From 8f09505c5bb949956632d4d3c8a32d788b43362de6e8ad3fd407fc0510380f89 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 10 Apr 2020 08:30:57 +0000 Subject: [PATCH 1/2] Accepting request 792897 from home:AndreasStieger:branches:mozilla:Factory Mozilla Thunderbird 68.7.0 OBS-URL: https://build.opensuse.org/request/show/792897 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=524 --- MozillaThunderbird.changes | 17 +++++++++++++++++ MozillaThunderbird.spec | 4 ++-- l10n-68.6.0.tar.xz | 3 --- l10n-68.7.0.tar.xz | 3 +++ tar_stamps | 8 ++++---- thunderbird-68.6.0.source.tar.xz | 3 --- thunderbird-68.6.0.source.tar.xz.asc | 16 ---------------- thunderbird-68.7.0.source.tar.xz | 3 +++ thunderbird-68.7.0.source.tar.xz.asc | 16 ++++++++++++++++ 9 files changed, 45 insertions(+), 28 deletions(-) delete mode 100644 l10n-68.6.0.tar.xz create mode 100644 l10n-68.7.0.tar.xz delete mode 100644 thunderbird-68.6.0.source.tar.xz delete mode 100644 thunderbird-68.6.0.source.tar.xz.asc create mode 100644 thunderbird-68.7.0.source.tar.xz create mode 100644 thunderbird-68.7.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 1eee8fd..85a39a8 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger + +- Mozilla Thunderbird 68.7.0 + * Updates to MailExtensions API + * Various improvements to account setup when connecting to an + Exchange server + * Thread collapsed when opening news message in a new window + * Fix Addons not automatically updated to compatible version after + upgrade from Thunderbird 60 + * Updating addons did not prompt when requesting new permissions + * Extra recipients panel not keyboard-accessible + * Accessibility: Status bar was not detected by screenreaders + * Calendar: Invitations with embedded null bytes did not always decode correctly + * Calendar: Cancelled events didn't show with a line-through + * Various security fixes + ------------------------------------------------------------------- Sat Mar 14 13:16:23 UTC 2020 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 26060cc..8955d6c 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 68 -%define mainver %major.6.0 -%define orig_version 68.6.0 +%define mainver %major.7.0 +%define orig_version 68.7.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{mainver} diff --git a/l10n-68.6.0.tar.xz b/l10n-68.6.0.tar.xz deleted file mode 100644 index e9aa98f..0000000 --- a/l10n-68.6.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8be406890885e5af55a044919e2502db2e877882870b95baeec0d06562d9f50a -size 28509340 diff --git a/l10n-68.7.0.tar.xz b/l10n-68.7.0.tar.xz new file mode 100644 index 0000000..9e965da --- /dev/null +++ b/l10n-68.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:864dd346f0b6057992088532d19bd82db9870818bebf81ba2cb4907c7ec4e4d7 +size 31367516 diff --git a/tar_stamps b/tar_stamps index 71c1924..f66ab87 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr68" -VERSION="68.6.0" +VERSION="68.7.0" VERSION_SUFFIX="" -PREV_VERSION="68.5.0" +PREV_VERSION="68.6.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68" -RELEASE_TAG="5b1af38dba8628ef5ff2c395dc62fb10d52aa012" -RELEASE_TIMESTAMP="20200310192757" +RELEASE_TAG="f7099fd16d6f5dff22154eab3161674142501739" +RELEASE_TIMESTAMP="20200407160932" diff --git a/thunderbird-68.6.0.source.tar.xz b/thunderbird-68.6.0.source.tar.xz deleted file mode 100644 index aa5accd..0000000 --- a/thunderbird-68.6.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4e3b8fdcfae12e7d49232a9c324e82d47ed94b371031f31baf69b2f7c2fb5b51 -size 339643212 diff --git a/thunderbird-68.6.0.source.tar.xz.asc b/thunderbird-68.6.0.source.tar.xz.asc deleted file mode 100644 index c8adbea..0000000 --- a/thunderbird-68.6.0.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl5oAY8ACgkQ8aZmj7t9 -Vy4asQ/+PcLQFYT/fLT4zY4aBkzo4pULKtjXD7bL10rnHGBqo73XZRKfAh/A35Uz -derK7MMfkebF1loM3XOHOFFOtcaRDgiK8+gC62llip3oOICZlK0Vj3T4EiqtrE9Q -4QfLwfghbSaNKHYz8zUBBlWA8YHI7lcH5y+4U31D3R1ObWTGDabJFNDnJ4cchUVO -DpBoFxPs62f/BSe2MoSHZty/9p2XHw+ReNN/IA1sTVpuHAxnk+z9DmlYsGDSJ06b -6eb253dafSyRf/djQbeKruLIwisQc4JHbewL5Vu5bqlEDTR+a32g7eK8S/6EU4qn -xH5SuL4NPvfUy/4QQ9hd4hAmGE249kWstoLY4CwYsHa9kEGgTFztmGdRjqJ5XzjL -k9j/ZnDEu4TiLsrgTVesOIintSuAfSS4jl/BY3tZo0W5h9WyrhfiM7Ax3G3CVMRu -a2lzCRD6uY8R7KvV/KVu7ofE/ZOrh+XG+WGyRrNxLvHxiPAqIKEWZjsG18EulMd/ -mT/fXRbKA/vd1Ma0z7yszQDxBwhEW2R8v416YO56kegeCu37Lt/H2Y7CLZOXnzEy -cNqK2GuzVOOSNW/uqJfnLhXK+SlaApVukK2/UV9qfr7g3F6i6wlSJRWLz3Fl2BSW -LANBCkCaKdH5JN8zdZEEwXMRFY9S/lVKmIkfhXZoKFsR/y3QJS8= -=m6Zj ------END PGP SIGNATURE----- diff --git a/thunderbird-68.7.0.source.tar.xz b/thunderbird-68.7.0.source.tar.xz new file mode 100644 index 0000000..266feca --- /dev/null +++ b/thunderbird-68.7.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bc2efd2fee1d8f856a177e1579d529890dbf3621e6fb32a443c225ff7bf14b84 +size 339588604 diff --git a/thunderbird-68.7.0.source.tar.xz.asc b/thunderbird-68.7.0.source.tar.xz.asc new file mode 100644 index 0000000..86084cd --- /dev/null +++ b/thunderbird-68.7.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl6Mwk0ACgkQ8aZmj7t9 +Vy6p3Q/9G+GAxLMMktbWjRXNwCcfyQ5w4jS3HXs01/mfOzNRupEVIvgU01Ola6Km +zsd6kV6eZdT3of1xXqfkgA5ZN3ebmHQWkVi/ro8gleE14SGJtMQ0bIpMzG5eb4pw +SLjraeCj5R+jIc884pkL1tAdlCIptDqEqgJTbMBPnlJltpE8QAQ4RpR2akefrbPV +EdG7qyqClJcQU16DlehCCbkBOEFHkwxxZOlx7S/o0c0p001GHecXLkzkHRpD8QIA +pVwfl7WAassK0r0KoKqxeq7RvTu6zC5rGz+wcV/dlHG+Wwu4LtAFDB8UUs64rxFm +ACUPoJePJfjGRSh3nscrahtAGgM5mv8EgY0jSn19raF3xoPSU38iU+Vfum++Gdde +ymRQJryXDSxSaAqzR7AHSwhOTqHirB/3NWK2/1rm/s9LV/EBfF/w4KfRDNDk1pqc +pRRSO+N/tbUUNCLYcRXyOVRBOwz/1SLXFswhjeRY2jKx09lNKt1r4FAdhkt0em4y +t3KAHMnY/Ql6Z9aKXoRRO0YxxCbW/Z4NQ009rgiY1zyc+1SJ3tsweg9BDuWyYRL0 +/g13RKb1eMnkYGzDFlPH8yvK7JyS05j6Wo5T+6qL+GnJeIBeBYYRLZBd5HKiTwBS +xtTDBmEyD47FQUrCjE3RCou1PObIJjOJUvnLiztyKwbT0gyrYhY= +=o6zt +-----END PGP SIGNATURE----- From 12132f7191e4ce12cba21450f7249fe1c427b56fba99b2b09a69e62bdedc4b25 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 11 Apr 2020 21:13:39 +0000 Subject: [PATCH 2/2] Accepting request 793228 from home:AndreasStieger:branches:mozilla:Factory MFSA 2020-14 data OBS-URL: https://build.opensuse.org/request/show/793228 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=525 --- MozillaThunderbird.changes | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 85a39a8..e5bf254 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -14,6 +14,21 @@ Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger * Calendar: Invitations with embedded null bytes did not always decode correctly * Calendar: Cancelled events didn't show with a line-through * Various security fixes + MFSA 2020-14 + In general, these flaws cannot be exploited through email in + Thunderbird because scripting is disabled when reading mail, but + are potentially risks in browser or browser-like contexts. + * CVE-2020-6819 (bmo#1620818, bsc#1168630) + Use-after-free while running the nsDocShell destructor + * CVE-2020-6820 (bmo#1626728, bsc#1168630) + Use-after-free when handling a ReadableStream + * CVE-2020-6821 (bmo#1625404, bsc#1168874) + Uninitialized memory could be read when using the WebGL + copyTexSubImage method + * CVE-2020-6822 (bmo#1544181, bsc#1168874) + Out of bounds write in GMPDecodeData when processing large images + * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203,bsc#1168874) + Memory safety bugs fixed in Thunderbird 68.7.0 ------------------------------------------------------------------- Sat Mar 14 13:16:23 UTC 2020 - Wolfgang Rosenauer