Commit Graph

11 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
98a8bbee26 - Mozilla Thunderbird 115.2.0
https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes
  MFSA 2023-38 (bsc#1214606)
  * CVE-2023-4573 (bmo#1846687)
    Memory corruption in IPC CanvasTranslator
  * CVE-2023-4574 (bmo#1846688)
    Memory corruption in IPC ColorPickerShownCallback
  * CVE-2023-4575 (bmo#1846689)
    Memory corruption in IPC FilePickerShownCallback
  * CVE-2023-4576 (bmo#1846694)
    Integer Overflow in RecordedSourceSurfaceCreation
  * CVE-2023-4577 (bmo#1847397)
    Memory corruption in JIT UpdateRegExpStatics
  * CVE-2023-4051 (bmo#1821884)
    Full screen notification obscured by file open dialog
  * CVE-2023-4578 (bmo#1839007)
    Error reporting methods in SpiderMonkey could have triggered
    an Out of Memory Exception
  * CVE-2023-4053 (bmo#1839079)
    Full screen notification obscured by external program
  * CVE-2023-4580 (bmo#1843046)
    Push notifications saved to disk unencrypted
  * CVE-2023-4581 (bmo#1843758)
    XLL file extensions were downloadable without warnings
  * CVE-2023-4582 (bmo#1773874)
    Buffer Overflow in WebGL glGetProgramiv
  * CVE-2023-4583 (bmo#1842030)
    Browsing Context potentially not cleared when closing Private
    Window
  * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=714
2023-08-31 07:59:41 +00:00
Wolfgang Rosenauer
6c01889e00 - Mozilla Thunderbird 91.0.1
- appdate screenshot URL updated (by mailaender@opensuse.org)

- Mozilla Thunderbird 91.0
  * based on Mozilla's 91 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
  * Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
  * Thunderbird now operates in multi-process (e10s) mode by default
  * New user interface for adding attachments
  * Enable redirect of messages
  * CardDAV address book support
- Removed obsolete patches:
  * mozilla-bmo1463035.patch
  * mozilla-ppc-altivec_static_inline.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1554971.patch
- add mozilla-libavcodec58_91.patch
- removed obsolete BigEndian ICU build workaround
- updated build requirements
- build using clang

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=600
2021-08-19 07:16:16 +00:00
Wolfgang Rosenauer
08fe2a30d3 - Mozilla Thunderbird 68.1.0
add-on is required for this account type. IMAP still exists as
    alternative.
  * several bugfixes
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
    ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build

- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.

- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483
2019-09-13 20:15:12 +00:00
Wolfgang Rosenauer
126ce832a3 changelog (security related) missing still
- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches
  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs
  * CVE-2018-18498 bmo#1500011
    Integer overflow when calculating buffer sizes for images

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=451
2019-01-29 19:03:55 +00:00
Wolfgang Rosenauer
cde9b1d6a6 - update to Thunderbird 60.0
* requires NSPR 4.19 and NSS 3.36.4
  * what's new
    https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
- source archives are now signed directly
  (removed checksum signature check)
- imported patches from Firefox 60
  * mozilla-bmo1375074.patch
  * mozilla-bmo1464766.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
- removed obsolete patches
  * mozilla-language.patch
- removed -devel subpackage as old-style extensions are mainly gone
- storing of remote content settings fixed (boo#1084603)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=419
2018-08-06 14:26:01 +00:00
Wolfgang Rosenauer
c34ff70793 - update to Thunderbird 31.0
* based on Gecko 31
  * Autocompleting email addresses now matches against any part of
    the name or email
  * Composing a mail to a newsgroup will now autocomplete newsgroup
    names
  * Insecure NTLM (pre-NTLMv2) authentication disabled
- rebased patches
- removed enigmail entirely from source package
- removed obsolete patches
  * libffi-ppc64le.patch
  * ppc64le-support.patch
  * xpcom-ppc64le.patch
- use GStreamer 1.0 after 13.1
- switched source archives to use xz instead of bz2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=251
2014-07-28 13:29:31 +00:00
Wolfgang Rosenauer
48525070cc OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=238 2014-02-03 23:07:14 +00:00
Wolfgang Rosenauer
929740e2de - update to Thunderbird 24.3.0 (bnc#861847)
* requires NSS 3.15.4
- renamed ppc64le patches to streamline with Firefox package

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=237
2014-02-03 16:33:09 +00:00
Wolfgang Rosenauer
1cbaa007b0 - update to Thunderbird 24.0 (bnc#840485)
- require NSPR 4.10 and NSS 3.15.1
- add GStreamer build requirements for Gecko
- added enigmail-build.patch to fix TB packaging (bmo#886095)
- removed obsolete patches:
  * enigmail-old-gcc.patch
  * mozilla-gcc43-enums.patch
  * mozilla-gcc43-template_hacks.patch
  * mozilla-gcc43-templates_instantiation.patch
  * ppc-xpcshell.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=222
2013-09-16 09:26:56 +00:00
Wolfgang Rosenauer
9c02a444ab - update to Thunderbird 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
    Miscellaneous memory safety hazards
  * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
    Content Security Policy inline-script bypass
  * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
    Information disclosure though Windows file shares and shortcut
    files
  * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
    Use-after-free while replacing/inserting a node in a document
  * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
    Buffer overflow and use-after-free issues found using Address
    Sanitizer
- require NSS 3.13.4
  * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix build with system NSPR (mozilla-system-nspr.patch)
- add dependentlibs.list for improved XRE startup
- update enigmail to 1.4.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=178
2012-06-06 06:41:25 +00:00
Wolfgang Rosenauer
2f435219ac - update to Thunderbird 11.0 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
    XSS with Drag and Drop and Javascript: URL
  * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
    SVG issues found with Address Sanitizer
  * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
    XSS with multiple Content Security Policy headers
  * MFSA 2012-16/CVE-2012-0458
    Escalation of privilege with Javascript: URL as home page
  * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
    Crash when accessing keyframe cssText after dynamic modification
  * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
    window.fullScreen writeable by untrusted content
  * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
    CVE-2012-0463
    Miscellaneous memory safety hazards
- update enigmail to 1.4
- added KDE integration patches (bnc#749440)

- update enigmail to 1.3.99 (1.4a1pre)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=162
2012-03-14 07:47:37 +00:00