diff --git a/.gitignore b/.gitignore index 6c87562..70c9d55 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,5 @@ /thunderbird-102.2.1.processed-source.tar.xz /thunderbird-102.3.0.processed-source.tar.xz /thunderbird-langpacks-102.3.0-20220916.tar.xz +/thunderbird-langpacks-102.4.0-20221017.tar.xz +/thunderbird-102.4.0.processed-source.tar.xz diff --git a/D158770.diff b/D158770.diff new file mode 100644 index 0000000..1d76995 --- /dev/null +++ b/D158770.diff @@ -0,0 +1,25 @@ +diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c +--- a/parser/expat/lib/xmlparse.c ++++ b/parser/expat/lib/xmlparse.c +@@ -5652,12 +5652,18 @@ + else + #endif /* XML_DTD */ + { + processor = contentProcessor; + /* see externalEntityContentProcessor vs contentProcessor */ +- return doContent(parser, parentParser ? 1 : 0, encoding, s, end, +- nextPtr, (XML_Bool)!ps_finalBuffer); ++ result = doContent(parser, parser->m_parentParser ? 1 : 0, ++ parser->m_encoding, s, end, nextPtr, ++ (XML_Bool)! parser->m_parsingStatus.finalBuffer); ++ if (result == XML_ERROR_NONE) { ++ if (! storeRawNames(parser)) ++ return XML_ERROR_NO_MEMORY; ++ } ++ return result; + } + } + + static enum XML_Error PTRCALL + errorProcessor(XML_Parser parser, + diff --git a/build-rhel7-lower-node-min-version.patch b/build-rhel7-lower-node-min-version.patch new file mode 100644 index 0000000..3dce244 --- /dev/null +++ b/build-rhel7-lower-node-min-version.patch @@ -0,0 +1,11 @@ +--- thunderbird-102.4.0/python/mozbuild/mozbuild/nodeutil.py.build-rhel7-lower-node-min-version 2022-10-14 21:42:10.000000000 +0200 ++++ thunderbird-102.4.0/python/mozbuild/mozbuild/nodeutil.py 2022-10-17 18:49:44.490667820 +0200 +@@ -13,7 +13,7 @@ from mozboot.util import get_tools_dir + from mozfile import which + from six import PY3 + +-NODE_MIN_VERSION = StrictVersion("10.24.1") ++NODE_MIN_VERSION = StrictVersion("10.24.0") + NPM_MIN_VERSION = StrictVersion("6.14.12") + + diff --git a/rpminspect.yaml b/rpminspect.yaml index a3a776e..38a162f 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -1,11 +1,17 @@ --- +inspections: + # this inspection is taking way too long and causing timeouts + abidiff: off # the badfunc is triggered by inet_addr and inet_ntoa which is in the third party # libraries bundled to firefox sources. badfuncs: ignore: - - /usr/lib*/firefox/libxul.so + - /usr/lib*/thunderbird/libxul.so # We don't plan to build Firefox with the LTO because it brings more problems # than benefits to the package. annocheck: - rhel-policy: --ignore-unknown --verbose --skip-lto --skip-cf-protection --skip-property-note - +runpath: + # rpath to bundled content + allowed_paths: + - /usr/lib64/thunderbird/bundled/lib64 diff --git a/sources b/sources index 6c88fe2..5743069 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (nss-3.79.0-6.el8_1.src.rpm) = 5887d0f306045adf7c6f3389840fff2e2732e5a15ec5e22cf885e578105b54d9e753c237e7730c2d3f0990728b10123c653e8d18a8b8dd0174bfb5b443eab7ef SHA512 (nspr-4.34.0-3.el8_1.src.rpm) = fe4715694c297cd8cefa577946358a90103bde73e78a3fdf13d202a3791736e8a48fbece09ee3d15f6d81ae051e26d96400b03bb6bf8630715746c5e1a643543 SHA512 (cbindgen-vendor.tar.xz) = 590e27b6c093a5c1bd839ca39c68537097d0849087a4a385ee6d7b180e9ceadbbb8974fa997f5f75af03e2c243a2f232d0d4c4c46e253ea464521b76c6886067 -SHA512 (thunderbird-102.3.0.processed-source.tar.xz) = 934807f6630e6ce63fc79eabacd9c80c98f27c7f7888f8d68224d9e7efbc7dbc06890b1d37b0a7b5e3c4a1795e925e2236881db7a6eda6e2d64fa3bb84a30cd3 -SHA512 (thunderbird-langpacks-102.3.0-20220916.tar.xz) = faf682fa8f29c5ecd40b5e59ca6a564c70b44b4c7564432d68efdab3c389dc3cd80e60270dadc7e3f945d44e3f8d65cf28d6f09d65829906618111200f5715b6 +SHA512 (thunderbird-102.4.0.processed-source.tar.xz) = 476adbfea966ea05908dc750615070233345c02a0dc5e037900a77ea83fa8c632faad67257cfc1b5d52604c77a694daa8fdb115ddec2ee223a96a4ad5d1b2bc5 +SHA512 (thunderbird-langpacks-102.4.0-20221017.tar.xz) = 8e24b2da8b846657bb17fb359b0b91828918c2a9568e6a0b3358e13c48ea032ed28cb0a212477666d0dfbfe9a07c1033ecf4c415d9739285983c469e3e0ef4d2 diff --git a/thunderbird.spec b/thunderbird.spec index 7d4959b..f3361a7 100644 --- a/thunderbird.spec +++ b/thunderbird.spec @@ -158,8 +158,8 @@ end} Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird -Version: 102.3.0 -Release: 3%{?dist} +Version: 102.4.0 +Release: 1%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -180,7 +180,7 @@ ExcludeArch: aarch64 s390 ppc #Source0: https://archive.mozilla.org/pub/thunderbird/releases/%{version}%{?pre_version}/source/thunderbird-%{version}%{?pre_version}.processed-source.tar.xz Source0: thunderbird-%{version}%{?pre_version}.processed-source.tar.xz %if %{build_langpacks} -Source1: thunderbird-langpacks-%{version}-20220916.tar.xz +Source1: thunderbird-langpacks-%{version}-20221017.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball @@ -214,6 +214,7 @@ Patch73: build-ascii-decode-fail-rhel7.patch Patch75: build-big-endian-errors.patch Patch76: firefox-nss-version.patch Patch77: mozilla-1775202.patch +Patch78: build-rhel7-lower-node-min-version.patch # Fedora specific patches Patch215: firefox-enable-addons.patch @@ -237,6 +238,7 @@ Patch421: mozilla-s390-context.patch Patch422: mozilla-s390x-skia-gradient.patch Patch423: one_swizzle_to_rule_them_all.patch Patch424: svg-rendering.patch +Patch425: D158770.diff # PGO/LTO patches Patch600: pgo.patch @@ -447,52 +449,76 @@ BuildRequires: gcc-toolset-12-annobin-plugin-gcc %endif %endif + # Bundled libraries Provides: bundled(angle) +Provides: bundled(audioipc-2) +Provides: bundled(brotli) +Provides: bundled(bzip2) Provides: bundled(cairo) +Provides: bundled(cfworker) +Provides: bundled(d3.js) +Provides: bundled(double-conversion) +Provides: bundled(expat) +Provides: bundled(fdlibm) +Provides: bundled(ffvpx) +Provides: bundled(freetype2) Provides: bundled(graphite2) Provides: bundled(harfbuzz) -Provides: bundled(ots) -Provides: bundled(sfntly) -Provides: bundled(skia) -Provides: bundled(thebes) -Provides: bundled(WebRender) -Provides: bundled(audioipc-2) -Provides: bundled(ffvpx) +Provides: bundled(highway) +Provides: bundled(intgemm) +Provides: bundled(json-c) Provides: bundled(kissfft) Provides: bundled(libaom) Provides: bundled(libcubeb) Provides: bundled(libdav1d) +Provides: bundled(libgcrypt) +Provides: bundled(libgpg-error) Provides: bundled(libjpeg) +Provides: bundled(libjxl) +Provides: bundled(libjxl) +Provides: bundled(libmar) Provides: bundled(libmkv) Provides: bundled(libnestegg) Provides: bundled(libogg) Provides: bundled(libopus) +Provides: bundled(libotr) Provides: bundled(libpng) +Provides: bundled(libprio) Provides: bundled(libsoundtouch) Provides: bundled(libspeex_resampler) +Provides: bundled(libsrtp) Provides: bundled(libtheora) Provides: bundled(libtremor) Provides: bundled(libvorbis) Provides: bundled(libvpx) Provides: bundled(libwebp) +Provides: bundled(libwebrtc) Provides: bundled(libyuv) Provides: bundled(mp4parse-rust) +Provides: bundled(mp4parse-rust) +Provides: bundled(msgpack-c) +Provides: bundled(msgpack-c) Provides: bundled(mtransport) +Provides: bundled(niwcompat) Provides: bundled(openmax_dl) -Provides: bundled(double-conversion) -Provides: bundled(brotli) -Provides: bundled(fdlibm) -Provides: bundled(freetype2) -Provides: bundled(libmar) +Provides: bundled(openmax_il) +Provides: bundled(openmax_il) +Provides: bundled(ots) +Provides: bundled(qcms) +Provides: bundled(rlbox_sandboxing_api) +Provides: bundled(rnp) +Provides: bundled(sfntly) +Provides: bundled(sipcc) +Provides: bundled(skia) +Provides: bundled(sqlite3) +Provides: bundled(thebes) +Provides: bundled(wasm2c) +Provides: bundled(WebRender) Provides: bundled(woff2) Provides: bundled(xz-embedded) +Provides: bundled(ycbcr) Provides: bundled(zlib) -Provides: bundled(expat) -Provides: bundled(msgpack-c) -Provides: bundled(libprio) -Provides: bundled(rlbox_sandboxing_api) -Provides: bundled(sqlite3) %if 0%{?bundle_nss} Provides: bundled(nss) = 3.79.0 @@ -551,6 +577,9 @@ echo "use_rustts %{?use_rustts}" %patch77 -p1 -b .mozilla-1775202 %patch73 -p1 -b .build-ascii-decode-fail-rhel7 +%if 0%{?rhel} == 7 +%patch78 -p1 -b .build-rhel7-lower-node-min-version +%endif # Test patches @@ -577,6 +606,7 @@ echo "use_rustts %{?use_rustts}" %patch422 -p1 -b .mozilla-s390x-skia-gradient %patch423 -p1 -b .one_swizzle_to_rule_them_all %patch424 -p1 -b .svg-rendering +%patch425 -p1 -b .D158770.diff # PGO patches %if %{build_with_pgo} @@ -1198,6 +1228,12 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #=============================================================================== %changelog +* Mon Oct 17 2022 Eike Rathke - 102.4.0-1 +- Update to 102.4.0 build1 + +* Wed Oct 12 2022 Jan Horak - 102.3.0-4 +- Fix for expat CVE-2022-40674 + * Fri Sep 16 2022 Jan Horak - 102.3.0-3 - Update to 102.3.0 build1