From: Peter Michael Green <plugwash@raspbian.org>
Date: Thu, 11 Aug 2022 12:18:12 +0000 (+0000)
Subject: Manual merge of version 1:91.10.0-1+rpi1 and 1:102.1.1-1 to produce 1:102.1.1-1+rpi1
X-Git-Tag: archive/raspbian/1%102.1.1-1+rpi1~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1ac4322b4654248081d3ea1bac1b28ee0b0b60a2;p=thunderbird.git

Manual merge of version 1:91.10.0-1+rpi1 and 1:102.1.1-1 to produce 1:102.1.1-1+rpi1
---

1ac4322b4654248081d3ea1bac1b28ee0b0b60a2
diff --cc debian/changelog
index 475017e216,3764bda114..88fe749f17
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,42 -1,122 +1,162 @@@
- thunderbird (1:91.10.0-1+rpi1) bookworm-staging; urgency=medium
++thunderbird (1:102.1.1-1+rpi1) bookworm-staging; urgency=medium
 +
 +  [changes brought over from firefox-esr 60.3.0esr-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 05 Dec 2018 06:56:52 +0000]
 +  * Hack broken rust target selection so it produces the right target
 +    on raspbian.
 +  * Fix clean target.
 +
 +  [changes introduced in 60.4.0-1+rpi1 by Peter Michael Green]
 +  * Further fixes to clean target (still not completely fixed :( ).
 +
 +  [changes introduced in 1:68.5.0-1~deb10u1+rpi1 by Peter Michael Green]
 +  * Disable neon (patches taken from firefox-esr package)
 +  * Build in a chroot with arm64 binutils-arm-linux-gnueabihf
 +
 +  [changes brought forward from 1:68.5.0-1~deb10u1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Sun, 15 Mar 2020 16:27:21 +0000]
 +  * Actually build the binary packages on armhf.
 +  * Yet more clean target fixing.
 +
 +  [changes brought over from firefox-esr 78.3.0esr-2+rpi1 by Peter Michael Green]
 +  * Clean up pycache directories.
 +  * Disable neon in qcms.
 +
 +  [changes introduced in 1:78.4.0-1~deb10u1+rpi1 by Peter Michael Green]
 +  * Add export NSS_DISABLE_ARM32_NEON=1 to hopefully disable neon in nss.
 +  * Adding the define in debian/rules didn't seem to work, try to patch out neon in nss instead
 +
 +  [changes brought forward from 1:78.5.1-1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Tue, 15 Dec 2020 00:33:33 +0000]
 +  * Actually build thunderbird binary on armhf
 +    (changelog says this was already done, but it got lost somewhere
 +    along the way).
 +
 +  [changes introduced in 1:91.3.2-1+rpi1 by Peter Michael Green]
 +  * Use a #define instead of a typedef for double_t in fdlibm to prevent conflicting
 +    definitions error.
 +
 +  [changes introduced in 1:91.5.1-1+rpi1 by Peter Micheal Green]
 +  * Further hacks to rust target selection.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Sun, 12 Jun 2022 22:48:42 +0000
++ -- Peter Michael Green <plugwash@raspbian.org>  Thu, 11 Aug 2022 12:17:15 +0000
++
+ thunderbird (1:102.1.1-1) unstable; urgency=medium
+ 
+   * [2c1b12f] d/create-upstream-tarballs.py: Adding new helper script
+   * [a9633b9] d/README.source: Update information on importing data
+   * [1d2cdc0] d/source.filter: Relax filter rule for old-configure
+   * [f1afe9b] d/repack.py: Don't exit(1) if unused filter items exist
+   * [165593a] d/create-thunderbird-l10n-tarball.sh: Drop old helper
+   * [b4d73ee] d/gbp.conf: Drop 'import-orig' section
+   * [d186832] d/source.filter: Add files named *.orig and *.rej
+   * [933b099] New upstream version 102.1.1
+     (Closes: #1014675:)
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Sat, 06 Aug 2022 11:26:44 +0200
+ 
+ thunderbird (1:102.1.0-1) unstable; urgency=medium
+ 
+   * [3b7bb0d] New upstream version 102.1.0
+     Fixed CVE issues in upstream version 102.1 (MFSA 2022-32):
+     CVE-2022-36319: Mouse Position spoofing with CSS transforms
+     CVE-2022-36318: Directory indexes for bundled resources reflected URL
+                     parameters
+     CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1
+     (Closes: #1016083, #1014745, #1014675, #1014638)
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Fri, 29 Jul 2022 17:00:53 +0200
+ 
+ thunderbird (1:102.0.2-1) unstable; urgency=medium
+ 
+   * [079e135] d/repack.py: Small rework and adjustments
+   * [fc2518e] d/control: Readjust Vcs links to unstable
+   * [a7b09b3] d/gbp.conf: Sign tags automatically
+   * [faf115d] New upstream version 102.0.2
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Tue, 12 Jul 2022 18:41:04 +0200
+ 
+ thunderbird (1:102.0.1-1) unstable; urgency=medium
+ 
+   * [68c9410] d/gbp.conf: Adjust upstream branch to new ESR cycle
+   * [45eca79] New upstream version 102.0.1
+     Fixed CVE issues in upstream version 102.0 (MFSA 2022-26):
+     CVE-2022-34479: A popup window could be resized in a way to overlay the
+                     address bar with web content
+     CVE-2022-34470: Use-after-free in nsSHistory
+     CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
+                     via retargeted javascript: URI
+     CVE-2022-2226: An email with a mismatching OpenPGP signature date was
+                    accepted as valid
+     CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
+     CVE-2022-31744: CSP bypass enabling stylesheet injection
+     CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
+                     blocked
+     CVE-2022-2200: Undesired attributes could be set as part of prototype
+                    pollution
+     CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and
+                     Thunderbird 102
+   * [1842425] d/watch: Look now for versions starting with 3 digits
+   * [0a32bb3] d/control: Add package thunderbird-l10n-es-mx
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Fri, 08 Jul 2022 17:47:21 +0200
+ 
+ thunderbird (1:102.0~b7-1) experimental; urgency=medium
+ 
+   * [edf32aa] New upstream version 102.0~b7
+   * [c9dd3e0] d/control: Remove not required B-D
+   * [ac2ec70] d/mozconfig.default: Remove commented out options
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Tue, 21 Jun 2022 19:06:58 +0200
+ 
+ thunderbird (1:102.0~b4-1) experimental; urgency=medium
+ 
+   * [8f34a01] d/source.filter: Small updates to filtering list
+   * [e1d4c7c] New upstream version 102.0~b4
+   * [c97416b] Rebuild patch-queue from patch queue branch
+     Removed patch (needs update):
+     fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch
+     Removed patch (fixed upstream):
+     porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch
+   * [68712eb] d/mozconfig.default: Disable wasm sandboxing
+   * [a1df764] d/mozconfig.default: Remove openpgp option
+     Supporting OpenPGP functionality is now set on by default.
+   * [607c321] d/mozconfig.default: Add/Update some configure options
+   * [efc728e] d/rules: Add new needed variable MOZBUILD_STATE_PATH
+   * [7b0d743] d/rules: Ensure python is used from the environment
+   * [26053f1] Build against system librnp library
+     Unfortunately using librnp-dev requires the usage of the internal
+     versions of botan, bz2 and jsonc.
+     (Closes: #998848)
+   * [5e904d8] d/control: Bump various build dependencies
+   * [94ee0da] d/thunderbird.docs: Update content to install
+   * [477f949] d/control: Increase Standards-Version to 4.6.1
+     No further changes needed.
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Wed, 15 Jun 2022 16:47:29 +0200
+ 
+ thunderbird (1:91.11.0-1) unstable; urgency=medium
+ 
+   * [05a947d] New upstream version 91.11.0
+     Fixed CVE issues in upstream version 91.11 (MFSA 2022-26):
+     CVE-2022-34479: A popup window could be resized in a way to overlay the
+                     address bar with web content
+     CVE-2022-34470: Use-after-free in nsSHistory
+     CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
+                     via retargeted javascript: URI
+     CVE-2022-2226: An email with a mismatching OpenPGP signature date was
+                    accepted as valid
+     CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
+     CVE-2022-31744: CSP bypass enabling stylesheet injection
+     CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
+                     blocked
+     CVE-2022-2200: Undesired attributes could be set as part of prototype
+                    pollution
+     CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and
+                     Thunderbird 102
+     (Closes: #1014004)
+   * [4c4944d] Rebuild patch queue from patch-queue branch
+     Added patch:
+     fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Fri, 01 Jul 2022 20:12:40 +0200
  
  thunderbird (1:91.10.0-1) unstable; urgency=medium
  
diff --cc debian/patches/series
index d1e0c5a231,4f657f567d..964e3b0ab0
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -27,12 -27,4 +27,11 @@@ porting-ppc64el/work-around-a-build-fai
  debian-hacks/Make-Thunderbird-build-reproducible.patch
  debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch
  debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch
- fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch
+ fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch
 +raspbian-rust-triplet-hack.patch
 +try-to-disable-neon.patch
 +try-harder-to-disable-neon.patch
 +disable-neon-in-qcms.patch
 +patch-out-neon-in-freebl.patch
 +use-a-define-instead-of-a-typedef-for-do.patch
 +further-raspbian-hacks-to-rust-target-se.patch
diff --cc debian/rules
index c2f9b07715,64ee1caa04..c5924a1c4c
--- a/debian/rules
+++ b/debian/rules
@@@ -76,9 -76,9 +76,11 @@@ export DEB_BUILD_OPTION
  export SHELL=/bin/bash
  # Work around https://github.com/rust-lang/cargo/issues/7147
  export CARGO_HOME=$(CURDIR)/debian/.cargo
+ export MOZBUILD_STATE_PATH = $(CURDIR)/debian/.mozbuild
+ export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
  
 +export NSS_DISABLE_ARM32_NEON=1
 +
  %:
  	dh $@
  
@@@ -92,16 -92,8 +94,17 @@@ override_dh_auto_clean
  	rm -f configure old-configure js/src/configure js/src/old-configure mozconfig.*
  	# needed for thunderbird-l10n
  	rm -rf $(THUNDERBIRD_L10N_BUILDDIR)
 +	rm -rf third_party/python/psutil/tmp/
 +	rm -f third_party/python/psutil/psutil/*.so
 +	rm -rf third_party/python/psutil/build/temp*
 +	rm -rf third_party/python/psutil/build/lib*
 +	find . -name '*.pyc' -delete
 +	rm -f mozconfig.*
  	rm -rf $(CARGO_HOME)
 +	rm -rf debian/thunderbird-l10n-uz debian/thunderbird-l10n-cak debian/thunderbird-l10n-ka
 +	rm -f config/external/icu/data/icudt64l.dat
 +	find . -name __pycache__ -delete
+ 	rm -rf $(MOZBUILD_STATE_PATH)
  
  override_dh_auto_configure:
  	# run autoconf for all configure files
diff --cc gfx/qcms/src/transform.rs
index 6f1938ead6,4b6dffd38d..e744a0c5c4
--- a/gfx/qcms/src/transform.rs
+++ b/gfx/qcms/src/transform.rs
@@@ -21,7 -20,8 +20,8 @@@
  // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  
+ #![allow(clippy::missing_safety_doc)]
 -#[cfg(all(any(target_arch = "arm", target_arch = "aarch64"), feature = "neon"))]
 +/*#[cfg(all(any(target_arch = "arm", target_arch = "aarch64"), feature = "neon"))]
  use crate::transform_neon::{
      qcms_transform_data_bgra_out_lut_neon, qcms_transform_data_rgb_out_lut_neon,
      qcms_transform_data_rgba_out_lut_neon,
diff --cc third_party/rust/nss_build_common/.cargo-checksum.json
index 11e5f16037,5807703dce..6614fc4d73
--- a/third_party/rust/nss_build_common/.cargo-checksum.json
+++ b/third_party/rust/nss_build_common/.cargo-checksum.json
@@@ -1,1 -1,1 +1,1 @@@
- {"files":{"Cargo.toml":"4f1d37d926e853eb9f3d8074b45c00a317e2b4aafbc339a471430d28526716e9","src/lib.rs":"e66390f87683fccc863a5c847000efbe86ac27161f5e3574ba354302267f288c"},"package":null}
 -{"files":{"Cargo.toml":"4f1d37d926e853eb9f3d8074b45c00a317e2b4aafbc339a471430d28526716e9","src/lib.rs":"1cbfa62f63ce62078b51105c28bd4783c0045a4059175a1644ac0cc79837bf00"},"package":null}
++{"files":{"Cargo.toml":"4f1d37d926e853eb9f3d8074b45c00a317e2b4aafbc339a471430d28526716e9","src/lib.rs":"e1b529d6facc6f16a234a81d4b39904002ee023539a73bd29fae75e9a433fef3"},"package":null}