Hello community,
here is the log from the commit of package seamonkey for openSUSE:Factory checked in at 2015-11-08 14:36:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/seamonkey (Old)
and /work/SRC/openSUSE:Factory/.seamonkey.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "seamonkey"
Changes:
--------
--- /work/SRC/openSUSE:Factory/seamonkey/seamonkey.changes 2015-10-03 20:30:27.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.seamonkey.new/seamonkey.changes 2015-11-08 14:36:25.000000000 +0100
@@ -1,0 +2,51 @@
+Thu Nov 5 08:01:22 UTC 2015 - wr@rosenauer.org
+
+- update to Seamonkey 2.39 (bnc#952810)
+ * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
+ Miscellaneous memory safety hazards
+ * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
+ Information disclosure through NTLM authentication
+ * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
+ CSP bypass due to permissive Reader mode whitelist
+ * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
+ Firefox for Android addressbar can be removed after fullscreen mode
+ * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
+ Reading sensitive profile files through local HTML file on Android
+ * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
+ disabling scripts in Add-on SDK panels has no effect
+ * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
+ Trailing whitespace in IP address hostnames can bypass same-origin policy
+ * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
+ Buffer overflow during image interactions in canvas
+ * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
+ Android intents can be used on Firefox for Android to open privileged files
+ * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
+ XSS attack through intents on Firefox for Android
+ * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
+ Crash when accessing HTML tables with accessibility tools on OS X
+ * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
+ CORS preflight is bypassed when non-standard Content-Type headers
+ are received
+ * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
+ Memory corruption in libjar through zip files
+ * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
+ Certain escaped characters in host of Location-header are being
+ treated as non-escaped
+ * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
+ JavaScript garbage collection crash with Java applet
+ * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
+ (bmo#1188010, bmo#1204061, bmo#1204155)
+ Vulnerabilities found through code inspection
+ * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
+ Mixed content WebSocket policy bypass through workers
+ * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
+ (bmo#1202868, bmo#1205157)
+ NSS and NSPR memory corruption issues
+ (fixed in mozilla-nspr and mozilla-nss packages)
+- requires NSPR >= 4.10.10 and NSS >= 3.19.4
+- removed obsolete patches
+ * mozilla-icu-strncat.patch
+- fixed build with enable-libproxy (bmo#1220399)
+ * mozilla-libproxy.patch
+
+-------------------------------------------------------------------
Old:
----
l10n-2.38.tar.bz2
mozilla-icu-strncat.patch
seamonkey-2.38-source.tar.bz2
New:
----
l10n-2.39.tar.bz2
mozilla-libproxy.patch
seamonkey-2.39-source.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ seamonkey.spec ++++++
--- /var/tmp/diff_new_pack.c2FHtr/_old 2015-11-08 14:36:37.000000000 +0100
+++ /var/tmp/diff_new_pack.c2FHtr/_new 2015-11-08 14:36:37.000000000 +0100
@@ -60,9 +60,9 @@
%endif
Provides: web_browser
Provides: browser(npapi)
-Version: 2.38
+Version: 2.39
Release: 0
-%define releasedate 2015092600
+%define releasedate 2015110400
Summary: The successor of the Mozilla Application Suite
License: MPL-2.0
Group: Productivity/Networking/Web/Browsers
@@ -84,8 +84,8 @@
Patch4: mozilla-ntlm-full-path.patch
Patch5: mozilla-ua-locale.patch
Patch6: mozilla-no-stdcxx-check.patch
-Patch7: mozilla-icu-strncat.patch
-Patch8: mozilla-openaes-decl.patch
+Patch7: mozilla-openaes-decl.patch
+Patch8: mozilla-libproxy.patch
Patch100: seamonkey-ua-locale.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /bin/sh coreutils
@@ -112,9 +112,9 @@
%global __find_provides %provfind
# the following conditions are always met in Factory by definition
# so using %opensuse_bs is secure for now
-BuildRequires: mozilla-nspr-devel >= 4.10.8
+BuildRequires: mozilla-nspr-devel >= 4.10.10
PreReq: mozilla-nspr >= %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
-BuildRequires: mozilla-nss-devel >= 3.19.2
+BuildRequires: mozilla-nss-devel >= 3.19.4
PreReq: mozilla-nss >= %(rpm -q --queryformat '%{VERSION}' mozilla-nss)
%description
++++++ compare-locales.tar.bz2 ++++++
++++++ create-tar.sh ++++++
--- /var/tmp/diff_new_pack.c2FHtr/_old 2015-11-08 14:36:37.000000000 +0100
+++ /var/tmp/diff_new_pack.c2FHtr/_new 2015-11-08 14:36:37.000000000 +0100
@@ -2,8 +2,8 @@
CHANNEL="release"
BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="SEAMONKEY_2_38_RELEASE"
-VERSION="2.38"
+RELEASE_TAG="SEAMONKEY_2_39_RELEASE"
+VERSION="2.39"
echo "cloning $BRANCH..."
hg clone http://hg.mozilla.org/$BRANCH seamonkey
++++++ l10n-2.38.tar.bz2 -> l10n-2.39.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/seamonkey/l10n-2.38.tar.bz2 /work/SRC/openSUSE:Factory/.seamonkey.new/l10n-2.39.tar.bz2 differ: char 11, line 1
++++++ mozilla-libproxy.patch ++++++
# HG changeset patch
# User Wolfgang Rosenauer