seamonkey/seamonkey.changes

4149 lines
159 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Wed Jul 07 13:50:05 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.8
* Serious performance improvements and bug fixes tracked in bug
1633339 and bug 1711050.
* Language attributes with country codes not recognized when
building the Website Navigation Bar link toolbar bug 134436 and
bug 1709443.
* Optimize SeaMonkey icons for speed and optional higher quality for
branding bug 1362210 and bug 1699322.
* Support from= option when opening email compose window from the
command line bug 1628671.
* Update subject handling and GenericSendMessage function in compose
window bug 1693994.
* All message windows should update when view preferences are
changed bug 1694765.
* Improve marking of multiple messages as read / unread bug 1700530.
* Show version numbers again in the add-on manager by the partial
backout of bug 1161183.
* Update available networks in chatZilla (including adding
libera.chat)bug 1704392 and bug 1712505.
* Change default port for IRC via TLS/SSL to 6697 bug 1704280.
* Remove chatZilla and Lightning extension language packs and
incorpate localisations within the main language pack bug 1604663.
* Fix address drag and drop handling in compose window bug 1712002
and bug 1712227.
* Further fixes for legacy generators and the deprecated for each
statement in add-ons and the Add-on SDK bug 1702903.
* For developers, fork DOMi repo into main SeaMonkey one which means
no need to separately checkout the extension bug 1700003.
* SeaMonkey 2.53.8 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.8 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.11
ESR and a few enhancements have been backported. We will continue
to enhance SeaMonkey security in subsequent 2.53.x beta and
release versions as fast as we are able to.
- removed obsolete seamonkey-websocketloop.patch and
seamonkey-rustc-bootstrap.patch (now integrated upstream)
-------------------------------------------------------------------
Tue May 18 07:04:59 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- add patch seamonkey-rustc-bootstrap.patch adapted from
https://bugzilla.mozilla.org/show_bug.cgi?id=1710154 to enable
compilation with rust >= 1.50.0
-------------------------------------------------------------------
Tue May 05 18:36:24 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- update GNU Makefile from upstream
https://bugzilla.mozilla.org/show_bug.cgi?id=1692516#c8 -- besides
some general improvements, this Makefile now allows the language
packs for the bundled extensions to be split off again if desired
(though our spec file does not yet take advantage of this)
-------------------------------------------------------------------
Tue May 04 08:19:42 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- use system libraries for bz2, webp, and icu to reduce package size
and because this is probably more secure (since our own libraries
are probably updated more often than the ones bundled with
SeaMonkey)
-------------------------------------------------------------------
Wed Apr 28 07:59:04 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- add upstream patch seamonkey-websocketloop.patch from
https://bugzilla.mozilla.org/attachment.cgi?id=9218795&action=diff
to solve critical performance issue
https://bugzilla.mozilla.org/show_bug.cgi?id=1633339
-------------------------------------------------------------------
Tue Apr 27 11:54:30 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- requested inclusion in Leap 15.2:
https://bugzilla.opensuse.org/show_bug.cgi?id=1185349
-------------------------------------------------------------------
Tue Apr 20 15:28:04 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- remove check for .mkdir.done, as these files are no longer generated
- remove check for text files with the executable bit incorrectly set,
as the only remaining files in the source tree with this problem are
ones that don't get installed anyway:
https://bugzilla.mozilla.org/show_bug.cgi?id=1706019
- revise/improve spec file comments
- update package description to clarify compatibility with Firefox
extensions
- update package description to reference bundled calendar
-------------------------------------------------------------------
Tue Apr 20 06:52:31 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- re-enable elf-hack for x86_64 builds as this is no longer preventing
compilation: https://bugzilla.mozilla.org/show_bug.cgi?id=1619776
-------------------------------------------------------------------
Mon Apr 19 20:40:37 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- remove --disable-optimize flag (added on Sat Sep 20 14:53:01 UTC
2014 as a result of bnc#896624) as compilation on ix86 with the
default optimizations seems to work fine now
-------------------------------------------------------------------
Mon Apr 19 07:40:51 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- add patch to install SeaMonkey's new man page:
seamonkey-man-page.patch
-------------------------------------------------------------------
Sun Apr 18 13:28:57 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.7.1
* Fix for legacy generators and the deprecated for each statement in
add-ons and the Add-on SDK bug 1702903.
* Fix for handling of dead keys in text input fields in GTK 3.24.26+
bug 1701288.
* SeaMonkey 2.53.7.1 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.7.1 shares most parts of the mail and news code
with Thunderbird. Please read the Thunderbird 60.0 release notes
for specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.8 ESR
and a few enhancements have been backported. We will continue to
enhance SeaMonkey security in subsequent 2.53.x beta and release
versions as fast as we are able to.
-------------------------------------------------------------------
Sun Apr 18 12:57:14 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.7
* Remove Flash and NPAPI support bug 1688415.
* Switch packaged extensions to be global bug 1659298.
* Add Insert Forms to Composer bug 1684611.
* Fix an issue with copying to IMAP sent folder and some reference
count leaks in mailnews bug 1689890.
* Tailing to delay tracker requests and enhance performance has been
enabled bug 1358060.
* Fix an issue with favorite and recent folders not showing in macOS
bug 1695869.
* Various security and general platform fixes.
* The ChatZilla source has been integrated into SeaMonkey and no
longer needs to be checked out separately if you build your own
release bug 1551033.
* SeaMonkey 2.53.7 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.7 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.8 ESR
and a few enhancements have been backported. We will continue to
enhance SeaMonkey security in subsequent 2.53.x beta and release
versions as fast as we are able to.
- update GNU Makefile per
https://bugzilla.mozilla.org/show_bug.cgi?id=1692516#c6
* provide a way to auto-select es-AR locale on any Spanish one but
es-ES
-------------------------------------------------------------------
Sun Apr 18 12:22:54 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- restore Chatzilla and DOM Inspector packages disabled in Revision
333; these extensions were long since re-enabled upstream but
apparently we had forgotten to re-enable them in the spec file
-------------------------------------------------------------------
Fri Apr 16 15:18:27 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- add --disable-install-strip to .mozconfig; fixes #1184851
-------------------------------------------------------------------
Fri Apr 16 07:20:09 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.6
* Improve usability of multiple mailboxes/folders selectionbug
1600103.
* Add Greek localisation (el).
* Remove more RDF from mailnews code.
* Switch to mozilla as topsrcdir and component for building is
comm/suite now.
* Rust support is now up to 1.48 and official build is now using
1.47.0
* Various security and general platform fixes.
* SeaMonkey 2.53.6 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.6 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.6 ESR
and a few enhancements have been backported. We will continue to
enhance SeaMonkey security in subsequent 2.53.x beta and release
versions as fast as we are able to.
- rewrote spec file to account for SeaMonkey's new build system, including
a new Makefile from Dmitry Butskoy: #1181525#c3
- merged the translations-common and translations-other subpackages into
the main package; it is no longer convenient/consistent to keep these
separate because localizations for the integrated IRC and Calendar
clients are already merged in the source. This also solves #1181525.
- enabled and bundled Calendar (Lightning) extension
- cleaned up spec file to remove conditions targeting long-obsolete
openSUSE versions
- disabled elf-hack on i586 builds, as it was preventing compilation
-------------------------------------------------------------------
Tue Apr 13 07:58:48 UTC 2021 - Tristan Miller <psychonaut@nothingisreal.com>
- add patch to enable builds with Rust >= 1.48 on Tumbleweed
https://bugzilla.mozilla.org/show_bug.cgi?id=1617782#c22
-------------------------------------------------------------------
Fri Nov 20 09:49:51 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- requested inclusion in Leap 15.1 and 15.2:
https://bugzilla.opensuse.org/show_bug.cgi?id=1179010
-------------------------------------------------------------------
Thu Nov 19 09:44:58 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.5.1
* Fix advertising of av1 support bug 1490877.
* Fix some issues found with supporting new macOS.
* Various security and general platform fixes.
-------------------------------------------------------------------
Sat Nov 14 20:17:43 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.5
* Provide WebP support bug 1653869.
* Add startpage.com as a search engine available to all locales bug
1655283.
* Added av1 support.
* Included latest version of freetype2.
* Added support for the resizeObserver web API.
* Support for rust 1.47.0 on Linux and macOS platforms.
* Dropped support for use of system sqlite.
* Various security and general platform fixes.
* SeaMonkey 2.53.5 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes
* SeaMonkey 2.53.5 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.4 ESR
and a few enhancements have been backported. We will continue to
enhance SeaMonkey security in subsequent 2.53.x beta and release
versions as fast as we are able to.
-------------------------------------------------------------------
Wed Sep 23 08:19:00 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.4
* This version makes changes to your profile that can't be reverted
in case you want to go back to a previous version of
SeaMonkey. You MUST absolutely do a full backup of your profile
before trying SeaMonkey 2.53.4.
* Added translation for Bokmål (nb_NO)
* Upgraded NSS to 3.53.1 bug 1643859.
* Updated to Unicode 11 for SpiderMonkey bug 1466471.
* Updated bundled Twemoji Mozilla font to v0.5.1 to support newer
emojis bug 1644346.
* Updated how photos are handled in the addressbook bug 1641705.
* Removed outdated RSS feed handlers bug 1643716.
* Fix initialisation of TodayPane mini-day, to show the right day
bug 1479628.
* Fixed sizing issue of HTML mail question (askSendFormat) dialog
bug 1583415.
* Update of help page content and links.
* Various security and general platform fixes.
* SeaMonkey 2.53.4 uses the same backend as Firefox and contains the
relevant Firefox 60.6 security fixes.
* SeaMonkey 2.53.4 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.1 ESR
and a few enhancements have been backported. We will continue to
enhance SeaMonkey security in subsequent 2.53.x beta and release
versions as fast as we are able to.
- Added patch seamonkey-lto.patch which corrects the LTO syntax
when compiling with GCC
-------------------------------------------------------------------
Mon Jul 20 09:35:49 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- requested inclusion in Leap 15.1 and 15.2:
https://bugzilla.opensuse.org/show_bug.cgi?id=1174300
-------------------------------------------------------------------
Sat Jul 18 20:49:18 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- update appdata files (Bug 1174192):
* correct metadata licensing information (most of the application
descriptions had been taken from
https://www.seamonkey-project.org/doc/features which according to
the page footer is licensed under CC-BY-SA-3.0)
* update the metadata summary and the introduction in the metadata
description to more accurately reflect what SeaMonkey is, giving
less prominence to the long-discontinued Mozilla Application Suite
that many users may no longer be familiar with
* update the metadata name to more accurately reflect the name
or purpose of the application
* update the metadata URL with the current SeaMonkey website
-------------------------------------------------------------------
Wed Jul 15 12:09:03 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.3
* The LaTex tool TexZilla, used for inserting Math, has been
upgraded to 1.0.2.
* It is now possible to customize the toolbars in Composer and the
formatting toolbar in Mailnews composition.
* All folders of an account can now be marked as read.
* There is now an option for not advertizing SeaMonkey at all in the
user agent.
* The preference for hiding the toolbar and menubar grippies can now
be changed from "Preferences->Appearance".
* The preference "browser.tabs.autoHide" which autohides the tab bar
when there is only one tab in a browser window open has been
flipped in bug 1634879. SeaMonkey will now show the tab bar as the
default. You can change it back by checking "Hide the tab bar when
only one tab is open" in "Preferences->Browser->Tabbed Browsing"
* Update of help page content and links.
* SeaMonkey language packs are now version specific and will be
disabled as part of the profile upgrade following the installation
of a later version.
* Search Engines have been centralized and updated in bug 1300198.
* Address book now has updated IM fields, improved layout for card
view pane, improved multi-word search, ability to search across
multiple address books, more granular prompts when deleting items,
print on the context menus and print button on the toolbar.
* Multimedia support has been updated in preparation of supporting
more audio video formats in the next releases. For enhanced
security the Rust multimedia parser is now used for this and the
libstagefright package has been removed.
* SeaMonkey 2.53.3 uses the same backend as Firefox and contains the
relevant Firefox 60.4 security fixes.
* SeaMonkey 2.53.3 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 77 and a
few enhancements have been backported.
- Fix exclusion list syntax in create-tars.sh script
- Disable LTO on i586 builds as these are once again failing due to
memory issues
-------------------------------------------------------------------
Tue Jun 02 13:00:57 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- Re-enable LTO on Tumbleweed builds after increasing available
memory in _constraints
-------------------------------------------------------------------
Sun May 10 20:24:22 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- Disable LTO on Tumbleweed builds to work around issues on
build.opensuse.org:
https://bugzilla.opensuse.org/show_bug.cgi?id=1171414
-------------------------------------------------------------------
Thu May 08 09:55:00 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- Update create-tars.sh script to more precisely exclude unwanted
VCS files; the previous exclusion list would have eventually
triggered the bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=1621564
-------------------------------------------------------------------
Thu May 07 14:21:31 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.2
https://www.seamonkey-project.org/releases/seamonkey2.53.2/
* Scrollbars have been switched over to the native gtk3 theme in bug
1625754. If your theme does not show scrollbar buttons and you
would like to see them try editing ~/.config/gtk-3.0/gtk.css and
adding the following:
{
-GtkScrollbar-has-backward-stepper: 1;
-GtkScrollbar-has-forward-stepper: 1;
}
* The download progress dialog has been fixed and is now showing the
correct status for downloads. Some downloads may not show the
transferred count. This problem is under investigation.
* SeaMonkey is now translated and available in Finnish and Georgian.
* Because of website compatibility issues and privacy concerns the
Lightning version is no longer appended to the user agent string
and has been removed from the preferences dialog.
* Advanced Layers has been activated on Windows. This should boost
performance on some websites. If you experience graphics problems
please disable it by setting the pref "layers.mlgpu.enabled" to
false.
* Whether the native app chooser is used in Linux is now controlled
via a preference setting in the Helper Applications preference
pane.
* In the Modern theme, popup notifications have improved styling and
column headers now display sort direction arrows.
* The column picker and folder view have been reinstated for the
bookmarks panel.
* Introduced the ability to close all tabs to the right of the
current tab.
* Whether mailnews tabs open in the background is controlled by a
separate preference to browser tabs via General Settings section
of main Mail & Newsgroups preference pane.
* Fixed an issue with the recipient being missing when using Reply
to Sender and Group button in Newsgroup discussions.
* SeaMonkey now prevents address books from having duplicate names.
* SeaMonkey 2.53.2 uses the same backend as Firefox and contains
the relevant Firefox 60.3 security fixes.
* SeaMonkey 2.53.2 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* SeaMonkey now uses gtk3 on Linux. If you experience a problem
because of this please file a bug and link it to bug
1367257. Please try another OS theme first. Some of them are buggy
and cause problems with SeaMonkey, Thunderbird and Firefox.
- Remove obsolete upstream and local patches
-------------------------------------------------------------------
Thu Mar 05 12:37:11 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.1
https://www.seamonkey-project.org/releases/seamonkey2.53.1/
* The Bookmarks Manager has switched its name to Library, and now
also includes the History list. When invoking History, the Library
will be shown with the History list selected. The extensive
modifications were needed because of Mozilla Gecko platform API
changes.
* Download Manager has been migrated to a new API. Although it looks
pretty much the same as before, the search option is missing and
some other minor details work differently. The previous downloads
history is removed during the upgrade.
* Added Layout panel to CSS Grid tools.
* TLS 1.3 is the default version now.
* Among the general platform and mail fixes this release contains
backported fixes from Thunderbird for the EFAIL security
vulnerability.
* SeaMonkey now uses gtk3 on Linux. If you experience a problem
because of this please file a bug and link it to Switch Linux
builds to GTK3 with SeaMonkey 2.49. Please try another OS theme
first. Some of them are buggy and cause problems with SeaMonkey,
Thunderbird and Firefox.
* The Lightning extension is now included.
- apply upstream patches for building with rust >= 1.40
- remove mozilla-systems-nss.patch (since merged upstream)
- remove mozilla-no-stdcxx-check.patch (no longer applicable as
build checks have been moved to a Python script)
- adapt mozilla-nongnome-proxies.patch, mozilla-language.patch,
and mozilla-ntlm-full-path.patch for SeaMonkey 2.53.1
- add upstream patch for better LTO detection
- disable elf-hacking on x86_64 builds to prevent build errors:
https://bugzilla.mozilla.org/show_bug.cgi?id=1619776
- rewrite the create-tars.sh script according to the new source code
checkout instructions:
https://bugzilla.opensuse.org/show_bug.cgi?id=1165427
https://bugzilla.mozilla.org/show_bug.cgi?id=1618806
-------------------------------------------------------------------
Fri Jan 24 10:59:33 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- remove obsolete locale patches mozilla-ua-locale.patch and
seamonkey-ua-locale.patch, and update default preferences per
https://bugzilla.mozilla.org/show_bug.cgi?id=542999#c23
-------------------------------------------------------------------
Mon Jan 20 12:22:30 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- remove obsolete and unused custom search add-ons
-------------------------------------------------------------------
Tue Jan 14 13:28:47 UTC 2020 - Tristan Miller <psychonaut@nothingisreal.com>
- disable Rust, as it caused build errors and was apparently unused
- add patch unifying gettid() declarations to avoid GCC build errors
- add patch correcting the syntax of the linker flags
-------------------------------------------------------------------
Mon Jan 13 10:52:54 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
- remove mozilla-reduce-files-per-UnifiedBindings.patch since it
creates build errors in certain situations
- introduce limit_build instead
-------------------------------------------------------------------
Mon Oct 21 09:29:14 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to Seamonkey 2.49.5
* https://www.seamonkey-project.org/releases/seamonkey2.49.5/
- removed obsolete patch
mozilla-bmo1338655.patch
- fix build with system NSS (mozilla-system-nss.patch)
-------------------------------------------------------------------
Fri Jul 13 05:13:13 UTC 2018 - wr@rosenauer.org
- update to Seamonkey 2.49.4
* Gecko 52.9.1esr (bsc#1098998)
MFSA 2018-16 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162)
Buffer overflow using computed size of canvas element
* CVE-2018-12360 (bmo#1459693)
Use-after-free when using focus()
* CVE-2018-12362 (bmo#1452375)
Integer overflow in SSSE3 scaler
* CVE-2018-5156 (bmo#1453127)
Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363 (bmo#1464784)
Use-after-free when appending DOM nodes
* CVE-2018-12364 (bmo#1436241)
CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365 (bmo#1459206)
Compromised IPC child process can list local filenames
* CVE-2018-12366 (bmo#1464039)
Invalid data handling during QCMS transformations
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
bmo#1464079,bmo#1463494,bmo#1458048)
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- localizations finally included again (boo#1062195)
-------------------------------------------------------------------
Thu Jun 7 00:07:03 UTC 2018 - bjorn.lie@gmail.com
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
conditional --disable-gconf to configure: no longer pull in
obsolete gconf2 for Tumbleweed.
-------------------------------------------------------------------
Tue Jun 5 12:09:11 UTC 2018 - psychonaut@nothingisreal.com
- update spec file summary and description to more accurately
reflect what SeaMonkey is, giving less prominence to the long-
discontinued Mozilla Application Suite that many users may no
longer be familiar with
- update project URL in spec file
-------------------------------------------------------------------
Sat Mar 3 16:57:24 UTC 2018 - wr@rosenauer.org
- update to Seamonkey 2.49.2
* Gecko 52.6esr (including security relevant fixes) (bsc#1077291)
* fix issue in Composer
* With some themes, the menulist- and history-dropmarker didn't show
* Scrollbars didn't show the buttons
* WebRTC has been disabled by default. It needs an add-on to enable it per site
* The active title bar was not visually emphasized
- correct requires and provides handling (boo#1076907)
-------------------------------------------------------------------
Tue Jan 9 07:53:08 UTC 2018 - wr@rosenauer.org
- Explicitly buildrequires python2-xml: The build system relies on
it. We wrongly relied on other packages pulling it in for us.
- use parallel compression in create-tar if available
- use XZ instead of BZ2 for source archives
- import upstream patch mozilla-bmo1338655.patch to fix failing
build
-------------------------------------------------------------------
Thu Dec 7 11:19:39 UTC 2017 - dimstar@opensuse.org
- Escape the usage of %{VERSION} when calling out to rpm.
RPM 4.14 has %{VERSION} defined as 'the main packages version'.
-------------------------------------------------------------------
Fri Nov 10 22:30:10 UTC 2017 - zaitor@opensuse.org
- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Following the above, add explicit pkgconfig(gconf-2.0),
pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0)
and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously
pulled in by libgnomeui-devel, and is what configure really
checks for.
-------------------------------------------------------------------
Fri Aug 4 15:02:38 UTC 2017 - wr@rosenauer.org
- update to Seamonkey 2.48
* based on Gecko 51.0.3
* requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)
- removed obsolete (upstreamed) patches
* mozilla-http2-ecdh-keybits.patch
* mozilla-sed43.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-shared-nss-db.patch (feature dropped from SM due to
maintenance costs vs. usefulness)
* mozilla-binutils-visibility.patch
* mozilla-check_return.patch
* mozilla-skia-overflow.patch
- rebased patches
-------------------------------------------------------------------
Sun Feb 12 13:03:49 UTC 2017 - wr@rosenauer.org
- fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)
-------------------------------------------------------------------
Tue Jan 24 21:08:19 UTC 2017 - wr@rosenauer.org
- improve recognition of LANGUAGE env variable (boo#1017174)
- update minimum keybits in H2 so it allows a smaller value
(e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037)
(boo#1021636) (mozilla-http2-ecdh-keybits.patch)
-------------------------------------------------------------------
Fri Dec 23 22:13:00 UTC 2016 - wr@rosenauer.org
- update to Seamonkey 2.46
* based on Gecko 49.0.2
* Chatzilla and DOM Inspector were removed/disabled and therefore
those subpackages are not available at this moment
- requires NSPR 4.12 and NSS 3.25
- removed obsolete patches
* mozilla-libproxy.patch
* mozilla-gcc6.patch
* mozilla-openaes-decl.patch
- rebased patches
- added patches imported from Firefox 49:
* mozilla-check_return.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-skia-overflow.patch
-------------------------------------------------------------------
Mon Oct 17 11:30:39 UTC 2016 - wr@rosenauer.org
- mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2 (boo#984637)
-------------------------------------------------------------------
Sun Aug 21 14:05:26 UTC 2016 - antoine.belvire@laposte.net
- Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6
(still boo#991027)
- Check compiler version instead of openSUSE version for this
-------------------------------------------------------------------
Mon Aug 8 09:19:46 UTC 2016 - wr@rosenauer.org
- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
as long as underlying issues have been addressed upstream
(boo#991027)
-------------------------------------------------------------------
Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com
- Fix for possible buffer overrun (bsc#990856)
CVE-2016-6354 (bmo#1292534)
[mozilla-flex_buffer_overrun.patch]
-------------------------------------------------------------------
Tue Jul 26 04:44:49 UTC 2016 - badshah400@gmail.com
- Add appstream metainfo files as a tar.bz2 source
(seamonkey-appdata.tar.bz2) and install these appdata.xml files
to the appdata dir (/usr/share/appdata); with these appdata
files installed, seamonkey shows up in appstores like GNOME
software and KDE Discover.
-------------------------------------------------------------------
Sun Jul 17 02:55:00 UTC 2016 - badshah400@gmail.com
- Add mozilla-gcc6.patch to fix building with gcc >= 6.0.
-------------------------------------------------------------------
Sat Mar 5 09:20:24 UTC 2016 - wr@rosenauer.org
- fix build problems on i586, caused by too large unified compile
units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- increased _constraints as required
-------------------------------------------------------------------
Tue Jan 19 16:15:28 UTC 2016 - wr@rosenauer.org
- update to Seamonkey 2.40 (bnc#959277)
* requires NSS 3.20.2 to fix
MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
server signature
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400)
Buffer overflows found through code inspection
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
Integer underflow and buffer overflow processing MP4 metadata in
libstagefright
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
Privilege escalation vulnerabilities in WebExtension APIs
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
Cross-site reading attack through data and view-source URIs
- rebased patches
- buildrequire xcomposite now explicitely
-------------------------------------------------------------------
Thu Nov 5 08:01:22 UTC 2015 - wr@rosenauer.org
- update to Seamonkey 2.39 (bnc#952810)
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
Crash when accessing HTML tables with accessibility tools on OS X
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
Certain escaped characters in host of Location-header are being
treated as non-escaped
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
* mozilla-icu-strncat.patch
- fixed build with enable-libproxy (bmo#1220399)
* mozilla-libproxy.patch
-------------------------------------------------------------------
Thu Oct 1 09:42:28 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.38 (bnc#947003)
* based on 41.0.1
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
CVE-2015-7180
Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
bmo#1190526) (Windows only)
Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
Information disclosure via the High Resolution Time API
- removed obsolete patch
* mozilla-add-glibcxx_use_cxx11_abi.patch
- added mozilla-no-stdcxx-check.patch
-------------------------------------------------------------------
Sat Aug 29 20:09:34 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.35 (bnc#935979)
* based on 38.1.1esr
* requires NSPR 4.10.8 and NSS 3.19.2
- removed obsolete patches
* mozilla-visitSubstr.patch
* mozilla-undef-CONST.patch
* mozilla-reintroduce-pixman-code-path.patch
* mozilla-fix-prototype.patch
* mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
- renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch
to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
likely not worth maintaining further
-------------------------------------------------------------------
Sat Jun 27 08:13:54 UTC 2015 - antoine.belvire@laposte.net
- Fix compilation issues:
* Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)
* Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)
* Add mozilla-visitSubstr.patch (bmo#1108834)
* Add mozilla-undef-CONST.patch (bmo#1111395)
* Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
-------------------------------------------------------------------
Sun Mar 22 09:11:17 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.33.1 (bnc#923534)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
Code execution through incorrect JavaScript bounds checking
elimination
-------------------------------------------------------------------
Mon Mar 16 08:48:08 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.33 (bnc#917597)
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192)
Invoking Mozilla updater will load locally stored DLL files
(Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
Appended period to hostnames can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
Malicious WebGL content crash when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
TLS TURN and STUN connections silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
Buffer overflow in libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
Double-free when using non-default memory allocators with a
zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
Out-of-bounds read and write while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
Buffer overflow during CSS restyling
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
Buffer underflow during MP3 playback
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
Crash using DrawTarget in Cairo graphics library
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
Use-after-free in Developer Console date with OpenType Sanitiser
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
Reading of local files through manipulation of form autocomplete
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
UI Tour whitelisted sites in background tab can spoof foreground
tabs
* MFSA 2015-27CVE-2015-0820 (bmo#1125398)
Caja Compiler JavaScript sandbox bypass
- rebased patches
- requires NSS 3.17.4
- removed obsolete seamonkey-fix-signed-char.patch
- mozilla-xremote-client was removed upstream
-------------------------------------------------------------------
Sat Feb 7 09:52:07 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.32.1
* fixed MailNews feeds not updating
* fixed selected profile in Profile Manager not remembered
* fixed opening a bookmark folder in tabs on Linux
* fixed Troubleshooting Information (about:support) with the
Modern theme
-------------------------------------------------------------------
Sat Jan 17 17:59:50 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.32 (bnc#910669)
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects
- rebased patches
- removed obsolete mozilla-seamonkey-sdk.patch
- added mozilla-openaes-decl.patch to fix implicit declarations
-------------------------------------------------------------------
Thu Jan 1 22:53:33 UTC 2015 - wr@rosenauer.org
- use GStreamer 1.0 from 13.2 on
- removed package support for distributions older than 12.3
* removed mozilla-sle11.patch
-------------------------------------------------------------------
Mon Dec 8 10:49:06 UTC 2014 - meissner@suse.com
- seamonkey-fix-signed-char.patch: fix build on platforms
where char is unsigned (power/arm). (bmo#1085151)
- mozilla-fix-prototype.patch: add string.h includes
for memcpy prototype (as used on bigendian architectures).
-------------------------------------------------------------------
Thu Dec 4 23:52:37 UTC 2014 - pcerny@suse.com
- enable some extensions using the addons sdk (e.g. Ghostery)
(mozilla-seamonkey-sdk.patch) (bmo#1071048)
-------------------------------------------------------------------
Wed Dec 3 06:53:08 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.31 (bnc#908009)
* requires NSS 3.17.2
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
Miscellaneous memory safety hazards
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
XBL bindings accessible via improper CSS declarations
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
CSP leaks redirect data via violation reports
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
-------------------------------------------------------------------
Fri Nov 21 10:43:11 UTC 2014 - wr@rosenauer.org
- use platform specific build flags as in Firefox
(including _constraints)
- define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)
-------------------------------------------------------------------
Wed Nov 19 22:13:00 UTC 2014 - Led <ledest@gmail.com>
- fix bashisms in mozilla.sh and add-plugins.sh scripts
-------------------------------------------------------------------
Tue Oct 14 21:06:22 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.30 (bnc#900941)
* venkman debugger removed from application and therefore
obsolete package seamonkey-venkman
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
Out-of-bounds write with WebM video
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
Further uninitialized memory use during GIF rendering
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
Use-after-free interacting with text directionality
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
Key pinning bypasses
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
Inconsistent video sharing within iframe
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
Accessing cross-origin objects via the Alarms API
(only relevant for installed web apps)
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:
* mozilla-ppc.patch
* mozilla-libproxy-compat.patch
-------------------------------------------------------------------
Sat Sep 20 14:53:01 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.29 (bnc#894370)
* based on Gecko 32.0 including all security fixes outlined here
https://www.mozilla.org/security/known-vulnerabilities/
* removed obsolete patches
mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch,
mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch,
mozilla-aarch64-bmo-963027.patch
mozilla-ppc64le-build.patch, mozilla-ppc64le-javascript.patch,
mozilla-ppc64le-libffi.patch, mozilla-ppc64le-mfbt.patch,
mozilla-ppc64le-webrtc.patch, mozilla-ppc64le-xpcom.patch
* rebased patches
- requires NSS 3.16.4
- build with --disable-optimize for 13.1 and above for i586 to
workaround miscompilations (bnc#896624)
-------------------------------------------------------------------
Mon Jun 16 09:04:38 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.26.1 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
bmo#1009952, bmo#1011007)
Miscellaneous memory safety hazards (rv:30.0)
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
(bmo#989994, bmo#999274, bmo#1005584)
Use-after-free and out of bounds issues found using Address
Sanitizer
* MFSA 2014-50/CVE-2014-1539 (bmo#995603)
Clickjacking through cursor invisability after Flash interaction
* MFSA 2014-51/CVE-2014-1540 (bmo#978862)
Use-after-free in Event Listener Manager
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
Use-after-free with SMIL Animation Controller
* MFSA 2014-53/CVE-2014-1542 (bmo#991533)
Buffer overflow in Web Audio Speex resampler
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
Buffer overflow in Gamepad API
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
Out of bounds write in NSPR
- requires NSPR 4.10.6
- build require makeinfo
-------------------------------------------------------------------
Tue May 13 09:05:18 UTC 2014 - wr@rosenauer.org
- fix translations packaging (bnc#877263)
-------------------------------------------------------------------
Tue Apr 29 06:43:16 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.26 (bnc#875378)
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- added aarch64 porting patches
* mozilla-aarch64-bmo-810631.patch
* mozilla-aarch64-bmo-962488.patch
* mozilla-aarch64-bmo-963023.patch
* mozilla-aarch64-bmo-963024.patch
* mozilla-aarch64-bmo-963027.patch
- requires NSPR 4.10.3 and NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
-------------------------------------------------------------------
Wed Mar 19 13:31:58 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.25 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
- requires NSPR 4.10.3 and NSS 3.15.5
- new build dependency (and recommends):
* libpulse
- update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com)
- rebased patches
-------------------------------------------------------------------
Sat Feb 8 08:21:01 UTC 2014 - wr@rosenauer.org
- replaced locale source archive because the old one was broken
by wrong upstream tagging (bnc#862831)
-------------------------------------------------------------------
Tue Feb 4 10:18:33 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.24 (bnc#861847)
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864)
Clone protected content with XBL scopes
* MFSA 2014-03/CVE-2014-1480 (bmo#916726)
UI selection timeout missing on download prompts
* MFSA 2014-04/CVE-2014-1482 (bmo#943803)
Incorrect use of discarded images by RasterImage
* MFSA 2014-05/CVE-2014-1483 (bmo#950427)
Information disclosure with *FromPoint on iframes
* MFSA 2014-07/CVE-2014-1485 (bmo#910139)
XSLT stylesheets treated as styles in Content Security Policy
* MFSA 2014-08/CVE-2014-1486 (bmo#942164)
Use-after-free with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592)
Cross-origin information leak through web workers
* MFSA 2014-11/CVE-2014-1488 (bmo#950604)
Crash when using web workers with asm.js
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
(bmo#934545, bmo#930874, bmo#930857)
NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056)
Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4
- removed obsolete mozilla-bug929439.patch
-------------------------------------------------------------------
Fri Dec 13 21:30:38 UTC 2013 - uweigand@de.ibm.com
- Add support for powerpc64le-linux.
* ppc64le-support.patch: general support
* libffi-ppc64le.patch: libffi backport
* xpcom-ppc64le.patch: port xpcom
- Add build fix from mainline.
* mozilla-bug929439.patch
-------------------------------------------------------------------
Wed Dec 11 11:13:16 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.23 (bnc#854367, bnc#854370))
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294)
Application Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161)
Character encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262)
Sandbox restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841)
Potential overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736)
Linux clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)
- rebased patches:
* mozilla-nongnome-proxies.patch
* mozilla-shared-nss-db.patch
-------------------------------------------------------------------
Wed Oct 30 18:07:33 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.22 (bnc#847708)
* rebased patches
* requires NSS 3.15.2 or higher
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
Miscellaneous memory safety hazards
* MFSA 2013-94/CVE-2013-5593 (bmo#868327)
Spoofing addressbar through SELECT element
* MFSA 2013-95/CVE-2013-5604 (bmo#914017)
Access violation with XSLT and uninitialized data
* MFSA 2013-96/CVE-2013-5595 (bmo#916580)
Improperly initialized memory and overflows in some JavaScript
functions
* MFSA 2013-97/CVE-2013-5596 (bmo#910881)
Writing to cycle collected object during image decoding
* MFSA 2013-98/CVE-2013-5597 (bmo#918864)
Use-after-free when updating offline cache
* MFSA 2013-99/CVE-2013-5598 (bmo#920515)
Security bypass of PDF.js checks using iframes
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
(bmo#915210, bmo#915576, bmo#916685)
Miscellaneous use-after-free issues found through ASAN fuzzing
* MFSA 2013-101/CVE-2013-5602 (bmo#897678)
Memory corruption in workers
* MFSA 2013-102/CVE-2013-5603 (bmo#916404)
Use-after-free in HTML document templates
-------------------------------------------------------------------
Tue Sep 17 15:51:02 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.21 (bnc#840485)
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
Miscellaneous memory safety hazards
* MFSA 2013-77/CVE-2013-1720 (bmo#888820)
Improper state in HTML5 Tree Builder with templates
* MFSA 2013-78/CVE-2013-1721 (bmo#890277)
Integer overflow in ANGLE library
* MFSA 2013-79/CVE-2013-1722 (bmo#893308)
Use-after-free in Animation Manager during stylesheet cloning
* MFSA 2013-80/CVE-2013-1723 (bmo#891292)
NativeKey continues handling key messages after widget is destroyed
* MFSA 2013-81/CVE-2013-1724 (bmo#894137)
Use-after-free with select element
* MFSA 2013-82/CVE-2013-1725 (bmo#876762)
Calling scope for new Javascript objects can lead to memory corruption
* MFSA 2013-85/CVE-2013-1728 (bmo#883686)
Uninitialized data in IonMonkey
* MFSA 2013-88/CVE-2013-1730 (bmo#851353)
Compartment mismatch re-attaching XBL-backed nodes
* MFSA 2013-89/CVE-2013-1732 (bmo#883514)
Buffer overflow with multi-column, lists, and floats
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
Memory corruption involving scrolling
* MFSA 2013-91/CVE-2013-1737 (bmo#907727)
User-defined properties on DOM proxies get the wrong "this" object
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
GC hazard with default compartments and frame chain restoration
- requires NSS 3.15.1
-------------------------------------------------------------------
Mon Aug 5 17:26:03 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.20 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
Miscellaneous memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313)
Use after free mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865)
Buffer underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924)
Crash during WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253)
Document URI misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368)
CRMF requests allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829)
Bypass of XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098)
Wrong principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787)
Same-origin bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file system
- requires NSPR 4.10 and NSS 3.15
- removed obsolete seamonkey-shared-nss-db.patch
-------------------------------------------------------------------
Sat Jun 29 14:22:45 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.19 (bnc#825935)
* removed obsolete patches
+ mozilla-gstreamer-760140.patch
* GStreamer support does not build on 12.1 anymore (build only
on 12.2 and later)
* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
Miscellaneous memory safety hazards
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
Memory corruption found using Address Sanitizer
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
Privileged content access and execution via XBL
* MFSA 2013-52/CVE-2013-1688 (bmo#873966)
Arbitrary code execution within Profiler
* MFSA 2013-53/CVE-2013-1690 (bmo#857883)
Execution of unmapped memory through onreadystatechange event
* MFSA 2013-54/CVE-2013-1692 (bmo#866915)
Data in the body of XHR HEAD requests leads to CSRF attacks
* MFSA 2013-55/CVE-2013-1693 (bmo#711043)
SVG filters can lead to information disclosure
* MFSA 2013-56/CVE-2013-1694 (bmo#848535)
PreserveWrapper has inconsistent behavior
* MFSA 2013-57/CVE-2013-1695 (bmo#849791)
Sandbox restrictions not applied to nested frame elements
* MFSA 2013-58/CVE-2013-1696 (bmo#761667)
X-Frame-Options ignored when using server push with multi-part
responses
* MFSA 2013-59/CVE-2013-1697 (bmo#858101)
XrayWrappers can be bypassed to run user defined methods in a
privileged context
* MFSA 2013-60/CVE-2013-1698 (bmo#876044)
getUserMedia permission dialog incorrectly displays location
* MFSA 2013-61/CVE-2013-1699 (bmo#840882)
Homograph domain spoofing in .com, .net and .name
-------------------------------------------------------------------
Tue May 28 20:52:21 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.17.1
-------------------------------------------------------------------
Tue Apr 9 06:45:05 UTC 2013 - wr@rosenauer.org
- revert to use GStreamer 0.10 on 12.3 (bnc#814101)
-------------------------------------------------------------------
Tue Apr 2 14:18:30 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.17 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* mozilla-webrtc-ppc.patch included upstream
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
* MFSA 2013-39/CVE-2013-0792 (bmo#722831)
Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
-------------------------------------------------------------------
Fri Mar 15 17:34:54 UTC 2013 - pcerny@suse.com
- update to SeaMonkey 2.16.2
-------------------------------------------------------------------
Sat Mar 9 09:15:53 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.16.1 (bnc#808243)
* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
Use-after-free in HTML Editor
-------------------------------------------------------------------
Mon Feb 18 07:41:44 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.16 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783/2013-0784
Miscellaneous memory safety hazards
* MFSA 2013-22/CVE-2013-0772 (bmo#801366)
Out-of-bounds read in image rendering
* MFSA 2013-23/CVE-2013-0765 (bmo#830614)
Wrapped WebIDL objects can be wrapped again
* MFSA 2013-24/CVE-2013-0773 (bmo#809652)
Web content bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193)
Privacy leak in JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095)
Use-after-free in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475)
Phishing on HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow issues
found using Address Sanitizer
- removed obsolete patches
* mozilla-webrtc.patch
* mozilla-gstreamer-803287.patch
-------------------------------------------------------------------
Mon Feb 4 12:27:38 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.15.2
* Applications could not be removed from the "Application details"
dialog under Preferences, Helper Applications (bmo#826771).
* View / Message Body As could show menu items out of context
(bmo#831348)
-------------------------------------------------------------------
Sun Jan 20 09:15:53 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.15.1
* backed out bmo#677092 (removed patch)
* fixed problems involving HTTP proxy transactions
-------------------------------------------------------------------
Sun Jan 13 16:38:35 UTC 2013 - wr@rosenauer.org
- backed out restartless language packs as it broke multi-locale
setup (bmo#677092, bmo#818468)
-------------------------------------------------------------------
Tue Jan 8 18:32:43 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.15 (bnc#796895)
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
Use-after-free and buffer overflow issues found using Address Sanitizer
* MFSA 2013-03/CVE-2013-0768 (bmo#815795)
Buffer Overflow in Canvas
* MFSA 2013-04/CVE-2012-0759 (bmo#802026)
URL spoofing in addressbar during page loads
* MFSA 2013-05/CVE-2013-0744 (bmo#814713)
Use-after-free when displaying table with many columns and column groups
* MFSA 2013-06/CVE-2013-0751 (bmo#790454)
Touch events are shared across iframes
* MFSA 2013-07/CVE-2013-0764 (bmo#804237)
Crash due to handling of SSL on threads
* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
AutoWrapperChanger fails to keep objects alive during garbage collection
* MFSA 2013-09/CVE-2013-0746 (bmo#816842)
Compartment mismatch with quickstubs returned values
* MFSA 2013-10/CVE-2013-0747 (bmo#733305)
Event manipulation in plugin handler to bypass same-origin policy
* MFSA 2013-11/CVE-2013-0748 (bmo#806031)
Address space layout leaked in XBL objects
* MFSA 2013-12/CVE-2013-0750 (bmo#805121)
Buffer overflow in Javascript string concatenation
* MFSA 2013-13/CVE-2013-0752 (bmo#805024)
Memory corruption in XBL with XML bindings containing SVG
* MFSA 2013-14/CVE-2013-0757 (bmo#813901)
Chrome Object Wrapper (COW) bypass through changing prototype
* MFSA 2013-15/CVE-2013-0758 (bmo#813906)
Privilege escalation through plugin objects
* MFSA 2013-16/CVE-2013-0753 (bmo#814001)
Use-after-free in serializeToStream
* MFSA 2013-17/CVE-2013-0754 (bmo#814026)
Use-after-free in ListenerManager
* MFSA 2013-18/CVE-2013-0755 (bmo#814027)
Use-after-free in Vibrate
* MFSA 2013-19/CVE-2013-0756 (bmo#814029)
Use-after-free in Javascript Proxy objects
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
- reenable WebRTC
- added mozilla-libproxy-compat.patch for libproxy API compat
on openSUSE 11.2 and earlier
-------------------------------------------------------------------
Tue Dec 18 13:08:40 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.14.1
* fix regressions from 2.14 release
-------------------------------------------------------------------
Tue Nov 20 20:44:06 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.14 (bnc#790140)
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
Miscellaneous memory safety hazards
* MFSA 2012-92/CVE-2012-4202 (bmo#758200)
Buffer overflow while rendering GIF images
* MFSA 2012-93/CVE-2012-4201 (bmo#747607)
evalInSanbox location context incorrectly applied
* MFSA 2012-94/CVE-2012-5836 (bmo#792857)
Crash when combining SVG text on path with CSS
* MFSA 2012-96/CVE-2012-4204 (bmo#778603)
Memory corruption in str_unescape
* MFSA 2012-97/CVE-2012-4205 (bmo#779821)
XMLHttpRequest inherits incorrect principal within sandbox
* MFSA 2012-99/CVE-2012-4208 (bmo#798264)
XrayWrappers exposes chrome-only properties when not in chrome
compartment
* MFSA 2012-100/CVE-2012-5841 (bmo#805807)
Improper security filtering for cross-origin wrappers
* MFSA 2012-101/CVE-2012-4207 (bmo#801681)
Improper character decoding in HZ-GB-2312 charset
* MFSA 2012-103/CVE-2012-4209 (bmo#792405)
Frames can shadow top.location
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
Use-after-free and buffer overflow issues found using Address
Sanitizer
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
Use-after-free, buffer overflow, and memory corruption issues
found using Address Sanitizer
- rebased patches
- disabled WebRTC since build is broken (bmo#776877)
-------------------------------------------------------------------
Sat Oct 27 08:59:58 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.13.2 (bnc#786522)
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
(bmo#800666, bmo#793121, bmo#802557)
Fixes for Location object issues
-------------------------------------------------------------------
Fri Oct 12 07:33:18 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.13.1 (bnc#783533)
* MFSA 2012-88/CVE-2012-4191 (bmo#798045)
Miscellaneous memory safety hazards
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
defaultValue security checks not applied
-------------------------------------------------------------------
Mon Oct 8 20:32:50 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.13 (bnc#783533)
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
Miscellaneous memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294)
select element persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649)
Continued access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868)
Some DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770)
DOS and crash with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867)
Crash with invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260)
GetProperty function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527)
top object and location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
Chrome Object Wrapper (COW) does not disallow acces to privileged
functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009)
Spoofing and script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read issues
found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188
Heap memory corruption issues found using Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)
Use-after-free in the IME State Manager
- requires NSPR 4.9.2
- improve GStreamer integration (bmo#760140)
-------------------------------------------------------------------
Mon Sep 10 20:18:35 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.12.1 (bnc#779936)
* Sites visited while in Private Browsing mode could be found
through manual browser cache inspection (bmo#787743)
-------------------------------------------------------------------
Mon Aug 27 12:26:38 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.12 (bnc#777588)
* MFSA 2012-57/CVE-2012-1970
Miscellaneous memory safety hazards
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
Use-after-free issues found using Address Sanitizer
* MFSA 2012-59/CVE-2012-1956 (bmo#756719)
Location object can be shadowed using Object.defineProperty
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
Memory corruption with bitmap format images with negative height
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
WebGL use-after-free and memory corruption
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
SVG buffer overflow and use-after-free issues
* MFSA 2012-64/CVE-2012-3971
Graphite 2 memory corruption
* MFSA 2012-65/CVE-2012-3972 (bmo#746855)
Out-of-bounds read in format-number in XSLT
* MFSA 2012-68/CVE-2012-3975 (bmo#770684)
DOMParser loads linked resources in extensions when parsing
text/html
* MFSA 2012-69/CVE-2012-3976 (bmo#768568)
Incorrect site SSL certificate data display
* MFSA 2012-70/CVE-2012-3978 (bmo#770429)
Location object security checks bypassed by chrome code
- enable GStreamer for 12.1 and higher
- use internal libjpeg
-------------------------------------------------------------------
Sun Jul 29 16:59:17 UTC 2012 - wr@rosenauer.org
- import PPC patch from Firefox:
* add patches for bmo#750620 and bmo#746112
* fix xpcshell segfault on ppc
-------------------------------------------------------------------
Mon Jul 16 09:35:54 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.11 (bnc#771583)
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
Miscellaneous memory safety hazards
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
Gecko memory corruption
* MFSA 2012-45/CVE-2012-1955 (bmo#757376)
Spoofing issue with location
* MFSA 2012-47/CVE-2012-1957 (bmo#750096)
Improper filtering of javascript in HTML feed-view
* MFSA 2012-48/CVE-2012-1958 (bmo#750820)
use-after-free in nsGlobalWindow::PageHidden
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
Same-compartment Security Wrappers can be bypassed
* MFSA 2012-50/CVE-2012-1960 (bmo#761014)
Out of bounds read in QCMS
* MFSA 2012-51/CVE-2012-1961 (bmo#761655)
X-Frame-Options header ignored when duplicated
* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
JSDependentString::undepend string conversion results in memory
corruption
* MFSA 2012-53/CVE-2012-1963 (bmo#767778)
Content Security Policy 1.0 implementation errors cause data
leakage
* MFSA 2012-56/CVE-2012-1967 (bmo#758344)
Code execution through javascript: URLs
* relicensed to MPL-2.0
- updated/removed patches
- requires NSS 3.13.5
-------------------------------------------------------------------
Fri Jun 15 07:50:18 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.10.1
-------------------------------------------------------------------
Mon Jun 4 06:03:00 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.10 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
Content Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
Information disclosure though Windows file shares and shortcut
files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
Use-after-free while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using Address
Sanitizer
- requires NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
-------------------------------------------------------------------
Mon Apr 30 07:30:14 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.9.1
* fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using "Fetch Headers Only"
(bmo#748865)
- Received messages contain parts of other messages with
movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)
-------------------------------------------------------------------
Fri Apr 27 10:21:24 UTC 2012 - wr@rosenauer.org
- fixed build with gcc 4.7
-------------------------------------------------------------------
Mon Apr 23 14:28:50 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.9 (bnc#758408)
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds
-------------------------------------------------------------------
Sat Apr 21 12:29:55 UTC 2012 - wr@rosenauer.org
- update to 2.9b4
- added mozilla-sle11.patch and add exceptions to be able to build
for SLE11/11.1
- exclude broken gl locale from build
- fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch
- added mozilla-gcc47.patch and mailnews-literals.patch to fix
compilation issues with recent gcc 4.7
-------------------------------------------------------------------
Tue Mar 13 15:19:56 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.8 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511)
XSS with multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446)
Crash when accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards
- explicitely build-require X libs
-------------------------------------------------------------------
Thu Feb 16 15:55:03 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.7.2 (bnc#747328)
* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow
-------------------------------------------------------------------
Thu Feb 9 12:36:02 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.7.1 (bnc#746616)
* MFSA 2012-10/CVE-2012-0452 (bmo#724284)
use after free in nsXBLDocumentInfo::ReadPrototypeBindings
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)
-------------------------------------------------------------------
Tue Jan 31 22:16:33 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.7 (bnc#744275)
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards
* MFSA 2012-03/CVE-2012-0445 (bmo#701071)
<iframe> element exposed across domains via name attribute
* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
Child nodes from nsDOMAttribute still accessible after removal
of nodes
* MFSA 2012-05/CVE-2012-0446 (bmo#705651)
Frame scripts calling into untrusted objects bypass security
checks
* MFSA 2012-06/CVE-2012-0447 (bmo#710079)
Uninitialized memory appended when encoding icon images may
cause information disclosure
* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
Potential Memory Corruption When Decoding Ogg Vorbis files
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
Crash with malformed embedded XSLT stylesheets
-------------------------------------------------------------------
Sat Dec 24 12:48:01 UTC 2011 - wr@rosenauer.org
- update to Seamonkey 2.6.1
* (strongparent) parentNode of element gets lost (bmo#335998)
-------------------------------------------------------------------
Sun Dec 18 13:18:13 UTC 2011 - wr@rosenauer.org
- update to 2.6 (bnc#737533)
* MFSA 2011-53/CVE-2011-3660
Miscellaneous memory safety hazards (rv:9.0)
* MFSA 2011-54/CVE-2011-3661 (bmo#691299)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
nsSVGValue out-of-bounds access
* MFSA 2011-56/CVE-2011-3663 (bmo#704482)
Key detection without JavaScript via SVG animation
* MFSA 2011-58/VE-2011-3665 (bmo#701259)
Crash scaling <video> to extreme sizes
-------------------------------------------------------------------
Thu Nov 24 13:50:17 UTC 2011 - pcerny@suse.com
- update to 2.5 (bnc#728520)
* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182)
Code execution via NoWaiverWrapper
-------------------------------------------------------------------
Mon Oct 3 07:31:08 UTC 2011 - wr@rosenauer.org
- update to minor release 2.4.1
* fixed staged addon updates
-------------------------------------------------------------------
Mon Sep 26 12:42:54 UTC 2011 - wr@rosenauer.org
- update to 2.4 (bnc#720264)
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
Miscellaneous memory safety hazards
* MFSA 2011-39/CVE-2011-3000 (bmo#655389)
Defense against multiple Location headers due to CRLF Injection
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
Code installation through holding down Enter
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
Potentially exploitable WebGL crashes
* MFSA 2011-42/CVE-2011-3232 (bmo#653672)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-43/CVE-2011-3004 (bmo#653926)
loadSubScript unwraps XPCNativeWrapper scope parameter
* MFSA 2011-44/CVE-2011-3005 (bmo#675747)
Use after free reading OGG headers
* MFSA 2011-45
Inferring keystrokes from motion data
- removed obsolete mozilla-cairo-lcd.patch
- rebased patches
- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
mozilla.sh.in (bnc#680758)
-------------------------------------------------------------------
Wed Sep 14 07:07:13 UTC 2011 - wr@rosenauer.org
- add dbus-1-glib-devel to BuildRequires (not pulled in
automatically with 12.1)
-------------------------------------------------------------------
Wed Sep 7 14:30:34 UTC 2011 - pcerny@suse.com
- security update to 2.3.3 (bnc#714931)
* Complete blocking of certificates issued by DigiNotar
(bmo#683449)
-------------------------------------------------------------------
Fri Sep 2 14:40:07 UTC 2011 - pcerny@suse.com
- security update to 2.3.2 (bnc#714931)
* MFSA 2011-34
Protection against fraudulent DigiNotar certificates
(bmo#682927)
-------------------------------------------------------------------
Mon Aug 15 10:17:55 UTC 2011 - wr@rosenauer.org
- update to version 2.3 (bnc#712224)
included security fixes
* CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
Miscellaneous memory safety hazards
* CVE-2011-2993 (bmo#657267)
Unsigned scripts can call script inside signed JAR
* CVE-2011-2988 (bmo#665934)
Heap overflow in ANGLE library
* CVE-2011-0084 (bmo#648094)
Crash in SVGTextElement.getCharNumAtPosition()
* CVE-2011-2990
Credential leakage using Content Security Policy reports
* CVE-2011-2986 (bmo#655836)
Cross-origin data theft using canvas and Windows D2D
* Gecko 6
* removed obsolete mozilla-gio.patch
-------------------------------------------------------------------
Fri Jul 8 11:17:15 UTC 2011 - wr@rosenauer.org
- update to version 2.2
* Gecko 5
included fixes for security issues: (bnc#701296, bnc#700578)
* MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
Miscellaneous memory safety hazards
* MFSA 2011-20/CVE-2011-2373 (bmo#617247)
Use-after-free vulnerability when viewing XUL document with
script disabled
* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
Memory corruption due to multipart/x-mixed-replace images
* MFSA 2011-22/CVE-2011-2371 (bmo#664009)
Integer overflow and arbitrary code execution in
Array.reduceRight()
* MFSA 2011-25/CVE-2011-2366
Stealing of cross-domain images using WebGL textures
* MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
Multiple WebGL crashes
* MFSA 2011-27/CVE-2011-2369 (bmo#650001)
XSS encoding hazard with inline SVG
* MFSA 2011-28/CVE-2011-2370 (bmo#645699)
Non-whitelisted site can trigger xpinstall
-------------------------------------------------------------------
Mon Jun 13 07:20:26 UTC 2011 - wr@rosenauer.org
- use faster version for find-external-requires.sh
(from Petr Cerny)
- removed obsolete default preferences
- ported UA locale fix (bnc#582654)
- updated supported locale RPM tags
-------------------------------------------------------------------
Fri Jun 10 09:33:25 UTC 2011 - wr@rosenauer.org
- major update to version 2.1
* Gecko 2.0 (with all its features)
- avoid __DATE__ and __TIME__ usage
-------------------------------------------------------------------
Wed Mar 23 06:32:52 UTC 2011 - wr@rosenauer.org
- security update to version 2.0.13 (bnc#680771)
* MFSA 2011-11 (bmo#642395)
Update HTTPS certificate blacklist
-------------------------------------------------------------------
Mon Jan 24 09:31:58 UTC 2011 - wr@rosenauer.org
- security update to version 2.0.12 (bnc#667155)
* MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
* MFSA 2011-02/CVE-2011-0051 (bmo#616659)
Recursive eval call causes confirm dialogs to evaluate to true
* MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
Use-after-free error in JSON.stringify
* MFSA 2011-04/CVE-2011-0054 (bmo#615657)
Buffer overflow in JavaScript upvarMap
* MFSA 2011-05/CVE-2011-0056 (bmo#622015)
Buffer overflow in JavaScript atom map
* MFSA 2011-06/CVE-2011-0057 (bmo#626631)
Use-after-free error using Web Workers
* MFSA 2011-08/CVE-2010-1585 (bmo#562547)
ParanoidFragmentSink allows javascript: URLs in chrome documents
* MFSA 2011-09/CVE-2011-0061 (bmo#610601)
Crash caused by corrupted JPEG image
* MFSA 2011-10/CVE-2011-0059 (bmo#573873)
CSRF risk with plugins and 307 redirects
-------------------------------------------------------------------
Mon Jan 10 10:39:10 UTC 2011 - wr@rosenauer.org
- add x-scheme-handlers to desktop files as needed by newer Gnome
environment
-------------------------------------------------------------------
Thu Nov 25 12:44:29 UTC 2010 - wr@rosenauer.org
- security update to version 2.0.11 (bnc#657016)
* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
* MFSA 2010-75/CVE-2010-3769 (bmo#608336)
Buffer overflow while line breaking after document.write with
long string
* MFSA 2010-76/CVE-2010-3771 (bmo#609437)
Chrome privilege escalation with window.open and <isindex> element
* MFSA 2010-77/CVE-2010-3772 (bmo#594547)
Crash and remote code execution using HTML tags inside a XUL tree
* MFSA 2010-78/CVE-2010-3768 (bmo#527276)
Add support for OTS font sanitizer
* MFSA 2010-79/CVE-2010-3775
Java security bypass from LiveConnect loaded via data: URL
meta refresh
* MFSA 2010-80/CVE-2010-3766 (bmo#590771)
Use-after-free error with nsDOMAttribute MutationObserver
* MFSA 2010-81/CVE-2010-3767 (bmo#599468)
Integer overflow vulnerability in NewIdArray
* MFSA 2010-82/CVE-2010-3773 (bmo#554449)
Incomplete fix for CVE-2010-0179
* MFSA 2010-83/VE-2010-3774 (bmo#602780)
Location bar SSL spoofing using network error page
* MFSA 2010-84/CVE-2010-3770 (bmo#601429)
XSS hazard in multiple character encodings
-------------------------------------------------------------------
Wed Oct 27 21:15:08 CEST 2010 - wr@rosenauer.org
- security update to version 2.0.10 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion
-------------------------------------------------------------------
Thu Oct 7 11:15:21 CEST 2010 - wr@rosenauer.org
- security update to version 2.0.9 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734)
XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange
* removed upstreamed mozilla-helper-app.patch
- require mozilla-nss >= 3.12.8
-------------------------------------------------------------------
Wed Sep 15 09:44:09 CEST 2010 - wr@rosenauer.org
- update to 2.0.8
* fixing startup topcrash (bmo#594699)
* add "face" to the list of white-listed attributes (bmo#592601)
- added Cairo LCD filter patch to enable subpixel hinting where
supported (bnc#638186) (mozilla-cairo-lcd.patch)
-------------------------------------------------------------------
Thu Aug 26 08:51:34 CEST 2010 - wr@rosenauer.org
- security upate to 2.0.7 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument
* MFSA 2010-60/CVE-2010-2763 (bmo#585284)
XSS using SJOW scripted function
* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using <object> type
attribute
* MFSA 2010-62/CVE-2010-2769 (bmo#520189)
Copy-and-paste or drag-and-drop into designMode document allows
XSS
* MFSA 2010-63/CVE-2010-2764 (bmo#552090)
Information leak via XMLHttpRequest statusText
- always use internal cairo (bnc#622375, bnc#626042)
-------------------------------------------------------------------
Fri Jul 16 07:36:06 CEST 2010 - wr@rosenauer.org
- security update to 2.0.6 (bnc#622506)
* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
Miscellaneous memory safety hazards
* MFSA 2010-35/CVE-2010-1208 (bmo#572986)
DOM attribute cloning remote code execution vulnerability
* MFSA 2010-36/CVE-2010-1209 (bmo#552110)
Use-after-free error in NodeIterator
* MFSA 2010-37/CVE-2010-1214 (bmo#572985)
Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability
* MFSA 2010-39/CVE-2010-2752 (bmo#574059)
nsCSSValue::Array index integer overflow
* MFSA 2010-40/CVE-2010-2753 (bmo#571106)
nsTreeSelection dangling pointer remote code execution
vulnerability
* MFSA 2010-41/CVE-2010-1205 (bmo#570451)
Remote code execution using malformed PNG image
* MFSA 2010-42/CVE-2010-1213 (bmo#568148)
Cross-origin data disclosure via Web Workers and importScripts
* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
Multiple location bar spoofing vulnerabilities
* MFSA 2010-46/CVE-2010-0654 (bmo#524223)
Cross-domain data theft using CSS
* MFSA 2010-47/CVE-2010-2754 (bmo#568564)
Cross-origin data leakage from script filename in error messages
-------------------------------------------------------------------
Fri May 7 08:13:07 CEST 2010 - wr@rosenauer.org
- security update to 2.0.5 (bnc#603356)
* MFSA 2010-25/CVE-2010-1121 (bmo#555109)
Re-use of freed object due to scope confusion
* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
CVE-2010-1203
Crashes with evidence of memory corruption (rv:1.9.1.10)
* MFSA 2010-27/CVE-2010-0183 (bmo#557174)
Use-after-free error in nsCycleCollector::MarkRoots()
* MFSA 2010-28/CVE-2010-1198 (bmo#532246)
Freed object reuse across plugin instances
* MFSA 2010-29/CVE-2010-1196 (bmo#534666)
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
* MFSA 2010-30/CVE-2010-1199 (bmo#554255)
Integer Overflow in XSLT Node Sorting
* MFSA 2010-31/CVE-2010-1125 (bmo#552255)
focus() behavior can be used to inject or steal keystrokes
* MFSA 2010-32/CVE-2010-1197 (bmo#537120)
Content-Disposition: attachment ignored if
Content-Type: multipart also present
* MFSA 2010-33/CVE-2008-5913 (bmo#475585)
User tracking across sites using Math.random()
-------------------------------------------------------------------
Wed Mar 17 23:40:16 CET 2010 - wr@rosenauer.org
- security update to 2.0.4 (bnc#586567)
* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption
* MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
Remote code execution with use-after-free in nsTreeSelection
* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-19/CVE-2010-0177 (bmo#538310)
Dangling pointer vulnerability in nsPluginArray
* MFSA 2010-20/CVE-2010-0178 (bmo#546909)
Chrome privilege escalation via forced URL drag and drop
* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication
* MFSA 2010-23/CVE-2010-0181 (bmo#452093)
Image src redirect to mailto: URL opens email editor
* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn't check nsIContentPolicy
-------------------------------------------------------------------
Wed Feb 24 07:10:39 CET 2010 - wr@rosenauer.org
- added translation subpackages
-------------------------------------------------------------------
Wed Feb 17 22:14:57 CET 2010 - wr@rosenauer.org
- security update to 2.0.3 (bnc#576969)
* MFSA-2010-01/CVE-2010-0159
Crashes with evidence of memory corruption
* MFSA-2010-02/CVE-2010-0160
Web Worker Array Handling Heap Corruption Vulnerability
* MFSA-2010-03/CVE-2009-1571 (bmo#526500)
Use-after-free crash in HTML parser
* MFSA-2010-04/CVE-2009-3988 (bmo#504862)
XSS due to window.dialogArguments being readable cross-domain
* MFSA-2010-05/CVE-2010-0162 (bmo#455472)
XSS hazard using SVG document and binary Content-Type
-------------------------------------------------------------------
Mon Jan 18 15:11:34 CET 2010 - vuntz@opensuse.org
- Remove unneeded orbit-devel BuildRequires.
-------------------------------------------------------------------
Wed Jan 6 00:20:41 CET 2010 - wr@rosenauer.org
- stability update to 2.0.2 (bnc#568011)
* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)
-------------------------------------------------------------------
Thu Dec 10 19:53:20 CET 2009 - wr@rosenauer.org
- security update to 2.0.1 (bnc#559807)
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
Crashes with evidence of memory corruption (rv:1.9.1.6)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
Memory safety fixes in liboggplay media library
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
Integer overflow, crash in libtheora video library
* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities
* MFSA 2009-70/VE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener
-------------------------------------------------------------------
Mon Oct 19 15:36:56 CEST 2009 - wr@rosenauer.org
- update to 2.0rc2 which might become the final 2.0 version
* based on final Gecko 1.9.1.4 (build3)
-------------------------------------------------------------------
Thu Oct 8 08:44:00 CEST 2009 - wr@rosenauer.org
- update to 2.0rc1
* based on Gecko 1.9.1.4
* removed upstreamed patches
* compatible with enigmail (bnc#544326, bnc#530811)
- fixed startup notification (bnc#518603)
(mozilla-startup-notification.patch)
-------------------------------------------------------------------
Mon Sep 14 15:32:10 CEST 2009 - wr@rosenauer.org
- update to 2.0b2
* removed obsolete mozilla-jemalloc_deepbind.patch and
mozilla-app-launcher.patch
- remove obsolete code for protocol handlers (bmo#389732)
- allow alternative button order for Gtk filechooser (bnc#527418)
- added mozilla-prefer_plugin_pref.patch to introduce a new set of
prefs to support preferring certain plugins for mime-types
- added mozilla-sysplugin-biarch.patch to use
/usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
-------------------------------------------------------------------
Thu Aug 20 11:04:44 CEST 2009 - wr@rosenauer.org
- added Provides and Obsoletes for package merge (bnc#532678)
- allow alternative button order for Gtk filechooser (bnc#527418)
-------------------------------------------------------------------
Tue Jul 28 13:08:01 CEST 2009 - wr@rosenauer.org
- fixed %exclude usage
-------------------------------------------------------------------
Tue Jul 21 17:27:43 CEST 2009 - wr@rosenauer.org
- update to 2.0b1
- added create-tar.sh to source package
- removed enigmail as it's provided as an own package built in
Thunderbird now
-------------------------------------------------------------------
Thu Jul 9 11:22:15 CEST 2009 - @rosenauer.org
- update to 2.0a3-20090707 snapshot
- define MOZ_APP_LAUNCHER for session management (bmo#453689)
(mozilla-app-launcher.patch and mozilla.sh.in)
- move intl.locale.matchOS to distribution specific prefs
(removed locale.patch)
- moved openSUSE specific prefs from greprefs to app prefs
- added mozilla-jemalloc_deepbind.patch to fix various possible
crashes (bnc#503151, bmo#493541)
- added seamonkey-no-update.patch to hide the update menu item
-------------------------------------------------------------------
Wed Jun 17 23:53:24 CEST 2009 - wr@rosenauer.org
- major update to 2.0a3-20090617
* based on Gecko 1.9.1
* ported to Mozilla's toolkit
-------------------------------------------------------------------
Sat Apr 11 18:50:51 CEST 2009 - wr@rosenauer.org
- security update to 1.1.16 (bnc#488955,489411,492354)
* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
Crash and remote code execution in XSL transformation
* MFSA 2009-13/CVE-2009-1044 (bmo#484320)
Arbitrary code execution via XUL tree moveToEdgeShift
-------------------------------------------------------------------
Thu Mar 19 09:34:34 CET 2009 - wr@rosenauer.org
- update to security release 1.1.15 (bnc#478625)
* MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
CVE-2009-0774:
Crashes with evidence of memory corruption (rv:1.9.0.7)
* MFSA 2009-09/CVE-2009-0776:
XML data theft via RDFXMLDataSource and cross-domain redirect
* MFSA 2009-10/CVE-2009-0040:
Upgrade PNG library to fix memory safety hazards
- use nss-shared-helper from 11.1 on which allows migrating to and
sharing with other applications using NSS
(can be disabled completely exporting MOZ_SM_NO_NSSHELPER=1)
-------------------------------------------------------------------
Wed Dec 17 15:19:44 EST 2008 - hfiguiere@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Mon Dec 15 16:11:58 CET 2008 - wr@rosenauer.org
- update to security release 1.1.14 (bnc#455804)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
-------------------------------------------------------------------
Mon Nov 17 12:31:07 CST 2008 - maw@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Tue Nov 11 16:00:40 CET 2008 - wr@rosenauer.org
- update to security release 1.1.13 (bnc#439841)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- fixed desktop file syntax and another rpmlint complaint
-------------------------------------------------------------------
Wed Oct 15 12:56:28 CDT 2008 - maw@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Tue Sep 23 12:25:26 CEST 2008 - wr@rosenauer.org
- update to security release 1.1.12 (bnc#429179)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- merged Factoy and mozilla versions (again)
-------------------------------------------------------------------
Fri Sep 5 21:07:41 CEST 2008 - mauro@suse.de
- Update to Seamonkey 1.1.11 [bnc#407573, bnc#416147]
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- update enigmail to 0.95.7
-------------------------------------------------------------------
Fri May 16 16:59:40 CEST 2008 - schwab@suse.de
- Remove unused includes.
-------------------------------------------------------------------
Wed Apr 9 20:13:47 CEST 2008 - maw@suse.de
- Merge changes and fixes from the build service.
-------------------------------------------------------------------
Wed Apr 2 23:19:53 CEST 2008 - maw@suse.de
- Security update to version 1.1.9 (bnc#370353):
+ MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant
(cross-tab popups)
+ MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket
connection to any local port via LiveConnect
+ MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client
Authentication
+ MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with
malformed URLs
+ MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with
evidence of memory corruption (rv:1.8.1.13)
+ MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:
JavaScript privilege escalation and arbitrary code execution
- Respin abuild.patch.
-------------------------------------------------------------------
Mon Mar 24 22:06:33 CET 2008 - maw@suse.de
- Add mozilla-missing-decl.patch, which is necessary when building
against new versions of mozilla-nss (bmo#399589).
-------------------------------------------------------------------
Tue Feb 12 00:45:18 CET 2008 - maw@suse.de
- Security update to version 1.1.8 (bnc#354469) (thanks, Wolfgang)
+ MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet
redirect
+ MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain
text files
+ MFSA 2008-06/CVE-2008-0419 Web browsing history and forward
navigation stealing
+ MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome:
URI
+ MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote
Code Execution
+ MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing
vulnerabilities
+ MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory
corruption (rv:1.8.1.12)
- Update enigmail to version 0.95.6.
-------------------------------------------------------------------
Thu Jan 17 18:25:48 CET 2008 - maw@suse.de
- Add mozilla-maxpathlen.patch (#354150 and bmo #412610).
-------------------------------------------------------------------
Tue Nov 13 16:47:45 CET 2007 - maw@suse.de
- Add seamonkey-gcc4.3-fixes.patch.
-------------------------------------------------------------------
Sat Oct 20 00:18:51 CEST 2007 - maw@suse.de
- security update to version 1.1.5 (#332512) (thanks, Wolfgang)
* MFSA 2007-29 Crashes with evidence of memory corruption
* MFSA 2007-30 onUnload Tailgating
* MFSA 2007-31 Digest authentication request splitting
* MFSA 2007-32 File input focus stealing vulnerability
* MFSA 2007-33 XUL pages can hide the window titlebar
* MFSA 2007-34 Possible file stealing through sftp protocol
* MFSA 2007-35 XPCNativeWraper pollution using Script object
complete advisories on
http://www.mozilla.org/projects/security/known-vulnerabilities.html
-------------------------------------------------------------------
Thu Sep 13 17:01:22 CEST 2007 - cthiel@suse.de
- recommend gpg instead of requireing fixed paths
-------------------------------------------------------------------
Wed Sep 12 18:51:18 CEST 2007 - maw@suse.de
- Added GPG/pinentry requirements (#309160)
- Don't run %fdupes on directories where multiple partitions
are liable to be mounted.
-------------------------------------------------------------------
Mon Sep 3 18:55:41 CEST 2007 - maw@suse.de
- Correct releasedate.
-------------------------------------------------------------------
Tue Aug 21 19:12:30 CEST 2007 - maw@suse.de
- Merge recent changes from the build service (thanks, Wolfgang):
+ Update to security release 1.1.4:
* MFSA 2007-26 Privilege escalation through chrome-loaded
about:blank windows
* MFSA 2007-27 Unescaped URIs passed to external programs
(only relevant on Windows)
+ Add gnome-vfs.patch to be able to use helper apps with parameters
+ Update enigmail to version 0.95.3
+ Fixed unreadable GIF in the LEO searchplugin
- Use %fdupes.
-------------------------------------------------------------------
Tue Aug 21 09:43:07 CEST 2007 - aj@suse.de
- Use openSUSE instead of SUSE Linux as bookmark.
-------------------------------------------------------------------
Wed Aug 15 15:07:00 CEST 2007 - maw@suse.de
- On x86_64, s390, and s390x, deactivate the hidden visibility
support, thereby fixing the build.
-------------------------------------------------------------------
Thu Jun 21 17:30:15 CEST 2007 - adrian@suse.de
- fix changelog entry order
-------------------------------------------------------------------
Wed Jun 20 08:53:59 CDT 2007 - maw@suse.de
- Don't hardcode /tmp anywhere; use %{_tmppath} instead.
-------------------------------------------------------------------
Tue Jun 19 12:52:13 CDT 2007 - maw@suse.de
- Merge updates to version 1.1.2 and enigmail version 0.95.0 from
the build service (thanks, Wolfgang)
- Don't build as root
- Add unzip as a build requirement.
-------------------------------------------------------------------
Thu Jun 7 16:04:48 CEST 2007 - sbrabec@suse.cz
- Removed invalid desktop Category "Application" (#254654).
-------------------------------------------------------------------
Wed May 2 16:50:48 CEST 2007 - stbinner@suse.de
- install .desktop files into /usr/share/applications
-------------------------------------------------------------------
Wed Dec 20 18:45:40 CET 2006 - mkoenig@suse.de
- fix build
-------------------------------------------------------------------
Thu Nov 16 17:32:26 CET 2006 - mkoenig@suse.de
- update to CVS version 20061107 from buildservice [#221676]
-------------------------------------------------------------------
Wed Nov 15 17:23:37 CET 2006 - sbrabec@suse.cz
- Fixed Requires/Provides correctly (#216100#c14).
-------------------------------------------------------------------
Fri Nov 3 17:38:20 CET 2006 - sbrabec@suse.cz
- Do not provide and require internal libraries (#216100).
- Use safer place for build-temporary files.
-------------------------------------------------------------------
Sat Oct 21 14:28:49 CEST 2006 - aj@suse.de
- from openSUSE Buildservice (thanks Wolfgang Rosenauer):
* update to SeaMonkey 1.1a-20060907
* update enigmail to 0.94.1: Added support for signing
attachments with inline-PGP
-------------------------------------------------------------------
Tue Sep 12 21:10:41 CEST 2006 - stark@suse.de
- update to security/stability release 1.0.5
- removed libaoss usage because it's too fragile
-------------------------------------------------------------------
Sun Aug 6 20:41:18 CEST 2006 - stark@suse.de
- update enigmail to 0.94.1
* Added support for signing attachments with inline-PGP
-------------------------------------------------------------------
Sun Aug 6 12:21:15 CEST 2006 - aj@suse.de
- Fix build (remove wrong extern "C").
-------------------------------------------------------------------
Sat Jul 29 22:46:38 CEST 2006 - stark@suse.de
- update to 1.0.4 fixing a major regression in 1.0.3 (#195402)
-------------------------------------------------------------------
Thu Jul 27 06:24:05 CEST 2006 - stark@suse.de
- update to security release 1.0.3 (#195043)
- fix overwrite confirmation for GTK filesaver (#179531)
- fixed printing crash if the last used printer is not available
anymore (#187013)
-------------------------------------------------------------------
Fri Jun 2 12:20:24 CEST 2006 - stark@suse.de
- update to security/stability release 1.0.2 (#179011)
(http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey)
-------------------------------------------------------------------
Sun May 14 21:00:33 CEST 2006 - stark@suse.de
- update to version 1.0.1+
- save printer settings properly (#174082, bmo #324072)
-------------------------------------------------------------------
Tue Apr 25 11:38:01 CEST 2006 - stark@suse.de
- added patch for iframe crash (#169039, bmo #334515)
- improved postscript output (bmo #334485)
- changed defaults for printer properties (#6534)
- get available paper sizes from CUPS (#65482)
- fixed memory leak in clipboard caching (bmo #289897)
-------------------------------------------------------------------
Thu Mar 16 22:38:44 CET 2006 - stark@suse.de
- added seamonkey icon to filelist and use it for mail and composer
component as well for now (#158556)
- also provide the old mozilla packagenames for correct upgrade
-------------------------------------------------------------------
Tue Mar 14 06:38:57 CET 2006 - stark@suse.de
- added Khmer (km-*) to pango locales (#157397)
- yet another set of upstream fixes (#148876)
-------------------------------------------------------------------
Sat Mar 4 22:07:20 CET 2006 - stark@suse.de
- fixed plugin inclusion if started from Thunderbird (#151614)
- fixed crash with multipart JPEGs (bmo #328684) (#140416)
- implemented mail alert notification (bmo #327613)
- get latest security related fixes from upstream (#148876)
- show multiple Reply-To addresses (bmo #106189)
-------------------------------------------------------------------
Fri Feb 24 14:19:32 CET 2006 - stark@suse.de
- dumpstack.patch is now in upstream patches
- added GTK category to desktop-files
- get more security/stability patches (#148876)
-------------------------------------------------------------------
Thu Feb 16 12:01:54 CET 2006 - stark@suse.de
- applied set of security patches (#148876)
fixed bmo bugs:
282105, 307989, 310638, 315411, 315625, 320459, 320851,
323634, 325005, 325403, 325947, 327126
- added GenericNames in desktop-files
- use new SeaMonkey logo for browser component in menus
-------------------------------------------------------------------
Tue Feb 7 20:09:07 CET 2006 - stark@suse.de
- fixed disabling of Pango (#148788)
-------------------------------------------------------------------
Thu Feb 2 21:52:52 CET 2006 - stark@suse.de
- removed heimdal patch for older distributions
- define gssapi lib explicitely (#147670)
-------------------------------------------------------------------
Mon Jan 30 08:29:45 CET 2006 - stark@suse.de
- merged (hopefully) last patch before final seamonkey 1.0 release
-------------------------------------------------------------------
Fri Jan 27 08:34:03 CET 2006 - stark@suse.de
- final 1.0 bits
- tweaked BuildRequires
- default to GTK2 filechooser if MOZ_XUL_PICKER is not set
(same behaviour as Firefox)
- fixed system NSS usage
-------------------------------------------------------------------
Wed Jan 25 21:41:31 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Jan 23 11:41:52 CET 2006 - stark@suse.de
- disable Pango if MOZ_ENABLE_PANGO is not set
and no typical language which needs Pango is used (#143428)
- preload libaoss for plugin sound (#117079)
- fix to ignore X composite extension (#135373)
- fix subfolder check for default account at startup (bmo #323980)
-------------------------------------------------------------------
Wed Jan 18 10:32:30 CET 2006 - stark@suse.de
- fixed DumpStackToFile for glibc 2.4
-------------------------------------------------------------------
Mon Jan 16 07:15:33 CET 2006 - stark@suse.de
- update to current 1.0 snapshot (20060115)
- update enigmail to 0.94.0
- use -fstack-protector where available
- use system NSS since CODE10
-------------------------------------------------------------------
Wed Dec 28 08:53:38 CET 2005 - stark@suse.de
- update to snapshot 1.8-20051227 (1.0b)
-------------------------------------------------------------------
Mon Dec 12 01:26:03 CET 2005 - stark@suse.de
- update to snapshot 1.8-20051211
- use plugins in /usr/lib/browser-plugins
- update enigmail to 0.93.2
- added gtk2 patch to avoid theme switch events (#134831)
- replace mozilla packages with seamonkey for 10.1 and above
-------------------------------------------------------------------
Mon Oct 24 07:21:28 CEST 2005 - stark@suse.de
- update to snapshot 1.8-20051024
- update enigmail to 0.93.0
- package renamed to seamonkey with new versioning
- moved to /usr/lib
-------------------------------------------------------------------
Tue Dec 28 07:57:19 CET 2004 - stark@suse.de
- removed obsolete translations from desktop-file
(will be automatically added from macro)
- update to 1.7.5 (20041220)
- update enigmail to 0.89.6
- update ipc to 1.1.2
- removed s390/s390x patch (included upstream)
- add compiler option to enable backchain for s390/s390x
inline assembling
- fixed extra lines in mail replies (bmo #144998)
- removed bounce patch (available as extension
mailredirect.mozdev.org)
- added gconf setting patch to get more gconf settings if
"use system settings" is used
- removed cross dependencies on release level
-------------------------------------------------------------------
Tue Nov 23 16:15:21 CET 2004 - ro@suse.de
- fix build on 8.2
-------------------------------------------------------------------
Thu Nov 18 15:45:39 CET 2004 - ro@suse.de
- use kerberos-devel-packages
-------------------------------------------------------------------
Wed Oct 13 14:39:35 CEST 2004 - uli@suse.de
- fixed ABI (s390*) and defines (s390x) thinkos, now actually works
on these platforms
-------------------------------------------------------------------
Wed Sep 29 20:55:27 CEST 2004 - stark@suse.de
- fixed path to RealPlayer plugin
-------------------------------------------------------------------
Tue Sep 28 19:17:12 CEST 2004 - stark@suse.de
- another change to fix initial localization
(thanks to mfabian)
-------------------------------------------------------------------
Sat Sep 25 12:39:12 CEST 2004 - stark@suse.de
- add ContentLocale parameter for initial localization (#44956)
- added patch for crasher in IMAP code (mozilla.org #257079)
- "no-cache" header was ignored for non-SSL sites
(mozilla.org #252023)
- added fixed version for mozilla.org bug #257308
- fix in download handling (mozilla.org #259890)
- fix for Ximian #65176 (mozilla.org #240068)
-------------------------------------------------------------------
Fri Sep 24 12:51:19 CEST 2004 - stark@suse.de
- enabled logging for non-debug builds to be able to get some
logfiles for debugging
-------------------------------------------------------------------
Fri Sep 17 23:11:03 CEST 2004 - stark@suse.de
- fixed broken patch-file
-------------------------------------------------------------------
Fri Sep 17 10:59:52 CEST 2004 - stark@suse.de
- added security fix for mozilla bug #258005
- trigger for java-1_4_2-sun-plugin (#45257)
-------------------------------------------------------------------
Wed Sep 15 17:48:46 CEST 2004 - ro@suse.de
- use version number directly
-------------------------------------------------------------------
Wed Sep 15 16:48:04 CEST 2004 - sbrabec@suse.cz
- Adopted mozilla.spec, so the same spec file can build also nvu.
-------------------------------------------------------------------
Fri Sep 10 09:17:50 CEST 2004 - stark@suse.de
- added some security related and crasher fixes:
* Visual indicators of site security appear for the wrong site
(mozilla.org #257308)
* mailnews crasher (mozilla.org #258386)
* fix arrow keys behaviour for GTK2 list boxes
(mozilla.org #219706)
* URL bar should not display passwords in URL
(mozilla.org #157354)
- fix enigmail configuration (#44971)
-------------------------------------------------------------------
Thu Sep 9 14:12:06 CEST 2004 - stark@suse.de
- added patch for AMD64 endianess in JS component
(#34743)
-------------------------------------------------------------------
Mon Sep 6 10:24:38 CEST 2004 - stark@suse.de
- added parts of the 1.7 branch
(including CUPS integration)
-------------------------------------------------------------------
Fri Sep 3 17:24:09 CEST 2004 - stark@suse.de
- update enigmail to 0.86.0
- reworked start-script to invoke mozilla start/stop scripts
-------------------------------------------------------------------
Tue Aug 24 00:16:09 CEST 2004 - ro@suse.de
- make sure we can call mozilla-make-package.pl
(do not rely on any permissions in RPM_SOURCE_DIR)
-------------------------------------------------------------------
Thu Aug 19 17:49:16 CEST 2004 - sbrabec@suse.cz
- README.installed-chrome: Added a sentence about scriptlet PreReq
(#43990).
-------------------------------------------------------------------
Thu Aug 12 08:00:45 CEST 2004 - stark@suse.de
- added patch for ppc64 build
-------------------------------------------------------------------
Thu Aug 5 06:39:38 CEST 2004 - stark@suse.de
- update to 1.7.2 with security fixes
- update enigmail to 0.85.0
- handle RealPlayer 9 plugin
- added calendar-fix init script to package
- fixed file-list (packages-unix) and kprinter config for Desktop
- disabled SVG for distributions older than 8.2
- modified bounce patch to not disturb language-packs
-------------------------------------------------------------------
Thu Aug 5 02:05:28 CEST 2004 - ro@suse.de
- recode desktop file to utf-8
-------------------------------------------------------------------
Fri Jun 18 07:25:02 CEST 2004 - stark@suse.de
- update to 1.7
- update enigmail to 0.84.1
- remove compreg.dat prior to rebuild-databases (#41481)
- no longer disable-xprint
- build with heimdal
(Support for Kerberos HTTP authentication using GSSAPI)
-------------------------------------------------------------------
Fri Jun 18 01:25:12 CEST 2004 - ro@suse.de
- added patch from garnome list to build with current freetype
-------------------------------------------------------------------
Thu May 6 11:01:52 CEST 2004 - stark@suse.de
- added patch to avoid compile-warnings
-------------------------------------------------------------------
Wed May 5 13:54:44 CEST 2004 - stark@suse.de
- update to 1.7rc1 (20040505)
- added patch to be able to bounce mail-messages
- update enigmail to 0.83.6
- added focus fix for gtkembedmoz
- changed behaviour of nullplugin
- removed x86-64 patch as it is now included upstream
- added new function in start script to start localized
according to the environment if correct language pack is
installed (for new profiles)
-------------------------------------------------------------------
Fri Apr 2 10:30:32 CEST 2004 - stark@suse.de
- removing relocation of TEMP directory (#34391)
-------------------------------------------------------------------
Thu Mar 25 10:15:49 CET 2004 - stark@suse.de
- install more needed files (#36085)
-------------------------------------------------------------------
Tue Mar 23 11:32:08 CET 2004 - uli@suse.de
- fixed hang during build on s390* (bug #35440)
-------------------------------------------------------------------
Mon Mar 15 21:00:30 CET 2004 - stark@suse.de
- use xft.js only for gtk1 builds (not default)
- removed obsolete stuff from package
- install menu-icons and use them (#35992)
- install some more files (#36085)
- renewed bookmark-changes
-------------------------------------------------------------------
Tue Mar 9 06:21:37 CET 2004 - stark@suse.de
- patch for keeping ui fonts (#35236)
-------------------------------------------------------------------
Sun Mar 7 23:20:23 CET 2004 - ro@suse.de
- match function declaration in enigmail mimedummy.cpp
-------------------------------------------------------------------
Wed Mar 3 21:46:56 CET 2004 - stark@suse.de
- fixed enigmail file-list (#35302)
- update enigmail to 0.83.4
-------------------------------------------------------------------
Mon Mar 1 13:08:01 CET 2004 - stark@suse.de
- improved xremote behaviour in relation to other mozilla products
(firefox, thunderbird) (#35179)
-------------------------------------------------------------------
Tue Feb 24 07:50:59 CET 2004 - stark@suse.de
- fixed inclusion of mozex extension
- added compiler flags for security/ (nss-opt.patch)
- update enigmail to 0.83.3
-------------------------------------------------------------------
Fri Feb 20 06:55:53 CET 2004 - stark@suse.de
- added build-fix for s390x (#32963)
- added mozex 1.07 to the package
-------------------------------------------------------------------
Wed Feb 4 08:50:11 CET 2004 - stark@suse.de
- fixed calendar filelist
- enabled freetype for xft builds to improve printing
-------------------------------------------------------------------
Wed Jan 28 12:49:04 CET 2004 - stark@suse.de
- update to enigmail 0.83.1
- fixed enigmail inclusion and activated it again
-------------------------------------------------------------------
Mon Jan 19 13:45:16 CET 2004 - stark@suse.de
- update to 1.6 (20040114)
- set PS printer list in mozilla.sh
- update to enigmail 0.83.0
(deactivated for now until a chrome issue is fixed)
- added mozilla-bonobo to plugin-handling
- use lib64 again for biarch platforms
- use kprinter and xft on SLEC (only for specfile-sharing)
- added fixed desktop files
-------------------------------------------------------------------
Mon Nov 3 09:15:49 CET 2003 - stark@suse.de
- apply mips build-fix
-------------------------------------------------------------------
Wed Oct 22 15:30:27 CEST 2003 - stark@suse.de
- require myspell-dictionary only since 9.0
-------------------------------------------------------------------
Wed Oct 15 17:02:50 CEST 2003 - stark@suse.de
- update to 1.5 (final)
-------------------------------------------------------------------
Mon Sep 29 13:42:39 CEST 2003 - stark@suse.de
- update to Mozilla 1.5rc2
- added patch to enable freetype2 printing in xft builds
- removed overlay-files from filelist (delete them in preun)
-------------------------------------------------------------------
Wed Sep 24 08:36:53 CEST 2003 - stark@suse.de
- added mozplugger to add-plugins.sh
- added patch to expunge IMAP folders if "remove immediately"
delete model is used
- update to 1.4.1
- update enigmail to 0.76.7
-------------------------------------------------------------------
Tue Sep 23 13:49:41 CEST 2003 - sbrabec@suse.cz
- Changed plugger->mozplugger (part of bug #31616).
-------------------------------------------------------------------
Thu Sep 18 09:29:15 CEST 2003 - coolo@suse.de
- make mozilla open URLs not files
-------------------------------------------------------------------
Tue Sep 16 10:51:42 CEST 2003 - stark@suse.de
- adopted RealPlayer inclusion for new path (#30990)
-------------------------------------------------------------------
Sun Sep 7 19:55:44 CEST 2003 - adrian@suse.de
- mozilla supports text/html MimeType
-------------------------------------------------------------------
Thu Sep 4 08:45:58 CEST 2003 - adrian@suse.de
- remove wrong start path in desktop file
-------------------------------------------------------------------
Mon Sep 1 20:30:27 CEST 2003 - adrian@suse.de
- install also desktop files for mail and composer
- make Mozilla start path FHS compliant
-------------------------------------------------------------------
Mon Aug 25 16:26:04 CEST 2003 - hhetter@suse.de
- revert from patch mentioned at Mozilla.org Bug #58613
to get epiphany and galeon to build
-------------------------------------------------------------------
Fri Aug 22 09:35:05 CEST 2003 - stark@suse.de
- another upstream sync
-------------------------------------------------------------------
Fri Aug 15 07:27:41 CEST 2003 - stark@suse.de
- again more CVS patches from mozilla.org
-------------------------------------------------------------------
Sun Aug 10 22:04:25 CEST 2003 - stark@suse.de
- updated enigmail to 0.76.5
-------------------------------------------------------------------
Fri Aug 8 08:10:39 CEST 2003 - stark@suse.de
- again more CVS patches from mozilla.org
- adapted x86-64 patch for 1.4
- clean up configure options
- use -fno-strict-aliasing (#28534)
-------------------------------------------------------------------
Thu Jul 31 11:21:00 CEST 2003 - stark@suse.de
- integrated more patches from mozilla.org
- fixed deinstallation of dict-links
- removed unneeded files from filelist (for milestone builds)
- removed update-desktop-files again because it's in
gtk2-devel-packages
-------------------------------------------------------------------
Wed Jul 30 07:07:52 CEST 2003 - stark@suse.de
- add-plugins.sh now links myspell-dictionaries for spellchecker
(#26290)
- added some bugfixes from mozilla.org
- added update-desktop-files to neededforbuild
-------------------------------------------------------------------
Tue Jul 29 08:24:05 CEST 2003 - stark@suse.de
- added make-definition for build with Linux 2.6.x
-------------------------------------------------------------------
Mon Jul 28 13:55:08 CEST 2003 - adrian@suse.de
- add Categories to desktop file
- TODO: create .desktop files for other Mozilla modules
-------------------------------------------------------------------
Wed Jul 23 07:22:13 CEST 2003 - stark@suse.de
- check if DISPLAY set correctly (#28098)
- set $TEMP to $HOME for acroread (#27929)
- workaround the BUILD_ROOT issue in xpti.dat
- update enigmail to 0.76.3
-------------------------------------------------------------------
Tue Jul 15 11:04:33 CEST 2003 - stark@suse.de
- fix update from Mozilla 1.0.1 to 1.4
- update enigmail to 0.76.2
- added ICP-Brasil CA (#25840)
- added some minor patches from mozilla.org
-------------------------------------------------------------------
Mon Jul 14 15:37:01 CEST 2003 - sbrabec@suse.cz
- GNOME prefix change to /opt/gnome.
-------------------------------------------------------------------
Wed Jul 2 14:25:16 CEST 2003 - schwab@suse.de
- mozilla.sh: fix quoting, teach about emacsclient.
-------------------------------------------------------------------
Tue Jul 1 06:06:00 CEST 2003 - stark@suse.de
- update to 1.4 final
-------------------------------------------------------------------
Wed Jun 25 11:30:27 CEST 2003 - stark@suse.de
- fix AMD64 patch to fit mozilla version
-------------------------------------------------------------------
Thu Jun 19 21:27:37 CEST 2003 - stark@suse.de
- update to 1.4rc3 (20030619)
- added DFN CA certificate
- update enigmail to 0.76.1
- added assembler patch, IA64 should be usable now
-------------------------------------------------------------------
Sat Jun 14 09:43:00 CEST 2003 - stark@suse.de
- update to 1.4rc2 (20030613)
- fixed minor bug in update handling in %preun
- added missing directories to the filelist
- deactivated check for unpackaged files
-------------------------------------------------------------------
Wed Jun 11 15:12:22 CEST 2003 - stark@suse.de
- update to 1.4rc1 (20030610)
- switch to GTK2 build for STABLE
- update enigmail to 0.76.0
-------------------------------------------------------------------
Wed May 28 09:22:22 CEST 2003 - stark@suse.de
- update to 1.4b (20030526)
- added spellchecker subpackage (based on myspell)
-------------------------------------------------------------------
Sat May 10 10:13:36 CEST 2003 - stark@suse.de
- modified x86-64 patch to fit 1.4b
-------------------------------------------------------------------
Thu May 8 09:06:45 CEST 2003 - stark@suse.de
- updated to 1.4b (20030507)
- updated enigmail and ipc sources for 1.4
- adopt James Ogley's changes for gtk2 build
- install pkgconfig stuff
- include icons
- desktop file in GNOME2 place
- Provides: mozilla-gtk2 for building Galeon/Epiphany
- added /etc/gre.conf
- modified startscript to manipulate default open behaviour
of URLs provided on commandline ($MOZ_NEWURL)
- some spec-file modifications for slow migration to
Firebird
-------------------------------------------------------------------
Mon Apr 03 07:44:23 CEST 2003 - stark@suse.de
- updated enigmail to 0.74.0
- fixed minor bug in spec-file (only hit old SL versions)
-------------------------------------------------------------------
Wed Mar 31 09:11:41 CET 2003 - stark@suse.de
- moved mozilla-config to /opt/mozilla/bin
- some rudimentary language autodetection
- reactivated XFT for 8.2
- make GTK2 optional for 8.2 and higher (disabled xmlterm)
- fixed bug in rebuild-databases.sh
-------------------------------------------------------------------
Mon Mar 24 09:31:23 CET 2003 - stark@suse.de
- handle old plugins on update from versions before 1.3
- splitted calendar off from mozilla
- added XFT patches but disabled XFT for SuSE Linux 8.2 at this
time
- added mozilla-config to devel package
-------------------------------------------------------------------
Fri Mar 14 06:47:00 CET 2003 - stark@suse.de
- update to 1.3
- redirect error about missing file in rebuild-databases.sh
- update enigmail to 0.73.1
- added LEO searchplugin for dict.leo.org
- changed directory-structure to be more mozilla.org compatible
- removed s390 fix because changes are already in sources
- use XFT2 instead of freetype2 on SL8.2 and higher
- made add-plugins.sh compatible with older SL versions again
- enabled SVG support (including libart_lgpl)
- enabled calendar
- removed special splash because of copyright issues
-------------------------------------------------------------------
Thu Mar 13 14:25:24 CET 2003 - stark@suse.de
- avoid creation of java link if Blackdown isn't installed
but another Java is found (but not usable because of gcc)
[Bug #25278]
-------------------------------------------------------------------
Wed Mar 12 21:36:55 CET 2003 - stark@suse.de
- added new BlackdownJava2-JRE to RPM triggers
-------------------------------------------------------------------
Mon Mar 3 17:17:53 CET 2003 - kukuk@suse.de
- Fix calling mozilla with options [Bug #24539]
-------------------------------------------------------------------
Fri Feb 28 11:38:57 CET 2003 - ro@suse.de
- fixed add-plugins.sh for flash-player
-------------------------------------------------------------------
Mon Feb 24 15:55:30 CET 2003 - ro@suse.de
- added tclplug and djvulibre
-------------------------------------------------------------------
Mon Feb 24 01:51:18 CET 2003 - ro@suse.de
- add-plugins: use /usr/%_lib/browser-plugins
- flash plugin moved from netscape-plugins to flash-player
-------------------------------------------------------------------
Tue Feb 18 16:01:39 CET 2003 - stark@suse.de
- reworked add-plugins.sh for newer Java versions
- moved libnssckbi.so to MOZILLA_FIVE_HOME (#22548)
- %preun bugfix
-------------------------------------------------------------------
Fri Jan 17 12:49:50 CET 2003 - sbrabec@suse.cz
- Added README.installed-chrome to source package.
-------------------------------------------------------------------
Wed Jan 15 15:13:31 CET 2003 - pmladek@suse.cz
- updated the x86_64.patch from Gwenole Beauchesne
-------------------------------------------------------------------
Wed Dec 5 12:56:49 CET 2002 - stark@suse.de
- update to 1.2.1
- update Enigmail to 0.71.0
- removed SuSEconfig.mozilla
now use add-plugins.sh together with %trigger statements
- use new chrome-management scheme
- don't add java plugin if built with gcc 3.x
- bugfix for using mozilla-xremote-client
-------------------------------------------------------------------
Wed Nov 27 07:59:56 CET 2002 - stark@suse.de
- update to 1.2
- moved rebuild-databases to RPM scripts (only plugins are
left in SuSEconfig.mozilla)
- added addon-chrome functionality to rebuild-databases.sh
- readded Enigmail source for 1.2
- reworked start-script for opening html-files (#16186)
-------------------------------------------------------------------
Thu Nov 21 17:00:29 CET 2002 - sbrabec@suse.cz
- Added support for separate chrome (language) packs (bug #20700):
updated rebuild-databases.sh and created and filled
/opt/mozilla/installed-chrome.d.
-------------------------------------------------------------------
Wed Nov 6 15:15:13 CET 2002 - stepan@suse.de
- fix mozilla on s390 and s390x
-------------------------------------------------------------------
Thu Oct 24 17:11:52 CEST 2002 - stepan@suse.de
- fix compilation on axp
-------------------------------------------------------------------
Fri Oct 18 06:28:56 CEST 2002 - stark@suse.de
- fixed error-messages during startup (#19556)
-------------------------------------------------------------------
Thu Oct 17 14:43:26 CEST 2002 - mfabian@suse.de
- Bug #20972: fix printing for Korean and Chinese by setting
suitable default PostScript fonts
-------------------------------------------------------------------
Tue Oct 08 11:59:49 CEST 2002 - sbrabec@suse.cz
- Added support for Plugger in SuSEconfig.mozilla. Closes #20677.
-------------------------------------------------------------------
Fri Sep 20 06:34:55 CEST 2002 - stark@suse.de
- fixed documentation bugs #19811 and #19812
-------------------------------------------------------------------
Thu Sep 12 15:29:17 CEST 2002 - stark@suse.de
- include compat_wrapper.dif only on gcc 3.x based distributions
-------------------------------------------------------------------
Wed Sep 11 15:29:05 CEST 2002 - sbrabec@suse.cz
- Corrected %ifarch ix86 to %ifarch %ix86, otherwise compat_wrapper.dif
is ignored.
-------------------------------------------------------------------
Sat Sep 7 12:55:51 CEST 2002 - olh@suse.de
- add gcc3 helper code for ppc32.
Linux/PPC g++-3 ABI support for XPCOM
-------------------------------------------------------------------
Wed Sep 4 10:17:22 CEST 2002 - stark@suse.de
- update to 1.0.1 (20020903)
- added compat-wrapper for Flash on ix86
- removed Flash-player (use Flash from netscape-plugins)
- added Enigmail to mozilla-mail
- added patch for using an external editor for textareas and
composer windows
-------------------------------------------------------------------
Sat Aug 24 11:26:51 CEST 2002 - ro@suse.de
- fixed ix86 to correct %ix86
-------------------------------------------------------------------
Thu Aug 22 11:59:14 CEST 2002 - stark@suse.de
- changed %ifarch i386 to ix86 for Flash
-------------------------------------------------------------------
Wed Aug 21 09:18:11 CEST 2002 - stark@suse.de
- fixed mozilla-copy-package.sh to fit the new parameter
behaviour of cp
-------------------------------------------------------------------
Thu Aug 15 13:45:35 CEST 2002 - uli@suse.de
- added x86-64 port by Gwenole Beauchesne
-------------------------------------------------------------------
Tue Aug 6 07:57:07 CEST 2002 - stark@suse.de
- apply s390 patch only on s390
-------------------------------------------------------------------
Mon Aug 5 17:48:38 CEST 2002 - stark@suse.de
- added patch to compile on s390(x)
-------------------------------------------------------------------
Sun Jun 9 08:42:34 CEST 2002 - stark@suse.de
- added japanese and german language pack
-------------------------------------------------------------------
Wed Jun 5 15:39:10 CEST 2002 - stark@suse.de
- update to 1.0
- moved libs to /opt/mozilla/{lib,lib64}
-------------------------------------------------------------------
Wed Jun 5 13:51:34 CEST 2002 - sf@suse.de
- apply x86_64-patch only on x86_64, as it breaks ix86
-------------------------------------------------------------------
Wed Jun 5 12:31:52 CEST 2002 - sf@suse.de
- added patch to build on x86_64 (does not really work yet,
but needed for other packages)
-------------------------------------------------------------------
Tue May 28 12:48:19 CEST 2002 - stark@suse.de
- readded de-AT languagepack
- moved nss headers to include/nss
-------------------------------------------------------------------
Mon May 27 16:54:25 CEST 2002 - stark@suse.de
- added nss3 devel files
-------------------------------------------------------------------
Fri May 24 18:04:00 CEST 2002 - stark@suse.de
- update to 1.0rc3
-------------------------------------------------------------------
Sat May 21 08:49:53 CEST 2002 - stark@suse.de
- added new wrapper script
- build with -Os for gcc3
- added dom-inspector subpackage
- removed redundant ia64 patch
-------------------------------------------------------------------
Tue May 14 17:23:34 CEST 2002 - schwab@suse.de
- Configure only plugins that match mozilla arch.
- Fix some C++ issues.
-------------------------------------------------------------------
Sun May 12 18:27:46 CEST 2002 - schwab@suse.de
- Add binary only plugins only on supported architectures.
-------------------------------------------------------------------
Sat May 11 15:04:03 CEST 2002 - stark@suse.de
- update to 1.0rc2
-------------------------------------------------------------------
Sat May 4 17:50:43 CEST 2002 - stark@suse.de
- update to codebase 20020503 because of security-reasons
(XMLHTTPRequest redirect bug)
-------------------------------------------------------------------
Thu Apr 26 09:31:50 CEST 2002 - stark@suse.de
- readded ja-JP and de-AT language packs and mozgest 0.3.3
- removed Requires: jre1.3.x
- update to codebase 20020425
- deactivated buggy mozgest for now
-------------------------------------------------------------------
Thu Apr 18 09:56:54 CEST 2002 - stark@suse.de
- update to 1.0RC1
- update flash to 5.0r48
-------------------------------------------------------------------
Wed Apr 10 09:27:58 CEST 2002 - stark@suse.de
- readded ja-JP language pack
-------------------------------------------------------------------
Mon Mar 18 09:30:44 CET 2002 - stark@suse.de
- readded de-AT language pack
-------------------------------------------------------------------
Thu Mar 14 14:35:28 CET 2002 - stark@suse.de
- update to milestone 0.9.9
- enabled freetype2 support
-------------------------------------------------------------------
Mon Feb 11 10:13:51 CET 2002 - stark@suse.de
- readded ja-JP language/region pack
-------------------------------------------------------------------
Fri Feb 8 13:59:33 CET 2002 - stepan@suse.de
- fixed building with gcc 3.x on ppc and alpha
- adopting assembler macros to ABI changes
-------------------------------------------------------------------
Fri Feb 8 09:33:14 CET 2002 - stark@suse.de
- added de-AT language/region pack
- added patch to remove debug menu from preferences
- bzip2 flash-sources
-------------------------------------------------------------------
Tue Feb 5 09:09:33 CET 2002 - stark@suse.de
- update to milestone 0.9.8
(as always without language-packs)
- update mozgest to compatible 0.3.2
-------------------------------------------------------------------
Tue Feb 5 08:25:41 CET 2002 - stark@suse.de
- minor changes of the configure parameters
-------------------------------------------------------------------
Fri Feb 1 00:26:05 CET 2002 - ro@suse.de
- changed neededforbuild <libpng> to <libpng-devel-packages>
-------------------------------------------------------------------
Thu Jan 31 13:24:19 CET 2002 - hhetter@suse.de
- added gdkxft-mozilla patch for TT Font Rendering
-------------------------------------------------------------------
Thu Jan 17 10:24:09 CET 2002 - uli@suse.de
- removed /opt/mozilla/chrome/overlayinfo from filelist for ARM
-------------------------------------------------------------------
Wed Jan 2 07:47:42 CET 2002 - stark@suse.de
- added de-AT language pack for 0.9.7
-------------------------------------------------------------------
Sun Dec 30 09:39:37 CET 2001 - stark@suse.de
- added patch to handle empty file upload forms
(#116210 bugzilla.mozilla.org)
-------------------------------------------------------------------
Mon Dec 24 08:37:04 CET 2001 - stark@suse.de
- update to 0.9.7
(deactivated JP and DE language packs as they are not
available yet)
-------------------------------------------------------------------
Wed Dec 5 08:00:44 CET 2001 - stark@suse.de
- changed cp options again to fix devel-package for version > 7.0
-------------------------------------------------------------------
Sat Dec 1 10:26:27 CET 2001 - stark@suse.de
- added de-AT language pack for 0.9.6
- removed option -L of cp commands (for compatibility with 7.0)
-------------------------------------------------------------------
Mon Nov 26 13:18:20 CET 2001 - stark@suse.de
- made SuSEconfig.mozilla compatible with 7.3 again
- deactivated de-AT language pack (doesn't work for 0.9.6 :-()
-------------------------------------------------------------------
Sat Nov 24 20:01:14 CET 2001 - stark@suse.de
- changed SuSEconfig.mozilla to fit next SuSE-release (Java)
-------------------------------------------------------------------
Sat Nov 24 19:56:45 CET 2001 - stark@suse.de
- reactivated de-AT language pack for 0.9.5 (hopefully works)
-------------------------------------------------------------------
Fri Nov 23 17:28:29 CET 2001 - stark@suse.de
- update to 0.9.6
- update mozgest to 0.3.1
-------------------------------------------------------------------
Wed Nov 14 08:06:18 CET 2001 - stark@suse.de
- minor (cosmetic) change in SuSEconfig.mozilla
- readded Flash-Plugins to %files
-------------------------------------------------------------------
Mon Nov 12 11:12:33 CET 2001 - stark@suse.de
- added Provides for new subpackages (split-aliases)
- reworked SuSEconfig.mozilla (for subpackages)
-------------------------------------------------------------------
Thu Nov 8 08:36:04 CET 2001 - stark@suse.de
- readded build-id with SuSE extension
- added file to devel-package
-------------------------------------------------------------------
Wed Nov 7 11:41:07 CET 2001 - stark@suse.de
- added bookmark.diff
- removed build-id from title
-------------------------------------------------------------------
Wed Nov 7 08:46:08 CET 2001 - stark@suse.de
- added some devel files
-------------------------------------------------------------------
Tue Nov 6 10:04:31 CET 2001 - stark@suse.de
- rewritten %install section to use mozilla packaging functions
- split package into sub-packages
-------------------------------------------------------------------
Mon Nov 5 08:13:26 CET 2001 - stark@suse.de
- updated optimoz to RC0.3
-------------------------------------------------------------------
Wed Oct 24 17:00:34 CEST 2001 - stark@suse.de
- finally integrated optimoz (disabled and hidden by default)
- install only jar-archives in chrome
- added /opt/mozilla/rebuild-databases.sh
-------------------------------------------------------------------
Wed Oct 24 11:12:58 CEST 2001 - hhetter@suse.de
- include idl files in devel-package
-------------------------------------------------------------------
Tue Oct 23 11:10:04 CEST 2001 - stark@suse.de
- made SuSEconfig integrate RealPlayer- and Acrobat-Plugin
- requires now jre1.3.x
- added release_date (Gecko)
- moved some files to mode 644
- added patch to disable debug-menu in Composer
- set mailnews-startpage to about:blank
- set very-first startup-page to about:blank
-------------------------------------------------------------------
Mon Oct 22 12:23:15 CEST 2001 - mfabian@suse.de
- install Japanese Google-searchplugin under the name
'google-japan.gif' and 'google-japan.src' in order not to
overwrite the English original 'google.gif' and 'google.src'.
-------------------------------------------------------------------
Sat Oct 20 17:01:25 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.9.5-jajppack-v1.0.xpi
-------------------------------------------------------------------
Tue Oct 16 14:24:08 CEST 2001 - stark@suse.de
- update to 0.9.5
- added de_AT language pack
- make SuSEconfig integrate java from package java2
- added Macromedia Flashplayer/Shockwave
- added Optimoz 0.2.6 (partially, not active yet)
-------------------------------------------------------------------
Fri Sep 21 13:48:19 MEST 2001 - egger@suse.de
- Add libcms and libmng-devel to neededforbuild as suggested
by Werner Fink.
-------------------------------------------------------------------
Fri Sep 21 03:36:34 MEST 2001 - egger@suse.de
- Redid my former patch to disable Debug menus and default
to SuSE homepage.
-------------------------------------------------------------------
Fri Sep 21 02:06:11 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.9.4-langjajp-RC1.xpi
and mozilla0.9.4-regjp-RC1.xpi
-------------------------------------------------------------------
Thu Sep 20 20:45:15 MEST 2001 - draht@suse.de
- merging with BETA-tree from egger@suse.de: upgrade to 0.9.4
-------------------------------------------------------------------
Sat Sep 15 19:15:50 MEST 2001 - egger@suse.de
- diff: Removed Debug menus.
- diff: Added sensible default values and default to SuSE homepage.
-------------------------------------------------------------------
Tue Sep 11 21:33:01 MEST 2001 - egger@suse.de
- Somehow some non-0.9.3 sources were in the previous tarball.
Replaced them by the real ones.
-------------------------------------------------------------------
Mon Aug 13 21:59:03 CEST 2001 - mfabian@suse.de
- added mozilla-cjk-config.patch again.
(setup of PostScript fonts for printing Chinese, Japanese and
Korean, default fonts for Chinese, Japanese and Korean).
-------------------------------------------------------------------
Thu Aug 9 16:15:55 CEST 2001 - mfabian@suse.de
- add Japanese language pack mozilla0.9.3-langjajp-RC1.xpi
and mozilla0.9.3-regjp-RC1.xpi (Korean language packs
are only available for 0.9.2 and they don't work for 0.9.2,
therefore they are commented out).
-------------------------------------------------------------------
Sun Aug 5 15:14:47 MEST 2001 - egger@suse.de
- Updated to version 0.9.3.
-------------------------------------------------------------------
Thu Jul 5 11:28:58 MEST 2001 - egger@suse.de
- Update to 0.9.2.
- Language packs are incompatible and not yet available so they'll
follow later.
-------------------------------------------------------------------
Wed Jun 20 14:07:59 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.9.1-langjajp.xpi
and mozilla0.9.1-regjp.xpi
-------------------------------------------------------------------
Thu Jun 14 19:11:06 MEST 2001 - egger@suse.de
- Update to version 0.9.1.
-------------------------------------------------------------------
Fri May 11 18:26:22 MEST 2001 - egger@suse.de
- Fixed severe bugs in SuSEconfig.mozilla script that
may prevent users from getting a working mozilla.
-------------------------------------------------------------------
Fri May 4 13:05:42 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.8.1-langjajp.xpi
and mozilla0.8.1-regjp.xpi
-------------------------------------------------------------------
Tue May 1 14:23:45 CEST 2001 - egger@suse.de
- Update SuSEconfig.mozilla to use md5 sums
-------------------------------------------------------------------
Wed Apr 4 17:31:59 CEST 2001 - mfabian@suse.de
- update Japanese language pack to langjajp-081-RC1.xpi
and regjp-081-RC1.xpi
-------------------------------------------------------------------
Thu Mar 29 00:33:06 MEST 2001 - egger@suse.de
- Updated to version 0.8.1.
-------------------------------------------------------------------
Mon Mar 19 20:05:27 MET 2001 - bk@suse.de
- strip mozilla shared libraries
-------------------------------------------------------------------
Sun Mar 11 11:04:20 MET 2001 - violiet@suse.de
- added Korean and Japanese Language pack.
-------------------------------------------------------------------
Sat Mar 3 18:52:39 CET 2001 - schwab@suse.de
- Try to add support for ia64.
- Fix run-mozilla link.
-------------------------------------------------------------------
Tue Feb 20 14:39:37 MET 2001 - egger@suse.de
- Integrated a reworked version of Bernd Kaindls
patch to get the beast running from anywhere again.
-------------------------------------------------------------------
Mon Feb 19 23:54:11 MET 2001 - egger@suse.de
- Use BuildRoot.
- Reworked specfile.
- Corrected -devel package.
-------------------------------------------------------------------
Fri Feb 16 18:00:54 MET 2001 - egger@suse.de
- Update to version 0.8.
-------------------------------------------------------------------
Tue Jan 23 15:48:55 CET 2001 - kukuk@suse.de
- Fix use of SOURCE macro
-------------------------------------------------------------------
Tue Jan 23 14:44:07 CET 2001 - kukuk@suse.de
- Move post install section to extra SuSEconfig.mozilla [Bug #5642]
-------------------------------------------------------------------
Mon Jan 22 18:33:28 CET 2001 - mfabian@suse.de
- revert to 16 pt font for Japanese and Chinese. Japanese and
Chinese characters are almost unreadable at 12pt.
-------------------------------------------------------------------
Sun Jan 21 15:21:54 CET 2001 - violiet@suse.de
- set korean and taiwan ps font printing patch.
- set mozilla used small 12pixels font.
- change improved font for Japanese and Korean.
- added Korean & Japanese Name and Comment in Mozilla.desktop.
-------------------------------------------------------------------
Wed Jan 3 17:29:56 MET 2001 - egger@suse.de
- Quietness patch.
- Enabled JAR file creation.
- Added GNOME icon.
- New wrapper script.
-------------------------------------------------------------------
Sun Dec 24 19:54:13 PST 2000 - bk@suse.de
- set CFLAGS and CXXFLAGS for confgure to $RPM_OPT_FLAGS. With our
configure flags(--enable-optimize -> adds -O after CFLAGS) enabled
this enables only the i486 arch code which brought me 5% speed
increase in my test(Load page on hay), package size stays the same.
-------------------------------------------------------------------
Wed Dec 20 18:21:49 MET 2000 - egger@suse.de
- Integrated the latest bugfixes.
- Added: Provides: web_browser to the specfile.
-------------------------------------------------------------------
Tue Dec 12 06:57:59 MET 2000 - egger@suse.de
- Update to the real version 0.6.
-------------------------------------------------------------------
Fri Dec 8 22:13:40 PST 2000 - bk@suse.de
- updated to Mozilla 0.6 (milestone release based on the same branch
as Netscape 6), looks good!
- fixed cp -r install to cp -rL(for forcing to follow the links...)
- fixed postinstall to do an chroot before calling programs...
-------------------------------------------------------------------
Fri Dec 1 12:01:56 CET 2000 - kukuk@suse.de
- Fix spec file syntax
-------------------------------------------------------------------
Fri Dec 1 08:45:46 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Nov 22 21:36:11 MET 2000 - egger@suse.de
- Reworked the specfile and of course
- Made a new snapshot.
-------------------------------------------------------------------
Tue Nov 21 03:39:17 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Fri Nov 10 16:03:40 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Mon Nov 6 10:58:50 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Mon Nov 6 01:14:46 CET 2000 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Sat Oct 28 22:50:10 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Oct 25 01:44:06 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Fri Oct 13 18:05:23 MEST 2000 - egger@suse.de
- Made a new snapshot.
- Changed specfile slightly.
-------------------------------------------------------------------
Fri Oct 13 04:29:18 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Sun Oct 8 16:17:28 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Fri Oct 6 01:44:41 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Oct 4 00:02:29 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Sep 27 14:49:53 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Thu Sep 21 16:32:55 MEST 2000 - egger@suse.de
- Add mozilla development package to provide the necessary
headers for embedding the gecko engine.
- Try the new registering.
-------------------------------------------------------------------
Mon Sep 18 20:01:35 MEST 2000 - egger@suse.de
- Ok, forgot to save the right specfile... Sorry.
-------------------------------------------------------------------
Mon Sep 18 14:06:34 MEST 2000 - egger@suse.de
- New snapshot.
- Removed SPARC patch, the mozilla people applied the patch.
- Tested package on i386.
-------------------------------------------------------------------
Tue Aug 22 01:15:10 CEST 2000 - egger@suse.de
- Try a hint from the mozilla people to prevent that ugly mail
hack.
- Made a new snapshot.
-------------------------------------------------------------------
Tue Jul 11 21:12:29 CEST 2000 - egger@suse.de
- Updated to postM17: Lots of bugfixes and perfomanceimprovements.
-------------------------------------------------------------------
Tue Jul 11 21:12:28 CEST 2000 - egger@suse.de
- Link run-mozilla.sh to /usr/X11/bin/mozilla.
- Correct the wrapper script to work from anywhere.
- Send a mail to the admin after installing mozilla
to tell him that he has to run mozilla once as root.
-------------------------------------------------------------------
Mon Jul 10 22:59:12 CEST 2000 - ro@suse.de
- specfile fix
-------------------------------------------------------------------
Mon Jul 10 17:35:06 CEST 2000 - ro@suse.de
- try to call mozilla to create registry
-------------------------------------------------------------------
Fri Jul 7 21:09:44 CEST 2000 - kukuk@suse.de
- Add SPARC fix back
-------------------------------------------------------------------
Thu Jul 6 14:52:28 CEST 2000 - egger@suse.de
- Unified tarballs.
- Change incorrect strip command.
-------------------------------------------------------------------
Thu Jul 6 01:03:03 CEST 2000 - ro@suse.de
- added more dirs
-------------------------------------------------------------------
Wed Jul 5 16:01:26 CEST 2000 - egger@suse.de
- Add missing dirs...
-------------------------------------------------------------------
Tue Jul 4 22:28:29 CEST 2000 - egger@suse.de
- Use latest bugfix snapshot.
- Try to prevent a bug in libpthreads/nspr by building
with debugging and strip everything afterwards.
- Enable optimize because it works now.
- Install wrapper script instead of binary into exectuable
path to work around problems...
-------------------------------------------------------------------
Fri Jun 16 16:49:35 CEST 2000 - egger@suse.de
- Use latest snapshot.
- Recheckin since the last update got lost...
- Bumped version to M16.
-------------------------------------------------------------------
Sun Jun 11 12:01:44 CEST 2000 - egger@suse.de
- Use latest snapshot.
- Checked out missing dir, too.
-------------------------------------------------------------------
Fri Jun 9 10:59:40 CEST 2000 - egger@suse.de
- Use latest snapshot.
-------------------------------------------------------------------
Sat May 27 17:56:38 CEST 2000 - egger@suse.de
- Well, maybe I should have replaced all occurences of X11... :)
-------------------------------------------------------------------
Mon May 22 15:11:46 CEST 2000 - egger@suse.de
- /usr/X11/bin/mozilla is not allowed anymore, so use
/usr/X11R6/bin/mozilla.
-------------------------------------------------------------------
Thu May 18 20:19:46 CEST 2000 - egger@suse.de
- Checked in new snapshot.
-------------------------------------------------------------------
Mon May 15 18:24:37 CEST 2000 - egger@suse.de
- Readded orbit to the requirements.
-------------------------------------------------------------------
Sat May 13 22:54:39 CEST 2000 - egger@suse.de
- Checked in completely new .spec-file and the
latest CVS snapshot.
-------------------------------------------------------------------
Sun Apr 9 17:37:04 CEST 2000 - bk@suse.de
- added suse update config macro
- added automake to list of packages needed for building mozilla
-------------------------------------------------------------------
Tue Mar 28 23:48:39 CEST 2000 - ro@suse.de
- removed optimize
-------------------------------------------------------------------
Thu Mar 23 19:05:34 CET 2000 - ro@suse.de
- update to M14-no-crypto
-------------------------------------------------------------------
Fri Jan 28 20:06:30 CET 2000 - kukuk@suse.de
- Update to M13
- Fix for SPARC
-------------------------------------------------------------------
Tue Jan 25 19:07:33 CET 2000 - ro@suse.de
- update to M12
-------------------------------------------------------------------
Wed Dec 15 18:42:26 CET 1999 - ro@suse.de
- reworked install-section of specfile
-------------------------------------------------------------------
Wed Nov 24 08:22:52 CET 1999 - ro@suse.de
- update to M11
-------------------------------------------------------------------
Wed Oct 20 11:30:24 CEST 1999 - ro@suse.de
- added comment for ld-script
-------------------------------------------------------------------
Mon Oct 18 14:56:01 CEST 1999 - ro@suse.de
- fixed config.sub for ev6
-------------------------------------------------------------------
Wed Oct 13 01:06:35 CEST 1999 - ro@suse.de
- update to M10
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Thu Jul 15 13:11:08 MEST 1999 - bs@suse.de
- user glib, gtk instead of glibn, gtkn
- call Check after install
-------------------------------------------------------------------
Thu Jun 3 12:27:30 MEST 1999 - ro@suse.de
- update to M6
-------------------------------------------------------------------
Tue Jun 1 16:02:46 MEST 1999 - ro@suse.de
- fixed shellscripts for startup
-------------------------------------------------------------------
Tue Jun 1 10:19:51 MEST 1999 - ro@suse.de
- moved libraries to /usr/lib/mozilla/lib
and start using "LD_LIBRARY_PATH"
-------------------------------------------------------------------
Tue Jun 1 00:53:36 MEST 1999 - ro@suse.de
- created packages (mozilla and mozillad)