diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index ce2a0eb..283b67d 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Mon Oct 8 13:27:10 UTC 2012 - wr@rosenauer.org + +- update to Thunderbird 16.0 (bnc#783533) + * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 + Miscellaneous memory safety hazards + * MFSA 2012-75/CVE-2012-3984 (bmo#575294) + select element persistance allows for attacks + * MFSA 2012-76/CVE-2012-3985 (bmo#655649) + Continued access to initial origin after setting document.domain + * MFSA 2012-77/CVE-2012-3986 (bmo#775868) + Some DOMWindowUtils methods bypass security checks + * MFSA 2012-79/CVE-2012-3988 (bmo#725770) + DOS and crash with full screen and history navigation + * MFSA 2012-80/CVE-2012-3989 (bmo#783867) + Crash with invalid cast when using instanceof operator + * MFSA 2012-81/CVE-2012-3991 (bmo#783260) + GetProperty function can bypass security checks + * MFSA 2012-82/CVE-2012-3994 (bmo#765527) + top object and location property accessible by plugins + * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) + Chrome Object Wrapper (COW) does not disallow acces to privileged + functions or properties + * MFSA 2012-84/CVE-2012-3992 (bmo#775009) + Spoofing and script injection through location.hash + * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ + CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 + Use-after-free, buffer overflow, and out of bounds read issues + found using Address Sanitizer + * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ + CVE-2012-4188 + Heap memory corruption issues found using Address Sanitizer + * MFSA 2012-87/CVE-2012-3990 (bmo#787704) + Use-after-free in the IME State Manager +- update Enigmail to version 1.4.5 + ------------------------------------------------------------------- Sun Aug 26 14:59:20 UTC 2012 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 2a843c7..c173825 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -30,7 +30,7 @@ BuildRequires: libcurl-devel BuildRequires: libgnomeui-devel BuildRequires: libidl-devel BuildRequires: libnotify-devel -BuildRequires: mozilla-nspr-devel >= 4.9.1 +BuildRequires: mozilla-nspr-devel >= 4.9.2 BuildRequires: mozilla-nss-devel >= 3.13.6 BuildRequires: nss-shared-helper-devel BuildRequires: python @@ -40,11 +40,11 @@ BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel BuildRequires: yasm BuildRequires: zip -%define mainversion 15.0 +%define mainversion 16.0 %define update_channel release Version: %{mainversion} Release: 0 -%define releasedate 2012082500 +%define releasedate 2012100700 Provides: thunderbird = %{version} %if %{with_kde} # this is needed to match this package with the kde4 helper package without the main package @@ -65,7 +65,7 @@ Source4: l10n-%{version}.tar.bz2 Source6: suse-default-prefs.js Source7: find-external-requires.sh Source8: thunderbird-rpmlintrc -Source9: enigmail-1.4.4.tar.gz +Source9: enigmail-1.4.5.tar.gz Source10: create-tar.sh Source11: compare-locales.tar.bz2 Source12: kde.js @@ -75,7 +75,6 @@ Patch2: mozilla-language.patch Patch3: mozilla-nongnome-proxies.patch Patch4: mozilla-kde.patch Patch5: mozilla-arm-disable-edsp.patch -Patch6: mozilla-crashreporter-restart-args.patch Patch7: mozilla-ppc.patch # Thunderbird/mail Patch20: tb-ssldap.patch @@ -170,7 +169,7 @@ symbols meant for upload to Mozilla's crash collector database. %if %build_enigmail %package -n enigmail -Version: 1.4.4+%{mainversion} +Version: 1.4.5.+%{mainversion} Release: 0 Summary: OpenPGP addon for Thunderbird and SeaMonkey License: MPL-1.1 or GPL-2.0+ @@ -203,7 +202,6 @@ pushd mozilla %patch4 -p1 %endif %patch5 -p1 -%patch6 -p1 %patch7 -p1 popd # comm-central patches @@ -324,7 +322,7 @@ rm -f %{_tmppath}/translations.* touch %{_tmppath}/translations.{common,other} for locale in $(awk '{ print $1; }' ../thunderbird/mail/locales/all-locales); do case $locale in - ja-JP-mac|en-US|hy-AM) + ja-JP-mac|en-US) # locales not to be included in translations package ;; *) diff --git a/compare-locales.tar.bz2 b/compare-locales.tar.bz2 index a1230ef..bc04370 100644 --- a/compare-locales.tar.bz2 +++ b/compare-locales.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:35bfcd3482fb1597a91c76cbbc17520efd2d2ba034784b4d5db229a1b26b45a2 -size 29365 +oid sha256:00b12bee19053918e26a761b3289824ef632a9542b4416ce4b79ffd5be24662e +size 29954 diff --git a/create-tar.sh b/create-tar.sh index 1632fd8..8682902 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="release" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_15_0_RELEASE" -VERSION="15.0" +RELEASE_TAG="THUNDERBIRD_16_0_RELEASE" +VERSION="16.0" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/enigmail-1.4.4.tar.gz b/enigmail-1.4.4.tar.gz deleted file mode 100644 index 23063cb..0000000 --- a/enigmail-1.4.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ec62bb701968f72ad35546660132e6e47d4ebe684df1d27fc615cb9010a203b8 -size 1269444 diff --git a/enigmail-1.4.5.tar.gz b/enigmail-1.4.5.tar.gz new file mode 100644 index 0000000..2ff3085 --- /dev/null +++ b/enigmail-1.4.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fa59491fba21de9414a003933349074a8ec1833a1d64cac9f0a9f7020ed6c020 +size 1269207 diff --git a/l10n-15.0.tar.bz2 b/l10n-15.0.tar.bz2 deleted file mode 100644 index ab9a929..0000000 --- a/l10n-15.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1f287376f9111b9549c2455ae8171935a7823348092a289a67e8bbefb5a0677f -size 26062882 diff --git a/l10n-16.0.tar.bz2 b/l10n-16.0.tar.bz2 new file mode 100644 index 0000000..2f0dc9e --- /dev/null +++ b/l10n-16.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e9ce774560fd827a4468884c69dc6d20a81db620ce916a90c405e807a3cf9c0a +size 26731005 diff --git a/mozilla-crashreporter-restart-args.patch b/mozilla-crashreporter-restart-args.patch deleted file mode 100644 index 61186f2..0000000 --- a/mozilla-crashreporter-restart-args.patch +++ /dev/null @@ -1,46 +0,0 @@ -# HG changeset patch -# User Wolfgang Rosenauer -# Parent 07bb4ecfd6d6cc16360e7a32ee10b885d523f20d -Bug 762780 - crashreporter restart command should support MOZ_APP_LAUNCHER - -diff --git a/toolkit/crashreporter/nsExceptionHandler.cpp b/toolkit/crashreporter/nsExceptionHandler.cpp ---- a/toolkit/crashreporter/nsExceptionHandler.cpp -+++ b/toolkit/crashreporter/nsExceptionHandler.cpp -@@ -1360,32 +1360,25 @@ nsresult - SetRestartArgs(int argc, char** argv) - { - if (!gExceptionHandler) - return NS_OK; - - int i; - nsCAutoString envVar; - char *env; -+ char *argv1 = getenv("MOZ_APP_LAUNCHER"); - for (i = 0; i < argc; i++) { - envVar = "MOZ_CRASHREPORTER_RESTART_ARG_"; - envVar.AppendInt(i); - envVar += "="; --#if defined(XP_UNIX) && !defined(XP_MACOSX) -- // we'd like to run the script around the binary -- // instead of the binary itself, so remove the -bin -- // if it exists on the first argument -- int arg_len = 0; -- if (i == 0 && -- (arg_len = strlen(argv[i])) > 4 && -- strcmp(argv[i] + arg_len - 4, "-bin") == 0) { -- envVar.Append(argv[i], arg_len - 4); -- } else --#endif -- { -+ if (argv1 && i == 0) { -+ // Is there a request to suppress default binary launcher? -+ envVar += argv1; -+ } else { - envVar += argv[i]; - } - - // PR_SetEnv() wants the string to be available for the lifetime - // of the app, so dup it here - env = ToNewCString(envVar); - if (!env) - return NS_ERROR_OUT_OF_MEMORY; diff --git a/mozilla-kde.patch b/mozilla-kde.patch index 2cab4a4..3a2e99b 100644 --- a/mozilla-kde.patch +++ b/mozilla-kde.patch @@ -180,7 +180,7 @@ diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/compon #include "AndroidBridge.h" #endif -@@ -2236,16 +2240,25 @@ nsDownload::SetState(DownloadState aStat +@@ -2233,16 +2237,25 @@ nsDownload::SetState(DownloadState aStat nsCOMPtr pref(do_GetService(NS_PREFSERVICE_CONTRACTID)); // Master pref to control this function. @@ -206,7 +206,7 @@ diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/compon PRInt64 goat = PR_Now() - mStartTime; showTaskbarAlert = goat > alertIntervalUSec; -@@ -2269,19 +2282,20 @@ nsDownload::SetState(DownloadState aStat +@@ -2266,19 +2279,20 @@ nsDownload::SetState(DownloadState aStat // If downloads are automatically removed per the user's // retention policy, there's no reason to make the text clickable // because if it is, they'll click open the download manager and @@ -232,39 +232,39 @@ diff --git a/toolkit/content/jar.mn b/toolkit/content/jar.mn --- a/toolkit/content/jar.mn +++ b/toolkit/content/jar.mn @@ -45,29 +45,33 @@ toolkit.jar: - *+ content/global/viewZoomOverlay.js (viewZoomOverlay.js) + content/global/viewZoomOverlay.js (viewZoomOverlay.js) *+ content/global/bindings/autocomplete.xml (widgets/autocomplete.xml) - *+ content/global/bindings/browser.xml (widgets/browser.xml) - *+ content/global/bindings/button.xml (widgets/button.xml) - *+ content/global/bindings/checkbox.xml (widgets/checkbox.xml) - *+ content/global/bindings/colorpicker.xml (widgets/colorpicker.xml) - *+ content/global/bindings/datetimepicker.xml (widgets/datetimepicker.xml) + content/global/bindings/browser.xml (widgets/browser.xml) + content/global/bindings/button.xml (widgets/button.xml) + content/global/bindings/checkbox.xml (widgets/checkbox.xml) + content/global/bindings/colorpicker.xml (widgets/colorpicker.xml) + content/global/bindings/datetimepicker.xml (widgets/datetimepicker.xml) *+ content/global/bindings/dialog.xml (widgets/dialog.xml) +*+ content/global/bindings/dialog-kde.xml (widgets/dialog-kde.xml) +% override chrome://global/content/bindings/dialog.xml chrome://global/content/bindings/dialog-kde.xml desktop=kde - *+ content/global/bindings/editor.xml (widgets/editor.xml) - * content/global/bindings/expander.xml (widgets/expander.xml) + content/global/bindings/editor.xml (widgets/editor.xml) + content/global/bindings/expander.xml (widgets/expander.xml) * content/global/bindings/filefield.xml (widgets/filefield.xml) *+ content/global/bindings/findbar.xml (widgets/findbar.xml) - *+ content/global/bindings/general.xml (widgets/general.xml) - *+ content/global/bindings/groupbox.xml (widgets/groupbox.xml) + content/global/bindings/general.xml (widgets/general.xml) + content/global/bindings/groupbox.xml (widgets/groupbox.xml) *+ content/global/bindings/listbox.xml (widgets/listbox.xml) - *+ content/global/bindings/menu.xml (widgets/menu.xml) - *+ content/global/bindings/menulist.xml (widgets/menulist.xml) - *+ content/global/bindings/notification.xml (widgets/notification.xml) - *+ content/global/bindings/numberbox.xml (widgets/numberbox.xml) - *+ content/global/bindings/popup.xml (widgets/popup.xml) + content/global/bindings/menu.xml (widgets/menu.xml) + content/global/bindings/menulist.xml (widgets/menulist.xml) + content/global/bindings/notification.xml (widgets/notification.xml) + content/global/bindings/numberbox.xml (widgets/numberbox.xml) + content/global/bindings/popup.xml (widgets/popup.xml) *+ content/global/bindings/preferences.xml (widgets/preferences.xml) +*+ content/global/bindings/preferences-kde.xml (widgets/preferences-kde.xml) +% override chrome://global/content/bindings/preferences.xml chrome://global/content/bindings/preferences-kde.xml desktop=kde - *+ content/global/bindings/progressmeter.xml (widgets/progressmeter.xml) - *+ content/global/bindings/radio.xml (widgets/radio.xml) - *+ content/global/bindings/resizer.xml (widgets/resizer.xml) - *+ content/global/bindings/richlistbox.xml (widgets/richlistbox.xml) - *+ content/global/bindings/scale.xml (widgets/scale.xml) - *+ content/global/bindings/scrollbar.xml (widgets/scrollbar.xml) - *+ content/global/bindings/scrollbox.xml (widgets/scrollbox.xml) - *+ content/global/bindings/splitter.xml (widgets/splitter.xml) + content/global/bindings/progressmeter.xml (widgets/progressmeter.xml) + content/global/bindings/radio.xml (widgets/radio.xml) + content/global/bindings/resizer.xml (widgets/resizer.xml) + content/global/bindings/richlistbox.xml (widgets/richlistbox.xml) + content/global/bindings/scale.xml (widgets/scale.xml) + content/global/bindings/scrollbar.xml (widgets/scrollbar.xml) + content/global/bindings/scrollbox.xml (widgets/scrollbox.xml) + content/global/bindings/splitter.xml (widgets/splitter.xml) diff --git a/toolkit/content/widgets/dialog-kde.xml b/toolkit/content/widgets/dialog-kde.xml new file mode 100644 --- /dev/null @@ -305,7 +305,7 @@ new file mode 100644 + pack="end"> +