From 881c0a1733f457fb07416c5089caa5e082b0b49223fa309c164ff0396a1c535d Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 25 Apr 2012 05:52:33 +0000 Subject: [PATCH 1/3] * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=172 --- MozillaThunderbird.changes | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index ac44edd..7b2540f 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -2,6 +2,34 @@ Sat Apr 21 07:39:28 UTC 2012 - wr@rosenauer.org - update to Thunderbird 12.0 (bnc#758408) + * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 + Miscellaneous memory safety hazards + * MFSA 2012-22/CVE-2012-0469 (bmo#738985) + use-after-free in IDBKeyRange + * MFSA 2012-23/CVE-2012-0470 (bmo#734288) + Invalid frees causes heap corruption in gfxImageSurface + * MFSA 2012-24/CVE-2012-0471 (bmo#715319) + Potential XSS via multibyte content processing errors + * MFSA 2012-25/CVE-2012-0472 (bmo#744480) + Potential memory corruption during font rendering using cairo-dwrite + * MFSA 2012-26/CVE-2012-0473 (bmo#743475) + WebGL.drawElements may read illegal video memory due to + FindMaxUshortElement error + * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) + Page load short-circuit can lead to XSS + * MFSA 2012-28/CVE-2012-0475 (bmo#694576) + Ambiguous IPv6 in Origin headers may bypass webserver access + restrictions + * MFSA 2012-29/CVE-2012-0477 (bmo#718573) + Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues + * MFSA 2012-30/CVE-2012-0478 (bmo#727547) + Crash with WebGL content using textImage2D + * MFSA 2012-31/CVE-2011-3062 (bmo#739925) + Off-by-one error in OpenType Sanitizer + * MFSA 2012-32/CVE-2011-1187 (bmo#624621) + HTTP Redirections and remote content can be read by javascript errors + * MFSA 2012-33/CVE-2012-0479 (bmo#714631) + Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) From 9c22a636ab4aabe47e6d46faa3dcf833864b7713f79b9633367283959d750eb3 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 27 Apr 2012 10:23:10 +0000 Subject: [PATCH 2/3] - fixed build with gcc 4.7 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=173 --- MozillaThunderbird.changes | 5 +++++ mailnews-literals.patch | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 7b2540f..3281695 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 27 10:22:49 UTC 2012 - wr@rosenauer.org + +- fixed build with gcc 4.7 + ------------------------------------------------------------------- Sat Apr 21 07:39:28 UTC 2012 - wr@rosenauer.org diff --git a/mailnews-literals.patch b/mailnews-literals.patch index 1f43474..3cc57cf 100644 --- a/mailnews-literals.patch +++ b/mailnews-literals.patch @@ -47,6 +47,25 @@ diff --git a/mailnews/base/src/nsMsgFolderCompactor.cpp b/mailnews/base/src/nsMs // if blockOffset is set, we added x-mozilla-status headers so // file pointer is already past them. if (!blockOffset) +@@ -1211,17 +1211,17 @@ nsOfflineStoreCompactState::OnDataAvaila + if (NS_SUCCEEDED(rv)) + { + if (m_startOfMsg) + { + m_startOfMsg = false; + // check if there's an envelope header; if not, write one. + if (strncmp(m_dataBuffer, "From ", 5)) + { +- m_fileStream->Write("From "CRLF, 7, &bytesWritten); ++ m_fileStream->Write("From " CRLF, 7, &bytesWritten); + m_offlineMsgSize += bytesWritten; + } + } + m_fileStream->Write(m_dataBuffer, readCount, &bytesWritten); + m_offlineMsgSize += bytesWritten; + writeCount += bytesWritten; + count -= readCount; + if (writeCount != readCount) diff --git a/mailnews/compose/src/nsMsgAppleEncode.cpp b/mailnews/compose/src/nsMsgAppleEncode.cpp --- a/mailnews/compose/src/nsMsgAppleEncode.cpp +++ b/mailnews/compose/src/nsMsgAppleEncode.cpp From 1e49694862afdbfe5d66386bdc14bad69b1be6b546eb4bb7dbff66a2263e3698 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 30 Apr 2012 07:07:52 +0000 Subject: [PATCH 3/3] - update to Thunderbird 12.0.1 * fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using "Fetch Headers Only" (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=174 --- MozillaThunderbird.changes | 13 +++++++++++++ MozillaThunderbird.spec | 4 ++-- compare-locales.tar.bz2 | 4 ++-- create-tar.sh | 4 ++-- l10n-12.0.1.tar.bz2 | 3 +++ l10n-12.0.tar.bz2 | 3 --- thunderbird-12.0-source.tar.bz2 | 3 --- thunderbird-12.0.1-source.tar.bz2 | 3 +++ 8 files changed, 25 insertions(+), 12 deletions(-) create mode 100644 l10n-12.0.1.tar.bz2 delete mode 100644 l10n-12.0.tar.bz2 delete mode 100644 thunderbird-12.0-source.tar.bz2 create mode 100644 thunderbird-12.0.1-source.tar.bz2 diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 3281695..58afb0e 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Mon Apr 30 06:43:26 UTC 2012 - wr@rosenauer.org + +- update to Thunderbird 12.0.1 + * fix regressions + - POP3 filters (bmo#748090) + - Message Body not loaded when using "Fetch Headers Only" + (bmo#748865) + - Received messages contain parts of other messages with + movemail account (bmo#748726) + - New mail notification issue (bmo#748997) + - crash in nsMsgDatabase::MatchDbName (bmo#748432) + ------------------------------------------------------------------- Fri Apr 27 10:22:49 UTC 2012 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 3a8082b..e66854c 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -40,11 +40,11 @@ BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel BuildRequires: yasm BuildRequires: zip -%define mainversion 12.0 +%define mainversion 12.0.1 %define update_channel release Version: %{mainversion} Release: 0 -%define releasedate 2012042100 +%define releasedate 2012042800 Provides: thunderbird = %{version} %if %{with_kde} # this is needed to match this package with the kde4 helper package without the main package diff --git a/compare-locales.tar.bz2 b/compare-locales.tar.bz2 index 4d4e538..c7c43c3 100644 --- a/compare-locales.tar.bz2 +++ b/compare-locales.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1cf4361be7ffc69552e513101e6abf5b419e1c1966edc70f83a7221c5a79c3aa -size 29329 +oid sha256:8d3638287e651173ce4b9365d8ed67a43c38d1333fddb2071341f4d77bcb95f3 +size 29348 diff --git a/create-tar.sh b/create-tar.sh index 02c293b..7a07ee7 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="release" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_12_0_RELEASE" -VERSION="12.0" +RELEASE_TAG="THUNDERBIRD_12_0_1_RELEASE" +VERSION="12.0.1" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-12.0.1.tar.bz2 b/l10n-12.0.1.tar.bz2 new file mode 100644 index 0000000..17af1ce --- /dev/null +++ b/l10n-12.0.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe77d369d7d60ee819b54372da5afd3b68331c30499105075fc95f2b9464f797 +size 25499303 diff --git a/l10n-12.0.tar.bz2 b/l10n-12.0.tar.bz2 deleted file mode 100644 index 057e197..0000000 --- a/l10n-12.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:12a22326fc4fd28cce0ae056959548cbc40c3cf4489524f68acf73921a8edb08 -size 25501576 diff --git a/thunderbird-12.0-source.tar.bz2 b/thunderbird-12.0-source.tar.bz2 deleted file mode 100644 index 3057c74..0000000 --- a/thunderbird-12.0-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0aae8543214b555a408de564014266d0cffbbb61fd927026af489966bed7ae34 -size 101199838 diff --git a/thunderbird-12.0.1-source.tar.bz2 b/thunderbird-12.0.1-source.tar.bz2 new file mode 100644 index 0000000..c83e71a --- /dev/null +++ b/thunderbird-12.0.1-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:573acd29f9f514bafa0a5daa0df39e62a82b3ebb573c7091693eacdcaf7fd234 +size 101196652