Commit Graph

816 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
ed89d64079 - Mozilla Thunderbird 102.4.2
* "Address Book" button in Account Central will now create a
    CardDAV address book instead of a local address book
  * Bugfixes as described here
    https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=674
2022-11-05 16:23:19 +00:00
Dominique Leuenberger
50fd6a6a10 Accepting request 1031395 from mozilla:Factory
- Mozilla Thunderbird 102.4.1
  * Thunderbird will now catch and report errors parsing vCards
    that contain incorrectly formatted dates
  * Dynamic language switching did not update interface when switched
    to right-to-left languages
  * Custom header data was discarded after messages were saved as
    draft and reopened
  * -remote command line argument did not work, affecting integration
    with various applications such as LibreOffice
  * Messages received via some SMS-to-email services could not
    display images
  * VCards with nickname field set could not be edited
  * Some recurring events were missing from Agenda on first load
  * Download requests for remote ICS calendars incorrectly set
    "Accept" header to text/xml
  * Monthly events created on the 31st of a month with <30 days placed
    first occurrence 1-2 days after the beginning of the following month
  * Various visual and UX improvements

OBS-URL: https://build.opensuse.org/request/show/1031395
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=296
2022-10-28 17:28:39 +00:00
Wolfgang Rosenauer
9e67c8336c - Mozilla Thunderbird 102.4.1
* Thunderbird will now catch and report errors parsing vCards
    that contain incorrectly formatted dates
  * Dynamic language switching did not update interface when switched
    to right-to-left languages
  * Custom header data was discarded after messages were saved as
    draft and reopened
  * -remote command line argument did not work, affecting integration
    with various applications such as LibreOffice
  * Messages received via some SMS-to-email services could not
    display images
  * VCards with nickname field set could not be edited
  * Some recurring events were missing from Agenda on first load
  * Download requests for remote ICS calendars incorrectly set
    "Accept" header to text/xml
  * Monthly events created on the 31st of a month with <30 days placed
    first occurrence 1-2 days after the beginning of the following month
  * Various visual and UX improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=672
2022-10-26 20:45:06 +00:00
Dominique Leuenberger
b18f74fe55 Accepting request 1030583 from mozilla:Factory
MFSA 2022-46 (bsc#1203477)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox 106, Firefox ESR 102.4 and
    Thunderbird 102.4.0

OBS-URL: https://build.opensuse.org/request/show/1030583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=295
2022-10-24 09:12:46 +00:00
Wolfgang Rosenauer
0268b45410 MFSA 2022-46 (bsc#1203477)
* CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox 106, Firefox ESR 102.4 and
    Thunderbird 102.4.0

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=670
2022-10-23 08:54:57 +00:00
Dominique Leuenberger
113b18ccaa Accepting request 1030125 from mozilla:Factory
- Mozilla Thunderbird 102.4.0
  https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1030125
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=294
2022-10-22 12:12:48 +00:00
Wolfgang Rosenauer
3e0fc541fd - Mozilla Thunderbird 102.4.0
https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=668
2022-10-20 06:20:46 +00:00
Dominique Leuenberger
66a41ade77 Accepting request 1010277 from mozilla:Factory
- Mozilla Thunderbird 102.3.3
  * Option added to show containing address book for a contact when
    using All Address Books in vertical mode
  * Thunderbird will try to use POP NTLM authentication even if
    not advertised by server
  * Task List and Today Pane sidebars will no longer load when not visible
  * bugfixes as documented here
    https://www.thunderbird.net/en-US/thunderbird/102.3.3/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1010277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=293
2022-10-13 13:40:03 +00:00
Wolfgang Rosenauer
2d8a6701f6 - Mozilla Thunderbird 102.3.3
* Option added to show containing address book for a contact when
    using All Address Books in vertical mode
  * Thunderbird will try to use POP NTLM authentication even if
    not advertised by server
  * Task List and Today Pane sidebars will no longer load when not visible
  * bugfixes as documented here
    https://www.thunderbird.net/en-US/thunderbird/102.3.3/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=666
2022-10-12 12:12:47 +00:00
Fabian Vogt
86b78c782b Accepting request 1009070 from mozilla:Factory
- Mozilla Thunderbird 102.3.2
  * Thunderbird will try to use POP CRAM-MD5 authentication even if
    not advertised by server
  * more bugfixes as in
    https://www.thunderbird.net/en-US/thunderbird/102.3.2/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1009070
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=292
2022-10-10 16:46:30 +00:00
Wolfgang Rosenauer
2465bafb74 - Mozilla Thunderbird 102.3.2
* Thunderbird will try to use POP CRAM-MD5 authentication even if
    not advertised by server
  * more bugfixes as in
    https://www.thunderbird.net/en-US/thunderbird/102.3.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=664
2022-10-09 07:59:44 +00:00
Richard Brown
9b58affb8c Accepting request 1007697 from mozilla:Factory
- build using rust 1.63

OBS-URL: https://build.opensuse.org/request/show/1007697
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=291
2022-10-04 18:37:03 +00:00
Wolfgang Rosenauer
a9ff5c5ba4 - build using rust 1.63
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=662
2022-10-03 14:41:37 +00:00
Dominique Leuenberger
f059dfb3c3 Accepting request 1007573 from mozilla:Factory
- Mozilla Thunderbird 102.3.1
  * Compose window encryption options now only appear for encryption
    technologies that have already been configured
  * Number of contacts in currently selected address book now
    displayed at bottom of Address Book list column
  Fixes
  * Password prompt did not include server hostname for POP servers
  * Edit Contact was missing from Contacts sidebar context menus
  * Address Book contact lists cut off display of some characters,
    the result being unreadable
  MFSA 2022-43
  * CVE-2022-39249 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack by malicious server administrators
  * CVE-2022-39250 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a device
    verification attack
  * CVE-2022-39251 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack
  * CVE-2022-39236 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a data
    corruption issue

OBS-URL: https://build.opensuse.org/request/show/1007573
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=290
2022-10-03 11:43:50 +00:00
Wolfgang Rosenauer
87caf19955 - Mozilla Thunderbird 102.3.1
* Compose window encryption options now only appear for encryption
    technologies that have already been configured
  * Number of contacts in currently selected address book now
    displayed at bottom of Address Book list column
  Fixes
  * Password prompt did not include server hostname for POP servers
  * Edit Contact was missing from Contacts sidebar context menus
  * Address Book contact lists cut off display of some characters,
    the result being unreadable
  MFSA 2022-43
  * CVE-2022-39249 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack by malicious server administrators
  * CVE-2022-39250 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a device
    verification attack
  * CVE-2022-39251 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack
  * CVE-2022-39236 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a data
    corruption issue

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=660
2022-10-02 16:53:19 +00:00
Dominique Leuenberger
1f09b0b77d Accepting request 1005289 from mozilla:Factory
- Mozilla Thunderbird 102.3.0
  https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
  * Thunderbird will no longer attempt to import account passwords
    when importing from another Thunderbird profile in order to
    prevent profile corruption and permanent data loss. (bmo#1790605)
  * Devtools performance profile will use Thunderbird presets
    instead of Web Developer presets (bmo#1785954)
  * Thunderbird startup performance improvements (bmo#1785967)
  * Saving email source and images failed (bmo#1777323, bmo#1778804)
  * Error message was shown repeatedly when temporary disk
    space was full (bmo#1788580)
  * Attaching OpenPGP keys without a set size to non-encrypted
    messages briefly displayed a size of zero bytes (bmo#1788952)
  * Global Search entry box initially contained "undefined" (bmo#1780963)
  * Delete from POP Server mail filter rule intermittently
    failed to trigger (bmo#1789418)
  * Connections to POP3 servers without UIDL support failed (bmo#1789314)
  * Pop accounts with "Fetch headers only" set downloaded complete
    messages if server did not advertise TOP capability (bmo#1789356)
  * "File -> New -> Address Book Contact" from Compose window did
    not work (bmo#1782418)
  * Attach "My vCard" option in compose window was not available
    (bmo#1787614)
  * Improved performance of matching a contact to an email address
    (bmo#1782725)
  * Address book only recognized a contact's first two email
    addresses (bmo#1777156)
  * Address book search and autocomplete failed if a contact vCard
    could not be parsed (bmo#1789793)
  * Downloading NNTP messages for offline use failed (bmo#1785773)

OBS-URL: https://build.opensuse.org/request/show/1005289
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=289
2022-09-23 12:14:26 +00:00
Wolfgang Rosenauer
70aadd9160 MFSA 2022-42 (bsc#1203477)
* CVE-2022-40959 (bmo#1782211)
    Bypassing FeaturePolicy restrictions on transient pages
  * CVE-2022-40960 (bmo#1787633)
    Data-race when parsing non-UTF-8 URLs in threads
  * CVE-2022-40958 (bmo#1779993)
    Bypassing Secure Context restriction for cookies with __Host
    and __Secure prefix
  * CVE-2022-40956 (bmo#1770094)
    Content-Security-Policy base-uri bypass
  * CVE-2022-40957 (bmo#1777604)
    Incoherent instruction cache when building WASM on ARM64
  * CVE-2022-3155 (bmo#1789061)
    Attachment files saved to disk on macOS could be executed
    without warning
  * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574, bmo#1784835,
    bmo#1785109, bmo#1786502, bmo#1789440)
    Memory safety bugs fixed in Thunderbird 102.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=658
2022-09-21 21:04:50 +00:00
Wolfgang Rosenauer
b9d27af2da - Mozilla Thunderbird 102.3.0
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
  * Thunderbird will no longer attempt to import account passwords
    when importing from another Thunderbird profile in order to
    prevent profile corruption and permanent data loss. (bmo#1790605)
  * Devtools performance profile will use Thunderbird presets
    instead of Web Developer presets (bmo#1785954)
  * Thunderbird startup performance improvements (bmo#1785967)
  * Saving email source and images failed (bmo#1777323, bmo#1778804)
  * Error message was shown repeatedly when temporary disk
    space was full (bmo#1788580)
  * Attaching OpenPGP keys without a set size to non-encrypted
    messages briefly displayed a size of zero bytes (bmo#1788952)
  * Global Search entry box initially contained "undefined" (bmo#1780963)
  * Delete from POP Server mail filter rule intermittently
    failed to trigger (bmo#1789418)
  * Connections to POP3 servers without UIDL support failed (bmo#1789314)
  * Pop accounts with "Fetch headers only" set downloaded complete
    messages if server did not advertise TOP capability (bmo#1789356)
  * "File -> New -> Address Book Contact" from Compose window did
    not work (bmo#1782418)
  * Attach "My vCard" option in compose window was not available
    (bmo#1787614)
  * Improved performance of matching a contact to an email address
    (bmo#1782725)
  * Address book only recognized a contact's first two email
    addresses (bmo#1777156)
  * Address book search and autocomplete failed if a contact vCard
    could not be parsed (bmo#1789793)
  * Downloading NNTP messages for offline use failed (bmo#1785773)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=657
2022-09-20 21:03:11 +00:00
Dominique Leuenberger
14a3407ee3 Accepting request 1001927 from mozilla:Factory
- Mozilla Thunderbird 102.2.2
  https://www.thunderbird.net/en-US/thunderbird/102.2.2/releasenotes/
  * Setting added to change Calendar event double-click action to
    open Edit Event dialog rather than view only;
    Set calendar.events.defaultActionEdit to true
  * Running Compact Folders on maildir folders caused a redownload
    of all messages in the folder
  * Accessing mail folders in profiles with many folders was slow
  * SMTP servers were not always properly initialized, and were not
    listed in Account Settings
  * APOP authentication unsupported when connecting to POP3 server
  * OpenPGP key discovery failed
  * POP accounts hosted by AOL were not able to authenticate using OAuth2
  * Unable to open context menu in newsgroups header for groups
    that are not subscribed

OBS-URL: https://build.opensuse.org/request/show/1001927
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=288
2022-09-09 16:22:38 +00:00
Wolfgang Rosenauer
247125c160 - Mozilla Thunderbird 102.2.2
https://www.thunderbird.net/en-US/thunderbird/102.2.2/releasenotes/
  * Setting added to change Calendar event double-click action to
    open Edit Event dialog rather than view only;
    Set calendar.events.defaultActionEdit to true
  * Running Compact Folders on maildir folders caused a redownload
    of all messages in the folder
  * Accessing mail folders in profiles with many folders was slow
  * SMTP servers were not always properly initialized, and were not
    listed in Account Settings
  * APOP authentication unsupported when connecting to POP3 server
  * OpenPGP key discovery failed
  * POP accounts hosted by AOL were not able to authenticate using OAuth2
  * Unable to open context menu in newsgroups header for groups
    that are not subscribed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=655
2022-09-08 09:47:43 +00:00
Dominique Leuenberger
61e1c5b9ce Accepting request 1000596 from mozilla:Factory
- Mozilla Thunderbird 102.2.1
  MFSA 2022-38 (bsc#1203007)
  * CVE-2022-3033 (bmo#1784838)
    Leaking of sensitive information when composing a response to
    an HTML email with a META refresh tag
  * CVE-2022-3032 (bmo#1783831)
    Remote content specified in an HTML document that was nested
    inside an iframe's srcdoc attribute was not blocked
  * CVE-2022-3034 (bmo#1745751)
    An iframe element in an HTML email could trigger a network
    request
  * CVE-2022-36059 (bmo#1787741)
    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
    service attack

OBS-URL: https://build.opensuse.org/request/show/1000596
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=287
2022-09-02 19:56:12 +00:00
Wolfgang Rosenauer
bff7539280 - Mozilla Thunderbird 102.2.1
MFSA 2022-38 (bsc#1203007)
  * CVE-2022-3033 (bmo#1784838)
    Leaking of sensitive information when composing a response to
    an HTML email with a META refresh tag
  * CVE-2022-3032 (bmo#1783831)
    Remote content specified in an HTML document that was nested
    inside an iframe's srcdoc attribute was not blocked
  * CVE-2022-3034 (bmo#1745751)
    An iframe element in an HTML email could trigger a network
    request
  * CVE-2022-36059 (bmo#1787741)
    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
    service attack

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=653
2022-09-01 07:38:48 +00:00
Dominique Leuenberger
080375fd1c Accepting request 999347 from mozilla:Factory
- Mozilla Thunderbird 102.2.0
  * https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/
  MFSA 2022-36 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38476 (bmo#1760998)
    Data race and potential use-after-free in PK11_ChangePW
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Thunderbird 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Thunderbird 102.2, and
    Thunderbird 91.13
- disabled automatic usage of wayland because of known issues
  using MOZ_ENABLE_WAYLAND=1 in environment would still enable it
  (boo#1202606)

OBS-URL: https://build.opensuse.org/request/show/999347
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=286
2022-08-27 09:48:04 +00:00
Wolfgang Rosenauer
eba6cdf4f5 - Mozilla Thunderbird 102.2.0
* https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/
  MFSA 2022-36 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38476 (bmo#1760998)
    Data race and potential use-after-free in PK11_ChangePW
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Thunderbird 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Thunderbird 102.2, and
    Thunderbird 91.13
- disabled automatic usage of wayland because of known issues
  using MOZ_ENABLE_WAYLAND=1 in environment would still enable it
  (boo#1202606)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=651
2022-08-26 06:39:36 +00:00
Dominique Leuenberger
69e19b7b66 Accepting request 995033 from mozilla:Factory
- added mozilla-glibc236.patch (bmo#1782988, boo#1202323)

OBS-URL: https://build.opensuse.org/request/show/995033
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=285
2022-08-15 17:56:35 +00:00
Wolfgang Rosenauer
e0d42a0cfd - added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=649
2022-08-14 08:03:54 +00:00
Dominique Leuenberger
712dc6d84c Accepting request 993911 from mozilla:Factory
- Mozilla Thunderbird 102.1.2
  * fix for bmo#1777765 (no POP download progress bar) was backed
    out from this release to address broken POP message download
    with Fetch headers only selected in Account Settings (bmo#1783552)

- Mozilla Thunderbird 102.1.1
  Bugfixes:
  * https://www.thunderbird.net/en-US/thunderbird/102.1.1/releasenotes/

OBS-URL: https://build.opensuse.org/request/show/993911
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=284
2022-08-10 15:12:30 +00:00
Wolfgang Rosenauer
134f09dee2 - Mozilla Thunderbird 102.1.2
* fix for bmo#1777765 (no POP download progress bar) was backed
    out from this release to address broken POP message download
    with Fetch headers only selected in Account Settings (bmo#1783552)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=647
2022-08-09 06:35:46 +00:00
Wolfgang Rosenauer
ae8a4c4f39 - Mozilla Thunderbird 102.1.1
Bugfixes:
  * https://www.thunderbird.net/en-US/thunderbird/102.1.1/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=646
2022-08-08 13:10:06 +00:00
Dominique Leuenberger
8400e239db Accepting request 992051 from mozilla:Factory
- Mozilla Thunderbird 102.1.0
  * https://www.thunderbird.net/en-US/thunderbird/102.1.0/releasenotes
  MFSA 2022-32 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL parameters
  * CVE-2022-36314 (bmo#1773894)
    Opening local <code>.lnk</code> files could cause unexpected
    network loads
  * CVE-2022-2505 (bmo#1769739, bmo#1772824)
    Memory safety bugs fixed in Thunderbird 102.1
- added mozilla-newer-cbindgen.patch to fix build with
  rust-cbindgen >= 0.24 (and also require that for build)
- added mozilla-pgo.patch to fix LTO builds with gcc

- Mozilla Thunderbird 102.0.3
  Bugfixes as in
  * https://www.thunderbird.net/en-US/thunderbird/102.0.3/releasenotes/

- Mozilla Thunderbird 102.0.2
  * https://www.thunderbird.net/en-US/thunderbird/102.0/releasenotes/
- removed obsolete patches
  mozilla-bmo1504834-part2.patch
  mozilla-bmo1504834-part4.patch
  mozilla-bmo1602730.patch
  mozilla-bmo1626236.patch
  mozilla-bmo1724679.patch
  mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  mozilla-sandbox-fips.patch

OBS-URL: https://build.opensuse.org/request/show/992051
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=283
2022-08-03 19:16:01 +00:00
Wolfgang Rosenauer
32ed6a10bb - added mozilla-pgo.patch to fix LTO builds with gcc
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=644
2022-08-01 14:43:32 +00:00
Wolfgang Rosenauer
982c2db4ff - Mozilla Thunderbird 102.1.0
* https://www.thunderbird.net/en-US/thunderbird/102.1.0/releasenotes
  MFSA 2022-32 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL parameters
  * CVE-2022-36314 (bmo#1773894)
    Opening local <code>.lnk</code> files could cause unexpected
    network loads
  * CVE-2022-2505 (bmo#1769739, bmo#1772824)
    Memory safety bugs fixed in Thunderbird 102.1
- added mozilla-newer-cbindgen.patch to fix build with
  rust-cbindgen >= 0.24 (and also require that for build)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=643
2022-07-29 12:07:40 +00:00
Wolfgang Rosenauer
ebc8727216 - Mozilla Thunderbird 102.0.3
Bugfixes as in
  * https://www.thunderbird.net/en-US/thunderbird/102.0.3/releasenotes/

- Mozilla Thunderbird 102.0.2
  * https://www.thunderbird.net/en-US/thunderbird/102.0/releasenotes/
- removed obsolete patches
  mozilla-bmo1504834-part2.patch
  mozilla-bmo1504834-part4.patch
  mozilla-bmo1602730.patch
  mozilla-bmo1626236.patch
  mozilla-bmo1724679.patch
  mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  mozilla-sandbox-fips.patch
- added patches inherited from FF 102
  one_swizzle_to_rule_them_all.patch
  svg-rendering.patch
- fix KDE detection (boo#1200987) in mozilla-kde.patch
- requires
  rust = 1.60
  NSPR >= 4.34
  NSS >= 3.79
  rust-cbindgen >= 0.23.0
- remove special breakpad debug symbol creation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=642
2022-07-21 12:15:56 +00:00
Dominique Leuenberger
bc74d05987 Accepting request 985736 from mozilla:Factory
- Mozilla Thunderbird 91.11.0
  * CLIENTID fix for bmo#1759197 in Thunderbird 91.8.1 did not work
    additional fix applied
  * "Save-As" attachment dialog did not have filename pre-populated
  MFSA 2022-26 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-2226 (bmo#1775441)
    An email with a mismatching OpenPGP signature date was
    accepted as valid
  * CVE-2022-34481 (bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection
  * CVE-2022-34472 (bmo#1770123)
    Unavailable PAC file resulted in OCSP requests being blocked
  * CVE-2022-34478 (bmo#1773717)
    Microsoft protocols can be attacked if a user accepts a prompt
  * CVE-2022-2200 (bmo#1771381)
    Undesired attributes could be set as part of prototype pollution
  * CVE-2022-34484 (bmo#1763634, bmo#1772651)
    Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102

OBS-URL: https://build.opensuse.org/request/show/985736
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=282
2022-06-30 11:17:57 +00:00
Wolfgang Rosenauer
08ffa63092 - Mozilla Thunderbird 91.11.0
* CLIENTID fix for bmo#1759197 in Thunderbird 91.8.1 did not work
    additional fix applied
  * "Save-As" attachment dialog did not have filename pre-populated
  MFSA 2022-26 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-2226 (bmo#1775441)
    An email with a mismatching OpenPGP signature date was
    accepted as valid
  * CVE-2022-34481 (bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection
  * CVE-2022-34472 (bmo#1770123)
    Unavailable PAC file resulted in OCSP requests being blocked
  * CVE-2022-34478 (bmo#1773717)
    Microsoft protocols can be attacked if a user accepts a prompt
  * CVE-2022-2200 (bmo#1771381)
    Undesired attributes could be set as part of prototype pollution
  * CVE-2022-34484 (bmo#1763634, bmo#1772651)
    Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=640
2022-06-29 08:52:40 +00:00
Dominique Leuenberger
8e765242f8 Accepting request 980158 from mozilla:Factory
- Mozilla Thunderbird 91.10.0
  * Various UX and theme improvements
  MFSA 2022-22 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded
    files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-1834 (bmo#1767816)
    Braille space character caused incorrect sender email to be
    shown for a digitally signed email
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of
    allowCredential entries may have leaked cross-origin
    information
  * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
    bmo#1767365, bmo#1768559, bmo#1768734)
    Memory safety bugs fixed in Thunderbird 91.10

OBS-URL: https://build.opensuse.org/request/show/980158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=281
2022-06-01 15:34:24 +00:00
Wolfgang Rosenauer
5b920d1fa1 - Mozilla Thunderbird 91.10.0
* Various UX and theme improvements
  MFSA 2022-22 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded
    files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-1834 (bmo#1767816)
    Braille space character caused incorrect sender email to be
    shown for a digitally signed email
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of
    allowCredential entries may have leaked cross-origin
    information
  * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
    bmo#1767365, bmo#1768559, bmo#1768734)
    Memory safety bugs fixed in Thunderbird 91.10

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=638
2022-05-31 19:36:16 +00:00
Dominique Leuenberger
f91a02e718 Accepting request 978422 from mozilla:Factory
- Mozilla Thunderbird 91.9.1
  MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

OBS-URL: https://build.opensuse.org/request/show/978422
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=280
2022-05-23 13:51:30 +00:00
Wolfgang Rosenauer
71256c3fd4 - Mozilla Thunderbird 91.9.1
MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=636
2022-05-21 12:43:04 +00:00
Dominique Leuenberger
619a75083d Accepting request 975202 from mozilla:Factory
- Mozilla Thunderbird 91.9.0
  * A warning is now displayed if an OpenPGP key has unsafe
    attributes that are ignored
  * OpenPGP integration in Thunderbird 91.8.0 and 91.8.1 did not
    allow SHA-1 key signatures
  * CalDAV calendars were marked read-only on startup
  MFSA 2022-18 (bsc#1198970)
  * CVE-2022-1520 (bmo#1745019)
    Incorrect security status shown after viewing an attached
    email
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29913 (bmo#1764778)
    Speech Synthesis feature not properly disabled
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620)
    Memory safety bugs fixed in Thunderbird 91.9

OBS-URL: https://build.opensuse.org/request/show/975202
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=279
2022-05-06 16:58:18 +00:00
Wolfgang Rosenauer
e48927244d - Mozilla Thunderbird 91.9.0
* A warning is now displayed if an OpenPGP key has unsafe
    attributes that are ignored
  * OpenPGP integration in Thunderbird 91.8.0 and 91.8.1 did not
    allow SHA-1 key signatures
  * CalDAV calendars were marked read-only on startup
  MFSA 2022-18 (bsc#1198970)
  * CVE-2022-1520 (bmo#1745019)
    Incorrect security status shown after viewing an attached
    email
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29913 (bmo#1764778)
    Speech Synthesis feature not properly disabled
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620)
    Memory safety bugs fixed in Thunderbird 91.9

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=634
2022-05-05 13:20:25 +00:00
Dominique Leuenberger
aa055e1ac5 Accepting request 970866 from mozilla:Factory
- Mozilla Thunderbird 91.8.1
  * CLIENTID extension to SMTP was not supported by smtp-js#
  * Additional SMTP errors now propagated to user
  * OpenPGP was not able to use some previously supported key types
  * OpenPGP Key Manager did not always display correct information
    after importing additional IDs
  * Duplicate new mail notifications could be displayed when
    server-side filters were in use
  * Cancelling an SMTP password entry resulted in multiple failure
    dialogs being displayed

- Mozilla Thunderbird 91.8.0
  * Google accounts using password authentication will be migrated
    to OAuth2.
  * bugfixes
    https://www.thunderbird.net/en-US/thunderbird/91.8.0/releasenotes
  MFSA 2022- (bsc#1197903)
- update create-tar.sh

- skip slow workers, this is a tough build job

OBS-URL: https://build.opensuse.org/request/show/970866
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=278
2022-04-22 19:52:46 +00:00
Wolfgang Rosenauer
485ca3d99f - Mozilla Thunderbird 91.8.1
* CLIENTID extension to SMTP was not supported by smtp-js#
  * Additional SMTP errors now propagated to user
  * OpenPGP was not able to use some previously supported key types
  * OpenPGP Key Manager did not always display correct information
    after importing additional IDs
  * Duplicate new mail notifications could be displayed when
    server-side filters were in use
  * Cancelling an SMTP password entry resulted in multiple failure
    dialogs being displayed
- Mozilla Thunderbird 91.8.0
  * Google accounts using password authentication will be migrated
    to OAuth2.
  * bugfixes
    https://www.thunderbird.net/en-US/thunderbird/91.8.0/releasenotes
  MFSA 2022- (bsc#1197903)
- update create-tar.sh

- skip slow workers, this is a tough build job

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=632
2022-04-19 15:06:55 +00:00
Dominique Leuenberger
6031a905f5 Accepting request 969350 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/969350
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=277
2022-04-14 15:23:29 +00:00
Wolfgang Rosenauer
f67dab94c7 Accepting request 969338 from home:marxin:branches:mozilla:Factory
- Set memory limits for DWZ to 4x.

OBS-URL: https://build.opensuse.org/request/show/969338
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=630
2022-04-12 08:22:14 +00:00
Dominique Leuenberger
830dc226c0 Accepting request 964779 from mozilla:Factory
- skip slow workers, this is a tough build job

OBS-URL: https://build.opensuse.org/request/show/964779
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=276
2022-03-28 14:59:57 +00:00
Wolfgang Rosenauer
dddae6adff Accepting request 962487 from home:dirkmueller:Factory
- skip slow workers, this is a tough build job

OBS-URL: https://build.opensuse.org/request/show/962487
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=628
2022-03-18 19:19:54 +00:00
Dominique Leuenberger
c47788c2ac Accepting request 960657 from mozilla:Factory
- Mozilla Thunderbird 91.7.0
  * Thunderbird will use the first occurrence of headers that should
    only appear once
  * Auto-complete incorrectly changed a pasted email address to the
    primary address of a contact
  * Attachments with filename extensions that were not registered in
    MIME types could not be opened
  * Copy/Cut/Paste actions not working in Thunderbird Preferences
  * Improved screen reader support of displayed message headers
  MFSA 2022-12 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26386 (bmo#1752396)
    Temporary files downloaded to /tmp and accessible by other
    local users

- Mozilla Thunderbird 91.6.2
  MFSA 2022-09
  * CVE-2022-26485 (bmo#1758062)
    Use-after-free in XSLT parameter processing
  * CVE-2022-26486 (bmo#1758070)
    Use-after-free in WebGPU IPC Framework

OBS-URL: https://build.opensuse.org/request/show/960657
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=275
2022-03-13 19:24:29 +00:00
Wolfgang Rosenauer
bcdb022bb0 - Mozilla Thunderbird 91.7.0
* Thunderbird will use the first occurrence of headers that should
    only appear once
  * Auto-complete incorrectly changed a pasted email address to the
    primary address of a contact
  * Attachments with filename extensions that were not registered in
    MIME types could not be opened
  * Copy/Cut/Paste actions not working in Thunderbird Preferences
  * Improved screen reader support of displayed message headers
  MFSA 2022-12 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26386 (bmo#1752396)
    Temporary files downloaded to /tmp and accessible by other
    local users

- Mozilla Thunderbird 91.6.2
  MFSA 2022-09
  * CVE-2022-26485 (bmo#1758062)
    Use-after-free in XSLT parameter processing
  * CVE-2022-26486 (bmo#1758070)
    Use-after-free in WebGPU IPC Framework

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=626
2022-03-09 10:34:57 +00:00
Dominique Leuenberger
5c26ec22f2 Accepting request 955596 from mozilla:Factory
just added the bsc bug security bug reference

- Mozilla Thunderbird 91.6.1
  * generated views of meeting invitations are now expanded by default
  * Emails were not downloading at startup under some conditions
  * Port numbers were not shown in "Confirm Security Exception"
    dialog for CalDAV connections
  MFSA 2022-07 (bsc#1196072)
  * CVE-2022-0566 (bmo#1753094)
    Crafted email could trigger an out-of-bounds write

OBS-URL: https://build.opensuse.org/request/show/955596
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=274
2022-02-18 22:02:38 +00:00