- update to Thunderbird 17.0.8 (bnc#833389)

* MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=220
2013-08-07 12:03:36 +00:00 · 2013-08-07 12:03:36 +00:00 · ffa346f8d7
commit ffa346f8d7
parent ec481f916a
10 changed files with 41 additions and 17 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Fri Aug  2 06:01:03 UTC 2013 - wr@rosenauer.org
+
+- update to Thunderbird 17.0.8 (bnc#833389)
+  * MFSA 2013-63/CVE-2013-1701
+    Miscellaneous memory safety hazards
+  * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+    Document URI misrepresentation and masquerading
+  * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+    CRMF requests allow for code execution and XSS attacks
+  * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+    Wrong principal used for validating URI for some Javascript
+    components
+  * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+    Same-origin bypass with web workers and XMLHttpRequest
+  * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+    Local Java applets may read contents of local file system
+
+-------------------------------------------------------------------
+Wed Jul 17 17:28:39 UTC 2013 - wr@rosenauer.org
+
+- update Enigmail to 1.5.2
+  * bugfix release
+
 -------------------------------------------------------------------
 Mon Jun 24 10:17:22 UTC 2013 - wr@rosenauer.org

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -40,11 +40,11 @@ BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
 BuildRequires:  yasm
 BuildRequires:  zip
-%define mainversion 17.0.7
+%define mainversion 17.0.8
 %define update_channel release
 Version:        %{mainversion}
 Release:        0
-%define releasedate 2013062000
+%define releasedate 2013080100
 Provides:       thunderbird = %{version}
 %if %{with_kde}
 # this is needed to match this package with the kde4 helper package without the main package
@ -65,7 +65,7 @@ Source4:        l10n-%{version}.tar.bz2
 Source6:        suse-default-prefs.js
 Source7:        find-external-requires.sh
 Source8:        thunderbird-rpmlintrc
-Source9:        enigmail-1.5.1.tar.gz
+Source9:        enigmail-1.5.2.tar.gz
 Source10:       create-tar.sh
 Source11:       compare-locales.tar.bz2
 Source12:       kde.js
@ -175,7 +175,7 @@ symbols meant for upload to Mozilla's crash collector database.

 %if %build_enigmail
 %package -n enigmail
-Version:        1.5.1+%{mainversion}
+Version:        1.5.2+%{mainversion}
 Release:        0
 Summary:        OpenPGP addon for Thunderbird and SeaMonkey
 License:        MPL-1.1 or GPL-2.0+
--- a/compare-locales.tar.bz2
+++ b/compare-locales.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b0d08936b1a1fd715b07d7fad9f25bb2dadd3f088839766a6d50849a8fbc3d74
-size 29922
+oid sha256:2228bed9902f18c5fb22ec286d081b9773d19f3157bd68517c2e7dd3a5e13272
+size 29890
--- a/create-tar.sh
+++ b/create-tar.sh
@ -2,8 +2,8 @@

 CHANNEL="esr17"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_17_0_7_RELEASE"
-VERSION="17.0.7"
+RELEASE_TAG="THUNDERBIRD_17_0_8_RELEASE"
+VERSION="17.0.8"

 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird
--- a/enigmail-1.5.1.tar.gz
+++ b/enigmail-1.5.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:234ca3c8f7c74afb64ebdaa4762e358f35a72c1f8de007b992497fc2db803af0
-size 1213954
--- a/enigmail-1.5.2.tar.gz
+++ b/enigmail-1.5.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f20d6d1be1ab12dc2f1208d8f01227fd7e5c4dcf5d6f4bd0833a932b58973a26
+size 1211395
--- a/l10n-17.0.7.tar.bz2
+++ b/l10n-17.0.7.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b7045f20c9d69f8d52fd3e0b4da109bbc5c4b17530f91a4a0d6d03d4f9212c1d
-size 26789123
--- a/l10n-17.0.8.tar.bz2
+++ b/l10n-17.0.8.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4629e07b19c663e018d49222aff5390b0281cbba3b3dd847793fde46df15d613
+size 26764663
--- a/thunderbird-17.0.7-source.tar.bz2
+++ b/thunderbird-17.0.7-source.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0adc78bd42c060b6923bfeb53d700b310dbf8eedba7ac819d5a9b1a9c2d576de
-size 115019945
--- a/thunderbird-17.0.8-source.tar.bz2
+++ b/thunderbird-17.0.8-source.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c6c487fde5f068b07b8f445453e50051648e0af1630c3cdc84e991a8a5067041
+size 115020552