From d604cb9fa9036c88f83860d9fbc21dc51fa719096ed647e554cd77e349949f35 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 15 Dec 2020 22:24:07 +0000 Subject: [PATCH] - Mozilla Thunderbird 78.6.0 * changes and additions in MailExtensions * several bugfixes * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/ MFSA 2020-56 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=568 --- MozillaThunderbird.changes | 29 ++++++++++++++++++++++++++++ MozillaThunderbird.spec | 4 ++-- l10n-78.5.1.tar.xz | 3 --- l10n-78.6.0.tar.xz | 3 +++ tar_stamps | 8 ++++---- thunderbird-78.5.1.source.tar.xz | 3 --- thunderbird-78.5.1.source.tar.xz.asc | 16 --------------- thunderbird-78.6.0.source.tar.xz | 3 +++ thunderbird-78.6.0.source.tar.xz.asc | 16 +++++++++++++++ 9 files changed, 57 insertions(+), 28 deletions(-) delete mode 100644 l10n-78.5.1.tar.xz create mode 100644 l10n-78.6.0.tar.xz delete mode 100644 thunderbird-78.5.1.source.tar.xz delete mode 100644 thunderbird-78.5.1.source.tar.xz.asc create mode 100644 thunderbird-78.6.0.source.tar.xz create mode 100644 thunderbird-78.6.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index d0c6870..39e4797 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Sat Dec 12 10:25:08 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Thunderbird 78.6.0 + * changes and additions in MailExtensions + * several bugfixes + * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/ + MFSA 2020-56 (bsc#1180039)) + * CVE-2020-16042 (bmo#1679003) + Operations on a BigInt could have caused uninitialized memory + to be exposed + * CVE-2020-26971 (bmo#1663466) + Heap buffer overflow in WebGL + * CVE-2020-26973 (bmo#1680084) + CSS Sanitizer performed incorrect sanitization + * CVE-2020-26974 (bmo#1681022) + Incorrect cast of StyleGenericFlexBasis resulted in a heap + use-after-free + * CVE-2020-26978 (bmo#1677047) + Internal network hosts could have been probed by a malicious + webpage + * CVE-2020-35111 (bmo#1657916) + The proxy.onRequest API did not catch view-source URLs + * CVE-2020-35112 (bmo#1661365) + Opening an extension-less download may have inadvertently + launched an executable instead + * CVE-2020-35113 (bmo#1664831, bmo#1673589) + Memory safety bugs fixed in Thunderbird 78.6 + ------------------------------------------------------------------- Tue Dec 1 21:34:15 UTC 2020 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 0523d14..3f0aa21 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 78 -%define mainver %major.5.1 -%define orig_version 78.5.1 +%define mainver %major.6.0 +%define orig_version 78.6.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} diff --git a/l10n-78.5.1.tar.xz b/l10n-78.5.1.tar.xz deleted file mode 100644 index c5a5af4..0000000 --- a/l10n-78.5.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:70a191f497133377e1a2d890f6d9742046f44ae36475686fd7d1e1e867c73016 -size 29083288 diff --git a/l10n-78.6.0.tar.xz b/l10n-78.6.0.tar.xz new file mode 100644 index 0000000..c48d980 --- /dev/null +++ b/l10n-78.6.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ea0feb7edc1f635e30748e84ad794eef90343c70a24b5743bd8d27f17d809564 +size 29071884 diff --git a/tar_stamps b/tar_stamps index 85f2759..698dc60 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr78" -VERSION="78.5.1" +VERSION="78.6.0" VERSION_SUFFIX="" -PREV_VERSION="78.5.0" +PREV_VERSION="78.5.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78" -RELEASE_TAG="7bfb6e5797a4120c798eaa67a9cddd2846badcee" -RELEASE_TIMESTAMP="20201130232704" +RELEASE_TAG="18be92a3f0388fe1b69941a50cdbadbf2c95b885" +RELEASE_TIMESTAMP="20201211152611" diff --git a/thunderbird-78.5.1.source.tar.xz b/thunderbird-78.5.1.source.tar.xz deleted file mode 100644 index be09061..0000000 --- a/thunderbird-78.5.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:17ec895e3dd435da49bfa30482e2397e644319b7f82890d2a947c95a5cb183c2 -size 352743032 diff --git a/thunderbird-78.5.1.source.tar.xz.asc b/thunderbird-78.5.1.source.tar.xz.asc deleted file mode 100644 index 9157be2..0000000 --- a/thunderbird-78.5.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/GEagACgkQ8aZmj7t9 -Vy7vSQ//XMiC4558UcDh6rvpOeEqKqBipe/9ZAFMyoz3mXslYaQ9GM3OCA/hQ/Cu -cysidXQOreC1GGt9hDyZajrmHxmUJK9Yxxr3ZdJZ6YPU/PLP5QKAzcnGdQrKzkY7 -Glw4j9fkJH+OLbXCvJ0vw3YWdWHnr5JM854Ovu9dCTntXAsvD1nIZs5pCkG1TUHM -0Js3YQl/5Zekp24SrvLkQT4VbYNwA9D/SfF2QwXkTQ79ENNYRmKS7rpL1JDYAYVj -i6gPniNXbvYHEitmHNMtrMDc4vVRYR5STyOTIZcMlTEoS/eZxP5udVFWN25H8bTU -WljLJmu1X1IoypmxMO5JKuI11snaW5OX4a3g8gUMGedvh3ua0YaPIgqSujfmfMxH -xuMYYCIQZASOmsH1niYpPyGTZHY4UlWGLROFUk8Dal24if57wjeoepWDWf3F0jcH -CITPrNSUUOvn+e2kZWsZ7HGzCe8p+xi9qVcZHx0OTV4fcMBqqczch6+D8DqauDx/ -+/DCkW6H3KKW/ot8Onnz0pSqyfd/BYFkVom//lgdudxjaUoZw3maZ37xy/kUedXQ -KQ7m6YLERH8N2ch4674x8hO6YEGHxHjxJGo/osfKCeyyL66RMr0AgoTqAyN4RhKt -FXPa1Yv7U005HPM3F0D/12tMDnavll5t8Q6vNzZJNVV+ZzZoH3k= -=yBKB ------END PGP SIGNATURE----- diff --git a/thunderbird-78.6.0.source.tar.xz b/thunderbird-78.6.0.source.tar.xz new file mode 100644 index 0000000..9522e33 --- /dev/null +++ b/thunderbird-78.6.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1dd6f9a4d88b4c3d0ec47bba60a891243ef95e105a9045b2d32e2b126779844b +size 353496712 diff --git a/thunderbird-78.6.0.source.tar.xz.asc b/thunderbird-78.6.0.source.tar.xz.asc new file mode 100644 index 0000000..77b95b4 --- /dev/null +++ b/thunderbird-78.6.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/UFaYACgkQ8aZmj7t9 +Vy7Zxw//SSXD2GtgG0ko3xNQwQ2ujCOI80OYig92+GkFr1xIOuz3xvE5cLbWnYIP +Vzc6qBgaBZr4MJKL4B0URTOLivwKDNQb7c84zbUWJKaf3XHBQW+jroltl0J3lfgn +CpMoY3ekyzZeWZ+o0N0zexGRb1dUEAyUG4GgWUdozLeLG4DO7w70x/iI2wDP4QQN +VxQo0cYtdfizdvjky1v96OEFic6JFrDnj9VDQSI97NX5EAr+sI+ihvPr2mDzn+IA +kSmXfDGvTOvkoz13heNE2BHX5XM1GMuWpkrNQzW5G4mp5on52z1uHHIYZqc49uip +2KDAGX9NJbIGCn2utcwtsEhq3jtstjnHS5HzaeYEK4mjifdtxygXiWJZoaPSVTx0 +25ZjXI6LBJcuBKVZkvbEdR35nuA8Y83i/Jf7JtFoWlM/nyu+ElkW9gdvnmqYCPNp +0+0aEus0M0n5By+OxO9vF7Mm63z4Bj1YKnvU6+4s1d6G2HyICrNPZJ8IaDK3zj21 +oERuECpbWwrYU8cramlxxnpJfqI4EjQ6ZaPz1q9j3U7eT1Vr5cw2KGct2E6aHE36 +rUEgzO1TcZpGSWQUr1arDWePkCqHofUYsE15pjAFbBVF4Q9Ut3FKYUG6Jo0hbZJr +WKoQLzyxi0EGey5oiHiBnc+XOCr4ub1eujBf2uCciZHiZ7htr/E= +=RpOn +-----END PGP SIGNATURE-----