------------------------------------------------------------------- Mon Nov 25 02:49:51 UTC 2024 - Tristan Miller - disable --with-system-icu on Tumbleweed due to https://bugzilla.mozilla.org/show_bug.cgi?id=1933117 - remove obsolete patch mozilla-bmo1862601.patch ------------------------------------------------------------------- Thu Nov 07 01:14:19 UTC 2024 - Tristan Miller - enable patch mozilla-bmo1896958.patch for Leap 15.5 ------------------------------------------------------------------- Thu Sep 05 21:15:40 UTC 2024 - Tristan Miller - request inclusion in Leap 15.5 and 15.6: https://bugzilla.opensuse.org/show_bug.cgi?id=1230257 ------------------------------------------------------------------- Wed Sep 04 20:04:01 UTC 2024 - Tristan Miller - update to SeaMonkey 2.53.19 * Cancel button in SeaMonkey bookmarking star ui not working bug 1872623. * Remove OfflineAppCacheHelper.jsm copy from SeaMonkey and use the one in toolkit bug 1896292. * Remove obsolete registerFactoryLocation calls from cZ bug 1870930. * Remove needless implements='nsIDOMEventListener' and QI bug 1611010. * Replace use of nsIStandardURL::Init bug 1864355. * Switch SeaMonkey website from hg.mozilla.org to heptapod. bug 1870934. * Allow view-image to open a data: URI by setting a flag on the loadinfo bug 1877001. * Save-link-as feature should use the loading principal and context menu using nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD bug 1879726. * Use punycode in SeaMonkey JS bug 1864287. * Font lists in preferences are no longer grouped by font type, port asynchronous handling like Bug 1399206 bug 1437393. * SeaMonkey broken tab after undo closed tab with invalid protocol bug 1885748. * SeaMonkey session restore is missing the checkboxes in the Classic theme bug 1896174. * Implement about:credits on seamonkey-project.org website bug 1898467. * Fix for the 0.0.0.0 day vulnerability oligo summary. * Link in update notification does not open Browser bug 1888364. * Update ReadExtensionPrefs in Preferences.cpp bug 1890196. * Add about:seamonkey page to SeaMonkey bug 1897801. * SeaMonkey 2.53.19 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.19 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.14 and Thunderbird 115.14 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - Adapt seamonkey-man-page.patch for SeaMonkey 2.53.19 - Adapt seamonkey-GNUmakefile to create mach environment - Build with GCC 13 on Tumbleweed due to build failures with GCC 14: https://bugzilla.mozilla.org/show_bug.cgi?id=1916827 ------------------------------------------------------------------- Thu Jun 07 00:42:26 UTC 2024 - Tristan Miller - add patch mozilla-bmo1896958.patch adapted from https://bugzilla.mozilla.org/show_bug.cgi?id=1896958 to fix compilation with rust >= 1.78 - add patch mozilla-bmo1862601.patch adapted from https://bugzilla.mozilla.org/show_bug.cgi?id=1862601 to fix build failure using --system-icu on Tumbleweed ------------------------------------------------------------------- Thu Mar 28 15:00:02 UTC 2024 - Tristan Miller - update to SeaMonkey 2.53.18.2 * Block set-cookie from multipart/x-mixed-replace with pref bug 1864385. * Check if WorkerRunnable::Run runs on top of WorkerThreadPrimaryRunnable::Run in a worker thread bug 1867982. * Process pairs in coord list in PolyArea bug 1878211. * Cherry-pick update to dav1d bug 1881093. * Land NSS NSS_3_90_2_RTM UPGRADE_NSS_RELEASE bug 1880562. * Fix DSN for send later bug 815638. * Catch webNavigation error during tab restore bug 1885748. * SeaMonkey 2.53.18.2 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.18.2 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.9 and Thunderbird 115.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - request inclusion in Leap 15.5 and 15.6: https://bugzilla.opensuse.org/show_bug.cgi?id=1222137 ------------------------------------------------------------------- Mon Feb 26 13:22:25 UTC 2024 - Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Thu Feb 8 17:35:05 UTC 2024 - Dominique Leuenberger - Replace python-devel and python2-xml BuildRequires with python3-base: the build log already contains Creating Python 3 environment i.e, python2 was not used anymore (boo#1219739). ------------------------------------------------------------------- Wed Jan 18 00:10:28 UTC 2024 - Tristan Miller - update to SeaMonkey 2.53.18.1 * Update the NSS library to the latest esr 115 version for the final 2.53.18.1 release. * SeaMonkey 2.53.18.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.18.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.7 and Thunderbird 115.7 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - request inclusion in Leap 15.5 and 15.6: https://bugzilla.opensuse.org/show_bug.cgi?id=1218961 ------------------------------------------------------------------- Sun Dec 09 14:26:01 UTC 2023 - Tristan Miller - update to SeaMonkey 2.53.18 * Update Branding info bug 1841167. * Use BugSplat for SeaMonkey crash reporting bug 1835524. * Unify notifications and permissions in SeaMonkey bug 1849526. * SeaMonkey 2.53.18 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.18 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.5 and Thunderbird 115.5 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - remove obsolete patch seamonkey-binutils.patch - remove obsolete patches 1817900-13-112a1.patch, 1849874-11503.patch, and TOP-NOBUG-revendor-253172.patch - request inclusion in Leap 15.4, 15.5, and 15.6: https://bugzilla.opensuse.org/show_bug.cgi?id=1217916 - disable --with-system-nss on Leap 15.5 to work around build breakage ------------------------------------------------------------------- Wed Nov 01 17:37:55 UTC 2023 - Tristan Miller - add 1817900-13-112a1.patch, 1849874-11503.patch, and TOP-NOBUG-revendor-253172.patch to allow building with rust >= 1.48 - request inclusion in Leap 15.4 and 15.5: https://bugzilla.opensuse.org/show_bug.cgi?id=1216797 ------------------------------------------------------------------- Wed Oct 04 08:21:55 UTC 2023 - Tristan Miller - add seamonkey-binutils.patch to allow building with binutils >= 2.41: https://bugzilla.mozilla.org/show_bug.cgi?id=1856238 https://bugzilla.mozilla.org/show_bug.cgi?id=1846703 - add mozilla-bmo531915.patch to fix builds for x86: https://bugzilla.mozilla.org/show_bug.cgi?id=531915 - request inclusion in Leap 15.4 and 15.5: https://bugzilla.opensuse.org/show_bug.cgi?id=1215944 ------------------------------------------------------------------- Thu Sep 28 20:29:03 UTC 2023 - Bernhard Wiedemann - Add reproducible.patch to override build date (boo#1047218) ------------------------------------------------------------------- Thu Sep 21 15:58:45 UTC 2023 - Tristan Miller - update to SeaMonkey 2.53.17.1 * Upstream libwebp security fix bug 1852749. * CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649. * Fix bad string encoded in ansi. l10n fr problem only bug 1847887. * SeaMonkey 2.53.17 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.17 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.3 and Thunderbird 115.3 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - request inclusion in Leap 15.4 and 15.5: https://bugzilla.opensuse.org/show_bug.cgi?id=1215585 ------------------------------------------------------------------- Fri Aug 04 13:04:12 UTC 2023 - Tristan Miller - update to SeaMonkey 2.53.17 * Fix macOS Contacts permission request bug 1826719. * Remove SeaMonkey 2.57 links from debugQA bug 1829683. * Treat opening urls from the library as external bug 1619108. * Disable spam warning for autogenerated links in plaintext messages bug 619031. * Switch SeaMonkey build files to Python 3 bug 1635849. * Remove empty overlays from Composer bug 1828533. * Move xpfe autocomplete to comm-central suite bug 1418512. * Remove nsIPrefBranch2 and nsIPrefBranchInternal bug 1374847. * SeaMonkey 2.53.17 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.17 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 102.11 and Thunderbird 102.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. * Adapt mozilla-nongnome-proxies.patch for SeaMonkey 2.53.17 * Adapt seamonkey-lto.patch for SeaMonkey 2.53.17 * Remove obsolete %clean section from seamonkey.spec - request inclusion in Leap 15.4 and 15.5: https://bugzilla.opensuse.org/show_bug.cgi?id=1213986 ------------------------------------------------------------------- Wed Mar 31 07:22:42 UTC 2023 - Tristan Miller - update to SeaMonkey 2.53.16 * No throbber in plaintext editor bug 85498. * Remove unused gridlines class from EdAdvancedEdit bug 1806632. * Remove ESR 91 links from debugQA bug 1804534. * Rename devtools/shim to devtools/startup bug 1812367. * Remove unused seltype=text|cell css bug 1806653. * Implement new shared tree styling bug 1807802. * Use `win.focus()` in macWindowMenu.js bug 1807817. * Remove WCAP provider bug 1579020. * Remove ftp/file tree view support bug 1239239. * Change calendar list tree to a list bug 1561530. * Various other updates to the calendar code. * Continue the switch from Python 2 to Python 3 in the build system. * Verified compatibility with Rust 1.66.1. * SeaMonkey 2.53.16 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.16 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 102.9 and Thunderbird 102.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - update seamonkey-GNUmakefile patch per https://bugzilla.mozilla.org/show_bug.cgi?id=1692516#c11 to reflect changes in the new way of packing langpacks - remove obsolete patch mozilla-language.patch - remove obsolete patch seamonkey-spellcheck.patch - remove --enable-system-hunspell from .mozconfig per https://bugzilla.mozilla.org/show_bug.cgi?id=1820413 - add build dependency on clang - request inclusion in Leap 15.4: https://bugzilla.opensuse.org/show_bug.cgi?id=1209994 ------------------------------------------------------------------- Fri Jan 20 10:12:30 UTC 2023 - Tristan Miller - update to SeaMonkey 2.53.15 * Microtasks and promises bug 1193394. * Implement queueMicrotask()bug 1480236. * Remove old synchronous contentPrefService from the tree bug 886907 and bug 1392929. * Remove remaining uses of 'general.useragent.locale' bug 1410736 and bug 1410738. * Migrate to intl.locale.requested.locale list from 'general.useragent.locale' bug 1441016. * Introduce a pref to store BCP47 locale list bug 1414390, bug 1423532 and bug 1441026. * Remove synchronous certificate verification APIs from nsIX509CertDB bug 1453741 and bug 1453778. * Taskbar preview's favicon appears blank bug 1475524. * Call Imagelibs decodeImageAsyncWindows using a callback bug 1790695. * Remove PermissionsService from process Windows sandboxing code bug 1788233, bug 1789782 and bug 1794394. * Security info dialog doesn't show cert status anymore bug 1293378. * Replace nsIPlatfromCharset in mailnews bug 1381762. * Replace use of nsMsgI18NFileSystemCharset() with NS_CopyUnicodeToNative/NS_CopyNativeToUnicode() bug 1506422. * Cater for Outlook's/Hotmail's 'Deleted' folder bug 1320191. * Make some filter methods scriptable bug 1497513. * Fix crash in nsMsgFilterAfterTheFact::ApplyFilter() caused by async reset of 'm_curFolder' bug 537017. * Localize messages from nsIMsgFolder.logRuleHitFail() bug 1352731. * Add logging of message filter runs and actions bug 697522. * Check that we got a non-null header before running a filter on it (and crashing) bug 1563959. * With CONDSTORE, eliminate unneeded flag fetches at startup bug 1428097. * Fix so custom tags (keywords) are visible to all users bug 583677. * Improve handling of tags on shared folders bug 1596371. * Allow setting/resetting junk marking by user for yahoo/aol to stick bug 1260059. * Don't check subject if spellchecker is not ready bug 1069787. * Grammar issues in mailnews_account_settings.xhtml bug 1793291. * Remove use of nsIMemory bug 1792578. * Replace obsolete GetStringBundleService call in SeaMonkey bug 1794400. * SeaMonkey crashes on MacOS Ventura 13.0 bug 1797696. * Continue the switch from Python 2 to Python 3 in the build system. * Added support for clang 15 and macOS SDK 11.3. * Verified compatibility with Rust 1.65. * SeaMonkey 2.53.15 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.15 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 102.6 and Thunderbird 102.5 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - update seamonkey-GNUmakefile patch per https://bugzilla.mozilla.org/show_bug.cgi?id=1692516#c9 to remove obsolete stuff and fix handling of Latam Spanish - remove build dependency on obsolete rust-std-static - request inclusion in Leap 15.4: https://bugzilla.opensuse.org/show_bug.cgi?id=1207332 ------------------------------------------------------------------- Thu Sep 29 12:14:18 UTC 2022 - Tristan Miller - update to SeaMonkey 2.53.14 * Updates to the following DOM HTML element interfaces: Embed, Object, Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem, TextArea, Source, Select, Option, Script and Html. Please test add-ons. * Continue the switch from Python 2 to Python 3 in the build system. * Add ESR 102 links to debugQA bug 1779028. * Remove about plugins from help menu bug 1779031. * Dead links in cs_nav_prefs_advanced.xhtml [en-US] bug 1783558. * Dead links in cs_nav_prefs_advanced.xhtml bug 1786030. * Remove obsolete chat services from SeaMonkey address book bug 1779034. * Address Book: "Get Map" button is not shown for home addresses bug 1779319. * Added compatibility for rust 1.63 * SeaMonkey 2.53.14 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.14 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.11 and Thunderbird 91.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - add seamonkey-spellcheck.patch to work around a circular dependency issue when compiling with GCC 12 - requested inclusion in Leap 15.4 and 15.3: https://bugzilla.opensuse.org/show_bug.cgi?id=1203916 ------------------------------------------------------------------- Mon Jul 11 11:43:54 UTC 2022 - Tristan Miller - update to SeaMonkey 2.53.13 * Updates to devtools. * Updates to build configuration. * Starting the switch from Python 2 to Python 3 in the build system. * Removal of array comprehensions, legacy iterators and generators bug 1414340 and bug 1098412. * Adding initial optional chaining and Promise.allSettled() support. * SeaMonkey 2.53.13 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.13 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.11 and Thunderbird 91.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - adapt seamonkey-man-page.patch for SeaMonkey 2.53.13 - disable LTO for Tumbleweed builds due to linker errors - requested inclusion in Leap 15.4 and 15.3: https://bugzilla.opensuse.org/show_bug.cgi?id=1201406 ------------------------------------------------------------------- Tue Jun 14 12:09:28 UTC 2022 - Guillaume GARDET - Add --disable-elf-hack for aarch64 to fix build ------------------------------------------------------------------- Fri May 04 09:25:16 UTC 2022 - Tristan Miller - update to SeaMonkey 2.53.12 * Format Toolbar forgets its hidden status when switching to other view modes bug 1719020. * Remove obsolete plugin code from SeaMonkey bug 1762733. * Fix a few strict warnings in SeaMonkey bug 1755553. * Remove Run Flash from Site permissions and page info bug 1758289. * Use fixIterator and replace use of removeItemAt in FilterListDialog bug 1756359. * Remove RDF usage in tabmail.js bug 1758282. * Implement 'Edit Template' and 'New Message From Template' commands and UI bug 1759376. * [SM] Implement 'Edit Draft' command and hide it when not in a draft folder (port Thunderbird bug 1106412) bug 1256716. * Messages in Template folder need "Edit Template" button in header (like for Drafts) bug 80280. * Refactor and simplify the feed Subscribe dialog options updates bug 1420473. * Add system memory and disk size and placeDB page limit to about:support bug 1753729. * Remove warning about missing plugins in SeaMonkey 2.53 and 2.57 bug 1755558. * SeaMonkey 2.53.12 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.12 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.9 and Thunderbird 91.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - remove/update references to obsolete gtk2 directory - requested inclusion in Leap 15.3: https://bugzilla.opensuse.org/show_bug.cgi?id=1199197 ------------------------------------------------------------------- Fri Mar 25 09:53:04 UTC 2022 - Tristan Miller - update to SeaMonkey 2.53.11.1 * Fix edge case when setting IntersectionObserver threshold bug 1758291. * OAuth2 prefs should use realuserName instead of username bug 1518126. * SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.11.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.7 and Thunderbird 91.7 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - requested inclusion in Leap 15.3: https://bugzilla.opensuse.org/show_bug.cgi?id=1197518 ------------------------------------------------------------------- Thu Mar 03 12:10:36 UTC 2022 - Tristan Miller - update to SeaMonkey 2.53.11 * Remove obsolete MOZ_EXTENSIONS check in suite bug 1749146. * Add connect button to cZ Networks Editor bug 1736443. * Remove freenode remnants from ChatZilla in SeaMonkey bug 1741082. * Prefer secure over insecure protocol in network list in ChatZilla bug 1744440. * Composer - Change tag textbox is not removed after use bug 1755369. * Clean up repo links in debugQA bug 1746790. * Fix misspelled references to macOS in suite bug 1749144. * Remove obsolete references to Java and Flash bug 1749141. * Help button not working in delete cert dialog bug 1750386. * Rearrange Message Filter Dialog to make room for new features bug 1735053. * Use Insert key as shortcut to create new message filters bug 1735055. * Rename some variables used in SeaMonkey's FilterListDialog to match Thunderbird's bug 1735056. * Implement Copy to New message filter functionality bug 1735057. * Add move to top / bottom buttons to message filters bug 1735059. * Add preference to not prompt for message filter deletion bug 1735061. * Clean up folder handling in FilterListDialog bug 1736425. * Add refresh function to Filter list dialog so that it can be updated when already open and new filters are added externally bug 1737450. * Use listbox rather than tree in FilterListDialog bug 1746081. * MsgFilterList(args) should take targetFilter and pass it to FilterListDialog bug 1753891. * Mail&News' start.xhtml: "We" link broken bug 1748178. * Add search functionality to filter dialog bug 1749207. * Move the taskbar refresh timer in SeaMonkey to idle dispatch bug 1746788. * Prevent subresource loads from showing the progress indicator on the tab in SeaMonkey bug 1746787. * SeaMonkey 2.53.11 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * Additional important security fixes up to Current Firefox 91.6 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. * SeaMonkey 2.53.11 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. - adapt seamonkey-man-page.patch for SeaMonkey 2.53.11 - requested inclusion in Leap 15.3: https://bugzilla.opensuse.org/show_bug.cgi?id=1196703 ------------------------------------------------------------------- Tue Feb 15 23:18:43 UTC 2022 - Bjørn Lie - Drop pkgconfig(gconf-2) BuildRequires and pass ac_add_options --disable-gconf to mozconfig. As we already are using cairo-gtk3, gconf support serves no purpose (gio/gsettings takes care). ------------------------------------------------------------------- Tue Dec 28 13:01:41 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.10.2 * Obtain Windows code-signing certificate for SeaMonkey binary and update signing bug 1438084. * Support SHA-2 hashes in CertIDs in OCSP responses - port of bug 1746221. * Fix rust 1.57 Windows linking for SeaMonkey 2.53 bug 1746785. * SeaMonkey 2.53.10.2 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * Additional important security fixes up to Current Firefox 91.4.1 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. * SeaMonkey 2.53.10.2 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. - requested inclusion in Leap 15.3: https://bugzilla.opensuse.org/show_bug.cgi?id=1194114 ------------------------------------------------------------------- Mon Dec 13 10:38:44 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.10.1 * Security fix for NSS code bug 1737470. * Only use networks and servers in lower case in ChatZilla bug 1742502. * Change classic form icon in SeaMonkey composer bug 1710915. * Addition fixes for SeaMonkey 32x32 default icons on Windows and macOS bug 1729153. * SeaMonkey 2.53.10.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.10.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 91.4 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - Remove unused build dependency on libidl-devel. - requested inclusion in Leap 15.3: https://bugzilla.opensuse.org/show_bug.cgi?id=1193668 ------------------------------------------------------------------- Tue Nov 16 08:40:32 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.10 * Minor fixes for testdisplay command in ChatZilla bug 1727976. * Show CTCP requests (excluding ACTION and DCC) bug 1722156. * IRCv3: Add support for server-time bug 1724586. * Add localization note for network editor dialog width in ChatZilla bug 1727977. * IRCv3: Add support for extended-join and account-notify bug 1722159. * Add ability to collapse message groups in ChatZilla bug 1724588. * Fix JS strict warnings in unescapeTagValue in ChatZilla bug 1727989. * IRCv3: Add support for invite-notify bug 1722161. * IRCv3: Add support for batch bug 1724589. * Fix JS strict warning in addHistory in cZ static.js bug 1727992. * IRCv3: Add support for cap-notify bug 1722162. * Stop using canonical name as collection keys in ChatZilla bug 1728025. * IRCv3: Add support for TLS and STS bug 1722166. * Helper function for renaming irc server properties in ChatZilla bug 1728027. * IRCv3: Add support for MONITOR bug 1722174. * Remove use of msg.commasp in ChatZilla bug 1726965. * Allow shiftKey to modify behaviour of link clicking in cZ bug 1713458. * IRCv3: Add support for echo-message bug 1722211. * In ChatZilla make /commands return all matches starting with pattern bug 1726966. * Use SeaMonkey prefs to determine how links behave in cZ bug 1713467. * Allow parameters to be localised in ChatZilla bug 1724105. * Add identify command to cZ and hook into password management bug 1713470. * IRCv3.1: Implement SASL with PLAIN mechanism bug 1717545. * IRCv3: Add support for message tags bug 1724584. * Add last read message divider to ChatZilla bug 1729159. * IRCv3: Add support for account-tag bug 1724585. * Missing option "text encoding Unicode/UTF-8" in preferences - Mailnews bug 1679260. * Detect Crashreporter using AppConstants in SeaMonkey bug 1735236. * Link about LEGACY extensions in Add-ons Manager is broken bug 1656797. * Update help for clear private data preferences and dialog bug 1728911. * Fix typo in cs_nav_prefs_appearance bug 1737473. * Drop leftover "Edit Menu" comment from messageWindow.xul and addressbook.xul bug 1725121. * Add dummy tab routines to SeaMonkey mailnews tab browser bug 1735243. * Folder pane and tab/window title not updated correctly when opening in new tab bug 1726940. * Allow mail tab bar to be controlled separately to browser tab bar bug 1724515. * Copy any user set values for new mail.tabs prefs bug 1729165. * Merge Master Passwords and Passwords pref panes into a single pref pane bug 1728099. * Move warning about redirection pref from Content to Privacy & Security pane bug 1728185. * Move website icons prefs from content pref pane to browser pref pane bug 1727425. * Move browser / mailnews system integration prefs into advanced pane bug 1727659. * Have separate opentabfor.middleclick for mailnews bug 1727948. * Add removeBrowser helper for tabbrowser bug 1730391. * Put in a so it's easy to overlay bug 1730392. * Allow browser focus to be avoided bug 1720003. * SeaMonkey 32x32 default icon has light stripe at the bottom bug 1729153. * Support and in SeaMonkey bug 1730408. * Middleclick on browser tab handled twice (closes tab and loads URL from primary or clipboard) bug 1734407. * Unable to create a new "Saved Search Folder" using "Save View as a Folder..." bug 1738669. * Enable compression for standard http connections bug 1728996. * Support VS2022 for compiling under Windows bug 1728988. * SeaMonkey 2.53.10 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.10 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.15 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - requested inclusion in Leap 15.3 and Leap 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1192742 ------------------------------------------------------------------- Tue Sep 28 07:09:11 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.9.1 * Fix the lazy loading of images from some websites bug 1727967. * Move certain font family defaults from serif to sans serif bug 1727982. * SeaMonkey 2.53.9.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.9.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.14 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - requested inclusion in Leap 15.3 and Leap 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1191022 ------------------------------------------------------------------- Thu Aug 26 12:27:32 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.9 * There is now an option to clear browser history during shutdown bug 1621445. * Uninstall plugin command for ChatZilla bug 541719. * Update icons used in ChatZilla status bar bug 1710238 and bug 1710249. * Make ChatZilla understand mIRC color code 99 bug 1710298. * Implement IRCv3 basic CAP negotiation bug 1717539 and CAP LIST and update CAP ACK and CAP LS bug 1710313. * Use Unicode instead of images for emojis in ChatZilla bug 1711375 and add some extra emojis bug 1711376. * Use SeaMonkey's configured web search rather than a separate one in ChatZilla bug 1712498. * Add a networks editor to ChatZilla bug 1716232. * Implement IRCv3 away-notify bug 1717543, chghost and userhost-in-names bug 1717544, self-messaging bug 1722212 and WHOX bug 1722214. * Link to SeaMonkey website in debugQA for verification sites and development section bug 1685606. * Send button should be disable until we have a recipient bug 104973. * Remove need to use a modifier for marking messages as unread bug 1719216. * SeaMonkey 2.53.9 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.9 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.13 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - removed obsolete patch seamonkey-packed_simd.patch (integrated upstream) - update seamonkey-lto.patch to work with 2.53.9 - requested inclusion in Leap 15.3 and Leap 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1189845 ------------------------------------------------------------------- Thu Aug 19 12:52:52 UTC 2021 - Tristan Miller - add upstream patch seamonkey-packed_simd.patch which allows packed_simd to compile with Rust 1.54 ------------------------------------------------------------------- Tue Jul 27 06:57:05 UTC 2021 - Guillaume GARDET - Remove --disable-elf-hack when not available: aarch64 and ppc64* ------------------------------------------------------------------- Thu Jul 22 08:55:51 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.8.1 * Archive message action does not work bug 1718839. * Do not preserve offlineMsgSize parameter when moving/copying emails between folders bug 1720202 and bug 1430480. * Move thread code to threadPane.js and remove messengerdnd.js bug 515675. * SeaMonkey 2.53.8.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.8.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.12 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - requested inclusion in Leap 15.3 and Leap 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1188614 ------------------------------------------------------------------- Thu Jul 08 06:50:25 UTC 2021 - Tristan Miller - requested inclusion in Leap 15.3 and Leap 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1188100 ------------------------------------------------------------------- Wed Jul 07 13:50:05 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.8 * Serious performance improvements and bug fixes tracked in bug 1633339 and bug 1711050. * Language attributes with country codes not recognized when building the Website Navigation Bar link toolbar bug 134436 and bug 1709443. * Optimize SeaMonkey icons for speed and optional higher quality for branding bug 1362210 and bug 1699322. * Support from= option when opening email compose window from the command line bug 1628671. * Update subject handling and GenericSendMessage function in compose window bug 1693994. * All message windows should update when view preferences are changed bug 1694765. * Improve marking of multiple messages as read / unread bug 1700530. * Show version numbers again in the add-on manager by the partial backout of bug 1161183. * Update available networks in chatZilla (including adding libera.chat)bug 1704392 and bug 1712505. * Change default port for IRC via TLS/SSL to 6697 bug 1704280. * Remove chatZilla and Lightning extension language packs and incorpate localisations within the main language pack bug 1604663. * Fix address drag and drop handling in compose window bug 1712002 and bug 1712227. * Further fixes for legacy generators and the deprecated for each statement in add-ons and the Add-on SDK bug 1702903. * For developers, fork DOMi repo into main SeaMonkey one which means no need to separately checkout the extension bug 1700003. * SeaMonkey 2.53.8 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.8 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.11 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - removed obsolete seamonkey-websocketloop.patch and seamonkey-rustc-bootstrap.patch (now integrated upstream) ------------------------------------------------------------------- Tue May 18 07:04:59 UTC 2021 - Tristan Miller - add patch seamonkey-rustc-bootstrap.patch adapted from https://bugzilla.mozilla.org/show_bug.cgi?id=1710154 to enable compilation with rust >= 1.50.0 ------------------------------------------------------------------- Tue May 05 18:36:24 UTC 2021 - Tristan Miller - update GNU Makefile from upstream https://bugzilla.mozilla.org/show_bug.cgi?id=1692516#c8 -- besides some general improvements, this Makefile now allows the language packs for the bundled extensions to be split off again if desired (though our spec file does not yet take advantage of this) ------------------------------------------------------------------- Tue May 04 08:19:42 UTC 2021 - Tristan Miller - use system libraries for bz2, webp, and icu to reduce package size and because this is probably more secure (since our own libraries are probably updated more often than the ones bundled with SeaMonkey) ------------------------------------------------------------------- Wed Apr 28 07:59:04 UTC 2021 - Tristan Miller - add upstream patch seamonkey-websocketloop.patch from https://bugzilla.mozilla.org/attachment.cgi?id=9218795&action=diff to solve critical performance issue https://bugzilla.mozilla.org/show_bug.cgi?id=1633339 ------------------------------------------------------------------- Tue Apr 27 11:54:30 UTC 2021 - Tristan Miller - requested inclusion in Leap 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1185349 ------------------------------------------------------------------- Tue Apr 20 15:28:04 UTC 2021 - Tristan Miller - remove check for .mkdir.done, as these files are no longer generated - remove check for text files with the executable bit incorrectly set, as the only remaining files in the source tree with this problem are ones that don't get installed anyway: https://bugzilla.mozilla.org/show_bug.cgi?id=1706019 - revise/improve spec file comments - update package description to clarify compatibility with Firefox extensions - update package description to reference bundled calendar ------------------------------------------------------------------- Tue Apr 20 06:52:31 UTC 2021 - Tristan Miller - re-enable elf-hack for x86_64 builds as this is no longer preventing compilation: https://bugzilla.mozilla.org/show_bug.cgi?id=1619776 ------------------------------------------------------------------- Mon Apr 19 20:40:37 UTC 2021 - Tristan Miller - remove --disable-optimize flag (added on Sat Sep 20 14:53:01 UTC 2014 as a result of bnc#896624) as compilation on ix86 with the default optimizations seems to work fine now ------------------------------------------------------------------- Mon Apr 19 07:40:51 UTC 2021 - Tristan Miller - add patch to install SeaMonkey's new man page: seamonkey-man-page.patch ------------------------------------------------------------------- Sun Apr 18 13:28:57 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.7.1 * Fix for legacy generators and the deprecated for each statement in add-ons and the Add-on SDK bug 1702903. * Fix for handling of dead keys in text input fields in GTK 3.24.26+ bug 1701288. * SeaMonkey 2.53.7.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.7.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.8 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. ------------------------------------------------------------------- Sun Apr 18 12:57:14 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.7 * Remove Flash and NPAPI support bug 1688415. * Switch packaged extensions to be global bug 1659298. * Add Insert Forms to Composer bug 1684611. * Fix an issue with copying to IMAP sent folder and some reference count leaks in mailnews bug 1689890. * Tailing to delay tracker requests and enhance performance has been enabled bug 1358060. * Fix an issue with favorite and recent folders not showing in macOS bug 1695869. * Various security and general platform fixes. * The ChatZilla source has been integrated into SeaMonkey and no longer needs to be checked out separately if you build your own release bug 1551033. * SeaMonkey 2.53.7 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.7 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.8 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - update GNU Makefile per https://bugzilla.mozilla.org/show_bug.cgi?id=1692516#c6 * provide a way to auto-select es-AR locale on any Spanish one but es-ES ------------------------------------------------------------------- Sun Apr 18 12:22:54 UTC 2021 - Tristan Miller - restore Chatzilla and DOM Inspector packages disabled in Revision 333; these extensions were long since re-enabled upstream but apparently we had forgotten to re-enable them in the spec file ------------------------------------------------------------------- Fri Apr 16 15:18:27 UTC 2021 - Tristan Miller - add --disable-install-strip to .mozconfig; fixes #1184851 ------------------------------------------------------------------- Fri Apr 16 07:20:09 UTC 2021 - Tristan Miller - update to SeaMonkey 2.53.6 * Improve usability of multiple mailboxes/folders selectionbug 1600103. * Add Greek localisation (el). * Remove more RDF from mailnews code. * Switch to mozilla as topsrcdir and component for building is comm/suite now. * Rust support is now up to 1.48 and official build is now using 1.47.0 * Various security and general platform fixes. * SeaMonkey 2.53.6 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.6 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.6 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - rewrote spec file to account for SeaMonkey's new build system, including a new Makefile from Dmitry Butskoy: #1181525#c3 - merged the translations-common and translations-other subpackages into the main package; it is no longer convenient/consistent to keep these separate because localizations for the integrated IRC and Calendar clients are already merged in the source. This also solves #1181525. - enabled and bundled Calendar (Lightning) extension - cleaned up spec file to remove conditions targeting long-obsolete openSUSE versions - disabled elf-hack on i586 builds, as it was preventing compilation ------------------------------------------------------------------- Tue Apr 13 07:58:48 UTC 2021 - Tristan Miller - add patch to enable builds with Rust >= 1.48 on Tumbleweed https://bugzilla.mozilla.org/show_bug.cgi?id=1617782#c22 ------------------------------------------------------------------- Fri Nov 20 09:49:51 UTC 2020 - Tristan Miller - requested inclusion in Leap 15.1 and 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1179010 ------------------------------------------------------------------- Thu Nov 19 09:44:58 UTC 2020 - Tristan Miller - update to SeaMonkey 2.53.5.1 * Fix advertising of av1 support bug 1490877. * Fix some issues found with supporting new macOS. * Various security and general platform fixes. ------------------------------------------------------------------- Sat Nov 14 20:17:43 UTC 2020 - Tristan Miller - update to SeaMonkey 2.53.5 * Provide WebP support bug 1653869. * Add startpage.com as a search engine available to all locales bug 1655283. * Added av1 support. * Included latest version of freetype2. * Added support for the resizeObserver web API. * Support for rust 1.47.0 on Linux and macOS platforms. * Dropped support for use of system sqlite. * Various security and general platform fixes. * SeaMonkey 2.53.5 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes * SeaMonkey 2.53.5 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.4 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. ------------------------------------------------------------------- Wed Sep 23 08:19:00 UTC 2020 - Tristan Miller - update to SeaMonkey 2.53.4 * This version makes changes to your profile that can't be reverted in case you want to go back to a previous version of SeaMonkey. You MUST absolutely do a full backup of your profile before trying SeaMonkey 2.53.4. * Added translation for Bokmål (nb_NO) * Upgraded NSS to 3.53.1 bug 1643859. * Updated to Unicode 11 for SpiderMonkey bug 1466471. * Updated bundled Twemoji Mozilla font to v0.5.1 to support newer emojis bug 1644346. * Updated how photos are handled in the addressbook bug 1641705. * Removed outdated RSS feed handlers bug 1643716. * Fix initialisation of TodayPane mini-day, to show the right day bug 1479628. * Fixed sizing issue of HTML mail question (askSendFormat) dialog bug 1583415. * Update of help page content and links. * Various security and general platform fixes. * SeaMonkey 2.53.4 uses the same backend as Firefox and contains the relevant Firefox 60.6 security fixes. * SeaMonkey 2.53.4 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 78.1 ESR and a few enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - Added patch seamonkey-lto.patch which corrects the LTO syntax when compiling with GCC ------------------------------------------------------------------- Mon Jul 20 09:35:49 UTC 2020 - Tristan Miller - requested inclusion in Leap 15.1 and 15.2: https://bugzilla.opensuse.org/show_bug.cgi?id=1174300 ------------------------------------------------------------------- Sat Jul 18 20:49:18 UTC 2020 - Tristan Miller - update appdata files (Bug 1174192): * correct metadata licensing information (most of the application descriptions had been taken from https://www.seamonkey-project.org/doc/features which according to the page footer is licensed under CC-BY-SA-3.0) * update the metadata summary and the introduction in the metadata description to more accurately reflect what SeaMonkey is, giving less prominence to the long-discontinued Mozilla Application Suite that many users may no longer be familiar with * update the metadata name to more accurately reflect the name or purpose of the application * update the metadata URL with the current SeaMonkey website ------------------------------------------------------------------- Wed Jul 15 12:09:03 UTC 2020 - Tristan Miller - update to SeaMonkey 2.53.3 * The LaTex tool TexZilla, used for inserting Math, has been upgraded to 1.0.2. * It is now possible to customize the toolbars in Composer and the formatting toolbar in Mailnews composition. * All folders of an account can now be marked as read. * There is now an option for not advertizing SeaMonkey at all in the user agent. * The preference for hiding the toolbar and menubar grippies can now be changed from "Preferences->Appearance". * The preference "browser.tabs.autoHide" which autohides the tab bar when there is only one tab in a browser window open has been flipped in bug 1634879. SeaMonkey will now show the tab bar as the default. You can change it back by checking "Hide the tab bar when only one tab is open" in "Preferences->Browser->Tabbed Browsing" * Update of help page content and links. * SeaMonkey language packs are now version specific and will be disabled as part of the profile upgrade following the installation of a later version. * Search Engines have been centralized and updated in bug 1300198. * Address book now has updated IM fields, improved layout for card view pane, improved multi-word search, ability to search across multiple address books, more granular prompts when deleting items, print on the context menus and print button on the toolbar. * Multimedia support has been updated in preparation of supporting more audio video formats in the next releases. For enhanced security the Rust multimedia parser is now used for this and the libstagefright package has been removed. * SeaMonkey 2.53.3 uses the same backend as Firefox and contains the relevant Firefox 60.4 security fixes. * SeaMonkey 2.53.3 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * Additional important security fixes up to Current Firefox 77 and a few enhancements have been backported. - Fix exclusion list syntax in create-tars.sh script - Disable LTO on i586 builds as these are once again failing due to memory issues ------------------------------------------------------------------- Tue Jun 02 13:00:57 UTC 2020 - Tristan Miller - Re-enable LTO on Tumbleweed builds after increasing available memory in _constraints ------------------------------------------------------------------- Sun May 10 20:24:22 UTC 2020 - Tristan Miller - Disable LTO on Tumbleweed builds to work around issues on build.opensuse.org: https://bugzilla.opensuse.org/show_bug.cgi?id=1171414 ------------------------------------------------------------------- Thu May 08 09:55:00 UTC 2020 - Tristan Miller - Update create-tars.sh script to more precisely exclude unwanted VCS files; the previous exclusion list would have eventually triggered the bug at https://bugzilla.mozilla.org/show_bug.cgi?id=1621564 ------------------------------------------------------------------- Thu May 07 14:21:31 UTC 2020 - Tristan Miller - update to SeaMonkey 2.53.2 https://www.seamonkey-project.org/releases/seamonkey2.53.2/ * Scrollbars have been switched over to the native gtk3 theme in bug 1625754. If your theme does not show scrollbar buttons and you would like to see them try editing ~/.config/gtk-3.0/gtk.css and adding the following: { -GtkScrollbar-has-backward-stepper: 1; -GtkScrollbar-has-forward-stepper: 1; } * The download progress dialog has been fixed and is now showing the correct status for downloads. Some downloads may not show the transferred count. This problem is under investigation. * SeaMonkey is now translated and available in Finnish and Georgian. * Because of website compatibility issues and privacy concerns the Lightning version is no longer appended to the user agent string and has been removed from the preferences dialog. * Advanced Layers has been activated on Windows. This should boost performance on some websites. If you experience graphics problems please disable it by setting the pref "layers.mlgpu.enabled" to false. * Whether the native app chooser is used in Linux is now controlled via a preference setting in the Helper Applications preference pane. * In the Modern theme, popup notifications have improved styling and column headers now display sort direction arrows. * The column picker and folder view have been reinstated for the bookmarks panel. * Introduced the ability to close all tabs to the right of the current tab. * Whether mailnews tabs open in the background is controlled by a separate preference to browser tabs via General Settings section of main Mail & Newsgroups preference pane. * Fixed an issue with the recipient being missing when using Reply to Sender and Group button in Newsgroup discussions. * SeaMonkey now prevents address books from having duplicate names. * SeaMonkey 2.53.2 uses the same backend as Firefox and contains the relevant Firefox 60.3 security fixes. * SeaMonkey 2.53.2 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.0 release notes for specific changes and security fixes in this release. * SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug and link it to bug 1367257. Please try another OS theme first. Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox. - Remove obsolete upstream and local patches ------------------------------------------------------------------- Thu Mar 05 12:37:11 UTC 2020 - Tristan Miller - update to SeaMonkey 2.53.1 https://www.seamonkey-project.org/releases/seamonkey2.53.1/ * The Bookmarks Manager has switched its name to Library, and now also includes the History list. When invoking History, the Library will be shown with the History list selected. The extensive modifications were needed because of Mozilla Gecko platform API changes. * Download Manager has been migrated to a new API. Although it looks pretty much the same as before, the search option is missing and some other minor details work differently. The previous downloads history is removed during the upgrade. * Added Layout panel to CSS Grid tools. * TLS 1.3 is the default version now. * Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability. * SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug and link it to Switch Linux builds to GTK3 with SeaMonkey 2.49. Please try another OS theme first. Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox. * The Lightning extension is now included. - apply upstream patches for building with rust >= 1.40 - remove mozilla-systems-nss.patch (since merged upstream) - remove mozilla-no-stdcxx-check.patch (no longer applicable as build checks have been moved to a Python script) - adapt mozilla-nongnome-proxies.patch, mozilla-language.patch, and mozilla-ntlm-full-path.patch for SeaMonkey 2.53.1 - add upstream patch for better LTO detection - disable elf-hacking on x86_64 builds to prevent build errors: https://bugzilla.mozilla.org/show_bug.cgi?id=1619776 - rewrite the create-tars.sh script according to the new source code checkout instructions: https://bugzilla.opensuse.org/show_bug.cgi?id=1165427 https://bugzilla.mozilla.org/show_bug.cgi?id=1618806 ------------------------------------------------------------------- Fri Jan 24 10:59:33 UTC 2020 - Tristan Miller - remove obsolete locale patches mozilla-ua-locale.patch and seamonkey-ua-locale.patch, and update default preferences per https://bugzilla.mozilla.org/show_bug.cgi?id=542999#c23 ------------------------------------------------------------------- Mon Jan 20 12:22:30 UTC 2020 - Tristan Miller - remove obsolete and unused custom search add-ons ------------------------------------------------------------------- Tue Jan 14 13:28:47 UTC 2020 - Tristan Miller - disable Rust, as it caused build errors and was apparently unused - add patch unifying gettid() declarations to avoid GCC build errors - add patch correcting the syntax of the linker flags ------------------------------------------------------------------- Mon Jan 13 10:52:54 UTC 2020 - Wolfgang Rosenauer - remove mozilla-reduce-files-per-UnifiedBindings.patch since it creates build errors in certain situations - introduce limit_build instead ------------------------------------------------------------------- Mon Oct 21 09:29:14 UTC 2019 - Wolfgang Rosenauer - update to Seamonkey 2.49.5 * https://www.seamonkey-project.org/releases/seamonkey2.49.5/ - removed obsolete patch mozilla-bmo1338655.patch - fix build with system NSS (mozilla-system-nss.patch) ------------------------------------------------------------------- Fri Jul 13 05:13:13 UTC 2018 - wr@rosenauer.org - update to Seamonkey 2.49.4 * Gecko 52.9.1esr (bsc#1098998) MFSA 2018-16 (bsc#1098998) * CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element * CVE-2018-12360 (bmo#1459693) Use-after-free when using focus() * CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler * CVE-2018-5156 (bmo#1453127) Media recorder segmentation fault when track type is changed during capture * CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes * CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins * CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames * CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, bmo#1464079,bmo#1463494,bmo#1458048) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 - localizations finally included again (boo#1062195) ------------------------------------------------------------------- Thu Jun 7 00:07:03 UTC 2018 - bjorn.lie@gmail.com - Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass conditional --disable-gconf to configure: no longer pull in obsolete gconf2 for Tumbleweed. ------------------------------------------------------------------- Tue Jun 5 12:09:11 UTC 2018 - psychonaut@nothingisreal.com - update spec file summary and description to more accurately reflect what SeaMonkey is, giving less prominence to the long- discontinued Mozilla Application Suite that many users may no longer be familiar with - update project URL in spec file ------------------------------------------------------------------- Sat Mar 3 16:57:24 UTC 2018 - wr@rosenauer.org - update to Seamonkey 2.49.2 * Gecko 52.6esr (including security relevant fixes) (bsc#1077291) * fix issue in Composer * With some themes, the menulist- and history-dropmarker didn't show * Scrollbars didn't show the buttons * WebRTC has been disabled by default. It needs an add-on to enable it per site * The active title bar was not visually emphasized - correct requires and provides handling (boo#1076907) ------------------------------------------------------------------- Tue Jan 9 07:53:08 UTC 2018 - wr@rosenauer.org - Explicitly buildrequires python2-xml: The build system relies on it. We wrongly relied on other packages pulling it in for us. - use parallel compression in create-tar if available - use XZ instead of BZ2 for source archives - import upstream patch mozilla-bmo1338655.patch to fix failing build ------------------------------------------------------------------- Thu Dec 7 11:19:39 UTC 2017 - dimstar@opensuse.org - Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %{VERSION} defined as 'the main packages version'. ------------------------------------------------------------------- Fri Nov 10 22:30:10 UTC 2017 - zaitor@opensuse.org - Drop obsolete libgnomeui-devel BuildRequires: No longer needed. - Following the above, add explicit pkgconfig(gconf-2.0), pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0) and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously pulled in by libgnomeui-devel, and is what configure really checks for. ------------------------------------------------------------------- Fri Aug 4 15:02:38 UTC 2017 - wr@rosenauer.org - update to Seamonkey 2.48 * based on Gecko 51.0.3 * requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR) - removed obsolete (upstreamed) patches * mozilla-http2-ecdh-keybits.patch * mozilla-sed43.patch * mozilla-flex_buffer_overrun.patch * mozilla-shared-nss-db.patch (feature dropped from SM due to maintenance costs vs. usefulness) * mozilla-binutils-visibility.patch * mozilla-check_return.patch * mozilla-skia-overflow.patch - rebased patches ------------------------------------------------------------------- Sun Feb 12 13:03:49 UTC 2017 - wr@rosenauer.org - fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch) ------------------------------------------------------------------- Tue Jan 24 21:08:19 UTC 2017 - wr@rosenauer.org - improve recognition of LANGUAGE env variable (boo#1017174) - update minimum keybits in H2 so it allows a smaller value (e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037) (boo#1021636) (mozilla-http2-ecdh-keybits.patch) ------------------------------------------------------------------- Fri Dec 23 22:13:00 UTC 2016 - wr@rosenauer.org - update to Seamonkey 2.46 * based on Gecko 49.0.2 * Chatzilla and DOM Inspector were removed/disabled and therefore those subpackages are not available at this moment - requires NSPR 4.12 and NSS 3.25 - removed obsolete patches * mozilla-libproxy.patch * mozilla-gcc6.patch * mozilla-openaes-decl.patch - rebased patches - added patches imported from Firefox 49: * mozilla-check_return.patch * mozilla-flex_buffer_overrun.patch * mozilla-skia-overflow.patch ------------------------------------------------------------------- Mon Oct 17 11:30:39 UTC 2016 - wr@rosenauer.org - mozilla-binutils-visibility.patch to fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) ------------------------------------------------------------------- Sun Aug 21 14:05:26 UTC 2016 - antoine.belvire@laposte.net - Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6 (still boo#991027) - Check compiler version instead of openSUSE version for this ------------------------------------------------------------------- Mon Aug 8 09:19:46 UTC 2016 - wr@rosenauer.org - build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6 as long as underlying issues have been addressed upstream (boo#991027) ------------------------------------------------------------------- Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com - Fix for possible buffer overrun (bsc#990856) CVE-2016-6354 (bmo#1292534) [mozilla-flex_buffer_overrun.patch] ------------------------------------------------------------------- Tue Jul 26 04:44:49 UTC 2016 - badshah400@gmail.com - Add appstream metainfo files as a tar.bz2 source (seamonkey-appdata.tar.bz2) and install these appdata.xml files to the appdata dir (/usr/share/appdata); with these appdata files installed, seamonkey shows up in appstores like GNOME software and KDE Discover. ------------------------------------------------------------------- Sun Jul 17 02:55:00 UTC 2016 - badshah400@gmail.com - Add mozilla-gcc6.patch to fix building with gcc >= 6.0. ------------------------------------------------------------------- Sat Mar 5 09:20:24 UTC 2016 - wr@rosenauer.org - fix build problems on i586, caused by too large unified compile units - adding mozilla-reduce-files-per-UnifiedBindings.patch - increased _constraints as required ------------------------------------------------------------------- Tue Jan 19 16:15:28 UTC 2016 - wr@rosenauer.org - update to Seamonkey 2.40 (bnc#959277) * requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs - rebased patches - buildrequire xcomposite now explicitely ------------------------------------------------------------------- Thu Nov 5 08:01:22 UTC 2015 - wr@rosenauer.org - update to Seamonkey 2.39 (bnc#952810) * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being treated as non-escaped * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) - requires NSPR >= 4.10.10 and NSS >= 3.19.4 - removed obsolete patches * mozilla-icu-strncat.patch - fixed build with enable-libproxy (bmo#1220399) * mozilla-libproxy.patch ------------------------------------------------------------------- Thu Oct 1 09:42:28 UTC 2015 - wr@rosenauer.org - update to SeaMonkey 2.38 (bnc#947003) * based on 41.0.1 * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API - removed obsolete patch * mozilla-add-glibcxx_use_cxx11_abi.patch - added mozilla-no-stdcxx-check.patch ------------------------------------------------------------------- Sat Aug 29 20:09:34 UTC 2015 - wr@rosenauer.org - update to SeaMonkey 2.35 (bnc#935979) * based on 38.1.1esr * requires NSPR 4.10.8 and NSS 3.19.2 - removed obsolete patches * mozilla-visitSubstr.patch * mozilla-undef-CONST.patch * mozilla-reintroduce-pixman-code-path.patch * mozilla-fix-prototype.patch * mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch - renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox) - dropped mozilla-prefer_plugin_pref.patch as this feature is likely not worth maintaining further ------------------------------------------------------------------- Sat Jun 27 08:13:54 UTC 2015 - antoine.belvire@laposte.net - Fix compilation issues: * Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109) * Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958) * Add mozilla-visitSubstr.patch (bmo#1108834) * Add mozilla-undef-CONST.patch (bmo#1111395) * Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch ------------------------------------------------------------------- Sun Mar 22 09:11:17 UTC 2015 - wr@rosenauer.org - update to SeaMonkey 2.33.1 (bnc#923534) * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination ------------------------------------------------------------------- Mon Mar 16 08:48:08 UTC 2015 - wr@rosenauer.org - update to SeaMonkey 2.33 (bnc#917597) * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only) * MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections * MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings * MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB * MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content * MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling * MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback * MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library * MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete * MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in background tab can spoof foreground tabs * MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox bypass - rebased patches - requires NSS 3.17.4 - removed obsolete seamonkey-fix-signed-char.patch - mozilla-xremote-client was removed upstream ------------------------------------------------------------------- Sat Feb 7 09:52:07 UTC 2015 - wr@rosenauer.org - update to SeaMonkey 2.32.1 * fixed MailNews feeds not updating * fixed selected profile in Profile Manager not remembered * fixed opening a bookmark folder in tabs on Linux * fixed Troubleshooting Information (about:support) with the Modern theme ------------------------------------------------------------------- Sat Jan 17 17:59:50 UTC 2015 - wr@rosenauer.org - update to SeaMonkey 2.32 (bnc#910669) * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects - rebased patches - removed obsolete mozilla-seamonkey-sdk.patch - added mozilla-openaes-decl.patch to fix implicit declarations ------------------------------------------------------------------- Thu Jan 1 22:53:33 UTC 2015 - wr@rosenauer.org - use GStreamer 1.0 from 13.2 on - removed package support for distributions older than 12.3 * removed mozilla-sle11.patch ------------------------------------------------------------------- Mon Dec 8 10:49:06 UTC 2014 - meissner@suse.com - seamonkey-fix-signed-char.patch: fix build on platforms where char is unsigned (power/arm). (bmo#1085151) - mozilla-fix-prototype.patch: add string.h includes for memcpy prototype (as used on bigendian architectures). ------------------------------------------------------------------- Thu Dec 4 23:52:37 UTC 2014 - pcerny@suse.com - enable some extensions using the addons sdk (e.g. Ghostery) (mozilla-seamonkey-sdk.patch) (bmo#1071048) ------------------------------------------------------------------- Wed Dec 3 06:53:08 UTC 2014 - wr@rosenauer.org - update to SeaMonkey 2.31 (bnc#908009) * requires NSS 3.17.2 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - rebased patches ------------------------------------------------------------------- Fri Nov 21 10:43:11 UTC 2014 - wr@rosenauer.org - use platform specific build flags as in Firefox (including _constraints) - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639) ------------------------------------------------------------------- Wed Nov 19 22:13:00 UTC 2014 - Led - fix bashisms in mozilla.sh and add-plugins.sh scripts ------------------------------------------------------------------- Tue Oct 14 21:06:22 UTC 2014 - wr@rosenauer.org - update to SeaMonkey 2.30 (bnc#900941) * venkman debugger removed from application and therefore obsolete package seamonkey-venkman * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches: * mozilla-ppc.patch * mozilla-libproxy-compat.patch ------------------------------------------------------------------- Sat Sep 20 14:53:01 UTC 2014 - wr@rosenauer.org - update to SeaMonkey 2.29 (bnc#894370) * based on Gecko 32.0 including all security fixes outlined here https://www.mozilla.org/security/known-vulnerabilities/ * removed obsolete patches mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch, mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch, mozilla-aarch64-bmo-963027.patch mozilla-ppc64le-build.patch, mozilla-ppc64le-javascript.patch, mozilla-ppc64le-libffi.patch, mozilla-ppc64le-mfbt.patch, mozilla-ppc64le-webrtc.patch, mozilla-ppc64le-xpcom.patch * rebased patches - requires NSS 3.16.4 - build with --disable-optimize for 13.1 and above for i586 to workaround miscompilations (bnc#896624) ------------------------------------------------------------------- Mon Jun 16 09:04:38 UTC 2014 - wr@rosenauer.org - update to SeaMonkey 2.26.1 (bnc#881874) * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, bmo#996536, bmo#996715, bmo#999651, bmo#1000598, bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, bmo#1009952, bmo#1011007) Miscellaneous memory safety hazards (rv:30.0) * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 (bmo#989994, bmo#999274, bmo#1005584) Use-after-free and out of bounds issues found using Address Sanitizer * MFSA 2014-50/CVE-2014-1539 (bmo#995603) Clickjacking through cursor invisability after Flash interaction * MFSA 2014-51/CVE-2014-1540 (bmo#978862) Use-after-free in Event Listener Manager * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) Use-after-free with SMIL Animation Controller * MFSA 2014-53/CVE-2014-1542 (bmo#991533) Buffer overflow in Web Audio Speex resampler * MFSA 2014-54/CVE-2014-1543 (bmo#1011859) Buffer overflow in Gamepad API * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) Out of bounds write in NSPR - requires NSPR 4.10.6 - build require makeinfo ------------------------------------------------------------------- Tue May 13 09:05:18 UTC 2014 - wr@rosenauer.org - fix translations packaging (bnc#877263) ------------------------------------------------------------------- Tue Apr 29 06:43:16 UTC 2014 - wr@rosenauer.org - update to SeaMonkey 2.26 (bnc#875378) * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards * MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video * MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver * MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript - rebased patches - added aarch64 porting patches * mozilla-aarch64-bmo-810631.patch * mozilla-aarch64-bmo-962488.patch * mozilla-aarch64-bmo-963023.patch * mozilla-aarch64-bmo-963024.patch * mozilla-aarch64-bmo-963027.patch - requires NSPR 4.10.3 and NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks ------------------------------------------------------------------- Wed Mar 19 13:31:58 UTC 2014 - wr@rosenauer.org - update to SeaMonkey 2.25 (bnc#868603) * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering - requires NSPR 4.10.3 and NSS 3.15.5 - new build dependency (and recommends): * libpulse - update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com) - rebased patches ------------------------------------------------------------------- Sat Feb 8 08:21:01 UTC 2014 - wr@rosenauer.org - replaced locale source archive because the old one was broken by wrong upstream tagging (bnc#862831) ------------------------------------------------------------------- Tue Feb 4 10:18:33 UTC 2014 - wr@rosenauer.org - update to SeaMonkey 2.24 (bnc#861847) * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) * MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes * MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts * MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage * MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes * MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy * MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing * MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers * MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues * MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects - requires NSS 3.15.4 - removed obsolete mozilla-bug929439.patch ------------------------------------------------------------------- Fri Dec 13 21:30:38 UTC 2013 - uweigand@de.ibm.com - Add support for powerpc64le-linux. * ppc64le-support.patch: general support * libffi-ppc64le.patch: libffi backport * xpcom-ppc64le.patch: port xpcom - Add build fix from mainline. * mozilla-bug929439.patch ------------------------------------------------------------------- Wed Dec 11 11:13:16 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.23 (bnc#854367, bnc#854370)) * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - rebased patches: * mozilla-nongnome-proxies.patch * mozilla-shared-nss-db.patch ------------------------------------------------------------------- Wed Oct 30 18:07:33 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.22 (bnc#847708) * rebased patches * requires NSS 3.15.2 or higher * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates ------------------------------------------------------------------- Tue Sep 17 15:51:02 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.21 (bnc#840485) * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - requires NSS 3.15.1 ------------------------------------------------------------------- Mon Aug 5 17:26:03 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch ------------------------------------------------------------------- Sat Jun 29 14:22:45 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.19 (bnc#825935) * removed obsolete patches + mozilla-gstreamer-760140.patch * GStreamer support does not build on 12.1 anymore (build only on 12.2 and later) * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name ------------------------------------------------------------------- Tue May 28 20:52:21 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.17.1 ------------------------------------------------------------------- Tue Apr 9 06:45:05 UTC 2013 - wr@rosenauer.org - revert to use GStreamer 0.10 on 12.3 (bnc#814101) ------------------------------------------------------------------- Tue Apr 2 14:18:30 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.17 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * mozilla-webrtc-ppc.patch included upstream * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) ------------------------------------------------------------------- Fri Mar 15 17:34:54 UTC 2013 - pcerny@suse.com - update to SeaMonkey 2.16.2 ------------------------------------------------------------------- Sat Mar 9 09:15:53 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.16.1 (bnc#808243) * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor ------------------------------------------------------------------- Mon Feb 18 07:41:44 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.16 (bnc#804248) * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches * mozilla-webrtc.patch * mozilla-gstreamer-803287.patch ------------------------------------------------------------------- Mon Feb 4 12:27:38 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.15.2 * Applications could not be removed from the "Application details" dialog under Preferences, Helper Applications (bmo#826771). * View / Message Body As could show menu items out of context (bmo#831348) ------------------------------------------------------------------- Sun Jan 20 09:15:53 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.15.1 * backed out bmo#677092 (removed patch) * fixed problems involving HTTP proxy transactions ------------------------------------------------------------------- Sun Jan 13 16:38:35 UTC 2013 - wr@rosenauer.org - backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468) ------------------------------------------------------------------- Tue Jan 8 18:32:43 UTC 2013 - wr@rosenauer.org - update to SeaMonkey 2.15 (bnc#796895) * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads * MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in Javascript Proxy objects - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) - reenable WebRTC - added mozilla-libproxy-compat.patch for libproxy API compat on openSUSE 11.2 and earlier ------------------------------------------------------------------- Tue Dec 18 13:08:40 UTC 2012 - wr@rosenauer.org - update to SeaMonkey 2.14.1 * fix regressions from 2.14 release ------------------------------------------------------------------- Tue Nov 20 20:44:06 UTC 2012 - wr@rosenauer.org - update to SeaMonkey 2.14 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) ------------------------------------------------------------------- Sat Oct 27 08:59:58 UTC 2012 - wr@rosenauer.org - update to SeaMonkey 2.13.2 (bnc#786522) * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues ------------------------------------------------------------------- Fri Oct 12 07:33:18 UTC 2012 - wr@rosenauer.org - update to SeaMonkey 2.13.1 (bnc#783533) * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied ------------------------------------------------------------------- Mon Oct 8 20:32:50 UTC 2012 - wr@rosenauer.org - update to SeaMonkey 2.13 (bnc#783533) * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990 (bmo#787704) Use-after-free in the IME State Manager - requires NSPR 4.9.2 - improve GStreamer integration (bmo#760140) ------------------------------------------------------------------- Mon Sep 10 20:18:35 UTC 2012 - wr@rosenauer.org - update to SeaMonkey 2.12.1 (bnc#779936) * Sites visited while in Private Browsing mode could be found through manual browser cache inspection (bmo#787743) ------------------------------------------------------------------- Mon Aug 27 12:26:38 UTC 2012 - wr@rosenauer.org - update to SeaMonkey 2.12 (bnc#777588) * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 Use-after-free issues found using Address Sanitizer * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object can be shadowed using Object.defineProperty * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) Memory corruption with bitmap format images with negative height * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds read in format-number in XSLT * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads linked resources in extensions when parsing text/html * MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site SSL certificate data display * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object security checks bypassed by chrome code - enable GStreamer for 12.1 and higher - use internal libjpeg ------------------------------------------------------------------- Sun Jul 29 16:59:17 UTC 2012 - wr@rosenauer.org - import PPC patch from Firefox: * add patches for bmo#750620 and bmo#746112 * fix xpcshell segfault on ppc ------------------------------------------------------------------- Mon Jul 16 09:35:54 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.11 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs * relicensed to MPL-2.0 - updated/removed patches - requires NSS 3.13.5 ------------------------------------------------------------------- Fri Jun 15 07:50:18 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.10.1 ------------------------------------------------------------------- Mon Jun 4 06:03:00 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.10 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - requires NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) ------------------------------------------------------------------- Mon Apr 30 07:30:14 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.9.1 * fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using "Fetch Headers Only" (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) ------------------------------------------------------------------- Fri Apr 27 10:21:24 UTC 2012 - wr@rosenauer.org - fixed build with gcc 4.7 ------------------------------------------------------------------- Mon Apr 23 14:28:50 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.9 (bnc#758408) * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds ------------------------------------------------------------------- Sat Apr 21 12:29:55 UTC 2012 - wr@rosenauer.org - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 ------------------------------------------------------------------- Tue Mar 13 15:19:56 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.8 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards - explicitely build-require X libs ------------------------------------------------------------------- Thu Feb 16 15:55:03 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.7.2 (bnc#747328) * CVE-2011-3026 (bmo#727401) libpng: integer overflow leading to heap-buffer overflow ------------------------------------------------------------------- Thu Feb 9 12:36:02 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.7.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) ------------------------------------------------------------------- Tue Jan 31 22:16:33 UTC 2012 - wr@rosenauer.org - update to Seamonkey 2.7 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071)