diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 50ec5df..c5ce94c 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Tue Jan 26 07:47:13 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Thunderbird 78.7.0 + MFSA 2021-05 (bsc#1181414) + * CVE-2021-23953 (bmo#1683940) + Cross-origin information leakage via redirected PDF requests + * CVE-2021-23954 (bmo#1684020) + Type confusion when using logical assignment operators in + JavaScript switch statements + * CVE-2020-15685 (bmo#1622640) + IMAP Response Injection when using STARTTLS + * CVE-2020-26976 (bmo#1674343) + HTTPS pages could have been intercepted by a registered + service worker when they should not have been + * CVE-2021-23960 (bmo#1675755) + Use-after-poison for incorrectly redeclared JavaScript + variables during GC + * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, + bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844, + bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410, + bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736, + bmo#1685260, bmo#1685925) + Memory safety bugs fixed in Thunderbird 78.7 + +------------------------------------------------------------------- +Sun Jan 24 09:33:04 UTC 2021 - Manfred Hollstein + +- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer + rpm versions in TW remove everything there as the first action + of %install + ------------------------------------------------------------------- Mon Jan 11 16:35:00 UTC 2021 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index bdcaec9..7d98834 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -2,7 +2,7 @@ # spec file for package MozillaThunderbird # # Copyright (c) 2021 SUSE LLC -# 2006-2020 Wolfgang Rosenauer +# 2006-2021 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 78 -%define mainver %major.6.1 -%define orig_version 78.6.1 +%define mainver %major.7.0 +%define orig_version 78.7.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -477,7 +477,6 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \ # build additional locales %if %localize -mkdir -p %{buildroot}%{progdir}/extensions/ truncate -s 0 %{_tmppath}/translations.{common,other} # langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943) # Therefore, we have to have a separate obj-dir for each language diff --git a/l10n-78.6.1.tar.xz b/l10n-78.6.1.tar.xz deleted file mode 100644 index 0df69a9..0000000 --- a/l10n-78.6.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c2f5e058346036259d0d945dc41f4cb0e56f8bd54b2eae9c6d47423574b57171 -size 29061960 diff --git a/l10n-78.7.0.tar.xz b/l10n-78.7.0.tar.xz new file mode 100644 index 0000000..ab83d16 --- /dev/null +++ b/l10n-78.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5c083f95410c69dd7d2fa4ea2619be0c0d6e33c2e4630431a521aef6a58b79a4 +size 29102224 diff --git a/tar_stamps b/tar_stamps index 5c4c80e..c62ac69 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr78" -VERSION="78.6.1" +VERSION="78.7.0" VERSION_SUFFIX="" -PREV_VERSION="78.6.0" +PREV_VERSION="78.6.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78" -RELEASE_TAG="f99e82f3f3cae6af48006c39fceb3beeabccd6f6" -RELEASE_TIMESTAMP="20210107201950" +RELEASE_TAG="d4c4077a3ef9b3221984f2d0b42f1d96c35776e8" +RELEASE_TIMESTAMP="20210126033722" diff --git a/thunderbird-78.6.1.source.tar.xz b/thunderbird-78.6.1.source.tar.xz deleted file mode 100644 index 0a738f1..0000000 --- a/thunderbird-78.6.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:870b544d26f5e52c187499d134e49eded2943a4a029269ae86aba6a69c53dcc6 -size 351971732 diff --git a/thunderbird-78.6.1.source.tar.xz.asc b/thunderbird-78.6.1.source.tar.xz.asc deleted file mode 100644 index 399d0bc..0000000 --- a/thunderbird-78.6.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/3lTcACgkQ8aZmj7t9 -Vy6EDA//c6wZ8M/Nv73rHw3Vudq+vJiX7JsS0JyCQwalznTD9JAFGQbPSyrigtZ5 -iLbCeNxA9AAg+lO+oYW6TUQq+ZXJxB2bxYi/gygTmhSeYXKJEdXFXnZSyMo6imSc -Ctdzm23IumZ2SQ7q0rOQrsTTTDzSWHYT0TSwKQI7m91wJmXzate9fObYhOvQa1Lo -EX5WEe9ArnKAS/xrDGjXVvrXoLlT3sG+r4EdGX7ZzLqaifEvVX/yaKF8iVWapFaQ -eGJWvHZ9zr4MHLoS6Ca0DN7bpntfuGNB2U0++cxaJG8+QUc5DmnAH7A4aKPDq+Ji -hbwHo6O/8OFDOJCiir7CnyV9fQLkV92vuFKwFzanp1jP4hgOArMxHkt7E/eE4Ylw -jruNv3lFZ9d+LGqjxpyEtsH0Z71UvqbyM2rbq6oxB9DqOMvVGBKNS7eVXq3jFZkB -z7EsDbr8jDoKjkPMMrPO658yu4Pcx3tK0poTchzE/Rgj5hYHD/b8g9/yBOjNi1v2 -LMWhg3QCr9inp0LByMO+2SxoOqB/+4Kg/z0d+fic2pVSTaaRS93nvGfCrXrUmHCF -Yxd4L7/LtP6XUqsjJEcpvXH4GFPk850c+yHtaTyT0SbI0XGuCjT2ZVshtHj9yTD2 -5sia7yo/zl6e8GR8qgLmJXRM7SCnmmFqj1MhlKx5g9MTKv15y5k= -=NR/e ------END PGP SIGNATURE----- diff --git a/thunderbird-78.7.0.source.tar.xz b/thunderbird-78.7.0.source.tar.xz new file mode 100644 index 0000000..09d6c47 --- /dev/null +++ b/thunderbird-78.7.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:77b6da5cab9107cc1650f95be8593f6344bfe04d7e4395a28fde64a4fc301c08 +size 353095828 diff --git a/thunderbird-78.7.0.source.tar.xz.asc b/thunderbird-78.7.0.source.tar.xz.asc new file mode 100644 index 0000000..9906aac --- /dev/null +++ b/thunderbird-78.7.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmAPlFUACgkQ8aZmj7t9 +Vy6c+BAAkA9+Dr4VwW2dKtQN7K30zuJncy2WKJN7RYyvOLsk2m252HKQ3W9eB3gi +9v9LEFRwLi4vqb7+tB4FziNe4vmfmG3GEOthvHps/wH0RHcKivT2nr77bcJirWgM +VJP9pDCCui7D5bKOz7nTXM/fWqzek8VJ729ta5mclIpiJ+J+LHO4VXPdxchdmcW2 +6cktZxBUkb8lSJixO12wdjBLMwROK0xGS8qijamX7x2rD8fMRW1sh9rVdG5KDzNO +ko3i7gkjx3k03RgjIwzIvTti39lUb2pyh67BatB3oFAr4g7Z1jGQcUJjnUQRq3qI +eavYaQA2y0hpJkPlfCIPpQ1MTPGsexScFzhl3w0guQB88hZd2M4L1mkQhIohV2SY +iRZ/rys+CSTiLDV2ONAgF/uiIiLN6xHM4x2QWsJ/jjRkhl+OM6fxBFEHxtuZ5vJs +0ASjwSiALE48Y7ejW/8cWwOvU/Xfgpet3x2qNiA2yqmHISOFfhtmMGcKyiGQq50d +1qQ8CeBMSNthQNZdQ/752pHt5qTsX1K9LtNLGMlw14mVKBqk9RZGEkAdXcMGoLS6 +eJpJajXIhKvCbwxVwK4Iknnkr/E8zWCq9WwDFyLxVVmc/p+3r4lP00YaCqbUbZZY +qJvYppMzRl/ksWAguEi0TluB1cjmOT/hhkBmVwsNsUdXb/QTdmY= +=un1E +-----END PGP SIGNATURE-----