Accepting request 147600 from mozilla:Factory

- update to Thunderbird 17.0.2 (bnc#796895)
  * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
    Miscellaneous memory safety hazards
  * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
    CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
    Use-after-free and buffer overflow issues found using Address Sanitizer
  * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
    Buffer Overflow in Canvas
  * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
    URL spoofing in addressbar during page loads
  * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
    Use-after-free when displaying table with many columns and column groups
  * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
    Crash due to handling of SSL on threads
  * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
    AutoWrapperChanger fails to keep objects alive during garbage collection
  * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
    Compartment mismatch with quickstubs returned values
  * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
    Event manipulation in plugin handler to bypass same-origin policy
  * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
    Address space layout leaked in XBL objects
  * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
    Buffer overflow in Javascript string concatenation
  * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
    Memory corruption in XBL with XML bindings containing SVG
  * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
    Chrome Object Wrapper (COW) bypass through changing prototype
  * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
    Privilege escalation through plugin objects

OBS-URL: https://build.opensuse.org/request/show/147600
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=113

MozillaThunderbird.changes

@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Sat Jan  5 12:40:00 UTC 2013 - wr@rosenauer.org
+
+- update to Thunderbird 17.0.2 (bnc#796895)
+  * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
+    Miscellaneous memory safety hazards
+  * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
+    CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
+    Use-after-free and buffer overflow issues found using Address Sanitizer
+  * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
+    Buffer Overflow in Canvas
+  * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
+    URL spoofing in addressbar during page loads
+  * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
+    Use-after-free when displaying table with many columns and column groups
+  * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
+    Crash due to handling of SSL on threads
+  * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
+    AutoWrapperChanger fails to keep objects alive during garbage collection
+  * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
+    Compartment mismatch with quickstubs returned values
+  * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
+    Event manipulation in plugin handler to bypass same-origin policy
+  * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
+    Address space layout leaked in XBL objects
+  * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
+    Buffer overflow in Javascript string concatenation
+  * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
+    Memory corruption in XBL with XML bindings containing SVG
+  * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
+    Chrome Object Wrapper (COW) bypass through changing prototype
+  * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
+    Privilege escalation through plugin objects
+  * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
+    Use-after-free in serializeToStream
+  * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
+    Use-after-free in ListenerManager
+  * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
+    Use-after-free in Vibrate
+  * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
+    Use-after-free in Javascript Proxy objects
+- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
+- update Enigmail to 1.5.0
+
 -------------------------------------------------------------------
 Mon Nov 26 11:10:11 UTC 2012 - wr@rosenauer.org
 

MozillaThunderbird.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package MozillaThunderbird
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #               2006-2012 Wolfgang Rosenauer <wr@rosenauer.org>
 #
 # All modifications and additions to the file contributed by third parties
@@ -30,8 +30,8 @@ BuildRequires:  libcurl-devel
 BuildRequires:  libgnomeui-devel
 BuildRequires:  libidl-devel
 BuildRequires:  libnotify-devel
-BuildRequires:  mozilla-nspr-devel >= 4.9.2
-BuildRequires:  mozilla-nss-devel >= 3.13.6
+BuildRequires:  mozilla-nspr-devel >= 4.9.4
+BuildRequires:  mozilla-nss-devel >= 3.14.1
 BuildRequires:  nss-shared-helper-devel
 BuildRequires:  python
 BuildRequires:  startup-notification-devel
@@ -40,11 +40,11 @@ BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
 BuildRequires:  yasm
 BuildRequires:  zip
-%define mainversion 17.0
+%define mainversion 17.0.2
 %define update_channel release
 Version:        %{mainversion}
 Release:        0
-%define releasedate 2012111600
+%define releasedate 2013010500
 Provides:       thunderbird = %{version}
 %if %{with_kde}
 # this is needed to match this package with the kde4 helper package without the main package
@@ -65,7 +65,7 @@ Source4:        l10n-%{version}.tar.bz2
 Source6:        suse-default-prefs.js
 Source7:        find-external-requires.sh
 Source8:        thunderbird-rpmlintrc
-Source9:        enigmail-1.4.6.tar.gz
+Source9:        enigmail-1.5.0.tar.gz
 Source10:       create-tar.sh
 Source11:       compare-locales.tar.bz2
 Source12:       kde.js
@@ -173,7 +173,7 @@ symbols meant for upload to Mozilla's crash collector database.
 
 %if %build_enigmail
 %package -n enigmail
-Version:        1.4.6+%{mainversion}
+Version:        1.5.0+%{mainversion}
 Release:        0
 Summary:        OpenPGP addon for Thunderbird and SeaMonkey
 License:        MPL-1.1 or GPL-2.0+

compare-locales.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:02d8b934736ae0bb896762db3c5ec604fb0d417eed8362f965a6f0e415986585
-size 29877
+oid sha256:9117dd364a0736e7c254c5d7c2b11f2fc0ad0c427f93963fce77679cd684ffbf
+size 29303

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="release"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_17_0_RELEASE"
-VERSION="17.0"
+RELEASE_TAG="THUNDERBIRD_17_0_2_RELEASE"
+VERSION="17.0.2"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

enigmail-1.4.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f3771d1faa26676818bab5e2c50dce85013b9de30b82de526159eaa7ca34f036
-size 1262280

enigmail-1.5.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:51f55573448586718c8d7e664329d519b02c4b28af4910bcb550961ace9a9e71
+size 1216071

l10n-17.0.2.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:506802753d0222b6b8cd6452d030e8f27437cdd6f5e36ba7bf35fc5022db6839
+size 26332350

l10n-17.0.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7e7c09095dec2c9a8aa3548e31f024a31d452bde5a35999c65538d3c75104f3f
-size 26815103

thunderbird-17.0-source.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c118052876258e757495e399a4161412b831c5e44dba89be898b127c7ddb7422
-size 115128645

thunderbird-17.0.2-source.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bceafae8cf69d1e1b939e213d67f0c3d7d09434dad44313775e4c6b34724927e
+size 113592298