From ffa346f8d70ab5aecaef88830386f8f9845a15afd5f5748da43f8dec5c7eba65 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Wed, 7 Aug 2013 12:03:36 +0000
Subject: [PATCH] - update to Thunderbird 17.0.8 (bnc#833389)   * MFSA
 2013-63/CVE-2013-1701     Miscellaneous memory safety hazards   * MFSA
 2013-68/CVE-2013-1709 (bmo#838253)     Document URI misrepresentation and
 masquerading   * MFSA 2013-69/CVE-2013-1710 (bmo#871368)     CRMF requests
 allow for code execution and XSS attacks   * MFSA 2013-72/CVE-2013-1713
 (bmo#887098)     Wrong principal used for validating URI for some Javascript 
    components   * MFSA 2013-73/CVE-2013-1714 (bmo#879787)     Same-origin
 bypass with web workers and XMLHttpRequest   * MFSA 2013-75/CVE-2013-1717
 (bmo#406541, bmo#738397)     Local Java applets may read contents of local
 file system

- update Enigmail to 1.5.2
  * bugfix release

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=220
---
 MozillaThunderbird.changes        | 24 ++++++++++++++++++++++++
 MozillaThunderbird.spec           |  8 ++++----
 compare-locales.tar.bz2           |  4 ++--
 create-tar.sh                     |  4 ++--
 enigmail-1.5.1.tar.gz             |  3 ---
 enigmail-1.5.2.tar.gz             |  3 +++
 l10n-17.0.7.tar.bz2               |  3 ---
 l10n-17.0.8.tar.bz2               |  3 +++
 thunderbird-17.0.7-source.tar.bz2 |  3 ---
 thunderbird-17.0.8-source.tar.bz2 |  3 +++
 10 files changed, 41 insertions(+), 17 deletions(-)
 delete mode 100644 enigmail-1.5.1.tar.gz
 create mode 100644 enigmail-1.5.2.tar.gz
 delete mode 100644 l10n-17.0.7.tar.bz2
 create mode 100644 l10n-17.0.8.tar.bz2
 delete mode 100644 thunderbird-17.0.7-source.tar.bz2
 create mode 100644 thunderbird-17.0.8-source.tar.bz2

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index d835f2f..db1f591 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Fri Aug  2 06:01:03 UTC 2013 - wr@rosenauer.org
+
+- update to Thunderbird 17.0.8 (bnc#833389)
+  * MFSA 2013-63/CVE-2013-1701
+    Miscellaneous memory safety hazards
+  * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+    Document URI misrepresentation and masquerading
+  * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+    CRMF requests allow for code execution and XSS attacks
+  * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+    Wrong principal used for validating URI for some Javascript
+    components
+  * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+    Same-origin bypass with web workers and XMLHttpRequest
+  * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+    Local Java applets may read contents of local file system
+
+-------------------------------------------------------------------
+Wed Jul 17 17:28:39 UTC 2013 - wr@rosenauer.org
+
+- update Enigmail to 1.5.2
+  * bugfix release
+
 -------------------------------------------------------------------
 Mon Jun 24 10:17:22 UTC 2013 - wr@rosenauer.org
 
diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index b55f48e..d75cf52 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -40,11 +40,11 @@ BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
 BuildRequires:  yasm
 BuildRequires:  zip
-%define mainversion 17.0.7
+%define mainversion 17.0.8
 %define update_channel release
 Version:        %{mainversion}
 Release:        0
-%define releasedate 2013062000
+%define releasedate 2013080100
 Provides:       thunderbird = %{version}
 %if %{with_kde}
 # this is needed to match this package with the kde4 helper package without the main package
@@ -65,7 +65,7 @@ Source4:        l10n-%{version}.tar.bz2
 Source6:        suse-default-prefs.js
 Source7:        find-external-requires.sh
 Source8:        thunderbird-rpmlintrc
-Source9:        enigmail-1.5.1.tar.gz
+Source9:        enigmail-1.5.2.tar.gz
 Source10:       create-tar.sh
 Source11:       compare-locales.tar.bz2
 Source12:       kde.js
@@ -175,7 +175,7 @@ symbols meant for upload to Mozilla's crash collector database.
 
 %if %build_enigmail
 %package -n enigmail
-Version:        1.5.1+%{mainversion}
+Version:        1.5.2+%{mainversion}
 Release:        0
 Summary:        OpenPGP addon for Thunderbird and SeaMonkey
 License:        MPL-1.1 or GPL-2.0+
diff --git a/compare-locales.tar.bz2 b/compare-locales.tar.bz2
index 1d1f1d0..85a73ae 100644
--- a/compare-locales.tar.bz2
+++ b/compare-locales.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b0d08936b1a1fd715b07d7fad9f25bb2dadd3f088839766a6d50849a8fbc3d74
-size 29922
+oid sha256:2228bed9902f18c5fb22ec286d081b9773d19f3157bd68517c2e7dd3a5e13272
+size 29890
diff --git a/create-tar.sh b/create-tar.sh
index 56b5f9a..d02e85c 100644
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -2,8 +2,8 @@
 
 CHANNEL="esr17"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_17_0_7_RELEASE"
-VERSION="17.0.7"
+RELEASE_TAG="THUNDERBIRD_17_0_8_RELEASE"
+VERSION="17.0.8"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird
diff --git a/enigmail-1.5.1.tar.gz b/enigmail-1.5.1.tar.gz
deleted file mode 100644
index 8bf6ddd..0000000
--- a/enigmail-1.5.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:234ca3c8f7c74afb64ebdaa4762e358f35a72c1f8de007b992497fc2db803af0
-size 1213954
diff --git a/enigmail-1.5.2.tar.gz b/enigmail-1.5.2.tar.gz
new file mode 100644
index 0000000..8d91e28
--- /dev/null
+++ b/enigmail-1.5.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f20d6d1be1ab12dc2f1208d8f01227fd7e5c4dcf5d6f4bd0833a932b58973a26
+size 1211395
diff --git a/l10n-17.0.7.tar.bz2 b/l10n-17.0.7.tar.bz2
deleted file mode 100644
index 2a3e915..0000000
--- a/l10n-17.0.7.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b7045f20c9d69f8d52fd3e0b4da109bbc5c4b17530f91a4a0d6d03d4f9212c1d
-size 26789123
diff --git a/l10n-17.0.8.tar.bz2 b/l10n-17.0.8.tar.bz2
new file mode 100644
index 0000000..6a3b073
--- /dev/null
+++ b/l10n-17.0.8.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4629e07b19c663e018d49222aff5390b0281cbba3b3dd847793fde46df15d613
+size 26764663
diff --git a/thunderbird-17.0.7-source.tar.bz2 b/thunderbird-17.0.7-source.tar.bz2
deleted file mode 100644
index b647fbc..0000000
--- a/thunderbird-17.0.7-source.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0adc78bd42c060b6923bfeb53d700b310dbf8eedba7ac819d5a9b1a9c2d576de
-size 115019945
diff --git a/thunderbird-17.0.8-source.tar.bz2 b/thunderbird-17.0.8-source.tar.bz2
new file mode 100644
index 0000000..5103715
--- /dev/null
+++ b/thunderbird-17.0.8-source.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c6c487fde5f068b07b8f445453e50051648e0af1630c3cdc84e991a8a5067041
+size 115020552