From eba6cdf4f56ceb54bb03a51d006edc999cf3953cb72fc5c45c166b046cc85372 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 26 Aug 2022 06:39:36 +0000 Subject: [PATCH] - Mozilla Thunderbird 102.2.0 * https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/ MFSA 2022-36 (bsc#1202645) * CVE-2022-38472 (bmo#1769155) Address bar spoofing via XSLT error handling * CVE-2022-38473 (bmo#1771685) Cross-origin XSLT Documents would have inherited the parent's permissions * CVE-2022-38476 (bmo#1760998) Data race and potential use-after-free in PK11_ChangePW * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363) Memory safety bugs fixed in Thunderbird 102.2 * CVE-2022-38478 (bmo#1770630, bmo#1776658) Memory safety bugs fixed in Thunderbird 102.2, and Thunderbird 91.13 - disabled automatic usage of wayland because of known issues using MOZ_ENABLE_WAYLAND=1 in environment would still enable it (boo#1202606) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=651 --- MozillaThunderbird.changes | 22 ++++++++++++++++++++++ MozillaThunderbird.spec | 4 ++-- l10n-102.1.2.tar.xz | 3 --- l10n-102.2.0.tar.xz | 3 +++ mozilla.sh.in | 2 +- tar_stamps | 8 ++++---- thunderbird-102.1.2.source.tar.xz | 3 --- thunderbird-102.1.2.source.tar.xz.asc | 16 ---------------- thunderbird-102.2.0.source.tar.xz | 3 +++ thunderbird-102.2.0.source.tar.xz.asc | 16 ++++++++++++++++ 10 files changed, 51 insertions(+), 29 deletions(-) delete mode 100644 l10n-102.1.2.tar.xz create mode 100644 l10n-102.2.0.tar.xz delete mode 100644 thunderbird-102.1.2.source.tar.xz delete mode 100644 thunderbird-102.1.2.source.tar.xz.asc create mode 100644 thunderbird-102.2.0.source.tar.xz create mode 100644 thunderbird-102.2.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 226a3d5..e4176f9 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Aug 19 18:24:06 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Thunderbird 102.2.0 + * https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/ + MFSA 2022-36 (bsc#1202645) + * CVE-2022-38472 (bmo#1769155) + Address bar spoofing via XSLT error handling + * CVE-2022-38473 (bmo#1771685) + Cross-origin XSLT Documents would have inherited the parent's + permissions + * CVE-2022-38476 (bmo#1760998) + Data race and potential use-after-free in PK11_ChangePW + * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363) + Memory safety bugs fixed in Thunderbird 102.2 + * CVE-2022-38478 (bmo#1770630, bmo#1776658) + Memory safety bugs fixed in Thunderbird 102.2, and + Thunderbird 91.13 +- disabled automatic usage of wayland because of known issues + using MOZ_ENABLE_WAYLAND=1 in environment would still enable it + (boo#1202606) + ------------------------------------------------------------------- Sun Aug 14 08:03:00 UTC 2022 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index d6c1f00..093bf94 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -29,8 +29,8 @@ # major 69 # mainver %major.99 %define major 102 -%define mainver %major.1.2 -%define orig_version 102.1.2 +%define mainver %major.2.0 +%define orig_version 102.2.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} diff --git a/l10n-102.1.2.tar.xz b/l10n-102.1.2.tar.xz deleted file mode 100644 index 16fce5e..0000000 --- a/l10n-102.1.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:020ac360ef62cf58780bef0b85ef0af9fb205e6999adbd8d42e253ea4f1ded1c -size 29341192 diff --git a/l10n-102.2.0.tar.xz b/l10n-102.2.0.tar.xz new file mode 100644 index 0000000..3f4205c --- /dev/null +++ b/l10n-102.2.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6233333f16c7487a93c430638ec4d4f704cb8dc4b0db1901cf88d2aaa501ffe8 +size 29350268 diff --git a/mozilla.sh.in b/mozilla.sh.in index 8d250d4..2861c10 100644 --- a/mozilla.sh.in +++ b/mozilla.sh.in @@ -89,7 +89,7 @@ WAYLAND_SUPPORTED=%WAYLAND_SUPPORTED # $XDG_SESSION_TYPE should contain either x11 or wayland if [ $WAYLAND_SUPPORTED -eq 1 ] && [ "$XDG_SESSION_TYPE" = "wayland" ] && [ -z "$MOZ_ENABLE_WAYLAND" ]; then - export MOZ_ENABLE_WAYLAND=1 + export MOZ_ENABLE_WAYLAND=0 fi ## diff --git a/tar_stamps b/tar_stamps index 0723eae..bc2e745 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr102" -VERSION="102.1.2" +VERSION="102.2.0" VERSION_SUFFIX="" -PREV_VERSION="102.1.1" +PREV_VERSION="102.1.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102" -RELEASE_TAG="866a7981895be684f4462051ad717cb48cd228e4" -RELEASE_TIMESTAMP="20220808204007" +RELEASE_TAG="89ba701459beaaffd4216e142b9502b8ee460159" +RELEASE_TIMESTAMP="20220822195114" diff --git a/thunderbird-102.1.2.source.tar.xz b/thunderbird-102.1.2.source.tar.xz deleted file mode 100644 index df78fd8..0000000 --- a/thunderbird-102.1.2.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:00acfe3d8fd534a3734602ba7bd377297fa4e09a9ebe0f7c69f455a596334903 -size 505593480 diff --git a/thunderbird-102.1.2.source.tar.xz.asc b/thunderbird-102.1.2.source.tar.xz.asc deleted file mode 100644 index aa4d05c..0000000 --- a/thunderbird-102.1.2.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmLxnCIACgkQ6+QekPbx -L23m9BAAsK0GkZGbybtJIVO2lbx/bHJn0d+sSlHbscGxWkPSdgG022EumMk7+ghc -Wh3xlzFJyFa7C5uA6g2RtO57HLLbJzvKsdUhyddxpPfW9REpPoac9jgQnNqWRovH -D9a9e+ZvQKa9P1qW01BHLPmKA69vyqz0T3dreExea/aW6LCHs5YgUL7l2ZL0m83Z -rGPwM4VIt5XJozCWNDijqFbHmXZN3Tfc8oI6HnuwB7hPZ1zJ/mzRbn6BckRQAnr8 -v6hEVEZS6hYXGwBzzzl411ChrQnw+uLUydPMFB0+FQbJQm0fXYgsQnM0CnJAv3JI -0AF3CrpepBa0ZCjN8rFYqhbNrhb0BF1InIDRqQRpQpqs4AHTHO1kLWYzvGoiVjgC -hbtdli7/09ht8sIoP2pK4qBChIGH8ElLIpfjtX7Tb0gBoPmXHWU+85UvfPem8ON+ -xZ2FRJhLwT6l1XEdwWch6uD1p6jxYqIn/lZ8PSkDw7/UafTHlDh/5WsvYee857ys -UEy+RA6ohN5Ah7qvBx9HrjTWeR5R1blglQj/tgDhDEb7TA6I0nnqLENq3qPf10sf -LhRK6JFYlhGlbH/okr493/Y3XvsElAAHeSkduhsaqgTn4WV/tLLdBAAPe7tKno/+ -XBqJTzW/TssVaOK/awGnvQvDQcjna4lsu7iJXTI8BaSLebnTtfM= -=IIqA ------END PGP SIGNATURE----- diff --git a/thunderbird-102.2.0.source.tar.xz b/thunderbird-102.2.0.source.tar.xz new file mode 100644 index 0000000..bc76116 --- /dev/null +++ b/thunderbird-102.2.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:39cded4efd28d63c8f2bb4d46250b624aad29bd47b49eae85eff5a4746180e6c +size 500331516 diff --git a/thunderbird-102.2.0.source.tar.xz.asc b/thunderbird-102.2.0.source.tar.xz.asc new file mode 100644 index 0000000..7da556f --- /dev/null +++ b/thunderbird-102.2.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmMD8ggACgkQ6+QekPbx +L23NiRAAhzVEmvrB14Xs2CIAjuGRcne2uz34yiACQnS3ZOOOTc8LvBlbG5fMIrVG +o/2ejlBsxnihLaesjf1XCT58R0aWidbJF6IVqOeNXrJ5+egexHuE+x1UvQKIQZDG +zOvErwH9rPG60pbBRVbfdfHUbAPCxN2RZ8Ae7xgaySu4cJPm/OUX6JQS/uN2l6HD +7Ad6HOv1SkD9WUdmu9W/RUMa+iPkcbgaFczXA9NWKhzInVgwEeDaUK4siFP0B9JP +KMpOY4As9rDCKqYg8GwRDB5OhrikWjXpG6KQ5kxUBYVChPNolbWs4pSDZn5n1MCn +lyfIsIX/PI0xVB4mpf0lV/8KKMLXnFPCdwJ2fRawLKd/HtxBbFCjnHqkoR2NPiUc +kap9QpXs/HErAMEjZsUBKMKo3XAUKIZfHmC41MHMUddcwGELF3DdTPQ8osini4tF +k6vBXbSGcGQ8k+2YAsTdaaGv8Msgh0yO8eTYt23G4uXf/NRGSGoPhgoLHAZFmnjI +fAgMIHpm//YSuAVj4ghAzfrwC+LBUyO+NaXX+1/oNGLbIcBn4Cz301SesSkn+jB0 +ej6oLn90YcyiI78wwZJIgY9tz/M4WEts5vwJMNmf9ucNNes6hXKpsT+e144ebfdT +9ZEC5yDNwgrMiI5gIuIJK3hDCkZpVzPayJct5kVrQk39tokCw2M= +=2BJ5 +-----END PGP SIGNATURE-----