Change log for thunderbird package in Debian
226 → 229 of 229 results | First • Previous • Next • Last |
Superseded in stretch-release |
thunderbird (1:52.4.0-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security [ Guido Günther ] * [da3c5cc] Simplify endianness selection for ICU Since we need to build ICU on the various Debian releases we need to ensure the architecture detection isn't to strict. Thanks Guido for helping out here! [ Carsten Schoenert ] * [47748ca] debian/control: be more relaxed on Breaks for enigmail * [6a54666] thunderbird-wrapper: fix small typo in help output A small typo was happen in the example call with the JS console. * [6d5266e] README.Debian: update info around tls fallback-limit The default behavior on the TLS fallback has changed some versions ago, document this accordingly. * [24ad883] debian/control: change maintainer Thanks Christoph for the work over the past years! * [c78200e] debian/control: move src pkg name to thunderbird By this version we move the source package name also back to thunderbird. This follows the changes that are already made to the binary package names and we can call the source package now also again thunderbird. (Closes: #857075) * [c26133d] debian/gbp.conf: rename components to real used names Due the changes of the source package the names for the sub-folders within the additional tarballs can also be changed to be closer on the real upstream used names. * [a5ce4f7] New upstream version 52.4.0 (Closes: #878845, #878870) Fixed CVE issues in upstream version 52.0 (MFSA 2017-23) CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4, and Thunderbird 52.4 * [104b4e5] rebuild patch queue from patch-queue branch * [d63662a] lintian: move oldlibs/extra -> oldlibs/optional By moving all transitional package to oldlibs/optional we can help deborphan to detect better not needed packages. * [fb56001] d/rules: reflect changes from renamed component tarballs The additional tarballs are stored in folders which reflect the upstream names of those components. This also needs to be respected for the build instructions of the package. * [61288fb] debian/control: change Vcs* fields due the src name change Addressing the changed source package name in the Git Vcs urls. * [ef95ab5] debian/control: increase Standards-Version to 4.1.1 No further changes needed. * [45e8fe2] apparmor: update profile from upstream Thanks to Simon Deziel and intrigeri we can simply use the apparmor profile changes done for the Ubuntu releases. * [6b1649c] lintian: adding a override for thunderbird-l10n-all * [ceab93f] debian/README.source: reflect src package name change -- Carsten Schoenert <email address hidden> Sat, 28 Oct 2017 08:42:05 +0200
Superseded in sid-release |
thunderbird (1:52.5.0-1) unstable; urgency=high [ intrigeri ] * [48e6b65] AppArmor: fix the Crash Reporter and avoid noisy denial logs (Closes: #880953) * [ad8b3b5] AppArmor: fix compatibility with NVIDIA hardware (Closes: #880532) * [d8ff6b6] Disable the AppArmor profile by default Due the various side effects by the enabled AppArmor profile in Thunderbird it's currently better for a user experience we disabling the AppArmor profile for to not get people get mad with to many broken things. Users can always enable the profile by themselves again. (Closes: #882672) * [e50eac5] README.Debian: document how to opt-in for AppArmor confinement * [860d325] README.Debian: document how one can debug the AppArmor profile [Guido Günther] * [50a8f60] Drop myself from maintainers Thank you Guido for always helping out if we had some questions! [ Carsten Schoenert ] * [b64509b] New upstream version 52.5.0 Fixed CVE issues in upstream version 52.5 (MFSA 2017-26) CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5 * [3166018] thunderbird.links: let thunderbird pointing to thunderbird-bin (Closes: #856492) * [6fff70c] [buster] tb-wrapper: searching the correct dbgsym package * [4763ca6] adding a NEWS file for thunderbird package Giving a note about the now disabled AppArmor profile. * [0b9d656] disabling crashreporter for now Also don't build and ship the Crashreporter any more, it's useless until we can collect all symbols correctly. * [a285647] move AppArmor specific things into own README file Put all AppArmor related information into one dedicated file. * [5d56439] d/thunderbird.js: prepare a line for extra X-Debbugs-Cc A really old bug report ... building a compromise and put the requested extra header config into the configuration file but keep it deactivated as default. (Closes: #379304) -- Carsten Schoenert <email address hidden> Sun, 03 Dec 2017 19:58:57 +0100
Deleted in experimental-release (Reason: None provided.) |
thunderbird (1:52.4.0-2~exp1) experimental; urgency=medium [ Carsten Schoenert ] * [a3e73e9] disable usage of libgnomeui parts The libgnomeui stuff (only relevant for GTK+2) is deprecated for a long time and will be removed in buster, and we don't need this at all. See https://lists.debian.org/debian-devel/2017/10/msg00299.html * [9efc5c9] debian/watch: switch to https * [bd5a635] rebuild patch queue from patch-queue branch Fixup for [da3c5cc], add ppc64 to the list of BE architectures. Thanks Adrian Glaubitz for pointing the issue. (Closes: #879270) * [42f5ab5] apparmor: update profile from upstream (Closes: #876333, #855346) [ intrigeri ] * [d7febc8, b026d28] AppArmor: update profile from upstream (Closes: #880425, #877324) * [377e7b5] README.Debian: fixing small typo * [3b0a63a] AppArmor: fix importing public OpenPGP keys from file (Closes: #880715) [ Carsten Schoenert ] * [241690e] d/control: s/Icedove/Thunderbird in desc's for lightning-l10n-* The lightning-l10n package were still using the name 'Icdeove' instead of 'Thunderbird'. * [f17f735] debian/control: moving transitional packages at bottom * [91f9897] autopkg: adjust icedove to thunderbird depends Now move over to depend in favor of thunderbird for some of the autopkg tests. * [8ae2ad7] autopkg: adjust icedove-dev to thunderbird-dev depends Doing the same as before for thunderbird-dev as the native replacement for icedove-dev. * [fa0134c] bump debhelper >= 10.2.5 * [8752789] debian/rules: try to build extensions reproducible The two extensions (lightning and calendar-google-provider) don't build reproducible right now. Trying to fix this by using the timestamp from the changelog entry for the files. May not work correctly and we need to tune more. * [1496368] d/thunderbird.install: also install the fonts folder Recent versions of Thunderbird needing the font EmojiOne which isn't provided by any other package. (Closes: #881299) The following changes are take effect in removing all transitional packages related to the old icedove packaging only for buster. We still need all the transitional packages in wheezy, jessie and stretch! * [54c8a9b] [buster] remove transitional iceowl-l10n-* packages * [c338630] [buster] remove Replace, Breaks and Provides for iceowl-l10n-* * [4311683] [buster] remove transitional icedove-l10n-* packages * [f6e3a01] [buster] remove Replace, Breaks and Provides for icedove-l10n-* * [a9117e4] [buster] remove transitional iceowl-extension package * [5aed012] [buster] remove Replace, Breaks and Provides for iceowl-extension * [27fc04b] [buster] remove transitional icedove-dbg package * [53b4825] [buster] remove transitional icedove-dev package * [e2d808f] [buster] remove Replace, Breaks and Provides for icedove-dev * [97edfbe] [buster] remove transitional icedove package * [3748054] [buster] remove Replace and Breaks for icedove * [611a704] [buster] move thunderbird-dbg into *-dbgsym package -- Carsten Schoenert <email address hidden> Sun, 12 Nov 2017 16:01:07 +0100
thunderbird (1:52.4.0-1) unstable; urgency=medium [ Guido Günther ] * [da3c5cc] Simplify endianness selection for ICU Since we need to build ICU on the various Debian releases we need to ensure the architecture detection isn't to strict. Thanks Guido for helping out here! [ Carsten Schoenert ] * [47748ca] debian/control: be more relaxed on Breaks for enigmail * [6a54666] thunderbird-wrapper: fix small typo in help output A small typo was happen in the example call with the JS console. * [6d5266e] README.Debian: update info around tls fallback-limit The default behavior on the TLS fallback has changed some versions ago, document this accordingly. * [24ad883] debian/control: change maintainer Thanks Christoph for the work over the past years! * [c78200e] debian/control: move src pkg name to thunderbird By this version we move the source package name also back to thunderbird. This follows the changes that are already made to the binary package names and we can call the source package now also again thunderbird. (Closes: #857075) * [c26133d] debian/gbp.conf: rename components to real used names Due the changes of the source package the names for the sub-folders within the additional tarballs can also be changed to be closer on the real upstream used names. * [a5ce4f7] New upstream version 52.4.0 (Closes: #878845, #878870) Fixed CVE issues in upstream version 52.0 (MFSA 2017-23) CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4, and Thunderbird 52.4 * [104b4e5] rebuild patch queue from patch-queue branch * [d63662a] lintian: move oldlibs/extra -> oldlibs/optional By moving all transitional package to oldlibs/optional we can help deborphan to detect better not needed packages. * [fb56001] d/rules: reflect changes from renamed component tarballs The additional tarballs are stored in folders which reflect the upstream names of those components. This also needs to be respected for the build instructions of the package. * [61288fb] debian/control: change Vcs* fields due the src name change Addressing the changed source package name in the Git Vcs urls. * [ef95ab5] debian/control: increase Standards-Version to 4.1.1 No further changes needed. * [45e8fe2] apparmor: update profile from upstream Thanks to Simon Deziel and intrigeri we can simply use the apparmor profile changes done for the Ubuntu releases. * [6b1649c] lintian: adding a override for thunderbird-l10n-all * [ceab93f] debian/README.source: reflect src package name change -- Carsten Schoenert <email address hidden> Fri, 17 Oct 2017 18:20:29 +0200
226 → 229 of 229 results | First • Previous • Next • Last |