diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/D158770.diff b/SOURCES/D158770.diff new file mode 100644 index 0000000..1d76995 --- /dev/null +++ b/SOURCES/D158770.diff @@ -0,0 +1,25 @@ +diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c +--- a/parser/expat/lib/xmlparse.c ++++ b/parser/expat/lib/xmlparse.c +@@ -5652,12 +5652,18 @@ + else + #endif /* XML_DTD */ + { + processor = contentProcessor; + /* see externalEntityContentProcessor vs contentProcessor */ +- return doContent(parser, parentParser ? 1 : 0, encoding, s, end, +- nextPtr, (XML_Bool)!ps_finalBuffer); ++ result = doContent(parser, parser->m_parentParser ? 1 : 0, ++ parser->m_encoding, s, end, nextPtr, ++ (XML_Bool)! parser->m_parsingStatus.finalBuffer); ++ if (result == XML_ERROR_NONE) { ++ if (! storeRawNames(parser)) ++ return XML_ERROR_NO_MEMORY; ++ } ++ return result; + } + } + + static enum XML_Error PTRCALL + errorProcessor(XML_Parser parser, + diff --git a/SPECS/thunderbird.spec b/SPECS/thunderbird.spec index 0930a44..2383bb9 100644 --- a/SPECS/thunderbird.spec +++ b/SPECS/thunderbird.spec @@ -159,7 +159,7 @@ end} Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird Version: 102.3.0 -Release: 3%{?dist} +Release: 4%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -237,6 +237,7 @@ Patch421: mozilla-s390-context.patch Patch422: mozilla-s390x-skia-gradient.patch Patch423: one_swizzle_to_rule_them_all.patch Patch424: svg-rendering.patch +Patch425: D158770.diff # PGO/LTO patches Patch600: pgo.patch @@ -447,52 +448,76 @@ BuildRequires: gcc-toolset-12-annobin-plugin-gcc %endif %endif + # Bundled libraries Provides: bundled(angle) +Provides: bundled(audioipc-2) +Provides: bundled(brotli) +Provides: bundled(bzip2) Provides: bundled(cairo) +Provides: bundled(cfworker) +Provides: bundled(d3.js) +Provides: bundled(double-conversion) +Provides: bundled(expat) +Provides: bundled(fdlibm) +Provides: bundled(ffvpx) +Provides: bundled(freetype2) Provides: bundled(graphite2) Provides: bundled(harfbuzz) -Provides: bundled(ots) -Provides: bundled(sfntly) -Provides: bundled(skia) -Provides: bundled(thebes) -Provides: bundled(WebRender) -Provides: bundled(audioipc-2) -Provides: bundled(ffvpx) +Provides: bundled(highway) +Provides: bundled(intgemm) +Provides: bundled(json-c) Provides: bundled(kissfft) Provides: bundled(libaom) Provides: bundled(libcubeb) Provides: bundled(libdav1d) +Provides: bundled(libgcrypt) +Provides: bundled(libgpg-error) Provides: bundled(libjpeg) +Provides: bundled(libjxl) +Provides: bundled(libjxl) +Provides: bundled(libmar) Provides: bundled(libmkv) Provides: bundled(libnestegg) Provides: bundled(libogg) Provides: bundled(libopus) +Provides: bundled(libotr) Provides: bundled(libpng) +Provides: bundled(libprio) Provides: bundled(libsoundtouch) Provides: bundled(libspeex_resampler) +Provides: bundled(libsrtp) Provides: bundled(libtheora) Provides: bundled(libtremor) Provides: bundled(libvorbis) Provides: bundled(libvpx) Provides: bundled(libwebp) +Provides: bundled(libwebrtc) Provides: bundled(libyuv) Provides: bundled(mp4parse-rust) +Provides: bundled(mp4parse-rust) +Provides: bundled(msgpack-c) +Provides: bundled(msgpack-c) Provides: bundled(mtransport) +Provides: bundled(niwcompat) Provides: bundled(openmax_dl) -Provides: bundled(double-conversion) -Provides: bundled(brotli) -Provides: bundled(fdlibm) -Provides: bundled(freetype2) -Provides: bundled(libmar) +Provides: bundled(openmax_il) +Provides: bundled(openmax_il) +Provides: bundled(ots) +Provides: bundled(qcms) +Provides: bundled(rlbox_sandboxing_api) +Provides: bundled(rnp) +Provides: bundled(sfntly) +Provides: bundled(sipcc) +Provides: bundled(skia) +Provides: bundled(sqlite3) +Provides: bundled(thebes) +Provides: bundled(wasm2c) +Provides: bundled(WebRender) Provides: bundled(woff2) Provides: bundled(xz-embedded) +Provides: bundled(ycbcr) Provides: bundled(zlib) -Provides: bundled(expat) -Provides: bundled(msgpack-c) -Provides: bundled(libprio) -Provides: bundled(rlbox_sandboxing_api) -Provides: bundled(sqlite3) %if 0%{?bundle_nss} Provides: bundled(nss) = 3.79.0 @@ -577,6 +602,7 @@ echo "use_rustts %{?use_rustts}" %patch422 -p1 -b .mozilla-s390x-skia-gradient %patch423 -p1 -b .one_swizzle_to_rule_them_all %patch424 -p1 -b .svg-rendering +%patch425 -p1 -b .D158770.diff # PGO patches %if %{build_with_pgo} @@ -1198,8 +1224,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #=============================================================================== %changelog -* Mon Sep 26 2022 CentOS Sources - 102.3.0-3.el8.centos -- Apply debranding changes +* Wed Oct 12 2022 Jan Horak - 102.3.0-4 +- Fix for expat CVE-2022-40674 * Fri Sep 16 2022 Jan Horak - 102.3.0-3 - Update to 102.3.0 build1