Re: [blfs-book] [BLFS Trac] #14548: seamonkey-2.53.6

2021-01-26 Thread BLFS Trac via blfs-book 
#14548: seamonkey-2.53.6
-+-
 Reporter:  renodr   |   Owner:  renodr
 Type:  enhancement  |  Status:  closed
 Priority:  highest  |   Milestone:  10.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:  fixed
 Keywords:   |
-+-

Comment (by ken@…):

 Replying to [comment:2 renodr]:

 >
 > Ken, it's worth noting that this should be compatible with rust-1.48.0
 should we need to upgrade anytime soon
 >

 I've just looked at firefox-86.0beta1, and that still requires rust >=
 1.47.0. ff87 (beta due after 23rd Feb) will want 1.48. But until we move
 to the next firefox esr series (91, due 13th July) or until librsvg forces
 us, for the moment no reason to change.

 My (unmeasured) impression is that each newer version of rust takes longer
 to build firefox.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #14548: seamonkey-2.53.6

2021-01-25 Thread BLFS Trac via blfs-book 
#14548: seamonkey-2.53.6
-+---
 Reporter:  renodr   |   Owner:  renodr
 Type:  enhancement  |  Status:  assigned
 Priority:  highest  |   Milestone:  10.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by renodr):

 A couple build system changes:

 --with-pthreads is no longer recognized

 --enable-application=suite needs to become --enable-application=comm/suite

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #14548: seamonkey-2.53.6

2021-01-25 Thread BLFS Trac via blfs-book 
#14548: seamonkey-2.53.6
-+---
 Reporter:  renodr   |   Owner:  renodr
 Type:  enhancement  |  Status:  assigned
 Priority:  highest  |   Milestone:  10.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---
Changes (by renodr):

 * priority:  high => highest


Comment:

 {{{
 What's New in SeaMonkey 2.53.6

 SeaMonkey 2.53.6 contains (among other changes) the following major
 changes relative to SeaMonkey 2.53.5.1:

 Improve usability of multiple mailboxes/folders selectionbug 1600103.
 Add Greek localisation (el).
 Remove more RDF from mailnews code.
 Switch to mozilla as topsrcdir and component for building is
 comm/suite now.
 Rust support is now up to 1.48 and official build is now using 1.47.0
 Various security and general platform fixes.

 SeaMonkey 2.53.6 contains (among other changes) the following major
 changes relative to SeaMonkey 2.49.5:

 The Bookmarks Manager has switched its name to Library, and now also
 includes the History list. When invoking History, the Library will be
 shown with the History list selected. The extensive modifications were
 needed because of Mozilla Gecko platform API changes.
 Download Manager has been migrated to a new API. Although it looks
 pretty much the same as before, the search option is missing and some
 other minor details work differently. The previous downloads history is
 removed during the upgrade.
 The layout panel was added to the CSS Grid tools.
 TLS 1.3 is the default SSL version now.
 The only NPAPI plugin which will work with SeaMonkey 2.53.6 is Flash.
 Support for other NPAPI plugins like Java and Silverlight has been
 removed. For displaying pdf files in the browser you can use pdf.js-
 seamonkey from Isaac Schemm.
 SeaMonkey now uses a new api for formatting regional data like time
 and date. Default is to use the application locale of the current
 SeaMonkey build. If you use a language pack or a different OS formatting
 this is usually not desired. You can change the formatting from the
 application locale to the regional settings locale (OS) in the preferences
 dialog under "Appearance".

 SeaMonkey 2.53.6 uses the same backend as Firefox and contains the
 relevant Firefox 60.8 security fixes.

 SeaMonkey 2.53.6 shares most parts of the mail and news code with
 Thunderbird. Please read the Thunderbird 60.0 release notes for specific
 changes and security fixes in this release.

 Additional important security fixes up to Current Firefox 78.6 ESR and a
 few enhancements have been backported. We will continue to enhance
 SeaMonkey security in subsequent 2.53.x beta and release versions as fast
 as we are able to.
 }}}

 Ken, it's worth noting that this should be compatible with rust-1.48.0
 should we need to upgrade anytime soon

 On that note, it's time for some security fixes. The previous version of
 seamonkey, 2.53.5.1, included fixes from Firefox and Thunderbird
 78.4.0esr.

 '''Security fixes from Firefox-78.4.1esr:'''

 {{{
 CVE-2020-26950: Write side effects in MCallGetProperty opcode not
 accounted for

 Reporter
 360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity
 Contest
 Impact
 critical

 Description

 In certain circumstances, the MCallGetProperty opcode can be emitted with
 unmet assumptions resulting in an exploitable use-after-free condition.
 References

 Bug 1675905
 }}}

 '''Security fixes from Firefox-78.5.0esr:'''

 {{{
 #CVE-2020-26951: Parsing mismatches could confuse and bypass security
 sanitizer for chrome privileged code

 Reporter
 Irvan Kurniawan (@sourc7)
 Impact
 high

 Description

 A parsing and event loading mismatch in Firefox's SVG code could have
 allowed load events to fire, even after sanitization. An attacker already
 capable of exploiting an XSS vulnerability in privileged internal pages
 could have used this attack to bypass our built-in sanitizer.
 References

 Bug 1667113

 #CVE-2020-16012: Variable time processing of cross-origin images during
 drawImage calls

 Reporter
 Aleksejs Popovs
 Impact
 moderate

 Description

 When drawing a transparent image on top of an unknown cross-origin image,
 the Skia library drawImage function took a variable amount of time
 depending on the content of the underlying image. This resulted in
 potential cross-origin information exposure of image content through
 timing side-channel attacks.
 References

 Bug 1642028

 #CVE-2020-26953: Fullscreen could be enabled without displaying the
 security UI

 Reporter
 Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research
 Impact
 moderate

 Description

 It was possible to cause the browser to enter fullscreen mode without
 displaying the security UI; thus making it possible to attempt a phishing
 attack or otherwise confuse the user.

[blfs-book] [BLFS Trac] #14548: seamonkey-2.53.6

2021-01-22 Thread BLFS Trac via blfs-book 
#14548: seamonkey-2.53.6
-+---
 Reporter:  renodr   |  Owner:  blfs-book
 Type:  enhancement  | Status:  new
 Priority:  high |  Milestone:  10.1
Component:  BOOK |Version:  SVN
 Severity:  normal   |   Keywords:
-+---
 New point version

 Contains security fixes from Firefox-78.6 and Thunderbird-78.6

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page