Accepting request 517268 from mozilla:Factory
- update to Thunderbird 52.3 (boo#1052829)
Fixed issues:
* Unwanted inline images shown in rogue SPAM messages
* Deleting message from the POP3 server not working when maildir
storage was used
* Message disposition flag (replied / forwarded) lost when reply or
forwarded message was stored as draft and draft was sent later
* Inline images not scaled to fit when printing
* Selected text from another message sometimes included in a reply
* No authorisation prompt displayed when inserting image into email
body although image URL requires authentication
* Large attachments taking a long time to open under some circumstances
security
Security fixes from Gecko 52.3esr
* CVE-2017-7798 (bmo#1371586, bmo#1372112)
XUL injection in the style editor in devtools
* CVE-2017-7800 (bmo#1374047)
Use-after-free in WebSockets during disconnection
* CVE-2017-7801 (bmo#1371259)
Use-after-free with marquee during window resizing
* CVE-2017-7784 (bmo#1376087)
Use-after-free with image observers
* CVE-2017-7802 (bmo#1378147)
Use-after-free resizing image elements
* CVE-2017-7785 (bmo#1356985)
Buffer overflow manipulating ARIA attributes in DOM
* CVE-2017-7786 (bmo#1365189)
Buffer overflow while painting non-displayable SVG
* CVE-2017-7753 (bmo#1353312)
Out-of-bounds read with cached style data and pseudo-elements#
OBS-URL: https://build.opensuse.org/request/show/517268
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=183
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
fa13702627
@ -1,7 +1,62 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 15 12:48:43 UTC 2017 - wr@rosenauer.org
|
||||
|
||||
- update to Thunderbird 52.3 (boo#1052829)
|
||||
Fixed issues:
|
||||
* Unwanted inline images shown in rogue SPAM messages
|
||||
* Deleting message from the POP3 server not working when maildir
|
||||
storage was used
|
||||
* Message disposition flag (replied / forwarded) lost when reply or
|
||||
forwarded message was stored as draft and draft was sent later
|
||||
* Inline images not scaled to fit when printing
|
||||
* Selected text from another message sometimes included in a reply
|
||||
* No authorisation prompt displayed when inserting image into email
|
||||
body although image URL requires authentication
|
||||
* Large attachments taking a long time to open under some circumstances
|
||||
security
|
||||
Security fixes from Gecko 52.3esr
|
||||
* CVE-2017-7798 (bmo#1371586, bmo#1372112)
|
||||
XUL injection in the style editor in devtools
|
||||
* CVE-2017-7800 (bmo#1374047)
|
||||
Use-after-free in WebSockets during disconnection
|
||||
* CVE-2017-7801 (bmo#1371259)
|
||||
Use-after-free with marquee during window resizing
|
||||
* CVE-2017-7784 (bmo#1376087)
|
||||
Use-after-free with image observers
|
||||
* CVE-2017-7802 (bmo#1378147)
|
||||
Use-after-free resizing image elements
|
||||
* CVE-2017-7785 (bmo#1356985)
|
||||
Buffer overflow manipulating ARIA attributes in DOM
|
||||
* CVE-2017-7786 (bmo#1365189)
|
||||
Buffer overflow while painting non-displayable SVG
|
||||
* CVE-2017-7753 (bmo#1353312)
|
||||
Out-of-bounds read with cached style data and pseudo-elements#
|
||||
* CVE-2017-7787 (bmo#1322896)
|
||||
Same-origin policy bypass with iframes through page reloads
|
||||
* CVE-2017-7807 (bmo#1376459)
|
||||
Domain hijacking through AppCache fallback
|
||||
* CVE-2017-7792 (bmo#1368652)
|
||||
Buffer overflow viewing certificates with an extremely long OID
|
||||
* CVE-2017-7804 (bmo#1372849)
|
||||
Memory protection bypass through WindowsDllDetourPatcher
|
||||
* CVE-2017-7791 (bmo#1365875)
|
||||
Spoofing following page navigation with data: protocol and modal alerts
|
||||
* CVE-2017-7782 (bmo#1344034)
|
||||
WindowsDllDetourPatcher allocates memory without DEP protections
|
||||
* CVE-2017-7803 (bmo#1377426)
|
||||
CSP containing 'sandbox' improperly applied
|
||||
* CVE-2017-7779
|
||||
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 9 09:47:39 UTC 2017 - schwab@suse.de
|
||||
|
||||
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 28 13:57:13 UTC 2017 - guillaume@opensuse.org
|
||||
|
||||
- mozilla-disable-neon-option.patch has been dropped silently, so
|
||||
- mozilla-disable-neon-option.patch has been dropped silently, so
|
||||
remove the --disable-neon option as it is not available anymore.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
@ -17,9 +17,9 @@
|
||||
#
|
||||
|
||||
|
||||
%define mainversion 52.2.1
|
||||
%define mainversion 52.3.0
|
||||
%define update_channel release
|
||||
%define releasedate 201706250000
|
||||
%define releasedate 201708150000
|
||||
|
||||
%bcond_without mozilla_tb_kde4
|
||||
%bcond_with mozilla_tb_valgrind
|
||||
@ -101,6 +101,7 @@ Patch3: mozilla-kde.patch
|
||||
Patch4: mozilla-develdirs.patch
|
||||
Patch5: mozilla-no-stdcxx-check.patch
|
||||
Patch6: mozilla-aarch64-startup-crash.patch
|
||||
Patch7: mozilla-ucontext.patch
|
||||
# Thunderbird/mail
|
||||
Patch20: tb-ssldap.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -194,6 +195,7 @@ pushd mozilla
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
popd
|
||||
# comm-central patches
|
||||
%patch20 -p1
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:370bc757121f5378736e13bd204b3fbf51a41cc9da7a00f286d58cade70e3684
|
||||
size 28404
|
||||
oid sha256:002e2f18cfead15ccd76384d74fa11ef5c387cc4d755d0fd71f224757401c6ed
|
||||
size 28388
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
|
||||
CHANNEL="esr52"
|
||||
BRANCH="releases/comm-$CHANNEL"
|
||||
RELEASE_TAG="THUNDERBIRD_52_2_1_RELEASE"
|
||||
VERSION="52.2.1"
|
||||
RELEASE_TAG="THUNDERBIRD_52_3_0_RELEASE"
|
||||
VERSION="52.3.0"
|
||||
|
||||
echo "cloning $BRANCH..."
|
||||
hg clone http://hg.mozilla.org/$BRANCH thunderbird
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e651343e1d90eae1ca135c09ccdacabb1f0193b0e61618758a8b726e8ffe2800
|
||||
size 26219380
|
||||
3
l10n-52.3.0.tar.xz
Normal file
3
l10n-52.3.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f56155398b572408b653ab0079e32308270ee5aea3a405399e4687ce5caf2f16
|
||||
size 26247324
|
||||
203
mozilla-ucontext.patch
Normal file
203
mozilla-ucontext.patch
Normal file
@ -0,0 +1,203 @@
|
||||
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc
|
||||
===================================================================
|
||||
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc
|
||||
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc
|
||||
@@ -40,15 +40,15 @@ namespace google_breakpad {
|
||||
|
||||
#if defined(__i386__)
|
||||
|
||||
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.gregs[REG_ESP];
|
||||
}
|
||||
|
||||
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.gregs[REG_EIP];
|
||||
}
|
||||
|
||||
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
|
||||
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
|
||||
const struct _libc_fpstate* fp) {
|
||||
const greg_t* regs = uc->uc_mcontext.gregs;
|
||||
|
||||
@@ -88,15 +88,15 @@ void UContextReader::FillCPUContext(RawC
|
||||
|
||||
#elif defined(__x86_64)
|
||||
|
||||
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.gregs[REG_RSP];
|
||||
}
|
||||
|
||||
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.gregs[REG_RIP];
|
||||
}
|
||||
|
||||
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
|
||||
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
|
||||
const struct _libc_fpstate* fpregs) {
|
||||
const greg_t* regs = uc->uc_mcontext.gregs;
|
||||
|
||||
@@ -145,15 +145,15 @@ void UContextReader::FillCPUContext(RawC
|
||||
|
||||
#elif defined(__ARM_EABI__)
|
||||
|
||||
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.arm_sp;
|
||||
}
|
||||
|
||||
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.arm_pc;
|
||||
}
|
||||
|
||||
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) {
|
||||
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) {
|
||||
out->context_flags = MD_CONTEXT_ARM_FULL;
|
||||
|
||||
out->iregs[0] = uc->uc_mcontext.arm_r0;
|
||||
@@ -184,15 +184,15 @@ void UContextReader::FillCPUContext(RawC
|
||||
|
||||
#elif defined(__aarch64__)
|
||||
|
||||
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.sp;
|
||||
}
|
||||
|
||||
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.pc;
|
||||
}
|
||||
|
||||
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
|
||||
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
|
||||
const struct fpsimd_context* fpregs) {
|
||||
out->context_flags = MD_CONTEXT_ARM64_FULL;
|
||||
|
||||
@@ -210,15 +210,15 @@ void UContextReader::FillCPUContext(RawC
|
||||
|
||||
#elif defined(__mips__)
|
||||
|
||||
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.gregs[MD_CONTEXT_MIPS_REG_SP];
|
||||
}
|
||||
|
||||
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
|
||||
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
|
||||
return uc->uc_mcontext.pc;
|
||||
}
|
||||
|
||||
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) {
|
||||
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) {
|
||||
#if _MIPS_SIM == _ABI64
|
||||
out->context_flags = MD_CONTEXT_MIPS64_FULL;
|
||||
#elif _MIPS_SIM == _ABIO32
|
||||
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h
|
||||
===================================================================
|
||||
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h
|
||||
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h
|
||||
@@ -41,21 +41,21 @@ namespace google_breakpad {
|
||||
|
||||
// Wraps platform-dependent implementations of accessors to ucontext structs.
|
||||
struct UContextReader {
|
||||
- static uintptr_t GetStackPointer(const struct ucontext* uc);
|
||||
+ static uintptr_t GetStackPointer(const ucontext_t* uc);
|
||||
|
||||
- static uintptr_t GetInstructionPointer(const struct ucontext* uc);
|
||||
+ static uintptr_t GetInstructionPointer(const ucontext_t* uc);
|
||||
|
||||
// Juggle a arch-specific ucontext into a minidump format
|
||||
// out: the minidump structure
|
||||
// info: the collection of register structures.
|
||||
#if defined(__i386__) || defined(__x86_64)
|
||||
- static void FillCPUContext(RawContextCPU *out, const ucontext *uc,
|
||||
+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
|
||||
const struct _libc_fpstate* fp);
|
||||
#elif defined(__aarch64__)
|
||||
- static void FillCPUContext(RawContextCPU *out, const ucontext *uc,
|
||||
+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
|
||||
const struct fpsimd_context* fpregs);
|
||||
#else
|
||||
- static void FillCPUContext(RawContextCPU *out, const ucontext *uc);
|
||||
+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc);
|
||||
#endif
|
||||
};
|
||||
|
||||
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc
|
||||
===================================================================
|
||||
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc
|
||||
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc
|
||||
@@ -439,9 +439,9 @@ bool ExceptionHandler::HandleSignal(int
|
||||
// Fill in all the holes in the struct to make Valgrind happy.
|
||||
memset(&g_crash_context_, 0, sizeof(g_crash_context_));
|
||||
memcpy(&g_crash_context_.siginfo, info, sizeof(siginfo_t));
|
||||
- memcpy(&g_crash_context_.context, uc, sizeof(struct ucontext));
|
||||
+ memcpy(&g_crash_context_.context, uc, sizeof(ucontext_t));
|
||||
#if defined(__aarch64__)
|
||||
- struct ucontext* uc_ptr = (struct ucontext*)uc;
|
||||
+ ucontext_t* uc_ptr = (ucontext_t*)uc;
|
||||
struct fpsimd_context* fp_ptr =
|
||||
(struct fpsimd_context*)&uc_ptr->uc_mcontext.__reserved;
|
||||
if (fp_ptr->head.magic == FPSIMD_MAGIC) {
|
||||
@@ -452,7 +452,7 @@ bool ExceptionHandler::HandleSignal(int
|
||||
// FP state is not part of user ABI on ARM Linux.
|
||||
// In case of MIPS Linux FP state is already part of struct ucontext
|
||||
// and 'float_state' is not a member of CrashContext.
|
||||
- struct ucontext* uc_ptr = (struct ucontext*)uc;
|
||||
+ ucontext_t* uc_ptr = (ucontext_t*)uc;
|
||||
if (uc_ptr->uc_mcontext.fpregs) {
|
||||
memcpy(&g_crash_context_.float_state, uc_ptr->uc_mcontext.fpregs,
|
||||
sizeof(g_crash_context_.float_state));
|
||||
@@ -476,7 +476,7 @@ bool ExceptionHandler::SimulateSignalDel
|
||||
// ExceptionHandler::HandleSignal().
|
||||
siginfo.si_code = SI_USER;
|
||||
siginfo.si_pid = getpid();
|
||||
- struct ucontext context;
|
||||
+ ucontext_t context;
|
||||
getcontext(&context);
|
||||
return HandleSignal(sig, &siginfo, &context);
|
||||
}
|
||||
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h
|
||||
===================================================================
|
||||
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h
|
||||
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h
|
||||
@@ -191,7 +191,7 @@ class ExceptionHandler {
|
||||
struct CrashContext {
|
||||
siginfo_t siginfo;
|
||||
pid_t tid; // the crashing thread.
|
||||
- struct ucontext context;
|
||||
+ ucontext_t context;
|
||||
#if !defined(__ARM_EABI__) && !defined(__mips__)
|
||||
// #ifdef this out because FP state is not part of user ABI for Linux ARM.
|
||||
// In case of MIPS Linux FP state is already part of struct
|
||||
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc
|
||||
===================================================================
|
||||
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc
|
||||
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc
|
||||
@@ -571,7 +571,7 @@ class MicrodumpWriter {
|
||||
|
||||
void* Alloc(unsigned bytes) { return dumper_->allocator()->Alloc(bytes); }
|
||||
|
||||
- const struct ucontext* const ucontext_;
|
||||
+ const ucontext_t* const ucontext_;
|
||||
#if !defined(__ARM_EABI__) && !defined(__mips__)
|
||||
const google_breakpad::fpstate_t* const float_state_;
|
||||
#endif
|
||||
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc
|
||||
===================================================================
|
||||
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc
|
||||
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc
|
||||
@@ -1247,7 +1247,7 @@ class MinidumpWriter {
|
||||
const int fd_; // File descriptor where the minidum should be written.
|
||||
const char* path_; // Path to the file where the minidum should be written.
|
||||
|
||||
- const struct ucontext* const ucontext_; // also from the signal handler
|
||||
+ const ucontext_t* const ucontext_; // also from the signal handler
|
||||
#if !defined(__ARM_EABI__) && !defined(__mips__)
|
||||
const google_breakpad::fpstate_t* const float_state_; // ditto
|
||||
#endif
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:319b1c9dbcb486ebc8d2cf8819110428d95a2d4aaf131c16a6f583bdc67fda98
|
||||
size 240247096
|
||||
3
thunderbird-52.3.0-source.tar.xz
Normal file
3
thunderbird-52.3.0-source.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9e85a68b6d24de1d6dcaa9e5d3b491158c975fc2f895560ef29716c508f99f07
|
||||
size 240356760
|
||||
Loading…
Reference in New Issue
Block a user