- Mozilla Thunderbird 91.9.0

* A warning is now displayed if an OpenPGP key has unsafe
    attributes that are ignored
  * OpenPGP integration in Thunderbird 91.8.0 and 91.8.1 did not
    allow SHA-1 key signatures
  * CalDAV calendars were marked read-only on startup
  MFSA 2022-18 (bsc#1198970)
  * CVE-2022-1520 (bmo#1745019)
    Incorrect security status shown after viewing an attached
    email
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29913 (bmo#1764778)
    Speech Synthesis feature not properly disabled
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620)
    Memory safety bugs fixed in Thunderbird 91.9

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=634

MozillaThunderbird.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Mon May  2 06:34:51 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 91.9.0
+  * A warning is now displayed if an OpenPGP key has unsafe
+    attributes that are ignored
+  * OpenPGP integration in Thunderbird 91.8.0 and 91.8.1 did not
+    allow SHA-1 key signatures
+  * CalDAV calendars were marked read-only on startup
+  MFSA 2022-18 (bsc#1198970)
+  * CVE-2022-1520 (bmo#1745019)
+    Incorrect security status shown after viewing an attached
+    email
+  * CVE-2022-29914 (bmo#1746448)
+    Fullscreen notification bypass using popups
+  * CVE-2022-29909 (bmo#1755081)
+    Bypassing permission prompt in nested browsing contexts
+  * CVE-2022-29916 (bmo#1760674)
+    Leaking browser history with CSS variables
+  * CVE-2022-29911 (bmo#1761981)
+    iframe sandbox bypass
+  * CVE-2022-29912 (bmo#1692655)
+    Reader mode bypassed SameSite cookies
+  * CVE-2022-29913 (bmo#1764778)
+    Speech Synthesis feature not properly disabled
+  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
+    bmo#1762614, bmo#1762620)
+    Memory safety bugs fixed in Thunderbird 91.9
+
 -------------------------------------------------------------------
 Sat Apr 16 11:36:34 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaThunderbird.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          91
-%define mainver        %major.8.1
-%define orig_version   91.8.1
+%define mainver        %major.9.0
+%define orig_version   91.9.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr91"
-VERSION="91.8.1"
+VERSION="91.9.0"
 VERSION_SUFFIX=""
-PREV_VERSION="91.8.0"
+PREV_VERSION="91.8.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
-RELEASE_TAG="79f1a34ff6596c36fd01ceee26ae1881cebc4756"
-RELEASE_TIMESTAMP="20220413002405"
+RELEASE_TAG="1576ef623c224f5ba915c39a06b519ea977685c0"
+RELEASE_TIMESTAMP="20220427203543"

thunderbird-91.8.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:82737d29b89f39620fbdfc47e84d053edad903c72057526ff2a8215fd73e283d
-size 403849008

thunderbird-91.8.1.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmJXFrIACgkQ6+QekPbx
-L22sow/9HIIQsTXpth0veJfkwJOIe6p1XxxHDqv4wxsB4fEIov9MA0Rpqa5FxOcD
-dMbRjANvhMYE89+wnvkMCCRDBt5wam3eMUwpP/pdEuy784WpbPiEGVM5Ltu+fZ0P
-OP6ddyPl4ixZlMP3IrL/SovJGphOyHTuG+papzef1EAmgKwniIORCJv3Z5N0uze9
-F+QrtILrKIeOBNHobxFBmsO88wap1TroJZVnA2z5ya6Z0KiigHvpN6ZVGVJGcEBa
-SoCy++KZ+1X4nXEiIAG9xVU3gY+gpwIP/M3LwB3Re+V8FCiUt7eFo13qEJzmEtJ/
-ZdRfxgzb8hTgB2UUCkyQpNRfbm3wOAeQ0CRcVsIfDcfulncVR7N3yZuFSPF1BnND
-7G558xn/l8BjKJeMg+pF62v21qetWQ8czvaGEvU66ZtGNpkoO5gm/Lx0dMVCqJu/
-bZ3O5BukMWWpea95zvVCtt1jOV7h0RCI/8q2gwRY6JWEY0Y0PJ93MpSWovZY2BOv
-2dLJwjGjOeiJ1dsaaIi52jznYyMpVInUCPMB9vjGsUdwxjZwDCn8w2ORDSWX8hJT
-XJv3X7FWPNm125NMm9aF+5rzbm4A3Kb0Q5nXETU+GLyIA6B+KVBI6jL8j1Koxji1
-314ZB9PSpDQ0D8wfKoaWkyhb1Qc73q5YDHmd4H2nGJRfx4BG9oA=
-=lGZx
------END PGP SIGNATURE-----

thunderbird-91.9.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:616e48327c4b0cdd2fd3c6385bfa4d380ba5cc7c52ce6014ae39d389a19fd092
+size 403847916

thunderbird-91.9.0.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmJwNp0ACgkQ6+QekPbx
+L22yTw/9Hg93PeZom6duOGFF1Pw4bRqMH2twz8vEBmIGTOXtx5AFhb0iWwXn3TMl
+lUvT4VFgnAXngwqGpPAnbO0p/zv98cJqzVv88l/TBOyyJApn6PwtTH0SppK7m3Kc
+CnpfNXPOegTyosbnM6U1VjDLDNO57FS8/R+XBlQ/I0T9iNpGBKOgmnkmC8kxK8Ki
+NnoxMW8iAgk8EIs3/YQ2xrodsPVfYKqZOJuCNVzprS0hcwEVnJC2yx5lcXwVQo4V
+mB0/XgIr+wadaqR7eFB7ZdfP47jKKc+t9UtSAQBLLJ8A+kvlcxzCmVpXfUwUkk65
+z7+ZNbDqh1h1Ib05kHpP1ICEbEpxlurbj9+5nDTzaUgySB7F/cGwhnUHF3NPoB2p
+oFZBw16AvuMrYUuwoZ7O0/+b9D08X6DfBSS4Geyk3loCtljfXYnx/WsQnlUVVXey
+cDuCMioQS6tDa7pMM4me7MsMr4m2i3toSI7jh2OfgzuMbX0xMEqW40YxtiAjPcuW
+BPbfQRWqiET68RJoE0BOfGLwIwI/HCoAhsPr5M58GDSpv0yEzHngIqWU6ErW4T0A
+GLyfczzOw8LtyIJ4lJvh+tGMK5mtSYbdVYTc765XViT59TppqcRlrwsr+AbPIqiv
++h8OcTdUoZSubGcdtZQ3TU7gxBmbigWM/A+6daX/RUbmvIuN2Yo=
+=eoMg
+-----END PGP SIGNATURE-----