- Mozilla Thunderbird 78.6.1

MFSA 2021-02 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO SCTP
    chunk

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=571
This commit is contained in:
Wolfgang Rosenauer 2021-01-11 22:06:38 +00:00 committed by Git OBS Bridge
parent a88987f6eb
commit ff0ed7bc92
9 changed files with 44 additions and 35 deletions

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon Jan 11 16:35:00 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 78.6.1
MFSA 2021-02 (bsc#1180623)
* CVE-2020-16044 (bmo#1683964)
Use-after-free write when handling a malicious COOKIE-ECHO SCTP
chunk
-------------------------------------------------------------------
Sat Dec 12 10:25:08 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>

View File

@ -1,7 +1,7 @@
#
# spec file for package MozillaThunderbird
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
# 2006-2020 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 78
%define mainver %major.6.0
%define orig_version 78.6.0
%define mainver %major.6.1
%define orig_version 78.6.1
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}
@ -477,6 +477,7 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \
# build additional locales
%if %localize
mkdir -p %{buildroot}%{progdir}/extensions/
truncate -s 0 %{_tmppath}/translations.{common,other}
# langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943)
# Therefore, we have to have a separate obj-dir for each language
@ -494,7 +495,7 @@ ac_add_options --with-l10n-base=$RPM_BUILD_DIR/l10n
ac_add_options --disable-updater
ac_add_options --enable-official-branding
EOF
mkdir -p $RPM_BUILD_DIR/langpacks_artifacts/
sed -r '/^(ja-JP-mac|en-US|$)/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/mail/locales/shipped-locales \
| xargs -n 1 %{?jobs:-P %jobs} -I {} /bin/sh -c '
locale=$1
@ -504,9 +505,10 @@ sed -r '/^(ja-JP-mac|en-US|$)/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/m
# nsinstall is needed for langpack-build. It is already built by `./mach build`, but building it again is very fast
./mach build config/nsinstall langpack-$locale
cp -rL ../obj_$locale/dist/xpi-stage/locale-$locale \
$RPM_BUILD_DIR/langpacks_artifacts/langpack-$locale@thunderbird.mozilla.org
rm -rf $RPM_BUILD_DIR/langpacks_artifacts/langpack-$locale@thunderbird.mozilla.org/defaults
rm -rf $RPM_BUILD_DIR/langpacks_artifacts/langpack-$locale@thunderbird.mozilla.org/hyphenation
%{buildroot}%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org
# remove prefs, profile defaults, and hyphenation from langpack
rm -rf %{buildroot}%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org/defaults
rm -rf %{buildroot}%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org/hyphenation
# Build systems like to run out of disc-space, so we delete the build-dir here (we copied already all relevant files)
rm -rf ../obj_$locale/
# check against the fixed common list and sort into the right filelist
@ -532,8 +534,6 @@ make -C comm/mail/installer STRIP=/bin/true MOZ_PKG_FATAL_WARNINGS=0
# copy tree into RPM_BUILD_ROOT
mkdir -p %{buildroot}%{progdir}
cp -rf $RPM_BUILD_DIR/obj/dist/%{progname}/* %{buildroot}%{progdir}
mkdir -p %{buildroot}%{progdir}/extensions
cp -rf $RPM_BUILD_DIR/langpacks_artifacts/* %{buildroot}%{progdir}/extensions/
# remove some executable permissions
find %{buildroot}%{progdir} \

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea0feb7edc1f635e30748e84ad794eef90343c70a24b5743bd8d27f17d809564
size 29071884

3
l10n-78.6.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c2f5e058346036259d0d945dc41f4cb0e56f8bd54b2eae9c6d47423574b57171
size 29061960

View File

@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr78"
VERSION="78.6.0"
VERSION="78.6.1"
VERSION_SUFFIX=""
PREV_VERSION="78.5.1"
PREV_VERSION="78.6.0"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78"
RELEASE_TAG="18be92a3f0388fe1b69941a50cdbadbf2c95b885"
RELEASE_TIMESTAMP="20201211152611"
RELEASE_TAG="f99e82f3f3cae6af48006c39fceb3beeabccd6f6"
RELEASE_TIMESTAMP="20210107201950"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1dd6f9a4d88b4c3d0ec47bba60a891243ef95e105a9045b2d32e2b126779844b
size 353496712

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/UFaYACgkQ8aZmj7t9
Vy7Zxw//SSXD2GtgG0ko3xNQwQ2ujCOI80OYig92+GkFr1xIOuz3xvE5cLbWnYIP
Vzc6qBgaBZr4MJKL4B0URTOLivwKDNQb7c84zbUWJKaf3XHBQW+jroltl0J3lfgn
CpMoY3ekyzZeWZ+o0N0zexGRb1dUEAyUG4GgWUdozLeLG4DO7w70x/iI2wDP4QQN
VxQo0cYtdfizdvjky1v96OEFic6JFrDnj9VDQSI97NX5EAr+sI+ihvPr2mDzn+IA
kSmXfDGvTOvkoz13heNE2BHX5XM1GMuWpkrNQzW5G4mp5on52z1uHHIYZqc49uip
2KDAGX9NJbIGCn2utcwtsEhq3jtstjnHS5HzaeYEK4mjifdtxygXiWJZoaPSVTx0
25ZjXI6LBJcuBKVZkvbEdR35nuA8Y83i/Jf7JtFoWlM/nyu+ElkW9gdvnmqYCPNp
0+0aEus0M0n5By+OxO9vF7Mm63z4Bj1YKnvU6+4s1d6G2HyICrNPZJ8IaDK3zj21
oERuECpbWwrYU8cramlxxnpJfqI4EjQ6ZaPz1q9j3U7eT1Vr5cw2KGct2E6aHE36
rUEgzO1TcZpGSWQUr1arDWePkCqHofUYsE15pjAFbBVF4Q9Ut3FKYUG6Jo0hbZJr
WKoQLzyxi0EGey5oiHiBnc+XOCr4ub1eujBf2uCciZHiZ7htr/E=
=RpOn
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:870b544d26f5e52c187499d134e49eded2943a4a029269ae86aba6a69c53dcc6
size 351971732

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/3lTcACgkQ8aZmj7t9
Vy6EDA//c6wZ8M/Nv73rHw3Vudq+vJiX7JsS0JyCQwalznTD9JAFGQbPSyrigtZ5
iLbCeNxA9AAg+lO+oYW6TUQq+ZXJxB2bxYi/gygTmhSeYXKJEdXFXnZSyMo6imSc
Ctdzm23IumZ2SQ7q0rOQrsTTTDzSWHYT0TSwKQI7m91wJmXzate9fObYhOvQa1Lo
EX5WEe9ArnKAS/xrDGjXVvrXoLlT3sG+r4EdGX7ZzLqaifEvVX/yaKF8iVWapFaQ
eGJWvHZ9zr4MHLoS6Ca0DN7bpntfuGNB2U0++cxaJG8+QUc5DmnAH7A4aKPDq+Ji
hbwHo6O/8OFDOJCiir7CnyV9fQLkV92vuFKwFzanp1jP4hgOArMxHkt7E/eE4Ylw
jruNv3lFZ9d+LGqjxpyEtsH0Z71UvqbyM2rbq6oxB9DqOMvVGBKNS7eVXq3jFZkB
z7EsDbr8jDoKjkPMMrPO658yu4Pcx3tK0poTchzE/Rgj5hYHD/b8g9/yBOjNi1v2
LMWhg3QCr9inp0LByMO+2SxoOqB/+4Kg/z0d+fic2pVSTaaRS93nvGfCrXrUmHCF
Yxd4L7/LtP6XUqsjJEcpvXH4GFPk850c+yHtaTyT0SbI0XGuCjT2ZVshtHj9yTD2
5sia7yo/zl6e8GR8qgLmJXRM7SCnmmFqj1MhlKx5g9MTKv15y5k=
=NR/e
-----END PGP SIGNATURE-----