Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2023-03-16 22:59:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Thu Mar 16 22:59:08 2023 rev:305 rq:1072474 version:102.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2023-02-19 18:19:20.149623565 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.31432/MozillaThunderbird.changes 2023-03-16 22:59:10.039700265 +0100 @@ -1,0 +2,28 @@ +Sun Mar 12 09:52:40 UTC 2023 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Thunderbird 102.9.0 + * https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes + MFSA 2023-11 (bsc#1209173)) + * CVE-2023-25751 (bmo#1814899) + Incorrect code generation during JIT compilation + * CVE-2023-28164 (bmo#1809122) + URL being dragged from a removed cross-origin iframe into the + same tab triggered navigation + * CVE-2023-28162 (bmo#1811327) + Invalid downcast in Worklets + * CVE-2023-25752 (bmo#1811627) + Potential out-of-bounds when accessing throttled streams + * CVE-2023-28163 (bmo#1817768) + Windows Save As dialog resolved environment variables + * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, + bmo#1817442, bmo#1818674) + Memory safety bugs fixed in Thunderbird 102.9 +- update create-tar.sh +- build using rust 1.67 + +------------------------------------------------------------------- +Tue Mar 7 18:30:09 UTC 2023 - Manfred Hollstein <manfre...@gmx.net> + +- Ensure gcc11-c++ gets used on Leap 15.5, too. + +------------------------------------------------------------------- Old: ---- l10n-102.8.0.tar.xz thunderbird-102.8.0.source.tar.xz thunderbird-102.8.0.source.tar.xz.asc New: ---- l10n-102.9.0.tar.xz thunderbird-102.9.0.source.tar.xz thunderbird-102.9.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.ixINwt/_old 2023-03-16 22:59:29.827797711 +0100 +++ /var/tmp/diff_new_pack.ixINwt/_new 2023-03-16 22:59:29.835797751 +0100 @@ -29,8 +29,8 @@ # major 69 # mainver %major.99 %define major 102 -%define mainver %major.8.0 -%define orig_version 102.8.0 +%define mainver %major.9.0 +%define orig_version 102.9.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} @@ -85,7 +85,7 @@ BuildRequires: dbus-1-glib-devel BuildRequires: fdupes BuildRequires: memory-constraints -%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150400 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150500 BuildRequires: gcc11-c++ %else BuildRequires: gcc-c++ @@ -100,8 +100,8 @@ # minimal requirement: BuildRequires: rust+cargo >= 1.59 # actually used upstream: -BuildRequires: cargo1.63 -BuildRequires: rust1.63 +BuildRequires: cargo1.67 +BuildRequires: rust1.67 %endif %if 0%{useccache} != 0 BuildRequires: ccache @@ -180,7 +180,7 @@ Source7: l10n-%{orig_version}%{orig_suffix}.tar.xz Source9: thunderbird.appdata.xml Source13: spellcheck.js -Source14: https://github.com/openSUSE/firefox-scripts/raw/f4363ab1d76e173666e56408d44fe00af16ddbd8/create-tar.sh +Source14: https://github.com/openSUSE/firefox-scripts/raw/9b77cf0/create-tar.sh Source20: https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/source/%{srcname}-%{orig_version}%{orig_suffix}.source.tar.xz.asc Source21: https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/KEY#/mozilla.keyring # Gecko/Toolkit @@ -334,7 +334,7 @@ export MOZ_TELEMETRY_REPORTING=1 export MOZ_REQUIRE_SIGNING= export MACH_USE_SYSTEM_PYTHON=1 -%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150400 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150500 export CC=gcc-11 %else %if 0%{?clang_build} == 0 ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.ixINwt/_old 2023-03-16 22:59:29.907798105 +0100 +++ /var/tmp/diff_new_pack.ixINwt/_new 2023-03-16 22:59:29.911798126 +0100 @@ -16,10 +16,17 @@ set_internal_variables - check_what_changed + check_what_to_do_with_source_tarballs download_upstream_source_tarballs - create_locales_tarballs + if [ -z ${SKIP_LOCALES+x} ]; then + check_what_to_do_with_locales_tarballs + create_locales_tarballs + else + printf "%-40s: User forced skip (SKIP_LOCALES set)\n" "locales" + fi + + clean_up_old_tarballs } function print_usage_and_exit() { @@ -64,7 +71,9 @@ else FF_LOCALE_FILE="thunderbird-$VERSION/browser/locales/l10n-changesets.json" TB_LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json" - L10N_STRING_PATTERNS="thunderbird-$VERSION/python/l10n/tbxchannel/l10n_merge.py" + FF_PREV_LOCALE_FILE="thunderbird-$PREV_VERSION/browser/locales/l10n-changesets.json" + TB_PREV_LOCALE_FILE="thunderbird-$PREV_VERSION/comm/mail/locales/l10n-changesets.json" + L10N_STRING_PATTERNS="thunderbird-$VERSION/comm/python/l10n/tbxchannel/l10n_merge.py" fi SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz" @@ -93,7 +102,7 @@ local CANDIDATE_TARBALL_LOCATION="" CANDIDATE_TARBALL_LOCATION="$(printf "%s/%s/source/%s" "$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX")" "$BUILD_ID" "$TARBALL" )" if wget --spider "$CANDIDATE_TARBALL_LOCATION" 2> /dev/null; then - echo "Download UNRELEASED candidate" + echo "Download UNRELEASED candidate ($BUILD_ID)" else echo "Mercurial checkout" fi @@ -119,13 +128,13 @@ } function get_source_stamp() { - CURR_BUILD_ID="$1" - FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX") - FTP_CANDIDATES_JSON_SUFFIX="${CURR_BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json" - BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1; - REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp) - SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo) - TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid) + local CURR_BUILD_ID="$1" + local FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX") + local FTP_CANDIDATES_JSON_SUFFIX="${CURR_BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json" + local BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1; + local REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp) + local SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo) + local TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid) echo "Extending $TAR_STAMP with:" echo "RELEASE_REPO=${SOURCE_REPO}" echo "RELEASE_TAG=${REV}" @@ -170,9 +179,9 @@ } function locales_get() { - CURR_PRODUCT="$1" - TMP_VERSION="$2" - CURR_BUILD_ID="$3" + local CURR_PRODUCT="$1" + local TMP_VERSION="$2" + local CURR_BUILD_ID="$3" # Make first letter of CURR_PRODUCT upper case CURR_PRODUCT_CAP="${CURR_PRODUCT^}" URL_TO_CHECK="${LOCALES_URL}/${CURR_PRODUCT_CAP}-${TMP_VERSION}" @@ -216,9 +225,9 @@ } function locales_unchanged() { - CURR_PRODUCT="$1" - CURR_BUILD_ID="$2" - PREV_BUILD_ID=$(get_build_number "$CURR_PRODUCT" "$PREV_VERSION$PREV_VERSION_SUFFIX") + local CURR_PRODUCT="$1" + local CURR_BUILD_ID="$2" + local PREV_BUILD_ID=$(get_build_number "$CURR_PRODUCT" "$PREV_VERSION$PREV_VERSION_SUFFIX") # If no json-file for one of the versions can be found, we say "they changed" prev_url=$(locales_get "$CURR_PRODUCT" "$PREV_VERSION$PREV_VERSION_SUFFIX" "$PREV_BUILD_ID") || return 1 prev_content=$(locales_parse_url "$prev_url") || exit 1 @@ -284,32 +293,10 @@ done } -function check_what_changed() { +function check_what_to_do_with_source_tarballs() { # Get ID BUILD_ID=$(get_build_number "$PRODUCT" "$VERSION$VERSION_SUFFIX") - if [ -z ${SKIP_LOCALES+x} ]; then - LOCALES_CHANGED=1 - if [ "$PREV_VERSION" != "" ]; then - # If we have a previous version, check either FF or (TB and FF) - if [ "$PRODUCT" = "firefox" ]; then - locales_unchanged "$PRODUCT" "$BUILD_ID" - else - FF_BUILD_ID=$(get_build_number "firefox" "$VERSION$VERSION_SUFFIX") - locales_unchanged "$PRODUCT" "$BUILD_ID" && locales_unchanged "firefox" "$FF_BUILD_ID" - fi - LOCALES_CHANGED=$? - fi - - if [ $LOCALES_CHANGED -eq 1 ]; then - printf "%-40s: Need to download.\n" "locales" - else - printf "%-40s: Did not change. Skipping.\n" "locales" - fi - else - printf "%-40s: User forced skip (SKIP_LOCALES set)\n" "locales" - fi - # Check what is going to be done and ask for consent for ff in $SOURCE_TARBALL $SOURCE_TARBALL.asc; do printf "%-40s: %s\n" "$ff" "$(check_tarball_source $ff)" @@ -318,6 +305,47 @@ ask_cont_abort_question "Is this ok?" || exit 0 } +function check_what_to_do_with_locales_tarballs() { + LOCALES_CHANGED=1 + + extract_locales_file + + if [ "$PREV_VERSION" != "" ]; then + # If we have a previous version, check either FF or (TB and FF) + if [ "$PRODUCT" = "firefox" ]; then + locales_unchanged "$PRODUCT" "$BUILD_ID" + else + # Currently, upstream 'forgets' which Firefox-locales get used for which Thunderbird-release upon release + # so, instead of parsing upstream JSON-files, we rely on the previous tarball being there and comparing + # the lang-files directly + # FF_BUILD_ID=$(get_build_number "firefox" "$VERSION$VERSION_SUFFIX") + # locales_unchanged "$PRODUCT" "$BUILD_ID" && locales_unchanged "firefox" "$FF_BUILD_ID" + if [ -e "$PREV_SOURCE_TARBALL" ]; then + echo "extract previous locale changesets" + tar -xf "$PREV_SOURCE_TARBALL" "$FF_PREV_LOCALE_FILE" "$TB_PREV_LOCALE_FILE" + + curr_ff_content=$(locales_parse_file "$FF_LOCALE_FILE") || exit 1 + prev_ff_content=$(locales_parse_file "$FF_PREV_LOCALE_FILE") || exit 1 + curr_tb_content=$(locales_parse_file "$TB_LOCALE_FILE") || exit 1 + prev_tb_content=$(locales_parse_file "$TB_PREV_LOCALE_FILE") || exit 1 + + diff -y --suppress-common-lines -d <(echo "$prev_ff_content") <(echo "$curr_ff_content") || + diff -y --suppress-common-lines -d <(echo "$prev_tb_content") <(echo "$curr_tb_content") + fi + fi + LOCALES_CHANGED=$? + fi + + # New line for better visibility + echo "" + if [ $LOCALES_CHANGED -eq 1 ]; then + printf "%-40s: Need to download.\n" "locales" + ask_cont_abort_question "Is this ok?" || exit 0 + else + printf "%-40s: Did not change. Skipping.\n" "locales" + fi +} + function download_release_or_candidate_file() { local upstream_file="$1" if [ -e "$upstream_file" ]; then @@ -338,9 +366,6 @@ # we might have an upstream archive already and can skip the checkout if [ -e "$SOURCE_TARBALL" ]; then - if [ -z ${SKIP_LOCALES+x} ] && [ $LOCALES_CHANGED -ne 0 ]; then - extract_locales_file - fi get_source_stamp "$BUILD_ID" else # We are working on a version that is not yet published on the mozilla mirror @@ -386,9 +411,9 @@ hg update --check "$FF_RELEASE_TAG" [ "$FF_RELEASE_TAG" == "default" ] || hg update -r "$FF_RELEASE_TAG" # get repo and source stamp - REV=$(hg -R . parent --template="{node|short}\n") - SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/") - TIMESTAMP=$(date +%Y%m%d%H%M%S) + local REV=$(hg -R . parent --template="{node|short}\n") + local SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/") + local TIMESTAMP=$(date +%Y%m%d%H%M%S) if [ "$PRODUCT" = "thunderbird" ]; then pushd comm || exit 1 @@ -412,7 +437,8 @@ echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP" echo "creating archive..." - tar "$compression" -cf "$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz" --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS "$PRODUCT-$VERSION" + tar "$compression" -cf "$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz" --exclude-vcs "$PRODUCT-$VERSION" + ALREADY_EXTRACTED_LOCALES_FILE=1 } function create_locales_tarballs() { @@ -420,7 +446,7 @@ echo "Skipping locales-creation." exit 0 fi - + if [ "$LOCALES_CHANGED" -ne 0 ]; then clone_and_repackage_locales elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then @@ -492,13 +518,11 @@ esac done echo "creating l10n archive..." + local TAR_FLAGS="--exclude-vcs" if [ "$PRODUCT" = "thunderbird" ]; then - TB_TAR_FLAGS="--exclude=suite" + TAR_FLAGS="$TAR_FLAGS --exclude=suite" fi - tar "$compression" -cf "l10n-$VERSION$VERSION_SUFFIX.tar.xz" \ - --exclude=.hgtags --exclude=.hgignore --exclude=.hg \ - "$TB_TAR_FLAGS" \ - "$FINAL_L10N_BASE" + tar "$compression" -cf "l10n-$VERSION$VERSION_SUFFIX.tar.xz" $TAR_FLAGS "$FINAL_L10N_BASE" } function clean_up_old_tarballs() { ++++++ l10n-102.8.0.tar.xz -> l10n-102.9.0.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.ixINwt/_old 2023-03-16 22:59:30.075798933 +0100 +++ /var/tmp/diff_new_pack.ixINwt/_new 2023-03-16 22:59:30.079798953 +0100 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr102" -VERSION="102.8.0" +VERSION="102.9.0" VERSION_SUFFIX="" -PREV_VERSION="102.7.2" +PREV_VERSION="102.8.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102" -RELEASE_TAG="d2f3330ed11584d3f02ba72cf2fbaa397cd5f3f4" -RELEASE_TIMESTAMP="20230214184313" +RELEASE_TAG="db735c436e680abf21cc67f9a29b42fdf30d416d" +RELEASE_TIMESTAMP="20230310165821" ++++++ thunderbird-102.8.0.source.tar.xz -> thunderbird-102.9.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-102.8.0.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.31432/thunderbird-102.9.0.source.tar.xz differ: char 15, line 1