Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2019-02-08 12:05:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Fri Feb 8 12:05:39 2019 rev:204 rq:669999 version:60.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2019-01-15 09:11:56.494482175 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.28833/MozillaThunderbird.changes 2019-02-08 12:05:49.893639749 +0100 @@ -1,0 +2,31 @@ +Fri Jan 25 14:40:21 UTC 2019 - Wolfgang Rosenauer <[email protected]> + +- MozillaThunderbird 60.5.0: + * FileLink provider WeTransfer to upload large attachments + * Thunderbird now allows the addition of OpenSearch search engines + from a local XML file using a minimal user inferface: [+] button + to select a file an add, [-] to remove. + * More search engines: Google and DuckDuckGo available by default + in some locales + * During account creation, Thunderbird will now detect servers + using the Microsoft Exchange protocol. It will offer the + installation of a 3rd party add-on (Owl) which supports that + protocol. + * Thunderbird now compatible with other WebExtension-based + FileLink add-ons like the Dropbox add-on + MFSA 2019-03 (bsc#1122983) + * CVE-2018-18500 bmo#1510114 + Use-after-free parsing HTML5 stream + * CVE-2018-18505 bmo#1497749 + Privilege escalation through IPC channel messages + * CVE-2016-5824 bmo#1275400 + DoS (use-after-free) via a crafted ics file + * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619 + bmo#1502871 bmo#1516738 bmo#1516514 + Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 +- requires NSS 3.36.7 +- removed obsolete patch + mozilla-no-stdcxx-check.patch +- rebased patches + +------------------------------------------------------------------- @@ -10,0 +42,16 @@ + MFSA 2018-31 + * CVE-2018-17466 bmo#1488295 + Buffer overflow and out-of-bounds read in ANGLE library with + TextureStorage11 + * CVE-2018-18492 bmo#1499861 + Use-after-free with select element + * CVE-2018-18493 bmo#1504452 + Buffer overflow in accelerated 2D canvas with Skia + * CVE-2018-18494 bmo#1487964 + Same-origin policy violation using location attribute and + performance.getEntries to steal cross-origin URLs + * CVE-2018-18498 bmo#1500011 + Integer overflow when calculating buffer sizes for images + * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 + bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 + Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 @@ -11,0 +59 @@ + Old: ---- l10n-60.4.0.tar.xz mozilla-no-stdcxx-check.patch thunderbird-60.4.0.source.tar.xz thunderbird-60.4.0.source.tar.xz.asc New: ---- l10n-60.5.0.tar.xz thunderbird-60.5.0.source.tar.xz thunderbird-60.5.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.3wJ1M3/_old 2019-02-08 12:06:17.005629559 +0100 +++ /var/tmp/diff_new_pack.3wJ1M3/_new 2019-02-08 12:06:17.009629557 +0100 @@ -1,8 +1,8 @@ # # spec file for package MozillaThunderbird # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. -# 2006-2018 Wolfgang Rosenauer <[email protected]> +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# 2006-2019 Wolfgang Rosenauer <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,9 +17,9 @@ # -%define mainversion 60.4.0 +%define mainversion 60.5.0 %define update_channel release -%define releasedate 20181217101353 +%define releasedate 20190122170039 %bcond_without mozilla_tb_kde4 %bcond_with mozilla_tb_valgrind @@ -44,7 +44,7 @@ BuildRequires: libnotify-devel BuildRequires: memory-constraints BuildRequires: mozilla-nspr-devel >= 4.19 -BuildRequires: mozilla-nss-devel >= 3.36.6 +BuildRequires: mozilla-nss-devel >= 3.36.7 BuildRequires: python BuildRequires: python2-xml BuildRequires: rust >= 1.24 @@ -116,7 +116,6 @@ # Gecko/Toolkit Patch2: mozilla-nongnome-proxies.patch Patch3: mozilla-kde.patch -Patch5: mozilla-no-stdcxx-check.patch Patch6: mozilla-aarch64-startup-crash.patch Patch7: mozilla-bmo1375074.patch Patch8: mozilla-bmo1464766.patch @@ -198,7 +197,6 @@ %if %{with mozilla_tb_kde4} %patch3 -p1 %endif -%patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 @@ -481,6 +479,7 @@ %{progdir}/defaults/ %dir %{progdir}/extensions/ %{progdir}/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi +%{progdir}/features/ %{progdir}/isp/ %{_datadir}/appdata/ %{_datadir}/applications/%{desktop_file_name}.desktop ++++++ compare-locales.tar.xz ++++++ ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.3wJ1M3/_old 2019-02-08 12:06:17.193629488 +0100 +++ /var/tmp/diff_new_pack.3wJ1M3/_new 2019-02-08 12:06:17.193629488 +0100 @@ -2,9 +2,9 @@ CHANNEL="esr60" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="945fb5fce3d3" -MOZ_RELEASE_TAG="c23331af8ac635f86d748c0eb1e5bbb8fcfd86d9" -VERSION="60.4.0" +RELEASE_TAG="0afc082591ad" +MOZ_RELEASE_TAG="111144372339ec2c9e5c899656c2919c90f56f08" +VERSION="60.5.0" VERSION_SUFFIX="" LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json" ++++++ l10n-60.4.0.tar.xz -> l10n-60.5.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-60.4.0.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.28833/l10n-60.5.0.tar.xz differ: char 8, line 1 ++++++ mozilla-aarch64-startup-crash.patch ++++++ --- /var/tmp/diff_new_pack.3wJ1M3/_old 2019-02-08 12:06:17.241629470 +0100 +++ /var/tmp/diff_new_pack.3wJ1M3/_new 2019-02-08 12:06:17.241629470 +0100 @@ -1,32 +1,33 @@ # HG changeset patch # Parent a5cfa3aa11a9d3391df49de6fc5a0e5232c12c10 -# Parent 3005da37da3f1e2c568b1675307d10860182d214 +# Parent 85c2e07d2a9ec3e45f55d0e482c7b663626bfc8a Bug 991344 - Rpi3: Firefox crashes after a few seconds of usage diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp -@@ -887,17 +887,23 @@ nsIOService::NewChannelFromURIWithProxyF - "doesn't support nsIUploadChannel2. An extension has " - "supplied a non-functional http protocol handler. This will " - "break behavior and in future releases not work at all."); - } - gHasWarnedUploadChannel2 = true; - } +@@ -874,18 +874,23 @@ nsresult nsIOService::NewChannelFromURIW + u"Http channel implementation " + "doesn't support nsIUploadChannel2. An extension has " + "supplied a non-functional http protocol handler. This will " + "break behavior and in future releases not work at all."); + } + gHasWarnedUploadChannel2 = true; } - + } +- +#if defined(__aarch64__) -+ if (result) { -+ channel.forget(result); -+ } ++ if (result) { ++ channel.forget(result); ++ } +#else - channel.forget(result); + channel.forget(result); +#endif - return NS_OK; + return NS_OK; } NS_IMETHODIMP - nsIOService::NewChannelFromURIWithProxyFlags2(nsIURI* aURI, - nsIURI* aProxyURI, - uint32_t aProxyFlags, - nsIDOMNode* aLoadingNode, + nsIOService::NewChannelFromURIWithProxyFlags2( + nsIURI *aURI, nsIURI *aProxyURI, uint32_t aProxyFlags, + nsIDOMNode *aLoadingNode, nsIPrincipal *aLoadingPrincipal, + nsIPrincipal *aTriggeringPrincipal, uint32_t aSecurityFlags, ++++++ mozilla-bmo1375074.patch ++++++ --- /var/tmp/diff_new_pack.3wJ1M3/_old 2019-02-08 12:06:17.257629465 +0100 +++ /var/tmp/diff_new_pack.3wJ1M3/_new 2019-02-08 12:06:17.257629465 +0100 @@ -3,7 +3,7 @@ # User Lars T Hansen <[email protected]> # Date 1519822672 -3600 # Node ID 800abe66894d6b07b24bccecbf6a65e2261076f6 -# Parent 223c97459e96183eb616aed39147207bdb953ba8 +# Parent 13ecd3214b18e4cab73c54e12e16071d58bed11e Bug 1375074 - Save and restore non-volatile x28 on ARM64 for generated unboxed object constructor. r=sstangl diff --git a/js/src/jit-test/tests/bug1375074.js b/js/src/jit-test/tests/bug1375074.js @@ -32,64 +32,64 @@ diff --git a/js/src/vm/UnboxedObject.cpp b/js/src/vm/UnboxedObject.cpp --- a/js/src/vm/UnboxedObject.cpp +++ b/js/src/vm/UnboxedObject.cpp -@@ -90,17 +90,25 @@ UnboxedLayout::makeConstructorCode(JSCon - masm.loadPtr(Address(masm.getStackPointer(), sizeof(void*)), propertiesReg); - masm.loadPtr(Address(masm.getStackPointer(), 2 * sizeof(void*)), newKindReg); +@@ -81,18 +81,25 @@ static const uintptr_t CLEAR_CONSTRUCTOR + masm.loadPtr(Address(masm.getStackPointer(), sizeof(void*)), propertiesReg); + masm.loadPtr(Address(masm.getStackPointer(), 2 * sizeof(void*)), newKindReg); #else - propertiesReg = IntArgReg0; - newKindReg = IntArgReg1; + propertiesReg = IntArgReg0; + newKindReg = IntArgReg1; #endif #ifdef JS_CODEGEN_ARM64 -- // ARM64 communicates stack address via sp, but uses a pseudo-sp for addressing. -+ // ARM64 communicates stack address via sp, but uses a pseudo-sp (PSP) for -+ // addressing. The register we use for PSP may however also be used by -+ // calling code, and it is nonvolatile, so save it. Do this as a special -+ // case first because the generic save/restore code needs the PSP to be -+ // initialized already. -+ MOZ_ASSERT(PseudoStackPointer64.Is(masm.GetStackPointer64())); -+ masm.Str(PseudoStackPointer64, vixl::MemOperand(sp, -16, vixl::PreIndex)); +- // ARM64 communicates stack address via sp, but uses a pseudo-sp for +- // addressing. ++ // ARM64 communicates stack address via sp, but uses a pseudo-sp (PSP) for ++ // addressing. The register we use for PSP may however also be used by ++ // calling code, and it is nonvolatile, so save it. Do this as a special ++ // case first because the generic save/restore code needs the PSP to be ++ // initialized already. ++ MOZ_ASSERT(PseudoStackPointer64.Is(masm.GetStackPointer64())); ++ masm.Str(PseudoStackPointer64, vixl::MemOperand(sp, -16, vixl::PreIndex)); + -+ // Initialize the PSP from the SP. - masm.initStackPtr(); ++ // Initialize the PSP from the SP. + masm.initStackPtr(); #endif - MOZ_ASSERT(propertiesReg.volatile_()); - MOZ_ASSERT(newKindReg.volatile_()); + MOZ_ASSERT(propertiesReg.volatile_()); + MOZ_ASSERT(newKindReg.volatile_()); - AllocatableGeneralRegisterSet regs(GeneralRegisterSet::All()); - regs.take(propertiesReg); -@@ -228,17 +236,32 @@ UnboxedLayout::makeConstructorCode(JSCon - if (object != ReturnReg) - masm.movePtr(object, ReturnReg); - - // Restore non-volatile registers which were saved on entry. - if (ScratchDoubleReg.volatile_()) - masm.pop(ScratchDoubleReg); - masm.PopRegsInMask(savedNonVolatileRegisters); + AllocatableGeneralRegisterSet regs(GeneralRegisterSet::All()); + regs.take(propertiesReg); +@@ -234,17 +241,32 @@ static const uintptr_t CLEAR_CONSTRUCTOR + masm.bind(&done); + + if (object != ReturnReg) masm.movePtr(object, ReturnReg); + + // Restore non-volatile registers which were saved on entry. + if (ScratchDoubleReg.volatile_()) masm.pop(ScratchDoubleReg); + masm.PopRegsInMask(savedNonVolatileRegisters); +#ifdef JS_CODEGEN_ARM64 -+ // Now restore the value that was in the PSP register on entry, and return. ++ // Now restore the value that was in the PSP register on entry, and return. + -+ // Obtain the correct SP from the PSP. -+ masm.Mov(sp, PseudoStackPointer64); ++ // Obtain the correct SP from the PSP. ++ masm.Mov(sp, PseudoStackPointer64); + -+ // Restore the saved value of the PSP register, this value is whatever the -+ // caller had saved in it, not any actual SP value, and it must not be -+ // overwritten subsequently. -+ masm.Ldr(PseudoStackPointer64, vixl::MemOperand(sp, 16, vixl::PostIndex)); ++ // Restore the saved value of the PSP register, this value is whatever the ++ // caller had saved in it, not any actual SP value, and it must not be ++ // overwritten subsequently. ++ masm.Ldr(PseudoStackPointer64, vixl::MemOperand(sp, 16, vixl::PostIndex)); + -+ // Perform a plain Ret(), as abiret() will move SP <- PSP and that is wrong. -+ masm.Ret(vixl::lr); ++ // Perform a plain Ret(), as abiret() will move SP <- PSP and that is wrong. ++ masm.Ret(vixl::lr); +#else - masm.abiret(); + masm.abiret(); +#endif - masm.bind(&failureStoreOther); + masm.bind(&failureStoreOther); - // There was a failure while storing a value which cannot be stored at all - // in the unboxed object. Initialize the object so it is safe for GC and - // return null. - masm.initUnboxedObjectContents(object, templateObject); + // There was a failure while storing a value which cannot be stored at all + // in the unboxed object. Initialize the object so it is safe for GC and + // return null. + masm.initUnboxedObjectContents(object, templateObject); - ++++++ mozilla-bmo1463035.patch ++++++ --- /var/tmp/diff_new_pack.3wJ1M3/_old 2019-02-08 12:06:17.269629459 +0100 +++ /var/tmp/diff_new_pack.3wJ1M3/_new 2019-02-08 12:06:17.273629458 +0100 @@ -3,7 +3,7 @@ # User Mike Hommey <[email protected]> # Date 1526871862 -32400 # Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43 -# Parent 1800b8895c08bc0c60302775dc0a4b5ea4deb310 +# Parent 4a2e8085417fe782738bfd736b69806d9ed19d6a Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons For some reason, GNU as is not happy with the assembly generated after @@ -12,12 +12,11 @@ OTOH, as mentioned in bug 1238661 comment 4, we actually don't need this workaround anymore, so let's just kill it. - diff --git a/mfbt/LinuxSignal.h b/mfbt/LinuxSignal.h deleted file mode 100644 --- a/mfbt/LinuxSignal.h +++ /dev/null -@@ -1,45 +0,0 @@ +@@ -1,38 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -38,35 +37,28 @@ -// will be skipped over. - -template <void (*H)(int, siginfo_t*, void*)> --__attribute__((naked)) void --SignalTrampoline(int aSignal, siginfo_t* aInfo, void* aContext) --{ -- asm volatile ( -- "nop; nop; nop; nop" -- : : : "memory"); -- -- asm volatile ( -- "b %0" -- : -- : "X"(H) -- : "memory"); +-__attribute__((naked)) void SignalTrampoline(int aSignal, siginfo_t* aInfo, +- void* aContext) { +- asm volatile("nop; nop; nop; nop" : : : "memory"); +- +- asm volatile("b %0" : : "X"(H) : "memory"); -} - --# define MOZ_SIGNAL_TRAMPOLINE(h) (mozilla::SignalTrampoline<h>) +-#define MOZ_SIGNAL_TRAMPOLINE(h) (mozilla::SignalTrampoline<h>) - --#else // __arm__ +-#else // __arm__ - --# define MOZ_SIGNAL_TRAMPOLINE(h) (h) +-#define MOZ_SIGNAL_TRAMPOLINE(h) (h) - --#endif // __arm__ +-#endif // __arm__ - --} // namespace mozilla +-} // namespace mozilla - --#endif // mozilla_LinuxSignal_h +-#endif // mozilla_LinuxSignal_h diff --git a/mfbt/moz.build b/mfbt/moz.build --- a/mfbt/moz.build +++ b/mfbt/moz.build -@@ -117,20 +117,16 @@ EXPORTS["double-conversion"] = [ +@@ -115,20 +115,16 @@ EXPORTS["double-conversion"] = [ LOCAL_INCLUDES += [ '/mfbt/double-conversion', ] @@ -92,9 +84,9 @@ +++ b/tools/profiler/core/platform-linux-android.cpp @@ -55,17 +55,16 @@ #ifdef __GLIBC__ - #include <execinfo.h> // backtrace, backtrace_symbols - #endif // def __GLIBC__ - #include <strings.h> // index + #include <execinfo.h> // backtrace, backtrace_symbols + #endif // def __GLIBC__ + #include <strings.h> // index #include <errno.h> #include <stdarg.h> @@ -108,7 +100,7 @@ using namespace mozilla; -@@ -272,17 +271,17 @@ Sampler::Sampler(PSLockRef aLock) +@@ -248,17 +247,17 @@ Sampler::Sampler(PSLockRef aLock) // NOTE: We don't initialize LUL here, instead initializing it in // SamplerThread's constructor. This is because with the @@ -126,5 +118,4 @@ } } - void - + void Sampler::Disable(PSLockRef aLock) { ++++++ mozilla-kde.patch ++++++ ++++ 1215 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/MozillaThunderbird/mozilla-kde.patch ++++ and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.28833/mozilla-kde.patch ++++++ mozilla-nongnome-proxies.patch ++++++ --- /var/tmp/diff_new_pack.3wJ1M3/_old 2019-02-08 12:06:17.301629447 +0100 +++ /var/tmp/diff_new_pack.3wJ1M3/_new 2019-02-08 12:06:17.305629446 +0100 @@ -9,19 +9,20 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp --- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp +++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp -@@ -54,23 +54,27 @@ nsUnixSystemProxySettings::GetMainThread - // dbus prevents us from being threadsafe, but this routine should not block anyhow +@@ -55,24 +55,27 @@ NS_IMETHODIMP + nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) { + // dbus prevents us from being threadsafe, but this routine should not block + // anyhow *aMainThreadOnly = true; return NS_OK; } - nsresult - nsUnixSystemProxySettings::Init() - { + nsresult nsUnixSystemProxySettings::Init() { - mGSettings = do_GetService(NS_GSETTINGSSERVICE_CONTRACTID); - if (mGSettings) { -- mGSettings->GetCollectionForSchema(NS_LITERAL_CSTRING("org.gnome.system.proxy"), -- getter_AddRefs(mProxySettings)); +- mGSettings->GetCollectionForSchema( +- NS_LITERAL_CSTRING("org.gnome.system.proxy"), +- getter_AddRefs(mProxySettings)); - } - if (!mProxySettings) { - mGConf = do_GetService(NS_GCONFSERVICE_CONTRACTID); @@ -41,6 +42,6 @@ return NS_OK; } - bool - nsUnixSystemProxySettings::IsProxyMode(const char* aMode) - { + bool nsUnixSystemProxySettings::IsProxyMode(const char* aMode) { + nsAutoCString mode; + return NS_SUCCEEDED(mGConf->GetString( ++++++ thunderbird-60.4.0.source.tar.xz -> thunderbird-60.5.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-60.4.0.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.28833/thunderbird-60.5.0.source.tar.xz differ: char 15, line 1
