Commit Graph

433 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
794263a781 Accepting request 943031 from home:iznogood:branches:mozilla:Factory
- Add mozilla-bmo1745560.patch: Fix build against wayland 1.20.

OBS-URL: https://build.opensuse.org/request/show/943031
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=619
2021-12-29 09:35:12 +00:00
Wolfgang Rosenauer
0dadd2459b - Mozilla Thunderbird 91.4.1
* several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.4.1/releasenotes/
  MFSA 2021-55 (bsc#1193845)
  * CVE-2021-4126 (bmo#1732310)
    OpenPGP signature status doesn't consider additional message
    content
  * CVE-2021-44538 (bmo#1744056)
    Matrix chat library libolm bundled with Thunderbird
    vulnerable to a buffer overflow
- updated _constraints

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=618
2021-12-20 21:55:16 +00:00
Wolfgang Rosenauer
a14190f4f1 - Mozilla Thunderbird 91.4.0
* several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
  MFSA 2021-54 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43545 (bmo#1720926)
    Denial of Service when using the Location API in a loop
  * CVE-2021-43546 (bmo#1737751)
    Cursor spoofing could overlay user interface when native
    cursor is zoomed
  * CVE-2021-43528 (bmo#1742579)
    JavaScript unexpectedly enabled for the composition area
  * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
    bmo#1737009, bmo#1739372, bmo#1739421)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=617
2021-12-07 21:16:26 +00:00
Wolfgang Rosenauer
2586d6fed9 Accepting request 935066 from home:AndreasStieger:branches:mozilla:Factory
* OpenPGP: Botan updated to 2.18.2; addresses CVE-2021-40529
    boo#1189244

OBS-URL: https://build.opensuse.org/request/show/935066
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=616
2021-12-02 08:34:58 +00:00
Wolfgang Rosenauer
38d59e02c4 Accepting request 934032 from home:iznogood:branches:mozilla:Factory
- Drop unused libidl-devel BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/934032
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=615
2021-11-30 07:53:39 +00:00
Wolfgang Rosenauer
e5380b41d0 - Mozilla Thunderbird 91.3.2
* Date selection in Calendar print settings widget changed to use
    mini calendar widget
  * Bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.3.2/releasenotes/

- Mozilla Thunderbird 91.3.1
  * OpenPGP public keys will no longer count as an attachment in
    the message list
  * Adding a search engine via URL now supported
  * FileLink messages' template updated; Thunderbird advertisement
    removed
  * After an update, Thunderbird will now check installed addons
    for updates
  * Bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.3.1/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=614
2021-11-20 22:24:01 +00:00
Wolfgang Rosenauer
9908ef8381 * several fixes as outlined here
https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
  MFSA 2021-50  (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506 (bmo#1730750)
    Thunderbird could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0008 (bmo#1667102)
    Use-after-free in HTTP2 Session object
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
    bmo#1735152)
    Memory safety bugs fixed in Thunderbird ESR 91.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=613
2021-11-03 16:44:34 +00:00
Wolfgang Rosenauer
7db3c542e4 - Mozilla Thunderbird 91.3.0
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=612
2021-11-02 20:49:23 +00:00
Wolfgang Rosenauer
54d0229e37 Accepting request 927260 from home:Guillaume_G:branches:mozilla:Factory
- Increase memory required per threads for aarch64 to avoid OOM

OBS-URL: https://build.opensuse.org/request/show/927260
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=611
2021-10-25 12:09:26 +00:00
Wolfgang Rosenauer
d9c01b1222 - Mozilla Thunderbird 91.2.1
* Preference added to disable automatic pausing RSS feed updates
    after a fetch failure
  * several bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.2.1/releasenotes/

- add mozilla-bmo1724679.patch (bmo#1724679, boo#1182863)
  fix some env variables which are enabled for any value

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=610
2021-10-23 12:56:24 +00:00
Wolfgang Rosenauer
e41c1dbb9c Accepting request 926797 from home:marxin:branches:mozilla:Factory
- Enable LTO on Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/926797
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=609
2021-10-22 21:24:06 +00:00
Wolfgang Rosenauer
7ec63b2a47 - Mozilla Thunderbird 91.2.0
* Saving a single message as .eml now uses a unique filename
  * New mail notifications did not properly take subfolders into account
  * Decrypting binary attachments when using an external GnuPG
    configuration failed
  * Account name fields in the account manager were not big enough
    for long names
  * LDAP searches using an extensibleMatch filter returned no results
  * Read-only CalDAV calendars and CardDAV address books were not detected
  * Multipart messages containing a calendar invite did not display
    any of the human-readable alternatives
  * Some calendar days were displayed incorrectly or duplicated
    (eg. two "29th" days of a particular month)
  * Phantom event was shown at the end of each day in Calendar week view
  MFSA 2021-46 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813,
    https://github.com/crossbeam-
    rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=608
2021-10-10 19:56:50 +00:00
Wolfgang Rosenauer
6c2a252b2e - Mozilla Thunderbird 91.1.2
* Thunderbird will now warn if an S/MIME encrypted message includes
    BCC recipients
  * several bugfixes listed on
    https://www.thunderbird.net/en-US/thunderbird/91.1.2/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=607
2021-09-29 08:09:48 +00:00
Wolfgang Rosenauer
109cc974e1 - Mozilla Thunderbird 91.1.1
* Menu item for disabling subject encryption for a single message added
  * Printing messages that are not currently displayed is no longer
    supported, including printing multiple messages at once
  * for bugfixes see
    https://www.thunderbird.net/en-US/thunderbird/91.1.1/releasenotes
- MOZ_ENABLE_WAYLAND env variable now overrides automatic detection
  if already set before startup

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=606
2021-09-17 08:26:48 +00:00
Wolfgang Rosenauer
c5e3285967 MFSA 2021-41 (bsc#1190269)
* CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
    bmo#1724107)
    Memory safety bugs fixed in Thunderbird 91.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=605
2021-09-09 10:23:08 +00:00
Wolfgang Rosenauer
d8aa64313d - Mozilla Thunderbird 91.1.0
* Thunderbird registered Accessibility Handlers using same GUIDs
    as Firefox, causing performance issues for NVDA users
  * Focus lost when reordering accounts by keyboard in the Account Manager
  * Account setup did not use provider display name for setting up
    calendars
  * Various theme and UX fixes
  MFSA 2021-XX (bsc#1190269)
- (re-)added mozilla-silence-no-return-type.patch
- add mozilla-bmo531915.patch to fix build for i586

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=604
2021-09-07 19:34:18 +00:00
Wolfgang Rosenauer
588265dc9f Accepting request 914700 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 91.0.3

OBS-URL: https://build.opensuse.org/request/show/914700
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=603
2021-08-28 14:15:56 +00:00
Wolfgang Rosenauer
4f499ffe4c OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=602 2021-08-19 07:30:27 +00:00
Wolfgang Rosenauer
4416d70412 MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=601
2021-08-19 07:29:26 +00:00
Wolfgang Rosenauer
6c01889e00 - Mozilla Thunderbird 91.0.1
- appdate screenshot URL updated (by mailaender@opensuse.org)

- Mozilla Thunderbird 91.0
  * based on Mozilla's 91 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
  * Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
  * Thunderbird now operates in multi-process (e10s) mode by default
  * New user interface for adding attachments
  * Enable redirect of messages
  * CardDAV address book support
- Removed obsolete patches:
  * mozilla-bmo1463035.patch
  * mozilla-ppc-altivec_static_inline.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1554971.patch
- add mozilla-libavcodec58_91.patch
- removed obsolete BigEndian ICU build workaround
- updated build requirements
- build using clang

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=600
2021-08-19 07:16:16 +00:00
Wolfgang Rosenauer
3e12a2f698 Accepting request 912581 from home:Mailaender:branches:mozilla:Factory
https://software.opensuse.org/package/MozillaThunderbird has a broken image link

OBS-URL: https://build.opensuse.org/request/show/912581
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=599
2021-08-19 07:13:22 +00:00
Wolfgang Rosenauer
aff12d5e4e - Mozilla Thunderbird 78.13.0
* removed WeTransfer integration package (not supported by vendor
    any longer)
  MFSA 2021-35 (bsc#1188891)
  * CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29985 (bmo#1722083)
    Use-after-free media channels
  * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
    bmo#1719998, bmo#1720568)
    Memory safety bugs fixed in Thunderbird 78.13

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=598
2021-08-11 20:23:07 +00:00
Wolfgang Rosenauer
423bce9730 - Mozilla Thunderbird 78.12.0
MFSA 2021-30 (bsc#1188275)
  * CVE-2021-29969 (bmo#1682370)
    IMAP server responses sent by a MITM prior to STARTTLS could be
    processed
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=597
2021-07-14 16:25:33 +00:00
Wolfgang Rosenauer
8929208551 MFSA 2021-26 (bsc#1186696)
* CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Thunderbird 78.11

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=595
2021-06-03 21:22:55 +00:00
Wolfgang Rosenauer
7c722ac821 - Mozilla Thunderbird 78.11.0
* OpenPGP could not be disabled for an account if a key was
    previously configured
  * Recipients were unable to decrypt some messages when the sender
    had changed the message encryption from OpenPGP to S/MIME
  * Contacts moved between CardDAV address books were not synced to
    the new server
  * CardDAV compatibility fixes for Google Contacts
  MFSA 2021-
- renewed expired mozilla.keyring

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=594
2021-06-02 20:13:57 +00:00
Wolfgang Rosenauer
c697113980 Accepting request 895572 from home:AndreasStieger:branches:mozilla:Factory
add bugzilla IDs for 78.10.2 MFSA 2021-22
  * CVE-2021-29956 (boo#1186199, bmo#1710290)
  * CVE-2021-29957 (boo#1186198, bmo#1673241)

OBS-URL: https://build.opensuse.org/request/show/895572
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=593
2021-05-26 15:53:34 +00:00
Wolfgang Rosenauer
fee04cb440 - do not rely on nodejs10 anymore
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=591
2021-05-19 06:20:51 +00:00
Wolfgang Rosenauer
7175336fc8 Accepting request 891138 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 78.10.1

OBS-URL: https://build.opensuse.org/request/show/891138
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=589
2021-05-06 21:30:17 +00:00
Wolfgang Rosenauer
a828691223 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=587 2021-04-20 08:00:07 +00:00
Wolfgang Rosenauer
9e204516c2 - Mozilla Thunderbird 78.10.0
MFSA 2021-14 (bsc#1184960)
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29948 (bmo#1692899)
    Race condition when reading from disk while verifying
    signatures
- recommend libotr5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=586
2021-04-20 07:54:22 +00:00
Wolfgang Rosenauer
74378bcda4 - Mozilla Thunderbird 78.9.1
* Support recipient aliases for OpenPGP encryption
  * The key and signature parts of the message security popup on a
    received message could not be selected for copy/paste
  * Various UX and theme improvements
  MFSA 2021-13
  * CVE-2021-23991 (bmo#1673240)
    An attacker may use Thunderbird's OpenPGP key refresh mechanism
    to poison an existing key
  * MOZ-2021-23992 (bmo#1666236)
    A crafted OpenPGP key with an invalid user ID could be used to
    confuse the user
  * CVE-2021-23993 (bmo#1666360)
    Inability to send encrypted OpenPGP email after importing a
    crafted OpenPGP key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=584
2021-04-10 16:21:27 +00:00
Wolfgang Rosenauer
9e317f3906 - Mozilla Thunderbird 78.9.0
* bugfixes:
    https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes
  MFSA 2021-12 (boo#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * MOZ-2021-0002 (bmo#1691547)
    Angle graphics library out of date
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=582
2021-03-24 21:31:27 +00:00
Wolfgang Rosenauer
6c5e0317ac - Mozilla Thunderbird 78.8.1
* several bugfixes and improvements
  * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/
- updated create-tar.sh (bsc#1182357)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=580
2021-03-10 12:07:26 +00:00
Wolfgang Rosenauer
e40e7bf353 - Mozilla Thunderbird 78.8.0
* various bugfixes
  MFSA 2021-09 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23973 (bmo#1690976)
    MediaError message property could have leaked information
    about cross-origin resources
  * CVE-2021-23978 (bmo#786797, bmo#1682928, bmo#1687391,
    bmo#1687597)
    Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=578
2021-02-24 08:08:21 +00:00
Wolfgang Rosenauer
b79bfbd3a5 - Mozilla Thunderbird 78.7.1
* CardDAV address books now support OAuth2 and Google Contacts
  * Thunderbird will no longer allow installation of addons that
    use legacy APIs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=576
2021-02-05 22:43:35 +00:00
Wolfgang Rosenauer
fa9e13d8e7 - Mozilla Thunderbird 78.7.0
MFSA 2021-05 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2020-15685 (bmo#1622640)
    IMAP Response Injection when using STARTTLS
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
    bmo#1685260, bmo#1685925)
    Memory safety bugs fixed in Thunderbird 78.7

- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
  rpm versions in TW remove everything there as the first action
  of %install

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=574
2021-01-26 21:46:33 +00:00
Wolfgang Rosenauer
5c0edfa8c6 revert previous change
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=572
2021-01-13 14:46:17 +00:00
Wolfgang Rosenauer
ff0ed7bc92 - Mozilla Thunderbird 78.6.1
MFSA 2021-02 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO SCTP
    chunk

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=571
2021-01-11 22:06:38 +00:00
Wolfgang Rosenauer
a88987f6eb do not touch buildroot in %build
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=569
2020-12-16 13:32:05 +00:00
Wolfgang Rosenauer
d604cb9fa9 - Mozilla Thunderbird 78.6.0
* changes and additions in MailExtensions
  * several bugfixes
  * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
  MFSA 2020-56 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Thunderbird 78.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=568
2020-12-15 22:24:07 +00:00
Wolfgang Rosenauer
b0432050ce - Mozilla Thunderbird 78.5.1
MFSA 2020-53 (bsc#1179530)
  * CVE-2020-26970 (bmo#1677338)
    Stack overflow due to incorrect parsing of SMTP server response codes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=566
2020-12-02 16:28:42 +00:00
Wolfgang Rosenauer
4a95a320a3 - Mozilla Thunderbird 78.5.0
MFSA 2020-52 (bsc#1178894)
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security
    UI
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions
  * CVE-2020-26959 (bmo#1669466)
    Use-after-free in WebRequestService
  * CVE-2020-26960 (bmo#1670358)
    Potential use-after-free in uses of nsTArray
  * CVE-2020-15999 (bmo#1672223)
    Heap buffer overflow in freetype
  * CVE-2020-26961 (bmo#1672528)
    DoH did not filter IPv4 mapped IP Addresses
  * CVE-2020-26965 (bmo#1661617)
    Software keyboards may have remembered typed passwords
  * CVE-2020-26966 (bmo#1663571)
    Single-word search queries were also broadcast to local
    network
  * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=564
2020-11-17 14:20:30 +00:00
Wolfgang Rosenauer
808637d07c https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=562
2020-11-11 09:22:58 +00:00
Wolfgang Rosenauer
007409f510 - Mozilla Thunderbird 78.4.3
- added mozilla-rust-1.47.patch to fix build with rust 1.47

- Mozilla Thunderbird 78.4.2
  MFSA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=561
2020-11-11 09:21:39 +00:00
Wolfgang Rosenauer
db081d1533 - Mozilla Thunderbird 78.4.1
* Bugfixes and minor features
    https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=560
2020-11-08 18:36:03 +00:00
Wolfgang Rosenauer
63df217471 MFSA 2020-47 (bsc#1177872)
* CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760,
    bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=558
2020-10-21 20:18:32 +00:00
Wolfgang Rosenauer
69e75a6f77 - Mozilla Thunderbird 78.4.0
* MailExtensions: browser.tabs.sendMessage API added
  * MailExtensions: messageDisplayScripts API added
  * Yahoo and AOL mail users using password authentication will be
    migrated to OAuth2
  * MailExtensions: messageDisplay APIs extended to support multiple
    selected messages
  * MailExtensions: compose.begin functions now support creating a
    message with attachments
  * multiple bugfixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=557
2020-10-21 09:31:04 +00:00
Wolfgang Rosenauer
8d908f5892 - Mozilla Thunderbird 78.3.3
* OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP message status icons were not visible in message header pane
  * OpenPGP Key Manager was missing from Tools menu on macOS
  * Creating a new calendar event did not require an event title
- remove python2 dependencies for TW
- support wayland mode/autodetection in startup wrapper
- replace some Requires to use requires_ge macro where appropriate
- improve langpack build (as already used for Firefox)
- add ccache statistics output to build

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=555
2020-10-16 13:01:17 +00:00
Wolfgang Rosenauer
3bdd2525c1 - remove python2 dependencies for Leap 15 and TW
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=554
2020-10-08 14:14:28 +00:00
Wolfgang Rosenauer
4a103ac86f - Mozilla Thunderbird 78.3.2
* OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP: Encrypted messages with international characters were
    sometimes displayed incorrectly
  * Single-click deletion of recipient pills with middle mouse
    button restored
  * Searching an address book list did not display results
  * Dark mode, high contrast, and Windows theming fixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=552
2020-10-07 09:44:38 +00:00