1
0

63 Commits

Author SHA256 Message Date
02b45382fb Accepting request 1298009 from mozilla:Factory
- Mozilla Thunderbird ESR 140.1.1
  Fixed
  * Users with attachments open in tabs saw an error on Thunderbird restart
  * Sending from unified or local folder failed if no default account was set
  * Delete button could remove attachment instead of message
  * Message list scrolled back when returning to mail tab after opening a message

OBS-URL: https://build.opensuse.org/request/show/1298009
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=369
2025-08-07 14:48:53 +00:00
Wolfgang Rosenauer
5257fb9ed3 - Mozilla Thunderbird ESR 140.1.1
Fixed
  * Users with attachments open in tabs saw an error on Thunderbird restart
  * Sending from unified or local folder failed if no default account was set
  * Delete button could remove attachment instead of message
  * Message list scrolled back when returning to mail tab after opening a message

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=833
2025-08-06 18:14:05 +00:00
24b8a7dd97 Accepting request 1297206 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1297206
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=368
2025-08-03 11:38:21 +00:00
Wolfgang Rosenauer
b12070674d - Update memory constraints
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=831
2025-08-01 08:44:07 +00:00
842cecfac2 Accepting request 1295681 from mozilla:Factory
- Mozilla Thunderbird ESR 140.1.0
  * New folders were not added alphabetically if folders manually
    reordered beforehand
  * Message archive folder creation could silently stop during async
    folder creation
  MFSA 2025-63 (bsc#1246664)
  * CVE-2025-8027 (bmo#1968423)
    JavaScript engine only wrote partial return value to stack
  * CVE-2025-8028 (bmo#1971581)
    Large branch table could lead to truncated instruction
  * CVE-2025-8029 (bmo#1928021)
    javascript: URLs executed on object and embed tags
  * CVE-2025-8036 (bmo#1960834)
    DNS rebinding circumvents CORS
  * CVE-2025-8037 (bmo#1964767)
    Nameless cookies shadow secure cookies
  * CVE-2025-8030 (bmo#1968414)
    Potential user-assisted code execution in “Copy as cURL” command
  * CVE-2025-8031 (bmo#1971719)
    Incorrect URL stripping in CSP reports
  * CVE-2025-8032 (bmo#1974407)
    XSLT documents could bypass CSP
  * CVE-2025-8038 (bmo#1808979)
    CSP frame-src was not correctly enforced for paths
  * CVE-2025-8039 (bmo#1970997)
    Search terms persisted in URL bar
  * CVE-2025-8033 (bmo#1973990)
    Incorrect JavaScript state machine for generators
  * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422)
    Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR

OBS-URL: https://build.opensuse.org/request/show/1295681
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=367
2025-07-25 15:05:51 +00:00
Wolfgang Rosenauer
36e53452f3 - Mozilla Thunderbird ESR 140.1.0
* New folders were not added alphabetically if folders manually
    reordered beforehand
  * Message archive folder creation could silently stop during async
    folder creation
  MFSA 2025-63 (bsc#1246664)
  * CVE-2025-8027 (bmo#1968423)
    JavaScript engine only wrote partial return value to stack
  * CVE-2025-8028 (bmo#1971581)
    Large branch table could lead to truncated instruction
  * CVE-2025-8029 (bmo#1928021)
    javascript: URLs executed on object and embed tags
  * CVE-2025-8036 (bmo#1960834)
    DNS rebinding circumvents CORS
  * CVE-2025-8037 (bmo#1964767)
    Nameless cookies shadow secure cookies
  * CVE-2025-8030 (bmo#1968414)
    Potential user-assisted code execution in “Copy as cURL” command
  * CVE-2025-8031 (bmo#1971719)
    Incorrect URL stripping in CSP reports
  * CVE-2025-8032 (bmo#1974407)
    XSLT documents could bypass CSP
  * CVE-2025-8038 (bmo#1808979)
    CSP frame-src was not correctly enforced for paths
  * CVE-2025-8039 (bmo#1970997)
    Search terms persisted in URL bar
  * CVE-2025-8033 (bmo#1973990)
    Incorrect JavaScript state machine for generators
  * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422)
    Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=829
2025-07-25 06:36:59 +00:00
d728693161 Accepting request 1290580 from mozilla:Factory
- Mozilla Thunderbird ESR 128.12.0
  MFSA 2025-55 (bsc#1244670)
  * CVE-2025-6424 (bmo#1966423)
    Use-after-free in FontFaceSet
  * CVE-2025-6425 (bmo#1717672)
    The WebCompat WebExtension shipped exposed a persistent UUID
  * CVE-2025-6426 (bmo#1964385)
    No warning when opening executable terminal files on macOS
  * CVE-2025-6429 (bmo#1970658)
    Incorrect parsing of URLs could have allowed embedding of
    youtube.com
  * CVE-2025-6430 (bmo#1971140)
    Content-Disposition header ignored when a file is included in
    an embed or object tag

OBS-URL: https://build.opensuse.org/request/show/1290580
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=366
2025-07-06 15:14:15 +00:00
Wolfgang Rosenauer
8cd0971e90 - Mozilla Thunderbird ESR 128.12.0
MFSA 2025-55 (bsc#1244670)
  * CVE-2025-6424 (bmo#1966423)
    Use-after-free in FontFaceSet
  * CVE-2025-6425 (bmo#1717672)
    The WebCompat WebExtension shipped exposed a persistent UUID
  * CVE-2025-6426 (bmo#1964385)
    No warning when opening executable terminal files on macOS
  * CVE-2025-6429 (bmo#1970658)
    Incorrect parsing of URLs could have allowed embedding of
    youtube.com
  * CVE-2025-6430 (bmo#1971140)
    Content-Disposition header ignored when a file is included in
    an embed or object tag

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=827
2025-07-04 05:55:54 +00:00
d0db3c1d44 Accepting request 1287471 from mozilla:Factory
- Use these tools/versions unconditionally, package won't build on
  Tumbleweed with new gcc15 otherwise:
  gcc14, gcc14-c++, cargo1.84, rust1.84

OBS-URL: https://build.opensuse.org/request/show/1287471
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=365
2025-06-23 13:01:39 +00:00
Wolfgang Rosenauer
3a8271f9c8 - Use these tools/versions unconditionally, package won't build on
Tumbleweed with new gcc15 otherwise:
  gcc14, gcc14-c++, cargo1.84, rust1.84

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=825
2025-06-20 20:58:10 +00:00
85783160a3 Accepting request 1284604 from mozilla:Factory
- Mozilla Thunderbird ESR 128.11.1
  MFSA 2025-49
  * CVE-2025-5986 (bmo#1958580, bmo#1968012)
    Unsolicited File Download, Disk Space Exhaustion, and Credential
    Leakage via mailbox:/// Links

- Replace usage of %jobs for reproducible builds (boo#1237231)

OBS-URL: https://build.opensuse.org/request/show/1284604
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=364
2025-06-11 14:24:54 +00:00
Wolfgang Rosenauer
28d3dfb87f - Mozilla Thunderbird ESR 128.11.1
MFSA 2025-49
  * CVE-2025-5986 (bmo#1958580, bmo#1968012)
    Unsolicited File Download, Disk Space Exhaustion, and Credential
    Leakage via mailbox:/// Links

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=823
2025-06-11 04:58:59 +00:00
Wolfgang Rosenauer
f41fa22c90 Accepting request 1283963 from home:bmwiedemann:branches:mozilla:Factory
Replace usage of %jobs for reproducible builds (boo#1237231)

OBS-URL: https://build.opensuse.org/request/show/1283963
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=822
2025-06-09 05:31:59 +00:00
4c3dd7fae5 Accepting request 1280770 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1280770
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=363
2025-05-30 12:33:07 +00:00
Wolfgang Rosenauer
1f9d559ff5 128.11.0
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=820
2025-05-28 08:21:26 +00:00
e363e60cd3 Accepting request 1279281 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1279281
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=362
2025-05-23 12:30:49 +00:00
Wolfgang Rosenauer
ae500f1db6 Accepting request 1279280 from home:AndreasStieger:branches:mozilla:Factory
fix mfsa

OBS-URL: https://build.opensuse.org/request/show/1279280
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=818
2025-05-22 13:10:09 +00:00
Wolfgang Rosenauer
61dba6b468 Accepting request 1279086 from home:AndreasStieger:branches:mozilla:Factory
changelog for Mozilla Thunderbird ESR 128.0.2

OBS-URL: https://build.opensuse.org/request/show/1279086
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=817
2025-05-21 17:05:16 +00:00
17738f3082 Accepting request 1277886 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1277886
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=361
2025-05-20 07:33:34 +00:00
Wolfgang Rosenauer
fcd8a5b9c3 Mozilla Thunderbird ESR 128.10.1 boo#1243216
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=815
2025-05-15 19:26:08 +00:00
Wolfgang Rosenauer
854da840c2 - build on s390x needs 17G memory - adjust _constraints
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=814
2025-05-12 05:50:10 +00:00
ce10049049 Accepting request 1273775 from mozilla:Factory
- Mozilla Thunderbird ESR 128.10.0
  * Changed color override defaults with high contrast mode on
    macOS and Linux
  * Using Delete column in "Search Messages..." window could delete
    other messages
  MFSA 2025-32 (bsc#1241621)
  * CVE-2025-2817 (bmo#1917536)
    Privilege escalation in Thunderbird Updater
  * CVE-2025-4082 (bmo#1937097)
    WebGL shader attribute memory corruption in Thunderbird for
    macOS
  * CVE-2025-4083 (bmo#1958350)
    Process isolation bypass using "javascript:" URI links in
    cross-origin frames
  * CVE-2025-4084 (bmo#1949994, bmo#1956698, bmo#1960198)
    Potential local code execution in "copy as cURL" command
  * CVE-2025-4087 (bmo#1952465)
    Unsafe attribute access during XPath parsing
  * CVE-2025-4091 (bmo#1951161, bmo#1952105)
    Memory safety bugs fixed in Firefox 138, Thunderbird 138,
    Firefox ESR 128.10, and Thunderbird 128.10
  * CVE-2025-4093 (bmo#1894100)
    Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird
    128.10

OBS-URL: https://build.opensuse.org/request/show/1273775
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=360
2025-05-01 13:23:19 +00:00
Wolfgang Rosenauer
b9baeaa3a2 - Mozilla Thunderbird ESR 128.10.0
* Changed color override defaults with high contrast mode on
    macOS and Linux
  * Using Delete column in "Search Messages..." window could delete
    other messages
  MFSA 2025-32 (bsc#1241621)
  * CVE-2025-2817 (bmo#1917536)
    Privilege escalation in Thunderbird Updater
  * CVE-2025-4082 (bmo#1937097)
    WebGL shader attribute memory corruption in Thunderbird for
    macOS
  * CVE-2025-4083 (bmo#1958350)
    Process isolation bypass using "javascript:" URI links in
    cross-origin frames
  * CVE-2025-4084 (bmo#1949994, bmo#1956698, bmo#1960198)
    Potential local code execution in "copy as cURL" command
  * CVE-2025-4087 (bmo#1952465)
    Unsafe attribute access during XPath parsing
  * CVE-2025-4091 (bmo#1951161, bmo#1952105)
    Memory safety bugs fixed in Firefox 138, Thunderbird 138,
    Firefox ESR 128.10, and Thunderbird 128.10
  * CVE-2025-4093 (bmo#1894100)
    Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird
    128.10

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=812
2025-05-01 04:56:54 +00:00
54c38910af Accepting request 1269739 from mozilla:Factory
- Mozilla Thunderbird ESR 128.9.2
  * Two-factor auth via text or email did not work with Office 365 using Oauth2
  * IRC channel was not visible after restart
  * Global indexing failed when processing email with invalid calendar data
  MFSA 2025-27
  * CVE-2025-3522 (bmo#1955372)
    Leak of hashed Window credentials via crafted attachment URL
  * CVE-2025-2830 (bmo#1956379)
    Information Disclosure of /tmp directory listing
  * CVE-2025-3523 (bmo#1958385)
    User Interface (UI) Misrepresentation of attachment URL

OBS-URL: https://build.opensuse.org/request/show/1269739
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=359
2025-04-16 18:41:05 +00:00
Wolfgang Rosenauer
c689e5c508 - Mozilla Thunderbird ESR 128.9.2
* Two-factor auth via text or email did not work with Office 365 using Oauth2
  * IRC channel was not visible after restart
  * Global indexing failed when processing email with invalid calendar data
  MFSA 2025-27
  * CVE-2025-3522 (bmo#1955372)
    Leak of hashed Window credentials via crafted attachment URL
  * CVE-2025-2830 (bmo#1956379)
    Information Disclosure of /tmp directory listing
  * CVE-2025-3523 (bmo#1958385)
    User Interface (UI) Misrepresentation of attachment URL

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=810
2025-04-15 20:22:14 +00:00
3b46ee9f7d Accepting request 1267257 from mozilla:Factory
- Mozilla Thunderbird ESR 128.9.1
  * Added delay to built-in notifications when new profile is
    created in offline mode

OBS-URL: https://build.opensuse.org/request/show/1267257
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=358
2025-04-07 15:36:30 +00:00
Wolfgang Rosenauer
3d88ad317c - Mozilla Thunderbird ESR 128.9.1
* Added delay to built-in notifications when new profile is
    created in offline mode

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=808
2025-04-05 06:08:22 +00:00
b1b911784f Accepting request 1266906 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1266906
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=357
2025-04-04 15:29:40 +00:00
Wolfgang Rosenauer
e07f492a0e - Update to use BuildRequires on clang-devel on Tumbleweed/Factory
instead of clang18-tools.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=806
2025-04-03 14:13:23 +00:00
Wolfgang Rosenauer
af5a3d9fed OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=805 2025-04-02 12:21:20 +00:00
Wolfgang Rosenauer
68f355c94d - Mozilla Thunderbird ESR 128.9.0
* Thunderbird now has a notification system for real-time desktop alerts
  * Data corruption occurred when compacting IMAP Drafts folder after
    saving a message
  * Right-clicking "Decrypt and Save As..." on an attachment file failed.
  * Thunderbird could crash when importing mail
  * Sort indicators were missing on the calendar events list
  MFSA 2025-24 (bsc#1240083)
  * CVE-2025-3028 (bmo#1941002)
    Use-after-free triggered by XSLTProcessor
  * CVE-2025-3029 (bmo#1952213)
    URL Bar Spoofing via non-BMP Unicode characters
  * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551,
    bmo#1951017, bmo#1951494)
    Memory safety bugs fixed in Firefox 137, Thunderbird 137,
    Firefox ESR 128.9, and Thunderbird 128.9

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=804
2025-04-02 05:39:42 +00:00
d3ef7590d8 Accepting request 1250560 from mozilla:Factory
- Mozilla Thunderbird 128.8.0
  * Opening an .EML file in profiles with many folders could take a long time
  * Users with many folders experienced poor performance when resizing
    message panes
  * "Replace" button in compose window was overwritten when the window
    was narrow
  * Export to mobile did not work when "Use default server" was selected
  * "Save Link As" was not working in feed web content
  MFSA 2025-18 (bsc#1237683)
  * CVE-2024-43097 (bmo#1945624)
    Overflow when growing an SkRegion's RunArray
  * CVE-2025-1930 (bmo#1902309)
    AudioIPC StreamData could trigger a use-after-free in the
    Browser process
  * CVE-2025-1931 (bmo#1944126)
    Use-after-free in WebTransportChild
  * CVE-2025-1932 (bmo#1944313)
    Inconsistent comparator in XSLT sorting led to out-of-bounds access
  * CVE-2025-1933 (bmo#1946004)
    JIT corruption of WASM i32 return values on 64-bit CPUs
  * CVE-2025-1934 (bmo#1942881)
    Unexpected GC during RegExp bailout processing
  * CVE-2025-1935 (bmo#1866661)
    Clickjacking the registerProtocolHandler info-bar
  * CVE-2025-1936 (bmo#1940027)
    Adding %00 and a fake extension to a jar: URL  changed the
    interpretation of the contents
  * CVE-2025-1937 (bmo#1938471, bmo#1940716)
    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
    Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8

OBS-URL: https://build.opensuse.org/request/show/1250560
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=356
2025-03-06 13:49:19 +00:00
Wolfgang Rosenauer
9ba0808add - Mozilla Thunderbird 128.8.0
* Opening an .EML file in profiles with many folders could take a long time
  * Users with many folders experienced poor performance when resizing
    message panes
  * "Replace" button in compose window was overwritten when the window
    was narrow
  * Export to mobile did not work when "Use default server" was selected
  * "Save Link As" was not working in feed web content
  MFSA 2025-18 (bsc#1237683)
  * CVE-2024-43097 (bmo#1945624)
    Overflow when growing an SkRegion's RunArray
  * CVE-2025-1930 (bmo#1902309)
    AudioIPC StreamData could trigger a use-after-free in the
    Browser process
  * CVE-2025-1931 (bmo#1944126)
    Use-after-free in WebTransportChild
  * CVE-2025-1932 (bmo#1944313)
    Inconsistent comparator in XSLT sorting led to out-of-bounds access
  * CVE-2025-1933 (bmo#1946004)
    JIT corruption of WASM i32 return values on 64-bit CPUs
  * CVE-2025-1934 (bmo#1942881)
    Unexpected GC during RegExp bailout processing
  * CVE-2025-1935 (bmo#1866661)
    Clickjacking the registerProtocolHandler info-bar
  * CVE-2025-1936 (bmo#1940027)
    Adding %00 and a fake extension to a jar: URL  changed the
    interpretation of the contents
  * CVE-2025-1937 (bmo#1938471, bmo#1940716)
    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
    Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=802
2025-03-06 07:43:59 +00:00
6b8eb9f5ee Accepting request 1247240 from mozilla:Factory
- Mozilla Thunderbird 128.7.1
  * Users may not have been notified if messages arrived in multiple
    folders at once
  * Message list scrolled to the wrong place on start-up
  * Unified folders could become unusable instead of being
    automatically rebuilt
  * Some messages may have been threaded incorrectly in unified folders
  * Middle-click autoscroll cursor appeared without arrows instead
    of expected design

OBS-URL: https://build.opensuse.org/request/show/1247240
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=355
2025-02-20 15:39:54 +00:00
Wolfgang Rosenauer
af64080f00 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=800 2025-02-19 08:22:38 +00:00
db1e78a2ef Accepting request 1243477 from mozilla:Factory
- Mozilla Thunderbird 128.7.0
  MFSA 2025-10 (bsc#1236539)
  * CVE-2025-1009 (bmo#1936613)
    Use-after-free in XSLT
  * CVE-2025-1010 (bmo#1936982)
    Use-after-free in Custom Highlight
  * CVE-2025-1011 (bmo#1936454)
    A bug in WebAssembly code generation could result in a crash
  * CVE-2025-1012 (bmo#1939710)
    Use-after-free during concurrent delazification
  * CVE-2024-11704 (bmo#1899402)
    Potential double-free vulnerability in PKCS#7 decryption
    handling
  * CVE-2025-1013 (bmo#1932555)
    Potential opening of private browsing tabs in normal browsing
    windows
  * CVE-2025-1014 (bmo#1940804)
    Certificate length was not properly checked
  * CVE-2025-1015 (bmo#1939458)
    Unsanitized address book fields
  * CVE-2025-0510 (bmo#1940570)
    Address of e-mail sender can be spoofed by malicious email
  * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694,
    bmo#1938469, bmo#1939583, bmo#1940994)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
    and Thunderbird 128.7
  * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 128.7, and Thunderbird 128.7

OBS-URL: https://build.opensuse.org/request/show/1243477
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=354
2025-02-05 20:56:37 +00:00
Wolfgang Rosenauer
d40086077f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=798 2025-02-05 10:41:41 +00:00
f891bd20fd Accepting request 1240635 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1240635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=353
2025-01-28 13:59:11 +00:00
Wolfgang Rosenauer
742b1a6892 changelog for 128.6.1 with boo#1236411
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=796
2025-01-27 20:19:22 +00:00
f4b4e6359e Accepting request 1237936 from mozilla:Factory
- Mozilla Thunderbird 128.6.0
  * New mail notification was not hidden after reading the new message
  * New mail notification could show for the wrong folder, causing
    repeated alerts
  * macOS shortcut CMD+1 did not restore the main window when it was
    minimized
  * Clicking the context menu "Reply" button resulted in "Reply-All"
  * Switching from "All", "Unread", and "Threads with unread" did not work
  * Downloading message headers from a newsgroup could cause a hang
  * Message list performance slow when many updates happened at once
  * "mailto:" links did not apply the compose format of the current identity
  * Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall
    back to USERPASS
  MFSA 2025-05  (bsc#1234991)
  * CVE-2025-0237 (bmo#1915257)
    WebChannel APIs susceptible to confused deputy attack
  * CVE-2025-0238 (bmo#1915535)
    Use-after-free when breaking lines in text
  * CVE-2025-0239 (bmo#1929156)
    Alt-Svc ALPN validation failure when redirected
  * CVE-2025-0240 (bmo#1929623)
    Compartment mismatch when parsing JavaScript JSON module
  * CVE-2025-0241 (bmo#1933023)
    Memory corruption when using JavaScript Text Segmentation
  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
    and Thunderbird 128.6
  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,

OBS-URL: https://build.opensuse.org/request/show/1237936
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=352
2025-01-15 16:43:47 +00:00
Wolfgang Rosenauer
382cf0734e - Mozilla Thunderbird 128.6.0
* New mail notification was not hidden after reading the new message
  * New mail notification could show for the wrong folder, causing
    repeated alerts
  * macOS shortcut CMD+1 did not restore the main window when it was
    minimized
  * Clicking the context menu "Reply" button resulted in "Reply-All"
  * Switching from "All", "Unread", and "Threads with unread" did not work
  * Downloading message headers from a newsgroup could cause a hang
  * Message list performance slow when many updates happened at once
  * "mailto:" links did not apply the compose format of the current identity
  * Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall
    back to USERPASS
  MFSA 2025-05  (bsc#1234991)
  * CVE-2025-0237 (bmo#1915257)
    WebChannel APIs susceptible to confused deputy attack
  * CVE-2025-0238 (bmo#1915535)
    Use-after-free when breaking lines in text
  * CVE-2025-0239 (bmo#1929156)
    Alt-Svc ALPN validation failure when redirected
  * CVE-2025-0240 (bmo#1929623)
    Compartment mismatch when parsing JavaScript JSON module
  * CVE-2025-0241 (bmo#1933023)
    Memory corruption when using JavaScript Text Segmentation
  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
    and Thunderbird 128.6
  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=794
2025-01-14 20:39:07 +00:00
e73180c381 Accepting request 1231002 from mozilla:Factory
- Mozilla Thunderbird 128.5.2
  * Large virtual folders could be very slow
  * Message could disappear after moving from IMAP folder followed
    by Undo and Redo
  * XMPP chat did not display messages sent inside a CDATA element
  * Selected calendar day did not move forward at midnight
  * Today pane agenda sometimes scrolled for no apparent reason
  * CalDAV calendars without offline support could degrade start-up
    performance
  * Visual and UX improvements
  MFSA 2024-69
  * CVE-2024-50336 (bmo#1929264)
    matrix-js-sdk has insufficient MXC URI validation which could
    allow client-side path traversal

OBS-URL: https://build.opensuse.org/request/show/1231002
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=351
2024-12-16 18:09:42 +00:00
Wolfgang Rosenauer
d53c49e081 - Mozilla Thunderbird 128.5.2
* Large virtual folders could be very slow
  * Message could disappear after moving from IMAP folder followed
    by Undo and Redo
  * XMPP chat did not display messages sent inside a CDATA element
  * Selected calendar day did not move forward at midnight
  * Today pane agenda sometimes scrolled for no apparent reason
  * CalDAV calendars without offline support could degrade start-up
    performance
  * Visual and UX improvements
  MFSA 2024-69
  * CVE-2024-50336 (bmo#1929264)
    matrix-js-sdk has insufficient MXC URI validation which could
    allow client-side path traversal

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=792
2024-12-14 14:13:35 +00:00
818a440a31 Accepting request 1227967 from mozilla:Factory
- Mozilla Thunderbird 128.5.1
  * Add end of year donation appeal
  * Total message count for favorite folders did not work consistently
- make spec compatible with rpm < 4.17 again
- correct appdata for different desktop filename

OBS-URL: https://build.opensuse.org/request/show/1227967
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=350
2024-12-03 19:47:16 +00:00
Wolfgang Rosenauer
48c0721353 - Mozilla Thunderbird 128.5.1
* Add end of year donation appeal
  * Total message count for favorite folders did not work consistently

- make spec compatible with rpm < 4.17 again
- correct appdata for different desktop filename

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=790
2024-12-03 10:26:37 +00:00
94c99d3af2 Accepting request 1226643 from mozilla:Factory
- Mozilla Thunderbird 128.5.0
  * IMAP could crash when reading cached messages
  * Enabling "Show Folder Size" on Maildir profile could render
    Thunderbird unusable
  * Messages corrupted by folder compaction were only fixed by user
    intervention
  * Reading a message from past the end of an mbox file did not
    cause an error
  * View -> Folders had duplicate F access keys
  * Add-ons adding columns to the message list could fail and cause
    display issue
  * "Empty trash on exit" and "Expunge inbox on exit" did not
    always work
  * Selecting a display option in View -> Tasks did not apply in
    the Task interface
  MFSA 2024-68 (bsc#1233695)
  * CVE-2024-11691 (bmo#1914707, bmo#1924184)
    Memory corruption in Apple GPU drivers
  * CVE-2024-11692 (bmo#1909535)
    Select list elements could be shown over another site
  * CVE-2024-11693 (bmo#1921458)
    Download Protections were bypassed by .library-ms files on Windows
  * CVE-2024-11694 (bmo#1924167)
    CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 (bmo#1925496)
    URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  * CVE-2024-11696 (bmo#1929600)
    Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 (bmo#1842187)
    Improper Keypress Handling in Executable File Confirmation Dialog

OBS-URL: https://build.opensuse.org/request/show/1226643
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=349
2024-11-27 21:11:26 +00:00
Wolfgang Rosenauer
98a906a372 - Mozilla Thunderbird 128.5.0
* IMAP could crash when reading cached messages
  * Enabling "Show Folder Size" on Maildir profile could render
    Thunderbird unusable
  * Messages corrupted by folder compaction were only fixed by user
    intervention
  * Reading a message from past the end of an mbox file did not
    cause an error
  * View -> Folders had duplicate F access keys
  * Add-ons adding columns to the message list could fail and cause
    display issue
  * "Empty trash on exit" and "Expunge inbox on exit" did not
    always work
  * Selecting a display option in View -> Tasks did not apply in
    the Task interface
  MFSA 2024-68 (bsc#1233695)
  * CVE-2024-11691 (bmo#1914707, bmo#1924184)
    Memory corruption in Apple GPU drivers
  * CVE-2024-11692 (bmo#1909535)
    Select list elements could be shown over another site
  * CVE-2024-11693 (bmo#1921458)
    Download Protections were bypassed by .library-ms files on Windows
  * CVE-2024-11694 (bmo#1924167)
    CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 (bmo#1925496)
    URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  * CVE-2024-11696 (bmo#1929600)
    Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 (bmo#1842187)
    Improper Keypress Handling in Executable File Confirmation Dialog

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=788
2024-11-26 18:45:19 +00:00
c2c19a4a10 Accepting request 1225214 from mozilla:Factory
- Mozilla Thunderbird 128.4.4
  * QR codes were not scannable by Android app when using most
    high-contrast themes
  * Primary password prompt cancellation during mobile export was
    confusing
- revert using xdg-desktop-portal as some desktops have limited
  support

OBS-URL: https://build.opensuse.org/request/show/1225214
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=348
2024-11-20 16:00:23 +00:00
Wolfgang Rosenauer
60298df72a - Mozilla Thunderbird 128.4.4
* QR codes were not scannable by Android app when using most
    high-contrast themes
  * Primary password prompt cancellation during mobile export was
    confusing
- revert using xdg-desktop-portal as some desktops have limited
  support

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=786
2024-11-20 07:45:37 +00:00
3d8cfe7559 Accepting request 1224250 from mozilla:Factory
- Mozilla Thunderbird 128.4.3
  Fixes:
  * Folder corruption could cause Thunderbird to freeze and become unusable
  * Message corruption could be propagated when reading mbox
  * Folder compaction was not abandoned on shutdown
  * Folder compaction did not clean up on failure
  * Collapsed NNTP thread incorrectly indicated there were unread messages
  * Navigating to next unread message did not wait for all messages
    to be loaded
  * Applying column view to folder and children could break if folder
    error occurred
  * Remote content notifications were broken with encrypted messages
  * Updating criteria of a saved search resulted in poor search performance
  * Drop-downs may not work in some places
  MFSA 2024-61
  * CVE-2024-11159 (bmo#1925929)
    Potential disclosure of plaintext in OpenPGP encrypted message
- remove kmozillahelper support (boo#1226112)
  * removed mozilla-kde.patch
  * requires xdg-desktop-portal instead

OBS-URL: https://build.opensuse.org/request/show/1224250
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=347
2024-11-15 14:42:42 +00:00
Wolfgang Rosenauer
4d2fed0f19 MFSA 2024-61
* CVE-2024-11159 (bmo#1925929)
    Potential disclosure of plaintext in OpenPGP encrypted message

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=784
2024-11-14 16:17:04 +00:00
Wolfgang Rosenauer
b6bf4d10d2 - Mozilla Thunderbird 128.4.3
Fixes:
  * Folder corruption could cause Thunderbird to freeze and become unusable
  * Message corruption could be propagated when reading mbox
  * Folder compaction was not abandoned on shutdown
  * Folder compaction did not clean up on failure
  * Collapsed NNTP thread incorrectly indicated there were unread messages
  * Navigating to next unread message did not wait for all messages
    to be loaded
  * Applying column view to folder and children could break if folder
    error occurred
  * Remote content notifications were broken with encrypted messages
  * Updating criteria of a saved search resulted in poor search performance
  * Drop-downs may not work in some places
- remove kmozillahelper support (boo#1226112)
  * removed mozilla-kde.patch
  * requires xdg-desktop-portal instead

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=783
2024-11-12 15:57:55 +00:00
6a814cf117 Accepting request 1222591 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1222591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=346
2024-11-08 11:00:14 +00:00
Wolfgang Rosenauer
76d8c3602d Mozilla Thunderbird 128.4.2
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=781
2024-11-07 21:02:45 +00:00
b91e9162ab Accepting request 1219576 from mozilla:Factory
- Mozilla Thunderbird 128.4.0
  * Export Thunderbird account settings to Thunderbird Mobile via QRCode
  Bugfixes:
  * Unable to send an unencrypted response to an OpenPGP encrypted message
  MFSA 2024-58 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
    bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4

OBS-URL: https://build.opensuse.org/request/show/1219576
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=345
2024-10-30 17:05:09 +00:00
Wolfgang Rosenauer
55323a4dd2 - Mozilla Thunderbird 128.4.0
* Export Thunderbird account settings to Thunderbird Mobile via QRCode
  Bugfixes:
  * Unable to send an unencrypted response to an OpenPGP encrypted message
  MFSA 2024-58 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
    bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=779
2024-10-30 13:57:01 +00:00
89bb3656e7 Accepting request 1217157 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1217157
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=344
2024-10-23 19:10:36 +00:00
Wolfgang Rosenauer
a0efbebc8c Mozilla Thunderbird 128.3.3
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=777
2024-10-23 07:03:59 +00:00
cf32d334ea Accepting request 1208840 from mozilla:Factory
- Mozilla Thunderbird 128.3.2
  bugfix release:
  https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes
- bring back mozilla-bmo531915.patch to fix x86

OBS-URL: https://build.opensuse.org/request/show/1208840
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=343
2024-10-18 13:58:20 +00:00
Wolfgang Rosenauer
4aa15214bf - Mozilla Thunderbird 128.3.2
bugfix release:
  https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes
- bring back mozilla-bmo531915.patch to fix x86

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=775
2024-10-18 10:35:47 +00:00
b59cbcd641 Accepting request 1207082 from mozilla:Factory
- Mozilla Thunderbird 128.3.1
  https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
  and following release notes for minor version updates
  MFSA 2024-52  (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
  Mozilla Thunderbird 128.3.0
  MFSA 2024-32 (128.0)
  MFSA 2024-37 (128.1)
  MFSA 2024-43 (128.2)
  MFSA 2024-49 (128.3) (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation

OBS-URL: https://build.opensuse.org/request/show/1207082
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=342
2024-10-11 15:02:38 +00:00
Wolfgang Rosenauer
1fd0463a82 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=773 2024-10-11 07:57:33 +00:00
Wolfgang Rosenauer
18f716d93a - Mozilla Thunderbird 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
  and following release notes for minor version updates
  MFSA 2024-52  (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
  Mozilla Thunderbird 128.3.0
  MFSA 2024-32 (128.0)
  MFSA 2024-37 (128.1)
  MFSA 2024-43 (128.2)
  MFSA 2024-49 (128.3) (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=772
2024-10-11 05:22:34 +00:00
28 changed files with 1716 additions and 2188 deletions

View File

@@ -1,3 +1,694 @@
-------------------------------------------------------------------
Tue Aug 5 19:36:55 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 140.1.1
Fixed
* Users with attachments open in tabs saw an error on Thunderbird restart
* Sending from unified or local folder failed if no default account was set
* Delete button could remove attachment instead of message
* Message list scrolled back when returning to mail tab after opening a message
-------------------------------------------------------------------
Sat Jul 26 08:58:28 UTC 2025 - Andreas Schwab <schwab@suse.de>
- Update memory constraints
-------------------------------------------------------------------
Sat Jul 19 06:05:52 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 140.1.0
* New folders were not added alphabetically if folders manually
reordered beforehand
* Message archive folder creation could silently stop during async
folder creation
MFSA 2025-63 (bsc#1246664)
* CVE-2025-8027 (bmo#1968423)
JavaScript engine only wrote partial return value to stack
* CVE-2025-8028 (bmo#1971581)
Large branch table could lead to truncated instruction
* CVE-2025-8029 (bmo#1928021)
javascript: URLs executed on object and embed tags
* CVE-2025-8036 (bmo#1960834)
DNS rebinding circumvents CORS
* CVE-2025-8037 (bmo#1964767)
Nameless cookies shadow secure cookies
* CVE-2025-8030 (bmo#1968414)
Potential user-assisted code execution in “Copy as cURL” command
* CVE-2025-8031 (bmo#1971719)
Incorrect URL stripping in CSP reports
* CVE-2025-8032 (bmo#1974407)
XSLT documents could bypass CSP
* CVE-2025-8038 (bmo#1808979)
CSP frame-src was not correctly enforced for paths
* CVE-2025-8039 (bmo#1970997)
Search terms persisted in URL bar
* CVE-2025-8033 (bmo#1973990)
Incorrect JavaScript state machine for generators
* CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422)
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998)
Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
141 and Thunderbird 141
-------------------------------------------------------------------
Mon Jul 15 04:38:05 UTC 2025 - Tristan Miller <psychonaut@nothingisreal.com>
- Mozilla Thunderbird ESR 140.0.1
MFSA 2025-54
* CVE-2025-6424 (bmo#1966423)
Use-after-free in FontFaceSet
* CVE-2025-6425 (bmo#1717672)
The WebCompat WebExtension shipped exposed a persistent UUID
* CVE-2025-6426 (bmo#1964385)
No warning when opening executable terminal files on macOS
* CVE-2025-6427 (bmo#1966927)
connect-src Content Security Policy restriction could be
bypassed
* CVE-2025-6429 (bmo#1970658)
Incorrect parsing of URLs could have allowed embedding of
youtube.com
* CVE-2025-6430 (bmo#1971140)
Content-Disposition header ignored when a file is included in
an embed or object tag
* CVE-2025-6432 (bmo#1943804)
DNS Requests leaked outside of a configured SOCKS proxy
* CVE-2025-6433 (bmo#1954033)
WebAuthn would allow a user to sign a challenge on a webpage
with an invalid TLS certificate
* CVE-2025-6434 (bmo#1955182)
HTTPS-Only exception screen lacked anti-clickjacking delay
* CVE-2025-6435 (bmo#1961777 bmo#1950056)
Save as in Devtools could download files without sanitizing
the extension
* CVE-2025-6436 (bmo#1941377 bmo#1960948 bmo#1966187 bmo#1966505
bmo#1970764)
Memory safety bugs fixed in Firefox 140 and Thunderbird 140
- adapt mozilla-ntlm-full-path.patch for Thunderbird 140.0.1
- adapt mozilla-silence-no-return-type.patch for Thunderbird
140.0.1
-------------------------------------------------------------------
Sun Jun 29 06:49:01 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.12.0
MFSA 2025-55 (bsc#1244670)
* CVE-2025-6424 (bmo#1966423)
Use-after-free in FontFaceSet
* CVE-2025-6425 (bmo#1717672)
The WebCompat WebExtension shipped exposed a persistent UUID
* CVE-2025-6426 (bmo#1964385)
No warning when opening executable terminal files on macOS
* CVE-2025-6429 (bmo#1970658)
Incorrect parsing of URLs could have allowed embedding of
youtube.com
* CVE-2025-6430 (bmo#1971140)
Content-Disposition header ignored when a file is included in
an embed or object tag
-------------------------------------------------------------------
Tue Jun 17 08:18:37 UTC 2025 - Manfred Hollstein <manfred.h@gmx.net>
- Use these tools/versions unconditionally, package won't build on
Tumbleweed with new gcc15 otherwise:
gcc14, gcc14-c++, cargo1.84, rust1.84
-------------------------------------------------------------------
Mon Jun 9 11:46:34 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.11.1
MFSA 2025-49
* CVE-2025-5986 (bmo#1958580, bmo#1968012)
Unsolicited File Download, Disk Space Exhaustion, and Credential
Leakage via mailbox:/// Links
-------------------------------------------------------------------
Sun Jun 8 14:58:03 UTC 2025 - Bernhard Wiedemann <bwiedemann@suse.com>
- Replace usage of %jobs for reproducible builds (boo#1237231)
-------------------------------------------------------------------
Mon May 26 16:54:33 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.11.0
MFSA 2025-46 (boo#1243353)
* CVE-2025-5262 (bmo#1962421)
Double-free in libvpx encoder
* CVE-2025-5263 (bmo#1960745)
Error handling for script execution was incorrectly isolated
from web content
* CVE-2025-5264 (bmo#1950001)
Potential local code execution in “Copy as cURL” command
* CVE-2025-5265 (bmo#1962301)
Potential local code execution in “Copy as cURL” command
* CVE-2025-5266 (bmo#1965628)
Script element events leaked cross-origin resource status
* CVE-2025-5267 (bmo#1954137)
Clickjacking vulnerability could have led to leaking saved
payment card details
* CVE-2025-5268 (bmo#1950136, bmo#1958121, bmo#1960499,
bmo#1962634)
Memory safety bugs fixed in Firefox 139, Thunderbird 139,
Firefox ESR 128.11, and Thunderbird 128.11
* CVE-2025-5269 (bmo#1924108)
Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird
128.11
* fixed: Thunderbird could crash if message copying to Sent
folder was interrupted (bmo#1965304)
-------------------------------------------------------------------
Wed May 21 05:23:25 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.10.2
MFSA 2025-40 (boo#1243303)
* CVE-2025-4918 (bmo#1966612)
Out-of-bounds access when resolving Promise objects
* CVE-2025-4919 (bmo#1966614)
Out-of-bounds access when optimizing linear sums
* Messages could not be viewed if the profile used a UNC path
* Visual and UX improvements
-------------------------------------------------------------------
Thu May 15 17:11:50 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- Mozilla Thunderbird ESR 128.10.1:
MFSA 2025-34 (boo#1243216)
* CVE-2025-3875 (bmo#1950629)
Sender Spoofing via Malformed From Header in Thunderbird
* CVE-2025-3877 (bmo#1958580)
Unsolicited File Download, Disk Space Exhaustion, and
Credential Leakage via mailbox:/// Links
* CVE-2025-3909 (bmo#1958376)
JavaScript Execution via Spoofed PDF Attachment and file:///
Link
* CVE-2025-3932 (bmo#1960412)
Tracking Links in Attachments Bypassed Remote Content
Blocking
* fixed: Standalone message windows/tabs no longer responded
after folder compaction (bmo#1960349)
* fixed: Thunderbird could crash when importing Outlook
messages (bmo#1851297)
* fixed: Visual and UX improvements (bmo#1960861)
-------------------------------------------------------------------
Sun May 11 09:44:51 UTC 2025 - Christian Boltz <suse-beta@cboltz.de>
- build on s390x needs 17G memory - adjust _constraints
-------------------------------------------------------------------
Tue Apr 29 20:33:16 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.10.0
* Changed color override defaults with high contrast mode on
macOS and Linux
* Using Delete column in "Search Messages..." window could delete
other messages
MFSA 2025-32 (bsc#1241621)
* CVE-2025-2817 (bmo#1917536)
Privilege escalation in Thunderbird Updater
* CVE-2025-4082 (bmo#1937097)
WebGL shader attribute memory corruption in Thunderbird for
macOS
* CVE-2025-4083 (bmo#1958350)
Process isolation bypass using "javascript:" URI links in
cross-origin frames
* CVE-2025-4084 (bmo#1949994, bmo#1956698, bmo#1960198)
Potential local code execution in "copy as cURL" command
* CVE-2025-4087 (bmo#1952465)
Unsafe attribute access during XPath parsing
* CVE-2025-4091 (bmo#1951161, bmo#1952105)
Memory safety bugs fixed in Firefox 138, Thunderbird 138,
Firefox ESR 128.10, and Thunderbird 128.10
* CVE-2025-4093 (bmo#1894100)
Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird
128.10
-------------------------------------------------------------------
Tue Apr 15 20:16:38 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.9.2
* Two-factor auth via text or email did not work with Office 365 using Oauth2
* IRC channel was not visible after restart
* Global indexing failed when processing email with invalid calendar data
MFSA 2025-27
* CVE-2025-3522 (bmo#1955372)
Leak of hashed Window credentials via crafted attachment URL
* CVE-2025-2830 (bmo#1956379)
Information Disclosure of /tmp directory listing
* CVE-2025-3523 (bmo#1958385)
User Interface (UI) Misrepresentation of attachment URL
-------------------------------------------------------------------
Sat Apr 5 06:04:41 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.9.1
* Added delay to built-in notifications when new profile is
created in offline mode
-------------------------------------------------------------------
Thu Apr 3 10:20:02 UTC 2025 - Ana Guerrero <ana.guerrero@suse.com>
- Update to use BuildRequires on clang-devel on Tumbleweed/Factory
instead of clang18-tools.
-------------------------------------------------------------------
Thu Mar 27 07:17:25 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird ESR 128.9.0
* Thunderbird now has a notification system for real-time desktop alerts
* Data corruption occurred when compacting IMAP Drafts folder after
saving a message
* Right-clicking "Decrypt and Save As..." on an attachment file failed.
* Thunderbird could crash when importing mail
* Sort indicators were missing on the calendar events list
MFSA 2025-24 (bsc#1240083)
* CVE-2025-3028 (bmo#1941002)
Use-after-free triggered by XSLTProcessor
* CVE-2025-3029 (bmo#1952213)
URL Bar Spoofing via non-BMP Unicode characters
* CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551,
bmo#1951017, bmo#1951494)
Memory safety bugs fixed in Firefox 137, Thunderbird 137,
Firefox ESR 128.9, and Thunderbird 128.9
-------------------------------------------------------------------
Wed Mar 5 19:54:43 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.8.0
* Opening an .EML file in profiles with many folders could take a long time
* Users with many folders experienced poor performance when resizing
message panes
* "Replace" button in compose window was overwritten when the window
was narrow
* Export to mobile did not work when "Use default server" was selected
* "Save Link As" was not working in feed web content
MFSA 2025-18 (bsc#1237683)
* CVE-2024-43097 (bmo#1945624)
Overflow when growing an SkRegion's RunArray
* CVE-2025-1930 (bmo#1902309)
AudioIPC StreamData could trigger a use-after-free in the
Browser process
* CVE-2025-1931 (bmo#1944126)
Use-after-free in WebTransportChild
* CVE-2025-1932 (bmo#1944313)
Inconsistent comparator in XSLT sorting led to out-of-bounds access
* CVE-2025-1933 (bmo#1946004)
JIT corruption of WASM i32 return values on 64-bit CPUs
* CVE-2025-1934 (bmo#1942881)
Unexpected GC during RegExp bailout processing
* CVE-2025-1935 (bmo#1866661)
Clickjacking the registerProtocolHandler info-bar
* CVE-2025-1936 (bmo#1940027)
Adding %00 and a fake extension to a jar: URL changed the
interpretation of the contents
* CVE-2025-1937 (bmo#1938471, bmo#1940716)
Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
* CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586,
bmo#1943912, bmo#1948111)
Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 128.8, and Thunderbird 128.8
-------------------------------------------------------------------
Wed Feb 19 08:17:56 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.7.1
* Users may not have been notified if messages arrived in multiple
folders at once
* Message list scrolled to the wrong place on start-up
* Unified folders could become unusable instead of being
automatically rebuilt
* Some messages may have been threaded incorrectly in unified folders
* Middle-click autoscroll cursor appeared without arrows instead
of expected design
-------------------------------------------------------------------
Wed Feb 5 07:26:07 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.7.0
MFSA 2025-10 (bsc#1236539)
* CVE-2025-1009 (bmo#1936613)
Use-after-free in XSLT
* CVE-2025-1010 (bmo#1936982)
Use-after-free in Custom Highlight
* CVE-2025-1011 (bmo#1936454)
A bug in WebAssembly code generation could result in a crash
* CVE-2025-1012 (bmo#1939710)
Use-after-free during concurrent delazification
* CVE-2024-11704 (bmo#1899402)
Potential double-free vulnerability in PKCS#7 decryption
handling
* CVE-2025-1013 (bmo#1932555)
Potential opening of private browsing tabs in normal browsing
windows
* CVE-2025-1014 (bmo#1940804)
Certificate length was not properly checked
* CVE-2025-1015 (bmo#1939458)
Unsanitized address book fields
* CVE-2025-0510 (bmo#1940570)
Address of e-mail sender can be spoofed by malicious email
* CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694,
bmo#1938469, bmo#1939583, bmo#1940994)
Memory safety bugs fixed in Firefox 135, Thunderbird 135,
Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
and Thunderbird 128.7
* CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984)
Memory safety bugs fixed in Firefox 135, Thunderbird 135,
Firefox ESR 128.7, and Thunderbird 128.7
-------------------------------------------------------------------
Mon Jan 27 07:58:55 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.6.1
* fixed: Link at about:rights pointed to Firefox privacy policy
instead of Thunderbird's (bmo#1941998)
* fixed: POP3 'fetch headers only' and 'get selected messages'
could delete messages (bmo#1930847)
* fixed: 'Search Online' checkbox in saved search properties
was incorrectly disabled (bmo#1937642)
* fixed: POP3 status message showed incorrect download count
when messages were deleted (bmo#1935800)
* fixed: Space bar did not always advance to the next unread
message (bmo#1468925)
* fixed: Folder creation or renaming failed due to incorrect
preference settings (bmo#1911225)
* fixed: Forwarding/editing S/MIME drafts/templates unusable
due to regression (bmo#1940605, boo#1236411)
* fixed: Sort order in 'Search Messages' panel reset after
search or on first launch (bmo#1935073)
* fixed: Reply window added an unnecessary third blank line at
the top (bmo#1935938)
* fixed: Thunderbird spell check box did not allow ENTER to
accept suggested changes (bmo#1935401)
* fixed: Long email subject lines could overlap window control
buttons on macOS (bmo#1940201)
* fixed: Flathub manifest link was not correct (bmo#1907695)
* fixed: 'Prefer client-side email scheduling' needed to be
selected twice (bmo#1862400)
* fixed: Duplicate invitations were sent if CALDAV calendar
email case did not match (bmo#1889607)
* fixed: Visual and UX improvements
(bmo#1875325,bmo#1901846,bmo#1939603,bmo#1855276)
-------------------------------------------------------------------
Wed Jan 8 08:12:38 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.6.0
* New mail notification was not hidden after reading the new message
* New mail notification could show for the wrong folder, causing
repeated alerts
* macOS shortcut CMD+1 did not restore the main window when it was
minimized
* Clicking the context menu "Reply" button resulted in "Reply-All"
* Switching from "All", "Unread", and "Threads with unread" did not work
* Downloading message headers from a newsgroup could cause a hang
* Message list performance slow when many updates happened at once
* "mailto:" links did not apply the compose format of the current identity
* Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall
back to USERPASS
MFSA 2025-05 (bsc#1234991)
* CVE-2025-0237 (bmo#1915257)
WebChannel APIs susceptible to confused deputy attack
* CVE-2025-0238 (bmo#1915535)
Use-after-free when breaking lines in text
* CVE-2025-0239 (bmo#1929156)
Alt-Svc ALPN validation failure when redirected
* CVE-2025-0240 (bmo#1929623)
Compartment mismatch when parsing JavaScript JSON module
* CVE-2025-0241 (bmo#1933023)
Memory corruption when using JavaScript Text Segmentation
* CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
and Thunderbird 128.6
* CVE-2025-0243 (bmo#1827142, bmo#1932783)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 128.6, and Thunderbird 128.6
-------------------------------------------------------------------
Wed Dec 11 15:48:02 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.5.2
* Large virtual folders could be very slow
* Message could disappear after moving from IMAP folder followed
by Undo and Redo
* XMPP chat did not display messages sent inside a CDATA element
* Selected calendar day did not move forward at midnight
* Today pane agenda sometimes scrolled for no apparent reason
* CalDAV calendars without offline support could degrade start-up
performance
* Visual and UX improvements
MFSA 2024-69
* CVE-2024-50336 (bmo#1929264)
matrix-js-sdk has insufficient MXC URI validation which could
allow client-side path traversal
-------------------------------------------------------------------
Tue Dec 3 07:41:29 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.5.1
* Add end of year donation appeal
* Total message count for favorite folders did not work consistently
-------------------------------------------------------------------
Thu Nov 28 09:07:50 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- make spec compatible with rpm < 4.17 again
- correct appdata for different desktop filename
-------------------------------------------------------------------
Tue Nov 26 10:15:25 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.5.0
* IMAP could crash when reading cached messages
* Enabling "Show Folder Size" on Maildir profile could render
Thunderbird unusable
* Messages corrupted by folder compaction were only fixed by user
intervention
* Reading a message from past the end of an mbox file did not
cause an error
* View -> Folders had duplicate F access keys
* Add-ons adding columns to the message list could fail and cause
display issue
* "Empty trash on exit" and "Expunge inbox on exit" did not
always work
* Selecting a display option in View -> Tasks did not apply in
the Task interface
MFSA 2024-68 (bsc#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11698 (bmo#1916152)
Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
* CVE-2024-11699 (bmo#1880582, bmo#1929911)
Memory safety bugs fixed in Firefox 133, Thunderbird 133,
Firefox ESR 128.5, and Thunderbird 128.5
- appid is thunderbird-esr currently; use the matching desktop
file name (boo#1233650)
-------------------------------------------------------------------
Wed Nov 20 07:36:02 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.4.4
* QR codes were not scannable by Android app when using most
high-contrast themes
* Primary password prompt cancellation during mobile export was
confusing
- revert using xdg-desktop-portal as some desktops have limited
support
-------------------------------------------------------------------
Sat Nov 9 16:26:41 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.4.3
Fixes:
* Folder corruption could cause Thunderbird to freeze and become unusable
* Message corruption could be propagated when reading mbox
* Folder compaction was not abandoned on shutdown
* Folder compaction did not clean up on failure
* Collapsed NNTP thread incorrectly indicated there were unread messages
* Navigating to next unread message did not wait for all messages
to be loaded
* Applying column view to folder and children could break if folder
error occurred
* Remote content notifications were broken with encrypted messages
* Updating criteria of a saved search resulted in poor search performance
* Drop-downs may not work in some places
MFSA 2024-61
* CVE-2024-11159 (bmo#1925929)
Potential disclosure of plaintext in OpenPGP encrypted message
- remove kmozillahelper support (boo#1226112)
* removed mozilla-kde.patch
* requires xdg-desktop-portal instead
-------------------------------------------------------------------
Wed Nov 6 19:54:16 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- Mozilla Thunderbird 128.4.2
* Increased the auto-compaction threshold to reduce the frequency
of compaction (bmo#1927656)
* fixed: New profile creation caused console errors (bmo#1912675)
* fixed: Repair folder could result in older messages showing
wrong date and time (bmo#1911916)
* fixed: Recently deleted messages could become undeleted if
message compaction failed (bmo#1924927)
* fixed: Visual and UX improvements
(bmo#1857413,bmo#1922934,bmo#1924437)
* fixed: Clicking on an HTML button could cause Thunderbird to
freeze (bmo#1879355)
* fixed: Messages could not be selected for dragging
(bmo#1887518)
* fixed: Could not open attached file in a MIME encrypted
message (bmo#1924637)
* fixed: Account creation "Setup Documentation" link was broken
(bmo#1925493)
* fixed: Unable to generate QR codes when exporting to mobile
in some cases (bmo#1928114)
* fixed: Operating system reauthentication was missing when
exporting QR codes for mobile (bmo#1928232)
* fixed: Could not drag all-day events from one day to another
in week view (bmo#1922944)
-------------------------------------------------------------------
Sat Nov 2 09:01:15 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.4.1
* Add the 20 year donation appeal (bmo#192538)
-------------------------------------------------------------------
Wed Oct 30 13:51:30 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.4.0
* Export Thunderbird account settings to Thunderbird Mobile via QRCode
Bugfixes:
* Unable to send an unencrypted response to an OpenPGP encrypted message
MFSA 2024-58 (bsc#1231879)
* CVE-2024-10458 (bmo#1921733)
Permission leak via embed or object elements
* CVE-2024-10459 (bmo#1919087)
Use-after-free in layout with accessibility
* CVE-2024-10460 (bmo#1912537)
Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 (bmo#1914521)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
* CVE-2024-10462 (bmo#1920423)
Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 (bmo#1920800)
Cross origin video frame leak
* CVE-2024-10464 (bmo#1913000)
History interface could have been used to cause a Denial of
Service condition in the browser
* CVE-2024-10465 (bmo#1918853)
Clipboard "paste" button persisted across tabs
* CVE-2024-10466 (bmo#1924154)
DOM push subscription message could hang Firefox
* CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
bmo#1917742, bmo#1919809, bmo#1923706)
Memory safety bugs fixed in Firefox 132, Thunderbird 132,
Firefox ESR 128.4, and Thunderbird 128.4
-------------------------------------------------------------------
Wed Oct 23 06:45:00 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- Mozilla Thunderbird 128.3.3
* Files left over from failed folder compactions could use up
disk space (bmo#1878541)
* Message list returned to selected message after action on
another message (bmo#1917485)
* Some faulty messages were downloaded and never stored
(bmo#1923765)
* Messages could become corrupted during folder compaction
(bmo#1923747,bmo#1923541,bmo#1720047)
* Searching events by Location, Description, or URL failed
(bmo#1912710)
* "Remove All Shown" saved passwords deleted all logins if
filtered without results (bmo#601447)
* Calendar event updates were not always sent to attendees
(bmo#1877640)
-------------------------------------------------------------------
Wed Oct 16 14:52:43 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.3.2
bugfix release:
https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes
- bring back mozilla-bmo531915.patch to fix x86
-------------------------------------------------------------------
Thu Oct 10 17:11:15 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
and following release notes for minor version updates
MFSA 2024-52 (bsc#1231413)
* CVE-2024-9680 (bmo#1923344)
Use-after-free in Animation timeline
Mozilla Thunderbird 128.3.0
MFSA 2024-32 (128.0)
MFSA 2024-37 (128.1)
MFSA 2024-43 (128.2)
MFSA 2024-49 (128.3) (bsc#1230979)
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-8900 (bmo#1872841)
Clipboard write permission bypass
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
* CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
Thunderbird 131, and Thunderbird 128.3
- removed obsolete patches
mozilla-bmo1504834-part3.patch
mozilla-bmo1512162.patch
mozilla-bmo1775202.patch
mozilla-bmo531915.patch
mozilla-fix-aarch64-libopus.patch
mozilla-fix-issues-with-llvm18.patch
mozilla-fix-top-level-asm.patch
mozilla-partial-revert-1768632.patch
mozilla-rust-disable-future-incompat.patch
thunderbird-fix-CVE-2024-34703.patch
- new patch thunderbird-silence-no-return.patch
- rebased
mozilla-bmo1504834-part1.patch
mozilla-kde.patch
mozilla-libavcodec58_91.patch
mozilla-silence-no-return-type.patch
-------------------------------------------------------------------
Fri Sep 6 08:55:26 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>

View File

@@ -1,8 +1,9 @@
#
# spec file for package MozillaThunderbird
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2006-2023 Wolfgang Rosenauer <wr@rosenauer.org>
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2006-2025 Wolfgang Rosenauer <wr@rosenauer.org>
# Copyright (c) 2025 Tristan Miller <psychonaut@nothingisreal.com>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,14 +26,14 @@
# FF70beta3 would be released as FF69.99
# orig_version would be the upstream tar ball
# orig_version 70.0
# orig_suffix b3
# orig_suffix b3 (or esr)
# major 69
# mainver %%major.99
%define major 115
%define mainver %major.15.0
%define orig_version 115.15.0
%define orig_suffix %nil
%define update_channel release
%define major 140
%define mainver %major.1.1
%define orig_version 140.1.1
%define orig_suffix esr
%define update_channel esr
%define source_prefix thunderbird-%{orig_version}
# PGO builds do not work in TW currently (bmo#1680306)
@@ -43,19 +44,23 @@
%bcond_with only_print_mozconfig
%bcond_without mozilla_tb_kde4
%bcond_with mozilla_tb_valgrind
%bcond_without mozilla_tb_optimize_for_size
# define if ccache should be used or not
%define useccache 0
%define useccache 1
# No i586 on SLE-12, as the rpmlints are broken and can't handle the big rpms resulting from this build.
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
ExclusiveArch: aarch64 ppc64le x86_64 s390x
%else
# Firefox only supports i686
%ifarch %ix86
ExclusiveArch: i586 i686
BuildArch: i686
%{expand:%%global optflags %(echo "%optflags"|sed -e s/i586/i686/) -march=i686 -mtune=generic -msse2}
%endif
%endif
%{expand:%%global optflags %(echo "%optflags"|sed -e s/-flto=auto//) }
# general build definitions
@@ -64,10 +69,11 @@ BuildArch: i686
%define srcname thunderbird
%define appname Thunderbird
%define progdir %{_prefix}/%_lib/%{progname}
%define gnome_dir %{_prefix}
%define desktop_file_name %{progname}
%define gnome_dir %{_prefix}
%{!?orig_suffix:%global orig_suffix ""}
%define desktop_file_name %(echo "%{orig_suffix}" | grep -q esr && echo "%{progname}-esr" || echo "%{progname}")
%define __provides_exclude ^lib.*\\.so.*$
%define __requires_exclude ^(libmoz.*|liblgpllibs.*|libxul.*|libldap.*|libldif.*|libprldap.*|librnp.*)$
%define __requires_exclude ^(libmoz.*|liblgpllibs.*|libxul.*|libgk.*|libldap.*|libldif.*|libprldap.*|librnp.*)$
%define localize 1
%ifarch %ix86 x86_64
%define crashreporter 1
@@ -87,41 +93,44 @@ Name: %{pkgname}
BuildRequires: Mesa-devel
BuildRequires: alsa-devel
BuildRequires: autoconf213
BuildRequires: cargo1.84
BuildRequires: dbus-1-glib-devel
BuildRequires: dejavu-fonts
BuildRequires: fdupes
BuildRequires: gcc14
BuildRequires: gcc14-c++
BuildRequires: memory-constraints
%if 0%{?suse_version} >= 1699
BuildRequires: gcc13
BuildRequires: gcc13-c++
%else
%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600
BuildRequires: gcc13
BuildRequires: gcc13-c++
%else
BuildRequires: gcc-c++
%endif
%endif
BuildRequires: cargo1.72
BuildRequires: rust1.72
BuildRequires: rust1.84
%if 0%{useccache} != 0
BuildRequires: ccache
%endif
BuildRequires: libXcomposite-devel
BuildRequires: libcurl-devel
BuildRequires: mozilla-nspr-devel >= 4.35
BuildRequires: mozilla-nss-devel >= 3.90
BuildRequires: mozilla-nss-devel >= 3.101.1
BuildRequires: nasm >= 2.14
BuildRequires: nodejs >= 12.22.12
%if 0%{?sle_version} >= 150000 && 0%{?sle_version} <= 150600
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} <= 150000
BuildRequires: libXtst-devel
BuildRequires: nodejs12 >= 12.22.12
#BuildRequires: python-libxml2
BuildRequires: python39
BuildRequires: python39-curses
BuildRequires: python39-devel
%else
%if 0%{?sle_version} > 150000 && 0%{?sle_version} <= 150600
BuildRequires: nodejs12 >= 12.22.12
BuildRequires: python39
BuildRequires: python39-curses
BuildRequires: python39-devel
%else
# ALP
BuildRequires: nodejs >= 12.22.12
BuildRequires: python3 >= 3.7
BuildRequires: python3-curses
BuildRequires: python3-devel
%endif
BuildRequires: rust-cbindgen >= 0.24.3
%endif
BuildRequires: rust-cbindgen >= 0.27
BuildRequires: unzip
BuildRequires: update-desktop-files
BuildRequires: xorg-x11-libXt-devel
@@ -133,10 +142,10 @@ BuildRequires: zip
%if 0%{?suse_version} < 1550
BuildRequires: pkgconfig(gconf-2.0) >= 1.2.1
%endif
%if (0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000)
BuildRequires: clang6-devel
%if 0%{?suse_version} < 1599
BuildRequires: clang15-devel
%else
BuildRequires: clang-devel >= 5
BuildRequires: clang-devel
%endif
BuildRequires: pkgconfig(glib-2.0) >= 2.22
BuildRequires: pkgconfig(gobject-2.0)
@@ -162,12 +171,6 @@ Provides: thunderbird = %{version}
Obsoletes: MozillaThunderbird-devel < %{version}
Provides: appdata()
Provides: appdata(thunderbird.appdata.xml)
%if %{with mozilla_tb_kde4}
# this is needed to match this package with the kde4 helper package without the main package
# having a hard requirement on the kde4 package
%define kde_helper_version 6
Provides: mozilla-kde4-version = %{kde_helper_version}
%endif
Summary: An integrated email, news feeds, chat, and newsgroups client
License: MPL-2.0
Group: Productivity/Networking/Email/Clients
@@ -184,39 +187,25 @@ Source7: l10n-%{orig_version}%{orig_suffix}.tar.xz
%endif
Source9: thunderbird.appdata.xml
Source13: spellcheck.js
Source14: https://github.com/openSUSE/firefox-scripts/raw/c3f287d/create-tar.sh
Source14: https://github.com/openSUSE/firefox-scripts/raw/913fab1a196e2a0623b5c554598bfde3b4b49e29/create-tar.sh
Source20: https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/source/%{srcname}-%{orig_version}%{orig_suffix}.source.tar.xz.asc
Source21: https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/KEY#/mozilla.keyring
# Gecko/Toolkit
Patch1: mozilla-nongnome-proxies.patch
%if %{with mozilla_tb_kde4}
Patch2: mozilla-kde.patch
%endif
Patch3: mozilla-ntlm-full-path.patch
Patch4: mozilla-aarch64-startup-crash.patch
Patch5: mozilla-fix-aarch64-libopus.patch
Patch5: mozilla-bmo531915.patch
Patch6: mozilla-s390-context.patch
Patch7: mozilla-pgo.patch
Patch8: mozilla-reduce-rust-debuginfo.patch
Patch9: mozilla-bmo1504834-part1.patch
Patch10: mozilla-bmo1504834-part3.patch
Patch11: mozilla-bmo1512162.patch
Patch12: mozilla-fix-top-level-asm.patch
Patch13: mozilla-bmo849632.patch
Patch14: mozilla-bmo998749.patch
Patch15: mozilla-libavcodec58_91.patch
Patch16: mozilla-silence-no-return-type.patch
Patch17: mozilla-bmo531915.patch
Patch18: one_swizzle_to_rule_them_all.patch
Patch19: svg-rendering.patch
Patch20: mozilla-partial-revert-1768632.patch
Patch21: mozilla-bmo1775202.patch
Patch22: mozilla-rust-disable-future-incompat.patch
Patch23: thunderbird-fix-CVE-2024-34703.patch
%if 0%{?product_libs_llvm_ver} > 17
# LLVM18 breaks building Firefox ESR:
Patch30: mozilla-fix-issues-with-llvm18.patch
%endif
Patch10: mozilla-bmo1504834-part1.patch
Patch14: mozilla-bmo849632.patch
Patch15: mozilla-bmo998749.patch
Patch17: mozilla-libavcodec58_91.patch
Patch18: mozilla-silence-no-return-type.patch
Patch20: one_swizzle_to_rule_them_all.patch
Patch21: svg-rendering.patch
Patch22: thunderbird-silence-no-return.patch
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /bin/sh
@@ -230,6 +219,12 @@ PreReq: textutils
Recommends: libcanberra0
Recommends: libotr5
Recommends: libpulse0
# To make security-keys (e.g. Yubikey) work with TB, it needs the udev-rules installed.
# A clean package with the most common rules exists only in SP3 onwards. `u2f-hosts` could be used on older
# code streams, but it contains more than just the rules, so we're not recommending it here.
%if 0%{?suse_version} >= 1600 || 0%{?sle_version} >= 150300
Recommends: libfido2-udev
%endif
Requires: %{name}-openpgp
Suggests: %{name}-openpgp-librnp
Requires(post): desktop-file-utils
@@ -305,14 +300,6 @@ DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\""
find . -regex ".*\.c\|.*\.cpp\|.*\.h" -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
%if %{with mozilla_tb_kde4}
kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3)
if test "$kdehelperversion" != %{kde_helper_version}; then
echo fix kde helper version in the .spec file
exit 1
fi
%endif
# When doing only_print_mozconfig, this file isn't necessarily available, so skip it
cp %{SOURCE4} .obsenv.sh
%else
@@ -322,7 +309,7 @@ echo "" > .obsenv.sh
cat >> .obsenv.sh <<EOF
export CARGO_HOME=${RPM_BUILD_DIR}/%{srcname}-%{orig_version}/.cargo
export MOZ_SOURCE_CHANGESET=\$RELEASE_TAG
#export MOZ_SOURCE_CHANGESET=\$RELEASE_TAG
export SOURCE_REPO=\$RELEASE_REPO
export source_repo=\$RELEASE_REPO
export MOZ_SOURCE_REPO=\$RELEASE_REPO
@@ -332,35 +319,20 @@ export BUILD_OFFICIAL=1
export MOZ_TELEMETRY_REPORTING=1
export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
export CFLAGS="%{optflags}"
%if 0%{?suse_version} >= 1699
export CC=gcc-13
export CXX=g++-13
%else
%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600
export CC=gcc-13
export CXX=g++-13
%else
%if 0%{?clang_build} == 0
export CC=gcc
export CXX=g++
%if 0%{?gcc_version:%{gcc_version}} >= 12
export CFLAGS="\$CFLAGS -fimplicit-constexpr"
%endif
%endif
%endif
export CC=gcc-14
export CXX=g++-14
%endif
%ifarch %arm %ix86
### NOTE: these sections are not required anymore. Alson --no-keep-memory + -Wl,-z,pack-relative-relocs causes
### ld to go OOM (https://sourceware.org/bugzilla/show_bug.cgi?id=30756)
# Limit RAM usage during link
export LDFLAGS="\$LDFLAGS -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
# export LDFLAGS="\$LDFLAGS -Wl,--no-keep-memory -Wl,--reduce-memory-overheads -Wl,--no-map-whole-files -Wl,--hash-size=31"
#
# A lie to prevent -Wl,--gc-sections being set which requires more memory than 32bit can offer
export GC_SECTIONS_BREAKS_DEBUG_RANGES=yes
#export GC_SECTIONS_BREAKS_DEBUG_RANGES=yes
%endif
export LDFLAGS="\$LDFLAGS -fPIC -Wl,-z,relro,-z,now"
%ifarch ppc64 ppc64le
%if 0%{?clang_build} == 0
#export CFLAGS="\$CFLAGS -mminimal-toc"
%endif
%endif
%ifarch %ix86
# Not enough memory on 32-bit systems, reduce debug info.
export CFLAGS="\$CFLAGS -g1"
@@ -379,8 +351,8 @@ source ./.obsenv.sh
cat << EOF > $MOZCONFIG
mk_add_options MOZILLA_OFFICIAL=1
mk_add_options BUILD_OFFICIAL=1
mk_add_options MOZ_MAKE_FLAGS=%{?jobs:-j%jobs}
mk_add_options MOZ_OBJDIR=$RPM_BUILD_DIR/obj
mk_add_options MOZ_MAKE_FLAGS=%{?_smp_mflags}
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../obj
ac_add_options --disable-bootstrap
ac_add_options --prefix=%{_prefix}
ac_add_options --libdir=%{_libdir}
@@ -399,12 +371,6 @@ ac_add_options --disable-debug-symbols
ac_add_options --enable-debug-symbols=-g1
%endif
ac_add_options --disable-install-strip
# building with elf-hack started to fail everywhere with FF73
#%%if 0%%{?suse_version} > 1549
%ifarch %arm %ix86 x86_64
ac_add_options --disable-elf-hack
%endif
#%%endif
ac_add_options --with-system-nspr
ac_add_options --with-system-nss
%if 0%{useccache} != 0
@@ -418,7 +384,7 @@ ac_add_options --disable-updater
ac_add_options --disable-tests
ac_add_options --enable-alsa
ac_add_options --disable-debug
ac_add_options --disable-necko-wifi
#ac_add_options --disable-necko-wifi
ac_add_options --enable-update-channel=%{update_channel}
ac_add_options --with-unsigned-addon-scopes=app
ac_add_options --allow-addon-sideload
@@ -447,7 +413,7 @@ ac_add_options --enable-optimize="-O1"
%ifarch x86_64
# LTO needs newer toolchain stack only (at least GCC 8.2.1 (r268506)
%if 0%{?suse_version} > 1500
#ac_add_options --enable-lto
ac_add_options --enable-lto
%if 0%{?do_profiling}
ac_add_options MOZ_PGO=1
%endif
@@ -474,6 +440,9 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \
# build additional locales
%if %localize
# Work around the following Exception: Cannot use MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE="system" for any sites other than ('mach', 'build', 'common'). The current attempted site is "tb_common".
# by unsetting MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE, which we don't need for l10n-packages
unset MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE
truncate -s 0 %{_tmppath}/translations.{common,other}
# langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943)
# Therefore, we have to have a separate obj-dir for each language
@@ -493,11 +462,10 @@ ac_add_options --without-wasm-sandboxed-libraries
ac_add_options --enable-official-branding
EOF
%ifarch %ix86
#%%define njobs 0%{?jobs:%%jobs}
# Weird race condition when building langpacks which comes and goes in OBS/IBS is hitting heavy with TB 128
# so we have to build it sequentially, sadly.
%define njobs 1
%else
%define njobs 0%{?jobs:%jobs}
%endif
mkdir -p $RPM_BUILD_DIR/langpacks_artifacts/
sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/mail/locales/shipped-locales \
@@ -566,9 +534,13 @@ mkdir -p %{buildroot}%{_datadir}/applications
install -m 644 %{SOURCE1} \
%{buildroot}%{_datadir}/applications/%{desktop_file_name}.desktop
%suse_update_desktop_file %{desktop_file_name} Network Email GTK
# additional mime-types
#mkdir -p %{buildroot}%{_datadir}/mime/packages
# cp %{SOURCE8} %{buildroot}%{_datadir}/mime/packages/%{progname}.xml
# appdata
mkdir -p %{buildroot}%{_datadir}/appdata
cp %{SOURCE9} %{buildroot}%{_datadir}/appdata/%{desktop_file_name}.appdata.xml
sed -e 's,thunderbird.desktop,%{desktop_file_name}.desktop,g' \
%{SOURCE9} > %{buildroot}%{_datadir}/appdata/%{desktop_file_name}.appdata.xml
# apply SUSE defaults
sed -e 's,RPM_VERSION,%{mainversion},g
s,GSSAPI,%{libgssapi},g' \
@@ -598,6 +570,7 @@ rm -f %{buildroot}%{progdir}/updater.ini
rm -f %{buildroot}%{progdir}/update.locale
rm -f %{buildroot}%{progdir}/dictionaries/en-US*
rm -f %{buildroot}%{progdir}/nspr-config
rm -f %{buildroot}%{progdir}/interesting_serverknobs.json
# Some sites use different partitions for /usr/(lib|lib64) and /usr/share. Since you
# can't create hardlinks across partitions, we'll do this more than once.
%fdupes %{buildroot}%{progdir}
@@ -626,23 +599,19 @@ exit 0
%{progdir}/*.so
%exclude %{progdir}/librnp.so
%{progdir}/glxtest
%if 0%{wayland_supported}
%{progdir}/vaapitest
%endif
%{progdir}/omni.ja
%{progdir}/fonts/
%{progdir}/pingsender
%{progdir}/platform.ini
%{progdir}/plugin-container
%{progdir}/rnp-cli
%{progdir}/rnpkeys
%{progdir}/thunderbird-bin
# crashreporter files
%if %crashreporter
%{progdir}/crashhelper
%{progdir}/crashreporter
%{progdir}/crashreporter.ini
%{progdir}/Throbber-small.gif
%{progdir}/minidump-analyzer
#%%{progdir}/minidump-analyzer
%endif
%dir %{progdir}/chrome/
%{progdir}/chrome/icons/

View File

@@ -47,6 +47,16 @@
</memoryperjob>
</hardware>
</overwrite>
<overwrite>
<conditions>
<arch>s390x</arch>
</conditions>
<hardware>
<memory>
<size unit="G">17</size>
</memory>
</hardware>
</overwrite>
<overwrite>
<conditions>
<arch>x86_64</arch>
@@ -57,4 +67,14 @@
</memory>
</hardware>
</overwrite>
<overwrite>
<conditions>
<arch>riscv64</arch>
</conditions>
<hardware>
<memory>
<size unit="G">28</size>
</memory>
</hardware>
</overwrite>
</constraints>

View File

@@ -84,6 +84,7 @@ function set_internal_variables() {
FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"
FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/%s/candidates"
LOCALES_URL="https://product-details.mozilla.org/1.0/l10n"
FF_L10N_MONOREPO="https://github.com/mozilla-l10n/firefox-l10n"
PRODUCT_URL="https://product-details.mozilla.org/1.0"
ALREADY_EXTRACTED_LOCALES_FILE=0
}
@@ -137,7 +138,7 @@ function get_source_stamp() {
local BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1;
local REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp)
local SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo)
local TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid)
TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid)
echo "Extending $TAR_STAMP with:"
echo "RELEASE_REPO=${SOURCE_REPO}"
echo "RELEASE_TAG=${REV}"
@@ -428,7 +429,7 @@ function clone_and_repackage_sources() {
# get repo and source stamp
local REV=$(hg -R . parent --template="{node|short}\n")
local SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/")
local TIMESTAMP=$(date +%Y%m%d%H%M%S)
TIMESTAMP=$(date +%Y%m%d%H%M%S)
if [ "$PRODUCT" = "thunderbird" ]; then
pushd comm || exit 1
@@ -500,10 +501,6 @@ function clone_and_repackage_locales() {
FF_L10N_BASE="l10n_ff"
fi
test ! -d $FF_L10N_BASE && mkdir $FF_L10N_BASE
# No-op, if we are building FF:
test ! -d $FINAL_L10N_BASE && mkdir $FINAL_L10N_BASE
# This is only relevant for Thunderbird-builds
# Here, the relevant directories we need to copy from FF and from TB
# are specified in a python-file in the tarball
@@ -512,33 +509,42 @@ function clone_and_repackage_locales() {
tb_locale_template=$(get_locales_directories "COMM_STRINGS_PATTERNS")
echo "Fetching Browser locales..."
jq -r 'to_entries[]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | \
while read -r locale changeset ; do
case $locale in
ja-JP-mac|en-US)
;;
*)
echo "reading changeset information for $locale"
echo "fetching $locale changeset $changeset ..."
if [ -d "$FF_L10N_BASE/$locale/.hg" ]; then
pushd "$FF_L10N_BASE/$locale" || exit 1
hg pull || exit 1
popd || exit 1
else
hg clone "https://hg.mozilla.org/l10n-central/$locale" "$FF_L10N_BASE/$locale" || exit 1
fi
[ "$RELEASE_TAG" == "default" ] || hg -R "$FF_L10N_BASE/$locale" up -C -r "$changeset" || exit 1
if [ -d "$FF_L10N_BASE/.git" ]; then
pushd "$FF_L10N_BASE/" || exit 1
git fetch -a || exit 1
popd || exit 1
else
git clone "$FF_L10N_MONOREPO" "$FF_L10N_BASE" || exit 1
fi
# Currently all locales show the same changeset-hash, as they moved to a monorepo. We just take the first one.
changeset=$(jq -r 'to_entries[0]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | cut -d " " -f 2)
[ "$RELEASE_TAG" == "default" ] || git -C "$FF_L10N_BASE/" switch --detach "$changeset" || exit 1
# If we are doing TB, we have to merge both l10n-repos
if [ "$PRODUCT" = "thunderbird" ] && test -d "$TB_L10N_BASE/$locale/" ; then
# No-op, if we are building FF:
test ! -d $FINAL_L10N_BASE && mkdir $FINAL_L10N_BASE
# If we are doing TB, we have to merge both l10n-repos
if [ "$PRODUCT" = "thunderbird" ] && test -d "$TB_L10N_BASE/$locale/" ; then
jq -r 'to_entries[]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | \
while read -r locale changeset ; do
case $locale in
ja-JP-mac|en-US)
;;
*)
create_and_copy_locales "$locale" "$FF_L10N_BASE" "$ff_locale_template" "$FINAL_L10N_BASE"
create_and_copy_locales "$locale" "$TB_L10N_BASE" "$tb_locale_template" "$FINAL_L10N_BASE"
fi
;;
esac
done
;;
esac
done
fi
echo "creating l10n archive..."
local TAR_FLAGS="--exclude-vcs"
# For reproducable tarballs
# Convert TIMESTAMP to ISO-format, so tar can understand it, then set mtime to it
local MTIME=$(python3 -c "from datetime import datetime; print(datetime.strptime(${TIMESTAMP}, '%Y%m%d%H%M%S').isoformat())")
TAR_FLAGS="$TAR_FLAGS --sort=name --format=posix --pax-option=delete=atime,delete=ctime,exthdr.name=%d/PaxHeaders/%f --numeric-owner --owner=0 --group=0 --mode=go+u,go-w --clamp-mtime --mtime=$MTIME"
if [ "$PRODUCT" = "thunderbird" ]; then
TAR_FLAGS="$TAR_FLAGS --exclude=suite"
fi

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:14f891ecacb5296f675dad6075e512089902824b28928c20ea3a2998797db58b
size 30459468

3
l10n-140.1.1esr.tar.xz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3d1d482a383d9349a05e261282be243872f2097edb5d45b235651e6180ce65e2
size 33282056

View File

@@ -2,9 +2,10 @@
# Parent 9fcbd287056a40084b1e679f787bf683b291f323
Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834
diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
--- a/gfx/2d/DrawTargetSkia.cpp
+++ b/gfx/2d/DrawTargetSkia.cpp
Index: firefox-128.0/gfx/2d/DrawTargetSkia.cpp
===================================================================
--- firefox-128.0.orig/gfx/2d/DrawTargetSkia.cpp
+++ firefox-128.0/gfx/2d/DrawTargetSkia.cpp
@@ -156,7 +156,8 @@ static IntRect CalculateSurfaceBounds(co
}
@@ -15,9 +16,10 @@ diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
static bool VerifyRGBXFormat(uint8_t* aData, const IntSize& aSize,
const int32_t aStride, SurfaceFormat aFormat) {
diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h
--- a/gfx/2d/Types.h
+++ b/gfx/2d/Types.h
Index: firefox-128.0/gfx/2d/Types.h
===================================================================
--- firefox-128.0.orig/gfx/2d/Types.h
+++ firefox-128.0/gfx/2d/Types.h
@@ -89,18 +89,11 @@ enum class SurfaceFormat : int8_t {
// This represents the unknown format.
UNKNOWN, // TODO: Replace uses with Maybe<SurfaceFormat>.
@@ -40,10 +42,11 @@ diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h
// The following values are OS and endian-independent synonyms.
//
diff --git a/gfx/skia/skia/modules/skcms/skcms.cc b/gfx/skia/skia/modules/skcms/skcms.cc
--- a/gfx/skia/skia/modules/skcms/skcms.cc
+++ b/gfx/skia/skia/modules/skcms/skcms.cc
@@ -30,6 +30,8 @@
Index: firefox-128.0/gfx/skia/skia/modules/skcms/skcms.cc
===================================================================
--- firefox-128.0.orig/gfx/skia/skia/modules/skcms/skcms.cc
+++ firefox-128.0/gfx/skia/skia/modules/skcms/skcms.cc
@@ -31,6 +31,8 @@
#include <avx512fintrin.h>
#include <avx512dqintrin.h>
#endif
@@ -51,7 +54,7 @@ diff --git a/gfx/skia/skia/modules/skcms/skcms.cc b/gfx/skia/skia/modules/skcms/
+ #define SKCMS_PORTABLE
#endif
static bool runtime_cpu_detection = true;
using namespace skcms_private;
@@ -324,20 +326,28 @@ enum {
static uint16_t read_big_u16(const uint8_t* ptr) {
uint16_t be;

View File

@@ -1,17 +0,0 @@
# HG changeset patch
# Parent 09cd4ac2cc607e85aa572425b824fbab386af607
For FF68, AntiAliasing of XULTexts seem to be broken on big endian (s390x). Text and icons of the sandwich-menu to the
right of the address bar, as well as plugin-windows appears transparant, which usually means unreadable (white on white).
diff --git a/gfx/skia/skia/src/opts/SkBlitMask_opts.h b/gfx/skia/skia/src/opts/SkBlitMask_opts.h
--- a/gfx/skia/skia/src/opts/SkBlitMask_opts.h
+++ b/gfx/skia/skia/src/opts/SkBlitMask_opts.h
@@ -210,6 +210,8 @@ namespace SK_OPTS_NS {
// ~~~>
// a = 1*aa + d(1-1*aa) = aa + d(1-aa)
// c = 0*aa + d(1-1*aa) = d(1-aa)
+ // TODO: Check this for endian-issues!
+ // Do we need to switch 255 to the front for all of those tuples?
return (aa & Sk4px(skvx::byte16{0,0,0,255, 0,0,0,255, 0,0,0,255, 0,0,0,255}))
+ d.approxMulDiv255(aa.inv());
};

View File

@@ -1,35 +0,0 @@
# HG changeset patch
# Parent f9f5af4c88f2f3172a4f30d7e42bd2131bf24146
This fixes a broken build for gcc < 9 on ppc64le.
This patch can be removed for newer gcc-versions.
Index: firefox-115.0/js/xpconnect/src/XPCWrappedNative.cpp
===================================================================
--- firefox-115.0.orig/js/xpconnect/src/XPCWrappedNative.cpp
+++ firefox-115.0/js/xpconnect/src/XPCWrappedNative.cpp
@@ -1061,7 +1061,11 @@ class MOZ_STACK_CLASS CallMethodHelper f
MOZ_ALWAYS_INLINE bool GetOutParamSource(uint8_t paramIndex,
MutableHandleValue srcp) const;
- MOZ_ALWAYS_INLINE bool GatherAndConvertResults();
+#if !(__GNUC__ && __linux__ && __PPC64__ && _LITTLE_ENDIAN)
+// Work around a compiler bug on ppc64le (bug 1512162).
+ MOZ_ALWAYS_INLINE
+#endif
+ bool GatherAndConvertResults();
MOZ_ALWAYS_INLINE bool QueryInterfaceFastPath();
@@ -1108,7 +1112,11 @@ class MOZ_STACK_CLASS CallMethodHelper f
~CallMethodHelper();
- MOZ_ALWAYS_INLINE bool Call();
+#if !(__GNUC__ && __linux__ && __PPC64__ && _LITTLE_ENDIAN)
+// Work around a compiler bug on ppc64le (bug 1512162).
+ MOZ_ALWAYS_INLINE
+#endif
+ bool Call();
// Trace implementation so we can put our CallMethodHelper in a Rooted<T>.
void trace(JSTracer* aTrc);

View File

@@ -1,26 +0,0 @@
From: Mike Hommey <mh@glandium.org>
Date: Sun, 14 Aug 2022 07:01:33 +0900
Subject: Work around bz#1775202 to fix FTBFS on ppc64el
---
third_party/libwebrtc/moz.build | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/third_party/libwebrtc/moz.build b/third_party/libwebrtc/moz.build
index 976cf373..311519c 100644
--- a/third_party/libwebrtc/moz.build
+++ b/third_party/libwebrtc/moz.build
@@ -566,6 +566,13 @@ if CONFIG["CPU_ARCH"] == "arm" and CONFIG["OS_TARGET"] == "Linux":
"/third_party/libwebrtc/third_party/pipewire/pipewire_gn"
]
+if CONFIG["CPU_ARCH"] == "ppc64" and CONFIG["OS_TARGET"] == "Linux":
+
+ DIRS += [
+ "/third_party/libwebrtc/modules/desktop_capture/desktop_capture_gn",
+ "/third_party/libwebrtc/modules/desktop_capture/primitives_gn",
+ ]
+
if CONFIG["CPU_ARCH"] == "x86" and CONFIG["OS_TARGET"] == "Linux":
DIRS += [

View File

@@ -1,15 +0,0 @@
# HG changeset patch
# Parent af2c24874d79cbebb444727ae96f2fefa3f22b47
diff --git a/media/libopus/silk/arm/arm_silk_map.c b/media/libopus/silk/arm/arm_silk_map.c
--- a/media/libopus/silk/arm/arm_silk_map.c
+++ b/media/libopus/silk/arm/arm_silk_map.c
@@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE.
# include "config.h"
#endif
-#include "main_FIX.h"
+#include "../fixed/main_FIX.h"
#include "NSQ.h"
#include "SigProc_FIX.h"

View File

@@ -1,94 +0,0 @@
Adapt the shipped rust-bindgen copy for LLVM-18 and later,
and tell cargo we've modified the code of rust-bindgen so
the checksum verification of this crate should be skipped
diff -rup a/Cargo.lock b/Cargo.lock
--- a/Cargo.lock 2024-03-14 06:21:23.000000000 +0100
+++ b/Cargo.lock 2024-03-20 13:15:35.146224179 +0100
@@ -414,8 +414,8 @@ dependencies = [
[[package]]
name = "bindgen"
version = "0.64.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4243e6031260db77ede97ad86c27e501d646a27ab57b59a574f725d98ab1fb4"
+#source = "registry+https://github.com/rust-lang/crates.io-index"
+#checksum = "c4243e6031260db77ede97ad86c27e501d646a27ab57b59a574f725d98ab1fb4"
dependencies = [
"bitflags 1.3.2",
"cexpr",
diff -rup a/Cargo.toml b/Cargo.toml
--- a/Cargo.toml 2024-03-20 13:09:16.152828408 +0100
+++ b/Cargo.toml 2024-03-20 13:14:09.072867031 +0100
@@ -193,3 +193,8 @@ weedle2 = "=4.0.0"
# Shut up such messages for now to make the build succeed
[future-incompat-report]
frequency = "never"
+
+[patch.crates-io.bindgen_0_64_0]
+package = "bindgen"
+version = "0.64.0"
+path = "third_party/rust/bindgen"
diff -rup a/third_party/rust/bindgen/ir/item.rs b/third_party/rust/bindgen/ir/item.rs
--- a/third_party/rust/bindgen/ir/item.rs 2024-03-14 06:21:40.000000000 +0100
+++ b/third_party/rust/bindgen/ir/item.rs 2024-03-20 13:11:32.062844514 +0100
@@ -1434,6 +1434,7 @@ impl Item {
// We allowlist cursors here known to be unhandled, to prevent being
// too noisy about this.
match cursor.kind() {
+ CXCursor_LinkageSpec => return Err(ParseError::Recurse),
CXCursor_MacroDefinition |
CXCursor_MacroExpansion |
CXCursor_UsingDeclaration |
Adapt the WebRTC code to use 64-bit timestamp to fix a build
failure with Clang-18 and later
diff -rup a/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp b/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp
--- a/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp 2024-03-14 06:21:25.000000000 +0100
+++ b/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp 2024-03-20 13:17:20.839584778 +0100
@@ -99,7 +99,7 @@ struct EncodedFrame {
uint8_t y_;
uint8_t u_;
uint8_t v_;
- uint32_t timestamp_;
+ uint64_t timestamp_;
} idr_nalu;
};
#pragma pack(pop)
diff -rup a/dom/media/gtest/TestGMPRemoveAndDelete.cpp b/dom/media/gtest/TestGMPRemoveAndDelete.cpp
--- a/dom/media/gtest/TestGMPRemoveAndDelete.cpp 2024-03-14 06:21:25.000000000 +0100
+++ b/dom/media/gtest/TestGMPRemoveAndDelete.cpp 2024-03-20 13:17:20.839584778 +0100
@@ -361,7 +361,7 @@ void GMPRemoveTest::gmp_Decode() {
uint8_t y_;
uint8_t u_;
uint8_t v_;
- uint32_t timestamp_;
+ uint64_t timestamp_;
} idr_nalu;
};
#pragma pack(pop)
diff -rup a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp
--- a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp 2024-03-14 06:21:24.000000000 +0100
+++ b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp 2024-03-20 13:17:20.842918112 +0100
@@ -540,7 +540,7 @@ void WebrtcGmpVideoEncoder::Encoded(
webrtc::VideoFrameType ft;
GmpFrameTypeToWebrtcFrameType(aEncodedFrame->FrameType(), &ft);
- uint32_t timestamp = (aEncodedFrame->TimeStamp() * 90ll + 999) / 1000;
+ uint64_t timestamp = (aEncodedFrame->TimeStamp() * 90ll + 999) / 1000;
GMP_LOG_DEBUG("GMP Encoded: %" PRIu64 ", type %d, len %d",
aEncodedFrame->TimeStamp(), aEncodedFrame->BufferType(),
diff -rup a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h
--- a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h 2024-03-14 06:21:24.000000000 +0100
+++ b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h 2024-03-20 13:17:32.442921055 +0100
@@ -302,7 +302,7 @@ class WebrtcGmpVideoEncoder : public GMP
int64_t timestamp_us;
};
// Map rtp time -> input image data
- DataMutex<std::map<uint32_t, InputImageData>> mInputImageMap;
+ DataMutex<std::map<uint64_t, InputImageData>> mInputImageMap;
MediaEventProducer<uint64_t> mInitPluginEvent;
MediaEventProducer<uint64_t> mReleasePluginEvent;

View File

@@ -1,66 +0,0 @@
From 91bb79836ee274855393bdf6ab10e24899b1b349 Mon Sep 17 00:00:00 2001
From: Martin Liska <mliska@suse.cz>
Date: Fri, 17 May 2019 14:41:35 +0200
Subject: [PATCH] Fix top-level asm issue.
---
security/sandbox/linux/moz.build | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/security/sandbox/linux/moz.build b/security/sandbox/linux/moz.build
--- a/security/sandbox/linux/moz.build
+++ b/security/sandbox/linux/moz.build
@@ -66,32 +66,32 @@ UNIFIED_SOURCES += [
"../chromium/base/time/time_now_posix.cc",
"../chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc",
"../chromium/sandbox/linux/bpf_dsl/codegen.cc",
"../chromium/sandbox/linux/bpf_dsl/dump_bpf.cc",
"../chromium/sandbox/linux/bpf_dsl/policy.cc",
"../chromium/sandbox/linux/bpf_dsl/policy_compiler.cc",
"../chromium/sandbox/linux/bpf_dsl/syscall_set.cc",
"../chromium/sandbox/linux/seccomp-bpf/die.cc",
- "../chromium/sandbox/linux/seccomp-bpf/syscall.cc",
"broker/SandboxBrokerCommon.cpp",
"Sandbox.cpp",
"SandboxBrokerClient.cpp",
"SandboxFilter.cpp",
"SandboxFilterUtil.cpp",
"SandboxHooks.cpp",
"SandboxInfo.cpp",
"SandboxLogging.cpp",
"SandboxOpenedFiles.cpp",
"SandboxReporterClient.cpp",
]
SOURCES += [
"../chromium/base/strings/safe_sprintf.cc",
"../chromium/base/third_party/icu/icu_utf.cc",
+ "../chromium/sandbox/linux/seccomp-bpf/syscall.cc",
"../chromium/sandbox/linux/seccomp-bpf/trap.cc",
"../chromium/sandbox/linux/services/syscall_wrappers.cc",
]
# This copy of SafeSPrintf doesn't need to avoid the Chromium logging
# dependency like the one in libxul does, but this way the behavior is
# consistent. See also the comment in SandboxLogging.h.
SOURCES["../chromium/base/strings/safe_sprintf.cc"].flags += ["-DNDEBUG"]
@@ -105,16 +105,19 @@ if CONFIG["CC_TYPE"] in ("clang", "gcc")
"-Wno-unreachable-code-return"
]
if CONFIG["CC_TYPE"] in ("clang", "gcc"):
CXXFLAGS += ["-Wno-error=stack-protector"]
SOURCES["../chromium/sandbox/linux/services/syscall_wrappers.cc"].flags += [
"-Wno-empty-body",
]
+ SOURCES['../chromium/sandbox/linux/seccomp-bpf/syscall.cc'].flags += [
+ '-fno-lto'
+ ]
# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build. Work around that by
# forcing there to be only one partition.
for f in CONFIG["OS_CXXFLAGS"]:
if f.startswith("-flto") and CONFIG["CC_TYPE"] != "clang":
LDFLAGS += ["--param lto-partitions=1"]

File diff suppressed because it is too large Load Diff

View File

@@ -1,16 +1,12 @@
# HG changeset patch
# Parent 60fc1933af9d4f1769025a6f1d9a60db6b899315
diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
--- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
@@ -36,16 +36,18 @@ static const char* sLibs[] = {
"libavcodec.54.dylib",
"libavcodec.53.dylib",
#elif defined(XP_OPENBSD)
"libavcodec.so", // OpenBSD hardly controls the major/minor library version
// of ffmpeg and update it regulary on ABI/API changes
#else
Index: firefox-127.0/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
===================================================================
--- firefox-127.0.orig/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+++ firefox-127.0/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
@@ -49,6 +49,8 @@ static const char* sLibs[] = {
"libavcodec.so.61",
"libavcodec.so.60",
"libavcodec.so.59",
+ "libavcodec.so.58.134",
@@ -18,8 +14,3 @@ diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/plat
"libavcodec.so.58",
"libavcodec-ffmpeg.so.58",
"libavcodec-ffmpeg.so.57",
"libavcodec-ffmpeg.so.56",
"libavcodec.so.57",
"libavcodec.so.56",
"libavcodec.so.55",
"libavcodec.so.54",

View File

@@ -1,18 +1,14 @@
# HG changeset patch
# User Petr Cerny <pcerny@novell.com>
# Parent 7308e4a7c1f769f4bbbc90870b849cadd99495a6
# Parent 1c6a565013e4c5f3494f964269783939cd5ed0b8
Bug 634334 - call to the ntlm_auth helper fails
diff --git a/extensions/auth/nsAuthSambaNTLM.cpp b/extensions/auth/nsAuthSambaNTLM.cpp
--- a/extensions/auth/nsAuthSambaNTLM.cpp
+++ b/extensions/auth/nsAuthSambaNTLM.cpp
@@ -160,7 +160,7 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH
const char* username = PR_GetEnv("USER");
if (!username) return NS_ERROR_FAILURE;
diff -ru thunderbird-140.0.1.old/extensions/auth/nsAuthSambaNTLM.cpp thunderbird-140.0.1/extensions/auth/nsAuthSambaNTLM.cpp
--- thunderbird-140.0.1.old/extensions/auth/nsAuthSambaNTLM.cpp 2025-07-09 19:15:12.000000000 -0500
+++ thunderbird-140.0.1/extensions/auth/nsAuthSambaNTLM.cpp 2025-07-14 23:33:57.065780950 -0500
@@ -153,7 +153,7 @@
options.fds_to_remap.push_back(
std::pair{fromChildPipeWrite.get(), STDOUT_FILENO});
- std::vector<std::string> argvVec{"ntlm_auth", "--helper-protocol",
+ std::vector<std::string> argvVec{"/usr/bin/ntlm_auth", "--helper-protocol",
"ntlmssp-client-1", "--use-cached-creds",
"--username", username};
- const char* const args[] = {"ntlm_auth",
+ const char* const args[] = {"/usr/bin/ntlm_auth",
"--helper-protocol",
"ntlmssp-client-1",
"--use-cached-creds",

View File

@@ -1,13 +0,0 @@
Index: firefox-102.4.0/mfbt/EnumSet.h
===================================================================
--- firefox-102.4.0.orig/mfbt/EnumSet.h
+++ firefox-102.4.0/mfbt/EnumSet.h
@@ -326,7 +326,7 @@ class EnumSet {
}
}
- static constexpr size_t kMaxBits = MaxBits();
+ static constexpr size_t kMaxBits = EnumSet().MaxBits();
Serialized mBitField;

View File

@@ -1,12 +0,0 @@
diff -rup a/Cargo.toml b/Cargo.toml
--- a/Cargo.toml 2023-07-04 15:15:01.089470619 +0200
+++ b/Cargo.toml 2023-07-04 15:24:31.626226962 +0200
@@ -188,3 +188,8 @@ uniffi_bindgen = "=0.23.0"
uniffi_build = "=0.23.0"
uniffi_macros = "=0.23.0"
weedle2 = "=4.0.0"
+
+# Package code v0.1.4 uses code "that will be rejected by a future version of Rust"
+# Shut up such messages for now to make the build succeed
+[future-incompat-report]
+frequency = "never"

File diff suppressed because it is too large Load Diff

View File

@@ -2,19 +2,20 @@ This file contains the public PGP key that is used to sign builds and
artifacts of Mozilla projects (such as Firefox and Thunderbird).
Please realize that this file itself or the public key servers may be
compromised. You are encouraged to validate the authenticity of these keys in
an out-of-band manner.
compromised. You are encouraged to validate the authenticity of these
keys in an out-of-band manner.
Mozilla users: pgp < KEY
gpg --show-keys < KEY
pub rsa4096 2015-07-17 [SC]
14F26682D0916CDD81E37B6D61B7B526D98F0353
uid [ full ] Mozilla Software Releases <release@mozilla.com>
uid Mozilla Software Releases <release@mozilla.com>
sub rsa4096 2021-05-17 [S] [expired: 2023-05-17]
sub rsa4096 2015-07-17 [S] [expired: 2017-07-16]
sub rsa4096 2017-06-22 [S] [expired: 2019-06-22]
sub rsa4096 2019-05-30 [S] [expired: 2021-05-29]
sub rsa4096 2021-05-17 [S] [expired: 2023-05-17]
sub rsa4096 2023-05-05 [S] [expires: 2025-05-04]
sub rsa4096 2025-03-13 [S] [expires: 2027-03-13]
-----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -400,6 +401,41 @@ W81ABx4ASBktXAf1IweRbbxqW8OgMhG6xHTeiEjjav7SmlD0XVOxjhI+qBoNPovW
lChqONxablBkuh0Jd6kdNiaSEM9cd60kK3GT/dBMyv0yVhhLci6HQZ+Mf4cbn0Kt
ayzuQLOcdRCN3FF/JNQH3v6LA1MdRfmJlgC4UdiepBb1uCgtVIPizRuXWDjyjzeP
ZRN/AqaUbEoNBHhIz0nKhQGDbst4ugIzJWIX+6UokwPC3jvJqQQttccjAy6kXBmx
fxyRMB5BEeLY0+qVPyvOxpXEGnlSHYmdIS4=
=ZEQW
fxyRMB5BEeLY0+qVPyvOxpXEGnlSHYmdIS65Ag0EZ9KQfQEQAOVIyh0sZPPFLWxo
FT0WhPzHw8BhgnCBNdZAh9+SM0Apq2VcQKSjBjKiterOTtc6EVh0K2ikbGKHQ1Sv
wNdsYL01cSkJSJORig/1Du1eh+2nlo8nut7xT//V+2FQyWFCLDeQvLlAs3QHMrMY
xTcwNk3qi/z1Z5Q4e6Re2aKRU00LtSomD6CKWy9nAaqTRNzzdndJwIyCyshX4bbU
zAzE7Wbgh/E0/FgBGw87LYITqyU6US4lvoUXB+89XxwMxO9I74L118gXEyybz+JN
0/w87hXAKnaKjasSvobKE4mau8SXqmOO66MxiMaF4Xsmr3oIwo8q9W5d+hA+t225
ipq2rZZErmPL44deMCeKmepjLTa9CoxX2oVpDWGOYFRyJRkLDyyH4O3gCo/5qv4r
OTJqPFfKPtrjWFJKGf4P4UD0GSBX2Q+mOf2XHWsMJE4t8T7jxQCSAQUMwt6M18h1
auIqcfkuNvdJhcl2GvJyCMIbkA3AoiuKaSPgoVCmJdbc6Ao9ydmMUB5Q1rYpMNKC
MsuVP9OcX8FoHEVMXOvr0f6Wfj+iHytfO2VTqrw/cqoCyuPoSrgxjs1/cRSz5g9f
Z0zrOtQyNB5yJ3YPTG3va1/XLflrjPcT4ZUkej9nkFpCNWdEZVWD/z3vXBGSV11N
9Cdy60QbD4yZvDjV2GQ+dwAF1o1BABEBAAGJBHIEGAEKACYWIQQU8maC0JFs3YHj
e21ht7Um2Y8DUwUCZ9KQfQIbAgUJA8JnAAJACRBht7Um2Y8DU8F0IAQZAQoAHRYh
BAm+7WPzRiot/6s7h17LZJfBogJWBQJn0pB9AAoJEF7LZJfBogJW9I4QAJbv4Rhb
4x6Jl75x2Lfp46/e3fZVDhzUdLjK8A/acRF7JRBuJVJRaijJ5tngdknmlmbzfqly
zsMWUciAwVJRvijNFDeicet5zJpBRsXEUAug3iVCD1KlVvLzjCi9Eb9s6xCQjSJ8
DZE020s41wdqtb1nziDASAkg+YH2DzpTEaZVNM39uNDKbaJLYIjKA9MV1YHArqUl
dFsoofBe4zIZRFyvMD7Gmr7Xm0IWYLrfmnenm1JJYIkvGUeVoP8dEonAVhLVwvww
ufobV0qdtMfhZsgFwf1XSHI9MtD4yAVtBqBTkfFeRLnBjJK/ywYxGqbadt1b57I4
ywTQ16oXNrlTF1Su0I8i/fo0i/9ohNl3opN3LbaEbhT37M4xpy4MgL2Fthddc2gW
vF/8TFRaXw7LaLSR7HwO+Y0CpOtV/Ct4RzKEulY5DpV9b1JQJhpLcjMz+pBDAM3K
JuiV6Bcfoz5PZowFy74UmE02Vzk/oyuI/o4KMihy0UzWQVkOZTTu4eONktgGiZOn
RFdiLKVgeLEDXTLdhbuwGS2+wX3I7lLP9AWpK8Ahc81eUwU6MwdbfwfJ1ELtKaa/
JmMjaWkr5aGrp88d8ePR9jYA47Z2q0esB67pRJVe0McVJlu9GQGq05S7lZKs6mi9
dHTzeHwua//IXHMK0s3WhMU7vGwJ3E2+pTstf8AQALSwkezD3QchPV+5CAUYY7Cm
MXB6zzIU18wCS61Y8QdDvqmtWHdMVTp4xT14fS6cvB4uFzacGQJ7CVIWeZgwEFzZ
iev3dKpnUOGg0WQSwmQQA0JCg6/qS0AeUPINjhWtNcR7voCqAYeRcjo47UJclD/K
KNTCn27btHRaEmpTdTtC6sxiVElFObb3a9tHXqwLWp8gJ+NZ+6mlrvvH2hm1CAyQ
TDRYC7nN69QJrKHR8HA3AeR5figQHLwvmfQlV2erZE17GT+L5t0HxX/HKZCim91P
Apqa+7iY0eKPAG5iacABrBi9zzh/ex0ovvuxsBDKUFCSu7HIivnAVrdS/kbO1qJ5
I3MBMp0dlQ6PS6LeZIRhxts0aPPZedsXytoL7kFLISfJ55AuhJpskz+55uviJhp/
H3zNBYtQ+dmFmp4RRk/Nvu0zv6OGtaZy6M5X24Pbzb/OApBML84cEmb3iZie9J2Z
YW68/D96sP09x6GItCJlCIdQZkRcwmkQwgtq9sJDw92/vSGeYdRn+oCAxJ14eObC
sVwcfJARLt45btEnx+zRCAHAHQHpV6qTGT6nqg57XuM9iNNdyTGKRU+Iklgb9LRx
VAQfbn5uXYb5j2ox5pjxtbXTf9Lbo7RkygcWSKZPWmYgGsKS6jmXkDa/TyOlPxkb
aknpPbYMBztRT4Ju0VU4
=4Dnl
-----END PGP PUBLIC KEY BLOCK-----

View File

@@ -18,3 +18,7 @@ pref("extensions.shownSelectionUI", true);
// spellcheck
pref("spellchecker.dictionary_path", "/usr/share/myspell");
// (KDE) desktop support
//pref("widget.use-xdg-desktop-portal.file-picker", 1);

View File

@@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr115"
VERSION="115.15.0"
VERSION_SUFFIX=""
PREV_VERSION="115.14.0"
PREV_VERSION_SUFFIX=""
CHANNEL="esr140"
VERSION="140.1.1"
VERSION_SUFFIX="esr"
REV_VERSION="140.1.0"
PREV_VERSION_SUFFIX="esr"
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115"
RELEASE_TAG="aa5ac5425f0381ec6c3e3d9122b5b9d14cc7e60d"
RELEASE_TIMESTAMP="20240903191356"
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"
RELEASE_TAG="c2cef707a311a491572603b9902681f654964f08"
RELEASE_TIMESTAMP="20250805025534"

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eb04e62171586570e83ce538d4e2feca51c24b2def84fb5c1d0baa9269d41cc7
size 534455612

View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmbXrwUACgkQ4207E/PZ
MnSSXBAAjscNC/NThi+i8p+exea5QWpM96FZkF5eRJ/jS9dWLm2UH9xZDPyDCJvy
PXArlpWlIWWG21Pws7fy4g3RZcceim94QWhgMd75DJCKmZ9dgKJLtZla3Qs226b9
G1DwXfonJUEh/cd1fQQ3ewRUwdnzgjyRMvJeDDdzClKqApuEF9hr7h7aJNObzU1R
2n2gEpQrKIpWT5ijTlcr4tBTGqs3JkmXhzsH68XpzqXspWcpSJzSiEntH2iBvC8Z
dfedsgGBA03gbyuFd+haD3/vxsARHAmme/o5xbrUcUIrZTkRVpI6mnFY0CzFx30K
IilGvGy1mW7oxyakNAQvPpSTCcy8FPXdbi1oGRN1nS8kgpJhiW0pb7m7oh5ul1xi
Hw1nT3ZJfikr/U2t8nTsXwgiuEnG6hqEh5Us6QR/f8rEEWd9TrbfLWXW4NfWImHZ
OafCrzLzAUK4nSzN6AI+ZQqUBq0mru6z67I1CX6t2KCo7GdZwDhsWm8CrN/I0JlF
5RuimLUpCs6Q25ZuPFaLojQHzImgXO48Y/lUHtaDYSdHHBhF7GYhLj3zA3ljuDIv
rxmJpSaMBgn4zk4igQn7y3ScY5Ht0yHHdd3bkewcD02AuOWqYyFKuYmm3kTU+GjZ
nY9j30eL+zXgVDWuD4vlTFvgieag9P6+HK/K8uzflJ8FiHzXy6U=
=VPte
-----END PGP SIGNATURE-----

View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:136b160954abe2426ab26e46d35d946207ab5e217ac72d3ff5cb1b87680d4fcd
size 753445400

View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmiRqcYACgkQXstkl8Gi
AlZscRAAuYghAziF92noBbHIfY1LZ21FdYuZuq058k8sgWkd6gdQ/Q+Vk4nfOFIn
zrl76a2o8qRzkhhOPkRDQoYkdy2cmVTMANqF8mp3hE+LLOTmb9x5G9BgUDsWbIUd
E3mcGRJ6LAfZeBjFJNKMTw94Vr4TOSWgS4KqEwo2RnL+1w65eCWTMnIRvcs1mYJD
iLtZUvdLACx499ZY0vvzraCtVQFJ6+m8uzf+FXfIgJDL6XRV3H4rDPSjamgBuIKv
QfL/toEGW+ZtqAr88u5gCLOfXNXziIk0TgLm5Wd0rnseGODQTSr/wLdEr6BROBle
HU0CtxN15PVTTwZV1KH0mSgvEMlfi461Ii3Ct+HdF6i6HAbMORsfKlQPPn4JGiZT
B4QXIohr0FTp73PH83nDCk1YvRl0kSHCUMjrTdchFVkOXTIW58eWTUA2zT6sFaMQ
+NLA0xaKGVFBTD7NWgSbMGIgsZPDhnhJlpnGR4K9YuE1+F5hL7AMmAqkb/tGslAz
LMOL6CiOSuOYckOan6uGtxCmb2h3FbCyjfRMtQbvT3V116ZBDle462gDo79pAJwC
1CyF9RGnvDx9m4+N2NR8b9YZxyBdyVciEnzmf+KqOlj6hGPR4dPeizEzEIQK2ZXD
ixScReBjDyyaTLivq7RBha4nHPVfWzYicA5CmWUxMGXmibW3NfM=
=ccda
-----END PGP SIGNATURE-----

View File

@@ -1,20 +0,0 @@
https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a
diff --git a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
index bb60bacf7ba..214751b4eb0 100644
--- a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
@@ -334,8 +334,11 @@ std::shared_ptr<EC_Group_Data> EC_Group::BER_decode_EC_group(const uint8_t bits[
.end_cons()
.verify_end();
- if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p))
- throw Decoding_Error("Invalid ECC p parameter");
+ if(p.bits() < 112 || p.bits() > 1024)
+ throw Decoding_Error("ECC p parameter is invalid size");
+
+ if(p.is_negative() || !is_bailie_psw_probable_prime(p))
+ throw Decoding_Error("ECC p parameter is not a prime");
if(a.is_negative() || a >= p)
throw Decoding_Error("Invalid ECC a parameter");

View File

@@ -0,0 +1,12 @@
Index: thunderbird-128.4.2/comm/mailnews/base/src/MboxMsgInputStream.cpp
===================================================================
--- thunderbird-128.4.2.orig/comm/mailnews/base/src/MboxMsgInputStream.cpp
+++ thunderbird-128.4.2/comm/mailnews/base/src/MboxMsgInputStream.cpp
@@ -263,6 +263,7 @@ class MboxParser {
default:
MOZ_ASSERT_UNREACHABLE(); // should not happen
}
+ return data;
}
// Attempt to parse a "From " line to extract sender and timestamp.