commit MozillaThunderbird for openSUSE:Factory

Source-Sync Thu, 04 Jul 2024 07:29:19 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package MozillaThunderbird for 
openSUSE:Factory checked in at 2024-07-04 16:27:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old)
 and      /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.2080 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "MozillaThunderbird"

Thu Jul  4 16:27:26 2024 rev:338 rq:1185328 version:115.12.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes    
2024-06-17 19:33:21.074777794 +0200
+++ 
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.2080/MozillaThunderbird.changes
  2024-07-04 16:28:23.754731144 +0200
@@ -1,0 +2,12 @@
+Tue Jul  2 14:47:02 UTC 2024 - Martin Sirringhaus <martin.sirringh...@suse.com>
+
+- Mozilla Thunderbird 115.12.2
+  * fixed: Annual Thunderbird Beta appeal intended for
+    Thunderbird 115.12.0 did not open as expected (bmo#1898084)
+- Mozilla Thunderbird 115.12.1
+  * 115.12.0 got pulled because of upstream automation process errors
+    and Windows installer signing changes.
+    No code changes, changelog is the same as 115.12.0 (bsc#1226495)
+- Added thunderbird-fix-CVE-2024-34703.patch (bsc#1227239)
+
+-------------------------------------------------------------------

Old:
----
  l10n-115.12.0.tar.xz
  thunderbird-115.12.0.source.tar.xz
  thunderbird-115.12.0.source.tar.xz.asc

New:
----
  l10n-115.12.2.tar.xz
  thunderbird-115.12.2.source.tar.xz
  thunderbird-115.12.2.source.tar.xz.asc
  thunderbird-fix-CVE-2024-34703.patch

BETA DEBUG BEGIN:
  New:    No code changes, changelog is the same as 115.12.0 (bsc#1226495)
- Added thunderbird-fix-CVE-2024-34703.patch (bsc#1227239)
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ MozillaThunderbird.spec ++++++
--- /var/tmp/diff_new_pack.I1tAJW/_old  2024-07-04 16:28:32.007032393 +0200
+++ /var/tmp/diff_new_pack.I1tAJW/_new  2024-07-04 16:28:32.011032539 +0200
@@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          115
-%define mainver        %major.12.0
-%define orig_version   115.12.0
+%define mainver        %major.12.2
+%define orig_version   115.12.2
 %define orig_suffix    %nil
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
@@ -207,6 +207,7 @@
 Patch20:        mozilla-partial-revert-1768632.patch
 Patch21:        mozilla-bmo1775202.patch
 Patch22:        mozilla-rust-disable-future-incompat.patch
+Patch23:        thunderbird-fix-CVE-2024-34703.patch
 %if 0%{?product_libs_llvm_ver} > 17
 # LLVM18 breaks building Firefox ESR:
 Patch30:        mozilla-fix-issues-with-llvm18.patch

++++++ l10n-115.12.0.tar.xz -> l10n-115.12.2.tar.xz ++++++

++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.I1tAJW/_old  2024-07-04 16:28:32.311043491 +0200
+++ /var/tmp/diff_new_pack.I1tAJW/_new  2024-07-04 16:28:32.315043637 +0200
@@ -1,11 +1,11 @@
 PRODUCT="thunderbird"
 CHANNEL="esr115"
-VERSION="115.12.0"
+VERSION="115.12.2"
 VERSION_SUFFIX=""
-PREV_VERSION="115.11.1"
+PREV_VERSION="115.12.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115";
-RELEASE_TAG="c8e74fba9d207152648b517f30da7f391a514a1a"
-RELEASE_TIMESTAMP="20240614163201"
+RELEASE_TAG="629a5c6b8861833f98e4a2c12c250cdd11c3e0b2"
+RELEASE_TIMESTAMP="20240621154414"
 

++++++ thunderbird-115.12.0.source.tar.xz -> thunderbird-115.12.2.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-115.12.0.source.tar.xz
 
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.2080/thunderbird-115.12.2.source.tar.xz
 differ: char 15, line 1

++++++ thunderbird-fix-CVE-2024-34703.patch ++++++
https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a

diff --git a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp 
b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
index bb60bacf7ba..214751b4eb0 100644
--- a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
@@ -334,8 +334,11 @@ std::shared_ptr<EC_Group_Data> 
EC_Group::BER_decode_EC_group(const uint8_t bits[
          .end_cons()
          .verify_end();
 
-      if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p))
-         throw Decoding_Error("Invalid ECC p parameter");
+      if(p.bits() < 112 || p.bits() > 1024)
+         throw Decoding_Error("ECC p parameter is invalid size");
+
+      if(p.is_negative() || !is_bailie_psw_probable_prime(p))
+         throw Decoding_Error("ECC p parameter is not a prime");
 
       if(a.is_negative() || a >= p)
          throw Decoding_Error("Invalid ECC a parameter");

commit MozillaThunderbird for openSUSE:Factory

Reply via email to