- Mozilla Thunderbird 78.7.0

MFSA 2021-05 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2020-15685 (bmo#1622640)
    IMAP Response Injection when using STARTTLS
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
    bmo#1685260, bmo#1685925)
    Memory safety bugs fixed in Thunderbird 78.7

- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
  rpm versions in TW remove everything there as the first action
  of %install

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=574
This commit is contained in:
Wolfgang Rosenauer 2021-01-26 21:46:33 +00:00 committed by Git OBS Bridge
parent 5c0edfa8c6
commit fa9e13d8e7
9 changed files with 61 additions and 30 deletions

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Tue Jan 26 07:47:13 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 78.7.0
MFSA 2021-05 (bsc#1181414)
* CVE-2021-23953 (bmo#1683940)
Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954 (bmo#1684020)
Type confusion when using logical assignment operators in
JavaScript switch statements
* CVE-2020-15685 (bmo#1622640)
IMAP Response Injection when using STARTTLS
* CVE-2020-26976 (bmo#1674343)
HTTPS pages could have been intercepted by a registered
service worker when they should not have been
* CVE-2021-23960 (bmo#1675755)
Use-after-poison for incorrectly redeclared JavaScript
variables during GC
* CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
bmo#1685260, bmo#1685925)
Memory safety bugs fixed in Thunderbird 78.7
-------------------------------------------------------------------
Sun Jan 24 09:33:04 UTC 2021 - Manfred Hollstein <manfred.h@gmx.net>
- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
rpm versions in TW remove everything there as the first action
of %install
-------------------------------------------------------------------
Mon Jan 11 16:35:00 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>

View File

@ -2,7 +2,7 @@
# spec file for package MozillaThunderbird
#
# Copyright (c) 2021 SUSE LLC
# 2006-2020 Wolfgang Rosenauer <wr@rosenauer.org>
# 2006-2021 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 78
%define mainver %major.6.1
%define orig_version 78.6.1
%define mainver %major.7.0
%define orig_version 78.7.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}
@ -477,7 +477,6 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \
# build additional locales
%if %localize
mkdir -p %{buildroot}%{progdir}/extensions/
truncate -s 0 %{_tmppath}/translations.{common,other}
# langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943)
# Therefore, we have to have a separate obj-dir for each language

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c2f5e058346036259d0d945dc41f4cb0e56f8bd54b2eae9c6d47423574b57171
size 29061960

3
l10n-78.7.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5c083f95410c69dd7d2fa4ea2619be0c0d6e33c2e4630431a521aef6a58b79a4
size 29102224

View File

@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr78"
VERSION="78.6.1"
VERSION="78.7.0"
VERSION_SUFFIX=""
PREV_VERSION="78.6.0"
PREV_VERSION="78.6.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78"
RELEASE_TAG="f99e82f3f3cae6af48006c39fceb3beeabccd6f6"
RELEASE_TIMESTAMP="20210107201950"
RELEASE_TAG="d4c4077a3ef9b3221984f2d0b42f1d96c35776e8"
RELEASE_TIMESTAMP="20210126033722"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:870b544d26f5e52c187499d134e49eded2943a4a029269ae86aba6a69c53dcc6
size 351971732

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/3lTcACgkQ8aZmj7t9
Vy6EDA//c6wZ8M/Nv73rHw3Vudq+vJiX7JsS0JyCQwalznTD9JAFGQbPSyrigtZ5
iLbCeNxA9AAg+lO+oYW6TUQq+ZXJxB2bxYi/gygTmhSeYXKJEdXFXnZSyMo6imSc
Ctdzm23IumZ2SQ7q0rOQrsTTTDzSWHYT0TSwKQI7m91wJmXzate9fObYhOvQa1Lo
EX5WEe9ArnKAS/xrDGjXVvrXoLlT3sG+r4EdGX7ZzLqaifEvVX/yaKF8iVWapFaQ
eGJWvHZ9zr4MHLoS6Ca0DN7bpntfuGNB2U0++cxaJG8+QUc5DmnAH7A4aKPDq+Ji
hbwHo6O/8OFDOJCiir7CnyV9fQLkV92vuFKwFzanp1jP4hgOArMxHkt7E/eE4Ylw
jruNv3lFZ9d+LGqjxpyEtsH0Z71UvqbyM2rbq6oxB9DqOMvVGBKNS7eVXq3jFZkB
z7EsDbr8jDoKjkPMMrPO658yu4Pcx3tK0poTchzE/Rgj5hYHD/b8g9/yBOjNi1v2
LMWhg3QCr9inp0LByMO+2SxoOqB/+4Kg/z0d+fic2pVSTaaRS93nvGfCrXrUmHCF
Yxd4L7/LtP6XUqsjJEcpvXH4GFPk850c+yHtaTyT0SbI0XGuCjT2ZVshtHj9yTD2
5sia7yo/zl6e8GR8qgLmJXRM7SCnmmFqj1MhlKx5g9MTKv15y5k=
=NR/e
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:77b6da5cab9107cc1650f95be8593f6344bfe04d7e4395a28fde64a4fc301c08
size 353095828

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmAPlFUACgkQ8aZmj7t9
Vy6c+BAAkA9+Dr4VwW2dKtQN7K30zuJncy2WKJN7RYyvOLsk2m252HKQ3W9eB3gi
9v9LEFRwLi4vqb7+tB4FziNe4vmfmG3GEOthvHps/wH0RHcKivT2nr77bcJirWgM
VJP9pDCCui7D5bKOz7nTXM/fWqzek8VJ729ta5mclIpiJ+J+LHO4VXPdxchdmcW2
6cktZxBUkb8lSJixO12wdjBLMwROK0xGS8qijamX7x2rD8fMRW1sh9rVdG5KDzNO
ko3i7gkjx3k03RgjIwzIvTti39lUb2pyh67BatB3oFAr4g7Z1jGQcUJjnUQRq3qI
eavYaQA2y0hpJkPlfCIPpQ1MTPGsexScFzhl3w0guQB88hZd2M4L1mkQhIohV2SY
iRZ/rys+CSTiLDV2ONAgF/uiIiLN6xHM4x2QWsJ/jjRkhl+OM6fxBFEHxtuZ5vJs
0ASjwSiALE48Y7ejW/8cWwOvU/Xfgpet3x2qNiA2yqmHISOFfhtmMGcKyiGQq50d
1qQ8CeBMSNthQNZdQ/752pHt5qTsX1K9LtNLGMlw14mVKBqk9RZGEkAdXcMGoLS6
eJpJajXIhKvCbwxVwK4Iknnkr/E8zWCq9WwDFyLxVVmc/p+3r4lP00YaCqbUbZZY
qJvYppMzRl/ksWAguEi0TluB1cjmOT/hhkBmVwsNsUdXb/QTdmY=
=un1E
-----END PGP SIGNATURE-----