- Mozilla Thunderbird 60.8.0

* Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales MFSA 2019-23 (boo#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key * CVE-2019-11730 (bmo#1558299) Same-origin policy treats all files in a directory as having the same-origin * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and Thunderbird 60.8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=478
2019-07-12 06:49:32 +00:00 · 2019-07-12 06:49:32 +00:00 · 191740d32d
commit 191740d32d
parent 1bf9c22999
10 changed files with 63 additions and 31 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -4,6 +4,38 @@ Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
 - Generate langpacks sequentially to avoid file corruption
  from racy file writes (boo#1137970)

+-------------------------------------------------------------------
+Mon Jul  8 10:25:24 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 60.8.0
+  * Calendar: Problems when editing event times, some related to
+    AM/PM setting in non-English locales
+  MFSA 2019-23   (boo#1140868)
+  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
+    Sandbox escape via installation of malicious languagepack
+  * CVE-2019-11711 (bmo#1552541)
+    Script injection within domain through inner window reuse
+  * CVE-2019-11712 (bmo#1543804)
+    Cross-origin POST requests can be made with NPAPI plugins by
+    following 308 redirects
+  * CVE-2019-11713 (bmo#1528481)
+    Use-after-free with HTTP/2 cached stream
+  * CVE-2019-11729 (bmo#1515342)
+    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+  * CVE-2019-11715 (bmo#1555523)
+    HTML parsing error can contribute to content XSS
+  * CVE-2019-11717 (bmo#1548306)
+    Caret character improperly escaped in origins
+  * CVE-2019-11719 (bmo#1540541)
+    Out-of-bounds read when importing curve25519 private key
+  * CVE-2019-11730 (bmo#1558299)
+    Same-origin policy treats all files in a directory as having the
+    same-origin
+  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
+    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
+    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
+    Thunderbird 60.8
+
 -------------------------------------------------------------------
 Thu Jun 20 22:15:46 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -17,9 +17,9 @@
 #


-%define mainversion 60.7.2
+%define mainversion 60.8.0
 %define update_channel release
-%define releasedate 20190620083217
+%define releasedate 20190703133823

 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
@ -44,7 +44,7 @@ BuildRequires:  libidl-devel
 BuildRequires:  libnotify-devel
 BuildRequires:  memory-constraints
 BuildRequires:  mozilla-nspr-devel >= 4.19
-BuildRequires:  mozilla-nss-devel >= 3.36.7
+BuildRequires:  mozilla-nss-devel >= 3.36.8
 BuildRequires:  python
 BuildRequires:  python2-xml
 BuildRequires:  rust >= 1.24
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:84d4e910076684f1791d3575a9ce5356673e58ec5c1e7cef9f69db77801d3ee8
-size 28368
+oid sha256:b3a37a47153044ed6f702dad451f4920496831732a26d9fb4fecc1b239b153f2
+size 28396
--- a/create-tar.sh
+++ b/create-tar.sh
@ -2,9 +2,9 @@

 CHANNEL="esr60"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="e8ba58f175184985890f5c5aa0b8ff6bd4275b82"
-MOZ_RELEASE_TAG="2fbdde45ed69194ed3908fc665e1d759c3d8f7c9"
-VERSION="60.7.2"
+RELEASE_TAG="ef6b0f0be269d5b7314fe9b359604c9f4f541055"
+MOZ_RELEASE_TAG="eb76765892cfd646d3014e5f3b8df8c6753da2d2"
+VERSION="60.8.0"
 VERSION_SUFFIX=""
 LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json"

--- a/l10n-60.7.2.tar.xz
+++ b/l10n-60.7.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae813ba30c6e7198fffd213a9c1a69aaefcdd703299aa7fb84c7540004a11a5f
-size 27432848
--- a/l10n-60.8.0.tar.xz
+++ b/l10n-60.8.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b5111cb9b9c07a69f34ffa43fdf76c515051a8e3dd3f3dbc41486f8090e442a3
+size 27456032
--- a/thunderbird-60.7.2.source.tar.xz
+++ b/thunderbird-60.7.2.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc89a5f66b17d554fc0b9c153483edcc74b1bacc916dfd6dccead8478060af31
-size 283874432
--- a/thunderbird-60.7.2.source.tar.xz.asc
+++ b/thunderbird-60.7.2.source.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iQIcBAABCAAGBQJdC7iwAAoJEPGmZo+7fVcu+FMP/1KDApwEgahe7KIaKXP9xY3O
-oNFcnnat9UNpNJcnwbXv0Ktf6uDLQU1Bn/nUyzq/iH0l6FGa2HNGFj6k1EUP7tYK
-KnNW3RtfCMHplJudbYzV4HSiiII+LnwiBmcNVCfGsr3kGvhjbExYFDDV4ighMuba
-3yedSTgA1W+k2ABSQFL+WrEa+Bm2MIjRY5CTvpwXvATYDjNRIB6e8pdew8WemKdL
-pus3Fl5trhu58/hGcFICHpH6Igjc3OCPiKiGyxLL9iHjZhGri8cdFk8WqPZB2xKX
-7rYA6CB0KM90ymJQ7nKYodl09EQ9TF8FZr/RE5XjjHtlupKGYeQo01z7bpHrxxdW
-cl3QuxeBrNCj/CfJcmdiTClLecF0QsCdmS75DegOUXHDwvJNwtB4StbDcJHv4ccD
-94eZNdHzHqFxzrkSy8I0OVIMDZm/LTkPh92UrE326LGZKMhzYesbEX21umzr7ldh
-L9CDzazifQoX5qm7NYGWF3+bvb46JrzQgegfWV+OXyCQZeM1eJQkdTU7DqXfw+cW
-Jq88FS3vd2BbUMHpAgZTvjCl4IcrcJkD648wShG8PchnMj0Jn3+YyBZLmMn6M1fE
-dN6Y1c856qb3k2HFGUrJR5GlgCANlaZn7i7DlZHyeYeMyN3KqwoTGfX8CKByyfC5
-SEyIYofj+uGCxyuK2ZMd
-=Qgho
-----END PGP SIGNATURE-----
--- a/thunderbird-60.8.0.source.tar.xz
+++ b/thunderbird-60.8.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1e7a13e64b63476d2235aaac6823fdab949af45cfcd5a25ee710cbae08c2f5d1
+size 285643576
--- a/thunderbird-60.8.0.source.tar.xz.asc
+++ b/thunderbird-60.8.0.source.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iQIcBAABCAAGBQJdHMn9AAoJEPGmZo+7fVcuq9AP/R/rhtQqqr1y6I9+qrJPPJJy
+/fNWEOj2jIoooGh4d7hdne0elSF7ZS93BLhGSwV/AdZMdAY3cpfrmFpFV/hmswmX
+KSWMWIc2EBnv4lypDAz9tiLdIh8sMnYR3sW6RdTYWg3puG1oi0Jvl0aHGx8WlLUN
+9ntkMF5SLv2Mka+R1EOJ86mJW6+4s/AULRIy2BmlpHOAYMf5DrA6uelpHNhwTBjg
+IJpw1yggflF2ZV6uJbX+0RgMOHg3bmnP/zDO/9wFRrYHV7DXU3GVoeHqaze8iDzI
+c4SgHU69aK/yvp2hVdDuJP/5Ig0jks33ZB5p6r28oXXO5F975+V8hYEJuu0/pEX6
+jp3fY11NtnJyV8O1fYvO+TEfo8QCAaceihRPSxBuEBzwyMyTg/iVlDXjzhttCDz3
+s7fAdbDusH4LqfSYsT9jHlforPJMHrKnLbxGoExOMMTZvK8gQhiEt/L3TETOXt11
+UIFEwm6U0pq8CJHxW0TvbIi40GQ0F4pjd4KL9BS0eSy3aRJiiqMxicf962ZIGTmh
+9JhzDzqjkFln6k0O24AVklUNQtwk8wxo9e9yv6mJIlradiLa8Itp1JpJgzotOKaP
+Q9LrBbalbL60xduonuXHY8V9jyiEEYTkGPW+Si5Zbzo0/8wqQhoYgJKmXu7hSzy4
+AiHlIw7tCxY3ht3djoup
+=KlRT
+-----END PGP SIGNATURE-----