Hello community, here is the log from the commit of package seamonkey for openSUSE:Factory checked in at 2015-11-08 14:36:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/seamonkey (Old) and /work/SRC/openSUSE:Factory/.seamonkey.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "seamonkey" Changes: -------- --- /work/SRC/openSUSE:Factory/seamonkey/seamonkey.changes 2015-10-03 20:30:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.seamonkey.new/seamonkey.changes 2015-11-08 14:36:25.000000000 +0100 @@ -1,0 +2,51 @@ +Thu Nov 5 08:01:22 UTC 2015 - [email protected] + +- update to Seamonkey 2.39 (bnc#952810) + * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 + Miscellaneous memory safety hazards + * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) + Information disclosure through NTLM authentication + * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) + CSP bypass due to permissive Reader mode whitelist + * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) + Firefox for Android addressbar can be removed after fullscreen mode + * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) + Reading sensitive profile files through local HTML file on Android + * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) + disabling scripts in Add-on SDK panels has no effect + * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) + Trailing whitespace in IP address hostnames can bypass same-origin policy + * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) + Buffer overflow during image interactions in canvas + * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) + Android intents can be used on Firefox for Android to open privileged files + * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) + XSS attack through intents on Firefox for Android + * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) + Crash when accessing HTML tables with accessibility tools on OS X + * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) + CORS preflight is bypassed when non-standard Content-Type headers + are received + * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) + Memory corruption in libjar through zip files + * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) + Certain escaped characters in host of Location-header are being + treated as non-escaped + * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) + JavaScript garbage collection crash with Java applet + * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 + (bmo#1188010, bmo#1204061, bmo#1204155) + Vulnerabilities found through code inspection + * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) + Mixed content WebSocket policy bypass through workers + * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 + (bmo#1202868, bmo#1205157) + NSS and NSPR memory corruption issues + (fixed in mozilla-nspr and mozilla-nss packages) +- requires NSPR >= 4.10.10 and NSS >= 3.19.4 +- removed obsolete patches + * mozilla-icu-strncat.patch +- fixed build with enable-libproxy (bmo#1220399) + * mozilla-libproxy.patch + +------------------------------------------------------------------- Old: ---- l10n-2.38.tar.bz2 mozilla-icu-strncat.patch seamonkey-2.38-source.tar.bz2 New: ---- l10n-2.39.tar.bz2 mozilla-libproxy.patch seamonkey-2.39-source.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ seamonkey.spec ++++++ --- /var/tmp/diff_new_pack.c2FHtr/_old 2015-11-08 14:36:37.000000000 +0100 +++ /var/tmp/diff_new_pack.c2FHtr/_new 2015-11-08 14:36:37.000000000 +0100 @@ -60,9 +60,9 @@ %endif Provides: web_browser Provides: browser(npapi) -Version: 2.38 +Version: 2.39 Release: 0 -%define releasedate 2015092600 +%define releasedate 2015110400 Summary: The successor of the Mozilla Application Suite License: MPL-2.0 Group: Productivity/Networking/Web/Browsers @@ -84,8 +84,8 @@ Patch4: mozilla-ntlm-full-path.patch Patch5: mozilla-ua-locale.patch Patch6: mozilla-no-stdcxx-check.patch -Patch7: mozilla-icu-strncat.patch -Patch8: mozilla-openaes-decl.patch +Patch7: mozilla-openaes-decl.patch +Patch8: mozilla-libproxy.patch Patch100: seamonkey-ua-locale.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /bin/sh coreutils @@ -112,9 +112,9 @@ %global __find_provides %provfind # the following conditions are always met in Factory by definition # so using %opensuse_bs is secure for now -BuildRequires: mozilla-nspr-devel >= 4.10.8 +BuildRequires: mozilla-nspr-devel >= 4.10.10 PreReq: mozilla-nspr >= %(rpm -q --queryformat '%{VERSION}' mozilla-nspr) -BuildRequires: mozilla-nss-devel >= 3.19.2 +BuildRequires: mozilla-nss-devel >= 3.19.4 PreReq: mozilla-nss >= %(rpm -q --queryformat '%{VERSION}' mozilla-nss) %description ++++++ compare-locales.tar.bz2 ++++++ ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.c2FHtr/_old 2015-11-08 14:36:37.000000000 +0100 +++ /var/tmp/diff_new_pack.c2FHtr/_new 2015-11-08 14:36:37.000000000 +0100 @@ -2,8 +2,8 @@ CHANNEL="release" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="SEAMONKEY_2_38_RELEASE" -VERSION="2.38" +RELEASE_TAG="SEAMONKEY_2_39_RELEASE" +VERSION="2.39" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH seamonkey ++++++ l10n-2.38.tar.bz2 -> l10n-2.39.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/seamonkey/l10n-2.38.tar.bz2 /work/SRC/openSUSE:Factory/.seamonkey.new/l10n-2.39.tar.bz2 differ: char 11, line 1 ++++++ mozilla-libproxy.patch ++++++ # HG changeset patch # User Wolfgang Rosenauer <[email protected]> # Parent 95b421ca30846be2b5d7230d72263e6dff042d0b Bug 1220399 - building with libproxy support fails diff --git a/toolkit/system/unixproxy/nsLibProxySettings.cpp b/toolkit/system/unixproxy/nsLibProxySettings.cpp --- a/toolkit/system/unixproxy/nsLibProxySettings.cpp +++ b/toolkit/system/unixproxy/nsLibProxySettings.cpp @@ -2,16 +2,17 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsISystemProxySettings.h" #include "mozilla/ModuleUtils.h" #include "nsIServiceManager.h" #include "nsIURI.h" +#include "nsNetCID.h" #include "nsString.h" #include "nsCOMPtr.h" #include "nspr.h" extern "C" { #include <proxy.h> } ++++++ mozilla-shared-nss-db.patch ++++++ --- /var/tmp/diff_new_pack.c2FHtr/_old 2015-11-08 14:36:37.000000000 +0100 +++ /var/tmp/diff_new_pack.c2FHtr/_new 2015-11-08 14:36:37.000000000 +0100 @@ -7,13 +7,13 @@ diff --git a/configure.in b/configure.in --- a/configure.in +++ b/configure.in -@@ -8296,16 +8296,31 @@ if test "$MOZ_ENABLE_SKIA"; then - MOZ_ENABLE_SKIA_GPU=1 +@@ -8309,16 +8309,31 @@ if test "$MOZ_ENABLE_SKIA"; then AC_DEFINE(USE_SKIA_GPU) AC_SUBST(MOZ_ENABLE_SKIA_GPU) fi fi AC_SUBST(MOZ_ENABLE_SKIA) + AC_SUBST_LIST(SKIA_INCLUDES) dnl ======================================================== +dnl Check for nss-shared-helper @@ -122,7 +122,7 @@ diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build --- a/toolkit/library/moz.build +++ b/toolkit/library/moz.build -@@ -203,16 +203,18 @@ if CONFIG['MOZ_B2G_CAMERA'] and CONFIG[' +@@ -205,16 +205,18 @@ if CONFIG['MOZ_B2G_CAMERA'] and CONFIG[' 'stagefright_omx', ] ++++++ seamonkey-2.38-source.tar.bz2 -> seamonkey-2.39-source.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/seamonkey/seamonkey-2.38-source.tar.bz2 /work/SRC/openSUSE:Factory/.seamonkey.new/seamonkey-2.39-source.tar.bz2 differ: char 11, line 1
