Accepting request 346366 from mozilla:Factory

- update to Thunderbird 38.4.0 (bnc#952810)
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR 4.10.10 and NSS 3.19.2.1
- added explicit appdata provides (bnc#952325)

--------------------------------------------------------------------

OBS-URL: https://build.opensuse.org/request/show/346366
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=151

MozillaThunderbird.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Tue Nov 17 07:58:43 UTC 2015 - wr@rosenauer.org
+
+- update to Thunderbird 38.4.0 (bnc#952810)
+  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
+    Miscellaneous memory safety hazards
+  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
+    Trailing whitespace in IP address hostnames can bypass same-origin policy
+  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
+    Buffer overflow during image interactions in canvas
+  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
+    CORS preflight is bypassed when non-standard Content-Type headers
+    are received
+  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
+    Memory corruption in libjar through zip files
+  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
+    JavaScript garbage collection crash with Java applet
+  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
+    (bmo#1188010, bmo#1204061, bmo#1204155)
+    Vulnerabilities found through code inspection
+  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
+    Mixed content WebSocket policy bypass through workers
+  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
+    (bmo#1202868, bmo#1205157)
+    NSS and NSPR memory corruption issues
+    (fixed in mozilla-nspr and mozilla-nss packages)
+- requires NSPR 4.10.10 and NSS 3.19.2.1
+- added explicit appdata provides (bnc#952325)
+
 -------------------------------------------------------------------
 Mon Oct  5 12:44:39 UTC 2015 - dmueller@suse.com
 
@@ -113,7 +142,7 @@ Fri Jun 19 17:00:11 UTC 2015 - wr@rosenauer.org
 - tb-develdirs.patch is now mozilla-develdirs.patch as it is a
   platform configuration now
 
--------------------------------------------------------------------
+--------------------------------------------------------------------
 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de
 
 - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration

MozillaThunderbird.spec

@@ -17,7 +17,7 @@
 #
 
 
-%define mainversion 38.3.0
+%define mainversion 38.4.0
 %define update_channel release
 
 %if %suse_version > 1210
@@ -42,8 +42,8 @@ BuildRequires:  libcurl-devel
 BuildRequires:  libgnomeui-devel
 BuildRequires:  libidl-devel
 BuildRequires:  libnotify-devel
-BuildRequires:  mozilla-nspr-devel >= 4.10.8
-BuildRequires:  mozilla-nss-devel >= 3.19.2
+BuildRequires:  mozilla-nspr-devel >= 4.10.10
+BuildRequires:  mozilla-nss-devel >= 3.19.2.1
 BuildRequires:  python
 BuildRequires:  startup-notification-devel
 BuildRequires:  unzip
@@ -71,6 +71,8 @@ Version:        %{mainversion}
 Release:        0
 %define releasedate 2015092700
 Provides:       thunderbird = %{version}
+Provides:       appdata()
+Provides:       appdata(thunderbird.appdata.xml)
 %if %{with_kde}
 # this is needed to match this package with the kde4 helper package without the main package
 # having a hard requirement on the kde4 package
@@ -100,7 +102,7 @@ Patch3:         mozilla-kde.patch
 Patch4:         mozilla-arm-disable-edsp.patch
 Patch5:         mozilla-develdirs.patch
 Patch6:         mozilla-icu-strncat.patch
-Patch17:        mozilla-arm64-libjpeg-turbo.patch
+Patch7:         mozilla-arm64-libjpeg-turbo.patch
 # Thunderbird/mail
 Patch20:        tb-ssldap.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -197,7 +199,7 @@ pushd mozilla
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
-%patch17 -p1
+%patch7 -p1
 popd
 # comm-central patches
 %patch20 -p1
@@ -317,6 +319,16 @@ for locale in $(awk '{ print $1; }' ../thunderbird/mail/locales/shipped-locales)
         make -C mail/locales langpack-$locale || continue
         cp -rL dist/xpi-stage/locale-$locale \
            $RPM_BUILD_ROOT%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org
+	# Lightning
+	_shipcalendar=0
+	#for callocale in in $(awk '{ print $1; }' ../thunderbird/calendar/locales/shipped-locales); do
+	#  if [ "$locale" = "$callocale" ]; then
+	#    make -C mail/locales calendar-langpack-$locale || continue
+	#    cp -rL dist/xpi-stage/lightning-$locale \
+	#      $RPM_BUILD_ROOT%{progdir}/extensions/lightning-langpack-$locale@thunderbird.mozilla.org
+	#    _shipcalendar=1
+	#  fi
+	#done
 	# remove prefs and profile defaults from langpack
 	rm -rf $RPM_BUILD_ROOT%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org/defaults
         # check against the fixed common list and sort into the right filelist
@@ -327,6 +339,10 @@ for locale in $(awk '{ print $1; }' ../thunderbird/mail/locales/shipped-locales)
         [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other
 	echo %{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org \
 	  >> %{_tmppath}/translations.$_l10ntarget
+	if [ $_shipcalendar -eq 1 ]; then
+	  echo %{progdir}/extensions/lightning-langpack-$locale@thunderbird.mozilla.org \
+	    >> %{_tmppath}/translations.$_l10ntarget
+	fi
   esac
 done
 %endif

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2e0f6bb247570aba081d8f435a353fe854bb43b37a28fe33c80a9203ad7759e8
-size 28412
+oid sha256:8c2a8cab284b765444c8a3e37b1b6ddbd9319c47f340aca208a6d504f64434b2
+size 28448

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr38"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_38_3_0_RELEASE"
-VERSION="38.3.0"
+RELEASE_TAG="THUNDERBIRD_38_4_0_RELEASE"
+VERSION="38.4.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird
@@ -40,7 +40,7 @@ for locale in $(awk '{ print $1; }' $SHIPPED_LOCALES); do
 done
 echo "creating l10n archive..."
 tar cJf l10n-$VERSION.tar.xz \
-  --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=browser --exclude=calendar \
+  --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=browser \
   --exclude=suite \
   l10n
 

l10n-38.3.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:47db988cbc8194e61250155658d0eb4ec6aa7fa3d3cd69ee802288b602ab92b0
-size 21463548

l10n-38.4.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:30c3669a5635f3b2461ccbbf12f4cb8631a6f5c9df04018c1467a25f932bc10b
+size 22523632

thunderbird-38.3.0-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a6b39bb8c62aa4180fc86de449fb1a848563aad2d05d578db4c0c913cda0057d
-size 174441348

thunderbird-38.4.0-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:20dc5390c629d01295e9a5657344d6f5ebf3c221eef00f87907df9dce5a30f11
+size 174468864