Hello community,
here is the log from the commit of package MozillaThunderbird for
openSUSE:Factory checked in at 2017-05-03 15:53:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old)
and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird"
Wed May 3 15:53:31 2017 rev:177 rq:492468 version:52.1.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes
2017-03-13 15:30:46.409256223 +0100
+++
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new/MozillaThunderbird.changes
2017-05-03 15:53:32.739096445 +0200
@@ -1,0 +2,134 @@
+Mon May 1 08:52:52 UTC 2017 - [email protected]
+
+- update to Thunderbird 52.1.0
+ * Background images not working and other issues related to
+ embedded images when composing email have been fixed
+ * Google Oauth setup can sometimes not progress to the next step
+ * requires NSS >= 3.28.4
+- security fixes (boo#1035082), MFSA 2017-13
+ * CVE-2017-5443 (bmo#1342661)
+ Out-of-bounds write during BinHex decoding
+ * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
+ bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
+ Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
+ Firefox ESR 52.1
+ * CVE-2017-5464 (bmo#1347075)
+ Memory corruption with accessibility and DOM manipulation
+ * CVE-2017-5465 (bmo#1347617)
+ Out-of-bounds read in ConvolvePixel
+ * CVE-2017-5466 (bmo#1353975)
+ Origin confusion when reloading isolated data:text/html URL
+ * CVE-2017-5467 (bmo#1347262)
+ Memory corruption when drawing Skia content
+ * CVE-2017-5460 (bmo#1343642)
+ Use-after-free in frame selection
+ * CVE-2017-5461 (bmo#1344380)
+ Out-of-bounds write in Base64 encoding in NSS
+ * CVE-2017-5449 (bmo#1340127)
+ Crash during bidirectional unicode manipulation with animation
+ * CVE-2017-5446 (bmo#1343505)
+ Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+ * CVE-2017-5447 (bmo#1343552)
+ Out-of-bounds read during glyph processing
+ * CVE-2017-5444 (bmo#1344461)
+ Buffer overflow while parsing application/http-index-format content
+ * CVE-2017-5445 (bmo#1344467)
+ Uninitialized values used while parsing application/http-index-format
+ content
+ * CVE-2017-5442 (bmo#1347979)
+ Use-after-free during style changes
+ * CVE-2017-5469 (bmo#1292534)
+ Potential Buffer overflow in flex-generated code
+ * CVE-2017-5440 (bmo#1336832)
+ Use-after-free in txExecutionState destructor during XSLT processing
+ * CVE-2017-5441 (bmo#1343795)
+ Use-after-free with selection during scroll events
+ * CVE-2017-5439 (bmo#1336830)
+ Use-after-free in nsTArray Length() during XSLT processing
+ * CVE-2017-5438 (bmo#1336828)
+ Use-after-free in nsAutoPtr during XSLT processing
+ * CVE-2017-5437 (bmo#1343453)
+ Vulnerabilities in Libevent library
+ * CVE-2017-5436 (bmo#1345461)
+ Out-of-bounds write with malicious font in Graphite 2
+ * CVE-2017-5435 (bmo#1350683)
+ Use-after-free during transaction processing in the editor
+ * CVE-2017-5434 (bmo#1349946)
+ Use-after-free during focus handling
+ * CVE-2017-5433 (bmo#1347168)
+ Use-after-free in SMIL animation functions
+ * CVE-2017-5432 (bmo#1346654)
+ Use-after-free in text input selection
+ * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
+ bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
+ bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
+ Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+ * CVE-2017-5459 (bmo#1333858)
+ Buffer overflow in WebGL
+ * CVE-2017-5462 (bmo#1345089)
+ DRBG flaw in NSS
+ * CVE-2017-5454 (bmo#1349276)
+ Sandbox escape allowing file system read access through file
+ picker
+ * CVE-2017-5451 (bmo#1273537)
+ Addressbar spoofing with onblur event
+
+-------------------------------------------------------------------
+Mon Apr 17 12:43:48 UTC 2017 - [email protected]
+
+- update to Thunderbird 52.0.1
+ * Clicking on a link in an email may not open this link in the
+ external browser
+ * addon blocklist updates
+- enable ALSA for systems w/o PA
+- require libffi explicitely to fix PPC64LE build where a system
+ library is required
+
+-------------------------------------------------------------------
+Sat Mar 18 21:06:01 UTC 2017 - [email protected]
+
+- update to Thunderbird 52.0
+ * Optionally remove corresponding data files when removing an account
+ * Possibility to copy message filter
+ * Calendar: Event can now be created and edited in a tab
+ * Calendar: Processing of received invitation counter proposals
+ * Chat: Support Twitter Direct Messages
+ * Chat: Liking and favoriting in Twitter
+ * Chat: Removed Yahoo! Messenger support
+ * serveral bugfixes
+- security fixes (bsc#1028391, MFSA 2017-09):
+ In general, these flaws cannot be exploited through email because
+ scripting is disabled when reading mail, but are potentially
+ risks in browser or browser-like contexts.
+ * CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
+ * CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
+ * CVE-2017-5402: Use-after-free working with events in FontFace objects
(bmo#1334876)
+ * CVE-2017-5403: Use-after-free using addRange to add range to an incorrect
root object (bmo#1340186)
+ * CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138)
+ * CVE-2017-5406: Segmentation fault in Skia with canvas operations
(bmo#1306890)
+ * CVE-2017-5407: Pixel and history stealing via floating-point timing side
channel with SVG filters (bmo#1336622)
+ * CVE-2017-5410: Memory corruption during JavaScript garbage collection
incremental sweeping (bmo#1330687)
+ * CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
(bmo#1313711)
+ * CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
+ * CVE-2017-5413: Segmentation fault during bidirectional operations
(bmo#1337504)
+ * CVE-2017-5414: File picker can choose incorrect default directory
(bmo#1319370)
+ * CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
+ * CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf
filter is running (bmo#1257361)
+ * CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization
responses (bmo#1338876)
+ * CVE-2017-5419: Repeated authentication prompts lead to DOS attack
(bmo#1312243)
+ * CVE-2017-5405: FTP response codes can cause use of uninitialized values
for ports (bmo#1336699)
+ * CVE-2017-5421: Print preview spoofing (bmo#1301876)
+ * CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one
hyperlink (bmo#1295002)
+ * CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
+ * CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird
45.8
+- removed obsolete patches
+ * mozilla-aarch64-48bit-va.patch
+ * mozilla-binutils-visibility.patch
+ * mozilla-flex_buffer_overrun.patch
+ * mozilla-gcc6.patch
+- added generic mozilla patches
+ * mozilla-aarch64-startup-crash.patch
+- require newer versions of NSPR and NSS
+- use Gtk3 for Tumbleweed
+
+-------------------------------------------------------------------
Old:
----
l10n-45.8.0.tar.xz
mozilla-aarch64-48bit-va.patch
mozilla-binutils-visibility.patch
mozilla-flex_buffer_overrun.patch
mozilla-gcc6.patch
thunderbird-45.8.0-source.tar.xz
New:
----
l10n-52.1.0.tar.xz
mozilla-aarch64-startup-crash.patch
thunderbird-52.1.0-source.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaThunderbird.spec ++++++
--- /var/tmp/diff_new_pack.Ag41Ux/_old 2017-05-03 15:53:50.724557335 +0200
+++ /var/tmp/diff_new_pack.Ag41Ux/_new 2017-05-03 15:53:50.724557335 +0200
@@ -17,21 +17,18 @@
#
-%define mainversion 45.8.0
+%define mainversion 52.1.0
%define update_channel release
-%define releasedate 2017030300
-
-%if %suse_version > 1310
-%define gstreamer_ver 1.0
-%define gstreamer 1
-%else
-%define gstreamer_ver 0.10
-%endif
+%define releasedate 201704290000
%bcond_without mozilla_tb_kde4
%bcond_with mozilla_tb_valgrind
%bcond_without mozilla_tb_optimize_for_size
+%if 0%{?suse_version} > 1320
+%define mozilla_use_gtk3 1
+%endif
+
Name: MozillaThunderbird
BuildRequires: Mesa-devel
BuildRequires: autoconf213
@@ -44,8 +41,8 @@
BuildRequires: libgnomeui-devel
BuildRequires: libidl-devel
BuildRequires: libnotify-devel
-BuildRequires: mozilla-nspr-devel >= 4.12
-BuildRequires: mozilla-nss-devel >= 3.21.3
+BuildRequires: mozilla-nspr-devel >= 4.13.1
+BuildRequires: mozilla-nss-devel >= 3.28.4
BuildRequires: python
BuildRequires: startup-notification-devel
BuildRequires: unzip
@@ -54,22 +51,22 @@
BuildRequires: xz
BuildRequires: yasm
BuildRequires: zip
+BuildRequires: pkgconfig(libffi)
BuildRequires: pkgconfig(libpulse)
%if %{with mozilla_tb_valgrind}
BuildRequires: pkgconfig(valgrind)
%endif
-BuildRequires: pkgconfig(gstreamer-%gstreamer_ver)
-BuildRequires: pkgconfig(gstreamer-app-%gstreamer_ver)
-BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver)
-%if 0%{?gstreamer} == 1
-Requires: libgstreamer-1_0-0
-Recommends: gstreamer-fluendo-mp3
-Recommends: gstreamer-plugin-libav
-%else
-Requires: libgstreamer-0_10-0
-Recommends: gstreamer-0_10-fluendo-mp3
-Recommends: gstreamer-0_10-plugins-ffmpeg
-%endif
+%if 0%{?mozilla_use_gtk3}
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(gobject-2.0)
+BuildRequires: pkgconfig(gtk+-3.0) >= 3.4.0
+BuildRequires: pkgconfig(gtk+-unix-print-3.0)
+%endif
+# libavcodec is required for H.264 support but the
+# openSUSE version is currently not able to play H.264
+# therefore the Packman version is required
+# minimum version of libavcodec is 53
+Recommends: libavcodec-full >= 0.10.16
Version: %{mainversion}
Release: 0
Provides: thunderbird = %{version}
@@ -103,16 +100,13 @@
Patch3: mozilla-kde.patch
Patch4: mozilla-develdirs.patch
Patch5: mozilla-no-stdcxx-check.patch
-Patch6: mozilla-gcc6.patch
-Patch8: mozilla-aarch64-48bit-va.patch
-Patch9: mozilla-binutils-visibility.patch
+Patch6: mozilla-aarch64-startup-crash.patch
# Thunderbird/mail
Patch20: tb-ssldap.patch
-# hotfix
-Patch150: mozilla-flex_buffer_overrun.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: coreutils fileutils textutils /bin/sh
Recommends: libcanberra0
+Recommends: libpulse0
### build options
%ifarch aarch64 ppc ppc64 ppc64le s390 s390x ia64 %arm
%define crashreporter 0
@@ -132,11 +126,7 @@
%define progname thunderbird
%define progdir %{_prefix}/%_lib/thunderbird
%define libgssapi libgssapi_krb5.so.2
-%if %suse_version > 1130
%define desktop_file_name thunderbird
-%else
-%define desktop_file_name %{name}
-%endif
%description
Mozilla Thunderbird is a redesign of the Mozilla Mail component. It is
@@ -204,9 +194,6 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
-%patch8 -p1
-%patch9 -p1
-%patch150 -p1
popd
# comm-central patches
%patch20 -p1
@@ -272,7 +259,13 @@
ac_add_options --includedir=%{_includedir}
ac_add_options --disable-tests
ac_add_options --disable-debug
+ac_add_options --enable-alsa
ac_add_options --enable-optimize
+%if 0%{?mozilla_use_gtk3}
+ac_add_options --enable-default-toolkit=cairo-gtk3
+%else
+ac_add_options --enable-default-toolkit=cairo-gtk2
+%endif
ac_add_options --with-system-nspr
ac_add_options --with-system-nss
ac_add_options --with-system-jpeg
@@ -281,15 +274,10 @@
ac_add_options --disable-updater
#ac_add_options --with-system-png # no apng support
ac_add_options --enable-system-hunspell
-ac_add_options --disable-installer
-ac_add_options --disable-mochitest
ac_add_options --enable-startup-notification
ac_add_options --enable-official-branding
ac_add_options --disable-necko-wifi
ac_add_options --enable-update-channel=%{update_channel}
-%if 0%{?gstreamer} == 1
-ac_add_options --enable-gstreamer=1.0
-%endif
%if %has_system_cairo
ac_add_options --enable-system-cairo
%endif
@@ -476,7 +464,14 @@
%dir %{progdir}
%{progdir}/application.ini
%{progdir}/blocklist.xml
+%{progdir}/chrome.manifest
%{progdir}/dependentlibs.list
+%{progdir}/fonts/
+%if 0%{?mozilla_use_gtk3}
+%dir %{progdir}/gtk2
+%{progdir}/gtk2/libmozgtk.so
+%endif
+%{progdir}/icudt58l.dat
%{progdir}/*.so
%{progdir}/omni.ja
%{progdir}/platform.ini
++++++ compare-locales.tar.xz ++++++
++++++ create-tar.sh ++++++
--- /var/tmp/diff_new_pack.Ag41Ux/_old 2017-05-03 15:53:50.896533056 +0200
+++ /var/tmp/diff_new_pack.Ag41Ux/_new 2017-05-03 15:53:50.896533056 +0200
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="esr45"
+CHANNEL="esr52"
BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_45_8_0_RELEASE"
-VERSION="45.8.0"
+RELEASE_TAG="THUNDERBIRD_52_1_0_RELEASE"
+VERSION="52.1.0"
echo "cloning $BRANCH..."
hg clone http://hg.mozilla.org/$BRANCH thunderbird
++++++ l10n-45.8.0.tar.xz -> l10n-52.1.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-45.8.0.tar.xz
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new/l10n-52.1.0.tar.xz differ:
char 26, line 1
++++++ mozilla-aarch64-startup-crash.patch ++++++
# HG changeset patch
# Parent a5cfa3aa11a9d3391df49de6fc5a0e5232c12c10
Bug 991344 - Rpi3: Firefox crashes after a few seconds of usage
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -830,17 +830,23 @@ nsIOService::NewChannelFromURIWithProxyF
consoleService->LogStringMessage(NS_LITERAL_STRING(
"Http channel implementation doesn't support
nsIUploadChannel2. An extension has supplied a non-functional http protocol
handler. This will break behavior and in future releases not work at all."
).get());
}
gHasWarnedUploadChannel2 = true;
}
}
+#if defined(__aarch64__)
+ if (result) {
+ channel.forget(result);
+ }
+#else
channel.forget(result);
+#endif
return NS_OK;
}
NS_IMETHODIMP
nsIOService::NewChannelFromURIWithProxyFlags2(nsIURI* aURI,
nsIURI* aProxyURI,
uint32_t aProxyFlags,
nsIDOMNode* aLoadingNode,
++++++ mozilla-develdirs.patch ++++++
--- /var/tmp/diff_new_pack.Ag41Ux/_old 2017-05-03 15:53:50.984520634 +0200
+++ /var/tmp/diff_new_pack.Ag41Ux/_new 2017-05-03 15:53:50.988520070 +0200
@@ -19,6 +19,6 @@
else
DIST = $(DEPTH)/dist
endif
+ ABS_DIST = $(topobjdir)/dist
# We do magic with OBJ_SUFFIX in config.mk, the following ensures we don't
- # manually use it before config.mk inclusion
++++++ mozilla-kde.patch ++++++
++++ 2302 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/MozillaThunderbird/mozilla-kde.patch
++++ and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new/mozilla-kde.patch
++++++ mozilla-language.patch ++++++
--- /var/tmp/diff_new_pack.Ag41Ux/_old 2017-05-03 15:53:51.036513294 +0200
+++ /var/tmp/diff_new_pack.Ag41Ux/_new 2017-05-03 15:53:51.036513294 +0200
@@ -1,23 +1,22 @@
# HG changeset patch
# User Wolfgang Rosenauer <[email protected]>
# Parent 5a29924228527f8882c83cf62d470963ea1ce62e
-# Parent 55b6ae7fd3ebf28f960031801f1948dfc1bd80d2
+# Parent 4f39ed617c2f151a3a15903c7ae4471b66774e9e
Bug 583793 - Firefox interface language set to LANG, ignores LANGUAGE
diff --git a/intl/locale/nsLocaleService.cpp b/intl/locale/nsLocaleService.cpp
--- a/intl/locale/nsLocaleService.cpp
+++ b/intl/locale/nsLocaleService.cpp
-@@ -122,16 +122,17 @@ nsLocaleService::nsLocaleService(void)
+@@ -114,16 +114,17 @@ nsLocaleService::nsLocaleService(void)
+ NS_ENSURE_SUCCESS_VOID(rv);
+ #endif
+ #if defined(XP_UNIX) && !defined(XP_MACOSX)
RefPtr<nsLocale> resultLocale(new nsLocale());
NS_ENSURE_TRUE_VOID(resultLocale);
- #ifdef MOZ_WIDGET_QT
- const char* lang = QLocale::system().name().toUtf8();
- #else
// Get system configuration
const char* lang = getenv("LANG");
+ const char* language = getenv("LANGUAGE");
- #endif
nsAutoString xpLocale, platformLocale;
nsAutoString category, category_platform;
@@ -25,7 +24,8 @@
for( i = 0; i < LocaleListLength; i++ ) {
nsresult result;
-@@ -158,16 +159,21 @@ nsLocaleService::nsLocaleService(void)
+ // setlocale( , "") evaluates LC_* and LANG
+@@ -149,16 +150,36 @@ nsLocaleService::nsLocaleService(void)
} else {
CopyASCIItoUTF16(lang, platformLocale);
result = nsPosixLocale::GetXPLocale(lang, xpLocale);
@@ -35,9 +35,24 @@
return;
}
+ // LANGUAGE is overriding LC_MESSAGES
++ // it can be a colon separated list of preferred languages
++ // as we do not recognize here if a language is available
++ // we actually only consider the first entry unless GetXPLocale
++ // fails completely
+ if (i == LC_MESSAGES && language && *language) {
-+ CopyASCIItoUTF16(language, platformLocale);
-+ result = nsPosixLocale::GetXPLocale(language, xpLocale);
++#define LANGUAGE_SEP ":"
++ nsAutoString xpLocale_temp;
++ char* rawBuffer = (char*) language;
++ char* token = nsCRT::strtok(rawBuffer, LANGUAGE_SEP, &rawBuffer);
++ for (; token;
++ token = nsCRT::strtok(rawBuffer, LANGUAGE_SEP, &rawBuffer)) {
++ result = nsPosixLocale::GetXPLocale(token, xpLocale_temp);
++ if (NS_SUCCEEDED(result)) {
++ CopyASCIItoUTF16(token, platformLocale);
++ xpLocale = xpLocale_temp;
++ break;
++ }
++ }
+ }
resultLocale->AddCategory(category, xpLocale);
resultLocale->AddCategory(category_platform, platformLocale);
++++++ thunderbird-45.8.0-source.tar.xz -> thunderbird-52.1.0-source.tar.xz
++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-45.8.0-source.tar.xz
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new/thunderbird-52.1.0-source.tar.xz
differ: char 26, line 1
