Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2023-02-19 18:19:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.22824 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Sun Feb 19 18:19:17 2023 rev:304 rq:1066604 version:102.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2023-02-09 16:22:15.286418640 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.22824/MozillaThunderbird.changes 2023-02-19 18:19:20.149623565 +0100 @@ -1,0 +2,38 @@ +Wed Feb 15 07:46:58 UTC 2023 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Thunderbird 102.8.0 + * https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes + MFSA 2023-07 (bsc#1208144) + * CVE-2023-0616 (bmo#1806507) + User Interface lockup with messages combining S/MIME and OpenPGP + * CVE-2023-25728 (bmo#1790345) + Content security policy leak in violation reports using iframes + * CVE-2023-25730 (bmo#1794622) + Screen hijack via browser fullscreen mode + * CVE-2023-0767 (bmo#1804640) + Arbitrary memory write via PKCS 12 in NSS + * CVE-2023-25735 (bmo#1810711) + Potential use-after-free from compartment mismatch in SpiderMonkey + * CVE-2023-25737 (bmo#1811464) + Invalid downcast in SVGUtils::SetupStrokeGeometry + * CVE-2023-25738 (bmo#1811852) + Printing on Windows could potentially crash Thunderbird with + some device drivers + * CVE-2023-25739 (bmo#1811939) + Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext + * CVE-2023-25729 (bmo#1792138) + Extensions could have opened external schemes without user knowledge + * CVE-2023-25732 (bmo#1804564) + Out of bounds memory write from EncodeInputStream + * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338) + Opening local .url files could cause unexpected network loads + * CVE-2023-25742 (bmo#1813424) + Web Crypto ImportKey crashes tab + * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628, + bmo#1810536) + Memory safety bugs fixed in Thunderbird 102.8 +- requires + NSPR >= 4.34.1 + NSS >= 3.79.4 + +------------------------------------------------------------------- Old: ---- l10n-102.7.2.tar.xz thunderbird-102.7.2.source.tar.xz thunderbird-102.7.2.source.tar.xz.asc New: ---- l10n-102.8.0.tar.xz thunderbird-102.8.0.source.tar.xz thunderbird-102.8.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.TMU9bu/_old 2023-02-19 18:19:29.657683979 +0100 +++ /var/tmp/diff_new_pack.TMU9bu/_new 2023-02-19 18:19:29.661684005 +0100 @@ -29,8 +29,8 @@ # major 69 # mainver %major.99 %define major 102 -%define mainver %major.7.2 -%define orig_version 102.7.2 +%define mainver %major.8.0 +%define orig_version 102.8.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -108,8 +108,8 @@ %endif BuildRequires: libXcomposite-devel BuildRequires: libcurl-devel -BuildRequires: mozilla-nspr-devel >= 4.34 -BuildRequires: mozilla-nss-devel >= 3.79 +BuildRequires: mozilla-nspr-devel >= 4.34.1 +BuildRequires: mozilla-nss-devel >= 3.79.4 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 ++++++ l10n-102.7.2.tar.xz -> l10n-102.8.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-102.7.2.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.22824/l10n-102.8.0.tar.xz differ: char 26, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.TMU9bu/_old 2023-02-19 18:19:29.897685504 +0100 +++ /var/tmp/diff_new_pack.TMU9bu/_new 2023-02-19 18:19:29.905685555 +0100 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr102" -VERSION="102.7.2" +VERSION="102.8.0" VERSION_SUFFIX="" -PREV_VERSION="102.7.1" +PREV_VERSION="102.7.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"; -RELEASE_TAG="0f6deed0752b618055c34e06c268af3da9d1548d" -RELEASE_TIMESTAMP="20230206162758" +RELEASE_TAG="d2f3330ed11584d3f02ba72cf2fbaa397cd5f3f4" +RELEASE_TIMESTAMP="20230214184313" ++++++ thunderbird-102.7.2.source.tar.xz -> thunderbird-102.8.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-102.7.2.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.22824/thunderbird-102.8.0.source.tar.xz differ: char 15, line 1
