From 7db3c542e41c352ddb382055f4132267cd5c483f981bfcdf44b923911f0f1b15 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Tue, 2 Nov 2021 20:49:23 +0000
Subject: [PATCH 1/2] - Mozilla Thunderbird 91.3.0 - Drop unused
 pkgconfig(gdk-x11-2.0) BuildRequires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=612
---
 MozillaThunderbird.changes           |  5 +++++
 MozillaThunderbird.spec              |  5 ++---
 l10n-91.2.1.tar.xz                   |  3 ---
 l10n-91.3.0.tar.xz                   |  3 +++
 mozilla-sandbox-fips.patch           |  8 ++++----
 tar_stamps                           |  8 ++++----
 thunderbird-91.2.1.source.tar.xz     |  3 ---
 thunderbird-91.2.1.source.tar.xz.asc | 16 ----------------
 thunderbird-91.3.0.source.tar.xz     |  3 +++
 thunderbird-91.3.0.source.tar.xz.asc | 16 ++++++++++++++++
 10 files changed, 37 insertions(+), 33 deletions(-)
 delete mode 100644 l10n-91.2.1.tar.xz
 create mode 100644 l10n-91.3.0.tar.xz
 delete mode 100644 thunderbird-91.2.1.source.tar.xz
 delete mode 100644 thunderbird-91.2.1.source.tar.xz.asc
 create mode 100644 thunderbird-91.3.0.source.tar.xz
 create mode 100644 thunderbird-91.3.0.source.tar.xz.asc

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 4c71151..71cadd3 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,4 +1,9 @@
 -------------------------------------------------------------------
+Sun Oct 31 17:49:23 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 91.3.0
+- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
+-------------------------------------------------------------------
 Fri Oct 22 21:27:02 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Thunderbird 91.2.1
diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index 4f3012e..03ff787 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          91
-%define mainver        %major.2.1
-%define orig_version   91.2.1
+%define mainver        %major.3.0
+%define orig_version   91.3.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@@ -134,7 +134,6 @@ BuildRequires:  clang6-devel
 %else
 BuildRequires:  clang-devel >= 5
 %endif
-BuildRequires:  pkgconfig(gdk-x11-2.0)
 BuildRequires:  pkgconfig(glib-2.0) >= 2.22
 BuildRequires:  pkgconfig(gobject-2.0)
 BuildRequires:  pkgconfig(gtk+-3.0) >= 3.14.0
diff --git a/l10n-91.2.1.tar.xz b/l10n-91.2.1.tar.xz
deleted file mode 100644
index 86935ef..0000000
--- a/l10n-91.2.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f8cfd9fb8189a656d319c5004f42484e7a701257817049d9e6840621fd9b1203
-size 28636552
diff --git a/l10n-91.3.0.tar.xz b/l10n-91.3.0.tar.xz
new file mode 100644
index 0000000..a66e8c0
--- /dev/null
+++ b/l10n-91.3.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d59cdda3c56dd241265b4f8578e07113bca717fb3da4d9d117c000dc6c0fbffe
+size 28724504
diff --git a/mozilla-sandbox-fips.patch b/mozilla-sandbox-fips.patch
index 7c75bb7..8381299 100644
--- a/mozilla-sandbox-fips.patch
+++ b/mozilla-sandbox-fips.patch
@@ -7,7 +7,7 @@ bsc#1174284 - Firefox tab just crashed in FIPS mode
 diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
 --- a/security/sandbox/linux/Sandbox.cpp
 +++ b/security/sandbox/linux/Sandbox.cpp
-@@ -647,16 +647,17 @@ void SetMediaPluginSandbox(const char* a
+@@ -650,16 +650,17 @@ void SetMediaPluginSandbox(const char* a
      SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
                        strerror(errno));
      MOZ_CRASH("failed while trying to open the plugin file ");
@@ -15,8 +15,8 @@ diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox
  
    auto files = new SandboxOpenedFiles();
    files->Add(std::move(plugin));
-   files->Add("/dev/urandom", true);
-+  files->Add("/dev/random", true);
+   files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
++  files->Add("/dev/random", SandboxOpenedFile::Dup::YES);
    files->Add("/etc/ld.so.cache");  // Needed for NSS in clearkey.
    files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
    files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
@@ -28,7 +28,7 @@ diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox
 diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 --- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 +++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-@@ -308,16 +308,18 @@ void SandboxBrokerPolicyFactory::InitCon
+@@ -315,16 +315,18 @@ void SandboxBrokerPolicyFactory::InitCon
      policy->AddDir(rdwr, "/dev/dri");
    }
  
diff --git a/tar_stamps b/tar_stamps
index 6e6382f..f45c830 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr91"
-VERSION="91.2.0"
+VERSION="91.3.0"
 VERSION_SUFFIX=""
-PREV_VERSION="91.1.2"
+PREV_VERSION="91.2.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
-RELEASE_TAG="70572101c3d1709979b8c3e318b7f5449229a37d"
-RELEASE_TIMESTAMP="20211004152603"
+RELEASE_TAG="bea1eb4e98a3aa0624fcf83d4ddb32855e9563f8"
+RELEASE_TIMESTAMP="20211101223011"
diff --git a/thunderbird-91.2.1.source.tar.xz b/thunderbird-91.2.1.source.tar.xz
deleted file mode 100644
index ba7d24d..0000000
--- a/thunderbird-91.2.1.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:425dacc0ae227a4209b77daf674b33295262f2ecf36022216cd07724954e9e6d
-size 405405688
diff --git a/thunderbird-91.2.1.source.tar.xz.asc b/thunderbird-91.2.1.source.tar.xz.asc
deleted file mode 100644
index 8dd6851..0000000
--- a/thunderbird-91.2.1.source.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmFvlyMACgkQ6+QekPbx
-L212GRAArUXsgwb8krkx/Kv4jNM5lQjNqkHJ8DKkXBX/CGBX6rui/6xetLJFFzJo
-h+KmfCa7/Bl4KJk0+IKCNI53SvLAvgc4LJME2ohLrD2k/IJ8t1HI6XeHpDV18nTL
-LRWs+6vq61fTunxJahRHe20dmUT4unGEp30LS7Y9K4EYNRBNTBEwBoFRzDKQTYdL
-Z6MQd5qttutSPRB46zDOEmYmXze7eJPiVcdaGwFCbKyvtUfw7ZKXDUkjpMtmwk1d
-C1+bA5Dio9kHoQdSvP/d53MnY8iEdXs66lUektpKHs2730xrnAKHg3rBCXzj+Sos
-X68X50zzz2K6l1/WTQQilFaHT74Yb3KTU/c6RrwADqHxZzS+9AEBe2Kj3z8OdLxv
-PsQ8uBH2/fFpugYaSzOCCnQUTAAc6I3Ycnf53OQ6KrgUcn2TPu2bzG4TblnTpXm6
-lrf9jRM99VH6smRsYesPX8nGO2/FVVdrixAt3AoNvcX+kiBnggGgI6ac29b/Vl+i
-myAlwDovnkP8GhXDI6QkmuDPQyveHjHqDzxAfmEfZG8HscPLBrkrTTtggqg3GveH
-pOwACu3vdEX/43gJUVMa/1SPKjsGIPaSwsoQ8q18mRZWEUTIV7VX9K2zvKUcFYYw
-CrAatZDl7SX9uxCJLZfM5kDTp/eqRfFBOtftCcz3EKw3+MpRM3g=
-=k1/A
------END PGP SIGNATURE-----
diff --git a/thunderbird-91.3.0.source.tar.xz b/thunderbird-91.3.0.source.tar.xz
new file mode 100644
index 0000000..69c5077
--- /dev/null
+++ b/thunderbird-91.3.0.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d3abcf55637fb21bd9d68a19c01780edd82e6e72b5e850b31de186dddc2708ad
+size 403256924
diff --git a/thunderbird-91.3.0.source.tar.xz.asc b/thunderbird-91.3.0.source.tar.xz.asc
new file mode 100644
index 0000000..aa57381
--- /dev/null
+++ b/thunderbird-91.3.0.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGAgroACgkQ6+QekPbx
+L21ZZQ//brfDAZXT1JRf4+xmSD6kehieNhNXInTnXTrq8ksSdoU18F6++8t0A5W0
+WnpXZgAMSCJ9z0pcXPjwzvJp+einQKXY4Y2tFHaaxdDrdwWy2OltZ5icbGB5xxZo
+9Rh5PQKYPp1uHVp/OHlGfoOg0DymS+cjlesk4ks0neQ059P1AC+JR449/QvF6gVr
+dQEBOu9zTWePV+UhldD/zNmjB2eQPnlDVEPkiWBWEnVg215T8j4o4itXAqxppj37
+BYvi7M+EtS9QNiiSbWFFHh7Vn2NtBxRzZ8nFD0ja5K+A5N9klIMwqtT2/Vv7XBog
+3/201rK7kc/7shJCmwQJ+WC7K3OzUyvxEi3gLgQ/EFWSGRvV0W6N1cIvir9B4MpW
+vPmP6Whm7Pxd/L4m4AyCJcO8CmprDHouUQFVjD05GJPX8y568pyH1uA9Bc4qWjAg
+s7Vfo8OqsNt684Gi+PkeOlnEg4A6VeVnfp6wLiJNjLKevIh+9tGsY2dH6K0+OCi/
+2KBUXxM+2CbI8cLGauVHjbtNE7TPA4prnn3/wiKhKCPpGo2zvJYYplEjshGnKeeM
++f+OW69zMrWfhO6O/c7ehhvc8kXLpI11YbOHlJCaymvtnyOff9BSkWbLb7RhrZdz
+I047XWFvSHzezg6ylijeVU+DCGhvBaV7Oc5Dufs5nMs9J3HD9Ic=
+=uozt
+-----END PGP SIGNATURE-----

From 9908ef8381e3c40d0a1730a9476a1a38eadfbeb44d7675e845e7354227244946 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Wed, 3 Nov 2021 16:44:34 +0000
Subject: [PATCH 2/2] * several fixes as outlined here    
 https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/   MFSA
 2021-50  (bsc#1192250)   * CVE-2021-38503 (bmo#1729517)     iframe sandbox
 rules did not apply to XSLT stylesheets   * CVE-2021-38504 (bmo#1730156)    
 Use-after-free in file picker dialog   * CVE-2021-38505 (bmo#1730194)    
 Windows 10 Cloud Clipboard may have recorded sensitive user data   *
 CVE-2021-38506 (bmo#1730750)     Thunderbird could be coaxed into going into
 fullscreen mode     without notification or warning   * CVE-2021-38507
 (bmo#1730935)     Opportunistic Encryption in HTTP2 could be used to bypass
 the     Same-Origin-Policy on services hosted on other ports   *
 MOZ-2021-0008 (bmo#1667102)     Use-after-free in HTTP2 Session object   *
 CVE-2021-38508 (bmo#1366818)     Permission Prompt could be overlaid,
 resulting in user     confusion and potential spoofing   * CVE-2021-38509
 (bmo#1718571)     Javascript alert box could have been spoofed onto an    
 arbitrary domain   * CVE-2021-38510 (bmo#1731779)     Download Protections
 were bypassed by .inetloc files on Mac OS   * MOZ-2021-0007 (bmo#1606864,
 bmo#1712671, bmo#1730048,     bmo#1735152)     Memory safety bugs fixed in
 Thunderbird ESR 91.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=613
---
 MozillaThunderbird.changes | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 71cadd3..34b14b6 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -2,7 +2,36 @@
 Sun Oct 31 17:49:23 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Thunderbird 91.3.0
+  * several fixes as outlined here
+    https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
+  MFSA 2021-50  (bsc#1192250)
+  * CVE-2021-38503 (bmo#1729517)
+    iframe sandbox rules did not apply to XSLT stylesheets
+  * CVE-2021-38504 (bmo#1730156)
+    Use-after-free in file picker dialog
+  * CVE-2021-38505 (bmo#1730194)
+    Windows 10 Cloud Clipboard may have recorded sensitive user data
+  * CVE-2021-38506 (bmo#1730750)
+    Thunderbird could be coaxed into going into fullscreen mode
+    without notification or warning
+  * CVE-2021-38507 (bmo#1730935)
+    Opportunistic Encryption in HTTP2 could be used to bypass the
+    Same-Origin-Policy on services hosted on other ports
+  * MOZ-2021-0008 (bmo#1667102)
+    Use-after-free in HTTP2 Session object
+  * CVE-2021-38508 (bmo#1366818)
+    Permission Prompt could be overlaid, resulting in user
+    confusion and potential spoofing
+  * CVE-2021-38509 (bmo#1718571)
+    Javascript alert box could have been spoofed onto an
+    arbitrary domain
+  * CVE-2021-38510 (bmo#1731779)
+    Download Protections were bypassed by .inetloc files on Mac OS
+  * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
+    bmo#1735152)
+    Memory safety bugs fixed in Thunderbird ESR 91.3
 - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
+
 -------------------------------------------------------------------
 Fri Oct 22 21:27:02 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>