From 120baf56d949db22f69d9fb9a70833a487d81f9be438345ef9d7ef8181c5b9d0 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 24 Mar 2018 09:35:07 +0000 Subject: [PATCH 1/2] - update to Thunderbird 52.7 (bsc#1085130) * Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments * Better error handling for Yahoo accounts MFSA 2018-08 * CVE-2018-5146 (bmo#1446062) Out of bounds memory write in libvorbis * CVE-2018-5147 (bmo#1446365) Out of bounds memory write in libtremor OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=401 --- MozillaThunderbird.changes | 14 ++++++++++++++ MozillaThunderbird.spec | 4 ++-- compare-locales.tar.xz | 4 ++-- create-tar.sh | 4 ++-- l10n-52.6.tar.xz | 3 --- l10n-52.7.tar.xz | 3 +++ thunderbird-52.6-source.tar.xz | 3 --- thunderbird-52.7-source.tar.xz | 3 +++ 8 files changed, 26 insertions(+), 12 deletions(-) delete mode 100644 l10n-52.6.tar.xz create mode 100644 l10n-52.7.tar.xz delete mode 100644 thunderbird-52.6-source.tar.xz create mode 100644 thunderbird-52.7-source.tar.xz diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index f634a98..ad575f4 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Fri Mar 23 09:39:40 UTC 2018 - wr@rosenauer.org + +- update to Thunderbird 52.7 (bsc#1085130) + * Searching message bodies of messages in local folders, including + filter and quick filter operations, did not find content in + message attachments + * Better error handling for Yahoo accounts + MFSA 2018-08 + * CVE-2018-5146 (bmo#1446062) + Out of bounds memory write in libvorbis + * CVE-2018-5147 (bmo#1446365) + Out of bounds memory write in libtremor + ------------------------------------------------------------------- Wed Jan 24 11:40:38 UTC 2018 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 41a2cbc..f23307d 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,9 +17,9 @@ # -%define mainversion 52.6 +%define mainversion 52.7 %define update_channel release -%define releasedate 201801240000 +%define releasedate 201803230000 %bcond_without mozilla_tb_kde4 %bcond_with mozilla_tb_valgrind diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index aa7b2e3..7396f13 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8a99c19f2d81689b8d0f47dce8f0a6eff1bd8e8380223d68e2fe9f9b60621f49 -size 28408 +oid sha256:5619c69ab0ddc415df1634783c3ee50c80dc6690d2bf2ce0c1d1103311c9ef87 +size 28372 diff --git a/create-tar.sh b/create-tar.sh index 31b8285..eb6d114 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr52" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_52_6_0_RELEASE" -VERSION="52.6" +RELEASE_TAG="THUNDERBIRD_52_7_0_RELEASE" +VERSION="52.7" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-52.6.tar.xz b/l10n-52.6.tar.xz deleted file mode 100644 index 6b0a6d5..0000000 --- a/l10n-52.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5cd993b34ac353fd3a3f2f072bf6a61be9e67d078022c59a99948fee3028d90e -size 26224072 diff --git a/l10n-52.7.tar.xz b/l10n-52.7.tar.xz new file mode 100644 index 0000000..80527cf --- /dev/null +++ b/l10n-52.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e5489e085b0432ceed78f5542b2e09380e0586d9d8cb209433c45db150783d5a +size 26230056 diff --git a/thunderbird-52.6-source.tar.xz b/thunderbird-52.6-source.tar.xz deleted file mode 100644 index 494dff1..0000000 --- a/thunderbird-52.6-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1dbf6f8948349c091ecf1004cc518fd82ff5c5fdf9953699b5acb5b8bcc653ad -size 242254396 diff --git a/thunderbird-52.7-source.tar.xz b/thunderbird-52.7-source.tar.xz new file mode 100644 index 0000000..ded3680 --- /dev/null +++ b/thunderbird-52.7-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30e34c7c4facfe1601db7a9983a2dc1375b417ed7af35758256d38b6dcae9ad1 +size 242326388 From 2fe1d46e2283b2c76a53fa254a5f1bc3323fa32643d018a62bbd378946eaebc2 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 26 Mar 2018 11:03:30 +0000 Subject: [PATCH 2/2] Accepting request 590831 from home:AndreasStieger:branches:mozilla:Factory Adjust changelog based on MFSA 2018-09 OBS-URL: https://build.opensuse.org/request/show/590831 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=402 --- MozillaThunderbird.changes | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index ad575f4..40f8b37 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,16 +1,32 @@ ------------------------------------------------------------------- Fri Mar 23 09:39:40 UTC 2018 - wr@rosenauer.org -- update to Thunderbird 52.7 (bsc#1085130) +- update to Thunderbird 52.7 * Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments * Better error handling for Yahoo accounts - MFSA 2018-08 +- The following security fixes are included as part of the mozilla + platform. In general, these flaws cannot be exploited through + email in the Thunderbird product because scripting is disabled + when reading mail, but are potentially risks in browser or + browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671): + * CVE-2018-5127 (bmo#1430557) + Buffer overflow manipulating SVG animatedPathSegList + * CVE-2018-5129 (bmo#1428947) + Out-of-bounds write with malformed IPC messages + * CVE-2018-5144 (bmo#1440926) + Integer overflow during Unicode conversion * CVE-2018-5146 (bmo#1446062) Out of bounds memory write in libvorbis - * CVE-2018-5147 (bmo#1446365) - Out of bounds memory write in libtremor + * CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450, + bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087, + bmo#1443865,bmo#1425520) + Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and + Thunderbird 52.7 + * CVE-2018-5145 (bmo#1261175,bmo#1348955) + Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird + 52.7 ------------------------------------------------------------------- Wed Jan 24 11:40:38 UTC 2018 - wr@rosenauer.org