- update to Thunderbird 38.7.0 (boo#969894)

* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using performance.getEntries and
    history navigation
  * MFSA 2016-16/CVE-2016-1952
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property
  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
    Memory corruption with malicious NPAPI plugin
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=308

MozillaThunderbird.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Fri Mar 11 12:57:25 UTC 2016 - wr@rosenauer.org
+
+- update to Thunderbird 38.7.0 (boo#969894)
+  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+    Use-after-free in MediaStream playback
+  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+    Same-origin policy violation using performance.getEntries and
+    history navigation
+  * MFSA 2016-16/CVE-2016-1952
+    Miscellaneous memory safety hazards
+  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+    Local file overwriting and potential privilege escalation through
+    CSP reports
+  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+    Memory leak in libstagefright when deleting an array during MP4
+    processing
+  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+    Displayed page address can be overridden
+  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+    Use-after-free in HTML5 string parser
+  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+    Use-after-free in SetBody
+  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+    Use-after-free when using multiple WebRTC data channels
+  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+    Use-after-free during XML transformations
+  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+    Addressbar spoofing though history navigation and Location protocol
+    property
+  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+    Memory corruption with malicious NPAPI plugin
+  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+    Out-of-bounds read in HTML parser following a failed allocation
+  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+    Font vulnerabilities in the Graphite 2 library
+
 -------------------------------------------------------------------
 Fri Feb 26 15:45:19 UTC 2016 - astieger@suse.com
 

MozillaThunderbird.spec

@@ -2,7 +2,7 @@
 # spec file for package MozillaThunderbird
 #
 # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-#               2006-2015 Wolfgang Rosenauer <wr@rosenauer.org>
+#               2006-2016 Wolfgang Rosenauer <wr@rosenauer.org>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 #
 
 
-%define mainversion 38.6.0
+%define mainversion 38.7.0
 %define update_channel release
 
 %if %suse_version > 1210
@@ -75,7 +75,7 @@ Recommends:     gstreamer-0_10-plugins-ffmpeg
 %endif
 Version:        %{mainversion}
 Release:        0
-%define releasedate 2016021200
+%define releasedate 2016031000
 Provides:       thunderbird = %{version}
 Provides:       appdata()
 Provides:       appdata(thunderbird.appdata.xml)

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f8a7ba0b143e075d60813a57b94c77a1676fde0f7bddaf315d8ed062b3dc29ea
-size 28384
+oid sha256:01687121a808640f9e1f3c5e4004b3752c14955b5dd6a79ad50c1da73882ec38
+size 28388

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr38"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_38_6_0_RELEASE"
-VERSION="38.6.0"
+RELEASE_TAG="THUNDERBIRD_38_7_0_RELEASE"
+VERSION="38.7.0"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

l10n-38.6.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:71546bbd3ce1bb4630e58ffa455c8212e1501bc9e396a44e3ccd4a4d63aa4daa
-size 22429816

l10n-38.7.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2697b44311e8cfe521d12f910caae33de77f4a9dacd50efd679b9b5dc18ddabe
+size 22425608

thunderbird-38.6.0-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:87d75d1fd2cf5beb1fd8ef428dd9a697d2bae0b0b4ef3038daade24b89eec5f2
-size 175056728

thunderbird-38.7.0-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c4abbe0b7a6bdf2f457521cb13f2cb238370ae5c28ca38feb3ef1ee56329d938
+size 175024356