From 376ac03b18ead66b989fc2baf66f7ea5662645aa534fb9fffb404fd26327c0e9 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Tue, 11 Apr 2023 20:58:19 +0000
Subject: [PATCH] * New messages will automatically select S/MIME if configured
 and     OpenPGP is not   * Calendar events with timezone America/Mexico_City
 incorrectly     applied Daylight Savings Time   MFSA 2023-15 (bsc#1210212)  
 * CVE-2023-29531 (bmo#1794292)     Out-of-bound memory access in WebGL on
 macOS   * CVE-2023-29532 (bmo#1806394)     Mozilla Maintenance Service
 Write-lock bypass   * CVE-2023-29533 (bmo#1798219, bmo#1814597)    
 Fullscreen notification obscured   * MFSA-TMP-2023-0001 (bmo#1819244)    
 Double-free in libwebp   * CVE-2023-29535 (bmo#1820543)     Potential Memory
 Corruption following Garbage Collector compaction   * CVE-2023-29536
 (bmo#1821959)     Invalid free from JavaScript code   * CVE-2023-0547
 (bmo#1811298)     Revocation status of S/Mime recipient certificates was not
 checked   * CVE-2023-29479 (bmo#1824978)     Hang when processing certain
 OpenPGP messages   * CVE-2023-29539 (bmo#1784348)     Content-Disposition
 filename truncation leads to Reflected     File Download   * CVE-2023-29541
 (bmo#1810191)     Files with malicious extensions could have been downloaded 
    unsafely on Linux   * CVE-2023-29542 (bmo#1810793, bmo#1815062)     Bypass
 of file download extension restrictions   * CVE-2023-29545 (bmo#1823077)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=697
---
 MozillaThunderbird.changes             | 41 +++++++++++++++++++++++++-
 tar_stamps                             |  4 +--
 thunderbird-102.10.0.source.tar.xz     |  4 +--
 thunderbird-102.10.0.source.tar.xz.asc | 26 ++++++++--------
 4 files changed, 57 insertions(+), 18 deletions(-)

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 8397c17..d242da6 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -2,7 +2,46 @@
 Wed Apr  5 21:10:11 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Thunderbird 102.10.0
-- add mozilla-llvm16.patch trying to fix build with LLVM16
+  * New messages will automatically select S/MIME if configured and
+    OpenPGP is not
+  * Calendar events with timezone America/Mexico_City incorrectly
+    applied Daylight Savings Time
+  MFSA 2023-15 (bsc#1210212)
+  * CVE-2023-29531 (bmo#1794292)
+    Out-of-bound memory access in WebGL on macOS
+  * CVE-2023-29532 (bmo#1806394)
+    Mozilla Maintenance Service Write-lock bypass
+  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
+    Fullscreen notification obscured
+  * MFSA-TMP-2023-0001 (bmo#1819244)
+    Double-free in libwebp
+  * CVE-2023-29535 (bmo#1820543)
+    Potential Memory Corruption following Garbage Collector compaction
+  * CVE-2023-29536 (bmo#1821959)
+    Invalid free from JavaScript code
+  * CVE-2023-0547 (bmo#1811298)
+    Revocation status of S/Mime recipient certificates was not checked
+  * CVE-2023-29479 (bmo#1824978)
+    Hang when processing certain OpenPGP messages
+  * CVE-2023-29539 (bmo#1784348)
+    Content-Disposition filename truncation leads to Reflected
+    File Download
+  * CVE-2023-29541 (bmo#1810191)
+    Files with malicious extensions could have been downloaded
+    unsafely on Linux
+  * CVE-2023-29542 (bmo#1810793, bmo#1815062)
+    Bypass of file download extension restrictions
+  * CVE-2023-29545 (bmo#1823077)
+    Windows Save As dialog resolved environment variables
+  * CVE-2023-1945 (bmo#1777588)
+    Memory Corruption in Safe Browsing Code
+  * CVE-2023-29548 (bmo#1822754)
+    Incorrect optimization result on ARM64
+  * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217,
+    bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602,
+    bmo#1821448, bmo#1822413, bmo#1824828)
+    Memory safety bugs fixed in Thunderbird 102.10
+- add mozilla-llvm16.patch to fix build with LLVM16
 
 -------------------------------------------------------------------
 Wed Mar 29 10:50:35 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
diff --git a/tar_stamps b/tar_stamps
index 768ffff..56c51e4 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -6,5 +6,5 @@ PREV_VERSION="102.9.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"
-RELEASE_TAG="242807330298599a41c6a9e37d676cceeaf86dec"
-RELEASE_TIMESTAMP="20230405152512"
+RELEASE_TAG="d8df3bebc4b529388b62b9cb4df152f13910fbe3"
+RELEASE_TIMESTAMP="20230407145224"
diff --git a/thunderbird-102.10.0.source.tar.xz b/thunderbird-102.10.0.source.tar.xz
index b7fbd1c..4c56660 100644
--- a/thunderbird-102.10.0.source.tar.xz
+++ b/thunderbird-102.10.0.source.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:516ba1863d98205d3d0472cadb56ebddadce9e7198041d12f1f0d8fa398524f8
-size 501419444
+oid sha256:73183365c0888b489648b9baaa717ebccbb9add4d245e24e95d43cc76810f8ca
+size 500949660
diff --git a/thunderbird-102.10.0.source.tar.xz.asc b/thunderbird-102.10.0.source.tar.xz.asc
index 10687ff..3362529 100644
--- a/thunderbird-102.10.0.source.tar.xz.asc
+++ b/thunderbird-102.10.0.source.tar.xz.asc
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmQt2REACgkQ6+QekPbx
-L23RZQ//SZe0Qy0RbZlLVcs75KaEdY07+3ReWaczFNZswuor4uGorgemocR8Q+vH
-qJJEPj4jJxITpF3oTtPa3QiLRSFykiF7g4kGsWODHCpHTCtb3/9XhaIpfpFFkQ3N
-Y+LPMouS1OEi0L/C9bHGFfSux8uRzaoukpvMhNkk5QwkU2mnvtg85JxTCjiVjvuV
-pqCGksnbUnwNmSfdGvM7Trct0HtuYmTaXSbexef7ME+jmuzGL/5jykl7HP462ZU4
-3eqtK8qeIwgBnLVAWzHe5Sz2y6meVYkne9tY4YJXdQt5XpQHriyesLv6LmczsMaF
-bM9bYC1dq5CIa3qcyyeRB067aPLSJ+zk1OJaDiKV1KrdunbXrIEuY9mATiXdKkCq
-MrJpfrqQ4WP19H1WxycHIFewGgPTq5+KpnlpHJNVt54F9dZgJ5+CWFb+UE8P7PeJ
-niKsdn8eyRgGM415r7Qz0BA++Cf5N7Ovux9zDjlSEsoJmj9WbdG/Bi5ea7zd8tDm
-OC9VaJx9AAtB65zPCkBurNlj/cFHcVGfI1k2hlwNsKtmJvZ8i0/hbq4Vnr8GjqeP
-ki3xm1scaxKe2CfqgxlQ8TAe67aD2K/q5PhCVTBF/LgkrHeuxfpsYKAC/C5qBvvX
-DVUp4NQzbCQhGwMjlkTiCvgPtno/vllac4PEhCg6JarQioRwvMs=
-=mJiC
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmQ0LS8ACgkQ6+QekPbx
+L22flhAAsOlC7n7VWB6I0ak90oGfzvZiqlf9WbikM9oXukrYIwqXKfUDKPZZDKTV
+hfrCHzSUWi+QQc6HS8diq7CcRjJb2aJXHxL9E3E2j0qfdWjpoYMBkoQzXQR12Ve8
+lXWEPxrlfJhR8Z2S6geCMVQbyPh6zbMIZTT/Zp1vV8r5PcxwvfC3wviWU721E45k
+moT/CZX6PmeS3UO0kL/6RECNA/HgxnNu2gKFlc9Qc90wCiwtR92RGuB15CXYmZcx
+F3//Jc4n4GSMBxX/4RUto+HFxJWZ1k7Cl7CvtXKYTFkUZvMfrLBCcruzZ3Deuos0
+qKZyreUDbgeNuu+Ynh8qyEkZn+6k+rkb7t+a1jaOpgTtc/B+9fwjv34rIVD4KRO6
+Ym2qotNk3zNYU7moD53rnfvgBb2J4PUbvJobVOcthVvM0HNUbptGDvSrPByeYLOB
+veC4Bqy9heICCwRa3JBIzNCMGQgzP3fKkpFiPJxLoU/Je9FKqhHsbu9wu7/OeE/R
+BQMIFfXNwRpZcmDie3OfqYR6wZEZ5xemOZEkH0wtB7dZLlAir4tkg+P2PkKMS59q
+ihdLEqpiZpDeqIHivRbzi5Bt4GD0V8UEadIjhJ9RMBIfRM0GmjxO5d/nmnhuE+ww
+bH/M1uFnEgit9gICOZDndLhlDSArMUe8xLmjWIy1HXCktxRsnwY=
+=z2m1
 -----END PGP SIGNATURE-----