Change log for thunderbird package in Debian
| 226 → 229 of 229 results | First • Previous • Next • Last |
| Superseded in stretch-release |
thunderbird (1:52.4.0-1~deb9u1) stretch-security; urgency=medium
[ Carsten Schoenert ]
* Rebuild for stretch-security
[ Guido Günther ]
* [da3c5cc] Simplify endianness selection for ICU
Since we need to build ICU on the various Debian releases we
need to ensure the architecture detection isn't to strict.
Thanks Guido for helping out here!
[ Carsten Schoenert ]
* [47748ca] debian/control: be more relaxed on Breaks for enigmail
* [6a54666] thunderbird-wrapper: fix small typo in help output
A small typo was happen in the example call with the JS console.
* [6d5266e] README.Debian: update info around tls fallback-limit
The default behavior on the TLS fallback has changed some
versions ago, document this accordingly.
* [24ad883] debian/control: change maintainer
Thanks Christoph for the work over the past years!
* [c78200e] debian/control: move src pkg name to thunderbird
By this version we move the source package name also back to
thunderbird. This follows the changes that are already made to
the binary package names and we can call the source package now
also again thunderbird.
(Closes: #857075)
* [c26133d] debian/gbp.conf: rename components to real used names
Due the changes of the source package the names for the
sub-folders within the additional tarballs can also be changed
to be closer on the real upstream used names.
* [a5ce4f7] New upstream version 52.4.0
(Closes: #878845, #878870)
Fixed CVE issues in upstream version 52.0 (MFSA 2017-23)
CVE-2017-7793: Use-after-free with Fetch API
CVE-2017-7818: Use-after-free during ARIA array manipulation
CVE-2017-7819: Use-after-free while resizing images in design mode
CVE-2017-7824: Buffer overflow when drawing and validating elements with
ANGLE
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
CVE-2017-7814: Blob and data URLs bypass phishing and malware protection
warnings
CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters
as spaces
CVE-2017-7823: CSP sandbox directive did not create a unique origin
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4,
and Thunderbird 52.4
* [104b4e5] rebuild patch queue from patch-queue branch
* [d63662a] lintian: move oldlibs/extra -> oldlibs/optional
By moving all transitional package to oldlibs/optional we can
help deborphan to detect better not needed packages.
* [fb56001] d/rules: reflect changes from renamed component tarballs
The additional tarballs are stored in folders which reflect
the upstream names of those components. This also needs to be
respected for the build instructions of the package.
* [61288fb] debian/control: change Vcs* fields due the src name change
Addressing the changed source package name in the Git Vcs urls.
* [ef95ab5] debian/control: increase Standards-Version to 4.1.1
No further changes needed.
* [45e8fe2] apparmor: update profile from upstream
Thanks to Simon Deziel and intrigeri we can simply use the
apparmor profile changes done for the Ubuntu releases.
* [6b1649c] lintian: adding a override for thunderbird-l10n-all
* [ceab93f] debian/README.source: reflect src package name change
-- Carsten Schoenert <email address hidden> Sat, 28 Oct 2017 08:42:05 +0200
| Superseded in sid-release |
thunderbird (1:52.5.0-1) unstable; urgency=high
[ intrigeri ]
* [48e6b65] AppArmor: fix the Crash Reporter and avoid noisy denial logs
(Closes: #880953)
* [ad8b3b5] AppArmor: fix compatibility with NVIDIA hardware
(Closes: #880532)
* [d8ff6b6] Disable the AppArmor profile by default
Due the various side effects by the enabled AppArmor profile in
Thunderbird it's currently better for a user experience we
disabling the AppArmor profile for to not get people get mad with
to many broken things.
Users can always enable the profile by themselves again.
(Closes: #882672)
* [e50eac5] README.Debian: document how to opt-in for AppArmor confinement
* [860d325] README.Debian: document how one can debug the AppArmor profile
[Guido Günther]
* [50a8f60] Drop myself from maintainers
Thank you Guido for always helping out if we had some questions!
[ Carsten Schoenert ]
* [b64509b] New upstream version 52.5.0
Fixed CVE issues in upstream version 52.5 (MFSA 2017-26)
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
and Thunderbird 52.5
* [3166018] thunderbird.links: let thunderbird pointing to thunderbird-bin
(Closes: #856492)
* [6fff70c] [buster] tb-wrapper: searching the correct dbgsym package
* [4763ca6] adding a NEWS file for thunderbird package
Giving a note about the now disabled AppArmor profile.
* [0b9d656] disabling crashreporter for now
Also don't build and ship the Crashreporter any more, it's useless
until we can collect all symbols correctly.
* [a285647] move AppArmor specific things into own README file
Put all AppArmor related information into one dedicated file.
* [5d56439] d/thunderbird.js: prepare a line for extra X-Debbugs-Cc
A really old bug report ... building a compromise and put the
requested extra header config into the configuration file but keep
it deactivated as default.
(Closes: #379304)
-- Carsten Schoenert <email address hidden> Sun, 03 Dec 2017 19:58:57 +0100
| Deleted in experimental-release (Reason: None provided.) |
thunderbird (1:52.4.0-2~exp1) experimental; urgency=medium
[ Carsten Schoenert ]
* [a3e73e9] disable usage of libgnomeui parts
The libgnomeui stuff (only relevant for GTK+2) is deprecated
for a long time and will be removed in buster, and we don't need
this at all.
See https://lists.debian.org/debian-devel/2017/10/msg00299.html
* [9efc5c9] debian/watch: switch to https
* [bd5a635] rebuild patch queue from patch-queue branch
Fixup for [da3c5cc], add ppc64 to the list of BE architectures.
Thanks Adrian Glaubitz for pointing the issue. (Closes: #879270)
* [42f5ab5] apparmor: update profile from upstream (Closes: #876333, #855346)
[ intrigeri ]
* [d7febc8, b026d28] AppArmor: update profile from upstream
(Closes: #880425, #877324)
* [377e7b5] README.Debian: fixing small typo
* [3b0a63a] AppArmor: fix importing public OpenPGP keys from file
(Closes: #880715)
[ Carsten Schoenert ]
* [241690e] d/control: s/Icedove/Thunderbird in desc's for lightning-l10n-*
The lightning-l10n package were still using the name 'Icdeove'
instead of 'Thunderbird'.
* [f17f735] debian/control: moving transitional packages at bottom
* [91f9897] autopkg: adjust icedove to thunderbird depends
Now move over to depend in favor of thunderbird for some of
the autopkg tests.
* [8ae2ad7] autopkg: adjust icedove-dev to thunderbird-dev depends
Doing the same as before for thunderbird-dev as the native
replacement for icedove-dev.
* [fa0134c] bump debhelper >= 10.2.5
* [8752789] debian/rules: try to build extensions reproducible
The two extensions (lightning and calendar-google-provider)
don't build reproducible right now. Trying to fix this by using
the timestamp from the changelog entry for the files. May not
work correctly and we need to tune more.
* [1496368] d/thunderbird.install: also install the fonts folder
Recent versions of Thunderbird needing the font EmojiOne which
isn't provided by any other package.
(Closes: #881299)
The following changes are take effect in removing all transitional packages
related to the old icedove packaging only for buster. We still need all the
transitional packages in wheezy, jessie and stretch!
* [54c8a9b] [buster] remove transitional iceowl-l10n-* packages
* [c338630] [buster] remove Replace, Breaks and Provides for iceowl-l10n-*
* [4311683] [buster] remove transitional icedove-l10n-* packages
* [f6e3a01] [buster] remove Replace, Breaks and Provides for icedove-l10n-*
* [a9117e4] [buster] remove transitional iceowl-extension package
* [5aed012] [buster] remove Replace, Breaks and Provides for iceowl-extension
* [27fc04b] [buster] remove transitional icedove-dbg package
* [53b4825] [buster] remove transitional icedove-dev package
* [e2d808f] [buster] remove Replace, Breaks and Provides for icedove-dev
* [97edfbe] [buster] remove transitional icedove package
* [3748054] [buster] remove Replace and Breaks for icedove
* [611a704] [buster] move thunderbird-dbg into *-dbgsym package
-- Carsten Schoenert <email address hidden> Sun, 12 Nov 2017 16:01:07 +0100
thunderbird (1:52.4.0-1) unstable; urgency=medium
[ Guido Günther ]
* [da3c5cc] Simplify endianness selection for ICU
Since we need to build ICU on the various Debian releases we
need to ensure the architecture detection isn't to strict.
Thanks Guido for helping out here!
[ Carsten Schoenert ]
* [47748ca] debian/control: be more relaxed on Breaks for enigmail
* [6a54666] thunderbird-wrapper: fix small typo in help output
A small typo was happen in the example call with the JS console.
* [6d5266e] README.Debian: update info around tls fallback-limit
The default behavior on the TLS fallback has changed some
versions ago, document this accordingly.
* [24ad883] debian/control: change maintainer
Thanks Christoph for the work over the past years!
* [c78200e] debian/control: move src pkg name to thunderbird
By this version we move the source package name also back to
thunderbird. This follows the changes that are already made to
the binary package names and we can call the source package now
also again thunderbird.
(Closes: #857075)
* [c26133d] debian/gbp.conf: rename components to real used names
Due the changes of the source package the names for the
sub-folders within the additional tarballs can also be changed
to be closer on the real upstream used names.
* [a5ce4f7] New upstream version 52.4.0
(Closes: #878845, #878870)
Fixed CVE issues in upstream version 52.0 (MFSA 2017-23)
CVE-2017-7793: Use-after-free with Fetch API
CVE-2017-7818: Use-after-free during ARIA array manipulation
CVE-2017-7819: Use-after-free while resizing images in design mode
CVE-2017-7824: Buffer overflow when drawing and validating elements with
ANGLE
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
CVE-2017-7814: Blob and data URLs bypass phishing and malware protection
warnings
CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters
as spaces
CVE-2017-7823: CSP sandbox directive did not create a unique origin
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4,
and Thunderbird 52.4
* [104b4e5] rebuild patch queue from patch-queue branch
* [d63662a] lintian: move oldlibs/extra -> oldlibs/optional
By moving all transitional package to oldlibs/optional we can
help deborphan to detect better not needed packages.
* [fb56001] d/rules: reflect changes from renamed component tarballs
The additional tarballs are stored in folders which reflect
the upstream names of those components. This also needs to be
respected for the build instructions of the package.
* [61288fb] debian/control: change Vcs* fields due the src name change
Addressing the changed source package name in the Git Vcs urls.
* [ef95ab5] debian/control: increase Standards-Version to 4.1.1
No further changes needed.
* [45e8fe2] apparmor: update profile from upstream
Thanks to Simon Deziel and intrigeri we can simply use the
apparmor profile changes done for the Ubuntu releases.
* [6b1649c] lintian: adding a override for thunderbird-l10n-all
* [ceab93f] debian/README.source: reflect src package name change
-- Carsten Schoenert <email address hidden> Fri, 17 Oct 2017 18:20:29 +0200
| 226 → 229 of 229 results | First • Previous • Next • Last |
