From effd24db38d34959b6dd927955b4322b1b451d5bfc09c6f26e6952df0e735fa1 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 1 Nov 2018 17:28:09 +0000 Subject: [PATCH] - update to Thunderbird 60.3.0 * various theme fixes * Shift+PageUp/PageDown in Write window * Gloda attachment filtering * Mailing list address auto-complete enter/return handling * Thunderbird hung if HTML signature references non-existent image * Filters not working for headers that appear more than once - Security fixes for the Mozilla platform picked up from 60.3 (Firefox ESR release). In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts (MFSA 2018-28) (bsc#1112852) * CVE-2018-12391 (bmo#1478843) (Android only) HTTP Live Stream audio data is accessible cross-origin * CVE-2018-12392 (bmo#1492823) Crash with nested event loops * CVE-2018-12393 (bmo#1495011) Integer overflow during Unicode conversion while loading JavaScript * CVE-2018-12389 (bmo#1498460, bmo#1499198) Memory safety bugs fixed in Firefox ESR 60.3 * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Fix security info dialog in compose window not showing OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=437 --- MozillaThunderbird.changes | 37 +++++++++++++++++++++++++--- MozillaThunderbird.spec | 4 +-- compare-locales.tar.xz | 4 +-- create-tar.sh | 6 ++--- l10n-60.2.1.tar.xz | 3 --- l10n-60.3.0.tar.xz | 3 +++ thunderbird-60.2.1.source.tar.xz | 3 --- thunderbird-60.2.1.source.tar.xz.asc | 17 ------------- thunderbird-60.3.0.source.tar.xz | 3 +++ thunderbird-60.3.0.source.tar.xz.asc | 17 +++++++++++++ 10 files changed, 63 insertions(+), 34 deletions(-) delete mode 100644 l10n-60.2.1.tar.xz create mode 100644 l10n-60.3.0.tar.xz delete mode 100644 thunderbird-60.2.1.source.tar.xz delete mode 100644 thunderbird-60.2.1.source.tar.xz.asc create mode 100644 thunderbird-60.3.0.source.tar.xz create mode 100644 thunderbird-60.3.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index bb6ac28..db9ca39 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,16 +1,45 @@ ------------------------------------------------------------------- -Thu Oct 25 14:40:14 UTC 2018 - Guillaume GARDET +Tue Oct 30 08:18:23 UTC 2018 - wr@rosenauer.org + +- update to Thunderbird 60.3.0 + * various theme fixes + * Shift+PageUp/PageDown in Write window + * Gloda attachment filtering + * Mailing list address auto-complete enter/return handling + * Thunderbird hung if HTML signature references non-existent image + * Filters not working for headers that appear more than once +- Security fixes for the Mozilla platform picked up from 60.3 + (Firefox ESR release). In general, these flaws cannot be exploited + through email in Thunderbird because scripting is disabled when + reading mail, but are potentially risks in browser or browser-like + contexts (MFSA 2018-28) (bsc#1112852) + * CVE-2018-12391 (bmo#1478843) (Android only) + HTTP Live Stream audio data is accessible cross-origin + * CVE-2018-12392 (bmo#1492823) + Crash with nested event loops + * CVE-2018-12393 (bmo#1495011) + Integer overflow during Unicode conversion while loading JavaScript + * CVE-2018-12389 (bmo#1498460, bmo#1499198) + Memory safety bugs fixed in Firefox ESR 60.3 + * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, + bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, + bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, + bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) + Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 + +------------------------------------------------------------------- +Thu Oct 25 14:40:14 UTC 2018 - guillaume.gardet@opensuse.org - Update _constraints for armv6/7 ------------------------------------------------------------------- -Thu Oct 25 08:26:12 UTC 2018 - Guillaume GARDET +Thu Oct 25 08:26:12 UTC 2018 - guillaume.gardet@opensuse.org - Add patch to fix build on armv7: * mozilla-bmo1463035.patch ------------------------------------------------------------------- -Thu Oct 25 08:25:52 UTC 2018 - Guillaume GARDET +Thu Oct 25 08:25:52 UTC 2018 - guillaume.gardet@opensuse.org - Add memory-constraints to avoid OOM errors @@ -31,7 +60,7 @@ Tue Oct 2 10:08:00 UTC 2018 - wr@rosenauer.org * Fix multiple requests for master password when Google Mail or Calendar OAuth2 is enabled * Fix scrollbar of the address entry auto-complete popup - * Fix security info dialog in compose window not showing + * Fix security info dialog in compose window not showing certificate status * Fix links in the Add-on Manager's search results and theme browsing tabs that opened in external browser diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 357702c..ff41b81 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,9 +17,9 @@ # -%define mainversion 60.2.1 +%define mainversion 60.3.0 %define update_channel release -%define releasedate 20180930223627 +%define releasedate 20181025202514 %bcond_without mozilla_tb_kde4 %bcond_with mozilla_tb_valgrind diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 9da5f4a..392183b 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ad03f7c20354dd56fa2501c5018e7b2ce512315da9b462c37358f4b7d30b26af -size 28372 +oid sha256:158df1b15780d704364f4d7ee7eb6289252d8f338ce6823da325bb0129a65181 +size 28432 diff --git a/create-tar.sh b/create-tar.sh index 14a69c7..0971bd1 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,9 +2,9 @@ CHANNEL="esr60" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="5cdee4ae33c0868ae420a5a826c63b42d823c584" -MOZ_RELEASE_TAG="8d71faee5dcdd0773b7e0830b8fad96a6bda559b" -VERSION="60.2.1" +RELEASE_TAG="dd958ef605d132d08a063f29606737ffb3453e68" +MOZ_RELEASE_TAG="ab014151d4c338562949c28aa140786b548856ca" +VERSION="60.3.0" VERSION_SUFFIX="" LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json" diff --git a/l10n-60.2.1.tar.xz b/l10n-60.2.1.tar.xz deleted file mode 100644 index 57b1570..0000000 --- a/l10n-60.2.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6cfc0c4dd586141d79fde3aa1360c50bd78f90ef393484a7112f8afd416e2067 -size 27451556 diff --git a/l10n-60.3.0.tar.xz b/l10n-60.3.0.tar.xz new file mode 100644 index 0000000..bd7030f --- /dev/null +++ b/l10n-60.3.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7be94c4cce5562e3a414691beee347a8b4940c41742e8270090d8b4215fcefb9 +size 27433892 diff --git a/thunderbird-60.2.1.source.tar.xz b/thunderbird-60.2.1.source.tar.xz deleted file mode 100644 index 7883e8b..0000000 --- a/thunderbird-60.2.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d313f25cd7ddc016bf8e4d4115f14b34a66621c0feabbc0dd72f9304cb93d7bf -size 284570000 diff --git a/thunderbird-60.2.1.source.tar.xz.asc b/thunderbird-60.2.1.source.tar.xz.asc deleted file mode 100644 index 8ab3acc..0000000 --- a/thunderbird-60.2.1.source.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.14 (GNU/Linux) - -iQIcBAABCAAGBQJbsjeEAAoJELu+vbskxvNV2hEP/3dWNPNcF0+A1S+ePf/JXyn8 -a3DFlu2s7ihtsFy4EW7CcOHyMdRIiKAPlrCKJR4DQorL0C1S+Q/WaFyyibQX3oSi -Q/g1Ch1sKKz03YIKweLHzz0eTQDvcxY2AbJkrsJNNrZH/5MvCh0jbohWeBwsJ3s7 -OtxPDAHBSSL0oJOj6klrBfWMLamOyBhiH8RdUTJzsIHuKusco6hJwlilQrwnfTZB -FZfp88D69v2bQS1JdkzJvSQFD0GsS75fej3qwvqMiUiuBFl4KYD+oly0Th3XqHt6 -PD+1YqagRPpZt253Sv12KUG06OkoK+TgTiseKbY1lT2k+4TvSw68jocZbsIYuOFH -uxyVWQhWxkwvcxeD1qZr0r0NjFd8uFvG72G6JxRfYUO2XjGKBqYjexUhI8zzAoyU -00AmnwyeTEMg8Y/PTlh7NxKMITJFUX5HAatSB9eyBgQdKcalbZb+lCQZzccv9kd6 -9JxeRg+8TlM8SNOv3upLdqH8m2DCNCgWpURJW10+jf5O1qIm5G2K2lvffum9lTJ+ -cOu8+WN5lFR9UV3f0nAvWDb7KeK/i+pIDVozhCKXuGJbWRguhtVQICJBzYcn3lk0 -VB/xHlDrK4oIEG/BWAWAZsDt8ScRn4d0bwIVPC/NAN14AaritBFcR6lwfBGRH6on -pbq7+PPTen/nfk303ub5 -=y8ku ------END PGP SIGNATURE----- diff --git a/thunderbird-60.3.0.source.tar.xz b/thunderbird-60.3.0.source.tar.xz new file mode 100644 index 0000000..156315b --- /dev/null +++ b/thunderbird-60.3.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23fc097a5aa62006919029df890e5e2bec38c2c3e6081723040ef702ff6e4a7b +size 285211708 diff --git a/thunderbird-60.3.0.source.tar.xz.asc b/thunderbird-60.3.0.source.tar.xz.asc new file mode 100644 index 0000000..25c9d50 --- /dev/null +++ b/thunderbird-60.3.0.source.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.14 (GNU/Linux) + +iQIcBAABCAAGBQJb2EY1AAoJELu+vbskxvNVjCAP+wVmU2xhLhneLRJ/0iE6wWD6 +PH/9lt/wNi8KutxeVzfrnS1AS/RnpgbTkbVg9FZqzJQ30SjhQ4u/3i7MsgFpCS4Y +qhNs0sIvp7RKDTd+2wubk+/GLoDSPlSdEJO3jTUXBc6D25GzMfrd89kShJsLlfb8 +WqFchIwP3ivlIaocL5/I1+GOhP4KxND10RgEICKwwJ3qlE+AKsX+pGWvM7McKjuJ +Usnss7BtXB/QfjjJEdTMCx+imFPbUV4SWg9UaY5H/sPHxhlNbulHgGjuUdFJPrU5 +RSCkkOYodp/XsIvVneswGmoqd3g9v3rF5Dari1YavxSB/LguafDmny83hgVnyiUp +KohhntuQmLuOaT1YL78igc1QY/edtFd8wpsjwI27aIuI20wqT0kN+maSOExvavDI +Z60SIflw12GOg9ZqnsWiOdc67reD0fT8e56xfSOXELQUklDBubg9Lxz4P/06zFUb +cvNd961Cg3GuYloBkTpWKMcuvfRiGmR+EbHFTVEHbcYsdvWaAHHmcbup18ak/fUx +LoheXza7zXbjYrwWyEWiXuhpFFzuqSLojeuBW8omklw8Ia3+p+4NZHCFUjt+3eEh +AQpLf7Jh0UCogXKEgUowPyetUv1oBYWosyRLvkBBUwZaZ+DvjLneRf6bDB/BCoSE +lrUVNb11lX42wHZpcJVB +=KX6F +-----END PGP SIGNATURE-----