- update to Thunderbird 45.1.0 (boo#977333)

* MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376)
    Miscellaneous memory safety hazards
  in this particular case (i.e. do not pass
- update to Thunderbird 45.0 (boo#969894)
  * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
    Out-of-bounds read in HTML parser following a failed allocation
  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
    Buffer overflow during ASN.1 decoding in NSS
    (fixed by requiring 3.21.1)
  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
    Use-after-free during processing of DER encoded keys in NSS

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=315

MozillaThunderbird.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sat May  7 22:19:09 UTC 2016 - wr@rosenauer.org
+
+- update to Thunderbird 45.1.0 (boo#977333)
+  * MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376)
+    Miscellaneous memory safety hazards
+
 -------------------------------------------------------------------
 Wed Apr 27 04:26:56 UTC 2016 - badshah400@gmail.com
 
@@ -9,7 +16,7 @@ Wed Apr 27 04:26:56 UTC 2016 - badshah400@gmail.com
 -------------------------------------------------------------------
 Sat Apr 16 08:11:14 UTC 2016 - wr@rosenauer.org
 
-- update to Thunderbird 45.0
+- update to Thunderbird 45.0 (boo#969894)
   * Add a Correspondents column combining Sender and Recipient
   * Much better support for XMPP chatrooms and commands
   * Remote content exceptions: Improved options to add exceptions
@@ -25,6 +32,43 @@ Sat Apr 16 08:11:14 UTC 2016 - wr@rosenauer.org
   * Allow copying of name and email address from the message header
     of an email
   * Mail.ru supports OAuth authentication
+  * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
+    Miscellaneous memory safety hazards
+  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+    Local file overwriting and potential privilege escalation through
+    CSP reports
+  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
+    CSP reports fail to strip location information for embedded iframe pages
+  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
+    Linux video memory DOS with Intel drivers
+  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+    Memory leak in libstagefright when deleting an array during MP4
+    processing
+  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+    Use-after-free in HTML5 string parser
+  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+    Use-after-free in SetBody
+  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+    Use-after-free during XML transformations
+  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+    Out-of-bounds read in HTML parser following a failed allocation
+  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
+    Buffer overflow during ASN.1 decoding in NSS
+    (fixed by requiring 3.21.1)
+  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
+    Use-after-free during processing of DER encoded keys in NSS
+    (fixed by requiring 3.21.1)
+  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+    Font vulnerabilities in the Graphite 2 library
+- remove obsolete patches:
+  * mozilla-arm-disable-edsp.patch
+  * mozilla-icu-strncat.patch
+  * mozilla-arm64-libjpeg-turbo.patch
+- added required mozilla platform patches:
+  * mozilla-no-stdcxx-check.patch
 
 -------------------------------------------------------------------
 Wed Apr  6 21:54:09 UTC 2016 - astieger@suse.com

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 45.0
+%define mainversion 45.1.0
 %define update_channel release
-%define releasedate 2016041500
+%define releasedate 2016050700
 
 %if %suse_version > 1310
 %define gstreamer_ver 1.0

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:a8057e32507230b91977e44dffd7dba5969bf391a20f93af0e39786732246088
+oid sha256:af9a5fe66d4f9923c77607bfa4564f200af8b33cf71e0e232877c89c25c615ae
-size 28376
+size 28380

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr45"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_45_0_RELEASE"
+RELEASE_TAG="THUNDERBIRD_45_1_0_RELEASE"
-VERSION="45.0"
+VERSION="45.1.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

l10n-45.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:97797ae1da39a20af90e312434388a3d0ad7071dd6893d2402ffb8ab144a856e
-size 24491464

l10n-45.1.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0df9e18eb5138f1e772062aa5d1bd9f39407aaec4f44d126a4ef13861901aaef
+size 24509348

thunderbird-45.0-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6ef27dfdcdf17b63a8617a1700ba8a6bb667d78939ce2cb960d649c93a5fa814
-size 211293500

thunderbird-45.1.0-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:94a0eb2439295cc38265aee58860ade171ed48f91c4ff97ccd02fe2afafddb8e
+size 211796052