diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 57d1c2a..a8b4f78 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Tue Nov 4 13:57:53 UTC 2025 - Martin Sirringhaus + +- Mozilla Thunderbird 140.4 + * changed: Account Hub is now disabled by default for second + email account (bmo#1992027) + * changed: Flatpak runtime has been updated to Freedesktop SDK + 24.08 (bmo#1952100) + * fixed: Users could not read mail signed with OpenPGP v6 and + PQC keys (bmo#1986845) + * fixed: Image preview in Insert Image dialog failed with CSP + error for web resources (bmo#1989392) + * fixed: Emptying trash on exit did not work with some + providers (bmo#1975147) + * fixed: Thunderbird could crash when applying filters + (bmo#1987880) + * fixed: Users were unable to override expired mail server + certificate (bmo#1979323) + * fixed: Opening Website header link in RSS feed incorrectly + re-encoded URL parameters (bmo#1971035) + * fixed: Security fixes + MFSA 2025-85 (bsc#1251263) + * CVE-2025-11708 (bmo#1988931) + Use-after-free in MediaTrackGraphImpl::GetInstance() + * CVE-2025-11709 (bmo#1989127) + Out of bounds read/write in a privileged process triggered by + WebGL textures + * CVE-2025-11710 (bmo#1989899) + Cross-process information leaked due to malicious IPC + messages + * CVE-2025-11711 (bmo#1989978) + Some non-writable Object properties could be modified + * CVE-2025-11712 (bmo#1979536) + An OBJECT tag type attribute overrode browser behavior on web + resources without a content-type + * CVE-2025-11713 (bmo#1986142) + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970, + bmo#1991040, bmo#1992113) + Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR + 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 + * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244, + bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899) + Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird + ESR 140.4, Firefox 144 and Thunderbird 144 +- Replace mozilla-bmo998749.patch with upstreams version + +------------------------------------------------------------------- +Tue Nov 4 13:45:07 UTC 2025 - Martin Sirringhaus + +- Add build_limit for s390x on SLE16 (bsc#1247774) + ------------------------------------------------------------------- Sun Sep 14 06:58:42 UTC 2025 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index d31fcd0..86769c6 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -30,8 +30,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.3.0 -%define orig_version 140.3.0 +%define mainver %major.4.0 +%define orig_version 140.4.0 %define orig_suffix esr %define update_channel esr %define source_prefix thunderbird-%{orig_version} @@ -353,7 +353,7 @@ EOF # Done with env-variables. source ./.obsenv.sh -%ifarch aarch64 %arm ppc64 ppc64le riscv64 +%ifarch aarch64 %arm ppc64 ppc64le riscv64 s390x %limit_build -m 2500 %endif diff --git a/l10n-140.3.0esr.tar.xz b/l10n-140.4.0esr.tar.xz similarity index 100% rename from l10n-140.3.0esr.tar.xz rename to l10n-140.4.0esr.tar.xz diff --git a/mozilla-bmo998749.patch b/mozilla-bmo998749.patch index 91a6168..333dea8 100644 --- a/mozilla-bmo998749.patch +++ b/mozilla-bmo998749.patch @@ -1,29 +1,61 @@ # HG changeset patch -# User msirringhaus@suse.de -# Date 1583738770 -3600 -# Mon Mar 09 08:26:10 2020 +0100 -# Node ID 34676feac1a542e409e22acf5b98735f8313b1ce -# Parent 506857dace0a08d1c9685e3ac264646590b3e27f -[mq]: mozilla-bmo998749.patch +# User Kagami Sascha Rosylight +# Date 1758587698 0 +# Node ID 48d7a6b864335c3f49a33b3e570f85338b125bd1 +# Parent 1ac42c45ad132e1b2d498af6d8f0315839c2b25a +Bug 998749 - Use SurfaceFormatBit::OS_* for FilterProcessing.h r=tnikkel -diff -r 506857dace0a -r 34676feac1a5 gfx/2d/FilterProcessing.h ---- a/gfx/2d/FilterProcessing.h Fri Feb 28 12:31:51 2020 +0100 -+++ b/gfx/2d/FilterProcessing.h Mon Mar 09 08:26:10 2020 +0100 -@@ -13,10 +13,17 @@ - namespace mozilla { - namespace gfx { +Differential Revision: https://phabricator.services.mozilla.com/D265733 + + +diff --git a/gfx/2d/FilterProcessing.h b/gfx/2d/FilterProcessing.h +--- a/gfx/2d/FilterProcessing.h ++++ b/gfx/2d/FilterProcessing.h +@@ -5,23 +5,26 @@ + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+#if MOZ_BIG_ENDIAN() -+const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_B = 3; -+const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_G = 2; -+const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_R = 1; -+const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_A = 0; -+#else - const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_B = 0; - const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_G = 1; - const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_R = 2; - const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_A = 3; -+#endif + #ifndef _MOZILLA_GFX_FILTERPROCESSING_H_ + #define _MOZILLA_GFX_FILTERPROCESSING_H_ + + #include "2D.h" + #include "Filters.h" + +-namespace mozilla { +-namespace gfx { ++namespace mozilla::gfx { + +-const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_B = 0; +-const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_G = 1; +-const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_R = 2; +-const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_A = 3; ++const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_B = ++ static_cast(mozilla::gfx::SurfaceFormatBit::OS_B) / 8; ++const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_G = ++ static_cast(mozilla::gfx::SurfaceFormatBit::OS_G) / 8; ++const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_R = ++ static_cast(mozilla::gfx::SurfaceFormatBit::OS_R) / 8; ++const ptrdiff_t B8G8R8A8_COMPONENT_BYTEOFFSET_A = ++ static_cast(mozilla::gfx::SurfaceFormatBit::OS_A) / 8; class FilterProcessing { public: + // Fast approximate division by 255. It has the property that + // for all 0 <= v <= 255*255, FastDivideBy255(v) == v/255. + // But it only uses two adds and two shifts instead of an + // integer division (which is expensive on many processors). + template +@@ -155,12 +158,11 @@ class FilterProcessing { + static inline unsigned umax(unsigned a, unsigned b) { + return a - ((a - b) & -(a < b)); + } + + static inline unsigned umin(unsigned a, unsigned b) { + return a - ((a - b) & -(a > b)); + } + +-} // namespace gfx +-} // namespace mozilla ++} // namespace mozilla::gfx + + #endif // _MOZILLA_GFX_FILTERPROCESSING_H_ + diff --git a/tar_stamps b/tar_stamps index 2e6d8cf..31832d1 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr140" -VERSION="140.3.0" +VERSION="140.4.0" VERSION_SUFFIX="esr" -REV_VERSION="140.2.1" +REV_VERSION="140.3.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140" -RELEASE_TAG="34b243658c31506d293b13d67238ccca56c290e0" -RELEASE_TIMESTAMP="20250911182516" +RELEASE_TAG="efb07defaa2d56105675dc1d936af581ebfd8ffa" +RELEASE_TIMESTAMP="20251010020716" diff --git a/thunderbird-140.3.0esr.source.tar.xz b/thunderbird-140.3.0esr.source.tar.xz deleted file mode 100644 index 2eb5270..0000000 --- a/thunderbird-140.3.0esr.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b538c6cde261e06e37e9cedb854c392ab7850aa220f5007c876357b6546418ae -size 755800156 diff --git a/thunderbird-140.3.0esr.source.tar.xz.asc b/thunderbird-140.3.0esr.source.tar.xz.asc deleted file mode 100644 index 43a97d2..0000000 --- a/thunderbird-140.3.0esr.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmjDU+UACgkQXstkl8Gi -AlaRzhAAilg8h5t2o0FZJpVfAc3jaNW9//GFwpnoFu6QB0IEi/QP+SYphSrLmxnS -pjHxhdZ4SHKkcl7EawHmhbW54TuncnUBTRqOhGu+AosUVgrdImVTRaF3mQWh8v94 -G3XsRIPl7T8hd85bACS6HItMhTy7rFsJSiUQZ7C+tXLn0QsL3WNOzx4pmTSEZj56 -ywuctRC6GXTxdw8AZcDG6624RkDTdNq0ISw7Ge24kckpUiGaM/bS455l+Tol72Jy -7+uKywIBWCwumQsTjRf6DeEik543atrNBLb2BAJOCU/HetR5sOcoL+hPUsJU2VNq -53w3Yx991nC0cioeccYEjaxh2ejzaOeRMtuqyxz7OjtBtGu+KUuJahW9kmR/0xBX -1Jof/mT3C2JZZuKj5soaxkGvOL3IWJJ69e2DHW45D6Di/TS9yGgqsy8npuVCZJGA -dfo6/YVivEtQIcwZKqjUQqRAmQ5AMy6hD4fgmK7gw3LqQdig8MwDxkGGLxNRHhah -9NB8sLvG2j1qPUZLBM9Ky5yXXvBuziGpb2llrnK3xr7N2fM6f9d6eTchDt9kG6ly -aSYoSUd/vRYb4XXvr5ESkUDDJRGTmVwEexM/USPOlFg+iPSvmxJ6Rj+R/d3ruhOK -a0qg/ZdGiQmkpD0OXwhOOfTGXZLuI7Qtg6s6NUUQmmGPBJvoLjM= -=R/Vh ------END PGP SIGNATURE----- diff --git a/thunderbird-140.4.0esr.source.tar.xz b/thunderbird-140.4.0esr.source.tar.xz new file mode 100644 index 0000000..c01f586 --- /dev/null +++ b/thunderbird-140.4.0esr.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b0eb946d9e6d4b2adbfad0893a5c79caa11203a3906b0b5f26f0ccc4c9b28ff0 +size 754630692 diff --git a/thunderbird-140.4.0esr.source.tar.xz.asc b/thunderbird-140.4.0esr.source.tar.xz.asc new file mode 100644 index 0000000..8348782 --- /dev/null +++ b/thunderbird-140.4.0esr.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmjonrYACgkQXstkl8Gi +AlYivQ//R8nMW8KSwBndAW82/SA8bJh5cTm9uXJpwfRi+0oQ0QARTADrmpV4kQyR +Ld/Gyzvcoo3SKCp683xBEDxsuVBUd0x63IRdjf09gYDBRmVmq22bfUWgrhKtD9J0 +2yDOPd1TnFYpQe0kYoyPthjCrRbRI73LnV0kep57b9LI0xz0gJ/WamHMwQpXEVHO +9z1aaXODUlcHpssWw/VBqZLPEWduqy/pnf0lFFJqtZVcuCJjdazOdiVHq8vVGVdb +kxml6SbnKHZFlfmqbIjov2Bg0xlGDSvkCCc3jHq3ZGoCC7urzcZReicashn0AZTn +OL6w5RbuHK6MhYOOs+IvHQ9bM/qUBi0Ck/zj9DAqZm4Q4rkfcWKkG85sbyZPASyD +8wwu+fBYIKJ92d8RxWd0+c7tIu4HpOzZ4eDLBvn/c5Pasaa1wb9QfqhbJr50ZWOv +Yl/kAXrF6ae23paht4R6ViGkXGwFTJuhAuKp+J+UTnXl/nCLis06x1FqfdXMiGcY +VVGjO9TvE9FD9koYu855/ELUC9By8dbQ7qZeEgj1WLK2/Qfs2UQSsyCd4kvTqYNG +0PA/I6WRewRPkCsRV9zcvtQR8XvnwasHhzkSA16Ozy11Tars9rUbXEtnkkCRUUsh +gbi6WYZWzoSqhYa3xzMuHxjyLr4voiziug6iBmWeCkuSZJXiFi0= +=hVEC +-----END PGP SIGNATURE-----