Accepting request 1243477 from mozilla:Factory

- Mozilla Thunderbird 128.7.0
  MFSA 2025-10 (bsc#1236539)
  * CVE-2025-1009 (bmo#1936613)
    Use-after-free in XSLT
  * CVE-2025-1010 (bmo#1936982)
    Use-after-free in Custom Highlight
  * CVE-2025-1011 (bmo#1936454)
    A bug in WebAssembly code generation could result in a crash
  * CVE-2025-1012 (bmo#1939710)
    Use-after-free during concurrent delazification
  * CVE-2024-11704 (bmo#1899402)
    Potential double-free vulnerability in PKCS#7 decryption
    handling
  * CVE-2025-1013 (bmo#1932555)
    Potential opening of private browsing tabs in normal browsing
    windows
  * CVE-2025-1014 (bmo#1940804)
    Certificate length was not properly checked
  * CVE-2025-1015 (bmo#1939458)
    Unsanitized address book fields
  * CVE-2025-0510 (bmo#1940570)
    Address of e-mail sender can be spoofed by malicious email
  * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694,
    bmo#1938469, bmo#1939583, bmo#1940994)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
    and Thunderbird 128.7
  * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 128.7, and Thunderbird 128.7

OBS-URL: https://build.opensuse.org/request/show/1243477
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=354

MozillaThunderbird.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Wed Feb  5 07:26:07 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 128.7.0
+  MFSA 2025-10 (bsc#1236539)
+  * CVE-2025-1009 (bmo#1936613)
+    Use-after-free in XSLT
+  * CVE-2025-1010 (bmo#1936982)
+    Use-after-free in Custom Highlight
+  * CVE-2025-1011 (bmo#1936454)
+    A bug in WebAssembly code generation could result in a crash
+  * CVE-2025-1012 (bmo#1939710)
+    Use-after-free during concurrent delazification
+  * CVE-2024-11704 (bmo#1899402)
+    Potential double-free vulnerability in PKCS#7 decryption
+    handling
+  * CVE-2025-1013 (bmo#1932555)
+    Potential opening of private browsing tabs in normal browsing
+    windows
+  * CVE-2025-1014 (bmo#1940804)
+    Certificate length was not properly checked
+  * CVE-2025-1015 (bmo#1939458)
+    Unsanitized address book fields
+  * CVE-2025-0510 (bmo#1940570)
+    Address of e-mail sender can be spoofed by malicious email
+  * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694,
+    bmo#1938469, bmo#1939583, bmo#1940994)
+    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
+    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
+    and Thunderbird 128.7
+  * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984)
+    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
+    Firefox ESR 128.7, and Thunderbird 128.7
+
 -------------------------------------------------------------------
 Mon Jan 27 07:58:55 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaThunderbird.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          128
-%define mainver        %major.6.1
-%define orig_version   128.6.1
+%define mainver        %major.7.0
+%define orig_version   128.7.0
 %define orig_suffix    esr
 %define update_channel esr
 %define source_prefix  thunderbird-%{orig_version}

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr128"
-VERSION="128.6.1"
+VERSION="128.7.0"
 VERSION_SUFFIX="esr"
-REV_VERSION="128.6.0"
+REV_VERSION="128.6.1"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr128"
-RELEASE_TAG="17bde32ff7941dbf9892f58b39a10317ad003b10"
-RELEASE_TIMESTAMP="20250124112543"
+RELEASE_TAG="a491e151dc3fd5830fec3d4ea0c83b4ecc651a9a"
+RELEASE_TIMESTAMP="20250204193300"

thunderbird-128.6.1esr.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55da5991f82b6463f20a9088c46f637713af637218ad47c3110afb7d83593852
-size 674348124

thunderbird-128.6.1esr.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmeT2iUACgkQ4207E/PZ
-MnTAhhAAnf6YuRoRaJL6X/oY6PaTgxwcJhR+12Z7QynnyRxsEFlRLAhrWPQvEwOZ
-TLqxj9sMD2eXUS5EgbcPUdaOdVNl6egVelDjLz4Fuu6Gb+GX9F7R24PIlL0W6XTG
-x/TSBV6lJir2FHDU1YgRQafkVd7ZTt+a9VzYGxL7EyM5vNvMctliFaok0wNsQFwU
-elf5XULJ5Joji/6ySqkSUJgQiI9QL/dwPn3AZJ/aCUusgwZevFWyRVmg9XbdWyrY
-3GQhdCPwfJXmofOOlM/7mf3YtfiCOWaSFKIZAUFIer8YKkgw/AP3sXYRgzGRCXtd
-QBPosI6P7uITS268tC8bj7Q1TlcoUcy9KJk4vsLeWg05FC2I5tVtNEZsvIFZAC9X
-6WJ4jxfXa8eeRd9nUFryS3+uTAoeKKkuDjKIcJHrO6/16SGpskEOCatpGXXZ8IGz
-MJd2izIrzxC8ilrptZkhCKO4L2f0Yv98OvkN0Gof3KgGKMgCyUL/J2jn5fw6Ls2x
-GO400a6YqmNNflde3nf5VTBTk0CYjC9UU4pnv1p6SZXQgn8fbtxp/iIzaZMGZvh5
-smcWvCJ0wLwVjEeVf6tWCktPFRvVTiByVBC8vn4IgtfU/3TXiv3YfbmsO9k/wPAl
-38MlLdxW7gnP6H3gzFsnJYkydhP0o4TxdjgYSm7zLucw0YCHZE0=
-=KLqG
------END PGP SIGNATURE-----

thunderbird-128.7.0esr.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40bd227a7d0e3d545be35b7cdddd3e78250488726d86c4ea014ae11a3eee3b5b
+size 674370672

thunderbird-128.7.0esr.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmeij7MACgkQ4207E/PZ
+MnS9QA/8D+a71qyUOWUcI4ZMga6vUVXpJ11x2+pAqDxiD/eJAHgcUWoLfEv0B3f5
+7DeaIZwqLWWsVxwktd6P6QkQ5PHMc/VM18aSHwuK4yxgbZ6GcwS8e2iy0K6SqnCQ
+iIEkxMtLMCNC+79XT94+6XSu1Rs5IXjyEBpPtSkXMFMHdlCz6E8xketrYfgLEFdr
+OtNNLAB9pgNux+8h/OvNW2wFbFVcMUpgl7ZNEmi8wPqJX0YGUUreY259+JKTIuie
+5goUaIblvYmbZbqlpKGyQw5SYhzndKXJxscJs0JIIuWdOGJqB/INyRGhsn0fYqAw
+mwiX4hc+EcWS9iAIizvAVrkc9ZWFUlT1msMRaEl4hqFloFaWyre7zFpTaCCVEcFo
+9JANswnf8RrPqQ2m4uvvmYMXF0lqnRRuDaDMgjZ0/Py2sSgcbo5iqFUD/+ZPtY6t
+R9BCChZPkK/vb9WrYWc990C60ci2HUxAacCKeIC5E+0wuatb5PjTcwCIC7fD5SHO
+xmFayPW3rK0rl2h+dAwEJSDKK/7ZP2BXQ8ynO7/SYt+WJN5xQVADPGC34lswfdOk
+6NgJxRK3OstQrWFKgE4B5qls4ALNnGiY3YQpzXabfyudqcY2Mm77izlm9l3VZ42t
+pxK5mVDHtcTRoNBONSpgk9Lup4Noz72bXIitNuLt8vjqddIHKPI=
+=NMiP
+-----END PGP SIGNATURE-----