- Tue Jun 5 2012 fwang <fwang> 0:10.0.5-1.mga1
+ Revision: 255762
- new version 10.0.5esr
- new version 10.0.3 ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-13.html
(XSS with Drag and Drop and Javascript: URL [CVE-2012-0455])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-14.html
(SVG issues found with Address Sanitizer [CVE-2012-0456, CVE-2012-0457])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-15.html
(XSS with multiple Content Security Policy headers [CVE-2012-0451])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
(Escalation of privilege with Javascript: URL as home page [CVE-2012-0458])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-17.html
(Crash when accessing keyframe cssText after dynamic modification
[CVE-2012-0459])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-18.html
(window.fullScreen writeable by untrusted content [CVE-2012-0460])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
(Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
[CVE-2012-0461, CVE-2012-0462, CVE-2012-0464, CVE-2012-0463 ])
- new version 3.1.12
+ doktor5000
- new version 10.0.4 ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
(Miscellaneous memory safety hazards [CVE-2012-0468, CVE-2012-0467])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
(use-after-free in IDBKeyRange[CVE-2012-0469])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
(Invalid frees causes heap corruption in gfxImageSurface [CVE-2012-0470])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
(Potential XSS via multibyte content processing errors [CVE-2012-0471])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
(Potential memory corruption during font rendering using cairo-dwrite
[CVE-2012-0472])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
(WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error [CVE-2012-0473])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
(Page load short-circuit can lead to XSS [CVE-2012-0474])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
(Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
[CVE-2012-0475])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
(Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
[CVE-2012-0477])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
(Crash with WebGL content using textImage2D [CVE-2012-0478])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
(Off-by-one error in OpenType Sanitizer [CVE-2011-3062])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
(Potential site identity spoofing when loading RSS and Atom feeds
[CVE-2012-0479])
- switch to Enigmail 1.4, officially supported version for ESR releases
o fixes a problem with inline PGP decrpytion
- use system nss shlibsign instead of missing bundled one
- remove unused Sources
- change Requires on libcanberra to Suggests
- new version 10.0.2 ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html
(libpng integer overflow [CVE-2011-3026])
- drop all unused patches
- remove useless commented-out stuff
- new version 10.0.1, switch to ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
(miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443]
fixed in 10.0 )
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
( - Fri Apr 29 2011 ahmad <ahmad> 0:3.1.10-1.mga1
+ Revision: 93463
- Update to 3.1.10
- Rediff run-mozilla patch
- Drop an old patch from SOURCES dir - Fri Mar 25 2011 ahmad <ahmad> 0:3.1.9-11.mga1
+ Revision: 77483
- revert previous commit, gio support doesn't work as it should resulting in http/
https links handler having to be configured manually for all new and old tb profiles.
gnomevfs support at least reads the value from gconf settings (which uses www-
browser by default) - Mon Mar 21 2011 ahmad <ahmad> 0:3.1.9-10.mga1
+ Revision: 75310
- disable gnomvfs support
- enable gio support
- disable updater as we don't support updating the application this way - Wed Mar 16 2011 ahmad <ahmad> 0:3.1.9-8.mga1
+ Revision: 72283
- conflict with mozilla-thunderbird-lightning <= 1.3.9 - Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-7.mga1
+ Revision: 68321
- drop old/uneeded scriptlets that update the destkop-database and hicolor
icon-cache; they were replaced by rpm filetriggers ages ago - Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-6.mga1
+ Revision: 68246
- don't obsolete -lightning here and in the mozilla-thunderbird-lightning src.rpm
urpmi can't smoothly handle a package obsoleted by two packages - Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-5.mga1
+ Revision: 68165
- obsolete the -lightning sub-package that was built from thunderbird src.rpm - Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-4.mga1
+ Revision: 68147
- define build_bundled_lightning, and disable it:
o the thunderbird tarball doesn't have the langpacks for lightning
o lightning has a separate release schedule (Fedora) - Wed Mar 9 2011 colin <colin> 0:3.1.9-2.mga1
+ Revision: 66827
- Extract the correct plugin id from lightning extension - Sat Mar 5 2011 ahmad <ahmad> 0:3.1.9-1.mga1
+ Revision: 64596
- update to 3.1.9
+ dmorgan
- obsoletes old package - Tue Mar 1 2011 ahmad <ahmad> 0:3.1.8-1.mga1
+ Revision: 62332
- update to 3.1.8 - Mon Feb 28 2011 dmorgan <dmorgan> 0:3.1.7-3.mga1
+ Revision: 61407
- Remove remaining mdv macro
- Remove remaining mdv macro
- Fix %els
- Fix %else
- Adapt for mageia
- Remove mdv macros
Adapt for mageia
+ ennael
- imported package mozilla-thunderbird