From 640bbbb11e17d6b7269297e87dee0759c3f0682e Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Fri, 9 May 2025 10:35:42 +0800 Subject: [PATCH 1/2] [CVE]update to thunderbird-128.9.2-1 to #IC6HB5 update to thunderbird-128.9.2-1 for CVE-2025-2830 CVE-2025-3522 CVE-2025-3523 Project: TC2024080204 Signed-off-by: Jacob Wang --- download | 4 +-- ...an8 => thunderbird-redhat-default-prefs.js | 8 ++--- thunderbird.spec | 31 +++++++++---------- 3 files changed, 20 insertions(+), 23 deletions(-) rename thunderbird-anolis-default-prefs.js.an8 => thunderbird-redhat-default-prefs.js (87%) diff --git a/download b/download index 8ad797e..4754398 100644 --- a/download +++ b/download @@ -1,6 +1,6 @@ fc25f988b87b5187d4e2f006efa699a3 cbindgen-vendor.tar.xz -7b8ae91158679800119a580b59511ef8 thunderbird-128.9.0esr.b3.processed-source.tar.xz -b9e16b1d3419e8a2017c1ede161d1c2a thunderbird-langpacks-128.9.0esr-20250331.tar.xz +43dcd3b04af5c1b5a2b1c9c66dd4ef01 thunderbird-128.9.2esr.processed-source.tar.xz +bade0f1e5be0c8e869050f05557e6fec thunderbird-langpacks-128.9.2esr-20250416.tar.xz 7b35b9a003996b1f1dbc3cd936a609f2 nspr-4.35.0-1.el8_1.src.rpm ab085bce989de91681f48fdd05be4c0f nss-3.101.0-7.el8_2.src.rpm dbf6357877e3e1042de1a95cdfb61507 nss-3.101.0-7.el9_2.src.rpm diff --git a/thunderbird-anolis-default-prefs.js.an8 b/thunderbird-redhat-default-prefs.js similarity index 87% rename from thunderbird-anolis-default-prefs.js.an8 rename to thunderbird-redhat-default-prefs.js index e54f49c..15faa7b 100644 --- a/thunderbird-anolis-default-prefs.js.an8 +++ b/thunderbird-redhat-default-prefs.js @@ -1,15 +1,15 @@ pref("app.update.enabled", false); pref("app.update.autoInstallEnabled", false); -/* Allow users to set custom colors */ -/* pref("browser.display.use_system_colors", true); */ -pref("general.useragent.vendor", "Anolis OS"); +/* Allow users to set custom colors*/ +/* pref("browser.display.use_system_colors", true);*/ +pref("general.useragent.vendor", "Red Hat"); pref("general.useragent.vendorSub", "THUNDERBIRD_RPM_VR"); pref("intl.locale.matchOS", true); pref("mail.shell.checkDefaultClient", false); pref("toolkit.networkmanager.disable", false); pref("offline.autoDetect", true); -/* Disable global indexing by default */ +/* Disable global indexing by default*/ pref("mailnews.database.global.indexer.enabled", false); /* Do not switch to Smart Folders after upgrade to 3.0b4 */ diff --git a/thunderbird.spec b/thunderbird.spec index a29a3b3..650ebe8 100644 --- a/thunderbird.spec +++ b/thunderbird.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 # Set for local builds only %global disable_toolsets 0 @@ -14,17 +13,17 @@ %{lua: function dist_to_rhel_minor(str, start) - match = string.match(str, ".module%+an8.%d+") + match = string.match(str, ".module%+el8.%d+") if match then return string.sub(match, 13) end - match = string.match(str, ".an8_%d+") + match = string.match(str, ".el8_%d+") if match then return string.sub(match, 6) end - match = string.match(str, ".an8") + match = string.match(str, ".el8") if match then - return 8 + return 10 end match = string.match(str, ".module%+el9.%d+") if match then @@ -89,7 +88,7 @@ end} %if 0%{?rhel} > 7 && 0%{?rhel} < 10 %global use_gcc_ts 1 - %if 0%{?rhel} == 9 && %{rhel_minor_version} >= 6 + %if (0%{?rhel} == 9 && %{rhel_minor_version} >= 6) || (0%{?rhel} == 8 && %{rhel_minor_version} >= 10) # clang depends on gcc-toolset-14-gcc-c++ %global gts_version 14 %else @@ -128,7 +127,7 @@ end} # If set to .b2 or .b3 ... the processed source file needs to be renamed before upload, e.g. # thunderbird-102.8.0.b2.processed-source.tar.xz # When unset use processed source file name as is. -%global buildnum .b3 +#%%global buildnum .b2 %bcond_without langpacks @@ -138,8 +137,8 @@ end} Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird -Version: 128.9.0 -Release: 2%{anolis_release}%{?dist} +Version: 128.9.2 +Release: 1%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -158,7 +157,6 @@ ExcludeArch: %{ix86} %endif %endif %endif -ExcludeArch: loongarch64 # We can't use the official tarball as it contains some test files that use # licenses that are rejected by Red Hat Legal. @@ -167,12 +165,12 @@ ExcludeArch: loongarch64 #Source0: https://archive.mozilla.org/pub/thunderbird/releases/%%{version}%%{?pre_version}/source/thunderbird-%%{version}%%{?pre_version}.processed-source.tar.xz Source0: thunderbird-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz %if %{with langpacks} -Source1: thunderbird-langpacks-%{version}%{?pre_version}-20250331.tar.xz +Source1: thunderbird-langpacks-%{version}%{?pre_version}-20250416.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball Source10: thunderbird-mozconfig -Source12: thunderbird-anolis-default-prefs.js.an8 +Source12: thunderbird-redhat-default-prefs.js Source20: thunderbird.desktop Source21: thunderbird.sh.in Source24: mozilla-api-key @@ -334,10 +332,10 @@ BuildRequires: zlib-devel BuildRequires: gcc-toolset-%{gts_version}-runtime BuildRequires: gcc-toolset-%{gts_version}-binutils BuildRequires: gcc-toolset-%{gts_version}-gcc -BuildRequires: gcc-toolset-%{gts_version}-gcc-c++ BuildRequires: gcc-toolset-%{gts_version}-gcc-plugin-annobin -# Do not explicitly require gcc-toolset-%%{gts_version}-gcc-g++ instead fail +# Do not explicitly require gcc-toolset-%%{gts_version}-gcc-c++ instead fail # when clang is upgraded to depend on a later toolset and adjust version. +# ERROR: The target C compiler is version 13.3.1, while the target C++ compiler is version 8.5.0. Need to use the same compiler version. %endif %if %{?use_openssl_for_librnp} @@ -1663,9 +1661,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #=============================================================================== %changelog -* Fri Apr 25 2025 Liwei Ge - 128.9.0-2.0.1 -- Rebrand to Anolis -- Remove loongarch64 arch(Zhao Hang) +* Wed Apr 16 2025 Eike Rathke - 128.9.2-1 +- Update to 128.9.2 * Mon Mar 31 2025 Eike Rathke - 128.9.0-2 - Update to 128.9.0 build3 -- Gitee From 84ca21a80fb3308e012ef4815b7ad8dfa5b857a6 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Mon, 20 Dec 2021 03:27:54 +0000 Subject: [PATCH 2/2] rebrand: rename js file and update vendor --- ...=> thunderbird-anolis-default-prefs.js.an8 | 8 ++++---- thunderbird.spec | 19 +++++++++++++------ 2 files changed, 17 insertions(+), 10 deletions(-) rename thunderbird-redhat-default-prefs.js => thunderbird-anolis-default-prefs.js.an8 (87%) diff --git a/thunderbird-redhat-default-prefs.js b/thunderbird-anolis-default-prefs.js.an8 similarity index 87% rename from thunderbird-redhat-default-prefs.js rename to thunderbird-anolis-default-prefs.js.an8 index 15faa7b..e54f49c 100644 --- a/thunderbird-redhat-default-prefs.js +++ b/thunderbird-anolis-default-prefs.js.an8 @@ -1,15 +1,15 @@ pref("app.update.enabled", false); pref("app.update.autoInstallEnabled", false); -/* Allow users to set custom colors*/ -/* pref("browser.display.use_system_colors", true);*/ -pref("general.useragent.vendor", "Red Hat"); +/* Allow users to set custom colors */ +/* pref("browser.display.use_system_colors", true); */ +pref("general.useragent.vendor", "Anolis OS"); pref("general.useragent.vendorSub", "THUNDERBIRD_RPM_VR"); pref("intl.locale.matchOS", true); pref("mail.shell.checkDefaultClient", false); pref("toolkit.networkmanager.disable", false); pref("offline.autoDetect", true); -/* Disable global indexing by default*/ +/* Disable global indexing by default */ pref("mailnews.database.global.indexer.enabled", false); /* Do not switch to Smart Folders after upgrade to 3.0b4 */ diff --git a/thunderbird.spec b/thunderbird.spec index 650ebe8..be7aa33 100644 --- a/thunderbird.spec +++ b/thunderbird.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # Set for local builds only %global disable_toolsets 0 @@ -13,17 +14,17 @@ %{lua: function dist_to_rhel_minor(str, start) - match = string.match(str, ".module%+el8.%d+") + match = string.match(str, ".module%+an8.%d+") if match then return string.sub(match, 13) end - match = string.match(str, ".el8_%d+") + match = string.match(str, ".an8_%d+") if match then return string.sub(match, 6) end - match = string.match(str, ".el8") + match = string.match(str, ".an8") if match then - return 10 + return 8 end match = string.match(str, ".module%+el9.%d+") if match then @@ -138,7 +139,7 @@ end} Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird Version: 128.9.2 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -157,6 +158,7 @@ ExcludeArch: %{ix86} %endif %endif %endif +ExcludeArch: loongarch64 # We can't use the official tarball as it contains some test files that use # licenses that are rejected by Red Hat Legal. @@ -170,7 +172,7 @@ Source1: thunderbird-langpacks-%{version}%{?pre_version}-20250416.tar.xz Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball Source10: thunderbird-mozconfig -Source12: thunderbird-redhat-default-prefs.js +Source12: thunderbird-anolis-default-prefs.js.an8 Source20: thunderbird.desktop Source21: thunderbird.sh.in Source24: mozilla-api-key @@ -332,6 +334,7 @@ BuildRequires: zlib-devel BuildRequires: gcc-toolset-%{gts_version}-runtime BuildRequires: gcc-toolset-%{gts_version}-binutils BuildRequires: gcc-toolset-%{gts_version}-gcc +BuildRequires: gcc-toolset-%{gts_version}-gcc-c++ BuildRequires: gcc-toolset-%{gts_version}-gcc-plugin-annobin # Do not explicitly require gcc-toolset-%%{gts_version}-gcc-c++ instead fail # when clang is upgraded to depend on a later toolset and adjust version. @@ -1661,6 +1664,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #=============================================================================== %changelog +* Fri May 09 2025 Liwei Ge - 128.9.2-1.0.1 +- Rebrand to Anolis +- Remove loongarch64 arch(Zhao Hang) + * Wed Apr 16 2025 Eike Rathke - 128.9.2-1 - Update to 128.9.2 -- Gitee