From: Raspbian automatic forward porter Date: Fri, 18 Dec 2020 10:01:37 +0000 (+0000) Subject: Merge version 1:78.5.1-1~deb10u1+rpi1 and 1:78.6.0-1~deb10u1 to produce 1:78.6.0... X-Git-Tag: archive/raspbian/1%78.6.0-1_deb10u1+rpi1^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9bbd50d8c623fd97a2c63d8258b9dfc11138a6ab;p=thunderbird.git Merge version 1:78.5.1-1~deb10u1+rpi1 and 1:78.6.0-1~deb10u1 to produce 1:78.6.0-1~deb10u1+rpi1 --- 9bbd50d8c623fd97a2c63d8258b9dfc11138a6ab diff --cc debian/changelog index f950ef1b0c,f4cba8f08a..111fc7f3f8 --- a/debian/changelog +++ b/debian/changelog @@@ -1,30 -1,34 +1,62 @@@ - thunderbird (1:78.5.1-1~deb10u1+rpi1) buster-staging; urgency=medium ++thunderbird (1:78.6.0-1~deb10u1+rpi1) buster-staging; urgency=medium + + [changes brought over from firefox-esr 60.3.0esr-1+rpi1 by Peter Michael Green at Wed, 05 Dec 2018 06:56:52 +0000] + * Hack broken rust target selection so it produces the right target + on raspbian. + * Fix clean target. + + [changes introduced in 60.4.0-1+rpi1 by Peter Michael Green] + * Further fixes to clean target (still not completely fixed :( ). + + [changes introduced in 1:68.5.0-1~deb10u1+rpi1 by Peter Michael Green] + * Disable neon (patches taken from firefox-esr package) + * Build in a chroot with arm64 binutils-arm-linux-gnueabihf + + [changes brought forward from 1:68.5.0-1~deb10u1+rpi2 by Peter Michael Green at Sun, 15 Mar 2020 16:27:21 +0000] + * Actually build the binary packages on armhf. + * Yet more clean target fixing. + + [changes brought over from firefox-esr 78.3.0esr-2+rpi1 by Peter Michael Green] + * Clean up pycache directories. + * Disable neon in qcms. + + [changes introduced in 1:78.4.0-1~deb10u1+rpi1 by Peter Michael Green] + * Add export NSS_DISABLE_ARM32_NEON=1 to hopefully disable neon in nss. + * Adding the define in debian/rules didn't seem to work, try to patch out neon in nss instead + - -- Raspbian forward porter Thu, 10 Dec 2020 01:13:44 +0000 ++ -- Raspbian forward porter Fri, 18 Dec 2020 10:01:35 +0000 ++ + thunderbird (1:78.6.0-1~deb10u1) stable-security; urgency=medium + + * Rebuild for buster-security + + -- Carsten Schoenert Wed, 16 Dec 2020 08:37:39 +0100 + + thunderbird (1:78.6.0-1) unstable; urgency=medium + + * [1410f1e] d/watch: update to version 4 + * [a8303b7] d/rules: use python3 explicitly while calling mach + * [f3f535e] New upstream version 78.6.0 + Fixed CVE issues in upstream version 78.6 (MFSA 2020-56): + CVE-2020-16042: Operations on a BigInt could have caused uninitialized + memory to be exposed + CVE-2020-26971: Heap buffer overflow in WebGL + CVE-2020-26973: CSS Sanitizer performed incorrect sanitization + CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap + use-after-free + CVE-2020-26978: Internal network hosts could have been probed by a + malicious webpage + CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs + CVE-2020-35112: Opening an extension-less download may have inadvertently + launched an executable instead + CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6 + (Closes: #972072, #973697) + * [16a7ab7] /u/l/thunderbird: Correct escape sequencing for gdb calling + We need to do a better escaping of values of the '-ex' option otherwise + the shell is refusing the concatenated string we want to use as call. + (Closes: #976979) + + -- Carsten Schoenert Tue, 15 Dec 2020 10:12:34 +0100 thunderbird (1:78.5.1-1~deb10u1) stable-security; urgency=medium