openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaThunderbird

Dominique Leuenberger (dimstar_suse) accepted request 720733 from

Wolfgang Rosenauer (wrosenauer) almost 5 years ago (revision 215)

Dominique Leuenberger (dimstar_suse) accepted request 714774 from

Wolfgang Rosenauer (wrosenauer) almost 5 years ago (revision 214)

- Generate langpacks sequentially to avoid file corruption
  from racy file writes (boo#1137970)

- Mozilla Thunderbird 60.8.0
  * Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
  MFSA 2019-23   (boo#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having the
    same-origin
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and

Dominique Leuenberger (dimstar_suse) accepted request 711281 from

Wolfgang Rosenauer (wrosenauer) almost 5 years ago (revision 213)

- Mozilla Thunderbird 60.7.2
  MFSA 2019-20 (boo#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

Dominique Leuenberger (dimstar_suse) accepted request 709837 from

Wolfgang Rosenauer (wrosenauer) almost 5 years ago (revision 212)

(also updated keyring)
- Mozilla Thunderbird 60.7.1
  * fixed: No prompt for smartcard PIN when S/MIME signing is used
  MFSA 2019-17 (boo#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c

- Increase disk space requirements in _constraints.

Dominique Leuenberger (dimstar_suse) accepted request 705454 from

Wolfgang Rosenauer (wrosenauer) about 5 years ago (revision 211)

- Mozilla Thunderbird 60.7.0
  * Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut
  MFSA 2019-15 (boo#1135824)
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196) (Windows only)
    Uninitialized memory memory leakage in Windows sandbox

Yuchen Lin (maxlin_factory) accepted request 697648 from

Wolfgang Rosenauer (wrosenauer) about 5 years ago (revision 210)

Dominique Leuenberger (dimstar_suse) accepted request 690073 from

Wolfgang Rosenauer (wrosenauer) about 5 years ago (revision 209)

old patch was missing a piece

- Add patch to fix build using rust-1.33: (boo#1130694)
  * mozilla-bmo1519629.patch (bmo#1519629)

Dominique Leuenberger (dimstar_suse) accepted request 689134 from

Wolfgang Rosenauer (wrosenauer) about 5 years ago (revision 208)

- Mozilla Thunderbird 60.6.1
  MFSA 2019-12 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

Dominique Leuenberger (dimstar_suse) accepted request 687466 from

Wolfgang Rosenauer (wrosenauer) about 5 years ago (revision 207)

- Mozilla Thunderbird 60.6.0
  * Calendar: Can't create repeating event with end date when using
    certain time zones, for example Europe/Minsk
  * some minor bugfixes
  * using 60.6.0esr Mozilla platform (bsc#1129821)

- Mozilla Thunderbird 60.5.3
  * fixed a regression on the Windows platform:
    Problem when using "Send to > Mail recipient" on Windows

Dominique Leuenberger (dimstar_suse) accepted request 680129 from

Wolfgang Rosenauer (wrosenauer) about 5 years ago (revision 206)

- Mozilla Thunderbird 60.5.2
  * UTF-8 support for MAPISendMail
  * Problem with S/MIME certificate verification when receiving email
    from Outlook (issue introduced in version 60.5.1)

Stephan Kulow (coolo) accepted request 676696 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 205)

- Mozilla Thunderbird 60.5.1
  * CalDav access to some servers not working
  MFSA 2019-06 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18335 bmo#1525815
    Buffer overflow in Skia with accelerated Canvas 2D
  * CVE-2018-18509 bmo#1507218
    S/MIME signature spoofing

- Mozilla Thunderbird 60.5.0:

Stephan Kulow (coolo) accepted request 669999 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 204)

- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
  MFSA 2019-03 (bsc#1122983)
  * CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches

  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295

Dominique Leuenberger (dimstar_suse) accepted request 664269 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 203)

So far no security information posted on https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
But as always there are semi-relevant changes from the Gecko 60.4 baseline. Many times not directly affecting TB

- Mozilla Thunderbird 60.4.0:
  * New WebExtensions FileLink API to facilitate add-ons
  * Fix decoding problems for messages with less common charsets
    (cp932, cp936)
  * New messages in the drafts folder (and other special or virtual
    folders) will no longer be included in the new messages
    notification
- requires NSS 3.36.6

Dominique Leuenberger (dimstar_suse) accepted request 655853 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 202)

- Mozilla Thunderbird 60.3.3
  * Thunderbird 60 will migrate security databases (key3.db, cert8.db
    to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
    fault that potentially deleted saved passwords and private certificate
    keys for users using a master password. Version 60.3.3 will prevent
    the loss of data; affected users who have already upgraded to version
    60.3.2 or earlier can restore the deleted key3.db file from backup
    to complete the migration.
  * Address book search and auto-complete slowness introduced in
    Thunderbird 60.3.2
  * Plain text markup with * for bold, / for italics, _ for underline
    and | for code did not work when the enclosed text contained
    non-ASCII characters
  * While composing a message, a link not removed when link location
    was removed in the link properties panel

Dominique Leuenberger (dimstar_suse) accepted request 653563 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 201)

Dominique Leuenberger (dimstar_suse) accepted request 649480 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 200)

- Mozilla Thunderbird 60.3.1:
  * Double-clicking on a word in the Write window sometimes
    launched the Advanced Property Editor or Link Properties dialog
  * Fixe Cookie removal
  * "Download rest of message" was not working if global inbox was
     used
  * Fix Encoding problems for users (especially in Poland) when a
    file was sent via a folder using "Sent to > Mail recipient"
    due to a problem in the Thunderbird MAPI interface
  * According to RFC 4616 and RFC 5721, passwords containing
    non-ASCII characters are encoded using UTF-8 which can lead to
    problems with non-compliant providers, for example
    office365.com. The SMTP LOGIN and POP3 USER/PASS
    authentication methods are now using a Latin-1 encoding again
    to work around this issue
  * Fix shutdown crash/hang after entering an empty IMAP password

Dominique Leuenberger (dimstar_suse) accepted request 645920 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 199)

- update to Thunderbird 60.3.0
  * various theme fixes
  * Shift+PageUp/PageDown in Write window
  * Gloda attachment filtering
  * Mailing list address auto-complete enter/return handling
  * Thunderbird hung if HTML signature references non-existent image
  * Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
  (Firefox ESR release). In general, these flaws cannot be exploited
  through email in Thunderbird because scripting is disabled when
  reading mail, but are potentially risks in browser or browser-like
  contexts (MFSA 2018-28) (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
    Memory safety bugs fixed in Firefox ESR 60.3
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

- Update _constraints for armv6/7

- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch

Dominique Leuenberger (dimstar_suse) accepted request 641723 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 198)

Dominique Leuenberger (dimstar_suse) accepted request 640048 from

Wolfgang Rosenauer (wrosenauer) over 5 years ago (revision 197)

Dominique Leuenberger (dimstar_suse) accepted request 636364 from