Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2019-12-11 12:03:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Wed Dec 11 12:03:07 2019 rev:222 rq:754691 version:68.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2019-11-21 12:56:29.650568054 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.4691/MozillaThunderbird.changes 2019-12-11 12:03:55.756770535 +0100 @@ -1,0 +2,29 @@ +Thu Dec 5 10:29:18 UTC 2019 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 68.3.0: + * Message display toolbar action WebExtension API + * Navigation buttons are now available in content tabs, for example + those opened via an add-on search + * other bugfixes + MFSA 2019-38 + * CVE-2019-17008 (bmo#1546331) + Use-after-free in worker destruction + * CVE-2019-13722 (bmo#1580156) + Stack corruption due to incorrect number of arguments in WebRTC code + * CVE-2019-17010 (bmo#1581084) + Use-after-free when performing device orientation checks + * CVE-2019-17005 (bmo#1584170) + Buffer overflow in plain text serializer + * CVE-2019-17011 (bmo#1591334) + Use-after-free when retrieving a document in antitracking + * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, + bmo#1580288, bmo#1585760, bmo#1592502) + Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 + * Various updates to improve performance and stability +- updated create-tar.sh to cover buildid and origin repo information +- changed locale building procedure + * removed obsolete compare-locales.tar.xz and + thunderbird-broken-locales-build.patch +- add mozilla-bmo849632.patch to fix color issues on big endian + +------------------------------------------------------------------- Old: ---- compare-locales.tar.xz l10n-68.2.2.tar.xz thunderbird-68.2.2.source.tar.xz thunderbird-68.2.2.source.tar.xz.asc thunderbird-broken-locales-build.patch New: ---- l10n-68.3.0.tar.xz mozilla-bmo849632.patch thunderbird-68.3.0.source.tar.xz thunderbird-68.3.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.8I5Rt1/_old 2019-12-11 12:04:21.256759809 +0100 +++ /var/tmp/diff_new_pack.8I5Rt1/_new 2019-12-11 12:04:21.260759807 +0100 @@ -1,7 +1,7 @@ # # spec file for package MozillaThunderbird # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # 2006-2019 Wolfgang Rosenauer <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -26,11 +26,10 @@ # major 69 # mainver %major.99 %define major 68 -%define mainver %major.2.2 -%define orig_version 68.2.2 +%define mainver %major.3.0 +%define orig_version 68.3.0 %define orig_suffix %{nil} %define update_channel release -%define releasedate 20191105113228 %define source_prefix thunderbird-%{mainver} # always build with GCC as SUSE Security Team requires that @@ -135,7 +134,7 @@ Summary: An integrated email, news feeds, chat, and newsgroups client License: MPL-2.0 Group: Productivity/Networking/Email/Clients -Url: https://www.thunderbird.net/ +URL: https://www.thunderbird.net/ %if !%{with only_print_mozconfig} Source: http://ftp.mozilla.org/pub/%{progname}/releases/%{orig_version}%{orig_suffix}/source/%{progname}-%{orig_version}%{orig_suffix}.source.tar.xz Source1: thunderbird.desktop @@ -145,8 +144,7 @@ Source6: suse-default-prefs.js Source7: l10n-%{version}.tar.xz Source9: thunderbird.appdata.xml -Source10: compare-locales.tar.xz -Source14: https://github.com/openSUSE/firefox-scripts/raw/master/create-tar.sh +Source14: https://github.com/openSUSE/firefox-scripts/raw/35ade35/create-tar.sh Source20: https://ftp.mozilla.org/pub/%{progname}/releases/%{orig_version}%{orig_suffix}/source/%{progname}-%{orig_version}%{orig_suffix}.source.tar.xz.asc Source21: https://ftp.mozilla.org/pub/%{progname}/releases/%{orig_version}/KEY#/mozilla.keyring # Gecko/Toolkit @@ -165,6 +163,7 @@ Patch13: mozilla-ppc-altivec_static_inline.patch Patch14: mozilla-bmo1005535.patch Patch15: mozilla-bmo1568145.patch +Patch16: mozilla-bmo849632.patch Patch17: mozilla-bmo1504834-part1.patch Patch18: mozilla-bmo1504834-part2.patch Patch19: mozilla-bmo1504834-part3.patch @@ -173,7 +172,6 @@ Patch22: mozilla-nestegg-big-endian.patch Patch24: mozilla-fix-top-level-asm.patch Patch25: mozilla-bmo1504834-part4.patch -Patch100: thunderbird-broken-locales-build.patch %endif # only_print_mozconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: coreutils fileutils textutils /bin/sh @@ -231,6 +229,7 @@ %if !%{with only_print_mozconfig} %prep %if %localize + # If generated incorrectly, the tarball will be ~270B in # size, so 1MB seems like good enough limit to check. MINSIZE=1048576 @@ -238,7 +237,7 @@ echo "Translations tarball %{SOURCE7} not generated properly." exit 1 fi -%setup -q -n %{source_prefix} -b 7 -b 10 +%setup -q -n %{source_prefix} -b 7 %else %setup -q -n %{source_prefix} %endif @@ -261,6 +260,7 @@ %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 @@ -269,8 +269,6 @@ %patch22 -p1 %patch24 -p1 %patch25 -p1 -# Thunderbird -%patch100 -p1 %endif # only_print_mozconfig %build @@ -291,8 +289,10 @@ %endif %endif # only_print_mozconfig +source %{SOURCE4} + export SUSE_ASNEEDED=0 -export MOZ_BUILD_DATE=%{releasedate} +export MOZ_BUILD_DATE=$RELEASE_TIMESTAMP export MOZILLA_OFFICIAL=1 export BUILD_OFFICIAL=1 export MOZ_TELEMETRY_REPORTING=1 @@ -394,9 +394,6 @@ ac_add_options --with-arch=armv7-a %endif %endif -%ifarch aarch64 %arm s390x -ac_add_options --disable-webrtc -%endif # mitigation/workaround for bmo#1512162 %ifarch s390x ac_add_options --enable-optimize="-O1" @@ -424,14 +421,7 @@ rm -f config/external/icu/data/icudt*l.dat %endif ./mach build -%endif # only_print_mozconfig -%install -cd $RPM_BUILD_DIR/obj -make -C comm/mail/installer STRIP=/bin/true MOZ_PKG_FATAL_WARNINGS=0 -# copy tree into RPM_BUILD_ROOT -mkdir -p %{buildroot}%{progdir} -cp -rf $RPM_BUILD_DIR/obj/dist/%{progname}/* %{buildroot}%{progdir} # build additional locales %if %localize mkdir -p %{buildroot}%{progdir}/extensions/ @@ -439,14 +429,8 @@ sed -r '/^(ja-JP-mac|en-US|$)/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/mail/locales/shipped-locales \ | xargs -n 1 -I {} /bin/sh -c ' locale=$1 - pushd $RPM_BUILD_DIR/compare-locales - PYTHONPATH=lib \ - scripts/compare-locales -m ../l10n-merged/$locale \ - ../%{source_prefix}/comm/mail/locales/l10n.ini ../l10n $locale - popd - LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \ - make -C comm/mail/locales langpack-$locale - cp -rL dist/xpi-stage/locale-$locale \ + ./mach build langpack-$locale + cp -rL ../obj/dist/xpi-stage/locale-$locale \ %{buildroot}%{progdir}/extensions/[email protected] # remove prefs and profile defaults from langpack rm -rf %{buildroot}%{progdir}/extensions/[email protected]/defaults @@ -459,6 +443,17 @@ echo %{progdir}/extensions/[email protected] \ >> %{_tmppath}/translations.$_l10ntarget ' -- {} +%endif +%endif # only_print_mozconfig + +%install +cd $RPM_BUILD_DIR/obj +make -C comm/mail/installer STRIP=/bin/true MOZ_PKG_FATAL_WARNINGS=0 +# copy tree into RPM_BUILD_ROOT +mkdir -p %{buildroot}%{progdir} +cp -rf $RPM_BUILD_DIR/obj/dist/%{progname}/* %{buildroot}%{progdir} + +%if %localize # repack the lightning xpi with all available locales (boo#939153) (lp#545778) _extid="{e2fda1a4-762b-4020-b5ad-a41df1933103}" rm -rf _lightning ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.8I5Rt1/_old 2019-12-11 12:04:21.316759784 +0100 +++ /var/tmp/diff_new_pack.8I5Rt1/_new 2019-12-11 12:04:21.316759784 +0100 @@ -14,7 +14,7 @@ RELEASE_TAG="" # Needs only to be set if no tar-ball can be downloaded PREV_VERSION="60.6.3" # Prev. version only needed for locales (leave empty to force l10n-generation) PREV_VERSION_SUFFIX="esr" -#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation +#SKIP_LOCALES="" # Uncomment to skip l10n-generation EOF exit 1 @@ -25,7 +25,8 @@ fi # Sourcing the given tar_stamps-file to have the variables available -source "$1" || print_usage_and_exit +TAR_STAMP="$1" +source "$TAR_STAMP" || print_usage_and_exit # Internal variables BRANCH="releases/mozilla-$CHANNEL" @@ -37,12 +38,19 @@ SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz" FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"; +FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/$PRODUCT/candidates"; # Make first letter of PRODCUT upper case PRODUCT_CAP="${PRODUCT^}" LOCALES_URL="https://product-details.mozilla.org/1.0/l10n/$PRODUCT_CAP"; +PRODUCT_URL="https://product-details.mozilla.org/1.0/$PRODUCT.json"; # Exit script on CTRL+C trap "exit" INT +function get_ftp_candidates_url() { + VERSION_WITH_SUFFIX="$1" + echo "$FTP_CANDIDATES_BASE_URL/$VERSION_WITH_SUFFIX-candidates" +} + function check_tarball_source () { TARBALL=$1 # Print out what is going to be done: @@ -73,27 +81,65 @@ fi } -function locales_get() { - TMP_VERSION="$1" - URL_TO_CHECK="${LOCALES_URL}-${TMP_VERSION}" +function get_source_stamp() { + BUILD_ID="$1" + FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION$VERSION_SUFFIX) + FTP_CANDIDATES_JSON_SUFFIX="${BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json" + BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1; + REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp) + SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo) + TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid) + echo "Extending $TAR_STAMP with:" + echo "RELEASE_REPO=${SOURCE_REPO}" + echo "RELEASE_TAG=${REV}" + echo "RELEASE_TIMESTAMP=${TIMESTAMP}" + # We "remove and add" instead of "replace" in case the entries are not there yet + # Removing the old RELEASE_-tags + sed -i "/RELEASE_\(TAG\|REPO\|TIMESTAMP\)=.*/d" "$TAR_STAMP" + # Appending the new + echo "RELEASE_REPO=$SOURCE_REPO" >> "$TAR_STAMP" + echo "RELEASE_TAG=$REV" >> "$TAR_STAMP" + echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP" +} +function get_build_number() { LAST_FOUND="" - # Unfortunately, locales-files are not associated to releases, but to builds. - # And since we don't know which build was the final build, we go from 9 downwards - # try to find the latest one that exists (assuming there are no more than 9 builds). - # Error only if not even the first one exists - for BUILD_ID in $(seq 9 -1 0); do - FINAL_URL="${URL_TO_CHECK}-build${BUILD_ID}.json" - if wget --quiet --spider "$FINAL_URL"; then - LAST_FOUND="$FINAL_URL" - break - fi - done + VERSION_WITH_SUFFIX="$1" + + BUILD_ID=$(curl --silent "$PRODUCT_URL" | jq -e '.["releases"] | .["'$PRODUCT-$VERSION_WITH_SUFFIX'"] | .["build_number"]') + + # Slow fall-back + if [ $? -ne 0 ]; then + echo "Build number not found in product URL, falling back to slow FTP-parsing." 1>&2 + FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION_WITH_SUFFIX) + # Unfortunately, locales-files are not associated to releases, but to builds. + # And since we don't know which build was the final build, we grep them all from + # the candidates-page, sort them and take the last one which should be the oldest + # Error only if not even the first one exists + LAST_FOUND=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/" | grep -o "build[0-9]*/" | sort | uniq | tail -n 1 | cut -d "/" -f 1) + else + LAST_FOUND="build$BUILD_ID" + fi if [ "$LAST_FOUND" != "" ]; then echo "$LAST_FOUND" return 0 else + echo "Error: Could not find build-number for Firefox $VERSION_WITH_SUFFIX !" 1>&2 + return 1 + fi +} + + +function locales_get() { + TMP_VERSION="$1" + BUILD_ID="$2" + URL_TO_CHECK="${LOCALES_URL}-${TMP_VERSION}" + FINAL_URL="${URL_TO_CHECK}-${BUILD_ID}.json" + if wget --quiet --spider "$FINAL_URL"; then + echo "$FINAL_URL" + return 0 + else echo "Error: Could not find locales-file (json) for Firefox $TMP_VERSION !" 1>&2 return 1 fi @@ -107,9 +153,11 @@ } function locales_unchanged() { + BUILD_ID="$1" + PREV_BUILD_ID=$(get_build_number "$PREV_VERSION$PREV_VERSION_SUFFIX") # If no json-file for one of the versions can be found, we say "they changed" - prev_url=$(locales_get "$PREV_VERSION$PREV_VERSION_SUFFIX") || return 1 - curr_url=$(locales_get "$VERSION$VERSION_SUFFIX") || return 1 + prev_url=$(locales_get "$PREV_VERSION$PREV_VERSION_SUFFIX" "$PREV_BUILD_ID") || return 1 + curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID") || return 1 prev_content=$(locales_parse "$prev_url") || exit 1 curr_content=$(locales_parse "$curr_url") || exit 1 @@ -129,11 +177,14 @@ compression='-Ipixz' fi +# Get ID +BUILD_ID=$(get_build_number "$VERSION$VERSION_SUFFIX") + if [ -z ${SKIP_LOCALES+x} ]; then # TODO: Thunderbird has usually "default" as locale entry. # There we probably need to double-check Firefox-locals # For now, just download every time for Thunderbird - if [ "$PRODUCT" = "firefox" ] && [ "$PREV_VERSION" != "" ] && locales_unchanged; then + if [ "$PRODUCT" = "firefox" ] && [ "$PREV_VERSION" != "" ] && locales_unchanged "$BUILD_ID"; then printf "%-40s: Did not change. Skipping.\n" "locales" LOCALES_CHANGED=0 else @@ -167,6 +218,7 @@ echo "extract locale changesets" tar -xf $SOURCE_TARBALL $LOCALE_FILE fi + get_source_stamp "$BUILD_ID" else # We are working on a version that is not yet published on the mozilla mirror # so we have to actually check out the repo @@ -208,10 +260,9 @@ hg update --check $FF_RELEASE_TAG [ "$FF_RELEASE_TAG" == "default" ] || hg update -r $FF_RELEASE_TAG # get repo and source stamp - echo -n "REV=" > ../source-stamp.txt - hg -R . parent --template="{node|short}\n" >> ../source-stamp.txt - echo -n "REPO=" >> ../source-stamp.txt - hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/" >> ../source-stamp.txt + REV=$(hg -R . parent --template="{node|short}\n") + SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/") + TIMESTAMP=$(date +%Y%m%d%H%M%S) if [ "$PRODUCT" = "thunderbird" ]; then pushd comm || exit 1 @@ -221,6 +272,19 @@ fi popd || exit 1 + echo "Extending $TAR_STAMP with:" + echo "RELEASE_REPO=${SOURCE_REPO}" + echo "RELEASE_TAG=${REV}" + echo "RELEASE_TIMESTAMP=${TIMESTAMP}" + + # We "remove and add" instead of "replace" in case the entries are not there yet + # Removing the old RELEASE_-tags + sed -i "/RELEASE_\(TAG\|REPO\|TIMESTAMP\)=.*/d" "$TAR_STAMP" + # Appending the new + echo "RELEASE_REPO=$SOURCE_REPO" >> "$TAR_STAMP" + echo "RELEASE_TAG=$REV" >> "$TAR_STAMP" + echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP" + echo "creating archive..." tar $compression -cf $PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS $PRODUCT-$VERSION fi @@ -267,15 +331,3 @@ echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz" mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz" fi - -# compare-locales -echo "creating compare-locales" -if [ -d compare-locales/.hg ]; then - pushd compare-locales || exit 1 - hg pull - popd || exit 1 -else - hg clone http://hg.mozilla.org/build/compare-locales -fi -tar $compression -cf compare-locales.tar.xz --exclude=.hgtags --exclude=.hgignore --exclude=.hg compare-locales - ++++++ l10n-68.2.2.tar.xz -> l10n-68.3.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-68.2.2.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.4691/l10n-68.3.0.tar.xz differ: char 26, line 1 ++++++ mozilla-bmo849632.patch ++++++ Problem: webGL sites are displayed in the wrong color (usually blue-ish) Solution: Problem is with skia once again. Output of webgl seems endian-correct, but skia only knows how to deal with little endian. So we swizzle the output of webgl after reading it from readpixels() Note: This does not fix all webGL sites, but is a step in the right direction diff -r 6b017d3e9733 gfx/gl/GLContext.h --- a/gfx/gl/GLContext.h Mon Sep 09 10:04:05 2019 +0200 +++ b/gfx/gl/GLContext.h Wed Nov 13 17:13:04 2019 +0100 @@ -1551,6 +1551,13 @@ BEFORE_GL_CALL; mSymbols.fReadPixels(x, y, width, height, format, type, pixels); OnSyncCall(); +#if MOZ_BIG_ENDIAN + uint8_t* itr = (uint8_t*)pixels; + for (GLsizei i = 0; i < width * height; i++) { + NativeEndian::swapToLittleEndianInPlace((uint32_t*)itr, 1); + itr += 4; + } +#endif AFTER_GL_CALL; mHeavyGLCallsSinceLastFlush = true; } ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.8I5Rt1/_old 2019-12-11 12:04:21.424759738 +0100 +++ /var/tmp/diff_new_pack.8I5Rt1/_new 2019-12-11 12:04:21.424759738 +0100 @@ -1,9 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr68" -VERSION="68.2.2" +VERSION="68.3.0" VERSION_SUFFIX="" -RELEASE_TAG="4297fc81fadcf15a10dc8f3835af3996ae991aa0" PREV_VERSION="68.2.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation +RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68"; +RELEASE_TAG="228eab07a730c48763e1cd0ccff9491f66e4580e" +RELEASE_TIMESTAMP="20191129091924" ++++++ thunderbird-68.2.2.source.tar.xz -> thunderbird-68.3.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-68.2.2.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.4691/thunderbird-68.3.0.source.tar.xz differ: char 15, line 1
