From 5b920d1fa194e9daf433b8f66021a3b8098839ed7d5d68fdd7e9c790291b9af8 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 31 May 2022 19:36:16 +0000 Subject: [PATCH] - Mozilla Thunderbird 91.10.0 * Various UX and theme improvements MFSA 2022-22 (bsc#1200027) * CVE-2022-31736 (bmo#1735923) Cross-Origin resource's length leaked * CVE-2022-31737 (bmo#1743767) Heap buffer overflow in WebGL * CVE-2022-31738 (bmo#1756388) Browser window spoof using fullscreen mode * CVE-2022-31739 (bmo#1765049) Attacker-influenced path traversal when saving downloaded files * CVE-2022-31740 (bmo#1766806) Register allocation problem in WASM on arm64 * CVE-2022-31741 (bmo#1767590) Uninitialized variable leads to invalid memory read * CVE-2022-1834 (bmo#1767816) Braille space character caused incorrect sender email to be shown for a digitally signed email * CVE-2022-31742 (bmo#1730434) Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) Memory safety bugs fixed in Thunderbird 91.10 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=638 --- MozillaThunderbird.changes | 30 +++++++++++++++++++++++ MozillaThunderbird.spec | 6 ++--- l10n-91.9.1.tar.xz => l10n-91.10.0.tar.xz | 0 tar_stamps | 4 +-- thunderbird-91.10.0.source.tar.xz | 3 +++ thunderbird-91.10.0.source.tar.xz.asc | 16 ++++++++++++ thunderbird-91.9.1.source.tar.xz | 3 --- thunderbird-91.9.1.source.tar.xz.asc | 16 ------------ 8 files changed, 54 insertions(+), 24 deletions(-) rename l10n-91.9.1.tar.xz => l10n-91.10.0.tar.xz (100%) create mode 100644 thunderbird-91.10.0.source.tar.xz create mode 100644 thunderbird-91.10.0.source.tar.xz.asc delete mode 100644 thunderbird-91.9.1.source.tar.xz delete mode 100644 thunderbird-91.9.1.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index bef80ef..2b02d1f 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Thu May 26 07:56:09 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Thunderbird 91.10.0 + * Various UX and theme improvements + MFSA 2022-22 (bsc#1200027) + * CVE-2022-31736 (bmo#1735923) + Cross-Origin resource's length leaked + * CVE-2022-31737 (bmo#1743767) + Heap buffer overflow in WebGL + * CVE-2022-31738 (bmo#1756388) + Browser window spoof using fullscreen mode + * CVE-2022-31739 (bmo#1765049) + Attacker-influenced path traversal when saving downloaded + files + * CVE-2022-31740 (bmo#1766806) + Register allocation problem in WASM on arm64 + * CVE-2022-31741 (bmo#1767590) + Uninitialized variable leads to invalid memory read + * CVE-2022-1834 (bmo#1767816) + Braille space character caused incorrect sender email to be + shown for a digitally signed email + * CVE-2022-31742 (bmo#1730434) + Querying a WebAuthn token with a large number of + allowCredential entries may have leaked cross-origin + information + * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283, + bmo#1767365, bmo#1768559, bmo#1768734) + Memory safety bugs fixed in Thunderbird 91.10 + ------------------------------------------------------------------- Sat May 21 06:36:17 UTC 2022 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index f05cd6f..ea68aa2 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -29,8 +29,8 @@ # major 69 # mainver %major.99 %define major 91 -%define mainver %major.9.1 -%define orig_version 91.9.1 +%define mainver %major.10.0 +%define orig_version 91.10.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -105,7 +105,7 @@ BuildRequires: ccache BuildRequires: libXcomposite-devel BuildRequires: libcurl-devel BuildRequires: mozilla-nspr-devel >= 4.32 -BuildRequires: mozilla-nss-devel >= 3.68 +BuildRequires: mozilla-nss-devel >= 3.68.4 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 diff --git a/l10n-91.9.1.tar.xz b/l10n-91.10.0.tar.xz similarity index 100% rename from l10n-91.9.1.tar.xz rename to l10n-91.10.0.tar.xz diff --git a/tar_stamps b/tar_stamps index 7b2a9b0..14b6f3e 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,8 +1,8 @@ PRODUCT="thunderbird" CHANNEL="esr91" -VERSION="91.9.1" +VERSION="91.10.0" VERSION_SUFFIX="" -PREV_VERSION="91.9.0" +PREV_VERSION="91.9.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91" diff --git a/thunderbird-91.10.0.source.tar.xz b/thunderbird-91.10.0.source.tar.xz new file mode 100644 index 0000000..dd2b77e --- /dev/null +++ b/thunderbird-91.10.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a0dbf9a8083a4dff8a0506b5f4c6910f681476e2c5fce081beda4493168e66f9 +size 413952892 diff --git a/thunderbird-91.10.0.source.tar.xz.asc b/thunderbird-91.10.0.source.tar.xz.asc new file mode 100644 index 0000000..f669f1c --- /dev/null +++ b/thunderbird-91.10.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKOpnwACgkQ6+QekPbx +L20tdw//XSN3MPmfipHx+sG7ttpoohrt4olNI4fu255iIwN+oY5c3bsnW9ZmVLG/ +jGqgSbiDfC13ZUlIRb8eWAkRQSJm59KWqMGsio8n2VTc4sIsbkt/jRcyOYSA8zEk +M3DEI+MVPYPxu6VIiIsZhRrG1udB9Iptg3nvgy1+zhHvmWC4EZVLeZA+17gs9LnA +CD1C6a87bSjzZP0B9cYiUv4j/QZQDq98NXDz62QzcgvvMA817WhDXaNol2NiHa1z +IIKw0VSBWuIB6UnM3qyxUtVnLaznq4M+DMCrJzUrVOBOBzYh7KmKUcgak/KseojV +YjvQ4YVu553EAG7yl89A15FND6IVl9/T5s9GQL3CeMptK1HJFIs1xEjmalNzdUYZ +IXIPm5WdDr8btApEms1xTlZF3glq6971ZxeJXqoDJKWJD/vEepiu38tImxUx3jsA +63gncutNJJdPVe5gSjGZXKDNLMG9Hg0BEVoWg7IhkuDP3h8u1vo98awRJez3Qc0u +lQSGtG6b+rVMHHRNS0qb8Gy6wk1BO380HXLPnZFotN8oGcopmU59+sOtloEwyJYV +5MoP9se1jWVUTdqQsvO+uHgV5kH5xC7GM7Sq4j/DDxy+SdbLa902NS6JAxeCrzho +z7vMHfPu+PxUHlCQxvrkMqzy2+Nk/LfbVMFH1ZU9vYBNKi+qcY0= +=q9Z/ +-----END PGP SIGNATURE----- diff --git a/thunderbird-91.9.1.source.tar.xz b/thunderbird-91.9.1.source.tar.xz deleted file mode 100644 index b236d51..0000000 --- a/thunderbird-91.9.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d598f774c26b60d63bdd35535f88081b7f5897bfce6eb91ba8f9792141c492e6 -size 402851656 diff --git a/thunderbird-91.9.1.source.tar.xz.asc b/thunderbird-91.9.1.source.tar.xz.asc deleted file mode 100644 index 7115980..0000000 --- a/thunderbird-91.9.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKG/+kACgkQ6+QekPbx -L21a+hAAh5nPXDFZEb06T+ip8E5MvtCabR6YWCqPau3ZQKepMhK3tAmS2apBqT0w -an21/pRt6+WtAxLc4THOHa/pZx2BQo48VgsM6SpQx8SqkxMZaN79b+fkOFcceEDT -jBo9GcWO212JQRTUpp0HHYfK5AIJWRMB6mbUl8SJwBJxn/dO2YKnaXYCC99EGj9v -NVdoswr9kWLmTheyyayqiOIpuRgS1PPavvlhsSgSJrBQY88A+vbGGvOYo14tWN9v -OiUc0CJU6kfxEQ7mkilzm4YW1hLXodQBGSlWXs4cxNqfr4dOP+XS82+Cmenm1vbq -Ooe+PEZVDsc8WnmjcYp0QeMTMI2NfHitUbQOfXOq6Mn0cJkSlENPHCLwThismDsj -ct2W553yz7OogFtXx7/gxQDy5WIYv7ppBGYFwW6K/sqZ+R9S5InBZDN09pHzzKIa -5RPOspUX2zg4+PLWLqXyBiHGuz6SNsPL+egOdr2mMr8poPpyFq44/11gwL7P1KlJ -WESVl2LB2rIKg289r4+8izBFfps/WfCLWbf7gOQ78EYgrPS8DWFTVEUuA5Uk4Vf0 -t5S3ZbBFwy6wthN+GLHYDoZDWcu+xZTFf7vmOO9cvZOGY08Q/LX9RP8egLO8mAEc -en148yc4KCB6ovaeq5xh+NrYlh/4rvessaiN4ejq2xL3GgiNxb4= -=W9fG ------END PGP SIGNATURE-----