OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=24

2008-06-25 23:16:21 +00:00 · 2008-06-25 23:16:21 +00:00 · 3d1766af3f
commit 3d1766af3f
parent b2c9774568
10 changed files with 32 additions and 3351 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Tue Jun 24 18:43:51 CEST 2008 - maw@suse.de
+
+- Security update to version 2.0.0.14 (bnc#390992):
+  + MFSA 2008-15 / CVE-2008-1236 and CVE-2008-1237: Crashes with
+    evidence of memory corruption (rv:1.8.1.13)
+  + MFSA 2008-14 / CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:
+    JavaScript privilege escalation and arbitrary code execution
+- Drop the following patches: thunderbird-2.0.0.14-backports.patch,
+  mozilla-missing-decl.patch, and unused-includes.patch
+- Respin mozilla-gcc4.3-fixes.patch.  
+
 -------------------------------------------------------------------
 Fri May 30 17:27:50 CEST 2008 - maw@suse.de

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -1,5 +1,5 @@
 #
-# spec file for package MozillaThunderbird (Version 2.0.0.12)
+# spec file for package MozillaThunderbird (Version 2.0.0.14)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@ -13,8 +13,8 @@
 Name:           MozillaThunderbird
 BuildRequires:  fdupes gcc-c++ libgnomeui-devel libidl-devel mozilla-nss-devel orbit-devel unzip update-desktop-files zip
 License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
-Version:        2.0.0.12
-Release:        32
+Version:        2.0.0.14
+Release:        1
 Summary:        The Stand-Alone Mozilla Mail Component
 Url:            http://www.mozilla.org/products/thunderbird/
 Group:          Productivity/Networking/Email/Clients
@ -50,9 +50,6 @@ Patch26:        cups-paper.patch
 Patch27:        thunderbird-1.5.0.8-uninitalized-vars-232305.patch
 #Patch28:        thunderbird-gcc4.3-fixes.patch
 Patch29:        visibility.patch
-Patch30:        mozilla-missing-decl.patch
-Patch31:        unused-includes.patch
-Patch32:        thunderbird-2.0.0.14-backports.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         libstdc++ fileutils textutils /bin/sh
 %if %suse_version > 1000
@ -80,7 +77,7 @@ Requires:       mozilla-nspr >= %(rpm -q --queryformat '%{VERSION}' mozilla-nspr
 BuildRequires:  mozilla-nss-devel
 %endif
 %define _unpackaged_files_terminate_build 0
-%define releasedate 2007111400
+%define releasedate 2008042100
 %define progname thunderbird
 %define progdir %{_prefix}/%_lib/thunderbird
 %define my_provides /tmp/my-provides
@ -117,7 +114,7 @@ Authors:
 %package translations
 License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
 Summary:        Translations of MozillaThunderbird
-Provides:       locale(MozillaThunderbird:be;bg;ca;cs;da;de;el;en_GB;es_AR;es_ES;eu;fi;fr;ga_IE;hu;it;ja;ko;lt;mk;nb_NO;nl;nn_NO;pa_IN;pl;pt_BR;pt_PT;ru;sk;sl;sv_SE;tr;zh_CN;zh_TW)
+Provides:       locale(MozillaThunderbird:af;be;bg;ca;cs;da;de;el;en_GB;es_AR;es_ES;eu;fi;fr;ga_IE;he;hu;it;ja;ko;lt;mk;nb_NO;nl;nn_NO;pa_IN;pl;pt_BR;pt_PT;ru;sk;sl;sv_SE;tr;uk;zh_CN;zh_TW)
 Group:          Productivity/Networking/Email/Clients
 PreReq:         %{name} = %{version}

@ -185,9 +182,6 @@ cd $RPM_BUILD_DIR/mozilla
 %patch26
 %patch27 -p0
 # %patch28 -p1
-%patch30 -p1
-%patch31
-%patch32

 %build
 export MOZ_BUILD_DATE=%{releasedate}
@ -676,6 +670,15 @@ exit 0
 %{_bindir}/thunderbird-config

 %changelog
+* Tue Jun 24 2008 maw@suse.de
+- Security update to version 2.0.0.14 (bnc#390992):
+  + MFSA 2008-15 / CVE-2008-1236 and CVE-2008-1237: Crashes with
+  evidence of memory corruption (rv:1.8.1.13)
+  + MFSA 2008-14 / CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:
+  JavaScript privilege escalation and arbitrary code execution
+- Drop the following patches: thunderbird-2.0.0.14-backports.patch,
+  mozilla-missing-decl.patch, and unused-includes.patch
+- Respin mozilla-gcc4.3-fixes.patch.
 * Fri May 30 2008 maw@suse.de
 - Add thunderbird-2.0.0.14-backports.patch (bnc390992).
 * Fri May 16 2008 schwab@suse.de
--- a/l10n-2.0.0.12.tar.bz2
+++ b/l10n-2.0.0.12.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0df3a42c3af427cd415ebe2a5e7b46fe2fd231b6a80229a338ecbaaa85ce44cd
-size 10034875
--- a/l10n-2.0.0.14.tar.bz2
+++ b/l10n-2.0.0.14.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a1adc1bcb66483932c583237aca9e068249c7f562e64c1eeb000d12800ec4bb6
+size 10037405
--- a/mozilla-gcc4.3-fixes.patch
+++ b/mozilla-gcc4.3-fixes.patch
@ -107,40 +107,3 @@ diff -u -p -r1.1.10.3 imgIEncoder.idl
 +  /* void encodeClipboardImage(in nsIClipboardImage aClipboardImage, out nsIFile aImageFile); */
 };
 
-Index: xpcom/obsolete/component/nsFileSpecImpl.h
-===================================================================
-RCS file: /cvsroot/mozilla/xpcom/obsolete/component/nsFileSpecImpl.h,v
-retrieving revision 1.3
-diff -u -p -6 -r1.3 nsFileSpecImpl.h
--- xpcom/obsolete/component/nsFileSpecImpl.h	18 Apr 2004 14:18:15 -0000	1.3
-+++ xpcom/obsolete/component/nsFileSpecImpl.h	14 Nov 2007 12:11:12 -0000
-@@ -40,13 +40,13 @@
- 
- #include "nscore.h"
- #include "nsIFileSpec.h" 
- #include "nsFileSpec.h"
- 
- //========================================================================================
-class nsFileSpecImpl
-+class NS_COM nsFileSpecImpl
- //========================================================================================
- 	: public nsIFileSpec
- {
- 
-  public: 
- 
-@@ -78,13 +78,13 @@ class nsFileSpecImpl
- 
- private:
- 	~nsFileSpecImpl();
- }; // class nsFileSpecImpl
- 
- //========================================================================================
-class nsDirectoryIteratorImpl
-+class NS_COM nsDirectoryIteratorImpl
- //========================================================================================
- 	: public nsIDirectoryIterator
- {
- 
- public:
- 
--- a/mozilla-missing-decl.patch
+++ b/mozilla-missing-decl.patch
@ -1,61 +0,0 @@
---
- security/manager/ssl/src/nsKeygenHandler.cpp |   19 +++++++++----------
- 1 file changed, 9 insertions(+), 10 deletions(-)
-
-Index: mozilla/security/manager/ssl/src/nsKeygenHandler.cpp
-===================================================================
--- mozilla.orig/security/manager/ssl/src/nsKeygenHandler.cpp	2005-07-20 21:31:22.000000000 +0200
-+++ mozilla/security/manager/ssl/src/nsKeygenHandler.cpp	2008-02-02 00:08:05.000000000 +0100
-@@ -70,16 +70,25 @@
- 
- //All possible key size choices.
- static SECKeySizeChoiceInfo SECKeySizeChoiceList[] = {
-     { nsnull, 2048 },
-     { nsnull, 1024 },
-     { nsnull, 0 }, 
- };
- 
-+DERTemplate SECAlgorithmIDTemplate[] = {
-+    { DER_SEQUENCE,
-+	  0, NULL, sizeof(SECAlgorithmID) },
-+    { DER_OBJECT_ID,
-+	  offsetof(SECAlgorithmID,algorithm), },
-+    { DER_OPTIONAL | DER_ANY,
-+	  offsetof(SECAlgorithmID,parameters), },
-+    { 0, }
-+};
- 
- DERTemplate CERTSubjectPublicKeyInfoTemplate[] = {
-     { DER_SEQUENCE,
-           0, nsnull, sizeof(CERTSubjectPublicKeyInfo) },
-     { DER_INLINE,
-           offsetof(CERTSubjectPublicKeyInfo,algorithm),
-           SECAlgorithmIDTemplate, },
-     { DER_BIT_STRING,
-@@ -90,26 +99,16 @@
- DERTemplate CERTPublicKeyAndChallengeTemplate[] =
- {
-     { DER_SEQUENCE, 0, nsnull, sizeof(CERTPublicKeyAndChallenge) },
-     { DER_ANY, offsetof(CERTPublicKeyAndChallenge,spki), },
-     { DER_IA5_STRING, offsetof(CERTPublicKeyAndChallenge,challenge), },
-     { 0, }
- };
- 
-DERTemplate SECAlgorithmIDTemplate[] = {
-    { DER_SEQUENCE,
-	  0, NULL, sizeof(SECAlgorithmID) },
-    { DER_OBJECT_ID,
-	  offsetof(SECAlgorithmID,algorithm), },
-    { DER_OPTIONAL | DER_ANY,
-	  offsetof(SECAlgorithmID,parameters), },
-    { 0, }
-};
-
- const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
-     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
-     { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
-     { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
-     { SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
-     { 0, }
- };
- 
--- a/thunderbird-2.0.0.12-source.tar.bz2
+++ b/thunderbird-2.0.0.12-source.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c0d11b03003510c80a1422d55cb9410e24f149fd81f76f9597287f912ec70004
-size 37709863
--- a/thunderbird-2.0.0.14-backports.patch
+++ b/thunderbird-2.0.0.14-backports.patch
--- a/thunderbird-2.0.0.14-source.tar.bz2
+++ b/thunderbird-2.0.0.14-source.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35ec3a5e4b55681f5c0e4cc157aae564e85375b3a57d33a139ee16251daff898
+size 37740573
--- a/unused-includes.patch
+++ b/unused-includes.patch
@ -1,21 +0,0 @@
--- xpcom/reflect/xptcall/src/md/unix/xptcinvoke_ipf32.cpp
-+++ xpcom/reflect/xptcall/src/md/unix/xptcinvoke_ipf32.cpp
-@@ -39,8 +39,6 @@
- 
- #include "xptcprivate.h"
- 
-#include <iostream.h>
-
- // "This code is for IA64 only"
- 
- 
--- xpcom/reflect/xptcall/src/md/unix/xptcinvoke_ipf64.cpp
-+++ xpcom/reflect/xptcall/src/md/unix/xptcinvoke_ipf64.cpp
-@@ -40,7 +40,6 @@
- #include "xptcprivate.h"
- 
- #include <stdint.h>
-#include <iostream.h>
- 
- // "This code is for IA64 only"
-