- update to Thunderbird 38.3.0 (bnc#947003)

* MFSA 2015-96/CVE-2015-4500
    Miscellaneous memory safety hazards
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=292

MozillaThunderbird.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Mon Sep 28 18:00:50 UTC 2015 - wr@rosenauer.org
+
+- update to Thunderbird 38.3.0 (bnc#947003)
+  * MFSA 2015-96/CVE-2015-4500
+    Miscellaneous memory safety hazards
+  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
+    Arbitrary file manipulation by local user through Mozilla updater
+  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
+    Buffer overflow in libvpx while parsing vp9 format video
+  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
+    Buffer overflow while decoding WebM video
+  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
+    Use-after-free while manipulating HTML media content
+  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
+    Dragging and dropping images exposes final URL after redirects
+  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
+    Errors in the handling of CORS preflight request headers
+  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
+    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
+    CVE-2015-7180
+    Vulnerabilities found through code inspection
+  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
+    bmo#1190526) (Windows only)
+    Memory safety errors in libGLES in the ANGLE graphics library
+- rebased patches
+
 -------------------------------------------------------------------
 Sat Aug 15 11:41:30 UTC 2015 - wr@rosenauer.org
 

MozillaThunderbird.spec

@@ -17,7 +17,7 @@
 #
 
 
-%define mainversion 38.2.0
+%define mainversion 38.3.0
 %define update_channel release
 
 %if %suse_version > 1210
@@ -69,7 +69,7 @@ Recommends:     gstreamer-0_10-plugins-ffmpeg
 %endif
 Version:        %{mainversion}
 Release:        0
-%define releasedate 2015081400
+%define releasedate 2015092700
 Provides:       thunderbird = %{version}
 %if %{with_kde}
 # this is needed to match this package with the kde4 helper package without the main package

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f4ecd1ecf424b61a316734f819868caa4656c92e8114d55865cdcde0faffe88c
-size 28444
+oid sha256:2e0f6bb247570aba081d8f435a353fe854bb43b37a28fe33c80a9203ad7759e8
+size 28412

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr38"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_38_2_0_RELEASE"
-VERSION="38.2.0"
+RELEASE_TAG="THUNDERBIRD_38_3_0_RELEASE"
+VERSION="38.3.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

l10n-38.2.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:03729cf6933a1514fb213fe6579fefd233395404be36521478f3ff22370a33da
-size 21435488

l10n-38.3.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:47db988cbc8194e61250155658d0eb4ec6aa7fa3d3cd69ee802288b602ab92b0
+size 21463548

mozilla-kde.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  214f99f3ce4f1f8ae9b3d18da44e5d66b3105663
+# Parent  879df970cffe74db62f72f5b815b559dab63418a
 Description: Add KDE integration to Firefox (toolkit parts)
 Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
 Author: Lubos Lunak <lunak@suse.com>
@@ -3148,11 +3148,11 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
  using namespace mozilla;
  
  #define MAX_PREVIEW_SIZE 180
+ // bug 1184009
+ #define MAX_PREVIEW_SOURCE_SIZE 4096
  
  nsIFile *nsFilePicker::mPrevDisplayDirectory = nullptr;
- 
- void
-@@ -238,17 +240,19 @@ nsFilePicker::AppendFilters(int32_t aFil
+@@ -243,17 +245,19 @@ nsFilePicker::AppendFilters(int32_t aFil
    return nsBaseFilePicker::AppendFilters(aFilterMask);
  }
  
@@ -3173,7 +3173,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
  
    mFilters.AppendElement(filter);
    mFilterNames.AppendElement(name);
-@@ -363,16 +367,32 @@ nsFilePicker::Show(int16_t *aReturn)
+@@ -368,16 +372,32 @@ nsFilePicker::Show(int16_t *aReturn)
  
  NS_IMETHODIMP
  nsFilePicker::Open(nsIFilePickerShownCallback *aCallback)
@@ -3206,7 +3206,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
  
    GtkFileChooserAction action = GetGtkFileChooserAction(mMode);
    const gchar *accept_button = (action == GTK_FILE_CHOOSER_ACTION_SAVE)
-@@ -551,8 +571,235 @@ nsFilePicker::Done(GtkWidget* file_choos
+@@ -556,8 +576,235 @@ nsFilePicker::Done(GtkWidget* file_choos
    if (mCallback) {
      mCallback->Done(result);
      mCallback = nullptr;

thunderbird-38.2.0-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f77ceb65b7462bb5b30d55012b5b188e61102cf22b8789ada88529ea81708bab
-size 174928900

thunderbird-38.3.0-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a6b39bb8c62aa4180fc86de449fb1a848563aad2d05d578db4c0c913cda0057d
+size 174441348