Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2026-01-17 14:51:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Sat Jan 17 14:51:55 2026 rev:378 rq:1327542 version:140.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2025-12-11 18:46:20.326070802 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1928/MozillaThunderbird.changes 2026-01-17 14:52:45.634197688 +0100 @@ -1,0 +2,45 @@ +Thu Jan 15 22:11:28 UTC 2026 - Andreas Stieger <[email protected]> + +- Support using system GnuPG with gpgme 2, boo#1253718 bmo1967121 + add mozilla-bmo1967121.patch + +------------------------------------------------------------------- +Wed Jan 14 06:25:20 UTC 2026 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 140.7.0 ESR + MFSA 2026-05 (bsc#1256340) + * CVE-2026-0877 (bmo#1999257) + Mitigation bypass in the DOM: Security component + * CVE-2026-0878 (bmo#2003989) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2026-0879 (bmo#2004602) + Sandbox escape due to incorrect boundary conditions in the + Graphics component + * CVE-2026-0880 (bmo#2005014) + Sandbox escape due to integer overflow in the Graphics + component + * CVE-2026-0882 (bmo#1924125) + Use-after-free in the IPC component + * CVE-2025-14327 (bmo#1970743) + Spoofing issue in the Downloads Panel component + * CVE-2026-0883 (bmo#1989340) + Information disclosure in the Networking component + * CVE-2026-0884 (bmo#2003588) + Use-after-free in the JavaScript Engine component + * CVE-2026-0885 (bmo#2003607) + Use-after-free in the JavaScript: GC component + * CVE-2026-0886 (bmo#2005658) + Incorrect boundary conditions in the Graphics component + * CVE-2026-0887 (bmo#2006500) + Clickjacking issue, information disclosure in the PDF Viewer + component + * CVE-2026-0890 (bmo#2005081) + Spoofing issue in the DOM: Copy & Paste and Drag & Drop + component + * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, + bmo#2003278) + Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird + ESR 140.7, Firefox 147 and Thunderbird 147 + +------------------------------------------------------------------- Old: ---- l10n-140.6.0esr.tar.xz thunderbird-140.6.0esr.source.tar.xz thunderbird-140.6.0esr.source.tar.xz.asc New: ---- l10n-140.7.0esr.tar.xz mozilla-bmo1967121.patch thunderbird-140.7.0esr.source.tar.xz thunderbird-140.7.0esr.source.tar.xz.asc ----------(New B)---------- New:- Support using system GnuPG with gpgme 2, boo#1253718 bmo1967121 add mozilla-bmo1967121.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.tC52bY/_old 2026-01-17 14:53:01.818872395 +0100 +++ /var/tmp/diff_new_pack.tC52bY/_new 2026-01-17 14:53:01.822872562 +0100 @@ -1,8 +1,8 @@ # # spec file for package MozillaThunderbird # -# Copyright (c) 2025 SUSE LLC and contributors -# Copyright (c) 2006-2025 Wolfgang Rosenauer <[email protected]> +# Copyright (c) 2026 SUSE LLC and contributors +# Copyright (c) 2006-2026 Wolfgang Rosenauer <[email protected]> # Copyright (c) 2025 Tristan Miller <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -30,8 +30,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.6.0 -%define orig_version 140.6.0 +%define mainver %major.7.0 +%define orig_version 140.7.0 %define orig_suffix esr %define update_channel esr %define source_prefix thunderbird-%{orig_version} @@ -211,6 +211,7 @@ Patch20: one_swizzle_to_rule_them_all.patch Patch21: svg-rendering.patch Patch22: thunderbird-silence-no-return.patch +Patch23: mozilla-bmo1967121.patch %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /bin/sh ++++++ l10n-140.6.0esr.tar.xz -> l10n-140.7.0esr.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-140.6.0esr.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1928/l10n-140.7.0esr.tar.xz differ: char 15, line 1 ++++++ mozilla-bmo1967121.patch ++++++ From: Andreas Stieger <[email protected]> Date: Fri, 09 Jan 2026 21:26:35 +0100 Subject: [PATCH] Support gpgme 2 (libgpgme.so.45) References: https://bugzilla.mozilla.org/show_bug.cgi?id=1967121 https://bugzilla.opensuse.org/show_bug.cgi?id=1253718 --- thunderbird-140.5.0/comm/mail/extensions/openpgp/content/modules/GPGMELib.sys.mjs +++ thunderbird-140.5.0/comm/mail/extensions/openpgp/content/modules/GPGMELib.sys.mjs @@ -78,6 +78,14 @@ function loadExternalGPGMELib() { } if (!libgpgme) { + tryLoadGPGME("gpgme", ".45"); + } + + if (!libgpgme) { + tryLoadGPGME("gpgme.45", ""); + } + + if (!libgpgme) { tryLoadGPGME("gpgme", ".11"); } ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.tC52bY/_old 2026-01-17 14:53:02.078883234 +0100 +++ /var/tmp/diff_new_pack.tC52bY/_new 2026-01-17 14:53:02.082883401 +0100 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr140" -VERSION="140.6.0" +VERSION="140.7.0" VERSION_SUFFIX="esr" -REV_VERSION="140.5.0" +REV_VERSION="140.6.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"; -RELEASE_TAG="a9fbb23767a6f5f6b6c07a0b713b18b86a9a169c" -RELEASE_TIMESTAMP="20251208204945" +RELEASE_TAG="baaa8c417478171703450031e7e0529efded6e6d" +RELEASE_TIMESTAMP="20260109054016" ++++++ thunderbird-140.6.0esr.source.tar.xz -> thunderbird-140.7.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-140.6.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1928/thunderbird-140.7.0esr.source.tar.xz differ: char 15, line 1
