Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2026-06-22 17:33:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Mon Jun 22 17:33:48 2026 rev:389 rq:1360836 version:140.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2026-05-27 16:17:00.697036509 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1956/MozillaThunderbird.changes 2026-06-22 17:34:01.495385699 +0200 @@ -1,0 +2,81 @@ +Wed Jun 17 16:23:29 UTC 2026 - Manfred Hollstein <[email protected]> + +- Enable clang_build to allow building with the latest versions of + llvm/clang due to them dropping support for update-alternatives. + +------------------------------------------------------------------- +Sat Jun 13 20:25:40 UTC 2026 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 140.12.0 ESR + MFSA 2026-61 (bsc#1268071) + * CVE-2026-12289 (bmo#2023443) + Privilege escalation in the Graphics: WebRender component + * CVE-2026-12290 (bmo#2024852) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12291 (bmo#2036929) + Use-after-free in the Networking: HTTP component + * CVE-2026-12292 (bmo#2038465) + Incorrect boundary conditions in the Web Audio component + * CVE-2026-12294 (bmo#2039873) + Sandbox escape in the DOM: Workers component + * CVE-2026-12295 (bmo#2040160) + Sandbox escape in the DOM: Navigation component + * CVE-2026-12298 (bmo#2041981) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12296 (bmo#2040515) + Sandbox escape in the Security: Process Sandboxing component + * CVE-2026-12297 (bmo#2041610) + Sandbox escape due to incorrect boundary conditions in the + Networking component + * CVE-2026-12299 (bmo#2043139) + JIT miscompilation in the DOM: Core & HTML component + * CVE-2026-12329 (bmo#2044738) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12302 (bmo#2034489) + Mitigation bypass in the DOM: Security component + * CVE-2026-12304 (bmo#2034944) + Same-origin policy bypass in the Networking: Cookies component + * CVE-2026-12305 (bmo#2037290) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12306 (bmo#2037323) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12307 (bmo#2038133) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12308 (bmo#2038302) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12309 (bmo#2038476) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12310 (bmo#2039707) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12311 (bmo#2040177) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12312 (bmo#2040383) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12313 (bmo#2040477) + Information disclosure, sandbox escape in the Security: + Process Sandboxing component + * CVE-2026-12314 (bmo#2041856) + Memory safety bug fixed in Thunderbird ESR 140.12 + * CVE-2026-12315 (bmo#2042058) + Mitigation bypass in the DOM: Security component + * CVE-2026-12330 (bmo#2029326) + Incorrect boundary conditions in the Internationalization + component + * CVE-2026-12324 (bmo#2038444) + Incorrect boundary conditions in the Graphics: CanvasWebGL + component + * CVE-2026-12325 (bmo#2039443) + Denial-of-service in the Graphics: ImageLib component + * CVE-2026-12327 (bmo#2011842, bmo#2023902, bmo#2025512, bmo#2027312, + bmo#2029444, bmo#2036571, bmo#2036900, bmo#2036936, bmo#2037995, + bmo#2038551, bmo#2040717, bmo#2042724) + Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird + ESR 140.12, Firefox 152 and Thunderbird 152 + * CVE-2026-12328 (bmo#2029402, bmo#2038477, bmo#2039726, bmo#2041373, + bmo#2042268, bmo#2042451, bmo#2042782, bmo#2042858, bmo#2042929, + bmo#2042965, bmo#2043213) + Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR + 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 + +------------------------------------------------------------------- Old: ---- l10n-140.11.1esr.tar.xz thunderbird-140.11.1esr.source.tar.xz thunderbird-140.11.1esr.source.tar.xz.asc New: ---- l10n-140.12.0esr.tar.xz thunderbird-140.12.0esr.source.tar.xz thunderbird-140.12.0esr.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.fqata0/_old 2026-06-22 17:34:58.961397578 +0200 +++ /var/tmp/diff_new_pack.fqata0/_new 2026-06-22 17:34:58.965397719 +0200 @@ -30,8 +30,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.11.1 -%define orig_version 140.11.1 +%define mainver %major.12.0 +%define orig_version 140.12.0 %define orig_suffix esr %define update_channel esr %define source_prefix thunderbird-%{orig_version} @@ -40,7 +40,7 @@ %define do_profiling 0 # upstream default is clang (to use gcc for large parts set to 0) -%define clang_build 0 +%define clang_build 1 %bcond_with only_print_mozconfig @@ -97,12 +97,13 @@ BuildRequires: dbus-1-glib-devel BuildRequires: dejavu-fonts BuildRequires: fdupes -%if 0%{?suse_version} < 1699 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600 BuildRequires: gcc13 BuildRequires: gcc13-c++ +BuildRequires: libstdc++6-devel-gcc13 %else -BuildRequires: gcc14 -BuildRequires: gcc14-c++ +BuildRequires: gcc15-c++ +BuildRequires: libstdc++6-devel-gcc15 %endif BuildRequires: memory-constraints BuildRequires: rust1.84 @@ -147,15 +148,9 @@ %if 0%{?suse_version} < 1550 BuildRequires: pkgconfig(gconf-2.0) >= 1.2.1 %endif +BuildRequires: clang19-devel %if 0%{?suse_version} > 1600 -BuildRequires: clang21-devel -%if 0%{?suse_version} >= 1699 -BuildRequires: llvm21-libclang13 -%else -BuildRequires: libclang13 -%endif -%else -BuildRequires: clang-devel +BuildRequires: llvm19-libclang13 %endif #!BuildIgnore: clang-tools BuildRequires: pkgconfig(glib-2.0) >= 2.22 @@ -340,13 +335,31 @@ export MOZ_TELEMETRY_REPORTING=1 export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system export CFLAGS="%{optflags}" -%if 0%{?clang_build} == 0 -%if 0%{?suse_version} < 1699 +%if 0%{?clang_build} != 0 +export CC=clang-19 +export CXX=clang++-19 +export AR=llvm-ar-19 +export NM=llvm-nm-19 +export OBJCOPY=llvm-objcopy-19 +export OBJDUMP=llvm-objdump-19 +export RANLIB=llvm-ranlib-19 +export READELF=llvm-readelf-19 +export LLVM_AR=llvm-ar-19 +export LLVM_NM=llvm-nm-19 +export LLVM_OBJCOPY=llvm-objcopy-19 +export LLVM_OBJDUMP=llvm-objdump-19 +export LLVM_RANLIB=llvm-ranlib-19 +export LLVM_READELF=llvm-readelf-19 +%else +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600 export CC=gcc-13 export CXX=g++-13 %else -export CC=gcc-14 -export CXX=g++-14 +export CC=gcc-15 +export CXX=g++-15 +export AR=gcc-ar-15 +export NM=gcc-nm-15 +export RANLIB=gcc-ranlib-15 %endif %endif %ifarch %arm %ix86 ++++++ _constraints ++++++ --- /var/tmp/diff_new_pack.fqata0/_old 2026-06-22 17:34:59.045400535 +0200 +++ /var/tmp/diff_new_pack.fqata0/_new 2026-06-22 17:34:59.045400535 +0200 @@ -63,7 +63,7 @@ </conditions> <hardware> <memory> - <size unit="G">18</size> + <size unit="G">22</size> </memory> </hardware> </overwrite> ++++++ l10n-140.11.1esr.tar.xz -> l10n-140.12.0esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.fqata0/_old 2026-06-22 17:34:59.221406728 +0200 +++ /var/tmp/diff_new_pack.fqata0/_new 2026-06-22 17:34:59.225406868 +0200 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr140" -VERSION="140.11.1" +VERSION="140.12.0" VERSION_SUFFIX="esr" -REV_VERSION="140.11.0" +REV_VERSION="140.11.1" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"; -RELEASE_TAG="191059ac655733d24c4fd32c94dfe6d79af7028b" -RELEASE_TIMESTAMP="20260522210329" +RELEASE_TAG="0cf57d71a2710903976e503a5e4d7fdae8913cf3" +RELEASE_TIMESTAMP="20260612205621" ++++++ thunderbird-140.11.1esr.source.tar.xz -> thunderbird-140.12.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-140.11.1esr.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1956/thunderbird-140.12.0esr.source.tar.xz differ: char 15, line 1
