Accepting request 1141172 from mozilla:Factory

- Mozilla Thunderbird 115.7.0 https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/ MFSA 2024-04 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 OBS-URL: https://build.opensuse.org/request/show/1141172 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=329
2024-01-24 18:05:45 +00:00 · 2024-01-24 18:05:45 +00:00 · e3fe8edab3
commit e3fe8edab3
parent 8b936efa7d b28fc45f13
9 changed files with 56 additions and 30 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Sun Jan 21 09:10:11 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 115.7.0
+  https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/
+  MFSA 2024-04 (bsc#1218955)
+  * CVE-2024-0741 (bmo#1864587)
+    Out of bounds write in ANGLE
+  * CVE-2024-0742 (bmo#1867152)
+    Failure to update user input timestamp
+  * CVE-2024-0746 (bmo#1660223)
+    Crash when listing printers on Linux
+  * CVE-2024-0747 (bmo#1764343)
+    Bypass of Content Security Policy when directive unsafe-inline was set
+  * CVE-2024-0749 (bmo#1813463)
+    Phishing site popup could show local origin in address bar
+  * CVE-2024-0750 (bmo#1863083)
+    Potential permissions request bypass via clickjacking
+  * CVE-2024-0751 (bmo#1865689)
+    Privilege escalation through devtools
+  * CVE-2024-0753 (bmo#1870262)
+    HSTS policy on subdomain could bypass policy of upper domain
+  * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
+    Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
+    and Thunderbird 115.7
+
 -------------------------------------------------------------------
 Wed Jan 10 09:18:01 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -1,5 +1,5 @@
 #
-# spec file
+# spec file for package MozillaThunderbird
 #
 # Copyright (c) 2024 SUSE LLC
 # Copyright (c) 2006-2023 Wolfgang Rosenauer <wr@rosenauer.org>
@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          115
-%define mainver        %major.6.1
-%define orig_version   115.6.1
+%define mainver        %major.7.0
+%define orig_version   115.7.0
 %define orig_suffix    %nil
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@ -217,7 +217,7 @@ Recommends:     libcanberra0
 Recommends:     libotr5
 Recommends:     libpulse0
 Requires(post): desktop-file-utils
-Requires(postun):desktop-file-utils
+Requires(postun): desktop-file-utils
 %define libgssapi libgssapi_krb5.so.2
 ExcludeArch:    armv6l armv6hl

--- a/l10n-115.6.1.tar.xz
+++ b/l10n-115.6.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dc0e2c5222608ddad6e5b9b80943916daaa5bbda1e7e6af22b4d538e3a6ebd11
-size 27946352
--- a/l10n-115.7.0.tar.xz
+++ b/l10n-115.7.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9d509324355c7dc776493ff221bd27becab12338fa400f2dfbe9a4164da3ecdb
+size 28282412
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr115"
-VERSION="115.6.1"
+VERSION="115.7.0"
 VERSION_SUFFIX=""
-PREV_VERSION="115.6.0"
+PREV_VERSION="115.6.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115"
-RELEASE_TAG="eb6676c39f4e74cdb122a559a3306fe4f46ce4e7"
-RELEASE_TIMESTAMP="20240105183125"
+RELEASE_TAG="403b56578d94234d5cbda0f73fe18caae7c17b49"
+RELEASE_TIMESTAMP="20240119095007"
--- a/thunderbird-115.6.1.source.tar.xz
+++ b/thunderbird-115.6.1.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:638beb0d2907c6adbe441b7cd371f205728ac65489c04cb29bb40e71ea2846e3
-size 533899156
--- a/thunderbird-115.6.1.source.tar.xz.asc
+++ b/thunderbird-115.6.1.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmWYdx0ACgkQ4207E/PZ
-MnQMEQ/+K4SA5j8j7qtwlzMxA5x9+jTa7+0VieSvD4cXPsSQY2fuMbkT68r66IU4
-N/CyPCyjueFDUlZ8iDBOyowJobVhuJc2N0ihC+1Kue0BwXVJzLsQAkF7hjPwCal1
-gFYVUS8TM1xvLPCuqYN25UZzQ2WeOYFFI3ePGoTRXxSlhNXyJBD1uIbh1I7vbxB6
-koLiAWoQtGAMywGJE/HntMz9SIYPdtEqkmwywDO+XxiiTFhsF0w8QoGjM8QJsBV4
-XkDeE5aSmbPpvcseHzR22KX4iDcqtHdk5uoD8NpohsYlvIJ56ck0jnlA6mrIVA8U
-SDEIcwjyzwVA8i6gdVCSQEHYEPTTr0R1dYHAGJ6zbBqQysSbUZGZxUHHmqJRa7Jv
-WN2HYiiOhlAw7CCg0C87/cNFvZoukerl/ee50BP7K7nElWK1tYyq5u9eGcktHxsv
-qDuPH9NBAazJENXzEEP9hJpdIYUaXDl8QwNNoAYeIkA/NI+51jBw1TSUhnuw6asT
-A6FcERGoAT3s9TI3nT9A0uM+KffFZLY5BoO5Qb0Ny1MTqo0oH7zbenqAJhmejrB2
-thwZgmgNVKZt9wXkO3ZWV8YE8VvywZE7aM3hF1eDoOpgyGiVsPPRWTDvYjk6+tNy
-4mb4d/FN58ClibZSKmRw25UfruQix+EevXsev+y28cAgj6LL3TU=
-=rjDe
-----END PGP SIGNATURE-----
--- a/thunderbird-115.7.0.source.tar.xz
+++ b/thunderbird-115.7.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:19f483d4c26e47daaeabb8fb99605b12f4e842aec2814dfb92d78b1a73459f43
+size 532459912
--- a/thunderbird-115.7.0.source.tar.xz.asc
+++ b/thunderbird-115.7.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmWqto4ACgkQ4207E/PZ
+MnS1OxAAlOIrvYsbTN6NKXz1EpkGkVHAhHanbRy8IooTaLg26AeT9rNhvqJK8CBC
+bmOAzsIKnXd638NI+1Od59RTUatgsxZtpxaXiOzC09LQyRtp48qKPmmaZWD5Tj7r
+JT1cXxvF+o+0yd79JJoKpSnIcOWUG0gUp3iviGLA8DxX4vJQ3DzElM6dBYkuac8s
+f7xl/RzJCUaOPbIpvkrh0PIFFseJy6V4jUIJYQVqF0Bnz3LDH8IUNqj7modLJYvU
+q00efKymoZgptfU54AlxaXZYErmmqK/6iHE4KSa78XpOzbXDxi9s0cgaZ0BZPnR9
+pk5MGE/dVCm7d4MAbyVvzsUf8D/bsprSMxdjqi/iKgjlzdIzCGu7o6LRZ5hA+KlL
+A+64Kzabkg+Guq5mgr0dy5ZqrJYBjGy7mcY3C+r7CS5O1ApPka7sJjbmMWB98mfs
+m6bWiv4troeOkUeWfpHYNWUHaSZP2QlhTl+yyp1g6WIdZzAHRcrNc25ORQxlajBj
+d9X2qeRDZUXPQ/7qZ0FoJmIbfgwDjaagF4/mYM4ip7GEjsnUdXzjGXUaz7pKYCck
+G3yecoDV1UM9iK3Oeg9yHIPRL+t1sdiep3abHCW0DWTNe72LFuJLof7Ti8wD4NdB
+/ZsPCdU9APFtwW6IdBFrmn855fRnvKMC/ffu+MYXjmZt3rX7+7I=
+=SkMQ
+-----END PGP SIGNATURE-----