From bde1e0ee1fb57a7717a9bfc6a070d7b030550710b961cc1b56edc3338e7aa839 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 13 May 2016 05:36:32 +0000 Subject: [PATCH] - update to Thunderbird 45.1.0 (boo#977333) * MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376) Miscellaneous memory safety hazards in this particular case (i.e. do not pass - update to Thunderbird 45.0 (boo#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=315 --- MozillaThunderbird.changes | 48 ++++++++++++++++++++++++++++++-- MozillaThunderbird.spec | 4 +-- compare-locales.tar.xz | 4 +-- create-tar.sh | 4 +-- l10n-45.0.tar.xz | 3 -- l10n-45.1.0.tar.xz | 3 ++ thunderbird-45.0-source.tar.xz | 3 -- thunderbird-45.1.0-source.tar.xz | 3 ++ 8 files changed, 58 insertions(+), 14 deletions(-) delete mode 100644 l10n-45.0.tar.xz create mode 100644 l10n-45.1.0.tar.xz delete mode 100644 thunderbird-45.0-source.tar.xz create mode 100644 thunderbird-45.1.0-source.tar.xz diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 147682b..17b08d8 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,15 +1,22 @@ +------------------------------------------------------------------- +Sat May 7 22:19:09 UTC 2016 - wr@rosenauer.org + +- update to Thunderbird 45.1.0 (boo#977333) + * MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376) + Miscellaneous memory safety hazards + ------------------------------------------------------------------- Wed Apr 27 04:26:56 UTC 2016 - badshah400@gmail.com - For openSUSE > 13.2, the build fails for i586 as it goes out of memory. Prevent this from happening by disabing parallel build - in this particular case (i.e. do not pass + in this particular case (i.e. do not pass mk_add_options MOZ_MAKE_FLAGS%{?jobs:-j%jobs}). ------------------------------------------------------------------- Sat Apr 16 08:11:14 UTC 2016 - wr@rosenauer.org -- update to Thunderbird 45.0 +- update to Thunderbird 45.0 (boo#969894) * Add a Correspondents column combining Sender and Recipient * Much better support for XMPP chatrooms and commands * Remote content exceptions: Improved options to add exceptions @@ -25,6 +32,43 @@ Sat Apr 16 08:11:14 UTC 2016 - wr@rosenauer.org * Allow copying of name and email address from the message header of an email * Mail.ru supports OAuth authentication + * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 + Miscellaneous memory safety hazards + * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) + Local file overwriting and potential privilege escalation through + CSP reports + * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) + CSP reports fail to strip location information for embedded iframe pages + * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) + Linux video memory DOS with Intel drivers + * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) + Memory leak in libstagefright when deleting an array during MP4 + processing + * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) + Use-after-free in HTML5 string parser + * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) + Use-after-free in SetBody + * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) + Use-after-free during XML transformations + * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) + Out-of-bounds read in HTML parser following a failed allocation + * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) + Buffer overflow during ASN.1 decoding in NSS + (fixed by requiring 3.21.1) + * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) + Use-after-free during processing of DER encoded keys in NSS + (fixed by requiring 3.21.1) + * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ + CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ + CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ + CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 + Font vulnerabilities in the Graphite 2 library +- remove obsolete patches: + * mozilla-arm-disable-edsp.patch + * mozilla-icu-strncat.patch + * mozilla-arm64-libjpeg-turbo.patch +- added required mozilla platform patches: + * mozilla-no-stdcxx-check.patch ------------------------------------------------------------------- Wed Apr 6 21:54:09 UTC 2016 - astieger@suse.com diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index e344a3c..3511553 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,9 +17,9 @@ # -%define mainversion 45.0 +%define mainversion 45.1.0 %define update_channel release -%define releasedate 2016041500 +%define releasedate 2016050700 %if %suse_version > 1310 %define gstreamer_ver 1.0 diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 59a17b0..da9a840 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a8057e32507230b91977e44dffd7dba5969bf391a20f93af0e39786732246088 -size 28376 +oid sha256:af9a5fe66d4f9923c77607bfa4564f200af8b33cf71e0e232877c89c25c615ae +size 28380 diff --git a/create-tar.sh b/create-tar.sh index 02be22e..e24d927 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr45" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_45_0_RELEASE" -VERSION="45.0" +RELEASE_TAG="THUNDERBIRD_45_1_0_RELEASE" +VERSION="45.1.0" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-45.0.tar.xz b/l10n-45.0.tar.xz deleted file mode 100644 index 074c12f..0000000 --- a/l10n-45.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:97797ae1da39a20af90e312434388a3d0ad7071dd6893d2402ffb8ab144a856e -size 24491464 diff --git a/l10n-45.1.0.tar.xz b/l10n-45.1.0.tar.xz new file mode 100644 index 0000000..832aec4 --- /dev/null +++ b/l10n-45.1.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0df9e18eb5138f1e772062aa5d1bd9f39407aaec4f44d126a4ef13861901aaef +size 24509348 diff --git a/thunderbird-45.0-source.tar.xz b/thunderbird-45.0-source.tar.xz deleted file mode 100644 index 062d914..0000000 --- a/thunderbird-45.0-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6ef27dfdcdf17b63a8617a1700ba8a6bb667d78939ce2cb960d649c93a5fa814 -size 211293500 diff --git a/thunderbird-45.1.0-source.tar.xz b/thunderbird-45.1.0-source.tar.xz new file mode 100644 index 0000000..aba41a6 --- /dev/null +++ b/thunderbird-45.1.0-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:94a0eb2439295cc38265aee58860ade171ed48f91c4ff97ccd02fe2afafddb8e +size 211796052