diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index ebc0bf1..6672c58 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Thu Nov 20 18:53:35 CST 2008 - maw@suse.de + +- Review and approve changes. + +------------------------------------------------------------------- +Thu Nov 13 11:02:01 CET 2008 - wr@rosenauer.org + +- security update to version 2.0.0.18 (bnc#439841) + * MFSA 2008-48 / CVE-2008-5012 + Image stealing via canvas and HTTP redirect + * MFSA 2008-50 / CVE-2008-5014 (bmo#436741) + Crash and remote code execution via __proto__ tampering + * MFSA 2008-52 / CVE-2008-5016 / CVE-2008-5017 / CVE-2008-5018 + Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) + * MFSA 2008-55 / CVE-2008-5021 (bmo#456896) + Crash and remote code execution in nsFrameManager + * MFSA 2008-56 / CVE-2008-5022 (bmo#460002) + nsXMLHttpRequest::NotifyEventListeners() same-origin violation + * MFSA 2008-58 / CVE-2008-5024 (bmo#453915) + Parsing error in E4X default namespace + ------------------------------------------------------------------- Wed Oct 15 10:32:09 CDT 2008 - maw@suse.de diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index f545956..5c244e1 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaThunderbird (Version 2.0.0.17) +# spec file for package MozillaThunderbird (Version 2.0.0.18) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -34,7 +34,7 @@ BuildRequires: freetype2-devel popt-devel BuildRequires: gnome-vfs2 libgnome libgnomeui pkgconfig %endif License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) -Version: 2.0.0.17 +Version: 2.0.0.18 Release: 1 Summary: The Stand-Alone Mozilla Mail Component Url: http://www.mozilla.org/products/thunderbird/ @@ -66,6 +66,7 @@ Patch14: html-compose.patch Patch15: system-extensions.patch Patch16: list-replyto-clobber.patch Patch17: mozilla-path_len.patch +Patch18: mozldap-charray_strdup.patch Patch22: cjk-postscript-fonts.dif Patch25: postscript.patch Patch26: cups-paper.patch @@ -96,7 +97,7 @@ Requires: mozilla-nspr >= %(rpm -q --queryformat '%{VERSION}' mozilla-nspr BuildRequires: mozilla-nss-devel %endif %define _unpackaged_files_terminate_build 0 -%define releasedate 2008092200 +%define releasedate 2008111200 %define progname thunderbird %define progdir %{_prefix}/%_lib/thunderbird %define my_provides /tmp/my-provides @@ -196,10 +197,11 @@ cd $RPM_BUILD_DIR/mozilla %patch15 %patch16 %patch17 -p1 +%patch18 %patch22 %patch25 %patch26 -%patch27 -p0 +%patch27 # use hunspell from 11.0 on only %if %suse_version > 1030 %patch28 @@ -693,6 +695,22 @@ exit 0 %{_bindir}/thunderbird-config %changelog +* Thu Nov 20 2008 maw@suse.de +- Review and approve changes. +* Thu Nov 13 2008 wr@rosenauer.org +- security update to version 2.0.0.18 (bnc#439841) + * MFSA 2008-48 / CVE-2008-5012 + Image stealing via canvas and HTTP redirect + * MFSA 2008-50 / CVE-2008-5014 (bmo#436741) + Crash and remote code execution via __proto__ tampering + * MFSA 2008-52 / CVE-2008-5016 / CVE-2008-5017 / CVE-2008-5018 + Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) + * MFSA 2008-55 / CVE-2008-5021 (bmo#456896) + Crash and remote code execution in nsFrameManager + * MFSA 2008-56 / CVE-2008-5022 (bmo#460002) + nsXMLHttpRequest::NotifyEventListeners() same-origin violation + * MFSA 2008-58 / CVE-2008-5024 (bmo#453915) + Parsing error in E4X default namespace * Wed Oct 15 2008 maw@suse.de - Review and approve changes. * Wed Oct 08 2008 wr@rosenauer.org @@ -832,7 +850,7 @@ exit 0 - Security update to version 1.5.0.12 (#271197). * Tue Jun 05 2007 sbrabec@suse.cz - Removed invalid desktop category "Application" (#254654). -* Thu Apr 19 2007 wr@rosenauer.org +* Wed Apr 18 2007 wr@rosenauer.org - update to final version 2.0.0.0 (http://www.mozilla.com/en-US/thunderbird/2.0.0.0/releasenotes/) - update enigmail to 0.95.0 @@ -876,7 +894,7 @@ exit 0 ReplyToListThunderbirdExtension (#199125, bmo #45715) - added mailnews.clobber_list_reply pref which switches "Reply All" to "Reply List" functionality if set -* Thu Jul 27 2006 stark@suse.de +* Wed Jul 26 2006 stark@suse.de - security update to version 1.5.0.5 (#195043) - fixed overwrite confirmation for GTK filesaver (#179531) * Wed Jun 07 2006 stark@suse.de @@ -886,7 +904,7 @@ exit 0 * Fri Jun 02 2006 stark@suse.de - update to security/stability release 1.5.0.4 (#179011) (http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird) -* Mon May 15 2006 stark@suse.de +* Sun May 14 2006 stark@suse.de - update to version 1.5.0.2 - update mailredirect to 0.7.3 - save printer settings properly (#174082, bmo #324072) @@ -945,7 +963,7 @@ exit 0 - added patch for GTK2 handling (#134831) * Fri Nov 25 2005 stark@suse.de - update to 1.5 (20051124) -* Fri Oct 28 2005 stark@suse.de +* Thu Oct 27 2005 stark@suse.de - update to latest 1.5 snapshot (20051027) - added patch to be able to reply to and forward rfc822 messages (bmo #204350) @@ -978,21 +996,21 @@ exit 0 - fixed Gdk-WARNING at startup (gtk.patch) - fixed regression in profile locking change (bmo #303633) - fixed crash with gtk 2.7 (bmo #300226, bnc #104586) -* Wed Aug 03 2005 stark@suse.de +* Tue Aug 02 2005 stark@suse.de - fixed profile locking (bmo #151188) -* Fri Jul 29 2005 stark@suse.de +* Thu Jul 28 2005 stark@suse.de - don't require and provide NSS libs (#98002) * Fri Jul 22 2005 stark@suse.de - fixed printing patch * Tue Jul 19 2005 stark@suse.de - added NSPR to PreReq - disable stripping in specfile -* Fri Jul 15 2005 stark@suse.de +* Thu Jul 14 2005 stark@suse.de - update to 1.0.6 which restores API compatibility - fixed width calculation in Postscript module (bmo #290292) * Thu Jul 14 2005 stark@suse.de - fixed filelist to include icon-file and startscript again -* Tue Jul 12 2005 stark@suse.de +* Mon Jul 11 2005 stark@suse.de - fixed remote usage behaviour in start script (bnc #41903) - update to 1.0.5 security release - fixed quoting patch @@ -1073,12 +1091,12 @@ exit 0 - more fixes for #35179 - added firefox as default handler for its protocols - update enigmail to 0.83.4 -* Wed Mar 03 2004 stark@suse.de +* Tue Mar 02 2004 stark@suse.de - removed unused patches for GTK2 build * Sun Feb 29 2004 stark@suse.de - improved start-script to interact with firefox and mozilla (#35179) -* Fri Feb 27 2004 stark@suse.de +* Thu Feb 26 2004 stark@suse.de - update to 0.5 - spec-file cleanup * Wed Oct 15 2003 stark@suse.de diff --git a/l10n-2.0.0.17.tar.bz2 b/l10n-2.0.0.17.tar.bz2 deleted file mode 100644 index 53f0418..0000000 --- a/l10n-2.0.0.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5e872e07339d7cb40f16c13fd560a2607b55948e1ab0dc72505be07a8b54c686 -size 10044071 diff --git a/l10n-2.0.0.18.tar.bz2 b/l10n-2.0.0.18.tar.bz2 new file mode 100644 index 0000000..d6ab1b3 --- /dev/null +++ b/l10n-2.0.0.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eeabbfe3462b5b51d13ab758b533fd09a4e028bfaf60006ef09354de522ec508 +size 10046051 diff --git a/mozilla-system-hunspell.patch.bz2 b/mozilla-system-hunspell.patch.bz2 index 20d3410..632fed1 100644 --- a/mozilla-system-hunspell.patch.bz2 +++ b/mozilla-system-hunspell.patch.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1e6d91c89720c42391c4d91a94d502d99c6c41199c444b5798a716b93d50a7b7 -size 23552 +oid sha256:b947423b5dc09a97648b5d577a7f9f31ad577658570ea5f51d3827966e0389ef +size 23531 diff --git a/mozldap-charray_strdup.patch b/mozldap-charray_strdup.patch new file mode 100644 index 0000000..5729634 --- /dev/null +++ b/mozldap-charray_strdup.patch @@ -0,0 +1,46 @@ +--- directory/c-sdk/ldap/libraries/libldap/charray.c_orig 2008-10-28 14:12:34.000000000 +0100 ++++ directory/c-sdk/ldap/libraries/libldap/charray.c 2008-10-28 14:36:05.000000000 +0100 +@@ -191,7 +191,7 @@ + */ + char ** + LDAP_CALL +-ldap_str2charray( char *str, char *brkstr ) ++ldap_str2charray( char *str_in, char *brkstr ) + /* This implementation fails if brkstr contains multibyte characters. + But it works OK if str is UTF-8 and brkstr is 7-bit ASCII. + */ +@@ -199,6 +199,12 @@ + char **res; + char *s; + int i; ++ char *str; ++ ++ str = nsldapi_strdup( str_in ); ++ if ( str == NULL ) { ++ return NULL; ++ } + + i = 1; + for ( s = str; *s; s++ ) { +@@ -209,6 +215,7 @@ + + res = (char **)NSLDAPI_MALLOC( (i + 1) * sizeof(char *) ); + if ( res == NULL ) { ++ NSLDAPI_FREE( str ); + return NULL; + } + i = 0; +@@ -221,11 +228,13 @@ + for ( j = 0; j < (i - 1); j++ ) + NSLDAPI_FREE( res[j] ); + NSLDAPI_FREE( res ); ++ NSLDAPI_FREE( str ); + return NULL; + } + } + res[i] = NULL; + ++ NSLDAPI_FREE( str ); + return( res ); + } + diff --git a/thunderbird-2.0.0.17-source.tar.bz2 b/thunderbird-2.0.0.17-source.tar.bz2 deleted file mode 100644 index f61c6eb..0000000 --- a/thunderbird-2.0.0.17-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a2a68c397d8893b554b92d07d414a78699d70341c2dc3cc36e5cce0cfad74898 -size 40603932 diff --git a/thunderbird-2.0.0.18-source.tar.bz2 b/thunderbird-2.0.0.18-source.tar.bz2 new file mode 100644 index 0000000..72704b8 --- /dev/null +++ b/thunderbird-2.0.0.18-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9fe3d0211b4d79dd868090185fc46634ced90411928f37d3118302a4ffc0ccb2 +size 40626981