From fc422ca055dc6bccffc30585bb25ac1a168de44db3d0b605169b740805bc4924 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Fri, 16 Dec 2016 13:14:25 +0000
Subject: [PATCH 1/3] - update to Thunderbird 45.6.0 (boo#1015422)    
 CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=345
---
 MozillaThunderbird.changes       | 7 ++++++-
 MozillaThunderbird.spec          | 4 ++--
 compare-locales.tar.xz           | 4 ++--
 create-tar.sh                    | 4 ++--
 l10n-45.5.1.tar.xz               | 3 ---
 l10n-45.6.0.tar.xz               | 3 +++
 thunderbird-45.5.1-source.tar.xz | 3 ---
 thunderbird-45.6.0-source.tar.xz | 3 +++
 8 files changed, 18 insertions(+), 13 deletions(-)
 delete mode 100644 l10n-45.5.1.tar.xz
 create mode 100644 l10n-45.6.0.tar.xz
 delete mode 100644 thunderbird-45.5.1-source.tar.xz
 create mode 100644 thunderbird-45.6.0-source.tar.xz

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 721f6e5..677e63c 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Dec 16 13:06:13 UTC 2016 - wr@rosenauer.org
+
+- update to Thunderbird 45.6.0 (boo#1015422)
+
 -------------------------------------------------------------------
 Thu Dec  1 09:58:57 UTC 2016 - astieger@suse.com
 
@@ -20,7 +25,7 @@ Sat Nov 19 14:20:05 UTC 2016 - astieger@suse.com
                    nsScriptLoadHandler (bsc#1010404)
     CVE-2016-5291: Same-origin policy violation using local HTML file
                    and saved shortcut file (bsc#1010410)
-    CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5  
+    CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5
                    (bsc#1010427)
 - Changed behavior:
   * Changed recipient address entry: Arrow-keys now copy the pop-up
diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index 057210d..feaaa89 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 45.5.1
+%define mainversion 45.6.0
 %define update_channel release
-%define releasedate 2016113000
+%define releasedate 2016121500
 
 %if %suse_version > 1310
 %define gstreamer_ver 1.0
diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz
index 7c8efc6..c537ab6 100644
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fc7ce1f99172c4b1aa55d53d5020d8857037a877f1a4451e076b0fc5c8e0b8c3
-size 28456
+oid sha256:7dd7c94303ab3bb2e799f4583c48d907970edcb6440237fa8f43ebd715a6ed69
+size 28364
diff --git a/create-tar.sh b/create-tar.sh
index b163a32..cf469c1 100644
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -2,8 +2,8 @@
 
 CHANNEL="esr45"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_45_5_1_RELEASE"
-VERSION="45.5.1"
+RELEASE_TAG="THUNDERBIRD_45_6_0_RELEASE"
+VERSION="45.6.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird
diff --git a/l10n-45.5.1.tar.xz b/l10n-45.5.1.tar.xz
deleted file mode 100644
index 23974e1..0000000
--- a/l10n-45.5.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:124b78fc0a49add15d01687e15ffb439c30d5b9f307d1612653a9b56f25b37bd
-size 24297980
diff --git a/l10n-45.6.0.tar.xz b/l10n-45.6.0.tar.xz
new file mode 100644
index 0000000..3f4d05f
--- /dev/null
+++ b/l10n-45.6.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:10ebd513555de10074c537c6bfb8dce43c03dd0f67462f9fb3c8c89326e2ce28
+size 24497468
diff --git a/thunderbird-45.5.1-source.tar.xz b/thunderbird-45.5.1-source.tar.xz
deleted file mode 100644
index e1da0ba..0000000
--- a/thunderbird-45.5.1-source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:663705df0c2b5432e9238eae17dfa8bb25b307370f6686da1305fa23bfde5bd5
-size 212479860
diff --git a/thunderbird-45.6.0-source.tar.xz b/thunderbird-45.6.0-source.tar.xz
new file mode 100644
index 0000000..73db24a
--- /dev/null
+++ b/thunderbird-45.6.0-source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2909d61899ec294c9d0c44c75904cfc05329c9c780794acb276e4988e7510e53
+size 211827004

From 86a871cbf65eb7a4d733be3e95899a7b18f8f813ba8efdb45483885766887dac Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Sat, 24 Dec 2016 09:04:27 +0000
Subject: [PATCH 2/3] OBS-URL:
 https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=346

---
 MozillaThunderbird.spec          | 2 +-
 compare-locales.tar.xz           | 4 ++--
 l10n-45.6.0.tar.xz               | 4 ++--
 thunderbird-45.6.0-source.tar.xz | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index feaaa89..1df96fa 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -19,7 +19,7 @@
 
 %define mainversion 45.6.0
 %define update_channel release
-%define releasedate 2016121500
+%define releasedate 2016122200
 
 %if %suse_version > 1310
 %define gstreamer_ver 1.0
diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz
index c537ab6..56c109f 100644
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:7dd7c94303ab3bb2e799f4583c48d907970edcb6440237fa8f43ebd715a6ed69
-size 28364
+oid sha256:b00a893fa3aa495805aeb20ddebd1f51e2c4c352de1eaa42bede6f5ab9119848
+size 28360
diff --git a/l10n-45.6.0.tar.xz b/l10n-45.6.0.tar.xz
index 3f4d05f..06de72a 100644
--- a/l10n-45.6.0.tar.xz
+++ b/l10n-45.6.0.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:10ebd513555de10074c537c6bfb8dce43c03dd0f67462f9fb3c8c89326e2ce28
-size 24497468
+oid sha256:de63f7341fc4f6724951358a574ac2fc92833df802e13a4e28544ffba3d63550
+size 24499928
diff --git a/thunderbird-45.6.0-source.tar.xz b/thunderbird-45.6.0-source.tar.xz
index 73db24a..d1a9288 100644
--- a/thunderbird-45.6.0-source.tar.xz
+++ b/thunderbird-45.6.0-source.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2909d61899ec294c9d0c44c75904cfc05329c9c780794acb276e4988e7510e53
-size 211827004
+oid sha256:d535cb2cfc2a3fd2ff82bba209b2e348eeb0331badd55d6520c841ad49e2cb02
+size 211901108

From 329b61bb1889ed515b4b1208bdad5af417941545df9a28888fd2720b4b9f9498 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Thu, 29 Dec 2016 08:33:54 +0000
Subject: [PATCH 3/3] * The system integration dialog was shown every time when
 starting     Thunderbird   * MFSA 2016-96     CVE-2016-9899: Use-after-free
 while manipulating DOM events and                    audio elements
 (bmo#1317409)     CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)  
   CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)    
 CVE-2016-9898: Use-after-free in Editor while manipulating DOM               
     subtrees (bmo#1314442)     CVE-2016-9900: Restricted external resources
 can be loaded by                    SVG images through data URLs
 (bmo#1319122)     CVE-2016-9904: Cross-origin information leak in shared
 atoms                    (bmo#1317936)     CVE-2016-9905: Crash in
 EnumerateSubDocuments (bmo#1293985)     CVE-2016-9893: Memory safety bugs
 fixed in Thunderbird 45.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=347
---
 MozillaThunderbird.changes | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 677e63c..602805e 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,7 +1,22 @@
 -------------------------------------------------------------------
-Fri Dec 16 13:06:13 UTC 2016 - wr@rosenauer.org
+Thu Dec 29 08:33:21 UTC 2016 - wr@rosenauer.org
 
 - update to Thunderbird 45.6.0 (boo#1015422)
+  * The system integration dialog was shown every time when starting
+    Thunderbird
+  * MFSA 2016-96
+    CVE-2016-9899: Use-after-free while manipulating DOM events and
+                   audio elements (bmo#1317409)
+    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
+    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
+    CVE-2016-9898: Use-after-free in Editor while manipulating DOM
+                   subtrees (bmo#1314442)
+    CVE-2016-9900: Restricted external resources can be loaded by
+                   SVG images through data URLs (bmo#1319122)
+    CVE-2016-9904: Cross-origin information leak in shared atoms
+                   (bmo#1317936)
+    CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985)
+    CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
 
 -------------------------------------------------------------------
 Thu Dec  1 09:58:57 UTC 2016 - astieger@suse.com