From: Peter Michael Green <plugwash@raspbian.org>
Date: Tue, 17 Sep 2019 02:48:50 +0000 (+0000)
Subject: Manual merge of version 1:60.8.0-1~deb10u1+rpi1 and 1:60.9.0-1~deb10u1 to produce... 
X-Git-Tag: archive/raspbian/1%60.9.0-1_deb10u1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=cfd7a30e6e81b4719b349c2b236d6ce8f5e7c2d4;p=thunderbird.git

Manual merge of version 1:60.8.0-1~deb10u1+rpi1 and 1:60.9.0-1~deb10u1 to produce 1:60.9.0-1~deb10u1+rpi1
---

cfd7a30e6e81b4719b349c2b236d6ce8f5e7c2d4
diff --cc debian/changelog
index 0950c55e39,127e211144..d240ce0c66
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,32 +1,45 @@@
- thunderbird (1:60.8.0-1~deb10u1+rpi1) buster-staging; urgency=medium
++thunderbird (1:60.9.0-1~deb10u1+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought over from firefox-esr 60.3.0esr-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 05 Dec 2018 06:56:52 +0000]
 +  * Hack broken rust target selection so it produces the right target
 +    on raspbian.
 +  * Fix clean target.
 +
 +  [changes introduced in 60.4.0-1+rpi1 by Peter Michael Green]
 +  * Further fixes to clean target (still not completely fixed :( ).
 +  * Add build-depends on clang-6.0 (to match libclang-6.0-dev)
 +
-  -- Raspbian forward porter <root@raspbian.org>  Wed, 17 Jul 2019 23:06:09 +0000
++ -- Peter Michael Green <plugwash@raspbian.org>  Tue, 17 Sep 2019 02:46:55 +0000
++
+ thunderbird (1:60.9.0-1~deb10u1) buster-security; urgency=medium
+ 
+   * Rebuild for buster-security
+   * [9802e1d] Revert "Use gcc-8 and g++-8 due broken build with GCC-9"
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Thu, 12 Sep 2019 16:52:34 +0200
+ 
+ thunderbird (1:60.9.0-1) unstable; urgency=medium
+ 
+   * [5f7ba31] New upstream version 60.9.0
+     Fixed CVE issues in upstream version 60.8.0 (MFSA 2019-29)
+     CVE-2019-11746: Use-after-free while manipulating video
+     CVE-2019-11744: XSS by breaking out of title and textarea elements using
+                     innerHTML
+     CVE-2019-11742: Same-origin policy violation with SVG filters and canvas
+                     to steal cross-origin images
+     CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
+     CVE-2019-11743: Cross-origin access to unload event attributes
+     CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
+                     Firefox ESR 60.9, and Thunderbird 60.9
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Wed, 11 Sep 2019 17:54:10 +0200
+ 
+ thunderbird (1:60.8.0-2) unstable; urgency=medium
+ 
+   * [41e9047] d/rules: work around carge needs a HOME dir
+   * [c67707c] Use gcc-8 and g++-8 due broken build with GCC-9
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Fri, 23 Aug 2019 20:30:17 +0200
  
  thunderbird (1:60.8.0-1~deb10u1) buster-security; urgency=medium
  
diff --cc debian/rules
index 4448344c51,d9abf23abb..64760d01e0
--- a/debian/rules
+++ b/debian/rules
@@@ -88,12 -90,7 +90,13 @@@ override_dh_auto_clean
  	rm -f configure old-configure js/src/configure js/src/old-configure mozconfig.*
  	# needed for thunderbird-l10n
  	rm -rf $(THUNDERBIRD_L10N_BUILDDIR)
 +	rm -rf third_party/python/psutil/tmp/
 +	rm -f third_party/python/psutil/psutil/*.so
 +	rm -rf third_party/python/psutil/build/temp*
 +	rm -rf third_party/python/psutil/build/lib*
 +	find . -name '*.pyc' -delete
 +	rm -f mozconfig.*
+ 	rm -rf $(CARGO_HOME)
  
  override_dh_auto_configure:
  	# run autoconf for all configure files