From: Peter Michael Green <plugwash@raspbian.org>
Date: Sun, 19 Jan 2020 14:11:41 +0000 (+0000)
Subject: Merge tag '1%68.4.1-1_deb10u1' into buster-working
X-Git-Tag: archive/raspbian/1%68.5.0-1_deb10u1+rpi1~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e64c47ab3f0613444a7c3a0dc07970d44859bd1b;p=thunderbird.git

Merge tag '1%68.4.1-1_deb10u1' into buster-working
---

e64c47ab3f0613444a7c3a0dc07970d44859bd1b
diff --cc debian/changelog
index 3db8c18feb,0fd7239802..32a2454ba9
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,18 -1,39 +1,55 @@@
- thunderbird (1:68.3.0-2~deb10u1+rpi1) buster-staging; urgency=medium
++thunderbird (1:68.4.1-1~deb10u1+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought over from firefox-esr 60.3.0esr-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 05 Dec 2018 06:56:52 +0000]
 +  * Hack broken rust target selection so it produces the right target
 +    on raspbian.
 +  * Fix clean target.
 +
 +  [changes introduced in 60.4.0-1+rpi1 by Peter Michael Green]
 +  * Further fixes to clean target (still not completely fixed :( ).
 +
-   [changes introduced in 1:68.3.0-2~deb10u1+rpi1 by Peter Michael Green]
++  [changes introduced in 1:68.4.1-1~deb10u1+rpi1 by Peter Michael Green]
 +  * Disable neon (patches taken from firefox-esr package)
 +
-  -- Peter Michael Green <plugwash@raspbian.org>  Mon, 30 Dec 2019 11:50:06 +0000
++ -- Peter Michael Green <plugwash@raspbian.org>  Sun, 19 Jan 2020 14:10:39 +0000
 +
+ thunderbird (1:68.4.1-1~deb10u1) stable-security; urgency=medium
+ 
+   * Rebuild for buster-security
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Sat, 15 Jan 2020 17:48:09 +0100
+ 
+ thunderbird (1:68.4.1-1) unstable; urgency=medium
+ 
+   * [a00f3e9] New upstream version 68.4.1
+     Fixed CVE issues in upstream version 68.4.1 (MFSA 2020-04):
+     CVE-2019-17026: IonMonkey type confusion with StoreElementHole and
+                     FallibleStoreElement
+     CVE-2019-17015: Memory corruption in parent process during new content
+                     process initialization on Windows
+     CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
+     CVE-2019-17017: Type Confusion in XPCVariant.cpp
+     CVE-2019-17022: CSS sanitization does not escape HTML tags
+     CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1
+   * [6b1fd82] rebuild patch queue from patch-queue branch
+     removed patch (included upstream)
+     fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Fri, 10 Jan 2020 18:33:43 +0100
+ 
+ thunderbird (1:68.3.1-1) unstable; urgency=medium
+ 
+   [ Emilio Pozuelo Monfort ]
+   * [6f59313] Fix MOZ_BUILD_DATE to have the expected format
+ 
+   [ Carsten Schoenert ]
+   * [5d0f4b1] d/rules: don't use SOURCE_DATE_EPOCH for MOZ_BUILD_DATE
+     (Closes: #946588)
+   * [1467af5] New upstream version 68.3.1
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Wed, 18 Dec 2019 15:54:44 +0100
+ 
++>>>>>>> 1%68.4.1-1_deb10u1
  thunderbird (1:68.3.0-2~deb10u1) stable-security; urgency=medium
  
    * Rebuild for buster-security
diff --cc debian/patches/series
index 6c84d0595c,8dd582eaf5..455b8e0fc3
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -37,7 -37,3 +37,6 @@@ porting-armhf/Don-t-use-LLVM-internal-a
  porting-arm/Reduce-memory-usage-while-linking-on-arm-el-hf-platforms.patch
  debian-hacks/Make-Thunderbird-build-reproducible.patch
  fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch
- fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch
 +raspbian-rust-triplet-hack.patch
 +try-to-disable-neon.patch
 +try-harder-to-disable-neon.patch