- update to Thunderbird 60.3.0

* various theme fixes
  * Shift+PageUp/PageDown in Write window
  * Gloda attachment filtering
  * Mailing list address auto-complete enter/return handling
  * Thunderbird hung if HTML signature references non-existent image
  * Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
  (Firefox ESR release). In general, these flaws cannot be exploited
  through email in Thunderbird because scripting is disabled when
  reading mail, but are potentially risks in browser or browser-like
  contexts (MFSA 2018-28) (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
    Memory safety bugs fixed in Firefox ESR 60.3
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

  * Fix security info dialog in compose window not showing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=437

MozillaThunderbird.changes

@@ -1,16 +1,45 @@
 -------------------------------------------------------------------
-Thu Oct 25 14:40:14 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+Tue Oct 30 08:18:23 UTC 2018 - wr@rosenauer.org
+
+- update to Thunderbird 60.3.0
+  * various theme fixes
+  * Shift+PageUp/PageDown in Write window
+  * Gloda attachment filtering
+  * Mailing list address auto-complete enter/return handling
+  * Thunderbird hung if HTML signature references non-existent image
+  * Filters not working for headers that appear more than once
+- Security fixes for the Mozilla platform picked up from 60.3
+  (Firefox ESR release). In general, these flaws cannot be exploited
+  through email in Thunderbird because scripting is disabled when
+  reading mail, but are potentially risks in browser or browser-like
+  contexts (MFSA 2018-28) (bsc#1112852)
+  * CVE-2018-12391 (bmo#1478843) (Android only)
+    HTTP Live Stream audio data is accessible cross-origin
+  * CVE-2018-12392 (bmo#1492823)
+    Crash with nested event loops
+  * CVE-2018-12393 (bmo#1495011)
+    Integer overflow during Unicode conversion while loading JavaScript
+  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
+    Memory safety bugs fixed in Firefox ESR 60.3
+  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
+    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
+    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
+    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
+    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
+
+-------------------------------------------------------------------
+Thu Oct 25 14:40:14 UTC 2018 - guillaume.gardet@opensuse.org
 
 - Update _constraints for armv6/7
 
 -------------------------------------------------------------------
-Thu Oct 25 08:26:12 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+Thu Oct 25 08:26:12 UTC 2018 - guillaume.gardet@opensuse.org
 
 - Add patch to fix build on armv7:
   * mozilla-bmo1463035.patch
 
 -------------------------------------------------------------------
-Thu Oct 25 08:25:52 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+Thu Oct 25 08:25:52 UTC 2018 - guillaume.gardet@opensuse.org
 
 - Add memory-constraints to avoid OOM errors
 
@@ -31,7 +60,7 @@ Tue Oct  2 10:08:00 UTC 2018 - wr@rosenauer.org
   * Fix multiple requests for master password when Google Mail or
     Calendar OAuth2 is enabled
   * Fix scrollbar of the address entry auto-complete popup
-  * Fix security info dialog in compose window not showing 
+  * Fix security info dialog in compose window not showing
     certificate status
   * Fix links in the Add-on Manager's search results and theme
     browsing tabs that opened in external browser

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 60.2.1
+%define mainversion 60.3.0
 %define update_channel release
-%define releasedate 20180930223627
+%define releasedate 20181025202514
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ad03f7c20354dd56fa2501c5018e7b2ce512315da9b462c37358f4b7d30b26af
-size 28372
+oid sha256:158df1b15780d704364f4d7ee7eb6289252d8f338ce6823da325bb0129a65181
+size 28432

create-tar.sh

@@ -2,9 +2,9 @@
 
 CHANNEL="esr60"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="5cdee4ae33c0868ae420a5a826c63b42d823c584"
-MOZ_RELEASE_TAG="8d71faee5dcdd0773b7e0830b8fad96a6bda559b"
-VERSION="60.2.1"
+RELEASE_TAG="dd958ef605d132d08a063f29606737ffb3453e68"
+MOZ_RELEASE_TAG="ab014151d4c338562949c28aa140786b548856ca"
+VERSION="60.3.0"
 VERSION_SUFFIX=""
 LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json"
 

l10n-60.2.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6cfc0c4dd586141d79fde3aa1360c50bd78f90ef393484a7112f8afd416e2067
-size 27451556

l10n-60.3.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7be94c4cce5562e3a414691beee347a8b4940c41742e8270090d8b4215fcefb9
+size 27433892

thunderbird-60.2.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d313f25cd7ddc016bf8e4d4115f14b34a66621c0feabbc0dd72f9304cb93d7bf
-size 284570000

thunderbird-60.2.1.source.tar.xz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iQIcBAABCAAGBQJbsjeEAAoJELu+vbskxvNV2hEP/3dWNPNcF0+A1S+ePf/JXyn8
-a3DFlu2s7ihtsFy4EW7CcOHyMdRIiKAPlrCKJR4DQorL0C1S+Q/WaFyyibQX3oSi
-Q/g1Ch1sKKz03YIKweLHzz0eTQDvcxY2AbJkrsJNNrZH/5MvCh0jbohWeBwsJ3s7
-OtxPDAHBSSL0oJOj6klrBfWMLamOyBhiH8RdUTJzsIHuKusco6hJwlilQrwnfTZB
-FZfp88D69v2bQS1JdkzJvSQFD0GsS75fej3qwvqMiUiuBFl4KYD+oly0Th3XqHt6
-PD+1YqagRPpZt253Sv12KUG06OkoK+TgTiseKbY1lT2k+4TvSw68jocZbsIYuOFH
-uxyVWQhWxkwvcxeD1qZr0r0NjFd8uFvG72G6JxRfYUO2XjGKBqYjexUhI8zzAoyU
-00AmnwyeTEMg8Y/PTlh7NxKMITJFUX5HAatSB9eyBgQdKcalbZb+lCQZzccv9kd6
-9JxeRg+8TlM8SNOv3upLdqH8m2DCNCgWpURJW10+jf5O1qIm5G2K2lvffum9lTJ+
-cOu8+WN5lFR9UV3f0nAvWDb7KeK/i+pIDVozhCKXuGJbWRguhtVQICJBzYcn3lk0
-VB/xHlDrK4oIEG/BWAWAZsDt8ScRn4d0bwIVPC/NAN14AaritBFcR6lwfBGRH6on
-pbq7+PPTen/nfk303ub5
-=y8ku
------END PGP SIGNATURE-----

thunderbird-60.3.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:23fc097a5aa62006919029df890e5e2bec38c2c3e6081723040ef702ff6e4a7b
+size 285211708

thunderbird-60.3.0.source.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iQIcBAABCAAGBQJb2EY1AAoJELu+vbskxvNVjCAP+wVmU2xhLhneLRJ/0iE6wWD6
+PH/9lt/wNi8KutxeVzfrnS1AS/RnpgbTkbVg9FZqzJQ30SjhQ4u/3i7MsgFpCS4Y
+qhNs0sIvp7RKDTd+2wubk+/GLoDSPlSdEJO3jTUXBc6D25GzMfrd89kShJsLlfb8
+WqFchIwP3ivlIaocL5/I1+GOhP4KxND10RgEICKwwJ3qlE+AKsX+pGWvM7McKjuJ
+Usnss7BtXB/QfjjJEdTMCx+imFPbUV4SWg9UaY5H/sPHxhlNbulHgGjuUdFJPrU5
+RSCkkOYodp/XsIvVneswGmoqd3g9v3rF5Dari1YavxSB/LguafDmny83hgVnyiUp
+KohhntuQmLuOaT1YL78igc1QY/edtFd8wpsjwI27aIuI20wqT0kN+maSOExvavDI
+Z60SIflw12GOg9ZqnsWiOdc67reD0fT8e56xfSOXELQUklDBubg9Lxz4P/06zFUb
+cvNd961Cg3GuYloBkTpWKMcuvfRiGmR+EbHFTVEHbcYsdvWaAHHmcbup18ak/fUx
+LoheXza7zXbjYrwWyEWiXuhpFFzuqSLojeuBW8omklw8Ia3+p+4NZHCFUjt+3eEh
+AQpLf7Jh0UCogXKEgUowPyetUv1oBYWosyRLvkBBUwZaZ+DvjLneRf6bDB/BCoSE
+lrUVNb11lX42wHZpcJVB
+=KX6F
+-----END PGP SIGNATURE-----