Accepting request 323869 from mozilla:Factory

- update to Thunderbird 38.2.0 (bnc#940806) * MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers OBS-URL: https://build.opensuse.org/request/show/323869 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=149
2015-08-21 05:39:41 +00:00 · 2015-08-21 05:39:41 +00:00 · 2b6c6d2a16
commit 2b6c6d2a16
parent ed8a4c6d0c 0c573ffde9
8 changed files with 41 additions and 11 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Sat Aug 15 11:41:30 UTC 2015 - wr@rosenauer.org
+
+- update to Thunderbird 38.2.0 (bnc#940806)
+  * MFSA 2015-79/CVE-2015-4473
+    Miscellaneous memory safety hazards
+  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
+    Out-of-bounds read with malformed MP3 file
+  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
+    Redefinition of non-configurable JavaScript object properties
+  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
+    Overflow issues in libstagefright
+  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
+    Arbitrary file overwriting through Mozilla Maintenance Service
+    with hard links (only affected Windows)
+  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
+    Out-of-bounds write with Updater and malicious MAR file
+    (does not affect openSUSE RPM packages which do not ship the
+     updater)
+  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
+    Crash when using shared memory in JavaScript
+  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
+    Heap overflow in gdk-pixbuf when scaling bitmap images
+  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
+    Buffer overflows on Libvpx when decoding WebM video
+  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
+    Vulnerabilities found through code inspection
+  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
+    Use-after-free in XMLHttpRequest with shared workers
+
 -------------------------------------------------------------------
 Wed Jul  8 07:10:59 UTC 2015 - wr@rosenauer.org

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -17,7 +17,7 @@
 #


-%define mainversion 38.1.0
+%define mainversion 38.2.0
 %define update_channel release

 %if %suse_version > 1210
@ -69,7 +69,7 @@ Recommends:     gstreamer-0_10-plugins-ffmpeg
 %endif
 Version:        %{mainversion}
 Release:        0
-%define releasedate 2015070700
+%define releasedate 2015081400
 Provides:       thunderbird = %{version}
 %if %{with_kde}
 # this is needed to match this package with the kde4 helper package without the main package
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:d0e19e29cbbb7a54129b8ead00b863f5339301cac0821a7a0fe651323b3f880d
+oid sha256:f4ecd1ecf424b61a316734f819868caa4656c92e8114d55865cdcde0faffe88c
 size 28444
--- a/create-tar.sh
+++ b/create-tar.sh
@ -2,8 +2,8 @@

 CHANNEL="esr38"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_38_1_0_RELEASE"
-VERSION="38.1.0"
+RELEASE_TAG="THUNDERBIRD_38_2_0_RELEASE"
+VERSION="38.2.0"

 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird
--- a/l10n-38.1.0.tar.xz
+++ b/l10n-38.1.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c1092145e62e70bafce2aa31a4663e42dd0f8a738c630fe8f02f9bd81a8cfeeb
-size 21427456
--- a/l10n-38.2.0.tar.xz
+++ b/l10n-38.2.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:03729cf6933a1514fb213fe6579fefd233395404be36521478f3ff22370a33da
+size 21435488
--- a/thunderbird-38.1.0-source.tar.xz
+++ b/thunderbird-38.1.0-source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a3901dc5137800f657f22525d7d97b04fe08cec12e89e42de0beaad5fd0cdf73
-size 174150344
--- a/thunderbird-38.2.0-source.tar.xz
+++ b/thunderbird-38.2.0-source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f77ceb65b7462bb5b30d55012b5b188e61102cf22b8789ada88529ea81708bab
+size 174928900