Commit Graph

420 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
8e5843b066 - Mozilla Thunderbird 115.12.0
https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes
  MFSA 2024-28 (bsc#1226027)
  * CVE-2024-5702 (bmo#1193389)
    Use-after-free in networking
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123)
    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
    and Thunderbird 115.12

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=761
2024-06-17 08:14:14 +00:00
Wolfgang Rosenauer
642c037730 - Mozilla Thunderbird 115.11.1
* Added a short anonymous survey that a small number of users will
    be randomly asked to complete

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=759
2024-06-04 07:15:57 +00:00
Wolfgang Rosenauer
c53405a61a - Mozilla Thunderbird 115.11.0
MFSA 2024-23 (bsc#1224056)
  * CVE-2024-4367 (bmo#1893645)
    Arbitrary JavaScript execution in PDF.js
  * CVE-2024-4767 (bmo#1878577)
    IndexedDB files retained in private browsing mode
  * CVE-2024-4768 (bmo#1886082)
    Potential permissions request bypass via clickjacking
  * CVE-2024-4769 (bmo#1886108)
    Cross-origin responses could be distinguished between script
    and non-script content-types
  * CVE-2024-4770 (bmo#1893270)
    Use-after-free could occur when printing to PDF
  * CVE-2024-4777 (bmo#1878199, bmo#1893340)
    Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
    and Thunderbird 115.11

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=757
2024-05-17 13:37:32 +00:00
Wolfgang Rosenauer
bb96f838d2 Accepting request 1171925 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 115.10.2

OBS-URL: https://build.opensuse.org/request/show/1171925
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=755
2024-05-05 09:06:17 +00:00
Wolfgang Rosenauer
ecbf912dc5 - Mozilla Thunderbird 115.10.1
https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
  * fixed hangup introduced with 115.10.0 (bmo#1891889)

- Mozilla Thunderbird 115.10.0
  https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
  MFSA 2024-20 (bsc#1222535)
  * CVE-2024-3852 (bmo#1883542)
    GetBoundName in the JIT returned the wrong object
  * CVE-2024-3854 (bmo#1884552)
    Out-of-bounds-read after mis-optimized switch statement
  * CVE-2024-3857 (bmo#1886683)
    Incorrect JITting of arguments led to use-after-free during
    garbage collection
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-3859 (bmo#1874489)
    Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  * CVE-2024-3861 (bmo#1883158)
    Potential use-after-free due to AlignedBuffer self-move
  * CVE-2024-3863 (bmo#1885855)
    Download Protections were bypassed by .xrm-ms files on Windows
  * CVE-2024-3302 (bmo#1881183)
    Denial of Service using HTTP/2 CONTINUATION frames
  * CVE-2024-3864 (bmo#1888333)
    Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
    and Thunderbird 115.10

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=753
2024-04-20 13:14:08 +00:00
Wolfgang Rosenauer
3ba157ec15 - LLVM18 breaks building Thunderbird on Tumbleweed; add
* mozilla-fix-issues-with-llvm18.patch

- Mozilla Thunderbird 115.9.0
  https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/
  MFSA 2024-14 (bsc#1221327)
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2024-2616 (bmo#1846197)
    Improve handling of out-of-memory conditions in ICU
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
    and Thunderbird 115.9

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=751
2024-03-22 07:53:18 +00:00
Wolfgang Rosenauer
4388f6b916 - Mozilla Thunderbird 115.8.1
https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
  MFSA 2024-11
  * CVE-2024-1936 (bmo#1860977)
    Leaking of encrypted email subjects to other conversations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=749
2024-03-07 08:26:29 +00:00
Wolfgang Rosenauer
d3a997ecec Accepting request 1150189 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 115.8.0

OBS-URL: https://build.opensuse.org/request/show/1150189
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=747
2024-02-25 21:23:03 +00:00
Wolfgang Rosenauer
b28fc45f13 - Mozilla Thunderbird 115.7.0
https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/
  MFSA 2024-04 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
    Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
    and Thunderbird 115.7

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=745
2024-01-24 08:26:57 +00:00
Wolfgang Rosenauer
dc40555405 Accepting request 1137913 from home:MSirringhaus:branches:mozilla:Factory
(untested) Mozilla Thunderbird 115.6.1

OBS-URL: https://build.opensuse.org/request/show/1137913
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=743
2024-01-12 16:08:01 +00:00
Wolfgang Rosenauer
bbc012a208 - Mozilla Thunderbird 115.6.0
https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
  * Message selection misbehaved after selecting a sub-message in an
    expanded thread, collapsing the thread, then pressing up/down to
    move selection
  * Thunderbird now attempts to reconnect on a new connection after
    SMTP 4xx errors
  * HTML FileLink attachments used the wrong encoding
  MFSA 2023-55 (bsc#1217230)
  * CVE-2023-50762 (bmo#1862625)
    Truncated signed text was shown with a valid OpenPGP
    signature
  * CVE-2023-50761 (bmo#1865647)
    S/MIME signature accepted despite mismatching message date
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6862 (bmo#1868042)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=741
2023-12-20 08:34:54 +00:00
Wolfgang Rosenauer
bd13e76487 - Mozilla Thunderbird 115.5.2
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=739
2023-12-12 22:10:43 +00:00
Wolfgang Rosenauer
5835378f85 - Mozilla Thunderbird 115.5.1
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes
  * Advanced GnuPG keys may be protected with an unexpected passphrase
  * OpenPGP signatures rejected due to mismatched signature timestamp
    now display signature timestamp and clarifying message
  * Advanced address book search did not return results if display name
    was left blank
  * Clicking on attendee when inviting attendees added the attendee twice

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=737
2023-11-29 07:32:44 +00:00
Wolfgang Rosenauer
55bb2ec82a - Mozilla Thunderbird 115.5.0
https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes
  MFSA 2023-52 (bsc#)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072,
    bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=734
2023-11-23 08:14:02 +00:00
Wolfgang Rosenauer
328f51e3db - Mozilla Thunderbird 115.4.3
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.4.3/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=732
2023-11-16 09:04:06 +00:00
Wolfgang Rosenauer
1bac4101c8 - Mozilla Thunderbird 115.4.2
https://www.thunderbird.net/en-US/thunderbird/115.4.2/releasenotes
- build using rust/cargo 1.72 (1.69 about to be dropped from Factory)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=730
2023-11-08 12:10:27 +00:00
Wolfgang Rosenauer
62f65fe0ea - Mozilla Thunderbird 115.4.1
https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes
  https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes
  MFSA 2023-47 (bsc#1216338)
  * CVE-2023-5721 (bmo#1830820)
    Queued up rendering could have allowed websites to clickjack
  * CVE-2023-5732 (bmo#1690979, bmo#1836962)
    Address bar spoofing via bidirectional characters
  * CVE-2023-5724 (bmo#1836705)
    Large WebGL draw could have led to a crash
  * CVE-2023-5725 (bmo#1845739)
    WebExtensions could open arbitrary URLs
  * CVE-2023-5726 (bmo#1846205)
    Full screen notification obscured by file open dialog on macOS
  * CVE-2023-5727 (bmo#1847180)
    Download Protections were bypassed by .msix, .msixbundle,
    .appx, and .appxbundle files on Windows
  * CVE-2023-5728 (bmo#1852729)
    Improper object tracking during GC in the JavaScript engine
    could have led to a crash.
  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
    bmo#1855306, bmo#1855640, bmo#1856695)
    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
    and Thunderbird 115.4.1
- removed obsolete mozilla-bmo1846703.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=728
2023-10-25 06:36:45 +00:00
Wolfgang Rosenauer
f4ecfaed93 Accepting request 1120115 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 115.3.3

OBS-URL: https://build.opensuse.org/request/show/1120115
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=727
2023-10-24 21:00:55 +00:00
Wolfgang Rosenauer
6c4666a6b7 - Mozilla Thunderbird 115.3.2
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.3.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=725
2023-10-11 06:35:40 +00:00
Wolfgang Rosenauer
c1979ea7d9 - Mozilla Thunderbird 115.3.1
MFSA 2023-45 (bsc#1215814)
  * CVE-2023-5217 (bmo#1855550)
    Heap buffer overflow in libvpx
- Add mozilla-bmo1846703.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=723
2023-09-29 20:44:41 +00:00
Wolfgang Rosenauer
70c5946a5c - Mozilla Thunderbird 115.3.0
https://www.thunderbird.net/en-US/thunderbird/115.3.0/releasenotes
  MFSA 2023-43 (bsc#1215575)
  * CVE-2023-5168 (bmo#1846683)
    Out-of-bounds write in FilterNodeD2D1
  * CVE-2023-5169 (bmo#1846685)
    Out-of-bounds write in PathOps
  * CVE-2023-5171 (bmo#1851599)
    Use-after-free in Ion Compiler
  * CVE-2023-5174 (bmo#1848454)
    Double-free in process spawning on Windows
  * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824,
    bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983,
    bmo#1851195)
    Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
    and Thunderbird 115.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=721
2023-09-27 09:43:36 +00:00
Wolfgang Rosenauer
d383915fad - Mozilla Thunderbird 115.2.3
Bugfix release:
  https://www.thunderbird.net/en-US/thunderbird/115.2.3/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=719
2023-09-21 06:48:37 +00:00
Wolfgang Rosenauer
a81e9b4cb4 Accepting request 1110766 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 115.2.2 bsc#1215231

OBS-URL: https://build.opensuse.org/request/show/1110766
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=717
2023-09-12 21:29:55 +00:00
Wolfgang Rosenauer
98a8bbee26 - Mozilla Thunderbird 115.2.0
https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes
  MFSA 2023-38 (bsc#1214606)
  * CVE-2023-4573 (bmo#1846687)
    Memory corruption in IPC CanvasTranslator
  * CVE-2023-4574 (bmo#1846688)
    Memory corruption in IPC ColorPickerShownCallback
  * CVE-2023-4575 (bmo#1846689)
    Memory corruption in IPC FilePickerShownCallback
  * CVE-2023-4576 (bmo#1846694)
    Integer Overflow in RecordedSourceSurfaceCreation
  * CVE-2023-4577 (bmo#1847397)
    Memory corruption in JIT UpdateRegExpStatics
  * CVE-2023-4051 (bmo#1821884)
    Full screen notification obscured by file open dialog
  * CVE-2023-4578 (bmo#1839007)
    Error reporting methods in SpiderMonkey could have triggered
    an Out of Memory Exception
  * CVE-2023-4053 (bmo#1839079)
    Full screen notification obscured by external program
  * CVE-2023-4580 (bmo#1843046)
    Push notifications saved to disk unencrypted
  * CVE-2023-4581 (bmo#1843758)
    XLL file extensions were downloadable without warnings
  * CVE-2023-4582 (bmo#1773874)
    Buffer Overflow in WebGL glGetProgramiv
  * CVE-2023-4583 (bmo#1842030)
    Browsing Context potentially not cleared when closing Private
    Window
  * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=714
2023-08-31 07:59:41 +00:00
Wolfgang Rosenauer
da50d4ab72 - Mozilla Thunderbird 102.14.0
MFSA 2023-32 (bsc#1213746)
  * CVE-2023-4045 (bmo#1833876)
    Offscreen Canvas could have bypassed cross-origin restrictions
  * CVE-2023-4046 (bmo#1837686)
    Incorrect value used during WASM compilation
  * CVE-2023-4047 (bmo#1839073)
    Potential permissions request bypass via clickjacking
  * CVE-2023-4048 (bmo#1841368)
    Crash in DOMParser due to out-of-memory conditions
  * CVE-2023-4049 (bmo#1842658)
    Fix potential race conditions when releasing platform objects
  * CVE-2023-4050 (bmo#1843038)
    Stack buffer overflow in StorageManager
  * CVE-2023-4054 (bmo#1840777)
    Lack of warning when opening appref-ms files
  * CVE-2023-4055 (bmo#1782561)
    Cookie jar overflow caused unexpected cookie jar state
  * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
    bmo#1842325, bmo#1843847)
    Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
    Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=712
2023-08-03 04:29:56 +00:00
Wolfgang Rosenauer
c92ecfd31b - Mozilla Thunderbird 102.13.1
MFSA 2023-28
  * CVE-2023-3417 (bmo#1835582)
    File Extension Spoofing using the Text Direction Override Character

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=709
2023-07-26 07:30:19 +00:00
Wolfgang Rosenauer
a450a78f9c - Mozilla Thunderbird 102.13.0
* Upstream RNP version numbers now recognized as official in about:support
  MFSA 2023-24 (bsc#1212438)
  * CVE-2023-37201 (bmo#1826002)
    Use-after-free in WebRTC certificate generation
  * CVE-2023-37202 (bmo#1834711)
    Potential use-after-free from compartment mismatch in
    SpiderMonkey
  * CVE-2023-37207 (bmo#1816287)
    Fullscreen notification obscured
  * CVE-2023-37208 (bmo#1837675)
    Lack of warning when opening Diagcab files
  * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
    bmo#1836550, bmo#1837450)
    Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
    and Thunderbird 102.13
- mozilla-llvm16.patch has been applied upstream, remove it here

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=707
2023-07-08 18:44:08 +00:00
Wolfgang Rosenauer
8ab03d7649 Accepting request 1091941 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 102.12.0 bsc#1211922

OBS-URL: https://build.opensuse.org/request/show/1091941
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=705
2023-06-10 10:47:23 +00:00
Wolfgang Rosenauer
4055c03185 - Mozilla Thunderbird 102.11.2
* fixed POP3 regressions ins 102.11.1
  * https://www.thunderbird.net/en-US/thunderbird/102.11.2/releasenotes/
  Thunderbird 102.11.1
  * https://www.thunderbird.net/en-US/thunderbird/102.11.1/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=703
2023-05-27 08:18:22 +00:00
Wolfgang Rosenauer
23380907bc - Mozilla Thunderbird 102.11.0
* https://www.thunderbird.net/en-US/thunderbird/102.11.0/releasenotes
  MFSA 2023-18 (bsc#1211175)
  * CVE-2023-32205 (bmo#1753339, bmo#1753341)
    Browser prompts could have been obscured by popups
  * CVE-2023-32206 (bmo#1824892)
    Crash in RLBox Expat driver
  * CVE-2023-32207 (bmo#1826116)
    Potential permissions request bypass via clickjacking
  * CVE-2023-32211 (bmo#1823379)
    Content process crash due to invalid wasm code
  * CVE-2023-32212 (bmo#1826622)
    Potential spoof due to obscured address bar
  * CVE-2023-32213 (bmo#1826666)
    Potential memory corruption in FileReader::DoReadData()
  * CVE-2023-32214 (bmo#1828716)
    Potential DoS via exposed protocol handlers
  * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856,
    bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144,
    bmo#1827359, bmo#1830186)
    Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=701
2023-05-11 06:49:50 +00:00
Wolfgang Rosenauer
96ebf6f723 - Mozilla Thunderbird 102.10.1
* https://www.thunderbird.net/en-US/thunderbird/102.10.1/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=699
2023-04-28 10:10:31 +00:00
Wolfgang Rosenauer
7a75a56779 - Mozilla Thunderbird 102.10.0
- add mozilla-llvm16.patch trying to fix build with LLVM16

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=696
2023-04-06 13:55:17 +00:00
Wolfgang Rosenauer
b695ba5251 - Mozilla Thunderbird 102.9.1
MFSA 2023-12
  * CVE-2023-28427 (bmo#1822595)
    Matrix SDK bundled with Thunderbird vulnerable to
    denial-of-service attack

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=695
2023-03-29 12:48:43 +00:00
Wolfgang Rosenauer
3d74973d59 - add gcc13-fix.patch to support current Tumbleweed
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=693
2023-03-26 16:31:37 +00:00
Wolfgang Rosenauer
b8ddf94b52 - build using rust 1.67
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=691
2023-03-16 13:11:48 +00:00
Wolfgang Rosenauer
34b61a3e8e - Mozilla Thunderbird 102.9.0
* https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes
  MFSA 2023-11 (bsc#1209173))
  * CVE-2023-25751 (bmo#1814899)
    Incorrect code generation during JIT compilation
  * CVE-2023-28164 (bmo#1809122)
    URL being dragged from a removed cross-origin iframe into the
    same tab triggered navigation
  * CVE-2023-28162 (bmo#1811327)
    Invalid downcast in Worklets
  * CVE-2023-25752 (bmo#1811627)
    Potential out-of-bounds when accessing throttled streams
  * CVE-2023-28163 (bmo#1817768)
    Windows Save As dialog resolved environment variables
  * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904,
    bmo#1817442, bmo#1818674)
    Memory safety bugs fixed in Thunderbird 102.9
- update create-tar.sh

- Ensure gcc11-c++ gets used on Leap 15.5, too.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=690
2023-03-16 10:35:50 +00:00
Wolfgang Rosenauer
7e7b48d551 - Mozilla Thunderbird 102.8.0
* https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes
  MFSA 2023-07 (bsc#1208144)
  * CVE-2023-0616 (bmo#1806507)
    User Interface lockup with messages combining S/MIME and OpenPGP
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Thunderbird with
    some device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25742 (bmo#1813424)
    Web Crypto ImportKey crashes tab
  * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628,
    bmo#1810536)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=688
2023-02-19 09:41:40 +00:00
Wolfgang Rosenauer
c38dd3ccb4 - Mozilla Thunderbird 102.7.2
* Various crash fixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=686
2023-02-08 08:58:24 +00:00
Wolfgang Rosenauer
2f400cc863 - Mozilla Thunderbird 102.7.1
* Microsoft Office 365 accounts were unable to authenticate
  * https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/
  MFSA 2023-04
  * CVE-2023-0430 (bmo#1769000)
    Revocation status of S/Mime signature certificates was not checked
- update create-tar.sh

- Mozilla Thunderbird 102.7.0
  https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/
  MFSA 2023-03 (bsc#1207119)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=684
2023-02-01 07:54:38 +00:00
Wolfgang Rosenauer
6d02f7716c - Mozilla Thunderbird 102.6.1
* Remote content did not load in user-defined signatures
  * Addons that added new action buttons were not shown for addon
    upgrades, requiring removal and reinstall
  * Various stability improvements
  MFSA 2022-54
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=682
2022-12-22 07:44:57 +00:00
Wolfgang Rosenauer
16ebad9cce - Mozilla Thunderbird 102.6.0
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
  MFSA 2022-53 (bsc#1206242)
  * CVE-2022-46880 (bmo#1749292)
    Use-after-free in WebGL
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46881 (bmo#1770930)
    Memory corruption in WebGL
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46882 (bmo#1789371)
    Use-after-free in WebGL
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Thunderbird 102.6
- removed obsolete patches
  mozilla-newer-cbindgen.patch
  mozilla-glibc236.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=680
2022-12-13 21:35:47 +00:00
Wolfgang Rosenauer
8e5a394a01 - Mozilla Thunderbird 102.5.1
MFSA 2022-50
  * CVE-2022-45414 (bmo#1788096)
    Quoting from an HTML email with certain tags will trigger network
    requests and load remote content, regardless of a configuration
    to block remote content

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=678
2022-12-01 21:40:36 +00:00
Wolfgang Rosenauer
d0799f3ab3 - Mozilla Thunderbird 102.5.0
* changes and fixes as described here
    https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes
  MFSA 2022-49 (bsc#1205270)
  * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45416 (bmo#1793676)
    Keystroke Side-Channel Leakage
  * CVE-2022-45418 (bmo#1795815)
    Custom mouse cursor could have been drawn over browser UI
  * CVE-2022-45420 (bmo#1792643)
    Iframe contents could be rendered outside the iframe
  * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
    Memory safety bugs fixed in Thunderbird 102.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=676
2022-11-16 13:42:05 +00:00
Wolfgang Rosenauer
ed89d64079 - Mozilla Thunderbird 102.4.2
* "Address Book" button in Account Central will now create a
    CardDAV address book instead of a local address book
  * Bugfixes as described here
    https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=674
2022-11-05 16:23:19 +00:00
Wolfgang Rosenauer
9e67c8336c - Mozilla Thunderbird 102.4.1
* Thunderbird will now catch and report errors parsing vCards
    that contain incorrectly formatted dates
  * Dynamic language switching did not update interface when switched
    to right-to-left languages
  * Custom header data was discarded after messages were saved as
    draft and reopened
  * -remote command line argument did not work, affecting integration
    with various applications such as LibreOffice
  * Messages received via some SMS-to-email services could not
    display images
  * VCards with nickname field set could not be edited
  * Some recurring events were missing from Agenda on first load
  * Download requests for remote ICS calendars incorrectly set
    "Accept" header to text/xml
  * Monthly events created on the 31st of a month with <30 days placed
    first occurrence 1-2 days after the beginning of the following month
  * Various visual and UX improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=672
2022-10-26 20:45:06 +00:00
Wolfgang Rosenauer
3e0fc541fd - Mozilla Thunderbird 102.4.0
https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=668
2022-10-20 06:20:46 +00:00
Wolfgang Rosenauer
2d8a6701f6 - Mozilla Thunderbird 102.3.3
* Option added to show containing address book for a contact when
    using All Address Books in vertical mode
  * Thunderbird will try to use POP NTLM authentication even if
    not advertised by server
  * Task List and Today Pane sidebars will no longer load when not visible
  * bugfixes as documented here
    https://www.thunderbird.net/en-US/thunderbird/102.3.3/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=666
2022-10-12 12:12:47 +00:00
Wolfgang Rosenauer
2465bafb74 - Mozilla Thunderbird 102.3.2
* Thunderbird will try to use POP CRAM-MD5 authentication even if
    not advertised by server
  * more bugfixes as in
    https://www.thunderbird.net/en-US/thunderbird/102.3.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=664
2022-10-09 07:59:44 +00:00
Wolfgang Rosenauer
a9ff5c5ba4 - build using rust 1.63
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=662
2022-10-03 14:41:37 +00:00
Wolfgang Rosenauer
87caf19955 - Mozilla Thunderbird 102.3.1
* Compose window encryption options now only appear for encryption
    technologies that have already been configured
  * Number of contacts in currently selected address book now
    displayed at bottom of Address Book list column
  Fixes
  * Password prompt did not include server hostname for POP servers
  * Edit Contact was missing from Contacts sidebar context menus
  * Address Book contact lists cut off display of some characters,
    the result being unreadable
  MFSA 2022-43
  * CVE-2022-39249 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack by malicious server administrators
  * CVE-2022-39250 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a device
    verification attack
  * CVE-2022-39251 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack
  * CVE-2022-39236 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a data
    corruption issue

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=660
2022-10-02 16:53:19 +00:00