rpm/MozillaThunderbird
SHA256
1
0
Fork 0
forked from pool/MozillaThunderbird
Code Pull Requests Activity

- update to Thunderbird 52.1.0

Browse Source 
* Background images not working and other issues related to
    embedded images when composing email have been fixed
  * Google Oauth setup can sometimes not progress to the next step
  * requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=365
This commit is contained in:
Wolfgang Rosenauer 2017-05-02 07:59:46 +00:00 committed by Git OBS Bridge
parent 55377bc24a
commit 7301b54ab6
8 changed files with 89 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
MozillaThunderbird.changes
View File

@ -1,3 +1,79 @@
-------------------------------------------------------------------
Mon May 1 08:52:52 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.1.0
* Background images not working and other issues related to
embedded images when composing email have been fixed
* Google Oauth setup can sometimes not progress to the next step
* requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
* CVE-2017-5443 (bmo#1342661)
Out-of-bounds write during BinHex decoding
* CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
Firefox ESR 52.1
* CVE-2017-5464 (bmo#1347075)
Memory corruption with accessibility and DOM manipulation
* CVE-2017-5465 (bmo#1347617)
Out-of-bounds read in ConvolvePixel
* CVE-2017-5466 (bmo#1353975)
Origin confusion when reloading isolated data:text/html URL
* CVE-2017-5467 (bmo#1347262)
Memory corruption when drawing Skia content
* CVE-2017-5460 (bmo#1343642)
Use-after-free in frame selection
* CVE-2017-5461 (bmo#1344380)
Out-of-bounds write in Base64 encoding in NSS
* CVE-2017-5449 (bmo#1340127)
Crash during bidirectional unicode manipulation with animation
* CVE-2017-5446 (bmo#1343505)
Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
* CVE-2017-5447 (bmo#1343552)
Out-of-bounds read during glyph processing
* CVE-2017-5444 (bmo#1344461)
Buffer overflow while parsing application/http-index-format content
* CVE-2017-5445 (bmo#1344467)
Uninitialized values used while parsing application/http-index-format
content
* CVE-2017-5442 (bmo#1347979)
Use-after-free during style changes
* CVE-2017-5469 (bmo#1292534)
Potential Buffer overflow in flex-generated code
* CVE-2017-5440 (bmo#1336832)
Use-after-free in txExecutionState destructor during XSLT processing
* CVE-2017-5441 (bmo#1343795)
Use-after-free with selection during scroll events
* CVE-2017-5439 (bmo#1336830)
Use-after-free in nsTArray Length() during XSLT processing
* CVE-2017-5438 (bmo#1336828)
Use-after-free in nsAutoPtr during XSLT processing
* CVE-2017-5437 (bmo#1343453)
Vulnerabilities in Libevent library
* CVE-2017-5436 (bmo#1345461)
Out-of-bounds write with malicious font in Graphite 2
* CVE-2017-5435 (bmo#1350683)
Use-after-free during transaction processing in the editor
* CVE-2017-5434 (bmo#1349946)
Use-after-free during focus handling
* CVE-2017-5433 (bmo#1347168)
Use-after-free in SMIL animation functions
* CVE-2017-5432 (bmo#1346654)
Use-after-free in text input selection
* CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
* CVE-2017-5459 (bmo#1333858)
Buffer overflow in WebGL
* CVE-2017-5462 (bmo#1345089)
DRBG flaw in NSS
* CVE-2017-5454 (bmo#1349276)
Sandbox escape allowing file system read access through file
picker
* CVE-2017-5451 (bmo#1273537)
Addressbar spoofing with onblur event
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 17 12:43:48 UTC 2017 - wr@rosenauer.org Mon Apr 17 12:43:48 UTC 2017 - wr@rosenauer.org

6
MozillaThunderbird.spec
View File

@ -17,9 +17,9 @@
# #
%define mainversion 52.0.1 %define mainversion 52.1.0
%define update_channel release %define update_channel release
%define releasedate 201704130000 %define releasedate 201704290000
%bcond_without mozilla_tb_kde4 %bcond_without mozilla_tb_kde4
%bcond_with mozilla_tb_valgrind %bcond_with mozilla_tb_valgrind
@ -42,7 +42,7 @@ BuildRequires: libgnomeui-devel
BuildRequires: libidl-devel BuildRequires: libidl-devel
BuildRequires: libnotify-devel BuildRequires: libnotify-devel
BuildRequires: mozilla-nspr-devel >= 4.13.1 BuildRequires: mozilla-nspr-devel >= 4.13.1
BuildRequires: mozilla-nss-devel >= 3.28.3 BuildRequires: mozilla-nss-devel >= 3.28.4
BuildRequires: python BuildRequires: python
BuildRequires: startup-notification-devel BuildRequires: startup-notification-devel
BuildRequires: unzip BuildRequires: unzip

4
compare-locales.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:d654df28ca39d147a284543405b8d04eff91321a4f4c4c9f822500408f37c555 oid sha256:a35ac9cfa29bb1905b4cc9314cb635f2bc7fab9aa57f001d84dae22f5a860ff7
size 28368 size 28384

4
create-tar.sh
View File

@ -2,8 +2,8 @@
CHANNEL="esr52" CHANNEL="esr52"
BRANCH="releases/comm-$CHANNEL" BRANCH="releases/comm-$CHANNEL"
RELEASE_TAG="THUNDERBIRD_52_0_1_RELEASE" RELEASE_TAG="THUNDERBIRD_52_1_0_RELEASE"
VERSION="52.0.1" VERSION="52.1.0"
echo "cloning $BRANCH..." echo "cloning $BRANCH..."
hg clone http://hg.mozilla.org/$BRANCH thunderbird hg clone http://hg.mozilla.org/$BRANCH thunderbird

3
l10n-52.0.1.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:71db66b7a52aa620bf1c24108e39dafbd24f4eded8499921b67379e265fe59a4
size 26212680

3
l10n-52.1.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ee61355499cabe2e23a2340aa8d9a17f60dc8f71d21e39ab72f2d01e36421def
size 26235228

3
thunderbird-52.0.1-source.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5eb26aa1727c9dfa96912b006604263feac590118ff13b7743275a098e28848b
size 240207288

3
thunderbird-52.1.0-source.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e0ff1f855524187a9ce0773f6c64aee652679d1e73a0d3d288c8e89de3fd692
size 240298004