diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index d5c82cf..36bc99e 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Mon Aug 30 17:40:28 CEST 2010 - wr@rosenauer.org + +- security update to version 3.1.3 + * MFSA 2010-49/CVE-2010-3169 + Miscellaneous memory safety hazards + * MFSA 2010-50/CVE-2010-2765 (bmo#576447) + Frameset integer overflow vulnerability + * MFSA 2010-51/CVE-2010-2767 (bmo#584512) + Dangling pointer vulnerability using DOM plugin array + * MFSA 2010-53/CVE-2010-3166 (bmo#579655) + Heap buffer overflow in nsTextFrameUtils::TransformText + * MFSA 2010-54/CVE-2010-2760 (bmo#585815) + Dangling pointer vulnerability in nsTreeSelection + * MFSA 2010-55/CVE-2010-3168 (bmo#576075) + XUL tree removal crash and remote code execution + * MFSA 2010-56/CVE-2010-3167 (bmo#576070) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-57/CVE-2010-2766 (bmo#580445) + Crash and remote code execution in normalizeDocument + * MFSA 2010-59/CVE-2010-2762 (bmo#584180) + SJOW creates scope chains ending in outer object + * MFSA 2010-61/CVE-2010-2768 (bmo#579744) + UTF-7 XSS by overriding document charset using type + attribute + * MFSA 2010-62/CVE-2010-2769 (bmo#520189) + Copy-and-paste or drag-and-drop into designMode document allows + XSS + * MFSA 2010-63/CVE-2010-2764 (bmo#552090) + Information leak via XMLHttpRequest statusText +- ESD notification sound fix included upstream + ------------------------------------------------------------------- Mon Aug 30 17:37:58 CEST 2010 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 4aa718a..b78256e 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaThunderbird (Version 3.1.1) +# spec file for package MozillaThunderbird (Version 3.1.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -25,10 +25,10 @@ BuildRequires: autoconf213 fdupes gcc-c++ hunspell-devel libcurl-devel libgnome BuildRequires: nss-shared-helper-devel %endif License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ -%define mainversion 3.1.1 +%define mainversion 3.1.3 Version: %{mainversion} -Release: 2 -%define releasedate 2010071400 +Release: 1 +%define releasedate 2010082400 Summary: The Stand-Alone Mozilla Mail Component Url: http://www.mozilla.org/products/thunderbird/ Group: Productivity/Networking/Email/Clients @@ -43,7 +43,6 @@ Source7: find-external-requires.sh Source8: MozillaThunderbird-rpmlintrc Source9: enigmail-1.1.2.tar.bz2 Source10: create-tar.sh -Patch1: mozilla-esd.patch Patch2: thunderbird-appname.patch Patch4: tb-ssldap.patch Patch5: tb-develdirs.patch @@ -119,7 +118,6 @@ Software Development Kit to build plugins/extensions against Thunderbird. %if %crashreporter - %package buildsymbols License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Summary: Breakpad buildsymbols for %{name} @@ -130,8 +128,8 @@ This subpackage contains the Breakpad created and compatible debugging symbols meant for upload to Mozilla's crash collector database. %endif -%if %build_enigmail +%if %build_enigmail %package -n enigmail Version: 1.1.2 Release: 2 @@ -158,7 +156,6 @@ This package contains the Enigmail OpenPGP Addon for Thunderbird and SeaMonkey. %endif # xulrunner patches pushd mozilla -%patch1 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 @@ -452,7 +449,6 @@ exit 0 %{_bindir}/%{progname} %if %localize - %files translations-common -f %{_tmppath}/translations.common %defattr(-,root,root) @@ -471,7 +467,6 @@ exit 0 %{_includedir}/%{progname}/ %if %build_enigmail - %files -n enigmail %defattr(-,root,root) %dir %{_libdir}/mozilla @@ -479,7 +474,6 @@ exit 0 %endif %if %crashreporter - %files buildsymbols %defattr(-,root,root) %{_datadir}/mozilla/ diff --git a/create-tar.sh b/create-tar.sh index 178dd95..bd1c999 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ BRANCH="releases/comm-1.9.2" # comm-central -RELEASE_TAG="THUNDERBIRD_3_1_1_RELEASE" -VERSION="3.1.1" +RELEASE_TAG="THUNDERBIRD_3_1_3_RELEASE" +VERSION="3.1.3" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-3.1.1.tar.bz2 b/l10n-3.1.1.tar.bz2 deleted file mode 100644 index cebe14f..0000000 --- a/l10n-3.1.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd10591b04f33727374412eb27580b4732e730b3e5d0f38ef6a36d3d2fcbf56d -size 17904338 diff --git a/l10n-3.1.3.tar.bz2 b/l10n-3.1.3.tar.bz2 new file mode 100644 index 0000000..026e35d --- /dev/null +++ b/l10n-3.1.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1e31cc491f4da2f75db67dc0e913bc137a63edf6b6e692c28788149dbdf841a6 +size 17904014 diff --git a/mozilla-esd.patch b/mozilla-esd.patch deleted file mode 100644 index fb1903d..0000000 --- a/mozilla-esd.patch +++ /dev/null @@ -1,91 +0,0 @@ -diff --git a/widget/src/gtk2/nsSound.cpp b/widget/src/gtk2/nsSound.cpp ---- a/widget/src/gtk2/nsSound.cpp -+++ b/widget/src/gtk2/nsSound.cpp -@@ -52,36 +52,31 @@ - #include "nsCOMPtr.h" - #include "nsAutoPtr.h" - #include "nsString.h" - - #include - #include - - #include --/* used with esd_open_sound */ --static int esdref = -1; - static PRLibrary *elib = nsnull; - static PRLibrary *libcanberra = nsnull; - static PRLibrary* libasound = nsnull; - - // the following from esd.h - - #define ESD_BITS8 (0x0000) - #define ESD_BITS16 (0x0001) - #define ESD_MONO (0x0010) - #define ESD_STEREO (0x0020) - #define ESD_STREAM (0x0000) - #define ESD_PLAY (0x1000) - - #define WAV_MIN_LENGTH 44 - --typedef int (*EsdOpenSoundType)(const char *host); --typedef int (*EsdCloseType)(int); -- - /* used to play the sounds from the find symbol call */ - typedef int (*EsdPlayStreamType) (int, int, const char *, const char *); - typedef int (*EsdAudioOpenType) (void); - typedef int (*EsdAudioWriteType) (const void *, int); - typedef void (*EsdAudioCloseType) (void); - - /* used to find and play common system event sounds. - this interfaces with libcanberra. -@@ -126,50 +121,30 @@ NS_IMPL_ISUPPORTS2(nsSound, nsISound, ns - //////////////////////////////////////////////////////////////////////// - nsSound::nsSound() - { - mInited = PR_FALSE; - } - - nsSound::~nsSound() - { -- if (esdref >= 0) { -- EsdCloseType EsdClose = (EsdCloseType) PR_FindFunctionSymbol(elib, "esd_close"); -- if (EsdClose) -- (*EsdClose)(esdref); -- esdref = -1; -- } - } - - NS_IMETHODIMP - nsSound::Init() - { - // This function is designed so that no library is compulsory, and - // one library missing doesn't cause the other(s) to not be used. - if (mInited) - return NS_OK; - - mInited = PR_TRUE; - - if (!elib) { - elib = PR_LoadLibrary("libesd.so.0"); -- if (elib) { -- EsdOpenSoundType EsdOpenSound = -- (EsdOpenSoundType) PR_FindFunctionSymbol(elib, "esd_open_sound"); -- if (!EsdOpenSound) { -- PR_UnloadLibrary(elib); -- elib = nsnull; -- } else { -- esdref = (*EsdOpenSound)("localhost"); -- if (esdref < 0) { -- PR_UnloadLibrary(elib); -- elib = nsnull; -- } -- } -- } - } - - if (!libasound) { - PRFuncPtr func = PR_FindFunctionSymbolAndLibrary("snd_lib_error_set_handler", - &libasound); - if (libasound) { - snd_lib_error_set_handler_fn snd_lib_error_set_handler = - (snd_lib_error_set_handler_fn) func; diff --git a/thunderbird-3.1.1-source.tar.bz2 b/thunderbird-3.1.1-source.tar.bz2 deleted file mode 100644 index 9afca41..0000000 --- a/thunderbird-3.1.1-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8a7ab80c8bf3aebbbb45c0c2092f15bd24fc2d8705ffef6b7e47ff81bad352f -size 66169902 diff --git a/thunderbird-3.1.3-source.tar.bz2 b/thunderbird-3.1.3-source.tar.bz2 new file mode 100644 index 0000000..accafa1 --- /dev/null +++ b/thunderbird-3.1.3-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:212e0cf1402aed40e9e70b6e40ce0a8ed4123eb2d3dfb89ffa18806f5d8a9068 +size 66075965