File seamonkey.changes of Package seamonkey
-------------------------------------------------------------------
Tue Jan 9 07:53:08 UTC 2018 - wr@rosenauer.org
- Explicitly buildrequires python2-xml: The build system relies on
it. We wrongly relied on other packages pulling it in for us.
- use parallel compression in create-tar if available
- use XZ instead of BZ2 for source archives
- import upstream patch mozilla-bmo1338655.patch to fix failing
build
-------------------------------------------------------------------
Thu Dec 7 11:19:39 UTC 2017 - dimstar@opensuse.org
- Escape the usage of %{VERSION} when calling out to rpm.
RPM 4.14 has %{VERSION} defined as 'the main packages version'.
-------------------------------------------------------------------
Fri Nov 10 22:30:10 UTC 2017 - zaitor@opensuse.org
- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Following the above, add explicit pkgconfig(gconf-2.0),
pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0)
and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously
pulled in by libgnomeui-devel, and is what configure really
checks for.
-------------------------------------------------------------------
Fri Aug 4 15:02:38 UTC 2017 - wr@rosenauer.org
- update to Seamonkey 2.48
* based on Gecko 51.0.3
* requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)
- removed obsolete (upstreamed) patches
* mozilla-http2-ecdh-keybits.patch
* mozilla-sed43.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-shared-nss-db.patch (feature dropped from SM due to
maintenance costs vs. usefulness)
* mozilla-binutils-visibility.patch
* mozilla-check_return.patch
* mozilla-skia-overflow.patch
- rebased patches
-------------------------------------------------------------------
Sun Feb 12 13:03:49 UTC 2017 - wr@rosenauer.org
- fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)
-------------------------------------------------------------------
Tue Jan 24 21:08:19 UTC 2017 - wr@rosenauer.org
- improve recognition of LANGUAGE env variable (boo#1017174)
- update minimum keybits in H2 so it allows a smaller value
(e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037)
(boo#1021636) (mozilla-http2-ecdh-keybits.patch)
-------------------------------------------------------------------
Fri Dec 23 22:13:00 UTC 2016 - wr@rosenauer.org
- update to Seamonkey 2.46
* based on Gecko 49.0.2
* Chatzilla and DOM Inspector were removed/disabled and therefore
those subpackages are not available at this moment
- requires NSPR 4.12 and NSS 3.25
- removed obsolete patches
* mozilla-libproxy.patch
* mozilla-gcc6.patch
* mozilla-openaes-decl.patch
- rebased patches
- added patches imported from Firefox 49:
* mozilla-check_return.patch
* mozilla-flex_buffer_overrun.patch
* mozilla-skia-overflow.patch
-------------------------------------------------------------------
Mon Oct 17 11:30:39 UTC 2016 - wr@rosenauer.org
- mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2 (boo#984637)
-------------------------------------------------------------------
Sun Aug 21 14:05:26 UTC 2016 - antoine.belvire@laposte.net
- Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6
(still boo#991027)
- Check compiler version instead of openSUSE version for this
-------------------------------------------------------------------
Mon Aug 8 09:19:46 UTC 2016 - wr@rosenauer.org
- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
as long as underlying issues have been addressed upstream
(boo#991027)
-------------------------------------------------------------------
Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com
- Fix for possible buffer overrun (bsc#990856)
CVE-2016-6354 (bmo#1292534)
[mozilla-flex_buffer_overrun.patch]
-------------------------------------------------------------------
Tue Jul 26 04:44:49 UTC 2016 - badshah400@gmail.com
- Add appstream metainfo files as a tar.bz2 source
(seamonkey-appdata.tar.bz2) and install these appdata.xml files
to the appdata dir (/usr/share/appdata); with these appdata
files installed, seamonkey shows up in appstores like GNOME
software and KDE Discover.
-------------------------------------------------------------------
Sun Jul 17 02:55:00 UTC 2016 - badshah400@gmail.com
- Add mozilla-gcc6.patch to fix building with gcc >= 6.0.
-------------------------------------------------------------------
Sat Mar 5 09:20:24 UTC 2016 - wr@rosenauer.org
- fix build problems on i586, caused by too large unified compile
units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- increased _constraints as required
-------------------------------------------------------------------
Tue Jan 19 16:15:28 UTC 2016 - wr@rosenauer.org
- update to Seamonkey 2.40 (bnc#959277)
* requires NSS 3.20.2 to fix
MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
server signature
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400)
Buffer overflows found through code inspection
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
Integer underflow and buffer overflow processing MP4 metadata in
libstagefright
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
Privilege escalation vulnerabilities in WebExtension APIs
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
Cross-site reading attack through data and view-source URIs
- rebased patches
- buildrequire xcomposite now explicitely
-------------------------------------------------------------------
Thu Nov 5 08:01:22 UTC 2015 - wr@rosenauer.org
- update to Seamonkey 2.39 (bnc#952810)
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
Crash when accessing HTML tables with accessibility tools on OS X
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
Certain escaped characters in host of Location-header are being
treated as non-escaped
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
* mozilla-icu-strncat.patch
- fixed build with enable-libproxy (bmo#1220399)
* mozilla-libproxy.patch
-------------------------------------------------------------------
Thu Oct 1 09:42:28 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.38 (bnc#947003)
* based on 41.0.1
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
CVE-2015-7180
Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
bmo#1190526) (Windows only)
Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
Information disclosure via the High Resolution Time API
- removed obsolete patch
* mozilla-add-glibcxx_use_cxx11_abi.patch
- added mozilla-no-stdcxx-check.patch
-------------------------------------------------------------------
Sat Aug 29 20:09:34 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.35 (bnc#935979)
* based on 38.1.1esr
* requires NSPR 4.10.8 and NSS 3.19.2
- removed obsolete patches
* mozilla-visitSubstr.patch
* mozilla-undef-CONST.patch
* mozilla-reintroduce-pixman-code-path.patch
* mozilla-fix-prototype.patch
* mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
- renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch
to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
likely not worth maintaining further
-------------------------------------------------------------------
Sat Jun 27 08:13:54 UTC 2015 - antoine.belvire@laposte.net
- Fix compilation issues:
* Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)
* Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)
* Add mozilla-visitSubstr.patch (bmo#1108834)
* Add mozilla-undef-CONST.patch (bmo#1111395)
* Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
-------------------------------------------------------------------
Sun Mar 22 09:11:17 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.33.1 (bnc#923534)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
Code execution through incorrect JavaScript bounds checking
elimination
-------------------------------------------------------------------
Mon Mar 16 08:48:08 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.33 (bnc#917597)
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192)
Invoking Mozilla updater will load locally stored DLL files
(Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
Appended period to hostnames can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
Malicious WebGL content crash when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
TLS TURN and STUN connections silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
Buffer overflow in libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
Double-free when using non-default memory allocators with a
zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
Out-of-bounds read and write while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
Buffer overflow during CSS restyling
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
Buffer underflow during MP3 playback
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
Crash using DrawTarget in Cairo graphics library
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
Use-after-free in Developer Console date with OpenType Sanitiser
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
Reading of local files through manipulation of form autocomplete
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
UI Tour whitelisted sites in background tab can spoof foreground
tabs
* MFSA 2015-27CVE-2015-0820 (bmo#1125398)
Caja Compiler JavaScript sandbox bypass
- rebased patches
- requires NSS 3.17.4
- removed obsolete seamonkey-fix-signed-char.patch
- mozilla-xremote-client was removed upstream
-------------------------------------------------------------------
Sat Feb 7 09:52:07 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.32.1
* fixed MailNews feeds not updating
* fixed selected profile in Profile Manager not remembered
* fixed opening a bookmark folder in tabs on Linux
* fixed Troubleshooting Information (about:support) with the
Modern theme
-------------------------------------------------------------------
Sat Jan 17 17:59:50 UTC 2015 - wr@rosenauer.org
- update to SeaMonkey 2.32 (bnc#910669)
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects
- rebased patches
- removed obsolete mozilla-seamonkey-sdk.patch
- added mozilla-openaes-decl.patch to fix implicit declarations
-------------------------------------------------------------------
Thu Jan 1 22:53:33 UTC 2015 - wr@rosenauer.org
- use GStreamer 1.0 from 13.2 on
- removed package support for distributions older than 12.3
* removed mozilla-sle11.patch
-------------------------------------------------------------------
Mon Dec 8 10:49:06 UTC 2014 - meissner@suse.com
- seamonkey-fix-signed-char.patch: fix build on platforms
where char is unsigned (power/arm). (bmo#1085151)
- mozilla-fix-prototype.patch: add string.h includes
for memcpy prototype (as used on bigendian architectures).
-------------------------------------------------------------------
Thu Dec 4 23:52:37 UTC 2014 - pcerny@suse.com
- enable some extensions using the addons sdk (e.g. Ghostery)
(mozilla-seamonkey-sdk.patch) (bmo#1071048)
-------------------------------------------------------------------
Wed Dec 3 06:53:08 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.31 (bnc#908009)
* requires NSS 3.17.2
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
Miscellaneous memory safety hazards
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
XBL bindings accessible via improper CSS declarations
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
CSP leaks redirect data via violation reports
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
-------------------------------------------------------------------
Fri Nov 21 10:43:11 UTC 2014 - wr@rosenauer.org
- use platform specific build flags as in Firefox
(including _constraints)
- define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)
-------------------------------------------------------------------
Wed Nov 19 22:13:00 UTC 2014 - Led <ledest@gmail.com>
- fix bashisms in mozilla.sh and add-plugins.sh scripts
-------------------------------------------------------------------
Tue Oct 14 21:06:22 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.30 (bnc#900941)
* venkman debugger removed from application and therefore
obsolete package seamonkey-venkman
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
Out-of-bounds write with WebM video
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
Further uninitialized memory use during GIF rendering
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
Use-after-free interacting with text directionality
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
Key pinning bypasses
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
Inconsistent video sharing within iframe
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
Accessing cross-origin objects via the Alarms API
(only relevant for installed web apps)
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:
* mozilla-ppc.patch
* mozilla-libproxy-compat.patch
-------------------------------------------------------------------
Sat Sep 20 14:53:01 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.29 (bnc#894370)
* based on Gecko 32.0 including all security fixes outlined here
https://www.mozilla.org/security/known-vulnerabilities/
* removed obsolete patches
mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch,
mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch,
mozilla-aarch64-bmo-963027.patch
mozilla-ppc64le-build.patch, mozilla-ppc64le-javascript.patch,
mozilla-ppc64le-libffi.patch, mozilla-ppc64le-mfbt.patch,
mozilla-ppc64le-webrtc.patch, mozilla-ppc64le-xpcom.patch
* rebased patches
- requires NSS 3.16.4
- build with --disable-optimize for 13.1 and above for i586 to
workaround miscompilations (bnc#896624)
-------------------------------------------------------------------
Mon Jun 16 09:04:38 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.26.1 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
bmo#1009952, bmo#1011007)
Miscellaneous memory safety hazards (rv:30.0)
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
(bmo#989994, bmo#999274, bmo#1005584)
Use-after-free and out of bounds issues found using Address
Sanitizer
* MFSA 2014-50/CVE-2014-1539 (bmo#995603)
Clickjacking through cursor invisability after Flash interaction
* MFSA 2014-51/CVE-2014-1540 (bmo#978862)
Use-after-free in Event Listener Manager
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
Use-after-free with SMIL Animation Controller
* MFSA 2014-53/CVE-2014-1542 (bmo#991533)
Buffer overflow in Web Audio Speex resampler
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
Buffer overflow in Gamepad API
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
Out of bounds write in NSPR
- requires NSPR 4.10.6
- build require makeinfo
-------------------------------------------------------------------
Tue May 13 09:05:18 UTC 2014 - wr@rosenauer.org
- fix translations packaging (bnc#877263)
-------------------------------------------------------------------
Tue Apr 29 06:43:16 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.26 (bnc#875378)
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- added aarch64 porting patches
* mozilla-aarch64-bmo-810631.patch
* mozilla-aarch64-bmo-962488.patch
* mozilla-aarch64-bmo-963023.patch
* mozilla-aarch64-bmo-963024.patch
* mozilla-aarch64-bmo-963027.patch
- requires NSPR 4.10.3 and NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
-------------------------------------------------------------------
Wed Mar 19 13:31:58 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.25 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
- requires NSPR 4.10.3 and NSS 3.15.5
- new build dependency (and recommends):
* libpulse
- update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com)
- rebased patches
-------------------------------------------------------------------
Sat Feb 8 08:21:01 UTC 2014 - wr@rosenauer.org
- replaced locale source archive because the old one was broken
by wrong upstream tagging (bnc#862831)
-------------------------------------------------------------------
Tue Feb 4 10:18:33 UTC 2014 - wr@rosenauer.org
- update to SeaMonkey 2.24 (bnc#861847)
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864)
Clone protected content with XBL scopes
* MFSA 2014-03/CVE-2014-1480 (bmo#916726)
UI selection timeout missing on download prompts
* MFSA 2014-04/CVE-2014-1482 (bmo#943803)
Incorrect use of discarded images by RasterImage
* MFSA 2014-05/CVE-2014-1483 (bmo#950427)
Information disclosure with *FromPoint on iframes
* MFSA 2014-07/CVE-2014-1485 (bmo#910139)
XSLT stylesheets treated as styles in Content Security Policy
* MFSA 2014-08/CVE-2014-1486 (bmo#942164)
Use-after-free with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592)
Cross-origin information leak through web workers
* MFSA 2014-11/CVE-2014-1488 (bmo#950604)
Crash when using web workers with asm.js
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
(bmo#934545, bmo#930874, bmo#930857)
NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056)
Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4
- removed obsolete mozilla-bug929439.patch
-------------------------------------------------------------------
Fri Dec 13 21:30:38 UTC 2013 - uweigand@de.ibm.com
- Add support for powerpc64le-linux.
* ppc64le-support.patch: general support
* libffi-ppc64le.patch: libffi backport
* xpcom-ppc64le.patch: port xpcom
- Add build fix from mainline.
* mozilla-bug929439.patch
-------------------------------------------------------------------
Wed Dec 11 11:13:16 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.23 (bnc#854367, bnc#854370))
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294)
Application Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161)
Character encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262)
Sandbox restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841)
Potential overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736)
Linux clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)
- rebased patches:
* mozilla-nongnome-proxies.patch
* mozilla-shared-nss-db.patch
-------------------------------------------------------------------
Wed Oct 30 18:07:33 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.22 (bnc#847708)
* rebased patches
* requires NSS 3.15.2 or higher
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
Miscellaneous memory safety hazards
* MFSA 2013-94/CVE-2013-5593 (bmo#868327)
Spoofing addressbar through SELECT element
* MFSA 2013-95/CVE-2013-5604 (bmo#914017)
Access violation with XSLT and uninitialized data
* MFSA 2013-96/CVE-2013-5595 (bmo#916580)
Improperly initialized memory and overflows in some JavaScript
functions
* MFSA 2013-97/CVE-2013-5596 (bmo#910881)
Writing to cycle collected object during image decoding
* MFSA 2013-98/CVE-2013-5597 (bmo#918864)
Use-after-free when updating offline cache
* MFSA 2013-99/CVE-2013-5598 (bmo#920515)
Security bypass of PDF.js checks using iframes
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
(bmo#915210, bmo#915576, bmo#916685)
Miscellaneous use-after-free issues found through ASAN fuzzing
* MFSA 2013-101/CVE-2013-5602 (bmo#897678)
Memory corruption in workers
* MFSA 2013-102/CVE-2013-5603 (bmo#916404)
Use-after-free in HTML document templates
-------------------------------------------------------------------
Tue Sep 17 15:51:02 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.21 (bnc#840485)
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
Miscellaneous memory safety hazards
* MFSA 2013-77/CVE-2013-1720 (bmo#888820)
Improper state in HTML5 Tree Builder with templates
* MFSA 2013-78/CVE-2013-1721 (bmo#890277)
Integer overflow in ANGLE library
* MFSA 2013-79/CVE-2013-1722 (bmo#893308)
Use-after-free in Animation Manager during stylesheet cloning
* MFSA 2013-80/CVE-2013-1723 (bmo#891292)
NativeKey continues handling key messages after widget is destroyed
* MFSA 2013-81/CVE-2013-1724 (bmo#894137)
Use-after-free with select element
* MFSA 2013-82/CVE-2013-1725 (bmo#876762)
Calling scope for new Javascript objects can lead to memory corruption
* MFSA 2013-85/CVE-2013-1728 (bmo#883686)
Uninitialized data in IonMonkey
* MFSA 2013-88/CVE-2013-1730 (bmo#851353)
Compartment mismatch re-attaching XBL-backed nodes
* MFSA 2013-89/CVE-2013-1732 (bmo#883514)
Buffer overflow with multi-column, lists, and floats
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
Memory corruption involving scrolling
* MFSA 2013-91/CVE-2013-1737 (bmo#907727)
User-defined properties on DOM proxies get the wrong "this" object
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
GC hazard with default compartments and frame chain restoration
- requires NSS 3.15.1
-------------------------------------------------------------------
Mon Aug 5 17:26:03 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.20 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
Miscellaneous memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313)
Use after free mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865)
Buffer underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924)
Crash during WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253)
Document URI misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368)
CRMF requests allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829)
Bypass of XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098)
Wrong principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787)
Same-origin bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file system
- requires NSPR 4.10 and NSS 3.15
- removed obsolete seamonkey-shared-nss-db.patch
-------------------------------------------------------------------
Sat Jun 29 14:22:45 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.19 (bnc#825935)
* removed obsolete patches
+ mozilla-gstreamer-760140.patch
* GStreamer support does not build on 12.1 anymore (build only
on 12.2 and later)
* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
Miscellaneous memory safety hazards
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
Memory corruption found using Address Sanitizer
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
Privileged content access and execution via XBL
* MFSA 2013-52/CVE-2013-1688 (bmo#873966)
Arbitrary code execution within Profiler
* MFSA 2013-53/CVE-2013-1690 (bmo#857883)
Execution of unmapped memory through onreadystatechange event
* MFSA 2013-54/CVE-2013-1692 (bmo#866915)
Data in the body of XHR HEAD requests leads to CSRF attacks
* MFSA 2013-55/CVE-2013-1693 (bmo#711043)
SVG filters can lead to information disclosure
* MFSA 2013-56/CVE-2013-1694 (bmo#848535)
PreserveWrapper has inconsistent behavior
* MFSA 2013-57/CVE-2013-1695 (bmo#849791)
Sandbox restrictions not applied to nested frame elements
* MFSA 2013-58/CVE-2013-1696 (bmo#761667)
X-Frame-Options ignored when using server push with multi-part
responses
* MFSA 2013-59/CVE-2013-1697 (bmo#858101)
XrayWrappers can be bypassed to run user defined methods in a
privileged context
* MFSA 2013-60/CVE-2013-1698 (bmo#876044)
getUserMedia permission dialog incorrectly displays location
* MFSA 2013-61/CVE-2013-1699 (bmo#840882)
Homograph domain spoofing in .com, .net and .name
-------------------------------------------------------------------
Tue May 28 20:52:21 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.17.1
-------------------------------------------------------------------
Tue Apr 9 06:45:05 UTC 2013 - wr@rosenauer.org
- revert to use GStreamer 0.10 on 12.3 (bnc#814101)
-------------------------------------------------------------------
Tue Apr 2 14:18:30 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.17 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* mozilla-webrtc-ppc.patch included upstream
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
* MFSA 2013-39/CVE-2013-0792 (bmo#722831)
Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
-------------------------------------------------------------------
Fri Mar 15 17:34:54 UTC 2013 - pcerny@suse.com
- update to SeaMonkey 2.16.2
-------------------------------------------------------------------
Sat Mar 9 09:15:53 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.16.1 (bnc#808243)
* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
Use-after-free in HTML Editor
-------------------------------------------------------------------
Mon Feb 18 07:41:44 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.16 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783/2013-0784
Miscellaneous memory safety hazards
* MFSA 2013-22/CVE-2013-0772 (bmo#801366)
Out-of-bounds read in image rendering
* MFSA 2013-23/CVE-2013-0765 (bmo#830614)
Wrapped WebIDL objects can be wrapped again
* MFSA 2013-24/CVE-2013-0773 (bmo#809652)
Web content bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193)
Privacy leak in JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095)
Use-after-free in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475)
Phishing on HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow issues
found using Address Sanitizer
- removed obsolete patches
* mozilla-webrtc.patch
* mozilla-gstreamer-803287.patch
-------------------------------------------------------------------
Mon Feb 4 12:27:38 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.15.2
* Applications could not be removed from the "Application details"
dialog under Preferences, Helper Applications (bmo#826771).
* View / Message Body As could show menu items out of context
(bmo#831348)
-------------------------------------------------------------------
Sun Jan 20 09:15:53 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.15.1
* backed out bmo#677092 (removed patch)
* fixed problems involving HTTP proxy transactions
-------------------------------------------------------------------
Sun Jan 13 16:38:35 UTC 2013 - wr@rosenauer.org
- backed out restartless language packs as it broke multi-locale
setup (bmo#677092, bmo#818468)
-------------------------------------------------------------------
Tue Jan 8 18:32:43 UTC 2013 - wr@rosenauer.org
- update to SeaMonkey 2.15 (bnc#796895)
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
Use-after-free and buffer overflow issues found using Address Sanitizer
* MFSA 2013-03/CVE-2013-0768 (bmo#815795)
Buffer Overflow in Canvas
* MFSA 2013-04/CVE-2012-0759 (bmo#802026)
URL spoofing in addressbar during page loads
* MFSA 2013-05/CVE-2013-0744 (bmo#814713)
Use-after-free when displaying table with many columns and column groups
* MFSA 2013-06/CVE-2013-0751 (bmo#790454)
Touch events are shared across iframes
* MFSA 2013-07/CVE-2013-0764 (bmo#804237)
Crash due to handling of SSL on threads
* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
AutoWrapperChanger fails to keep objects alive during garbage collection
* MFSA 2013-09/CVE-2013-0746 (bmo#816842)
Compartment mismatch with quickstubs returned values
* MFSA 2013-10/CVE-2013-0747 (bmo#733305)
Event manipulation in plugin handler to bypass same-origin policy
* MFSA 2013-11/CVE-2013-0748 (bmo#806031)
Address space layout leaked in XBL objects
* MFSA 2013-12/CVE-2013-0750 (bmo#805121)
Buffer overflow in Javascript string concatenation
* MFSA 2013-13/CVE-2013-0752 (bmo#805024)
Memory corruption in XBL with XML bindings containing SVG
* MFSA 2013-14/CVE-2013-0757 (bmo#813901)
Chrome Object Wrapper (COW) bypass through changing prototype
* MFSA 2013-15/CVE-2013-0758 (bmo#813906)
Privilege escalation through plugin objects
* MFSA 2013-16/CVE-2013-0753 (bmo#814001)
Use-after-free in serializeToStream
* MFSA 2013-17/CVE-2013-0754 (bmo#814026)
Use-after-free in ListenerManager
* MFSA 2013-18/CVE-2013-0755 (bmo#814027)
Use-after-free in Vibrate
* MFSA 2013-19/CVE-2013-0756 (bmo#814029)
Use-after-free in Javascript Proxy objects
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
- reenable WebRTC
- added mozilla-libproxy-compat.patch for libproxy API compat
on openSUSE 11.2 and earlier
-------------------------------------------------------------------
Tue Dec 18 13:08:40 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.14.1
* fix regressions from 2.14 release
-------------------------------------------------------------------
Tue Nov 20 20:44:06 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.14 (bnc#790140)
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
Miscellaneous memory safety hazards
* MFSA 2012-92/CVE-2012-4202 (bmo#758200)
Buffer overflow while rendering GIF images
* MFSA 2012-93/CVE-2012-4201 (bmo#747607)
evalInSanbox location context incorrectly applied
* MFSA 2012-94/CVE-2012-5836 (bmo#792857)
Crash when combining SVG text on path with CSS
* MFSA 2012-96/CVE-2012-4204 (bmo#778603)
Memory corruption in str_unescape
* MFSA 2012-97/CVE-2012-4205 (bmo#779821)
XMLHttpRequest inherits incorrect principal within sandbox
* MFSA 2012-99/CVE-2012-4208 (bmo#798264)
XrayWrappers exposes chrome-only properties when not in chrome
compartment
* MFSA 2012-100/CVE-2012-5841 (bmo#805807)
Improper security filtering for cross-origin wrappers
* MFSA 2012-101/CVE-2012-4207 (bmo#801681)
Improper character decoding in HZ-GB-2312 charset
* MFSA 2012-103/CVE-2012-4209 (bmo#792405)
Frames can shadow top.location
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
Use-after-free and buffer overflow issues found using Address
Sanitizer
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
Use-after-free, buffer overflow, and memory corruption issues
found using Address Sanitizer
- rebased patches
- disabled WebRTC since build is broken (bmo#776877)
-------------------------------------------------------------------
Sat Oct 27 08:59:58 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.13.2 (bnc#786522)
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
(bmo#800666, bmo#793121, bmo#802557)
Fixes for Location object issues
-------------------------------------------------------------------
Fri Oct 12 07:33:18 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.13.1 (bnc#783533)
* MFSA 2012-88/CVE-2012-4191 (bmo#798045)
Miscellaneous memory safety hazards
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
defaultValue security checks not applied
-------------------------------------------------------------------
Mon Oct 8 20:32:50 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.13 (bnc#783533)
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
Miscellaneous memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294)
select element persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649)
Continued access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868)
Some DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770)
DOS and crash with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867)
Crash with invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260)
GetProperty function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527)
top object and location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
Chrome Object Wrapper (COW) does not disallow acces to privileged
functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009)
Spoofing and script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read issues
found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188
Heap memory corruption issues found using Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)
Use-after-free in the IME State Manager
- requires NSPR 4.9.2
- improve GStreamer integration (bmo#760140)
-------------------------------------------------------------------
Mon Sep 10 20:18:35 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.12.1 (bnc#779936)
* Sites visited while in Private Browsing mode could be found
through manual browser cache inspection (bmo#787743)
-------------------------------------------------------------------
Mon Aug 27 12:26:38 UTC 2012 - wr@rosenauer.org
- update to SeaMonkey 2.12 (bnc#777588)
* MFSA 2012-57/CVE-2012-1970
Miscellaneous memory safety hazards
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
Use-after-free issues found using Address Sanitizer
* MFSA 2012-59/CVE-2012-1956 (bmo#756719)
Location object can be shadowed using Object.defineProperty
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
Memory corruption with bitmap format images with negative height
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
WebGL use-after-free and memory corruption
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
SVG buffer overflow and use-after-free issues
* MFSA 2012-64/CVE-2012-3971
Graphite 2 memory corruption
* MFSA 2012-65/CVE-2012-3972 (bmo#746855)
Out-of-bounds read in format-number in XSLT
* MFSA 2012-68/CVE-2012-3975 (bmo#770684)
DOMParser loads linked resources in extensions when parsing
text/html
* MFSA 2012-69/CVE-2012-3976 (bmo#768568)
Incorrect site SSL certificate data display
* MFSA 2012-70/CVE-2012-3978 (bmo#770429)
Location object security checks bypassed by chrome code
- enable GStreamer for 12.1 and higher
- use internal libjpeg
-------------------------------------------------------------------
Sun Jul 29 16:59:17 UTC 2012 - wr@rosenauer.org
- import PPC patch from Firefox:
* add patches for bmo#750620 and bmo#746112
* fix xpcshell segfault on ppc
-------------------------------------------------------------------
Mon Jul 16 09:35:54 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.11 (bnc#771583)
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
Miscellaneous memory safety hazards
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
Gecko memory corruption
* MFSA 2012-45/CVE-2012-1955 (bmo#757376)
Spoofing issue with location
* MFSA 2012-47/CVE-2012-1957 (bmo#750096)
Improper filtering of javascript in HTML feed-view
* MFSA 2012-48/CVE-2012-1958 (bmo#750820)
use-after-free in nsGlobalWindow::PageHidden
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
Same-compartment Security Wrappers can be bypassed
* MFSA 2012-50/CVE-2012-1960 (bmo#761014)
Out of bounds read in QCMS
* MFSA 2012-51/CVE-2012-1961 (bmo#761655)
X-Frame-Options header ignored when duplicated
* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
JSDependentString::undepend string conversion results in memory
corruption
* MFSA 2012-53/CVE-2012-1963 (bmo#767778)
Content Security Policy 1.0 implementation errors cause data
leakage
* MFSA 2012-56/CVE-2012-1967 (bmo#758344)
Code execution through javascript: URLs
* relicensed to MPL-2.0
- updated/removed patches
- requires NSS 3.13.5
-------------------------------------------------------------------
Fri Jun 15 07:50:18 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.10.1
-------------------------------------------------------------------
Mon Jun 4 06:03:00 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.10 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
Content Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
Information disclosure though Windows file shares and shortcut
files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
Use-after-free while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using Address
Sanitizer
- requires NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
-------------------------------------------------------------------
Mon Apr 30 07:30:14 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.9.1
* fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using "Fetch Headers Only"
(bmo#748865)
- Received messages contain parts of other messages with
movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)
-------------------------------------------------------------------
Fri Apr 27 10:21:24 UTC 2012 - wr@rosenauer.org
- fixed build with gcc 4.7
-------------------------------------------------------------------
Mon Apr 23 14:28:50 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.9 (bnc#758408)
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds
-------------------------------------------------------------------
Sat Apr 21 12:29:55 UTC 2012 - wr@rosenauer.org
- update to 2.9b4
- added mozilla-sle11.patch and add exceptions to be able to build
for SLE11/11.1
- exclude broken gl locale from build
- fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch
- added mozilla-gcc47.patch and mailnews-literals.patch to fix
compilation issues with recent gcc 4.7
-------------------------------------------------------------------
Tue Mar 13 15:19:56 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.8 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511)
XSS with multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446)
Crash when accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards
- explicitely build-require X libs
-------------------------------------------------------------------
Thu Feb 16 15:55:03 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.7.2 (bnc#747328)
* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow
-------------------------------------------------------------------
Thu Feb 9 12:36:02 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.7.1 (bnc#746616)
* MFSA 2012-10/CVE-2012-0452 (bmo#724284)
use after free in nsXBLDocumentInfo::ReadPrototypeBindings
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)
-------------------------------------------------------------------
Tue Jan 31 22:16:33 UTC 2012 - wr@rosenauer.org
- update to Seamonkey 2.7 (bnc#744275)
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards
* MFSA 2012-03/CVE-2012-0445 (bmo#701071)
<iframe> element exposed across domains via name attribute
* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
Child nodes from nsDOMAttribute still accessible after removal
of nodes
* MFSA 2012-05/CVE-2012-0446 (bmo#705651)
Frame scripts calling into untrusted objects bypass security
checks
* MFSA 2012-06/CVE-2012-0447 (bmo#710079)
Uninitialized memory appended when encoding icon images may
cause information disclosure
* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
Potential Memory Corruption When Decoding Ogg Vorbis files
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
Crash with malformed embedded XSLT stylesheets
-------------------------------------------------------------------
Sat Dec 24 12:48:01 UTC 2011 - wr@rosenauer.org
- update to Seamonkey 2.6.1
* (strongparent) parentNode of element gets lost (bmo#335998)
-------------------------------------------------------------------
Sun Dec 18 13:18:13 UTC 2011 - wr@rosenauer.org
- update to 2.6 (bnc#737533)
* MFSA 2011-53/CVE-2011-3660
Miscellaneous memory safety hazards (rv:9.0)
* MFSA 2011-54/CVE-2011-3661 (bmo#691299)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
nsSVGValue out-of-bounds access
* MFSA 2011-56/CVE-2011-3663 (bmo#704482)
Key detection without JavaScript via SVG animation
* MFSA 2011-58/VE-2011-3665 (bmo#701259)
Crash scaling <video> to extreme sizes
-------------------------------------------------------------------
Thu Nov 24 13:50:17 UTC 2011 - pcerny@suse.com
- update to 2.5 (bnc#728520)
* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182)
Code execution via NoWaiverWrapper
-------------------------------------------------------------------
Mon Oct 3 07:31:08 UTC 2011 - wr@rosenauer.org
- update to minor release 2.4.1
* fixed staged addon updates
-------------------------------------------------------------------
Mon Sep 26 12:42:54 UTC 2011 - wr@rosenauer.org
- update to 2.4 (bnc#720264)
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
Miscellaneous memory safety hazards
* MFSA 2011-39/CVE-2011-3000 (bmo#655389)
Defense against multiple Location headers due to CRLF Injection
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
Code installation through holding down Enter
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
Potentially exploitable WebGL crashes
* MFSA 2011-42/CVE-2011-3232 (bmo#653672)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-43/CVE-2011-3004 (bmo#653926)
loadSubScript unwraps XPCNativeWrapper scope parameter
* MFSA 2011-44/CVE-2011-3005 (bmo#675747)
Use after free reading OGG headers
* MFSA 2011-45
Inferring keystrokes from motion data
- removed obsolete mozilla-cairo-lcd.patch
- rebased patches
- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
mozilla.sh.in (bnc#680758)
-------------------------------------------------------------------
Wed Sep 14 07:07:13 UTC 2011 - wr@rosenauer.org
- add dbus-1-glib-devel to BuildRequires (not pulled in
automatically with 12.1)
-------------------------------------------------------------------
Wed Sep 7 14:30:34 UTC 2011 - pcerny@suse.com
- security update to 2.3.3 (bnc#714931)
* Complete blocking of certificates issued by DigiNotar
(bmo#683449)
-------------------------------------------------------------------
Fri Sep 2 14:40:07 UTC 2011 - pcerny@suse.com
- security update to 2.3.2 (bnc#714931)
* MFSA 2011-34
Protection against fraudulent DigiNotar certificates
(bmo#682927)
-------------------------------------------------------------------
Mon Aug 15 10:17:55 UTC 2011 - wr@rosenauer.org
- update to version 2.3 (bnc#712224)
included security fixes
* CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
Miscellaneous memory safety hazards
* CVE-2011-2993 (bmo#657267)
Unsigned scripts can call script inside signed JAR
* CVE-2011-2988 (bmo#665934)
Heap overflow in ANGLE library
* CVE-2011-0084 (bmo#648094)
Crash in SVGTextElement.getCharNumAtPosition()
* CVE-2011-2990
Credential leakage using Content Security Policy reports
* CVE-2011-2986 (bmo#655836)
Cross-origin data theft using canvas and Windows D2D
* Gecko 6
* removed obsolete mozilla-gio.patch
-------------------------------------------------------------------
Fri Jul 8 11:17:15 UTC 2011 - wr@rosenauer.org
- update to version 2.2
* Gecko 5
included fixes for security issues: (bnc#701296, bnc#700578)
* MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
Miscellaneous memory safety hazards
* MFSA 2011-20/CVE-2011-2373 (bmo#617247)
Use-after-free vulnerability when viewing XUL document with
script disabled
* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
Memory corruption due to multipart/x-mixed-replace images
* MFSA 2011-22/CVE-2011-2371 (bmo#664009)
Integer overflow and arbitrary code execution in
Array.reduceRight()
* MFSA 2011-25/CVE-2011-2366
Stealing of cross-domain images using WebGL textures
* MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
Multiple WebGL crashes
* MFSA 2011-27/CVE-2011-2369 (bmo#650001)
XSS encoding hazard with inline SVG
* MFSA 2011-28/CVE-2011-2370 (bmo#645699)
Non-whitelisted site can trigger xpinstall
-------------------------------------------------------------------
Mon Jun 13 07:20:26 UTC 2011 - wr@rosenauer.org
- use faster version for find-external-requires.sh
(from Petr Cerny)
- removed obsolete default preferences
- ported UA locale fix (bnc#582654)
- updated supported locale RPM tags
-------------------------------------------------------------------
Fri Jun 10 09:33:25 UTC 2011 - wr@rosenauer.org
- major update to version 2.1
* Gecko 2.0 (with all its features)
- avoid __DATE__ and __TIME__ usage
-------------------------------------------------------------------
Wed Mar 23 06:32:52 UTC 2011 - wr@rosenauer.org
- security update to version 2.0.13 (bnc#680771)
* MFSA 2011-11 (bmo#642395)
Update HTTPS certificate blacklist
-------------------------------------------------------------------
Mon Jan 24 09:31:58 UTC 2011 - wr@rosenauer.org
- security update to version 2.0.12 (bnc#667155)
* MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
* MFSA 2011-02/CVE-2011-0051 (bmo#616659)
Recursive eval call causes confirm dialogs to evaluate to true
* MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
Use-after-free error in JSON.stringify
* MFSA 2011-04/CVE-2011-0054 (bmo#615657)
Buffer overflow in JavaScript upvarMap
* MFSA 2011-05/CVE-2011-0056 (bmo#622015)
Buffer overflow in JavaScript atom map
* MFSA 2011-06/CVE-2011-0057 (bmo#626631)
Use-after-free error using Web Workers
* MFSA 2011-08/CVE-2010-1585 (bmo#562547)
ParanoidFragmentSink allows javascript: URLs in chrome documents
* MFSA 2011-09/CVE-2011-0061 (bmo#610601)
Crash caused by corrupted JPEG image
* MFSA 2011-10/CVE-2011-0059 (bmo#573873)
CSRF risk with plugins and 307 redirects
-------------------------------------------------------------------
Mon Jan 10 10:39:10 UTC 2011 - wr@rosenauer.org
- add x-scheme-handlers to desktop files as needed by newer Gnome
environment
-------------------------------------------------------------------
Thu Nov 25 12:44:29 UTC 2010 - wr@rosenauer.org
- security update to version 2.0.11 (bnc#657016)
* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
* MFSA 2010-75/CVE-2010-3769 (bmo#608336)
Buffer overflow while line breaking after document.write with
long string
* MFSA 2010-76/CVE-2010-3771 (bmo#609437)
Chrome privilege escalation with window.open and <isindex> element
* MFSA 2010-77/CVE-2010-3772 (bmo#594547)
Crash and remote code execution using HTML tags inside a XUL tree
* MFSA 2010-78/CVE-2010-3768 (bmo#527276)
Add support for OTS font sanitizer
* MFSA 2010-79/CVE-2010-3775
Java security bypass from LiveConnect loaded via data: URL
meta refresh
* MFSA 2010-80/CVE-2010-3766 (bmo#590771)
Use-after-free error with nsDOMAttribute MutationObserver
* MFSA 2010-81/CVE-2010-3767 (bmo#599468)
Integer overflow vulnerability in NewIdArray
* MFSA 2010-82/CVE-2010-3773 (bmo#554449)
Incomplete fix for CVE-2010-0179
* MFSA 2010-83/VE-2010-3774 (bmo#602780)
Location bar SSL spoofing using network error page
* MFSA 2010-84/CVE-2010-3770 (bmo#601429)
XSS hazard in multiple character encodings
-------------------------------------------------------------------
Wed Oct 27 21:15:08 CEST 2010 - wr@rosenauer.org
- security update to version 2.0.10 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion
-------------------------------------------------------------------
Thu Oct 7 11:15:21 CEST 2010 - wr@rosenauer.org
- security update to version 2.0.9 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734)
XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange
* removed upstreamed mozilla-helper-app.patch
- require mozilla-nss >= 3.12.8
-------------------------------------------------------------------
Wed Sep 15 09:44:09 CEST 2010 - wr@rosenauer.org
- update to 2.0.8
* fixing startup topcrash (bmo#594699)
* add "face" to the list of white-listed attributes (bmo#592601)
- added Cairo LCD filter patch to enable subpixel hinting where
supported (bnc#638186) (mozilla-cairo-lcd.patch)
-------------------------------------------------------------------
Thu Aug 26 08:51:34 CEST 2010 - wr@rosenauer.org
- security upate to 2.0.7 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument
* MFSA 2010-60/CVE-2010-2763 (bmo#585284)
XSS using SJOW scripted function
* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using <object> type
attribute
* MFSA 2010-62/CVE-2010-2769 (bmo#520189)
Copy-and-paste or drag-and-drop into designMode document allows
XSS
* MFSA 2010-63/CVE-2010-2764 (bmo#552090)
Information leak via XMLHttpRequest statusText
- always use internal cairo (bnc#622375, bnc#626042)
-------------------------------------------------------------------
Fri Jul 16 07:36:06 CEST 2010 - wr@rosenauer.org
- security update to 2.0.6 (bnc#622506)
* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
Miscellaneous memory safety hazards
* MFSA 2010-35/CVE-2010-1208 (bmo#572986)
DOM attribute cloning remote code execution vulnerability
* MFSA 2010-36/CVE-2010-1209 (bmo#552110)
Use-after-free error in NodeIterator
* MFSA 2010-37/CVE-2010-1214 (bmo#572985)
Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability
* MFSA 2010-39/CVE-2010-2752 (bmo#574059)
nsCSSValue::Array index integer overflow
* MFSA 2010-40/CVE-2010-2753 (bmo#571106)
nsTreeSelection dangling pointer remote code execution
vulnerability
* MFSA 2010-41/CVE-2010-1205 (bmo#570451)
Remote code execution using malformed PNG image
* MFSA 2010-42/CVE-2010-1213 (bmo#568148)
Cross-origin data disclosure via Web Workers and importScripts
* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
Multiple location bar spoofing vulnerabilities
* MFSA 2010-46/CVE-2010-0654 (bmo#524223)
Cross-domain data theft using CSS
* MFSA 2010-47/CVE-2010-2754 (bmo#568564)
Cross-origin data leakage from script filename in error messages
-------------------------------------------------------------------
Fri May 7 08:13:07 CEST 2010 - wr@rosenauer.org
- security update to 2.0.5 (bnc#603356)
* MFSA 2010-25/CVE-2010-1121 (bmo#555109)
Re-use of freed object due to scope confusion
* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
CVE-2010-1203
Crashes with evidence of memory corruption (rv:1.9.1.10)
* MFSA 2010-27/CVE-2010-0183 (bmo#557174)
Use-after-free error in nsCycleCollector::MarkRoots()
* MFSA 2010-28/CVE-2010-1198 (bmo#532246)
Freed object reuse across plugin instances
* MFSA 2010-29/CVE-2010-1196 (bmo#534666)
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
* MFSA 2010-30/CVE-2010-1199 (bmo#554255)
Integer Overflow in XSLT Node Sorting
* MFSA 2010-31/CVE-2010-1125 (bmo#552255)
focus() behavior can be used to inject or steal keystrokes
* MFSA 2010-32/CVE-2010-1197 (bmo#537120)
Content-Disposition: attachment ignored if
Content-Type: multipart also present
* MFSA 2010-33/CVE-2008-5913 (bmo#475585)
User tracking across sites using Math.random()
-------------------------------------------------------------------
Wed Mar 17 23:40:16 CET 2010 - wr@rosenauer.org
- security update to 2.0.4 (bnc#586567)
* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption
* MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
Remote code execution with use-after-free in nsTreeSelection
* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-19/CVE-2010-0177 (bmo#538310)
Dangling pointer vulnerability in nsPluginArray
* MFSA 2010-20/CVE-2010-0178 (bmo#546909)
Chrome privilege escalation via forced URL drag and drop
* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication
* MFSA 2010-23/CVE-2010-0181 (bmo#452093)
Image src redirect to mailto: URL opens email editor
* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn't check nsIContentPolicy
-------------------------------------------------------------------
Wed Feb 24 07:10:39 CET 2010 - wr@rosenauer.org
- added translation subpackages
-------------------------------------------------------------------
Wed Feb 17 22:14:57 CET 2010 - wr@rosenauer.org
- security update to 2.0.3 (bnc#576969)
* MFSA-2010-01/CVE-2010-0159
Crashes with evidence of memory corruption
* MFSA-2010-02/CVE-2010-0160
Web Worker Array Handling Heap Corruption Vulnerability
* MFSA-2010-03/CVE-2009-1571 (bmo#526500)
Use-after-free crash in HTML parser
* MFSA-2010-04/CVE-2009-3988 (bmo#504862)
XSS due to window.dialogArguments being readable cross-domain
* MFSA-2010-05/CVE-2010-0162 (bmo#455472)
XSS hazard using SVG document and binary Content-Type
-------------------------------------------------------------------
Mon Jan 18 15:11:34 CET 2010 - vuntz@opensuse.org
- Remove unneeded orbit-devel BuildRequires.
-------------------------------------------------------------------
Wed Jan 6 00:20:41 CET 2010 - wr@rosenauer.org
- stability update to 2.0.2 (bnc#568011)
* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)
-------------------------------------------------------------------
Thu Dec 10 19:53:20 CET 2009 - wr@rosenauer.org
- security update to 2.0.1 (bnc#559807)
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
Crashes with evidence of memory corruption (rv:1.9.1.6)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
Memory safety fixes in liboggplay media library
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
Integer overflow, crash in libtheora video library
* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities
* MFSA 2009-70/VE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener
-------------------------------------------------------------------
Mon Oct 19 15:36:56 CEST 2009 - wr@rosenauer.org
- update to 2.0rc2 which might become the final 2.0 version
* based on final Gecko 1.9.1.4 (build3)
-------------------------------------------------------------------
Thu Oct 8 08:44:00 CEST 2009 - wr@rosenauer.org
- update to 2.0rc1
* based on Gecko 1.9.1.4
* removed upstreamed patches
* compatible with enigmail (bnc#544326, bnc#530811)
- fixed startup notification (bnc#518603)
(mozilla-startup-notification.patch)
-------------------------------------------------------------------
Mon Sep 14 15:32:10 CEST 2009 - wr@rosenauer.org
- update to 2.0b2
* removed obsolete mozilla-jemalloc_deepbind.patch and
mozilla-app-launcher.patch
- remove obsolete code for protocol handlers (bmo#389732)
- allow alternative button order for Gtk filechooser (bnc#527418)
- added mozilla-prefer_plugin_pref.patch to introduce a new set of
prefs to support preferring certain plugins for mime-types
- added mozilla-sysplugin-biarch.patch to use
/usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
-------------------------------------------------------------------
Thu Aug 20 11:04:44 CEST 2009 - wr@rosenauer.org
- added Provides and Obsoletes for package merge (bnc#532678)
- allow alternative button order for Gtk filechooser (bnc#527418)
-------------------------------------------------------------------
Tue Jul 28 13:08:01 CEST 2009 - wr@rosenauer.org
- fixed %exclude usage
-------------------------------------------------------------------
Tue Jul 21 17:27:43 CEST 2009 - wr@rosenauer.org
- update to 2.0b1
- added create-tar.sh to source package
- removed enigmail as it's provided as an own package built in
Thunderbird now
-------------------------------------------------------------------
Thu Jul 9 11:22:15 CEST 2009 - @rosenauer.org
- update to 2.0a3-20090707 snapshot
- define MOZ_APP_LAUNCHER for session management (bmo#453689)
(mozilla-app-launcher.patch and mozilla.sh.in)
- move intl.locale.matchOS to distribution specific prefs
(removed locale.patch)
- moved openSUSE specific prefs from greprefs to app prefs
- added mozilla-jemalloc_deepbind.patch to fix various possible
crashes (bnc#503151, bmo#493541)
- added seamonkey-no-update.patch to hide the update menu item
-------------------------------------------------------------------
Wed Jun 17 23:53:24 CEST 2009 - wr@rosenauer.org
- major update to 2.0a3-20090617
* based on Gecko 1.9.1
* ported to Mozilla's toolkit
-------------------------------------------------------------------
Sat Apr 11 18:50:51 CEST 2009 - wr@rosenauer.org
- security update to 1.1.16 (bnc#488955,489411,492354)
* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
Crash and remote code execution in XSL transformation
* MFSA 2009-13/CVE-2009-1044 (bmo#484320)
Arbitrary code execution via XUL tree moveToEdgeShift
-------------------------------------------------------------------
Thu Mar 19 09:34:34 CET 2009 - wr@rosenauer.org
- update to security release 1.1.15 (bnc#478625)
* MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
CVE-2009-0774:
Crashes with evidence of memory corruption (rv:1.9.0.7)
* MFSA 2009-09/CVE-2009-0776:
XML data theft via RDFXMLDataSource and cross-domain redirect
* MFSA 2009-10/CVE-2009-0040:
Upgrade PNG library to fix memory safety hazards
- use nss-shared-helper from 11.1 on which allows migrating to and
sharing with other applications using NSS
(can be disabled completely exporting MOZ_SM_NO_NSSHELPER=1)
-------------------------------------------------------------------
Wed Dec 17 15:19:44 EST 2008 - hfiguiere@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Mon Dec 15 16:11:58 CET 2008 - wr@rosenauer.org
- update to security release 1.1.14 (bnc#455804)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
-------------------------------------------------------------------
Mon Nov 17 12:31:07 CST 2008 - maw@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Tue Nov 11 16:00:40 CET 2008 - wr@rosenauer.org
- update to security release 1.1.13 (bnc#439841)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- fixed desktop file syntax and another rpmlint complaint
-------------------------------------------------------------------
Wed Oct 15 12:56:28 CDT 2008 - maw@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Tue Sep 23 12:25:26 CEST 2008 - wr@rosenauer.org
- update to security release 1.1.12 (bnc#429179)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- merged Factoy and mozilla versions (again)
-------------------------------------------------------------------
Fri Sep 5 21:07:41 CEST 2008 - mauro@suse.de
- Update to Seamonkey 1.1.11 [bnc#407573, bnc#416147]
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- update enigmail to 0.95.7
-------------------------------------------------------------------
Fri May 16 16:59:40 CEST 2008 - schwab@suse.de
- Remove unused includes.
-------------------------------------------------------------------
Wed Apr 9 20:13:47 CEST 2008 - maw@suse.de
- Merge changes and fixes from the build service.
-------------------------------------------------------------------
Wed Apr 2 23:19:53 CEST 2008 - maw@suse.de
- Security update to version 1.1.9 (bnc#370353):
+ MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant
(cross-tab popups)
+ MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket
connection to any local port via LiveConnect
+ MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client
Authentication
+ MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with
malformed URLs
+ MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with
evidence of memory corruption (rv:1.8.1.13)
+ MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:
JavaScript privilege escalation and arbitrary code execution
- Respin abuild.patch.
-------------------------------------------------------------------
Mon Mar 24 22:06:33 CET 2008 - maw@suse.de
- Add mozilla-missing-decl.patch, which is necessary when building
against new versions of mozilla-nss (bmo#399589).
-------------------------------------------------------------------
Tue Feb 12 00:45:18 CET 2008 - maw@suse.de
- Security update to version 1.1.8 (bnc#354469) (thanks, Wolfgang)
+ MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet
redirect
+ MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain
text files
+ MFSA 2008-06/CVE-2008-0419 Web browsing history and forward
navigation stealing
+ MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome:
URI
+ MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote
Code Execution
+ MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing
vulnerabilities
+ MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory
corruption (rv:1.8.1.12)
- Update enigmail to version 0.95.6.
-------------------------------------------------------------------
Thu Jan 17 18:25:48 CET 2008 - maw@suse.de
- Add mozilla-maxpathlen.patch (#354150 and bmo #412610).
-------------------------------------------------------------------
Tue Nov 13 16:47:45 CET 2007 - maw@suse.de
- Add seamonkey-gcc4.3-fixes.patch.
-------------------------------------------------------------------
Sat Oct 20 00:18:51 CEST 2007 - maw@suse.de
- security update to version 1.1.5 (#332512) (thanks, Wolfgang)
* MFSA 2007-29 Crashes with evidence of memory corruption
* MFSA 2007-30 onUnload Tailgating
* MFSA 2007-31 Digest authentication request splitting
* MFSA 2007-32 File input focus stealing vulnerability
* MFSA 2007-33 XUL pages can hide the window titlebar
* MFSA 2007-34 Possible file stealing through sftp protocol
* MFSA 2007-35 XPCNativeWraper pollution using Script object
complete advisories on
http://www.mozilla.org/projects/security/known-vulnerabilities.html
-------------------------------------------------------------------
Thu Sep 13 17:01:22 CEST 2007 - cthiel@suse.de
- recommend gpg instead of requireing fixed paths
-------------------------------------------------------------------
Wed Sep 12 18:51:18 CEST 2007 - maw@suse.de
- Added GPG/pinentry requirements (#309160)
- Don't run %fdupes on directories where multiple partitions
are liable to be mounted.
-------------------------------------------------------------------
Mon Sep 3 18:55:41 CEST 2007 - maw@suse.de
- Correct releasedate.
-------------------------------------------------------------------
Tue Aug 21 19:12:30 CEST 2007 - maw@suse.de
- Merge recent changes from the build service (thanks, Wolfgang):
+ Update to security release 1.1.4:
* MFSA 2007-26 Privilege escalation through chrome-loaded
about:blank windows
* MFSA 2007-27 Unescaped URIs passed to external programs
(only relevant on Windows)
+ Add gnome-vfs.patch to be able to use helper apps with parameters
+ Update enigmail to version 0.95.3
+ Fixed unreadable GIF in the LEO searchplugin
- Use %fdupes.
-------------------------------------------------------------------
Tue Aug 21 09:43:07 CEST 2007 - aj@suse.de
- Use openSUSE instead of SUSE Linux as bookmark.
-------------------------------------------------------------------
Wed Aug 15 15:07:00 CEST 2007 - maw@suse.de
- On x86_64, s390, and s390x, deactivate the hidden visibility
support, thereby fixing the build.
-------------------------------------------------------------------
Thu Jun 21 17:30:15 CEST 2007 - adrian@suse.de
- fix changelog entry order
-------------------------------------------------------------------
Wed Jun 20 08:53:59 CDT 2007 - maw@suse.de
- Don't hardcode /tmp anywhere; use %{_tmppath} instead.
-------------------------------------------------------------------
Tue Jun 19 12:52:13 CDT 2007 - maw@suse.de
- Merge updates to version 1.1.2 and enigmail version 0.95.0 from
the build service (thanks, Wolfgang)
- Don't build as root
- Add unzip as a build requirement.
-------------------------------------------------------------------
Thu Jun 7 16:04:48 CEST 2007 - sbrabec@suse.cz
- Removed invalid desktop Category "Application" (#254654).
-------------------------------------------------------------------
Wed May 2 16:50:48 CEST 2007 - stbinner@suse.de
- install .desktop files into /usr/share/applications
-------------------------------------------------------------------
Wed Dec 20 18:45:40 CET 2006 - mkoenig@suse.de
- fix build
-------------------------------------------------------------------
Thu Nov 16 17:32:26 CET 2006 - mkoenig@suse.de
- update to CVS version 20061107 from buildservice [#221676]
-------------------------------------------------------------------
Wed Nov 15 17:23:37 CET 2006 - sbrabec@suse.cz
- Fixed Requires/Provides correctly (#216100#c14).
-------------------------------------------------------------------
Fri Nov 3 17:38:20 CET 2006 - sbrabec@suse.cz
- Do not provide and require internal libraries (#216100).
- Use safer place for build-temporary files.
-------------------------------------------------------------------
Sat Oct 21 14:28:49 CEST 2006 - aj@suse.de
- from openSUSE Buildservice (thanks Wolfgang Rosenauer):
* update to SeaMonkey 1.1a-20060907
* update enigmail to 0.94.1: Added support for signing
attachments with inline-PGP
-------------------------------------------------------------------
Tue Sep 12 21:10:41 CEST 2006 - stark@suse.de
- update to security/stability release 1.0.5
- removed libaoss usage because it's too fragile
-------------------------------------------------------------------
Sun Aug 6 20:41:18 CEST 2006 - stark@suse.de
- update enigmail to 0.94.1
* Added support for signing attachments with inline-PGP
-------------------------------------------------------------------
Sun Aug 6 12:21:15 CEST 2006 - aj@suse.de
- Fix build (remove wrong extern "C").
-------------------------------------------------------------------
Sat Jul 29 22:46:38 CEST 2006 - stark@suse.de
- update to 1.0.4 fixing a major regression in 1.0.3 (#195402)
-------------------------------------------------------------------
Thu Jul 27 06:24:05 CEST 2006 - stark@suse.de
- update to security release 1.0.3 (#195043)
- fix overwrite confirmation for GTK filesaver (#179531)
- fixed printing crash if the last used printer is not available
anymore (#187013)
-------------------------------------------------------------------
Fri Jun 2 12:20:24 CEST 2006 - stark@suse.de
- update to security/stability release 1.0.2 (#179011)
(http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey)
-------------------------------------------------------------------
Sun May 14 21:00:33 CEST 2006 - stark@suse.de
- update to version 1.0.1+
- save printer settings properly (#174082, bmo #324072)
-------------------------------------------------------------------
Tue Apr 25 11:38:01 CEST 2006 - stark@suse.de
- added patch for iframe crash (#169039, bmo #334515)
- improved postscript output (bmo #334485)
- changed defaults for printer properties (#6534)
- get available paper sizes from CUPS (#65482)
- fixed memory leak in clipboard caching (bmo #289897)
-------------------------------------------------------------------
Thu Mar 16 22:38:44 CET 2006 - stark@suse.de
- added seamonkey icon to filelist and use it for mail and composer
component as well for now (#158556)
- also provide the old mozilla packagenames for correct upgrade
-------------------------------------------------------------------
Tue Mar 14 06:38:57 CET 2006 - stark@suse.de
- added Khmer (km-*) to pango locales (#157397)
- yet another set of upstream fixes (#148876)
-------------------------------------------------------------------
Sat Mar 4 22:07:20 CET 2006 - stark@suse.de
- fixed plugin inclusion if started from Thunderbird (#151614)
- fixed crash with multipart JPEGs (bmo #328684) (#140416)
- implemented mail alert notification (bmo #327613)
- get latest security related fixes from upstream (#148876)
- show multiple Reply-To addresses (bmo #106189)
-------------------------------------------------------------------
Fri Feb 24 14:19:32 CET 2006 - stark@suse.de
- dumpstack.patch is now in upstream patches
- added GTK category to desktop-files
- get more security/stability patches (#148876)
-------------------------------------------------------------------
Thu Feb 16 12:01:54 CET 2006 - stark@suse.de
- applied set of security patches (#148876)
fixed bmo bugs:
282105, 307989, 310638, 315411, 315625, 320459, 320851,
323634, 325005, 325403, 325947, 327126
- added GenericNames in desktop-files
- use new SeaMonkey logo for browser component in menus
-------------------------------------------------------------------
Tue Feb 7 20:09:07 CET 2006 - stark@suse.de
- fixed disabling of Pango (#148788)
-------------------------------------------------------------------
Thu Feb 2 21:52:52 CET 2006 - stark@suse.de
- removed heimdal patch for older distributions
- define gssapi lib explicitely (#147670)
-------------------------------------------------------------------
Mon Jan 30 08:29:45 CET 2006 - stark@suse.de
- merged (hopefully) last patch before final seamonkey 1.0 release
-------------------------------------------------------------------
Fri Jan 27 08:34:03 CET 2006 - stark@suse.de
- final 1.0 bits
- tweaked BuildRequires
- default to GTK2 filechooser if MOZ_XUL_PICKER is not set
(same behaviour as Firefox)
- fixed system NSS usage
-------------------------------------------------------------------
Wed Jan 25 21:41:31 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Jan 23 11:41:52 CET 2006 - stark@suse.de
- disable Pango if MOZ_ENABLE_PANGO is not set
and no typical language which needs Pango is used (#143428)
- preload libaoss for plugin sound (#117079)
- fix to ignore X composite extension (#135373)
- fix subfolder check for default account at startup (bmo #323980)
-------------------------------------------------------------------
Wed Jan 18 10:32:30 CET 2006 - stark@suse.de
- fixed DumpStackToFile for glibc 2.4
-------------------------------------------------------------------
Mon Jan 16 07:15:33 CET 2006 - stark@suse.de
- update to current 1.0 snapshot (20060115)
- update enigmail to 0.94.0
- use -fstack-protector where available
- use system NSS since CODE10
-------------------------------------------------------------------
Wed Dec 28 08:53:38 CET 2005 - stark@suse.de
- update to snapshot 1.8-20051227 (1.0b)
-------------------------------------------------------------------
Mon Dec 12 01:26:03 CET 2005 - stark@suse.de
- update to snapshot 1.8-20051211
- use plugins in /usr/lib/browser-plugins
- update enigmail to 0.93.2
- added gtk2 patch to avoid theme switch events (#134831)
- replace mozilla packages with seamonkey for 10.1 and above
-------------------------------------------------------------------
Mon Oct 24 07:21:28 CEST 2005 - stark@suse.de
- update to snapshot 1.8-20051024
- update enigmail to 0.93.0
- package renamed to seamonkey with new versioning
- moved to /usr/lib
-------------------------------------------------------------------
Tue Dec 28 07:57:19 CET 2004 - stark@suse.de
- removed obsolete translations from desktop-file
(will be automatically added from macro)
- update to 1.7.5 (20041220)
- update enigmail to 0.89.6
- update ipc to 1.1.2
- removed s390/s390x patch (included upstream)
- add compiler option to enable backchain for s390/s390x
inline assembling
- fixed extra lines in mail replies (bmo #144998)
- removed bounce patch (available as extension
mailredirect.mozdev.org)
- added gconf setting patch to get more gconf settings if
"use system settings" is used
- removed cross dependencies on release level
-------------------------------------------------------------------
Tue Nov 23 16:15:21 CET 2004 - ro@suse.de
- fix build on 8.2
-------------------------------------------------------------------
Thu Nov 18 15:45:39 CET 2004 - ro@suse.de
- use kerberos-devel-packages
-------------------------------------------------------------------
Wed Oct 13 14:39:35 CEST 2004 - uli@suse.de
- fixed ABI (s390*) and defines (s390x) thinkos, now actually works
on these platforms
-------------------------------------------------------------------
Wed Sep 29 20:55:27 CEST 2004 - stark@suse.de
- fixed path to RealPlayer plugin
-------------------------------------------------------------------
Tue Sep 28 19:17:12 CEST 2004 - stark@suse.de
- another change to fix initial localization
(thanks to mfabian)
-------------------------------------------------------------------
Sat Sep 25 12:39:12 CEST 2004 - stark@suse.de
- add ContentLocale parameter for initial localization (#44956)
- added patch for crasher in IMAP code (mozilla.org #257079)
- "no-cache" header was ignored for non-SSL sites
(mozilla.org #252023)
- added fixed version for mozilla.org bug #257308
- fix in download handling (mozilla.org #259890)
- fix for Ximian #65176 (mozilla.org #240068)
-------------------------------------------------------------------
Fri Sep 24 12:51:19 CEST 2004 - stark@suse.de
- enabled logging for non-debug builds to be able to get some
logfiles for debugging
-------------------------------------------------------------------
Fri Sep 17 23:11:03 CEST 2004 - stark@suse.de
- fixed broken patch-file
-------------------------------------------------------------------
Fri Sep 17 10:59:52 CEST 2004 - stark@suse.de
- added security fix for mozilla bug #258005
- trigger for java-1_4_2-sun-plugin (#45257)
-------------------------------------------------------------------
Wed Sep 15 17:48:46 CEST 2004 - ro@suse.de
- use version number directly
-------------------------------------------------------------------
Wed Sep 15 16:48:04 CEST 2004 - sbrabec@suse.cz
- Adopted mozilla.spec, so the same spec file can build also nvu.
-------------------------------------------------------------------
Fri Sep 10 09:17:50 CEST 2004 - stark@suse.de
- added some security related and crasher fixes:
* Visual indicators of site security appear for the wrong site
(mozilla.org #257308)
* mailnews crasher (mozilla.org #258386)
* fix arrow keys behaviour for GTK2 list boxes
(mozilla.org #219706)
* URL bar should not display passwords in URL
(mozilla.org #157354)
- fix enigmail configuration (#44971)
-------------------------------------------------------------------
Thu Sep 9 14:12:06 CEST 2004 - stark@suse.de
- added patch for AMD64 endianess in JS component
(#34743)
-------------------------------------------------------------------
Mon Sep 6 10:24:38 CEST 2004 - stark@suse.de
- added parts of the 1.7 branch
(including CUPS integration)
-------------------------------------------------------------------
Fri Sep 3 17:24:09 CEST 2004 - stark@suse.de
- update enigmail to 0.86.0
- reworked start-script to invoke mozilla start/stop scripts
-------------------------------------------------------------------
Tue Aug 24 00:16:09 CEST 2004 - ro@suse.de
- make sure we can call mozilla-make-package.pl
(do not rely on any permissions in RPM_SOURCE_DIR)
-------------------------------------------------------------------
Thu Aug 19 17:49:16 CEST 2004 - sbrabec@suse.cz
- README.installed-chrome: Added a sentence about scriptlet PreReq
(#43990).
-------------------------------------------------------------------
Thu Aug 12 08:00:45 CEST 2004 - stark@suse.de
- added patch for ppc64 build
-------------------------------------------------------------------
Thu Aug 5 06:39:38 CEST 2004 - stark@suse.de
- update to 1.7.2 with security fixes
- update enigmail to 0.85.0
- handle RealPlayer 9 plugin
- added calendar-fix init script to package
- fixed file-list (packages-unix) and kprinter config for Desktop
- disabled SVG for distributions older than 8.2
- modified bounce patch to not disturb language-packs
-------------------------------------------------------------------
Thu Aug 5 02:05:28 CEST 2004 - ro@suse.de
- recode desktop file to utf-8
-------------------------------------------------------------------
Fri Jun 18 07:25:02 CEST 2004 - stark@suse.de
- update to 1.7
- update enigmail to 0.84.1
- remove compreg.dat prior to rebuild-databases (#41481)
- no longer disable-xprint
- build with heimdal
(Support for Kerberos HTTP authentication using GSSAPI)
-------------------------------------------------------------------
Fri Jun 18 01:25:12 CEST 2004 - ro@suse.de
- added patch from garnome list to build with current freetype
-------------------------------------------------------------------
Thu May 6 11:01:52 CEST 2004 - stark@suse.de
- added patch to avoid compile-warnings
-------------------------------------------------------------------
Wed May 5 13:54:44 CEST 2004 - stark@suse.de
- update to 1.7rc1 (20040505)
- added patch to be able to bounce mail-messages
- update enigmail to 0.83.6
- added focus fix for gtkembedmoz
- changed behaviour of nullplugin
- removed x86-64 patch as it is now included upstream
- added new function in start script to start localized
according to the environment if correct language pack is
installed (for new profiles)
-------------------------------------------------------------------
Fri Apr 2 10:30:32 CEST 2004 - stark@suse.de
- removing relocation of TEMP directory (#34391)
-------------------------------------------------------------------
Thu Mar 25 10:15:49 CET 2004 - stark@suse.de
- install more needed files (#36085)
-------------------------------------------------------------------
Tue Mar 23 11:32:08 CET 2004 - uli@suse.de
- fixed hang during build on s390* (bug #35440)
-------------------------------------------------------------------
Mon Mar 15 21:00:30 CET 2004 - stark@suse.de
- use xft.js only for gtk1 builds (not default)
- removed obsolete stuff from package
- install menu-icons and use them (#35992)
- install some more files (#36085)
- renewed bookmark-changes
-------------------------------------------------------------------
Tue Mar 9 06:21:37 CET 2004 - stark@suse.de
- patch for keeping ui fonts (#35236)
-------------------------------------------------------------------
Sun Mar 7 23:20:23 CET 2004 - ro@suse.de
- match function declaration in enigmail mimedummy.cpp
-------------------------------------------------------------------
Wed Mar 3 21:46:56 CET 2004 - stark@suse.de
- fixed enigmail file-list (#35302)
- update enigmail to 0.83.4
-------------------------------------------------------------------
Mon Mar 1 13:08:01 CET 2004 - stark@suse.de
- improved xremote behaviour in relation to other mozilla products
(firefox, thunderbird) (#35179)
-------------------------------------------------------------------
Tue Feb 24 07:50:59 CET 2004 - stark@suse.de
- fixed inclusion of mozex extension
- added compiler flags for security/ (nss-opt.patch)
- update enigmail to 0.83.3
-------------------------------------------------------------------
Fri Feb 20 06:55:53 CET 2004 - stark@suse.de
- added build-fix for s390x (#32963)
- added mozex 1.07 to the package
-------------------------------------------------------------------
Wed Feb 4 08:50:11 CET 2004 - stark@suse.de
- fixed calendar filelist
- enabled freetype for xft builds to improve printing
-------------------------------------------------------------------
Wed Jan 28 12:49:04 CET 2004 - stark@suse.de
- update to enigmail 0.83.1
- fixed enigmail inclusion and activated it again
-------------------------------------------------------------------
Mon Jan 19 13:45:16 CET 2004 - stark@suse.de
- update to 1.6 (20040114)
- set PS printer list in mozilla.sh
- update to enigmail 0.83.0
(deactivated for now until a chrome issue is fixed)
- added mozilla-bonobo to plugin-handling
- use lib64 again for biarch platforms
- use kprinter and xft on SLEC (only for specfile-sharing)
- added fixed desktop files
-------------------------------------------------------------------
Mon Nov 3 09:15:49 CET 2003 - stark@suse.de
- apply mips build-fix
-------------------------------------------------------------------
Wed Oct 22 15:30:27 CEST 2003 - stark@suse.de
- require myspell-dictionary only since 9.0
-------------------------------------------------------------------
Wed Oct 15 17:02:50 CEST 2003 - stark@suse.de
- update to 1.5 (final)
-------------------------------------------------------------------
Mon Sep 29 13:42:39 CEST 2003 - stark@suse.de
- update to Mozilla 1.5rc2
- added patch to enable freetype2 printing in xft builds
- removed overlay-files from filelist (delete them in preun)
-------------------------------------------------------------------
Wed Sep 24 08:36:53 CEST 2003 - stark@suse.de
- added mozplugger to add-plugins.sh
- added patch to expunge IMAP folders if "remove immediately"
delete model is used
- update to 1.4.1
- update enigmail to 0.76.7
-------------------------------------------------------------------
Tue Sep 23 13:49:41 CEST 2003 - sbrabec@suse.cz
- Changed plugger->mozplugger (part of bug #31616).
-------------------------------------------------------------------
Thu Sep 18 09:29:15 CEST 2003 - coolo@suse.de
- make mozilla open URLs not files
-------------------------------------------------------------------
Tue Sep 16 10:51:42 CEST 2003 - stark@suse.de
- adopted RealPlayer inclusion for new path (#30990)
-------------------------------------------------------------------
Sun Sep 7 19:55:44 CEST 2003 - adrian@suse.de
- mozilla supports text/html MimeType
-------------------------------------------------------------------
Thu Sep 4 08:45:58 CEST 2003 - adrian@suse.de
- remove wrong start path in desktop file
-------------------------------------------------------------------
Mon Sep 1 20:30:27 CEST 2003 - adrian@suse.de
- install also desktop files for mail and composer
- make Mozilla start path FHS compliant
-------------------------------------------------------------------
Mon Aug 25 16:26:04 CEST 2003 - hhetter@suse.de
- revert from patch mentioned at Mozilla.org Bug #58613
to get epiphany and galeon to build
-------------------------------------------------------------------
Fri Aug 22 09:35:05 CEST 2003 - stark@suse.de
- another upstream sync
-------------------------------------------------------------------
Fri Aug 15 07:27:41 CEST 2003 - stark@suse.de
- again more CVS patches from mozilla.org
-------------------------------------------------------------------
Sun Aug 10 22:04:25 CEST 2003 - stark@suse.de
- updated enigmail to 0.76.5
-------------------------------------------------------------------
Fri Aug 8 08:10:39 CEST 2003 - stark@suse.de
- again more CVS patches from mozilla.org
- adapted x86-64 patch for 1.4
- clean up configure options
- use -fno-strict-aliasing (#28534)
-------------------------------------------------------------------
Thu Jul 31 11:21:00 CEST 2003 - stark@suse.de
- integrated more patches from mozilla.org
- fixed deinstallation of dict-links
- removed unneeded files from filelist (for milestone builds)
- removed update-desktop-files again because it's in
gtk2-devel-packages
-------------------------------------------------------------------
Wed Jul 30 07:07:52 CEST 2003 - stark@suse.de
- add-plugins.sh now links myspell-dictionaries for spellchecker
(#26290)
- added some bugfixes from mozilla.org
- added update-desktop-files to neededforbuild
-------------------------------------------------------------------
Tue Jul 29 08:24:05 CEST 2003 - stark@suse.de
- added make-definition for build with Linux 2.6.x
-------------------------------------------------------------------
Mon Jul 28 13:55:08 CEST 2003 - adrian@suse.de
- add Categories to desktop file
- TODO: create .desktop files for other Mozilla modules
-------------------------------------------------------------------
Wed Jul 23 07:22:13 CEST 2003 - stark@suse.de
- check if DISPLAY set correctly (#28098)
- set $TEMP to $HOME for acroread (#27929)
- workaround the BUILD_ROOT issue in xpti.dat
- update enigmail to 0.76.3
-------------------------------------------------------------------
Tue Jul 15 11:04:33 CEST 2003 - stark@suse.de
- fix update from Mozilla 1.0.1 to 1.4
- update enigmail to 0.76.2
- added ICP-Brasil CA (#25840)
- added some minor patches from mozilla.org
-------------------------------------------------------------------
Mon Jul 14 15:37:01 CEST 2003 - sbrabec@suse.cz
- GNOME prefix change to /opt/gnome.
-------------------------------------------------------------------
Wed Jul 2 14:25:16 CEST 2003 - schwab@suse.de
- mozilla.sh: fix quoting, teach about emacsclient.
-------------------------------------------------------------------
Tue Jul 1 06:06:00 CEST 2003 - stark@suse.de
- update to 1.4 final
-------------------------------------------------------------------
Wed Jun 25 11:30:27 CEST 2003 - stark@suse.de
- fix AMD64 patch to fit mozilla version
-------------------------------------------------------------------
Thu Jun 19 21:27:37 CEST 2003 - stark@suse.de
- update to 1.4rc3 (20030619)
- added DFN CA certificate
- update enigmail to 0.76.1
- added assembler patch, IA64 should be usable now
-------------------------------------------------------------------
Sat Jun 14 09:43:00 CEST 2003 - stark@suse.de
- update to 1.4rc2 (20030613)
- fixed minor bug in update handling in %preun
- added missing directories to the filelist
- deactivated check for unpackaged files
-------------------------------------------------------------------
Wed Jun 11 15:12:22 CEST 2003 - stark@suse.de
- update to 1.4rc1 (20030610)
- switch to GTK2 build for STABLE
- update enigmail to 0.76.0
-------------------------------------------------------------------
Wed May 28 09:22:22 CEST 2003 - stark@suse.de
- update to 1.4b (20030526)
- added spellchecker subpackage (based on myspell)
-------------------------------------------------------------------
Sat May 10 10:13:36 CEST 2003 - stark@suse.de
- modified x86-64 patch to fit 1.4b
-------------------------------------------------------------------
Thu May 8 09:06:45 CEST 2003 - stark@suse.de
- updated to 1.4b (20030507)
- updated enigmail and ipc sources for 1.4
- adopt James Ogley's changes for gtk2 build
- install pkgconfig stuff
- include icons
- desktop file in GNOME2 place
- Provides: mozilla-gtk2 for building Galeon/Epiphany
- added /etc/gre.conf
- modified startscript to manipulate default open behaviour
of URLs provided on commandline ($MOZ_NEWURL)
- some spec-file modifications for slow migration to
Firebird
-------------------------------------------------------------------
Mon Apr 03 07:44:23 CEST 2003 - stark@suse.de
- updated enigmail to 0.74.0
- fixed minor bug in spec-file (only hit old SL versions)
-------------------------------------------------------------------
Wed Mar 31 09:11:41 CET 2003 - stark@suse.de
- moved mozilla-config to /opt/mozilla/bin
- some rudimentary language autodetection
- reactivated XFT for 8.2
- make GTK2 optional for 8.2 and higher (disabled xmlterm)
- fixed bug in rebuild-databases.sh
-------------------------------------------------------------------
Mon Mar 24 09:31:23 CET 2003 - stark@suse.de
- handle old plugins on update from versions before 1.3
- splitted calendar off from mozilla
- added XFT patches but disabled XFT for SuSE Linux 8.2 at this
time
- added mozilla-config to devel package
-------------------------------------------------------------------
Fri Mar 14 06:47:00 CET 2003 - stark@suse.de
- update to 1.3
- redirect error about missing file in rebuild-databases.sh
- update enigmail to 0.73.1
- added LEO searchplugin for dict.leo.org
- changed directory-structure to be more mozilla.org compatible
- removed s390 fix because changes are already in sources
- use XFT2 instead of freetype2 on SL8.2 and higher
- made add-plugins.sh compatible with older SL versions again
- enabled SVG support (including libart_lgpl)
- enabled calendar
- removed special splash because of copyright issues
-------------------------------------------------------------------
Thu Mar 13 14:25:24 CET 2003 - stark@suse.de
- avoid creation of java link if Blackdown isn't installed
but another Java is found (but not usable because of gcc)
[Bug #25278]
-------------------------------------------------------------------
Wed Mar 12 21:36:55 CET 2003 - stark@suse.de
- added new BlackdownJava2-JRE to RPM triggers
-------------------------------------------------------------------
Mon Mar 3 17:17:53 CET 2003 - kukuk@suse.de
- Fix calling mozilla with options [Bug #24539]
-------------------------------------------------------------------
Fri Feb 28 11:38:57 CET 2003 - ro@suse.de
- fixed add-plugins.sh for flash-player
-------------------------------------------------------------------
Mon Feb 24 15:55:30 CET 2003 - ro@suse.de
- added tclplug and djvulibre
-------------------------------------------------------------------
Mon Feb 24 01:51:18 CET 2003 - ro@suse.de
- add-plugins: use /usr/%_lib/browser-plugins
- flash plugin moved from netscape-plugins to flash-player
-------------------------------------------------------------------
Tue Feb 18 16:01:39 CET 2003 - stark@suse.de
- reworked add-plugins.sh for newer Java versions
- moved libnssckbi.so to MOZILLA_FIVE_HOME (#22548)
- %preun bugfix
-------------------------------------------------------------------
Fri Jan 17 12:49:50 CET 2003 - sbrabec@suse.cz
- Added README.installed-chrome to source package.
-------------------------------------------------------------------
Wed Jan 15 15:13:31 CET 2003 - pmladek@suse.cz
- updated the x86_64.patch from Gwenole Beauchesne
-------------------------------------------------------------------
Wed Dec 5 12:56:49 CET 2002 - stark@suse.de
- update to 1.2.1
- update Enigmail to 0.71.0
- removed SuSEconfig.mozilla
now use add-plugins.sh together with %trigger statements
- use new chrome-management scheme
- don't add java plugin if built with gcc 3.x
- bugfix for using mozilla-xremote-client
-------------------------------------------------------------------
Wed Nov 27 07:59:56 CET 2002 - stark@suse.de
- update to 1.2
- moved rebuild-databases to RPM scripts (only plugins are
left in SuSEconfig.mozilla)
- added addon-chrome functionality to rebuild-databases.sh
- readded Enigmail source for 1.2
- reworked start-script for opening html-files (#16186)
-------------------------------------------------------------------
Thu Nov 21 17:00:29 CET 2002 - sbrabec@suse.cz
- Added support for separate chrome (language) packs (bug #20700):
updated rebuild-databases.sh and created and filled
/opt/mozilla/installed-chrome.d.
-------------------------------------------------------------------
Wed Nov 6 15:15:13 CET 2002 - stepan@suse.de
- fix mozilla on s390 and s390x
-------------------------------------------------------------------
Thu Oct 24 17:11:52 CEST 2002 - stepan@suse.de
- fix compilation on axp
-------------------------------------------------------------------
Fri Oct 18 06:28:56 CEST 2002 - stark@suse.de
- fixed error-messages during startup (#19556)
-------------------------------------------------------------------
Thu Oct 17 14:43:26 CEST 2002 - mfabian@suse.de
- Bug #20972: fix printing for Korean and Chinese by setting
suitable default PostScript fonts
-------------------------------------------------------------------
Tue Oct 08 11:59:49 CEST 2002 - sbrabec@suse.cz
- Added support for Plugger in SuSEconfig.mozilla. Closes #20677.
-------------------------------------------------------------------
Fri Sep 20 06:34:55 CEST 2002 - stark@suse.de
- fixed documentation bugs #19811 and #19812
-------------------------------------------------------------------
Thu Sep 12 15:29:17 CEST 2002 - stark@suse.de
- include compat_wrapper.dif only on gcc 3.x based distributions
-------------------------------------------------------------------
Wed Sep 11 15:29:05 CEST 2002 - sbrabec@suse.cz
- Corrected %ifarch ix86 to %ifarch %ix86, otherwise compat_wrapper.dif
is ignored.
-------------------------------------------------------------------
Sat Sep 7 12:55:51 CEST 2002 - olh@suse.de
- add gcc3 helper code for ppc32.
Linux/PPC g++-3 ABI support for XPCOM
-------------------------------------------------------------------
Wed Sep 4 10:17:22 CEST 2002 - stark@suse.de
- update to 1.0.1 (20020903)
- added compat-wrapper for Flash on ix86
- removed Flash-player (use Flash from netscape-plugins)
- added Enigmail to mozilla-mail
- added patch for using an external editor for textareas and
composer windows
-------------------------------------------------------------------
Sat Aug 24 11:26:51 CEST 2002 - ro@suse.de
- fixed ix86 to correct %ix86
-------------------------------------------------------------------
Thu Aug 22 11:59:14 CEST 2002 - stark@suse.de
- changed %ifarch i386 to ix86 for Flash
-------------------------------------------------------------------
Wed Aug 21 09:18:11 CEST 2002 - stark@suse.de
- fixed mozilla-copy-package.sh to fit the new parameter
behaviour of cp
-------------------------------------------------------------------
Thu Aug 15 13:45:35 CEST 2002 - uli@suse.de
- added x86-64 port by Gwenole Beauchesne
-------------------------------------------------------------------
Tue Aug 6 07:57:07 CEST 2002 - stark@suse.de
- apply s390 patch only on s390
-------------------------------------------------------------------
Mon Aug 5 17:48:38 CEST 2002 - stark@suse.de
- added patch to compile on s390(x)
-------------------------------------------------------------------
Sun Jun 9 08:42:34 CEST 2002 - stark@suse.de
- added japanese and german language pack
-------------------------------------------------------------------
Wed Jun 5 15:39:10 CEST 2002 - stark@suse.de
- update to 1.0
- moved libs to /opt/mozilla/{lib,lib64}
-------------------------------------------------------------------
Wed Jun 5 13:51:34 CEST 2002 - sf@suse.de
- apply x86_64-patch only on x86_64, as it breaks ix86
-------------------------------------------------------------------
Wed Jun 5 12:31:52 CEST 2002 - sf@suse.de
- added patch to build on x86_64 (does not really work yet,
but needed for other packages)
-------------------------------------------------------------------
Tue May 28 12:48:19 CEST 2002 - stark@suse.de
- readded de-AT languagepack
- moved nss headers to include/nss
-------------------------------------------------------------------
Mon May 27 16:54:25 CEST 2002 - stark@suse.de
- added nss3 devel files
-------------------------------------------------------------------
Fri May 24 18:04:00 CEST 2002 - stark@suse.de
- update to 1.0rc3
-------------------------------------------------------------------
Sat May 21 08:49:53 CEST 2002 - stark@suse.de
- added new wrapper script
- build with -Os for gcc3
- added dom-inspector subpackage
- removed redundant ia64 patch
-------------------------------------------------------------------
Tue May 14 17:23:34 CEST 2002 - schwab@suse.de
- Configure only plugins that match mozilla arch.
- Fix some C++ issues.
-------------------------------------------------------------------
Sun May 12 18:27:46 CEST 2002 - schwab@suse.de
- Add binary only plugins only on supported architectures.
-------------------------------------------------------------------
Sat May 11 15:04:03 CEST 2002 - stark@suse.de
- update to 1.0rc2
-------------------------------------------------------------------
Sat May 4 17:50:43 CEST 2002 - stark@suse.de
- update to codebase 20020503 because of security-reasons
(XMLHTTPRequest redirect bug)
-------------------------------------------------------------------
Thu Apr 26 09:31:50 CEST 2002 - stark@suse.de
- readded ja-JP and de-AT language packs and mozgest 0.3.3
- removed Requires: jre1.3.x
- update to codebase 20020425
- deactivated buggy mozgest for now
-------------------------------------------------------------------
Thu Apr 18 09:56:54 CEST 2002 - stark@suse.de
- update to 1.0RC1
- update flash to 5.0r48
-------------------------------------------------------------------
Wed Apr 10 09:27:58 CEST 2002 - stark@suse.de
- readded ja-JP language pack
-------------------------------------------------------------------
Mon Mar 18 09:30:44 CET 2002 - stark@suse.de
- readded de-AT language pack
-------------------------------------------------------------------
Thu Mar 14 14:35:28 CET 2002 - stark@suse.de
- update to milestone 0.9.9
- enabled freetype2 support
-------------------------------------------------------------------
Mon Feb 11 10:13:51 CET 2002 - stark@suse.de
- readded ja-JP language/region pack
-------------------------------------------------------------------
Fri Feb 8 13:59:33 CET 2002 - stepan@suse.de
- fixed building with gcc 3.x on ppc and alpha
- adopting assembler macros to ABI changes
-------------------------------------------------------------------
Fri Feb 8 09:33:14 CET 2002 - stark@suse.de
- added de-AT language/region pack
- added patch to remove debug menu from preferences
- bzip2 flash-sources
-------------------------------------------------------------------
Tue Feb 5 09:09:33 CET 2002 - stark@suse.de
- update to milestone 0.9.8
(as always without language-packs)
- update mozgest to compatible 0.3.2
-------------------------------------------------------------------
Tue Feb 5 08:25:41 CET 2002 - stark@suse.de
- minor changes of the configure parameters
-------------------------------------------------------------------
Fri Feb 1 00:26:05 CET 2002 - ro@suse.de
- changed neededforbuild <libpng> to <libpng-devel-packages>
-------------------------------------------------------------------
Thu Jan 31 13:24:19 CET 2002 - hhetter@suse.de
- added gdkxft-mozilla patch for TT Font Rendering
-------------------------------------------------------------------
Thu Jan 17 10:24:09 CET 2002 - uli@suse.de
- removed /opt/mozilla/chrome/overlayinfo from filelist for ARM
-------------------------------------------------------------------
Wed Jan 2 07:47:42 CET 2002 - stark@suse.de
- added de-AT language pack for 0.9.7
-------------------------------------------------------------------
Sun Dec 30 09:39:37 CET 2001 - stark@suse.de
- added patch to handle empty file upload forms
(#116210 bugzilla.mozilla.org)
-------------------------------------------------------------------
Mon Dec 24 08:37:04 CET 2001 - stark@suse.de
- update to 0.9.7
(deactivated JP and DE language packs as they are not
available yet)
-------------------------------------------------------------------
Wed Dec 5 08:00:44 CET 2001 - stark@suse.de
- changed cp options again to fix devel-package for version > 7.0
-------------------------------------------------------------------
Sat Dec 1 10:26:27 CET 2001 - stark@suse.de
- added de-AT language pack for 0.9.6
- removed option -L of cp commands (for compatibility with 7.0)
-------------------------------------------------------------------
Mon Nov 26 13:18:20 CET 2001 - stark@suse.de
- made SuSEconfig.mozilla compatible with 7.3 again
- deactivated de-AT language pack (doesn't work for 0.9.6 :-()
-------------------------------------------------------------------
Sat Nov 24 20:01:14 CET 2001 - stark@suse.de
- changed SuSEconfig.mozilla to fit next SuSE-release (Java)
-------------------------------------------------------------------
Sat Nov 24 19:56:45 CET 2001 - stark@suse.de
- reactivated de-AT language pack for 0.9.5 (hopefully works)
-------------------------------------------------------------------
Fri Nov 23 17:28:29 CET 2001 - stark@suse.de
- update to 0.9.6
- update mozgest to 0.3.1
-------------------------------------------------------------------
Wed Nov 14 08:06:18 CET 2001 - stark@suse.de
- minor (cosmetic) change in SuSEconfig.mozilla
- readded Flash-Plugins to %files
-------------------------------------------------------------------
Mon Nov 12 11:12:33 CET 2001 - stark@suse.de
- added Provides for new subpackages (split-aliases)
- reworked SuSEconfig.mozilla (for subpackages)
-------------------------------------------------------------------
Thu Nov 8 08:36:04 CET 2001 - stark@suse.de
- readded build-id with SuSE extension
- added file to devel-package
-------------------------------------------------------------------
Wed Nov 7 11:41:07 CET 2001 - stark@suse.de
- added bookmark.diff
- removed build-id from title
-------------------------------------------------------------------
Wed Nov 7 08:46:08 CET 2001 - stark@suse.de
- added some devel files
-------------------------------------------------------------------
Tue Nov 6 10:04:31 CET 2001 - stark@suse.de
- rewritten %install section to use mozilla packaging functions
- split package into sub-packages
-------------------------------------------------------------------
Mon Nov 5 08:13:26 CET 2001 - stark@suse.de
- updated optimoz to RC0.3
-------------------------------------------------------------------
Wed Oct 24 17:00:34 CEST 2001 - stark@suse.de
- finally integrated optimoz (disabled and hidden by default)
- install only jar-archives in chrome
- added /opt/mozilla/rebuild-databases.sh
-------------------------------------------------------------------
Wed Oct 24 11:12:58 CEST 2001 - hhetter@suse.de
- include idl files in devel-package
-------------------------------------------------------------------
Tue Oct 23 11:10:04 CEST 2001 - stark@suse.de
- made SuSEconfig integrate RealPlayer- and Acrobat-Plugin
- requires now jre1.3.x
- added release_date (Gecko)
- moved some files to mode 644
- added patch to disable debug-menu in Composer
- set mailnews-startpage to about:blank
- set very-first startup-page to about:blank
-------------------------------------------------------------------
Mon Oct 22 12:23:15 CEST 2001 - mfabian@suse.de
- install Japanese Google-searchplugin under the name
'google-japan.gif' and 'google-japan.src' in order not to
overwrite the English original 'google.gif' and 'google.src'.
-------------------------------------------------------------------
Sat Oct 20 17:01:25 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.9.5-jajppack-v1.0.xpi
-------------------------------------------------------------------
Tue Oct 16 14:24:08 CEST 2001 - stark@suse.de
- update to 0.9.5
- added de_AT language pack
- make SuSEconfig integrate java from package java2
- added Macromedia Flashplayer/Shockwave
- added Optimoz 0.2.6 (partially, not active yet)
-------------------------------------------------------------------
Fri Sep 21 13:48:19 MEST 2001 - egger@suse.de
- Add libcms and libmng-devel to neededforbuild as suggested
by Werner Fink.
-------------------------------------------------------------------
Fri Sep 21 03:36:34 MEST 2001 - egger@suse.de
- Redid my former patch to disable Debug menus and default
to SuSE homepage.
-------------------------------------------------------------------
Fri Sep 21 02:06:11 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.9.4-langjajp-RC1.xpi
and mozilla0.9.4-regjp-RC1.xpi
-------------------------------------------------------------------
Thu Sep 20 20:45:15 MEST 2001 - draht@suse.de
- merging with BETA-tree from egger@suse.de: upgrade to 0.9.4
-------------------------------------------------------------------
Sat Sep 15 19:15:50 MEST 2001 - egger@suse.de
- diff: Removed Debug menus.
- diff: Added sensible default values and default to SuSE homepage.
-------------------------------------------------------------------
Tue Sep 11 21:33:01 MEST 2001 - egger@suse.de
- Somehow some non-0.9.3 sources were in the previous tarball.
Replaced them by the real ones.
-------------------------------------------------------------------
Mon Aug 13 21:59:03 CEST 2001 - mfabian@suse.de
- added mozilla-cjk-config.patch again.
(setup of PostScript fonts for printing Chinese, Japanese and
Korean, default fonts for Chinese, Japanese and Korean).
-------------------------------------------------------------------
Thu Aug 9 16:15:55 CEST 2001 - mfabian@suse.de
- add Japanese language pack mozilla0.9.3-langjajp-RC1.xpi
and mozilla0.9.3-regjp-RC1.xpi (Korean language packs
are only available for 0.9.2 and they don't work for 0.9.2,
therefore they are commented out).
-------------------------------------------------------------------
Sun Aug 5 15:14:47 MEST 2001 - egger@suse.de
- Updated to version 0.9.3.
-------------------------------------------------------------------
Thu Jul 5 11:28:58 MEST 2001 - egger@suse.de
- Update to 0.9.2.
- Language packs are incompatible and not yet available so they'll
follow later.
-------------------------------------------------------------------
Wed Jun 20 14:07:59 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.9.1-langjajp.xpi
and mozilla0.9.1-regjp.xpi
-------------------------------------------------------------------
Thu Jun 14 19:11:06 MEST 2001 - egger@suse.de
- Update to version 0.9.1.
-------------------------------------------------------------------
Fri May 11 18:26:22 MEST 2001 - egger@suse.de
- Fixed severe bugs in SuSEconfig.mozilla script that
may prevent users from getting a working mozilla.
-------------------------------------------------------------------
Fri May 4 13:05:42 CEST 2001 - mfabian@suse.de
- update Japanese language pack to mozilla0.8.1-langjajp.xpi
and mozilla0.8.1-regjp.xpi
-------------------------------------------------------------------
Tue May 1 14:23:45 CEST 2001 - egger@suse.de
- Update SuSEconfig.mozilla to use md5 sums
-------------------------------------------------------------------
Wed Apr 4 17:31:59 CEST 2001 - mfabian@suse.de
- update Japanese language pack to langjajp-081-RC1.xpi
and regjp-081-RC1.xpi
-------------------------------------------------------------------
Thu Mar 29 00:33:06 MEST 2001 - egger@suse.de
- Updated to version 0.8.1.
-------------------------------------------------------------------
Mon Mar 19 20:05:27 MET 2001 - bk@suse.de
- strip mozilla shared libraries
-------------------------------------------------------------------
Sun Mar 11 11:04:20 MET 2001 - violiet@suse.de
- added Korean and Japanese Language pack.
-------------------------------------------------------------------
Sat Mar 3 18:52:39 CET 2001 - schwab@suse.de
- Try to add support for ia64.
- Fix run-mozilla link.
-------------------------------------------------------------------
Tue Feb 20 14:39:37 MET 2001 - egger@suse.de
- Integrated a reworked version of Bernd Kaindls
patch to get the beast running from anywhere again.
-------------------------------------------------------------------
Mon Feb 19 23:54:11 MET 2001 - egger@suse.de
- Use BuildRoot.
- Reworked specfile.
- Corrected -devel package.
-------------------------------------------------------------------
Fri Feb 16 18:00:54 MET 2001 - egger@suse.de
- Update to version 0.8.
-------------------------------------------------------------------
Tue Jan 23 15:48:55 CET 2001 - kukuk@suse.de
- Fix use of SOURCE macro
-------------------------------------------------------------------
Tue Jan 23 14:44:07 CET 2001 - kukuk@suse.de
- Move post install section to extra SuSEconfig.mozilla [Bug #5642]
-------------------------------------------------------------------
Mon Jan 22 18:33:28 CET 2001 - mfabian@suse.de
- revert to 16 pt font for Japanese and Chinese. Japanese and
Chinese characters are almost unreadable at 12pt.
-------------------------------------------------------------------
Sun Jan 21 15:21:54 CET 2001 - violiet@suse.de
- set korean and taiwan ps font printing patch.
- set mozilla used small 12pixels font.
- change improved font for Japanese and Korean.
- added Korean & Japanese Name and Comment in Mozilla.desktop.
-------------------------------------------------------------------
Wed Jan 3 17:29:56 MET 2001 - egger@suse.de
- Quietness patch.
- Enabled JAR file creation.
- Added GNOME icon.
- New wrapper script.
-------------------------------------------------------------------
Sun Dec 24 19:54:13 PST 2000 - bk@suse.de
- set CFLAGS and CXXFLAGS for confgure to $RPM_OPT_FLAGS. With our
configure flags(--enable-optimize -> adds -O after CFLAGS) enabled
this enables only the i486 arch code which brought me 5% speed
increase in my test(Load page on hay), package size stays the same.
-------------------------------------------------------------------
Wed Dec 20 18:21:49 MET 2000 - egger@suse.de
- Integrated the latest bugfixes.
- Added: Provides: web_browser to the specfile.
-------------------------------------------------------------------
Tue Dec 12 06:57:59 MET 2000 - egger@suse.de
- Update to the real version 0.6.
-------------------------------------------------------------------
Fri Dec 8 22:13:40 PST 2000 - bk@suse.de
- updated to Mozilla 0.6 (milestone release based on the same branch
as Netscape 6), looks good!
- fixed cp -r install to cp -rL(for forcing to follow the links...)
- fixed postinstall to do an chroot before calling programs...
-------------------------------------------------------------------
Fri Dec 1 12:01:56 CET 2000 - kukuk@suse.de
- Fix spec file syntax
-------------------------------------------------------------------
Fri Dec 1 08:45:46 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Nov 22 21:36:11 MET 2000 - egger@suse.de
- Reworked the specfile and of course
- Made a new snapshot.
-------------------------------------------------------------------
Tue Nov 21 03:39:17 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Fri Nov 10 16:03:40 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Mon Nov 6 10:58:50 MET 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Mon Nov 6 01:14:46 CET 2000 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Sat Oct 28 22:50:10 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Oct 25 01:44:06 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Fri Oct 13 18:05:23 MEST 2000 - egger@suse.de
- Made a new snapshot.
- Changed specfile slightly.
-------------------------------------------------------------------
Fri Oct 13 04:29:18 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Sun Oct 8 16:17:28 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Fri Oct 6 01:44:41 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Oct 4 00:02:29 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Wed Sep 27 14:49:53 MEST 2000 - egger@suse.de
- Made a new snapshot.
-------------------------------------------------------------------
Thu Sep 21 16:32:55 MEST 2000 - egger@suse.de
- Add mozilla development package to provide the necessary
headers for embedding the gecko engine.
- Try the new registering.
-------------------------------------------------------------------
Mon Sep 18 20:01:35 MEST 2000 - egger@suse.de
- Ok, forgot to save the right specfile... Sorry.
-------------------------------------------------------------------
Mon Sep 18 14:06:34 MEST 2000 - egger@suse.de
- New snapshot.
- Removed SPARC patch, the mozilla people applied the patch.
- Tested package on i386.
-------------------------------------------------------------------
Tue Aug 22 01:15:10 CEST 2000 - egger@suse.de
- Try a hint from the mozilla people to prevent that ugly mail
hack.
- Made a new snapshot.
-------------------------------------------------------------------
Tue Jul 11 21:12:29 CEST 2000 - egger@suse.de
- Updated to postM17: Lots of bugfixes and perfomanceimprovements.
-------------------------------------------------------------------
Tue Jul 11 21:12:28 CEST 2000 - egger@suse.de
- Link run-mozilla.sh to /usr/X11/bin/mozilla.
- Correct the wrapper script to work from anywhere.
- Send a mail to the admin after installing mozilla
to tell him that he has to run mozilla once as root.
-------------------------------------------------------------------
Mon Jul 10 22:59:12 CEST 2000 - ro@suse.de
- specfile fix
-------------------------------------------------------------------
Mon Jul 10 17:35:06 CEST 2000 - ro@suse.de
- try to call mozilla to create registry
-------------------------------------------------------------------
Fri Jul 7 21:09:44 CEST 2000 - kukuk@suse.de
- Add SPARC fix back
-------------------------------------------------------------------
Thu Jul 6 14:52:28 CEST 2000 - egger@suse.de
- Unified tarballs.
- Change incorrect strip command.
-------------------------------------------------------------------
Thu Jul 6 01:03:03 CEST 2000 - ro@suse.de
- added more dirs
-------------------------------------------------------------------
Wed Jul 5 16:01:26 CEST 2000 - egger@suse.de
- Add missing dirs...
-------------------------------------------------------------------
Tue Jul 4 22:28:29 CEST 2000 - egger@suse.de
- Use latest bugfix snapshot.
- Try to prevent a bug in libpthreads/nspr by building
with debugging and strip everything afterwards.
- Enable optimize because it works now.
- Install wrapper script instead of binary into exectuable
path to work around problems...
-------------------------------------------------------------------
Fri Jun 16 16:49:35 CEST 2000 - egger@suse.de
- Use latest snapshot.
- Recheckin since the last update got lost...
- Bumped version to M16.
-------------------------------------------------------------------
Sun Jun 11 12:01:44 CEST 2000 - egger@suse.de
- Use latest snapshot.
- Checked out missing dir, too.
-------------------------------------------------------------------
Fri Jun 9 10:59:40 CEST 2000 - egger@suse.de
- Use latest snapshot.
-------------------------------------------------------------------
Sat May 27 17:56:38 CEST 2000 - egger@suse.de
- Well, maybe I should have replaced all occurences of X11... :)
-------------------------------------------------------------------
Mon May 22 15:11:46 CEST 2000 - egger@suse.de
- /usr/X11/bin/mozilla is not allowed anymore, so use
/usr/X11R6/bin/mozilla.
-------------------------------------------------------------------
Thu May 18 20:19:46 CEST 2000 - egger@suse.de
- Checked in new snapshot.
-------------------------------------------------------------------
Mon May 15 18:24:37 CEST 2000 - egger@suse.de
- Readded orbit to the requirements.
-------------------------------------------------------------------
Sat May 13 22:54:39 CEST 2000 - egger@suse.de
- Checked in completely new .spec-file and the
latest CVS snapshot.
-------------------------------------------------------------------
Sun Apr 9 17:37:04 CEST 2000 - bk@suse.de
- added suse update config macro
- added automake to list of packages needed for building mozilla
-------------------------------------------------------------------
Tue Mar 28 23:48:39 CEST 2000 - ro@suse.de
- removed optimize
-------------------------------------------------------------------
Thu Mar 23 19:05:34 CET 2000 - ro@suse.de
- update to M14-no-crypto
-------------------------------------------------------------------
Fri Jan 28 20:06:30 CET 2000 - kukuk@suse.de
- Update to M13
- Fix for SPARC
-------------------------------------------------------------------
Tue Jan 25 19:07:33 CET 2000 - ro@suse.de
- update to M12
-------------------------------------------------------------------
Wed Dec 15 18:42:26 CET 1999 - ro@suse.de
- reworked install-section of specfile
-------------------------------------------------------------------
Wed Nov 24 08:22:52 CET 1999 - ro@suse.de
- update to M11
-------------------------------------------------------------------
Wed Oct 20 11:30:24 CEST 1999 - ro@suse.de
- added comment for ld-script
-------------------------------------------------------------------
Mon Oct 18 14:56:01 CEST 1999 - ro@suse.de
- fixed config.sub for ev6
-------------------------------------------------------------------
Wed Oct 13 01:06:35 CEST 1999 - ro@suse.de
- update to M10
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Thu Jul 15 13:11:08 MEST 1999 - bs@suse.de
- user glib, gtk instead of glibn, gtkn
- call Check after install
-------------------------------------------------------------------
Thu Jun 3 12:27:30 MEST 1999 - ro@suse.de
- update to M6
-------------------------------------------------------------------
Tue Jun 1 16:02:46 MEST 1999 - ro@suse.de
- fixed shellscripts for startup
-------------------------------------------------------------------
Tue Jun 1 10:19:51 MEST 1999 - ro@suse.de
- moved libraries to /usr/lib/mozilla/lib
and start using "LD_LIBRARY_PATH"
-------------------------------------------------------------------
Tue Jun 1 00:53:36 MEST 1999 - ro@suse.de
- created packages (mozilla and mozillad)
