- update to Thunderbird 52.3 (boo#1052829)

Fixed issues:
  * Unwanted inline images shown in rogue SPAM messages
  * Deleting message from the POP3 server not working when maildir
    storage was used
  * Message disposition flag (replied / forwarded) lost when reply or
    forwarded message was stored as draft and draft was sent later
  * Inline images not scaled to fit when printing
  * Selected text from another message sometimes included in a reply
  * No authorisation prompt displayed when inserting image into email
    body although image URL requires authentication
  * Large attachments taking a long time to open under some circumstances
  security
  Security fixes from Gecko 52.3esr
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=382

MozillaThunderbird.changes

@@ -1,3 +1,53 @@
+-------------------------------------------------------------------
+Tue Aug 15 12:48:43 UTC 2017 - wr@rosenauer.org
+
+- update to Thunderbird 52.3 (boo#1052829)
+  Fixed issues:
+  * Unwanted inline images shown in rogue SPAM messages
+  * Deleting message from the POP3 server not working when maildir
+    storage was used
+  * Message disposition flag (replied / forwarded) lost when reply or
+    forwarded message was stored as draft and draft was sent later
+  * Inline images not scaled to fit when printing
+  * Selected text from another message sometimes included in a reply
+  * No authorisation prompt displayed when inserting image into email
+    body although image URL requires authentication
+  * Large attachments taking a long time to open under some circumstances
+  security
+  Security fixes from Gecko 52.3esr
+  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
+    XUL injection in the style editor in devtools
+  * CVE-2017-7800 (bmo#1374047)
+    Use-after-free in WebSockets during disconnection
+  * CVE-2017-7801 (bmo#1371259)
+    Use-after-free with marquee during window resizing
+  * CVE-2017-7784 (bmo#1376087)
+    Use-after-free with image observers
+  * CVE-2017-7802 (bmo#1378147)
+    Use-after-free resizing image elements
+  * CVE-2017-7785 (bmo#1356985)
+    Buffer overflow manipulating ARIA attributes in DOM
+  * CVE-2017-7786 (bmo#1365189)
+    Buffer overflow while painting non-displayable SVG
+  * CVE-2017-7753 (bmo#1353312)
+    Out-of-bounds read with cached style data and pseudo-elements#
+  * CVE-2017-7787 (bmo#1322896)
+    Same-origin policy bypass with iframes through page reloads
+  * CVE-2017-7807 (bmo#1376459)
+    Domain hijacking through AppCache fallback
+  * CVE-2017-7792 (bmo#1368652)
+    Buffer overflow viewing certificates with an extremely long OID
+  * CVE-2017-7804 (bmo#1372849)
+    Memory protection bypass through WindowsDllDetourPatcher
+  * CVE-2017-7791 (bmo#1365875)
+    Spoofing following page navigation with data: protocol and modal alerts
+  * CVE-2017-7782 (bmo#1344034)
+    WindowsDllDetourPatcher allocates memory without DEP protections
+  * CVE-2017-7803 (bmo#1377426)
+    CSP containing 'sandbox' improperly applied
+  * CVE-2017-7779
+    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
+
 -------------------------------------------------------------------
 Wed Aug  9 09:47:39 UTC 2017 - schwab@suse.de
 

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 52.2.1
+%define mainversion 52.3.0
 %define update_channel release
-%define releasedate 201706250000
+%define releasedate 201708150000
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:370bc757121f5378736e13bd204b3fbf51a41cc9da7a00f286d58cade70e3684
-size 28404
+oid sha256:002e2f18cfead15ccd76384d74fa11ef5c387cc4d755d0fd71f224757401c6ed
+size 28388

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr52"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_52_2_1_RELEASE"
-VERSION="52.2.1"
+RELEASE_TAG="THUNDERBIRD_52_3_0_RELEASE"
+VERSION="52.3.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

l10n-52.2.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e651343e1d90eae1ca135c09ccdacabb1f0193b0e61618758a8b726e8ffe2800
-size 26219380

l10n-52.3.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f56155398b572408b653ab0079e32308270ee5aea3a405399e4687ce5caf2f16
+size 26247324

thunderbird-52.2.1-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:319b1c9dbcb486ebc8d2cf8819110428d95a2d4aaf131c16a6f583bdc67fda98
-size 240247096

thunderbird-52.3.0-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e85a68b6d24de1d6dcaa9e5d3b491158c975fc2f895560ef29716c508f99f07
+size 240356760