import thunderbird-91.13.0-1.el8_6

This commit is contained in:
CentOS Sources 2022-09-27 07:57:06 -04:00 committed by Stepan Oksanichenko
parent 22c4da901e
commit ec60539bd9
7 changed files with 192 additions and 66 deletions

4
.gitignore vendored
View File

@ -1,5 +1,5 @@
SOURCES/cbindgen-vendor.tar.xz
SOURCES/nspr-4.32.0-1.el8_1.src.rpm
SOURCES/nss-3.67.0-7.el8_1.src.rpm
SOURCES/thunderbird-91.4.0.processed-source.tar.xz
SOURCES/thunderbird-langpacks-91.4.0-20211201.tar.xz
SOURCES/thunderbird-91.13.0.processed-source.tar.xz
SOURCES/thunderbird-langpacks-91.13.0-20220819.tar.xz

View File

@ -1,5 +1,5 @@
c822547dbc12e2baebdfdfb38b665e23f0c2513a SOURCES/cbindgen-vendor.tar.xz
b5fd1332d8e0d37339ae170c7bebcb63a40b22e0 SOURCES/nspr-4.32.0-1.el8_1.src.rpm
8fff814901e03c2518ede2f8992d898f5ba61ed9 SOURCES/nss-3.67.0-7.el8_1.src.rpm
d24c56caa08e29c90b8e1872fa94d7413218b347 SOURCES/thunderbird-91.4.0.processed-source.tar.xz
b31f3a5df2446bf64e16ffe88b0bb5e0e981249e SOURCES/thunderbird-langpacks-91.4.0-20211201.tar.xz
4def481a0e18a393bc756888f3da179187272fcf SOURCES/thunderbird-91.13.0.processed-source.tar.xz
7a3d28c5d6f3266cacad2e42ca9c2cc9b90dd27e SOURCES/thunderbird-langpacks-91.13.0-20220819.tar.xz

View File

@ -0,0 +1,49 @@
diff -up thunderbird-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 thunderbird-91.7.0/parser/expat/lib/xmltok.c
--- thunderbird-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 2022-03-02 17:57:38.364361168 +0100
+++ thunderbird-91.7.0/parser/expat/lib/xmltok.c 2022-03-02 17:58:22.235512399 +0100
@@ -65,13 +65,6 @@
+ ((((byte)[2]) >> 5) & 1)] \
& (1u << (((byte)[2]) & 0x1F)))
-#define UTF8_GET_NAMING(pages, p, n) \
- ((n) == 2 \
- ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
- : ((n) == 3 \
- ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
- : 0))
-
/* Detection of invalid UTF-8 sequences is based on Table 3.1B
of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
with the additional restriction of not allowing the Unicode
diff -up thunderbird-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 thunderbird-91.7.0/parser/expat/lib/xmltok_impl.c
--- thunderbird-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 2022-03-02 17:57:38.365361172 +0100
+++ thunderbird-91.7.0/parser/expat/lib/xmltok_impl.c 2022-03-02 18:04:51.240853247 +0100
@@ -34,7 +34,7 @@
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NAME_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -62,7 +62,7 @@
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, c
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
+ if (IS_INVALID_CHAR(enc, ptr, n)) { \
+ *nextTokPtr = ptr; \
+ return XML_TOK_INVALID; \
+ } \
if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
ptr += n; \
tok = XML_TOK_NAME; \

View File

@ -0,0 +1,40 @@
diff -up thunderbird-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25236 thunderbird-91.7.0/parser/expat/lib/xmlparse.c
--- thunderbird-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25236 2022-03-02 18:08:40.085642028 +0100
+++ thunderbird-91.7.0/parser/expat/lib/xmlparse.c 2022-03-02 18:13:31.838667958 +0100
@@ -700,8 +700,7 @@ XML_ParserCreate(const XML_Char *encodin
XML_Parser XMLCALL
XML_ParserCreateNS(const XML_Char *encodingName, XML_Char nsSep)
{
- XML_Char tmp[2];
- *tmp = nsSep;
+ XML_Char tmp[2] = {nsSep, 0};
return XML_ParserCreate_MM(encodingName, NULL, tmp);
}
#endif
@@ -1276,8 +1275,7 @@ XML_ExternalEntityParserCreate(XML_Parse
would be otherwise.
*/
if (ns) {
- XML_Char tmp[2];
- *tmp = namespaceSeparator;
+ XML_Char tmp[2] = {parser->m_namespaceSeparator, 0};
parser = parserCreate(encodingName, &parser->m_mem, tmp, newDtd);
}
else {
@@ -3667,6 +3665,16 @@ addBinding(XML_Parser parser, PREFIX *pr
if (!mustBeXML && isXMLNS
&& (len > xmlnsLen || uri[len] != xmlnsNamespace[len]))
isXMLNS = XML_FALSE;
+ // NOTE: While Expat does not validate namespace URIs against RFC 3986,
+ // we have to at least make sure that the XML processor on top of
+ // Expat (that is splitting tag names by namespace separator into
+ // 2- or 3-tuples (uri-local or uri-local-prefix)) cannot be confused
+ // by an attacker putting additional namespace separator characters
+ // into namespace declarations. That would be ambiguous and not to
+ // be expected.
+ if (parser->m_ns && (uri[len] == parser->m_namespaceSeparator)) {
+ return XML_ERROR_SYNTAX;
+ }
}
isXML = isXML && len == xmlLen;
isXMLNS = isXMLNS && len == xmlnsLen;

View File

@ -0,0 +1,24 @@
diff -up thunderbird-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25315 thunderbird-91.7.0/parser/expat/lib/xmlparse.c
--- thunderbird-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25315 2022-03-02 18:17:50.966583254 +0100
+++ thunderbird-91.7.0/parser/expat/lib/xmlparse.c 2022-03-02 18:19:27.636924735 +0100
@@ -2479,6 +2479,7 @@ storeRawNames(XML_Parser parser)
while (tag) {
int bufSize;
int nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
+ size_t rawNameLen;
char *rawNameBuf = tag->buf + nameLen;
/* Stop if already stored. Since tagStack is a stack, we can stop
at the first entry that has already been copied; everything
@@ -2490,7 +2491,11 @@ storeRawNames(XML_Parser parser)
/* For re-use purposes we need to ensure that the
size of tag->buf is a multiple of sizeof(XML_Char).
*/
- bufSize = nameLen + ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
+ rawNameLen = ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
+ /* Detect and prevent integer overflow. */
+ if (rawNameLen > (size_t)INT_MAX - nameLen)
+ return XML_FALSE;
+ bufSize = nameLen + (int)rawNameLen;
if (bufSize > tag->bufEnd - tag->buf) {
char *temp = (char *)REALLOC(tag->buf, bufSize);
if (temp == NULL)

View File

@ -1,12 +0,0 @@
diff -up python3/Python-3.6.8/configure.old python3/Python-3.6.8/configure
--- Python-3.6.8/configure.old 2019-10-01 12:56:35.074551835 +0200
+++ Python-3.6.8/configure 2019-10-01 12:56:44.240517798 +0200
@@ -11438,7 +11438,7 @@ for ac_func in alarm accept4 setitimer g
sigaction sigaltstack siginterrupt sigpending sigrelse \
sigtimedwait sigwait sigwaitinfo snprintf strftime strlcpy symlinkat sync \
sysconf tcgetpgrp tcsetpgrp tempnam timegm times tmpfile tmpnam tmpnam_r \
- truncate uname unlinkat unsetenv utimensat utimes waitid waitpid wait3 wait4 \
+ truncate uname unlinkat unsetenv utimes waitid waitpid wait3 wait4 \
wcscoll wcsftime wcsxfrm wmemcmp writev _getpty
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`

View File

@ -19,7 +19,7 @@ function dist_to_rhel_minor(str, start)
end
match = string.match(str, ".el8")
if match then
return 6
return 7
end
return -1
end}
@ -126,9 +126,16 @@ end}
%global official_branding 1
%global build_langpacks 1
# Workaround the dreaded "upstream source file changed content" rpmdiff failure that only secalert can waive.
# If set to .b2 or .b3 ... the processed source file needs to be renamed before upload, e.g.
# thunderbird-91.9.0.b2.processed-source.tar.xz
# When unset use processed source file name as is.
#global buildnum .b2
Summary: Mozilla Thunderbird mail/newsgroup client
Name: thunderbird
Version: 91.4.0
Version: 91.13.0
Release: 1%{?dist}
URL: http://www.mozilla.org/projects/thunderbird/
License: MPLv1.1 or GPLv2+ or LGPLv2+
@ -138,10 +145,14 @@ Group: Applications/Internet
ExcludeArch: %{ix86}
%endif
%if 0%{?rhel} == 8
%if %{rhel_minor_version} == 1
ExcludeArch: %{ix86} aarch64 s390x
%else
ExcludeArch: %{ix86}
%endif
%endif
%if 0%{?rhel} == 7
ExcludeArch: s390 ppc
ExcludeArch: aarch64 s390 ppc
%endif
# We can't use the official tarball as it contains some test files that use
@ -149,9 +160,9 @@ ExcludeArch: s390 ppc
# The official tarball has to be always processed by the process-official-tarball
# script.
# Link to official tarball: https://archive.mozilla.org/pub/thunderbird/releases/%%{version}%%{?pre_version}/source/thunderbird-%%{version}%%{?pre_version}.source.tar.xz
Source0: thunderbird-%{version}%{?pre_version}.processed-source.tar.xz
Source0: thunderbird-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz
%if %{build_langpacks}
Source1: thunderbird-langpacks-%{version}%{?ext_version}-20211201.tar.xz
Source1: thunderbird-langpacks-%{version}%{?ext_version}-20220819.tar.xz
%endif
Source2: cbindgen-vendor.tar.xz
Source3: get-calendar-langpacks.sh
@ -172,7 +183,7 @@ Source402: nspr-4.32.0-1.el8_1.src.rpm
# Build patches
# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1699374
Patch1001: build-ppc64le-inline.patch
Patch1003: python-missing-utimensat.patch
#Patch1003: python-missing-utimensat.patch
Patch1008: build-rhel7-nasm-dwarf.patch
Patch1009: build-debuginfo-fix.patch
# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1699374
@ -199,6 +210,9 @@ Patch512: mozilla-bmo849632.patch
Patch513: mozilla-bmo998749.patch
Patch514: mozilla-s390x-skia-gradient.patch
Patch515: mozilla-bmo1626236.patch
Patch516: expat-CVE-2022-25235.patch
Patch517: expat-CVE-2022-25236.patch
Patch518: expat-CVE-2022-25315.patch
%if %{?system_nss}
%if !0%{?bundle_nss}
@ -425,6 +439,9 @@ echo "use_rustts %{?use_rustts}"
%patch513 -p1 -b .mozilla-bmo998749
%patch514 -p1 -b .mozilla-s390x-skia-gradient
%patch515 -p1 -b .mozilla-bmo1626236
%patch516 -p1 -b .expat-CVE-2022-25235
%patch517 -p1 -b .expat-CVE-2022-25236
%patch518 -p1 -b .expat-CVE-2022-25315
%patch237 -p1 -b .disable-openpgp-in-thunderbird
@ -630,7 +647,7 @@ function build_bundled_package() {
echo $PKG_CONFIG_PATH
rpm -ivh %{SOURCE403}
rpmbuild --nodeps --define '_prefix %{bundled_install_path}' -ba %{_specdir}/nss.spec
rpmbuild --nodeps --define '_prefix %{bundled_install_path}' --without=tests -ba %{_specdir}/nss.spec
pushd %{_buildrootdir}
#cleanup
#rm -rf {_buildrootdir}/usr/lib/debug/*
@ -865,9 +882,9 @@ ls %{_buildrootdir}
export MACH_USE_SYSTEM_PYTHON=1
%if 0%{?use_llvmts}
#scl enable llvm-toolset-%{llvm_version} './mach build -v'
./mach build -v
./mach build -v || exit 1
%else
./mach build -v
./mach build -v || exit 1
%endif
# Look for the reason we get: /usr/lib/rpm/debugedit: canonicalization unexpectedly shrank by one character
readelf -wl objdir/dist/bin/libxul.so | grep "/"
@ -1019,47 +1036,10 @@ rm -rf %{_prefix}/lib/debug/lib64/%{name}-devel-*
#
# See http://www.freedesktop.org/software/appstream/docs/ for more details.
#
%{__mkdir_p} %{buildroot}%{_datadir}/appdata
cat > %{buildroot}%{_datadir}/appdata/%{name}.appdata.xml <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright 2014 Richard Hughes <richard@hughsie.com> -->
<!--
BugReportURL: https://bugzilla.mozilla.org/show_bug.cgi?id=1071065
SentUpstream: 2014-09-22
-->
<application>
<id type="desktop">mozilla-thunderbird.desktop</id>
<metadata_license>CC0-1.0</metadata_license>
<project_license>MPLv1.1 or GPLv2+ or LGPLv2+</project_license>
<description>
<p>
Thunderbird is an email client that allows you to read, write and organise all
of your email messages. It is compatible with most email accounts, including the
most popular webmail services.
</p>
<p>
Thunderbird is designed by Mozilla, a global community working together to make
the Internet better. Mozilla believe that the Internet should be open, public,
and accessible to everyone without any restrictions.
</p>
<ul>
<li>Easier than ever to set up a new e-mail account</li>
<li>Awesome search allows you to find your messages fast</li>
<li>Thousands of add-ons give you the freedom to make Thunderbird your own</li>
</ul>
</description>
<url type="homepage">http://www.mozilla.org/thunderbird/</url>
<screenshots>
<screenshot type="default">https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/mozilla-thunderbird/a.png</screenshot>
</screenshots>
<releases>
<release version="%{version}" date="$(date '+%F')"/>
</releases>
<!-- FIXME: change this to an upstream email address for spec updates
<updatecontact>someone_who_cares@upstream_project.org</updatecontact>
-->
</application>
EOF
# Register as an application to be visible in the software center
mkdir -p $RPM_BUILD_ROOT%{_datadir}/appdata
%{__cp} -p comm/mail/branding/%{name}/net.thunderbird.Thunderbird.appdata.xml $RPM_BUILD_ROOT%{_datadir}/appdata/thunderbird.appdata.xml
#---------------------------------------------------------------------
@ -1151,6 +1131,51 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#===============================================================================
%changelog
* Fri Aug 19 2022 Eike Rathke <erack@redhat.com> - 91.13.0-1
- Update to 91.13.0 build1
* Mon Jul 25 2022 Eike Rathke <erack@redhat.com> - 91.12.0-1
- Update to 91.12.0 build1
* Tue Jun 28 2022 Eike Rathke <erack@redhat.com> - 91.11.0-2
- Update to 91.11.0 build2
* Thu Jun 23 2022 Eike Rathke <erack@redhat.com> - 91.11.0-1
- Update to 91.11.0 build1
* Mon May 30 2022 Eike Rathke <erack@redhat.com> - 91.10.0-1
- Update to 91.10.0 build1
* Mon May 23 2022 Jan Horak <jhorak@redhat.com> - 91.9.1-1
- Update to 91.9.1 build1
* Tue May 03 2022 Eike Rathke <erack@redhat.com> - 91.9.0-3
- Update to 91.9.0 build3
* Mon May 02 2022 Eike Rathke <erack@redhat.com> - 91.9.0-2
- Update to 91.9.0 build2
* Thu Apr 28 2022 Eike Rathke <erack@redhat.com> - 91.9.0-1
- Update to 91.9.0
* Tue Apr 05 2022 Eike Rathke <erack@redhat.com> - 91.8.0-1
- Update to 91.8.0
* Tue Mar 08 2022 Eike Rathke <erack@redhat.com> - 91.7.0-2
- Update to 91.7.0 build2
* Thu Mar 03 2022 Eike Rathke <erack@redhat.com> - 91.7.0-1
- Update to 91.7.0 build1
* Mon Feb 07 2022 Eike Rathke <erack@redhat.com> - 91.6.0-1
- Update to 91.6.0 build1
* Fri Jan 07 2022 Eike Rathke <erack@redhat.com> - 91.5.0-1
- Update to 91.5.0 build1
* Mon Dec 06 2021 Eike Rathke <erack@redhat.com> - 91.4.0-2
- Update to 91.4.0 build2
* Wed Dec 01 2021 Eike Rathke <erack@redhat.com> - 91.4.0-1
- Update to 91.4.0 build1