Commit Graph

740 Commits

Author SHA256 Message Date
Dominique Leuenberger
b9156650b9 Accepting request 1078519 from mozilla:Factory
- Mozilla Thunderbird 102.10.0
  * New messages will automatically select S/MIME if configured and
    OpenPGP is not
  * Calendar events with timezone America/Mexico_City incorrectly
    applied Daylight Savings Time
  MFSA 2023-15 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-0547 (bmo#1811298)
    Revocation status of S/Mime recipient certificates was not checked
  * CVE-2023-29479 (bmo#1824978)
    Hang when processing certain OpenPGP messages
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded
    unsafely on Linux
  * CVE-2023-29542 (bmo#1810793, bmo#1815062)
    Bypass of file download extension restrictions

OBS-URL: https://build.opensuse.org/request/show/1078519
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=307
2023-04-12 10:51:34 +00:00
Wolfgang Rosenauer
376ac03b18 * New messages will automatically select S/MIME if configured and
OpenPGP is not
  * Calendar events with timezone America/Mexico_City incorrectly
    applied Daylight Savings Time
  MFSA 2023-15 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-0547 (bmo#1811298)
    Revocation status of S/Mime recipient certificates was not checked
  * CVE-2023-29479 (bmo#1824978)
    Hang when processing certain OpenPGP messages
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded
    unsafely on Linux
  * CVE-2023-29542 (bmo#1810793, bmo#1815062)
    Bypass of file download extension restrictions
  * CVE-2023-29545 (bmo#1823077)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=697
2023-04-11 20:58:19 +00:00
Wolfgang Rosenauer
7a75a56779 - Mozilla Thunderbird 102.10.0
- add mozilla-llvm16.patch trying to fix build with LLVM16

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=696
2023-04-06 13:55:17 +00:00
Wolfgang Rosenauer
b695ba5251 - Mozilla Thunderbird 102.9.1
MFSA 2023-12
  * CVE-2023-28427 (bmo#1822595)
    Matrix SDK bundled with Thunderbird vulnerable to
    denial-of-service attack

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=695
2023-03-29 12:48:43 +00:00
Dominique Leuenberger
121088b5d4 Accepting request 1074474 from mozilla:Factory
- add gcc13-fix.patch to support current Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/1074474
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=306
2023-03-27 16:15:46 +00:00
Wolfgang Rosenauer
3d74973d59 - add gcc13-fix.patch to support current Tumbleweed
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=693
2023-03-26 16:31:37 +00:00
Dominique Leuenberger
596c12be2a Accepting request 1072474 from mozilla:Factory
- Mozilla Thunderbird 102.9.0
  * https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes
  MFSA 2023-11 (bsc#1209173))
  * CVE-2023-25751 (bmo#1814899)
    Incorrect code generation during JIT compilation
  * CVE-2023-28164 (bmo#1809122)
    URL being dragged from a removed cross-origin iframe into the
    same tab triggered navigation
  * CVE-2023-28162 (bmo#1811327)
    Invalid downcast in Worklets
  * CVE-2023-25752 (bmo#1811627)
    Potential out-of-bounds when accessing throttled streams
  * CVE-2023-28163 (bmo#1817768)
    Windows Save As dialog resolved environment variables
  * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904,
    bmo#1817442, bmo#1818674)
    Memory safety bugs fixed in Thunderbird 102.9
- update create-tar.sh
- build using rust 1.67
- Ensure gcc11-c++ gets used on Leap 15.5, too.

OBS-URL: https://build.opensuse.org/request/show/1072474
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=305
2023-03-16 21:59:08 +00:00
Wolfgang Rosenauer
b8ddf94b52 - build using rust 1.67
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=691
2023-03-16 13:11:48 +00:00
Wolfgang Rosenauer
34b61a3e8e - Mozilla Thunderbird 102.9.0
* https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes
  MFSA 2023-11 (bsc#1209173))
  * CVE-2023-25751 (bmo#1814899)
    Incorrect code generation during JIT compilation
  * CVE-2023-28164 (bmo#1809122)
    URL being dragged from a removed cross-origin iframe into the
    same tab triggered navigation
  * CVE-2023-28162 (bmo#1811327)
    Invalid downcast in Worklets
  * CVE-2023-25752 (bmo#1811627)
    Potential out-of-bounds when accessing throttled streams
  * CVE-2023-28163 (bmo#1817768)
    Windows Save As dialog resolved environment variables
  * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904,
    bmo#1817442, bmo#1818674)
    Memory safety bugs fixed in Thunderbird 102.9
- update create-tar.sh

- Ensure gcc11-c++ gets used on Leap 15.5, too.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=690
2023-03-16 10:35:50 +00:00
Dominique Leuenberger
acf3a2ecce Accepting request 1066604 from mozilla:Factory
- Mozilla Thunderbird 102.8.0
  * https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes
  MFSA 2023-07 (bsc#1208144)
  * CVE-2023-0616 (bmo#1806507)
    User Interface lockup with messages combining S/MIME and OpenPGP
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Thunderbird with
    some device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25742 (bmo#1813424)
    Web Crypto ImportKey crashes tab
  * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628,
    bmo#1810536)

OBS-URL: https://build.opensuse.org/request/show/1066604
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=304
2023-02-19 17:19:17 +00:00
Wolfgang Rosenauer
7e7b48d551 - Mozilla Thunderbird 102.8.0
* https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes
  MFSA 2023-07 (bsc#1208144)
  * CVE-2023-0616 (bmo#1806507)
    User Interface lockup with messages combining S/MIME and OpenPGP
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Thunderbird with
    some device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25742 (bmo#1813424)
    Web Crypto ImportKey crashes tab
  * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628,
    bmo#1810536)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=688
2023-02-19 09:41:40 +00:00
Dominique Leuenberger
2c2886161d Accepting request 1063880 from mozilla:Factory
- Mozilla Thunderbird 102.7.2
  * Various crash fixes

OBS-URL: https://build.opensuse.org/request/show/1063880
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=303
2023-02-09 15:22:04 +00:00
Wolfgang Rosenauer
c38dd3ccb4 - Mozilla Thunderbird 102.7.2
* Various crash fixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=686
2023-02-08 08:58:24 +00:00
Dominique Leuenberger
b47fc1bbef Accepting request 1062396 from mozilla:Factory
- Mozilla Thunderbird 102.7.1
  * Microsoft Office 365 accounts were unable to authenticate
  * https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/
  MFSA 2023-04
  * CVE-2023-0430 (bmo#1769000)
    Revocation status of S/Mime signature certificates was not checked
- update create-tar.sh

- Mozilla Thunderbird 102.7.0
  https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/
  MFSA 2023-03 (bsc#1207119)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)

OBS-URL: https://build.opensuse.org/request/show/1062396
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=302
2023-02-02 17:07:12 +00:00
Wolfgang Rosenauer
2f400cc863 - Mozilla Thunderbird 102.7.1
* Microsoft Office 365 accounts were unable to authenticate
  * https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/
  MFSA 2023-04
  * CVE-2023-0430 (bmo#1769000)
    Revocation status of S/Mime signature certificates was not checked
- update create-tar.sh

- Mozilla Thunderbird 102.7.0
  https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/
  MFSA 2023-03 (bsc#1207119)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=684
2023-02-01 07:54:38 +00:00
Dominique Leuenberger
45a06d9fa7 Accepting request 1044166 from mozilla:Factory
- Mozilla Thunderbird 102.6.1
  * Remote content did not load in user-defined signatures
  * Addons that added new action buttons were not shown for addon
    upgrades, requiring removal and reinstall
  * Various stability improvements
  MFSA 2022-54
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions

OBS-URL: https://build.opensuse.org/request/show/1044166
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=301
2022-12-23 09:20:59 +00:00
Wolfgang Rosenauer
6d02f7716c - Mozilla Thunderbird 102.6.1
* Remote content did not load in user-defined signatures
  * Addons that added new action buttons were not shown for addon
    upgrades, requiring removal and reinstall
  * Various stability improvements
  MFSA 2022-54
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=682
2022-12-22 07:44:57 +00:00
Dominique Leuenberger
f53b7f67a3 Accepting request 1042791 from mozilla:Factory
- Mozilla Thunderbird 102.6.0
  https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
  MFSA 2022-53 (bsc#1206242)
  * CVE-2022-46880 (bmo#1749292)
    Use-after-free in WebGL
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46881 (bmo#1770930)
    Memory corruption in WebGL
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46882 (bmo#1789371)
    Use-after-free in WebGL
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Thunderbird 102.6
- removed obsolete patches
  mozilla-newer-cbindgen.patch
  mozilla-glibc236.patch

OBS-URL: https://build.opensuse.org/request/show/1042791
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=300
2022-12-15 18:23:40 +00:00
Wolfgang Rosenauer
16ebad9cce - Mozilla Thunderbird 102.6.0
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
  MFSA 2022-53 (bsc#1206242)
  * CVE-2022-46880 (bmo#1749292)
    Use-after-free in WebGL
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46881 (bmo#1770930)
    Memory corruption in WebGL
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46882 (bmo#1789371)
    Use-after-free in WebGL
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Thunderbird 102.6
- removed obsolete patches
  mozilla-newer-cbindgen.patch
  mozilla-glibc236.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=680
2022-12-13 21:35:47 +00:00
Dominique Leuenberger
bda93eedba Accepting request 1039407 from mozilla:Factory
- Mozilla Thunderbird 102.5.1
  MFSA 2022-50
  * CVE-2022-45414 (bmo#1788096)
    Quoting from an HTML email with certain tags will trigger network
    requests and load remote content, regardless of a configuration
    to block remote content

OBS-URL: https://build.opensuse.org/request/show/1039407
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=299
2022-12-02 12:12:40 +00:00
Wolfgang Rosenauer
8e5a394a01 - Mozilla Thunderbird 102.5.1
MFSA 2022-50
  * CVE-2022-45414 (bmo#1788096)
    Quoting from an HTML email with certain tags will trigger network
    requests and load remote content, regardless of a configuration
    to block remote content

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=678
2022-12-01 21:40:36 +00:00
Dominique Leuenberger
e387b3a5d8 Accepting request 1036233 from mozilla:Factory
- Mozilla Thunderbird 102.5.0
  * changes and fixes as described here
    https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes
  MFSA 2022-49 (bsc#1205270)
  * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45416 (bmo#1793676)
    Keystroke Side-Channel Leakage
  * CVE-2022-45418 (bmo#1795815)
    Custom mouse cursor could have been drawn over browser UI
  * CVE-2022-45420 (bmo#1792643)
    Iframe contents could be rendered outside the iframe
  * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
    Memory safety bugs fixed in Thunderbird 102.5

OBS-URL: https://build.opensuse.org/request/show/1036233
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=298
2022-11-17 16:24:06 +00:00
Wolfgang Rosenauer
d0799f3ab3 - Mozilla Thunderbird 102.5.0
* changes and fixes as described here
    https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes
  MFSA 2022-49 (bsc#1205270)
  * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45416 (bmo#1793676)
    Keystroke Side-Channel Leakage
  * CVE-2022-45418 (bmo#1795815)
    Custom mouse cursor could have been drawn over browser UI
  * CVE-2022-45420 (bmo#1792643)
    Iframe contents could be rendered outside the iframe
  * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
    Memory safety bugs fixed in Thunderbird 102.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=676
2022-11-16 13:42:05 +00:00
Dominique Leuenberger
f92ca0eef0 Accepting request 1033698 from mozilla:Factory
- Mozilla Thunderbird 102.4.2
  * "Address Book" button in Account Central will now create a
    CardDAV address book instead of a local address book
  * Bugfixes as described here
    https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1033698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=297
2022-11-06 11:41:50 +00:00
Wolfgang Rosenauer
ed89d64079 - Mozilla Thunderbird 102.4.2
* "Address Book" button in Account Central will now create a
    CardDAV address book instead of a local address book
  * Bugfixes as described here
    https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=674
2022-11-05 16:23:19 +00:00
Dominique Leuenberger
50fd6a6a10 Accepting request 1031395 from mozilla:Factory
- Mozilla Thunderbird 102.4.1
  * Thunderbird will now catch and report errors parsing vCards
    that contain incorrectly formatted dates
  * Dynamic language switching did not update interface when switched
    to right-to-left languages
  * Custom header data was discarded after messages were saved as
    draft and reopened
  * -remote command line argument did not work, affecting integration
    with various applications such as LibreOffice
  * Messages received via some SMS-to-email services could not
    display images
  * VCards with nickname field set could not be edited
  * Some recurring events were missing from Agenda on first load
  * Download requests for remote ICS calendars incorrectly set
    "Accept" header to text/xml
  * Monthly events created on the 31st of a month with <30 days placed
    first occurrence 1-2 days after the beginning of the following month
  * Various visual and UX improvements

OBS-URL: https://build.opensuse.org/request/show/1031395
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=296
2022-10-28 17:28:39 +00:00
Wolfgang Rosenauer
9e67c8336c - Mozilla Thunderbird 102.4.1
* Thunderbird will now catch and report errors parsing vCards
    that contain incorrectly formatted dates
  * Dynamic language switching did not update interface when switched
    to right-to-left languages
  * Custom header data was discarded after messages were saved as
    draft and reopened
  * -remote command line argument did not work, affecting integration
    with various applications such as LibreOffice
  * Messages received via some SMS-to-email services could not
    display images
  * VCards with nickname field set could not be edited
  * Some recurring events were missing from Agenda on first load
  * Download requests for remote ICS calendars incorrectly set
    "Accept" header to text/xml
  * Monthly events created on the 31st of a month with <30 days placed
    first occurrence 1-2 days after the beginning of the following month
  * Various visual and UX improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=672
2022-10-26 20:45:06 +00:00
Dominique Leuenberger
b18f74fe55 Accepting request 1030583 from mozilla:Factory
MFSA 2022-46 (bsc#1203477)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox 106, Firefox ESR 102.4 and
    Thunderbird 102.4.0

OBS-URL: https://build.opensuse.org/request/show/1030583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=295
2022-10-24 09:12:46 +00:00
Wolfgang Rosenauer
0268b45410 MFSA 2022-46 (bsc#1203477)
* CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox 106, Firefox ESR 102.4 and
    Thunderbird 102.4.0

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=670
2022-10-23 08:54:57 +00:00
Dominique Leuenberger
113b18ccaa Accepting request 1030125 from mozilla:Factory
- Mozilla Thunderbird 102.4.0
  https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1030125
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=294
2022-10-22 12:12:48 +00:00
Wolfgang Rosenauer
3e0fc541fd - Mozilla Thunderbird 102.4.0
https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=668
2022-10-20 06:20:46 +00:00
Dominique Leuenberger
66a41ade77 Accepting request 1010277 from mozilla:Factory
- Mozilla Thunderbird 102.3.3
  * Option added to show containing address book for a contact when
    using All Address Books in vertical mode
  * Thunderbird will try to use POP NTLM authentication even if
    not advertised by server
  * Task List and Today Pane sidebars will no longer load when not visible
  * bugfixes as documented here
    https://www.thunderbird.net/en-US/thunderbird/102.3.3/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1010277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=293
2022-10-13 13:40:03 +00:00
Wolfgang Rosenauer
2d8a6701f6 - Mozilla Thunderbird 102.3.3
* Option added to show containing address book for a contact when
    using All Address Books in vertical mode
  * Thunderbird will try to use POP NTLM authentication even if
    not advertised by server
  * Task List and Today Pane sidebars will no longer load when not visible
  * bugfixes as documented here
    https://www.thunderbird.net/en-US/thunderbird/102.3.3/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=666
2022-10-12 12:12:47 +00:00
Fabian Vogt
86b78c782b Accepting request 1009070 from mozilla:Factory
- Mozilla Thunderbird 102.3.2
  * Thunderbird will try to use POP CRAM-MD5 authentication even if
    not advertised by server
  * more bugfixes as in
    https://www.thunderbird.net/en-US/thunderbird/102.3.2/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1009070
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=292
2022-10-10 16:46:30 +00:00
Wolfgang Rosenauer
2465bafb74 - Mozilla Thunderbird 102.3.2
* Thunderbird will try to use POP CRAM-MD5 authentication even if
    not advertised by server
  * more bugfixes as in
    https://www.thunderbird.net/en-US/thunderbird/102.3.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=664
2022-10-09 07:59:44 +00:00
Richard Brown
9b58affb8c Accepting request 1007697 from mozilla:Factory
- build using rust 1.63

OBS-URL: https://build.opensuse.org/request/show/1007697
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=291
2022-10-04 18:37:03 +00:00
Wolfgang Rosenauer
a9ff5c5ba4 - build using rust 1.63
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=662
2022-10-03 14:41:37 +00:00
Dominique Leuenberger
f059dfb3c3 Accepting request 1007573 from mozilla:Factory
- Mozilla Thunderbird 102.3.1
  * Compose window encryption options now only appear for encryption
    technologies that have already been configured
  * Number of contacts in currently selected address book now
    displayed at bottom of Address Book list column
  Fixes
  * Password prompt did not include server hostname for POP servers
  * Edit Contact was missing from Contacts sidebar context menus
  * Address Book contact lists cut off display of some characters,
    the result being unreadable
  MFSA 2022-43
  * CVE-2022-39249 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack by malicious server administrators
  * CVE-2022-39250 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a device
    verification attack
  * CVE-2022-39251 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack
  * CVE-2022-39236 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a data
    corruption issue

OBS-URL: https://build.opensuse.org/request/show/1007573
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=290
2022-10-03 11:43:50 +00:00
Wolfgang Rosenauer
87caf19955 - Mozilla Thunderbird 102.3.1
* Compose window encryption options now only appear for encryption
    technologies that have already been configured
  * Number of contacts in currently selected address book now
    displayed at bottom of Address Book list column
  Fixes
  * Password prompt did not include server hostname for POP servers
  * Edit Contact was missing from Contacts sidebar context menus
  * Address Book contact lists cut off display of some characters,
    the result being unreadable
  MFSA 2022-43
  * CVE-2022-39249 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack by malicious server administrators
  * CVE-2022-39250 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a device
    verification attack
  * CVE-2022-39251 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack
  * CVE-2022-39236 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a data
    corruption issue

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=660
2022-10-02 16:53:19 +00:00
Dominique Leuenberger
1f09b0b77d Accepting request 1005289 from mozilla:Factory
- Mozilla Thunderbird 102.3.0
  https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
  * Thunderbird will no longer attempt to import account passwords
    when importing from another Thunderbird profile in order to
    prevent profile corruption and permanent data loss. (bmo#1790605)
  * Devtools performance profile will use Thunderbird presets
    instead of Web Developer presets (bmo#1785954)
  * Thunderbird startup performance improvements (bmo#1785967)
  * Saving email source and images failed (bmo#1777323, bmo#1778804)
  * Error message was shown repeatedly when temporary disk
    space was full (bmo#1788580)
  * Attaching OpenPGP keys without a set size to non-encrypted
    messages briefly displayed a size of zero bytes (bmo#1788952)
  * Global Search entry box initially contained "undefined" (bmo#1780963)
  * Delete from POP Server mail filter rule intermittently
    failed to trigger (bmo#1789418)
  * Connections to POP3 servers without UIDL support failed (bmo#1789314)
  * Pop accounts with "Fetch headers only" set downloaded complete
    messages if server did not advertise TOP capability (bmo#1789356)
  * "File -> New -> Address Book Contact" from Compose window did
    not work (bmo#1782418)
  * Attach "My vCard" option in compose window was not available
    (bmo#1787614)
  * Improved performance of matching a contact to an email address
    (bmo#1782725)
  * Address book only recognized a contact's first two email
    addresses (bmo#1777156)
  * Address book search and autocomplete failed if a contact vCard
    could not be parsed (bmo#1789793)
  * Downloading NNTP messages for offline use failed (bmo#1785773)

OBS-URL: https://build.opensuse.org/request/show/1005289
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=289
2022-09-23 12:14:26 +00:00
Wolfgang Rosenauer
70aadd9160 MFSA 2022-42 (bsc#1203477)
* CVE-2022-40959 (bmo#1782211)
    Bypassing FeaturePolicy restrictions on transient pages
  * CVE-2022-40960 (bmo#1787633)
    Data-race when parsing non-UTF-8 URLs in threads
  * CVE-2022-40958 (bmo#1779993)
    Bypassing Secure Context restriction for cookies with __Host
    and __Secure prefix
  * CVE-2022-40956 (bmo#1770094)
    Content-Security-Policy base-uri bypass
  * CVE-2022-40957 (bmo#1777604)
    Incoherent instruction cache when building WASM on ARM64
  * CVE-2022-3155 (bmo#1789061)
    Attachment files saved to disk on macOS could be executed
    without warning
  * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574, bmo#1784835,
    bmo#1785109, bmo#1786502, bmo#1789440)
    Memory safety bugs fixed in Thunderbird 102.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=658
2022-09-21 21:04:50 +00:00
Wolfgang Rosenauer
b9d27af2da - Mozilla Thunderbird 102.3.0
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
  * Thunderbird will no longer attempt to import account passwords
    when importing from another Thunderbird profile in order to
    prevent profile corruption and permanent data loss. (bmo#1790605)
  * Devtools performance profile will use Thunderbird presets
    instead of Web Developer presets (bmo#1785954)
  * Thunderbird startup performance improvements (bmo#1785967)
  * Saving email source and images failed (bmo#1777323, bmo#1778804)
  * Error message was shown repeatedly when temporary disk
    space was full (bmo#1788580)
  * Attaching OpenPGP keys without a set size to non-encrypted
    messages briefly displayed a size of zero bytes (bmo#1788952)
  * Global Search entry box initially contained "undefined" (bmo#1780963)
  * Delete from POP Server mail filter rule intermittently
    failed to trigger (bmo#1789418)
  * Connections to POP3 servers without UIDL support failed (bmo#1789314)
  * Pop accounts with "Fetch headers only" set downloaded complete
    messages if server did not advertise TOP capability (bmo#1789356)
  * "File -> New -> Address Book Contact" from Compose window did
    not work (bmo#1782418)
  * Attach "My vCard" option in compose window was not available
    (bmo#1787614)
  * Improved performance of matching a contact to an email address
    (bmo#1782725)
  * Address book only recognized a contact's first two email
    addresses (bmo#1777156)
  * Address book search and autocomplete failed if a contact vCard
    could not be parsed (bmo#1789793)
  * Downloading NNTP messages for offline use failed (bmo#1785773)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=657
2022-09-20 21:03:11 +00:00
Dominique Leuenberger
14a3407ee3 Accepting request 1001927 from mozilla:Factory
- Mozilla Thunderbird 102.2.2
  https://www.thunderbird.net/en-US/thunderbird/102.2.2/releasenotes/
  * Setting added to change Calendar event double-click action to
    open Edit Event dialog rather than view only;
    Set calendar.events.defaultActionEdit to true
  * Running Compact Folders on maildir folders caused a redownload
    of all messages in the folder
  * Accessing mail folders in profiles with many folders was slow
  * SMTP servers were not always properly initialized, and were not
    listed in Account Settings
  * APOP authentication unsupported when connecting to POP3 server
  * OpenPGP key discovery failed
  * POP accounts hosted by AOL were not able to authenticate using OAuth2
  * Unable to open context menu in newsgroups header for groups
    that are not subscribed

OBS-URL: https://build.opensuse.org/request/show/1001927
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=288
2022-09-09 16:22:38 +00:00
Wolfgang Rosenauer
247125c160 - Mozilla Thunderbird 102.2.2
https://www.thunderbird.net/en-US/thunderbird/102.2.2/releasenotes/
  * Setting added to change Calendar event double-click action to
    open Edit Event dialog rather than view only;
    Set calendar.events.defaultActionEdit to true
  * Running Compact Folders on maildir folders caused a redownload
    of all messages in the folder
  * Accessing mail folders in profiles with many folders was slow
  * SMTP servers were not always properly initialized, and were not
    listed in Account Settings
  * APOP authentication unsupported when connecting to POP3 server
  * OpenPGP key discovery failed
  * POP accounts hosted by AOL were not able to authenticate using OAuth2
  * Unable to open context menu in newsgroups header for groups
    that are not subscribed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=655
2022-09-08 09:47:43 +00:00
Dominique Leuenberger
61e1c5b9ce Accepting request 1000596 from mozilla:Factory
- Mozilla Thunderbird 102.2.1
  MFSA 2022-38 (bsc#1203007)
  * CVE-2022-3033 (bmo#1784838)
    Leaking of sensitive information when composing a response to
    an HTML email with a META refresh tag
  * CVE-2022-3032 (bmo#1783831)
    Remote content specified in an HTML document that was nested
    inside an iframe's srcdoc attribute was not blocked
  * CVE-2022-3034 (bmo#1745751)
    An iframe element in an HTML email could trigger a network
    request
  * CVE-2022-36059 (bmo#1787741)
    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
    service attack

OBS-URL: https://build.opensuse.org/request/show/1000596
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=287
2022-09-02 19:56:12 +00:00
Wolfgang Rosenauer
bff7539280 - Mozilla Thunderbird 102.2.1
MFSA 2022-38 (bsc#1203007)
  * CVE-2022-3033 (bmo#1784838)
    Leaking of sensitive information when composing a response to
    an HTML email with a META refresh tag
  * CVE-2022-3032 (bmo#1783831)
    Remote content specified in an HTML document that was nested
    inside an iframe's srcdoc attribute was not blocked
  * CVE-2022-3034 (bmo#1745751)
    An iframe element in an HTML email could trigger a network
    request
  * CVE-2022-36059 (bmo#1787741)
    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
    service attack

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=653
2022-09-01 07:38:48 +00:00
Dominique Leuenberger
080375fd1c Accepting request 999347 from mozilla:Factory
- Mozilla Thunderbird 102.2.0
  * https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/
  MFSA 2022-36 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38476 (bmo#1760998)
    Data race and potential use-after-free in PK11_ChangePW
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Thunderbird 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Thunderbird 102.2, and
    Thunderbird 91.13
- disabled automatic usage of wayland because of known issues
  using MOZ_ENABLE_WAYLAND=1 in environment would still enable it
  (boo#1202606)

OBS-URL: https://build.opensuse.org/request/show/999347
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=286
2022-08-27 09:48:04 +00:00
Wolfgang Rosenauer
eba6cdf4f5 - Mozilla Thunderbird 102.2.0
* https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/
  MFSA 2022-36 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38476 (bmo#1760998)
    Data race and potential use-after-free in PK11_ChangePW
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Thunderbird 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Thunderbird 102.2, and
    Thunderbird 91.13
- disabled automatic usage of wayland because of known issues
  using MOZ_ENABLE_WAYLAND=1 in environment would still enable it
  (boo#1202606)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=651
2022-08-26 06:39:36 +00:00
Dominique Leuenberger
69e19b7b66 Accepting request 995033 from mozilla:Factory
- added mozilla-glibc236.patch (bmo#1782988, boo#1202323)

OBS-URL: https://build.opensuse.org/request/show/995033
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=285
2022-08-15 17:56:35 +00:00
Wolfgang Rosenauer
e0d42a0cfd - added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=649
2022-08-14 08:03:54 +00:00