- Mozilla Thunderbird 115.4.1

https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes
  https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes
  MFSA 2023-47 (bsc#1216338)
  * CVE-2023-5721 (bmo#1830820)
    Queued up rendering could have allowed websites to clickjack
  * CVE-2023-5732 (bmo#1690979, bmo#1836962)
    Address bar spoofing via bidirectional characters
  * CVE-2023-5724 (bmo#1836705)
    Large WebGL draw could have led to a crash
  * CVE-2023-5725 (bmo#1845739)
    WebExtensions could open arbitrary URLs
  * CVE-2023-5726 (bmo#1846205)
    Full screen notification obscured by file open dialog on macOS
  * CVE-2023-5727 (bmo#1847180)
    Download Protections were bypassed by .msix, .msixbundle,
    .appx, and .appxbundle files on Windows
  * CVE-2023-5728 (bmo#1852729)
    Improper object tracking during GC in the JavaScript engine
    could have led to a crash.
  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
    bmo#1855306, bmo#1855640, bmo#1856695)
    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
    and Thunderbird 115.4.1
- removed obsolete mozilla-bmo1846703.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=728

MozillaThunderbird.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Oct 24 20:52:32 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 115.4.1
+  https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes
+  https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes
+  MFSA 2023-47 (bsc#1216338)
+  * CVE-2023-5721 (bmo#1830820)
+    Queued up rendering could have allowed websites to clickjack
+  * CVE-2023-5732 (bmo#1690979, bmo#1836962)
+    Address bar spoofing via bidirectional characters
+  * CVE-2023-5724 (bmo#1836705)
+    Large WebGL draw could have led to a crash
+  * CVE-2023-5725 (bmo#1845739)
+    WebExtensions could open arbitrary URLs
+  * CVE-2023-5726 (bmo#1846205)
+    Full screen notification obscured by file open dialog on macOS
+  * CVE-2023-5727 (bmo#1847180)
+    Download Protections were bypassed by .msix, .msixbundle,
+    .appx, and .appxbundle files on Windows
+  * CVE-2023-5728 (bmo#1852729)
+    Improper object tracking during GC in the JavaScript engine
+    could have led to a crash.
+  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
+    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
+    bmo#1855306, bmo#1855640, bmo#1856695)
+    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
+    and Thunderbird 115.4.1
+- removed obsolete mozilla-bmo1846703.patch
+
 -------------------------------------------------------------------
 Tue Oct 24 16:58:42 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
 

MozillaThunderbird.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          115
-%define mainver        %major.3.3
+%define mainver        %major.4.1
-%define orig_version   115.3.3
+%define orig_version   115.4.1
 %define orig_suffix    %nil
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@@ -203,7 +203,6 @@ Patch19:        svg-rendering.patch
 Patch20:        mozilla-partial-revert-1768632.patch
 Patch21:        mozilla-bmo1775202.patch
 Patch22:        mozilla-rust-disable-future-incompat.patch
-Patch23:        mozilla-bmo1846703.patch
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /bin/sh

mozilla-bmo1846703.patch

@@ -1,59 +0,0 @@
-diff -rup a/media/ffvpx/libavcodec/x86/mathops.h b/media/ffvpx/libavcodec/x86/mathops.h
---- a/media/ffvpx/libavcodec/x86/mathops.h	2023-09-28 20:57:25.994782086 +0200
-+++ b/media/ffvpx/libavcodec/x86/mathops.h	2023-09-28 20:57:50.084785348 +0200
-@@ -35,12 +35,20 @@
- static av_always_inline av_const int MULL(int a, int b, unsigned shift)
- {
-     int rt, dummy;
-+    if (__builtin_constant_p(shift))
-     __asm__ (
-         "imull %3               \n\t"
-         "shrdl %4, %%edx, %%eax \n\t"
-         :"=a"(rt), "=d"(dummy)
--        :"a"(a), "rm"(b), "ci"((uint8_t)shift)
-+        :"a"(a), "rm"(b), "i"(shift & 0x1F)
-     );
-+    else
-+        __asm__ (
-+            "imull %3               \n\t"
-+            "shrdl %4, %%edx, %%eax \n\t"
-+            :"=a"(rt), "=d"(dummy)
-+            :"a"(a), "rm"(b), "c"((uint8_t)shift)
-+        );
-     return rt;
- }
- 
-@@ -113,19 +121,31 @@ __asm__ volatile(\
- // avoid +32 for shift optimization (gcc should do that ...)
- #define NEG_SSR32 NEG_SSR32
- static inline  int32_t NEG_SSR32( int32_t a, int8_t s){
-+    if (__builtin_constant_p(s))
-     __asm__ ("sarl %1, %0\n\t"
-          : "+r" (a)
--         : "ic" ((uint8_t)(-s))
-+         : "i" (-s & 0x1F)
-     );
-+    else
-+        __asm__ ("sarl %1, %0\n\t"
-+               : "+r" (a)
-+               : "c" ((uint8_t)(-s))
-+        );
-     return a;
- }
- 
- #define NEG_USR32 NEG_USR32
- static inline uint32_t NEG_USR32(uint32_t a, int8_t s){
-+    if (__builtin_constant_p(s))
-     __asm__ ("shrl %1, %0\n\t"
-          : "+r" (a)
--         : "ic" ((uint8_t)(-s))
-+         : "i" (-s & 0x1F)
-     );
-+    else
-+        __asm__ ("shrl %1, %0\n\t"
-+               : "+r" (a)
-+               : "c" ((uint8_t)(-s))
-+        );
-     return a;
- }
- 

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr115"
-VERSION="115.3.3"
+VERSION="115.4.1"
 VERSION_SUFFIX=""
-PREV_VERSION="115.3.2"
+PREV_VERSION="115.4.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115"
-RELEASE_TAG="e1ce2f9fb77f429bf4abf147c205b1a80fd860e1"
+RELEASE_TAG="f9f6aede26e0991093e5935b0d85b1cb9de3c346"
-RELEASE_TIMESTAMP="20231016182902"
+RELEASE_TIMESTAMP="20231024181440"

thunderbird-115.3.3.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fae3156b09efc2664d54a92cef1e37f3d88e3a45acf27d080b297c6278a9fef2
-size 540032900

thunderbird-115.3.3.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUt/cgACgkQ4207E/PZ
-MnR7QA/+OmOBnqWjg5GFQv4dSwC9wf/XIrXxQIc6k/+dieSuR5TtXdtAoSwzGPqZ
-o76ODfjmAdB+AlrdGNGQWzZklyrVZED9nEpzIlGd3042gm7CkxjWn39ywDel1+3z
-dF3kX57iD5kAcrHYgzCWCVtdSHMguVVxj2+Ms1lFRIUCsscrXmWwVfjo0H3ciKKC
-6SV16eqh3HrR6pJ1DAb8C8lvTxGZjEiMTX51MiJh879qhs4H6xhDYotkDuM4JDcp
-96CHmUcg2uIVpM13EzCiRPsPzI2gn/yBRoIv6sw053jFR3/4qObPM6aetih99ZEI
-8w+GKsyAahKi1g+FnSG7qIIo7+/XfjDDkPFxBPNimvbWNikMVa+EIs+ORZNCS1iM
-nKqQwm9Nk4ftPN6D27PAhWwTAdMlNIQ+OO/Gq/KvRfLJWMfxxQrElaHdQACLafoQ
-Qo46aBVdHPidH9/FK/7q2bzjnG+amUHdg1jVN5da6ovR5eKx5o9olOMBqSX+vkoF
-7+es124lvXz7a3WQZ/zLNIkxYgAHKMyhzDUrbrMsIUa+DSQF2qtwBS1Gp9iSSFn8
-FLmifB8ZP/yWmG/HiLf4Qbr0V6cWbz+u7q9nKQ1wJaA7oheTAY/fQnW24AoHFNEU
-svPvuo64GY83sFVtjrERzfPlgE5StkU8a9Omo+kH6x06La2Y+bA=
-=uurl
------END PGP SIGNATURE-----

thunderbird-115.4.1.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9914bbcaf6d99dbaccdb5e4d32859bfbc725ab2e1f285b483fa141e411b47036
+size 537988108

thunderbird-115.4.1.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmU4JjYACgkQ4207E/PZ
+MnQJxw//ceW2DjC6xcdahFFyczVzKZ8BJqfktsX/eAx4HAfOMQYj3ufCTn2rFAN+
+p9aW2Txx0JBCyHpvbm4cb//N83CzT5O7jjtXc+Y9s936bIPxC3zQu46LLO3ucQGm
+hmoU2fszvtGtctJHm0+ouGMQl0sZZju9kic6wmzbZFaMBGcLqPkiGB4l5myGuN3U
+1yQob+M7R8CuPKmkHC62pNP6yteLPWNbFwuRZ6K7LzhdH8kDt+FWzK2vo3VTYO/7
+kVPvkYZE42GyriQoMfBUlnTDSab3ggkKo0BdxO4Ko+poZnKOd29M9TyuRdQV6n1b
+z9lBzMeBNRZ7iOWQJdyzy0RO+KOGvSubWOyKvjhWzyY3uw8DNAIuWeTywEvMraor
+t1Tnu3AwbJUB2+fsbhBsnh303aZdq85nIzW/3fIB6OGdYObPuAvl+a/bDVd2V4N0
+OUCeDZv3o0GMrbF1aPe0GfEba7ue41+PuuQ0Ihoyg+rONEbtHB2gnUaO8pBqEEgz
+dmamhHcDCX0wbdfaQJZj7Kq7FSBSCHolTyy02SvHfhr93YL2jQuiHJ+7XnAbY85r
+niFo7znQZZlt51IUerJD+16LBmYDw7mseolSUMRzFjlLzo26aazPsFgLtyvycfLK
+X/Wbtj1bC6nIF+k9Iuo5K6y9MSGchxC+5ZlyPVsd2yyGJM4NGyg=
+=DKLX
+-----END PGP SIGNATURE-----