From 0c573ffde9a6365d9db8c4ffc8f1337c2fc5e19119329ba595cf5ef314924581 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 17 Aug 2015 19:13:54 +0000 Subject: [PATCH] - update to Thunderbird 38.2.0 (bnc#940806) * MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=290 --- MozillaThunderbird.changes | 30 ++++++++++++++++++++++++++++++ MozillaThunderbird.spec | 4 ++-- compare-locales.tar.xz | 2 +- create-tar.sh | 4 ++-- l10n-38.1.0.tar.xz | 3 --- l10n-38.2.0.tar.xz | 3 +++ thunderbird-38.1.0-source.tar.xz | 3 --- thunderbird-38.2.0-source.tar.xz | 3 +++ 8 files changed, 41 insertions(+), 11 deletions(-) delete mode 100644 l10n-38.1.0.tar.xz create mode 100644 l10n-38.2.0.tar.xz delete mode 100644 thunderbird-38.1.0-source.tar.xz create mode 100644 thunderbird-38.2.0-source.tar.xz diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 7b361bc..3c4b182 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Sat Aug 15 11:41:30 UTC 2015 - wr@rosenauer.org + +- update to Thunderbird 38.2.0 (bnc#940806) + * MFSA 2015-79/CVE-2015-4473 + Miscellaneous memory safety hazards + * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) + Out-of-bounds read with malformed MP3 file + * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) + Redefinition of non-configurable JavaScript object properties + * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 + Overflow issues in libstagefright + * MFSA 2015-84/CVE-2015-4481 (bmo1171518) + Arbitrary file overwriting through Mozilla Maintenance Service + with hard links (only affected Windows) + * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) + Out-of-bounds write with Updater and malicious MAR file + (does not affect openSUSE RPM packages which do not ship the + updater) + * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) + Crash when using shared memory in JavaScript + * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) + Heap overflow in gdk-pixbuf when scaling bitmap images + * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) + Buffer overflows on Libvpx when decoding WebM video + * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 + Vulnerabilities found through code inspection + * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) + Use-after-free in XMLHttpRequest with shared workers + ------------------------------------------------------------------- Wed Jul 8 07:10:59 UTC 2015 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index def8376..2d9c1d2 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,7 +17,7 @@ # -%define mainversion 38.1.0 +%define mainversion 38.2.0 %define update_channel release %if %suse_version > 1210 @@ -69,7 +69,7 @@ Recommends: gstreamer-0_10-plugins-ffmpeg %endif Version: %{mainversion} Release: 0 -%define releasedate 2015070700 +%define releasedate 2015081400 Provides: thunderbird = %{version} %if %{with_kde} # this is needed to match this package with the kde4 helper package without the main package diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 282aaa9..cc237a4 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d0e19e29cbbb7a54129b8ead00b863f5339301cac0821a7a0fe651323b3f880d +oid sha256:f4ecd1ecf424b61a316734f819868caa4656c92e8114d55865cdcde0faffe88c size 28444 diff --git a/create-tar.sh b/create-tar.sh index b2d5889..6f82604 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr38" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_38_1_0_RELEASE" -VERSION="38.1.0" +RELEASE_TAG="THUNDERBIRD_38_2_0_RELEASE" +VERSION="38.2.0" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-38.1.0.tar.xz b/l10n-38.1.0.tar.xz deleted file mode 100644 index b84951d..0000000 --- a/l10n-38.1.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c1092145e62e70bafce2aa31a4663e42dd0f8a738c630fe8f02f9bd81a8cfeeb -size 21427456 diff --git a/l10n-38.2.0.tar.xz b/l10n-38.2.0.tar.xz new file mode 100644 index 0000000..232a8fd --- /dev/null +++ b/l10n-38.2.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:03729cf6933a1514fb213fe6579fefd233395404be36521478f3ff22370a33da +size 21435488 diff --git a/thunderbird-38.1.0-source.tar.xz b/thunderbird-38.1.0-source.tar.xz deleted file mode 100644 index 7e2f8a8..0000000 --- a/thunderbird-38.1.0-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3901dc5137800f657f22525d7d97b04fe08cec12e89e42de0beaad5fd0cdf73 -size 174150344 diff --git a/thunderbird-38.2.0-source.tar.xz b/thunderbird-38.2.0-source.tar.xz new file mode 100644 index 0000000..e8ce6cf --- /dev/null +++ b/thunderbird-38.2.0-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f77ceb65b7462bb5b30d55012b5b188e61102cf22b8789ada88529ea81708bab +size 174928900