From 3cf568899e69c4492212ed68985970b5ef0b1892fa0c78d98707e490532470f2 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Wed, 16 Aug 2017 19:17:30 +0000
Subject: [PATCH] - update to Thunderbird 52.3 (boo#1052829)   Fixed issues:  
 * Unwanted inline images shown in rogue SPAM messages   * Deleting message
 from the POP3 server not working when maildir     storage was used   *
 Message disposition flag (replied / forwarded) lost when reply or    
 forwarded message was stored as draft and draft was sent later   * Inline
 images not scaled to fit when printing   * Selected text from another message
 sometimes included in a reply   * No authorisation prompt displayed when
 inserting image into email     body although image URL requires
 authentication   * Large attachments taking a long time to open under some
 circumstances   security   Security fixes from Gecko 52.3esr   *
 CVE-2017-7798 (bmo#1371586, bmo#1372112)     XUL injection in the style
 editor in devtools   * CVE-2017-7800 (bmo#1374047)     Use-after-free in
 WebSockets during disconnection   * CVE-2017-7801 (bmo#1371259)    
 Use-after-free with marquee during window resizing   * CVE-2017-7784
 (bmo#1376087)     Use-after-free with image observers   * CVE-2017-7802
 (bmo#1378147)     Use-after-free resizing image elements   * CVE-2017-7785
 (bmo#1356985)     Buffer overflow manipulating ARIA attributes in DOM   *
 CVE-2017-7786 (bmo#1365189)     Buffer overflow while painting
 non-displayable SVG   * CVE-2017-7753 (bmo#1353312)     Out-of-bounds read
 with cached style data and pseudo-elements#

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=382
---
 MozillaThunderbird.changes       | 52 +++++++++++++++++++++++++++++++-
 MozillaThunderbird.spec          |  4 +--
 compare-locales.tar.xz           |  4 +--
 create-tar.sh                    |  4 +--
 l10n-52.2.1.tar.xz               |  3 --
 l10n-52.3.0.tar.xz               |  3 ++
 thunderbird-52.2.1-source.tar.xz |  3 --
 thunderbird-52.3.0-source.tar.xz |  3 ++
 8 files changed, 63 insertions(+), 13 deletions(-)
 delete mode 100644 l10n-52.2.1.tar.xz
 create mode 100644 l10n-52.3.0.tar.xz
 delete mode 100644 thunderbird-52.2.1-source.tar.xz
 create mode 100644 thunderbird-52.3.0-source.tar.xz

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 569ab32..288bc3c 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,3 +1,53 @@
+-------------------------------------------------------------------
+Tue Aug 15 12:48:43 UTC 2017 - wr@rosenauer.org
+
+- update to Thunderbird 52.3 (boo#1052829)
+  Fixed issues:
+  * Unwanted inline images shown in rogue SPAM messages
+  * Deleting message from the POP3 server not working when maildir
+    storage was used
+  * Message disposition flag (replied / forwarded) lost when reply or
+    forwarded message was stored as draft and draft was sent later
+  * Inline images not scaled to fit when printing
+  * Selected text from another message sometimes included in a reply
+  * No authorisation prompt displayed when inserting image into email
+    body although image URL requires authentication
+  * Large attachments taking a long time to open under some circumstances
+  security
+  Security fixes from Gecko 52.3esr
+  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
+    XUL injection in the style editor in devtools
+  * CVE-2017-7800 (bmo#1374047)
+    Use-after-free in WebSockets during disconnection
+  * CVE-2017-7801 (bmo#1371259)
+    Use-after-free with marquee during window resizing
+  * CVE-2017-7784 (bmo#1376087)
+    Use-after-free with image observers
+  * CVE-2017-7802 (bmo#1378147)
+    Use-after-free resizing image elements
+  * CVE-2017-7785 (bmo#1356985)
+    Buffer overflow manipulating ARIA attributes in DOM
+  * CVE-2017-7786 (bmo#1365189)
+    Buffer overflow while painting non-displayable SVG
+  * CVE-2017-7753 (bmo#1353312)
+    Out-of-bounds read with cached style data and pseudo-elements#
+  * CVE-2017-7787 (bmo#1322896)
+    Same-origin policy bypass with iframes through page reloads
+  * CVE-2017-7807 (bmo#1376459)
+    Domain hijacking through AppCache fallback
+  * CVE-2017-7792 (bmo#1368652)
+    Buffer overflow viewing certificates with an extremely long OID
+  * CVE-2017-7804 (bmo#1372849)
+    Memory protection bypass through WindowsDllDetourPatcher
+  * CVE-2017-7791 (bmo#1365875)
+    Spoofing following page navigation with data: protocol and modal alerts
+  * CVE-2017-7782 (bmo#1344034)
+    WindowsDllDetourPatcher allocates memory without DEP protections
+  * CVE-2017-7803 (bmo#1377426)
+    CSP containing 'sandbox' improperly applied
+  * CVE-2017-7779
+    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
+
 -------------------------------------------------------------------
 Wed Aug  9 09:47:39 UTC 2017 - schwab@suse.de
 
@@ -6,7 +56,7 @@ Wed Aug  9 09:47:39 UTC 2017 - schwab@suse.de
 -------------------------------------------------------------------
 Wed Jun 28 13:57:13 UTC 2017 - guillaume@opensuse.org
 
-- mozilla-disable-neon-option.patch has been dropped silently, so 
+- mozilla-disable-neon-option.patch has been dropped silently, so
   remove the --disable-neon option as it is not available anymore.
 
 -------------------------------------------------------------------
diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index 2bb10ce..970248f 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 52.2.1
+%define mainversion 52.3.0
 %define update_channel release
-%define releasedate 201706250000
+%define releasedate 201708150000
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz
index 8ba6c48..1c8c532 100644
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:370bc757121f5378736e13bd204b3fbf51a41cc9da7a00f286d58cade70e3684
-size 28404
+oid sha256:002e2f18cfead15ccd76384d74fa11ef5c387cc4d755d0fd71f224757401c6ed
+size 28388
diff --git a/create-tar.sh b/create-tar.sh
index b3c0045..1bb2858 100644
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -2,8 +2,8 @@
 
 CHANNEL="esr52"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_52_2_1_RELEASE"
-VERSION="52.2.1"
+RELEASE_TAG="THUNDERBIRD_52_3_0_RELEASE"
+VERSION="52.3.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird
diff --git a/l10n-52.2.1.tar.xz b/l10n-52.2.1.tar.xz
deleted file mode 100644
index a9ad93c..0000000
--- a/l10n-52.2.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e651343e1d90eae1ca135c09ccdacabb1f0193b0e61618758a8b726e8ffe2800
-size 26219380
diff --git a/l10n-52.3.0.tar.xz b/l10n-52.3.0.tar.xz
new file mode 100644
index 0000000..8590c22
--- /dev/null
+++ b/l10n-52.3.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f56155398b572408b653ab0079e32308270ee5aea3a405399e4687ce5caf2f16
+size 26247324
diff --git a/thunderbird-52.2.1-source.tar.xz b/thunderbird-52.2.1-source.tar.xz
deleted file mode 100644
index 29b69b0..0000000
--- a/thunderbird-52.2.1-source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:319b1c9dbcb486ebc8d2cf8819110428d95a2d4aaf131c16a6f583bdc67fda98
-size 240247096
diff --git a/thunderbird-52.3.0-source.tar.xz b/thunderbird-52.3.0-source.tar.xz
new file mode 100644
index 0000000..0b401ff
--- /dev/null
+++ b/thunderbird-52.3.0-source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e85a68b6d24de1d6dcaa9e5d3b491158c975fc2f895560ef29716c508f99f07
+size 240356760