- update to Thunderbird 60.3.0

* various theme fixes * Shift+PageUp/PageDown in Write window * Gloda attachment filtering * Mailing list address auto-complete enter/return handling * Thunderbird hung if HTML signature references non-existent image * Filters not working for headers that appear more than once - Security fixes for the Mozilla platform picked up from 60.3 (Firefox ESR release). In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts (MFSA 2018-28) (bsc#1112852) * CVE-2018-12391 (bmo#1478843) (Android only) HTTP Live Stream audio data is accessible cross-origin * CVE-2018-12392 (bmo#1492823) Crash with nested event loops * CVE-2018-12393 (bmo#1495011) Integer overflow during Unicode conversion while loading JavaScript * CVE-2018-12389 (bmo#1498460, bmo#1499198) Memory safety bugs fixed in Firefox ESR 60.3 * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Fix security info dialog in compose window not showing OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=437
2018-11-01 17:28:09 +00:00 · 2018-11-01 17:28:09 +00:00 · effd24db38
commit effd24db38
parent 9bb3d7bcac
10 changed files with 63 additions and 34 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,16 +1,45 @@
 -------------------------------------------------------------------
-Thu Oct 25 14:40:14 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+Tue Oct 30 08:18:23 UTC 2018 - wr@rosenauer.org
+
+- update to Thunderbird 60.3.0
+  * various theme fixes
+  * Shift+PageUp/PageDown in Write window
+  * Gloda attachment filtering
+  * Mailing list address auto-complete enter/return handling
+  * Thunderbird hung if HTML signature references non-existent image
+  * Filters not working for headers that appear more than once
+- Security fixes for the Mozilla platform picked up from 60.3
+  (Firefox ESR release). In general, these flaws cannot be exploited
+  through email in Thunderbird because scripting is disabled when
+  reading mail, but are potentially risks in browser or browser-like
+  contexts (MFSA 2018-28) (bsc#1112852)
+  * CVE-2018-12391 (bmo#1478843) (Android only)
+    HTTP Live Stream audio data is accessible cross-origin
+  * CVE-2018-12392 (bmo#1492823)
+    Crash with nested event loops
+  * CVE-2018-12393 (bmo#1495011)
+    Integer overflow during Unicode conversion while loading JavaScript
+  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
+    Memory safety bugs fixed in Firefox ESR 60.3
+  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
+    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
+    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
+    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
+    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
+
+-------------------------------------------------------------------
+Thu Oct 25 14:40:14 UTC 2018 - guillaume.gardet@opensuse.org

 - Update _constraints for armv6/7

 -------------------------------------------------------------------
-Thu Oct 25 08:26:12 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+Thu Oct 25 08:26:12 UTC 2018 - guillaume.gardet@opensuse.org

 - Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch

 -------------------------------------------------------------------
-Thu Oct 25 08:25:52 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+Thu Oct 25 08:25:52 UTC 2018 - guillaume.gardet@opensuse.org

 - Add memory-constraints to avoid OOM errors

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -17,9 +17,9 @@
 #


-%define mainversion 60.2.1
+%define mainversion 60.3.0
 %define update_channel release
-%define releasedate 20180930223627
+%define releasedate 20181025202514

 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ad03f7c20354dd56fa2501c5018e7b2ce512315da9b462c37358f4b7d30b26af
-size 28372
+oid sha256:158df1b15780d704364f4d7ee7eb6289252d8f338ce6823da325bb0129a65181
+size 28432
--- a/create-tar.sh
+++ b/create-tar.sh
@ -2,9 +2,9 @@

 CHANNEL="esr60"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="5cdee4ae33c0868ae420a5a826c63b42d823c584"
-MOZ_RELEASE_TAG="8d71faee5dcdd0773b7e0830b8fad96a6bda559b"
-VERSION="60.2.1"
+RELEASE_TAG="dd958ef605d132d08a063f29606737ffb3453e68"
+MOZ_RELEASE_TAG="ab014151d4c338562949c28aa140786b548856ca"
+VERSION="60.3.0"
 VERSION_SUFFIX=""
 LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json"

--- a/l10n-60.2.1.tar.xz
+++ b/l10n-60.2.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6cfc0c4dd586141d79fde3aa1360c50bd78f90ef393484a7112f8afd416e2067
-size 27451556
--- a/l10n-60.3.0.tar.xz
+++ b/l10n-60.3.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7be94c4cce5562e3a414691beee347a8b4940c41742e8270090d8b4215fcefb9
+size 27433892
--- a/thunderbird-60.2.1.source.tar.xz
+++ b/thunderbird-60.2.1.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d313f25cd7ddc016bf8e4d4115f14b34a66621c0feabbc0dd72f9304cb93d7bf
-size 284570000
--- a/thunderbird-60.2.1.source.tar.xz.asc
+++ b/thunderbird-60.2.1.source.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iQIcBAABCAAGBQJbsjeEAAoJELu+vbskxvNV2hEP/3dWNPNcF0+A1S+ePf/JXyn8
-a3DFlu2s7ihtsFy4EW7CcOHyMdRIiKAPlrCKJR4DQorL0C1S+Q/WaFyyibQX3oSi
-Q/g1Ch1sKKz03YIKweLHzz0eTQDvcxY2AbJkrsJNNrZH/5MvCh0jbohWeBwsJ3s7
-OtxPDAHBSSL0oJOj6klrBfWMLamOyBhiH8RdUTJzsIHuKusco6hJwlilQrwnfTZB
-FZfp88D69v2bQS1JdkzJvSQFD0GsS75fej3qwvqMiUiuBFl4KYD+oly0Th3XqHt6
-PD+1YqagRPpZt253Sv12KUG06OkoK+TgTiseKbY1lT2k+4TvSw68jocZbsIYuOFH
-uxyVWQhWxkwvcxeD1qZr0r0NjFd8uFvG72G6JxRfYUO2XjGKBqYjexUhI8zzAoyU
-00AmnwyeTEMg8Y/PTlh7NxKMITJFUX5HAatSB9eyBgQdKcalbZb+lCQZzccv9kd6
-9JxeRg+8TlM8SNOv3upLdqH8m2DCNCgWpURJW10+jf5O1qIm5G2K2lvffum9lTJ+
-cOu8+WN5lFR9UV3f0nAvWDb7KeK/i+pIDVozhCKXuGJbWRguhtVQICJBzYcn3lk0
-VB/xHlDrK4oIEG/BWAWAZsDt8ScRn4d0bwIVPC/NAN14AaritBFcR6lwfBGRH6on
-pbq7+PPTen/nfk303ub5
-=y8ku
-----END PGP SIGNATURE-----
--- a/thunderbird-60.3.0.source.tar.xz
+++ b/thunderbird-60.3.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:23fc097a5aa62006919029df890e5e2bec38c2c3e6081723040ef702ff6e4a7b
+size 285211708
--- a/thunderbird-60.3.0.source.tar.xz.asc
+++ b/thunderbird-60.3.0.source.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iQIcBAABCAAGBQJb2EY1AAoJELu+vbskxvNVjCAP+wVmU2xhLhneLRJ/0iE6wWD6
+PH/9lt/wNi8KutxeVzfrnS1AS/RnpgbTkbVg9FZqzJQ30SjhQ4u/3i7MsgFpCS4Y
+qhNs0sIvp7RKDTd+2wubk+/GLoDSPlSdEJO3jTUXBc6D25GzMfrd89kShJsLlfb8
+WqFchIwP3ivlIaocL5/I1+GOhP4KxND10RgEICKwwJ3qlE+AKsX+pGWvM7McKjuJ
+Usnss7BtXB/QfjjJEdTMCx+imFPbUV4SWg9UaY5H/sPHxhlNbulHgGjuUdFJPrU5
+RSCkkOYodp/XsIvVneswGmoqd3g9v3rF5Dari1YavxSB/LguafDmny83hgVnyiUp
+KohhntuQmLuOaT1YL78igc1QY/edtFd8wpsjwI27aIuI20wqT0kN+maSOExvavDI
+Z60SIflw12GOg9ZqnsWiOdc67reD0fT8e56xfSOXELQUklDBubg9Lxz4P/06zFUb
+cvNd961Cg3GuYloBkTpWKMcuvfRiGmR+EbHFTVEHbcYsdvWaAHHmcbup18ak/fUx
+LoheXza7zXbjYrwWyEWiXuhpFFzuqSLojeuBW8omklw8Ia3+p+4NZHCFUjt+3eEh
+AQpLf7Jh0UCogXKEgUowPyetUv1oBYWosyRLvkBBUwZaZ+DvjLneRf6bDB/BCoSE
+lrUVNb11lX42wHZpcJVB
+=KX6F
+-----END PGP SIGNATURE-----