From 62f65fe0ea90fada651cd2e84ed79a18575a46e6a2be341f1e7785795ba1ef15 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 25 Oct 2023 06:36:45 +0000 Subject: [PATCH] - Mozilla Thunderbird 115.4.1 https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes MFSA 2023-47 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5732 (bmo#1690979, bmo#1836962) Address bar spoofing via bidirectional characters * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 - removed obsolete mozilla-bmo1846703.patch OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=728 --- MozillaThunderbird.changes | 30 +++++++++++ MozillaThunderbird.spec | 5 +- l10n-115.3.3.tar.xz => l10n-115.4.1.tar.xz | 0 mozilla-bmo1846703.patch | 59 ---------------------- tar_stamps | 8 +-- thunderbird-115.3.3.source.tar.xz | 3 -- thunderbird-115.3.3.source.tar.xz.asc | 16 ------ thunderbird-115.4.1.source.tar.xz | 3 ++ thunderbird-115.4.1.source.tar.xz.asc | 16 ++++++ 9 files changed, 55 insertions(+), 85 deletions(-) rename l10n-115.3.3.tar.xz => l10n-115.4.1.tar.xz (100%) delete mode 100644 mozilla-bmo1846703.patch delete mode 100644 thunderbird-115.3.3.source.tar.xz delete mode 100644 thunderbird-115.3.3.source.tar.xz.asc create mode 100644 thunderbird-115.4.1.source.tar.xz create mode 100644 thunderbird-115.4.1.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 85fe828..7324250 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Tue Oct 24 20:52:32 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Thunderbird 115.4.1 + https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes + https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes + MFSA 2023-47 (bsc#1216338) + * CVE-2023-5721 (bmo#1830820) + Queued up rendering could have allowed websites to clickjack + * CVE-2023-5732 (bmo#1690979, bmo#1836962) + Address bar spoofing via bidirectional characters + * CVE-2023-5724 (bmo#1836705) + Large WebGL draw could have led to a crash + * CVE-2023-5725 (bmo#1845739) + WebExtensions could open arbitrary URLs + * CVE-2023-5726 (bmo#1846205) + Full screen notification obscured by file open dialog on macOS + * CVE-2023-5727 (bmo#1847180) + Download Protections were bypassed by .msix, .msixbundle, + .appx, and .appxbundle files on Windows + * CVE-2023-5728 (bmo#1852729) + Improper object tracking during GC in the JavaScript engine + could have led to a crash. + * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, + bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, + bmo#1855306, bmo#1855640, bmo#1856695) + Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, + and Thunderbird 115.4.1 +- removed obsolete mozilla-bmo1846703.patch + ------------------------------------------------------------------- Tue Oct 24 16:58:42 UTC 2023 - Andreas Stieger diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 36c185b..0ff5609 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -29,8 +29,8 @@ # major 69 # mainver %%major.99 %define major 115 -%define mainver %major.3.3 -%define orig_version 115.3.3 +%define mainver %major.4.1 +%define orig_version 115.4.1 %define orig_suffix %nil %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -203,7 +203,6 @@ Patch19: svg-rendering.patch Patch20: mozilla-partial-revert-1768632.patch Patch21: mozilla-bmo1775202.patch Patch22: mozilla-rust-disable-future-incompat.patch -Patch23: mozilla-bmo1846703.patch %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /bin/sh diff --git a/l10n-115.3.3.tar.xz b/l10n-115.4.1.tar.xz similarity index 100% rename from l10n-115.3.3.tar.xz rename to l10n-115.4.1.tar.xz diff --git a/mozilla-bmo1846703.patch b/mozilla-bmo1846703.patch deleted file mode 100644 index 7f1a1fb..0000000 --- a/mozilla-bmo1846703.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff -rup a/media/ffvpx/libavcodec/x86/mathops.h b/media/ffvpx/libavcodec/x86/mathops.h ---- a/media/ffvpx/libavcodec/x86/mathops.h 2023-09-28 20:57:25.994782086 +0200 -+++ b/media/ffvpx/libavcodec/x86/mathops.h 2023-09-28 20:57:50.084785348 +0200 -@@ -35,12 +35,20 @@ - static av_always_inline av_const int MULL(int a, int b, unsigned shift) - { - int rt, dummy; -+ if (__builtin_constant_p(shift)) - __asm__ ( - "imull %3 \n\t" - "shrdl %4, %%edx, %%eax \n\t" - :"=a"(rt), "=d"(dummy) -- :"a"(a), "rm"(b), "ci"((uint8_t)shift) -+ :"a"(a), "rm"(b), "i"(shift & 0x1F) - ); -+ else -+ __asm__ ( -+ "imull %3 \n\t" -+ "shrdl %4, %%edx, %%eax \n\t" -+ :"=a"(rt), "=d"(dummy) -+ :"a"(a), "rm"(b), "c"((uint8_t)shift) -+ ); - return rt; - } - -@@ -113,19 +121,31 @@ __asm__ volatile(\ - // avoid +32 for shift optimization (gcc should do that ...) - #define NEG_SSR32 NEG_SSR32 - static inline int32_t NEG_SSR32( int32_t a, int8_t s){ -+ if (__builtin_constant_p(s)) - __asm__ ("sarl %1, %0\n\t" - : "+r" (a) -- : "ic" ((uint8_t)(-s)) -+ : "i" (-s & 0x1F) - ); -+ else -+ __asm__ ("sarl %1, %0\n\t" -+ : "+r" (a) -+ : "c" ((uint8_t)(-s)) -+ ); - return a; - } - - #define NEG_USR32 NEG_USR32 - static inline uint32_t NEG_USR32(uint32_t a, int8_t s){ -+ if (__builtin_constant_p(s)) - __asm__ ("shrl %1, %0\n\t" - : "+r" (a) -- : "ic" ((uint8_t)(-s)) -+ : "i" (-s & 0x1F) - ); -+ else -+ __asm__ ("shrl %1, %0\n\t" -+ : "+r" (a) -+ : "c" ((uint8_t)(-s)) -+ ); - return a; - } - diff --git a/tar_stamps b/tar_stamps index 0d301b8..d5a45be 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr115" -VERSION="115.3.3" +VERSION="115.4.1" VERSION_SUFFIX="" -PREV_VERSION="115.3.2" +PREV_VERSION="115.4.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115" -RELEASE_TAG="e1ce2f9fb77f429bf4abf147c205b1a80fd860e1" -RELEASE_TIMESTAMP="20231016182902" +RELEASE_TAG="f9f6aede26e0991093e5935b0d85b1cb9de3c346" +RELEASE_TIMESTAMP="20231024181440" diff --git a/thunderbird-115.3.3.source.tar.xz b/thunderbird-115.3.3.source.tar.xz deleted file mode 100644 index a9f9dd1..0000000 --- a/thunderbird-115.3.3.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fae3156b09efc2664d54a92cef1e37f3d88e3a45acf27d080b297c6278a9fef2 -size 540032900 diff --git a/thunderbird-115.3.3.source.tar.xz.asc b/thunderbird-115.3.3.source.tar.xz.asc deleted file mode 100644 index 3c85ce1..0000000 --- a/thunderbird-115.3.3.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUt/cgACgkQ4207E/PZ -MnR7QA/+OmOBnqWjg5GFQv4dSwC9wf/XIrXxQIc6k/+dieSuR5TtXdtAoSwzGPqZ -o76ODfjmAdB+AlrdGNGQWzZklyrVZED9nEpzIlGd3042gm7CkxjWn39ywDel1+3z -dF3kX57iD5kAcrHYgzCWCVtdSHMguVVxj2+Ms1lFRIUCsscrXmWwVfjo0H3ciKKC -6SV16eqh3HrR6pJ1DAb8C8lvTxGZjEiMTX51MiJh879qhs4H6xhDYotkDuM4JDcp -96CHmUcg2uIVpM13EzCiRPsPzI2gn/yBRoIv6sw053jFR3/4qObPM6aetih99ZEI -8w+GKsyAahKi1g+FnSG7qIIo7+/XfjDDkPFxBPNimvbWNikMVa+EIs+ORZNCS1iM -nKqQwm9Nk4ftPN6D27PAhWwTAdMlNIQ+OO/Gq/KvRfLJWMfxxQrElaHdQACLafoQ -Qo46aBVdHPidH9/FK/7q2bzjnG+amUHdg1jVN5da6ovR5eKx5o9olOMBqSX+vkoF -7+es124lvXz7a3WQZ/zLNIkxYgAHKMyhzDUrbrMsIUa+DSQF2qtwBS1Gp9iSSFn8 -FLmifB8ZP/yWmG/HiLf4Qbr0V6cWbz+u7q9nKQ1wJaA7oheTAY/fQnW24AoHFNEU -svPvuo64GY83sFVtjrERzfPlgE5StkU8a9Omo+kH6x06La2Y+bA= -=uurl ------END PGP SIGNATURE----- diff --git a/thunderbird-115.4.1.source.tar.xz b/thunderbird-115.4.1.source.tar.xz new file mode 100644 index 0000000..7ccaa35 --- /dev/null +++ b/thunderbird-115.4.1.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9914bbcaf6d99dbaccdb5e4d32859bfbc725ab2e1f285b483fa141e411b47036 +size 537988108 diff --git a/thunderbird-115.4.1.source.tar.xz.asc b/thunderbird-115.4.1.source.tar.xz.asc new file mode 100644 index 0000000..06989ce --- /dev/null +++ b/thunderbird-115.4.1.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmU4JjYACgkQ4207E/PZ +MnQJxw//ceW2DjC6xcdahFFyczVzKZ8BJqfktsX/eAx4HAfOMQYj3ufCTn2rFAN+ +p9aW2Txx0JBCyHpvbm4cb//N83CzT5O7jjtXc+Y9s936bIPxC3zQu46LLO3ucQGm +hmoU2fszvtGtctJHm0+ouGMQl0sZZju9kic6wmzbZFaMBGcLqPkiGB4l5myGuN3U +1yQob+M7R8CuPKmkHC62pNP6yteLPWNbFwuRZ6K7LzhdH8kDt+FWzK2vo3VTYO/7 +kVPvkYZE42GyriQoMfBUlnTDSab3ggkKo0BdxO4Ko+poZnKOd29M9TyuRdQV6n1b +z9lBzMeBNRZ7iOWQJdyzy0RO+KOGvSubWOyKvjhWzyY3uw8DNAIuWeTywEvMraor +t1Tnu3AwbJUB2+fsbhBsnh303aZdq85nIzW/3fIB6OGdYObPuAvl+a/bDVd2V4N0 +OUCeDZv3o0GMrbF1aPe0GfEba7ue41+PuuQ0Ihoyg+rONEbtHB2gnUaO8pBqEEgz +dmamhHcDCX0wbdfaQJZj7Kq7FSBSCHolTyy02SvHfhr93YL2jQuiHJ+7XnAbY85r +niFo7znQZZlt51IUerJD+16LBmYDw7mseolSUMRzFjlLzo26aazPsFgLtyvycfLK +X/Wbtj1bC6nIF+k9Iuo5K6y9MSGchxC+5ZlyPVsd2yyGJM4NGyg= +=DKLX +-----END PGP SIGNATURE-----