From 9bf273af7ce14ff48eadc2751ecb14948e227a9964704308fe92d5cd5a24ef92 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 5 Jan 2013 15:33:22 +0000 Subject: [PATCH 1/2] - update to Thunderbird 17.0.2 (bnc#796895) - update Enigmail to 1.5.0 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=203 --- MozillaThunderbird.changes | 6 ++++++ MozillaThunderbird.spec | 14 +++++++------- compare-locales.tar.bz2 | 4 ++-- create-tar.sh | 4 ++-- enigmail-1.4.6.tar.gz | 3 --- enigmail-1.5.0.tar.gz | 3 +++ l10n-17.0.2.tar.bz2 | 3 +++ l10n-17.0.tar.bz2 | 3 --- thunderbird-17.0-source.tar.bz2 | 3 --- thunderbird-17.0.2-source.tar.bz2 | 3 +++ 10 files changed, 26 insertions(+), 20 deletions(-) delete mode 100644 enigmail-1.4.6.tar.gz create mode 100644 enigmail-1.5.0.tar.gz create mode 100644 l10n-17.0.2.tar.bz2 delete mode 100644 l10n-17.0.tar.bz2 delete mode 100644 thunderbird-17.0-source.tar.bz2 create mode 100644 thunderbird-17.0.2-source.tar.bz2 diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 25bf344..56257eb 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sat Jan 5 12:40:00 UTC 2013 - wr@rosenauer.org + +- update to Thunderbird 17.0.2 (bnc#796895) +- update Enigmail to 1.5.0 + ------------------------------------------------------------------- Mon Nov 26 11:10:11 UTC 2012 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index c8f30db..6760a7f 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,7 +1,7 @@ # # spec file for package MozillaThunderbird # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2012 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -30,8 +30,8 @@ BuildRequires: libcurl-devel BuildRequires: libgnomeui-devel BuildRequires: libidl-devel BuildRequires: libnotify-devel -BuildRequires: mozilla-nspr-devel >= 4.9.2 -BuildRequires: mozilla-nss-devel >= 3.13.6 +BuildRequires: mozilla-nspr-devel >= 4.9.4 +BuildRequires: mozilla-nss-devel >= 3.14.1 BuildRequires: nss-shared-helper-devel BuildRequires: python BuildRequires: startup-notification-devel @@ -40,11 +40,11 @@ BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel BuildRequires: yasm BuildRequires: zip -%define mainversion 17.0 +%define mainversion 17.0.2 %define update_channel release Version: %{mainversion} Release: 0 -%define releasedate 2012111600 +%define releasedate 2013010500 Provides: thunderbird = %{version} %if %{with_kde} # this is needed to match this package with the kde4 helper package without the main package @@ -65,7 +65,7 @@ Source4: l10n-%{version}.tar.bz2 Source6: suse-default-prefs.js Source7: find-external-requires.sh Source8: thunderbird-rpmlintrc -Source9: enigmail-1.4.6.tar.gz +Source9: enigmail-1.5.0.tar.gz Source10: create-tar.sh Source11: compare-locales.tar.bz2 Source12: kde.js @@ -173,7 +173,7 @@ symbols meant for upload to Mozilla's crash collector database. %if %build_enigmail %package -n enigmail -Version: 1.4.6+%{mainversion} +Version: 1.5.0+%{mainversion} Release: 0 Summary: OpenPGP addon for Thunderbird and SeaMonkey License: MPL-1.1 or GPL-2.0+ diff --git a/compare-locales.tar.bz2 b/compare-locales.tar.bz2 index 42eda01..469af9a 100644 --- a/compare-locales.tar.bz2 +++ b/compare-locales.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:02d8b934736ae0bb896762db3c5ec604fb0d417eed8362f965a6f0e415986585 -size 29877 +oid sha256:9117dd364a0736e7c254c5d7c2b11f2fc0ad0c427f93963fce77679cd684ffbf +size 29303 diff --git a/create-tar.sh b/create-tar.sh index b9d861b..2bf31b5 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="release" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_17_0_RELEASE" -VERSION="17.0" +RELEASE_TAG="THUNDERBIRD_17_0_2_RELEASE" +VERSION="17.0.2" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/enigmail-1.4.6.tar.gz b/enigmail-1.4.6.tar.gz deleted file mode 100644 index 39d4069..0000000 --- a/enigmail-1.4.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f3771d1faa26676818bab5e2c50dce85013b9de30b82de526159eaa7ca34f036 -size 1262280 diff --git a/enigmail-1.5.0.tar.gz b/enigmail-1.5.0.tar.gz new file mode 100644 index 0000000..cd665b6 --- /dev/null +++ b/enigmail-1.5.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:51f55573448586718c8d7e664329d519b02c4b28af4910bcb550961ace9a9e71 +size 1216071 diff --git a/l10n-17.0.2.tar.bz2 b/l10n-17.0.2.tar.bz2 new file mode 100644 index 0000000..ea391e7 --- /dev/null +++ b/l10n-17.0.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:506802753d0222b6b8cd6452d030e8f27437cdd6f5e36ba7bf35fc5022db6839 +size 26332350 diff --git a/l10n-17.0.tar.bz2 b/l10n-17.0.tar.bz2 deleted file mode 100644 index e841e35..0000000 --- a/l10n-17.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7e7c09095dec2c9a8aa3548e31f024a31d452bde5a35999c65538d3c75104f3f -size 26815103 diff --git a/thunderbird-17.0-source.tar.bz2 b/thunderbird-17.0-source.tar.bz2 deleted file mode 100644 index 8f13252..0000000 --- a/thunderbird-17.0-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c118052876258e757495e399a4161412b831c5e44dba89be898b127c7ddb7422 -size 115128645 diff --git a/thunderbird-17.0.2-source.tar.bz2 b/thunderbird-17.0.2-source.tar.bz2 new file mode 100644 index 0000000..7af58ee --- /dev/null +++ b/thunderbird-17.0.2-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bceafae8cf69d1e1b939e213d67f0c3d7d09434dad44313775e4c6b34724927e +size 113592298 From 03a97ef381626e5bda134e105e24c5e4cdc03958d5c303cb063de8e63d6cd4fd Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 8 Jan 2013 18:18:28 +0000 Subject: [PATCH 2/2] * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads * MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects * MFSA 2013-16/CVE-2013-0753 (bmo#814001) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=204 --- MozillaThunderbird.changes | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 56257eb..63e243f 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -2,6 +2,44 @@ Sat Jan 5 12:40:00 UTC 2013 - wr@rosenauer.org - update to Thunderbird 17.0.2 (bnc#796895) + * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 + Miscellaneous memory safety hazards + * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 + CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 + Use-after-free and buffer overflow issues found using Address Sanitizer + * MFSA 2013-03/CVE-2013-0768 (bmo#815795) + Buffer Overflow in Canvas + * MFSA 2013-04/CVE-2012-0759 (bmo#802026) + URL spoofing in addressbar during page loads + * MFSA 2013-05/CVE-2013-0744 (bmo#814713) + Use-after-free when displaying table with many columns and column groups + * MFSA 2013-07/CVE-2013-0764 (bmo#804237) + Crash due to handling of SSL on threads + * MFSA 2013-08/CVE-2013-0745 (bmo#794158) + AutoWrapperChanger fails to keep objects alive during garbage collection + * MFSA 2013-09/CVE-2013-0746 (bmo#816842) + Compartment mismatch with quickstubs returned values + * MFSA 2013-10/CVE-2013-0747 (bmo#733305) + Event manipulation in plugin handler to bypass same-origin policy + * MFSA 2013-11/CVE-2013-0748 (bmo#806031) + Address space layout leaked in XBL objects + * MFSA 2013-12/CVE-2013-0750 (bmo#805121) + Buffer overflow in Javascript string concatenation + * MFSA 2013-13/CVE-2013-0752 (bmo#805024) + Memory corruption in XBL with XML bindings containing SVG + * MFSA 2013-14/CVE-2013-0757 (bmo#813901) + Chrome Object Wrapper (COW) bypass through changing prototype + * MFSA 2013-15/CVE-2013-0758 (bmo#813906) + Privilege escalation through plugin objects + * MFSA 2013-16/CVE-2013-0753 (bmo#814001) + Use-after-free in serializeToStream + * MFSA 2013-17/CVE-2013-0754 (bmo#814026) + Use-after-free in ListenerManager + * MFSA 2013-18/CVE-2013-0755 (bmo#814027) + Use-after-free in Vibrate + * MFSA 2013-19/CVE-2013-0756 (bmo#814029) + Use-after-free in Javascript Proxy objects +- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) - update Enigmail to 1.5.0 -------------------------------------------------------------------