* Mon Jul 11 2022 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.13
* Updates to devtools.
* Updates to build configuration.
* Starting the switch from Python 2 to Python 3 in the build system.
* Removal of array comprehensions, legacy iterators and generators
bug 1414340 and bug 1098412.
* Adding initial optional chaining and Promise.allSettled() support.
* SeaMonkey 2.53.13 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.13 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.11
and Thunderbird 91.11 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
- adapt seamonkey-man-page.patch for SeaMonkey 2.53.13
- disable LTO for Tumbleweed builds due to linker errors
- requested inclusion in Leap 15.4 and 15.3:
https://bugzilla.opensuse.org/show_bug.cgi?id=1201406
* Tue Jun 14 2022 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Add --disable-elf-hack for aarch64 to fix build
* Wed May 04 2022 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.12
* Format Toolbar forgets its hidden status when switching to other
view modes bug 1719020.
* Remove obsolete plugin code from SeaMonkey bug 1762733.
* Fix a few strict warnings in SeaMonkey bug 1755553.
* Remove Run Flash from Site permissions and page info bug 1758289.
* Use fixIterator and replace use of removeItemAt in
FilterListDialog bug 1756359.
* Remove RDF usage in tabmail.js bug 1758282.
* Implement 'Edit Template' and 'New Message From Template' commands
and UI bug 1759376.
* [SM] Implement 'Edit Draft' command and hide it when not in a
draft folder (port Thunderbird bug 1106412) bug 1256716.
* Messages in Template folder need "Edit Template" button in header
(like for Drafts) bug 80280.
* Refactor and simplify the feed Subscribe dialog options updates
bug 1420473.
* Add system memory and disk size and placeDB page limit to
about:support bug 1753729.
* Remove warning about missing plugins in SeaMonkey 2.53 and 2.57
bug 1755558.
* SeaMonkey 2.53.12 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.12 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.9 and
Thunderbird 91.9 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
- remove/update references to obsolete gtk2 directory
- requested inclusion in Leap 15.3:
https://bugzilla.opensuse.org/show_bug.cgi?id=1199197
* Fri Mar 25 2022 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.11.1
* Fix edge case when setting IntersectionObserver threshold bug
1758291.
* OAuth2 prefs should use realuserName instead of username bug
1518126.
* SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.11.1 shares most parts of the mail and news code
with Thunderbird. Please read the Thunderbird 60.8.0 release notes
for specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.7 and
Thunderbird 91.7 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
- requested inclusion in Leap 15.3:
https://bugzilla.opensuse.org/show_bug.cgi?id=1197518
* Thu Mar 03 2022 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.11
* Remove obsolete MOZ_EXTENSIONS check in suite bug 1749146.
* Add connect button to cZ Networks Editor bug 1736443.
* Remove freenode remnants from ChatZilla in SeaMonkey bug 1741082.
* Prefer secure over insecure protocol in network list in ChatZilla
bug 1744440.
* Composer - Change tag textbox is not removed after use bug
1755369.
* Clean up repo links in debugQA bug 1746790.
* Fix misspelled references to macOS in suite bug 1749144.
* Remove obsolete references to Java and Flash bug 1749141.
* Help button not working in delete cert dialog bug 1750386.
* Rearrange Message Filter Dialog to make room for new features bug
1735053.
* Use Insert key as shortcut to create new message filters bug 1735055.
* Rename some variables used in SeaMonkey's FilterListDialog to
match Thunderbird's bug 1735056.
* Implement Copy to New message filter functionality bug 1735057.
* Add move to top / bottom buttons to message filters bug 1735059.
* Add preference to not prompt for message filter deletion bug
1735061.
* Clean up folder handling in FilterListDialog bug 1736425.
* Add refresh function to Filter list dialog so that it can be
updated when already open and new filters are added externally bug
1737450.
* Use listbox rather than tree in FilterListDialog bug 1746081.
* MsgFilterList(args) should take targetFilter and pass it to
FilterListDialog bug 1753891.
* Mail&News' start.xhtml: "We" link broken bug 1748178.
* Add search functionality to filter dialog bug 1749207.
* Move the taskbar refresh timer in SeaMonkey to idle dispatch bug
1746788.
* Prevent subresource loads from showing the progress indicator on
the tab in SeaMonkey bug 1746787.
* SeaMonkey 2.53.11 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* Additional important security fixes up to Current Firefox 91.6 ESR
and a few enhancements have been backported. We will continue to
enhance SeaMonkey security in subsequent 2.53.x beta and release
versions as fast as we are able to.
* SeaMonkey 2.53.11 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
- adapt seamonkey-man-page.patch for SeaMonkey 2.53.11
- requested inclusion in Leap 15.3:
https://bugzilla.opensuse.org/show_bug.cgi?id=1196703
* Tue Feb 15 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Drop pkgconfig(gconf-2) BuildRequires and pass ac_add_options
- -disable-gconf to mozconfig. As we already are using cairo-gtk3,
gconf support serves no purpose (gio/gsettings takes care).
Version: 2.53.10.1-bp153.10.1
* Mon Dec 13 2021 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.10.1
* Security fix for NSS code bug 1737470.
* Only use networks and servers in lower case in ChatZilla bug
1742502.
* Change classic form icon in SeaMonkey composer bug 1710915.
* Addition fixes for SeaMonkey 32x32 default icons on Windows and
macOS bug 1729153.
* SeaMonkey 2.53.10.1 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.10.1 shares most parts of the mail and news code
with Thunderbird. Please read the Thunderbird 60.0 release notes
for specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 91.4 ESR
and a few enhancements have been backported. We will continue to
enhance SeaMonkey security in subsequent 2.53.x beta and release
versions as fast as we are able to.
- Remove unused build dependency on libidl-devel.
- requested inclusion in Leap 15.3:
https://bugzilla.opensuse.org/show_bug.cgi?id=1193668
* Tue Nov 16 2021 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.10
* Minor fixes for testdisplay command in ChatZilla bug 1727976.
* Show CTCP requests (excluding ACTION and DCC) bug 1722156.
* IRCv3: Add support for server-time bug 1724586.
* Add localization note for network editor dialog width in ChatZilla
bug 1727977.
* IRCv3: Add support for extended-join and account-notify bug
1722159.
* Add ability to collapse message groups in ChatZilla bug 1724588.
* Fix JS strict warnings in unescapeTagValue in ChatZilla bug
1727989.
* IRCv3: Add support for invite-notify bug 1722161.
* IRCv3: Add support for batch bug 1724589.
* Fix JS strict warning in addHistory in cZ static.js bug 1727992.
* IRCv3: Add support for cap-notify bug 1722162.
* Stop using canonical name as collection keys in ChatZilla bug
1728025.
* IRCv3: Add support for TLS and STS bug 1722166.
* Helper function for renaming irc server properties in ChatZilla
bug 1728027.
* IRCv3: Add support for MONITOR bug 1722174.
* Remove use of msg.commasp in ChatZilla bug 1726965.
* Allow shiftKey to modify behaviour of link clicking in cZ bug
1713458.
* IRCv3: Add support for echo-message bug 1722211.
* In ChatZilla make /commands return all matches starting with
pattern bug 1726966.
* Use SeaMonkey prefs to determine how links behave in cZ bug
1713467.
* Allow parameters to be localised in ChatZilla bug 1724105.
* Add identify command to cZ and hook into password management bug
1713470.
* IRCv3.1: Implement SASL with PLAIN mechanism bug 1717545.
* IRCv3: Add support for message tags bug 1724584.
* Add last read message divider to ChatZilla bug 1729159.
* IRCv3: Add support for account-tag bug 1724585.
* Missing option "text encoding Unicode/UTF-8" in preferences -
Mailnews bug 1679260.
* Detect Crashreporter using AppConstants in SeaMonkey bug 1735236.
* Link about LEGACY extensions in Add-ons Manager is broken bug
1656797.
* Update help for clear private data preferences and dialog bug
1728911.
* Fix typo in cs_nav_prefs_appearance bug 1737473.
* Drop leftover "Edit Menu" comment from messageWindow.xul and
addressbook.xul bug 1725121.
* Add dummy tab routines to SeaMonkey mailnews tab browser bug
1735243.
* Folder pane and tab/window title not updated correctly when
opening in new tab bug 1726940.
* Allow mail tab bar to be controlled separately to browser tab bar
bug 1724515.
* Copy any user set values for new mail.tabs prefs bug 1729165.
* Merge Master Passwords and Passwords pref panes into a single pref
pane bug 1728099.
* Move warning about redirection pref from Content to Privacy &
Security pane bug 1728185.
* Move website icons prefs from content pref pane to browser pref
pane bug 1727425.
* Move browser / mailnews system integration prefs into advanced
pane bug 1727659.
* Have separate opentabfor.middleclick for mailnews bug 1727948.
* Add removeBrowser helper for tabbrowser bug 1730391.
* Put <browser> in a <stack> so it's easy to overlay bug 1730392.
* Allow browser focus to be avoided bug 1720003.
* SeaMonkey 32x32 default icon has light stripe at the bottom bug
1729153.
* Support <input type=time> and <input type=date> in SeaMonkey bug
1730408.
* Middleclick on browser tab handled twice (closes tab and loads URL
from primary or clipboard) bug 1734407.
* Unable to create a new "Saved Search Folder" using "Save View as a
Folder..." bug 1738669.
* Enable compression for standard http connections bug 1728996.
* Support VS2022 for compiling under Windows bug 1728988.
* SeaMonkey 2.53.10 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.10 shares most parts of the mail and news code
with Thunderbird. Please read the Thunderbird 60.0 release notes
for specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.15
ESR and a few enhancements have been backported. We will continue
to enhance SeaMonkey security in subsequent 2.53.x beta and
release versions as fast as we are able to.
- requested inclusion in Leap 15.3 and Leap 15.2:
https://bugzilla.opensuse.org/show_bug.cgi?id=1192742
* Tue Sep 28 2021 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.9.1
* Fix the lazy loading of images from some websites bug 1727967.
* Move certain font family defaults from serif to sans serif bug
1727982.
* SeaMonkey 2.53.9.1 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.9.1 shares most parts of the mail and news code
with Thunderbird. Please read the Thunderbird 60.0 release notes
for specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.14
ESR and a few enhancements have been backported. We will continue
to enhance SeaMonkey security in subsequent 2.53.x beta and
release versions as fast as we are able to.
- requested inclusion in Leap 15.3 and Leap 15.2:
https://bugzilla.opensuse.org/show_bug.cgi?id=1191022
* Thu Aug 26 2021 Tristan Miller <psychonaut@nothingisreal.com>
- update to SeaMonkey 2.53.9
* There is now an option to clear browser history during shutdown
bug 1621445.
* Uninstall plugin command for ChatZilla bug 541719.
* Update icons used in ChatZilla status bar bug 1710238 and bug
1710249.
* Make ChatZilla understand mIRC color code 99 bug 1710298.
* Implement IRCv3 basic CAP negotiation bug 1717539 and CAP LIST and
update CAP ACK and CAP LS bug 1710313.
* Use Unicode instead of images for emojis in ChatZilla bug 1711375
and add some extra emojis bug 1711376.
* Use SeaMonkey's configured web search rather than a separate one
in ChatZilla bug 1712498.
* Add a networks editor to ChatZilla bug 1716232.
* Implement IRCv3 away-notify bug 1717543, chghost and
userhost-in-names bug 1717544, self-messaging bug 1722212 and WHOX
bug 1722214.
* Link to SeaMonkey website in debugQA for verification sites and
development section bug 1685606.
* Send button should be disable until we have a recipient bug
104973.
* Remove need to use a modifier for marking messages as unread bug
1719216.
* SeaMonkey 2.53.9 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.9 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for
specific changes and security fixes in this release.
* Additional important security fixes up to Current Firefox 78.13
ESR and a few enhancements have been backported. We will continue
to enhance SeaMonkey security in subsequent 2.53.x beta and
release versions as fast as we are able to.
- removed obsolete patch seamonkey-packed_simd.patch (integrated
upstream)
- update seamonkey-lto.patch to work with 2.53.9
- requested inclusion in Leap 15.3 and Leap 15.2:
https://bugzilla.opensuse.org/show_bug.cgi?id=1189845
* Thu Aug 19 2021 Tristan Miller <psychonaut@nothingisreal.com>
- add upstream patch seamonkey-packed_simd.patch which allows
packed_simd to compile with Rust 1.54
* Tue Jul 27 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Remove --disable-elf-hack when not available: aarch64 and ppc64*
Version: 2.49.4-bp150.3.3.1
* Fri Jul 13 2018 wr@rosenauer.org
- update to Seamonkey 2.49.4
* Gecko 52.9.1esr (bsc#1098998)
MFSA 2018-16 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162)
Buffer overflow using computed size of canvas element
* CVE-2018-12360 (bmo#1459693)
Use-after-free when using focus()
* CVE-2018-12362 (bmo#1452375)
Integer overflow in SSSE3 scaler
* CVE-2018-5156 (bmo#1453127)
Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363 (bmo#1464784)
Use-after-free when appending DOM nodes
* CVE-2018-12364 (bmo#1436241)
CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365 (bmo#1459206)
Compromised IPC child process can list local filenames
* CVE-2018-12366 (bmo#1464039)
Invalid data handling during QCMS transformations
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
bmo#1464079,bmo#1463494,bmo#1458048)
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- localizations finally included again (boo#1062195)
* Thu Jun 07 2018 bjorn.lie@gmail.com
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
conditional --disable-gconf to configure: no longer pull in
obsolete gconf2 for Tumbleweed.
* Tue Jun 05 2018 psychonaut@nothingisreal.com
- update spec file summary and description to more accurately
reflect what SeaMonkey is, giving less prominence to the long-
discontinued Mozilla Application Suite that many users may no
longer be familiar with
- update project URL in spec file
* Sat Mar 03 2018 wr@rosenauer.org
- update to Seamonkey 2.49.2
* Gecko 52.6esr (including security relevant fixes) (bsc#1077291)
* fix issue in Composer
* With some themes, the menulist- and history-dropmarker didn't show
* Scrollbars didn't show the buttons
* WebRTC has been disabled by default. It needs an add-on to enable it per site
* The active title bar was not visually emphasized
- correct requires and provides handling (boo#1076907)
Version: 2.49.1-bp150.2.5
* Tue Jan 09 2018 wr@rosenauer.org
- Explicitly buildrequires python2-xml: The build system relies on
it. We wrongly relied on other packages pulling it in for us.
- use parallel compression in create-tar if available
- use XZ instead of BZ2 for source archives
- import upstream patch mozilla-bmo1338655.patch to fix failing
build
* Thu Dec 07 2017 dimstar@opensuse.org
- Escape the usage of %{VERSION} when calling out to rpm.
RPM 4.14 has %{VERSION} defined as 'the main packages version'.
* Fri Nov 10 2017 zaitor@opensuse.org
- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Following the above, add explicit pkgconfig(gconf-2.0),
pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0)
and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously
pulled in by libgnomeui-devel, and is what configure really
checks for.
* Fri Aug 04 2017 wr@rosenauer.org
- update to Seamonkey 2.48
* based on Gecko 51.0.3
* requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)
- removed obsolete (upstreamed) patches
* mozilla-http2-ecdh-keybits.patch
* mozilla-sed43.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-shared-nss-db.patch (feature dropped from SM due to
maintenance costs vs. usefulness)
* mozilla-binutils-visibility.patch
* mozilla-check_return.patch
* mozilla-skia-overflow.patch
- rebased patches
* Sun Feb 12 2017 wr@rosenauer.org
- fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)
* Tue Jan 24 2017 wr@rosenauer.org
- improve recognition of LANGUAGE env variable (boo#1017174)
- update minimum keybits in H2 so it allows a smaller value
(e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037)
(boo#1021636) (mozilla-http2-ecdh-keybits.patch)
* Fri Dec 23 2016 wr@rosenauer.org
- update to Seamonkey 2.46
* based on Gecko 49.0.2
* Chatzilla and DOM Inspector were removed/disabled and therefore
those subpackages are not available at this moment
- requires NSPR 4.12 and NSS 3.25
- removed obsolete patches
* mozilla-libproxy.patch
* mozilla-gcc6.patch
* mozilla-openaes-decl.patch
- rebased patches
- added patches imported from Firefox 49:
* mozilla-check_return.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-skia-overflow.patch
* Mon Oct 17 2016 wr@rosenauer.org
- mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2 (boo#984637)
* Sun Aug 21 2016 antoine.belvire@laposte.net
- Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6
(still boo#991027)
- Check compiler version instead of openSUSE version for this
* Mon Aug 08 2016 wr@rosenauer.org
- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
as long as underlying issues have been addressed upstream
(boo#991027)
* Fri Aug 05 2016 pcerny@suse.com
- Fix for possible buffer overrun (bsc#990856)
CVE-2016-6354 (bmo#1292534)
[mozilla-flex_buffer_overrun.patch]
* Tue Jul 26 2016 badshah400@gmail.com
- Add appstream metainfo files as a tar.bz2 source
(seamonkey-appdata.tar.bz2) and install these appdata.xml files
to the appdata dir (/usr/share/appdata); with these appdata
files installed, seamonkey shows up in appstores like GNOME
software and KDE Discover.
* Sun Jul 17 2016 badshah400@gmail.com
- Add mozilla-gcc6.patch to fix building with gcc >= 6.0.
* Sat Mar 05 2016 wr@rosenauer.org
- fix build problems on i586, caused by too large unified compile
units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- increased _constraints as required
* Tue Jan 19 2016 wr@rosenauer.org
- update to Seamonkey 2.40 (bnc#959277)
* requires NSS 3.20.2 to fix
MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
server signature
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400)
Buffer overflows found through code inspection
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
Integer underflow and buffer overflow processing MP4 metadata in
libstagefright
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
Privilege escalation vulnerabilities in WebExtension APIs
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
Cross-site reading attack through data and view-source URIs
- rebased patches
- buildrequire xcomposite now explicitely
* Thu Nov 05 2015 wr@rosenauer.org
- update to Seamonkey 2.39 (bnc#952810)
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
Crash when accessing HTML tables with accessibility tools on OS X
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
Certain escaped characters in host of Location-header are being
treated as non-escaped
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
* mozilla-icu-strncat.patch
- fixed build with enable-libproxy (bmo#1220399)
* mozilla-libproxy.patch
* Thu Oct 01 2015 wr@rosenauer.org
- update to SeaMonkey 2.38 (bnc#947003)
* based on 41.0.1
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
CVE-2015-7180
Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
bmo#1190526) (Windows only)
Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
Information disclosure via the High Resolution Time API
- removed obsolete patch
* mozilla-add-glibcxx_use_cxx11_abi.patch
- added mozilla-no-stdcxx-check.patch
* Sat Aug 29 2015 wr@rosenauer.org
- update to SeaMonkey 2.35 (bnc#935979)
* based on 38.1.1esr
* requires NSPR 4.10.8 and NSS 3.19.2
- removed obsolete patches
* mozilla-visitSubstr.patch
* mozilla-undef-CONST.patch
* mozilla-reintroduce-pixman-code-path.patch
* mozilla-fix-prototype.patch
* mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
- renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch
to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
likely not worth maintaining further
* Sat Jun 27 2015 antoine.belvire@laposte.net
- Fix compilation issues:
* Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)
* Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)
* Add mozilla-visitSubstr.patch (bmo#1108834)
* Add mozilla-undef-CONST.patch (bmo#1111395)
* Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
* Sun Mar 22 2015 wr@rosenauer.org
- update to SeaMonkey 2.33.1 (bnc#923534)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
Code execution through incorrect JavaScript bounds checking
elimination