Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package MozillaThunderbird for
openSUSE:Factory checked in at 2022-02-13 19:50:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old)
and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird"
Sun Feb 13 19:50:37 2022 rev:273 rq:953831 version:91.6.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes
2022-01-29 21:01:06.171069032 +0100
+++
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1956/MozillaThunderbird.changes
2022-02-13 19:50:59.894205587 +0100
@@ -1,0 +2,39 @@
+Sat Feb 5 14:11:31 UTC 2022 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- Mozilla Thunderbird 91.6.0
+ * TB will now offer to send large forwarded attachments via FileLink
+ * Partially signed unencrypted messages displayed an incorrect
+ "parrtially encrypted" notification
+ * Attachments filenames were not sanitized before saving to disk
+ * In the attachment bar, the "Import OpenPGP Key" item displayed
+ for public keys displayed an error and did not import the key
+ * "Open with" attachment dialog did not have a selected radio
+ button option
+ MFSA 2022-06 (bsc#1195682)
+ * CVE-2022-22753 (bmo#1732435)
+ Privilege Escalation to SYSTEM on Windows via Maintenance
+ Service
+ * CVE-2022-22754 (bmo#1750565)
+ Extensions could have bypassed permission confirmation during
+ update
+ * CVE-2022-22756 (bmo#1317873)
+ Drag and dropping an image could have resulted in the dropped
+ object being an executable
+ * CVE-2022-22759 (bmo#1739957)
+ Sandboxed iframes could have executed script if the parent
+ appended elements
+ * CVE-2022-22760 (bmo#1740985, bmo#1748503)
+ Cross-Origin responses could be distinguished between script
+ and non-script content-types
+ * CVE-2022-22761 (bmo#1745566)
+ frame-ancestors Content Security Policy directive was not
+ enforced for framed extension pages
+ * CVE-2022-22763 (bmo#1740534)
+ Script Execution during invalid object state
+ * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
+ bmo#1748210, bmo#1748279)
+ Memory safety bugs fixed in Thunderbird 91.6
+- do not use ccache by default
+- removed obsolete mozilla-bmo1745560.patch
+
+-------------------------------------------------------------------
Old:
----
l10n-91.5.1.tar.xz
mozilla-bmo1745560.patch
thunderbird-91.5.1.source.tar.xz
thunderbird-91.5.1.source.tar.xz.asc
New:
----
l10n-91.6.0.tar.xz
thunderbird-91.6.0.source.tar.xz
thunderbird-91.6.0.source.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaThunderbird.spec ++++++
--- /var/tmp/diff_new_pack.0sjZOu/_old 2022-02-13 19:51:11.522236564 +0100
+++ /var/tmp/diff_new_pack.0sjZOu/_new 2022-02-13 19:51:11.534236596 +0100
@@ -2,7 +2,7 @@
# spec file
#
# Copyright (c) 2022 SUSE LLC
-# 2006-2021 Wolfgang Rosenauer <w...@rosenauer.org>
+# 2006-2022 Wolfgang Rosenauer <w...@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 91
-%define mainver %major.5.1
-%define orig_version 91.5.1
+%define mainver %major.6.0
+%define orig_version 91.6.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}
@@ -38,9 +38,6 @@
# upstream default is clang (to use gcc for large parts set to 0)
%define clang_build 0
-# PIE, full relro
-%define build_hardened 1
-
%bcond_with only_print_mozconfig
%bcond_without mozilla_tb_kde4
@@ -48,7 +45,7 @@
%bcond_without mozilla_tb_optimize_for_size
# define if ccache should be used or not
-%define useccache 1
+%define useccache 0
# Firefox only supports i686
%ifarch %ix86
@@ -207,7 +204,6 @@
Patch29: mozilla-silence-no-return-type.patch
Patch30: mozilla-bmo531915.patch
Patch31: mozilla-bmo1724679.patch
-Patch32: mozilla-bmo1745560.patch
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /bin/sh
@@ -310,7 +306,6 @@
%patch29 -p1
%patch30 -p1
%patch31 -p1
-%patch32 -p1
%endif
%build
@@ -366,9 +361,7 @@
# Limit RAM usage during link
export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
%endif
-%if 0%{?build_hardened}
export LDFLAGS="${LDFLAGS} -fPIC -Wl,-z,relro,-z,now"
-%endif
%ifarch ppc64 ppc64le
%if 0%{?clang_build} == 0
export CFLAGS="$CFLAGS -mminimal-toc"
@@ -530,9 +523,10 @@
>> %{_tmppath}/translations.$_l10ntarget
' -- {}
%endif
-
+%if 0%{useccache} != 0
ccache -s
%endif
+%endif
%install
cd $RPM_BUILD_DIR/obj
++++++ l10n-91.5.1.tar.xz -> l10n-91.6.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-91.5.1.tar.xz
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1956/l10n-91.6.0.tar.xz
differ: char 27, line 1
++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.0sjZOu/_old 2022-02-13 19:51:11.778237246 +0100
+++ /var/tmp/diff_new_pack.0sjZOu/_new 2022-02-13 19:51:11.778237246 +0100
@@ -1,11 +1,11 @@
PRODUCT="thunderbird"
CHANNEL="esr91"
-VERSION="91.5.1"
+VERSION="91.6.0"
VERSION_SUFFIX=""
-PREV_VERSION="91.5.0"
+PREV_VERSION="91.5.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91";
-RELEASE_TAG="46a4af6b62978ae76a41fcf57bc3309c4d9bb22e"
-RELEASE_TIMESTAMP="20220120011414"
+RELEASE_TAG="676bfbddd4b3ed77f818b6b07d9d8a79c61be4da"
+RELEASE_TIMESTAMP="20220204195633"
++++++ thunderbird-91.5.1.source.tar.xz -> thunderbird-91.6.0.source.tar.xz
++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-91.5.1.source.tar.xz
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1956/thunderbird-91.6.0.source.tar.xz
differ: char 15, line 1
