Hello community,
here is the log from the commit of package MozillaThunderbird for openSUSE:Factory
checked in at Fri Jan 9 01:36:42 CET 2009.
--------
--- MozillaThunderbird/MozillaThunderbird.changes 2008-11-21 01:54:31.000000000 +0100
+++ /mounts/work_src_done/STABLE/MozillaThunderbird/MozillaThunderbird.changes 2009-01-02 20:10:31.000000000 +0100
@@ -1,0 +2,33 @@
+Fri Jan 2 13:51:19 EST 2009 - hfiguiere@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Wed Dec 31 13:33:22 CET 2008 - wr@rosenauer.org
+
+- security update to version 2.0.0.19 (bnc#455804)
+ + MFSA 2008-68/CVE-2008-5511 and CVE-2008-5512: XSS and JavaScript
+ privilege escalation
+ + MFSA 2008-67/CVE-2008-5510: Escaped null characters ignored by
+ CSS parser
+ + MFSA 2008-66/CVE-2008-5508: Errors parsing URLs with leading
+ whitespace and control characters
+ + MFSA 2008-65/CVE-2008-5507: Cross-domain data theft via script
+ redirect error message
+ + MFSA 2008-64/CVE-2008-5506: XMLHttpRequest 302 response disclosure
+ + MFSA 2008-61/CVE-2008-5503: Information stealing via loadBindingDocument
+ + MFSA 2008-60/CVE-2008-5500, CVE-2008-5501 and CVE-2008-5502:
+ Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
+- improved mozilla-shared-nss-db.patch and
+ mozilla-system-hunspell.patch to be able to apply them
+ unconditionally
+
+-------------------------------------------------------------------
+Fri Nov 21 11:26:06 CET 2008 - wr@rosenauer.org
+
+- Add mozilla-shared-nss-db.patch which allows migrating to and
+ sharing with other applications using NSS
+ (same functionality as in xulrunner/firefox)
+ (can be disabled completely exporting MOZ_TB_NO_NSSHELPER=1)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
l10n-2.0.0.18.tar.bz2
lightning.patch
mozilla-system-hunspell.patch.bz2
thunderbird-2.0.0.18-source.tar.bz2
New:
----
l10n-2.0.0.19.tar.bz2
mozilla-shared-nss-db.patch
mozilla-system-hunspell.patch
thunderbird-2.0.0.19-source.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaThunderbird.spec ++++++
--- /var/tmp/diff_new_pack.Xt9925/_old 2009-01-09 01:36:10.000000000 +0100
+++ /var/tmp/diff_new_pack.Xt9925/_new 2009-01-09 01:36:10.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package MozillaThunderbird (Version 2.0.0.18)
+# spec file for package MozillaThunderbird (Version 2.0.0.19)
#
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,6 +25,9 @@
%if %suse_version > 1020
BuildRequires: fdupes
%endif
+%if %suse_version > 1100
+BuildRequires: nss-shared-helper-devel
+%endif
# fix broken 9.3 requirements
%if %suse_version <= 930
BuildRequires: freetype2-devel popt-devel
@@ -34,7 +37,7 @@
BuildRequires: gnome-vfs2 libgnome libgnomeui pkgconfig
%endif
License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
-Version: 2.0.0.18
+Version: 2.0.0.19
Release: 1
Summary: The Stand-Alone Mozilla Mail Component
Url: http://www.mozilla.org/products/thunderbird/
@@ -59,7 +62,6 @@
Patch8: gcc-undefined-ops.patch
Patch9: tb-develdirs.patch
Patch10: mips-buildfix.diff
-Patch11: lightning.patch
Patch12: misc.dif
Patch13: nss-opt.patch
Patch14: html-compose.patch
@@ -67,11 +69,12 @@
Patch16: list-replyto-clobber.patch
Patch17: mozilla-path_len.patch
Patch18: mozldap-charray_strdup.patch
+Patch19: mozilla-shared-nss-db.patch
Patch22: cjk-postscript-fonts.dif
Patch25: postscript.patch
Patch26: cups-paper.patch
Patch27: thunderbird-1.5.0.8-uninitalized-vars-232305.patch
-Patch28: mozilla-system-hunspell.patch.bz2
+Patch28: mozilla-system-hunspell.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: coreutils fileutils textutils /bin/sh
%if %suse_version > 1000
@@ -97,7 +100,7 @@
BuildRequires: mozilla-nss-devel
%endif
%define _unpackaged_files_terminate_build 0
-%define releasedate 2008111200
+%define releasedate 2008122700
%define progname thunderbird
%define progdir %{_prefix}/%_lib/thunderbird
%define my_provides /tmp/my-provides
@@ -190,7 +193,6 @@
%patch8
%patch9
%patch10
-#%patch11
%patch12
%patch13
%patch14
@@ -202,10 +204,9 @@
%patch25
%patch26
%patch27
-# use hunspell from 11.0 on only
-%if %suse_version > 1030
+# contain configure changes
+%patch19
%patch28
-%endif
%build
export MOZ_BUILD_DATE=%{releasedate}
@@ -240,8 +241,6 @@
ac_add_options --sysconfdir=%{_sysconfdir}
ac_add_options --mandir=%{_mandir}
ac_add_options --includedir=%{_includedir}
-# shouldn't be needed with exported CFLAGS
-#ac_add_options --enable-optimize="$CFLAGS"
ac_add_options --with-system-jpeg
ac_add_options --with-system-png
ac_add_options --with-system-zlib
@@ -415,6 +414,7 @@
# can't create hardlinks across partitions, we'll do this more than once.
%fdupes $RPM_BUILD_ROOT%{progdir}
%fdupes $RPM_BUILD_ROOT%{_datadir}
+%fdupes $RPM_BUILD_ROOT%{_includedir}
%endif
%clean
@@ -695,6 +695,30 @@
%{_bindir}/thunderbird-config
%changelog
+* Fri Jan 02 2009 hfiguiere@suse.de
+- Review and approve changes.
+* Wed Dec 31 2008 wr@rosenauer.org
+- security update to version 2.0.0.19 (bnc#455804)
+ + MFSA 2008-68/CVE-2008-5511 and CVE-2008-5512: XSS and JavaScript
+ privilege escalation
+ + MFSA 2008-67/CVE-2008-5510: Escaped null characters ignored by
+ CSS parser
+ + MFSA 2008-66/CVE-2008-5508: Errors parsing URLs with leading
+ whitespace and control characters
+ + MFSA 2008-65/CVE-2008-5507: Cross-domain data theft via script
+ redirect error message
+ + MFSA 2008-64/CVE-2008-5506: XMLHttpRequest 302 response disclosure
+ + MFSA 2008-61/CVE-2008-5503: Information stealing via loadBindingDocument
+ + MFSA 2008-60/CVE-2008-5500, CVE-2008-5501 and CVE-2008-5502:
+ Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
+- improved mozilla-shared-nss-db.patch and
+ mozilla-system-hunspell.patch to be able to apply them
+ unconditionally
+* Fri Nov 21 2008 wr@rosenauer.org
+- Add mozilla-shared-nss-db.patch which allows migrating to and
+ sharing with other applications using NSS
+ (same functionality as in xulrunner/firefox)
+ (can be disabled completely exporting MOZ_TB_NO_NSSHELPER=1)
* Thu Nov 20 2008 maw@suse.de
- Review and approve changes.
* Thu Nov 13 2008 wr@rosenauer.org
@@ -850,7 +874,7 @@
- Security update to version 1.5.0.12 (#271197).
* Tue Jun 05 2007 sbrabec@suse.cz
- Removed invalid desktop category "Application" (#254654).
-* Wed Apr 18 2007 wr@rosenauer.org
+* Thu Apr 19 2007 wr@rosenauer.org
- update to final version 2.0.0.0
(http://www.mozilla.com/en-US/thunderbird/2.0.0.0/releasenotes/)
- update enigmail to 0.95.0
@@ -904,7 +928,7 @@
* Fri Jun 02 2006 stark@suse.de
- update to security/stability release 1.5.0.4 (#179011)
(http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderb...)
-* Sun May 14 2006 stark@suse.de
+* Mon May 15 2006 stark@suse.de
- update to version 1.5.0.2
- update mailredirect to 0.7.3
- save printer settings properly (#174082, bmo #324072)
@@ -996,16 +1020,16 @@
- fixed Gdk-WARNING at startup (gtk.patch)
- fixed regression in profile locking change (bmo #303633)
- fixed crash with gtk 2.7 (bmo #300226, bnc #104586)
-* Tue Aug 02 2005 stark@suse.de
+* Wed Aug 03 2005 stark@suse.de
- fixed profile locking (bmo #151188)
-* Thu Jul 28 2005 stark@suse.de
+* Fri Jul 29 2005 stark@suse.de
- don't require and provide NSS libs (#98002)
* Fri Jul 22 2005 stark@suse.de
- fixed printing patch
* Tue Jul 19 2005 stark@suse.de
- added NSPR to PreReq
- disable stripping in specfile
-* Thu Jul 14 2005 stark@suse.de
+* Fri Jul 15 2005 stark@suse.de
- update to 1.0.6 which restores API compatibility
- fixed width calculation in Postscript module (bmo #290292)
* Thu Jul 14 2005 stark@suse.de
@@ -1091,12 +1115,12 @@
- more fixes for #35179
- added firefox as default handler for its protocols
- update enigmail to 0.83.4
-* Tue Mar 02 2004 stark@suse.de
+* Wed Mar 03 2004 stark@suse.de
- removed unused patches for GTK2 build
* Sun Feb 29 2004 stark@suse.de
- improved start-script to interact with firefox and mozilla
(#35179)
-* Thu Feb 26 2004 stark@suse.de
+* Fri Feb 27 2004 stark@suse.de
- update to 0.5
- spec-file cleanup
* Wed Oct 15 2003 stark@suse.de
++++++ l10n-2.0.0.18.tar.bz2 -> l10n-2.0.0.19.tar.bz2 ++++++
MozillaThunderbird/l10n-2.0.0.18.tar.bz2 /mounts/work_src_done/STABLE/MozillaThunderbird/l10n-2.0.0.19.tar.bz2 differ: byte 11, line 1
++++++ mozilla-shared-nss-db.patch ++++++
? .mozconfig.mk
? .mozconfig.out
Index: configure
===================================================================
RCS file: /cvsroot/mozilla/configure,v
retrieving revision 1.1492.2.130
diff -u -p -6 -r1.1492.2.130 configure
--- configure 19 Oct 2008 16:21:23 -0000 1.1492.2.130
+++ configure 21 Nov 2008 09:52:32 -0000
@@ -19337,12 +19337,115 @@ echo "configure:19307: checking CAIRO_LI
fi
+
+
+ succeeded=no
+
+ if test -z "$PKG_CONFIG"; then
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:19352: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_PKG_CONFIG'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ case "$PKG_CONFIG" in
+ /*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ ?:/*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a dos path.
+ ;;
+ *)
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
+ ac_dummy="$PATH"
+ for ac_dir in $ac_dummy; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$ac_word; then
+ ac_cv_path_PKG_CONFIG="$ac_dir/$ac_word"
+ break
+ fi
+ done
+ IFS="$ac_save_ifs"
+ test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no"
+ ;;
+esac
+fi
+PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+if test -n "$PKG_CONFIG"; then
+ echo "$ac_t""$PKG_CONFIG" 1>&6
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+
+ if test "$PKG_CONFIG" = "no" ; then
+ echo "*** The pkg-config script could not be found. Make sure it is"
+ echo "*** in your path, or set the PKG_CONFIG environment variable"
+ echo "*** to the full path to pkg-config."
+ echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config."
+ else
+ PKG_CONFIG_MIN_VERSION=0.9.0
+ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
+ echo $ac_n "checking for nss-shared-helper""... $ac_c" 1>&6
+echo "configure:19396: checking for nss-shared-helper" >&5
+
+ if $PKG_CONFIG --exists "nss-shared-helper" ; then
+ echo "$ac_t""yes" 1>&6
+ succeeded=yes
+
+ echo $ac_n "checking NSSHELPER_CFLAGS""... $ac_c" 1>&6
+echo "configure:19403: checking NSSHELPER_CFLAGS" >&5
+ NSSHELPER_CFLAGS=`$PKG_CONFIG --cflags "nss-shared-helper"`
+ echo "$ac_t""$NSSHELPER_CFLAGS" 1>&6
+
+ echo $ac_n "checking NSSHELPER_LIBS""... $ac_c" 1>&6
+echo "configure:19408: checking NSSHELPER_LIBS" >&5
+ ## don't use --libs since that can do evil things like add
+ ## -Wl,--export-dynamic
+ NSSHELPER_LIBS="`$PKG_CONFIG --libs-only-L \"nss-shared-helper\"` `$PKG_CONFIG --libs-only-l \"nss-shared-helper\"`"
+ echo "$ac_t""$NSSHELPER_LIBS" 1>&6
+ else
+ NSSHELPER_CFLAGS=""
+ NSSHELPER_LIBS=""
+ ## If we have a custom action on failure, don't print errors, but
+ ## do set a variable so people can do so.
+ NSSHELPER_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nss-shared-helper"`
+
+ fi
+
+
+
+ else
+ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
+ echo "*** See http://www.freedesktop.org/software/pkgconfig"
+ fi
+ fi
+
+ if test $succeeded = yes; then
+ MOZ_ENABLE_NSSHELPER=1
+ else
+ MOZ_ENABLE_NSSHELPER=
+ fi
+
+
+if test "$MOZ_ENABLE_NSSHELPER"; then
+ cat >> confdefs.h <<\EOF
+#define MOZ_ENABLE_NSSHELPER 1
+EOF
+
+fi
+
+
+
+
# Check whether --enable-xul or --disable-xul was given.
if test "${enable_xul+set}" = set; then
enableval="$enable_xul"
if test "$enableval" = "no"; then
MOZ_XUL=
elif test "$enableval" = "yes"; then
@@ -20583,12 +20686,15 @@ s%@ATSUI_FONT_FEATURE@%$ATSUI_FONT_FEATU
s%@PNG_FUNCTIONS_FEATURE@%$PNG_FUNCTIONS_FEATURE%g
s%@CAIRO_CFLAGS@%$CAIRO_CFLAGS%g
s%@CAIRO_LIBS@%$CAIRO_LIBS%g
s%@MOZ_TREE_CAIRO@%$MOZ_TREE_CAIRO%g
s%@MOZ_CAIRO_CFLAGS@%$MOZ_CAIRO_CFLAGS%g
s%@MOZ_CAIRO_LIBS@%$MOZ_CAIRO_LIBS%g
+s%@NSSHELPER_CFLAGS@%$NSSHELPER_CFLAGS%g
+s%@NSSHELPER_LIBS@%$NSSHELPER_LIBS%g
+s%@MOZ_ENABLE_NSSHELPER@%$MOZ_ENABLE_NSSHELPER%g
s%@MOZ_XUL@%$MOZ_XUL%g
s%@MOZ_PYTHON@%$MOZ_PYTHON%g
s%@MOZ_PYTHON_PREFIX@%$MOZ_PYTHON_PREFIX%g
s%@MOZ_PYTHON_INCLUDES@%$MOZ_PYTHON_INCLUDES%g
s%@MOZ_PYTHON_LIBS@%$MOZ_PYTHON_LIBS%g
s%@MOZ_PYTHON_VER@%$MOZ_PYTHON_VER%g
Index: configure.in
===================================================================
RCS file: /cvsroot/mozilla/configure.in,v
retrieving revision 1.1503.2.112
diff -u -p -6 -r1.1503.2.112 configure.in
--- configure.in 19 Oct 2008 16:14:06 -0000 1.1503.2.112
+++ configure.in 21 Nov 2008 09:52:34 -0000
@@ -6808,12 +6808,27 @@ fi
AC_SUBST(MOZ_TREE_CAIRO)
AC_SUBST(MOZ_CAIRO_CFLAGS)
AC_SUBST(MOZ_CAIRO_LIBS)
dnl ========================================================
+dnl Check for nss-shared-helper
+dnl ========================================================
+
+PKG_CHECK_MODULES(NSSHELPER, nss-shared-helper,
+ [MOZ_ENABLE_NSSHELPER=1],
+ [MOZ_ENABLE_NSSHELPER=])
+
+if test "$MOZ_ENABLE_NSSHELPER"; then
+ AC_DEFINE(MOZ_ENABLE_NSSHELPER)
+fi
+AC_SUBST(MOZ_ENABLE_NSSHELPER)
+AC_SUBST(NSSHELPER_CFLAGS)
+AC_SUBST(NSSHELPER_LIBS)
+
+dnl ========================================================
dnl disable xul
dnl ========================================================
MOZ_ARG_DISABLE_BOOL(xul,
[ --disable-xul Disable XUL],
MOZ_XUL= )
if test "$MOZ_XUL"; then
Index: config/autoconf.mk.in
===================================================================
RCS file: /cvsroot/mozilla/config/autoconf.mk.in,v
retrieving revision 3.363.2.20
diff -u -p -6 -r3.363.2.20 autoconf.mk.in
--- config/autoconf.mk.in 14 Sep 2006 18:07:03 -0000 3.363.2.20
+++ config/autoconf.mk.in 21 Nov 2008 09:52:35 -0000
@@ -492,12 +492,16 @@ GLIB_CFLAGS = @GLIB_CFLAGS@
GLIB_LIBS = @GLIB_LIBS@
GLIB_GMODULE_LIBS = @GLIB_GMODULE_LIBS@
LIBIDL_CFLAGS = @LIBIDL_CFLAGS@
LIBIDL_LIBS = @LIBIDL_LIBS@
STATIC_LIBIDL = @STATIC_LIBIDL@
+MOZ_ENABLE_NSSHELPER = @MOZ_ENABLE_NSSHELPER@
+NSSHELPER_CFLAGS = @NSSHELPER_CFLAGS@
+NSSHELPER_LIBS = @NSSHELPER_LIBS@
+
MOZ_NATIVE_MAKEDEPEND = @SYSTEM_MAKEDEPEND@
# Used for LD_LIBRARY_PATH
LIBS_PATH = @LIBS_PATH@
MOZ_AUTO_DEPS = @MOZ_AUTO_DEPS@
Index: mail/app/Makefile.in
===================================================================
RCS file: /cvsroot/mozilla/mail/app/Makefile.in,v
retrieving revision 1.46.2.10
diff -u -p -6 -r1.46.2.10 Makefile.in
--- mail/app/Makefile.in 22 Oct 2008 21:04:53 -0000 1.46.2.10
+++ mail/app/Makefile.in 21 Nov 2008 09:52:45 -0000
@@ -100,12 +100,16 @@ endif
endif
ifdef MOZ_JPROF
LIBS += -ljprof
endif
+ifdef MOZ_ENABLE_NSSHELPER
+LIBS += $(NSSHELPER_LIBS)
+endif
+
ifndef MOZ_WINCONSOLE
ifdef MOZ_DEBUG
MOZ_WINCONSOLE = 1
else
MOZ_WINCONSOLE = 0
endif
Index: security/manager/ssl/src/Makefile.in
===================================================================
RCS file: /cvsroot/mozilla/security/manager/ssl/src/Makefile.in,v
retrieving revision 1.67.2.5
diff -u -p -6 -r1.67.2.5 Makefile.in
--- security/manager/ssl/src/Makefile.in 4 Jun 2008 20:42:03 -0000 1.67.2.5
+++ security/manager/ssl/src/Makefile.in 21 Nov 2008 09:52:50 -0000
@@ -128,17 +128,18 @@ REQUIRES = nspr \
EXTRA_DEPS = $(NSS_DEP_LIBS)
DEFINES += -DNSS_ENABLE_ECC
# Use local includes because they are inserted before INCLUDES
# so that Mozilla's nss.h is used, not glibc's
-LOCAL_INCLUDES += $(NSS_CFLAGS)
+LOCAL_INCLUDES += $(NSS_CFLAGS) $(NSSHELPER_CFLAGS)
EXTRA_DSO_LDOPTS += \
$(MOZ_UNICHARUTIL_LIBS) \
$(MOZ_COMPONENT_LIBS) \
$(MOZ_JS_LIBS) \
+ $(NSSHELPER_LIBS) \
$(NSS_LIBS) \
$(NULL)
include $(topsrcdir)/config/rules.mk
Index: security/manager/ssl/src/nsNSSComponent.cpp
===================================================================
RCS file: /cvsroot/mozilla/security/manager/ssl/src/nsNSSComponent.cpp,v
retrieving revision 1.126.2.9
diff -u -p -6 -r1.126.2.9 nsNSSComponent.cpp
--- security/manager/ssl/src/nsNSSComponent.cpp 30 Jun 2008 22:54:11 -0000 1.126.2.9
+++ security/manager/ssl/src/nsNSSComponent.cpp 21 Nov 2008 09:52:51 -0000
@@ -41,12 +41,19 @@
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
+#ifdef MOZ_ENABLE_NSSHELPER
+#pragma GCC visibility push(default)
+#include