From 4f3d1309a5fd692b98314d87dd81cb3b8e457dc5b370d116d57977c4498c639b Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 21 Jul 2014 14:54:52 +0000 Subject: [PATCH 1/2] - update to Thunderbird 24.7.0 (bnc#887746) - disabled enigmail build as with version 1.7 it's a standalone source package OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=248 --- MozillaThunderbird.changes | 7 +++++++ MozillaThunderbird.spec | 12 ++++++------ compare-locales.tar.bz2 | 4 ++-- create-tar.sh | 4 ++-- enigmail-1.6.tar.gz | 3 --- enigmail-1.7.tar.gz | 3 +++ l10n-24.6.0.tar.bz2 | 3 --- l10n-24.7.0.tar.bz2 | 3 +++ thunderbird-24.6.0-source.tar.bz2 | 3 --- thunderbird-24.7.0-source.tar.bz2 | 3 +++ 10 files changed, 26 insertions(+), 19 deletions(-) delete mode 100644 enigmail-1.6.tar.gz create mode 100644 enigmail-1.7.tar.gz delete mode 100644 l10n-24.6.0.tar.bz2 create mode 100644 l10n-24.7.0.tar.bz2 delete mode 100644 thunderbird-24.6.0-source.tar.bz2 create mode 100644 thunderbird-24.7.0-source.tar.bz2 diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 43811cb..8c7bce7 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sun Jul 20 15:59:49 UTC 2014 - wr@rosenauer.org + +- update to Thunderbird 24.7.0 (bnc#887746) +- disabled enigmail build as with version 1.7 it's a standalone + source package + ------------------------------------------------------------------- Sat Jun 7 09:07:06 UTC 2014 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 0c05fe1..811fd36 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,7 +17,7 @@ # -%define mainversion 24.6.0 +%define mainversion 24.7.0 %define update_channel release %define gstreamer_ver 0.10 %define with_kde 1 @@ -34,7 +34,7 @@ BuildRequires: libgnomeui-devel BuildRequires: libidl-devel BuildRequires: libnotify-devel BuildRequires: mozilla-nspr-devel >= 4.10.6 -BuildRequires: mozilla-nss-devel >= 3.15.4 +BuildRequires: mozilla-nss-devel >= 3.16.2 BuildRequires: nss-shared-helper-devel BuildRequires: python BuildRequires: startup-notification-devel @@ -50,7 +50,7 @@ BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver) %endif Version: %{mainversion} Release: 0 -%define releasedate 2014061000 +%define releasedate 2014072000 Provides: thunderbird = %{version} %if %{with_kde} # this is needed to match this package with the kde4 helper package without the main package @@ -71,7 +71,7 @@ Source4: l10n-%{version}.tar.bz2 Source6: suse-default-prefs.js Source7: find-external-requires.sh Source8: thunderbird-rpmlintrc -Source9: enigmail-1.6.tar.gz +Source9: enigmail-1.7.tar.gz Source10: create-tar.sh Source11: compare-locales.tar.bz2 Source12: kde.js @@ -93,7 +93,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: coreutils fileutils textutils /bin/sh Recommends: libcanberra0 ### build options -%define build_enigmail 1 +%define build_enigmail 0 %ifnarch ppc ppc64 ppc64le %arm %define crashreporter 1 %else @@ -178,7 +178,7 @@ symbols meant for upload to Mozilla's crash collector database. %if %build_enigmail %package -n enigmail -Version: 1.6.0+%{mainversion} +Version: 1.7.0+%{mainversion} Release: 0 Summary: OpenPGP addon for Thunderbird and SeaMonkey License: MPL-1.1 or GPL-2.0+ diff --git a/compare-locales.tar.bz2 b/compare-locales.tar.bz2 index 1f0189c..50cae1d 100644 --- a/compare-locales.tar.bz2 +++ b/compare-locales.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3eae13654626579b026879ec18e4eec02a87e57cd9dc67f8693be0d7efc69c86 -size 29834 +oid sha256:2f420cd3b72af8ec018ce75aa73598c8c2cbe7dd32858d1f1b4bed7aa4b52db1 +size 29886 diff --git a/create-tar.sh b/create-tar.sh index fa408c7..39aefcf 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr24" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_24_6_0_RELEASE" -VERSION="24.6.0" +RELEASE_TAG="THUNDERBIRD_24_7_0_RELEASE" +VERSION="24.7.0" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/enigmail-1.6.tar.gz b/enigmail-1.6.tar.gz deleted file mode 100644 index ece39b8..0000000 --- a/enigmail-1.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:10d5eb7ba364b9b6e6275aae8bba1d0e4321ed7d55a715337d566ccf2a56ea4d -size 1231111 diff --git a/enigmail-1.7.tar.gz b/enigmail-1.7.tar.gz new file mode 100644 index 0000000..4c79b22 --- /dev/null +++ b/enigmail-1.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cddbf35783194a4e994f9584ad5bee74750e25f690e81727ba9eccc4f814f161 +size 1414100 diff --git a/l10n-24.6.0.tar.bz2 b/l10n-24.6.0.tar.bz2 deleted file mode 100644 index 13400b8..0000000 --- a/l10n-24.6.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:98e32125a20b6b5ab3e0c8eb3ebf5d55355514f677acd8955da7164f551f6bfe -size 27292529 diff --git a/l10n-24.7.0.tar.bz2 b/l10n-24.7.0.tar.bz2 new file mode 100644 index 0000000..d6e7cf9 --- /dev/null +++ b/l10n-24.7.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd7b3fbf713ee13b44d1b8db01b3e3b37cd4e0e36d7f515ea8ded45046b6e1b6 +size 27293766 diff --git a/thunderbird-24.6.0-source.tar.bz2 b/thunderbird-24.6.0-source.tar.bz2 deleted file mode 100644 index ebfca28..0000000 --- a/thunderbird-24.6.0-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1400fd4a0afa99d2168648d77cb07901613cd3ba56204d48f2fbe492ed95d8a6 -size 142128735 diff --git a/thunderbird-24.7.0-source.tar.bz2 b/thunderbird-24.7.0-source.tar.bz2 new file mode 100644 index 0000000..8ca06e6 --- /dev/null +++ b/thunderbird-24.7.0-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:438bab11f06b7f9bd82aa738b47085d71c648bf41845758d8c42223888d7cb1c +size 141973773 From 3eeadca128e5d85702f40117e061dd634e00768544cd14a29300c9ed5cd2f9e6 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 23 Jul 2014 05:20:48 +0000 Subject: [PATCH 2/2] * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=249 --- MozillaThunderbird.changes | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 8c7bce7..5250168 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -2,6 +2,17 @@ Sun Jul 20 15:59:49 UTC 2014 - wr@rosenauer.org - update to Thunderbird 24.7.0 (bnc#887746) + * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 + Miscellaneous memory safety hazards + * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) + Use-after-free with FireOnStateChange event + * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) + Exploitable WebGL crash with Cesium JavaScript library + * MFSA 2014-63/CVE-2014-1544 (bmo#963150) + Use-after-free while when manipulating certificates in the trusted cache + (solved with NSS 3.16.2 requirement) + * MFSA 2014-64/CVE-2014-1557 (bmo#913805) + Crash in Skia library when scaling high quality images - disabled enigmail build as with version 1.7 it's a standalone source package