Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2021-11-06 18:13:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Sat Nov 6 18:13:26 2021 rev:266 rq:929062 version:91.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2021-10-26 20:13:38.826008327 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1890/MozillaThunderbird.changes 2021-11-06 18:13:50.700753959 +0100 @@ -1,0 +2,34 @@ +Sun Oct 31 17:49:23 UTC 2021 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Thunderbird 91.3.0 + * several fixes as outlined here + https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/ + MFSA 2021-50 (bsc#1192250) + * CVE-2021-38503 (bmo#1729517) + iframe sandbox rules did not apply to XSLT stylesheets + * CVE-2021-38504 (bmo#1730156) + Use-after-free in file picker dialog + * CVE-2021-38505 (bmo#1730194) + Windows 10 Cloud Clipboard may have recorded sensitive user data + * CVE-2021-38506 (bmo#1730750) + Thunderbird could be coaxed into going into fullscreen mode + without notification or warning + * CVE-2021-38507 (bmo#1730935) + Opportunistic Encryption in HTTP2 could be used to bypass the + Same-Origin-Policy on services hosted on other ports + * MOZ-2021-0008 (bmo#1667102) + Use-after-free in HTTP2 Session object + * CVE-2021-38508 (bmo#1366818) + Permission Prompt could be overlaid, resulting in user + confusion and potential spoofing + * CVE-2021-38509 (bmo#1718571) + Javascript alert box could have been spoofed onto an + arbitrary domain + * CVE-2021-38510 (bmo#1731779) + Download Protections were bypassed by .inetloc files on Mac OS + * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048, + bmo#1735152) + Memory safety bugs fixed in Thunderbird ESR 91.3 +- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires + +------------------------------------------------------------------- Old: ---- l10n-91.2.1.tar.xz thunderbird-91.2.1.source.tar.xz thunderbird-91.2.1.source.tar.xz.asc New: ---- l10n-91.3.0.tar.xz thunderbird-91.3.0.source.tar.xz thunderbird-91.3.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.aMwsBF/_old 2021-11-06 18:14:04.404761138 +0100 +++ /var/tmp/diff_new_pack.aMwsBF/_new 2021-11-06 18:14:04.408761140 +0100 @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 91 -%define mainver %major.2.1 -%define orig_version 91.2.1 +%define mainver %major.3.0 +%define orig_version 91.3.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -134,7 +134,6 @@ %else BuildRequires: clang-devel >= 5 %endif -BuildRequires: pkgconfig(gdk-x11-2.0) BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRequires: pkgconfig(gobject-2.0) BuildRequires: pkgconfig(gtk+-3.0) >= 3.14.0 ++++++ l10n-91.2.1.tar.xz -> l10n-91.3.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-91.2.1.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1890/l10n-91.3.0.tar.xz differ: char 26, line 1 ++++++ mozilla-sandbox-fips.patch ++++++ --- /var/tmp/diff_new_pack.aMwsBF/_old 2021-11-06 18:14:04.536761207 +0100 +++ /var/tmp/diff_new_pack.aMwsBF/_new 2021-11-06 18:14:04.536761207 +0100 @@ -7,7 +7,7 @@ diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp --- a/security/sandbox/linux/Sandbox.cpp +++ b/security/sandbox/linux/Sandbox.cpp -@@ -647,16 +647,17 @@ void SetMediaPluginSandbox(const char* a +@@ -650,16 +650,17 @@ void SetMediaPluginSandbox(const char* a SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath, strerror(errno)); MOZ_CRASH("failed while trying to open the plugin file "); @@ -15,8 +15,8 @@ auto files = new SandboxOpenedFiles(); files->Add(std::move(plugin)); - files->Add("/dev/urandom", true); -+ files->Add("/dev/random", true); + files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES); ++ files->Add("/dev/random", SandboxOpenedFile::Dup::YES); files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey. files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz"); files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"); @@ -28,7 +28,7 @@ diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp --- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -@@ -308,16 +308,18 @@ void SandboxBrokerPolicyFactory::InitCon +@@ -315,16 +315,18 @@ void SandboxBrokerPolicyFactory::InitCon policy->AddDir(rdwr, "/dev/dri"); } ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.aMwsBF/_old 2021-11-06 18:14:04.592761236 +0100 +++ /var/tmp/diff_new_pack.aMwsBF/_new 2021-11-06 18:14:04.592761236 +0100 @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr91" -VERSION="91.2.0" +VERSION="91.3.0" VERSION_SUFFIX="" -PREV_VERSION="91.1.2" +PREV_VERSION="91.2.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"; -RELEASE_TAG="70572101c3d1709979b8c3e318b7f5449229a37d" -RELEASE_TIMESTAMP="20211004152603" +RELEASE_TAG="bea1eb4e98a3aa0624fcf83d4ddb32855e9563f8" +RELEASE_TIMESTAMP="20211101223011" ++++++ thunderbird-91.2.1.source.tar.xz -> thunderbird-91.3.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-91.2.1.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1890/thunderbird-91.3.0.source.tar.xz differ: char 15, line 1
