From 7566054ed91c39ba5b859f6e1d7e2b640faac6b7 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Wed, 12 Feb 2025 10:11:24 +0800 Subject: [PATCH 1/2] [CVE]update to thunderbird-128.7.0-1 to #IBLPIY update to thunderbird-128.7.0-1 for CVE-2025-0510 CVE-2025-1009 CVE-2025-1010 CVE-2025-1011 CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1015 CVE-2025-1016 CVE-2025-1017 Project: TC2024080204 Signed-off-by: Zhao Hang --- build-cargo-lock-version.patch | 11 +++++++ download | 4 +-- ...an8 => thunderbird-redhat-default-prefs.js | 8 ++--- thunderbird.spec | 30 +++++++++---------- 4 files changed, 32 insertions(+), 21 deletions(-) create mode 100644 build-cargo-lock-version.patch rename thunderbird-anolis-default-prefs.js.an8 => thunderbird-redhat-default-prefs.js (87%) diff --git a/build-cargo-lock-version.patch b/build-cargo-lock-version.patch new file mode 100644 index 0000000..a94c27b --- /dev/null +++ b/build-cargo-lock-version.patch @@ -0,0 +1,11 @@ +diff -up thunderbird-128.7.0/comm/rust/Cargo.lock.cargo-lock thunderbird-128.7.0/comm/rust/Cargo.lock +--- thunderbird-128.7.0/comm/rust/Cargo.lock.cargo-lock 2025-02-07 10:14:12.483795636 +0100 ++++ thunderbird-128.7.0/comm/rust/Cargo.lock 2025-02-07 10:14:15.654801697 +0100 +@@ -1,6 +1,6 @@ + # This file is automatically @generated by Cargo. + # It is not intended for manual editing. +-version = 4 ++version = 3 + + [[package]] + name = "aa-stroke" diff --git a/download b/download index b5301d6..608aa1e 100644 --- a/download +++ b/download @@ -1,6 +1,6 @@ fc25f988b87b5187d4e2f006efa699a3 cbindgen-vendor.tar.xz -2df189fcfccf74bfc3cba2fc72125fc5 thunderbird-128.6.0esr.b3.processed-source.tar.xz -2d4caf510047aeeb6a638ceb0a54ccb0 thunderbird-langpacks-128.6.0esr-20250108.tar.xz +3ac75a00bdf176e39095e6dc48247677 thunderbird-128.7.0esr.processed-source.tar.xz +94d16c33f4b6e08e2ce7c1e7b358c80e thunderbird-langpacks-128.7.0esr-20250205.tar.xz 7b35b9a003996b1f1dbc3cd936a609f2 nspr-4.35.0-1.el8_1.src.rpm ab085bce989de91681f48fdd05be4c0f nss-3.101.0-7.el8_2.src.rpm dbf6357877e3e1042de1a95cdfb61507 nss-3.101.0-7.el9_2.src.rpm diff --git a/thunderbird-anolis-default-prefs.js.an8 b/thunderbird-redhat-default-prefs.js similarity index 87% rename from thunderbird-anolis-default-prefs.js.an8 rename to thunderbird-redhat-default-prefs.js index e54f49c..15faa7b 100644 --- a/thunderbird-anolis-default-prefs.js.an8 +++ b/thunderbird-redhat-default-prefs.js @@ -1,15 +1,15 @@ pref("app.update.enabled", false); pref("app.update.autoInstallEnabled", false); -/* Allow users to set custom colors */ -/* pref("browser.display.use_system_colors", true); */ -pref("general.useragent.vendor", "Anolis OS"); +/* Allow users to set custom colors*/ +/* pref("browser.display.use_system_colors", true);*/ +pref("general.useragent.vendor", "Red Hat"); pref("general.useragent.vendorSub", "THUNDERBIRD_RPM_VR"); pref("intl.locale.matchOS", true); pref("mail.shell.checkDefaultClient", false); pref("toolkit.networkmanager.disable", false); pref("offline.autoDetect", true); -/* Disable global indexing by default */ +/* Disable global indexing by default*/ pref("mailnews.database.global.indexer.enabled", false); /* Do not switch to Smart Folders after upgrade to 3.0b4 */ diff --git a/thunderbird.spec b/thunderbird.spec index 78040be..c2253ed 100644 --- a/thunderbird.spec +++ b/thunderbird.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 # Set for local builds only %global disable_toolsets 0 @@ -14,17 +13,17 @@ %{lua: function dist_to_rhel_minor(str, start) - match = string.match(str, ".module%+an8.%d+") + match = string.match(str, ".module%+el8.%d+") if match then return string.sub(match, 13) end - match = string.match(str, ".an8_%d+") + match = string.match(str, ".el8_%d+") if match then return string.sub(match, 6) end - match = string.match(str, ".an8") + match = string.match(str, ".el8") if match then - return 8 + return 10 end match = string.match(str, ".module%+el9.%d+") if match then @@ -128,7 +127,7 @@ end} # If set to .b2 or .b3 ... the processed source file needs to be renamed before upload, e.g. # thunderbird-102.8.0.b2.processed-source.tar.xz # When unset use processed source file name as is. -%global buildnum .b3 +#global buildnum .b3 %bcond_without langpacks @@ -138,8 +137,8 @@ end} Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird -Version: 128.6.0 -Release: 3%{anolis_release}%{?dist} +Version: 128.7.0 +Release: 1%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -158,7 +157,6 @@ ExcludeArch: %{ix86} %endif %endif %endif -ExcludeArch: loongarch64 # We can't use the official tarball as it contains some test files that use # licenses that are rejected by Red Hat Legal. @@ -167,12 +165,12 @@ ExcludeArch: loongarch64 #Source0: https://archive.mozilla.org/pub/thunderbird/releases/%%{version}%%{?pre_version}/source/thunderbird-%%{version}%%{?pre_version}.processed-source.tar.xz Source0: thunderbird-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz %if %{with langpacks} -Source1: thunderbird-langpacks-%{version}%{?pre_version}-20250108.tar.xz +Source1: thunderbird-langpacks-%{version}%{?pre_version}-20250205.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball Source10: thunderbird-mozconfig -Source12: thunderbird-anolis-default-prefs.js.an8 +Source12: thunderbird-redhat-default-prefs.js Source20: thunderbird.desktop Source21: thunderbird.sh.in Source24: mozilla-api-key @@ -202,6 +200,7 @@ Patch11: rust-file-removal.patch Patch12: firefox-system-nss-replace-xyber-with-mlkem.patch # Thunderbird has a copy of third_party/rust/neqo-crypto/ in comm/third_party/rust/neqo-crypto/ Patch13: thunderbird-system-nss-replace-xyber-with-mlkem.patch +Patch14: build-cargo-lock-version.patch # -- Upstreamed patches -- Patch51: mozilla-bmo1170092.patch @@ -333,7 +332,6 @@ BuildRequires: zlib-devel BuildRequires: gcc-toolset-%{gts_version}-runtime BuildRequires: gcc-toolset-%{gts_version}-binutils BuildRequires: gcc-toolset-%{gts_version}-gcc -BuildRequires: gcc-toolset-%{gts_version}-gcc-c++ BuildRequires: gcc-toolset-%{gts_version}-gcc-plugin-annobin # Do not explicitly require gcc-toolset-%%{gts_version}-gcc-g++ instead fail # when clang is upgraded to depend on a later toolset and adjust version. @@ -1074,6 +1072,9 @@ echo "--------------------------------------------" %patch -P12 -p1 -b .firefox-system-nss-replace-xyber-with-mlkem %patch -P13 -p1 -b .thunderbird-system-nss-replace-xyber-with-mlkem %endif +%if 0%{?rhel} == 8 +%patch -P14 -p1 -b .cargo-lock-version +%endif # -- Upstreamed patches -- %patch -P51 -p1 -b .mozilla-bmo1170092 @@ -1653,9 +1654,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #=============================================================================== %changelog -* Tue Jan 14 2025 Liwei Ge - 128.6.0-3.0.1 -- Rebrand to Anolis -- Remove loongarch64 arch(Zhao Hang) +* Wed Feb 05 2025 Jan Horak - 128.7.0-1 +- Update to 128.2.0 build1 * Wed Jan 08 2025 Eike Rathke - 128.6.0-3 - Update to 128.6.0 build3 -- Gitee From 38e832d17e2da8a81b082561fd10d5f775f35818 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Mon, 20 Dec 2021 03:27:54 +0000 Subject: [PATCH 2/2] rebrand: rename js file and update vendor --- ...=> thunderbird-anolis-default-prefs.js.an8 | 8 ++++---- thunderbird.spec | 19 +++++++++++++------ 2 files changed, 17 insertions(+), 10 deletions(-) rename thunderbird-redhat-default-prefs.js => thunderbird-anolis-default-prefs.js.an8 (87%) diff --git a/thunderbird-redhat-default-prefs.js b/thunderbird-anolis-default-prefs.js.an8 similarity index 87% rename from thunderbird-redhat-default-prefs.js rename to thunderbird-anolis-default-prefs.js.an8 index 15faa7b..e54f49c 100644 --- a/thunderbird-redhat-default-prefs.js +++ b/thunderbird-anolis-default-prefs.js.an8 @@ -1,15 +1,15 @@ pref("app.update.enabled", false); pref("app.update.autoInstallEnabled", false); -/* Allow users to set custom colors*/ -/* pref("browser.display.use_system_colors", true);*/ -pref("general.useragent.vendor", "Red Hat"); +/* Allow users to set custom colors */ +/* pref("browser.display.use_system_colors", true); */ +pref("general.useragent.vendor", "Anolis OS"); pref("general.useragent.vendorSub", "THUNDERBIRD_RPM_VR"); pref("intl.locale.matchOS", true); pref("mail.shell.checkDefaultClient", false); pref("toolkit.networkmanager.disable", false); pref("offline.autoDetect", true); -/* Disable global indexing by default*/ +/* Disable global indexing by default */ pref("mailnews.database.global.indexer.enabled", false); /* Do not switch to Smart Folders after upgrade to 3.0b4 */ diff --git a/thunderbird.spec b/thunderbird.spec index c2253ed..3f8da07 100644 --- a/thunderbird.spec +++ b/thunderbird.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # Set for local builds only %global disable_toolsets 0 @@ -13,17 +14,17 @@ %{lua: function dist_to_rhel_minor(str, start) - match = string.match(str, ".module%+el8.%d+") + match = string.match(str, ".module%+an8.%d+") if match then return string.sub(match, 13) end - match = string.match(str, ".el8_%d+") + match = string.match(str, ".an8_%d+") if match then return string.sub(match, 6) end - match = string.match(str, ".el8") + match = string.match(str, ".an8") if match then - return 10 + return 8 end match = string.match(str, ".module%+el9.%d+") if match then @@ -138,7 +139,7 @@ end} Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird Version: 128.7.0 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -157,6 +158,7 @@ ExcludeArch: %{ix86} %endif %endif %endif +ExcludeArch: loongarch64 # We can't use the official tarball as it contains some test files that use # licenses that are rejected by Red Hat Legal. @@ -170,7 +172,7 @@ Source1: thunderbird-langpacks-%{version}%{?pre_version}-20250205.tar.xz Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball Source10: thunderbird-mozconfig -Source12: thunderbird-redhat-default-prefs.js +Source12: thunderbird-anolis-default-prefs.js.an8 Source20: thunderbird.desktop Source21: thunderbird.sh.in Source24: mozilla-api-key @@ -332,6 +334,7 @@ BuildRequires: zlib-devel BuildRequires: gcc-toolset-%{gts_version}-runtime BuildRequires: gcc-toolset-%{gts_version}-binutils BuildRequires: gcc-toolset-%{gts_version}-gcc +BuildRequires: gcc-toolset-%{gts_version}-gcc-c++ BuildRequires: gcc-toolset-%{gts_version}-gcc-plugin-annobin # Do not explicitly require gcc-toolset-%%{gts_version}-gcc-g++ instead fail # when clang is upgraded to depend on a later toolset and adjust version. @@ -1654,6 +1657,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #=============================================================================== %changelog +* Wed Feb 12 2025 Liwei Ge - 128.7.0-1.0.1 +- Rebrand to Anolis +- Remove loongarch64 arch(Zhao Hang) + * Wed Feb 05 2025 Jan Horak - 128.7.0-1 - Update to 128.2.0 build1 -- Gitee