Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaThunderbird

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 886906 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 253) 
- Mozilla Thunderbird 78.10.0
  MFSA 2021-14 (bsc#1184960)
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29948 (bmo#1692899)
    Race condition when reading from disk while verifying
    signatures
- recommend libotr5
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 884316 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 252) 
- Mozilla Thunderbird 78.9.1
  * Support recipient aliases for OpenPGP encryption
  * The key and signature parts of the message security popup on a
    received message could not be selected for copy/paste
  * Various UX and theme improvements
  MFSA 2021-13
  * CVE-2021-23991 (bmo#1673240)
    An attacker may use Thunderbird's OpenPGP key refresh mechanism
    to poison an existing key
  * MOZ-2021-23992 (bmo#1666236)
    A crafted OpenPGP key with an invalid user ID could be used to
    confuse the user
  * CVE-2021-23993 (bmo#1666360)
    Inability to send encrypted OpenPGP email after importing a
    crafted OpenPGP key
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 881213 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 251) 
- Mozilla Thunderbird 78.9.0
  * bugfixes:
    https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes
  MFSA 2021-12 (boo#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * MOZ-2021-0002 (bmo#1691547)
    Angle graphics library out of date
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 878160 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 250) 
- Mozilla Thunderbird 78.8.1
  * several bugfixes and improvements
  * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/
- updated create-tar.sh (bsc#1182357)
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 874775 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 249) 
- Mozilla Thunderbird 78.8.0
  * various bugfixes
  MFSA 2021-09 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23973 (bmo#1690976)
    MediaError message property could have leaked information
    about cross-origin resources
  * CVE-2021-23978 (bmo#786797, bmo#1682928, bmo#1687391,
    bmo#1687597)
    Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 869925 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 248) 
- Mozilla Thunderbird 78.7.1
  * CardDAV address books now support OAuth2 and Google Contacts
  * Thunderbird will no longer allow installation of addons that
    use legacy APIs
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 867009 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 247) 
- Mozilla Thunderbird 78.7.0
  MFSA 2021-05 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2020-15685 (bmo#1622640)
    IMAP Response Injection when using STARTTLS
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
    bmo#1685260, bmo#1685925)
    Memory safety bugs fixed in Thunderbird 78.7

- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
  rpm versions in TW remove everything there as the first action
  of %install
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 862980 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 246) 
- Mozilla Thunderbird 78.6.1
  MFSA 2021-02 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO SCTP
    chunk
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 856497 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 245) 
- Mozilla Thunderbird 78.6.0
  * changes and additions in MailExtensions
  * several bugfixes
  * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
  MFSA 2020-56 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Thunderbird 78.6
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 852686 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 244) 
- Mozilla Thunderbird 78.5.1
  MFSA 2020-53 (bsc#1179530)
  * CVE-2020-26970 (bmo#1677338)
    Stack overflow due to incorrect parsing of SMTP server response codes
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 849310 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 243) 
- Mozilla Thunderbird 78.5.0
  MFSA 2020-52 (bsc#1178894)
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security
    UI
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions
  * CVE-2020-26959 (bmo#1669466)
    Use-after-free in WebRequestService
  * CVE-2020-26960 (bmo#1670358)
    Potential use-after-free in uses of nsTArray
  * CVE-2020-15999 (bmo#1672223)
    Heap buffer overflow in freetype
  * CVE-2020-26961 (bmo#1672528)
    DoH did not filter IPv4 mapped IP Addresses
  * CVE-2020-26965 (bmo#1661617)
    Software keyboards may have remembered typed passwords
  * CVE-2020-26966 (bmo#1663571)
    Single-word search queries were also broadcast to local
    network
  * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 847757 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 242) 
Please give this a try with rust 1.47. The patch is taken from the Fedora repo to fix the build.
I cannot test locally unfortunately.
(Please note that TB 78.4.3 is currently not fully released upstream but in the pipeline as RC but it most likely means that the source check service fails.)

- Mozilla Thunderbird 78.4.3
  https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/
- added mozilla-rust-1.47.patch to fix build with rust 1.47

- Mozilla Thunderbird 78.4.2
  MFSA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

- Mozilla Thunderbird 78.4.1
  * Bugfixes and minor features
    https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 843275 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 241) 
- Mozilla Thunderbird 78.4.0
  * MailExtensions: browser.tabs.sendMessage API added
  * MailExtensions: messageDisplayScripts API added
  * Yahoo and AOL mail users using password authentication will be
    migrated to OAuth2
  * MailExtensions: messageDisplay APIs extended to support multiple
    selected messages
  * MailExtensions: compose.begin functions now support creating a
    message with attachments
  * multiple bugfixes
  MFSA 2020-47 (bsc#1177872)
  * CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760,
    bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 842109 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 240) 
- Mozilla Thunderbird 78.3.3
  * OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP message status icons were not visible in message header pane
  * OpenPGP Key Manager was missing from Tools menu on macOS
  * Creating a new calendar event did not require an event title
- remove python2 dependencies for TW
- support wayland mode/autodetection in startup wrapper
- replace some Requires to use requires_ge macro where appropriate
- improve langpack build (as already used for Firefox)
- add ccache statistics output to build
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 840001 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 239) 
- Mozilla Thunderbird 78.3.2
  * OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP: Encrypted messages with international characters were
    sometimes displayed incorrectly
  * Single-click deletion of recipient pills with middle mouse
    button restored
  * Searching an address book list did not display results
  * Dark mode, high contrast, and Windows theming fixes
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 838449 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 238) 
- Mozilla Thunderbird 78.3.1
  * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)

- Mozilla Thunderbird 78.3.0
  MFSA 2020-44 (bsc#1176756)
  * CVE-2020-15677 (bmo#1641487)
    Download origin spoofing via redirect
  * CVE-2020-15676 (bmo#1646140)
    XSS when pasting attacker-controlled data into a
    contenteditable element
  * CVE-2020-15678 (bmo#1660211)
    When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-
    free scenario
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
    Memory safety bugs fixed in Thunderbird 78.3
- requires NSPR >= 4.25.1
- removed obsolete thunderbird-bmo1664607.patch

- Mozilla Thunderbird 78.2.2
  https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
- added thunderbird-bmo1664607.patch required for builds w/o updater
  (boo#1176384)

- Mozilla Thunderbird 78.2.1
  * based on Mozilla's 78 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
  * built-in OpenPGP support (enigmail neither required nor supported)
- added platform patches:
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 832601 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 237) 
Automatic submission by obs-autosubmit
Displaying revisions 81 - 100 of 334
openSUSE Build Service is sponsored by
Places