUzhgCHWD/CeiS/UlGMdeoIc -giZo8ofO29zzh+Ii3b2/u/FqH4+W/AargpE4DX2YYmlKrbnoMoj+kcM6OKh6ncS4 -8uquqVwKuYDOX8m1CRTNb9n+HfBvCcJOobvhUt0/zzWfR4s7PYcbBFxP1wvaQuLE -N3Of8rZ5aV08uzZ4O+ntb9i2FJmSafhVzc2gdn1YK+BELg2JjuS0dMZ9SifkNZUp -HKQTdKuwMGHI2pBHxQwtDl6KVQamD1OGNzZszGXviTSwKuCEvMQ= -=9vWg ------END PGP SIGNATURE----- diff --git a/thunderbird-115.3.1.source.tar.xz b/thunderbird-115.3.1.source.tar.xz new file mode 100644 index 0000000..3b29ad2 --- /dev/null +++ b/thunderbird-115.3.1.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c2fd640ec6ab005c2acb6d7594b90751b1ef684ca038f0d3919044baafe736de +size 530392392 diff --git a/thunderbird-115.3.1.source.tar.xz.asc b/thunderbird-115.3.1.source.tar.xz.asc new file mode 100644 index 0000000..f9dd6ca --- /dev/null +++ b/thunderbird-115.3.1.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUWBbMACgkQ4207E/PZ +MnRyOBAAgWEKYNzmnc1Z1+uYkIcImPLobEem1q4JH8rbBjsTiAEek4zBsuHf9UrG +LnzpvtxBwyxXOE5sx7DzxpXvqhb2cr2mdXCWs8jXnZNlZI6nfRd+0cmlpL0GN9tv +ny3r9nFB2Sohh8Y6IMRle18vC9rveGY549SXTmowL5pNpj3qldGI2tuPvZMzK2oO +OxcCQNQ9rnULJR+Piv5mm0wq8rOU6erIf/5VhJOzr2Di6AuLZY0qk+57h4FBWmL8 +96MaoeXARdM+FkJrcn7TaNcZ4FBWb/bbWkroSiiebSKNzaOml2yhXRBbcMeD0Lky +j+LuDxGCQBQM2eSEotnDmSGQPBUBlaPzRizQekz3eKEAqs4ZqkWEwAi6JgGRDD51 +uLvsTxXQNL7uMS0Ml33a6CB7gJAakHhWR3t/4N+1e45gTjWuzfJwcjnddnM+e6ff +1f0USvj9wuiToBckHVJlXZvTVQ3Zo2L7OSlI7abff8xZR2wreX3hAXFKtm3AafRI +L1SBkAlQLrbfBRoYNbDpVi5nScDIyKEP7eDFSvG3sZKyitCuvEM9aiupqCI3uHbC +97TyR68qr6aLwvNU2F0I7nP27kqfQQGVMD+Dto56H3lwoaxjBmD3OBgKgfZcNBNa +TiZYINsLLAVkw//Q9Yus8fl0QJvMfeuGA98eoeh2wV47TZ+H6+g= +=jCNA +-----END PGP SIGNATURE-----