From da50d4ab720b3ccb7bbf3f7c78995bace97925e072c20fd09b02820251264875 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Thu, 3 Aug 2023 04:29:56 +0000
Subject: [PATCH] - Mozilla Thunderbird 102.14.0   MFSA 2023-32 (bsc#1213746)  
 * CVE-2023-4045 (bmo#1833876)     Offscreen Canvas could have bypassed
 cross-origin restrictions   * CVE-2023-4046 (bmo#1837686)     Incorrect value
 used during WASM compilation   * CVE-2023-4047 (bmo#1839073)     Potential
 permissions request bypass via clickjacking   * CVE-2023-4048 (bmo#1841368)  
   Crash in DOMParser due to out-of-memory conditions   * CVE-2023-4049
 (bmo#1842658)     Fix potential race conditions when releasing platform
 objects   * CVE-2023-4050 (bmo#1843038)     Stack buffer overflow in
 StorageManager   * CVE-2023-4054 (bmo#1840777)     Lack of warning when
 opening appref-ms files   * CVE-2023-4055 (bmo#1782561)     Cookie jar
 overflow caused unexpected cookie jar state   * CVE-2023-4056 (bmo#1820587,
 bmo#1824634, bmo#1839235,     bmo#1842325, bmo#1843847)     Memory safety
 bugs fixed in Firefox 116, Firefox ESR 115.1,     Firefox ESR 102.14,
 Thunderbird 115.1, and Thunderbird 102.14

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=712
---
 MozillaThunderbird.changes                   | 26 ++++++++++++++++++++
 MozillaThunderbird.spec                      |  4 +--
 l10n-102.13.1.tar.xz => l10n-102.14.0.tar.xz |  0
 tar_stamps                                   |  8 +++---
 thunderbird-102.13.1.source.tar.xz           |  3 ---
 thunderbird-102.13.1.source.tar.xz.asc       | 16 ------------
 thunderbird-102.14.0.source.tar.xz           |  3 +++
 thunderbird-102.14.0.source.tar.xz.asc       | 16 ++++++++++++
 8 files changed, 51 insertions(+), 25 deletions(-)
 rename l10n-102.13.1.tar.xz => l10n-102.14.0.tar.xz (100%)
 delete mode 100644 thunderbird-102.13.1.source.tar.xz
 delete mode 100644 thunderbird-102.13.1.source.tar.xz.asc
 create mode 100644 thunderbird-102.14.0.source.tar.xz
 create mode 100644 thunderbird-102.14.0.source.tar.xz.asc

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 7b4ea8d..4343ce2 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Aug  1 20:15:02 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 102.14.0
+  MFSA 2023-32 (bsc#1213746)
+  * CVE-2023-4045 (bmo#1833876)
+    Offscreen Canvas could have bypassed cross-origin restrictions
+  * CVE-2023-4046 (bmo#1837686)
+    Incorrect value used during WASM compilation
+  * CVE-2023-4047 (bmo#1839073)
+    Potential permissions request bypass via clickjacking
+  * CVE-2023-4048 (bmo#1841368)
+    Crash in DOMParser due to out-of-memory conditions
+  * CVE-2023-4049 (bmo#1842658)
+    Fix potential race conditions when releasing platform objects
+  * CVE-2023-4050 (bmo#1843038)
+    Stack buffer overflow in StorageManager
+  * CVE-2023-4054 (bmo#1840777)
+    Lack of warning when opening appref-ms files
+  * CVE-2023-4055 (bmo#1782561)
+    Cookie jar overflow caused unexpected cookie jar state
+  * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
+    bmo#1842325, bmo#1843847)
+    Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
+    Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
+
 -------------------------------------------------------------------
 Tue Jul 25 06:56:46 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
 
diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index d6b772a..67626a7 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          102
-%define mainver        %major.13.1
-%define orig_version   102.13.1
+%define mainver        %major.14.0
+%define orig_version   102.14.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
diff --git a/l10n-102.13.1.tar.xz b/l10n-102.14.0.tar.xz
similarity index 100%
rename from l10n-102.13.1.tar.xz
rename to l10n-102.14.0.tar.xz
diff --git a/tar_stamps b/tar_stamps
index 349f993..177093a 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr102"
-VERSION="102.13.1"
+VERSION="102.14.0"
 VERSION_SUFFIX=""
-PREV_VERSION="102.13.0"
+PREV_VERSION="102.13.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"
-RELEASE_TAG="c1181d5307e80c773d3d2781b18f7bdd2353d66d"
-RELEASE_TIMESTAMP="20230724161345"
+RELEASE_TAG="d83d81499d87f2360995ae0448fcaa40e0cd106a"
+RELEASE_TIMESTAMP="20230801134847"
diff --git a/thunderbird-102.13.1.source.tar.xz b/thunderbird-102.13.1.source.tar.xz
deleted file mode 100644
index 484f0a9..0000000
--- a/thunderbird-102.13.1.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:614e60ae1839a7faf38a4d471026694efef2c7984ed3756f92bd977a610bb9f2
-size 502958888
diff --git a/thunderbird-102.13.1.source.tar.xz.asc b/thunderbird-102.13.1.source.tar.xz.asc
deleted file mode 100644
index 44a0548..0000000
--- a/thunderbird-102.13.1.source.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmS+z1YACgkQ4207E/PZ
-MnQy6hAAx2l7MellCz2N35lqxgLf1xVvzjGjq+LJ5gdqwQTrAkIgmFVM1LQtM91a
-QFkyUl4D19A5GlDe7IPnfQMcra3FLvMXSY0bktS4GWJLZNJYmUU9MYlwrzMXUlkn
-HQv5kqBv3ZCc8MoGi7pQSOKYxb7T2Lbc6ryR5rK0OG9FTjBkF/2wUcHwg8w4xjlp
-NvWy5+gbWGAaIpSWPNZnMSfwidn2Kf0oQ58pQ4blOf3L5n0CqhSDmcDUVn01+GwP
-iclNhdu6ij+duVWC/O637mqE6d4Q6bfYiiROv2dkkhNFNoQirjedi2gyqLNkHRDB
-bFw5fui9PBs9bzlWYhJytkncTtjmqGrokl9HrVspdcDif37BN3wCn1Zh3IRTxj3m
-dI2aCjHbW2YUjP0M2Ml19QNZB3/oageuQ1P0f6EeAtueyOnqysC5nnckG72Wd1y3
-EGOvcBUtg0kB/X3aJHCyKvjhunnm+DwaUyEuLRegF4TvgeIEPEKDK/G2zRJrCKyk
-vbprdiPtqJjn4aghAXmhmmmydoUckHf7YTs5MW66TRHSPgp1hT+/q9x1E0+GV6X/
-4SFSNelQNnKPNnnwVkklS2IXpq8bl/xQ/NOfhbOLjqitdgYcaAQqVcksJjaB1AdV
-CXAOWfrzlGRIRn1oXDsn9TfSrRi5y48ual+xmwP73kyWOQsc6IU=
-=pbLy
------END PGP SIGNATURE-----
diff --git a/thunderbird-102.14.0.source.tar.xz b/thunderbird-102.14.0.source.tar.xz
new file mode 100644
index 0000000..17e0230
--- /dev/null
+++ b/thunderbird-102.14.0.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68514ac2e196b3526588b2957f2ab51b99b366af497fe13d1518a52bf8298c83
+size 502877912
diff --git a/thunderbird-102.14.0.source.tar.xz.asc b/thunderbird-102.14.0.source.tar.xz.asc
new file mode 100644
index 0000000..174d98e
--- /dev/null
+++ b/thunderbird-102.14.0.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmTJLHwACgkQ4207E/PZ
+MnTDMQ//RP0i4TeYipFmuih2+ae5mNjSCuRCsH3Cq+eOXT4l1vr79PCRcWQwDjJN
+R4JDfxSE8eUkVEHmoj11TySXFRHRCNOKRIKveRHayGJSn54SMt9aHHicqbZGDdjp
+BjESw8ZVlS9u+9TVWGK3Ah0roHBr9oSHxeC3Pj5VtAwz5Bb3RSimMnArk3V8b7dB
+oZLZfbm5bWeuL26mhias8NZS3aINDvNLRHyVBOiIHKCODIFh2Upql9NPhSpCmV0x
+PXEc2QGozNXnbfNoOcwoBHcrsAeFdqjv6/gVRLIqa9hQ7uhiXjGaG3vJrRzwP9hM
+2kFgCcGisnZDWTs1KOhGTEBezcqIQ+p1OSu/NbfrRKQmnUo0bV3+eqIvwQA2dao8
+wuzps9IBKdZwVDNC6CFIgOzTVimCg99SvcmFu2PxjjJauTgZ6Hrva5C/4vddBkyl
+oignfiDU6+sVK2Prfz44ydHo8ZUdjxz31xfSxFObHEfySkdDTE0UvNUHWU++g+Ci
+E0AqbwvNk3SuFfuQirnan/dJlstPGVjxZB8bfc2WG4Qz/z6vrygB0oKzbu2nuPXM
+FWC/NQkpMoBB7eXcZA8vIK81DSkk/vPiZ/CjYDjQqaZxnRxaZtWLbfqOgHfBTLDx
+kjQh+AdS1unHJE0DhHq5mGGFtCmhyNgh9uk5wJbyseuTGYzgOKw=
+=K3lJ
+-----END PGP SIGNATURE-----