Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

seamonkey-2.49.1-lp150.1.3 RPM for armv7hl

From OpenSuSE Ports Leap 15.0 for armv7hl

Name: seamonkey Distribution: openSUSE Leap 15.0
Version: 2.49.1 Vendor: openSUSE
Release: lp150.1.3 Build date: Fri May 18 14:31:44 2018
Group: Productivity/Networking/Web/Browsers Build host: armbuild13
Size: 109053937 Source RPM: seamonkey-2.49.1-lp150.1.3.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.mozilla.org/projects/seamonkey
Summary: The successor of the Mozilla Application Suite
Originally based on the Netscape Communicator source, the SeaMonkey
project grew to be the most advanced web browser currently available.
It supports new techniques like CSS2, MathML, SVG, XML, transparent
PNGs, and its look is fully theme-able.

Provides

Requires

License

MPL-2.0

Changelog

* Tue Jan 09 2018 wr@rosenauer.org
  - Explicitly buildrequires python2-xml: The build system relies on
    it. We wrongly relied on other packages pulling it in for us.
  - use parallel compression in create-tar if available
  - use XZ instead of BZ2 for source archives
  - import upstream patch mozilla-bmo1338655.patch to fix failing
    build
* Thu Dec 07 2017 dimstar@opensuse.org
  - Escape the usage of %{VERSION} when calling out to rpm.
    RPM 4.14 has %{VERSION} defined as 'the main packages version'.
* Fri Nov 10 2017 zaitor@opensuse.org
  - Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
  - Following the above, add explicit pkgconfig(gconf-2.0),
    pkgconfig(gobject-2.0)pkgconfig(gdk-x11-2.0), pkgconfig(gtk+-2.0)
    and pkgconfig(gtk+-unix-print-2.0) BuildRequires: previously
    pulled in by libgnomeui-devel, and is what configure really
    checks for.
* Fri Aug 04 2017 wr@rosenauer.org
  - update to Seamonkey 2.48
    * based on Gecko 51.0.3
    * requires NSPR 4.13.1 and NSS 3.28.5 (aligned with 52ESR)
  - removed obsolete (upstreamed) patches
    * mozilla-http2-ecdh-keybits.patch
    * mozilla-sed43.patch
    * mozilla-flex_buffer_overrun.patch
    * mozilla-shared-nss-db.patch (feature dropped from SM due to
      maintenance costs vs. usefulness)
    * mozilla-binutils-visibility.patch
    * mozilla-check_return.patch
    * mozilla-skia-overflow.patch
  - rebased patches
* Sun Feb 12 2017 wr@rosenauer.org
  - fix configure with for sed >= 4.3 (boo#1020631) (mozilla-sed43.patch)
* Tue Jan 24 2017 wr@rosenauer.org
  - improve recognition of LANGUAGE env variable (boo#1017174)
  - update minimum keybits in H2 so it allows a smaller value
    (e.g. for curve25519 as supported with NSS 3.28) (bmo#1290037)
    (boo#1021636) (mozilla-http2-ecdh-keybits.patch)
* Fri Dec 23 2016 wr@rosenauer.org
  - update to Seamonkey 2.46
    * based on Gecko 49.0.2
    * Chatzilla and DOM Inspector were removed/disabled and therefore
      those subpackages are not available at this moment
  - requires NSPR 4.12 and NSS 3.25
  - removed obsolete patches
    * mozilla-libproxy.patch
    * mozilla-gcc6.patch
    * mozilla-openaes-decl.patch
  - rebased patches
  - added patches imported from Firefox 49:
    * mozilla-check_return.patch
    * mozilla-flex_buffer_overrun.patch
    * mozilla-skia-overflow.patch
* Mon Oct 17 2016 wr@rosenauer.org
  - mozilla-binutils-visibility.patch to fix build issues with
    gcc/binutils combination used in Leap 42.2 (boo#984637)
* Sun Aug 21 2016 antoine.belvire@laposte.net
  - Build also with fno-lifetime-dse and fno-schedule-insns2 for GCC6
    (still boo#991027)
  - Check compiler version instead of openSUSE version for this
* Mon Aug 08 2016 wr@rosenauer.org
  - build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
    as long as underlying issues have been addressed upstream
    (boo#991027)
* Fri Aug 05 2016 pcerny@suse.com
  - Fix for possible buffer overrun (bsc#990856)
    CVE-2016-6354 (bmo#1292534)
    [mozilla-flex_buffer_overrun.patch]
* Tue Jul 26 2016 badshah400@gmail.com
  - Add appstream metainfo files as a tar.bz2 source
    (seamonkey-appdata.tar.bz2) and install these appdata.xml files
    to the appdata dir (/usr/share/appdata); with these appdata
    files installed, seamonkey shows up in appstores like GNOME
    software and KDE Discover.
* Sun Jul 17 2016 badshah400@gmail.com
  - Add mozilla-gcc6.patch to fix building with gcc >= 6.0.
* Sat Mar 05 2016 wr@rosenauer.org
  - fix build problems on i586, caused by too large unified compile
    units - adding mozilla-reduce-files-per-UnifiedBindings.patch
  - increased _constraints as required
* Tue Jan 19 2016 wr@rosenauer.org
  - update to Seamonkey 2.40 (bnc#959277)
    * requires NSS 3.20.2 to fix
      MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
      MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
      server signature
    * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
      Miscellaneous memory safety hazards
    * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
      Crash with JavaScript variable assignment with unboxed objects
    * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
      Same-origin policy violation using perfomance.getEntries and
      history navigation
    * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
      Firefox allows for control characters to be set in cookies
    * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
      Use-after-free in WebRTC when datachannel is used after being
      destroyed
    * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
      Integer overflow allocating extremely large textures
    * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
      Cross-origin information leak through web workers error events
    * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
      Hash in data URI is incorrectly parsed
    * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
      DOS due to malformed frames in HTTP/2
    * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
      Linux file chooser crashes on malformed images due to flaws in
      Jasper library
    * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
      (bmo#1201183, bmo#1178033, bmo#1199400)
      Buffer overflows found through code inspection
    * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
      Underflow through code inspection
    * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
      Integer overflow in MP4 playback in 64-bit versions
    * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
      Integer underflow and buffer overflow processing MP4 metadata in
      libstagefright
    * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
      Privilege escalation vulnerabilities in WebExtension APIs
    * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
      Cross-site reading attack through data and view-source URIs
  - rebased patches
  - buildrequire xcomposite now explicitely
* Thu Nov 05 2015 wr@rosenauer.org
  - update to Seamonkey 2.39 (bnc#952810)
    * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
      Miscellaneous memory safety hazards
    * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
      Information disclosure through NTLM authentication
    * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
      CSP bypass due to permissive Reader mode whitelist
    * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
      Firefox for Android addressbar can be removed after fullscreen mode
    * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
      Reading sensitive profile files through local HTML file on Android
    * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
      disabling scripts in Add-on SDK panels has no effect
    * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
      Trailing whitespace in IP address hostnames can bypass same-origin policy
    * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
      Buffer overflow during image interactions in canvas
    * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
      Android intents can be used on Firefox for Android to open privileged files
    * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
      XSS attack through intents on Firefox for Android
    * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
      Crash when accessing HTML tables with accessibility tools on OS X
    * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
      CORS preflight is bypassed when non-standard Content-Type headers
      are received
    * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
      Memory corruption in libjar through zip files
    * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
      Certain escaped characters in host of Location-header are being
      treated as non-escaped
    * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
      JavaScript garbage collection crash with Java applet
    * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
      (bmo#1188010, bmo#1204061, bmo#1204155)
      Vulnerabilities found through code inspection
    * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
      Mixed content WebSocket policy bypass through workers
    * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
      (bmo#1202868, bmo#1205157)
      NSS and NSPR memory corruption issues
      (fixed in mozilla-nspr and mozilla-nss packages)
  - requires NSPR >= 4.10.10 and NSS >= 3.19.4
  - removed obsolete patches
    * mozilla-icu-strncat.patch
  - fixed build with enable-libproxy (bmo#1220399)
    * mozilla-libproxy.patch
* Thu Oct 01 2015 wr@rosenauer.org
  - update to SeaMonkey 2.38 (bnc#947003)
    * based on 41.0.1
    * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
      Miscellaneous memory safety hazards
    * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
      Memory leak in mozTCPSocket to servers
    * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
      Out of bounds read in QCMS library with ICC V4 profile attributes
    * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
      Arbitrary file manipulation by local user through Mozilla updater
    * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
      Buffer overflow in libvpx while parsing vp9 format video
    * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
      Crash when using debugger with SavedStacks in JavaScript
    * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
      Use-after-free with shared workers and IndexedDB
    * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
      Buffer overflow while decoding WebM video
    * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
      Use-after-free while manipulating HTML media content
    * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
      Out-of-bounds read during 2D canvas display on Linux 16-bit
      color depth systems
    * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
      Scripted proxies can access inner window
    * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
      JavaScript immutable property enforcement can be bypassed
    * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
      Dragging and dropping images exposes final URL after redirects
    * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
      Errors in the handling of CORS preflight request headers
    * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
      CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
      CVE-2015-7180
      Vulnerabilities found through code inspection
    * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
      bmo#1190526) (Windows only)
      Memory safety errors in libGLES in the ANGLE graphics library
    * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
      Information disclosure via the High Resolution Time API
  - removed obsolete patch
    * mozilla-add-glibcxx_use_cxx11_abi.patch
  - added mozilla-no-stdcxx-check.patch
* Sat Aug 29 2015 wr@rosenauer.org
  - update to SeaMonkey 2.35 (bnc#935979)
    * based on 38.1.1esr
    * requires NSPR 4.10.8 and NSS 3.19.2
  - removed obsolete patches
    * mozilla-visitSubstr.patch
    * mozilla-undef-CONST.patch
    * mozilla-reintroduce-pixman-code-path.patch
    * mozilla-fix-prototype.patch
    * mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
  - renamed mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch
    to mozilla-add-glibcxx_use_cxx11_abi.patch (sync with Firefox)
  - dropped mozilla-prefer_plugin_pref.patch as this feature is
    likely not worth maintaining further
* Sat Jun 27 2015 antoine.belvire@laposte.net
  - Fix compilation issues:
    * Add mozilla-add-D_GLIBCXX_USE_CXX11_ABI-0-to-CXXFLAG.patch (bmo#1153109)
    * Add mozilla-reintroduce-pixman-code-path.patch (bmo#1136958)
    * Add mozilla-visitSubstr.patch (bmo#1108834)
    * Add mozilla-undef-CONST.patch (bmo#1111395)
    * Add mozilla-disable-JEMALLOC_STATIC_SIZES-on-ppc.patch
* Sun Mar 22 2015 wr@rosenauer.org
  - update to SeaMonkey 2.33.1 (bnc#923534)
    * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
      Privilege escalation through SVG navigation
    * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
      Code execution through incorrect JavaScript bounds checking
      elimination
* Mon Mar 16 2015 wr@rosenauer.org
  - update to SeaMonkey 2.33 (bnc#917597)
    * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
      Miscellaneous memory safety hazards
    * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
      Invoking Mozilla updater will load locally stored DLL files
      (Windows only)
    * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
      Appended period to hostnames can bypass HPKP and HSTS protections
    * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
      Malicious WebGL content crash when writing strings
    * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
      TLS TURN and STUN connections silently fail to simple TCP connections
    * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
      Use-after-free in IndexedDB
    * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
      Buffer overflow in libstagefright during MP4 video playback
    * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
      Double-free when using non-default memory allocators with a
      zero-length XHR
    * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
      Out-of-bounds read and write while rendering SVG content
    * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
      Buffer overflow during CSS restyling
    * MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
      Buffer underflow during MP3 playback
    * MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
      Crash using DrawTarget in Cairo graphics library
    * MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
      Use-after-free in Developer Console date with OpenType Sanitiser
    * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
      Reading of local files through manipulation of form autocomplete
    * MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
      Local files or privileged URLs in pages can be opened into new tabs
    * MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
      UI Tour whitelisted sites in background tab can spoof foreground
      tabs
    * MFSA 2015-27CVE-2015-0820 (bmo#1125398)
      Caja Compiler JavaScript sandbox bypass
  - rebased patches
  - requires NSS 3.17.4
  - removed obsolete seamonkey-fix-signed-char.patch
  - mozilla-xremote-client was removed upstream
* Sat Feb 07 2015 wr@rosenauer.org
  - update to SeaMonkey 2.32.1
    * fixed MailNews feeds not updating
    * fixed selected profile in Profile Manager not remembered
    * fixed opening a bookmark folder in tabs on Linux
    * fixed Troubleshooting Information (about:support) with the
      Modern theme
* Sat Jan 17 2015 wr@rosenauer.org
  - update to SeaMonkey 2.32 (bnc#910669)
    * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
      Miscellaneous memory safety hazards
    * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
      Uninitialized memory use during bitmap rendering
    * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
      sendBeacon requests lack an Origin header
    * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
      Cookie injection through Proxy Authenticate responses
    * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
      Read of uninitialized memory in Web Audio
    * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
      Read-after-free in WebRTC
    * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
      Gecko Media Plugin sandbox escape
    * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
      Delegated OCSP responder certificates failure with
      id-pkix-ocsp-nocheck extension
    * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
      XrayWrapper bypass through DOM objects
  - rebased patches
  - removed obsolete mozilla-seamonkey-sdk.patch
  - added mozilla-openaes-decl.patch to fix implicit declarations
* Thu Jan 01 2015 wr@rosenauer.org
  - use GStreamer 1.0 from 13.2 on
  - removed package support for distributions older than 12.3
    * removed mozilla-sle11.patch
* Mon Dec 08 2014 meissner@suse.com
  - seamonkey-fix-signed-char.patch: fix build on platforms
    where char is unsigned (power/arm). (bmo#1085151)
  - mozilla-fix-prototype.patch: add string.h includes
    for memcpy prototype (as used on bigendian architectures).
* Thu Dec 04 2014 pcerny@suse.com
  - enable some extensions using the addons sdk (e.g. Ghostery)
    (mozilla-seamonkey-sdk.patch) (bmo#1071048)
* Wed Dec 03 2014 wr@rosenauer.org
  - update to SeaMonkey 2.31 (bnc#908009)
    * requires NSS 3.17.2
    * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
      Miscellaneous memory safety hazards
    * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
      XBL bindings accessible via improper CSS declarations
    * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
      XMLHttpRequest crashes with some input streams
    * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
      CSP leaks redirect data via violation reports
    * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
      Use-after-free during HTML5 parsing
    * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
      Buffer overflow while parsing media content
    * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
      Bad casting from the BasicThebesLayer to BasicContainerLayer
  - rebased patches
* Fri Nov 21 2014 wr@rosenauer.org
  - use platform specific build flags as in Firefox
    (including _constraints)
  - define /usr/share/myspell as additional dictionary location
    and remove add-plugins.sh finally (bnc#900639)
* Wed Nov 19 2014 Led <ledest@gmail.com>
  - fix bashisms in mozilla.sh and add-plugins.sh scripts
* Tue Oct 14 2014 wr@rosenauer.org
  - update to SeaMonkey 2.30 (bnc#900941)
    * venkman debugger removed from application and therefore
      obsolete package seamonkey-venkman
    * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
      Miscellaneous memory safety hazards
    * MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
      Buffer overflow during CSS manipulation
    * MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
      Web Audio memory corruption issues with custom waveforms
    * MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
      Out-of-bounds write with WebM video
    * MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
      Further uninitialized memory use during GIF rendering
    * MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
      Use-after-free interacting with text directionality
    * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
      Key pinning bypasses
    * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
      Inconsistent video sharing within iframe
    * MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
      Accessing cross-origin objects via the Alarms API
      (only relevant for installed web apps)
  - requires NSPR 4.10.7
  - requires NSS 3.17.1
  - removed obsolete patches:
    * mozilla-ppc.patch
    * mozilla-libproxy-compat.patch
* Sat Sep 20 2014 wr@rosenauer.org
  - update to SeaMonkey 2.29 (bnc#894370)
    * based on Gecko 32.0 including all security fixes outlined here
      https://www.mozilla.org/security/known-vulnerabilities/
    * removed obsolete patches
      mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch,
      mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch,
      mozilla-aarch64-bmo-963027.patch
      mozilla-ppc64le-build.patch, mozilla-ppc64le-javascript.patch,
      mozilla-ppc64le-libffi.patch, mozilla-ppc64le-mfbt.patch,
      mozilla-ppc64le-webrtc.patch, mozilla-ppc64le-xpcom.patch
    * rebased patches
  - requires NSS 3.16.4
  - build with --disable-optimize for 13.1 and above for i586 to
    workaround miscompilations (bnc#896624)
* Mon Jun 16 2014 wr@rosenauer.org
  - update to SeaMonkey 2.26.1 (bnc#881874)
    * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
      (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
      bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
      bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
      bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
      bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
      bmo#1009952, bmo#1011007)
      Miscellaneous memory safety hazards (rv:30.0)
    * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
      (bmo#989994, bmo#999274, bmo#1005584)
      Use-after-free and out of bounds issues found using Address
      Sanitizer
    * MFSA 2014-50/CVE-2014-1539 (bmo#995603)
      Clickjacking through cursor invisability after Flash interaction
    * MFSA 2014-51/CVE-2014-1540 (bmo#978862)
      Use-after-free in Event Listener Manager
    * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
      Use-after-free with SMIL Animation Controller
    * MFSA 2014-53/CVE-2014-1542 (bmo#991533)
      Buffer overflow in Web Audio Speex resampler
    * MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
      Buffer overflow in Gamepad API
    * MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
      Out of bounds write in NSPR
  - requires NSPR 4.10.6
  - build require makeinfo
* Tue May 13 2014 wr@rosenauer.org
  - fix translations packaging (bnc#877263)
* Tue Apr 29 2014 wr@rosenauer.org
  - update to SeaMonkey 2.26 (bnc#875378)
    * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
      Miscellaneous memory safety hazards
    * MFSA 2014-36/CVE-2014-1522 (bmo#995289)
      Web Audio memory corruption issues
    * MFSA 2014-37/CVE-2014-1523 (bmo#969226)
      Out of bounds read while decoding JPG images
    * MFSA 2014-38/CVE-2014-1524 (bmo#989183)
      Buffer overflow when using non-XBL object as XBL
    * MFSA 2014-39/CVE-2014-1525 (bmo#989210)
      Use-after-free in the Text Track Manager for HTML video
    * MFSA 2014-41/CVE-2014-1528 (bmo#963962)
      Out-of-bounds write in Cairo
    * MFSA 2014-42/CVE-2014-1529 (bmo#987003)
      Privilege escalation through Web Notification API
    * MFSA 2014-43/CVE-2014-1530 (bmo#895557)
      Cross-site scripting (XSS) using history navigations
    * MFSA 2014-44/CVE-2014-1531 (bmo#987140)
      Use-after-free in imgLoader while resizing images
    * MFSA 2014-45/CVE-2014-1492 (bmo#903885)
      Incorrect IDNA domain name matching for wildcard certificates
      (fixed by NSS 3.16)
    * MFSA 2014-46/CVE-2014-1532 (bmo#966006)
      Use-after-free in nsHostResolver
    * MFSA 2014-47/CVE-2014-1526 (bmo#988106)
      Debugger can bypass XrayWrappers with JavaScript
  - rebased patches
  - added aarch64 porting patches
    * mozilla-aarch64-bmo-810631.patch
    * mozilla-aarch64-bmo-962488.patch
    * mozilla-aarch64-bmo-963023.patch
    * mozilla-aarch64-bmo-963024.patch
    * mozilla-aarch64-bmo-963027.patch
  - requires NSPR 4.10.3 and NSS 3.16
  - added mozilla-icu-strncat.patch to fix post build checks
* Wed Mar 19 2014 wr@rosenauer.org
  - update to SeaMonkey 2.25 (bnc#868603)
    * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
      Miscellaneous memory safety hazards
    * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
      Out of bounds read during WAV file decoding
    * MFSA 2014-18/CVE-2014-1498 (bmo#935618)
      crypto.generateCRMFRequest does not validate type of key
    * MFSA 2014-19/CVE-2014-1499 (bmo#961512)
      Spoofing attack on WebRTC permission prompt
    * MFSA 2014-20/CVE-2014-1500 (bmo#956524)
      onbeforeunload and Javascript navigation DOS
    * MFSA 2014-22/CVE-2014-1502 (bmo#972622)
      WebGL content injection from one domain to rendering in another
    * MFSA 2014-23/CVE-2014-1504 (bmo#911547)
      Content Security Policy for data: documents not preserved by
      session restore
    * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
      Information disclosure through polygon rendering in MathML
    * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
      Memory corruption in Cairo during PDF font rendering
    * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
      SVG filters information disclosure through feDisplacementMap
    * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
      Privilege escalation using WebIDL-implemented APIs
    * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
      Use-after-free in TypeObject
    * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
      Out-of-bounds read/write through neutering ArrayBuffer objects
    * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
      Out-of-bounds write through TypedArrayObject after neutering
  - requires NSPR 4.10.3 and NSS 3.15.5
  - new build dependency (and recommends):
    * libpulse
  - update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com)
  - rebased patches
* Sat Feb 08 2014 wr@rosenauer.org
  - replaced locale source archive because the old one was broken
    by wrong upstream tagging (bnc#862831)
* Tue Feb 04 2014 wr@rosenauer.org
  - update to SeaMonkey 2.24 (bnc#861847)
    * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
      Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
    * MFSA 2014-02/CVE-2014-1479 (bmo#911864)
      Clone protected content with XBL scopes
    * MFSA 2014-03/CVE-2014-1480 (bmo#916726)
      UI selection timeout missing on download prompts
    * MFSA 2014-04/CVE-2014-1482 (bmo#943803)
      Incorrect use of discarded images by RasterImage
    * MFSA 2014-05/CVE-2014-1483 (bmo#950427)
      Information disclosure with *FromPoint on iframes
    * MFSA 2014-07/CVE-2014-1485 (bmo#910139)
      XSLT stylesheets treated as styles in Content Security Policy
    * MFSA 2014-08/CVE-2014-1486 (bmo#942164)
      Use-after-free with imgRequestProxy and image proccessing
    * MFSA 2014-09/CVE-2014-1487 (bmo#947592)
      Cross-origin information leak through web workers
    * MFSA 2014-11/CVE-2014-1488 (bmo#950604)
      Crash when using web workers with asm.js
    * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
      (bmo#934545, bmo#930874, bmo#930857)
      NSS ticket handling issues
    * MFSA 2014-13/CVE-2014-1481(bmo#936056)
      Inconsistent JavaScript handling of access to Window objects
  - requires NSS 3.15.4
  - removed obsolete mozilla-bug929439.patch
* Fri Dec 13 2013 uweigand@de.ibm.com
  - Add support for powerpc64le-linux.
    * ppc64le-support.patch: general support
    * libffi-ppc64le.patch: libffi backport
    * xpcom-ppc64le.patch: port xpcom
  - Add build fix from mainline.
    * mozilla-bug929439.patch
* Wed Dec 11 2013 wr@rosenauer.org
  - update to SeaMonkey 2.23 (bnc#854367, bnc#854370))
    * requires NSPR 4.10.2 and NSS 3.15.3.1
    * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
      Miscellaneous memory safety hazards
    * MFSA 2013-105/CVE-2013-5611 (bmo#771294)
      Application Installation doorhanger persists on navigation
    * MFSA 2013-106/CVE-2013-5612 (bmo#871161)
      Character encoding cross-origin XSS attack
    * MFSA 2013-107/CVE-2013-5614 (bmo#886262)
      Sandbox restrictions not applied to nested object elements
    * MFSA 2013-108/CVE-2013-5616 (bmo#938341)
      Use-after-free in event listeners
    * MFSA 2013-109/CVE-2013-5618 (bmo#926361)
      Use-after-free during Table Editing
    * MFSA 2013-110/CVE-2013-5619 (bmo#917841)
      Potential overflow in JavaScript binary search algorithms
    * MFSA 2013-111/CVE-2013-6671 (bmo#930281)
      Segmentation violation when replacing ordered list elements
    * MFSA 2013-112/CVE-2013-6672 (bmo#894736)
      Linux clipboard information disclosure though selection paste
    * MFSA 2013-113/CVE-2013-6673 (bmo#970380)
      Trust settings for built-in roots ignored during EV certificate
      validation
    * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
      Use-after-free in synthetic mouse movement
    * MFSA 2013-115/CVE-2013-5615 (bmo#929261)
      GetElementIC typed array stubs can be generated outside observed
      typesets
    * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
      JPEG information leak
    * MFSA 2013-117 (bmo#946351)
      Mis-issued ANSSI/DCSSI certificate
      (fixed via NSS 3.15.3.1)
  - rebased patches:
    * mozilla-nongnome-proxies.patch
    * mozilla-shared-nss-db.patch
* Wed Oct 30 2013 wr@rosenauer.org
  - update to SeaMonkey 2.22 (bnc#847708)
    * rebased patches
    * requires NSS 3.15.2 or higher
    * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
      Miscellaneous memory safety hazards
    * MFSA 2013-94/CVE-2013-5593 (bmo#868327)
      Spoofing addressbar through SELECT element
    * MFSA 2013-95/CVE-2013-5604 (bmo#914017)
      Access violation with XSLT and uninitialized data
    * MFSA 2013-96/CVE-2013-5595 (bmo#916580)
      Improperly initialized memory and overflows in some JavaScript
      functions
    * MFSA 2013-97/CVE-2013-5596 (bmo#910881)
      Writing to cycle collected object during image decoding
    * MFSA 2013-98/CVE-2013-5597 (bmo#918864)
      Use-after-free when updating offline cache
    * MFSA 2013-99/CVE-2013-5598 (bmo#920515)
      Security bypass of PDF.js checks using iframes
    * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
      (bmo#915210, bmo#915576, bmo#916685)
      Miscellaneous use-after-free issues found through ASAN fuzzing
    * MFSA 2013-101/CVE-2013-5602 (bmo#897678)
      Memory corruption in workers
    * MFSA 2013-102/CVE-2013-5603 (bmo#916404)
      Use-after-free in HTML document templates
* Tue Sep 17 2013 wr@rosenauer.org
  - update to SeaMonkey 2.21 (bnc#840485)
    * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
      Miscellaneous memory safety hazards
    * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
      Improper state in HTML5 Tree Builder with templates
    * MFSA 2013-78/CVE-2013-1721 (bmo#890277)
      Integer overflow in ANGLE library
    * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
      Use-after-free in Animation Manager during stylesheet cloning
    * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
      NativeKey continues handling key messages after widget is destroyed
    * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
      Use-after-free with select element
    * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
      Calling scope for new Javascript objects can lead to memory corruption
    * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
      Uninitialized data in IonMonkey
    * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
      Compartment mismatch re-attaching XBL-backed nodes
    * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
      Buffer overflow with multi-column, lists, and floats
    * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
      Memory corruption involving scrolling
    * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
      User-defined properties on DOM proxies get the wrong "this" object
    * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
      GC hazard with default compartments and frame chain restoration
  - requires NSS 3.15.1
* Mon Aug 05 2013 wr@rosenauer.org
  - update to SeaMonkey 2.20 (bnc#833389)
    * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
      Miscellaneous memory safety hazards
    * MFSA 2013-64/CVE-2013-1704 (bmo#883313)
      Use after free mutating DOM during SetBody
    * MFSA 2013-65/CVE-2013-1705 (bmo#882865)
      Buffer underflow when generating CRMF requests
    * MFSA 2013-67/CVE-2013-1708 (bmo#879924)
      Crash during WAV audio file decoding
    * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
      Document URI misrepresentation and masquerading
    * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
      CRMF requests allow for code execution and XSS attacks
    * MFSA 2013-70/CVE-2013-1711 (bmo#843829)
      Bypass of XrayWrappers using XBL Scopes
    * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
      Wrong principal used for validating URI for some Javascript
      components
    * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
      Same-origin bypass with web workers and XMLHttpRequest
    * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
      Local Java applets may read contents of local file system
  - requires NSPR 4.10 and NSS 3.15
  - removed obsolete seamonkey-shared-nss-db.patch
* Sat Jun 29 2013 wr@rosenauer.org
  - update to SeaMonkey 2.19 (bnc#825935)
    * removed obsolete patches
      + mozilla-gstreamer-760140.patch
    * GStreamer support does not build on 12.1 anymore (build only
      on 12.2 and later)
    * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
      Miscellaneous memory safety hazards
    * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
      Memory corruption found using Address Sanitizer
    * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
      Privileged content access and execution via XBL
    * MFSA 2013-52/CVE-2013-1688 (bmo#873966)
      Arbitrary code execution within Profiler
    * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
      Execution of unmapped memory through onreadystatechange event
    * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
      Data in the body of XHR HEAD requests leads to CSRF attacks
    * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
      SVG filters can lead to information disclosure
    * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
      PreserveWrapper has inconsistent behavior
    * MFSA 2013-57/CVE-2013-1695 (bmo#849791)
      Sandbox restrictions not applied to nested frame elements
    * MFSA 2013-58/CVE-2013-1696 (bmo#761667)
      X-Frame-Options ignored when using server push with multi-part
      responses
    * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
      XrayWrappers can be bypassed to run user defined methods in a
      privileged context
    * MFSA 2013-60/CVE-2013-1698 (bmo#876044)
      getUserMedia permission dialog incorrectly displays location
    * MFSA 2013-61/CVE-2013-1699 (bmo#840882)
      Homograph domain spoofing in .com, .net and .name
* Tue May 28 2013 wr@rosenauer.org
  - update to SeaMonkey 2.17.1
* Tue Apr 09 2013 wr@rosenauer.org
  - revert to use GStreamer 0.10 on 12.3 (bnc#814101)
* Tue Apr 02 2013 wr@rosenauer.org
  - update to SeaMonkey 2.17 (bnc#813026)
    * requires NSPR 4.9.5 and NSS 3.14.3
    * mozilla-webrtc-ppc.patch included upstream
    * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
      Miscellaneous memory safety hazards
    * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
      Out-of-bounds write in Cairo library
    * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
      WebGL crash with Mesa graphics driver on Linux
    * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
      Bypass of SOW protections allows cloning of protected nodes
    * MFSA 2013-37/CVE-2013-0794 (bmo#626775)
      Bypass of tab-modal dialog origin disclosure
    * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
      Cross-site scripting (XSS) using timed history navigations
    * MFSA 2013-39/CVE-2013-0792 (bmo#722831)
      Memory corruption while rendering grayscale PNG images
  - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
* Fri Mar 15 2013 pcerny@suse.com
  - update to SeaMonkey 2.16.2
* Sat Mar 09 2013 wr@rosenauer.org
  - update to SeaMonkey 2.16.1 (bnc#808243)
    * MFSA 2013-29/CVE-2013-0787 (bmo#848644)
      Use-after-free in HTML Editor
* Mon Feb 18 2013 wr@rosenauer.org
  - update to SeaMonkey 2.16 (bnc#804248)
    * MFSA 2013-21/CVE-2013-0783/2013-0784
      Miscellaneous memory safety hazards
    * MFSA 2013-22/CVE-2013-0772 (bmo#801366)
      Out-of-bounds read in image rendering
    * MFSA 2013-23/CVE-2013-0765 (bmo#830614)
      Wrapped WebIDL objects can be wrapped again
    * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
      Web content bypass of COW and SOW security wrappers
    * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
      Privacy leak in JavaScript Workers
    * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
      Use-after-free in nsImageLoadingContent
    * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
      Phishing on HTTPS connection through malicious proxy
    * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
      CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
      Use-after-free, out of bounds read, and buffer overflow issues
      found using Address Sanitizer
  - removed obsolete patches
    * mozilla-webrtc.patch
    * mozilla-gstreamer-803287.patch
* Mon Feb 04 2013 wr@rosenauer.org
  - update to SeaMonkey 2.15.2
    * Applications could not be removed from the "Application details"
      dialog under Preferences, Helper Applications (bmo#826771).
    * View / Message Body As could show menu items out of context
      (bmo#831348)
* Sun Jan 20 2013 wr@rosenauer.org
  - update to SeaMonkey 2.15.1
    * backed out bmo#677092 (removed patch)
    * fixed problems involving HTTP proxy transactions
* Sun Jan 13 2013 wr@rosenauer.org
  - backed out restartless language packs as it broke multi-locale
    setup (bmo#677092, bmo#818468)
* Tue Jan 08 2013 wr@rosenauer.org
  - update to SeaMonkey 2.15 (bnc#796895)
    * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
      Miscellaneous memory safety hazards
    * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
      CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
      Use-after-free and buffer overflow issues found using Address Sanitizer
    * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
      Buffer Overflow in Canvas
    * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
      URL spoofing in addressbar during page loads
    * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
      Use-after-free when displaying table with many columns and column groups
    * MFSA 2013-06/CVE-2013-0751 (bmo#790454)
      Touch events are shared across iframes
    * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
      Crash due to handling of SSL on threads
    * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
      AutoWrapperChanger fails to keep objects alive during garbage collection
    * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
      Compartment mismatch with quickstubs returned values
    * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
      Event manipulation in plugin handler to bypass same-origin policy
    * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
      Address space layout leaked in XBL objects
    * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
      Buffer overflow in Javascript string concatenation
    * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
      Memory corruption in XBL with XML bindings containing SVG
    * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
      Chrome Object Wrapper (COW) bypass through changing prototype
    * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
      Privilege escalation through plugin objects
    * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
      Use-after-free in serializeToStream
    * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
      Use-after-free in ListenerManager
    * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
      Use-after-free in Vibrate
    * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
      Use-after-free in Javascript Proxy objects
  - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
  - reenable WebRTC
  - added mozilla-libproxy-compat.patch for libproxy API compat
    on openSUSE 11.2 and earlier
* Tue Dec 18 2012 wr@rosenauer.org
  - update to SeaMonkey 2.14.1
    * fix regressions from 2.14 release
* Tue Nov 20 2012 wr@rosenauer.org
  - update to SeaMonkey 2.14 (bnc#790140)
    * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
      Miscellaneous memory safety hazards
    * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
      Buffer overflow while rendering GIF images
    * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
      evalInSanbox location context incorrectly applied
    * MFSA 2012-94/CVE-2012-5836 (bmo#792857)
      Crash when combining SVG text on path with CSS
    * MFSA 2012-96/CVE-2012-4204 (bmo#778603)
      Memory corruption in str_unescape
    * MFSA 2012-97/CVE-2012-4205 (bmo#779821)
      XMLHttpRequest inherits incorrect principal within sandbox
    * MFSA 2012-99/CVE-2012-4208 (bmo#798264)
      XrayWrappers exposes chrome-only properties when not in chrome
      compartment
    * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
      Improper security filtering for cross-origin wrappers
    * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
      Improper character decoding in HZ-GB-2312 charset
    * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
      Frames can shadow top.location
    * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
      CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
      CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
      Use-after-free and buffer overflow issues found using Address
      Sanitizer
    * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
      Use-after-free, buffer overflow, and memory corruption issues
      found using Address Sanitizer
  - rebased patches
  - disabled WebRTC since build is broken (bmo#776877)
* Sat Oct 27 2012 wr@rosenauer.org
  - update to SeaMonkey 2.13.2 (bnc#786522)
    * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
      (bmo#800666, bmo#793121, bmo#802557)
      Fixes for Location object issues
* Fri Oct 12 2012 wr@rosenauer.org
  - update to SeaMonkey 2.13.1 (bnc#783533)
    * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
      Miscellaneous memory safety hazards
    * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
      defaultValue security checks not applied
* Mon Oct 08 2012 wr@rosenauer.org
  - update to SeaMonkey 2.13 (bnc#783533)
    * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
      Miscellaneous memory safety hazards
    * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
      select element persistance allows for attacks
    * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
      Continued access to initial origin after setting document.domain
    * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
      Some DOMWindowUtils methods bypass security checks
    * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
      DOS and crash with full screen and history navigation
    * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
      Crash with invalid cast when using instanceof operator
    * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
      GetProperty function can bypass security checks
    * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
      top object and location property accessible by plugins
    * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
      Chrome Object Wrapper (COW) does not disallow acces to privileged
      functions or properties
    * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
      Spoofing and script injection through location.hash
    * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
      CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
      Use-after-free, buffer overflow, and out of bounds read issues
      found using Address Sanitizer
    * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
      CVE-2012-4188
      Heap memory corruption issues found using Address Sanitizer
    * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
      Use-after-free in the IME State Manager
  - requires NSPR 4.9.2
  - improve GStreamer integration (bmo#760140)
* Mon Sep 10 2012 wr@rosenauer.org
  - update to SeaMonkey 2.12.1 (bnc#779936)
    * Sites visited while in Private Browsing mode could be found
      through manual browser cache inspection (bmo#787743)
* Mon Aug 27 2012 wr@rosenauer.org
  - update to SeaMonkey 2.12 (bnc#777588)
    * MFSA 2012-57/CVE-2012-1970
      Miscellaneous memory safety hazards
    * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
      CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
      CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
      Use-after-free issues found using Address Sanitizer
    * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
      Location object can be shadowed using Object.defineProperty
    * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
      Memory corruption with bitmap format images with negative height
    * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
      WebGL use-after-free and memory corruption
    * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
      SVG buffer overflow and use-after-free issues
    * MFSA 2012-64/CVE-2012-3971
      Graphite 2 memory corruption
    * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
      Out-of-bounds read in format-number in XSLT
    * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
      DOMParser loads linked resources in extensions when parsing
      text/html
    * MFSA 2012-69/CVE-2012-3976 (bmo#768568)
      Incorrect site SSL certificate data display
    * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
      Location object security checks bypassed by chrome code
  - enable GStreamer for 12.1 and higher
  - use internal libjpeg
* Sun Jul 29 2012 wr@rosenauer.org
  - import PPC patch from Firefox:
    * add patches for bmo#750620 and bmo#746112
    * fix xpcshell segfault on ppc
* Mon Jul 16 2012 wr@rosenauer.org
  - update to Seamonkey 2.11 (bnc#771583)
    * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
      Miscellaneous memory safety hazards
    * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
      Gecko memory corruption
    * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
      Spoofing issue with location
    * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
      Improper filtering of javascript in HTML feed-view
    * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
      use-after-free in nsGlobalWindow::PageHidden
    * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
      Same-compartment Security Wrappers can be bypassed
    * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
      Out of bounds read in QCMS
    * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
      X-Frame-Options header ignored when duplicated
    * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
      JSDependentString::undepend string conversion results in memory
      corruption
    * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
      Content Security Policy 1.0 implementation errors cause data
      leakage
    * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
      Code execution through javascript: URLs
    * relicensed to MPL-2.0
  - updated/removed patches
  - requires NSS 3.13.5
* Fri Jun 15 2012 wr@rosenauer.org
  - update to Seamonkey 2.10.1
* Mon Jun 04 2012 wr@rosenauer.org
  - update to Seamonkey 2.10 (bnc#765204)
    * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
      Miscellaneous memory safety hazards
    * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
      Content Security Policy inline-script bypass
    * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
      Information disclosure though Windows file shares and shortcut
      files
    * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
      Use-after-free while replacing/inserting a node in a document
    * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
      Buffer overflow and use-after-free issues found using Address
      Sanitizer
  - requires NSS 3.13.4
    * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
* Mon Apr 30 2012 wr@rosenauer.org
  - update to Seamonkey 2.9.1
    * fix regressions
    - POP3 filters (bmo#748090)
    - Message Body not loaded when using "Fetch Headers Only"
      (bmo#748865)
    - Received messages contain parts of other messages with
      movemail account (bmo#748726)
    - New mail notification issue (bmo#748997)
    - crash in nsMsgDatabase::MatchDbName (bmo#748432)
* Fri Apr 27 2012 wr@rosenauer.org
  - fixed build with gcc 4.7
* Mon Apr 23 2012 wr@rosenauer.org
  - update to Seamonkey 2.9 (bnc#758408)
    * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
      Miscellaneous memory safety hazards
    * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
      use-after-free in IDBKeyRange
    * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
      Invalid frees causes heap corruption in gfxImageSurface
    * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
      Potential XSS via multibyte content processing errors
    * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
      Potential memory corruption during font rendering using cairo-dwrite
    * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
      WebGL.drawElements may read illegal video memory due to
      FindMaxUshortElement error
    * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
      Page load short-circuit can lead to XSS
    * MFSA 2012-28/CVE-2012-0475 (bmo#694576)
      Ambiguous IPv6 in Origin headers may bypass webserver access
      restrictions
    * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
      Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
      Crash with WebGL content using textImage2D
    * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
      Off-by-one error in OpenType Sanitizer
    * MFSA 2012-32/CVE-2011-1187 (bmo#624621)
      HTTP Redirections and remote content can be read by javascript errors
    * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
      Potential site identity spoofing when loading RSS and Atom feeds
* Sat Apr 21 2012 wr@rosenauer.org
  - update to 2.9b4
  - added mozilla-sle11.patch and add exceptions to be able to build
    for SLE11/11.1
  - exclude broken gl locale from build
  - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch
  - added mozilla-gcc47.patch and mailnews-literals.patch to fix
    compilation issues with recent gcc 4.7
* Tue Mar 13 2012 wr@rosenauer.org
  - update to Seamonkey 2.8 (bnc#750044)
    * MFSA 2012-13/CVE-2012-0455 (bmo#704354)
      XSS with Drag and Drop and Javascript: URL
    * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
      SVG issues found with Address Sanitizer
    * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
      XSS with multiple Content Security Policy headers
    * MFSA 2012-16/CVE-2012-0458
      Escalation of privilege with Javascript: URL as home page
    * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
      Crash when accessing keyframe cssText after dynamic modification
    * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
      window.fullScreen writeable by untrusted content
    * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
      CVE-2012-0463
      Miscellaneous memory safety hazards
  - explicitely build-require X libs
* Thu Feb 16 2012 wr@rosenauer.org
  - update to Seamonkey 2.7.2 (bnc#747328)
    * CVE-2011-3026 (bmo#727401)
      libpng: integer overflow leading to heap-buffer overflow
* Thu Feb 09 2012 wr@rosenauer.org
  - update to Seamonkey 2.7.1 (bnc#746616)
    * MFSA 2012-10/CVE-2012-0452 (bmo#724284)
      use after free in nsXBLDocumentInfo::ReadPrototypeBindings
  - Use YARR interpreter instead of PCRE on platforms where YARR JIT
    is not supported, since PCRE doesnt build (bmo#691898)
  - fix ppc64 build (bmo#703534)
* Tue Jan 31 2012 wr@rosenauer.org
  - update to Seamonkey 2.7 (bnc#744275)
    * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
      Miscellaneous memory safety hazards
    * MFSA 2012-03/CVE-2012-0445 (bmo#701071)
      <iframe> element exposed across domains via name attribute
    * MFSA 2012-04/CVE-2011-3659 (bmo#708198)
      Child nodes from nsDOMAttribute still accessible after removal
      of nodes
    * MFSA 2012-05/CVE-2012-0446 (bmo#705651)
      Frame scripts calling into untrusted objects bypass security
      checks
    * MFSA 2012-06/CVE-2012-0447 (bmo#710079)
      Uninitialized memory appended when encoding icon images may
      cause information disclosure
    * MFSA 2012-07/CVE-2012-0444 (bmo#719612)
      Potential Memory Corruption When Decoding Ogg Vorbis files
    * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
      Crash with malformed embedded XSLT stylesheets
* Sat Dec 24 2011 wr@rosenauer.org
  - update to Seamonkey 2.6.1
    * (strongparent) parentNode of element gets lost (bmo#335998)
* Sun Dec 18 2011 wr@rosenauer.org
  - update to 2.6 (bnc#737533)
    * MFSA 2011-53/CVE-2011-3660
      Miscellaneous memory safety hazards (rv:9.0)
    * MFSA 2011-54/CVE-2011-3661 (bmo#691299)
      Potentially exploitable crash in the YARR regular expression
      library
    * MFSA 2011-55/CVE-2011-3658 (bmo#708186)
      nsSVGValue out-of-bounds access
    * MFSA 2011-56/CVE-2011-3663 (bmo#704482)
      Key detection without JavaScript via SVG animation
    * MFSA 2011-58/VE-2011-3665 (bmo#701259)
      Crash scaling <video> to extreme sizes
* Thu Nov 24 2011 pcerny@suse.com
  - update to 2.5 (bnc#728520)
    * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
      Potential XSS against sites using Shift-JIS
    * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
      Miscellaneous memory safety hazards
    * MFSA 2011-49/CVE-2011-3650 (bmo#674776)
      Memory corruption while profiling using Firebug
    * MFSA 2011-52/CVE-2011-3655 (bmo#672182)
      Code execution via NoWaiverWrapper
* Mon Oct 03 2011 wr@rosenauer.org
  - update to minor release 2.4.1
    * fixed staged addon updates
* Mon Sep 26 2011 wr@rosenauer.org
  - update to 2.4 (bnc#720264)
    * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
      Miscellaneous memory safety hazards
    * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
      Defense against multiple Location headers due to CRLF Injection
    * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
      Code installation through holding down Enter
    * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
      Potentially exploitable WebGL crashes
    * MFSA 2011-42/CVE-2011-3232 (bmo#653672)
      Potentially exploitable crash in the YARR regular expression
      library
    * MFSA 2011-43/CVE-2011-3004 (bmo#653926)
      loadSubScript unwraps XPCNativeWrapper scope parameter
    * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
      Use after free reading OGG headers
    * MFSA 2011-45
      Inferring keystrokes from motion data
  - removed obsolete mozilla-cairo-lcd.patch
  - rebased patches
  - removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
    mozilla.sh.in (bnc#680758)
* Wed Sep 14 2011 wr@rosenauer.org
  - add dbus-1-glib-devel to BuildRequires (not pulled in
    automatically with 12.1)
* Wed Sep 07 2011 pcerny@suse.com
  - security update to 2.3.3 (bnc#714931)
    * Complete blocking of certificates issued by DigiNotar
      (bmo#683449)
* Fri Sep 02 2011 pcerny@suse.com
  - security update to 2.3.2 (bnc#714931)
    * MFSA 2011-34
      Protection against fraudulent DigiNotar certificates
      (bmo#682927)
* Mon Aug 15 2011 wr@rosenauer.org
  - update to version 2.3 (bnc#712224)
    included security fixes
    * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
      Miscellaneous memory safety hazards
    * CVE-2011-2993 (bmo#657267)
      Unsigned scripts can call script inside signed JAR
    * CVE-2011-2988 (bmo#665934)
      Heap overflow in ANGLE library
    * CVE-2011-0084 (bmo#648094)
      Crash in SVGTextElement.getCharNumAtPosition()
    * CVE-2011-2990
      Credential leakage using Content Security Policy reports
    * CVE-2011-2986 (bmo#655836)
      Cross-origin data theft using canvas and Windows D2D
    * Gecko 6
    * removed obsolete mozilla-gio.patch
* Fri Jul 08 2011 wr@rosenauer.org
  - update to version 2.2
    * Gecko 5
    included fixes for security issues: (bnc#701296, bnc#700578)
    * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
      Miscellaneous memory safety hazards
    * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
      Use-after-free vulnerability when viewing XUL document with
      script disabled
    * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
      Memory corruption due to multipart/x-mixed-replace images
    * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
      Integer overflow and arbitrary code execution in
      Array.reduceRight()
    * MFSA 2011-25/CVE-2011-2366
      Stealing of cross-domain images using WebGL textures
    * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
      Multiple WebGL crashes
    * MFSA 2011-27/CVE-2011-2369 (bmo#650001)
      XSS encoding hazard with inline SVG
    * MFSA 2011-28/CVE-2011-2370 (bmo#645699)
      Non-whitelisted site can trigger xpinstall
* Mon Jun 13 2011 wr@rosenauer.org
  - use faster version for find-external-requires.sh
    (from Petr Cerny)
  - removed obsolete default preferences
  - ported UA locale fix (bnc#582654)
  - updated supported locale RPM tags
* Fri Jun 10 2011 wr@rosenauer.org
  - major update to version 2.1
    * Gecko 2.0 (with all its features)
  - avoid __DATE__ and __TIME__ usage
* Wed Mar 23 2011 wr@rosenauer.org
  - security update to version 2.0.13 (bnc#680771)
    * MFSA 2011-11 (bmo#642395)
      Update HTTPS certificate blacklist
* Mon Jan 24 2011 wr@rosenauer.org
  - security update to version 2.0.12 (bnc#667155)
    * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
      Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
    * MFSA 2011-02/CVE-2011-0051 (bmo#616659)
      Recursive eval call causes confirm dialogs to evaluate to true
    * MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
      Use-after-free error in JSON.stringify
    * MFSA 2011-04/CVE-2011-0054 (bmo#615657)
      Buffer overflow in JavaScript upvarMap
    * MFSA 2011-05/CVE-2011-0056 (bmo#622015)
      Buffer overflow in JavaScript atom map
    * MFSA 2011-06/CVE-2011-0057 (bmo#626631)
      Use-after-free error using Web Workers
    * MFSA 2011-08/CVE-2010-1585 (bmo#562547)
      ParanoidFragmentSink allows javascript: URLs in chrome documents
    * MFSA 2011-09/CVE-2011-0061 (bmo#610601)
      Crash caused by corrupted JPEG image
    * MFSA 2011-10/CVE-2011-0059 (bmo#573873)
      CSRF risk with plugins and 307 redirects
* Mon Jan 10 2011 wr@rosenauer.org
  - add x-scheme-handlers to desktop files as needed by newer Gnome
    environment
* Thu Nov 25 2010 wr@rosenauer.org
  - security update to version 2.0.11 (bnc#657016)
    * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
      Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
    * MFSA 2010-75/CVE-2010-3769 (bmo#608336)
      Buffer overflow while line breaking after document.write with
      long string
    * MFSA 2010-76/CVE-2010-3771 (bmo#609437)
      Chrome privilege escalation with window.open and <isindex> element
    * MFSA 2010-77/CVE-2010-3772 (bmo#594547)
      Crash and remote code execution using HTML tags inside a XUL tree
    * MFSA 2010-78/CVE-2010-3768 (bmo#527276)
      Add support for OTS font sanitizer
    * MFSA 2010-79/CVE-2010-3775
      Java security bypass from LiveConnect loaded via data: URL
      meta refresh
    * MFSA 2010-80/CVE-2010-3766 (bmo#590771)
      Use-after-free error with nsDOMAttribute MutationObserver
    * MFSA 2010-81/CVE-2010-3767 (bmo#599468)
      Integer overflow vulnerability in NewIdArray
    * MFSA 2010-82/CVE-2010-3773 (bmo#554449)
      Incomplete fix for CVE-2010-0179
    * MFSA 2010-83/VE-2010-3774 (bmo#602780)
      Location bar SSL spoofing using network error page
    * MFSA 2010-84/CVE-2010-3770 (bmo#601429)
      XSS hazard in multiple character encodings
* Wed Oct 27 2010 wr@rosenauer.org
  - security update to version 2.0.10 (bnc#649492)
    * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
      Heap buffer overflow mixing document.write and DOM insertion
* Thu Oct 07 2010 wr@rosenauer.org
  - security update to version 2.0.9 (bnc#645315)
    * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
      Miscellaneous memory safety hazards
    * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
      Buffer overflow and memory corruption using document.write
    * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
      Use-after-free error in nsBarProp
    * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
      Dangling pointer vulnerability in LookupGetterOrSetter
    * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
      XSS in gopher parser when parsing hrefs
    * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
      Cross-site information disclosure via modal calls
    * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
      SSL wildcard certificate matching IP addresses
    * MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
      Unsafe library loading vulnerabilities
    * MFSA 2010-72/CVE-2010-3173
      Insecure Diffie-Hellman key exchange
    * removed upstreamed mozilla-helper-app.patch
  - require mozilla-nss >= 3.12.8
* Wed Sep 15 2010 wr@rosenauer.org
  - update to 2.0.8
    * fixing startup topcrash (bmo#594699)
    * add "face" to the list of white-listed attributes (bmo#592601)
  - added Cairo LCD filter patch to enable subpixel hinting where
    supported (bnc#638186) (mozilla-cairo-lcd.patch)
* Thu Aug 26 2010 wr@rosenauer.org
  - security upate to 2.0.7 (bnc#637303)
    * MFSA 2010-49/CVE-2010-3169
      Miscellaneous memory safety hazards
    * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
      Frameset integer overflow vulnerability
    * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
      Dangling pointer vulnerability using DOM plugin array
    * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
      Heap buffer overflow in nsTextFrameUtils::TransformText
    * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
      Dangling pointer vulnerability in nsTreeSelection
    * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
      XUL tree removal crash and remote code execution
    * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
      Crash and remote code execution in normalizeDocument
    * MFSA 2010-60/CVE-2010-2763 (bmo#585284)
      XSS using SJOW scripted function
    * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
      UTF-7 XSS by overriding document charset using <object> type
      attribute
    * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
      Copy-and-paste or drag-and-drop into designMode document allows
      XSS
    * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
      Information leak via XMLHttpRequest statusText
  - always use internal cairo (bnc#622375, bnc#626042)
* Fri Jul 16 2010 wr@rosenauer.org
  - security update to 2.0.6 (bnc#622506)
    * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
      Miscellaneous memory safety hazards
    * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
      DOM attribute cloning remote code execution vulnerability
    * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
      Use-after-free error in NodeIterator
    * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
      Plugin parameter EnsureCachedAttrParamArrays remote code
      execution vulnerability
    * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
      nsCSSValue::Array index integer overflow
    * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
      nsTreeSelection dangling pointer remote code execution
      vulnerability
    * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
      Remote code execution using malformed PNG image
    * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
      Cross-origin data disclosure via Web Workers and importScripts
    * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
      Multiple location bar spoofing vulnerabilities
    * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
      Cross-domain data theft using CSS
    * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
      Cross-origin data leakage from script filename in error messages
* Fri May 07 2010 wr@rosenauer.org
  - security update to 2.0.5 (bnc#603356)
    * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
      Re-use of freed object due to scope confusion
    * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
      CVE-2010-1203
      Crashes with evidence of memory corruption (rv:1.9.1.10)
    * MFSA 2010-27/CVE-2010-0183 (bmo#557174)
      Use-after-free error in nsCycleCollector::MarkRoots()
    * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
      Freed object reuse across plugin instances
    * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
      Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
      Integer Overflow in XSLT Node Sorting
    * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
      focus() behavior can be used to inject or steal keystrokes
    * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
      Content-Disposition: attachment ignored if
      Content-Type: multipart also present
    * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
      User tracking across sites using Math.random()
* Wed Mar 17 2010 wr@rosenauer.org
  - security update to 2.0.4 (bnc#586567)
    * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
      Crashes with evidence of memory corruption
    * MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
      Remote code execution with use-after-free in nsTreeSelection
    * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
      Dangling pointer vulnerability in nsPluginArray
    * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
      Chrome privilege escalation via forced URL drag and drop
    * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
      Update NSS to support TLS renegotiation indication
    * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
      Image src redirect to mailto: URL opens email editor
    * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
      XMLDocument::load() doesn't check nsIContentPolicy
* Wed Feb 24 2010 wr@rosenauer.org
  - added translation subpackages
* Wed Feb 17 2010 wr@rosenauer.org
  - security update to 2.0.3 (bnc#576969)
    * MFSA-2010-01/CVE-2010-0159
      Crashes with evidence of memory corruption
    * MFSA-2010-02/CVE-2010-0160
      Web Worker Array Handling Heap Corruption Vulnerability
    * MFSA-2010-03/CVE-2009-1571 (bmo#526500)
      Use-after-free crash in HTML parser
    * MFSA-2010-04/CVE-2009-3988 (bmo#504862)
      XSS due to window.dialogArguments being readable cross-domain
    * MFSA-2010-05/CVE-2010-0162 (bmo#455472)
      XSS hazard using SVG document and binary Content-Type
* Mon Jan 18 2010 vuntz@opensuse.org
  - Remove unneeded orbit-devel BuildRequires.
* Tue Jan 05 2010 wr@rosenauer.org
  - stability update to 2.0.2 (bnc#568011)
    * DNS resolution in MakeSN of nsAuthSSPI causing issues for
      proxy servers that support NTLM auth (bmo#535193)
* Thu Dec 10 2009 wr@rosenauer.org
  - security update to 2.0.1 (bnc#559807)
    * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
      Crashes with evidence of memory corruption (rv:1.9.1.6)
    * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
      Memory safety fixes in liboggplay media library
    * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
      Integer overflow, crash in libtheora video library
    * MFSA 2009-68/CVE-2009-3983 (bmo#487872)
      NTLM reflection vulnerability
    * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
      Location bar spoofing vulnerabilities
    * MFSA 2009-70/VE-2009-3986 (bmo#522430)
      Privilege escalation via chrome window.opener
* Mon Oct 19 2009 wr@rosenauer.org
  - update to 2.0rc2 which might become the final 2.0 version
    * based on final Gecko 1.9.1.4 (build3)
* Thu Oct 08 2009 wr@rosenauer.org
  - update to 2.0rc1
    * based on Gecko 1.9.1.4
    * removed upstreamed patches
    * compatible with enigmail (bnc#544326, bnc#530811)
  - fixed startup notification (bnc#518603)
    (mozilla-startup-notification.patch)
* Mon Sep 14 2009 wr@rosenauer.org
  - update to 2.0b2
    * removed obsolete mozilla-jemalloc_deepbind.patch and
      mozilla-app-launcher.patch
  - remove obsolete code for protocol handlers (bmo#389732)
  - allow alternative button order for Gtk filechooser (bnc#527418)
  - added mozilla-prefer_plugin_pref.patch to introduce a new set of
    prefs to support preferring certain plugins for mime-types
  - added mozilla-sysplugin-biarch.patch to use
    /usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
* Thu Aug 20 2009 wr@rosenauer.org
  - added Provides and Obsoletes for package merge (bnc#532678)
  - allow alternative button order for Gtk filechooser (bnc#527418)
* Tue Jul 28 2009 wr@rosenauer.org
  - fixed %exclude usage
* Tue Jul 21 2009 wr@rosenauer.org
  - update to 2.0b1
  - added create-tar.sh to source package
  - removed enigmail as it's provided as an own package built in
    Thunderbird now
* Thu Jul 09 2009 @rosenauer.org
  - update to 2.0a3-20090707 snapshot
  - define MOZ_APP_LAUNCHER for session management (bmo#453689)
    (mozilla-app-launcher.patch and mozilla.sh.in)
  - move intl.locale.matchOS to distribution specific prefs
    (removed locale.patch)
  - moved openSUSE specific prefs from greprefs to app prefs
  - added mozilla-jemalloc_deepbind.patch to fix various possible
    crashes (bnc#503151, bmo#493541)
  - added seamonkey-no-update.patch to hide the update menu item
* Wed Jun 17 2009 wr@rosenauer.org
  - major update to 2.0a3-20090617
    * based on Gecko 1.9.1
    * ported to Mozilla's toolkit
* Sat Apr 11 2009 wr@rosenauer.org
  - security update to 1.1.16 (bnc#488955,489411,492354)
    * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
      Crash and remote code execution in XSL transformation
    * MFSA 2009-13/CVE-2009-1044 (bmo#484320)
      Arbitrary code execution via XUL tree moveToEdgeShift
* Thu Mar 19 2009 wr@rosenauer.org
  - update to security release 1.1.15 (bnc#478625)
    * MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
      CVE-2009-0774:
      Crashes with evidence of memory corruption (rv:1.9.0.7)
    * MFSA 2009-09/CVE-2009-0776:
      XML data theft via RDFXMLDataSource and cross-domain redirect
    * MFSA 2009-10/CVE-2009-0040:
      Upgrade PNG library to fix memory safety hazards
  - use nss-shared-helper from 11.1 on which allows migrating to and
    sharing with other applications using NSS
    (can be disabled completely exporting MOZ_SM_NO_NSSHELPER=1)

Files

/usr/bin/seamonkey
/usr/lib/seamonkey
/usr/lib/seamonkey/application.ini
/usr/lib/seamonkey/blocklist.xml
/usr/lib/seamonkey/chrome
/usr/lib/seamonkey/chrome.manifest
/usr/lib/seamonkey/chrome/icons
/usr/lib/seamonkey/chrome/icons/default
/usr/lib/seamonkey/chrome/icons/default/JSConsoleWindow.png
/usr/lib/seamonkey/chrome/icons/default/JSConsoleWindow16.png
/usr/lib/seamonkey/chrome/icons/default/JSConsoleWindow48.png
/usr/lib/seamonkey/chrome/icons/default/abcardWindow.png
/usr/lib/seamonkey/chrome/icons/default/abcardWindow16.png
/usr/lib/seamonkey/chrome/icons/default/abcardWindow48.png
/usr/lib/seamonkey/chrome/icons/default/ablistWindow.png
/usr/lib/seamonkey/chrome/icons/default/ablistWindow16.png
/usr/lib/seamonkey/chrome/icons/default/ablistWindow48.png
/usr/lib/seamonkey/chrome/icons/default/addressbookWindow.png
/usr/lib/seamonkey/chrome/icons/default/addressbookWindow16.png
/usr/lib/seamonkey/chrome/icons/default/addressbookWindow48.png
/usr/lib/seamonkey/chrome/icons/default/bookmarkproperties.png
/usr/lib/seamonkey/chrome/icons/default/bookmarkproperties16.png
/usr/lib/seamonkey/chrome/icons/default/bookmarkproperties48.png
/usr/lib/seamonkey/chrome/icons/default/default.png
/usr/lib/seamonkey/chrome/icons/default/default16.png
/usr/lib/seamonkey/chrome/icons/default/default48.png
/usr/lib/seamonkey/chrome/icons/default/downloadManager.png
/usr/lib/seamonkey/chrome/icons/default/downloadManager16.png
/usr/lib/seamonkey/chrome/icons/default/downloadManager48.png
/usr/lib/seamonkey/chrome/icons/default/editorWindow.png
/usr/lib/seamonkey/chrome/icons/default/editorWindow16.png
/usr/lib/seamonkey/chrome/icons/default/editorWindow48.png
/usr/lib/seamonkey/chrome/icons/default/findBookmarkWindow.png
/usr/lib/seamonkey/chrome/icons/default/findBookmarkWindow16.png
/usr/lib/seamonkey/chrome/icons/default/findBookmarkWindow48.png
/usr/lib/seamonkey/chrome/icons/default/findHistoryWindow.png
/usr/lib/seamonkey/chrome/icons/default/findHistoryWindow16.png
/usr/lib/seamonkey/chrome/icons/default/findHistoryWindow48.png
/usr/lib/seamonkey/chrome/icons/default/history-window.png
/usr/lib/seamonkey/chrome/icons/default/history-window16.png
/usr/lib/seamonkey/chrome/icons/default/history-window48.png
/usr/lib/seamonkey/chrome/icons/default/main-window.png
/usr/lib/seamonkey/chrome/icons/default/main-window16.png
/usr/lib/seamonkey/chrome/icons/default/main-window48.png
/usr/lib/seamonkey/chrome/icons/default/messengerWindow.png
/usr/lib/seamonkey/chrome/icons/default/messengerWindow16.png
/usr/lib/seamonkey/chrome/icons/default/messengerWindow48.png
/usr/lib/seamonkey/chrome/icons/default/msgcomposeWindow.png
/usr/lib/seamonkey/chrome/icons/default/msgcomposeWindow16.png
/usr/lib/seamonkey/chrome/icons/default/msgcomposeWindow48.png
/usr/lib/seamonkey/chrome/icons/default/places.png
/usr/lib/seamonkey/chrome/icons/default/places16.png
/usr/lib/seamonkey/chrome/icons/default/places48.png
/usr/lib/seamonkey/chrome/icons/default/seamonkey.png
/usr/lib/seamonkey/components
/usr/lib/seamonkey/components/components.manifest
/usr/lib/seamonkey/components/libsuite.so
/usr/lib/seamonkey/defaults
/usr/lib/seamonkey/defaults/messenger
/usr/lib/seamonkey/defaults/messenger/mailViews.dat
/usr/lib/seamonkey/defaults/pref
/usr/lib/seamonkey/defaults/pref/all-openSUSE.js
/usr/lib/seamonkey/defaults/pref/channel-prefs.js
/usr/lib/seamonkey/defaults/pref/spellcheck.js
/usr/lib/seamonkey/defaults/profile
/usr/lib/seamonkey/defaults/profile/chrome
/usr/lib/seamonkey/defaults/profile/chrome/userChrome-example.css
/usr/lib/seamonkey/defaults/profile/chrome/userContent-example.css
/usr/lib/seamonkey/defaults/profile/mimeTypes.rdf
/usr/lib/seamonkey/defaults/profile/panels.rdf
/usr/lib/seamonkey/dependentlibs.list
/usr/lib/seamonkey/dictionaries
/usr/lib/seamonkey/extensions
/usr/lib/seamonkey/extensions/modern@themes.mozilla.org.xpi
/usr/lib/seamonkey/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
/usr/lib/seamonkey/fonts
/usr/lib/seamonkey/fonts/EmojiOneMozilla.ttf
/usr/lib/seamonkey/gtk2
/usr/lib/seamonkey/gtk2/libmozgtk.so
/usr/lib/seamonkey/icudt58l.dat
/usr/lib/seamonkey/isp
/usr/lib/seamonkey/isp/Bogofilter.sfd
/usr/lib/seamonkey/isp/DSPAM.sfd
/usr/lib/seamonkey/isp/POPFile.sfd
/usr/lib/seamonkey/isp/SpamAssassin.sfd
/usr/lib/seamonkey/isp/SpamPal.sfd
/usr/lib/seamonkey/isp/movemail.rdf
/usr/lib/seamonkey/isp/rss.rdf
/usr/lib/seamonkey/libldap60.so
/usr/lib/seamonkey/libldif60.so
/usr/lib/seamonkey/liblgpllibs.so
/usr/lib/seamonkey/libmozgtk.so
/usr/lib/seamonkey/libmozsqlite3.so
/usr/lib/seamonkey/libprldap60.so
/usr/lib/seamonkey/libxul.so
/usr/lib/seamonkey/omni.ja
/usr/lib/seamonkey/platform.ini
/usr/lib/seamonkey/plugin-container
/usr/lib/seamonkey/seamonkey-bin
/usr/lib/seamonkey/seamonkey.sh
/usr/lib/seamonkey/searchplugins
/usr/lib/seamonkey/searchplugins/duckduckgo.xml
/usr/lib/seamonkey/searchplugins/google.xml
/usr/lib/seamonkey/searchplugins/wikipedia.xml
/usr/lib/seamonkey/searchplugins/yahoo.xml
/usr/share/appdata
/usr/share/appdata/seamonkey-composer.appdata.xml
/usr/share/appdata/seamonkey-mail.appdata.xml
/usr/share/appdata/seamonkey.appdata.xml
/usr/share/applications/seamonkey-composer.desktop
/usr/share/applications/seamonkey-mail.desktop
/usr/share/applications/seamonkey.desktop
/usr/share/pixmaps/seamonkey-composer.png
/usr/share/pixmaps/seamonkey-mail.png
/usr/share/pixmaps/seamonkey-orig.png
/usr/share/pixmaps/seamonkey.png


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Mar 10 05:25:16 2020