Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2021-12-12 00:56:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Sun Dec 12 00:56:10 2021 rev:268 rq:936365 version:91.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2021-11-23 22:12:02.146587145 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.2520/MozillaThunderbird.changes 2021-12-12 00:57:04.318562230 +0100 @@ -1,0 +2,40 @@ +Thu Dec 2 08:55:33 UTC 2021 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 91.4.0 + * several fixes as outlined here + https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes + MFSA 2021-54 (bsc#1193485) + * CVE-2021-43536 (bmo#1730120) + URL leakage when navigating while executing asynchronous + function + * CVE-2021-43537 (bmo#1738237) + Heap buffer overflow when using structured clone + * CVE-2021-43538 (bmo#1739091) + Missing fullscreen and pointer lock notification when + requesting both + * CVE-2021-43539 (bmo#1739683) + GC rooting failure when calling wasm instance methods + * CVE-2021-43541 (bmo#1696685) + External protocol handler parameters were unescaped + * CVE-2021-43542 (bmo#1723281) + XMLHttpRequest error codes could have leaked the existence of + an external protocol handler + * CVE-2021-43543 (bmo#1738418) + Bypass of CSP sandbox directive when embedding + * CVE-2021-43545 (bmo#1720926) + Denial of Service when using the Location API in a loop + * CVE-2021-43546 (bmo#1737751) + Cursor spoofing could overlay user interface when native + cursor is zoomed + * CVE-2021-43528 (bmo#1742579) + JavaScript unexpectedly enabled for the composition area + * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, + bmo#1737009, bmo#1739372, bmo#1739421) + Memory safety bugs fixed in Thunderbird 91.4.0 + +------------------------------------------------------------------- +Thu Nov 25 20:25:29 UTC 2021 - Bj??rn Lie <[email protected]> + +- Drop unused libidl-devel BuildRequires. + +------------------------------------------------------------------- @@ -6,0 +47,2 @@ + * OpenPGP: Botan updated to 2.18.2; addresses CVE-2021-40529 + boo#1189244 Old: ---- l10n-91.3.2.tar.xz thunderbird-91.3.2.source.tar.xz thunderbird-91.3.2.source.tar.xz.asc New: ---- l10n-91.4.0.tar.xz thunderbird-91.4.0.source.tar.xz thunderbird-91.4.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.mvQOL1/_old 2021-12-12 00:57:11.146566919 +0100 +++ /var/tmp/diff_new_pack.mvQOL1/_new 2021-12-12 00:57:11.150566921 +0100 @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 91 -%define mainver %major.3.2 -%define orig_version 91.3.2 +%define mainver %major.4.0 +%define orig_version 91.4.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -104,7 +104,6 @@ %endif BuildRequires: libXcomposite-devel BuildRequires: libcurl-devel -BuildRequires: libidl-devel BuildRequires: mozilla-nspr-devel >= 4.32 BuildRequires: mozilla-nss-devel >= 3.68 BuildRequires: nasm >= 2.14 ++++++ l10n-91.3.2.tar.xz -> l10n-91.4.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-91.3.2.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.2520/l10n-91.4.0.tar.xz differ: char 26, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.mvQOL1/_old 2021-12-12 00:57:11.318567037 +0100 +++ /var/tmp/diff_new_pack.mvQOL1/_new 2021-12-12 00:57:11.318567037 +0100 @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr91" -VERSION="91.3.2" +VERSION="91.4.0" VERSION_SUFFIX="" -PREV_VERSION="91.3.1" +PREV_VERSION="91.3.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"; -RELEASE_TAG="c35def313c0c2bd0341e3e058f862f02390269c4" -RELEASE_TIMESTAMP="20211117150618" +RELEASE_TAG="ab6dfcf3a37bf53aac1a9d632d45ee51047050bb" +RELEASE_TIMESTAMP="20211203141721" ++++++ thunderbird-91.3.2.source.tar.xz -> thunderbird-91.4.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-91.3.2.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.2520/thunderbird-91.4.0.source.tar.xz differ: char 15, line 1
