Commit Graph

374 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
fa5d322d3e - Add patch to fix build using rust-1.33:
* mozilla-bmo1519629.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=462
2019-03-30 11:48:53 +00:00
Wolfgang Rosenauer
3e2908cf21 - Mozilla Thunderbird 60.6.1
MFSA 2019-12 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=460
2019-03-27 16:08:50 +00:00
Wolfgang Rosenauer
82c07d74ff - Mozilla Thunderbird 60.6.0
* Calendar: Can't create repeating event with end date when using
    certain time zones, for example Europe/Minsk
  * some minor bugfixes
  * using 60.6.0esr Mozilla platform (bsc#1129821)

- Mozilla Thunderbird 60.5.3
  * fixed a regression on the Windows platform:
    Problem when using "Send to > Mail recipient" on Windows

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=458
2019-03-20 21:48:06 +00:00
Wolfgang Rosenauer
6fbce4789b - Mozilla Thunderbird 60.5.2
* UTF-8 support for MAPISendMail
  * Problem with S/MIME certificate verification when receiving email
    from Outlook (issue introduced in version 60.5.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=456
2019-02-26 17:37:51 +00:00
Wolfgang Rosenauer
e67981f7a0 - Mozilla Thunderbird 60.5.1
* CalDav access to some servers not working
  MFSA 2019-06 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18335 bmo#1525815
    Buffer overflow in Skia with accelerated Canvas 2D
  * CVE-2018-18509 bmo#1507218
    S/MIME signature spoofing
- Mozilla Thunderbird 60.5.0:

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=454
2019-02-14 22:12:08 +00:00
Wolfgang Rosenauer
d7db4b785d MFSA 2019-03 (bsc#1122983)
* CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=452
2019-01-29 21:58:55 +00:00
Wolfgang Rosenauer
126ce832a3 changelog (security related) missing still
- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches
  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs
  * CVE-2018-18498 bmo#1500011
    Integer overflow when calculating buffer sizes for images

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=451
2019-01-29 19:03:55 +00:00
Wolfgang Rosenauer
8cd0088de8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=449 2018-12-21 21:20:17 +00:00
Wolfgang Rosenauer
6953ad0d97 - requires NSS 3.36.6
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=448
2018-12-21 21:18:40 +00:00
Wolfgang Rosenauer
b67553185b Accepting request 660601 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 60.4.0

OBS-URL: https://build.opensuse.org/request/show/660601
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=447
2018-12-21 21:10:16 +00:00
Wolfgang Rosenauer
47ff8451c2 - Mozilla Thunderbird 60.3.3
* Thunderbird 60 will migrate security databases (key3.db, cert8.db
    to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
    fault that potentially deleted saved passwords and private certificate
    keys for users using a master password. Version 60.3.3 will prevent
    the loss of data; affected users who have already upgraded to version
    60.3.2 or earlier can restore the deleted key3.db file from backup
    to complete the migration.
  * Address book search and auto-complete slowness introduced in
    Thunderbird 60.3.2
  * Plain text markup with * for bold, / for italics, _ for underline
    and | for code did not work when the enclosed text contained
    non-ASCII characters
  * While composing a message, a link not removed when link location
    was removed in the link properties panel

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=445
2018-12-05 21:18:03 +00:00
Wolfgang Rosenauer
0f47d98b6b Accepting request 653550 from home:AndreasStieger:branches:mozilla:Factory
- Fix build on openSUSE Leap 15.x w.r.t. rust-std requirement

OBS-URL: https://build.opensuse.org/request/show/653550
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=443
2018-12-03 15:06:20 +00:00
Wolfgang Rosenauer
e5fa4278bb - Mozilla Thunderbird 60.3.2
* Encoding problems when exporting address books or messages using
    the system charset. Messages are now always exported using the
    UTF-8 encoding
  * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969
    was displayed. Now using date from "Received" header instead.
  * Body search/filtering didn't reliably ignore content of tags
  * Inappropriate warning "Thunderbird prevented the site
    (addons.thunderbird.net) from asking you to install software on
    your computer" when installing add-ons
  * Incorrect display of correspondents column since own email
    address was not always detected
  * Spurious 
 (encoded newline) inserted into drafts and sent email

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=442
2018-11-30 10:20:59 +00:00
Wolfgang Rosenauer
0c3f0972f6 correct buildid
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=440
2018-11-16 06:50:12 +00:00
Wolfgang Rosenauer
a3384a6fef Accepting request 649349 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 60.3.1

OBS-URL: https://build.opensuse.org/request/show/649349
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=439
2018-11-16 06:40:27 +00:00
Wolfgang Rosenauer
effd24db38 - update to Thunderbird 60.3.0
* various theme fixes
  * Shift+PageUp/PageDown in Write window
  * Gloda attachment filtering
  * Mailing list address auto-complete enter/return handling
  * Thunderbird hung if HTML signature references non-existent image
  * Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
  (Firefox ESR release). In general, these flaws cannot be exploited
  through email in Thunderbird because scripting is disabled when
  reading mail, but are potentially risks in browser or browser-like
  contexts (MFSA 2018-28) (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
    Memory safety bugs fixed in Firefox ESR 60.3
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

  * Fix security info dialog in compose window not showing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=437
2018-11-01 17:28:09 +00:00
Wolfgang Rosenauer
9bb3d7bcac Accepting request 644807 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch
- Add memory-constraints to avoid OOM errors

OBS-URL: https://build.opensuse.org/request/show/644807
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=436
2018-10-29 08:28:50 +00:00
Wolfgang Rosenauer
234d7a115c Accepting request 641717 from home:msmeissn:branches:mozilla:Factory
- provide / obsolete MozillaThunderbird-devel as this is no longer
  shipped to allow migration scenarios

OBS-URL: https://build.opensuse.org/request/show/641717
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=434
2018-10-12 15:11:47 +00:00
Wolfgang Rosenauer
266f4763da Accepting request 640045 from home:AndreasStieger:branches:mozilla:Factory
add CVEs from MFSA 2018-25

OBS-URL: https://build.opensuse.org/request/show/640045
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=432
2018-10-05 09:08:04 +00:00
Wolfgang Rosenauer
c0d713ad9e Accepting request 640011 from home:AndreasStieger:branches:mozilla:Factory
some changelog additions. Are these okay for you?

OBS-URL: https://build.opensuse.org/request/show/640011
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=431
2018-10-04 20:00:55 +00:00
Wolfgang Rosenauer
46ff0ae0de - update to Thunderbird 60.2.1
* several bugfixes since release of version 60.0
  * security fixes for the Mozilla platform picked up from
    60.1 and 60.2 (Firefox ESR releases)
- Update file list since minidump-analyzer is only available when
  * Various fixes and changes to e-mail workflow

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=430
2018-10-03 20:05:00 +00:00
Wolfgang Rosenauer
31b60fdd31 Accepting request 635007 from home:Guillaume_G:branches:mozilla:Factory
- Update file list since minidump-analyzer is only available when crashreporter is enabled

OBS-URL: https://build.opensuse.org/request/show/635007
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=428
2018-09-12 09:58:10 +00:00
Wolfgang Rosenauer
c08272f856 Accepting request 632919 from home:AndreasStieger:branches:mozilla:Factory
Add changelog detail for MFSA 2018-19 (bsc#1098998)

OBS-URL: https://build.opensuse.org/request/show/632919
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=426
2018-09-03 20:13:55 +00:00
Wolfgang Rosenauer
ff674588f7 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=425 2018-08-27 15:50:17 +00:00
Wolfgang Rosenauer
a67021f952 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=424 2018-08-27 10:51:57 +00:00
Wolfgang Rosenauer
affcd2db3c Accepting request 631539 from home:AndreasStieger:branches:mozilla:Factory
- remove non-free untar licenced code from distributed tarball

OBS-URL: https://build.opensuse.org/request/show/631539
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=423
2018-08-27 08:09:20 +00:00
Wolfgang Rosenauer
275bc9bdcb Accepting request 629370 from home:iznogood:branches:mozilla:Factory
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/629370
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=422
2018-08-15 09:38:21 +00:00
Wolfgang Rosenauer
b3d2742026 * mozilla-develdirs.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=421
2018-08-07 06:32:26 +00:00
Wolfgang Rosenauer
696d48eaf5 * tb-ssldap.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=420
2018-08-06 21:32:03 +00:00
Wolfgang Rosenauer
cde9b1d6a6 - update to Thunderbird 60.0
* requires NSPR 4.19 and NSS 3.36.4
  * what's new
    https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
- source archives are now signed directly
  (removed checksum signature check)
- imported patches from Firefox 60
  * mozilla-bmo1375074.patch
  * mozilla-bmo1464766.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
- removed obsolete patches
  * mozilla-language.patch
- removed -devel subpackage as old-style extensions are mainly gone
- storing of remote content settings fixed (boo#1084603)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=419
2018-08-06 14:26:01 +00:00
Wolfgang Rosenauer
93fe18dfd9 Accepting request 621937 from home:AndreasStieger:branches:mozilla:Factory
add bugzilla reference

OBS-URL: https://build.opensuse.org/request/show/621937
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=417
2018-07-10 17:29:54 +00:00
Wolfgang Rosenauer
1179b0a448 * Deleting or detaching attachments corrupted messages under certain
circumstances (bmo#1473893)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=416
2018-07-10 09:03:21 +00:00
Wolfgang Rosenauer
97874126cc - update to Thunderbird 52.9.1
* fix detaching attachments (bmo#1473893)
    otherwise might reveal decryted content to the attacker.
    "simple" HTML view

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=415
2018-07-10 06:54:09 +00:00
Wolfgang Rosenauer
8482f17d7f Accepting request 620658 from home:AndreasStieger:branches:mozilla:Factory
Fix for this change to avoid adding a dependency on mozldap-libs:

correct requires and provides handling (boo#1076907)

OBS-URL: https://build.opensuse.org/request/show/620658
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=413
2018-07-05 06:01:02 +00:00
Wolfgang Rosenauer
3b3bdbed6f Accepting request 620624 from home:AndreasStieger:branches:mozilla:Factory
fix missing l10n from this change:
Build from upstream source archive and verify source signature (boo#1085780)

OBS-URL: https://build.opensuse.org/request/show/620624
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=412
2018-07-04 14:06:02 +00:00
Wolfgang Rosenauer
5e3677350a Accepting request 620593 from home:AndreasStieger:branches:mozilla:Factory
add some bugzilla references

OBS-URL: https://build.opensuse.org/request/show/620593
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=411
2018-07-04 08:58:13 +00:00
Wolfgang Rosenauer
4460ca6a07 MFSA 2018-16 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162)
    Buffer overflow using computed size of canvas element
  * CVE-2018-12360 (bmo#1459693)
    Use-after-free when using focus()
  * CVE-2018-12372 (bmo#1419417)
    S/MIME and PGP decryption oracles can be built with HTML emails
  * CVE-2018-12373 (bmo#1464667, bmo#1464056)
    S/MIME plaintext can be leaked through HTML reply/forward
  * CVE-2018-12362 (bmo#1452375)
    Integer overflow in SSSE3 scaler
  * CVE-2018-12363 (bmo#1464784)
    Use-after-free when appending DOM nodes
  * CVE-2018-12364 (bmo#1436241)
    CSRF attacks through 307 redirects and NPAPI plugins
  * CVE-2018-12365 (bmo#1459206)
    Compromised IPC child process can list local filenames
  * CVE-2018-12366 (bmo#1464039)
    Invalid data handling during QCMS transformations
  * CVE-2018-12374 (bmo#1462910)
    Using form to exfiltrate encrypted mail part by pressing enter in form field
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
    bmo#1464079,bmo#1463494,bmo#1458048)
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=410
2018-07-04 05:58:22 +00:00
Wolfgang Rosenauer
9a9de5cf1f - update to Thunderbird 52.9 (bsc#1098998)
- correct requires and provides handling (boo#1076907)
- reduce memory footprint with %ix86 at linking time via additional
  compiler flags (boo#1091376)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=409
2018-07-02 13:49:36 +00:00
Wolfgang Rosenauer
07cdaea7b5 Accepting request 620026 from home:AndreasStieger:branches:mozilla:Factory
- Build from upstream source archive and verify source signature
  (boo#1085780)

OBS-URL: https://build.opensuse.org/request/show/620026
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=408
2018-07-02 12:10:40 +00:00
Wolfgang Rosenauer
cd0e3ea9a0 - update to Thunderbird 52.8 (bsc#1092548)
MFSA 2018-13
  * CVE-2018-5183 (bmo#1454692)
    Backport critical security fixes in Skia
  * CVE-2018-5184 (bmo#1411592, bsc#1093152)
    Full plaintext recovery in S/MIME via chosen-ciphertext attack
  * CVE-2018-5154 (bmo#1443092)
    Use-after-free with SVG animations and clip paths
  * CVE-2018-5155 (bmo#1448774)
    Use-after-free with SVG animations and text paths
  * CVE-2018-5159 (bmo#1441941)
    Integer overflow and out-of-bounds write in Skia
  * CVE-2018-5161 (bmo#1411720)
    Hang via malformed headers
  * CVE-2018-5162 (bmo#1457721, bsc#1093152)
    Encrypted mail leaks plaintext through src attribute
  * CVE-2018-5170 (bmo#1411732)
    Filename spoofing for external attachments
  * CVE-2018-5168 (bmo#1449548)
    Lightweight themes can be installed without user interaction
  * CVE-2018-5174 (bmo#1447080) (Windows only)
    Windows Defender SmartScreen UI runs with less secure behavior
    for downloaded files in Windows 10 April 2018 Update
  * CVE-2018-5178 (bmo#1443891)
    Buffer overflow during UTF-8 to Unicode string conversion
    through legacy extension
  * CVE-2018-5185 (bmo#1450345)
    Leaking plaintext through HTML forms
  * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705,
    bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=406
2018-05-19 10:55:26 +00:00
Wolfgang Rosenauer
b632ec1b68 Accepting request 592294 from home:oertel:branches:mozilla:Factory
- Exclude bigendian archs for now, have not built
  since version 45.8.0
  ExcludeArch: ppc ppc64 s390 s390x

OBS-URL: https://build.opensuse.org/request/show/592294
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=404
2018-03-29 13:46:17 +00:00
Wolfgang Rosenauer
2fe1d46e22 Accepting request 590831 from home:AndreasStieger:branches:mozilla:Factory
Adjust changelog based on MFSA 2018-09

OBS-URL: https://build.opensuse.org/request/show/590831
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=402
2018-03-26 11:03:30 +00:00
Wolfgang Rosenauer
120baf56d9 - update to Thunderbird 52.7 (bsc#1085130)
* Searching message bodies of messages in local folders, including
    filter and quick filter operations, did not find content in
    message attachments
  * Better error handling for Yahoo accounts
  MFSA 2018-08
  * CVE-2018-5146 (bmo#1446062)
    Out of bounds memory write in libvorbis
  * CVE-2018-5147 (bmo#1446365)
    Out of bounds memory write in libtremor

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=401
2018-03-24 09:35:07 +00:00
Wolfgang Rosenauer
77c48f2707 * CVE-2017-7846 (bmo#1411716, bsc#1074043)
* CVE-2017-7847 (bmo#1411708, bsc#1074044)
  * CVE-2017-7848 (bmo#1411699, bsc#1074045)
  * CVE-2017-7829 (bmo#1423432, bsc#1074046)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=399
2018-02-16 09:09:25 +00:00
Wolfgang Rosenauer
f8a44525c7 - update to Thunderbird 52.6 (bsc#1077291)
* Searching message bodies of messages in local folders, including
    filter and quick filter operations, not working reliably: Content
    not found in base64-encode message parts, non-ASCII text not found
    and false positives found.
  * Defective messages (without at least one expected header) not shown
    in IMAP folders but shown on mobile devices
  * Calendar: Unintended task deletion if numlock is enabled
  * Mozilla platform security fixes
  MFSA 2018-04
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5096 (bmo#1418922)
    Use-after-free while editing form elements
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation
  * CVE-2018-5117 (bmo#1395508)
    URL spoofing with right-to-left text aligned left-to-right
  * CVE-2018-5089
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=397
2018-01-26 07:14:05 +00:00
Wolfgang Rosenauer
fa26255979 Accepting request 559653 from home:AndreasStieger:branches:mozilla:Factory
changlog

OBS-URL: https://build.opensuse.org/request/show/559653
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=395
2017-12-23 21:58:24 +00:00
Wolfgang Rosenauer
a542d644fe - update to Thunderbird 52.5.2
* This releases fixes the "Mailsploit" vulnerability and other
    vulnerabilities detected by the "Cure53" audit
  MFSA 2017-30
  * CVE-2017-7845 (bmo#1402372)
    Buffer overflow when drawing and validating elements with ANGLE
    library using Direct 3D 9
  * CVE-2017-7846 (bmo#1411716)
    JavaScript Execution via RSS in mailbox:// origin
  * CVE-2017-7847 (bmo#1411708)
    Local path string can be leaked from RSS feed
  * CVE-2017-7848 (bmo#1411699)
    RSS Feed vulnerable to new line Injection
  * CVE-2017-7829 (bmo#1423432)
    Mailsploit part 1: From address with encoded null character is
    cut off in message header display

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=394
2017-12-23 20:06:58 +00:00
Wolfgang Rosenauer
a9f94c0e74 Accepting request 555272 from home:dimstar:Factory
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

OBS-URL: https://build.opensuse.org/request/show/555272
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=392
2017-12-11 08:32:59 +00:00
Wolfgang Rosenauer
ca09b0503f * Better support for Charter/Spectrum IMAP: Thunderbird will now
detect Charter's IMAP service and send an additional IMAP select
    command to the server. Check the various preferences ending in
    "force_select" to see whether auto-detection has discovered this case.
  * In search folders spanning multiple base folders clicking on a
    message sometimes marked another message as read
  * IMAP alerts have been corrected and now show the correct server
    name in case of connection problems
  * POP alerts have been corrected and now indicate connection problems
    in case the configured POP server cannot be found
  MFSA 2017-26

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=390
2017-11-25 07:08:27 +00:00
Wolfgang Rosenauer
db14770321 Accepting request 544396 from home:Zaitor:branches:mozilla:Factory
Resub rebased

OBS-URL: https://build.opensuse.org/request/show/544396
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=389
2017-11-22 19:21:46 +00:00