Changelog:
SeaMonkey-specific changes
Download progress is now shown in the Mac OS X app dock icon.
EXIF orientation is now being used when displaying attached images in MailNews.
"This folder is being processed... to get messages." alerts on active MailNews folders now identify the account or folder.
MailNews notifications have a new look.
See the changes page for a more complete overview.
Mozilla platform changes
All plugins, with the exception of recent Flash plugins, now default to click-to-play.
The password manager now supports script-generated password fields.
Support for H.264 on Linux is now available if the appropriate GStreamer plugins are installed.
Support for MP3 decoding on Windows XP has been added, completing MP3 support across Windows OS versions.
The CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec.
There is no longer a prompt when websites use appcache.
Support for the CSS image orientation property has been added.
IndexedDB can now be used as an "optimistic" storage area so it does not require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage.
When displaying a standalone images, the EXIF orientation information contained within the JPEG image is now matched (bug 298619).
Page load times have been improved due to no longer decoding images that are not visible (bug 847223).
Support for the AudioToolbox MP3 backend has been added on Mac OS X (bug 914479).
Fixed several stability issues.
Fixed in SeaMonkey 2.23
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
* Add mozilla-chatzilla option for chatzilla (and some JavaScript
development tools, I cannot separate them.)
Changelog:
Fixed in SeaMonkey 2.22.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
* Add forgotten patch for NetBSD's cpuset(3), fix build
* Use __fstat50 etc instead of fstat on NetBSD. Based on martin@'s patch
for firefox 27.0.
Restore session is recovered on NetBSD/amd64.
Changelog:
SeaMonkey-specific changes
Sorting messages by date can now be configured to look at the thread root instead of the newest message in it (pref: mailnews.sort_threads_by_root).
Plugins doorhangers now allow to activate different plugin types independently.
The proxy popup is now also available from the MailNews main window.
A new Recipients column has been added that shows all recipients (To, CC, BCC).
The default HTML5 audio/video player controls allow to change the playback rate now.
A "Validate this page" entry has been added to Tools/Web Development.
The Firefox devtools debugger can now be used to debug SeaMonkey remotely.
See the changes page for a more complete overview.
Mozilla platform changes
Web Audio support has been added.
CSS3 background-attachment:local support to control background scrolling has been implemented.
Many new ES6 functions have been implemented.
iframe document content can now be specified inline.
Fixed several stability issues.
Fixed in SeaMonkey 2.22
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
pax -rw, the destination directory must exist. pax in NetBSD creates it if
not, pax in MirBSD complains. I read through all pkgsrc Makefiles that use
pax and added an entry to INSTALLATION_DIRS, or an INSTALL_DATA_DIR
invocation.
I did not test all the changes but they should be fairly safe. If you notice
any breakage because of this change, please contact me.
Changelog:
SeaMonkey-specific changes
Implemented an option to thread messages received by date.
Allowed deletion of news posts by default.
Implemented optional taskbar preview-per-tab.
Added support (permission prompt) for desktop notifications.
Added Isn't operator for searching by Priority.
See the changes page for a more complete overview.
Mozilla platform changes
Support for new scrollbar style on Mac OS X 10.7 and newer.
Accessibility related improvements on using pinned tabs (bug 577727).
Major SVG rendering improvements around Image tiling and scaling (bug 600207).
Removed support for sherlock files that are loaded from application or profile directory.
Support for W3C touch events disabled (bug 888304).
Fixed several stability issues.
Fixed in SeaMonkey 2.21
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
* Merge SunOS patches from www/firefox.
Changelog:
SeaMonkey-specific changes
The Content Security Policy (CSP) 1.0 parser has been enabled.
The Mixed Content Blocker has been enabled, blocking insecure active content loads on HTTPS pages.
New mail alert information can be customized now (Preferences/Mail & Newsgroups/Notifications).
A confirmation prompt has been introduced to protect against accidental permanent data loss when force-deleting messages using Shift+Del.
MailNews Save As Template supports multiple selections now.
The size on disk is now shown for newsgroup folders.
See the changes page for a more complete overview.
Mozilla platform changes
Added support for scrollbar style in Mac OS X 10.7 and newer.
Enabled mixed content blocking to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more).
Improved about:memory's functional UI.
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding.
Simplified interface for notifications of plugin installation.
Enabled users to switch the search provider across the entire browser.
CSP policies using the standard syntax and semantics will now be enforced.
Implemented the HTML5 <input type="range"> form control.
Added unprefixed requestAnimationFrame.
Dropped blink effect from CSS rule text-decoration:blink and completely removed <blink> element.
Fixed several stability issues.
Fixed in SeaMonkey 2.20
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
* Update enigmail to 1.5.2.
Changelog:
SeaMonkey-specific changes
Mark -> As Read now checks the state of all selected messages instead of only the first one's.
Notifications for mixed content blocker have been implemented.
A new 3rd-party cookie restriction to visited websites option has been added to the Cookies pref pane.
The context menu Search option is now available for textareas and input fields.
Website storage mechanisms are now available in the Data Manager (localStorage, indexedDB, etc.).
"Open Containing Folder" is now already available during download.
See the changes page for minor changes.
Mozilla platform changes
asm.js optimizations (OdinMonkey) have been enabled for major performance improvements.
Improved WebGL rendering performance through asynchronous canvas updates.
Plain text files displayed within the browser will now word-wrap.
For user security, the Components object is no longer accessible from web content.
Improved memory usage and display time when rendering images.
The Pointer Lock API can now be used outside of fullscreen.
CSS3 Flexbox has been implemented and enabled by default.
The new Web Notifications API has been implemented.
Added clipboardData API for JavaScript access to a user's clipboard.
Support for new HTML5 <data> and <time> elements has been added.
Fixed several stability issues.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
* Use common files for www/firefox.
SeaMonkey-specific changes
Basic Private Browsing support has been added (experimental for now).
Added support for safe browsing which blocks potentially malicious websites reported as attack sites (malware) or web forgeries (phishing).
Information like preview text, subject and sender can be shown in new mail notifications now.
See the changes page for minor changes.
Mozilla platform changes
CSS -moz-user-select:none selection has been changed to improve compatibility with -webkit-user-select:none (bug 816298).
Applied graphics-related performance improvements (bug 809821).
Removed E4X support from SpiderMonkey.
Added support for the <main> element.
Implemented scoped stylesheets.
Fixed some function keys not working when pressed (bug 833719).
Fixed several stability issues.
* I will check the build on NetBSD 5.2 later...
Changelog:
Continued performance improvements around common browser tasks (page loads, downloads, shutdown, etc.).
Continued implementation of draft ECMAScript 6 (clear() and Math.imul).
<canvas> now supports blend modes.
Various <audio> and <video> improvements have been implemented.
The Details button on the Crash Reporter has been fixed (bug 793972).
Fixed several stability issues.
Fixed in SeaMonkey 2.17
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Fixed in SeaMonkey 2.16.1
MFSA 2013-29 Use-after-free in HTML Editor
* enigmail is broken
Changelog:
SeaMonkey-specific changes
Reply to List is now supported.
SSL-related warning prompts (leaving or entering a secure site, viewing mixed content) have been replaced by less intrusive, non-modal notification bars.
See the changes page for minor changes.
Mozilla platform changes
Image quality has been improved through a new HTML scaling algorithm.
Canvas elements can export their content as an image blob using canvas.toBlob() now.
CSS @page is now supported.
CSS viewport-percentage length units have been implemented (vh, vw, vmin and vmax).
CSS text-transform now supports full-width.
Fixed several stability issues.
Fixed in SeaMonkey 2.16
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
* Remove or modify some patches that is obsolete or fixed in another way
like devel/xulrunner.
Changelog:
Fixes in 2.15.2
Applications could not be removed from the "Application details" dialog under Preferences, Helper Applications (bug 826771).
View / Message Body As could show menu items out of context (bug 831348).
Fixes in 2.15.1
Problems involving HTTP proxy transactions have been fixed (bug list).
The Unity player crashed on Mac OS X (bug 828954).
* Use Lightning in seamonkey tar ball, 2.0pre.
Changelog:
SeaMonkey-specific changes
SeaMonkey can be set as default client/browser on Mac and Linux now.
See the changes page for minor changes.
Mozilla platform changes
The new IonMonkey compiler improves JavaScript performance.
Preliminary support for WebRTC has been added.
Image quality has been improved through a new HTML scaling algorithm.
CSS3 Flexbox has been implemented.
Support for new DOM property window.devicePixelRatio has been added.
Support for @supports has been added (disabled for now).
Startup time has been improved through smart handling of signed extension certificates.
HTML5: Support for W3C touch events has been implemented, taking the place of MozTouch events
Insecure content loading has been disabled on HTTPS pages (see bug 62178).
Responsiveness for users on proxies has been improved.
Fixed several stability issues.
Fixed in SeaMonkey 2.15
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Changelog:
The Select Addresses dialog came up blank if opened from a Compose window with a single To/Cc/Bcc field filled in (bug 814770).
A change to the User Agent string has been reverted since it caused some website incompatibilities (bug 816749).
Information failed to show on the message header pane under certain circumstances (bug 803322).
The display quality of fonts could be perceived as bad when Cleartype was turned off on Windows (bug 814101).
The permissions database was not read completely if it included an invalid entry (bug 814554).
* Patches are synced with xulrunner-17.0, and regen patches
* Update Mozilla Lightning to 1.9
Changelog:
SeaMonkey-specific changes
None (see changes page for minor changes).
Mozilla platform changes
OS X 10.6 is now the minimum supported Mac version.
JavaScript Maps and Sets are now iterable.
SVG FillPaint and StrokePaint have been implemented.
The sandbox attribute has been implemented for iframes, enabling increased security.
Fixed several stability issues.
Security fixes
Fixed in SeaMonkey 2.14
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
* Update enigmail to 1.4.5
* Update Mozilla Lightning to 1.8
Changelog:
SeaMonkey-specific changes
None.
Mozilla platform changes
JavaScript responsiveness has been improved through incremental garbage collection.
CSS3 Animations, Transitions, Transforms and Gradients have been unprefixed.
MD5 is no longer supported as a hash algorithm in digital signatures.
The Opus codec is now support by default.
The reverse CSS3 animation direction has been implemented.
Per tab reporting is now available in about:memory.
Fixed several stability issues.
* Update Mozilla Lightning to 1.7
* Update Enigmail to 1.4.4 (functionality is not tested yet; should
be updated)
* Regen patches
Changelog:
SeaMonkey-specific changes
None.
Mozilla platform changes
Added support for SPDY networking protocol v3.
Implemented WebGL enhancements, including compressed textures for better performance.
Optimized memory usage for add-ons.
Implemented the CSS word-break property.
Implemented high precision event timer.
HTML5: Added native support for the Opus audio codec.
HTML5: Added support for the source element media attribute.
HTML5: Added support for the audio element and video element played attribute.
Fixed several stability issues.
Fixed in SeaMonkey 2.12
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
* Use Lightning 1.6 release
* Enigmail is not tested fully
Changelog: from http://www.seamonkey-project.org/releases/seamonkey2.11/
SeaMonkey-specific changes
A click-to-play option (off by default for now) has been implemented for plugins.
Mozilla platform changes
The Pointer Lock API has been implemented.
A new API to prevent your display from sleeping is available.
New text-transform and font-variant CSS improvements have been made for Turkic languages and Greek.
Fixed several stability issues.
Changelog: from http://www.seamonkey-project.org/releases/seamonkey2.10/
SeaMonkey-specific changes
The domain name is highlighted in the location bar by default now, configurable in Preferences.
The amount of tabs to be restored concurrently can be configured in Preferences now.
News username and password auth dialogs have been combined and show for which server the prompt is now.
Mozilla platform changes
The new minimum supported Windows version is now XP SP2, Windows 2000 support has been dropped.
The SPDY protocol now enabled by default for faster browsing on supported sites
The column-fill CSS property has been implemented.
Experimental support for ECMAScript 6 Map and Set objects has been implemented.
Support for the CSS3 background-position property extended syntax has been added.
The :invalid pseudo-class can now be applied to the <form> element.
The CSS turn <angle> unit is now supported.
Fixed several stability issues.
