SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for seamonkey-translations-common-2.49.4-bp152.3.49.x86_64.rpm :

* Fri Jul 13 2018 wrAATTrosenauer.org- update to Seamonkey 2.49.4
* Gecko 52.9.1esr (bsc#1098998) MFSA 2018-16 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element
* CVE-2018-12360 (bmo#1459693) Use-after-free when using focus()
* CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler
* CVE-2018-5156 (bmo#1453127) Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes
* CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames
* CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, bmo#1464079,bmo#1463494,bmo#1458048) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9- localizations finally included again (boo#1062195)
* Thu Jun 07 2018 bjorn.lieAATTgmail.com- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass conditional --disable-gconf to configure: no longer pull in obsolete gconf2 for Tumbleweed.
* Tue Jun 05 2018 psychonautAATTnothingisreal.com- update spec file summary and description to more accurately reflect what SeaMonkey is, giving less prominence to the long- discontinued Mozilla Application Suite that many users may no longer be familiar with- update project URL in spec file
* Sat Mar 03 2018 wrAATTrosenauer.org- update to Seamonkey 2.49.2
* Gecko 52.6esr (including security relevant fixes) (bsc#1077291)
* fix issue in Composer
* With some themes, the menulist- and history-dropmarker didn\'t show
* Scrollbars didn\'t show the buttons
* WebRTC has been disabled by default. It needs an add-on to enable it per site
* The active title bar was not visually emphasized- correct requires and provides handling (boo#1076907)
* Tue Jan 09 2018 wrAATTrosenauer.org- Explicitly buildrequires python2-xml: The build system relies on it. We wrongly relied on other packages pulling it in for us.- use parallel compression in create-tar if available- use XZ instead of BZ2 for source archives- import upstream patch mozilla-bmo1338655.patch to fix failing build
* Thu Dec 07 2017 dimstarAATTopensuse.org- Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %{VERSION} defined as \'the main packages version\'.
* Fri Nov 10 2017 zaitorAATTopensuse.org- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.- Following the above, add explicit pkgconfig(gconf-2.0), pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0) and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously pulled in by libgnomeui-devel, and is what configure really checks for.
* Fri Aug 04 2017 wrAATTrosenauer.org- update to Seamonkey 2.48
* based on Gecko 51.0.3
* requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)- removed obsolete (upstreamed) patches
* mozilla-http2-ecdh-keybits.patch
* mozilla-sed43.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-shared-nss-db.patch (feature dropped from SM due to maintenance costs vs. usefulness)
* mozilla-binutils-visibility.patch
* mozilla-check_return.patch
* mozilla-skia-overflow.patch- rebased patches
* Sun Feb 12 2017 wrAATTrosenauer.org- fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)
* Tue Jan 24 2017 wrAATTrosenauer.org- improve recognition of LANGUAGE env variable (boo#1017174)- update minimum keybits in H2 so it allows a smaller value (e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037) (boo#1021636) (mozilla-http2-ecdh-keybits.patch)
* Fri Dec 23 2016 wrAATTrosenauer.org- update to Seamonkey 2.46
* based on Gecko 49.0.2
* Chatzilla and DOM Inspector were removed/disabled and therefore those subpackages are not available at this moment- requires NSPR 4.12 and NSS 3.25- removed obsolete patches
* mozilla-libproxy.patch
* mozilla-gcc6.patch
* mozilla-openaes-decl.patch- rebased patches- added patches imported from Firefox 49:
* mozilla-check_return.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-skia-overflow.patch
* Mon Oct 17 2016 wrAATTrosenauer.org- mozilla-binutils-visibility.patch to fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637)
* Sun Aug 21 2016 antoine.belvireAATTlaposte.net- Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6 (still boo#991027)- Check compiler version instead of openSUSE version for this
* Mon Aug 08 2016 wrAATTrosenauer.org- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6 as long as underlying issues have been addressed upstream (boo#991027)
* Fri Aug 05 2016 pcernyAATTsuse.com- Fix for possible buffer overrun (bsc#990856) CVE-2016-6354 (bmo#1292534) [mozilla-flex_buffer_overrun.patch]
* Tue Jul 26 2016 badshah400AATTgmail.com- Add appstream metainfo files as a tar.bz2 source (seamonkey-appdata.tar.bz2) and install these appdata.xml files to the appdata dir (/usr/share/appdata); with these appdata files installed, seamonkey shows up in appstores like GNOME software and KDE Discover.
* Sun Jul 17 2016 badshah400AATTgmail.com- Add mozilla-gcc6.patch to fix building with gcc >= 6.0.
* Sat Mar 05 2016 wrAATTrosenauer.org- fix build problems on i586, caused by too large unified compile units - adding mozilla-reduce-files-per-UnifiedBindings.patch- increased _constraints as required
* Tue Jan 19 2016 wrAATTrosenauer.org- update to Seamonkey 2.40 (bnc#959277)
* requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs- rebased patches- buildrequire xcomposite now explicitely
* Thu Nov 05 2015 wrAATTrosenauer.org- update to Seamonkey 2.39 (bnc#952810)
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being treated as non-escaped
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages)- requires NSPR >= 4.10.10 and NSS >= 3.19.4- removed obsolete patches
* mozilla-icu-strncat.patch- fixed build with enable-libproxy (bmo#1220399)
* mozilla-libproxy.patch
* Thu Oct 01 2015 wrAATTrosenauer.org- update to SeaMonkey 2.38 (bnc#947003)
* based on 41.0.1
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API- removed obsolete patch
* mozilla-add-glibcxx_use_cxx11_abi.patch- added mozilla-no-stdcxx-check.patch
* Sat Aug 29 2015 wrAATTrosenauer.org- update to SeaMonkey 2.35 (bnc#935979)
* based on 38.1.1esr
* requires NSPR 4.10.8 and NSS 3.19.2- removed obsolete patches
* mozilla-visitSubstr.patch
* mozilla-undef-CONST.patch
* mozilla-reintroduce-pixman-code-path.patch
* mozilla-fix-prototype.patch
* mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch- renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)- dropped mozilla-prefer_plugin_pref.patch as this feature is likely not worth maintaining further
* Sat Jun 27 2015 antoine.belvireAATTlaposte.net- Fix compilation issues:
* Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)
* Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)
* Add mozilla-visitSubstr.patch (bmo#1108834)
* Add mozilla-undef-CONST.patch (bmo#1111395)
* Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
* Sun Mar 22 2015 wrAATTrosenauer.org- update to SeaMonkey 2.33.1 (bnc#923534)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination
* Mon Mar 16 2015 wrAATTrosenauer.org- update to SeaMonkey 2.33 (bnc#917597)
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in background tab can spoof foreground tabs
* MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox bypass- rebased patches- requires NSS 3.17.4- removed obsolete seamonkey-fix-signed-char.patch- mozilla-xremote-client was removed upstream
* Sat Feb 07 2015 wrAATTrosenauer.org- update to SeaMonkey 2.32.1
* fixed MailNews feeds not updating
* fixed selected profile in Profile Manager not remembered
* fixed opening a bookmark folder in tabs on Linux
* fixed Troubleshooting Information (about:support) with the Modern theme
* Sat Jan 17 2015 wrAATTrosenauer.org- update to SeaMonkey 2.32 (bnc#910669)
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects- rebased patches- removed obsolete mozilla-seamonkey-sdk.patch- added mozilla-openaes-decl.patch to fix implicit declarations
* Thu Jan 01 2015 wrAATTrosenauer.org- use GStreamer 1.0 from 13.2 on- removed package support for distributions older than 12.3
* removed mozilla-sle11.patch
* Mon Dec 08 2014 meissnerAATTsuse.com- seamonkey-fix-signed-char.patch: fix build on platforms where char is unsigned (power/arm). (bmo#1085151)- mozilla-fix-prototype.patch: add string.h includes for memcpy prototype (as used on bigendian architectures).
* Thu Dec 04 2014 pcernyAATTsuse.com- enable some extensions using the addons sdk (e.g. Ghostery) (mozilla-seamonkey-sdk.patch) (bmo#1071048)
* Wed Dec 03 2014 wrAATTrosenauer.org- update to SeaMonkey 2.31 (bnc#908009)
* requires NSS 3.17.2
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer- rebased patches
* Fri Nov 21 2014 wrAATTrosenauer.org- use platform specific build flags as in Firefox (including _constraints)- define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639)
* Wed Nov 19 2014 Led - fix bashisms in mozilla.sh and add-plugins.sh scripts
* Tue Oct 14 2014 wrAATTrosenauer.org- update to SeaMonkey 2.30 (bnc#900941)
* venkman debugger removed from application and therefore obsolete package seamonkey-venkman
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps)- requires NSPR 4.10.7- requires NSS 3.17.1- removed obsolete patches:
* mozilla-ppc.patch
* mozilla-libproxy-compat.patch
  
ICM