- update to Thunderbird 52.1.0

* Background images not working and other issues related to
    embedded images when composing email have been fixed
  * Google Oauth setup can sometimes not progress to the next step
  * requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=365

MozillaThunderbird.changes

@@ -1,3 +1,79 @@
+-------------------------------------------------------------------
+Mon May  1 08:52:52 UTC 2017 - wr@rosenauer.org
+
+- update to Thunderbird 52.1.0
+  * Background images not working and other issues related to
+    embedded images when composing email have been fixed
+  * Google Oauth setup can sometimes not progress to the next step
+  * requires NSS >= 3.28.4
+- security fixes (boo#1035082), MFSA 2017-13
+  * CVE-2017-5443 (bmo#1342661)
+    Out-of-bounds write during BinHex decoding
+  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
+     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
+    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
+    Firefox ESR 52.1
+  * CVE-2017-5464 (bmo#1347075)
+    Memory corruption with accessibility and DOM manipulation
+  * CVE-2017-5465 (bmo#1347617)
+    Out-of-bounds read in ConvolvePixel
+  * CVE-2017-5466 (bmo#1353975)
+    Origin confusion when reloading isolated data:text/html URL
+  * CVE-2017-5467 (bmo#1347262)
+    Memory corruption when drawing Skia content
+  * CVE-2017-5460 (bmo#1343642)
+    Use-after-free in frame selection
+  * CVE-2017-5461 (bmo#1344380)
+    Out-of-bounds write in Base64 encoding in NSS
+  * CVE-2017-5449 (bmo#1340127)
+    Crash during bidirectional unicode manipulation with animation
+  * CVE-2017-5446 (bmo#1343505)
+    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+  * CVE-2017-5447 (bmo#1343552)
+    Out-of-bounds read during glyph processing
+  * CVE-2017-5444 (bmo#1344461)
+    Buffer overflow while parsing application/http-index-format content
+  * CVE-2017-5445 (bmo#1344467)
+    Uninitialized values used while parsing application/http-index-format
+    content
+  * CVE-2017-5442 (bmo#1347979)
+    Use-after-free during style changes
+  * CVE-2017-5469 (bmo#1292534)
+    Potential Buffer overflow in flex-generated code
+  * CVE-2017-5440 (bmo#1336832)
+    Use-after-free in txExecutionState destructor during XSLT processing
+  * CVE-2017-5441 (bmo#1343795)
+    Use-after-free with selection during scroll events
+  * CVE-2017-5439 (bmo#1336830)
+    Use-after-free in nsTArray Length() during XSLT processing
+  * CVE-2017-5438 (bmo#1336828)
+    Use-after-free in nsAutoPtr during XSLT processing
+  * CVE-2017-5437 (bmo#1343453)
+    Vulnerabilities in Libevent library
+  * CVE-2017-5436 (bmo#1345461)
+    Out-of-bounds write with malicious font in Graphite 2
+  * CVE-2017-5435 (bmo#1350683)
+    Use-after-free during transaction processing in the editor
+  * CVE-2017-5434 (bmo#1349946)
+    Use-after-free during focus handling
+  * CVE-2017-5433 (bmo#1347168)
+    Use-after-free in SMIL animation functions
+  * CVE-2017-5432 (bmo#1346654)
+    Use-after-free in text input selection
+  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
+     bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
+     bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
+    Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+  * CVE-2017-5459 (bmo#1333858)
+    Buffer overflow in WebGL
+  * CVE-2017-5462 (bmo#1345089)
+    DRBG flaw in NSS
+  * CVE-2017-5454 (bmo#1349276)
+    Sandbox escape allowing file system read access through file
+    picker
+  * CVE-2017-5451 (bmo#1273537)
+    Addressbar spoofing with onblur event
+
 -------------------------------------------------------------------
 Mon Apr 17 12:43:48 UTC 2017 - wr@rosenauer.org
 

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 52.0.1
+%define mainversion 52.1.0
 %define update_channel release
-%define releasedate 201704130000
+%define releasedate 201704290000
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
@@ -42,7 +42,7 @@ BuildRequires:  libgnomeui-devel
 BuildRequires:  libidl-devel
 BuildRequires:  libnotify-devel
 BuildRequires:  mozilla-nspr-devel >= 4.13.1
-BuildRequires:  mozilla-nss-devel >= 3.28.3
+BuildRequires:  mozilla-nss-devel >= 3.28.4
 BuildRequires:  python
 BuildRequires:  startup-notification-devel
 BuildRequires:  unzip

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:d654df28ca39d147a284543405b8d04eff91321a4f4c4c9f822500408f37c555
-size 28368
+oid sha256:a35ac9cfa29bb1905b4cc9314cb635f2bc7fab9aa57f001d84dae22f5a860ff7
+size 28384

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr52"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_52_0_1_RELEASE"
-VERSION="52.0.1"
+RELEASE_TAG="THUNDERBIRD_52_1_0_RELEASE"
+VERSION="52.1.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

l10n-52.0.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:71db66b7a52aa620bf1c24108e39dafbd24f4eded8499921b67379e265fe59a4
-size 26212680

l10n-52.1.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ee61355499cabe2e23a2340aa8d9a17f60dc8f71d21e39ab72f2d01e36421def
+size 26235228

thunderbird-52.0.1-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5eb26aa1727c9dfa96912b006604263feac590118ff13b7743275a098e28848b
-size 240207288

thunderbird-52.1.0-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7e0ff1f855524187a9ce0773f6c64aee652679d1e73a0d3d288c8e89de3fd692
+size 240298004