Accepting request 180914 from mozilla:Factory

- update to Thunderbird 17.0.7 (bnc#825935) * MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context ppc-xpcshell.patch OBS-URL: https://build.opensuse.org/request/show/180914 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=120
2013-06-26 18:24:48 +00:00 · 2013-06-26 18:24:48 +00:00 · 870b2534c7
commit 870b2534c7
parent 2c3d728c05 ec481f916a
8 changed files with 35 additions and 13 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,8 +1,30 @@
+-------------------------------------------------------------------
+Mon Jun 24 10:17:22 UTC 2013 - wr@rosenauer.org
+
+- update to Thunderbird 17.0.7 (bnc#825935)
+  * MFSA 2013-49/CVE-2013-1682
+    Miscellaneous memory safety hazards
+  * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
+    Memory corruption found using Address Sanitizer
+  * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
+    Privileged content access and execution via XBL
+  * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
+    Execution of unmapped memory through onreadystatechange event
+  * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
+    Data in the body of XHR HEAD requests leads to CSRF attacks
+  * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
+    SVG filters can lead to information disclosure
+  * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
+    PreserveWrapper has inconsistent behavior
+  * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
+    XrayWrappers can be bypassed to run user defined methods in a
+    privileged context
+
 -------------------------------------------------------------------
 Tue Jun  4 20:41:42 UTC 2013 - dvaleev@suse.com

 - prevent xpc-shell crashing on powerpc
-  ppc-xpcshell.patch 
+  ppc-xpcshell.patch

 -------------------------------------------------------------------
 Sat May 11 08:46:37 UTC 2013 - wr@rosenauer.org
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -40,11 +40,11 @@ BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
 BuildRequires:  yasm
 BuildRequires:  zip
-%define mainversion 17.0.6
+%define mainversion 17.0.7
 %define update_channel release
 Version:        %{mainversion}
 Release:        0
-%define releasedate 2013051000
+%define releasedate 2013062000
 Provides:       thunderbird = %{version}
 %if %{with_kde}
 # this is needed to match this package with the kde4 helper package without the main package
--- a/compare-locales.tar.bz2
+++ b/compare-locales.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:15ed1a16824757c197a9fa29c8ec32a73deb788bf1c3d9f3094305ca431a06ef
-size 29933
+oid sha256:b0d08936b1a1fd715b07d7fad9f25bb2dadd3f088839766a6d50849a8fbc3d74
+size 29922
--- a/create-tar.sh
+++ b/create-tar.sh
@ -2,8 +2,8 @@

 CHANNEL="esr17"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_17_0_6_RELEASE"
-VERSION="17.0.6"
+RELEASE_TAG="THUNDERBIRD_17_0_7_RELEASE"
+VERSION="17.0.7"

 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird
--- a/l10n-17.0.6.tar.bz2
+++ b/l10n-17.0.6.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:94d32045f3fec3beea965775d8710adb70b5251cc13f9cae638d9f844e3e2f3d
-size 26793527
--- a/l10n-17.0.7.tar.bz2
+++ b/l10n-17.0.7.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b7045f20c9d69f8d52fd3e0b4da109bbc5c4b17530f91a4a0d6d03d4f9212c1d
+size 26789123
--- a/thunderbird-17.0.6-source.tar.bz2
+++ b/thunderbird-17.0.6-source.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1664c314c0f4a813de7fca955e89223d44158ece95d078c368b28b5ededdc02f
-size 115254769
--- a/thunderbird-17.0.7-source.tar.bz2
+++ b/thunderbird-17.0.7-source.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0adc78bd42c060b6923bfeb53d700b310dbf8eedba7ac819d5a9b1a9c2d576de
+size 115019945