Commit Graph

673 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
6fd5201f1c - Mozilla Thunderbird 68.2.0
* Message Display WebExtension API
  * Message Search WebExtension API
  * Better visual feedback for unread messages when using the dark theme
  * Fixed various issues when editing mailing list
  * Fixed application windows not maintaining their size after restart
  MFSA 2019-33 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
    bmo#1581950, bmo#1583463, bmo#1586599)
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed obsolete patches
    mozilla-bmo1573381.patch
    mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=499
2019-10-23 13:33:15 +00:00
Dominique Leuenberger
f9b7e978e3 Accepting request 737931 from mozilla:Factory
- Mozilla Thunderbird 68.1.2
  Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38

OBS-URL: https://build.opensuse.org/request/show/737931
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=218
2019-10-17 11:05:14 +00:00
Wolfgang Rosenauer
1fd97561e6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=497 2019-10-11 13:15:29 +00:00
Wolfgang Rosenauer
44771bf8fd - Mozilla Thunderbird 68.1.2
Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=496
2019-10-11 12:48:56 +00:00
Dominique Leuenberger
9a16dc0e1f Accepting request 733855 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/733855
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=217
2019-10-10 09:49:19 +00:00
Wolfgang Rosenauer
7583f45f65 Accepting request 733853 from home:AndreasStieger:branches:mozilla:Factory
add reference to boo#1152375

OBS-URL: https://build.opensuse.org/request/show/733853
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=494
2019-09-28 14:45:00 +00:00
Wolfgang Rosenauer
d20afb31b3 MFSA 2019-32
* CVE-2019-11755 (bmo#1240290)
    Spoofing a message author via a crafted S/MIME message

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=493
2019-09-26 19:04:16 +00:00
Wolfgang Rosenauer
3a3fedfe3f mozilla-bmo1512162.patch
thunderbird-broken-locales-build.patch
   thunderbird-locale-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=492
2019-09-26 08:29:27 +00:00
Wolfgang Rosenauer
013a53c81d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=491 2019-09-25 15:30:17 +00:00
Wolfgang Rosenauer
7920c81c06 - Mozilla Thunderbird 68.1.1
Bugfixes
  * Issues with attachments in IMAP messages
  * Gmail accounts ignored a non-standard trash folder selection
  * Entering/pasting lists of recipients into the addressing widget or
    mailing list not working reliably, especially when lists contained
    multiple commas or semicolons
  * Edit mailing list not working
  * Various theme fixes, especially dark theme improvements for Calendar
  * Contrast between tag label and background not optimal
  * Account Central pane always loaded at start-up
  * "Config Editor" button not removed if blocked by policy
  * Calendar: Free/busy information in attendees dialog not scrolled
    correctly. Note: Scroll arrows still not behaving correctly
- require nodejs8 instead of generic nodejs for better cross-distribution
  support
- call desktop database update on install
- updated translations-other locale list
- build correct ICU for Big Endian
- remove kde.js since disabling instantApply breaks extensions and
  is obsolete with the move to HTML views for preferences (boo#1151186)
- update create-tar.sh to latest revision and adjust tar_stamps
- added platform patches from Firefox 68esr
   mozilla-bmo1005535.patch
   mozilla-bmo1463035.patch
   mozilla-bmo1504834-part1.patch
   mozilla-bmo1504834-part2.patch
   mozilla-bmo1504834-part3.patch
   mozilla-bmo1511604.patch
   mozilla-bmo1554971.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=490
2019-09-25 15:13:22 +00:00
Wolfgang Rosenauer
f56d76b94f Accepting request 732309 from home:AndreasStieger:branches:mozilla:Factory
add some bugzilla references

OBS-URL: https://build.opensuse.org/request/show/732309
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=489
2019-09-21 15:27:38 +00:00
Wolfgang Rosenauer
22ec736272 Accepting request 732226 from home:munix9
repack the lightning xpi with all available locales (boo#939153) (lp#545778)

OBS-URL: https://build.opensuse.org/request/show/732226
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=488
2019-09-20 17:52:56 +00:00
Wolfgang Rosenauer
28408893c0 Accepting request 732134 from home:marxin:branches:mozilla:Factory
- Add fix-top-level-asm-issue.patch in order to fix LTO build.
- Enable LTO on TW on x86_64.
- Use GCC.

OBS-URL: https://build.opensuse.org/request/show/732134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=487
2019-09-20 11:19:56 +00:00
Wolfgang Rosenauer
558b06a6a9 Accepting request 732106 from home:bmwiedemann:branches:mozilla:Factory
added mozilla-bmo1568145.patch to make builds reproducible (boo#1047218)

OBS-URL: https://build.opensuse.org/request/show/732106
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=486
2019-09-20 10:17:10 +00:00
Yuchen Lin
e07044c22b Accepting request 730872 from mozilla:Factory
- Mozilla Thunderbird 68.1.0
  * Offer to configure Exchange accounts for Office365. A third-party
    add-on is required for this account type. IMAP still exists as
    alternative.
  * several bugfixes
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
    ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build

- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.

- Mozilla Thunderbird 68.0

OBS-URL: https://build.opensuse.org/request/show/730872
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=216
2019-09-18 11:06:13 +00:00
Wolfgang Rosenauer
9ea16a1def OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=484 2019-09-14 08:48:16 +00:00
Wolfgang Rosenauer
08fe2a30d3 - Mozilla Thunderbird 68.1.0
add-on is required for this account type. IMAP still exists as
    alternative.
  * several bugfixes
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
    ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build

- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.

- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483
2019-09-13 20:15:12 +00:00
Wolfgang Rosenauer
b26a281145 - Mozilla Thunderbird 60.9.0
* Offer to configure Exchange accounts for Office365. A third-party
    add-on is required for this account type. IMAP still exists as alternative.
  MFSA 2019-27
  * Use-after-free while manipulating video
    CVE-2019-11746 (bmo#1564449)
  * XSS by breaking out of title and textarea elements using innerHTML
    CVE-2019-11744 (bmo#1562033)
  * Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
    CVE-2019-11742 (bmo#1559715)
  * Use-after-free while extracting a key value in IndexedDB
    CVE-2019-11752 (bmo#1501152)
  * Sandbox escape through Firefox Sync
    CVE-2019-9812 (bmo#1538008, bmo#1538015)
  * Cross-origin access to unload event attributes
    CVE-2019-11743 (bmo#1560495)
    Navigation-Timing Level 2 specification
  * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
    CVE-2019-11740 (bmo#1563133, bmo#1573160)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=482
2019-09-06 12:24:37 +00:00
Dominique Leuenberger
ef667d8f49 Accepting request 720733 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/720733
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=215
2019-08-15 10:22:48 +00:00
Wolfgang Rosenauer
0830f41da7 Accepting request 720219 from home:psych0naut:branches:mozilla:Factory
Update package summary, description, and AppData using more informative and up-to-date text from the official Thunderbird FAQ, replacing obsolete references to the Mozilla Application Suite, the Mozilla website, and Thunderbird's relation to the Mozilla organization.

OBS-URL: https://build.opensuse.org/request/show/720219
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=480
2019-08-02 20:55:56 +00:00
Dominique Leuenberger
7023407dc1 Accepting request 714774 from mozilla:Factory
- Generate langpacks sequentially to avoid file corruption
  from racy file writes (boo#1137970)

- Mozilla Thunderbird 60.8.0
  * Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and

OBS-URL: https://build.opensuse.org/request/show/714774
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=214
2019-07-16 06:38:45 +00:00
Wolfgang Rosenauer
191740d32d - Mozilla Thunderbird 60.8.0
* Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
    Thunderbird 60.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=478
2019-07-12 06:49:32 +00:00
Wolfgang Rosenauer
1bf9c22999 Accepting request 714441 from home:bmwiedemann:branches:mozilla:Factory
Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

OBS-URL: https://build.opensuse.org/request/show/714441
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=477
2019-07-11 13:06:47 +00:00
Dominique Leuenberger
2a78cb9dfe Accepting request 711281 from mozilla:Factory
- Mozilla Thunderbird 60.7.2
  MFSA 2019-20 (boo#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/request/show/711281
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=213
2019-06-25 20:16:55 +00:00
Wolfgang Rosenauer
afa9155927 - Mozilla Thunderbird 60.7.2
MFSA 2019-20 (boo#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=475
2019-06-21 08:30:37 +00:00
Dominique Leuenberger
bc25c0a686 Accepting request 709837 from mozilla:Factory
(also updated keyring)
- Mozilla Thunderbird 60.7.1
  * fixed: No prompt for smartcard PIN when S/MIME signing is used
  MFSA 2019-17 (boo#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c

- Increase disk space requirements in _constraints.

OBS-URL: https://build.opensuse.org/request/show/709837
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=212
2019-06-17 19:34:05 +00:00
Wolfgang Rosenauer
235879bf00 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=473 2019-06-14 05:51:33 +00:00
Wolfgang Rosenauer
8ac8c83ee3 * fixed: No prompt for smartcard PIN when S/MIME signing is used
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=472
2019-06-14 05:43:50 +00:00
Wolfgang Rosenauer
68b80ea39c - Mozilla Thunderbird 60.7.1
MFSA 2019-17 (boo#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=471
2019-06-14 05:42:27 +00:00
Wolfgang Rosenauer
04f1d004f6 Accepting request 708966 from home:aaronpuchert
Increase disk space requirements in _constraints, because some builds have run out of disk space on x86_64.

OBS-URL: https://build.opensuse.org/request/show/708966
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=470
2019-06-12 13:56:51 +00:00
Dominique Leuenberger
04419d0064 Accepting request 705454 from mozilla:Factory
- Mozilla Thunderbird 60.7.0
  * Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

OBS-URL: https://build.opensuse.org/request/show/705454
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=211
2019-05-28 07:40:54 +00:00
Wolfgang Rosenauer
35447776a4 - Mozilla Thunderbird 60.7.0
* Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=468
2019-05-25 20:31:48 +00:00
Yuchen Lin
0f6a91aeea Accepting request 697648 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/697648
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=210
2019-04-25 15:52:07 +00:00
Wolfgang Rosenauer
35edb05724 Accepting request 697618 from home:marxin:branches:mozilla:Factory
Disable LTO (boo#1133267).

OBS-URL: https://build.opensuse.org/request/show/697618
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=466
2019-04-24 20:43:44 +00:00
Dominique Leuenberger
59eb70e82c Accepting request 690073 from mozilla:Factory
old patch was missing a piece

- Add patch to fix build using rust-1.33: (boo#1130694)
  * mozilla-bmo1519629.patch (bmo#1519629)

OBS-URL: https://build.opensuse.org/request/show/690073
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=209
2019-04-02 07:19:54 +00:00
Wolfgang Rosenauer
9abb96db9b OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=464 2019-03-30 15:57:20 +00:00
Wolfgang Rosenauer
1c30fa795c - Add patch to fix build using rust-1.33: (boo#1130694)
* mozilla-bmo1519629.patch (bmo#1519629)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=463
2019-03-30 11:50:20 +00:00
Wolfgang Rosenauer
fa5d322d3e - Add patch to fix build using rust-1.33:
* mozilla-bmo1519629.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=462
2019-03-30 11:48:53 +00:00
Dominique Leuenberger
059085eb69 Accepting request 689134 from mozilla:Factory
- Mozilla Thunderbird 60.6.1
  MFSA 2019-12 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/request/show/689134
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=208
2019-03-28 21:46:08 +00:00
Wolfgang Rosenauer
3e2908cf21 - Mozilla Thunderbird 60.6.1
MFSA 2019-12 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=460
2019-03-27 16:08:50 +00:00
Dominique Leuenberger
191c0ebf53 Accepting request 687466 from mozilla:Factory
- Mozilla Thunderbird 60.6.0
  * Calendar: Can't create repeating event with end date when using
    certain time zones, for example Europe/Minsk
  * some minor bugfixes
  * using 60.6.0esr Mozilla platform (bsc#1129821)

- Mozilla Thunderbird 60.5.3
  * fixed a regression on the Windows platform:
    Problem when using "Send to > Mail recipient" on Windows

OBS-URL: https://build.opensuse.org/request/show/687466
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=207
2019-03-26 14:35:56 +00:00
Wolfgang Rosenauer
82c07d74ff - Mozilla Thunderbird 60.6.0
* Calendar: Can't create repeating event with end date when using
    certain time zones, for example Europe/Minsk
  * some minor bugfixes
  * using 60.6.0esr Mozilla platform (bsc#1129821)

- Mozilla Thunderbird 60.5.3
  * fixed a regression on the Windows platform:
    Problem when using "Send to > Mail recipient" on Windows

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=458
2019-03-20 21:48:06 +00:00
Dominique Leuenberger
eef2113182 Accepting request 680129 from mozilla:Factory
- Mozilla Thunderbird 60.5.2
  * UTF-8 support for MAPISendMail
  * Problem with S/MIME certificate verification when receiving email
    from Outlook (issue introduced in version 60.5.1)

OBS-URL: https://build.opensuse.org/request/show/680129
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=206
2019-03-04 08:13:20 +00:00
Wolfgang Rosenauer
6fbce4789b - Mozilla Thunderbird 60.5.2
* UTF-8 support for MAPISendMail
  * Problem with S/MIME certificate verification when receiving email
    from Outlook (issue introduced in version 60.5.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=456
2019-02-26 17:37:51 +00:00
Stephan Kulow
e33ebb5c9b Accepting request 676696 from mozilla:Factory
- Mozilla Thunderbird 60.5.1
  * CalDav access to some servers not working
  MFSA 2019-06 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18335 bmo#1525815
    Buffer overflow in Skia with accelerated Canvas 2D
  * CVE-2018-18509 bmo#1507218
    S/MIME signature spoofing

- Mozilla Thunderbird 60.5.0:

OBS-URL: https://build.opensuse.org/request/show/676696
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=205
2019-02-24 17:01:39 +00:00
Wolfgang Rosenauer
e67981f7a0 - Mozilla Thunderbird 60.5.1
* CalDav access to some servers not working
  MFSA 2019-06 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18335 bmo#1525815
    Buffer overflow in Skia with accelerated Canvas 2D
  * CVE-2018-18509 bmo#1507218
    S/MIME signature spoofing
- Mozilla Thunderbird 60.5.0:

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=454
2019-02-14 22:12:08 +00:00
Stephan Kulow
46b2e6acbb Accepting request 669999 from mozilla:Factory
- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
  MFSA 2019-03 (bsc#1122983)
  * CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches

  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295

OBS-URL: https://build.opensuse.org/request/show/669999
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=204
2019-02-08 11:05:39 +00:00
Wolfgang Rosenauer
d7db4b785d MFSA 2019-03 (bsc#1122983)
* CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=452
2019-01-29 21:58:55 +00:00
Wolfgang Rosenauer
126ce832a3 changelog (security related) missing still
- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches
  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs
  * CVE-2018-18498 bmo#1500011
    Integer overflow when calculating buffer sizes for images

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=451
2019-01-29 19:03:55 +00:00
Dominique Leuenberger
ef25ff0738 Accepting request 664269 from mozilla:Factory
So far no security information posted on https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
But as always there are semi-relevant changes from the Gecko 60.4 baseline. Many times not directly affecting TB

- Mozilla Thunderbird 60.4.0:
  * New WebExtensions FileLink API to facilitate add-ons
  * Fix decoding problems for messages with less common charsets
    (cp932, cp936)
  * New messages in the drafts folder (and other special or virtual
    folders) will no longer be included in the new messages
    notification
- requires NSS 3.36.6

OBS-URL: https://build.opensuse.org/request/show/664269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=203
2019-01-15 08:11:54 +00:00