Package Release Info

seamonkey-2.49.4-bp150.3.3.1

Update Info: openSUSE-2018-873
Available in Package Hub : 15 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

seamonkey
seamonkey-translations-common
seamonkey-translations-other

Change Logs

* Fri Jul 13 2018 wr@rosenauer.org
- update to Seamonkey 2.49.4
  * Gecko 52.9.1esr (bsc#1098998)
  MFSA 2018-16 (bsc#1098998)
  * CVE-2018-12359 (bmo#1459162)
    Buffer overflow using computed size of canvas element
  * CVE-2018-12360 (bmo#1459693)
    Use-after-free when using focus()
  * CVE-2018-12362 (bmo#1452375)
    Integer overflow in SSSE3 scaler
  * CVE-2018-5156 (bmo#1453127)
    Media recorder segmentation fault when track type is changed during capture
  * CVE-2018-12363 (bmo#1464784)
    Use-after-free when appending DOM nodes
  * CVE-2018-12364 (bmo#1436241)
    CSRF attacks through 307 redirects and NPAPI plugins
  * CVE-2018-12365 (bmo#1459206)
    Compromised IPC child process can list local filenames
  * CVE-2018-12366 (bmo#1464039)
    Invalid data handling during QCMS transformations
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
    bmo#1464079,bmo#1463494,bmo#1458048)
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- localizations finally included again (boo#1062195)
* Thu Jun 07 2018 bjorn.lie@gmail.com
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.
* Tue Jun 05 2018 psychonaut@nothingisreal.com
- update spec file summary and description to more accurately
  reflect what SeaMonkey is, giving less prominence to the long-
  discontinued Mozilla Application Suite that many users may no
  longer be familiar with
- update project URL in spec file
* Sat Mar 03 2018 wr@rosenauer.org
- update to Seamonkey 2.49.2
  * Gecko 52.6esr (including security relevant fixes) (bsc#1077291)
  * fix issue in Composer
  * With some themes, the menulist- and history-dropmarker didn't show
  * Scrollbars didn't show the buttons
  * WebRTC has been disabled by default. It needs an add-on to enable it per site
  * The active title bar was not visually emphasized
- correct requires and provides handling (boo#1076907)
Version: 2.49.1-bp150.2.5
* Tue Jan 09 2018 wr@rosenauer.org
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.
- use parallel compression in create-tar if available
- use XZ instead of BZ2 for source archives
- import upstream patch mozilla-bmo1338655.patch to fix failing
  build
* Thu Dec 07 2017 dimstar@opensuse.org
- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
* Fri Nov 10 2017 zaitor@opensuse.org
- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Following the above, add explicit pkgconfig(gconf-2.0),
  pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0)
  and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously
  pulled in by libgnomeui-devel, and is what configure really
  checks for.
* Fri Aug 04 2017 wr@rosenauer.org
- update to Seamonkey 2.48
  * based on Gecko 51.0.3
  * requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)
- removed obsolete (upstreamed) patches
  * mozilla-http2-ecdh-keybits.patch
  * mozilla-sed43.patch
  * mozilla-flex_buffer_overrun.patch
  * mozilla-shared-nss-db.patch (feature dropped from SM due to
    maintenance costs vs. usefulness)
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-skia-overflow.patch
- rebased patches
* Sun Feb 12 2017 wr@rosenauer.org
- fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)
* Tue Jan 24 2017 wr@rosenauer.org
- improve recognition of LANGUAGE env variable (boo#1017174)
- update minimum keybits in H2 so it allows a smaller value
  (e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037)
  (boo#1021636) (mozilla-http2-ecdh-keybits.patch)
* Fri Dec 23 2016 wr@rosenauer.org
- update to Seamonkey 2.46
  * based on Gecko 49.0.2
  * Chatzilla and DOM Inspector were removed/disabled and therefore
    those subpackages are not available at this moment
- requires NSPR 4.12 and NSS 3.25
- removed obsolete patches
  * mozilla-libproxy.patch
  * mozilla-gcc6.patch
  * mozilla-openaes-decl.patch
- rebased patches
- added patches imported from Firefox 49:
  * mozilla-check_return.patch
  * mozilla-flex_buffer_overrun.patch
  * mozilla-skia-overflow.patch
* Mon Oct 17 2016 wr@rosenauer.org
- mozilla-binutils-visibility.patch to fix build issues with
  gcc/binutils combination used in Leap 42.2 (boo#984637)
* Sun Aug 21 2016 antoine.belvire@laposte.net
- Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6
  (still boo#991027)
- Check compiler version instead of openSUSE version for this
* Mon Aug 08 2016 wr@rosenauer.org
- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
  as long as underlying issues have been addressed upstream
  (boo#991027)
* Fri Aug 05 2016 pcerny@suse.com
- Fix for possible buffer overrun (bsc#990856)
  CVE-2016-6354 (bmo#1292534)
  [mozilla-flex_buffer_overrun.patch]
* Tue Jul 26 2016 badshah400@gmail.com
- Add appstream metainfo files as a tar.bz2 source
  (seamonkey-appdata.tar.bz2) and install these appdata.xml files
  to the appdata dir (/usr/share/appdata); with these appdata
  files installed, seamonkey shows up in appstores like GNOME
  software and KDE Discover.
* Sun Jul 17 2016 badshah400@gmail.com
- Add mozilla-gcc6.patch to fix building with gcc >= 6.0.
* Sat Mar 05 2016 wr@rosenauer.org
- fix build problems on i586, caused by too large unified compile
  units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- increased _constraints as required
* Tue Jan 19 2016 wr@rosenauer.org
- update to Seamonkey 2.40 (bnc#959277)
  * requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
    Miscellaneous memory safety hazards
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
    Crash with JavaScript variable assignment with unboxed objects
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using perfomance.getEntries and
    history navigation
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
    Firefox allows for control characters to be set in cookies
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
    Cross-origin information leak through web workers error events
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
    Hash in data URI is incorrectly parsed
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
    DOS due to malformed frames in HTTP/2
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
    Linux file chooser crashes on malformed images due to flaws in
    Jasper library
  * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
    (bmo#1201183, bmo#1178033, bmo#1199400)
    Buffer overflows found through code inspection
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
    Underflow through code inspection
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
    Integer overflow in MP4 playback in 64-bit versions
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
    Integer underflow and buffer overflow processing MP4 metadata in
    libstagefright
  * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
    Privilege escalation vulnerabilities in WebExtension APIs
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
    Cross-site reading attack through data and view-source URIs
- rebased patches
- buildrequire xcomposite now explicitely
* Thu Nov 05 2015 wr@rosenauer.org
- update to Seamonkey 2.39 (bnc#952810)
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
    Information disclosure through NTLM authentication
  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
    CSP bypass due to permissive Reader mode whitelist
  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
    Firefox for Android addressbar can be removed after fullscreen mode
  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
    Reading sensitive profile files through local HTML file on Android
  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
    disabling scripts in Add-on SDK panels has no effect
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
    Android intents can be used on Firefox for Android to open privileged files
  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
    XSS attack through intents on Firefox for Android
  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
    Crash when accessing HTML tables with accessibility tools on OS X
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
    Certain escaped characters in host of Location-header are being
    treated as non-escaped
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
  * mozilla-icu-strncat.patch
- fixed build with enable-libproxy (bmo#1220399)
  * mozilla-libproxy.patch
* Thu Oct 01 2015 wr@rosenauer.org
- update to SeaMonkey 2.38 (bnc#947003)
  * based on 41.0.1
  * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
    Miscellaneous memory safety hazards
  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
    Memory leak in mozTCPSocket to servers
  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
    Out of bounds read in QCMS library with ICC V4 profile attributes
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
    Crash when using debugger with SavedStacks in JavaScript
  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
    Use-after-free with shared workers and IndexedDB
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
    Out-of-bounds read during 2D canvas display on Linux 16-bit
    color depth systems
  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
    Scripted proxies can access inner window
  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
    JavaScript immutable property enforcement can be bypassed
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
  * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
    Information disclosure via the High Resolution Time API
- removed obsolete patch
  * mozilla-add-glibcxx_use_cxx11_abi.patch
- added mozilla-no-stdcxx-check.patch
* Sat Aug 29 2015 wr@rosenauer.org
- update to SeaMonkey 2.35 (bnc#935979)
  * based on 38.1.1esr
  * requires NSPR 4.10.8 and NSS 3.19.2
- removed obsolete patches
  * mozilla-visitSubstr.patch
  * mozilla-undef-CONST.patch
  * mozilla-reintroduce-pixman-code-path.patch
  * mozilla-fix-prototype.patch
  * mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
- renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch
  to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
  likely not worth maintaining further
* Sat Jun 27 2015 antoine.belvire@laposte.net
- Fix compilation issues:
  * Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)
  * Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)
  * Add mozilla-visitSubstr.patch (bmo#1108834)
  * Add mozilla-undef-CONST.patch (bmo#1111395)
  * Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
* Sun Mar 22 2015 wr@rosenauer.org
- update to SeaMonkey 2.33.1 (bnc#923534)
  * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
    Privilege escalation through SVG navigation
  * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
    Code execution through incorrect JavaScript bounds checking
    elimination