/[packages]/updates/1/mozilla-thunderbird/current/SPECS/mozilla-thunderbird.spec |
Parent Directory | Revision Log
Links to HEAD: | (view) (download) (annotate) |
Sticky Revision: |
- use system nss shlibsign instead of missing bundled one
new version 10.0.3esr
- remove Suggests on -l10n, added by mistake (SILENT)
- remove unused Sources
- change Requires on libcanberra to Suggests
- new version 10.0.2 ESR (Extended Support Release) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html (libpng integer overflow [CVE-2011-3026]) - drop all unused patches - remove useless commented-out stuff
- new version 10.0.1, switch to ESR (Extended Support Release) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443] fixed in 10.0 ) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html (<iframe> element exposed across domains via name attribute [CVE-2012-0445] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (child nodes from nsDOMAttribute still accessible after removal of nodes [CVE-2011-3659] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-05.html (frame scripts calling into untrusted objects bypass security checks [CVE-2012-0446] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-06.html (uninitialized memory appended when encoding icon images may cause information disclosure [CVE-2012-0447] fixed in 10.0 o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (crash with malformed embedded XSLT stylesheets [CVE-2012-0449] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-10.html (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452]) - update enigmail to 1.3.5, needed for thunderbird 10.0 - updated mageia-default-prefs.js, reenabled locale matching to system locale - change new default preference (extensions.autoDisableScopes) to not automatically disable systemwide installed addons, like language packs - added BuildRequires on yasm, mesagl-devel, startup-notification-devel, dbus, libevent-devel and libvpx-devel - added Requires on libcanberra for playing sounds - add Patch100 to use libcanberra for playing sounds (rediffed from upstream, mozilla-thunderbird-mga-use-libcanberra.patch) - rediffed Patch201, disabling default application dialog on Thunderbird start - use bundled libpng, system one is too old and updating it is a no-go for mga1 - do not build against system libxul, add requires_exception for libxul - disable updater and bundled lightning, disable compilation of lightning - enable gio, vpx and libevent and optimization - use org.mageia as distribution id - removed thunderbird.cfg - add -fPIC to CFLAGS
- new version 3.1.18 o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-59.html (.jar files not being treated as executables on MacOS [CVE-2011-3666] fixed in 3.1.17) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (Miscellaneous memory safety hazards [(rv:10.0/ 1.9.2.26) [CVE-2012-0443, CVE-2012-0442]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-02.html (Overly permissive IPv6 literal syntax [CVE-2011-3670]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (Child nodes from nsDOMAttribute still accessible after removal of nodes, [CVE-2011-3659]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (Potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (Crash with malformed embedded XSLT stylesheets [CVE-2012-0449])
- new version 3.1.6 o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-46.html (loadSubScript unwraps XPCNativeWrapper scope parameter, a malicious page could potentially exploit a Thunderbird user who had installed an add-on that used loadSubscript in vulnerable ways) o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-47.html (Potential cross-site-scripting against sites using Shift-JIS encoding, CVE-2011-3648) o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-49.html (memory corruption while profiling using Firebug, CVE-2011-3650) - fixed CVE-2011-3640, untrusted search path vulnerability which might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory (fix-CVE-2011-3640.patch, from upstream)
- new version 3.1.15 - fixed http://www.mozilla.org/security/announce/2011/mfsa2011-34.html (Protection against fraudulent DigiNotar certificates, fixed in thunderbird 3.1.13) - fixed http://www.mozilla.org/security/announce/2011/mfsa2011-35.html (Additional protection against fraudulent DigiNotar certificates, fixed in thunderbird 3.1.14)
new version 3.1.12
SILENT: branch release 1
- Update to 3.1.10 - Rediff run-mozilla patch - Drop an old patch from SOURCES dir
- revert previous commit, gio support doesn't work as it should resulting in http/ https links handler having to be configured manually for all new and old tb profiles. gnomevfs support at least reads the value from gconf settings (which uses www- browser by default)
SILENT: correct typo
- disable gnomvfs support - enable gio support
- disable updater as we don't support updating the application this way
- conflict with mozilla-thunderbird-lightning <= 1.3.9
SILENT: clean spec
- drop old/uneeded scriptlets that update the destkop-database and hicolor icon-cache; they were replaced by rpm filetriggers ages ago
- don't obsolete -lightning here and in the mozilla-thunderbird-lightning src.rpm urpmi can't smoothly handle a package obsoleted by two packages
- obsolete the -lightning sub-package that was built from thunderbird src.rpm
- define build_bundled_lightning, and disable it: o the thunderbird tarball doesn't have the langpacks for lightning o lightning has a separate release schedule (Fedora)
Extract the correct plugin id from lightning extension
- update to 3.1.9
- update to 3.1.8
Remove remaining mdv macro
Remove remaining mdv macro
Fix %%els
Fix %%else
Adapt for mageia
Remove mdv macros Adapt for mageia
imported package mozilla-thunderbird
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
ViewVC Help | |
Powered by ViewVC 1.1.30 |