SeaMonkey 2.53.5 released!

[Edmund Wong]

Greetings,

The SeaMonkey Project is pleased to announce the release of SeaMonkey
2.53.5. While it was actually released on the 14th, I've only
gotten the chance of posting this today. My apologies.

So please check out [1] or [2].

Further to note that due to some issues(I would believe bugs, though I
am hand-waving the details), the team is now preparing to get 2.53.1
out.

Thanks to all involved.

Edmund

Links:
[1] - http://www.seamonkey-project.org/releases/2.53.5
[2] - http://www.seamonkey-project.org/releases/seamonkey2.53.5/

[Daniel]

Edmund Wong wrote on 16/11/20 15:23:

> Greetings,
>
> The SeaMonkey Project is pleased to announce the release of SeaMonkey
> 2.53.5. While it was actually released on the 14th, I've only
> gotten the chance of posting this today. My apologies.

That's all right, Edmund! We'll just dock half the wages you receive
from the SeaMonkey Project for the delay! ;-P

> So please check out [1] or [2].
>
> Further to note that due to some issues(I would believe bugs, though I
> am hand-waving the details), the team is now preparing to get 2.53.1
> out.

Really?? You're giving us SM 2.53.5 .... but you're just getting ready
to release SM 2.53.1?? Really?? ;-P

> Thanks to all involved.
>
> Edmund
>
> Links:
> [1] - http://www.seamonkey-project.org/releases/2.53.5
> [2] - http://www.seamonkey-project.org/releases/seamonkey2.53.5/

Thanks to the whole team for your ongoing efforts!!
--
Daniel

Win7 User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0)
Gecko/20100101 SeaMonkey/2.49.5 Build identifier: 20190609032134

Linux User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0)
Gecko/20100101 SeaMonkey/2.49.1 Build identifier: 20171015235623

[Frank-Rainer Grahl]

Daniel wrote:
> Edmund Wong wrote on 16/11/20 15:23:
>> Greetings,
>>
>> The SeaMonkey Project is pleased to announce the release of SeaMonkey
>> 2.53.5.  While it was actually released on the 14th, I've only
>> gotten the chance of posting this today.  My apologies.
>
> That's all right, Edmund! We'll just dock half the wages you receive from the
> SeaMonkey Project for the delay! ;-P
>
>> So please check out [1] or [2].
>>
>> Further to note that due to some issues(I would believe bugs, though I
>> am hand-waving the details), the team is now preparing to get 2.53.1
>> out.
>
> Really?? You're giving us SM 2.53.5 .... but you're just getting ready to
> release SM 2.53.1?? Really?? ;-P
>
>> Thanks to all involved.
>>
>> Edmund
>>
>> Links:
>> [1] - http://www.seamonkey-project.org/releases/2.53.5
>> [2] - http://www.seamonkey-project.org/releases/seamonkey2.53.5/
>
> Thanks to the whole team for your ongoing efforts!!

2.53.5.1 will basically add some preliminary support for macOS Big Sur (might
fully work might not) and correct av1 detection. The last one is a minor issue
and everyone should update to 2.53.5 till 2.53.5.1 is ready.

FRG

[Dirk Fieldhouse]

SM 2.53.5 Linux x86 seems significantly more stable than previous
releases going back several years. A malloc() return being checked that
wasn't before?

Many thanks
/df

--
London
UK

[Dirk Fieldhouse]

The UA string claims FF60 but the Array method values() that is
available in FF60 is still missing.

This polyfill definition is provided in the MDN page:

Array.prototype.values = function () {
return this[Symbol.iterator]();
};

I suppose it wouldn't be too hard to put this in the .2 or so release?

Or enable the code from
<https://bugzilla.mozilla.org/show_bug.cgi?id=1420101> that was removed
because of a bug in Microsoft Dynamics?

The bug text also offers a more sophisticated polyfill:

Object.defineProperty(Array.prototype, "values",
Object.getOwnPropertyDescriptor(Array.prototype, Symbol.iterator));

/df

--
London
UK

[Frank-Rainer Grahl]

This is already in 2.53.6b1 pre. Added late in the game and found it too risky
for 2.53.5 without much testing.

FRG

[jcteyssier]

Edmund Wong a écrit :

Updated on 3 computers: works well as expected.
I do not see any difference with previous one (2.53.4)

[Stanimir Stamenkov]

Mon, 16 Nov 2020 12:23:46 +0800, /Edmund Wong/:

> [1] - http://www.seamonkey-project.org/releases/2.53.5

Just want to get a confirmation it is likely a false positive:

Windows 10 (Windows Defender/Security) flags the installer
(seamonkey-2.53.5.en-US.win64.installer.exe) to contain "Potentially
Unwanted Software": PUA:Win32/Caypnamer.A!ml

Are others on Windows 10 getting this?

--
Stanimir

[Frank-Rainer Grahl]

Donwloaded again and compared with the one I did get directly from the build
server. 100% identical. After building I installed it in several of my Windows
10 vms and two laptops without Windows defender making even a little beep. Has
now been a few days ago but looks like a 99.99999% false positive.

SHA256: fb546afd5d674e69a717a2d742c7b507c585a818ce2f025637d49da917d0be0c
*seamonkey-2.53.5.en-US.win64.installer.exe

FRG

[NFN Smith]

Frank-Rainer Grahl wrote:
>>
>> Are others on Windows 10 getting this?
>>
>
> Donwloaded again and compared with the one I did get directly from the
> build server. 100% identical. After building I installed it in several
> of my Windows 10 vms and two laptops without Windows defender making
> even a little beep. Has
> now been a few days ago but looks like a 99.99999% false positive.
>
> SHA256: fb546afd5d674e69a717a2d742c7b507c585a818ce2f025637d49da917d0be0c
> *seamonkey-2.53.5.en-US.win64.installer.exe

For what it's worth, I took my own download of that file (taken from the
normal location at
https://archive.mozilla.org/pub/seamonkey/releases/2.53.5/win64/en-US/
), and I confirm the same SHA256 value.

I submitted to https://www.virustotal.com/gui/ . On scanning,
VirusTotal confirms the same SHA256 value, and reports all-clean reports
from 71 scanners (including Microsoft), although it reports that Cylance
considers the file to be unsafe.

The only time I've ever heard of Cylance is when using VirusTotal, and
if I recall, their scanner tends to be exceptionally aggressive, and
where they're more likely to flag things that nearly every other scanner
considers to be clean.

I consider that consensus to be overwhelming, and where the response I
see with Cylance, and what was reported with Microsoft to be false
positives.

Smith

[Stanimir Stamenkov]

Wed, 18 Nov 2020 20:03:47 +0100, /Frank-Rainer Grahl/:

The SHA256 sum I'm getting locally is the just the same but I'm getting
the threat flag consistently. Anyway I'm going to ignore it. Thanks
for providing additional insurance for it. Windows Defender seems very
obscure on what and how it's doing.

--
Stanimir

[Ant]

Is there a way to report its false positive since it's new and not a
popular file? I remember when Norton did this too in the past.
--
Life's so loco! ..!.. *isms, sins, hates, (d)evil, z, tiredness, my
body, illnesses (e.g., COVID-19 & SARS-CoV-2), deaths (RIP), heat,
interruptions, issues, conflicts, obstacles, stresses, fires,
out(r)ages, dramas, unlucky #4, 2020, greeds, bugs (e.g., crashes &
female mosquitoes), etc. D: Note: A fixed width font (Courier,
Monospace, etc.) is required to see this signature correctly.
/\___/\ http://aqfl.net & http://antfarm.home.dhs.org
/ /\ /\ \
| |o o| | Axe ANT from its address if shown & e-mailing privately.
\ _ / Please kindly use Ant nickname & URL/link if crediting.
( )

[Stanimir Stamenkov]

Wed, 18 Nov 2020 12:16:12 -0800, /Ant/:

> On 11/18/2020 11:54 AM, Stanimir Stamenkov wrote:
>> Wed, 18 Nov 2020 20:03:47 +0100, /Frank-Rainer Grahl/:
>>> Stanimir Stamenkov wrote:
>>>> Mon, 16 Nov 2020 12:23:46 +0800, /Edmund Wong/:
>>>>
>>>>> [1] - http://www.seamonkey-project.org/releases/2.53.5
>>>>
>>>> Just want to get a confirmation it is likely a false positive:
>>>>
>>>> Windows 10 (Windows Defender/Security) flags the installer
>>>> (seamonkey-2.53.5.en-US.win64.installer.exe) to contain "Potentially
>>>> Unwanted Software": PUA:Win32/Caypnamer.A!ml
>>>>
>>>> Are others on Windows 10 getting this?
>>>
>>> Donwloaded again and compared with the one I did get directly from
>>> the build server. 100% identical. After building I installed it in
>>> several of my Windows 10 vms and two laptops without Windows defender
>>> making even a little beep. Has now been a few days ago but looks like
>>> a 99.99999% false positive.
>>>
>>> SHA256:
>>> fb546afd5d674e69a717a2d742c7b507c585a818ce2f025637d49da917d0be0c
>>> *seamonkey-2.53.5.en-US.win64.installer.exe
>>
>> The SHA256 sum I'm getting locally is the just the same but I'm
>> getting the threat flag consistently.  Anyway I'm going to ignore it.
>> Thanks for providing additional insurance for it.  Windows Defender
>> seems very obscure on what and how it's doing.
>
> Is there a way to report its false positive since it's new and not a
> popular file? I remember when Norton did this too in the past.

Not seeing an option here:

https://i.imgur.com/gqYTGtM.png

I've been previously presented with such an option – to indicate online
(on some Microsoft site) I'm trusting the source of a particular
application which is unknown (and not digitally signed) to some
Microsoft online screening service (don't remember the name but it's
built-in to Windows).

--
Stanimir

[Frank-Rainer Grahl]

It says exe.part. Not sure if the rename to .exe failed when you downloaded
the version and this is the problem you see.

FRG

[Ant]

*.part is an incomplete download. Did you let it finish to 100%?

[Stanimir Stamenkov]

Wed, 18 Nov 2020 21:52:47 +0100, /Frank-Rainer Grahl/:

> Stanimir Stamenkov wrote:
>> Wed, 18 Nov 2020 12:16:12 -0800, /Ant/:
>>

>>> Is there a way to report its false positive since it's new and not a
>>> popular file? I remember when Norton did this too in the past.
>>
>> Not seeing an option here:
>>
>> https://i.imgur.com/gqYTGtM.png
>>
>> I've been previously presented with such an option – to indicate
>> online (on some Microsoft site) I'm trusting the source of a
>> particular application which is unknown (and not digitally signed) to
>> some Microsoft online screening service (don't remember the name but
>> it's built-in to Windows).
>
> It says exe.part. Not sure if the rename to .exe failed when you
> downloaded the version and this is the problem you see.

It says it for both:

https://i.imgur.com/3LRE1aA.png

There's no .part file existing anymore. Nothing's failed, just detected
it a bit earlier while downloading previously.

--
Stanimir

[Stanimir Stamenkov]

Thu, 19 Nov 2020 01:31:06 -0800, /Ant/:

> On 11/18/2020 12:39 PM, Stanimir Stamenkov wrote:
>

>> https://i.imgur.com/gqYTGtM.png

>
> *.part is an incomplete download. Did you let it finish to 100%?

Yes, I've even installed it. If you notice I've already posted that
link with:

Date: Wed, 18 Nov 2020 22:39:31 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0)
Gecko/20100101 SeaMonkey/2.53.5

--
Stanimir

[Frank-Rainer Grahl]

And now you can install 2.52.5.1 and enjoy better/working av1 deteaction and a
security fix :)

FRG

[Stanimir Stamenkov]

Thu, 19 Nov 2020 20:33:25 +0100, /Frank-Rainer Grahl/:

> And now you can install 2.52.5.1 and enjoy better/working av1 deteaction
> and a security fix :)

Yep, and the 2.53.5.1 installer doesn't trigger the same threat warning.
Thank you very much.

> Stanimir Stamenkov wrote:
>> Thu, 19 Nov 2020 01:31:06 -0800, /Ant/:
>>> On 11/18/2020 12:39 PM, Stanimir Stamenkov wrote:
>>>
>>>> https://i.imgur.com/gqYTGtM.png
>>>
>>> *.part is an incomplete download. Did you let it finish to 100%?
>>
>> Yes, I've even installed it.  If you notice I've already posted that
>> link with:
>>
>> Date: Wed, 18 Nov 2020 22:39:31 +0200
>> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0)
>> Gecko/20100101 SeaMonkey/2.53.5

--
Stanimir

[Steve Wendt]

On 11/19/2020 11:33 AM, Frank-Rainer Grahl wrote:

> install 2.52.5.1 and enjoy better/working av1 deteaction

Speaking of detection - any idea why html5test.com thinks WebP is not
supported? It also says No for Firefox, so this is not a SeaMonkey
issue (it says Yes for Chrome, so it's detecting something differently).

And yes, WebP samples display just fine:
https://developers.google.com/speed/webp/gallery1

[Frank-Rainer Grahl]

A few things wrt html headers are missing. Was a bit murky to implement and
needs more time. Given that we had added a lot of stuff to 2.53.5 and 2.53.6
has a bunch of new stuff mostly in the build area too I don't think new
changes for this minor issue will make it into the next release.

Personally I am not impressed by the format. Looks impressive on paper only. I
doubt anyone other than google needs it in the real world and they are now
already working on webp2.

As you pointed out pages with webp work and other might just serve you an
alternate format and work too.

FRG

[Dirk Fieldhouse]

On 20/11/2020 09:22, Frank-Rainer Grahl wrote:
> Steve Wendt wrote:
>...>

>>
>> Speaking of detection - any idea why html5test.com thinks WebP is not
>> supported?  It also says No for Firefox, so this is not a SeaMonkey
>> issue (it says Yes for Chrome, so it's detecting something differently).

>...>
The test for Custom Elements looks for document.registerElement(), which
is deprecated, and was supposed to be dropped from Chrome in February.
This may give an idea of the quality of the tests.

Perhaps a new site html5testtest.com is needed?

/df

--
London
UK

[🐴 Mr. Ed 🐴]

The long list of "Know Issues" for 2.53.5 will keep me from upgrading.
https://www.seamonkey-project.org/releases/seamonkey2.53.5/

-- 
"This is America!  You can't make a horse
 testify against himself!"          -Mister Ed

[Frank-Rainer Grahl]

🐴 Mr. Ed 🐴 wrote:
> On 11/15/2020 11:23 PM, Edmund Wong wrote:
>> Greetings,
>>
>>

>> Links:
>> [1] -http://www.seamonkey-project.org/releases/2.53.5
>> [2] -http://www.seamonkey-project.org/releases/seamonkey2.53.5/

>>
> The long list of "Know Issues" for 2.53.5 will keep me from upgrading.
> https://www.seamonkey-project.org/releases/seamonkey2.53.5/
>

Yes all deal breakers. Don't upgrade. The world might explode if a tab is not
opened in the background from the bookmarks.2.49.5 was the last stable version
ever! Wonder why I even care about later ones.

FRG

[Don Spam's Reckless Son]

It took OpenSuse until 10 days ago before they finally released a 2.53.x
version via the standard repositories (their Mozilla Test repository has
been kept current since around 21 April) and the reason for that was
that there was apparently a loss of functionality between the last
2.49.x level and the 2.53.x line.
Of course that does not explain why they stuck at 2.49.4 rather than 2.49.5.
This mattered to me because:
- a new version of OpenSuse Leap was released with 2.49.4
- the update process (I think) changed the default for html from Firefox
to Seamonkey so opening an html page nuked my (migrated) Seamonkey profile.
At least that happened on my test machine so no real data was lost.

--
spammo ergo sum, viruses courtesy of https://www.nsa.gov/malware/

[Steve Wendt]

On 11/20/2020 1:22 AM, Frank-Rainer Grahl wrote:

> Personally I am not impressed by the format. Looks impressive on paper
> only. I doubt anyone other than google needs it in the real world and
> they are now already working on webp2.

I found this nice article a while back:
https://siipo.la/blog/is-webp-really-better-than-jpeg

[Steve Wendt]

On 11/20/2020 4:01 AM, Dirk Fieldhouse wrote:

>>> Speaking of detection - any idea why html5test.com thinks WebP is not
>>> supported?  It also says No for Firefox, so this is not a SeaMonkey
>>> issue (it says Yes for Chrome, so it's detecting something differently).
>

> The test for Custom Elements looks for document.registerElement(), which
> is deprecated, and was supposed to be dropped from Chrome in February.
> This may give an idea of the quality of the tests.
>
> Perhaps a new site html5testtest.com is needed?

Thanks for the insight; I have noticed the website hasn't been
maintained for a while now. It does still provide some interesting
info, though.

[Frank-Rainer Grahl]

Don Spam's Reckless Son wrote:
>
> It took OpenSuse until 10 days ago before they finally released a 2.53.x
> version via the standard repositories (their Mozilla Test repository has been
> kept current since around 21 April) and the reason for that was that there was
> apparently a loss of functionality between the last 2.49.x level and the
> 2.53.x line.

Yes what was the loss of functionality? It't can't be bigger/greater than Fx
52 to 57 or higher. I know they had compile problmes. IanN even gave up trying
to build a test release under OpenSuse.

> Of course that does not explain why they stuck at 2.49.4 rather than 2.49.5.
> This mattered to me because:
> - a new version of OpenSuse Leap was released with 2.49.4
> - the update process (I think) changed the default for html from Firefox to
> Seamonkey so opening an html page nuked my (migrated) Seamonkey profile.
> At least that happened on my test machine so no real data was lost.

Profiles were always in different locations. Changing default browsers should
never inflict a profile loss. If this was the case it was not an official
release doing this and that is what I talk about. The official release works
fine on OpenSuse because that was what I run on my backup server.

There is really one obstacle and that is migration from pre 2.53.x to the
later nss with a master password in place. That is basically why the backup
profile before upgrading warning is still in place. Andthere may be problmes
with ancient add-ons and themes too. It can't be helped. Either someone
updates them or they are gone.

There may be reasons to stay on an older release but citing the growing list
of known problems is just laughable. Older releases had far more problems.

That said everyone can do what he/she wants.

FRG

[Frank-Rainer Grahl]

Yes I read this too and agree. But I don't think it is even worth it for small
images.

Personally I think compression level has reached a peak. Everything you do now
compromises quality in some way.

Still using good old zip too. Compression is not that good but very convenient
to have something which works on almost every system out of the box. Same with
gif, png and jpeg. If something comes around which does this we can talk
again. webp and almost anything developed by google isn't it. Unfortunately
needs to be supported to an extent too.

FRG (backwards yokel)

[Don Spam's Reckless Son]

Frank-Rainer Grahl wrote:
> Don Spam's Reckless Son wrote:
>>
>> It took OpenSuse until 10 days ago before they finally released a
>> 2.53.x version via the standard repositories (their Mozilla Test
>> repository has been kept current since around 21 April) and the reason
>> for that was that there was apparently a loss of functionality between
>> the last 2.49.x level and the 2.53.x line.
>
> Yes what was the loss of functionality? It't can't be bigger/greater
> than Fx 52 to 57 or higher. I know they had compile problmes. IanN even
> gave up trying to build a test release under OpenSuse.
>
>> Of course that does not explain why they stuck at 2.49.4 rather than
>> 2.49.5.
>> This mattered to me because:
>> - a new version of OpenSuse Leap was released with 2.49.4
>> - the update process (I think) changed the default for html from
>> Firefox to Seamonkey so opening an html page nuked my (migrated)
>> Seamonkey profile.
>> At least that happened on my test machine so no real data was lost.
>
> Profiles were always in different locations. Changing default browsers
> should never inflict a profile loss. If this was the case it was not an
> official release doing this and that is what I talk about. The official
> release works fine on OpenSuse because that was what I run on my backup
> server.

Before Upgrade: 2.53.3 (at a guess, or maybe 2.53.2)
After Upgrade: 2.49.4
This was an upgrade of OpenSuse, "before" used their test repository,
"after" did not. What could possibly go wrong?

>
> There is really one obstacle and that is migration from pre 2.53.x to
> the later nss with a master password in place. That is basically why the
> backup profile before upgrading warning is still in place. Andthere may
> be problmes with ancient add-ons and themes too. It can't be helped.
> Either someone updates them or they are gone.
>
> There may be reasons to stay on an older release but citing the growing
> list of known problems is just laughable. Older releases had far more
> problems.
>

I have seen no missing functionality since upgrading to 2.53.4, but it
was the reason cited when we asked what the holdup was. There have been
a couple of "issues" with "save as" not working as before (or in one
case, at all) but Nuno Silva pointed me at the solution to the worst
variation.

> That said everyone can do what he/she wants.
>
> FRG

[Geoff Welsh]

what types of computers? OS? version?

[jcteyssier]

Geoff Welsh a écrit :

All computers with W10 pro
1 work laptop computer with professional profil (on local disc) and
personal profil (on network disk on nas at home): i swithch between the
two profiles as needed when working from home (no access to nas when
oustide of home).

1 personal laptop computer (old but still usefull thinkpad T61) with
personal profil located on home nas.

1 personal destrop computer with same personal prilfile than the two
above on nas.

Jean-Charles

[jcteyssier]

Geoff Welsh a écrit :

Forget:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101

Firefox/60.0 SeaMonkey/2.53.5.1
FR version

[jcteyssier]

Frank-Rainer Grahl a écrit :

Still sometimes using .zip but from some years i prefer .7z files: in
the past have problems with .zip (loss of empty folders: zip does not
add it if empty and some software look at folder presence and not at
what is inside). This occur with some zip tools but not others; since i
can not now the used tool for the received files it is risky for my usage.
7zip well configured gives smaller file (better compression) with no
loss AND it add to top folder (zip does not by default) and this is what
i want.

Jean-Charles

[Frank-Rainer Grahl]

Don Spam's Reckless Son wrote:
> Frank-Rainer Grahl wrote:
>> Don Spam's Reckless Son wrote:
>>>
>
> Before Upgrade: 2.53.3 (at a guess, or maybe 2.53.2)
> After Upgrade: 2.49.4
> This was an upgrade of OpenSuse, "before" used their test repository, "after"
> did not.  What could possibly go wrong?
>

Something only the openSuse maintainers can answer. The official versions
never did it. Wonder if the profile was really lost or just downleveled.
Usually results in bookmarks restored from the latest backup and stored
passwords no longer there among other things.

Well anyway should not happen with any future 2.53.x releases. 257 will be
"fun" again but still not ready by a mile.

FRG

[Don Spam's Reckless Son]

It was not the maintainer - or his predecessor - both were on board.
Once I saw that the passwords were gone I did not check for further ways
it was damaged, it was only a copy of my "real" profile which was on
another machine and I was more interested in the fact that the new
OpenSuse level contained the old Seamonkey level.