seamonkey-2.53.10.2-bp154.1.44

- update to SeaMonkey 2.53.10.2
  * Obtain Windows code-signing certificate for SeaMonkey binary and
    update signing bug 1438084.
  * Support SHA-2 hashes in CertIDs in OCSP responses - port of bug
    1746221.
  * Fix rust 1.57 Windows linking for SeaMonkey 2.53 bug 1746785.
  * SeaMonkey 2.53.10.2 uses the same backend as Firefox and contains
    the relevant Firefox 60.8 security fixes.
  * Additional important security fixes up to Current Firefox 91.4.1
    ESR and a few enhancements have been backported. We will continue
    to enhance SeaMonkey security in subsequent 2.53.x beta and
    release versions as fast as we are able to.
  * SeaMonkey 2.53.10.2 shares most parts of the mail and news code
    with Thunderbird. Please read the Thunderbird 60.0 release notes
    for specific changes and security fixes in this release.
- requested inclusion in Leap 15.3:
  https://bugzilla.opensuse.org/show_bug.cgi?id=1194114

- update to SeaMonkey 2.53.10.1
  * Security fix for NSS code bug 1737470.
  * Only use networks and servers in lower case in ChatZilla bug
    1742502.
  * Change classic form icon in SeaMonkey composer bug 1710915.
  * Addition fixes for SeaMonkey 32x32 default icons on Windows and
    macOS bug 1729153.
  * SeaMonkey 2.53.10.1 uses the same backend as Firefox and contains
    the relevant Firefox 60.8 security fixes.
  * SeaMonkey 2.53.10.1 shares most parts of the mail and news code
    with Thunderbird. Please read the Thunderbird 60.0 release notes
    for specific changes and security fixes in this release.
  * Additional important security fixes up to Current Firefox 91.4 ESR
    and a few enhancements have been backported. We will continue to
    enhance SeaMonkey security in subsequent 2.53.x beta and release
    versions as fast as we are able to.
- Remove unused build dependency on libidl-devel.
- requested inclusion in Leap 15.3:
  https://bugzilla.opensuse.org/show_bug.cgi?id=1193668

- update to SeaMonkey 2.53.10
  * Minor fixes for testdisplay command in ChatZilla bug 1727976.
  * Show CTCP requests (excluding ACTION and DCC) bug 1722156.
  * IRCv3: Add support for server-time bug 1724586.
  * Add localization note for network editor dialog width in ChatZilla
    bug 1727977.
  * IRCv3: Add support for extended-join and account-notify bug
    1722159.
  * Add ability to collapse message groups in ChatZilla bug 1724588.
  * Fix JS strict warnings in unescapeTagValue in ChatZilla bug
    1727989.
  * IRCv3: Add support for invite-notify bug 1722161.
  * IRCv3: Add support for batch bug 1724589.
  * Fix JS strict warning in addHistory in cZ static.js bug 1727992.
  * IRCv3: Add support for cap-notify bug 1722162.
  * Stop using canonical name as collection keys in ChatZilla bug
    1728025.
  * IRCv3: Add support for TLS and STS bug 1722166.
  * Helper function for renaming irc server properties in ChatZilla
    bug 1728027.
  * IRCv3: Add support for MONITOR bug 1722174.
  * Remove use of msg.commasp in ChatZilla bug 1726965.
  * Allow shiftKey to modify behaviour of link clicking in cZ bug
    1713458.
  * IRCv3: Add support for echo-message bug 1722211.
  * In ChatZilla make /commands return all matches starting with
    pattern bug 1726966.
  * Use SeaMonkey prefs to determine how links behave in cZ bug
    1713467.
  * Allow parameters to be localised in ChatZilla bug 1724105.
  * Add identify command to cZ and hook into password management bug
    1713470.
  * IRCv3.1: Implement SASL with PLAIN mechanism bug 1717545.
  * IRCv3: Add support for message tags bug 1724584.
  * Add last read message divider to ChatZilla bug 1729159.
  * IRCv3: Add support for account-tag bug 1724585.
  * Missing option "text encoding Unicode/UTF-8" in preferences -
    Mailnews bug 1679260.
  * Detect Crashreporter using AppConstants in SeaMonkey bug 1735236.
  * Link about LEGACY extensions in Add-ons Manager is broken bug
    1656797.
  * Update help for clear private data preferences and dialog bug
    1728911.
  * Fix typo in cs_nav_prefs_appearance bug 1737473.
  * Drop leftover "Edit Menu" comment from messageWindow.xul and
    addressbook.xul bug 1725121.
  * Add dummy tab routines to SeaMonkey mailnews tab browser bug
    1735243.
  * Folder pane and tab/window title not updated correctly when
    opening in new tab bug 1726940.
  * Allow mail tab bar to be controlled separately to browser tab bar
    bug 1724515.
  * Copy any user set values for new mail.tabs prefs bug 1729165.
  * Merge Master Passwords and Passwords pref panes into a single pref
    pane bug 1728099.
  * Move warning about redirection pref from Content to Privacy &
    Security pane bug 1728185.
  * Move website icons prefs from content pref pane to browser pref
    pane bug 1727425.
  * Move browser / mailnews system integration prefs into advanced
    pane bug 1727659.
  * Have separate opentabfor.middleclick for mailnews bug 1727948.
  * Add removeBrowser helper for tabbrowser bug 1730391.
  * Put <browser> in a <stack> so it's easy to overlay bug 1730392.
  * Allow browser focus to be avoided bug 1720003.
  * SeaMonkey 32x32 default icon has light stripe at the bottom bug
    1729153.
  * Support <input type=time> and <input type=date> in SeaMonkey bug
    1730408.
  * Middleclick on browser tab handled twice (closes tab and loads URL
    from primary or clipboard) bug 1734407.
  * Unable to create a new "Saved Search Folder" using "Save View as a
    Folder..." bug 1738669.
  * Enable compression for standard http connections bug 1728996.
  * Support VS2022 for compiling under Windows bug 1728988.
  * SeaMonkey 2.53.10 uses the same backend as Firefox and contains
    the relevant Firefox 60.8 security fixes.
  * SeaMonkey 2.53.10 shares most parts of the mail and news code
    with Thunderbird. Please read the Thunderbird 60.0 release notes
    for specific changes and security fixes in this release.
  * Additional important security fixes up to Current Firefox 78.15
    ESR and a few enhancements have been backported. We will continue
    to enhance SeaMonkey security in subsequent 2.53.x beta and
    release versions as fast as we are able to.
- requested inclusion in Leap 15.3 and Leap 15.2:
  https://bugzilla.opensuse.org/show_bug.cgi?id=1192742

- update to SeaMonkey 2.53.9.1
  * Fix the lazy loading of images from some websites bug 1727967.
  * Move certain font family defaults from serif to sans serif bug
    1727982.
  * SeaMonkey 2.53.9.1 uses the same backend as Firefox and contains
    the relevant Firefox 60.8 security fixes.
  * SeaMonkey 2.53.9.1 shares most parts of the mail and news code
    with Thunderbird. Please read the Thunderbird 60.0 release notes
    for specific changes and security fixes in this release.
  * Additional important security fixes up to Current Firefox 78.14
    ESR and a few enhancements have been backported. We will continue
    to enhance SeaMonkey security in subsequent 2.53.x beta and
    release versions as fast as we are able to.
- requested inclusion in Leap 15.3 and Leap 15.2:
  https://bugzilla.opensuse.org/show_bug.cgi?id=1191022

- update to SeaMonkey 2.53.9
  * There is now an option to clear browser history during shutdown
    bug 1621445.
  * Uninstall plugin command for ChatZilla bug 541719.
  * Update icons used in ChatZilla status bar bug 1710238 and bug
    1710249.
  * Make ChatZilla understand mIRC color code 99 bug 1710298.
  * Implement IRCv3 basic CAP negotiation bug 1717539 and CAP LIST and
    update CAP ACK and CAP LS bug 1710313.
  * Use Unicode instead of images for emojis in ChatZilla bug 1711375
    and add some extra emojis bug 1711376.
  * Use SeaMonkey's configured web search rather than a separate one
    in ChatZilla bug 1712498.
  * Add a networks editor to ChatZilla bug 1716232.
  * Implement IRCv3 away-notify bug 1717543, chghost and
    userhost-in-names bug 1717544, self-messaging bug 1722212 and WHOX
    bug 1722214.
  * Link to SeaMonkey website in debugQA for verification sites and
    development section bug 1685606.
  * Send button should be disable until we have a recipient bug
    104973.
  * Remove need to use a modifier for marking messages as unread bug
    1719216.
  * SeaMonkey 2.53.9 uses the same backend as Firefox and contains the
    relevant Firefox 60.8 security fixes.
  * SeaMonkey 2.53.9 shares most parts of the mail and news code with
    Thunderbird. Please read the Thunderbird 60.0 release notes for
    specific changes and security fixes in this release.
  * Additional important security fixes up to Current Firefox 78.13
    ESR and a few enhancements have been backported. We will continue
    to enhance SeaMonkey security in subsequent 2.53.x beta and
    release versions as fast as we are able to.
- removed obsolete patch seamonkey-packed_simd.patch (integrated
  upstream)
- update seamonkey-lto.patch to work with 2.53.9
- requested inclusion in Leap 15.3 and Leap 15.2:
  https://bugzilla.opensuse.org/show_bug.cgi?id=1189845

- add upstream patch seamonkey-packed_simd.patch which allows
  packed_simd to compile with Rust 1.54

- Remove --disable-elf-hack when not available: aarch64 and ppc64*

- update to Seamonkey 2.49.4
  * Gecko 52.9.1esr (bsc#1098998)
  MFSA 2018-16 (bsc#1098998)
  * CVE-2018-12359 (bmo#1459162)
    Buffer overflow using computed size of canvas element
  * CVE-2018-12360 (bmo#1459693)
    Use-after-free when using focus()
  * CVE-2018-12362 (bmo#1452375)
    Integer overflow in SSSE3 scaler
  * CVE-2018-5156 (bmo#1453127)
    Media recorder segmentation fault when track type is changed during capture
  * CVE-2018-12363 (bmo#1464784)
    Use-after-free when appending DOM nodes
  * CVE-2018-12364 (bmo#1436241)
    CSRF attacks through 307 redirects and NPAPI plugins
  * CVE-2018-12365 (bmo#1459206)
    Compromised IPC child process can list local filenames
  * CVE-2018-12366 (bmo#1464039)
    Invalid data handling during QCMS transformations
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
    bmo#1464079,bmo#1463494,bmo#1458048)
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- localizations finally included again (boo#1062195)

- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

- update spec file summary and description to more accurately
  reflect what SeaMonkey is, giving less prominence to the long-
  discontinued Mozilla Application Suite that many users may no
  longer be familiar with
- update project URL in spec file

- update to Seamonkey 2.49.2
  * Gecko 52.6esr (including security relevant fixes) (bsc#1077291)
  * fix issue in Composer
  * With some themes, the menulist- and history-dropmarker didn't show
  * Scrollbars didn't show the buttons
  * WebRTC has been disabled by default. It needs an add-on to enable it per site
  * The active title bar was not visually emphasized
- correct requires and provides handling (boo#1076907)

- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.
- use parallel compression in create-tar if available
- use XZ instead of BZ2 for source archives
- import upstream patch mozilla-bmo1338655.patch to fix failing
  build

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Following the above, add explicit pkgconfig(gconf-2.0),
  pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0)
  and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously
  pulled in by libgnomeui-devel, and is what configure really
  checks for.

- update to Seamonkey 2.48
  * based on Gecko 51.0.3
  * requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)
- removed obsolete (upstreamed) patches
  * mozilla-http2-ecdh-keybits.patch
  * mozilla-sed43.patch
  * mozilla-flex_buffer_overrun.patch
  * mozilla-shared-nss-db.patch (feature dropped from SM due to
    maintenance costs vs. usefulness)
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-skia-overflow.patch
- rebased patches

- fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)

- improve recognition of LANGUAGE env variable (boo#1017174)
- update minimum keybits in H2 so it allows a smaller value
  (e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037)
  (boo#1021636) (mozilla-http2-ecdh-keybits.patch)

- update to Seamonkey 2.46
  * based on Gecko 49.0.2
  * Chatzilla and DOM Inspector were removed/disabled and therefore
    those subpackages are not available at this moment
- requires NSPR 4.12 and NSS 3.25
- removed obsolete patches
  * mozilla-libproxy.patch
  * mozilla-gcc6.patch
  * mozilla-openaes-decl.patch
- rebased patches
- added patches imported from Firefox 49:
  * mozilla-check_return.patch
  * mozilla-flex_buffer_overrun.patch
  * mozilla-skia-overflow.patch

- mozilla-binutils-visibility.patch to fix build issues with
  gcc/binutils combination used in Leap 42.2 (boo#984637)

- Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6
  (still boo#991027)
- Check compiler version instead of openSUSE version for this

- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
  as long as underlying issues have been addressed upstream
  (boo#991027)

- Fix for possible buffer overrun (bsc#990856)
  CVE-2016-6354 (bmo#1292534)
  [mozilla-flex_buffer_overrun.patch]

- Add appstream metainfo files as a tar.bz2 source
  (seamonkey-appdata.tar.bz2) and install these appdata.xml files
  to the appdata dir (/usr/share/appdata); with these appdata
  files installed, seamonkey shows up in appstores like GNOME
  software and KDE Discover.

- Add mozilla-gcc6.patch to fix building with gcc >= 6.0.

- fix build problems on i586, caused by too large unified compile
  units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- increased _constraints as required

- update to Seamonkey 2.40 (bnc#959277)
  * requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
    Miscellaneous memory safety hazards
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
    Crash with JavaScript variable assignment with unboxed objects
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using perfomance.getEntries and
    history navigation
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
    Firefox allows for control characters to be set in cookies
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
    Cross-origin information leak through web workers error events
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
    Hash in data URI is incorrectly parsed
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
    DOS due to malformed frames in HTTP/2
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
    Linux file chooser crashes on malformed images due to flaws in
    Jasper library
  * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
    (bmo#1201183, bmo#1178033, bmo#1199400)
    Buffer overflows found through code inspection
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
    Underflow through code inspection
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
    Integer overflow in MP4 playback in 64-bit versions
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
    Integer underflow and buffer overflow processing MP4 metadata in
    libstagefright
  * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
    Privilege escalation vulnerabilities in WebExtension APIs
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
    Cross-site reading attack through data and view-source URIs
- rebased patches
- buildrequire xcomposite now explicitely

- update to Seamonkey 2.39 (bnc#952810)
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
    Information disclosure through NTLM authentication
  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
    CSP bypass due to permissive Reader mode whitelist
  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
    Firefox for Android addressbar can be removed after fullscreen mode
  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
    Reading sensitive profile files through local HTML file on Android
  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
    disabling scripts in Add-on SDK panels has no effect
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
    Android intents can be used on Firefox for Android to open privileged files
  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
    XSS attack through intents on Firefox for Android
  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
    Crash when accessing HTML tables with accessibility tools on OS X
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
    Certain escaped characters in host of Location-header are being
    treated as non-escaped
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
  * mozilla-icu-strncat.patch
- fixed build with enable-libproxy (bmo#1220399)
  * mozilla-libproxy.patch

- update to SeaMonkey 2.38 (bnc#947003)
  * based on 41.0.1
  * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
    Miscellaneous memory safety hazards
  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
    Memory leak in mozTCPSocket to servers
  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
    Out of bounds read in QCMS library with ICC V4 profile attributes
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
    Crash when using debugger with SavedStacks in JavaScript
  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
    Use-after-free with shared workers and IndexedDB
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
    Out-of-bounds read during 2D canvas display on Linux 16-bit
    color depth systems
  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
    Scripted proxies can access inner window
  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
    JavaScript immutable property enforcement can be bypassed
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
  * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
    Information disclosure via the High Resolution Time API
- removed obsolete patch
  * mozilla-add-glibcxx_use_cxx11_abi.patch
- added mozilla-no-stdcxx-check.patch

- update to SeaMonkey 2.35 (bnc#935979)
  * based on 38.1.1esr
  * requires NSPR 4.10.8 and NSS 3.19.2
- removed obsolete patches
  * mozilla-visitSubstr.patch
  * mozilla-undef-CONST.patch
  * mozilla-reintroduce-pixman-code-path.patch
  * mozilla-fix-prototype.patch
  * mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
- renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch
  to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
  likely not worth maintaining further

- Fix compilation issues:
  * Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)
  * Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)
  * Add mozilla-visitSubstr.patch (bmo#1108834)
  * Add mozilla-undef-CONST.patch (bmo#1111395)
  * Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch

- update to SeaMonkey 2.33.1 (bnc#923534)
  * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
    Privilege escalation through SVG navigation
  * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
    Code execution through incorrect JavaScript bounds checking
    elimination