From f8a44525c7e93ef021167205009fa4a2e8899e1b2b6d5215b6e7ce0f43e07106 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 26 Jan 2018 07:14:05 +0000 Subject: [PATCH] - update to Thunderbird 52.6 (bsc#1077291) * Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found. * Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices * Calendar: Unintended task deletion if numlock is enabled * Mozilla platform security fixes MFSA 2018-04 * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling * CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=397 --- MozillaThunderbird.changes | 49 +++++++- MozillaThunderbird.spec | 10 +- compare-locales.tar.xz | 4 +- create-tar.sh | 4 +- l10n-52.5.2.tar.xz | 3 - l10n-52.6.tar.xz | 3 + mozilla-ucontext.patch | 203 ------------------------------- thunderbird-52.5.2-source.tar.xz | 3 - thunderbird-52.6-source.tar.xz | 3 + 9 files changed, 58 insertions(+), 224 deletions(-) delete mode 100644 l10n-52.5.2.tar.xz create mode 100644 l10n-52.6.tar.xz delete mode 100644 mozilla-ucontext.patch delete mode 100644 thunderbird-52.5.2-source.tar.xz create mode 100644 thunderbird-52.6-source.tar.xz diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index dc57ae3..e8f8d50 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,16 +1,55 @@ +------------------------------------------------------------------- +Wed Jan 24 11:40:38 UTC 2018 - wr@rosenauer.org + +- update to Thunderbird 52.6 (bsc#1077291) + * Searching message bodies of messages in local folders, including + filter and quick filter operations, not working reliably: Content + not found in base64-encode message parts, non-ASCII text not found + and false positives found. + * Defective messages (without at least one expected header) not shown + in IMAP folders but shown on mobile devices + * Calendar: Unintended task deletion if numlock is enabled + * Mozilla platform security fixes + MFSA 2018-04 + * CVE-2018-5095 (bmo#1418447) + Integer overflow in Skia library during edge builder allocation + * CVE-2018-5096 (bmo#1418922) + Use-after-free while editing form elements + * CVE-2018-5097 (bmo#1387427) + Use-after-free when source document is manipulated during XSLT + * CVE-2018-5098 (bmo#1399400) + Use-after-free while manipulating form input elements + * CVE-2018-5099 (bmo#1416878) + Use-after-free with widget listener + * CVE-2018-5102 (bmo#1419363) + Use-after-free in HTML media elements + * CVE-2018-5103 (bmo#1423159) + Use-after-free during mouse event handling + * CVE-2018-5104 (bmo#1425000) + Use-after-free during font face manipulation + * CVE-2018-5117 (bmo#1395508) + URL spoofing with right-to-left text aligned left-to-right + * CVE-2018-5089 + Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 +- dropped obsolete mozilla-ucontext.patch + ------------------------------------------------------------------- Sat Dec 23 18:36:42 UTC 2017 - wr@rosenauer.org - update to Thunderbird 52.5.2 * This releases fixes the "Mailsploit" vulnerability and other - vulnerabilities detected by the "Cure53" audit (MFSA 2017-30) - * CVE-2017-7846 (bmo#1411716, bsc#1074043) + vulnerabilities detected by the "Cure53" audit + MFSA 2017-30 + * CVE-2017-7845 (bmo#1402372) + Buffer overflow when drawing and validating elements with ANGLE + library using Direct 3D 9 + * CVE-2017-7846 (bmo#1411716) JavaScript Execution via RSS in mailbox:// origin - * CVE-2017-7847 (bmo#1411708, bsc#1074044) + * CVE-2017-7847 (bmo#1411708) Local path string can be leaked from RSS feed - * CVE-2017-7848 (bmo#1411699, bsc#1074045) + * CVE-2017-7848 (bmo#1411699) RSS Feed vulnerable to new line Injection - * CVE-2017-7829 (bmo#1423432, bsc#1074046) + * CVE-2017-7829 (bmo#1423432) Mailsploit part 1: From address with encoded null character is cut off in message header display diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index fb2dd03..41a2cbc 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -1,8 +1,8 @@ # # spec file for package MozillaThunderbird # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. -# 2006-2017 Wolfgang Rosenauer +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# 2006-2018 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,9 +17,9 @@ # -%define mainversion 52.5.2 +%define mainversion 52.6 %define update_channel release -%define releasedate 201712220000 +%define releasedate 201801240000 %bcond_without mozilla_tb_kde4 %bcond_with mozilla_tb_valgrind @@ -109,7 +109,6 @@ Patch3: mozilla-kde.patch Patch4: mozilla-develdirs.patch Patch5: mozilla-no-stdcxx-check.patch Patch6: mozilla-aarch64-startup-crash.patch -Patch7: mozilla-ucontext.patch # Thunderbird/mail Patch20: tb-ssldap.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -203,7 +202,6 @@ pushd mozilla %patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch7 -p1 popd # comm-central patches %patch20 -p1 diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 11a1e01..aa7b2e3 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a2b34b61f64bf1c9715f218b9dab90fb95eb15c9e29cc3195ac9a2546666ec36 -size 28376 +oid sha256:8a99c19f2d81689b8d0f47dce8f0a6eff1bd8e8380223d68e2fe9f9b60621f49 +size 28408 diff --git a/create-tar.sh b/create-tar.sh index e8310ba..31b8285 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr52" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_52_5_2_RELEASE" -VERSION="52.5.2" +RELEASE_TAG="THUNDERBIRD_52_6_0_RELEASE" +VERSION="52.6" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-52.5.2.tar.xz b/l10n-52.5.2.tar.xz deleted file mode 100644 index e872523..0000000 --- a/l10n-52.5.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ce68842f35878969a160d4e4b68ff80eb26dce18d00040279fc9b7e685ea729 -size 26212512 diff --git a/l10n-52.6.tar.xz b/l10n-52.6.tar.xz new file mode 100644 index 0000000..6b0a6d5 --- /dev/null +++ b/l10n-52.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5cd993b34ac353fd3a3f2f072bf6a61be9e67d078022c59a99948fee3028d90e +size 26224072 diff --git a/mozilla-ucontext.patch b/mozilla-ucontext.patch deleted file mode 100644 index 276ed89..0000000 --- a/mozilla-ucontext.patch +++ /dev/null @@ -1,203 +0,0 @@ -Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc -=================================================================== ---- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc -+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc -@@ -40,15 +40,15 @@ namespace google_breakpad { - - #if defined(__i386__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_ESP]; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_EIP]; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct _libc_fpstate* fp) { - const greg_t* regs = uc->uc_mcontext.gregs; - -@@ -88,15 +88,15 @@ void UContextReader::FillCPUContext(RawC - - #elif defined(__x86_64) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_RSP]; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_RIP]; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct _libc_fpstate* fpregs) { - const greg_t* regs = uc->uc_mcontext.gregs; - -@@ -145,15 +145,15 @@ void UContextReader::FillCPUContext(RawC - - #elif defined(__ARM_EABI__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.arm_sp; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.arm_pc; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) { -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) { - out->context_flags = MD_CONTEXT_ARM_FULL; - - out->iregs[0] = uc->uc_mcontext.arm_r0; -@@ -184,15 +184,15 @@ void UContextReader::FillCPUContext(RawC - - #elif defined(__aarch64__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.sp; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.pc; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct fpsimd_context* fpregs) { - out->context_flags = MD_CONTEXT_ARM64_FULL; - -@@ -210,15 +210,15 @@ void UContextReader::FillCPUContext(RawC - - #elif defined(__mips__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[MD_CONTEXT_MIPS_REG_SP]; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.pc; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) { -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) { - #if _MIPS_SIM == _ABI64 - out->context_flags = MD_CONTEXT_MIPS64_FULL; - #elif _MIPS_SIM == _ABIO32 -Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h -=================================================================== ---- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h -+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h -@@ -41,21 +41,21 @@ namespace google_breakpad { - - // Wraps platform-dependent implementations of accessors to ucontext structs. - struct UContextReader { -- static uintptr_t GetStackPointer(const struct ucontext* uc); -+ static uintptr_t GetStackPointer(const ucontext_t* uc); - -- static uintptr_t GetInstructionPointer(const struct ucontext* uc); -+ static uintptr_t GetInstructionPointer(const ucontext_t* uc); - - // Juggle a arch-specific ucontext into a minidump format - // out: the minidump structure - // info: the collection of register structures. - #if defined(__i386__) || defined(__x86_64) -- static void FillCPUContext(RawContextCPU *out, const ucontext *uc, -+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct _libc_fpstate* fp); - #elif defined(__aarch64__) -- static void FillCPUContext(RawContextCPU *out, const ucontext *uc, -+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct fpsimd_context* fpregs); - #else -- static void FillCPUContext(RawContextCPU *out, const ucontext *uc); -+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc); - #endif - }; - -Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc -=================================================================== ---- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc -+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc -@@ -439,9 +439,9 @@ bool ExceptionHandler::HandleSignal(int - // Fill in all the holes in the struct to make Valgrind happy. - memset(&g_crash_context_, 0, sizeof(g_crash_context_)); - memcpy(&g_crash_context_.siginfo, info, sizeof(siginfo_t)); -- memcpy(&g_crash_context_.context, uc, sizeof(struct ucontext)); -+ memcpy(&g_crash_context_.context, uc, sizeof(ucontext_t)); - #if defined(__aarch64__) -- struct ucontext* uc_ptr = (struct ucontext*)uc; -+ ucontext_t* uc_ptr = (ucontext_t*)uc; - struct fpsimd_context* fp_ptr = - (struct fpsimd_context*)&uc_ptr->uc_mcontext.__reserved; - if (fp_ptr->head.magic == FPSIMD_MAGIC) { -@@ -452,7 +452,7 @@ bool ExceptionHandler::HandleSignal(int - // FP state is not part of user ABI on ARM Linux. - // In case of MIPS Linux FP state is already part of struct ucontext - // and 'float_state' is not a member of CrashContext. -- struct ucontext* uc_ptr = (struct ucontext*)uc; -+ ucontext_t* uc_ptr = (ucontext_t*)uc; - if (uc_ptr->uc_mcontext.fpregs) { - memcpy(&g_crash_context_.float_state, uc_ptr->uc_mcontext.fpregs, - sizeof(g_crash_context_.float_state)); -@@ -476,7 +476,7 @@ bool ExceptionHandler::SimulateSignalDel - // ExceptionHandler::HandleSignal(). - siginfo.si_code = SI_USER; - siginfo.si_pid = getpid(); -- struct ucontext context; -+ ucontext_t context; - getcontext(&context); - return HandleSignal(sig, &siginfo, &context); - } -Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h -=================================================================== ---- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h -+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h -@@ -191,7 +191,7 @@ class ExceptionHandler { - struct CrashContext { - siginfo_t siginfo; - pid_t tid; // the crashing thread. -- struct ucontext context; -+ ucontext_t context; - #if !defined(__ARM_EABI__) && !defined(__mips__) - // #ifdef this out because FP state is not part of user ABI for Linux ARM. - // In case of MIPS Linux FP state is already part of struct -Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc -=================================================================== ---- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc -+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc -@@ -571,7 +571,7 @@ class MicrodumpWriter { - - void* Alloc(unsigned bytes) { return dumper_->allocator()->Alloc(bytes); } - -- const struct ucontext* const ucontext_; -+ const ucontext_t* const ucontext_; - #if !defined(__ARM_EABI__) && !defined(__mips__) - const google_breakpad::fpstate_t* const float_state_; - #endif -Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc -=================================================================== ---- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc -+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc -@@ -1247,7 +1247,7 @@ class MinidumpWriter { - const int fd_; // File descriptor where the minidum should be written. - const char* path_; // Path to the file where the minidum should be written. - -- const struct ucontext* const ucontext_; // also from the signal handler -+ const ucontext_t* const ucontext_; // also from the signal handler - #if !defined(__ARM_EABI__) && !defined(__mips__) - const google_breakpad::fpstate_t* const float_state_; // ditto - #endif diff --git a/thunderbird-52.5.2-source.tar.xz b/thunderbird-52.5.2-source.tar.xz deleted file mode 100644 index 1f25783..0000000 --- a/thunderbird-52.5.2-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5bd859d3e940df6bfef46dfd5a9300b618d6557406c0d66e7c41af444541a662 -size 242240724 diff --git a/thunderbird-52.6-source.tar.xz b/thunderbird-52.6-source.tar.xz new file mode 100644 index 0000000..494dff1 --- /dev/null +++ b/thunderbird-52.6-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1dbf6f8948349c091ecf1004cc518fd82ff5c5fdf9953699b5acb5b8bcc653ad +size 242254396