rpm/MozillaThunderbird
SHA256
1
0
Fork 0
forked from pool/MozillaThunderbird
Code Pull Requests Activity

- update to Thunderbird 52.6 (bsc#1077291)

Browse Source 
* Searching message bodies of messages in local folders, including
    filter and quick filter operations, not working reliably: Content
    not found in base64-encode message parts, non-ASCII text not found
    and false positives found.
  * Defective messages (without at least one expected header) not shown
    in IMAP folders but shown on mobile devices
  * Calendar: Unintended task deletion if numlock is enabled
  * Mozilla platform security fixes
  MFSA 2018-04
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5096 (bmo#1418922)
    Use-after-free while editing form elements
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation
  * CVE-2018-5117 (bmo#1395508)
    URL spoofing with right-to-left text aligned left-to-right
  * CVE-2018-5089
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=397
This commit is contained in:
Wolfgang Rosenauer 2018-01-26 07:14:05 +00:00 committed by Git OBS Bridge
parent fa26255979
commit f8a44525c7
9 changed files with 58 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
MozillaThunderbird.changes
View File

@ -1,16 +1,55 @@
-------------------------------------------------------------------
Wed Jan 24 11:40:38 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 52.6 (bsc#1077291)
* Searching message bodies of messages in local folders, including
filter and quick filter operations, not working reliably: Content
not found in base64-encode message parts, non-ASCII text not found
and false positives found.
* Defective messages (without at least one expected header) not shown
in IMAP folders but shown on mobile devices
* Calendar: Unintended task deletion if numlock is enabled
* Mozilla platform security fixes
MFSA 2018-04
* CVE-2018-5095 (bmo#1418447)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-5096 (bmo#1418922)
Use-after-free while editing form elements
* CVE-2018-5097 (bmo#1387427)
Use-after-free when source document is manipulated during XSLT
* CVE-2018-5098 (bmo#1399400)
Use-after-free while manipulating form input elements
* CVE-2018-5099 (bmo#1416878)
Use-after-free with widget listener
* CVE-2018-5102 (bmo#1419363)
Use-after-free in HTML media elements
* CVE-2018-5103 (bmo#1423159)
Use-after-free during mouse event handling
* CVE-2018-5104 (bmo#1425000)
Use-after-free during font face manipulation
* CVE-2018-5117 (bmo#1395508)
URL spoofing with right-to-left text aligned left-to-right
* CVE-2018-5089
Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- dropped obsolete mozilla-ucontext.patch
-------------------------------------------------------------------
Sat Dec 23 18:36:42 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.5.2
* This releases fixes the "Mailsploit" vulnerability and other
vulnerabilities detected by the "Cure53" audit (MFSA 2017-30)
* CVE-2017-7846 (bmo#1411716, bsc#1074043)
vulnerabilities detected by the "Cure53" audit
MFSA 2017-30
* CVE-2017-7845 (bmo#1402372)
Buffer overflow when drawing and validating elements with ANGLE
library using Direct 3D 9
* CVE-2017-7846 (bmo#1411716)
JavaScript Execution via RSS in mailbox:// origin
* CVE-2017-7847 (bmo#1411708, bsc#1074044)
* CVE-2017-7847 (bmo#1411708)
Local path string can be leaked from RSS feed
* CVE-2017-7848 (bmo#1411699, bsc#1074045)
* CVE-2017-7848 (bmo#1411699)
RSS Feed vulnerable to new line Injection
* CVE-2017-7829 (bmo#1423432, bsc#1074046)
* CVE-2017-7829 (bmo#1423432)
Mailsploit part 1: From address with encoded null character is
cut off in message header display

10
MozillaThunderbird.spec
View File

@ -1,8 +1,8 @@
#
# spec file for package MozillaThunderbird
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# 2006-2017 Wolfgang Rosenauer <wr@rosenauer.org>
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# 2006-2018 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,9 +17,9 @@
#
%define mainversion 52.5.2
%define mainversion 52.6
%define update_channel release
%define releasedate 201712220000
%define releasedate 201801240000
%bcond_without mozilla_tb_kde4
%bcond_with mozilla_tb_valgrind
@ -109,7 +109,6 @@ Patch3: mozilla-kde.patch
Patch4: mozilla-develdirs.patch
Patch5: mozilla-no-stdcxx-check.patch
Patch6: mozilla-aarch64-startup-crash.patch
Patch7: mozilla-ucontext.patch
# Thunderbird/mail
Patch20: tb-ssldap.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -203,7 +202,6 @@ pushd mozilla
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
popd
# comm-central patches
%patch20 -p1

4
compare-locales.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a2b34b61f64bf1c9715f218b9dab90fb95eb15c9e29cc3195ac9a2546666ec36
size 28376
oid sha256:8a99c19f2d81689b8d0f47dce8f0a6eff1bd8e8380223d68e2fe9f9b60621f49
size 28408

4
create-tar.sh
View File

@ -2,8 +2,8 @@
CHANNEL="esr52"
BRANCH="releases/comm-$CHANNEL"
RELEASE_TAG="THUNDERBIRD_52_5_2_RELEASE"
VERSION="52.5.2"
RELEASE_TAG="THUNDERBIRD_52_6_0_RELEASE"
VERSION="52.6"
echo "cloning $BRANCH..."
hg clone http://hg.mozilla.org/$BRANCH thunderbird

3
l10n-52.5.2.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1ce68842f35878969a160d4e4b68ff80eb26dce18d00040279fc9b7e685ea729
size 26212512

3
l10n-52.6.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5cd993b34ac353fd3a3f2f072bf6a61be9e67d078022c59a99948fee3028d90e
size 26224072

203
mozilla-ucontext.patch
View File

@ -1,203 +0,0 @@
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc
===================================================================
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc
@@ -40,15 +40,15 @@ namespace google_breakpad {
#if defined(__i386__)
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
return uc->uc_mcontext.gregs[REG_ESP];
}
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
return uc->uc_mcontext.gregs[REG_EIP];
}
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
const struct _libc_fpstate* fp) {
const greg_t* regs = uc->uc_mcontext.gregs;
@@ -88,15 +88,15 @@ void UContextReader::FillCPUContext(RawC
#elif defined(__x86_64)
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
return uc->uc_mcontext.gregs[REG_RSP];
}
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
return uc->uc_mcontext.gregs[REG_RIP];
}
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
const struct _libc_fpstate* fpregs) {
const greg_t* regs = uc->uc_mcontext.gregs;
@@ -145,15 +145,15 @@ void UContextReader::FillCPUContext(RawC
#elif defined(__ARM_EABI__)
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
return uc->uc_mcontext.arm_sp;
}
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
return uc->uc_mcontext.arm_pc;
}
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) {
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) {
out->context_flags = MD_CONTEXT_ARM_FULL;
out->iregs[0] = uc->uc_mcontext.arm_r0;
@@ -184,15 +184,15 @@ void UContextReader::FillCPUContext(RawC
#elif defined(__aarch64__)
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
return uc->uc_mcontext.sp;
}
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
return uc->uc_mcontext.pc;
}
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
const struct fpsimd_context* fpregs) {
out->context_flags = MD_CONTEXT_ARM64_FULL;
@@ -210,15 +210,15 @@ void UContextReader::FillCPUContext(RawC
#elif defined(__mips__)
-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
return uc->uc_mcontext.gregs[MD_CONTEXT_MIPS_REG_SP];
}
-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
return uc->uc_mcontext.pc;
}
-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) {
+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) {
#if _MIPS_SIM == _ABI64
out->context_flags = MD_CONTEXT_MIPS64_FULL;
#elif _MIPS_SIM == _ABIO32
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h
===================================================================
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h
@@ -41,21 +41,21 @@ namespace google_breakpad {
// Wraps platform-dependent implementations of accessors to ucontext structs.
struct UContextReader {
- static uintptr_t GetStackPointer(const struct ucontext* uc);
+ static uintptr_t GetStackPointer(const ucontext_t* uc);
- static uintptr_t GetInstructionPointer(const struct ucontext* uc);
+ static uintptr_t GetInstructionPointer(const ucontext_t* uc);
// Juggle a arch-specific ucontext into a minidump format
// out: the minidump structure
// info: the collection of register structures.
#if defined(__i386__) || defined(__x86_64)
- static void FillCPUContext(RawContextCPU *out, const ucontext *uc,
+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
const struct _libc_fpstate* fp);
#elif defined(__aarch64__)
- static void FillCPUContext(RawContextCPU *out, const ucontext *uc,
+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
const struct fpsimd_context* fpregs);
#else
- static void FillCPUContext(RawContextCPU *out, const ucontext *uc);
+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc);
#endif
};
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc
===================================================================
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc
@@ -439,9 +439,9 @@ bool ExceptionHandler::HandleSignal(int
// Fill in all the holes in the struct to make Valgrind happy.
memset(&g_crash_context_, 0, sizeof(g_crash_context_));
memcpy(&g_crash_context_.siginfo, info, sizeof(siginfo_t));
- memcpy(&g_crash_context_.context, uc, sizeof(struct ucontext));
+ memcpy(&g_crash_context_.context, uc, sizeof(ucontext_t));
#if defined(__aarch64__)
- struct ucontext* uc_ptr = (struct ucontext*)uc;
+ ucontext_t* uc_ptr = (ucontext_t*)uc;
struct fpsimd_context* fp_ptr =
(struct fpsimd_context*)&uc_ptr->uc_mcontext.__reserved;
if (fp_ptr->head.magic == FPSIMD_MAGIC) {
@@ -452,7 +452,7 @@ bool ExceptionHandler::HandleSignal(int
// FP state is not part of user ABI on ARM Linux.
// In case of MIPS Linux FP state is already part of struct ucontext
// and 'float_state' is not a member of CrashContext.
- struct ucontext* uc_ptr = (struct ucontext*)uc;
+ ucontext_t* uc_ptr = (ucontext_t*)uc;
if (uc_ptr->uc_mcontext.fpregs) {
memcpy(&g_crash_context_.float_state, uc_ptr->uc_mcontext.fpregs,
sizeof(g_crash_context_.float_state));
@@ -476,7 +476,7 @@ bool ExceptionHandler::SimulateSignalDel
// ExceptionHandler::HandleSignal().
siginfo.si_code = SI_USER;
siginfo.si_pid = getpid();
- struct ucontext context;
+ ucontext_t context;
getcontext(&context);
return HandleSignal(sig, &siginfo, &context);
}
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h
===================================================================
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h
@@ -191,7 +191,7 @@ class ExceptionHandler {
struct CrashContext {
siginfo_t siginfo;
pid_t tid; // the crashing thread.
- struct ucontext context;
+ ucontext_t context;
#if !defined(__ARM_EABI__) && !defined(__mips__)
// #ifdef this out because FP state is not part of user ABI for Linux ARM.
// In case of MIPS Linux FP state is already part of struct
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc
===================================================================
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc
@@ -571,7 +571,7 @@ class MicrodumpWriter {
void* Alloc(unsigned bytes) { return dumper_->allocator()->Alloc(bytes); }
- const struct ucontext* const ucontext_;
+ const ucontext_t* const ucontext_;
#if !defined(__ARM_EABI__) && !defined(__mips__)
const google_breakpad::fpstate_t* const float_state_;
#endif
Index: mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc
===================================================================
--- mozilla.orig/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc
+++ mozilla/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc
@@ -1247,7 +1247,7 @@ class MinidumpWriter {
const int fd_; // File descriptor where the minidum should be written.
const char* path_; // Path to the file where the minidum should be written.
- const struct ucontext* const ucontext_; // also from the signal handler
+ const ucontext_t* const ucontext_; // also from the signal handler
#if !defined(__ARM_EABI__) && !defined(__mips__)
const google_breakpad::fpstate_t* const float_state_; // ditto
#endif

3
thunderbird-52.5.2-source.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5bd859d3e940df6bfef46dfd5a9300b618d6557406c0d66e7c41af444541a662
size 242240724

3
thunderbird-52.6-source.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1dbf6f8948349c091ecf1004cc518fd82ff5c5fdf9953699b5acb5b8bcc653ad
size 242254396