From 7a99e99658dc5f3b2acf8ab215afd1ddc061acabd4dc9989d221758556af49f8 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 5 Dec 2019 22:21:05 +0000 Subject: [PATCH] - Mozilla Thunderbird 68.3.0: * Message display toolbar action WebExtension API * Navigation buttons are now available in content tabs, for example those opened via an add-on search * other bugfixes MFSA 2019-38 * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Various updates to improve performance and stability - updated create-tar.sh to cover buildid and origin repo information - changed locale building procedure * removed obsolete compare-locales.tar.xz and thunderbird-broken-locales-build.patch - add mozilla-bmo849632.patch to fix color issues on big endian OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=505 --- MozillaThunderbird.changes | 29 ++++++++++++++ MozillaThunderbird.spec | 55 ++++++++++++-------------- compare-locales.tar.xz | 3 -- l10n-68.2.2.tar.xz | 3 -- l10n-68.3.0.tar.xz | 3 ++ mozilla-bmo849632.patch | 23 +++++++++++ tar_stamps | 6 ++- thunderbird-68.2.2.source.tar.xz | 3 -- thunderbird-68.2.2.source.tar.xz.asc | 16 -------- thunderbird-68.3.0.source.tar.xz | 3 ++ thunderbird-68.3.0.source.tar.xz.asc | 16 ++++++++ thunderbird-broken-locales-build.patch | 16 -------- 12 files changed, 103 insertions(+), 73 deletions(-) delete mode 100644 compare-locales.tar.xz delete mode 100644 l10n-68.2.2.tar.xz create mode 100644 l10n-68.3.0.tar.xz create mode 100644 mozilla-bmo849632.patch delete mode 100644 thunderbird-68.2.2.source.tar.xz delete mode 100644 thunderbird-68.2.2.source.tar.xz.asc create mode 100644 thunderbird-68.3.0.source.tar.xz create mode 100644 thunderbird-68.3.0.source.tar.xz.asc delete mode 100644 thunderbird-broken-locales-build.patch diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index b0f72b5..3e946a8 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Thu Dec 5 10:29:18 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Thunderbird 68.3.0: + * Message display toolbar action WebExtension API + * Navigation buttons are now available in content tabs, for example + those opened via an add-on search + * other bugfixes + MFSA 2019-38 + * CVE-2019-17008 (bmo#1546331) + Use-after-free in worker destruction + * CVE-2019-13722 (bmo#1580156) + Stack corruption due to incorrect number of arguments in WebRTC code + * CVE-2019-17010 (bmo#1581084) + Use-after-free when performing device orientation checks + * CVE-2019-17005 (bmo#1584170) + Buffer overflow in plain text serializer + * CVE-2019-17011 (bmo#1591334) + Use-after-free when retrieving a document in antitracking + * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, + bmo#1580288, bmo#1585760, bmo#1592502) + Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 + * Various updates to improve performance and stability +- updated create-tar.sh to cover buildid and origin repo information +- changed locale building procedure + * removed obsolete compare-locales.tar.xz and + thunderbird-broken-locales-build.patch +- add mozilla-bmo849632.patch to fix color issues on big endian + ------------------------------------------------------------------- Sat Nov 9 20:13:17 UTC 2019 - Andreas Stieger diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 8781396..1c1e633 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,7 +1,7 @@ # # spec file for package MozillaThunderbird # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # 2006-2019 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -26,11 +26,10 @@ # major 69 # mainver %major.99 %define major 68 -%define mainver %major.2.2 -%define orig_version 68.2.2 +%define mainver %major.3.0 +%define orig_version 68.3.0 %define orig_suffix %{nil} %define update_channel release -%define releasedate 20191105113228 %define source_prefix thunderbird-%{mainver} # always build with GCC as SUSE Security Team requires that @@ -135,7 +134,7 @@ Provides: mozilla-kde4-version = %{kde_helper_version} Summary: An integrated email, news feeds, chat, and newsgroups client License: MPL-2.0 Group: Productivity/Networking/Email/Clients -Url: https://www.thunderbird.net/ +URL: https://www.thunderbird.net/ %if !%{with only_print_mozconfig} Source: http://ftp.mozilla.org/pub/%{progname}/releases/%{orig_version}%{orig_suffix}/source/%{progname}-%{orig_version}%{orig_suffix}.source.tar.xz Source1: thunderbird.desktop @@ -145,8 +144,7 @@ Source4: tar_stamps Source6: suse-default-prefs.js Source7: l10n-%{version}.tar.xz Source9: thunderbird.appdata.xml -Source10: compare-locales.tar.xz -Source14: https://github.com/openSUSE/firefox-scripts/raw/master/create-tar.sh +Source14: https://github.com/openSUSE/firefox-scripts/raw/35ade35/create-tar.sh Source20: https://ftp.mozilla.org/pub/%{progname}/releases/%{orig_version}%{orig_suffix}/source/%{progname}-%{orig_version}%{orig_suffix}.source.tar.xz.asc Source21: https://ftp.mozilla.org/pub/%{progname}/releases/%{orig_version}/KEY#/mozilla.keyring # Gecko/Toolkit @@ -165,6 +163,7 @@ Patch12: mozilla-reduce-rust-debuginfo.patch Patch13: mozilla-ppc-altivec_static_inline.patch Patch14: mozilla-bmo1005535.patch Patch15: mozilla-bmo1568145.patch +Patch16: mozilla-bmo849632.patch Patch17: mozilla-bmo1504834-part1.patch Patch18: mozilla-bmo1504834-part2.patch Patch19: mozilla-bmo1504834-part3.patch @@ -173,7 +172,6 @@ Patch21: mozilla-bmo1554971.patch Patch22: mozilla-nestegg-big-endian.patch Patch24: mozilla-fix-top-level-asm.patch Patch25: mozilla-bmo1504834-part4.patch -Patch100: thunderbird-broken-locales-build.patch %endif # only_print_mozconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: coreutils fileutils textutils /bin/sh @@ -231,6 +229,7 @@ symbols meant for upload to Mozilla's crash collector database. %if !%{with only_print_mozconfig} %prep %if %localize + # If generated incorrectly, the tarball will be ~270B in # size, so 1MB seems like good enough limit to check. MINSIZE=1048576 @@ -238,7 +237,7 @@ if (( $(stat -Lc%s "%{SOURCE7}") < MINSIZE)); then echo "Translations tarball %{SOURCE7} not generated properly." exit 1 fi -%setup -q -n %{source_prefix} -b 7 -b 10 +%setup -q -n %{source_prefix} -b 7 %else %setup -q -n %{source_prefix} %endif @@ -261,6 +260,7 @@ fi %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 @@ -269,8 +269,6 @@ fi %patch22 -p1 %patch24 -p1 %patch25 -p1 -# Thunderbird -%patch100 -p1 %endif # only_print_mozconfig %build @@ -291,8 +289,10 @@ fi %endif %endif # only_print_mozconfig +source %{SOURCE4} + export SUSE_ASNEEDED=0 -export MOZ_BUILD_DATE=%{releasedate} +export MOZ_BUILD_DATE=$RELEASE_TIMESTAMP export MOZILLA_OFFICIAL=1 export BUILD_OFFICIAL=1 export MOZ_TELEMETRY_REPORTING=1 @@ -394,9 +394,6 @@ ac_add_options --with-arch=armv6 ac_add_options --with-arch=armv7-a %endif %endif -%ifarch aarch64 %arm s390x -ac_add_options --disable-webrtc -%endif # mitigation/workaround for bmo#1512162 %ifarch s390x ac_add_options --enable-optimize="-O1" @@ -424,14 +421,7 @@ ls -l config/external/icu/data rm -f config/external/icu/data/icudt*l.dat %endif ./mach build -%endif # only_print_mozconfig -%install -cd $RPM_BUILD_DIR/obj -make -C comm/mail/installer STRIP=/bin/true MOZ_PKG_FATAL_WARNINGS=0 -# copy tree into RPM_BUILD_ROOT -mkdir -p %{buildroot}%{progdir} -cp -rf $RPM_BUILD_DIR/obj/dist/%{progname}/* %{buildroot}%{progdir} # build additional locales %if %localize mkdir -p %{buildroot}%{progdir}/extensions/ @@ -439,14 +429,8 @@ truncate -s 0 %{_tmppath}/translations.{common,other} sed -r '/^(ja-JP-mac|en-US|$)/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/mail/locales/shipped-locales \ | xargs -n 1 -I {} /bin/sh -c ' locale=$1 - pushd $RPM_BUILD_DIR/compare-locales - PYTHONPATH=lib \ - scripts/compare-locales -m ../l10n-merged/$locale \ - ../%{source_prefix}/comm/mail/locales/l10n.ini ../l10n $locale - popd - LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \ - make -C comm/mail/locales langpack-$locale - cp -rL dist/xpi-stage/locale-$locale \ + ./mach build langpack-$locale + cp -rL ../obj/dist/xpi-stage/locale-$locale \ %{buildroot}%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org # remove prefs and profile defaults from langpack rm -rf %{buildroot}%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org/defaults @@ -459,6 +443,17 @@ sed -r '/^(ja-JP-mac|en-US|$)/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/m echo %{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org \ >> %{_tmppath}/translations.$_l10ntarget ' -- {} +%endif +%endif # only_print_mozconfig + +%install +cd $RPM_BUILD_DIR/obj +make -C comm/mail/installer STRIP=/bin/true MOZ_PKG_FATAL_WARNINGS=0 +# copy tree into RPM_BUILD_ROOT +mkdir -p %{buildroot}%{progdir} +cp -rf $RPM_BUILD_DIR/obj/dist/%{progname}/* %{buildroot}%{progdir} + +%if %localize # repack the lightning xpi with all available locales (boo#939153) (lp#545778) _extid="{e2fda1a4-762b-4020-b5ad-a41df1933103}" rm -rf _lightning diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz deleted file mode 100644 index 499dd3c..0000000 --- a/compare-locales.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:531686ed5e159d89c93b923310abe343f85a63a3cea71140798feea1d1179e62 -size 28572 diff --git a/l10n-68.2.2.tar.xz b/l10n-68.2.2.tar.xz deleted file mode 100644 index 7d6e73c..0000000 --- a/l10n-68.2.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:522731adc58565c88a25736b6e99359be528a707f52b33becb224514b934bc21 -size 28747284 diff --git a/l10n-68.3.0.tar.xz b/l10n-68.3.0.tar.xz new file mode 100644 index 0000000..3215f44 --- /dev/null +++ b/l10n-68.3.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f76c38d29938dc1a4470b2e23ee2916d84afe0d0e83f02d78511c24c5da766e +size 28477540 diff --git a/mozilla-bmo849632.patch b/mozilla-bmo849632.patch new file mode 100644 index 0000000..f6dc2c7 --- /dev/null +++ b/mozilla-bmo849632.patch @@ -0,0 +1,23 @@ +Problem: webGL sites are displayed in the wrong color (usually blue-ish) +Solution: Problem is with skia once again. Output of webgl seems endian-correct, but skia only + knows how to deal with little endian. + So we swizzle the output of webgl after reading it from readpixels() +Note: This does not fix all webGL sites, but is a step in the right direction +diff -r 6b017d3e9733 gfx/gl/GLContext.h +--- a/gfx/gl/GLContext.h Mon Sep 09 10:04:05 2019 +0200 ++++ b/gfx/gl/GLContext.h Wed Nov 13 17:13:04 2019 +0100 +@@ -1551,6 +1551,13 @@ + BEFORE_GL_CALL; + mSymbols.fReadPixels(x, y, width, height, format, type, pixels); + OnSyncCall(); ++#if MOZ_BIG_ENDIAN ++ uint8_t* itr = (uint8_t*)pixels; ++ for (GLsizei i = 0; i < width * height; i++) { ++ NativeEndian::swapToLittleEndianInPlace((uint32_t*)itr, 1); ++ itr += 4; ++ } ++#endif + AFTER_GL_CALL; + mHeavyGLCallsSinceLastFlush = true; + } + diff --git a/tar_stamps b/tar_stamps index eac4338..91d7f28 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,9 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr68" -VERSION="68.2.2" +VERSION="68.3.0" VERSION_SUFFIX="" -RELEASE_TAG="4297fc81fadcf15a10dc8f3835af3996ae991aa0" PREV_VERSION="68.2.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation +RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68" +RELEASE_TAG="228eab07a730c48763e1cd0ccff9491f66e4580e" +RELEASE_TIMESTAMP="20191129091924" diff --git a/thunderbird-68.2.2.source.tar.xz b/thunderbird-68.2.2.source.tar.xz deleted file mode 100644 index adff13d..0000000 --- a/thunderbird-68.2.2.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c17edbcde0e9e7599cda16b69b130039f69113b498ea394057cedfae153f0dd3 -size 334809520 diff --git a/thunderbird-68.2.2.source.tar.xz.asc b/thunderbird-68.2.2.source.tar.xz.asc deleted file mode 100644 index 2db8b60..0000000 --- a/thunderbird-68.2.2.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl3Bg5gACgkQ8aZmj7t9 -Vy6FXhAAkoxaWuctWpVOBjsFAvcoENYBtjyfjNKPI1JynhmhSzk97Jhco/55xQ/E -g+lH16yBaZ+xgxL+y1q+y3BcvMkOTs/VieFhn2G7Hb5SChOaglOjpBK2a7JcZlLQ -cKa7i0YP/a4d5Kdl3dlXZYxQzlV1vwvDxyjzzV1Uf96l7e8wTWOpiGlQodRyyhUa -kzARejeHl/ij3V070K2NTk/NGUX+8J4zpbcXaOW9IpzpWo/bMUNiHe7o6V6ZA3dZ -QB2qWZd8toPuvBvP9XxZKfwjUkybDZ1d1pe/kYLzKWbIREjMOETvKj4QChfNV61i -cHjStKq3P7TTZIpfYLCRTJoXfotu4GfMSTxx2aF1/VX2JSCCR9StcoMxSEPC4V9p -wx/Ds5cBPaHywlRnnWRwE6IVXn34fS58SfqBFGhMSdhzE/GIGA2TuR8zBP6UOWMA -U09ydJw27dxFLkppDYg38zmgdiihwZxSlYAMCUafetilOXDg08apG3xNXUVBhjzX -09kVx0c8DTKappmA6/oD1yHKX5d/TLlO196S/6sj92z928U5WvE25hGJpH+rCnP1 -CtKnyO6QeNmZ59ubAMzBW4Sr5QpASNPTWthlP6Jw3TwCPK/GifOkcxJCEcV+6fSe -1UFNJnp7VNsjdig6BDoHemvKlu7vDlA1hs6Ort3XI80hBVWcb4w= -=ertg ------END PGP SIGNATURE----- diff --git a/thunderbird-68.3.0.source.tar.xz b/thunderbird-68.3.0.source.tar.xz new file mode 100644 index 0000000..2b21131 --- /dev/null +++ b/thunderbird-68.3.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f68cb53deb6c1840cc3f2b1e842bac8ebaf090e9cd89afb376ba0e1ba62820aa +size 331088404 diff --git a/thunderbird-68.3.0.source.tar.xz.asc b/thunderbird-68.3.0.source.tar.xz.asc new file mode 100644 index 0000000..5a28ab9 --- /dev/null +++ b/thunderbird-68.3.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl3jz8YACgkQ8aZmj7t9 +Vy6RjBAAoUHirapI+C5OgGCkJDR78LPsEyVNtIsXQ33XpK65RWGzEGfw88nomgGt +rrAC85WvInv8BWhmnR5yBdSuN88vLz/mvpO0+iL6iuNHaG1DoyWCI2GjekhDvu7u +mlI60Gn8GLjYzDHCRahZrt5F5/EVcSTCHhA1huLBHbXKuEQwbualu+EXWiTj76J3 +KKNClQM6YW+TqOxxuVB3vvH6ZsdIoQetifgLcODCvDpJiyCAjXA/5MGPZ640PlhB +nEIAqTV0ye8VGDnPbUyk+XGYhw2gE18mwt5926gRIkL2GUVcSbG7S+tscZ2uN4Rp +9+tEcylV96QuHDkZbwwnp6a4n0/0MjBU7XkOkVNKdd7fdW1wbJp6EGUHFkyeexQg +GZ/h7YAgRpH2s+/ipOuaWrEe07MRxbHWhlfHz51dWJrOldHvCfiePsc71bMf1R3P +EKqfQNIvcY3/9wMRMmvT1u9MyvXzgT9Vtpl0Op7Who6ESjUuvEcTSJ28ZDCsjAR/ +WOxRBH5fva4Tdfy9mYGpbvxunPlUpK+peEJyB9FaImW/rFlc6I45IdMEE5hU3mu+ +PySrBMjoX5GqzORPPCcl74jEe93MwSQn/oDJGzbOvcXIKfnjB2iFVm8MnczBa+mr +L1+w75ell+u9ET9PL24HBMVQDWe0by5MnkNC871x4fbLzZIg6gc= +=dAnZ +-----END PGP SIGNATURE----- diff --git a/thunderbird-broken-locales-build.patch b/thunderbird-broken-locales-build.patch deleted file mode 100644 index e429197..0000000 --- a/thunderbird-broken-locales-build.patch +++ /dev/null @@ -1,16 +0,0 @@ -# HG changeset patch -# Parent b2d2d5ae8d2a00ddbf496e415fdde16d08e35884 -This has been submitted upstream: -https://bugzilla.mozilla.org/show_bug.cgi?id=1580701 - -diff -r b2d2d5ae8d2a -r 91fa98f1d233 comm/mail/locales/l10n.ini ---- a/comm/mail/locales/l10n.ini Fri May 31 11:28:11 2019 +0200 -+++ b/comm/mail/locales/l10n.ini Wed Sep 11 15:01:55 2019 +0200 -@@ -13,5 +13,5 @@ - # include toolkit from mozilla. - # Don't specify which, use l10n-central.ini and friends if you're - # not working on a local check-out --toolkit = mozilla/toolkit/locales/l10n.ini --devtools_client = mozilla/devtools/client/locales/l10n.ini -+toolkit = ../toolkit/locales/l10n.ini -+devtools_client = ../devtools/client/locales/l10n.ini