- Mozilla Thunderbird 60.7.0

* Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=468

MozillaThunderbird.changes

@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Fri May 24 08:53:57 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 60.7.0
+  * Attachment pane of Write window no longer focussed when attaching
+    files using a keyboard shortcut
+  MFSA 2019-15 (boo#1135824)
+  * CVE-2019-9815 (bmo#1546544)
+    Disable hyperthreading on content JavaScript threads on macOS
+  * CVE-2019-9816 (bmo#1536768)
+    Type confusion with object groups and UnboxedObjects
+  * CVE-2019-9817 (bmo#1540221)
+    Stealing of cross-domain images using canvas
+  * CVE-2019-9818 (bmo#1542581) (Windows only)
+    Use-after-free in crash generation server
+  * CVE-2019-9819 (bmo#1532553)
+    Compartment mismatch with fetch API
+  * CVE-2019-9820 (bmo#1536405)
+    Use-after-free of ChromeEventHandler by DocShell
+  * CVE-2019-11691 (bmo#1542465)
+    Use-after-free in XMLHttpRequest
+  * CVE-2019-11692 (bmo#1544670)
+    Use-after-free removing listeners in the event listener manager
+  * CVE-2019-11693 (bmo#1532525)
+    Buffer overflow in WebGL bufferdata on Linux
+  * CVE-2019-7317 (bmo#1542829)
+    Use-after-free in png_image_free of libpng library
+  * CVE-2019-9797 (bmo#1528909)
+    Cross-origin theft of images with createImageBitmap
+  * CVE-2018-18511 (bmo#1526218)
+    Cross-origin theft of images with ImageBitmapRenderingContext
+  * CVE-2019-11694 (bmo#1534196) (Windows only)
+    Uninitialized memory memory leakage in Windows sandbox
+  * CVE-2019-11698 (bmo#1543191)
+    Theft of user history data through drag and drop of hyperlinks
+    to and from bookmarks
+  * CVE-2019-5798 (bmo#1535518)
+    Out-of-bounds read in Skia
+  * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
+    bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
+    bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
+    bmo#1532465, bmo#1533554, bmo#1541580)
+    Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
+
 -------------------------------------------------------------------
 Wed Apr 24 17:26:44 UTC 2019 - Martin Liška <mliska@suse.cz>
 

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 60.6.1
+%define mainversion 60.7.0
 %define update_channel release
-%define releasedate 20190314112142
+%define releasedate 20190517095026
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3324bc9cbc7f202c652d8eafe27c4db46f22fabb785a57ed43ea993fce5c6409
-size 28384
+oid sha256:cb833126ba1629ca8e0f0513985ffa29186d043e3c3567a2958cf161cfbe88f6
+size 28376

create-tar.sh

@@ -2,9 +2,9 @@
 
 CHANNEL="esr60"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="ed1296af783ca23d9b07aac774cd104b14d246c3"
-MOZ_RELEASE_TAG="ac46edc9c4223fb6613501d3287705f49d1dfc57"
-VERSION="60.6.1"
+RELEASE_TAG="5822a83963e333699a33099c37c65bcd6527b988"
+MOZ_RELEASE_TAG="2ae9b50be57173c299c10df512590e2feb164977"
+VERSION="60.7.0"
 VERSION_SUFFIX=""
 LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json"
 

l10n-60.6.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1cec747862588282b88762a10502d5a7c49a7529f9afce375bbcada023f8eaf5
-size 27442764

l10n-60.7.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a7e16167b32a6215ca5a44aaa56ba1bffa079c4027ffa6cd4e6509a4f3f78571
+size 27452196

mozilla-bmo1519629.patch

@@ -1,32 +1,47 @@
-diff -rup thunderbird-60.6.1.orig/servo/components/style/lib.rs thunderbird-60.6.1/servo/components/style/lib.rs
---- thunderbird-60.6.1.orig/servo/components/style/lib.rs	2019-03-25 02:38:41.000000000 +0100
-+++ thunderbird-60.6.1/servo/components/style/lib.rs	2019-03-30 14:46:10.491001809 +0100
-@@ -23,7 +23,7 @@
+# HG changeset patch
+# Parent  ba0e794338a92e82d4b19e9fb012c848302b7dbd
+
+diff --git a/servo/components/style/lib.rs b/servo/components/style/lib.rs
+--- a/servo/components/style/lib.rs
++++ b/servo/components/style/lib.rs
+@@ -18,17 +18,17 @@
+ //! [recalc_style_at]: traversal/fn.recalc_style_at.html
+ //!
+ //! Major dependencies are the [cssparser][cssparser] and [selectors][selectors]
+ //! crates.
+ //!
  //! [cssparser]: ../cssparser/index.html
  //! [selectors]: ../selectors/index.html
  
 -#![deny(missing_docs)]
-+/// #![deny(missing_docs)]
++//#![deny(missing_docs)]
  
  extern crate app_units;
  extern crate arrayvec;
-diff -rup thunderbird-60.6.1.orig/servo/components/style_traits/values.rs thunderbird-60.6.1/servo/components/style_traits/values.rs
---- thunderbird-60.6.1.orig/servo/components/style_traits/values.rs	2019-03-25 02:38:43.000000000 +0100
-+++ thunderbird-60.6.1/servo/components/style_traits/values.rs	2019-03-30 12:31:55.070634646 +0100
-@@ -135,6 +135,7 @@ where
-     }
- }
+ extern crate atomic_refcell;
+ #[macro_use]
+ extern crate bitflags;
+ #[allow(unused_extern_crates)] extern crate byteorder;
+ #[cfg(feature = "gecko")] #[macro_use] #[no_link] extern crate cfg_if;
+diff --git a/servo/components/style_traits/lib.rs b/servo/components/style_traits/lib.rs
+--- a/servo/components/style_traits/lib.rs
++++ b/servo/components/style_traits/lib.rs
+@@ -4,17 +4,17 @@
  
-+/// Documentation needed here, but the macro appears to be unused anyway...
- #[macro_export]
- macro_rules! serialize_function {
-     ($dest: expr, $name: ident($( $arg: expr, )+)) => {
-@@ -404,6 +405,8 @@ impl_to_css_for_predefined_type!(::csspa
- impl_to_css_for_predefined_type!(::cssparser::Color);
- impl_to_css_for_predefined_type!(::cssparser::UnicodeRange);
+ //! This module contains shared types and messages for use by devtools/script.
+ //! The traits are here instead of in script so that the devtools crate can be
+ //! modified independently of the rest of Servo.
  
-+
-+/// Define an enum type with unit variants that each correspond to a CSS keyword.
- #[macro_export]
- macro_rules! define_css_keyword_enum {
-     (pub enum $name:ident { $($variant:ident = $css:expr,)+ }) => {
+ #![crate_name = "style_traits"]
+ #![crate_type = "rlib"]
+ 
+-#![deny(unsafe_code, missing_docs)]
++#![deny(unsafe_code)]
+ 
+ extern crate app_units;
+ #[macro_use] extern crate bitflags;
+ #[macro_use] extern crate cssparser;
+ extern crate euclid;
+ extern crate malloc_size_of;
+ #[macro_use] extern crate malloc_size_of_derive;
+ extern crate selectors;

thunderbird-60.6.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17aef9232a76bdc812422883c02b01b4ecb7633c3ee9870da5e4ec0e20ba5f67
-size 288706632

thunderbird-60.6.1.source.tar.xz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iQIcBAABCAAGBQJcmDKgAAoJELu+vbskxvNV/OcP/1QHXaGtOkwAEl9yJJeCXDn4
-Z7yI3u72Ue1QX2hVQxa9ZOy02TZRbLMRQwhkXE1cwcvUhnqLyGFt8lgjL6wdGg+W
-y/IxnEajwK8t6Ne7tedowhzN6DtmQoUQjbUptU9yNzqiIB+ZYXtiNVYNDxemdpli
-lsbjnvU4EcJrZSAI7YIYAKCAv9KiK0qlLUlvxg21kM1cVWLJCQHOKKp4kbxnPcQq
-ggifjLHo8uWeqrLXPdQWSQJnNsXtSyREnqn0w4mEGVTYvliYc4DQ8lg6CGCeqxHM
-IWab1HqzHaEmoDkEMXgcqrauynLChYEDG+m9bn1BgQcCRhzBoFUG6edTnCIoWmuW
-bLLr+g66mDF9YXGes4yaTEQ8stsVl/CvhEYweIxgdz23wojwNynODnjLYY4e8imO
-1yTXyLw3jI0mjVTChUF0p2CCztTtaDD/jLdo4I+d9wAQpp+Jz8q59+7ygNsadc8u
-JgKwsng81zTOJKRwH21BoWESvWCTD1sXvSedeexQYXVYanUqsSCrJ9RIni41Y16j
-4i899raBMBX1jpj4v5oPNgieV8VKG40NmDQqVIZneG/zIak/W3cTLyNbvpe4ubty
-S8+ny3aUH6XYwlmmfh3fU58uHK7MSANlJhFSeDlHkHSEOgSUoL4Co74Fe+Aj8Q4L
-osdGVnjlXfvT+Yq//UM7
-=y9co
------END PGP SIGNATURE-----

thunderbird-60.7.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:377ca762624df103dd768dc36b7632537b46aa83ddc9d336a157cadcde8bb51d
+size 285728804

thunderbird-60.7.0.source.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iQIcBAABCAAGBQJc3qdrAAoJELu+vbskxvNVuSEP/0E9BjAqFcNm8nomHcFsXLj3
+3onvO1d6wQKiKFtu3iTr+alPpXo0BDPb6bGCsIMavVhdod0zN9dRZoesXH0pQaIn
+6MGkUZEs+PqRutCfQHLDV1dKz+kpWkXlz5APAjZU3CUq1kaMGIEk7J1avSsTC4Yd
+ZADkF0dAfP1oWDI8yJEy9YTML3Hcppu+lAEhI7ZDvRDcDAezcGvoFmSkbZLt7His
+7EkpvlCEqyX57zvF7bsRYH3jKs+hJ/BD9I8cvIWXJtpzjpb9d1uUfJXH0mBzVW2B
+/nKZOyPB0+YkTkGPOzRsySZUoQP56J1g8nlYl+3fYYvROw7cEkLbJYr55qnXBDB0
+1UKrfIQkyd9RCcJ9GnXg6bWYVBxgzi7v/L+CVx/+B1b8fQ4XSX4S55jgh8woG/wJ
+KdpDxscCU0OG7NQsRgISIAJSGHCHZx+SPRgvxfQ+Bf8nJ4oyrnj9ljs/oevRWQ+b
+RPAdMaqh14f+kR/qGVOW/xQoi9C7RZ7u+Blyl1WD2S+IPeN5UubDKiXmz+Y/VbJ7
+vkjGkLxty3ousGSIk/e36rIaHoXZK78d9R/VHYrwyaRSMTWHPUnanMpQ7OuTb6xP
+fCBAZfyJQDDpwoB9GP6fYB/H7Sac2I8JzLO46/s2HZ+zOJiCYQ7X10QB18uii97w
+dgs+jlwdIl+RJU5DD73e
+=Icmv
+-----END PGP SIGNATURE-----