Commit Graph

740 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
88ea2f535a - Mozilla Thunderbird 68.4.2
* Calendar: Task and Event tree colours adjusted for the dark theme
  * Retrieval of S/MIME certificates from LDAP failed
  * Address-parsing crash on some IMAP servers when
    mail.imap.use_envelope_cmd is set
  * Incorrect forwarding of HTML messages caused SMTP servers to
    respond with a timeout
  * Calendar: Various parts of the calendar UI stopped working when
    a second Thunderbird window opened

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=516
2020-01-27 10:15:48 +00:00
Dominique Leuenberger
ad8ff75d18 Accepting request 763056 from mozilla:Factory
- Mozilla Thunderbird 68.4.1
  * Various improvements when setting up an account for a Microsoft
    Exchange server: Now offers IMAP/SMTP if available, better
    detection for Office 365 accounts; re-run configuration after
    password change
  Fixes:
  * After changing view layout, the message display pane showed
    garbled content under some circumstances
  * Various theme changes to achieve "pixel perfection": Unread icon,
    "no results" icon, paragraph format and font selector, background
    of folder summary tooltip
  * Tags were lost on messages in shared IMAP folders under some
    circumstances
  * Calendar: Event attendee dialog was not displayed correctly
  MFSA 2020-04 (bsc#1160498, bsc#1160305)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content process
    initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content process
    initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)

OBS-URL: https://build.opensuse.org/request/show/763056
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=224
2020-01-14 19:57:48 +00:00
Wolfgang Rosenauer
c3ae989234 - removed obsolete patch mozilla-bmo1511604.patch
- added mozilla-bmo1602730.patch to fix LE<->BE issues in the
  platform (bmo#1602730)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=514
2020-01-11 08:43:34 +00:00
Wolfgang Rosenauer
424175f38c MFSA 2020-04 (bsc#1160498, bsc#1160305)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=513
2020-01-11 08:36:41 +00:00
Wolfgang Rosenauer
5d0ef2ba91 - Mozilla Thunderbird 68.4.1
* Various improvements when setting up an account for a Microsoft
    Exchange server: Now offers IMAP/SMTP if available, better
    detection for Office 365 accounts; re-run configuration after
    password change
  Fixes:
  * After changing view layout, the message display pane showed
    garbled content under some circumstances
  * Various theme changes to achieve "pixel perfection": Unread icon,
    "no results" icon, paragraph format and font selector, background
    of folder summary tooltip
  * Tags were lost on messages in shared IMAP folders under some
    circumstances
  * Calendar: Event attendee dialog was not displayed correctly
  MFSA 2020-04  (bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content process
    initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content process
    initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=512
2020-01-10 15:53:07 +00:00
Dominique Leuenberger
e9c5824a54 Accepting request 759724 from mozilla:Factory
- add mozilla-bmo1583471.patch to allow building with rust 1.39

- Mozilla Thunderbird 68.3.1
  * In dark theme unread messages no longer shown in blue to
    distinguish from tagged messages
  * Account setup is now using client side DNS MX lookup instead of
    relying on a server
  Bugfixes
  * Searching LDAP address book crashed in some circumstances
  * Message navigation with backward and forward buttons did not work
    in some circumstances
  * WebExtension toolbar icons were displayed too small
  * Calendar: Tasks due today were not listed in bold
  * Calendar: Last day of long-running events was not shown

OBS-URL: https://build.opensuse.org/request/show/759724
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=223
2019-12-30 12:48:52 +00:00
Wolfgang Rosenauer
1c4a233447 - add mozilla-bmo1583471.patch to allow building with rust 1.39
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=510
2019-12-27 17:27:22 +00:00
Wolfgang Rosenauer
8e55c5b577 - Mozilla Thunderbird 68.3.1
* In dark theme unread messages no longer shown in blue to
  Bugfixes
  * Message navigation with backward and forward buttons did not work
    in some circumstances

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=509
2019-12-20 22:23:27 +00:00
Wolfgang Rosenauer
82acc8435a Accepting request 758641 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.3.1

OBS-URL: https://build.opensuse.org/request/show/758641
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=508
2019-12-20 22:19:58 +00:00
Dominique Leuenberger
8e35ccff70 Accepting request 754691 from mozilla:Factory
- Mozilla Thunderbird 68.3.0:
  * Message display toolbar action WebExtension API
  * Navigation buttons are now available in content tabs, for example
    those opened via an add-on search
  * other bugfixes
  MFSA 2019-38
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
- changed locale building procedure
  * removed obsolete compare-locales.tar.xz and
    thunderbird-broken-locales-build.patch
- add mozilla-bmo849632.patch to fix color issues on big endian

OBS-URL: https://build.opensuse.org/request/show/754691
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=222
2019-12-11 11:03:07 +00:00
Wolfgang Rosenauer
a576d140ab OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=506 2019-12-06 14:25:41 +00:00
Wolfgang Rosenauer
7a99e99658 - Mozilla Thunderbird 68.3.0:
* Message display toolbar action WebExtension API
  * Navigation buttons are now available in content tabs, for example
    those opened via an add-on search
  * other bugfixes
  MFSA 2019-38
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
- changed locale building procedure
  * removed obsolete compare-locales.tar.xz and
    thunderbird-broken-locales-build.patch
- add mozilla-bmo849632.patch to fix color issues on big endian

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=505
2019-12-05 22:21:05 +00:00
Dominique Leuenberger
41be4c0e31 Accepting request 747029 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/747029
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=221
2019-11-21 11:56:26 +00:00
Wolfgang Rosenauer
a87ea0756c Accepting request 747028 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 68.2.2

OBS-URL: https://build.opensuse.org/request/show/747028
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=503
2019-11-09 21:30:38 +00:00
Dominique Leuenberger
1d14d7b751 Accepting request 744761 from mozilla:Factory
- Mozilla Thunderbird 68.2.1
  * A language for the user interface can now be chosen in the
    advanced settings (multilingual UI)
  * Fixed problem with Google authentication (OAuth2)
  * Selected or unread messages were not shown in the correct color
    in the thread pane (message list) under some circumstances
  * When using a language pack, names of standard folders weren't
    localized (boo#1149126)
  * Address book default startup directory in preferences panel was
    not persisted
  * Chat: Extended context menu on Instant messaging status dialog
    (Show Accounts)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/request/show/744761
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=220
2019-11-06 14:15:38 +00:00
Wolfgang Rosenauer
c11ba0a0ad - Mozilla Thunderbird 68.2.1
* A language for the user interface can now be chosen in the
    advanced settings (multilingual UI)
  * Fixed problem with Google authentication (OAuth2)
  * Selected or unread messages were not shown in the correct color
    in the thread pane (message list) under some circumstances
  * When using a language pack, names of standard folders weren't
    localized (boo#1149126)
  * Address book default startup directory in preferences panel was
    not persisted
  * Chat: Extended context menu on Instant messaging status dialog
    (Show Accounts)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=501
2019-11-01 13:32:38 +00:00
Dominique Leuenberger
b52167a25b Accepting request 742150 from mozilla:Factory
- Mozilla Thunderbird 68.2.0
  * Message Display WebExtension API
  * Message Search WebExtension API
  * Better visual feedback for unread messages when using the dark theme
  * Fixed various issues when editing mailing list
  * Fixed application windows not maintaining their size after restart
  MFSA 2019-33 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
    bmo#1581950, bmo#1583463, bmo#1586599)
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed obsolete patches
    mozilla-bmo1573381.patch
    mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/request/show/742150
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=219
2019-10-28 15:45:05 +00:00
Wolfgang Rosenauer
6fd5201f1c - Mozilla Thunderbird 68.2.0
* Message Display WebExtension API
  * Message Search WebExtension API
  * Better visual feedback for unread messages when using the dark theme
  * Fixed various issues when editing mailing list
  * Fixed application windows not maintaining their size after restart
  MFSA 2019-33 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
    bmo#1581950, bmo#1583463, bmo#1586599)
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed obsolete patches
    mozilla-bmo1573381.patch
    mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=499
2019-10-23 13:33:15 +00:00
Dominique Leuenberger
f9b7e978e3 Accepting request 737931 from mozilla:Factory
- Mozilla Thunderbird 68.1.2
  Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38

OBS-URL: https://build.opensuse.org/request/show/737931
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=218
2019-10-17 11:05:14 +00:00
Wolfgang Rosenauer
1fd97561e6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=497 2019-10-11 13:15:29 +00:00
Wolfgang Rosenauer
44771bf8fd - Mozilla Thunderbird 68.1.2
Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=496
2019-10-11 12:48:56 +00:00
Dominique Leuenberger
9a16dc0e1f Accepting request 733855 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/733855
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=217
2019-10-10 09:49:19 +00:00
Wolfgang Rosenauer
7583f45f65 Accepting request 733853 from home:AndreasStieger:branches:mozilla:Factory
add reference to boo#1152375

OBS-URL: https://build.opensuse.org/request/show/733853
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=494
2019-09-28 14:45:00 +00:00
Wolfgang Rosenauer
d20afb31b3 MFSA 2019-32
* CVE-2019-11755 (bmo#1240290)
    Spoofing a message author via a crafted S/MIME message

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=493
2019-09-26 19:04:16 +00:00
Wolfgang Rosenauer
3a3fedfe3f mozilla-bmo1512162.patch
thunderbird-broken-locales-build.patch
   thunderbird-locale-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=492
2019-09-26 08:29:27 +00:00
Wolfgang Rosenauer
013a53c81d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=491 2019-09-25 15:30:17 +00:00
Wolfgang Rosenauer
7920c81c06 - Mozilla Thunderbird 68.1.1
Bugfixes
  * Issues with attachments in IMAP messages
  * Gmail accounts ignored a non-standard trash folder selection
  * Entering/pasting lists of recipients into the addressing widget or
    mailing list not working reliably, especially when lists contained
    multiple commas or semicolons
  * Edit mailing list not working
  * Various theme fixes, especially dark theme improvements for Calendar
  * Contrast between tag label and background not optimal
  * Account Central pane always loaded at start-up
  * "Config Editor" button not removed if blocked by policy
  * Calendar: Free/busy information in attendees dialog not scrolled
    correctly. Note: Scroll arrows still not behaving correctly
- require nodejs8 instead of generic nodejs for better cross-distribution
  support
- call desktop database update on install
- updated translations-other locale list
- build correct ICU for Big Endian
- remove kde.js since disabling instantApply breaks extensions and
  is obsolete with the move to HTML views for preferences (boo#1151186)
- update create-tar.sh to latest revision and adjust tar_stamps
- added platform patches from Firefox 68esr
   mozilla-bmo1005535.patch
   mozilla-bmo1463035.patch
   mozilla-bmo1504834-part1.patch
   mozilla-bmo1504834-part2.patch
   mozilla-bmo1504834-part3.patch
   mozilla-bmo1511604.patch
   mozilla-bmo1554971.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=490
2019-09-25 15:13:22 +00:00
Wolfgang Rosenauer
f56d76b94f Accepting request 732309 from home:AndreasStieger:branches:mozilla:Factory
add some bugzilla references

OBS-URL: https://build.opensuse.org/request/show/732309
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=489
2019-09-21 15:27:38 +00:00
Wolfgang Rosenauer
22ec736272 Accepting request 732226 from home:munix9
repack the lightning xpi with all available locales (boo#939153) (lp#545778)

OBS-URL: https://build.opensuse.org/request/show/732226
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=488
2019-09-20 17:52:56 +00:00
Wolfgang Rosenauer
28408893c0 Accepting request 732134 from home:marxin:branches:mozilla:Factory
- Add fix-top-level-asm-issue.patch in order to fix LTO build.
- Enable LTO on TW on x86_64.
- Use GCC.

OBS-URL: https://build.opensuse.org/request/show/732134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=487
2019-09-20 11:19:56 +00:00
Wolfgang Rosenauer
558b06a6a9 Accepting request 732106 from home:bmwiedemann:branches:mozilla:Factory
added mozilla-bmo1568145.patch to make builds reproducible (boo#1047218)

OBS-URL: https://build.opensuse.org/request/show/732106
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=486
2019-09-20 10:17:10 +00:00
Yuchen Lin
e07044c22b Accepting request 730872 from mozilla:Factory
- Mozilla Thunderbird 68.1.0
  * Offer to configure Exchange accounts for Office365. A third-party
    add-on is required for this account type. IMAP still exists as
    alternative.
  * several bugfixes
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
    ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build

- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.

- Mozilla Thunderbird 68.0

OBS-URL: https://build.opensuse.org/request/show/730872
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=216
2019-09-18 11:06:13 +00:00
Wolfgang Rosenauer
9ea16a1def OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=484 2019-09-14 08:48:16 +00:00
Wolfgang Rosenauer
08fe2a30d3 - Mozilla Thunderbird 68.1.0
add-on is required for this account type. IMAP still exists as
    alternative.
  * several bugfixes
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
    ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build

- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.

- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483
2019-09-13 20:15:12 +00:00
Wolfgang Rosenauer
b26a281145 - Mozilla Thunderbird 60.9.0
* Offer to configure Exchange accounts for Office365. A third-party
    add-on is required for this account type. IMAP still exists as alternative.
  MFSA 2019-27
  * Use-after-free while manipulating video
    CVE-2019-11746 (bmo#1564449)
  * XSS by breaking out of title and textarea elements using innerHTML
    CVE-2019-11744 (bmo#1562033)
  * Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
    CVE-2019-11742 (bmo#1559715)
  * Use-after-free while extracting a key value in IndexedDB
    CVE-2019-11752 (bmo#1501152)
  * Sandbox escape through Firefox Sync
    CVE-2019-9812 (bmo#1538008, bmo#1538015)
  * Cross-origin access to unload event attributes
    CVE-2019-11743 (bmo#1560495)
    Navigation-Timing Level 2 specification
  * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
    CVE-2019-11740 (bmo#1563133, bmo#1573160)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=482
2019-09-06 12:24:37 +00:00
Dominique Leuenberger
ef667d8f49 Accepting request 720733 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/720733
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=215
2019-08-15 10:22:48 +00:00
Wolfgang Rosenauer
0830f41da7 Accepting request 720219 from home:psych0naut:branches:mozilla:Factory
Update package summary, description, and AppData using more informative and up-to-date text from the official Thunderbird FAQ, replacing obsolete references to the Mozilla Application Suite, the Mozilla website, and Thunderbird's relation to the Mozilla organization.

OBS-URL: https://build.opensuse.org/request/show/720219
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=480
2019-08-02 20:55:56 +00:00
Dominique Leuenberger
7023407dc1 Accepting request 714774 from mozilla:Factory
- Generate langpacks sequentially to avoid file corruption
  from racy file writes (boo#1137970)

- Mozilla Thunderbird 60.8.0
  * Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and

OBS-URL: https://build.opensuse.org/request/show/714774
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=214
2019-07-16 06:38:45 +00:00
Wolfgang Rosenauer
191740d32d - Mozilla Thunderbird 60.8.0
* Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
    Thunderbird 60.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=478
2019-07-12 06:49:32 +00:00
Wolfgang Rosenauer
1bf9c22999 Accepting request 714441 from home:bmwiedemann:branches:mozilla:Factory
Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

OBS-URL: https://build.opensuse.org/request/show/714441
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=477
2019-07-11 13:06:47 +00:00
Dominique Leuenberger
2a78cb9dfe Accepting request 711281 from mozilla:Factory
- Mozilla Thunderbird 60.7.2
  MFSA 2019-20 (boo#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/request/show/711281
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=213
2019-06-25 20:16:55 +00:00
Wolfgang Rosenauer
afa9155927 - Mozilla Thunderbird 60.7.2
MFSA 2019-20 (boo#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=475
2019-06-21 08:30:37 +00:00
Dominique Leuenberger
bc25c0a686 Accepting request 709837 from mozilla:Factory
(also updated keyring)
- Mozilla Thunderbird 60.7.1
  * fixed: No prompt for smartcard PIN when S/MIME signing is used
  MFSA 2019-17 (boo#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c

- Increase disk space requirements in _constraints.

OBS-URL: https://build.opensuse.org/request/show/709837
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=212
2019-06-17 19:34:05 +00:00
Wolfgang Rosenauer
235879bf00 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=473 2019-06-14 05:51:33 +00:00
Wolfgang Rosenauer
8ac8c83ee3 * fixed: No prompt for smartcard PIN when S/MIME signing is used
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=472
2019-06-14 05:43:50 +00:00
Wolfgang Rosenauer
68b80ea39c - Mozilla Thunderbird 60.7.1
MFSA 2019-17 (boo#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=471
2019-06-14 05:42:27 +00:00
Wolfgang Rosenauer
04f1d004f6 Accepting request 708966 from home:aaronpuchert
Increase disk space requirements in _constraints, because some builds have run out of disk space on x86_64.

OBS-URL: https://build.opensuse.org/request/show/708966
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=470
2019-06-12 13:56:51 +00:00
Dominique Leuenberger
04419d0064 Accepting request 705454 from mozilla:Factory
- Mozilla Thunderbird 60.7.0
  * Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

OBS-URL: https://build.opensuse.org/request/show/705454
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=211
2019-05-28 07:40:54 +00:00
Wolfgang Rosenauer
35447776a4 - Mozilla Thunderbird 60.7.0
* Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=468
2019-05-25 20:31:48 +00:00
Yuchen Lin
0f6a91aeea Accepting request 697648 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/697648
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=210
2019-04-25 15:52:07 +00:00