1
0
Commit Graph

380 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
126ce832a3 changelog (security related) missing still
- MozillaThunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches
  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs
  * CVE-2018-18498 bmo#1500011
    Integer overflow when calculating buffer sizes for images

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=451
2019-01-29 19:03:55 +00:00
Wolfgang Rosenauer
6953ad0d97 - requires NSS 3.36.6
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=448
2018-12-21 21:18:40 +00:00
Wolfgang Rosenauer
b67553185b Accepting request 660601 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 60.4.0

OBS-URL: https://build.opensuse.org/request/show/660601
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=447
2018-12-21 21:10:16 +00:00
Wolfgang Rosenauer
47ff8451c2 - Mozilla Thunderbird 60.3.3
* Thunderbird 60 will migrate security databases (key3.db, cert8.db
    to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
    fault that potentially deleted saved passwords and private certificate
    keys for users using a master password. Version 60.3.3 will prevent
    the loss of data; affected users who have already upgraded to version
    60.3.2 or earlier can restore the deleted key3.db file from backup
    to complete the migration.
  * Address book search and auto-complete slowness introduced in
    Thunderbird 60.3.2
  * Plain text markup with * for bold, / for italics, _ for underline
    and | for code did not work when the enclosed text contained
    non-ASCII characters
  * While composing a message, a link not removed when link location
    was removed in the link properties panel

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=445
2018-12-05 21:18:03 +00:00
Wolfgang Rosenauer
0f47d98b6b Accepting request 653550 from home:AndreasStieger:branches:mozilla:Factory
- Fix build on openSUSE Leap 15.x w.r.t. rust-std requirement

OBS-URL: https://build.opensuse.org/request/show/653550
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=443
2018-12-03 15:06:20 +00:00
Wolfgang Rosenauer
e5fa4278bb - Mozilla Thunderbird 60.3.2
* Encoding problems when exporting address books or messages using
    the system charset. Messages are now always exported using the
    UTF-8 encoding
  * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969
    was displayed. Now using date from "Received" header instead.
  * Body search/filtering didn't reliably ignore content of tags
  * Inappropriate warning "Thunderbird prevented the site
    (addons.thunderbird.net) from asking you to install software on
    your computer" when installing add-ons
  * Incorrect display of correspondents column since own email
    address was not always detected
  * Spurious 
 (encoded newline) inserted into drafts and sent email

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=442
2018-11-30 10:20:59 +00:00
Wolfgang Rosenauer
a3384a6fef Accepting request 649349 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 60.3.1

OBS-URL: https://build.opensuse.org/request/show/649349
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=439
2018-11-16 06:40:27 +00:00
Wolfgang Rosenauer
effd24db38 - update to Thunderbird 60.3.0
* various theme fixes
  * Shift+PageUp/PageDown in Write window
  * Gloda attachment filtering
  * Mailing list address auto-complete enter/return handling
  * Thunderbird hung if HTML signature references non-existent image
  * Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
  (Firefox ESR release). In general, these flaws cannot be exploited
  through email in Thunderbird because scripting is disabled when
  reading mail, but are potentially risks in browser or browser-like
  contexts (MFSA 2018-28) (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
    Memory safety bugs fixed in Firefox ESR 60.3
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

  * Fix security info dialog in compose window not showing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=437
2018-11-01 17:28:09 +00:00
Wolfgang Rosenauer
9bb3d7bcac Accepting request 644807 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch
- Add memory-constraints to avoid OOM errors

OBS-URL: https://build.opensuse.org/request/show/644807
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=436
2018-10-29 08:28:50 +00:00
Wolfgang Rosenauer
234d7a115c Accepting request 641717 from home:msmeissn:branches:mozilla:Factory
- provide / obsolete MozillaThunderbird-devel as this is no longer
  shipped to allow migration scenarios

OBS-URL: https://build.opensuse.org/request/show/641717
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=434
2018-10-12 15:11:47 +00:00
Wolfgang Rosenauer
266f4763da Accepting request 640045 from home:AndreasStieger:branches:mozilla:Factory
add CVEs from MFSA 2018-25

OBS-URL: https://build.opensuse.org/request/show/640045
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=432
2018-10-05 09:08:04 +00:00
Wolfgang Rosenauer
c0d713ad9e Accepting request 640011 from home:AndreasStieger:branches:mozilla:Factory
some changelog additions. Are these okay for you?

OBS-URL: https://build.opensuse.org/request/show/640011
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=431
2018-10-04 20:00:55 +00:00
Wolfgang Rosenauer
46ff0ae0de - update to Thunderbird 60.2.1
* several bugfixes since release of version 60.0
  * security fixes for the Mozilla platform picked up from
    60.1 and 60.2 (Firefox ESR releases)
- Update file list since minidump-analyzer is only available when
  * Various fixes and changes to e-mail workflow

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=430
2018-10-03 20:05:00 +00:00
Wolfgang Rosenauer
31b60fdd31 Accepting request 635007 from home:Guillaume_G:branches:mozilla:Factory
- Update file list since minidump-analyzer is only available when crashreporter is enabled

OBS-URL: https://build.opensuse.org/request/show/635007
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=428
2018-09-12 09:58:10 +00:00
Wolfgang Rosenauer
c08272f856 Accepting request 632919 from home:AndreasStieger:branches:mozilla:Factory
Add changelog detail for MFSA 2018-19 (bsc#1098998)

OBS-URL: https://build.opensuse.org/request/show/632919
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=426
2018-09-03 20:13:55 +00:00
Wolfgang Rosenauer
affcd2db3c Accepting request 631539 from home:AndreasStieger:branches:mozilla:Factory
- remove non-free untar licenced code from distributed tarball

OBS-URL: https://build.opensuse.org/request/show/631539
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=423
2018-08-27 08:09:20 +00:00
Wolfgang Rosenauer
275bc9bdcb Accepting request 629370 from home:iznogood:branches:mozilla:Factory
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/629370
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=422
2018-08-15 09:38:21 +00:00
Wolfgang Rosenauer
b3d2742026 * mozilla-develdirs.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=421
2018-08-07 06:32:26 +00:00
Wolfgang Rosenauer
696d48eaf5 * tb-ssldap.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=420
2018-08-06 21:32:03 +00:00
Wolfgang Rosenauer
cde9b1d6a6 - update to Thunderbird 60.0
* requires NSPR 4.19 and NSS 3.36.4
  * what's new
    https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
- source archives are now signed directly
  (removed checksum signature check)
- imported patches from Firefox 60
  * mozilla-bmo1375074.patch
  * mozilla-bmo1464766.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
- removed obsolete patches
  * mozilla-language.patch
- removed -devel subpackage as old-style extensions are mainly gone
- storing of remote content settings fixed (boo#1084603)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=419
2018-08-06 14:26:01 +00:00
Wolfgang Rosenauer
93fe18dfd9 Accepting request 621937 from home:AndreasStieger:branches:mozilla:Factory
add bugzilla reference

OBS-URL: https://build.opensuse.org/request/show/621937
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=417
2018-07-10 17:29:54 +00:00
Wolfgang Rosenauer
1179b0a448 * Deleting or detaching attachments corrupted messages under certain
circumstances (bmo#1473893)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=416
2018-07-10 09:03:21 +00:00
Wolfgang Rosenauer
97874126cc - update to Thunderbird 52.9.1
* fix detaching attachments (bmo#1473893)
    otherwise might reveal decryted content to the attacker.
    "simple" HTML view

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=415
2018-07-10 06:54:09 +00:00
Wolfgang Rosenauer
5e3677350a Accepting request 620593 from home:AndreasStieger:branches:mozilla:Factory
add some bugzilla references

OBS-URL: https://build.opensuse.org/request/show/620593
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=411
2018-07-04 08:58:13 +00:00
Wolfgang Rosenauer
4460ca6a07 MFSA 2018-16 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162)
    Buffer overflow using computed size of canvas element
  * CVE-2018-12360 (bmo#1459693)
    Use-after-free when using focus()
  * CVE-2018-12372 (bmo#1419417)
    S/MIME and PGP decryption oracles can be built with HTML emails
  * CVE-2018-12373 (bmo#1464667, bmo#1464056)
    S/MIME plaintext can be leaked through HTML reply/forward
  * CVE-2018-12362 (bmo#1452375)
    Integer overflow in SSSE3 scaler
  * CVE-2018-12363 (bmo#1464784)
    Use-after-free when appending DOM nodes
  * CVE-2018-12364 (bmo#1436241)
    CSRF attacks through 307 redirects and NPAPI plugins
  * CVE-2018-12365 (bmo#1459206)
    Compromised IPC child process can list local filenames
  * CVE-2018-12366 (bmo#1464039)
    Invalid data handling during QCMS transformations
  * CVE-2018-12374 (bmo#1462910)
    Using form to exfiltrate encrypted mail part by pressing enter in form field
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
    bmo#1464079,bmo#1463494,bmo#1458048)
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=410
2018-07-04 05:58:22 +00:00
Wolfgang Rosenauer
9a9de5cf1f - update to Thunderbird 52.9 (bsc#1098998)
- correct requires and provides handling (boo#1076907)
- reduce memory footprint with %ix86 at linking time via additional
  compiler flags (boo#1091376)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=409
2018-07-02 13:49:36 +00:00
Wolfgang Rosenauer
07cdaea7b5 Accepting request 620026 from home:AndreasStieger:branches:mozilla:Factory
- Build from upstream source archive and verify source signature
  (boo#1085780)

OBS-URL: https://build.opensuse.org/request/show/620026
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=408
2018-07-02 12:10:40 +00:00
Wolfgang Rosenauer
cd0e3ea9a0 - update to Thunderbird 52.8 (bsc#1092548)
MFSA 2018-13
  * CVE-2018-5183 (bmo#1454692)
    Backport critical security fixes in Skia
  * CVE-2018-5184 (bmo#1411592, bsc#1093152)
    Full plaintext recovery in S/MIME via chosen-ciphertext attack
  * CVE-2018-5154 (bmo#1443092)
    Use-after-free with SVG animations and clip paths
  * CVE-2018-5155 (bmo#1448774)
    Use-after-free with SVG animations and text paths
  * CVE-2018-5159 (bmo#1441941)
    Integer overflow and out-of-bounds write in Skia
  * CVE-2018-5161 (bmo#1411720)
    Hang via malformed headers
  * CVE-2018-5162 (bmo#1457721, bsc#1093152)
    Encrypted mail leaks plaintext through src attribute
  * CVE-2018-5170 (bmo#1411732)
    Filename spoofing for external attachments
  * CVE-2018-5168 (bmo#1449548)
    Lightweight themes can be installed without user interaction
  * CVE-2018-5174 (bmo#1447080) (Windows only)
    Windows Defender SmartScreen UI runs with less secure behavior
    for downloaded files in Windows 10 April 2018 Update
  * CVE-2018-5178 (bmo#1443891)
    Buffer overflow during UTF-8 to Unicode string conversion
    through legacy extension
  * CVE-2018-5185 (bmo#1450345)
    Leaking plaintext through HTML forms
  * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705,
    bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=406
2018-05-19 10:55:26 +00:00
Wolfgang Rosenauer
b632ec1b68 Accepting request 592294 from home:oertel:branches:mozilla:Factory
- Exclude bigendian archs for now, have not built
  since version 45.8.0
  ExcludeArch: ppc ppc64 s390 s390x

OBS-URL: https://build.opensuse.org/request/show/592294
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=404
2018-03-29 13:46:17 +00:00
Wolfgang Rosenauer
2fe1d46e22 Accepting request 590831 from home:AndreasStieger:branches:mozilla:Factory
Adjust changelog based on MFSA 2018-09

OBS-URL: https://build.opensuse.org/request/show/590831
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=402
2018-03-26 11:03:30 +00:00
Wolfgang Rosenauer
120baf56d9 - update to Thunderbird 52.7 (bsc#1085130)
* Searching message bodies of messages in local folders, including
    filter and quick filter operations, did not find content in
    message attachments
  * Better error handling for Yahoo accounts
  MFSA 2018-08
  * CVE-2018-5146 (bmo#1446062)
    Out of bounds memory write in libvorbis
  * CVE-2018-5147 (bmo#1446365)
    Out of bounds memory write in libtremor

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=401
2018-03-24 09:35:07 +00:00
Wolfgang Rosenauer
77c48f2707 * CVE-2017-7846 (bmo#1411716, bsc#1074043)
* CVE-2017-7847 (bmo#1411708, bsc#1074044)
  * CVE-2017-7848 (bmo#1411699, bsc#1074045)
  * CVE-2017-7829 (bmo#1423432, bsc#1074046)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=399
2018-02-16 09:09:25 +00:00
Wolfgang Rosenauer
f8a44525c7 - update to Thunderbird 52.6 (bsc#1077291)
* Searching message bodies of messages in local folders, including
    filter and quick filter operations, not working reliably: Content
    not found in base64-encode message parts, non-ASCII text not found
    and false positives found.
  * Defective messages (without at least one expected header) not shown
    in IMAP folders but shown on mobile devices
  * Calendar: Unintended task deletion if numlock is enabled
  * Mozilla platform security fixes
  MFSA 2018-04
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5096 (bmo#1418922)
    Use-after-free while editing form elements
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation
  * CVE-2018-5117 (bmo#1395508)
    URL spoofing with right-to-left text aligned left-to-right
  * CVE-2018-5089
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=397
2018-01-26 07:14:05 +00:00
Wolfgang Rosenauer
fa26255979 Accepting request 559653 from home:AndreasStieger:branches:mozilla:Factory
changlog

OBS-URL: https://build.opensuse.org/request/show/559653
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=395
2017-12-23 21:58:24 +00:00
Wolfgang Rosenauer
a542d644fe - update to Thunderbird 52.5.2
* This releases fixes the "Mailsploit" vulnerability and other
    vulnerabilities detected by the "Cure53" audit
  MFSA 2017-30
  * CVE-2017-7845 (bmo#1402372)
    Buffer overflow when drawing and validating elements with ANGLE
    library using Direct 3D 9
  * CVE-2017-7846 (bmo#1411716)
    JavaScript Execution via RSS in mailbox:// origin
  * CVE-2017-7847 (bmo#1411708)
    Local path string can be leaked from RSS feed
  * CVE-2017-7848 (bmo#1411699)
    RSS Feed vulnerable to new line Injection
  * CVE-2017-7829 (bmo#1423432)
    Mailsploit part 1: From address with encoded null character is
    cut off in message header display

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=394
2017-12-23 20:06:58 +00:00
Wolfgang Rosenauer
a9f94c0e74 Accepting request 555272 from home:dimstar:Factory
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

OBS-URL: https://build.opensuse.org/request/show/555272
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=392
2017-12-11 08:32:59 +00:00
Wolfgang Rosenauer
ca09b0503f * Better support for Charter/Spectrum IMAP: Thunderbird will now
detect Charter's IMAP service and send an additional IMAP select
    command to the server. Check the various preferences ending in
    "force_select" to see whether auto-detection has discovered this case.
  * In search folders spanning multiple base folders clicking on a
    message sometimes marked another message as read
  * IMAP alerts have been corrected and now show the correct server
    name in case of connection problems
  * POP alerts have been corrected and now indicate connection problems
    in case the configured POP server cannot be found
  MFSA 2017-26

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=390
2017-11-25 07:08:27 +00:00
Wolfgang Rosenauer
db14770321 Accepting request 544396 from home:Zaitor:branches:mozilla:Factory
Resub rebased

OBS-URL: https://build.opensuse.org/request/show/544396
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=389
2017-11-22 19:21:46 +00:00
Wolfgang Rosenauer
21edfd304e - update to Thunderbird 52.5.0 (bsc#1068101)
MFSA 2017-25
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7826
    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=388
2017-11-22 10:48:23 +00:00
Wolfgang Rosenauer
c0196e9638 * new behavior was introduced for replies to mailing list posts:
"When replying to a mailing list, reply will be sent to address
    in From header ignoring Reply-to header". A new preference
    mail.override_list_reply_to allows to restore the previous behavior.
  * Under certain circumstances (image attachment and non-image
    attachment), attached images were shown truncated in messages
    stored in IMAP folders not synchronised for offline use.
  * IMAP UIDs > 0x7FFFFFFF now handled properly
  Security fixes from Gecko 52.4esr
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=386
2017-10-06 20:50:03 +00:00
Wolfgang Rosenauer
5a7900b24a Accepting request 531253 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 52.4.0 (bsc#1060445)
MFSA/CVEs still missing...

OBS-URL: https://build.opensuse.org/request/show/531253
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=385
2017-10-04 15:11:54 +00:00
Wolfgang Rosenauer
86366658fe Accepting request 529099 from home:dimstar:Factory
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.

OBS-URL: https://build.opensuse.org/request/show/529099
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=384
2017-09-28 08:25:59 +00:00
Wolfgang Rosenauer
3cf568899e - update to Thunderbird 52.3 (boo#1052829)
Fixed issues:
  * Unwanted inline images shown in rogue SPAM messages
  * Deleting message from the POP3 server not working when maildir
    storage was used
  * Message disposition flag (replied / forwarded) lost when reply or
    forwarded message was stored as draft and draft was sent later
  * Inline images not scaled to fit when printing
  * Selected text from another message sometimes included in a reply
  * No authorisation prompt displayed when inserting image into email
    body although image URL requires authentication
  * Large attachments taking a long time to open under some circumstances
  security
  Security fixes from Gecko 52.3esr
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=382
2017-08-16 19:17:30 +00:00
Wolfgang Rosenauer
9c1bac3491 Accepting request 515837 from home:Andreas_Schwab:Factory
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext

OBS-URL: https://build.opensuse.org/request/show/515837
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=381
2017-08-10 06:56:53 +00:00
Wolfgang Rosenauer
a6a4f44e7b Accepting request 506827 from home:Guillaume_G:branches:mozilla:Factory
Remove the --disable-neon option as it is not available anymore.

OBS-URL: https://build.opensuse.org/request/show/506827
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=379
2017-06-29 09:32:34 +00:00
Wolfgang Rosenauer
1b6e938d0c - update to Thunderbird 52.2.1
* Problems with Gmail fixed (folders not showing, repeated email
    download, etc.) introduced in version 52.2.0. (boo#1045895)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=378
2017-06-26 05:17:01 +00:00
Wolfgang Rosenauer
d85085e956 - update to Thunderbird 52.2 (boo#1043960)
* Embedded images not shown in email received from Hotmail/Outlook
    webmailer
  * Detection of non-ASCII font names in font selector
  * Attachment not forwarded correctly under certain circumstances
  * Multiple requests for master password when GMail OAuth2 is enabled
  * Large number of blank pages being printed under certain
    circumstances when invalid preferences were present
  * Messages sent via the Simple MAPI interface are forced to HTML
  * Calendar: Invitations can't be printed
  * Mailing list (group) not accessible from macOS or Outlook address book
  * Clicking on links with references/anchors where target doesn't
    exist in the message not opening in external browser
  MFSA 2017-17
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=376
2017-06-15 11:08:05 +00:00
Wolfgang Rosenauer
a1880e072f - remove legacy -Os optimization breaking gcc7/i586 (boo#1042090)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=374
2017-06-04 07:32:08 +00:00
Wolfgang Rosenauer
84d1aa88aa - explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
with gcc7 (boo#1040105, boo#1042090)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=370
2017-06-01 06:10:49 +00:00
Wolfgang Rosenauer
c8307ea894 - update to Thunderbird 52.1.1
* fixed crash when compacting IMAP folder (boo#1038753)
  * Some attachments could not be opened or saved if the message
    body is empty
  * Unable to load full message via POP if message was downloaded
    partially (or only headers) before
  * Large attachments may not be shown or saved correctly if the
    message is stored in an IMAP folder which is not synchronized
    for offline use

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=367
2017-05-15 20:50:25 +00:00
Wolfgang Rosenauer
7301b54ab6 - update to Thunderbird 52.1.0
* Background images not working and other issues related to
    embedded images when composing email have been fixed
  * Google Oauth setup can sometimes not progress to the next step
  * requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=365
2017-05-02 07:59:46 +00:00
Wolfgang Rosenauer
55377bc24a - require libffi explicitely to fix PPC64LE build where a system
library is required

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=364
2017-04-19 09:45:54 +00:00
Wolfgang Rosenauer
cb96a9588a Accepting request 489077 from home:AndreasStieger:branches:mozilla:Factory
Adding changelog entries for 52:

- security fixes (bsc#1028391, MFSA 2017-09):
  In general, these flaws cannot be exploited through email because
  scripting is disabled when reading mail, but are potentially
  risks in browser or browser-like contexts.
  * CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
  * CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
  * CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
  * CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186)
  * CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138)
  * CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890)
  * CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622)
  * CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687)
  * CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711)
  * CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
  * CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504)
  * CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370)
  * CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
  * CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
  * CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876)
  * CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243)
  * CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
  * CVE-2017-5421: Print preview spoofing (bmo#1301876)
  * CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002)
  * CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
  * CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8

OBS-URL: https://build.opensuse.org/request/show/489077
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=363
2017-04-18 12:03:08 +00:00
Wolfgang Rosenauer
8699f618bd - update to Thunderbird 52.0.1
* Clicking on a link in an email may not open this link in the
    external browser
  * addon blocklist updates
- enable ALSA for systems w/o PA

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=362
2017-04-17 12:52:44 +00:00
Wolfgang Rosenauer
2fb682c18e - use Gtk3 for Tumbleweed
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=361
2017-04-02 21:31:26 +00:00
Wolfgang Rosenauer
5894d6fffd Accepting request 483796 from home:AndreasStieger:branches:mozilla:Factory
- fix build on Leap and Tumbleweed
- take tarball from release tag
- adjust mozilla-kde.patch to match

OBS-URL: https://build.opensuse.org/request/show/483796
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=360
2017-04-02 21:22:13 +00:00
Wolfgang Rosenauer
9d47ba1d60 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=359 2017-03-22 13:30:37 +00:00
Wolfgang Rosenauer
d6fa566d17 - update to Thunderbird 52.0
* Optionally remove corresponding data files when removing an account
  * Possibility to copy message filter
  * Calendar: Event can now be created and edited in a tab
  * Calendar: Processing of received invitation counter proposals
  * Chat: Support Twitter Direct Messages
  * Chat: Liking and favoriting in Twitter
  * Chat: Removed Yahoo! Messenger support
  * serveral bugfixes
- removed obsolete patches
  * mozilla-aarch64-48bit-va.patch
  * mozilla-binutils-visibility.patch
  * mozilla-flex_buffer_overrun.patch
  * mozilla-gcc6.patch
- added generic mozilla patches
  * mozilla-aarch64-startup-crash.patch
- require newer versions of NSPR and NSS

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=358
2017-03-18 21:27:55 +00:00
Wolfgang Rosenauer
e3be4ae3e0 - update to Thunderbird 45.8.0 (boo#1028391)
* MFSA 2017-07
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
                   (bmo#1334933)
    CVE-2017-5401: Memory Corruption when handling ErrorResult
                   (bmo#1328861)
    CVE-2017-5402: Use-after-free working with events in FontFace
                   objects (bmo#1334876)
    CVE-2017-5404: Use-after-free working with ranges in selections
                   (bmo#1340138)
    CVE-2017-5407: Pixel and history stealing via floating-point
                   timing side channel with SVG filters (bmo#1336622)
    CVE-2017-5410: Memory corruption during JavaScript garbage
                   collection incremental sweeping (bmo#1330687)
    CVE-2017-5408: Cross-origin reading of video captions in violation
                   of CORS (bmo#1313711)
    CVE-2017-5405: FTP response codes can cause use of
                   uninitialized values for ports (bmo#1336699)
    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
                   Firefox ESR 45.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=355
2017-03-09 16:34:03 +00:00
Wolfgang Rosenauer
ea8836e41b - update to Thunderbird 45.8.0
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=354
2017-03-08 14:16:14 +00:00
Wolfgang Rosenauer
85695aab79 - update to Thunderbird 45.7.1
* fixed Crash when viewing certain IMAP messages (introduced in 45.7.0)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=352
2017-02-09 10:45:25 +00:00
Wolfgang Rosenauer
9af44ffd70 Accepting request 452925 from home:AndreasStieger:branches:mozilla:Factory
Adjust CVE list as perMFSA 2017-03

OBS-URL: https://build.opensuse.org/request/show/452925
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=350
2017-01-27 13:27:58 +00:00
Wolfgang Rosenauer
cd4d95cddf - update to Thunderbird 45.7.0
* Message preview pane non-functional after IMAP folder was renamed
    or moved
  * "Move To" button on "Search Messages" panel not working
  * Message sent to "undisclosed recipients" shows no recipient
    (non-functional since Thunderbird version 38)
  * MFSA 2017-02 (Gecko 45.7.0)
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)
    CVE-2017-5383: Location bar spoofing with unicode characters
                   (bmo#1323338, bmo#1324716, boo#1021822)
    CVE-2017-5386: WebExtensions can use data: protocol to affect other
                   extensions (bmo#1319070, boo#1021823)
    CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
                   Firefox ESR 45.7 (boo#1021824)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=349
2017-01-25 10:46:35 +00:00
Wolfgang Rosenauer
329b61bb18 * The system integration dialog was shown every time when starting
Thunderbird
  * MFSA 2016-96
    CVE-2016-9899: Use-after-free while manipulating DOM events and
                   audio elements (bmo#1317409)
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
    CVE-2016-9898: Use-after-free in Editor while manipulating DOM
                   subtrees (bmo#1314442)
    CVE-2016-9900: Restricted external resources can be loaded by
                   SVG images through data URLs (bmo#1319122)
    CVE-2016-9904: Cross-origin information leak in shared atoms
                   (bmo#1317936)
    CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985)
    CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=347
2016-12-29 08:33:54 +00:00
Wolfgang Rosenauer
fc422ca055 - update to Thunderbird 45.6.0 (boo#1015422)
CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=345
2016-12-16 13:14:25 +00:00
Wolfgang Rosenauer
eb2ff4df0b Accepting request 443018 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Thunderbird 45.5.1:
  * CVE-2016-9079: SVG Animation Remote Code Execution
                   (MFSA 2016-92, bsc#1012964, bmo#1321066)

OBS-URL: https://build.opensuse.org/request/show/443018
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=343
2016-12-01 17:32:58 +00:00
Wolfgang Rosenauer
d0c08cd8c9 Accepting request 440956 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Thunderbird 45.5.0 (boo#1009026)

OBS-URL: https://build.opensuse.org/request/show/440956
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=341
2016-11-19 14:26:56 +00:00
Wolfgang Rosenauer
fa72463659 - update to Thunderbird 45.4.0 (boo#999701)
* Display name was truncated if no separating space before email
    address.
  * Recipient addresses were shown in wrong color in some circumstances.
  * Additional spaces were inserted when drafts were edited.
  * Mail saved as template copied In-Reply-To and References from
    original email.
  * Threading broken when editing message draft, due to loss of Message-ID
  * "Apply columns to..." did not honor special folders

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=339
2016-10-01 18:21:17 +00:00
Wolfgang Rosenauer
f478d3d254 Accepting request 423866 from home:AndreasStieger:branches:mozilla:Factory
Use upstream versioning scheme - append .0

OBS-URL: https://build.opensuse.org/request/show/423866
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=337
2016-08-31 06:57:06 +00:00
Wolfgang Rosenauer
e77528174a - update to Thunderbird 45.3 (boo#991809)
* Disposition-Notification-To could not be used in
    mail.compose.other.header
  * "edit as new message" on a received message pre-filled the sender
    as the composing identity.
  * Certain messages caused corruption of the drafts summary database.
  security fixes:
  * MFSA 2016-62/CVE-2016-2836
    Miscellaneous memory safety hazards
  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
    Favicon network connection can persist when page is closed
  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
    Buffer overflow rendering SVG with bidirectional content
  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
    Stack underflow during 2D graphics rendering
  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
    Use-after-free when using alt key and toplevel menus
  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
    Use-after-free in DTLS during WebRTC session shutdown
  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
    Use-after-free in service workers with nested sync events
  * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
    Scripts on marquee tag can execute in sandboxed iframes
  * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
    Buffer overflow in ClearKey Content Decryption Module (CDM)
    during video playback
  * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
    Type confusion in display transformation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=336
2016-08-30 14:03:54 +00:00
Wolfgang Rosenauer
16ad6788d3 Accepting request 417429 from home:pcerny:mozilla:Factory
flex hotfix - changelog update

OBS-URL: https://build.opensuse.org/request/show/417429
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=334
2016-08-08 09:15:17 +00:00
Wolfgang Rosenauer
d81c4a7fc9 Accepting request 417133 from home:pcerny:mozilla:Factory
flex hotfix

OBS-URL: https://build.opensuse.org/request/show/417133
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=333
2016-08-05 19:12:21 +00:00
Wolfgang Rosenauer
0e16848923 Accepting request 412542 from home:Mailaender:branches:mozilla:Factory
added a screenshot for the upcoming software.opensuse.org changes

OBS-URL: https://build.opensuse.org/request/show/412542
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=331
2016-07-21 20:54:18 +00:00
Wolfgang Rosenauer
163d55c56a Accepting request 407284 from home:AndreasStieger:branches:mozilla:Factory
add CVEs

OBS-URL: https://build.opensuse.org/request/show/407284
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=329
2016-07-08 13:23:10 +00:00
Wolfgang Rosenauer
e6dba6284a Accepting request 406885 from home:AndreasStieger:branches:mozilla:Factory
build fix

OBS-URL: https://build.opensuse.org/request/show/406885
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=328
2016-07-06 12:33:21 +00:00
Wolfgang Rosenauer
be6d7c004a - update to Thunderbird 45.2 (boo#983549)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=326
2016-06-30 09:53:29 +00:00
Wolfgang Rosenauer
12225ae415 - mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2 (boo#984637)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=325
2016-06-24 14:11:32 +00:00
Wolfgang Rosenauer
c29742319f - build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
as long as underlying issues have been addressed upstream
  (boo#986162)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=323
2016-06-23 14:40:05 +00:00
Wolfgang Rosenauer
7e7d69ebc9 Accepting request 401908 from home:algraf:branches:mozilla:Factory
- Fix running on 48bit va aarch64 (bsc#984126)
  - Add patch mozilla-aarch64-48bit-va.patch

OBS-URL: https://build.opensuse.org/request/show/401908
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=322
2016-06-14 19:47:55 +00:00
Wolfgang Rosenauer
e6a17911a5 - update to Thunderbird 45.1.1
* When entering members into a mailing list, the enter key
    dismissed the panel instead of just moving onto the next line
  * Email without HTML elements was sent as HTML, despite
    "Delivery Format: Auto-detect" option
  * Options applied to a template were lost when the template was used
  * Contacts could not be deleted when they were found through a search
  * Views from global searches did not respect
    "mail.threadpane.use_correspondents"

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=320
2016-05-31 08:09:00 +00:00
Wolfgang Rosenauer
e2e9d6aec1 Accepting request 398081 from home:badshah400:branches:mozilla:Factory
Fixed builds for TB the same way, applying the patches unconditionally. Again, sorry for breaking stuff earlier.

OBS-URL: https://build.opensuse.org/request/show/398081
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=319
2016-05-26 05:55:57 +00:00
Wolfgang Rosenauer
825fd5282e Accepting request 397789 from home:badshah400:branches:openSUSE:Factory:Rings:2-TestDVD
Add patches to fix building against gcc >= 6

OBS-URL: https://build.opensuse.org/request/show/397789
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=318
2016-05-25 07:19:28 +00:00
Wolfgang Rosenauer
9192f70485 Accepting request 395139 from home:dimstar:Factory
- Copy the icons to /usr/share/icons instead of symlinking them:
  in preparation for containerized apps (e.g. xdg-app) as well as
  AppStream metadata extraction, there are a couple locations that
  need to be real files for system integration (.desktop files,
  icons, mime-type info).

- The exact same fix was done in MozillaFirefox in March 2015

OBS-URL: https://build.opensuse.org/request/show/395139
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=316
2016-05-17 06:38:09 +00:00
Wolfgang Rosenauer
bde1e0ee1f - update to Thunderbird 45.1.0 (boo#977333)
* MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376)
    Miscellaneous memory safety hazards
  in this particular case (i.e. do not pass
- update to Thunderbird 45.0 (boo#969894)
  * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
    Out-of-bounds read in HTML parser following a failed allocation
  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
    Buffer overflow during ASN.1 decoding in NSS
    (fixed by requiring 3.21.1)
  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
    Use-after-free during processing of DER encoded keys in NSS

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=315
2016-05-13 05:36:32 +00:00
Wolfgang Rosenauer
f244ebf410 - For openSUSE > 13.2, the build fails for i586 as it goes out of
memory. Prevent this from happening by disabing parallel build
  in this particular case (i.e. do not pass 
  mk_add_options MOZ_MAKE_FLAGS%{?jobs:-j%jobs}).

- update to Thunderbird 45.0
  * Add a Correspondents column combining Sender and Recipient
  * Much better support for XMPP chatrooms and commands
  * Remote content exceptions: Improved options to add exceptions
  * Implement option to always use HTML formatting to prevent
    unexpected format loss when converting messages to plain text
  * Use OpenStreetmap for maps (even allow the user to choose from
    list of map services)
  * Allow spell checking and dictionary selection in the subject line
  * Allow editing of From when composing a message
  * Add dropdown in compose to allow specific setting of font size
  * Return/Enter in composer will now insert a new paragraph by
    default (shift-Enter will insert a line break)
  * Allow copying of name and email address from the message header
    of an email
  * Mail.ru supports OAuth authentication

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=314
2016-04-30 13:53:52 +00:00
Wolfgang Rosenauer
c7c14f778a Accepting request 385776 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 38.7.2

OBS-URL: https://build.opensuse.org/request/show/385776
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=312
2016-04-07 20:21:42 +00:00
Wolfgang Rosenauer
96f5c06ecf - update to Thunderbird 38.7.1
* disabled Graphite font shaping library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=310
2016-03-25 20:24:23 +00:00
Wolfgang Rosenauer
df5751d33a - update to Thunderbird 38.7.0 (boo#969894)
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using performance.getEntries and
    history navigation
  * MFSA 2016-16/CVE-2016-1952
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property
  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
    Memory corruption with malicious NPAPI plugin
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=308
2016-03-15 15:00:26 +00:00
Wolfgang Rosenauer
35e3b574dc Accepting request 361907 from home:AndreasStieger:branches:mozilla:Factory
adjust _constraints to current peak build memory and disk usage

OBS-URL: https://build.opensuse.org/request/show/361907
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=306
2016-02-26 20:59:10 +00:00
Wolfgang Rosenauer
2c46f24181 - update to Thunderbird 38.6.0 (boo#963520)
* Filters ran on a different folder than selected
  * MFSA 2016-01/CVE-2016-1930
    Miscellaneous memory safety hazards
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=304
2016-02-13 22:43:38 +00:00
Wolfgang Rosenauer
357946612d Accepting request 355724 from home:olh:branches:mozilla:Factory
- Using -g for CFLAGS is controlled via project settings, it should
  not be enforced by the mozilla buildsystem.

OBS-URL: https://build.opensuse.org/request/show/355724
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=302
2016-01-26 06:33:46 +00:00
Wolfgang Rosenauer
7116c1cc9d Accepting request 354473 from home:olh:branches:mozilla:Factory
- Add build conditionals for valgrind and -Os
- Convert existing conditions for kde to bcond

OBS-URL: https://build.opensuse.org/request/show/354473
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=300
2016-01-19 10:28:29 +00:00
Wolfgang Rosenauer
d3c64bdb3b - update to Thunderbird 38.5.1
* requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
- explicitely require libXcomposite-devel

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=299
2015-12-30 08:16:54 +00:00
Wolfgang Rosenauer
4ced64011d - update to Thunderbird 38.5.0 (bnc#959277)
* MFSA 2015-134/CVE-2015-7201
    Miscellaneous memory safety hazards
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
    Underflow through code inspection
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
    Integer overflow in MP4 playback in 64-bit versions
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
    Integer underflow and buffer overflow processing MP4 metadata in
    libstagefright
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
    Cross-site reading attack through data and view-source URIs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=297
2015-12-23 20:10:39 +00:00
Wolfgang Rosenauer
f3c23e58a5 - update to Thunderbird 38.4.0 (bnc#952810)
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR 4.10.10 and NSS 3.19.2.1
- added explicit appdata provides (bnc#952325)
--------------------------------------------------------------------

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=295
2015-11-24 07:57:32 +00:00
Wolfgang Rosenauer
536fa4ffa1 Accepting request 336538 from devel:ARM:Factory
- fix build on aarch64 by reusing the crashreporter conditional
  from MozillaFirefox

- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration

OBS-URL: https://build.opensuse.org/request/show/336538
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=293
2015-10-05 15:42:43 +00:00
Wolfgang Rosenauer
73325deeb2 - update to Thunderbird 38.3.0 (bnc#947003)
* MFSA 2015-96/CVE-2015-4500
    Miscellaneous memory safety hazards
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=292
2015-09-30 11:27:49 +00:00
Wolfgang Rosenauer
0c573ffde9 - update to Thunderbird 38.2.0 (bnc#940806)
* MFSA 2015-79/CVE-2015-4473
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)
  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
    Crash when using shared memory in JavaScript
  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
    Heap overflow in gdk-pixbuf when scaling bitmap images
  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
    Buffer overflows on Libvpx when decoding WebM video
  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
    Vulnerabilities found through code inspection
  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
    Use-after-free in XMLHttpRequest with shared workers

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=290
2015-08-17 19:13:54 +00:00
Wolfgang Rosenauer
87a77ac520 the provided feature seems not to be used and its maintenance
is not worth the ongoing efforts
- tb-develdirs.patch is now mozilla-develdirs.patch as it is a
  platform configuration now

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=288
2015-07-13 13:23:20 +00:00
Wolfgang Rosenauer
ee16cb9334 - update to Thunderbird 38.1.0 (bnc#935979)
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725
    Miscellaneous memory safety hazards
  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
    Local files or privileged URLs in pages can be opened into new tabs
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
    Out-of-bound read while computing an oscillator rendering range in Web Audio
  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
    Use-after-free in Content Policy due to microtask execution error
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
    Vulnerabilities found through code inspection
  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
    Key pinning is ignored when overridable errors are encountered
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
    Privilege escalation in PDF.js
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
    NSS accepts export-length DHE keys with regular DHE cipher suites
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
    NSS incorrectly permits skipping of ServerKeyExchange
    (this fix is shipped by NSS 3.19.1 externally)
- requires NSS 3.19.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=287
2015-07-12 19:36:20 +00:00
Wolfgang Rosenauer
c16dd81a2f - update to Thunderbird 38.0.1
* includes Lightning as default extension
- rebased patches
- removed obsolete patches:
  * mozilla-ppc.patch
  * mozilla-nullptr-gcc45.patch
  * mozilla-bug1024492.patch
- dropped openSUSE specific patches
  * thunderbird-shared-nss-db.patch
  * mozilla-shared-nss-db.patch
  the provided feature seems not to be used and its maintenance
  is not worth the ongoing efforts

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=286
2015-06-21 11:26:59 +00:00
Wolfgang Rosenauer
c6fe02a4b9 Accepting request 309059 from home:dirkmueller:branches:mozilla:Factory
- add mozilla-bug1024492.patch:
  * Fixes build against GCC 5.x

OBS-URL: https://build.opensuse.org/request/show/309059
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=284
2015-05-29 06:59:35 +00:00
Wolfgang Rosenauer
31dfd780c3 - update to Thunderbird 31.7.0 (bnc#930622)
* MFSA 2015-46/CVE-2015-2708
    Miscellaneous memory safety hazards
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
    Buffer overflow parsing H.264 video with Linux Gstreamer
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
    Buffer overflow with SVG content and CSS
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
    Use-after-free during text processing with vertical text enabled
  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
    Buffer overflow when parsing compressed XML
  * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
    Privilege escalation through IPC channel messages

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=282
2015-05-15 07:51:09 +00:00
Wolfgang Rosenauer
825432ec5c - update to Thunderbird 31.7.0 (bnc#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=281
2015-05-10 18:18:29 +00:00
Wolfgang Rosenauer
62f2afc69d - update to Thunderbird 31.6.0 (bnc#925368)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=279
2015-04-01 11:32:39 +00:00
Wolfgang Rosenauer
38bddc9630 - update to Thunderbird 31.6.0 (bnc#)
* MFSA 2015-30/CVE-2015-0815
    Miscellaneous memory safety hazards
  * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
    Use-after-free when using the Fluendo MP3 GStreamer plugin
  * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
    resource:// documents can load privileged pages
  * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
    CORS requests should not follow 30x redirections after preflight
  * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
    Same-origin bypass through anchor navigation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=278
2015-04-01 08:39:28 +00:00
Wolfgang Rosenauer
c8437f581e * MFSA 2015-11/CVE-2015-0836
Miscellaneous memory safety hazards
  * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
    Invoking Mozilla updater will load locally stored DLL files
    (Windows only)
  * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
    Use-after-free in IndexedDB
  * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
    Out-of-bounds read and write while rendering SVG content
  * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
    Reading of local files through manipulation of form autocomplete

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=276
2015-02-25 06:21:26 +00:00
Wolfgang Rosenauer
7348dc708d - update to Thunderbird 31.5.0 (bnc#917597)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=275
2015-02-23 20:56:52 +00:00
Wolfgang Rosenauer
fc87750066 * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
  * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
    sendBeacon requests lack an Origin header
  * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
    Cookie injection through Proxy Authenticate responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=273
2015-01-15 06:21:00 +00:00
Wolfgang Rosenauer
f64cbe5d63 - update to Thunderbird 31.4.0 (bnc#910669)
- added mozilla-icu-strncat.patch to fix post build checks

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=272
2015-01-14 19:25:33 +00:00
Wolfgang Rosenauer
ec608e1657 - update to Thunderbird 31.3.0 (bnc#908009)
* MFSA 2014-83/CVE-2014-1587
    Miscellaneous memory safety hazards
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=270
2014-12-03 06:49:38 +00:00
Wolfgang Rosenauer
31a07683a7 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=269 2014-11-19 22:03:23 +00:00
Wolfgang Rosenauer
662abdc59c Accepting request 262389 from home:Ledest:bashisms
fix mozilla.sh script after previous commit

OBS-URL: https://build.opensuse.org/request/show/262389
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=268
2014-11-19 22:02:44 +00:00
Wolfgang Rosenauer
ab381eff50 Accepting request 261959 from home:Ledest:bashisms
fix bashism in mozilla.sh script

OBS-URL: https://build.opensuse.org/request/show/261959
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=267
2014-11-17 17:55:33 +00:00
Wolfgang Rosenauer
2e705fc3de Accepting request 259595 from home:Guillaume_G:branches:mozilla:Factory
Fix ARM (armv7) build

OBS-URL: https://build.opensuse.org/request/show/259595
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=265
2014-11-04 11:16:51 +00:00
Wolfgang Rosenauer
ad6b799fda - remove add-plugins.sh and use /usr/share/myspell directly
(bnc#900639)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=262
2014-10-25 18:41:53 +00:00
Wolfgang Rosenauer
80abd4cdc4 - added basic appdata definition
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=260
2014-10-15 05:48:06 +00:00
Wolfgang Rosenauer
dbaafc6809 - added basic appdata definition
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=259
2014-10-14 21:45:11 +00:00
Wolfgang Rosenauer
a2bcb59d79 * MFSA 2014-74/CVE-2014-1574
Miscellaneous memory safety hazards
  * MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
    Buffer overflow during CSS manipulation
  * MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
    Web Audio memory corruption issues with custom waveforms
  * MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
    Out-of-bounds write with WebM video
  * MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
    Use-after-free interacting with text directionality
  * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
    Inconsistent video sharing within iframe

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=258
2014-10-14 18:20:37 +00:00
Wolfgang Rosenauer
8be0913675 - update to Thunderbird 31.2.0 (bnc#900941)
- update to Thunderbird 31.1.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=257
2014-10-13 22:15:01 +00:00
Wolfgang Rosenauer
0c910e791b - update to Thunderbird 31.1.1
* Fixed an issue where mailing lists with spaces in their names
    couldn't be autocompleted (bmo#1060901)
  * Fixed an occasional startup crash (bmo#1005336)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=256
2014-09-13 15:34:56 +00:00
Wolfgang Rosenauer
1ec46892a7 * MFSA 2014-67/CVE-2014-1553/CVE-2014-1562
Miscellaneous memory safety hazards
  * MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
    Use-after-free during DOM interactions with SVG
  * MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
    Uninitialized memory use during GIF rendering
  * MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
    Out-of-bounds read in Web Audio audio timeline
  * MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
    Use-after-free setting text directionality

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=254
2014-09-02 18:10:58 +00:00
Wolfgang Rosenauer
e1274896ec - update to Thunderbird 31.1.0 (bnc#894370)
- added mozilla-nullptr-gcc45.patch to build on gcc 4.5 dists
  (e.g. openSUSE 11.4)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=253
2014-09-01 11:17:01 +00:00
Wolfgang Rosenauer
c34ff70793 - update to Thunderbird 31.0
* based on Gecko 31
  * Autocompleting email addresses now matches against any part of
    the name or email
  * Composing a mail to a newsgroup will now autocomplete newsgroup
    names
  * Insecure NTLM (pre-NTLMv2) authentication disabled
- rebased patches
- removed enigmail entirely from source package
- removed obsolete patches
  * libffi-ppc64le.patch
  * ppc64le-support.patch
  * xpcom-ppc64le.patch
- use GStreamer 1.0 after 13.1
- switched source archives to use xz instead of bz2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=251
2014-07-28 13:29:31 +00:00
Wolfgang Rosenauer
3eeadca128 * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
  * MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
    Use-after-free with FireOnStateChange event
  * MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
    Exploitable WebGL crash with Cesium JavaScript library
  * MFSA 2014-63/CVE-2014-1544 (bmo#963150)
    Use-after-free while when manipulating certificates in the trusted cache
    (solved with NSS 3.16.2 requirement)
  * MFSA 2014-64/CVE-2014-1557 (bmo#913805)
    Crash in Skia library when scaling high quality images

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=249
2014-07-23 05:20:48 +00:00
Wolfgang Rosenauer
4f3d1309a5 - update to Thunderbird 24.7.0 (bnc#887746)
- disabled enigmail build as with version 1.7 it's a standalone
  source package

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=248
2014-07-21 14:54:52 +00:00
Wolfgang Rosenauer
fbc02620d0 - update to Thunderbird 24.6.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
    (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
     bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
     bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
     bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
     bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
     bmo#1009952, bmo#1011007)
    Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
  * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
    (bmo#989994, bmo#999274, bmo#1005584)
    Use-after-free and out of bounds issues found using Address Sanitizer
  * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
    Use-after-free with SMIL Animation Controller
  * MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
    Out of bounds write in NSPR
- require NSPR 4.10.6 because of MFSA 2014-55/CVE-2014-1545

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=246
2014-06-11 11:43:13 +00:00
Wolfgang Rosenauer
de01ebd834 - update to Thunderbird 24.5.0 (bnc#875378)
* MFSA 2014-34/CVE-2014-1518
    Miscellaneous memory safety hazards
  * MFSA 2014-37/CVE-2014-1523 (bmo#969226)
    Out of bounds read while decoding JPG images
  * MFSA 2014-38/CVE-2014-1524 (bmo#989183)
    Buffer overflow when using non-XBL object as XBL
  * MFSA 2014-42/CVE-2014-1529 (bmo#987003)
    Privilege escalation through Web Notification API
  * MFSA 2014-43/CVE-2014-1530 (bmo#895557)
    Cross-site scripting (XSS) using history navigations
  * MFSA 2014-44/CVE-2014-1531 (bmo#987140)
    Use-after-free in imgLoader while resizing images
  * MFSA 2014-46/CVE-2014-1532 (bmo#966006)
    Use-after-free in nsHostResolver
- use shipped-locales as the authoritative source for supported
  locales (some unsupported locales disappear from -other package)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=244
2014-04-29 21:51:52 +00:00
Wolfgang Rosenauer
f37602b132 - update to Thunderbird 24.4.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
    Miscellaneous memory safety hazards
  * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
    Out of bounds read during WAV file decoding
  * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
    Information disclosure through polygon rendering in MathML
  * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
    Memory corruption in Cairo during PDF font rendering
  * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
    SVG filters information disclosure through feDisplacementMap
  * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
    Privilege escalation using WebIDL-implemented APIs
  * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
    Use-after-free in TypeObject
  * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
    Out-of-bounds read/write through neutering ArrayBuffer objects
  * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
    Out-of-bounds write through TypedArrayObject after neutering

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=242
2014-03-18 22:12:49 +00:00
Wolfgang Rosenauer
53c275cf9a * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
  * MFSA 2014-02/CVE-2014-1479 (bmo#911864)
    Clone protected content with XBL scopes
  * MFSA 2014-04/CVE-2014-1482 (bmo#943803)
    Incorrect use of discarded images by RasterImage
  * MFSA 2014-08/CVE-2014-1486 (bmo#942164)
    Use-after-free with imgRequestProxy and image proccessing
  * MFSA 2014-09/CVE-2014-1487 (bmo#947592)
    Cross-origin information leak through web workers
  * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
    (bmo#934545, bmo#930874, bmo#930857)
    NSS ticket handling issues
  * MFSA 2014-13/CVE-2014-1481(bmo#936056)
    Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=240
2014-02-05 06:05:50 +00:00
Wolfgang Rosenauer
929740e2de - update to Thunderbird 24.3.0 (bnc#861847)
* requires NSS 3.15.4
- renamed ppc64le patches to streamline with Firefox package

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=237
2014-02-03 16:33:09 +00:00
Wolfgang Rosenauer
47b36852f5 Accepting request 211249 from openSUSE:Factory:PowerLE
- Add support for powerpc64le-linux.
  * ppc64le-support.patch: general support
  * libffi-ppc64le.patch: libffi backport
  * xpcom-ppc64le.patch: port xpcom

OBS-URL: https://build.opensuse.org/request/show/211249
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=235
2014-01-02 21:34:06 +00:00
Wolfgang Rosenauer
f85086f38b - update to Thunderbird 24.2.0 (bnc#854370)
* requires NSS 3.15.3.1 or higher
  * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
    Miscellaneous memory safety hazards
  * MFSA 2013-108/CVE-2013-5616 (bmo#938341)
    Use-after-free in event listeners
  * MFSA 2013-109/CVE-2013-5618 (bmo#926361)
    Use-after-free during Table Editing
  * MFSA 2013-111/CVE-2013-6671 (bmo#930281)
    Segmentation violation when replacing ordered list elements
  * MFSA 2013-113/CVE-2013-6673 (bmo#970380)
    Trust settings for built-in roots ignored during EV certificate
    validation
  * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
    Use-after-free in synthetic mouse movement
  * MFSA 2013-115/CVE-2013-5615 (bmo#929261)
    GetElementIC typed array stubs can be generated outside observed
    typesets
  * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
    JPEG information leak
  * MFSA 2013-117 (bmo#946351)
    Mis-issued ANSSI/DCSSI certificate
    (fixed via NSS 3.15.3.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=233
2013-12-11 09:07:36 +00:00
Wolfgang Rosenauer
d19b8513af - update to Thunderbird 24.1.1
* requires NSPR 4.10.2 and NSS 3.15.3 for security reasons
  * fix binary compatibility issues for patch level updates
    (bmo#927073)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=231
2013-11-29 15:06:11 +00:00
Wolfgang Rosenauer
aceee89f9e - update to Thunderbird 24.1.0 (bnc#847708)
* requires NSS 3.15.2 or above
  * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
    Miscellaneous memory safety hazards
  * MFSA 2013-94/CVE-2013-5593 (bmo#868327)
    Spoofing addressbar through SELECT element
  * MFSA 2013-95/CVE-2013-5604 (bmo#914017)
    Access violation with XSLT and uninitialized data
  * MFSA 2013-96/CVE-2013-5595 (bmo#916580)
    Improperly initialized memory and overflows in some JavaScript
    functions
  * MFSA 2013-97/CVE-2013-5596 (bmo#910881)
    Writing to cycle collected object during image decoding
  * MFSA 2013-98/CVE-2013-5597 (bmo#918864)
    Use-after-free when updating offline cache
  * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
    (bmo#915210, bmo#915576, bmo#916685)
    Miscellaneous use-after-free issues found through ASAN fuzzing
  * MFSA 2013-101/CVE-2013-5602 (bmo#897678)
    Memory corruption in workers
  * MFSA 2013-102/CVE-2013-5603 (bmo#916404)
    Use-after-free in HTML document templates

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=229
2013-10-30 15:23:59 +00:00
Wolfgang Rosenauer
db13379b32 - update to Thunderbird 24.0.1
* fqdn for smtp server name was not accepted (bmo#913785)
  * fixed crash in PL_strncasecmp (bmo#917955)
- update Enigmail to 1.6
  * The passphrase timeout configuration in Enigmail is now read and
    written from/to gpg-agent.
  * New dialog to change the expiry date of keys
  * New function to search for the OpenPGP keys of all Address Book
    entries on a keyserver
  * removed obsolete enigmail-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=227
2013-10-12 20:10:48 +00:00
Wolfgang Rosenauer
7cf4c28e1a * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
Miscellaneous memory safety hazards
  * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
    Improper state in HTML5 Tree Builder with templates
  * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
    Use-after-free in Animation Manager during stylesheet cloning
  * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
    NativeKey continues handling key messages after widget is destroyed
  * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
    Use-after-free with select element
  * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
    Calling scope for new Javascript objects can lead to memory corruption
  * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
    Uninitialized data in IonMonkey
  * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
    Compartment mismatch re-attaching XBL-backed nodes
  * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
    Buffer overflow with multi-column, lists, and floats
  * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
    Memory corruption involving scrolling
  * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
    User-defined properties on DOM proxies get the wrong "this" object
  * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
    GC hazard with default compartments and frame chain restoration

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=224
2013-09-17 19:11:47 +00:00
Wolfgang Rosenauer
89a6be5456 - moved greek to common translation package
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=223
2013-09-16 15:36:59 +00:00
Wolfgang Rosenauer
1cbaa007b0 - update to Thunderbird 24.0 (bnc#840485)
- require NSPR 4.10 and NSS 3.15.1
- add GStreamer build requirements for Gecko
- added enigmail-build.patch to fix TB packaging (bmo#886095)
- removed obsolete patches:
  * enigmail-old-gcc.patch
  * mozilla-gcc43-enums.patch
  * mozilla-gcc43-template_hacks.patch
  * mozilla-gcc43-templates_instantiation.patch
  * ppc-xpcshell.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=222
2013-09-16 09:26:56 +00:00
Wolfgang Rosenauer
ffa346f8d7 - update to Thunderbird 17.0.8 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701
    Miscellaneous memory safety hazards
  * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
    Document URI misrepresentation and masquerading
  * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
    CRMF requests allow for code execution and XSS attacks
  * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
    Wrong principal used for validating URI for some Javascript
    components
  * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
    Same-origin bypass with web workers and XMLHttpRequest
  * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
    Local Java applets may read contents of local file system

- update Enigmail to 1.5.2
  * bugfix release

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=220
2013-08-07 12:03:36 +00:00
Wolfgang Rosenauer
ec481f916a * MFSA 2013-49/CVE-2013-1682
Miscellaneous memory safety hazards
  * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
    Memory corruption found using Address Sanitizer
  * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
    Privileged content access and execution via XBL
  * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
    Execution of unmapped memory through onreadystatechange event
  * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
    Data in the body of XHR HEAD requests leads to CSRF attacks
  * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
    SVG filters can lead to information disclosure
  * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
    PreserveWrapper has inconsistent behavior
  * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
    XrayWrappers can be bypassed to run user defined methods in a
    privileged context

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=218
2013-06-25 18:28:06 +00:00
Wolfgang Rosenauer
95589b0c33 - update to Thunderbird 17.0.7 (bnc#825935)
ppc-xpcshell.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=217
2013-06-24 10:39:40 +00:00
Wolfgang Rosenauer
24e9f33a57 Accepting request 177615 from home:k0da:ppc
- prevent xpc-shell crashing on powerpc
  ppc-xpcshell.patch

OBS-URL: https://build.opensuse.org/request/show/177615
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=215
2013-06-06 20:24:09 +00:00
Wolfgang Rosenauer
38480e2a5e - update to Thunderbird 17.0.6 (bnc#819204)
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
    Miscellaneous memory safety hazards
  * MFSA 2013-42/CVE-2013-1670 (bmo#853709)
    Privileged access for content level constructor
  * MFSA 2013-46/CVE-2013-1674 (bmo#860971)
    Use-after-free with video and onresize event
  * MFSA 2013-47/CVE-2013-1675 (bmo#866825)
    Uninitialized functions in DOMSVGZoomEvent
  * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
    CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
    Memory corruption found using Address Sanitizer

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=213
2013-05-14 18:37:41 +00:00
Wolfgang Rosenauer
985914c415 - update to Thunderbird 17.0.5 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
  * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
    Miscellaneous memory safety hazards
  * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
    Out-of-bounds write in Cairo library
  * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
    WebGL crash with Mesa graphics driver on Linux
  * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
    Bypass of SOW protections allows cloning of protected nodes
  * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
    Cross-site scripting (XSS) using timed history navigations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=211
2013-04-02 19:48:58 +00:00
Wolfgang Rosenauer
c1b9d6133d - update to Thunderbird 17.0.4 (bnc#808243)
* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
    Use-after-free in HTML Editor

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=209
2013-03-08 14:36:42 +00:00
Wolfgang Rosenauer
0ab598f59e - update to Thunderbird 17.0.3 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783
    Miscellaneous memory safety hazards
  * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
    Web content bypass of COW and SOW security wrappers
  * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
    Privacy leak in JavaScript Workers
  * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
    Use-after-free in nsImageLoadingContent
  * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
    Phishing on HTTPS connection through malicious proxy
  * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
    Use-after-free, out of bounds read, and buffer overflow issues
    found using Address Sanitizer

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=207
2013-02-19 19:47:44 +00:00
Wolfgang Rosenauer
56b2b57213 - update Enigmail to 1.5.1
* The release fixes the regressions found in the past few
    weeks

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=206
2013-02-11 08:28:05 +00:00
Wolfgang Rosenauer
03a97ef381 * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards
  * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
    CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
    Use-after-free and buffer overflow issues found using Address Sanitizer
  * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
    Buffer Overflow in Canvas
  * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
    URL spoofing in addressbar during page loads
  * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
    Use-after-free when displaying table with many columns and column groups
  * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
    Crash due to handling of SSL on threads
  * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
    AutoWrapperChanger fails to keep objects alive during garbage collection
  * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
    Compartment mismatch with quickstubs returned values
  * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
    Event manipulation in plugin handler to bypass same-origin policy
  * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
    Address space layout leaked in XBL objects
  * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
    Buffer overflow in Javascript string concatenation
  * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
    Memory corruption in XBL with XML bindings containing SVG
  * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
    Chrome Object Wrapper (COW) bypass through changing prototype
  * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
    Privilege escalation through plugin objects
  * MFSA 2013-16/CVE-2013-0753 (bmo#814001)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=204
2013-01-08 18:18:28 +00:00
Wolfgang Rosenauer
9bf273af7c - update to Thunderbird 17.0.2 (bnc#796895)
- update Enigmail to 1.5.0

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=203
2013-01-05 15:33:22 +00:00