Accepting request 532694 from mozilla:Factory

- Mozilla Thunderbird 52.4.0 (bsc#1060445)
  * new behavior was introduced for replies to mailing list posts:
    "When replying to a mailing list, reply will be sent to address
    in From header ignoring Reply-to header". A new preference
    mail.override_list_reply_to allows to restore the previous behavior.
  * Under certain circumstances (image attachment and non-image
    attachment), attached images were shown truncated in messages
    stored in IMAP folders not synchronised for offline use.
  * IMAP UIDs > 0x7FFFFFFF now handled properly
  Security fixes from Gecko 52.4esr
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

- Add alsa-devel BuildRequires: we care for ALSA support to be

OBS-URL: https://build.opensuse.org/request/show/532694
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=184

MozillaThunderbird.changes

@@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Wed Oct  4 09:18:39 UTC 2017 - astieger@suse.com
+
+- Mozilla Thunderbird 52.4.0 (bsc#1060445)
+  * new behavior was introduced for replies to mailing list posts:
+    "When replying to a mailing list, reply will be sent to address
+    in From header ignoring Reply-to header". A new preference
+    mail.override_list_reply_to allows to restore the previous behavior.
+  * Under certain circumstances (image attachment and non-image
+    attachment), attached images were shown truncated in messages
+    stored in IMAP folders not synchronised for offline use.
+  * IMAP UIDs > 0x7FFFFFFF now handled properly
+  Security fixes from Gecko 52.4esr
+  * CVE-2017-7793 (bmo#1371889)
+    Use-after-free with Fetch API
+  * CVE-2017-7818 (bmo#1363723)
+    Use-after-free during ARIA array manipulation
+  * CVE-2017-7819 (bmo#1380292)
+    Use-after-free while resizing images in design mode
+  * CVE-2017-7824 (bmo#1398381)
+    Buffer overflow when drawing and validating elements with ANGLE
+  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
+    Use-after-free in TLS 1.2 generating handshake hashes
+  * CVE-2017-7814 (bmo#1376036)
+    Blob and data URLs bypass phishing and malware protection warnings
+  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
+    OS X fonts render some Tibetan and Arabic unicode characters as spaces
+  * CVE-2017-7823 (bmo#1396320)
+    CSP sandbox directive did not create a unique origin
+  * CVE-2017-7810
+    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
+
+-------------------------------------------------------------------
+Thu Sep 28 07:56:22 UTC 2017 - dimstar@opensuse.org
+
+- Add alsa-devel BuildRequires: we care for ALSA support to be
+  built and thus need to ensure we get the dependencies in place.
+  In the past, alsa-devel was pulled in by accident: we
+  buildrequire libgnome-devel. This required esound-devel and that
+  in turn pulled in alsa-devel for us. libgnome is being fixed to
+  no longer require esound-devel.
+
 -------------------------------------------------------------------
 Tue Aug 15 12:48:43 UTC 2017 - wr@rosenauer.org
 

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 52.3.0
+%define mainversion 52.4.0
 %define update_channel release
-%define releasedate 201708150000
+%define releasedate 201710040000
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
@@ -31,6 +31,7 @@
 
 Name:           MozillaThunderbird
 BuildRequires:  Mesa-devel
+BuildRequires:  alsa-devel
 BuildRequires:  autoconf213
 BuildRequires:  dbus-1-glib-devel
 BuildRequires:  fdupes
@@ -42,7 +43,7 @@ BuildRequires:  libgnomeui-devel
 BuildRequires:  libidl-devel
 BuildRequires:  libnotify-devel
 BuildRequires:  mozilla-nspr-devel >= 4.13.1
-BuildRequires:  mozilla-nss-devel >= 3.28.5
+BuildRequires:  mozilla-nss-devel >= 3.28.6
 BuildRequires:  python
 BuildRequires:  startup-notification-devel
 BuildRequires:  unzip

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:002e2f18cfead15ccd76384d74fa11ef5c387cc4d755d0fd71f224757401c6ed
-size 28388
+oid sha256:ff8e61e8497eedc3c4526d40bac0a1ef00621cebc68ef0bbd652c26edca0071d
+size 28372

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr52"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_52_3_0_RELEASE"
-VERSION="52.3.0"
+RELEASE_TAG="THUNDERBIRD_52_4_0_RELEASE"
+VERSION="52.4.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

l10n-52.3.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f56155398b572408b653ab0079e32308270ee5aea3a405399e4687ce5caf2f16
-size 26247324

l10n-52.4.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:636948bdb506cf2a31cac5a0398166eb26ad119d7a0850b4dc648339ff0abb8b
+size 26197408

thunderbird-52.3.0-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9e85a68b6d24de1d6dcaa9e5d3b491158c975fc2f895560ef29716c508f99f07
-size 240356760

thunderbird-52.4.0-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e89f460319d4671b86d99815300c27523d7a07a3952374f6ccfdc028cd59dc30
+size 240372488