From 34187271c9861f7f982ced6879251afee92b95a52fd3b7f4959d97f68f8c6cf7 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 5 May 2020 07:28:14 +0000 Subject: [PATCH 1/4] Accepting request 800249 from home:namtrac:branches:mozilla:Factory - Add mozilla-bmo1580963.patch to fix build with rust 1.43 OBS-URL: https://build.opensuse.org/request/show/800249 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=527 --- MozillaThunderbird.changes | 5 ++++ MozillaThunderbird.spec | 2 ++ mozilla-bmo1580963.patch | 61 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 mozilla-bmo1580963.patch diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index e5bf254..32382bf 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue May 5 07:00:36 UTC 2020 - Ismail Dönmez + +- Add mozilla-bmo1580963.patch to fix build with rust 1.43 + ------------------------------------------------------------------- Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 8955d6c..6a47fb2 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -172,6 +172,7 @@ Patch21: mozilla-bmo1554971.patch Patch22: mozilla-nestegg-big-endian.patch Patch24: mozilla-fix-top-level-asm.patch Patch25: mozilla-bmo1504834-part4.patch +Patch26: mozilla-bmo1580963.patch %endif # only_print_mozconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: coreutils fileutils textutils /bin/sh @@ -269,6 +270,7 @@ fi %patch22 -p1 %patch24 -p1 %patch25 -p1 +%patch26 -p1 %endif # only_print_mozconfig %build diff --git a/mozilla-bmo1580963.patch b/mozilla-bmo1580963.patch new file mode 100644 index 0000000..50ae1ab --- /dev/null +++ b/mozilla-bmo1580963.patch @@ -0,0 +1,61 @@ +From 7617a0e6fe2bb7afab6ffda49fc8cd9eca2f035b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= +Date: Thu, 12 Sep 2019 21:09:27 +0000 +Subject: [PATCH] Bug 1580963 - Cherry-pick some servo changes from a rustc + upgrade. + +This cherry-picks from Servo commit 98e4a53b724. + +Differential Revision: https://phabricator.services.mozilla.com/D45738 + +--HG-- +extra : moz-landing-system : lando +--- + .../style/stylesheets/viewport_rule.rs | 23 +++++++++++++------ + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/servo/components/style/stylesheets/viewport_rule.rs b/servo/components/style/stylesheets/viewport_rule.rs +index 8cc858f7a7f69..7d0881e3336a9 100644 +--- old/servo/components/style/stylesheets/viewport_rule.rs ++++ new/servo/components/style/stylesheets/viewport_rule.rs +@@ -291,15 +291,18 @@ impl<'a, 'b, 'i> DeclarationParser<'i> for ViewportRuleParser<'a, 'b> { + ) -> Result, ParseError<'i>> { + macro_rules! declaration { + ($declaration:ident($parse:expr)) => { +- declaration!($declaration(value: try!($parse(input)), +- important: input.try(parse_important).is_ok())) ++ declaration!($declaration { ++ value: $parse(input)?, ++ important: input.try(parse_important).is_ok(), ++ }) + }; +- ($declaration:ident(value: $value:expr, important: $important:expr)) => { ++ ($declaration:ident { value: $value:expr, important: $important:expr, }) => { + ViewportDescriptorDeclaration::new( + self.context.stylesheet_origin, + ViewportDescriptor::$declaration($value), +- $important) +- } ++ $important, ++ ) ++ }; + } + + macro_rules! ok { +@@ -311,8 +314,14 @@ impl<'a, 'b, 'i> DeclarationParser<'i> for ViewportRuleParser<'a, 'b> { + let important = input.try(parse_important).is_ok(); + + Ok(vec![ +- declaration!($min(value: shorthand.0, important: important)), +- declaration!($max(value: shorthand.1, important: important)), ++ declaration!($min { ++ value: shorthand.0, ++ important: important, ++ }), ++ declaration!($max { ++ value: shorthand.1, ++ important: important, ++ }), + ]) + }}; + } From f31294e41a8c79b763582384b201ef7d2f39c90892248b69e5598f0fe78da52b Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 5 May 2020 07:51:42 +0000 Subject: [PATCH 2/4] - Mozilla Thunderbird 68.8.0 - Add mozilla-bmo1580963.patch to fix build with rust 1.43 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=528 --- MozillaThunderbird.changes | 7 ++++++- MozillaThunderbird.spec | 4 ++-- l10n-68.7.0.tar.xz | 3 --- l10n-68.8.0.tar.xz | 3 +++ tar_stamps | 8 ++++---- thunderbird-68.7.0.source.tar.xz | 3 --- thunderbird-68.7.0.source.tar.xz.asc | 16 ---------------- thunderbird-68.8.0.source.tar.xz | 3 +++ thunderbird-68.8.0.source.tar.xz.asc | 16 ++++++++++++++++ 9 files changed, 34 insertions(+), 29 deletions(-) delete mode 100644 l10n-68.7.0.tar.xz create mode 100644 l10n-68.8.0.tar.xz delete mode 100644 thunderbird-68.7.0.source.tar.xz delete mode 100644 thunderbird-68.7.0.source.tar.xz.asc create mode 100644 thunderbird-68.8.0.source.tar.xz create mode 100644 thunderbird-68.8.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 32382bf..eb43552 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,7 +1,12 @@ +------------------------------------------------------------------- +Tue May 5 07:49:33 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Thunderbird 68.8.0 + ------------------------------------------------------------------- Tue May 5 07:00:36 UTC 2020 - Ismail Dönmez -- Add mozilla-bmo1580963.patch to fix build with rust 1.43 +- Add mozilla-bmo1580963.patch to fix build with rust 1.43 ------------------------------------------------------------------- Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 6a47fb2..5acd615 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 68 -%define mainver %major.7.0 -%define orig_version 68.7.0 +%define mainver %major.8.0 +%define orig_version 68.8.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{mainver} diff --git a/l10n-68.7.0.tar.xz b/l10n-68.7.0.tar.xz deleted file mode 100644 index 9e965da..0000000 --- a/l10n-68.7.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:864dd346f0b6057992088532d19bd82db9870818bebf81ba2cb4907c7ec4e4d7 -size 31367516 diff --git a/l10n-68.8.0.tar.xz b/l10n-68.8.0.tar.xz new file mode 100644 index 0000000..b6ca7ea --- /dev/null +++ b/l10n-68.8.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:08c901b6099402af1bb93b88c0f762f324423c69ee8d5daf876f69117e01f018 +size 28524256 diff --git a/tar_stamps b/tar_stamps index f66ab87..a6a248d 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr68" -VERSION="68.7.0" +VERSION="68.8.0" VERSION_SUFFIX="" -PREV_VERSION="68.6.0" +PREV_VERSION="68.7.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68" -RELEASE_TAG="f7099fd16d6f5dff22154eab3161674142501739" -RELEASE_TIMESTAMP="20200407160932" +RELEASE_TAG="4c022a34cd5dd776671721c44db89f693f59132c" +RELEASE_TIMESTAMP="20200504155042" diff --git a/thunderbird-68.7.0.source.tar.xz b/thunderbird-68.7.0.source.tar.xz deleted file mode 100644 index 266feca..0000000 --- a/thunderbird-68.7.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bc2efd2fee1d8f856a177e1579d529890dbf3621e6fb32a443c225ff7bf14b84 -size 339588604 diff --git a/thunderbird-68.7.0.source.tar.xz.asc b/thunderbird-68.7.0.source.tar.xz.asc deleted file mode 100644 index 86084cd..0000000 --- a/thunderbird-68.7.0.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl6Mwk0ACgkQ8aZmj7t9 -Vy6p3Q/9G+GAxLMMktbWjRXNwCcfyQ5w4jS3HXs01/mfOzNRupEVIvgU01Ola6Km -zsd6kV6eZdT3of1xXqfkgA5ZN3ebmHQWkVi/ro8gleE14SGJtMQ0bIpMzG5eb4pw -SLjraeCj5R+jIc884pkL1tAdlCIptDqEqgJTbMBPnlJltpE8QAQ4RpR2akefrbPV -EdG7qyqClJcQU16DlehCCbkBOEFHkwxxZOlx7S/o0c0p001GHecXLkzkHRpD8QIA -pVwfl7WAassK0r0KoKqxeq7RvTu6zC5rGz+wcV/dlHG+Wwu4LtAFDB8UUs64rxFm -ACUPoJePJfjGRSh3nscrahtAGgM5mv8EgY0jSn19raF3xoPSU38iU+Vfum++Gdde -ymRQJryXDSxSaAqzR7AHSwhOTqHirB/3NWK2/1rm/s9LV/EBfF/w4KfRDNDk1pqc -pRRSO+N/tbUUNCLYcRXyOVRBOwz/1SLXFswhjeRY2jKx09lNKt1r4FAdhkt0em4y -t3KAHMnY/Ql6Z9aKXoRRO0YxxCbW/Z4NQ009rgiY1zyc+1SJ3tsweg9BDuWyYRL0 -/g13RKb1eMnkYGzDFlPH8yvK7JyS05j6Wo5T+6qL+GnJeIBeBYYRLZBd5HKiTwBS -xtTDBmEyD47FQUrCjE3RCou1PObIJjOJUvnLiztyKwbT0gyrYhY= -=o6zt ------END PGP SIGNATURE----- diff --git a/thunderbird-68.8.0.source.tar.xz b/thunderbird-68.8.0.source.tar.xz new file mode 100644 index 0000000..581a979 --- /dev/null +++ b/thunderbird-68.8.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ce87c3f2bb37d4ee827a32df16b25396590e98fbf6e8072ca16ba68c0d10cb0b +size 335068956 diff --git a/thunderbird-68.8.0.source.tar.xz.asc b/thunderbird-68.8.0.source.tar.xz.asc new file mode 100644 index 0000000..620d47c --- /dev/null +++ b/thunderbird-68.8.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl6wUIMACgkQ8aZmj7t9 +Vy60jg/8DSdxpIMih+dAqtxXLG3UvW6XRRZGx6C28CQeL0AtzxUQ06s+o4wexrp3 +lhT53gBJg8/17p/id7vHx32prqsP5/iMoIIQZWgFJpf3h61QTyrTYyXzbQuTWqbI +jsHuB+65c3EWBA5/vf/bkm6gBn6UZn3bX0QuPaYIGZBO7ge8S9Smsu9Xzu7XpcBK +N1wbB/jvPI4pf4nGPxs8O7wzj4ZU8nq3M41b0JB/uqCmgDHGhk/cgdJCPRA7i20E +3thd+ztJv2PBmHbQHk5oZtIdeadE1GNrQZwNbi9zvbehi4x/5WznP31XWPM1KzK+ +dyM2l+BpHfGa9tLJfxoP4DGOcEMGC3xBZAGFJEubu5hPj+h1/bE9ivuxyIsO3OxU +JT8rSkpcxfTI1BAT9GHlZ7thMCEGj4BA6wop/GMIpJqTi29+0z/2yEp0A+cSR67F +5V1pRaUPyP6C0+iAD648w9juVnrkbnC0ae/r1LFqPQNTm0pkM0ccBhL6IGHERaSB +7RSgbsblsRG7k7sb+2Eb6X0Bg4sJIGer2nLWAN64ijCkTy2getrRTv0MMgxfU1Ck +eOG1s256P3gwUuRjiyU1dkMem2rsOfCHuZHRwXV2A3Fbidg8LsIcRULtN1o/Tc7l +OFlYGXaLCoFiX37h5iFdUT5GTVx187zBv9NUlHUFFATvc9rSVI0= +=fZKh +-----END PGP SIGNATURE----- From 472726a884ea0cbb19929a7a8c89d1aaec5e4ea97e673805a745ae642e15f1fc Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 6 May 2020 07:22:35 +0000 Subject: [PATCH 3/4] * Account Manager fixes and improvements * https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes MFSA 2020-18 (bsc#1171186) * CVE-2020-12397 (bmo#1617370) Sender Email Address Spoofing using encoded Unicode characters * CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown * CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation * CVE-2020-12392 (bmo#1614468) Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) Memory safety bugs fixed in Thunderbird 68.8.0 - removed obsolete patch mozilla-bmo1580963.patch (bmo#1580963) In general, these flaws cannot be exploited through email in OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=529 --- MozillaThunderbird.changes | 21 ++++++++++++++++++++- MozillaThunderbird.spec | 2 -- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index eb43552..612cc7b 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -2,11 +2,30 @@ Tue May 5 07:49:33 UTC 2020 - Wolfgang Rosenauer - Mozilla Thunderbird 68.8.0 + * Account Manager fixes and improvements + * https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes + MFSA 2020-18 (bsc#1171186) + * CVE-2020-12397 (bmo#1617370) + Sender Email Address Spoofing using encoded Unicode characters + * CVE-2020-12387 (bmo#1545345) + Use-after-free during worker shutdown + * CVE-2020-6831 (bmo#1632241) + Buffer overflow in SCTP chunk input validation + * CVE-2020-12392 (bmo#1614468) + Arbitrary local file access with 'Copy as cURL' + * CVE-2020-12393 (bmo#1615471) + Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to command injection + * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, + bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) + Memory safety bugs fixed in Thunderbird 68.8.0 +- removed obsolete patch mozilla-bmo1580963.patch ------------------------------------------------------------------- Tue May 5 07:00:36 UTC 2020 - Ismail Dönmez - Add mozilla-bmo1580963.patch to fix build with rust 1.43 + (bmo#1580963) ------------------------------------------------------------------- Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger @@ -25,7 +44,7 @@ Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger * Calendar: Cancelled events didn't show with a line-through * Various security fixes MFSA 2020-14 - In general, these flaws cannot be exploited through email in + In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. * CVE-2020-6819 (bmo#1620818, bsc#1168630) diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 5acd615..a5f719b 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -172,7 +172,6 @@ Patch21: mozilla-bmo1554971.patch Patch22: mozilla-nestegg-big-endian.patch Patch24: mozilla-fix-top-level-asm.patch Patch25: mozilla-bmo1504834-part4.patch -Patch26: mozilla-bmo1580963.patch %endif # only_print_mozconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: coreutils fileutils textutils /bin/sh @@ -270,7 +269,6 @@ fi %patch22 -p1 %patch24 -p1 %patch25 -p1 -%patch26 -p1 %endif # only_print_mozconfig %build From a8238222fd630a807048d89c5f1d2b20d9659368b76d78e56de4f3b083a7bd5c Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 6 May 2020 07:27:49 +0000 Subject: [PATCH 4/4] OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=530 --- mozilla-bmo1580963.patch | 61 ---------------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 mozilla-bmo1580963.patch diff --git a/mozilla-bmo1580963.patch b/mozilla-bmo1580963.patch deleted file mode 100644 index 50ae1ab..0000000 --- a/mozilla-bmo1580963.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 7617a0e6fe2bb7afab6ffda49fc8cd9eca2f035b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= -Date: Thu, 12 Sep 2019 21:09:27 +0000 -Subject: [PATCH] Bug 1580963 - Cherry-pick some servo changes from a rustc - upgrade. - -This cherry-picks from Servo commit 98e4a53b724. - -Differential Revision: https://phabricator.services.mozilla.com/D45738 - ---HG-- -extra : moz-landing-system : lando ---- - .../style/stylesheets/viewport_rule.rs | 23 +++++++++++++------ - 1 file changed, 16 insertions(+), 7 deletions(-) - -diff --git a/servo/components/style/stylesheets/viewport_rule.rs b/servo/components/style/stylesheets/viewport_rule.rs -index 8cc858f7a7f69..7d0881e3336a9 100644 ---- old/servo/components/style/stylesheets/viewport_rule.rs -+++ new/servo/components/style/stylesheets/viewport_rule.rs -@@ -291,15 +291,18 @@ impl<'a, 'b, 'i> DeclarationParser<'i> for ViewportRuleParser<'a, 'b> { - ) -> Result, ParseError<'i>> { - macro_rules! declaration { - ($declaration:ident($parse:expr)) => { -- declaration!($declaration(value: try!($parse(input)), -- important: input.try(parse_important).is_ok())) -+ declaration!($declaration { -+ value: $parse(input)?, -+ important: input.try(parse_important).is_ok(), -+ }) - }; -- ($declaration:ident(value: $value:expr, important: $important:expr)) => { -+ ($declaration:ident { value: $value:expr, important: $important:expr, }) => { - ViewportDescriptorDeclaration::new( - self.context.stylesheet_origin, - ViewportDescriptor::$declaration($value), -- $important) -- } -+ $important, -+ ) -+ }; - } - - macro_rules! ok { -@@ -311,8 +314,14 @@ impl<'a, 'b, 'i> DeclarationParser<'i> for ViewportRuleParser<'a, 'b> { - let important = input.try(parse_important).is_ok(); - - Ok(vec![ -- declaration!($min(value: shorthand.0, important: important)), -- declaration!($max(value: shorthand.1, important: important)), -+ declaration!($min { -+ value: shorthand.0, -+ important: important, -+ }), -+ declaration!($max { -+ value: shorthand.1, -+ important: important, -+ }), - ]) - }}; - }