Accepting request 800587 from mozilla:Factory

- Mozilla Thunderbird 68.8.0 * Account Manager fixes and improvements * https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes MFSA 2020-18 (bsc#1171186) * CVE-2020-12397 (bmo#1617370) Sender Email Address Spoofing using encoded Unicode characters * CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown * CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation * CVE-2020-12392 (bmo#1614468) Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) Memory safety bugs fixed in Thunderbird 68.8.0 - removed obsolete patch mozilla-bmo1580963.patch - Add mozilla-bmo1580963.patch to fix build with rust 1.43 (bmo#1580963) In general, these flaws cannot be exploited through email in OBS-URL: https://build.opensuse.org/request/show/800587 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=230
2020-05-07 15:51:25 +00:00 · 2020-05-07 15:51:25 +00:00 · f9bbc6bdab
commit f9bbc6bdab
parent ccc9188360 a8238222fd
9 changed files with 58 additions and 29 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Tue May  5 07:49:33 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 68.8.0
+  * Account Manager fixes and improvements
+  * https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes
+  MFSA 2020-18 (bsc#1171186)
+  * CVE-2020-12397 (bmo#1617370)
+    Sender Email Address Spoofing using encoded Unicode characters
+  * CVE-2020-12387 (bmo#1545345)
+    Use-after-free during worker shutdown
+  * CVE-2020-6831 (bmo#1632241)
+    Buffer overflow in SCTP chunk input validation
+  * CVE-2020-12392 (bmo#1614468)
+    Arbitrary local file access with 'Copy as cURL'
+  * CVE-2020-12393 (bmo#1615471)
+    Devtools' 'Copy as cURL' feature did not fully escape
+    website-controlled data, potentially leading to command injection
+  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
+    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
+    Memory safety bugs fixed in Thunderbird 68.8.0
+- removed obsolete patch mozilla-bmo1580963.patch
+
+-------------------------------------------------------------------
+Tue May  5 07:00:36 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- Add mozilla-bmo1580963.patch to fix build with rust 1.43
+  (bmo#1580963)
+
 -------------------------------------------------------------------
 Thu Apr  9 17:27:50 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major           68
-%define mainver         %major.7.0
-%define orig_version    68.7.0
+%define mainver         %major.8.0
+%define orig_version    68.8.0
 %define orig_suffix     %{nil}
 %define update_channel  release
 %define source_prefix   thunderbird-%{mainver}
--- a/l10n-68.7.0.tar.xz
+++ b/l10n-68.7.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:864dd346f0b6057992088532d19bd82db9870818bebf81ba2cb4907c7ec4e4d7
-size 31367516
--- a/l10n-68.8.0.tar.xz
+++ b/l10n-68.8.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:08c901b6099402af1bb93b88c0f762f324423c69ee8d5daf876f69117e01f018
+size 28524256
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr68"
-VERSION="68.7.0"
+VERSION="68.8.0"
 VERSION_SUFFIX=""
-PREV_VERSION="68.6.0"
+PREV_VERSION="68.7.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68"
-RELEASE_TAG="f7099fd16d6f5dff22154eab3161674142501739"
-RELEASE_TIMESTAMP="20200407160932"
+RELEASE_TAG="4c022a34cd5dd776671721c44db89f693f59132c"
+RELEASE_TIMESTAMP="20200504155042"
--- a/thunderbird-68.7.0.source.tar.xz
+++ b/thunderbird-68.7.0.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bc2efd2fee1d8f856a177e1579d529890dbf3621e6fb32a443c225ff7bf14b84
-size 339588604
--- a/thunderbird-68.7.0.source.tar.xz.asc
+++ b/thunderbird-68.7.0.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl6Mwk0ACgkQ8aZmj7t9
-Vy6p3Q/9G+GAxLMMktbWjRXNwCcfyQ5w4jS3HXs01/mfOzNRupEVIvgU01Ola6Km
-zsd6kV6eZdT3of1xXqfkgA5ZN3ebmHQWkVi/ro8gleE14SGJtMQ0bIpMzG5eb4pw
-SLjraeCj5R+jIc884pkL1tAdlCIptDqEqgJTbMBPnlJltpE8QAQ4RpR2akefrbPV
-EdG7qyqClJcQU16DlehCCbkBOEFHkwxxZOlx7S/o0c0p001GHecXLkzkHRpD8QIA
-pVwfl7WAassK0r0KoKqxeq7RvTu6zC5rGz+wcV/dlHG+Wwu4LtAFDB8UUs64rxFm
-ACUPoJePJfjGRSh3nscrahtAGgM5mv8EgY0jSn19raF3xoPSU38iU+Vfum++Gdde
-ymRQJryXDSxSaAqzR7AHSwhOTqHirB/3NWK2/1rm/s9LV/EBfF/w4KfRDNDk1pqc
-pRRSO+N/tbUUNCLYcRXyOVRBOwz/1SLXFswhjeRY2jKx09lNKt1r4FAdhkt0em4y
-t3KAHMnY/Ql6Z9aKXoRRO0YxxCbW/Z4NQ009rgiY1zyc+1SJ3tsweg9BDuWyYRL0
-/g13RKb1eMnkYGzDFlPH8yvK7JyS05j6Wo5T+6qL+GnJeIBeBYYRLZBd5HKiTwBS
-xtTDBmEyD47FQUrCjE3RCou1PObIJjOJUvnLiztyKwbT0gyrYhY=
-=o6zt
-----END PGP SIGNATURE-----
--- a/thunderbird-68.8.0.source.tar.xz
+++ b/thunderbird-68.8.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce87c3f2bb37d4ee827a32df16b25396590e98fbf6e8072ca16ba68c0d10cb0b
+size 335068956
--- a/thunderbird-68.8.0.source.tar.xz.asc
+++ b/thunderbird-68.8.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl6wUIMACgkQ8aZmj7t9
+Vy60jg/8DSdxpIMih+dAqtxXLG3UvW6XRRZGx6C28CQeL0AtzxUQ06s+o4wexrp3
+lhT53gBJg8/17p/id7vHx32prqsP5/iMoIIQZWgFJpf3h61QTyrTYyXzbQuTWqbI
+jsHuB+65c3EWBA5/vf/bkm6gBn6UZn3bX0QuPaYIGZBO7ge8S9Smsu9Xzu7XpcBK
+N1wbB/jvPI4pf4nGPxs8O7wzj4ZU8nq3M41b0JB/uqCmgDHGhk/cgdJCPRA7i20E
+3thd+ztJv2PBmHbQHk5oZtIdeadE1GNrQZwNbi9zvbehi4x/5WznP31XWPM1KzK+
+dyM2l+BpHfGa9tLJfxoP4DGOcEMGC3xBZAGFJEubu5hPj+h1/bE9ivuxyIsO3OxU
+JT8rSkpcxfTI1BAT9GHlZ7thMCEGj4BA6wop/GMIpJqTi29+0z/2yEp0A+cSR67F
+5V1pRaUPyP6C0+iAD648w9juVnrkbnC0ae/r1LFqPQNTm0pkM0ccBhL6IGHERaSB
+7RSgbsblsRG7k7sb+2Eb6X0Bg4sJIGer2nLWAN64ijCkTy2getrRTv0MMgxfU1Ck
+eOG1s256P3gwUuRjiyU1dkMem2rsOfCHuZHRwXV2A3Fbidg8LsIcRULtN1o/Tc7l
+OFlYGXaLCoFiX37h5iFdUT5GTVx187zBv9NUlHUFFATvc9rSVI0=
+=fZKh
+-----END PGP SIGNATURE-----