1
0

- Mozilla Thunderbird 91.6.0

* TB will now offer to send large forwarded attachments via FileLink
  * Partially signed unencrypted messages displayed an incorrect
    "parrtially encrypted" notification
  * Attachments filenames were not sanitized before saving to disk
  * In the attachment bar, the "Import OpenPGP Key" item displayed
    for public keys displayed an error and did not import the key
  * "Open with" attachment dialog did not have a selected radio
    button option
  MFSA 2022-06 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance
    Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during
    update
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22763 (bmo#1740534)
    Script Execution during invalid object state

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=623
This commit is contained in:
Wolfgang Rosenauer 2022-02-11 22:30:53 +00:00 committed by Git OBS Bridge
parent c34bf76e06
commit 5e8c474a19
10 changed files with 71 additions and 52 deletions

View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Sat Feb 5 14:11:31 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 91.6.0
* TB will now offer to send large forwarded attachments via FileLink
* Partially signed unencrypted messages displayed an incorrect
"parrtially encrypted" notification
* Attachments filenames were not sanitized before saving to disk
* In the attachment bar, the "Import OpenPGP Key" item displayed
for public keys displayed an error and did not import the key
* "Open with" attachment dialog did not have a selected radio
button option
MFSA 2022-06 (bsc#1195682)
* CVE-2022-22753 (bmo#1732435)
Privilege Escalation to SYSTEM on Windows via Maintenance
Service
* CVE-2022-22754 (bmo#1750565)
Extensions could have bypassed permission confirmation during
update
* CVE-2022-22756 (bmo#1317873)
Drag and dropping an image could have resulted in the dropped
object being an executable
* CVE-2022-22759 (bmo#1739957)
Sandboxed iframes could have executed script if the parent
appended elements
* CVE-2022-22760 (bmo#1740985, bmo#1748503)
Cross-Origin responses could be distinguished between script
and non-script content-types
* CVE-2022-22761 (bmo#1745566)
frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
* CVE-2022-22763 (bmo#1740534)
Script Execution during invalid object state
* CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
bmo#1748210, bmo#1748279)
Memory safety bugs fixed in Thunderbird 91.6
- do not use ccache by default
- removed obsolete mozilla-bmo1745560.patch
-------------------------------------------------------------------
Sat Jan 22 09:57:59 UTC 2022 - Manfred Hollstein <manfred.h@gmx.net>

View File

@ -2,7 +2,7 @@
# spec file
#
# Copyright (c) 2022 SUSE LLC
# 2006-2021 Wolfgang Rosenauer <wr@rosenauer.org>
# 2006-2022 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 91
%define mainver %major.5.1
%define orig_version 91.5.1
%define mainver %major.6.0
%define orig_version 91.6.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}
@ -38,9 +38,6 @@
# upstream default is clang (to use gcc for large parts set to 0)
%define clang_build 0
# PIE, full relro
%define build_hardened 1
%bcond_with only_print_mozconfig
%bcond_without mozilla_tb_kde4
@ -48,7 +45,7 @@
%bcond_without mozilla_tb_optimize_for_size
# define if ccache should be used or not
%define useccache 1
%define useccache 0
# Firefox only supports i686
%ifarch %ix86
@ -207,7 +204,6 @@ Patch28: mozilla-libavcodec58_91.patch
Patch29: mozilla-silence-no-return-type.patch
Patch30: mozilla-bmo531915.patch
Patch31: mozilla-bmo1724679.patch
Patch32: mozilla-bmo1745560.patch
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /bin/sh
@ -310,7 +306,6 @@ fi
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%endif
%build
@ -366,9 +361,7 @@ export CFLAGS="$CFLAGS -fimplicit-constexpr"
# Limit RAM usage during link
export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
%endif
%if 0%{?build_hardened}
export LDFLAGS="${LDFLAGS} -fPIC -Wl,-z,relro,-z,now"
%endif
%ifarch ppc64 ppc64le
%if 0%{?clang_build} == 0
export CFLAGS="$CFLAGS -mminimal-toc"
@ -530,9 +523,10 @@ sed -r '/^(ja-JP-mac|en-US|$)/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/m
>> %{_tmppath}/translations.$_l10ntarget
' -- {}
%endif
%if 0%{useccache} != 0
ccache -s
%endif
%endif
%install
cd $RPM_BUILD_DIR/obj

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bf372dd234e130669ceca5b15b2a312893b03f6d7a7e14bcb3c8b10822943ff8
size 28849860

3
l10n-91.6.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2a949123ba7b07ac78562ebb9038b691b072823c0237d1644c05fd4464319cfc
size 28819616

View File

@ -1,14 +0,0 @@
diff --git a/widget/gtk/mozwayland/mozwayland.c b/widget/gtk/mozwayland/mozwayland.c
--- a/widget/gtk/mozwayland/mozwayland.c
+++ b/widget/gtk/mozwayland/mozwayland.c
@@ -200,3 +200,10 @@
MOZ_EXPORT void wl_list_insert_list(struct wl_list* list,
struct wl_list* other) {}
+
+MOZ_EXPORT struct wl_proxy* wl_proxy_marshal_flags(
+ struct wl_proxy* proxy, uint32_t opcode,
+ const struct wl_interface* interface, uint32_t version, uint32_t flags,
+ ...) {
+ return NULL;
+}

View File

@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr91"
VERSION="91.5.1"
VERSION="91.6.0"
VERSION_SUFFIX=""
PREV_VERSION="91.5.0"
PREV_VERSION="91.5.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
RELEASE_TAG="46a4af6b62978ae76a41fcf57bc3309c4d9bb22e"
RELEASE_TIMESTAMP="20220120011414"
RELEASE_TAG="676bfbddd4b3ed77f818b6b07d9d8a79c61be4da"
RELEASE_TIMESTAMP="20220204195633"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:15918d48c59988ddeba3c7b5d98cf483db9c38a782dfbf6472dc889fed9b9c8a
size 405332676

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmHqDckACgkQ6+QekPbx
L22h3g/9Gtqoij3wrjH4hRjcaoq7/kLdouDTLXLWUs8yO3UdPJlsssdkFrYHpvXB
/WjXSDS7FY6mPxVWIDgeF2N8s07fIeDFB5tCAzJhpb4hpkYIrszGJXed7vvuJZmC
BzXqPZdhLi6njo6iHwtPFWoidrT+fOEM4tdFUG2pVSjrUNr5A3QbQySzyuwh5G1W
sj5SmtqotwZY60r3tx2j81PcxU3pn29piU7NJ9ma/PTmxj3vI6xZWfsvYk3UJnNK
RbMlVwyj10qQKAHYB7mLba7GzSqWBGezeyysTtTinR7qMC3CPopYfOSfwcL+FJul
lUFvYhIQlcXRIRcp1AHTspfGGIHgpVrJBQK2iIcsFmxXpCNkJq6m2Z7O//YyQslN
uxJpMCMXtEr1ULATJVMoI963e+3C0bJz4FpzcN3Xoh++GmifKeo+DhW0Hq7uR/Yq
PJr9ci99ti4wtsDVm4UKgqx7PQm1Mg3Gp8c1EKx05pRMjg64zBzAL84wa+oi8lTM
LyVFFyIn5Jslt9izudQrgB1TXcCChEt+HK8yPRWUBqAqMXNuCj7gaSA2CN1yXKsx
tO5ijyXX2XP4NgVfn9p+iI48geEfKB4YJMmNFzfXbhOp1yQ48uGd0kYoLFl9K79m
5ysFEzl5qXH586YPYECMQheFZmKI3679EGzDgq4JawXnE1swshU=
=n0Mf
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e9c6a82a41c869ce291d50352250856cbb3e9be8e603038be72cd5bc52438afb
size 404738672

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmH9ursACgkQ6+QekPbx
L22lAQ/+KaxdNSpa33jrG9KtWEk/gPpSQAKyeZmqpKuNpnlPowM8gAb5cehPEhtm
olzcdZV3CNS2KPIkd7fa+UuncV3Ze9zoD3HlDmGobduzpP0NZtDiW4xPnidFDrKG
d1YvLoCR7lSD9TSN+yhNwqWkyqJdeFkyZ4tiJhIzz0sPjdOf+DzaQVIokZ4aOLR5
I9Yn7LB5Q3ijt+NhZeGKPVgHgWwQxwyI/xW4pHxGQX1nSyHQHTmMLp3QToEej0OU
tAwA3ZlPMNhbl+G6wejXQPJZUigfUQxme6hE6//CAmVlIJWdgmqY6zEDJMwHk+A9
VEHaVp1bnUaV9FSrHYpCo17zgwdia2MXeQUJWLllUwiOJQh/leXu4MP5yMGOL4ll
i9bu7avAT077m1wpwMxqV39bVf2YR0o3KpAUa5sx46TuusUBzSpxb95c4dsapP8q
rywnJxUACIo5jP3v97GLkrE/481YNSjtdYIoKJn3oEIOMgKQfOs7fAK+IyEc35LD
JHf/87v3015k95s1eYpqYvR3LbJrbei72SbtrIURYy+4fiz1G7CYOa0gfvinM/S6
b8+8ND/E/qg9UySofyRzSSMY2mlHBmfoFCe8P99kuwNVGNTMeuB40HK/UuZS7MXH
PxXy97LbPmNoBZPLaK1NY3bk64gJNyr8DD1fE1QO1fdSwh0Tx6A=
=kv22
-----END PGP SIGNATURE-----