From 3d148b3d27a981603d44c2e7fdcdfab29570aca13afe9323de289d06d5176184 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 8 Sep 2010 17:24:33 +0000 Subject: [PATCH 1/4] update to 3.1.3 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=92 --- MozillaThunderbird.changes | 32 +++++++++++ MozillaThunderbird.spec | 16 ++---- create-tar.sh | 4 +- l10n-3.1.1.tar.bz2 | 3 -- l10n-3.1.3.tar.bz2 | 3 ++ mozilla-esd.patch | 91 -------------------------------- thunderbird-3.1.1-source.tar.bz2 | 3 -- thunderbird-3.1.3-source.tar.bz2 | 3 ++ 8 files changed, 45 insertions(+), 110 deletions(-) delete mode 100644 l10n-3.1.1.tar.bz2 create mode 100644 l10n-3.1.3.tar.bz2 delete mode 100644 mozilla-esd.patch delete mode 100644 thunderbird-3.1.1-source.tar.bz2 create mode 100644 thunderbird-3.1.3-source.tar.bz2 diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index d5c82cf..36bc99e 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Mon Aug 30 17:40:28 CEST 2010 - wr@rosenauer.org + +- security update to version 3.1.3 + * MFSA 2010-49/CVE-2010-3169 + Miscellaneous memory safety hazards + * MFSA 2010-50/CVE-2010-2765 (bmo#576447) + Frameset integer overflow vulnerability + * MFSA 2010-51/CVE-2010-2767 (bmo#584512) + Dangling pointer vulnerability using DOM plugin array + * MFSA 2010-53/CVE-2010-3166 (bmo#579655) + Heap buffer overflow in nsTextFrameUtils::TransformText + * MFSA 2010-54/CVE-2010-2760 (bmo#585815) + Dangling pointer vulnerability in nsTreeSelection + * MFSA 2010-55/CVE-2010-3168 (bmo#576075) + XUL tree removal crash and remote code execution + * MFSA 2010-56/CVE-2010-3167 (bmo#576070) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-57/CVE-2010-2766 (bmo#580445) + Crash and remote code execution in normalizeDocument + * MFSA 2010-59/CVE-2010-2762 (bmo#584180) + SJOW creates scope chains ending in outer object + * MFSA 2010-61/CVE-2010-2768 (bmo#579744) + UTF-7 XSS by overriding document charset using type + attribute + * MFSA 2010-62/CVE-2010-2769 (bmo#520189) + Copy-and-paste or drag-and-drop into designMode document allows + XSS + * MFSA 2010-63/CVE-2010-2764 (bmo#552090) + Information leak via XMLHttpRequest statusText +- ESD notification sound fix included upstream + ------------------------------------------------------------------- Mon Aug 30 17:37:58 CEST 2010 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 4aa718a..b78256e 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaThunderbird (Version 3.1.1) +# spec file for package MozillaThunderbird (Version 3.1.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -25,10 +25,10 @@ BuildRequires: autoconf213 fdupes gcc-c++ hunspell-devel libcurl-devel libgnome BuildRequires: nss-shared-helper-devel %endif License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ -%define mainversion 3.1.1 +%define mainversion 3.1.3 Version: %{mainversion} -Release: 2 -%define releasedate 2010071400 +Release: 1 +%define releasedate 2010082400 Summary: The Stand-Alone Mozilla Mail Component Url: http://www.mozilla.org/products/thunderbird/ Group: Productivity/Networking/Email/Clients @@ -43,7 +43,6 @@ Source7: find-external-requires.sh Source8: MozillaThunderbird-rpmlintrc Source9: enigmail-1.1.2.tar.bz2 Source10: create-tar.sh -Patch1: mozilla-esd.patch Patch2: thunderbird-appname.patch Patch4: tb-ssldap.patch Patch5: tb-develdirs.patch @@ -119,7 +118,6 @@ Software Development Kit to build plugins/extensions against Thunderbird. %if %crashreporter - %package buildsymbols License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Summary: Breakpad buildsymbols for %{name} @@ -130,8 +128,8 @@ This subpackage contains the Breakpad created and compatible debugging symbols meant for upload to Mozilla's crash collector database. %endif -%if %build_enigmail +%if %build_enigmail %package -n enigmail Version: 1.1.2 Release: 2 @@ -158,7 +156,6 @@ This package contains the Enigmail OpenPGP Addon for Thunderbird and SeaMonkey. %endif # xulrunner patches pushd mozilla -%patch1 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 @@ -452,7 +449,6 @@ exit 0 %{_bindir}/%{progname} %if %localize - %files translations-common -f %{_tmppath}/translations.common %defattr(-,root,root) @@ -471,7 +467,6 @@ exit 0 %{_includedir}/%{progname}/ %if %build_enigmail - %files -n enigmail %defattr(-,root,root) %dir %{_libdir}/mozilla @@ -479,7 +474,6 @@ exit 0 %endif %if %crashreporter - %files buildsymbols %defattr(-,root,root) %{_datadir}/mozilla/ diff --git a/create-tar.sh b/create-tar.sh index 178dd95..bd1c999 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ BRANCH="releases/comm-1.9.2" # comm-central -RELEASE_TAG="THUNDERBIRD_3_1_1_RELEASE" -VERSION="3.1.1" +RELEASE_TAG="THUNDERBIRD_3_1_3_RELEASE" +VERSION="3.1.3" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-3.1.1.tar.bz2 b/l10n-3.1.1.tar.bz2 deleted file mode 100644 index cebe14f..0000000 --- a/l10n-3.1.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd10591b04f33727374412eb27580b4732e730b3e5d0f38ef6a36d3d2fcbf56d -size 17904338 diff --git a/l10n-3.1.3.tar.bz2 b/l10n-3.1.3.tar.bz2 new file mode 100644 index 0000000..026e35d --- /dev/null +++ b/l10n-3.1.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1e31cc491f4da2f75db67dc0e913bc137a63edf6b6e692c28788149dbdf841a6 +size 17904014 diff --git a/mozilla-esd.patch b/mozilla-esd.patch deleted file mode 100644 index fb1903d..0000000 --- a/mozilla-esd.patch +++ /dev/null @@ -1,91 +0,0 @@ -diff --git a/widget/src/gtk2/nsSound.cpp b/widget/src/gtk2/nsSound.cpp ---- a/widget/src/gtk2/nsSound.cpp -+++ b/widget/src/gtk2/nsSound.cpp -@@ -52,36 +52,31 @@ - #include "nsCOMPtr.h" - #include "nsAutoPtr.h" - #include "nsString.h" - - #include - #include - - #include --/* used with esd_open_sound */ --static int esdref = -1; - static PRLibrary *elib = nsnull; - static PRLibrary *libcanberra = nsnull; - static PRLibrary* libasound = nsnull; - - // the following from esd.h - - #define ESD_BITS8 (0x0000) - #define ESD_BITS16 (0x0001) - #define ESD_MONO (0x0010) - #define ESD_STEREO (0x0020) - #define ESD_STREAM (0x0000) - #define ESD_PLAY (0x1000) - - #define WAV_MIN_LENGTH 44 - --typedef int (*EsdOpenSoundType)(const char *host); --typedef int (*EsdCloseType)(int); -- - /* used to play the sounds from the find symbol call */ - typedef int (*EsdPlayStreamType) (int, int, const char *, const char *); - typedef int (*EsdAudioOpenType) (void); - typedef int (*EsdAudioWriteType) (const void *, int); - typedef void (*EsdAudioCloseType) (void); - - /* used to find and play common system event sounds. - this interfaces with libcanberra. -@@ -126,50 +121,30 @@ NS_IMPL_ISUPPORTS2(nsSound, nsISound, ns - //////////////////////////////////////////////////////////////////////// - nsSound::nsSound() - { - mInited = PR_FALSE; - } - - nsSound::~nsSound() - { -- if (esdref >= 0) { -- EsdCloseType EsdClose = (EsdCloseType) PR_FindFunctionSymbol(elib, "esd_close"); -- if (EsdClose) -- (*EsdClose)(esdref); -- esdref = -1; -- } - } - - NS_IMETHODIMP - nsSound::Init() - { - // This function is designed so that no library is compulsory, and - // one library missing doesn't cause the other(s) to not be used. - if (mInited) - return NS_OK; - - mInited = PR_TRUE; - - if (!elib) { - elib = PR_LoadLibrary("libesd.so.0"); -- if (elib) { -- EsdOpenSoundType EsdOpenSound = -- (EsdOpenSoundType) PR_FindFunctionSymbol(elib, "esd_open_sound"); -- if (!EsdOpenSound) { -- PR_UnloadLibrary(elib); -- elib = nsnull; -- } else { -- esdref = (*EsdOpenSound)("localhost"); -- if (esdref < 0) { -- PR_UnloadLibrary(elib); -- elib = nsnull; -- } -- } -- } - } - - if (!libasound) { - PRFuncPtr func = PR_FindFunctionSymbolAndLibrary("snd_lib_error_set_handler", - &libasound); - if (libasound) { - snd_lib_error_set_handler_fn snd_lib_error_set_handler = - (snd_lib_error_set_handler_fn) func; diff --git a/thunderbird-3.1.1-source.tar.bz2 b/thunderbird-3.1.1-source.tar.bz2 deleted file mode 100644 index 9afca41..0000000 --- a/thunderbird-3.1.1-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8a7ab80c8bf3aebbbb45c0c2092f15bd24fc2d8705ffef6b7e47ff81bad352f -size 66169902 diff --git a/thunderbird-3.1.3-source.tar.bz2 b/thunderbird-3.1.3-source.tar.bz2 new file mode 100644 index 0000000..accafa1 --- /dev/null +++ b/thunderbird-3.1.3-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:212e0cf1402aed40e9e70b6e40ce0a8ed4123eb2d3dfb89ffa18806f5d8a9068 +size 66075965 From c1346a614ae4bb62290963b8e742a888f43b744c934db1864d6024490a806729 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 8 Sep 2010 18:04:00 +0000 Subject: [PATCH 2/4] add bugid OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=93 --- MozillaThunderbird.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 36bc99e..723a8b2 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Mon Aug 30 17:40:28 CEST 2010 - wr@rosenauer.org -- security update to version 3.1.3 +- security update to version 3.1.3 (bnc#637303) * MFSA 2010-49/CVE-2010-3169 Miscellaneous memory safety hazards * MFSA 2010-50/CVE-2010-2765 (bmo#576447) From 542da8cf5ff75a46760c9820e9dcff2737b8854dd2e9b252086c66fa2769a04e Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 14 Sep 2010 13:13:06 +0000 Subject: [PATCH 3/4] Accepting request 47529 from mozilla:Factory checked in (request 47529) OBS-URL: https://build.opensuse.org/request/show/47529 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=94 --- MozillaThunderbird.changes | 32 ----------- MozillaThunderbird.spec | 16 ++++-- create-tar.sh | 4 +- l10n-3.1.1.tar.bz2 | 3 ++ l10n-3.1.3.tar.bz2 | 3 -- mozilla-esd.patch | 91 ++++++++++++++++++++++++++++++++ thunderbird-3.1.1-source.tar.bz2 | 3 ++ thunderbird-3.1.3-source.tar.bz2 | 3 -- 8 files changed, 110 insertions(+), 45 deletions(-) create mode 100644 l10n-3.1.1.tar.bz2 delete mode 100644 l10n-3.1.3.tar.bz2 create mode 100644 mozilla-esd.patch create mode 100644 thunderbird-3.1.1-source.tar.bz2 delete mode 100644 thunderbird-3.1.3-source.tar.bz2 diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 723a8b2..d5c82cf 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,35 +1,3 @@ -------------------------------------------------------------------- -Mon Aug 30 17:40:28 CEST 2010 - wr@rosenauer.org - -- security update to version 3.1.3 (bnc#637303) - * MFSA 2010-49/CVE-2010-3169 - Miscellaneous memory safety hazards - * MFSA 2010-50/CVE-2010-2765 (bmo#576447) - Frameset integer overflow vulnerability - * MFSA 2010-51/CVE-2010-2767 (bmo#584512) - Dangling pointer vulnerability using DOM plugin array - * MFSA 2010-53/CVE-2010-3166 (bmo#579655) - Heap buffer overflow in nsTextFrameUtils::TransformText - * MFSA 2010-54/CVE-2010-2760 (bmo#585815) - Dangling pointer vulnerability in nsTreeSelection - * MFSA 2010-55/CVE-2010-3168 (bmo#576075) - XUL tree removal crash and remote code execution - * MFSA 2010-56/CVE-2010-3167 (bmo#576070) - Dangling pointer vulnerability in nsTreeContentView - * MFSA 2010-57/CVE-2010-2766 (bmo#580445) - Crash and remote code execution in normalizeDocument - * MFSA 2010-59/CVE-2010-2762 (bmo#584180) - SJOW creates scope chains ending in outer object - * MFSA 2010-61/CVE-2010-2768 (bmo#579744) - UTF-7 XSS by overriding document charset using type - attribute - * MFSA 2010-62/CVE-2010-2769 (bmo#520189) - Copy-and-paste or drag-and-drop into designMode document allows - XSS - * MFSA 2010-63/CVE-2010-2764 (bmo#552090) - Information leak via XMLHttpRequest statusText -- ESD notification sound fix included upstream - ------------------------------------------------------------------- Mon Aug 30 17:37:58 CEST 2010 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index b78256e..4aa718a 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaThunderbird (Version 3.1.3) +# spec file for package MozillaThunderbird (Version 3.1.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -25,10 +25,10 @@ BuildRequires: autoconf213 fdupes gcc-c++ hunspell-devel libcurl-devel libgnome BuildRequires: nss-shared-helper-devel %endif License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ -%define mainversion 3.1.3 +%define mainversion 3.1.1 Version: %{mainversion} -Release: 1 -%define releasedate 2010082400 +Release: 2 +%define releasedate 2010071400 Summary: The Stand-Alone Mozilla Mail Component Url: http://www.mozilla.org/products/thunderbird/ Group: Productivity/Networking/Email/Clients @@ -43,6 +43,7 @@ Source7: find-external-requires.sh Source8: MozillaThunderbird-rpmlintrc Source9: enigmail-1.1.2.tar.bz2 Source10: create-tar.sh +Patch1: mozilla-esd.patch Patch2: thunderbird-appname.patch Patch4: tb-ssldap.patch Patch5: tb-develdirs.patch @@ -118,6 +119,7 @@ Software Development Kit to build plugins/extensions against Thunderbird. %if %crashreporter + %package buildsymbols License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Summary: Breakpad buildsymbols for %{name} @@ -128,8 +130,8 @@ This subpackage contains the Breakpad created and compatible debugging symbols meant for upload to Mozilla's crash collector database. %endif - %if %build_enigmail + %package -n enigmail Version: 1.1.2 Release: 2 @@ -156,6 +158,7 @@ This package contains the Enigmail OpenPGP Addon for Thunderbird and SeaMonkey. %endif # xulrunner patches pushd mozilla +%patch1 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 @@ -449,6 +452,7 @@ exit 0 %{_bindir}/%{progname} %if %localize + %files translations-common -f %{_tmppath}/translations.common %defattr(-,root,root) @@ -467,6 +471,7 @@ exit 0 %{_includedir}/%{progname}/ %if %build_enigmail + %files -n enigmail %defattr(-,root,root) %dir %{_libdir}/mozilla @@ -474,6 +479,7 @@ exit 0 %endif %if %crashreporter + %files buildsymbols %defattr(-,root,root) %{_datadir}/mozilla/ diff --git a/create-tar.sh b/create-tar.sh index bd1c999..178dd95 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ BRANCH="releases/comm-1.9.2" # comm-central -RELEASE_TAG="THUNDERBIRD_3_1_3_RELEASE" -VERSION="3.1.3" +RELEASE_TAG="THUNDERBIRD_3_1_1_RELEASE" +VERSION="3.1.1" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-3.1.1.tar.bz2 b/l10n-3.1.1.tar.bz2 new file mode 100644 index 0000000..cebe14f --- /dev/null +++ b/l10n-3.1.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd10591b04f33727374412eb27580b4732e730b3e5d0f38ef6a36d3d2fcbf56d +size 17904338 diff --git a/l10n-3.1.3.tar.bz2 b/l10n-3.1.3.tar.bz2 deleted file mode 100644 index 026e35d..0000000 --- a/l10n-3.1.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1e31cc491f4da2f75db67dc0e913bc137a63edf6b6e692c28788149dbdf841a6 -size 17904014 diff --git a/mozilla-esd.patch b/mozilla-esd.patch new file mode 100644 index 0000000..fb1903d --- /dev/null +++ b/mozilla-esd.patch @@ -0,0 +1,91 @@ +diff --git a/widget/src/gtk2/nsSound.cpp b/widget/src/gtk2/nsSound.cpp +--- a/widget/src/gtk2/nsSound.cpp ++++ b/widget/src/gtk2/nsSound.cpp +@@ -52,36 +52,31 @@ + #include "nsCOMPtr.h" + #include "nsAutoPtr.h" + #include "nsString.h" + + #include + #include + + #include +-/* used with esd_open_sound */ +-static int esdref = -1; + static PRLibrary *elib = nsnull; + static PRLibrary *libcanberra = nsnull; + static PRLibrary* libasound = nsnull; + + // the following from esd.h + + #define ESD_BITS8 (0x0000) + #define ESD_BITS16 (0x0001) + #define ESD_MONO (0x0010) + #define ESD_STEREO (0x0020) + #define ESD_STREAM (0x0000) + #define ESD_PLAY (0x1000) + + #define WAV_MIN_LENGTH 44 + +-typedef int (*EsdOpenSoundType)(const char *host); +-typedef int (*EsdCloseType)(int); +- + /* used to play the sounds from the find symbol call */ + typedef int (*EsdPlayStreamType) (int, int, const char *, const char *); + typedef int (*EsdAudioOpenType) (void); + typedef int (*EsdAudioWriteType) (const void *, int); + typedef void (*EsdAudioCloseType) (void); + + /* used to find and play common system event sounds. + this interfaces with libcanberra. +@@ -126,50 +121,30 @@ NS_IMPL_ISUPPORTS2(nsSound, nsISound, ns + //////////////////////////////////////////////////////////////////////// + nsSound::nsSound() + { + mInited = PR_FALSE; + } + + nsSound::~nsSound() + { +- if (esdref >= 0) { +- EsdCloseType EsdClose = (EsdCloseType) PR_FindFunctionSymbol(elib, "esd_close"); +- if (EsdClose) +- (*EsdClose)(esdref); +- esdref = -1; +- } + } + + NS_IMETHODIMP + nsSound::Init() + { + // This function is designed so that no library is compulsory, and + // one library missing doesn't cause the other(s) to not be used. + if (mInited) + return NS_OK; + + mInited = PR_TRUE; + + if (!elib) { + elib = PR_LoadLibrary("libesd.so.0"); +- if (elib) { +- EsdOpenSoundType EsdOpenSound = +- (EsdOpenSoundType) PR_FindFunctionSymbol(elib, "esd_open_sound"); +- if (!EsdOpenSound) { +- PR_UnloadLibrary(elib); +- elib = nsnull; +- } else { +- esdref = (*EsdOpenSound)("localhost"); +- if (esdref < 0) { +- PR_UnloadLibrary(elib); +- elib = nsnull; +- } +- } +- } + } + + if (!libasound) { + PRFuncPtr func = PR_FindFunctionSymbolAndLibrary("snd_lib_error_set_handler", + &libasound); + if (libasound) { + snd_lib_error_set_handler_fn snd_lib_error_set_handler = + (snd_lib_error_set_handler_fn) func; diff --git a/thunderbird-3.1.1-source.tar.bz2 b/thunderbird-3.1.1-source.tar.bz2 new file mode 100644 index 0000000..9afca41 --- /dev/null +++ b/thunderbird-3.1.1-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c8a7ab80c8bf3aebbbb45c0c2092f15bd24fc2d8705ffef6b7e47ff81bad352f +size 66169902 diff --git a/thunderbird-3.1.3-source.tar.bz2 b/thunderbird-3.1.3-source.tar.bz2 deleted file mode 100644 index accafa1..0000000 --- a/thunderbird-3.1.3-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:212e0cf1402aed40e9e70b6e40ce0a8ed4123eb2d3dfb89ffa18806f5d8a9068 -size 66075965 From 9f1c802f2f51d9aad6af519b9e5b0d5a5b23af02cac7e6b13af4a557ec51d0be Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 14 Sep 2010 13:13:07 +0000 Subject: [PATCH 4/4] Updating link to change in openSUSE:Factory/MozillaThunderbird revision 55.0 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=523e8c1a1513133588796a3d914267c5 --- MozillaThunderbird.changes | 32 +++++++++++ MozillaThunderbird.spec | 12 ++--- create-tar.sh | 4 +- l10n-3.1.1.tar.bz2 | 3 -- l10n-3.1.3.tar.bz2 | 3 ++ mozilla-esd.patch | 91 -------------------------------- thunderbird-3.1.1-source.tar.bz2 | 3 -- thunderbird-3.1.3-source.tar.bz2 | 3 ++ 8 files changed, 45 insertions(+), 106 deletions(-) delete mode 100644 l10n-3.1.1.tar.bz2 create mode 100644 l10n-3.1.3.tar.bz2 delete mode 100644 mozilla-esd.patch delete mode 100644 thunderbird-3.1.1-source.tar.bz2 create mode 100644 thunderbird-3.1.3-source.tar.bz2 diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index d5c82cf..723a8b2 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Mon Aug 30 17:40:28 CEST 2010 - wr@rosenauer.org + +- security update to version 3.1.3 (bnc#637303) + * MFSA 2010-49/CVE-2010-3169 + Miscellaneous memory safety hazards + * MFSA 2010-50/CVE-2010-2765 (bmo#576447) + Frameset integer overflow vulnerability + * MFSA 2010-51/CVE-2010-2767 (bmo#584512) + Dangling pointer vulnerability using DOM plugin array + * MFSA 2010-53/CVE-2010-3166 (bmo#579655) + Heap buffer overflow in nsTextFrameUtils::TransformText + * MFSA 2010-54/CVE-2010-2760 (bmo#585815) + Dangling pointer vulnerability in nsTreeSelection + * MFSA 2010-55/CVE-2010-3168 (bmo#576075) + XUL tree removal crash and remote code execution + * MFSA 2010-56/CVE-2010-3167 (bmo#576070) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-57/CVE-2010-2766 (bmo#580445) + Crash and remote code execution in normalizeDocument + * MFSA 2010-59/CVE-2010-2762 (bmo#584180) + SJOW creates scope chains ending in outer object + * MFSA 2010-61/CVE-2010-2768 (bmo#579744) + UTF-7 XSS by overriding document charset using type + attribute + * MFSA 2010-62/CVE-2010-2769 (bmo#520189) + Copy-and-paste or drag-and-drop into designMode document allows + XSS + * MFSA 2010-63/CVE-2010-2764 (bmo#552090) + Information leak via XMLHttpRequest statusText +- ESD notification sound fix included upstream + ------------------------------------------------------------------- Mon Aug 30 17:37:58 CEST 2010 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 4aa718a..a4c7694 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaThunderbird (Version 3.1.1) +# spec file for package MozillaThunderbird (Version 3.1.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -25,10 +25,10 @@ BuildRequires: autoconf213 fdupes gcc-c++ hunspell-devel libcurl-devel libgnome BuildRequires: nss-shared-helper-devel %endif License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ -%define mainversion 3.1.1 +%define mainversion 3.1.3 Version: %{mainversion} -Release: 2 -%define releasedate 2010071400 +Release: 1 +%define releasedate 2010082400 Summary: The Stand-Alone Mozilla Mail Component Url: http://www.mozilla.org/products/thunderbird/ Group: Productivity/Networking/Email/Clients @@ -43,7 +43,6 @@ Source7: find-external-requires.sh Source8: MozillaThunderbird-rpmlintrc Source9: enigmail-1.1.2.tar.bz2 Source10: create-tar.sh -Patch1: mozilla-esd.patch Patch2: thunderbird-appname.patch Patch4: tb-ssldap.patch Patch5: tb-develdirs.patch @@ -134,7 +133,7 @@ symbols meant for upload to Mozilla's crash collector database. %package -n enigmail Version: 1.1.2 -Release: 2 +Release: 3 License: GPLv2+ ; MPLv1.1+ Summary: OpenPGP addon for Thunderbird and SeaMonkey Group: Productivity/Networking/Email/Clients @@ -158,7 +157,6 @@ This package contains the Enigmail OpenPGP Addon for Thunderbird and SeaMonkey. %endif # xulrunner patches pushd mozilla -%patch1 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 diff --git a/create-tar.sh b/create-tar.sh index 178dd95..bd1c999 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ BRANCH="releases/comm-1.9.2" # comm-central -RELEASE_TAG="THUNDERBIRD_3_1_1_RELEASE" -VERSION="3.1.1" +RELEASE_TAG="THUNDERBIRD_3_1_3_RELEASE" +VERSION="3.1.3" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-3.1.1.tar.bz2 b/l10n-3.1.1.tar.bz2 deleted file mode 100644 index cebe14f..0000000 --- a/l10n-3.1.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd10591b04f33727374412eb27580b4732e730b3e5d0f38ef6a36d3d2fcbf56d -size 17904338 diff --git a/l10n-3.1.3.tar.bz2 b/l10n-3.1.3.tar.bz2 new file mode 100644 index 0000000..026e35d --- /dev/null +++ b/l10n-3.1.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1e31cc491f4da2f75db67dc0e913bc137a63edf6b6e692c28788149dbdf841a6 +size 17904014 diff --git a/mozilla-esd.patch b/mozilla-esd.patch deleted file mode 100644 index fb1903d..0000000 --- a/mozilla-esd.patch +++ /dev/null @@ -1,91 +0,0 @@ -diff --git a/widget/src/gtk2/nsSound.cpp b/widget/src/gtk2/nsSound.cpp ---- a/widget/src/gtk2/nsSound.cpp -+++ b/widget/src/gtk2/nsSound.cpp -@@ -52,36 +52,31 @@ - #include "nsCOMPtr.h" - #include "nsAutoPtr.h" - #include "nsString.h" - - #include - #include - - #include --/* used with esd_open_sound */ --static int esdref = -1; - static PRLibrary *elib = nsnull; - static PRLibrary *libcanberra = nsnull; - static PRLibrary* libasound = nsnull; - - // the following from esd.h - - #define ESD_BITS8 (0x0000) - #define ESD_BITS16 (0x0001) - #define ESD_MONO (0x0010) - #define ESD_STEREO (0x0020) - #define ESD_STREAM (0x0000) - #define ESD_PLAY (0x1000) - - #define WAV_MIN_LENGTH 44 - --typedef int (*EsdOpenSoundType)(const char *host); --typedef int (*EsdCloseType)(int); -- - /* used to play the sounds from the find symbol call */ - typedef int (*EsdPlayStreamType) (int, int, const char *, const char *); - typedef int (*EsdAudioOpenType) (void); - typedef int (*EsdAudioWriteType) (const void *, int); - typedef void (*EsdAudioCloseType) (void); - - /* used to find and play common system event sounds. - this interfaces with libcanberra. -@@ -126,50 +121,30 @@ NS_IMPL_ISUPPORTS2(nsSound, nsISound, ns - //////////////////////////////////////////////////////////////////////// - nsSound::nsSound() - { - mInited = PR_FALSE; - } - - nsSound::~nsSound() - { -- if (esdref >= 0) { -- EsdCloseType EsdClose = (EsdCloseType) PR_FindFunctionSymbol(elib, "esd_close"); -- if (EsdClose) -- (*EsdClose)(esdref); -- esdref = -1; -- } - } - - NS_IMETHODIMP - nsSound::Init() - { - // This function is designed so that no library is compulsory, and - // one library missing doesn't cause the other(s) to not be used. - if (mInited) - return NS_OK; - - mInited = PR_TRUE; - - if (!elib) { - elib = PR_LoadLibrary("libesd.so.0"); -- if (elib) { -- EsdOpenSoundType EsdOpenSound = -- (EsdOpenSoundType) PR_FindFunctionSymbol(elib, "esd_open_sound"); -- if (!EsdOpenSound) { -- PR_UnloadLibrary(elib); -- elib = nsnull; -- } else { -- esdref = (*EsdOpenSound)("localhost"); -- if (esdref < 0) { -- PR_UnloadLibrary(elib); -- elib = nsnull; -- } -- } -- } - } - - if (!libasound) { - PRFuncPtr func = PR_FindFunctionSymbolAndLibrary("snd_lib_error_set_handler", - &libasound); - if (libasound) { - snd_lib_error_set_handler_fn snd_lib_error_set_handler = - (snd_lib_error_set_handler_fn) func; diff --git a/thunderbird-3.1.1-source.tar.bz2 b/thunderbird-3.1.1-source.tar.bz2 deleted file mode 100644 index 9afca41..0000000 --- a/thunderbird-3.1.1-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8a7ab80c8bf3aebbbb45c0c2092f15bd24fc2d8705ffef6b7e47ff81bad352f -size 66169902 diff --git a/thunderbird-3.1.3-source.tar.bz2 b/thunderbird-3.1.3-source.tar.bz2 new file mode 100644 index 0000000..accafa1 --- /dev/null +++ b/thunderbird-3.1.3-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:212e0cf1402aed40e9e70b6e40ce0a8ed4123eb2d3dfb89ffa18806f5d8a9068 +size 66075965