Accepting request 1036233 from mozilla:Factory

- Mozilla Thunderbird 102.5.0 * changes and fixes as described here https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes MFSA 2022-49 (bsc#1205270) * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage * CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn over browser UI * CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside the iframe * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety bugs fixed in Thunderbird 102.5 OBS-URL: https://build.opensuse.org/request/show/1036233 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=298
2022-11-17 16:24:06 +00:00 · 2022-11-17 16:24:06 +00:00 · e387b3a5d8
commit e387b3a5d8
parent f92ca0eef0 d0799f3ab3
8 changed files with 59 additions and 25 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Sat Nov 12 22:48:04 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 102.5.0
+  * changes and fixes as described here
+    https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes
+  MFSA 2022-49 (bsc#1205270)
+  * CVE-2022-45403 (bmo#1762078)
+    Service Workers might have learned size of cross-origin media files
+  * CVE-2022-45404 (bmo#1790815)
+    Fullscreen notification bypass
+  * CVE-2022-45405 (bmo#1791314)
+    Use-after-free in InputStream implementation
+  * CVE-2022-45406 (bmo#1791975)
+    Use-after-free of a JavaScript Realm
+  * CVE-2022-45408 (bmo#1793829)
+    Fullscreen notification bypass via windowName
+  * CVE-2022-45409 (bmo#1796901)
+    Use-after-free in Garbage Collection
+  * CVE-2022-45410 (bmo#1658869)
+    ServiceWorker-intercepted requests bypassed SameSite cookie policy
+  * CVE-2022-45411 (bmo#1790311)
+    Cross-Site Tracing was possible via non-standard override headers
+  * CVE-2022-45412 (bmo#1791029)
+    Symlinks may resolve to partially uninitialized buffers
+  * CVE-2022-45416 (bmo#1793676)
+    Keystroke Side-Channel Leakage
+  * CVE-2022-45418 (bmo#1795815)
+    Custom mouse cursor could have been drawn over browser UI
+  * CVE-2022-45420 (bmo#1792643)
+    Iframe contents could be rendered outside the iframe
+  * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
+    Memory safety bugs fixed in Thunderbird 102.5
+
 -------------------------------------------------------------------
 Sat Nov  5 16:19:55 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          102
-%define mainver        %major.4.2
-%define orig_version   102.4.2
+%define mainver        %major.5.0
+%define orig_version   102.5.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
--- a/l10n-102.5.0.tar.xz
+++ b/l10n-102.5.0.tar.xz
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr102"
-VERSION="102.4.2"
+VERSION="102.5.0"
 VERSION_SUFFIX=""
-PREV_VERSION="102.4.1"
+PREV_VERSION="102.4.2"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"
-RELEASE_TAG="bece6c033f6b24b9c126598da7c6eb5bc2a48b14"
-RELEASE_TIMESTAMP="20221101185644"
+RELEASE_TAG="b6e9b5a1d1b53d26cfb7032ef2ff02203ab0486b"
+RELEASE_TIMESTAMP="20221115143058"
--- a/thunderbird-102.4.2.source.tar.xz
+++ b/thunderbird-102.4.2.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ffc4a0499ccef41dccd99a683715199e9c839d628240dfb4b5f52bf1e6c902d5
-size 500913544
--- a/thunderbird-102.4.2.source.tar.xz.asc
+++ b/thunderbird-102.4.2.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmNiamsACgkQ6+QekPbx
-L23dwA//aXpks6eJ6nnCg5ZxdcrTu6Chcj43pb6f96OIm+0Bpz60ny1bed6p1/ph
-v0spUf8mNUgrUYnDDVJszAoTb2WepD55F4Grel0nZGAG8WlI7v9b/KlTeTKOnCd+
-ZlUyTtK2rJji9BKBOmkUtNVXs+Ru1BFfqWz9UZ+jHKd8Mm8SuKQW0osE4DlYvKPP
-7yj9cBP3Koql4asHbctLW1COLcN2CTm9qmwrAXcMqkfrTMEi7MoLpgvzfIuC/sGl
-lmxHEdrsvjUjUbvJRlo4Sgf9deQcNSwpTfsL/phDTUh7k0ojvAvcOOEDaTB8QDS7
-doK0r3bjYKWyu89LPv4voOZrijv3jKwxRu/fSapJjVDW2aqM5669m5hmoeR8Qd0K
-KgFHgh3fls5lNM0Iw8lL+Bab50KoVF10Zqp8oTPMNrrhY/5Oh0iWfuW/dDgtc64M
-srmFcHiMDQ/UOWyB3cebS1ekUkFzsbtFjbsNpIzqhHBvXRQqLcivnxVutVhPY0xr
-mQN2ILf4eD+q3zi/L3t7SohqhgW2M+qVvusBP4NtmfM0TsoSrk/8QH9Sj10bOnJo
-iP9vAvotqKVzoXb3fdD651U87J2BsyqJR51GmRgoBVvYZDMKDHLJ6Wt400+PAN2R
-MVOwuTQZqUhLXw5ixW9w3GddI552pmhI3gfB5U1SDQp1pPnBuzc=
-=hvpX
-----END PGP SIGNATURE-----
--- a/thunderbird-102.5.0.source.tar.xz
+++ b/thunderbird-102.5.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bdf8c4882e951939950b3c8aec26b15414c61c02560804f1940070f4b945d38c
+size 506950192
--- a/thunderbird-102.5.0.source.tar.xz.asc
+++ b/thunderbird-102.5.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmNzwLkACgkQ6+QekPbx
+L232KRAAidSZRWeQpQ5g9s/IABUtpfYGHfw+gRBx5mWtHq69HaD9cMxTtfh+Us9P
+pGjXVWuzI+QYyrw5StmXqhHhgNwodAm1LSTc0VXu3elbszvwsetwj9P5vZEI5zOz
+Pl5PnJC4nVewP1hHc+m1xjz5fuLkWFyB9Xl25zrL1f1NsPYa6V3g9yGZ3x7dKmBx
+OPi24qNiN3R4ph5pj9t1A1+WnqygIT2NoeyFj7ScDDcXFepA2Z1qsVAj2eITR/qe
+jgNoxHuPJ4BWVbv+vtdRZkdaU57RFbVEDG5hquWzPVtWaDQh2Ux+DYtcsTthlqW+
+6D6np1C1TY89iaNBcKozxr9HKqE7Q+3UVnk+y69ZqQBBrgpTXp+KM8N/JA2aRlko
+wAh2tNFM0EOd8uRdSy7QinWfBqppYLV+lMuqoXUcuZZD60F63dmGXbry0m/WBqs+
+MRJmh2uNoHYtOzjZjHM3fJW+Upg1arLf16qwUfPb0ZJ7bchhTtzFoydBETQHMnQ1
+ax+EvDPPurw9jEJAM1gH5o/I+62hBFUvEy/ThBQkCmMUzcSnQpzr+iklaqGeO7lG
+FPEf8fjGFPyRn3u6ZLbZxiKJFwXKm7OtHT7l4sXvsWIp9kUr/XEWUeTLOjpMSg7K
+5KQBKFQL4PYDP4QY/vJ863QQzMY50phOxAWEJF+jrVzf9gYibS4=
+=WxnT
+-----END PGP SIGNATURE-----