From f3c23e58a5b0b5656e0f71a3f9224648201ee252abc663e10bdff0b0cab4689c Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 24 Nov 2015 07:57:32 +0000 Subject: [PATCH] - update to Thunderbird 38.4.0 (bnc#952810) * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) - requires NSPR 4.10.10 and NSS 3.19.2.1 - added explicit appdata provides (bnc#952325) -------------------------------------------------------------------- OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=295 --- MozillaThunderbird.changes | 31 ++++++++++++++++++++++++++++++- MozillaThunderbird.spec | 26 +++++++++++++++++++++----- compare-locales.tar.xz | 4 ++-- create-tar.sh | 6 +++--- l10n-38.3.0.tar.xz | 3 --- l10n-38.4.0.tar.xz | 3 +++ thunderbird-38.3.0-source.tar.xz | 3 --- thunderbird-38.4.0-source.tar.xz | 3 +++ 8 files changed, 62 insertions(+), 17 deletions(-) delete mode 100644 l10n-38.3.0.tar.xz create mode 100644 l10n-38.4.0.tar.xz delete mode 100644 thunderbird-38.3.0-source.tar.xz create mode 100644 thunderbird-38.4.0-source.tar.xz diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 53c63e2..864215c 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Tue Nov 17 07:58:43 UTC 2015 - wr@rosenauer.org + +- update to Thunderbird 38.4.0 (bnc#952810) + * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 + Miscellaneous memory safety hazards + * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) + Trailing whitespace in IP address hostnames can bypass same-origin policy + * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) + Buffer overflow during image interactions in canvas + * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) + CORS preflight is bypassed when non-standard Content-Type headers + are received + * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) + Memory corruption in libjar through zip files + * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) + JavaScript garbage collection crash with Java applet + * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 + (bmo#1188010, bmo#1204061, bmo#1204155) + Vulnerabilities found through code inspection + * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) + Mixed content WebSocket policy bypass through workers + * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 + (bmo#1202868, bmo#1205157) + NSS and NSPR memory corruption issues + (fixed in mozilla-nspr and mozilla-nss packages) +- requires NSPR 4.10.10 and NSS 3.19.2.1 +- added explicit appdata provides (bnc#952325) + ------------------------------------------------------------------- Mon Oct 5 12:44:39 UTC 2015 - dmueller@suse.com @@ -113,7 +142,7 @@ Fri Jun 19 17:00:11 UTC 2015 - wr@rosenauer.org - tb-develdirs.patch is now mozilla-develdirs.patch as it is a platform configuration now -------------------------------------------------------------------- +-------------------------------------------------------------------- Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index e9cf844..bf2b853 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,7 +17,7 @@ # -%define mainversion 38.3.0 +%define mainversion 38.4.0 %define update_channel release %if %suse_version > 1210 @@ -42,8 +42,8 @@ BuildRequires: libcurl-devel BuildRequires: libgnomeui-devel BuildRequires: libidl-devel BuildRequires: libnotify-devel -BuildRequires: mozilla-nspr-devel >= 4.10.8 -BuildRequires: mozilla-nss-devel >= 3.19.2 +BuildRequires: mozilla-nspr-devel >= 4.10.10 +BuildRequires: mozilla-nss-devel >= 3.19.2.1 BuildRequires: python BuildRequires: startup-notification-devel BuildRequires: unzip @@ -71,6 +71,8 @@ Version: %{mainversion} Release: 0 %define releasedate 2015092700 Provides: thunderbird = %{version} +Provides: appdata() +Provides: appdata(thunderbird.appdata.xml) %if %{with_kde} # this is needed to match this package with the kde4 helper package without the main package # having a hard requirement on the kde4 package @@ -100,7 +102,7 @@ Patch3: mozilla-kde.patch Patch4: mozilla-arm-disable-edsp.patch Patch5: mozilla-develdirs.patch Patch6: mozilla-icu-strncat.patch -Patch17: mozilla-arm64-libjpeg-turbo.patch +Patch7: mozilla-arm64-libjpeg-turbo.patch # Thunderbird/mail Patch20: tb-ssldap.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -197,7 +199,7 @@ pushd mozilla %patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch17 -p1 +%patch7 -p1 popd # comm-central patches %patch20 -p1 @@ -317,6 +319,16 @@ for locale in $(awk '{ print $1; }' ../thunderbird/mail/locales/shipped-locales) make -C mail/locales langpack-$locale || continue cp -rL dist/xpi-stage/locale-$locale \ $RPM_BUILD_ROOT%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org + # Lightning + _shipcalendar=0 + #for callocale in in $(awk '{ print $1; }' ../thunderbird/calendar/locales/shipped-locales); do + # if [ "$locale" = "$callocale" ]; then + # make -C mail/locales calendar-langpack-$locale || continue + # cp -rL dist/xpi-stage/lightning-$locale \ + # $RPM_BUILD_ROOT%{progdir}/extensions/lightning-langpack-$locale@thunderbird.mozilla.org + # _shipcalendar=1 + # fi + #done # remove prefs and profile defaults from langpack rm -rf $RPM_BUILD_ROOT%{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org/defaults # check against the fixed common list and sort into the right filelist @@ -327,6 +339,10 @@ for locale in $(awk '{ print $1; }' ../thunderbird/mail/locales/shipped-locales) [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other echo %{progdir}/extensions/langpack-$locale@thunderbird.mozilla.org \ >> %{_tmppath}/translations.$_l10ntarget + if [ $_shipcalendar -eq 1 ]; then + echo %{progdir}/extensions/lightning-langpack-$locale@thunderbird.mozilla.org \ + >> %{_tmppath}/translations.$_l10ntarget + fi esac done %endif diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index da7f4fa..99f9e6d 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2e0f6bb247570aba081d8f435a353fe854bb43b37a28fe33c80a9203ad7759e8 -size 28412 +oid sha256:8c2a8cab284b765444c8a3e37b1b6ddbd9319c47f340aca208a6d504f64434b2 +size 28448 diff --git a/create-tar.sh b/create-tar.sh index 9815a49..58b03f0 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr38" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_38_3_0_RELEASE" -VERSION="38.3.0" +RELEASE_TAG="THUNDERBIRD_38_4_0_RELEASE" +VERSION="38.4.0" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird @@ -40,7 +40,7 @@ for locale in $(awk '{ print $1; }' $SHIPPED_LOCALES); do done echo "creating l10n archive..." tar cJf l10n-$VERSION.tar.xz \ - --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=browser --exclude=calendar \ + --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=browser \ --exclude=suite \ l10n diff --git a/l10n-38.3.0.tar.xz b/l10n-38.3.0.tar.xz deleted file mode 100644 index 10a50e9..0000000 --- a/l10n-38.3.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:47db988cbc8194e61250155658d0eb4ec6aa7fa3d3cd69ee802288b602ab92b0 -size 21463548 diff --git a/l10n-38.4.0.tar.xz b/l10n-38.4.0.tar.xz new file mode 100644 index 0000000..263d73f --- /dev/null +++ b/l10n-38.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30c3669a5635f3b2461ccbbf12f4cb8631a6f5c9df04018c1467a25f932bc10b +size 22523632 diff --git a/thunderbird-38.3.0-source.tar.xz b/thunderbird-38.3.0-source.tar.xz deleted file mode 100644 index 9b3e4a4..0000000 --- a/thunderbird-38.3.0-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a6b39bb8c62aa4180fc86de449fb1a848563aad2d05d578db4c0c913cda0057d -size 174441348 diff --git a/thunderbird-38.4.0-source.tar.xz b/thunderbird-38.4.0-source.tar.xz new file mode 100644 index 0000000..b66a21e --- /dev/null +++ b/thunderbird-38.4.0-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:20dc5390c629d01295e9a5657344d6f5ebf3c221eef00f87907df9dce5a30f11 +size 174468864