Commit Graph

366 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
8f09505c5b Accepting request 792897 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.7.0

OBS-URL: https://build.opensuse.org/request/show/792897
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=524
2020-04-10 08:30:57 +00:00
Wolfgang Rosenauer
56310e4a94 - Mozilla Thunderbird 68.6.0
MFSA 2020-10 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636,
    bmo#1614339)
    Memory safety bugs fixed in Thunderbird 68.6
- requires NSS >= 3.44.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=522
2020-03-14 13:26:42 +00:00
Wolfgang Rosenauer
b44fdf6e1e - Mozilla Thunderbird 68.5.0
New
  * Support for Client Identity IMAP/SMTP Service Extension
  * Support for OAuth 2.0 authentication for POP3 accounts
  Fixes
  * Status area goes blank during account setup
  * Calendar: Could not remove color for default categories
  * Calendar: Prevent calendar component loading multiple times
  * Calendar: Today pane did not retain width between sessions
  MFSA 2020-07 (bsc#1163368)
  * CVE-2020-6793 (bmo#1608539)
    Out-of-bounds read when processing certain email messages
  * CVE-2020-6794 (bmo#1606619)
    Setting a master password post-Thunderbird 52 does not delete
    unencrypted previously stored passwords
  * CVE-2020-6795 (bmo#1611105)
    Crash processing S/MIME messages with multiple signatures
  * CVE-2020-6797 (bmo#1596668) (Mac OSX only)
    Extensions granted downloads.open permission could open arbitrary
    applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript injection
  * CVE-2020-6792 (bmo#1609607)
    Message ID calculcation was based on uninitialized data
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
    bmo#1608580,bmo#1608785,bmo#1605777)
    Memory safety bugs fixed in Thunderbird 68.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=520
2020-02-11 20:44:27 +00:00
Wolfgang Rosenauer
4f424022cb Accepting request 769375 from home:hellcp:branches:mozilla:Factory
- Use a symbolic icon from branding internals

OBS-URL: https://build.opensuse.org/request/show/769375
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=518
2020-02-02 19:22:31 +00:00
Wolfgang Rosenauer
88ea2f535a - Mozilla Thunderbird 68.4.2
* Calendar: Task and Event tree colours adjusted for the dark theme
  * Retrieval of S/MIME certificates from LDAP failed
  * Address-parsing crash on some IMAP servers when
    mail.imap.use_envelope_cmd is set
  * Incorrect forwarding of HTML messages caused SMTP servers to
    respond with a timeout
  * Calendar: Various parts of the calendar UI stopped working when
    a second Thunderbird window opened

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=516
2020-01-27 10:15:48 +00:00
Wolfgang Rosenauer
c3ae989234 - removed obsolete patch mozilla-bmo1511604.patch
- added mozilla-bmo1602730.patch to fix LE<->BE issues in the
  platform (bmo#1602730)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=514
2020-01-11 08:43:34 +00:00
Wolfgang Rosenauer
424175f38c MFSA 2020-04 (bsc#1160498, bsc#1160305)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=513
2020-01-11 08:36:41 +00:00
Wolfgang Rosenauer
5d0ef2ba91 - Mozilla Thunderbird 68.4.1
* Various improvements when setting up an account for a Microsoft
    Exchange server: Now offers IMAP/SMTP if available, better
    detection for Office 365 accounts; re-run configuration after
    password change
  Fixes:
  * After changing view layout, the message display pane showed
    garbled content under some circumstances
  * Various theme changes to achieve "pixel perfection": Unread icon,
    "no results" icon, paragraph format and font selector, background
    of folder summary tooltip
  * Tags were lost on messages in shared IMAP folders under some
    circumstances
  * Calendar: Event attendee dialog was not displayed correctly
  MFSA 2020-04  (bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content process
    initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content process
    initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=512
2020-01-10 15:53:07 +00:00
Wolfgang Rosenauer
1c4a233447 - add mozilla-bmo1583471.patch to allow building with rust 1.39
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=510
2019-12-27 17:27:22 +00:00
Wolfgang Rosenauer
8e55c5b577 - Mozilla Thunderbird 68.3.1
* In dark theme unread messages no longer shown in blue to
  Bugfixes
  * Message navigation with backward and forward buttons did not work
    in some circumstances

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=509
2019-12-20 22:23:27 +00:00
Wolfgang Rosenauer
82acc8435a Accepting request 758641 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.3.1

OBS-URL: https://build.opensuse.org/request/show/758641
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=508
2019-12-20 22:19:58 +00:00
Wolfgang Rosenauer
a576d140ab OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=506 2019-12-06 14:25:41 +00:00
Wolfgang Rosenauer
7a99e99658 - Mozilla Thunderbird 68.3.0:
* Message display toolbar action WebExtension API
  * Navigation buttons are now available in content tabs, for example
    those opened via an add-on search
  * other bugfixes
  MFSA 2019-38
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
- changed locale building procedure
  * removed obsolete compare-locales.tar.xz and
    thunderbird-broken-locales-build.patch
- add mozilla-bmo849632.patch to fix color issues on big endian

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=505
2019-12-05 22:21:05 +00:00
Wolfgang Rosenauer
a87ea0756c Accepting request 747028 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.2.2

OBS-URL: https://build.opensuse.org/request/show/747028
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=503
2019-11-09 21:30:38 +00:00
Wolfgang Rosenauer
c11ba0a0ad - Mozilla Thunderbird 68.2.1
* A language for the user interface can now be chosen in the
    advanced settings (multilingual UI)
  * Fixed problem with Google authentication (OAuth2)
  * Selected or unread messages were not shown in the correct color
    in the thread pane (message list) under some circumstances
  * When using a language pack, names of standard folders weren't
    localized (boo#1149126)
  * Address book default startup directory in preferences panel was
    not persisted
  * Chat: Extended context menu on Instant messaging status dialog
    (Show Accounts)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=501
2019-11-01 13:32:38 +00:00
Wolfgang Rosenauer
6fd5201f1c - Mozilla Thunderbird 68.2.0
* Message Display WebExtension API
  * Message Search WebExtension API
  * Better visual feedback for unread messages when using the dark theme
  * Fixed various issues when editing mailing list
  * Fixed application windows not maintaining their size after restart
  MFSA 2019-33 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
    bmo#1581950, bmo#1583463, bmo#1586599)
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed obsolete patches
    mozilla-bmo1573381.patch
    mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=499
2019-10-23 13:33:15 +00:00
Wolfgang Rosenauer
1fd97561e6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=497 2019-10-11 13:15:29 +00:00
Wolfgang Rosenauer
44771bf8fd - Mozilla Thunderbird 68.1.2
Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=496
2019-10-11 12:48:56 +00:00
Wolfgang Rosenauer
7583f45f65 Accepting request 733853 from home:AndreasStieger:branches:mozilla:Factory
add reference to boo#1152375

OBS-URL: https://build.opensuse.org/request/show/733853
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=494
2019-09-28 14:45:00 +00:00
Wolfgang Rosenauer
d20afb31b3 MFSA 2019-32
* CVE-2019-11755 (bmo#1240290)
    Spoofing a message author via a crafted S/MIME message

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=493
2019-09-26 19:04:16 +00:00
Wolfgang Rosenauer
3a3fedfe3f mozilla-bmo1512162.patch
thunderbird-broken-locales-build.patch
   thunderbird-locale-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=492
2019-09-26 08:29:27 +00:00
Wolfgang Rosenauer
013a53c81d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=491 2019-09-25 15:30:17 +00:00
Wolfgang Rosenauer
7920c81c06 - Mozilla Thunderbird 68.1.1
Bugfixes
  * Issues with attachments in IMAP messages
  * Gmail accounts ignored a non-standard trash folder selection
  * Entering/pasting lists of recipients into the addressing widget or
    mailing list not working reliably, especially when lists contained
    multiple commas or semicolons
  * Edit mailing list not working
  * Various theme fixes, especially dark theme improvements for Calendar
  * Contrast between tag label and background not optimal
  * Account Central pane always loaded at start-up
  * "Config Editor" button not removed if blocked by policy
  * Calendar: Free/busy information in attendees dialog not scrolled
    correctly. Note: Scroll arrows still not behaving correctly
- require nodejs8 instead of generic nodejs for better cross-distribution
  support
- call desktop database update on install
- updated translations-other locale list
- build correct ICU for Big Endian
- remove kde.js since disabling instantApply breaks extensions and
  is obsolete with the move to HTML views for preferences (boo#1151186)
- update create-tar.sh to latest revision and adjust tar_stamps
- added platform patches from Firefox 68esr
   mozilla-bmo1005535.patch
   mozilla-bmo1463035.patch
   mozilla-bmo1504834-part1.patch
   mozilla-bmo1504834-part2.patch
   mozilla-bmo1504834-part3.patch
   mozilla-bmo1511604.patch
   mozilla-bmo1554971.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=490
2019-09-25 15:13:22 +00:00
Wolfgang Rosenauer
f56d76b94f Accepting request 732309 from home:AndreasStieger:branches:mozilla:Factory
add some bugzilla references

OBS-URL: https://build.opensuse.org/request/show/732309
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=489
2019-09-21 15:27:38 +00:00
Wolfgang Rosenauer
22ec736272 Accepting request 732226 from home:munix9
repack the lightning xpi with all available locales (boo#939153) (lp#545778)

OBS-URL: https://build.opensuse.org/request/show/732226
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=488
2019-09-20 17:52:56 +00:00
Wolfgang Rosenauer
28408893c0 Accepting request 732134 from home:marxin:branches:mozilla:Factory
- Add fix-top-level-asm-issue.patch in order to fix LTO build.
- Enable LTO on TW on x86_64.
- Use GCC.

OBS-URL: https://build.opensuse.org/request/show/732134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=487
2019-09-20 11:19:56 +00:00
Wolfgang Rosenauer
558b06a6a9 Accepting request 732106 from home:bmwiedemann:branches:mozilla:Factory
added mozilla-bmo1568145.patch to make builds reproducible (boo#1047218)

OBS-URL: https://build.opensuse.org/request/show/732106
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=486
2019-09-20 10:17:10 +00:00
Wolfgang Rosenauer
9ea16a1def OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=484 2019-09-14 08:48:16 +00:00
Wolfgang Rosenauer
08fe2a30d3 - Mozilla Thunderbird 68.1.0
add-on is required for this account type. IMAP still exists as
    alternative.
  * several bugfixes
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
    ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build

- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.

- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483
2019-09-13 20:15:12 +00:00
Wolfgang Rosenauer
b26a281145 - Mozilla Thunderbird 60.9.0
* Offer to configure Exchange accounts for Office365. A third-party
    add-on is required for this account type. IMAP still exists as alternative.
  MFSA 2019-27
  * Use-after-free while manipulating video
    CVE-2019-11746 (bmo#1564449)
  * XSS by breaking out of title and textarea elements using innerHTML
    CVE-2019-11744 (bmo#1562033)
  * Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
    CVE-2019-11742 (bmo#1559715)
  * Use-after-free while extracting a key value in IndexedDB
    CVE-2019-11752 (bmo#1501152)
  * Sandbox escape through Firefox Sync
    CVE-2019-9812 (bmo#1538008, bmo#1538015)
  * Cross-origin access to unload event attributes
    CVE-2019-11743 (bmo#1560495)
    Navigation-Timing Level 2 specification
  * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
    CVE-2019-11740 (bmo#1563133, bmo#1573160)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=482
2019-09-06 12:24:37 +00:00
Wolfgang Rosenauer
0830f41da7 Accepting request 720219 from home:psych0naut:branches:mozilla:Factory
Update package summary, description, and AppData using more informative and up-to-date text from the official Thunderbird FAQ, replacing obsolete references to the Mozilla Application Suite, the Mozilla website, and Thunderbird's relation to the Mozilla organization.

OBS-URL: https://build.opensuse.org/request/show/720219
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=480
2019-08-02 20:55:56 +00:00
Wolfgang Rosenauer
191740d32d - Mozilla Thunderbird 60.8.0
* Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
    Thunderbird 60.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=478
2019-07-12 06:49:32 +00:00
Wolfgang Rosenauer
1bf9c22999 Accepting request 714441 from home:bmwiedemann:branches:mozilla:Factory
Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

OBS-URL: https://build.opensuse.org/request/show/714441
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=477
2019-07-11 13:06:47 +00:00
Wolfgang Rosenauer
afa9155927 - Mozilla Thunderbird 60.7.2
MFSA 2019-20 (boo#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=475
2019-06-21 08:30:37 +00:00
Wolfgang Rosenauer
235879bf00 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=473 2019-06-14 05:51:33 +00:00
Wolfgang Rosenauer
8ac8c83ee3 * fixed: No prompt for smartcard PIN when S/MIME signing is used
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=472
2019-06-14 05:43:50 +00:00
Wolfgang Rosenauer
68b80ea39c - Mozilla Thunderbird 60.7.1
MFSA 2019-17 (boo#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=471
2019-06-14 05:42:27 +00:00
Wolfgang Rosenauer
04f1d004f6 Accepting request 708966 from home:aaronpuchert
Increase disk space requirements in _constraints, because some builds have run out of disk space on x86_64.

OBS-URL: https://build.opensuse.org/request/show/708966
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=470
2019-06-12 13:56:51 +00:00
Wolfgang Rosenauer
35447776a4 - Mozilla Thunderbird 60.7.0
* Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=468
2019-05-25 20:31:48 +00:00
Wolfgang Rosenauer
35edb05724 Accepting request 697618 from home:marxin:branches:mozilla:Factory
Disable LTO (boo#1133267).

OBS-URL: https://build.opensuse.org/request/show/697618
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=466
2019-04-24 20:43:44 +00:00
Wolfgang Rosenauer
9abb96db9b OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=464 2019-03-30 15:57:20 +00:00
Wolfgang Rosenauer
1c30fa795c - Add patch to fix build using rust-1.33: (boo#1130694)
* mozilla-bmo1519629.patch (bmo#1519629)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=463
2019-03-30 11:50:20 +00:00
Wolfgang Rosenauer
fa5d322d3e - Add patch to fix build using rust-1.33:
* mozilla-bmo1519629.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=462
2019-03-30 11:48:53 +00:00
Wolfgang Rosenauer
3e2908cf21 - Mozilla Thunderbird 60.6.1
MFSA 2019-12 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=460
2019-03-27 16:08:50 +00:00
Wolfgang Rosenauer
82c07d74ff - Mozilla Thunderbird 60.6.0
* Calendar: Can't create repeating event with end date when using
    certain time zones, for example Europe/Minsk
  * some minor bugfixes
  * using 60.6.0esr Mozilla platform (bsc#1129821)

- Mozilla Thunderbird 60.5.3
  * fixed a regression on the Windows platform:
    Problem when using "Send to > Mail recipient" on Windows

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=458
2019-03-20 21:48:06 +00:00
Wolfgang Rosenauer
6fbce4789b - Mozilla Thunderbird 60.5.2
* UTF-8 support for MAPISendMail
  * Problem with S/MIME certificate verification when receiving email
    from Outlook (issue introduced in version 60.5.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=456
2019-02-26 17:37:51 +00:00
Wolfgang Rosenauer
e67981f7a0 - Mozilla Thunderbird 60.5.1
* CalDav access to some servers not working
  MFSA 2019-06 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18335 bmo#1525815
    Buffer overflow in Skia with accelerated Canvas 2D
  * CVE-2018-18509 bmo#1507218
    S/MIME signature spoofing
- Mozilla Thunderbird 60.5.0:

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=454
2019-02-14 22:12:08 +00:00
Wolfgang Rosenauer
d7db4b785d MFSA 2019-03 (bsc#1122983)
* CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=452
2019-01-29 21:58:55 +00:00
Wolfgang Rosenauer
126ce832a3 changelog (security related) missing still
- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches
  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs
  * CVE-2018-18498 bmo#1500011
    Integer overflow when calculating buffer sizes for images

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=451
2019-01-29 19:03:55 +00:00
Wolfgang Rosenauer
8cd0088de8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=449 2018-12-21 21:20:17 +00:00