SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for seamonkey-2.49.4-2.4.x86_64.rpm :
Fri Jul 13 14:00:00 2018 wrAATTrosenauer.org
- update to Seamonkey 2.49.4

* Gecko 52.9.1esr (bsc#1098998)
MFSA 2018-16 (bsc#1098998)

* CVE-2018-12359 (bmo#1459162)
Buffer overflow using computed size of canvas element

* CVE-2018-12360 (bmo#1459693)
Use-after-free when using focus()

* CVE-2018-12362 (bmo#1452375)
Integer overflow in SSSE3 scaler

* CVE-2018-5156 (bmo#1453127)
Media recorder segmentation fault when track type is changed during capture

* CVE-2018-12363 (bmo#1464784)
Use-after-free when appending DOM nodes

* CVE-2018-12364 (bmo#1436241)
CSRF attacks through 307 redirects and NPAPI plugins

* CVE-2018-12365 (bmo#1459206)
Compromised IPC child process can list local filenames

* CVE-2018-12366 (bmo#1464039)
Invalid data handling during QCMS transformations

* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
bmo#1464079,bmo#1463494,bmo#1458048)
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- localizations finally included again (boo#1062195)

Tue Jun 5 14:00:00 2018 psychonautAATTnothingisreal.com
- update spec file summary and description to more accurately
reflect what SeaMonkey is, giving less prominence to the long-
discontinued Mozilla Application Suite that many users may no
longer be familiar with
- update project URL in spec file

Sat Mar 3 13:00:00 2018 wrAATTrosenauer.org
- update to Seamonkey 2.49.2

* Gecko 52.6esr (including security relevant fixes) (bsc#1077291)

* fix issue in Composer

* With some themes, the menulist- and history-dropmarker didn\'t show

* Scrollbars didn\'t show the buttons

* WebRTC has been disabled by default. It needs an add-on to enable it per site

* The active title bar was not visually emphasized
- correct requires and provides handling (boo#1076907)

Tue Jan 9 13:00:00 2018 wrAATTrosenauer.org
- Explicitly buildrequires python2-xml: The build system relies on
it. We wrongly relied on other packages pulling it in for us.
- use parallel compression in create-tar if available
- use XZ instead of BZ2 for source archives
- import upstream patch mozilla-bmo1338655.patch to fix failing
build

Thu Dec 7 13:00:00 2017 dimstarAATTopensuse.org
- Escape the usage of %{VERSION} when calling out to rpm.
RPM 4.14 has %{VERSION} defined as \'the main packages version\'.

Fri Nov 10 13:00:00 2017 zaitorAATTopensuse.org
- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Following the above, add explicit pkgconfig(gconf-2.0),
pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0)
and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously
pulled in by libgnomeui-devel, and is what configure really
checks for.

Fri Aug 4 14:00:00 2017 wrAATTrosenauer.org
- update to Seamonkey 2.48

* based on Gecko 51.0.3

* requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)
- removed obsolete (upstreamed) patches

* mozilla-http2-ecdh-keybits.patch

* mozilla-sed43.patch

* mozilla-flex_buffer_overrun.patch

* mozilla-shared-nss-db.patch (feature dropped from SM due to
maintenance costs vs. usefulness)

* mozilla-binutils-visibility.patch

* mozilla-check_return.patch

* mozilla-skia-overflow.patch
- rebased patches

Sun Feb 12 13:00:00 2017 wrAATTrosenauer.org
- fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)

Tue Jan 24 13:00:00 2017 wrAATTrosenauer.org
- improve recognition of LANGUAGE env variable (boo#1017174)
- update minimum keybits in H2 so it allows a smaller value
(e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037)
(boo#1021636) (mozilla-http2-ecdh-keybits.patch)

Fri Dec 23 13:00:00 2016 wrAATTrosenauer.org
- update to Seamonkey 2.46

* based on Gecko 49.0.2

* Chatzilla and DOM Inspector were removed/disabled and therefore
those subpackages are not available at this moment
- requires NSPR 4.12 and NSS 3.25
- removed obsolete patches

* mozilla-libproxy.patch

* mozilla-gcc6.patch

* mozilla-openaes-decl.patch
- rebased patches
- added patches imported from Firefox 49:

* mozilla-check_return.patch

* mozilla-flex_buffer_overrun.patch

* mozilla-skia-overflow.patch

Mon Oct 17 14:00:00 2016 wrAATTrosenauer.org
- mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2 (boo#984637)

Sun Aug 21 14:00:00 2016 antoine.belvireAATTlaposte.net
- Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6
(still boo#991027)
- Check compiler version instead of openSUSE version for this

Mon Aug 8 14:00:00 2016 wrAATTrosenauer.org
- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
as long as underlying issues have been addressed upstream
(boo#991027)

Fri Aug 5 14:00:00 2016 pcernyAATTsuse.com
- Fix for possible buffer overrun (bsc#990856)
CVE-2016-6354 (bmo#1292534)
[mozilla-flex_buffer_overrun.patch]

Tue Jul 26 14:00:00 2016 badshah400AATTgmail.com
- Add appstream metainfo files as a tar.bz2 source
(seamonkey-appdata.tar.bz2) and install these appdata.xml files
to the appdata dir (/usr/share/appdata); with these appdata
files installed, seamonkey shows up in appstores like GNOME
software and KDE Discover.

Sun Jul 17 14:00:00 2016 badshah400AATTgmail.com
- Add mozilla-gcc6.patch to fix building with gcc >= 6.0.

Sat Mar 5 13:00:00 2016 wrAATTrosenauer.org
- fix build problems on i586, caused by too large unified compile
units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- increased _constraints as required

Tue Jan 19 13:00:00 2016 wrAATTrosenauer.org
- update to Seamonkey 2.40 (bnc#959277)

* requires NSS 3.20.2 to fix
MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
server signature

* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards

* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects

* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation

* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies

* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed

* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures

* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events

* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed

* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2

* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library

* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400)
Buffer overflows found through code inspection

* MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
Underflow through code inspection

* MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
Integer overflow in MP4 playback in 64-bit versions

* MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
Integer underflow and buffer overflow processing MP4 metadata in
libstagefright

* MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
Privilege escalation vulnerabilities in WebExtension APIs

* MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
Cross-site reading attack through data and view-source URIs
- rebased patches
- buildrequire xcomposite now explicitely

Thu Nov 5 13:00:00 2015 wrAATTrosenauer.org
- update to Seamonkey 2.39 (bnc#952810)

* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards

* MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
Information disclosure through NTLM authentication

* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
CSP bypass due to permissive Reader mode whitelist

* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
Firefox for Android addressbar can be removed after fullscreen mode

* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
Reading sensitive profile files through local HTML file on Android

* MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
disabling scripts in Add-on SDK panels has no effect

* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy

* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas

* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
Android intents can be used on Firefox for Android to open privileged files

* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
XSS attack through intents on Firefox for Android

* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
Crash when accessing HTML tables with accessibility tools on OS X

* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received

* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files

* MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
Certain escaped characters in host of Location-header are being
treated as non-escaped

* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet

* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection

* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers

* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches

* mozilla-icu-strncat.patch
- fixed build with enable-libproxy (bmo#1220399)

* mozilla-libproxy.patch

Thu Oct 1 14:00:00 2015 wrAATTrosenauer.org
- update to SeaMonkey 2.38 (bnc#947003)

* based on 41.0.1

* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards

* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
Memory leak in mozTCPSocket to servers

* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
Out of bounds read in QCMS library with ICC V4 profile attributes

* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through Mozilla updater

* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
Buffer overflow in libvpx while parsing vp9 format video

* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
Crash when using debugger with SavedStacks in JavaScript

* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
Use-after-free with shared workers and IndexedDB

* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
Buffer overflow while decoding WebM video

* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
Use-after-free while manipulating HTML media content

* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems

* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
Scripted proxies can access inner window

* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
JavaScript immutable property enforcement can be bypassed

* MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
Dragging and dropping images exposes final URL after redirects

* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
Errors in the handling of CORS preflight request headers

* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
CVE-2015-7180
Vulnerabilities found through code inspection

* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
bmo#1190526) (Windows only)
Memory safety errors in libGLES in the ANGLE graphics library

* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
Information disclosure via the High Resolution Time API
- removed obsolete patch

* mozilla-add-glibcxx_use_cxx11_abi.patch
- added mozilla-no-stdcxx-check.patch

Sat Aug 29 14:00:00 2015 wrAATTrosenauer.org
- update to SeaMonkey 2.35 (bnc#935979)

* based on 38.1.1esr

* requires NSPR 4.10.8 and NSS 3.19.2
- removed obsolete patches

* mozilla-visitSubstr.patch

* mozilla-undef-CONST.patch

* mozilla-reintroduce-pixman-code-path.patch

* mozilla-fix-prototype.patch

* mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
- renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch
to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
likely not worth maintaining further

Sat Jun 27 14:00:00 2015 antoine.belvireAATTlaposte.net
- Fix compilation issues:

* Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)

* Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)

* Add mozilla-visitSubstr.patch (bmo#1108834)

* Add mozilla-undef-CONST.patch (bmo#1111395)

* Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch

Sun Mar 22 13:00:00 2015 wrAATTrosenauer.org
- update to SeaMonkey 2.33.1 (bnc#923534)

* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
Privilege escalation through SVG navigation

* MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
Code execution through incorrect JavaScript bounds checking
elimination

Mon Mar 16 13:00:00 2015 wrAATTrosenauer.org
- update to SeaMonkey 2.33 (bnc#917597)

* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
Miscellaneous memory safety hazards

* MFSA 2015-12/CVE-2015-0833 (bmo#945192)
Invoking Mozilla updater will load locally stored DLL files
(Windows only)

* MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
Appended period to hostnames can bypass HPKP and HSTS protections

* MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
Malicious WebGL content crash when writing strings

* MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
TLS TURN and STUN connections silently fail to simple TCP connections

* MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
Use-after-free in IndexedDB

* MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
Buffer overflow in libstagefright during MP4 video playback

* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
Double-free when using non-default memory allocators with a
zero-length XHR

* MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
Out-of-bounds read and write while rendering SVG content

* MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
Buffer overflow during CSS restyling

* MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
Buffer underflow during MP3 playback

* MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
Crash using DrawTarget in Cairo graphics library

* MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
Use-after-free in Developer Console date with OpenType Sanitiser

* MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
Reading of local files through manipulation of form autocomplete

* MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
Local files or privileged URLs in pages can be opened into new tabs

* MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
UI Tour whitelisted sites in background tab can spoof foreground
tabs

* MFSA 2015-27CVE-2015-0820 (bmo#1125398)
Caja Compiler JavaScript sandbox bypass
- rebased patches
- requires NSS 3.17.4
- removed obsolete seamonkey-fix-signed-char.patch
- mozilla-xremote-client was removed upstream

Sat Feb 7 13:00:00 2015 wrAATTrosenauer.org
- update to SeaMonkey 2.32.1

* fixed MailNews feeds not updating

* fixed selected profile in Profile Manager not remembered

* fixed opening a bookmark folder in tabs on Linux

* fixed Troubleshooting Information (about:support) with the
Modern theme

Sat Jan 17 13:00:00 2015 wrAATTrosenauer.org
- update to SeaMonkey 2.32 (bnc#910669)

* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards

* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering

* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header

* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses

* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio

* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC

* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape

* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension

* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects
- rebased patches
- removed obsolete mozilla-seamonkey-sdk.patch
- added mozilla-openaes-decl.patch to fix implicit declarations

Thu Jan 1 13:00:00 2015 wrAATTrosenauer.org
- use GStreamer 1.0 from 13.2 on
- removed package support for distributions older than 12.3

* removed mozilla-sle11.patch

Mon Dec 8 13:00:00 2014 meissnerAATTsuse.com
- seamonkey-fix-signed-char.patch: fix build on platforms
where char is unsigned (power/arm). (bmo#1085151)
- mozilla-fix-prototype.patch: add string.h includes
for memcpy prototype (as used on bigendian architectures).

Thu Dec 4 13:00:00 2014 pcernyAATTsuse.com
- enable some extensions using the addons sdk (e.g. Ghostery)
(mozilla-seamonkey-sdk.patch) (bmo#1071048)

Wed Dec 3 13:00:00 2014 wrAATTrosenauer.org
- update to SeaMonkey 2.31 (bnc#908009)

* requires NSS 3.17.2

* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
Miscellaneous memory safety hazards

* MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
XBL bindings accessible via improper CSS declarations

* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams

* MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
CSP leaks redirect data via violation reports

* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing

* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content

* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches

Fri Nov 21 13:00:00 2014 wrAATTrosenauer.org
- use platform specific build flags as in Firefox
(including _constraints)
- define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)

Wed Nov 19 13:00:00 2014 Led
- fix bashisms in mozilla.sh and add-plugins.sh scripts

Tue Oct 14 14:00:00 2014 wrAATTrosenauer.org
- update to SeaMonkey 2.30 (bnc#900941)

* venkman debugger removed from application and therefore
obsolete package seamonkey-venkman

* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
Miscellaneous memory safety hazards

* MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
Buffer overflow during CSS manipulation

* MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
Web Audio memory corruption issues with custom waveforms

* MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
Out-of-bounds write with WebM video

* MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
Further uninitialized memory use during GIF rendering

* MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
Use-after-free interacting with text directionality

* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
Key pinning bypasses

* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
Inconsistent video sharing within iframe

* MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
Accessing cross-origin objects via the Alarms API
(only relevant for installed web apps)
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:

* mozilla-ppc.patch

* mozilla-libproxy-compat.patch

Sat Sep 20 14:00:00 2014 wrAATTrosenauer.org
- update to SeaMonkey 2.29 (bnc#894370)

* based on Gecko 32.0 including all security fixes outlined here
https://www.mozilla.org/security/known-vulnerabilities/

* removed obsolete patches
mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch,
mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch,
mozilla-aarch64-bmo-963027.patch
mozilla-ppc64le-build.patch, mozilla-ppc64le-javascript.patch,
mozilla-ppc64le-libffi.patch, mozilla-ppc64le-mfbt.patch,
mozilla-ppc64le-webrtc.patch, mozilla-ppc64le-xpcom.patch

* rebased patches
- requires NSS 3.16.4
- build with --disable-optimize for 13.1 and above for i586 to
workaround miscompilations (bnc#896624)

Mon Jun 16 14:00:00 2014 wrAATTrosenauer.org
- update to SeaMonkey 2.26.1 (bnc#881874)

* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
bmo#1009952, bmo#1011007)
Miscellaneous memory safety hazards (rv:30.0)

* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
(bmo#989994, bmo#999274, bmo#1005584)
Use-after-free and out of bounds issues found using Address
Sanitizer

* MFSA 2014-50/CVE-2014-1539 (bmo#995603)
Clickjacking through cursor invisability after Flash interaction

* MFSA 2014-51/CVE-2014-1540 (bmo#978862)
Use-after-free in Event Listener Manager

* MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
Use-after-free with SMIL Animation Controller

* MFSA 2014-53/CVE-2014-1542 (bmo#991533)
Buffer overflow in Web Audio Speex resampler

* MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
Buffer overflow in Gamepad API

* MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
Out of bounds write in NSPR
- requires NSPR 4.10.6
- build require makeinfo

Tue May 13 14:00:00 2014 wrAATTrosenauer.org
- fix translations packaging (bnc#877263)

Tue Apr 29 14:00:00 2014 wrAATTrosenauer.org
- update to SeaMonkey 2.26 (bnc#875378)

* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards

* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues

* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images

* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL

* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video

* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo

* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API

* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations

* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images

* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)

* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver

* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- added aarch64 porting patches

* mozilla-aarch64-bmo-810631.patch

* mozilla-aarch64-bmo-962488.patch

* mozilla-aarch64-bmo-963023.patch

* mozilla-aarch64-bmo-963024.patch

* mozilla-aarch64-bmo-963027.patch
- requires NSPR 4.10.3 and NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks

Wed Mar 19 13:00:00 2014 wrAATTrosenauer.org
- update to SeaMonkey 2.25 (bnc#868603)

* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards

* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding

* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key

* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt

* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS

* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another

* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore

* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML

* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering

* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap

* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs

* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject

* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects

* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
- requires NSPR 4.10.3 and NSS 3.15.5
- new build dependency (and recommends):

* libpulse
- update of PowerPC 64 patches (bmo#976648) (pcernyAATTsuse.com)
- rebased patches

Sat Feb 8 13:00:00 2014 wrAATTrosenauer.org
- replaced locale source archive because the old one was broken
by wrong upstream tagging (bnc#862831)

Tue Feb 4 13:00:00 2014 wrAATTrosenauer.org
- update to SeaMonkey 2.24 (bnc#861847)

* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

* MFSA 2014-02/CVE-2014-1479 (bmo#911864)
Clone protected content with XBL scopes

* MFSA 2014-03/CVE-2014-1480 (bmo#916726)
UI selection timeout missing on download prompts

* MFSA 2014-04/CVE-2014-1482 (bmo#943803)
Incorrect use of discarded images by RasterImage

* MFSA 2014-05/CVE-2014-1483 (bmo#950427)
Information disclosure with
*FromPoint on iframes

* MFSA 2014-07/CVE-2014-1485 (bmo#910139)
XSLT stylesheets treated as styles in Content Security Policy

* MFSA 2014-08/CVE-2014-1486 (bmo#942164)
Use-after-free with imgRequestProxy and image proccessing

* MFSA 2014-09/CVE-2014-1487 (bmo#947592)
Cross-origin information leak through web workers

* MFSA 2014-11/CVE-2014-1488 (bmo#950604)
Crash when using web workers with asm.js

* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
(bmo#934545, bmo#930874, bmo#930857)
NSS ticket handling issues

* MFSA 2014-13/CVE-2014-1481(bmo#936056)
Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4
- removed obsolete mozilla-bug929439.patch

Fri Dec 13 13:00:00 2013 uweigandAATTde.ibm.com
- Add support for powerpc64le-linux.

* ppc64le-support.patch: general support

* libffi-ppc64le.patch: libffi backport

* xpcom-ppc64le.patch: port xpcom
- Add build fix from mainline.

* mozilla-bug929439.patch

Wed Dec 11 13:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.23 (bnc#854367, bnc#854370))

* requires NSPR 4.10.2 and NSS 3.15.3.1

* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards

* MFSA 2013-105/CVE-2013-5611 (bmo#771294)
Application Installation doorhanger persists on navigation

* MFSA 2013-106/CVE-2013-5612 (bmo#871161)
Character encoding cross-origin XSS attack

* MFSA 2013-107/CVE-2013-5614 (bmo#886262)
Sandbox restrictions not applied to nested object elements

* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners

* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing

* MFSA 2013-110/CVE-2013-5619 (bmo#917841)
Potential overflow in JavaScript binary search algorithms

* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements

* MFSA 2013-112/CVE-2013-6672 (bmo#894736)
Linux clipboard information disclosure though selection paste

* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation

* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement

* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets

* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak

* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)
- rebased patches:

* mozilla-nongnome-proxies.patch

* mozilla-shared-nss-db.patch

Wed Oct 30 13:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.22 (bnc#847708)

* rebased patches

* requires NSS 3.15.2 or higher

* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
Miscellaneous memory safety hazards

* MFSA 2013-94/CVE-2013-5593 (bmo#868327)
Spoofing addressbar through SELECT element

* MFSA 2013-95/CVE-2013-5604 (bmo#914017)
Access violation with XSLT and uninitialized data

* MFSA 2013-96/CVE-2013-5595 (bmo#916580)
Improperly initialized memory and overflows in some JavaScript
functions

* MFSA 2013-97/CVE-2013-5596 (bmo#910881)
Writing to cycle collected object during image decoding

* MFSA 2013-98/CVE-2013-5597 (bmo#918864)
Use-after-free when updating offline cache

* MFSA 2013-99/CVE-2013-5598 (bmo#920515)
Security bypass of PDF.js checks using iframes

* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
(bmo#915210, bmo#915576, bmo#916685)
Miscellaneous use-after-free issues found through ASAN fuzzing

* MFSA 2013-101/CVE-2013-5602 (bmo#897678)
Memory corruption in workers

* MFSA 2013-102/CVE-2013-5603 (bmo#916404)
Use-after-free in HTML document templates

Tue Sep 17 14:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.21 (bnc#840485)

* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
Miscellaneous memory safety hazards

* MFSA 2013-77/CVE-2013-1720 (bmo#888820)
Improper state in HTML5 Tree Builder with templates

* MFSA 2013-78/CVE-2013-1721 (bmo#890277)
Integer overflow in ANGLE library

* MFSA 2013-79/CVE-2013-1722 (bmo#893308)
Use-after-free in Animation Manager during stylesheet cloning

* MFSA 2013-80/CVE-2013-1723 (bmo#891292)
NativeKey continues handling key messages after widget is destroyed

* MFSA 2013-81/CVE-2013-1724 (bmo#894137)
Use-after-free with select element

* MFSA 2013-82/CVE-2013-1725 (bmo#876762)
Calling scope for new Javascript objects can lead to memory corruption

* MFSA 2013-85/CVE-2013-1728 (bmo#883686)
Uninitialized data in IonMonkey

* MFSA 2013-88/CVE-2013-1730 (bmo#851353)
Compartment mismatch re-attaching XBL-backed nodes

* MFSA 2013-89/CVE-2013-1732 (bmo#883514)
Buffer overflow with multi-column, lists, and floats

* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
Memory corruption involving scrolling

* MFSA 2013-91/CVE-2013-1737 (bmo#907727)
User-defined properties on DOM proxies get the wrong \"this\" object

* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
GC hazard with default compartments and frame chain restoration
- requires NSS 3.15.1

Mon Aug 5 14:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.20 (bnc#833389)

* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
Miscellaneous memory safety hazards

* MFSA 2013-64/CVE-2013-1704 (bmo#883313)
Use after free mutating DOM during SetBody

* MFSA 2013-65/CVE-2013-1705 (bmo#882865)
Buffer underflow when generating CRMF requests

* MFSA 2013-67/CVE-2013-1708 (bmo#879924)
Crash during WAV audio file decoding

* MFSA 2013-68/CVE-2013-1709 (bmo#838253)
Document URI misrepresentation and masquerading

* MFSA 2013-69/CVE-2013-1710 (bmo#871368)
CRMF requests allow for code execution and XSS attacks

* MFSA 2013-70/CVE-2013-1711 (bmo#843829)
Bypass of XrayWrappers using XBL Scopes

* MFSA 2013-72/CVE-2013-1713 (bmo#887098)
Wrong principal used for validating URI for some Javascript
components

* MFSA 2013-73/CVE-2013-1714 (bmo#879787)
Same-origin bypass with web workers and XMLHttpRequest

* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file system
- requires NSPR 4.10 and NSS 3.15
- removed obsolete seamonkey-shared-nss-db.patch

Sat Jun 29 14:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.19 (bnc#825935)

* removed obsolete patches
+ mozilla-gstreamer-760140.patch

* GStreamer support does not build on 12.1 anymore (build only
on 12.2 and later)

* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
Miscellaneous memory safety hazards

* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
Memory corruption found using Address Sanitizer

* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
Privileged content access and execution via XBL

* MFSA 2013-52/CVE-2013-1688 (bmo#873966)
Arbitrary code execution within Profiler

* MFSA 2013-53/CVE-2013-1690 (bmo#857883)
Execution of unmapped memory through onreadystatechange event

* MFSA 2013-54/CVE-2013-1692 (bmo#866915)
Data in the body of XHR HEAD requests leads to CSRF attacks

* MFSA 2013-55/CVE-2013-1693 (bmo#711043)
SVG filters can lead to information disclosure

* MFSA 2013-56/CVE-2013-1694 (bmo#848535)
PreserveWrapper has inconsistent behavior

* MFSA 2013-57/CVE-2013-1695 (bmo#849791)
Sandbox restrictions not applied to nested frame elements

* MFSA 2013-58/CVE-2013-1696 (bmo#761667)
X-Frame-Options ignored when using server push with multi-part
responses

* MFSA 2013-59/CVE-2013-1697 (bmo#858101)
XrayWrappers can be bypassed to run user defined methods in a
privileged context

* MFSA 2013-60/CVE-2013-1698 (bmo#876044)
getUserMedia permission dialog incorrectly displays location

* MFSA 2013-61/CVE-2013-1699 (bmo#840882)
Homograph domain spoofing in .com, .net and .name

Tue May 28 14:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.17.1

Tue Apr 9 14:00:00 2013 wrAATTrosenauer.org
- revert to use GStreamer 0.10 on 12.3 (bnc#814101)

Tue Apr 2 14:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.17 (bnc#813026)

* requires NSPR 4.9.5 and NSS 3.14.3

* mozilla-webrtc-ppc.patch included upstream

* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards

* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library

* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux

* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes

* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure

* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations

* MFSA 2013-39/CVE-2013-0792 (bmo#722831)
Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)

Fri Mar 15 13:00:00 2013 pcernyAATTsuse.com
- update to SeaMonkey 2.16.2

Sat Mar 9 13:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.16.1 (bnc#808243)

* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
Use-after-free in HTML Editor

Mon Feb 18 13:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.16 (bnc#804248)

* MFSA 2013-21/CVE-2013-0783/2013-0784
Miscellaneous memory safety hazards

* MFSA 2013-22/CVE-2013-0772 (bmo#801366)
Out-of-bounds read in image rendering

* MFSA 2013-23/CVE-2013-0765 (bmo#830614)
Wrapped WebIDL objects can be wrapped again

* MFSA 2013-24/CVE-2013-0773 (bmo#809652)
Web content bypass of COW and SOW security wrappers

* MFSA 2013-25/CVE-2013-0774 (bmo#827193)
Privacy leak in JavaScript Workers

* MFSA 2013-26/CVE-2013-0775 (bmo#831095)
Use-after-free in nsImageLoadingContent

* MFSA 2013-27/CVE-2013-0776 (bmo#796475)
Phishing on HTTPS connection through malicious proxy

* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow issues
found using Address Sanitizer
- removed obsolete patches

* mozilla-webrtc.patch

* mozilla-gstreamer-803287.patch

Mon Feb 4 13:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.15.2

* Applications could not be removed from the \"Application details\"
dialog under Preferences, Helper Applications (bmo#826771).

* View / Message Body As could show menu items out of context
(bmo#831348)

Sun Jan 20 13:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.15.1

* backed out bmo#677092 (removed patch)

* fixed problems involving HTTP proxy transactions

Sun Jan 13 13:00:00 2013 wrAATTrosenauer.org
- backed out restartless language packs as it broke multi-locale
setup (bmo#677092, bmo#818468)

Tue Jan 8 13:00:00 2013 wrAATTrosenauer.org
- update to SeaMonkey 2.15 (bnc#796895)

* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards

* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
Use-after-free and buffer overflow issues found using Address Sanitizer

* MFSA 2013-03/CVE-2013-0768 (bmo#815795)
Buffer Overflow in Canvas

* MFSA 2013-04/CVE-2012-0759 (bmo#802026)
URL spoofing in addressbar during page loads

* MFSA 2013-05/CVE-2013-0744 (bmo#814713)
Use-after-free when displaying table with many columns and column groups

* MFSA 2013-06/CVE-2013-0751 (bmo#790454)
Touch events are shared across iframes

* MFSA 2013-07/CVE-2013-0764 (bmo#804237)
Crash due to handling of SSL on threads

* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
AutoWrapperChanger fails to keep objects alive during garbage collection

* MFSA 2013-09/CVE-2013-0746 (bmo#816842)
Compartment mismatch with quickstubs returned values

* MFSA 2013-10/CVE-2013-0747 (bmo#733305)
Event manipulation in plugin handler to bypass same-origin policy

* MFSA 2013-11/CVE-2013-0748 (bmo#806031)
Address space layout leaked in XBL objects

* MFSA 2013-12/CVE-2013-0750 (bmo#805121)
Buffer overflow in Javascript string concatenation

* MFSA 2013-13/CVE-2013-0752 (bmo#805024)
Memory corruption in XBL with XML bindings containing SVG

* MFSA 2013-14/CVE-2013-0757 (bmo#813901)
Chrome Object Wrapper (COW) bypass through changing prototype

* MFSA 2013-15/CVE-2013-0758 (bmo#813906)
Privilege escalation through plugin objects

* MFSA 2013-16/CVE-2013-0753 (bmo#814001)
Use-after-free in serializeToStream

* MFSA 2013-17/CVE-2013-0754 (bmo#814026)
Use-after-free in ListenerManager

* MFSA 2013-18/CVE-2013-0755 (bmo#814027)
Use-after-free in Vibrate

* MFSA 2013-19/CVE-2013-0756 (bmo#814029)
Use-after-free in Javascript Proxy objects
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
- reenable WebRTC
- added mozilla-libproxy-compat.patch for libproxy API compat
on openSUSE 11.2 and earlier

Tue Dec 18 13:00:00 2012 wrAATTrosenauer.org
- update to SeaMonkey 2.14.1

* fix regressions from 2.14 release

Tue Nov 20 13:00:00 2012 wrAATTrosenauer.org
- update to SeaMonkey 2.14 (bnc#790140)

* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
Miscellaneous memory safety hazards

* MFSA 2012-92/CVE-2012-4202 (bmo#758200)
Buffer overflow while rendering GIF images

* MFSA 2012-93/CVE-2012-4201 (bmo#747607)
evalInSanbox location context incorrectly applied

* MFSA 2012-94/CVE-2012-5836 (bmo#792857)
Crash when combining SVG text on path with CSS

* MFSA 2012-96/CVE-2012-4204 (bmo#778603)
Memory corruption in str_unescape

* MFSA 2012-97/CVE-2012-4205 (bmo#779821)
XMLHttpRequest inherits incorrect principal within sandbox

* MFSA 2012-99/CVE-2012-4208 (bmo#798264)
XrayWrappers exposes chrome-only properties when not in chrome
compartment

* MFSA 2012-100/CVE-2012-5841 (bmo#805807)
Improper security filtering for cross-origin wrappers

* MFSA 2012-101/CVE-2012-4207 (bmo#801681)
Improper character decoding in HZ-GB-2312 charset

* MFSA 2012-103/CVE-2012-4209 (bmo#792405)
Frames can shadow top.location

* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
Use-after-free and buffer overflow issues found using Address
Sanitizer

* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
Use-after-free, buffer overflow, and memory corruption issues
found using Address Sanitizer
- rebased patches
- disabled WebRTC since build is broken (bmo#776877)

Sat Oct 27 14:00:00 2012 wrAATTrosenauer.org
- update to SeaMonkey 2.13.2 (bnc#786522)

* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
(bmo#800666, bmo#793121, bmo#802557)
Fixes for Location object issues

Fri Oct 12 14:00:00 2012 wrAATTrosenauer.org
- update to SeaMonkey 2.13.1 (bnc#783533)

* MFSA 2012-88/CVE-2012-4191 (bmo#798045)
Miscellaneous memory safety hazards

* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
defaultValue security checks not applied

Mon Oct 8 14:00:00 2012 wrAATTrosenauer.org
- update to SeaMonkey 2.13 (bnc#783533)

* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
Miscellaneous memory safety hazards

* MFSA 2012-75/CVE-2012-3984 (bmo#575294)
select element persistance allows for attacks

* MFSA 2012-76/CVE-2012-3985 (bmo#655649)
Continued access to initial origin after setting document.domain

* MFSA 2012-77/CVE-2012-3986 (bmo#775868)
Some DOMWindowUtils methods bypass security checks

* MFSA 2012-79/CVE-2012-3988 (bmo#725770)
DOS and crash with full screen and history navigation

* MFSA 2012-80/CVE-2012-3989 (bmo#783867)
Crash with invalid cast when using instanceof operator

* MFSA 2012-81/CVE-2012-3991 (bmo#783260)
GetProperty function can bypass security checks

* MFSA 2012-82/CVE-2012-3994 (bmo#765527)
top object and location property accessible by plugins

* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
Chrome Object Wrapper (COW) does not disallow acces to privileged
functions or properties

* MFSA 2012-84/CVE-2012-3992 (bmo#775009)
Spoofing and script injection through location.hash

* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read issues
found using Address Sanitizer

* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188
Heap memory corruption issues found using Address Sanitizer

* MFSA 2012-87/CVE-2012-3990 (bmo#787704)
Use-after-free in the IME State Manager
- requires NSPR 4.9.2
- improve GStreamer integration (bmo#760140)

Mon Sep 10 14:00:00 2012 wrAATTrosenauer.org
- update to SeaMonkey 2.12.1 (bnc#779936)

* Sites visited while in Private Browsing mode could be found
through manual browser cache inspection (bmo#787743)

Mon Aug 27 14:00:00 2012 wrAATTrosenauer.org
- update to SeaMonkey 2.12 (bnc#777588)

* MFSA 2012-57/CVE-2012-1970
Miscellaneous memory safety hazards

* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
Use-after-free issues found using Address Sanitizer

* MFSA 2012-59/CVE-2012-1956 (bmo#756719)
Location object can be shadowed using Object.defineProperty

* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
Memory corruption with bitmap format images with negative height

* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
WebGL use-after-free and memory corruption

* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
SVG buffer overflow and use-after-free issues

* MFSA 2012-64/CVE-2012-3971
Graphite 2 memory corruption

* MFSA 2012-65/CVE-2012-3972 (bmo#746855)
Out-of-bounds read in format-number in XSLT

* MFSA 2012-68/CVE-2012-3975 (bmo#770684)
DOMParser loads linked resources in extensions when parsing
text/html

* MFSA 2012-69/CVE-2012-3976 (bmo#768568)
Incorrect site SSL certificate data display

* MFSA 2012-70/CVE-2012-3978 (bmo#770429)
Location object security checks bypassed by chrome code
- enable GStreamer for 12.1 and higher
- use internal libjpeg

Sun Jul 29 14:00:00 2012 wrAATTrosenauer.org
- import PPC patch from Firefox:

* add patches for bmo#750620 and bmo#746112

* fix xpcshell segfault on ppc

Mon Jul 16 14:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.11 (bnc#771583)

* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
Miscellaneous memory safety hazards

* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
Gecko memory corruption

* MFSA 2012-45/CVE-2012-1955 (bmo#757376)
Spoofing issue with location

* MFSA 2012-47/CVE-2012-1957 (bmo#750096)
Improper filtering of javascript in HTML feed-view

* MFSA 2012-48/CVE-2012-1958 (bmo#750820)
use-after-free in nsGlobalWindow::PageHidden

* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
Same-compartment Security Wrappers can be bypassed

* MFSA 2012-50/CVE-2012-1960 (bmo#761014)
Out of bounds read in QCMS

* MFSA 2012-51/CVE-2012-1961 (bmo#761655)
X-Frame-Options header ignored when duplicated

* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
JSDependentString::undepend string conversion results in memory
corruption

* MFSA 2012-53/CVE-2012-1963 (bmo#767778)
Content Security Policy 1.0 implementation errors cause data
leakage

* MFSA 2012-56/CVE-2012-1967 (bmo#758344)
Code execution through javascript: URLs

* relicensed to MPL-2.0
- updated/removed patches
- requires NSS 3.13.5

Fri Jun 15 14:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.10.1

Mon Jun 4 14:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.10 (bnc#765204)

* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards

* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
Content Security Policy inline-script bypass

* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
Information disclosure though Windows file shares and shortcut
files

* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
Use-after-free while replacing/inserting a node in a document

* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using Address
Sanitizer
- requires NSS 3.13.4

* MFSA 2012-39/CVE-2012-0441 (bmo#715073)

Mon Apr 30 14:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.9.1

* fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using \"Fetch Headers Only\"
(bmo#748865)
- Received messages contain parts of other messages with
movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)

Fri Apr 27 14:00:00 2012 wrAATTrosenauer.org
- fixed build with gcc 4.7

Mon Apr 23 14:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.9 (bnc#758408)

* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards

* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange

* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface

* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors

* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite

* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error

* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS

* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions

* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D

* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer

* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors

* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds

Sat Apr 21 14:00:00 2012 wrAATTrosenauer.org
- update to 2.9b4
- added mozilla-sle11.patch and add exceptions to be able to build
for SLE11/11.1
- exclude broken gl locale from build
- fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch
- added mozilla-gcc47.patch and mailnews-literals.patch to fix
compilation issues with recent gcc 4.7

Tue Mar 13 13:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.8 (bnc#750044)

* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL

* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer

* MFSA 2012-15/CVE-2012-0451 (bmo#717511)
XSS with multiple Content Security Policy headers

* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page

* MFSA 2012-17/CVE-2012-0459 (bmo#723446)
Crash when accessing keyframe cssText after dynamic modification

* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content

* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards
- explicitely build-require X libs

Thu Feb 16 13:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.7.2 (bnc#747328)

* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow

Thu Feb 9 13:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.7.1 (bnc#746616)

* MFSA 2012-10/CVE-2012-0452 (bmo#724284)
use after free in nsXBLDocumentInfo::ReadPrototypeBindings
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)

Tue Jan 31 13:00:00 2012 wrAATTrosenauer.org
- update to Seamonkey 2.7 (bnc#744275)

* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards

* MFSA 2012-03/CVE-2012-0445 (bmo#701071)