Commit Graph

771 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
f8a44525c7 - update to Thunderbird 52.6 (bsc#1077291)
* Searching message bodies of messages in local folders, including
    filter and quick filter operations, not working reliably: Content
    not found in base64-encode message parts, non-ASCII text not found
    and false positives found.
  * Defective messages (without at least one expected header) not shown
    in IMAP folders but shown on mobile devices
  * Calendar: Unintended task deletion if numlock is enabled
  * Mozilla platform security fixes
  MFSA 2018-04
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5096 (bmo#1418922)
    Use-after-free while editing form elements
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation
  * CVE-2018-5117 (bmo#1395508)
    URL spoofing with right-to-left text aligned left-to-right
  * CVE-2018-5089
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=397
2018-01-26 07:14:05 +00:00
Dominique Leuenberger
473ae96309 Accepting request 559658 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/559658
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=187
2018-01-01 21:04:06 +00:00
Wolfgang Rosenauer
fa26255979 Accepting request 559653 from home:AndreasStieger:branches:mozilla:Factory
changlog

OBS-URL: https://build.opensuse.org/request/show/559653
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=395
2017-12-23 21:58:24 +00:00
Wolfgang Rosenauer
a542d644fe - update to Thunderbird 52.5.2
* This releases fixes the "Mailsploit" vulnerability and other
    vulnerabilities detected by the "Cure53" audit
  MFSA 2017-30
  * CVE-2017-7845 (bmo#1402372)
    Buffer overflow when drawing and validating elements with ANGLE
    library using Direct 3D 9
  * CVE-2017-7846 (bmo#1411716)
    JavaScript Execution via RSS in mailbox:// origin
  * CVE-2017-7847 (bmo#1411708)
    Local path string can be leaked from RSS feed
  * CVE-2017-7848 (bmo#1411699)
    RSS Feed vulnerable to new line Injection
  * CVE-2017-7829 (bmo#1423432)
    Mailsploit part 1: From address with encoded null character is
    cut off in message header display

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=394
2017-12-23 20:06:58 +00:00
Dominique Leuenberger
a47765ced3 Accepting request 555851 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/555851
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=186
2017-12-12 20:20:43 +00:00
Wolfgang Rosenauer
a9f94c0e74 Accepting request 555272 from home:dimstar:Factory
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

OBS-URL: https://build.opensuse.org/request/show/555272
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=392
2017-12-11 08:32:59 +00:00
Dominique Leuenberger
85f67ddf70 Accepting request 545445 from mozilla:Factory
- update to Thunderbird 52.5.0 (bsc#1068101)
  * Better support for Charter/Spectrum IMAP: Thunderbird will now
    detect Charter's IMAP service and send an additional IMAP select
    command to the server. Check the various preferences ending in
    "force_select" to see whether auto-detection has discovered this case.
  * In search folders spanning multiple base folders clicking on a
    message sometimes marked another message as read
  * IMAP alerts have been corrected and now show the correct server
    name in case of connection problems
  * POP alerts have been corrected and now indicate connection problems
    in case the configured POP server cannot be found
  MFSA 2017-26
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7826
    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Add explicit pkgconfig(gconf-2.0), pkgconfig(gobject-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires: Previously pulled in by
  libgnomeui-devel, and is what configure really checks for.

OBS-URL: https://build.opensuse.org/request/show/545445
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=185
2017-11-30 11:41:58 +00:00
Wolfgang Rosenauer
ca09b0503f * Better support for Charter/Spectrum IMAP: Thunderbird will now
detect Charter's IMAP service and send an additional IMAP select
    command to the server. Check the various preferences ending in
    "force_select" to see whether auto-detection has discovered this case.
  * In search folders spanning multiple base folders clicking on a
    message sometimes marked another message as read
  * IMAP alerts have been corrected and now show the correct server
    name in case of connection problems
  * POP alerts have been corrected and now indicate connection problems
    in case the configured POP server cannot be found
  MFSA 2017-26

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=390
2017-11-25 07:08:27 +00:00
Wolfgang Rosenauer
db14770321 Accepting request 544396 from home:Zaitor:branches:mozilla:Factory
Resub rebased

OBS-URL: https://build.opensuse.org/request/show/544396
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=389
2017-11-22 19:21:46 +00:00
Wolfgang Rosenauer
21edfd304e - update to Thunderbird 52.5.0 (bsc#1068101)
MFSA 2017-25
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7826
    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=388
2017-11-22 10:48:23 +00:00
Dominique Leuenberger
c1bea9dab6 Accepting request 532694 from mozilla:Factory
- Mozilla Thunderbird 52.4.0 (bsc#1060445)
  * new behavior was introduced for replies to mailing list posts:
    "When replying to a mailing list, reply will be sent to address
    in From header ignoring Reply-to header". A new preference
    mail.override_list_reply_to allows to restore the previous behavior.
  * Under certain circumstances (image attachment and non-image
    attachment), attached images were shown truncated in messages
    stored in IMAP folders not synchronised for offline use.
  * IMAP UIDs > 0x7FFFFFFF now handled properly
  Security fixes from Gecko 52.4esr
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

- Add alsa-devel BuildRequires: we care for ALSA support to be

OBS-URL: https://build.opensuse.org/request/show/532694
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=184
2017-10-09 17:36:36 +00:00
Wolfgang Rosenauer
c0196e9638 * new behavior was introduced for replies to mailing list posts:
"When replying to a mailing list, reply will be sent to address
    in From header ignoring Reply-to header". A new preference
    mail.override_list_reply_to allows to restore the previous behavior.
  * Under certain circumstances (image attachment and non-image
    attachment), attached images were shown truncated in messages
    stored in IMAP folders not synchronised for offline use.
  * IMAP UIDs > 0x7FFFFFFF now handled properly
  Security fixes from Gecko 52.4esr
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=386
2017-10-06 20:50:03 +00:00
Wolfgang Rosenauer
5a7900b24a Accepting request 531253 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 52.4.0 (bsc#1060445)
MFSA/CVEs still missing...

OBS-URL: https://build.opensuse.org/request/show/531253
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=385
2017-10-04 15:11:54 +00:00
Wolfgang Rosenauer
86366658fe Accepting request 529099 from home:dimstar:Factory
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.

OBS-URL: https://build.opensuse.org/request/show/529099
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=384
2017-09-28 08:25:59 +00:00
Dominique Leuenberger
fa13702627 Accepting request 517268 from mozilla:Factory
- update to Thunderbird 52.3 (boo#1052829)
  Fixed issues:
  * Unwanted inline images shown in rogue SPAM messages
  * Deleting message from the POP3 server not working when maildir
    storage was used
  * Message disposition flag (replied / forwarded) lost when reply or
    forwarded message was stored as draft and draft was sent later
  * Inline images not scaled to fit when printing
  * Selected text from another message sometimes included in a reply
  * No authorisation prompt displayed when inserting image into email
    body although image URL requires authentication
  * Large attachments taking a long time to open under some circumstances
  security
  Security fixes from Gecko 52.3esr
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#

OBS-URL: https://build.opensuse.org/request/show/517268
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=183
2017-08-24 15:40:24 +00:00
Wolfgang Rosenauer
3cf568899e - update to Thunderbird 52.3 (boo#1052829)
Fixed issues:
  * Unwanted inline images shown in rogue SPAM messages
  * Deleting message from the POP3 server not working when maildir
    storage was used
  * Message disposition flag (replied / forwarded) lost when reply or
    forwarded message was stored as draft and draft was sent later
  * Inline images not scaled to fit when printing
  * Selected text from another message sometimes included in a reply
  * No authorisation prompt displayed when inserting image into email
    body although image URL requires authentication
  * Large attachments taking a long time to open under some circumstances
  security
  Security fixes from Gecko 52.3esr
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=382
2017-08-16 19:17:30 +00:00
Wolfgang Rosenauer
9c1bac3491 Accepting request 515837 from home:Andreas_Schwab:Factory
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext

OBS-URL: https://build.opensuse.org/request/show/515837
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=381
2017-08-10 06:56:53 +00:00
Dominique Leuenberger
d1ef98d4bb Accepting request 507003 from mozilla:Factory
1

OBS-URL: https://build.opensuse.org/request/show/507003
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=182
2017-06-30 16:41:32 +00:00
Wolfgang Rosenauer
a6a4f44e7b Accepting request 506827 from home:Guillaume_G:branches:mozilla:Factory
Remove the --disable-neon option as it is not available anymore.

OBS-URL: https://build.opensuse.org/request/show/506827
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=379
2017-06-29 09:32:34 +00:00
Wolfgang Rosenauer
1b6e938d0c - update to Thunderbird 52.2.1
* Problems with Gmail fixed (folders not showing, repeated email
    download, etc.) introduced in version 52.2.0. (boo#1045895)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=378
2017-06-26 05:17:01 +00:00
Dominique Leuenberger
bbb1d2b492 Accepting request 503951 from mozilla:Factory
- update to Thunderbird 52.2 (boo#1043960)
  * Embedded images not shown in email received from Hotmail/Outlook
    webmailer
  * Detection of non-ASCII font names in font selector
  * Attachment not forwarded correctly under certain circumstances
  * Multiple requests for master password when GMail OAuth2 is enabled
  * Large number of blank pages being printed under certain
    circumstances when invalid preferences were present
  * Messages sent via the Simple MAPI interface are forced to HTML
  * Calendar: Invitations can't be printed
  * Mailing list (group) not accessible from macOS or Outlook address book
  * Clicking on links with references/anchors where target doesn't
    exist in the message not opening in external browser
  MFSA 2017-17
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB

OBS-URL: https://build.opensuse.org/request/show/503951
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=181
2017-06-20 08:59:18 +00:00
Wolfgang Rosenauer
d85085e956 - update to Thunderbird 52.2 (boo#1043960)
* Embedded images not shown in email received from Hotmail/Outlook
    webmailer
  * Detection of non-ASCII font names in font selector
  * Attachment not forwarded correctly under certain circumstances
  * Multiple requests for master password when GMail OAuth2 is enabled
  * Large number of blank pages being printed under certain
    circumstances when invalid preferences were present
  * Messages sent via the Simple MAPI interface are forced to HTML
  * Calendar: Invitations can't be printed
  * Mailing list (group) not accessible from macOS or Outlook address book
  * Clicking on links with references/anchors where target doesn't
    exist in the message not opening in external browser
  MFSA 2017-17
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=376
2017-06-15 11:08:05 +00:00
Dominique Leuenberger
11b4d6b502 Accepting request 500919 from mozilla:Factory
- remove legacy -Os optimization breaking gcc7/i586 (boo#1042090)

OBS-URL: https://build.opensuse.org/request/show/500919
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=180
2017-06-08 14:36:51 +00:00
Wolfgang Rosenauer
a1880e072f - remove legacy -Os optimization breaking gcc7/i586 (boo#1042090)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=374
2017-06-04 07:32:08 +00:00
Dominique Leuenberger
2420581291 Accepting request 500304 from mozilla:Factory
- explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
  with gcc7 (boo#1040105, boo#1042090)

OBS-URL: https://build.opensuse.org/request/show/500304
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=179
2017-06-03 23:48:40 +00:00
Wolfgang Rosenauer
d632cbe076 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=372 2017-06-03 19:16:23 +00:00
Wolfgang Rosenauer
70d7ec1299 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=371 2017-06-01 06:14:33 +00:00
Wolfgang Rosenauer
84d1aa88aa - explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
with gcc7 (boo#1040105, boo#1042090)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=370
2017-06-01 06:10:49 +00:00
Dominique Leuenberger
45a358f4a5 Accepting request 495327 from mozilla:Factory
- update to Thunderbird 52.1.1
  * fixed crash when compacting IMAP folder (boo#1038753)
  * Some attachments could not be opened or saved if the message
    body is empty
  * Unable to load full message via POP if message was downloaded
    partially (or only headers) before
  * Large attachments may not be shown or saved correctly if the
    message is stored in an IMAP folder which is not synchronized
    for offline use

OBS-URL: https://build.opensuse.org/request/show/495327
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=178
2017-05-20 08:10:10 +00:00
Wolfgang Rosenauer
2f48663b5c OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=368 2017-05-16 09:11:43 +00:00
Wolfgang Rosenauer
c8307ea894 - update to Thunderbird 52.1.1
* fixed crash when compacting IMAP folder (boo#1038753)
  * Some attachments could not be opened or saved if the message
    body is empty
  * Unable to load full message via POP if message was downloaded
    partially (or only headers) before
  * Large attachments may not be shown or saved correctly if the
    message is stored in an IMAP folder which is not synchronized
    for offline use

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=367
2017-05-15 20:50:25 +00:00
Dominique Leuenberger
26434e4dcd Accepting request 492468 from mozilla:Factory
- update to Thunderbird 52.1.0
  * Background images not working and other issues related to
    embedded images when composing email have been fixed
  * Google Oauth setup can sometimes not progress to the next step
  * requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing

OBS-URL: https://build.opensuse.org/request/show/492468
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=177
2017-05-03 13:53:31 +00:00
Wolfgang Rosenauer
7301b54ab6 - update to Thunderbird 52.1.0
* Background images not working and other issues related to
    embedded images when composing email have been fixed
  * Google Oauth setup can sometimes not progress to the next step
  * requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=365
2017-05-02 07:59:46 +00:00
Wolfgang Rosenauer
55377bc24a - require libffi explicitely to fix PPC64LE build where a system
library is required

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=364
2017-04-19 09:45:54 +00:00
Wolfgang Rosenauer
cb96a9588a Accepting request 489077 from home:AndreasStieger:branches:mozilla:Factory
Adding changelog entries for 52:

- security fixes (bsc#1028391, MFSA 2017-09):
  In general, these flaws cannot be exploited through email because
  scripting is disabled when reading mail, but are potentially
  risks in browser or browser-like contexts.
  * CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
  * CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
  * CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
  * CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186)
  * CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138)
  * CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890)
  * CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622)
  * CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687)
  * CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711)
  * CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
  * CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504)
  * CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370)
  * CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
  * CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
  * CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876)
  * CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243)
  * CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
  * CVE-2017-5421: Print preview spoofing (bmo#1301876)
  * CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002)
  * CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
  * CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8

OBS-URL: https://build.opensuse.org/request/show/489077
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=363
2017-04-18 12:03:08 +00:00
Wolfgang Rosenauer
8699f618bd - update to Thunderbird 52.0.1
* Clicking on a link in an email may not open this link in the
    external browser
  * addon blocklist updates
- enable ALSA for systems w/o PA

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=362
2017-04-17 12:52:44 +00:00
Wolfgang Rosenauer
2fb682c18e - use Gtk3 for Tumbleweed
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=361
2017-04-02 21:31:26 +00:00
Wolfgang Rosenauer
5894d6fffd Accepting request 483796 from home:AndreasStieger:branches:mozilla:Factory
- fix build on Leap and Tumbleweed
- take tarball from release tag
- adjust mozilla-kde.patch to match

OBS-URL: https://build.opensuse.org/request/show/483796
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=360
2017-04-02 21:22:13 +00:00
Wolfgang Rosenauer
9d47ba1d60 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=359 2017-03-22 13:30:37 +00:00
Wolfgang Rosenauer
d6fa566d17 - update to Thunderbird 52.0
* Optionally remove corresponding data files when removing an account
  * Possibility to copy message filter
  * Calendar: Event can now be created and edited in a tab
  * Calendar: Processing of received invitation counter proposals
  * Chat: Support Twitter Direct Messages
  * Chat: Liking and favoriting in Twitter
  * Chat: Removed Yahoo! Messenger support
  * serveral bugfixes
- removed obsolete patches
  * mozilla-aarch64-48bit-va.patch
  * mozilla-binutils-visibility.patch
  * mozilla-flex_buffer_overrun.patch
  * mozilla-gcc6.patch
- added generic mozilla patches
  * mozilla-aarch64-startup-crash.patch
- require newer versions of NSPR and NSS

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=358
2017-03-18 21:27:55 +00:00
Dominique Leuenberger
39b8dd740a Accepting request 478505 from mozilla:Factory
fix typo in release date
- update to Thunderbird 45.8.0 (boo#1028391)
  * MFSA 2017-07
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
                   (bmo#1334933)
    CVE-2017-5401: Memory Corruption when handling ErrorResult
                   (bmo#1328861)
    CVE-2017-5402: Use-after-free working with events in FontFace
                   objects (bmo#1334876)
    CVE-2017-5404: Use-after-free working with ranges in selections
                   (bmo#1340138)
    CVE-2017-5407: Pixel and history stealing via floating-point
                   timing side channel with SVG filters (bmo#1336622)
    CVE-2017-5410: Memory corruption during JavaScript garbage
                   collection incremental sweeping (bmo#1330687)
    CVE-2017-5408: Cross-origin reading of video captions in violation
                   of CORS (bmo#1313711)
    CVE-2017-5405: FTP response codes can cause use of
                   uninitialized values for ports (bmo#1336699)
    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
                   Firefox ESR 45.8

OBS-URL: https://build.opensuse.org/request/show/478505
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=176
2017-03-13 14:30:45 +00:00
Wolfgang Rosenauer
693127b057 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=356 2017-03-10 13:14:35 +00:00
Wolfgang Rosenauer
e3be4ae3e0 - update to Thunderbird 45.8.0 (boo#1028391)
* MFSA 2017-07
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
                   (bmo#1334933)
    CVE-2017-5401: Memory Corruption when handling ErrorResult
                   (bmo#1328861)
    CVE-2017-5402: Use-after-free working with events in FontFace
                   objects (bmo#1334876)
    CVE-2017-5404: Use-after-free working with ranges in selections
                   (bmo#1340138)
    CVE-2017-5407: Pixel and history stealing via floating-point
                   timing side channel with SVG filters (bmo#1336622)
    CVE-2017-5410: Memory corruption during JavaScript garbage
                   collection incremental sweeping (bmo#1330687)
    CVE-2017-5408: Cross-origin reading of video captions in violation
                   of CORS (bmo#1313711)
    CVE-2017-5405: FTP response codes can cause use of
                   uninitialized values for ports (bmo#1336699)
    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
                   Firefox ESR 45.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=355
2017-03-09 16:34:03 +00:00
Wolfgang Rosenauer
ea8836e41b - update to Thunderbird 45.8.0
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=354
2017-03-08 14:16:14 +00:00
Dominique Leuenberger
5a58549b7f Accepting request 456391 from mozilla:Factory
- update to Thunderbird 45.7.1
  * fixed Crash when viewing certain IMAP messages (introduced in 45.7.0)

OBS-URL: https://build.opensuse.org/request/show/456391
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=175
2017-02-15 09:02:36 +00:00
Wolfgang Rosenauer
85695aab79 - update to Thunderbird 45.7.1
* fixed Crash when viewing certain IMAP messages (introduced in 45.7.0)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=352
2017-02-09 10:45:25 +00:00
Dominique Leuenberger
5c312484f8 Accepting request 452950 from mozilla:Factory
1

OBS-URL: https://build.opensuse.org/request/show/452950
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=174
2017-01-29 09:30:14 +00:00
Wolfgang Rosenauer
9af44ffd70 Accepting request 452925 from home:AndreasStieger:branches:mozilla:Factory
Adjust CVE list as perMFSA 2017-03

OBS-URL: https://build.opensuse.org/request/show/452925
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=350
2017-01-27 13:27:58 +00:00
Wolfgang Rosenauer
cd4d95cddf - update to Thunderbird 45.7.0
* Message preview pane non-functional after IMAP folder was renamed
    or moved
  * "Move To" button on "Search Messages" panel not working
  * Message sent to "undisclosed recipients" shows no recipient
    (non-functional since Thunderbird version 38)
  * MFSA 2017-02 (Gecko 45.7.0)
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)
    CVE-2017-5383: Location bar spoofing with unicode characters
                   (bmo#1323338, bmo#1324716, boo#1021822)
    CVE-2017-5386: WebExtensions can use data: protocol to affect other
                   extensions (bmo#1319070, boo#1021823)
    CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
                   Firefox ESR 45.7 (boo#1021824)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=349
2017-01-25 10:46:35 +00:00
Ludwig Nussel
b1a91366fa Accepting request 448120 from mozilla:Factory
- update to Thunderbird 45.6.0 (boo#1015422)
  * The system integration dialog was shown every time when starting
    Thunderbird
  * MFSA 2016-96
    CVE-2016-9899: Use-after-free while manipulating DOM events and
                   audio elements (bmo#1317409)
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
    CVE-2016-9898: Use-after-free in Editor while manipulating DOM
                   subtrees (bmo#1314442)
    CVE-2016-9900: Restricted external resources can be loaded by
                   SVG images through data URLs (bmo#1319122)
    CVE-2016-9904: Cross-origin information leak in shared atoms
                   (bmo#1317936)
    CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985)
    CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6

    CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5

OBS-URL: https://build.opensuse.org/request/show/448120
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=173
2017-01-04 18:29:14 +00:00