From fbc02620d0eeed94efa4ca6f46b3aec09a39cf02f7ecb32ac8ae7f3039017979 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 11 Jun 2014 11:43:13 +0000 Subject: [PATCH] - update to Thunderbird 24.6.0 (bnc#881874) * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, bmo#996536, bmo#996715, bmo#999651, bmo#1000598, bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, bmo#1009952, bmo#1011007) Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 (bmo#989994, bmo#999274, bmo#1005584) Use-after-free and out of bounds issues found using Address Sanitizer * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) Use-after-free with SMIL Animation Controller * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) Out of bounds write in NSPR - require NSPR 4.10.6 because of MFSA 2014-55/CVE-2014-1545 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=246 --- MozillaThunderbird.changes | 21 +++++++++++++++++++++ MozillaThunderbird.spec | 6 +++--- compare-locales.tar.bz2 | 4 ++-- create-tar.sh | 4 ++-- l10n-24.5.0.tar.bz2 | 3 --- l10n-24.6.0.tar.bz2 | 3 +++ thunderbird-24.5.0-source.tar.bz2 | 3 --- thunderbird-24.6.0-source.tar.bz2 | 3 +++ 8 files changed, 34 insertions(+), 13 deletions(-) delete mode 100644 l10n-24.5.0.tar.bz2 create mode 100644 l10n-24.6.0.tar.bz2 delete mode 100644 thunderbird-24.5.0-source.tar.bz2 create mode 100644 thunderbird-24.6.0-source.tar.bz2 diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index fb87278..43811cb 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Sat Jun 7 09:07:06 UTC 2014 - wr@rosenauer.org + +- update to Thunderbird 24.6.0 (bnc#881874) + * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 + (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, + bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, + bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, + bmo#996536, bmo#996715, bmo#999651, bmo#1000598, + bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, + bmo#1009952, bmo#1011007) + Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) + * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 + (bmo#989994, bmo#999274, bmo#1005584) + Use-after-free and out of bounds issues found using Address Sanitizer + * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) + Use-after-free with SMIL Animation Controller + * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) + Out of bounds write in NSPR +- require NSPR 4.10.6 because of MFSA 2014-55/CVE-2014-1545 + ------------------------------------------------------------------- Fri Apr 25 09:41:14 UTC 2014 - wr@rosenauer.org diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 289d3ed..0c05fe1 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,7 +17,7 @@ # -%define mainversion 24.5.0 +%define mainversion 24.6.0 %define update_channel release %define gstreamer_ver 0.10 %define with_kde 1 @@ -33,7 +33,7 @@ BuildRequires: libcurl-devel BuildRequires: libgnomeui-devel BuildRequires: libidl-devel BuildRequires: libnotify-devel -BuildRequires: mozilla-nspr-devel >= 4.10.2 +BuildRequires: mozilla-nspr-devel >= 4.10.6 BuildRequires: mozilla-nss-devel >= 3.15.4 BuildRequires: nss-shared-helper-devel BuildRequires: python @@ -50,7 +50,7 @@ BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver) %endif Version: %{mainversion} Release: 0 -%define releasedate 2014042400 +%define releasedate 2014061000 Provides: thunderbird = %{version} %if %{with_kde} # this is needed to match this package with the kde4 helper package without the main package diff --git a/compare-locales.tar.bz2 b/compare-locales.tar.bz2 index 2db2611..1f0189c 100644 --- a/compare-locales.tar.bz2 +++ b/compare-locales.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:561636ad931b76dfec6f9ba63193c8f747aa69b898a970873726e770b0739f7f -size 29867 +oid sha256:3eae13654626579b026879ec18e4eec02a87e57cd9dc67f8693be0d7efc69c86 +size 29834 diff --git a/create-tar.sh b/create-tar.sh index e78b53d..fa408c7 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr24" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_24_5_0_RELEASE" -VERSION="24.5.0" +RELEASE_TAG="THUNDERBIRD_24_6_0_RELEASE" +VERSION="24.6.0" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-24.5.0.tar.bz2 b/l10n-24.5.0.tar.bz2 deleted file mode 100644 index bdfef4f..0000000 --- a/l10n-24.5.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:83ed1c329bd6302bde6b378a3faf4b9a2d23c618b7759be5f3892a5d82223d92 -size 27290604 diff --git a/l10n-24.6.0.tar.bz2 b/l10n-24.6.0.tar.bz2 new file mode 100644 index 0000000..13400b8 --- /dev/null +++ b/l10n-24.6.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98e32125a20b6b5ab3e0c8eb3ebf5d55355514f677acd8955da7164f551f6bfe +size 27292529 diff --git a/thunderbird-24.5.0-source.tar.bz2 b/thunderbird-24.5.0-source.tar.bz2 deleted file mode 100644 index c806345..0000000 --- a/thunderbird-24.5.0-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a16b14291a9a43f0354d7bc5423ef1eded22c0c49615d27eb85dccb6a83ef6aa -size 142125966 diff --git a/thunderbird-24.6.0-source.tar.bz2 b/thunderbird-24.6.0-source.tar.bz2 new file mode 100644 index 0000000..ebfca28 --- /dev/null +++ b/thunderbird-24.6.0-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1400fd4a0afa99d2168648d77cb07901613cd3ba56204d48f2fbe492ed95d8a6 +size 142128735