Commit Graph

407 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
9e204516c2 - Mozilla Thunderbird 78.10.0
MFSA 2021-14 (bsc#1184960)
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29948 (bmo#1692899)
    Race condition when reading from disk while verifying
    signatures
- recommend libotr5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=586
2021-04-20 07:54:22 +00:00
Wolfgang Rosenauer
74378bcda4 - Mozilla Thunderbird 78.9.1
* Support recipient aliases for OpenPGP encryption
  * The key and signature parts of the message security popup on a
    received message could not be selected for copy/paste
  * Various UX and theme improvements
  MFSA 2021-13
  * CVE-2021-23991 (bmo#1673240)
    An attacker may use Thunderbird's OpenPGP key refresh mechanism
    to poison an existing key
  * MOZ-2021-23992 (bmo#1666236)
    A crafted OpenPGP key with an invalid user ID could be used to
    confuse the user
  * CVE-2021-23993 (bmo#1666360)
    Inability to send encrypted OpenPGP email after importing a
    crafted OpenPGP key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=584
2021-04-10 16:21:27 +00:00
Wolfgang Rosenauer
9e317f3906 - Mozilla Thunderbird 78.9.0
* bugfixes:
    https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes
  MFSA 2021-12 (boo#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * MOZ-2021-0002 (bmo#1691547)
    Angle graphics library out of date
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=582
2021-03-24 21:31:27 +00:00
Wolfgang Rosenauer
6c5e0317ac - Mozilla Thunderbird 78.8.1
* several bugfixes and improvements
  * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/
- updated create-tar.sh (bsc#1182357)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=580
2021-03-10 12:07:26 +00:00
Wolfgang Rosenauer
e40e7bf353 - Mozilla Thunderbird 78.8.0
* various bugfixes
  MFSA 2021-09 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23973 (bmo#1690976)
    MediaError message property could have leaked information
    about cross-origin resources
  * CVE-2021-23978 (bmo#786797, bmo#1682928, bmo#1687391,
    bmo#1687597)
    Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=578
2021-02-24 08:08:21 +00:00
Wolfgang Rosenauer
b79bfbd3a5 - Mozilla Thunderbird 78.7.1
* CardDAV address books now support OAuth2 and Google Contacts
  * Thunderbird will no longer allow installation of addons that
    use legacy APIs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=576
2021-02-05 22:43:35 +00:00
Wolfgang Rosenauer
fa9e13d8e7 - Mozilla Thunderbird 78.7.0
MFSA 2021-05 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2020-15685 (bmo#1622640)
    IMAP Response Injection when using STARTTLS
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
    bmo#1685260, bmo#1685925)
    Memory safety bugs fixed in Thunderbird 78.7

- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
  rpm versions in TW remove everything there as the first action
  of %install

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=574
2021-01-26 21:46:33 +00:00
Wolfgang Rosenauer
ff0ed7bc92 - Mozilla Thunderbird 78.6.1
MFSA 2021-02 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO SCTP
    chunk

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=571
2021-01-11 22:06:38 +00:00
Wolfgang Rosenauer
d604cb9fa9 - Mozilla Thunderbird 78.6.0
* changes and additions in MailExtensions
  * several bugfixes
  * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
  MFSA 2020-56 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Thunderbird 78.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=568
2020-12-15 22:24:07 +00:00
Wolfgang Rosenauer
b0432050ce - Mozilla Thunderbird 78.5.1
MFSA 2020-53 (bsc#1179530)
  * CVE-2020-26970 (bmo#1677338)
    Stack overflow due to incorrect parsing of SMTP server response codes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=566
2020-12-02 16:28:42 +00:00
Wolfgang Rosenauer
4a95a320a3 - Mozilla Thunderbird 78.5.0
MFSA 2020-52 (bsc#1178894)
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security
    UI
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions
  * CVE-2020-26959 (bmo#1669466)
    Use-after-free in WebRequestService
  * CVE-2020-26960 (bmo#1670358)
    Potential use-after-free in uses of nsTArray
  * CVE-2020-15999 (bmo#1672223)
    Heap buffer overflow in freetype
  * CVE-2020-26961 (bmo#1672528)
    DoH did not filter IPv4 mapped IP Addresses
  * CVE-2020-26965 (bmo#1661617)
    Software keyboards may have remembered typed passwords
  * CVE-2020-26966 (bmo#1663571)
    Single-word search queries were also broadcast to local
    network
  * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=564
2020-11-17 14:20:30 +00:00
Wolfgang Rosenauer
808637d07c https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=562
2020-11-11 09:22:58 +00:00
Wolfgang Rosenauer
007409f510 - Mozilla Thunderbird 78.4.3
- added mozilla-rust-1.47.patch to fix build with rust 1.47

- Mozilla Thunderbird 78.4.2
  MFSA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=561
2020-11-11 09:21:39 +00:00
Wolfgang Rosenauer
db081d1533 - Mozilla Thunderbird 78.4.1
* Bugfixes and minor features
    https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=560
2020-11-08 18:36:03 +00:00
Wolfgang Rosenauer
63df217471 MFSA 2020-47 (bsc#1177872)
* CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760,
    bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=558
2020-10-21 20:18:32 +00:00
Wolfgang Rosenauer
69e75a6f77 - Mozilla Thunderbird 78.4.0
* MailExtensions: browser.tabs.sendMessage API added
  * MailExtensions: messageDisplayScripts API added
  * Yahoo and AOL mail users using password authentication will be
    migrated to OAuth2
  * MailExtensions: messageDisplay APIs extended to support multiple
    selected messages
  * MailExtensions: compose.begin functions now support creating a
    message with attachments
  * multiple bugfixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=557
2020-10-21 09:31:04 +00:00
Wolfgang Rosenauer
8d908f5892 - Mozilla Thunderbird 78.3.3
* OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP message status icons were not visible in message header pane
  * OpenPGP Key Manager was missing from Tools menu on macOS
  * Creating a new calendar event did not require an event title
- remove python2 dependencies for TW
- support wayland mode/autodetection in startup wrapper
- replace some Requires to use requires_ge macro where appropriate
- improve langpack build (as already used for Firefox)
- add ccache statistics output to build

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=555
2020-10-16 13:01:17 +00:00
Wolfgang Rosenauer
3bdd2525c1 - remove python2 dependencies for Leap 15 and TW
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=554
2020-10-08 14:14:28 +00:00
Wolfgang Rosenauer
4a103ac86f - Mozilla Thunderbird 78.3.2
* OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP: Encrypted messages with international characters were
    sometimes displayed incorrectly
  * Single-click deletion of recipient pills with middle mouse
    button restored
  * Searching an address book list did not display results
  * Dark mode, high contrast, and Windows theming fixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=552
2020-10-07 09:44:38 +00:00
Wolfgang Rosenauer
04ffbb1d9e - added platform patches:
* mozilla-s390x-skia-gradient.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1512162.patch
  * mozilla-bmo1626236.patch
  * mozilla-bmo998749.patch
  * mozilla-sandbox-fips.patch
- removed obsolete platform patches
  * mozilla-s390-bigendian.patch
  * mozilla-nestegg-big-endian.patch
  * mozilla-openaes-decl.patch
  * mozilla-cubeb-noreturn.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=550
2020-09-25 09:39:00 +00:00
Wolfgang Rosenauer
c90bbb3be9 - Mozilla Thunderbird 78.3.1
* fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)

- Mozilla Thunderbird 78.3.0
  MFSA 2020-44 (bsc#1176756)
  * CVE-2020-15677 (bmo#1641487)
    Download origin spoofing via redirect
  * CVE-2020-15676 (bmo#1646140)
    XSS when pasting attacker-controlled data into a
    contenteditable element
  * CVE-2020-15678 (bmo#1660211)
    When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-
    free scenario
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
    Memory safety bugs fixed in Thunderbird 78.3
- requires NSPR >= 4.25.1
- removed obsolete thunderbird-bmo1664607.patch

- Mozilla Thunderbird 78.2.2
  https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
- added thunderbird-bmo1664607.patch required for builds w/o updater
  (boo#1176384)

- Mozilla Thunderbird 78.2.1
  * based on Mozilla's 78 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
  * built-in OpenPGP support (enigmail neither required nor supported)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=549
2020-09-25 06:32:50 +00:00
Wolfgang Rosenauer
85d782a0f4 - Mozilla Thunderbird 68.12.0
MFSA 2020-40 (bsc#1175686)
  * CVE-2020-15663 (bmo#1643199)
    Downgrade attack on the Mozilla Maintenance Service could have
    resulted in escalation of privilege
  * CVE-2020-15664 (bmo#1658214)
    Attacker-induced prompt for extension installation
  * CVE-2020-15669 (bmo#1656957)
    Use-After-Free when aborting an operation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=547
2020-08-30 11:12:59 +00:00
Wolfgang Rosenauer
b774973e49 Accepting request 830280 from home:michel_mno:branches:mozilla:Factory
- Put back %limit_build macro usage to avoid build error PowerPC
  (remove memoryperjob constraint)

OBS-URL: https://build.opensuse.org/request/show/830280
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=546
2020-08-30 11:02:29 +00:00
Wolfgang Rosenauer
cfff8c3277 Accepting request 828067 from home:marxin:memory-constraint
Use memoryperjob constraint instead of %limit_build macro.

OBS-URL: https://build.opensuse.org/request/show/828067
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=544
2020-08-20 10:39:48 +00:00
Wolfgang Rosenauer
17467a5a91 Accepting request 823877 from home:AndreasStieger:branches:mozilla:Factory
some past changelog

OBS-URL: https://build.opensuse.org/request/show/823877
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=542
2020-08-01 11:37:02 +00:00
Wolfgang Rosenauer
11aeb7fac9 Accepting request 823875 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.11.0 - MFSA 2020-35 (bsc#1174538)

OBS-URL: https://build.opensuse.org/request/show/823875
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=541
2020-08-01 11:17:36 +00:00
Wolfgang Rosenauer
8146a35a9e Accepting request 818183 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.10.0

OBS-URL: https://build.opensuse.org/request/show/818183
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=539
2020-07-02 06:27:27 +00:00
Wolfgang Rosenauer
e65691f980 - updated create-tar.sh
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=537
2020-06-11 15:01:14 +00:00
Wolfgang Rosenauer
623455131b - build with nodejs10 to be able to drop nodejs8 from TW
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=536
2020-06-11 14:54:15 +00:00
Wolfgang Rosenauer
cde3667d7c Accepting request 812111 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.9.0
MFSA 2020-22 (bsc#1172402)

OBS-URL: https://build.opensuse.org/request/show/812111
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=534
2020-06-06 22:07:29 +00:00
Wolfgang Rosenauer
52917cea5c Accepting request 808559 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.8.1

OBS-URL: https://build.opensuse.org/request/show/808559
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=532
2020-05-25 06:47:34 +00:00
Wolfgang Rosenauer
472726a884 * Account Manager fixes and improvements
* https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes
  MFSA 2020-18 (bsc#1171186)
  * CVE-2020-12397 (bmo#1617370)
    Sender Email Address Spoofing using encoded Unicode characters
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Thunderbird 68.8.0
- removed obsolete patch mozilla-bmo1580963.patch
  (bmo#1580963)
  In general, these flaws cannot be exploited through email in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=529
2020-05-06 07:22:35 +00:00
Wolfgang Rosenauer
f31294e41a - Mozilla Thunderbird 68.8.0
- Add mozilla-bmo1580963.patch to fix build with rust 1.43

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=528
2020-05-05 07:51:42 +00:00
Wolfgang Rosenauer
34187271c9 Accepting request 800249 from home:namtrac:branches:mozilla:Factory
- Add mozilla-bmo1580963.patch to fix build with rust 1.43

OBS-URL: https://build.opensuse.org/request/show/800249
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=527
2020-05-05 07:28:14 +00:00
Wolfgang Rosenauer
12132f7191 Accepting request 793228 from home:AndreasStieger:branches:mozilla:Factory
MFSA 2020-14 data

OBS-URL: https://build.opensuse.org/request/show/793228
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=525
2020-04-11 21:13:39 +00:00
Wolfgang Rosenauer
8f09505c5b Accepting request 792897 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.7.0

OBS-URL: https://build.opensuse.org/request/show/792897
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=524
2020-04-10 08:30:57 +00:00
Wolfgang Rosenauer
56310e4a94 - Mozilla Thunderbird 68.6.0
MFSA 2020-10 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636,
    bmo#1614339)
    Memory safety bugs fixed in Thunderbird 68.6
- requires NSS >= 3.44.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=522
2020-03-14 13:26:42 +00:00
Wolfgang Rosenauer
b44fdf6e1e - Mozilla Thunderbird 68.5.0
New
  * Support for Client Identity IMAP/SMTP Service Extension
  * Support for OAuth 2.0 authentication for POP3 accounts
  Fixes
  * Status area goes blank during account setup
  * Calendar: Could not remove color for default categories
  * Calendar: Prevent calendar component loading multiple times
  * Calendar: Today pane did not retain width between sessions
  MFSA 2020-07 (bsc#1163368)
  * CVE-2020-6793 (bmo#1608539)
    Out-of-bounds read when processing certain email messages
  * CVE-2020-6794 (bmo#1606619)
    Setting a master password post-Thunderbird 52 does not delete
    unencrypted previously stored passwords
  * CVE-2020-6795 (bmo#1611105)
    Crash processing S/MIME messages with multiple signatures
  * CVE-2020-6797 (bmo#1596668) (Mac OSX only)
    Extensions granted downloads.open permission could open arbitrary
    applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript injection
  * CVE-2020-6792 (bmo#1609607)
    Message ID calculcation was based on uninitialized data
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
    bmo#1608580,bmo#1608785,bmo#1605777)
    Memory safety bugs fixed in Thunderbird 68.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=520
2020-02-11 20:44:27 +00:00
Wolfgang Rosenauer
4f424022cb Accepting request 769375 from home:hellcp:branches:mozilla:Factory
- Use a symbolic icon from branding internals

OBS-URL: https://build.opensuse.org/request/show/769375
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=518
2020-02-02 19:22:31 +00:00
Wolfgang Rosenauer
88ea2f535a - Mozilla Thunderbird 68.4.2
* Calendar: Task and Event tree colours adjusted for the dark theme
  * Retrieval of S/MIME certificates from LDAP failed
  * Address-parsing crash on some IMAP servers when
    mail.imap.use_envelope_cmd is set
  * Incorrect forwarding of HTML messages caused SMTP servers to
    respond with a timeout
  * Calendar: Various parts of the calendar UI stopped working when
    a second Thunderbird window opened

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=516
2020-01-27 10:15:48 +00:00
Wolfgang Rosenauer
c3ae989234 - removed obsolete patch mozilla-bmo1511604.patch
- added mozilla-bmo1602730.patch to fix LE<->BE issues in the
  platform (bmo#1602730)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=514
2020-01-11 08:43:34 +00:00
Wolfgang Rosenauer
424175f38c MFSA 2020-04 (bsc#1160498, bsc#1160305)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=513
2020-01-11 08:36:41 +00:00
Wolfgang Rosenauer
5d0ef2ba91 - Mozilla Thunderbird 68.4.1
* Various improvements when setting up an account for a Microsoft
    Exchange server: Now offers IMAP/SMTP if available, better
    detection for Office 365 accounts; re-run configuration after
    password change
  Fixes:
  * After changing view layout, the message display pane showed
    garbled content under some circumstances
  * Various theme changes to achieve "pixel perfection": Unread icon,
    "no results" icon, paragraph format and font selector, background
    of folder summary tooltip
  * Tags were lost on messages in shared IMAP folders under some
    circumstances
  * Calendar: Event attendee dialog was not displayed correctly
  MFSA 2020-04  (bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content process
    initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content process
    initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=512
2020-01-10 15:53:07 +00:00
Wolfgang Rosenauer
1c4a233447 - add mozilla-bmo1583471.patch to allow building with rust 1.39
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=510
2019-12-27 17:27:22 +00:00
Wolfgang Rosenauer
8e55c5b577 - Mozilla Thunderbird 68.3.1
* In dark theme unread messages no longer shown in blue to
  Bugfixes
  * Message navigation with backward and forward buttons did not work
    in some circumstances

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=509
2019-12-20 22:23:27 +00:00
Wolfgang Rosenauer
82acc8435a Accepting request 758641 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.3.1

OBS-URL: https://build.opensuse.org/request/show/758641
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=508
2019-12-20 22:19:58 +00:00
Wolfgang Rosenauer
7a99e99658 - Mozilla Thunderbird 68.3.0:
* Message display toolbar action WebExtension API
  * Navigation buttons are now available in content tabs, for example
    those opened via an add-on search
  * other bugfixes
  MFSA 2019-38
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
- changed locale building procedure
  * removed obsolete compare-locales.tar.xz and
    thunderbird-broken-locales-build.patch
- add mozilla-bmo849632.patch to fix color issues on big endian

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=505
2019-12-05 22:21:05 +00:00
Wolfgang Rosenauer
a87ea0756c Accepting request 747028 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.2.2

OBS-URL: https://build.opensuse.org/request/show/747028
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=503
2019-11-09 21:30:38 +00:00
Wolfgang Rosenauer
c11ba0a0ad - Mozilla Thunderbird 68.2.1
* A language for the user interface can now be chosen in the
    advanced settings (multilingual UI)
  * Fixed problem with Google authentication (OAuth2)
  * Selected or unread messages were not shown in the correct color
    in the thread pane (message list) under some circumstances
  * When using a language pack, names of standard folders weren't
    localized (boo#1149126)
  * Address book default startup directory in preferences panel was
    not persisted
  * Chat: Extended context menu on Instant messaging status dialog
    (Show Accounts)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=501
2019-11-01 13:32:38 +00:00
Wolfgang Rosenauer
6fd5201f1c - Mozilla Thunderbird 68.2.0
* Message Display WebExtension API
  * Message Search WebExtension API
  * Better visual feedback for unread messages when using the dark theme
  * Fixed various issues when editing mailing list
  * Fixed application windows not maintaining their size after restart
  MFSA 2019-33 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
    bmo#1581950, bmo#1583463, bmo#1586599)
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed obsolete patches
    mozilla-bmo1573381.patch
    mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=499
2019-10-23 13:33:15 +00:00
Wolfgang Rosenauer
44771bf8fd - Mozilla Thunderbird 68.1.2
Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=496
2019-10-11 12:48:56 +00:00
Wolfgang Rosenauer
7583f45f65 Accepting request 733853 from home:AndreasStieger:branches:mozilla:Factory
add reference to boo#1152375

OBS-URL: https://build.opensuse.org/request/show/733853
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=494
2019-09-28 14:45:00 +00:00
Wolfgang Rosenauer
d20afb31b3 MFSA 2019-32
* CVE-2019-11755 (bmo#1240290)
    Spoofing a message author via a crafted S/MIME message

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=493
2019-09-26 19:04:16 +00:00
Wolfgang Rosenauer
3a3fedfe3f mozilla-bmo1512162.patch
thunderbird-broken-locales-build.patch
   thunderbird-locale-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=492
2019-09-26 08:29:27 +00:00
Wolfgang Rosenauer
7920c81c06 - Mozilla Thunderbird 68.1.1
Bugfixes
  * Issues with attachments in IMAP messages
  * Gmail accounts ignored a non-standard trash folder selection
  * Entering/pasting lists of recipients into the addressing widget or
    mailing list not working reliably, especially when lists contained
    multiple commas or semicolons
  * Edit mailing list not working
  * Various theme fixes, especially dark theme improvements for Calendar
  * Contrast between tag label and background not optimal
  * Account Central pane always loaded at start-up
  * "Config Editor" button not removed if blocked by policy
  * Calendar: Free/busy information in attendees dialog not scrolled
    correctly. Note: Scroll arrows still not behaving correctly
- require nodejs8 instead of generic nodejs for better cross-distribution
  support
- call desktop database update on install
- updated translations-other locale list
- build correct ICU for Big Endian
- remove kde.js since disabling instantApply breaks extensions and
  is obsolete with the move to HTML views for preferences (boo#1151186)
- update create-tar.sh to latest revision and adjust tar_stamps
- added platform patches from Firefox 68esr
   mozilla-bmo1005535.patch
   mozilla-bmo1463035.patch
   mozilla-bmo1504834-part1.patch
   mozilla-bmo1504834-part2.patch
   mozilla-bmo1504834-part3.patch
   mozilla-bmo1511604.patch
   mozilla-bmo1554971.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=490
2019-09-25 15:13:22 +00:00
Wolfgang Rosenauer
f56d76b94f Accepting request 732309 from home:AndreasStieger:branches:mozilla:Factory
add some bugzilla references

OBS-URL: https://build.opensuse.org/request/show/732309
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=489
2019-09-21 15:27:38 +00:00
Wolfgang Rosenauer
22ec736272 Accepting request 732226 from home:munix9
repack the lightning xpi with all available locales (boo#939153) (lp#545778)

OBS-URL: https://build.opensuse.org/request/show/732226
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=488
2019-09-20 17:52:56 +00:00
Wolfgang Rosenauer
28408893c0 Accepting request 732134 from home:marxin:branches:mozilla:Factory
- Add fix-top-level-asm-issue.patch in order to fix LTO build.
- Enable LTO on TW on x86_64.
- Use GCC.

OBS-URL: https://build.opensuse.org/request/show/732134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=487
2019-09-20 11:19:56 +00:00
Wolfgang Rosenauer
558b06a6a9 Accepting request 732106 from home:bmwiedemann:branches:mozilla:Factory
added mozilla-bmo1568145.patch to make builds reproducible (boo#1047218)

OBS-URL: https://build.opensuse.org/request/show/732106
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=486
2019-09-20 10:17:10 +00:00
Wolfgang Rosenauer
08fe2a30d3 - Mozilla Thunderbird 68.1.0
add-on is required for this account type. IMAP still exists as
    alternative.
  * several bugfixes
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
    ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build

- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.

- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483
2019-09-13 20:15:12 +00:00
Wolfgang Rosenauer
b26a281145 - Mozilla Thunderbird 60.9.0
* Offer to configure Exchange accounts for Office365. A third-party
    add-on is required for this account type. IMAP still exists as alternative.
  MFSA 2019-27
  * Use-after-free while manipulating video
    CVE-2019-11746 (bmo#1564449)
  * XSS by breaking out of title and textarea elements using innerHTML
    CVE-2019-11744 (bmo#1562033)
  * Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
    CVE-2019-11742 (bmo#1559715)
  * Use-after-free while extracting a key value in IndexedDB
    CVE-2019-11752 (bmo#1501152)
  * Sandbox escape through Firefox Sync
    CVE-2019-9812 (bmo#1538008, bmo#1538015)
  * Cross-origin access to unload event attributes
    CVE-2019-11743 (bmo#1560495)
    Navigation-Timing Level 2 specification
  * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
    CVE-2019-11740 (bmo#1563133, bmo#1573160)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=482
2019-09-06 12:24:37 +00:00
Wolfgang Rosenauer
0830f41da7 Accepting request 720219 from home:psych0naut:branches:mozilla:Factory
Update package summary, description, and AppData using more informative and up-to-date text from the official Thunderbird FAQ, replacing obsolete references to the Mozilla Application Suite, the Mozilla website, and Thunderbird's relation to the Mozilla organization.

OBS-URL: https://build.opensuse.org/request/show/720219
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=480
2019-08-02 20:55:56 +00:00
Wolfgang Rosenauer
191740d32d - Mozilla Thunderbird 60.8.0
* Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
    Thunderbird 60.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=478
2019-07-12 06:49:32 +00:00
Wolfgang Rosenauer
1bf9c22999 Accepting request 714441 from home:bmwiedemann:branches:mozilla:Factory
Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

OBS-URL: https://build.opensuse.org/request/show/714441
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=477
2019-07-11 13:06:47 +00:00
Wolfgang Rosenauer
afa9155927 - Mozilla Thunderbird 60.7.2
MFSA 2019-20 (boo#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=475
2019-06-21 08:30:37 +00:00
Wolfgang Rosenauer
8ac8c83ee3 * fixed: No prompt for smartcard PIN when S/MIME signing is used
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=472
2019-06-14 05:43:50 +00:00
Wolfgang Rosenauer
68b80ea39c - Mozilla Thunderbird 60.7.1
MFSA 2019-17 (boo#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=471
2019-06-14 05:42:27 +00:00
Wolfgang Rosenauer
04f1d004f6 Accepting request 708966 from home:aaronpuchert
Increase disk space requirements in _constraints, because some builds have run out of disk space on x86_64.

OBS-URL: https://build.opensuse.org/request/show/708966
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=470
2019-06-12 13:56:51 +00:00
Wolfgang Rosenauer
35447776a4 - Mozilla Thunderbird 60.7.0
* Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=468
2019-05-25 20:31:48 +00:00
Wolfgang Rosenauer
35edb05724 Accepting request 697618 from home:marxin:branches:mozilla:Factory
Disable LTO (boo#1133267).

OBS-URL: https://build.opensuse.org/request/show/697618
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=466
2019-04-24 20:43:44 +00:00
Wolfgang Rosenauer
1c30fa795c - Add patch to fix build using rust-1.33: (boo#1130694)
* mozilla-bmo1519629.patch (bmo#1519629)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=463
2019-03-30 11:50:20 +00:00
Wolfgang Rosenauer
fa5d322d3e - Add patch to fix build using rust-1.33:
* mozilla-bmo1519629.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=462
2019-03-30 11:48:53 +00:00
Wolfgang Rosenauer
3e2908cf21 - Mozilla Thunderbird 60.6.1
MFSA 2019-12 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=460
2019-03-27 16:08:50 +00:00
Wolfgang Rosenauer
82c07d74ff - Mozilla Thunderbird 60.6.0
* Calendar: Can't create repeating event with end date when using
    certain time zones, for example Europe/Minsk
  * some minor bugfixes
  * using 60.6.0esr Mozilla platform (bsc#1129821)

- Mozilla Thunderbird 60.5.3
  * fixed a regression on the Windows platform:
    Problem when using "Send to > Mail recipient" on Windows

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=458
2019-03-20 21:48:06 +00:00
Wolfgang Rosenauer
6fbce4789b - Mozilla Thunderbird 60.5.2
* UTF-8 support for MAPISendMail
  * Problem with S/MIME certificate verification when receiving email
    from Outlook (issue introduced in version 60.5.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=456
2019-02-26 17:37:51 +00:00
Wolfgang Rosenauer
e67981f7a0 - Mozilla Thunderbird 60.5.1
* CalDav access to some servers not working
  MFSA 2019-06 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18335 bmo#1525815
    Buffer overflow in Skia with accelerated Canvas 2D
  * CVE-2018-18509 bmo#1507218
    S/MIME signature spoofing
- Mozilla Thunderbird 60.5.0:

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=454
2019-02-14 22:12:08 +00:00
Wolfgang Rosenauer
d7db4b785d MFSA 2019-03 (bsc#1122983)
* CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=452
2019-01-29 21:58:55 +00:00
Wolfgang Rosenauer
126ce832a3 changelog (security related) missing still
- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches
  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs
  * CVE-2018-18498 bmo#1500011
    Integer overflow when calculating buffer sizes for images

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=451
2019-01-29 19:03:55 +00:00
Wolfgang Rosenauer
6953ad0d97 - requires NSS 3.36.6
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=448
2018-12-21 21:18:40 +00:00
Wolfgang Rosenauer
b67553185b Accepting request 660601 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 60.4.0

OBS-URL: https://build.opensuse.org/request/show/660601
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=447
2018-12-21 21:10:16 +00:00
Wolfgang Rosenauer
47ff8451c2 - Mozilla Thunderbird 60.3.3
* Thunderbird 60 will migrate security databases (key3.db, cert8.db
    to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
    fault that potentially deleted saved passwords and private certificate
    keys for users using a master password. Version 60.3.3 will prevent
    the loss of data; affected users who have already upgraded to version
    60.3.2 or earlier can restore the deleted key3.db file from backup
    to complete the migration.
  * Address book search and auto-complete slowness introduced in
    Thunderbird 60.3.2
  * Plain text markup with * for bold, / for italics, _ for underline
    and | for code did not work when the enclosed text contained
    non-ASCII characters
  * While composing a message, a link not removed when link location
    was removed in the link properties panel

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=445
2018-12-05 21:18:03 +00:00
Wolfgang Rosenauer
0f47d98b6b Accepting request 653550 from home:AndreasStieger:branches:mozilla:Factory
- Fix build on openSUSE Leap 15.x w.r.t. rust-std requirement

OBS-URL: https://build.opensuse.org/request/show/653550
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=443
2018-12-03 15:06:20 +00:00
Wolfgang Rosenauer
e5fa4278bb - Mozilla Thunderbird 60.3.2
* Encoding problems when exporting address books or messages using
    the system charset. Messages are now always exported using the
    UTF-8 encoding
  * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969
    was displayed. Now using date from "Received" header instead.
  * Body search/filtering didn't reliably ignore content of tags
  * Inappropriate warning "Thunderbird prevented the site
    (addons.thunderbird.net) from asking you to install software on
    your computer" when installing add-ons
  * Incorrect display of correspondents column since own email
    address was not always detected
  * Spurious &#xA; (encoded newline) inserted into drafts and sent email

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=442
2018-11-30 10:20:59 +00:00
Wolfgang Rosenauer
a3384a6fef Accepting request 649349 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 60.3.1

OBS-URL: https://build.opensuse.org/request/show/649349
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=439
2018-11-16 06:40:27 +00:00
Wolfgang Rosenauer
effd24db38 - update to Thunderbird 60.3.0
* various theme fixes
  * Shift+PageUp/PageDown in Write window
  * Gloda attachment filtering
  * Mailing list address auto-complete enter/return handling
  * Thunderbird hung if HTML signature references non-existent image
  * Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
  (Firefox ESR release). In general, these flaws cannot be exploited
  through email in Thunderbird because scripting is disabled when
  reading mail, but are potentially risks in browser or browser-like
  contexts (MFSA 2018-28) (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
    Memory safety bugs fixed in Firefox ESR 60.3
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

  * Fix security info dialog in compose window not showing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=437
2018-11-01 17:28:09 +00:00
Wolfgang Rosenauer
9bb3d7bcac Accepting request 644807 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch
- Add memory-constraints to avoid OOM errors

OBS-URL: https://build.opensuse.org/request/show/644807
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=436
2018-10-29 08:28:50 +00:00
Wolfgang Rosenauer
234d7a115c Accepting request 641717 from home:msmeissn:branches:mozilla:Factory
- provide / obsolete MozillaThunderbird-devel as this is no longer
  shipped to allow migration scenarios

OBS-URL: https://build.opensuse.org/request/show/641717
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=434
2018-10-12 15:11:47 +00:00
Wolfgang Rosenauer
266f4763da Accepting request 640045 from home:AndreasStieger:branches:mozilla:Factory
add CVEs from MFSA 2018-25

OBS-URL: https://build.opensuse.org/request/show/640045
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=432
2018-10-05 09:08:04 +00:00
Wolfgang Rosenauer
c0d713ad9e Accepting request 640011 from home:AndreasStieger:branches:mozilla:Factory
some changelog additions. Are these okay for you?

OBS-URL: https://build.opensuse.org/request/show/640011
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=431
2018-10-04 20:00:55 +00:00
Wolfgang Rosenauer
46ff0ae0de - update to Thunderbird 60.2.1
* several bugfixes since release of version 60.0
  * security fixes for the Mozilla platform picked up from
    60.1 and 60.2 (Firefox ESR releases)
- Update file list since minidump-analyzer is only available when
  * Various fixes and changes to e-mail workflow

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=430
2018-10-03 20:05:00 +00:00
Wolfgang Rosenauer
31b60fdd31 Accepting request 635007 from home:Guillaume_G:branches:mozilla:Factory
- Update file list since minidump-analyzer is only available when crashreporter is enabled

OBS-URL: https://build.opensuse.org/request/show/635007
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=428
2018-09-12 09:58:10 +00:00
Wolfgang Rosenauer
c08272f856 Accepting request 632919 from home:AndreasStieger:branches:mozilla:Factory
Add changelog detail for MFSA 2018-19 (bsc#1098998)

OBS-URL: https://build.opensuse.org/request/show/632919
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=426
2018-09-03 20:13:55 +00:00
Wolfgang Rosenauer
affcd2db3c Accepting request 631539 from home:AndreasStieger:branches:mozilla:Factory
- remove non-free untar licenced code from distributed tarball

OBS-URL: https://build.opensuse.org/request/show/631539
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=423
2018-08-27 08:09:20 +00:00
Wolfgang Rosenauer
275bc9bdcb Accepting request 629370 from home:iznogood:branches:mozilla:Factory
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/629370
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=422
2018-08-15 09:38:21 +00:00
Wolfgang Rosenauer
b3d2742026 * mozilla-develdirs.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=421
2018-08-07 06:32:26 +00:00
Wolfgang Rosenauer
696d48eaf5 * tb-ssldap.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=420
2018-08-06 21:32:03 +00:00
Wolfgang Rosenauer
cde9b1d6a6 - update to Thunderbird 60.0
* requires NSPR 4.19 and NSS 3.36.4
  * what's new
    https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
- source archives are now signed directly
  (removed checksum signature check)
- imported patches from Firefox 60
  * mozilla-bmo1375074.patch
  * mozilla-bmo1464766.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
- removed obsolete patches
  * mozilla-language.patch
- removed -devel subpackage as old-style extensions are mainly gone
- storing of remote content settings fixed (boo#1084603)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=419
2018-08-06 14:26:01 +00:00
Wolfgang Rosenauer
93fe18dfd9 Accepting request 621937 from home:AndreasStieger:branches:mozilla:Factory
add bugzilla reference

OBS-URL: https://build.opensuse.org/request/show/621937
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=417
2018-07-10 17:29:54 +00:00
Wolfgang Rosenauer
1179b0a448 * Deleting or detaching attachments corrupted messages under certain
circumstances (bmo#1473893)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=416
2018-07-10 09:03:21 +00:00
Wolfgang Rosenauer
97874126cc - update to Thunderbird 52.9.1
* fix detaching attachments (bmo#1473893)
    otherwise might reveal decryted content to the attacker.
    "simple" HTML view

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=415
2018-07-10 06:54:09 +00:00