Change log for thunderbird package in Debian
151 → 225 of 229 results | First • Previous • Next • Last |
Superseded in experimental-release |
thunderbird (1:78.0~b2-1) experimental; urgency=medium * [c8da927] d/source.filter: fix obviously happen typo * [c513a96] New upstream version 78.0~b2 * [6e9104e] d/control: tb, adding binary version to lightning provides Make the Provides for Lightning a versioned provide. * [8adec8f] enigmail: let any version of Enigmail break We now can break on any Enigmail version, the Enigmail functions are now included in Thunderbird and don't want to have an Enigmail package get installed in parallel. * [696b1fc] xul-ext-*/webext-*: adding more extensions to break Quite all of the current packaged Thunderbird extensions will not work for now with Thunderbird 78.*, adding/renaming the current know packages with recent versions to Breaks for thunderbird. * [e488d0c] thunderbird: remove some non-existing packages from Breaks The listed packages xul-ext-foxyproxy-standard xul-ext-gnome-keyring xul-ext-nostalgy aren't in any supported release so we don't need them any more within a Breaks for thunderbird. * [039ee90] thunderbird: remove outdated myspell packages from Breaks All previously listed myspell packages in Breaks for thunderbird aren't reachable with the given version any more. We can remove them safely. * [08ea0ba] thunderbird: remove outdated hunspell packages from Breaks The same is true for the hunspell packages that were listed in the Breaks field for thunderbird. -- Carsten Schoenert <email address hidden> Sat, 20 Jun 2020 18:04:59 +0200
Superseded in experimental-release |
thunderbird (1:78.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [625efa9] d/source.filter: some updates to filtering list Recent modification of the shipped files in the upstream tarball do require small updates of the filter list we use to repack the tarball. * [967ee19] New upstream version 78.0~b1 * [240991e] rebuild patch queue from patch-queue branch removed patch: debian-hacks/use-icudt-b-l-.dat-depending-on-architecture.patch This will require some additional adjustment later for the stable-security upkoads as this patch was required to get a recent ICU version build before the build of the thunderbird sources did start. reworked patch: debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch * [07cab53] d/mozconfig.default: remove no longer existing options By this release a lot of old configure options are kicked out, some of them we have used until now. We need to remove these from the config. * [df2e99b] d/copyright: update content As usual some required update of the copyright file, more files are not shipped anymore. [ intrigeri ] * [82a4b03] AppArmor: update profile from upstream at commit 860d2d9 (cherry-picked from unstable) -- Carsten Schoenert <email address hidden> Sat, 13 Jun 2020 20:01:39 +0200
Superseded in sid-release |
thunderbird (1:68.9.0-1) unstable; urgency=medium [ intrigeri ] * [fd13825] AppArmor: update profile from upstream at commit 860d2d9 (Closes: #960465) [ Carsten Schoenert ] * [c310c40] New upstream version 68.9.0 Fixed CVE issues in upstream version 68.9.0 (MFSA 2020-22): CVE-2020-12399: Timing attack on DSA signatures in NSS library CVE-2020-12405: Use-after-free in SharedWorkerService CVE-2020-12406: JavaScript Type confusion with NativeTypes CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0 CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage -- Carsten Schoenert <email address hidden> Fri, 05 Jun 2020 20:29:35 +0200
Superseded in sid-release |
thunderbird (1:68.8.1-1) unstable; urgency=medium * [7495e7a] New upstream version 68.8.1 -- Carsten Schoenert <email address hidden> Fri, 22 May 2020 19:04:20 +0200
Superseded in experimental-release |
thunderbird (1:77.0~b3-1) experimental; urgency=medium * [82de2f6] New upstream version 77.0~b3 * [8beaf6f] rebuild patch queue from patch-queue branch removed patch (included upstream): fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch * [ab2d7a2] d/copyright: Add license for appstream xml file * [1533187] d/source.filter: Remove some *.wasm files as well * [7cdfe03] d/thunderbird.lintian-overrides: Some more needed overrides We need currently the included bzip library. Also add a false positive about the misread postinst script. * [9385fd4b] d/control: Remove doubled listed package libglib2.0-dev Drop a doubled listed package libglib2.0-dev within B-D. -- Carsten Schoenert <email address hidden> Wed, 20 May 2020 20:58:09 +0200
Superseded in experimental-release |
thunderbird (1:77.0~b2-1) experimental; urgency=medium * [185d4f7] New upstream version 77.0~b2 * [e918036] rebuild patch queue from patch-queue branch removed patch: fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch * [c1979ce] d/mozconfig.default: Remove obsolete options Drop the options '--with-distribution-id' and '--with-user-appdir'. The former is basically only supporting the given default 'org.mozilla' and the latter was set to the default '.mozilla' anyway. -- Carsten Schoenert <email address hidden> Sat, 16 May 2020 14:04:02 +0200
Superseded in buster-release |
thunderbird (1:68.7.0-1~deb10u1) stable-security; urgency=medium * Rebuild for buster-security -- Carsten Schoenert <email address hidden> Sun, 12 Apr 2020 10:21:40 +0200
Superseded in experimental-release |
thunderbird (1:77.0~b1-1) experimental; urgency=medium * [ee06e6e] New upstream version 77.0~b1 * [a21b649] rebuild patch queue from patch-queue branch removed patches (not needed any more): lower-down-required-version-on-NSS3.patch added patches: fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch * [295cc4d] d/control: increase B-D for libnss3 The build requires now libnss3-dev >= 2:3.52. * [f998baf] lintian-overrides: remove overrides for kinto-http-client.js No override needed for this file, it's not included any more. -- Carsten Schoenert <email address hidden> Fri, 08 May 2020 15:18:44 +0200
Superseded in sid-release |
thunderbird (1:68.8.0-1) unstable; urgency=medium * [9b5ae46] New upstream version 68.8.0 Fixed CVE issues in upstream version 68.8.0 (MFSA 2020-18): CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters CVE-2020-12387: Use-after-free during worker shutdown CVE-2020-6831: Buffer overflow in SCTP chunk input validation CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0 -- Carsten Schoenert <email address hidden> Tue, 05 May 2020 20:47:29 +0200
Superseded in experimental-release |
thunderbird (1:76.0~b2-1) experimental; urgency=medium * [87988db] d/control: increase B-D for cargo to 0.42 * [b9b0dfd] rebuild patch queue from patch-queue branch removed patch: debian-hacks/Ignore-version-check-for-cargo.patch * [8386db0] d/control: Remove B-D on libjson-dev and libsqlite3-dev The built uses internal copies for libjson and libsqlite as there are made modifications to them. For now we can decrease the list of build dependencies by removing this two packages. * [6324222] New upstream version 76.0~b2 * [629b3bb] d/rules: Remove default compiler flag No needed for '-Wl,--as-needed' any more, it's default now. -- Carsten Schoenert <email address hidden> Mon, 27 Apr 2020 09:55:43 +0200
Superseded in experimental-release |
thunderbird (1:76.0~b1-1) experimental; urgency=medium * [b52cd52] d/c-thunderbird-l10n-tarball.sh: change upstream resource Upstream has changed the folder were we can find the language providing XPI packages. They simply moved over from linux-i686 to linux-x86_64. * [22e697a] d/rules: drop set up of LIGHTNING_VERSION variable We don't need this variable any more for building the packages (like all the lightning-foo named stuff), there is no dedicated Lighting named stuff around. * [4ad871b] d/gbp.conf: Remove additional tarball for lightning-l10n git-buildpackage won't find this additional tarball as it's not needed starting by the import of the next upstream version (this is 76.0b1). * [25d8d42] d/c-l-l10n-t.sh: Remove helper script We also don't need to build the l10n specific additional tarball for Lighting related parts any more. Dropping this helper script. * [9d33d06] d/README.source: Remove part of lightning-l10n * [b063d7f] New upstream version 76.0~b1 * [e7a23ec] rebuild patch queue from patch-queue branch removed patches (not needed or included upstream): debian-hacks/Build-against-system-libjsoncpp.patch debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch added patches: debian-hacks/Ignore-version-check-for-cargo.patch lower-down-required-version-on-NSS3.patch * [94d8593] d/control: adding new packages thunderbird-l10n-{cak,kab,uz} After the final release of Thunderbird 68.0 new l10n support for the languages Kacqhikel, Georgian and Uzbek was added. Reflect this by adding new binary packages for those languages. * [5397182] d/mozconfig.default: remove option for system-sqlite Upstream is using their own version of an modified SQLite now and has dropping the additional configure option about this. * [abb0ded] d/control: increase various versions in B-D The current source requires some more recent versions of the helping tools for building the sources as usual. * [abfc8b2] d/rules: remove any action related to old lightning stuff As the sources doesn't have any Lightning specific parts any more we need to adjust the build process within debina/rules a bit. Thus dropping all the rules around Lighting things. * [f95b3ad] d/control: Turn lightning into transitional package For now switch the behaviour of the lightning package into a transitional one. We might can drop the whole package rather soon. * [c3062cb] d/thunderbird.install: Remove blocklist.xml Don't install the file blocklist.xml any more, it's now not shipped by upstream any more. * [856e99e] d/mozconfig.thunderbird: Remove --enable-calendar Previously the build of the Lightning extension was needed to get enabled to built this as an extension. Now it's fully integrated into the core this configure option isn't needed any longer. * [5551a8a] d/copyright: update content As usual there is some moving within the source code between the major versions, reflect this by adjusting the content of the copyright file. * [21e9b7f] lintian-overrides: adjust overrides for needed files Also the override file for the source is needing some adjustments. * [f25ddc4] d/source.filter: update the filter sequences The control for filtering non needed stuff from the upstream tarball must also get adjusted due changed versions, moved folders etc. * [e4a81ba] d/thunderbird.install: Install also appdata.xml Upstream is providing an AppStream data file which we want install mow also. * [80385c9] d/source.filter: Sorting entries alphabetically No functional modifications, just sorting entries to find stuff more easily. * [585cf0a] d/thunderbird.lintian-overrides: update after config changes We also need to modify the content for Lintian overrides for the thunderbird package a bit. Thunderbird comes now (again) with own versions of the libraries libtheora and libjsoncpp. Mostly because Mozilla has made some own modifications within these libraries. -- Carsten Schoenert <email address hidden> Sat, 18 Apr 2020 08:28:25 +0200
Superseded in sid-release |
thunderbird (1:68.7.0-1) unstable; urgency=medium * [c0052af] New upstream version 68.7.0 Fixed CVE issues in upstream version 68.7.0 (MFSA 2020-14): CVE-2020-6819: Use-after-free while running the nsDocShell destructor CVE-2020-6820: Use-after-free when handling a ReadableStream CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7 -- Carsten Schoenert <email address hidden> Sun, 12 Apr 2020 07:40:41 +0200
Superseded in sid-release |
thunderbird (1:68.6.0-1) unstable; urgency=medium * [5709774] New upstream version 68.6.0 Fixed CVE issues in upstream version 68.6.0 (MFSA 2020-10): CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init CVE-2020-6805: Use-after-free when removing data about origins CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6807: Use-after-free in cubeb during stream destruction CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6 -- Carsten Schoenert <email address hidden> Mon, 16 Mar 2020 20:01:29 +0100
Superseded in sid-release |
thunderbird (1:68.5.0-1) unstable; urgency=medium * [d79bf82] New upstream version 68.5.0 Fixed CVE issues in upstream version 68.5.0 (MFSA 2020-07): CVE-2020-6793: Out-of-bounds read when processing certain email messages CVE-2020-6794: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords CVE-2020-6795: Crash processing S/MIME messages with multiple signatures CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection CVE-2020-6792: Message ID calculcation was based on uninitialized data CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5 (Closes: #891848) * [0884df6] d/control: increase Standards-Version to 4.5.0 No further changes needed. -- Carsten Schoenert <email address hidden> Thu, 13 Feb 2020 17:58:44 +0100
Superseded in stretch-release |
thunderbird (1:68.4.1-1~deb9u1) stretch-security; urgency=medium * Rebuild for stretch-security -- Carsten Schoenert <email address hidden> Sat, 16 Jan 2020 15:39:41 +0100
Published in stretch-release |
thunderbird (1:60.9.0-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security -- Carsten Schoenert <email address hidden> Thu, 12 Sep 2019 19:25:59 +0200
Superseded in buster-release |
thunderbird (1:68.4.1-1~deb10u1) stable-security; urgency=medium * Rebuild for buster-security -- Carsten Schoenert <email address hidden> Sat, 15 Jan 2020 17:48:09 +0100
Superseded in sid-release |
thunderbird (1:68.4.2-1) unstable; urgency=medium * [7ab7786] d/gbp.conf: add some more files we need to filter out * [9c02c34] New upstream version 68.4.2 -- Carsten Schoenert <email address hidden> Sun, 26 Jan 2020 13:13:49 +0100
Superseded in sid-release |
thunderbird (1:68.4.1-1) unstable; urgency=medium * [a00f3e9] New upstream version 68.4.1 Fixed CVE issues in upstream version 68.4.1 (MFSA 2020-04): CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting CVE-2019-17017: Type Confusion in XPCVariant.cpp CVE-2019-17022: CSS sanitization does not escape HTML tags CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1 * [6b1fd82] rebuild patch queue from patch-queue branch removed patch (included upstream) fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch -- Carsten Schoenert <email address hidden> Fri, 10 Jan 2020 18:33:43 +0100
Superseded in sid-release |
thunderbird (1:68.3.1-1) unstable; urgency=medium [ Emilio Pozuelo Monfort ] * [6f59313] Fix MOZ_BUILD_DATE to have the expected format [ Carsten Schoenert ] * [5d0f4b1] d/rules: don't use SOURCE_DATE_EPOCH for MOZ_BUILD_DATE (Closes: #946588) * [1467af5] New upstream version 68.3.1 -- Carsten Schoenert <email address hidden> Wed, 18 Dec 2019 15:54:44 +0100
Superseded in sid-release |
thunderbird (1:68.3.0-2) unstable; urgency=medium * [0625d30] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch * [ea8d98c] Breaks: add versioned birdtray package -- Carsten Schoenert <email address hidden> Mon, 09 Dec 2019 18:22:15 +0100
Superseded in sid-release |
thunderbird (1:68.3.0-1) unstable; urgency=medium * [fe289ec] /u/b/thunderbird: export variable DICPATH before start (Closes: #944295) * [a9a48c6] New upstream version 68.3.0 Fixed CVE issues in upstream version 68.3 (MFSA 2019-38): CVE-2019-17008: Use-after-free in worker destruction CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher CVE-2019-17009: Updater temporary files accessible to unprivileged processes CVE-2019-17010: Use-after-free when performing device orientation checks CVE-2019-17005: Buffer overflow in plain text serializer CVE-2019-17011: Use-after-free when retrieving a document in antitracking CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3 * [fb23473] d/control: increase B-D version on NSS to 3.44.3 * [6f59938] Breaks: adding more non compatible packaged AddOns -- Carsten Schoenert <email address hidden> Thu, 05 Dec 2019 10:03:22 +0100
Published in buster-release |
thunderbird (1:60.9.0-1~deb10u1) buster-security; urgency=medium * Rebuild for buster-security * [9802e1d] Revert "Use gcc-8 and g++-8 due broken build with GCC-9" -- Carsten Schoenert <email address hidden> Thu, 12 Sep 2019 16:52:34 +0200
Superseded in sid-release |
thunderbird (1:68.2.2-1) unstable; urgency=medium * [198d539] xul-ext-compactheader: allow also version << 3.0.0 * [0e93753] d/control: add incompatibility with jsunit << 0.2.2 * [87c84cb] New upstream version 68.2.2 This upstream version has removed the source for calendar-google-provider, thus we can't provide the related binary package any more. * [a3cea2a] rebuild patch queue from patch-queue branch rebuild patch queue from patch-queue branch removed patches (included upstream): debian/patches/fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch debian/patches/fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch debian/patches/fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch debian/patches/fixes/Build-also-gdata-provider-as-xpi-file.patch debian/patches/fixes/rust-ignore-not-available-documentation.patch debian/patches/porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch debian/patches/porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch debian/patches/porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch debian/patches/porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch debian/patches/porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch * [1730f5f] d/control: remove references to calendar-google-provider Don't build calendar-google-provider any more and remove any references from other binary packages. * [1b0bbb8] d/rules: remove any calendar-google-provider stuff * [92f681c] thunderbird.NEWS: Adding hint about removal of gdata Give out an announcement about the removal of a possible previously installed package calendar-google-provider. -- Carsten Schoenert <email address hidden> Sun, 10 Nov 2019 12:09:17 +0100
Superseded in sid-release |
thunderbird (1:68.2.1-1) unstable; urgency=medium [ intrigeri ] * [c48e2cb] AppArmor: update profile from upstream at commit a27a1a5 (Closes: #941290) [ Carsten Schoenert ] * [98497ae] New upstream version 68.2.0 Fixed CVE issues in upstream version 68.2 (MFSA 2019-35): CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber CVE-2019-11757: Use-after-free when creating index updates in IndexedDB CVE-2019-11758: Potentially exploitable crash due to 360 Total Security CVE-2019-11759: Stack buffer overflow in HKDF output CVE-2019-11760: Stack buffer overflow in WebRTC networking CVE-2019-11761: Unintended access to a privileged JSONView object CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2 (Closes: #925841) * [a104c51] d/control: increase Standards-Version to 4.4.1 * [6c9d012] xul-ext-dispmua: set current min usable version * [b3bf16f] New upstream version 68.2.1 * [8f89b90] d/control: decrease build architecture list Decreasing the current list of build architectures. Not meant to keep this forever, removed RC architectures needing support and volunteering to get them back. (Closes: #921258) -- Carsten Schoenert <email address hidden> Fri, 01 Nov 2019 20:36:59 +0100
Deleted in experimental-release (Reason: None provided.) |
thunderbird (1:68.1.2-1~exp1) experimental; urgency=medium * [81f4144] xul-ext-compactheader: increase minimal usable version * [a815589] Update the global information about TB in Debian * [bb5f5f7] rebuild patch queue from patch-queue branch * [6fe7d3f] xul-ext-sogo-connector: increase minimal usable version * [2e29af5] New upstream version 68.1.2 -- Carsten Schoenert <email address hidden> Sat, 26 Oct 2019 08:41:50 +0200
Superseded in experimental-release |
thunderbird (1:68.1.1-1~exp1) experimental; urgency=medium [ intrigeri ] * [3f49653] AppArmor: update profile from upstream at commit ed52e4a [ Carsten Schoenert ] * [348f476] New upstream version 68.0~b5 * [2a2f101] New upstream version 68.1.1 Fixed CVE issues in upstream version 68.1 (MFSA 2019-20): CVE-2019-11711: Script injection within domain through inner window reuse CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects CVE-2019-11713: Use-after-free with HTTP/2 cached stream CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault CVE-2019-11715: HTML parsing error can contribute to content XSS CVE-2019-11716: globalThis not enumerable until accessed CVE-2019-11717: Caret character improperly escaped in origins CVE-2019-11719: Out-of-bounds read when importing curve25519 private key CVE-2019-11720: Character encoding XSS vulnerability CVE-2019-11721: Domain spoofing through unicode latin 'kra' character CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions CVE-2019-11725: Websocket resources bypass safebrowsing protections CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3 CVE-2019-11728: Port scanning through Alt-Svc header CVE-2019-11710: Memory safety bugs fixed in Firefox 68 and Thunderbird 68 CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68 Fixed CVE issues in upstream version 68.1 (MFSA 2019-20): CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB CVE-2019-11743: Cross-origin access to unload event attributes CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 Fixed CVE issues in upstream version 68.1.1 (MFSA 2019-32): CVE-2019-11755: Spoofing a message author via a crafted S/MIME message * [9342624] rebuild patch queue from patch-queue branch added patches: debian-hacks/Set-program-name-from-the-remoting-name.patch debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch debian-hacks/Work-around-Debian-bug-844357.patch fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch removed patch (fixed upstream): porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch * [25cb500] d/control: increase various versions in B-D * [ee5b713] d/control: remove B-D on librust-cbindgen-dev Use librust-toml-dev instead, we only need some files from this package, librust-cbindgen-dev is a metapackage which is broken while packaging. * [442a6b1] d/rules: work around cargo needs a HOME dir * [4894a4c] d/control: increase Standards-Version to 4.4.0 No further changes needed. * [bb47b68] d/control: update upstream homepage for Thunderbird Since some time Mozilla Thunderbird has a new homepage placed on URI https://www.thunderbird.net/ * [a3b680e] d/source.filter: update the filter sequences New Thunderbird upstream versions bringing some new unwanted files within the source. * [7290ff4] d/control: remove transitional lightning l10n packages The Lightning l10n packages moved into transitional packages before Buster was released, now after the Buster release removing these transitional packages. All required l10n files are available in the packages thunderbird-$(locale) even for Lightning. * [3d1d27d] enigmail: increase minimal usable version Thunderbird 68.x needs at least Enigmal in version 2.1, but increase the version on Enigmail to the most recent version which is released while packaging. * [66069d9] calendar-exchange-provider: removed from Breaks This package isn't alive in unstable and testing. * [3b9f936] d/control: remove Xb-Xul-AppId field Thunderbird don't has any Xul based AddOns since version 68.0 * [7d8cd7d] lintian-overrides: remove not needed overrides -- Carsten Schoenert <email address hidden> Sat, 28 Sep 2019 15:38:28 +0200
Superseded in sid-release |
thunderbird (1:60.9.0-1) unstable; urgency=medium * [5f7ba31] New upstream version 60.9.0 Fixed CVE issues in upstream version 60.8.0 (MFSA 2019-29) CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB CVE-2019-11743: Cross-origin access to unload event attributes CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, and Thunderbird 60.9 -- Carsten Schoenert <email address hidden> Wed, 11 Sep 2019 17:54:10 +0200
Superseded in stretch-release |
thunderbird (1:60.8.0-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security -- Carsten Schoenert <email address hidden> Sat, 13 Jul 2019 15:33:17 +0200
Superseded in buster-release |
thunderbird (1:60.8.0-1~deb10u1) buster-security; urgency=medium [ Carsten Schoenert ] * Rebuild for buster-security -- Carsten Schoenert <email address hidden> Sat, 13 Jul 2019 08:27:42 +0200
Superseded in sid-release |
thunderbird (1:60.8.0-2) unstable; urgency=medium * [41e9047] d/rules: work around carge needs a HOME dir * [c67707c] Use gcc-8 and g++-8 due broken build with GCC-9 -- Carsten Schoenert <email address hidden> Fri, 23 Aug 2019 20:30:17 +0200
Superseded in sid-release |
thunderbird (1:60.8.0-1) unstable; urgency=medium * [49f4e91] New upstream version 60.8.0 Fixed CVE issues in upstream version 60.8.0 (MFSA 2019-23) CVE-2019-9811: Sandbox escape via installation of malicious language pack CVE-2019-11711: Script injection within domain through inner window reuse CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects CVE-2019-11713: Use-after-free with HTTP/2 cached stream CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault CVE-2019-11715: HTML parsing error can contribute to content XSS CVE-2019-11717: Caret character improperly escaped in origins CVE-2019-11719: Out-of-bounds read when importing curve25519 private key CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8 -- Carsten Schoenert <email address hidden> Tue, 09 Jul 2019 22:09:04 +0200
thunderbird (1:60.7.2-1) unstable; urgency=medium * [d6c79ed] New upstream version 60.7.2 Fixed CVE issues in upstream version 60.7.2 (MFSA 2019-20 CVE-2019-11707: Type confusion in Array.pop CVE-2019-11708: sandbox escape using Prompt:Open -- Carsten Schoenert <email address hidden> Fri, 21 Jun 2019 18:48:43 +0200
Superseded in experimental-release |
thunderbird (1:68.0~b1-1) experimental; urgency=medium * [0eabe70] New upstream version 68.0~b1 * [2febf67] rebuild patch queue from patch-queue branch added patch: debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch * [cfa5973] d/s/lintian-overrides: adjust overrides for needed files * [46077e2] d/copyright: update after upstream changes -- Carsten Schoenert <email address hidden> Sun, 16 Jun 2019 10:28:52 +0200
thunderbird (1:60.7.1-1) unstable; urgency=high * [f791dee] New upstream version 60.7.1 Fixed CVE issues in upstream version 60.7.1 (MFSA 2019-17) CVE-2019-11703: Heap buffer overflow in icalparser.c CVE-2019-11704: Heap buffer overflow in icalvalue.c CVE-2019-11705: Stack buffer overflow in icalrecur.c CVE-2019-11706: Type confusion in icalproperty.c -- Carsten Schoenert <email address hidden> Fri, 14 Jun 2019 07:25:35 +0200
Superseded in experimental-release |
thunderbird (1:67.0~b3-1) experimental; urgency=medium [ intrigeri ] * [9ad75ad] d/rules: drop useless usage of dpkg-parsechangelog [ Carsten Schoenert ] * [d6f6747] New upstream version 67.0~b3 * [90f73be] rebuild patch queue from patch-queue branch removed patch: fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch * [7dd5c54] d/control: increase various B-D versions Increasing the version for the build depending packages of cargo, cbindgen, libnspr4-dev, libnss3-dev, libsqlite3-dev and rustc. -- Carsten Schoenert <email address hidden> Tue, 11 Jun 2019 19:36:00 +0200
thunderbird (1:60.7.0-1) unstable; urgency=medium * [f6dd130] New upstream version 60.7.0 Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15) CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-9797: Cross-origin theft of images with createImageBitmap CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-5798: Out-of-bounds read in Skia CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7 * [4106d54] rebuild patch queue from patch-queue branch added patch: fixes/rust-ignore-not-available-documentation.patch -- Carsten Schoenert <email address hidden> Thu, 23 May 2019 17:03:27 +0200
Superseded in stretch-release |
thunderbird (1:60.6.1-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security -- Carsten Schoenert <email address hidden> Thu, 28 Mar 2019 20:29:33 +0100
thunderbird (1:60.6.1-1) unstable; urgency=medium [ intrigeri ] * [2013645] d/rules: drop useless usage of dpkg-parsechangelog [ Carsten Schoenert ] * [daf1252] New upstream version 60.6.1 Fixed CVE issues in upstream version 60.6.0 (MFSA 2019-11) CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled CVE-2019-9794: Command line arguments not discarded during execution CVE-2019-9795: Type-confusion in IonMonkey JIT compiler CVE-2019-9796: Use-after-free with SMIL animation controller CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied CVE-2019-9788: Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6 Fixed CVE issues in upstream version 60.6.1 (MFSA 2019-12) CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations * [f88a505] rebuild patch queue from patch-queue branch added patch: fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch -- Carsten Schoenert <email address hidden> Wed, 27 Mar 2019 18:22:51 +0100
Superseded in experimental-release |
thunderbird (1:66.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [afe31d9] New upstream version 66.0~b1 * [4ec53cc] apparmor: update profile from upstream (commit 7ace41b1) (cherry-picked from debian/sid) * [b3657a0] d/rules: make dh_clean more robust Remove some regenerated files in dh_clean to the build will not fail in case the build needs to be started twice within the same build environment. (cherry-picked from debian/sid) * [dceb027] d/rules: move disable debug option into configure step Adding the option '--disable-debug-symbols' to the file mozconfig.default in case the build is running on a 32bit architecture instead of expanding the variable 'CONFIGURE_FLAGS'. The configuration approach for this option taken from firefox-esr was not working for the thunderbird package. (cherry-picked from debian/sid) * [f7f02a9] d/rules: reorder LDFLAGS for better readability Make the used additional options for LDFLAGS better readable by reordering the various used options. Also adding the option '-Wl, --as-needed' to the list of used options here. (cherry-picked from debian/sid) * [79801fb] d/rules: use 'compress-debug-sections' only on 64bit Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets use this option only if we are on a 64bit architecture as otherwise the build is failing on 32bit architectures again. We don't want to build any debug information on 32bit anyway so we don't need this option on these platforms. (cherry-picked from debian/sid) * [11f9e14] d/mozconfig.default: adding option for mipsel We don't have set up any options for the mipsel platform before, but the build needs some additional options too on this platform to succeed. (cherry-picked from debian/sid) * [e46e178] d/mozconfig.default: disable ion on mips and mipsel The build will fail on mips{,el} if we have enabled ION, the JavaScript JIT compiler on these platforms will loose some performance by this. (cherry-picked from debian/sid) [ Alexander Nitsch ] * [31b87e9] Make the logo SVG square The original SVG source isn't completely square, modifying the SVG file so all generated other files from the input are also exactly square. * [c0f19a3] Add script for generating PNGs from logo SVG * [c153c5f] Update icon PNGs to be properly scaled [ Carsten Schoenert ] * [c372e1f] d/source.filter: add some configure scripts Filter out some files that are named 'configure', they are rebuild later anyway. The filtering of these files is moved from gbp.conf to source.filter. (cherry-picked from debian/sid) * [a40c5df] d/c-lightning-l10n-t.sh: drop version checking Remove an old check for a version string within the file install.rdf. It's not created any more by upstream since > 60.0. * [05b325e] d/source.filter: don't ignore files in root folder Try to not ignore files which are in the top root folder of the upstream source tarball. * [d2ca267] rebuild patch queue from patch-queue branch added patch: fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch modified (refreshed) patches: porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch removed patches (applied upstream): fixes/Fix-big-endian-build-for-SKIA.patch porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch * [cb1dde9] d/control: increase version in B-D for libsqlite3-dev * [54e8890] d/mozconfig.default: add new configure option We need to disable the usage of libav1 for an successful build. The used configure option was added by the new added patch to the patch queue. * [ecd3ade] d/copyright: update after upstream changes * [af58ed8] d/source.filter: add extra content to ignore -- Carsten Schoenert <email address hidden> Sun, 17 Feb 2019 10:58:46 +0100
Superseded in stretch-release |
thunderbird (1:60.4.0-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security -- Carsten Schoenert <email address hidden> Thu, 27 Dec 2018 17:24:19 +0100
thunderbird (1:60.5.1-1) unstable; urgency=medium [ Alexander Nitsch ] * [c9775d4] Make the logo SVG square The original SVG source isn't completely square, modifying the SVG file so all generated other files from the input are also exactly square. * [6096812] Add script for generating PNGs from logo SVG * [4e9e5cc] Update icon PNGs to be properly scaled [ Carsten Schoenert ] * [9e5527d] d/source.filter: add some configure scripts Filter out some files that are named 'configure', they are rebuild later anyway. The filtering of these files is moved from gbp.conf to source.filter. * [b63f2a2] Revert "d/gbp.conf: ignore configure script while importing" Reverting this commit as we need to move the files to filter to source.filter as the behaviour wasn't the expected outcome. * [4965c2a] New upstream version 60.5.1 Fixed CVE issues in upstream version 60.5.0 (MFSA 2019-06) CVE-2018-18356: Use-after-free in Skia CVE-2019-5785: Integer overflow in Skia CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D CVE-2018-18509: S/MIME signature spoofing -- Carsten Schoenert <email address hidden> Thu, 14 Feb 2019 20:01:03 +0100
thunderbird (1:60.5.0-3) unstable; urgency=medium * [3e274d8] d/rules: move disable debug option into configure step Adding the option '--disable-debug-symbols' to the file mozconfig.default in case the build is running on a 32bit architecture instead of expanding the variable 'CONFIGURE_FLAGS'. The configuration approach for this option taken from firefox-esr was not working for the thunderbird package. * [b3d82d3] d/rules: reorder LDFLAGS for better readability Make the used additional options for LDFLAGS better readable by reordering the various used options. Also adding the option '-Wl, --as-needed' to the list of used options here. * [62d11e3] d/rules: use 'compress-debug-sections' only on 64bit Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets use this option only if we are on a 64bit architecture as otherwise the build is failing on 32bit architectures again. We don't want to build any debug information on 32bit anyway so we don't need this option on these platforms. * [6225c44] d/mozconfig.default: adding option for mipsel We don't have set up any options for the mipsel platform before, but the build needs some additional options too on this platform to succeed. * [4e348d9] d/mozconfig.default: disable ion on mips and mipsel The build will fail on mips{,el} if we have enabled ION, the JaveScript JIT compiler on these platforms will loose some performance by this. -- Carsten Schoenert <email address hidden> Tue, 05 Feb 2019 17:11:25 +0100
Superseded in sid-release |
thunderbird (1:60.5.0-2) unstable; urgency=medium * [aa2dbe3] d/changelog: update MFSA information for 60.5.0 The MFSA gut published shortly after the upload of the previous version. Adding the CVE numbers for MFSA 2019-03 to the changelog accordingly like happen for 1:60.4.0-1 too. * [71807dc] rebuild patch queue from patch-queue branch Due greater changes to the source the previous rebuild and refreshing of the patch queue wasn't correctly nor complete. Some more rework was needed and some patches got cherry-picked from firefox-esr. readded patches (not included upstream): porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch cherry-picked from firefox-esr: fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch removed patches (included upstream): porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch * [eaa065b] apparmor: update profile from upstream (commit 7ace41b1) * [c761425] d/rules: make dh_clean more robust Remove some regenerated files in dh_clean to the build will not fail in case the buils needs to be started twice within the same build environment. * [aa7b033] d/gbp.conf: ignore configure script while importing The shipped scripts '*configure' in the toplevel folder and also in js/src aren't needed and we can them filter out while importing the tarballs. These scripts got (re)created by dh_auto_configure nevertheless. * [9f0acb2] d/rules: tweek LDFLAGS more to reduce RAM usage Reduce RAM usage while linking by using compressed sections. (picked from firefox-esr) * [62f195d] d/rules: Don't build debug symbols on non 64bit platforms Reduce even more RAM usage while linking by don't build debugging symbols if we build on non 64bit architectures. (picked from firefox-esr) -- Carsten Schoenert <email address hidden> Fri, 01 Feb 2019 09:24:30 +0100
Superseded in sid-release |
thunderbird (1:60.5.0-1) unstable; urgency=medium * d/source.filter: update filter list Updating the list of files to filter out while repacking the upstream tarball based on recent work done in debian/experimental. Unfortunately a lot of semi minimized *.js files from the original upstream tarball are later needed within some integrated consoles like the AddOn debugger or the error console. Don't filter out such files for now. (Closes: #911198) * [edab34d] d/changelog: update MFSA information for 60.4.0 While releasing and uploading the Debian version 1:60.4.0-1 no MFSA information was available, adding this information now into the changelog entry for 1:60.4.0-1. * [f3f44a3] New upstream version 60.5.0 No dedicated MFSA announcement for this Thunderbird version provided. * [ccac089] rebuild patch queue from patch-queue branch removed patches (included upstream): porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch removed patches (dropped by us): debian-hacks/Don-t-build-testing-suites-and-stuff.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch refreshed patches: debian-hacks/Add-another-preferences-directory-for-applications-p.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch * [43c28c2] d/s/lintian-overrides: more files to ignore Related to [4201f43] the override list for the source needs to be adjusted as we have now more files included there Lintian is complaining about missing source. These files are no 'real' minimized JS files, but the have mostly some long lines that are triggered the Lintian check. -- Carsten Schoenert <email address hidden> Tue, 29 Jan 2019 20:24:29 +0100
Superseded in experimental-release |
thunderbird (1:65.0~b1-1) experimental; urgency=medium * [e5956ef] Merge tag 'debian/1%60.4.0-1' into debian/experimental * [389748b] d/source.filter: adjust files to filter while repack Rework of the file filter list due new upstream version but also to no filter out files we obviously need later, e.g. for the omni.jar archive. * [4b86a78] New upstream version 65.0~b1 * [3db29ed] rebuild patch queue from patch-queue branch removed patches (fixed upstream): debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch fixes/Build-also-gdata-provider-as-xpi-file.patch fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch removed patches (dropped for Debian specific build): debian-hacks/Don-t-build-testing-suites-and-stuff.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch adjusted patches: debian-hacks/Add-another-preferences-directory-for-applications-p.patch debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch patches/fixes/Fix-big-endian-build-for-SKIA.patch (but currently disabled) porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch * [e918c6c] d/control: increase versions in B-D New Thunderbirds version typically need other packages available with higher versions like NSS, NSPR, rust ... Also adding cbindgen and nodejs()!!). * [b6c63bf] d/mozconfig.default: remove dead options More old configure option are now not available anymore and we need to drop them. * [0f959ad] remove GCC specific options LLVM's clang is now widely used, and clang isn't knowing the GCC options '-fno-schedule-insns2' and '-fno-lifetime-dse', removing these options from CFLAGS and CXXFLAGS. * [d0b1f4b] d/rules: work around about strong quotings in .mk files After the configuration of the source some Makefiles in the build folder 'obj-thunderbird' have a strong qouting on some entries. This will later provoke a build failure if we don't remove the single quotes before in the Makefiles. * [093053e] copyright: update after upstream changes * [95eaacf] d/s/lintian-overrides: adjust overrides for needed files -- Carsten Schoenert <email address hidden> Sun, 20 Jan 2019 15:48:06 +0100
thunderbird (1:60.4.0-1) unstable; urgency=medium * [2e5a9d0] d/control: don't hard code LLVM packages in B-D (Closes: #912797) * [3aaa4a6] New upstream version 60.4.0 No MFSA published yet by Mozilla Security while packaging this version. (Closes: #913645) * [12d3be3] debian/control: increase Standards-Version to 4.3.0 No further changes needed. -- Carsten Schoenert <email address hidden> Mon, 24 Dec 2018 17:04:10 +0100
thunderbird (1:60.3.1-1) unstable; urgency=medium * [e1b489a] New upstream version 60.3.1 * [f376b38] lightning: use ${source:Version} in Breaks and Recommends (Closes: #914175) * [7e560b3] Revert "lintian: adding a semi automated lintian-override" The override about a misspelled word Synopsys isn't needed any more. * [893c0e6] rebuild patch queue from patch-queue branch modified patches: debian-hacks/Don-t-build-testing-suites-and-stuff.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch * [20d8827] d/source.filter: update the filter sequences -- Carsten Schoenert <email address hidden> Sun, 25 Nov 2018 10:02:50 +0100
thunderbird (1:60.2.1-2~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security Resync binary packages to build against the version in unstable/testing: Upstream isn't shipping localization for bn-bd and ta-lk for Thunderbird 60.x. Thus the packages {icedove,thunderbird}-l10n-bn-bd, {icedove,thunderbird}-l10n-ta-lk got dropped. The localization for pa-in was removed for Thunderbird earlier but the transitional packages {icedove,iceowl}-l10n-pa-in aren't until now. icedove-dev got dropped as we don't have also the referring package thunderbird-dev since version 59. Besides this localization for cy was added by upstream, reflecting this in a new package thunderbird-l10n-cy. (Closes: #911292, #911504) -- Carsten Schoenert <email address hidden> Sun, 21 Oct 2018 09:42:27 +0200
thunderbird (1:60.0-2~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security * [fd4e834] d/mozconfig.default: use internal libraries * [29621ed] d/control: remove no longer needed Build-Depends -- Carsten Schoenert <email address hidden> Tue, 04 Sep 2018 20:14:34 +0200
Published in stretch-release |
thunderbird (1:52.9.1-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security -- Carsten Schoenert <email address hidden> Thu, 12 Jul 2018 19:09:41 +0200
thunderbird (1:60.3.0-1) unstable; urgency=medium [ intrigeri ] * [7949b31] AppArmor: update profile from upstream at commit f3d9a8b (Closes: #903898) * [e31dc14] AppArmor: update profile from upstream at commit 81c9457 (Closes: #908206) [ Carsten Schoenert ] * [0dcbe22] d/control: add xul-ext-gnome-keyring to Breaks for thunderbird (Closes: #907979) * [65db00d] armel: adding extra LDFLAGS so rust compiler isn't confused The settings that are builtin within rust are conflicting with the GCC. * [9c65884] New upstream version 60.3.0 Fixed CVE issues in upstream version 60.3.0 (MFSA 2018-28) CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3 CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 * [8726bb1] rebuild patch queue from patch-queue branch removed patches (included upstream) fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch -- Carsten Schoenert <email address hidden> Thu, 01 Nov 2018 12:19:34 +0100
Superseded in sid-release |
thunderbird (1:60.2.1-1) unstable; urgency=medium * [ba75ca3] logo: move old TB graphics into dedicated folder * [ba47234] logo: adding new TB icon *.png graphics Like Firefox Thunderbird has also got a reworked logo. As we use some own icon created from a SVG graphic this commit adds the new icons in the various sizes. The source of the SVG graphic is taken from https://demo.identihub.co/thunderbird#/view/icon/element/612 (Closes: #909108) * [0b16a87] d/source.filter: don't remove react files from source (Closes: #909046) * [d01dfd6] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch (Closes: #909628, #909039, #906816) * [bf64065] New upstream version 60.2.1 Fixed CVE issues in upstream version 60.2.1 (MFSA 2018-25) CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12385: Crash in TransportSecurityInfo due to cached data CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords * [b4712af] rebuild patch queue from patch-queue branch removed patches (fixed upstream): fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch * [79057f6] d/control: make lightning-l10n packages transitional The l10n content for Lightning and a specific language is now much more related to the Thunderbird l10n content. By this the existing lightning l10n packages are not really useful any more as we move the Lightning l10n content into the respective Thunderbird l10n package a we need to turn the existing Lightning l10n packages into transitional packages. * [a0ac3b7] d/control: adding Replaces, Breaks, Provides to thunderbird-l10n-* Related to the previous commit the Thunderbird l10n packages need some more fields in the control file so the transition from lightning-l10n into thunderbird-l10n can work. * [c82ee7c] d/rules: install lightning l10n into thunderbird-l10n-* packages The content for the lightning l10n stuff needs now to be installed into thunderbird-l10n packages. * [72cd535] d/control: add thunderbird-l10n-cy Oops, seems like we never have introduced this language for Thunderbird before. Now required to provide the l10n content for Lightning. * [510bea6] d/thunderbird-wrapper.sh: improve GDB switch Since TB 60 upstream isn't installing the old wrapper script run-mozilla.sh any more. By this we need to adjust our starting wrapper so the call to start Thunderbird within the GDB debugger is working. -- Carsten Schoenert <email address hidden> Fri, 05 Oct 2018 17:43:49 +0200
thunderbird (1:60.0-3) unstable; urgency=medium * [daa0dd7] locale: use 'intl.locale.requested' correctly Thanks to hint from Sven Joachim we can use the preference setting 'intl.locale.requested' in way that users don't need to use this setting within their prefs.js to control the language of the Thunderbird UI. 'intl.locale.requested' is somehow the successor of 'intl.locale.matchOS'. (Closes: #908034) * [f8ac1b2] debian/control: increase Standards-Version to 4.2.1 No further changes needed. * [a001579] d/control: remove empty 'Replaces' in thunderbird-l10n-da We can remove that line of Replaces without any key. -- Carsten Schoenert <email address hidden> Thu, 06 Sep 2018 18:46:31 +0200
thunderbird (1:60.0-2) unstable; urgency=medium [ Carsten Schoenert ] * [71ac5e7] rebuild patch queue from patch-queue branch added patches: porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch * [d94e5dc] d/control: B-D on {lib}clang-6.0* and llvm-6.0-dev (Closes: #906707) -- Carsten Schoenert <email address hidden> Mon, 20 Aug 2018 17:57:07 +0200
thunderbird (1:60.0-1) unstable; urgency=medium [ Cyril Brulebois ] * [4f1fcd4] Bump B-D libsqlite3-dev version Upstream requires a more recent version that is already available in unstable but not in Stretch later e.g. * [5a790c2] Add libicu-dev to Build-Depends (required for icu-i18n.pc) This package was pulled from some other package already but we need this explicit now again as we don't use the internal ICU version any more. * [8c86207] Bump libhunspell-dev version The same as for libsqlite3-dev, adding the correct B-D version. (Closes: #905465) [ Carsten Schoenert ] * [901f257] New upstream version 60.0 Fixed CVE issues in upstream version 60.0 (MFSA 2018-19) CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus() CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12362: Integer overflow in SSSE3 scaler CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture CVE-2018-12363: Use-after-free when appending DOM nodes CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365: Compromised IPC child process can list local filenames CVE-2018-12371: Integer overflow in Skia library during edge builder allocation CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60 * [44ab834] rebuild patch queue from patch-queue branch removed patches (applied upstream): porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch * [3168b29] debian/control: increase Standards-Version to 4.2.0 No further changes needed. * [f2f206e] d/rules: use MOZ_LANGPACK_ID instead of hard coding * [996352a] d/rules: ensure l10n MOZ_LANGPACK_ID matches variable from makefile Previous beta versions for the thunderbird-l10n data have used '@firefox.mozilla.org' within their application.id setting. Thunderbird now expects '@thunderbird.mozilla.org' instead. Make the build more flexible so we can detect mismatches here. (Closes: #906176) -- Carsten Schoenert <email address hidden> Sun, 19 Aug 2018 11:32:11 +0200
thunderbird (1:52.8.0-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security [ intrigeri ] * [703c9ec] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" (Cherry-picked from debian/sid to not differ the Apparmor settings between the Debian releases) -- Carsten Schoenert <email address hidden> Mon, 21 May 2018 17:31:53 +0200
Deleted in experimental-release (Reason: None provided.) |
thunderbird (1:60.0~b10-1) experimental; urgency=medium [ intrigeri ] * [596869d] AppArmor: update profile from upstream (at commit edc9487) (Closes: #901471) [ Carsten Schoenert ] * [57195ff] New upstream version 60.0~b10 * [770c9a6] rebuild patch queue from patch-queue branch added patches: porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch * [7fa6ebd] debian/control: increase Standards-Version to 4.1.5 No further changes needed. * [22e701c] c-l-l10n-t.sh: adjust the path to the python helper Adjust the shell script helper to use the changed path to makeversion.py. * [90a1d9e] sticky prefs: use the new syntax in vendor.js The syntax for locked preferences has been changed a while ago, it's time to adjust the entry within vendor.js to disable automatic updates for AddOns. -- Carsten Schoenert <email address hidden> Thu, 12 Jul 2018 17:52:27 +0200
thunderbird (1:52.9.1-1) unstable; urgency=high [ intrigeri ] * [1259eaa] AppArmor: update profile from upstream (at commit edc9487) (Closes: #901471) [ Carsten Schoenert ] * [d706f5b] debian/control: increase Standards-Version to 4.1.5 No further changes needed. * [f5a3eb2] New upstream version 52.9.1 (Closes: #903160) -- Carsten Schoenert <email address hidden> Tue, 10 Jul 2018 19:40:41 +0200
Superseded in sid-release |
thunderbird (1:52.9.0-1) unstable; urgency=high [ intrigeri ] * [c33dba2] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" * [cb64397] AppArmor: update profile from upstream (Closes: #900840) * [b5d6545] AppArmor: update profile from upstream (at commit 104da32) [ Carsten Schoenert ] * [099b525] d/source.filter: add some more files to filter There are some more files we want to filter out. * [376e5f3] New upstream version 52.9.0 Fixed CVE issues in upstream version 52.9 (MFSA 2018-18) CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus() CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward CVE-2018-12362: Integer overflow in SSSE3 scaler CVE-2018-12363: Use-after-free when appending DOM nodes CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365: Compromised IPC child process can list local filenames CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9 * [83a9c9b] rebuild patch queue from patch-queue branch As we have filtered more files out from the source we need to modify the list of tests we won't to built while built the source too so a small adjustment on that. Also fixing some spelling issues which Lintian has found. modified patches: debian-hacks/Don-t-build-testing-suites-and-stuff.patch porting-alpha/fix-FTBFS-on-alpha.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch renamed patches: Allow-to-override-ICU_DATA_FILE-from-the-environment.patch -> Allow-one-to-override-ICU_DATA_FILE-from-the-environment.patch fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch -> fix-function-nsMsgComposeAndSend-to-respect-ReploToSend.patch * [d5254e2] Removed unneded lintian override about brace expansion -- Carsten Schoenert <email address hidden> Wed, 04 Jul 2018 21:44:26 +0200
Superseded in experimental-release |
thunderbird (1:60.0~b9-2) experimental; urgency=medium [ intrigeri ] * [eb7cb44] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" * [4cd8baf] AppArmor: update profile from upstream (Closes: #900840) * [807eb99] AppArmor: update profile from upstream (at commit 104da32) [ Carsten Schoenert ] * [c980546] rebuild patch queue from patch-queue branch added patch: porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch -- Carsten Schoenert <email address hidden> Sun, 01 Jul 2018 19:15:00 +0200
Superseded in experimental-release |
thunderbird (1:60.0~b9-1) experimental; urgency=medium * [be64a3e] d/source.filter: update due upstream changes Writing the import filter file source.filter mostly complete new from scratch. Needed because upstream has changed the structure of the source completely. * [c4b9113] New upstream version 60.0~b9 * [3dc900a] rebuild patch queue from patch-queue branch Related to the changed source structure the patches for the patch queue needs to be adjusted to the new folders and their structure. Thanks to git this wasn't that painful as git did all of the job. Two new patches are needed to add. added patches: fixes/Build-also-gdata-provider-as-xpi-file.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch * [e50ae04] d/rules: remove references to folder 'mozilla' To get the source built some targets in debian/rules are needed to be modified. All references to the old used folder 'mozilla/' are removed now. * [a650500] ICU: don't build the Paragraph Layout library Disable the build of the Paragraph Layout library, we don't need them if we need to built the ICU stuff. Cherry-picked from current ESR 52 packaging. * [977b7fe] d/mozconfig.default: use the ICU package from system The Debian packages of icu are recent enough so we don't need to build own dedicated ICU binaries. * [0c7ed7e] adjust the configuration of the built Because of the modified source structure some more adjustments are needed while going through the built targets like different paths, and built calls of the Thunderbird source. * [1c09011] adjust the install temporary folder Upstream is now wrapping all internal make calls through a Python wrapper called 'mach'. This also involves a changed behavior for installing the Thunderbird files into the temporary folder we later use by the debhelper sequencer. * [bfbc9ca] d/s/lintian-overrides: update content due changed source.filter The modified file debian/source.filter make some adjustments needed in the lintian-overrides file for the source files related part. * [44a4c5a] d/thunderbird.lintian-overrides: update after config changes Like before some adjustments are needed for the lintian override rules for the source files. * [dd48091] d/copyright: adjust the content due folder changes And one more file that needs to be adjusted due the changed source files. -- Carsten Schoenert <email address hidden> Sun, 01 Jul 2018 16:12:33 +0200
Published in jessie-release |
thunderbird (1:52.8.0-1~deb8u1) jessie-security; urgency=medium [ Carsten Schoenert ] * Rebuild for jessie-security [ intrigeri ] * [acc3a6b] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" (Cherry-picked from debian/sid to not differ the Apparmor settings between the Debian releases) -- Carsten Schoenert <email address hidden> Mon, 21 May 2018 20:37:55 +0200
thunderbird (1:52.8.0-1) unstable; urgency=high [ intrigeri ] * [4656ebf] AppArmor: update profile from upstream (Closes: #882048, #882122) [ Agustin Henze ] * [840cbc8] apparmor: allow access to @{HOME}/.gnupg/tofu.db (Closes: #894907) [ Carsten Schoenert ] * [514e9e8] New upstream version 52.8.0 Fixed CVE issues in upstream version 52.8 (MFSA 2018-13) CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack (aka Efail) CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5161: Hang via malformed headers CVE-2018-5162: Encrypted mail leaks plaintext through src attribute (aka Efail) CVE-2018-5170: Filename spoofing for external attachments CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension CVE-2018-5185: Leaking plaintext through HTML forms (aka Efail) CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8 (Closes: #898631) * [7845229] ICU: don't build the Paragraph Layout library Disable the build of the layout library in the internal ICU build as we don't need this and can cause build issues. * [e0a79fc] debian/control: increase Standards-Version to 4.1.4 No further changes needed. -- Carsten Schoenert <email address hidden> Thu, 17 May 2018 21:04:15 +0200
Superseded in experimental-release |
thunderbird (1:60.0~b6-1) experimental; urgency=medium [ Carsten Schoenert ] * [3d91710] create-lightning-l10n: adjust folder structure To build more easy lightning-l10n packages let's modify the helper script for building the additional tarball. Change the content structure so we can simple copy the needed l10n stuff into the l10n packages. * [f1d6031] New upstream version 60.0~b6 * [6643c31] Revert the linking into /u/l/tb/d/extensions Thunderbird in Debian won't detecting extension which are placed in /usr/lib/thunderbird/distribution/extensions, going back to the old folder /usr/lib/thunderbird/extensions to link extensions into Thunderbird. * [26549a3] lightning: turning package into Architecture all Change the architecture for the lightning package from 'any' to 'all'. Lightning is only build by Javascript, CSS, JSM and other text based files and we don't need to build and install it as a architecture dependent package. * [86cd48f] mozconfig.default: disable webrtc build and inclusion Let's drop the build of support for WebRTC, Thunderbird isn't able to use this as there is no component which is depending on this. The chat component would be a potential use case but right now it lacks any functionality by webrtc features. -- Carsten Schoenert <email address hidden> Sat, 05 May 2018 13:56:36 +0200
Superseded in experimental-release |
thunderbird (1:60.0~b5-1) experimental; urgency=medium [ Carsten Schoenert ] * [b8625ea] New upstream version 60.0~b5 -- Carsten Schoenert <email address hidden> Sat, 28 Apr 2018 19:15:07 +0200
Superseded in experimental-release |
thunderbird (1:60.0~b4-1) experimental; urgency=medium [ Carsten Schoenert ] * [62ae939] New upstream version 60.0~b4 -- Carsten Schoenert <email address hidden> Mon, 23 Apr 2018 18:19:11 +0200
Superseded in experimental-release |
thunderbird (1:60.0~b3-1) experimental; urgency=medium [ Carsten Schoenert ] * [94f8505] debian/control: increase Standards-Version to 4.1.4 No further changes needed. * [3ba10c6] rebuild patch queue from patch-queue branch added patches: porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch fixes/Fix-big-endian-build-for-SKIA.patch (re-added) Thanks Andreas Glaubitz for providing these patches! * [dabf294] New upstream version 60.0~b3 * [24f8a38] re-enable usage of lib{nspr4,nss3}-dev while built The available versions of these libraries now recent enough so we can drop the usage of the embedded code copies. -- Carsten Schoenert <email address hidden> Sun, 15 Apr 2018 12:47:43 +0200
Superseded in experimental-release |
thunderbird (1:60.0~b2-1) experimental; urgency=medium [ Agustin Henze ] * [3639717] apparmor: allow access to @{HOME}/.gnupg/tofu.db (Closes: #894907) [ intrigeri ] * [3895bba] AppArmor: fix empty black windows in Thunderbird 58+ (Closes: #887973) * [353ca25] AppArmor: update profile from upstream (Closes: #882048, #882122) [ Carsten Schoenert ] * [37e0bbe] New upstream version 59.0~b1 * [d75c4be] rebuild patch queue from patch-queue branch added patches: fixes/Fix-build-against-libcairo2-dev-1.15.10.patch patches/fixes/Fix-big-endian-build-for-SKIA.patch removed patches: debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch thunderbird/Thunderbird-fix-installdir-for-icons.patch * [9615d6a] New upstream version 60.0~b1 * [431006c] d/source.filter: update due upstream changes Update the list of files we filter out, Upstream added various new files mostly used for auto-testing we don't use. * [2cb4635] d/s/lintian-overrides: remove entries about brace expansion We can remove the override about brace expansion in dh sequencer files. * [4c9f185] debian/rules: using 'rm -f' because probably non existing files The file app.ini isn't existing in some l10n folders for lightning, simply use '-f' for convenience. * [ed00442] debian/rules: fix typo to grep app ID of calendar-g-p * [4a993c5] adding additional packages to Breaks with thunderbird The packages calendar-exchange-provider and enigmail xul-ext-sogo-connector aren't compatible to the webextension interface and we need to add a versioned Breaks. * [9bd8286] adjust Breaks for enigmail Also enigmail needs an adjusted version for Breaks. * [24382c2] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7" (Closes: #892404) * [f0ac8a5] rebuild patch queue from patch-queue branch removed patches: debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch debian-hacks/remove-non-free-W3C-icon-valid.png.patch fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch fixes/Fix-build-against-libcairo2-dev-1.15.10.patch modified patches: debian-hacks/Build-against-system-libjsoncpp.patch debian-hacks/Don-t-build-testing-suites-and-stuff.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch * [6ab35ad] d/mozconfig.default: don't use nspr and nss from system We need to switch back to the embedded source for NSS and NSPR, the versions in unstable aren't usable. * [055ed65] d/mozconfig.default: remove no longer alive option The option '--enable-system-cairo' is gone with TB 60. * [663d6f1] lightning-l10n-bn-bd: remove Bengali (Bangladesh) l10n package * [02b21cb] lightning-l10n-pa-in: remove Punjabi (India) l10ng package * [0cc0b5d] lightning-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package * [62f23a5] thunderbird-l10n-bn-bd: remove (Bangladesh) l10n package * [61bfdf4] thunderbird-l10n-pa-in: remove Punjabi (India) l10n package * [a361750] thunderbird-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package * [8ba5b0d] debian/control: add new packages for *-kk language * [e4280ac] debian/control: add new packages for *-ms language * [aaef9fe] adjust Vcs fields to salsa.debian.org * [144c492, 009b145] debian/copyright: update after upstream changes Upstream removed some files/folders, which reflects in needed adjustments for the copyright file. * [3623f84] d/thunderbird.lintian-overrides: add libnspr4.so and libnss3.so We now need to ship (again) embedded libraries for NSPR and NSS. * [0d3de65] lightning: move linking into /u/l/tb/distribution/extensions Following upstream with the folder for the Lightning to not differ. * [4d6cefe] New upstream version 60.0~b2 * [e1c40a7] rebuild patch queue from patch-queue branch removed patches: fixes/Fix-big-endian-build-for-SKIA.patch * [4834a1d] add entries to README and NEWS for thunderbird Adding notes about the current situation foe the l10n packages and their integration into the UI of Thunderbird and Lightning. -- Carsten Schoenert <email address hidden> Sat, 07 Apr 2018 11:12:37 +0200
thunderbird (1:52.7.0-1) unstable; urgency=medium * [9eb2692] New upstream version 52.7.0 Fixed CVE issues in upstream version 52.7 (MFSA 2018-09) CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5144: Integer overflow during Unicode conversion CVE-2018-5146: Out of bounds memory write in libvorbis CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7 CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7 * [a01cf4b] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7" Switching now back to GCC7 as we don't have any longer issues with broken visuals in the GUI. (Closes: #892404) -- Carsten Schoenert <email address hidden> Mon, 26 Mar 2018 17:21:40 +0200
thunderbird (1:52.6.0-1~deb9u1) stretch-security; urgency=medium [ Carsten Schoenert ] * Rebuild for stretch-security -- Carsten Schoenert <email address hidden> Sun, 28 Jan 2018 08:05:28 +0100
thunderbird (1:52.6.0-1) unstable; urgency=high * [97e1cd7] New upstream version 52.6.0 Fixed CVE issues in upstream version 52.6 (MFSA 2018-04) CVE-2018-5095: Integer overflow in Skia library during edge builder allocation CVE-2018-5096: Use-after-free while editing form elements CVE-2018-5097: Use-after-free when source document is manipulated during XSLT CVE-2018-5098: Use-after-free while manipulating form input elements CVE-2018-5099: Use-after-free with widget listener CVE-2018-5102: Use-after-free in HTML media elements CVE-2018-5103: Use-after-free during mouse event handling CVE-2018-5104: Use-after-free during font face manipulation CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6 * [0300242] rebuild patch queue from patch-queue branch Added patch debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch that fixes the build of the included ICU source against glibc 2.26. (Closes: #887766) * [4bf22e0] debian/control: increase Standards-Version to 4.1.3 No further changes needed. * [3616443] adjust Vcs fields to salsa.debian.org The Vcs for Thunderbird packaging live now on Salsa as Alioth will be shutdown in the future. * [c2f3e14] lintian: ignore non multiarch install folder for thunderbird.pc Ignore a lintian warning about unavailable pkg-config file thunderbird.pc as the ESR versions 52.x are the last series which will have a thunderbird-dev. The next ESR version will be 60.x which uses webextension and makes thunderbird-dev obsolete. -- Carsten Schoenert <email address hidden> Thu, 25 Jan 2018 20:21:10 +0100
Deleted in experimental-release (Reason: None provided.) |
thunderbird (1:58.0~b3-1) experimental; urgency=medium [ Carsten Schoenert ] * [d114338] d/source.filter: update due upstream changes Update the filtering list for excluding some unwanted source files as usual while preparing new major upstream versions. * [91d23a9] New upstream version 58.0~b3 * [f34e555] rebuild patch queue from patch-queue branch added patches: debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch modified patches: debian-hacks/Build-against-system-libjsoncpp.patch debian-hacks/Don-t-build-testing-suites-and-stuff.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch porting-sh4/Add-sh4-support-to-Thunderbird.patch porting/Disable-optimization-on-alpha-for-the-url-classifier.patch prefs/Don-t-auto-disable-extensions-in-system-directories.patch prefs/Set-javascript.options.showInConsole.patch obsolete patches (included somehow or fixed upstream): debian-hacks/Force-use-the-i686-rust-target.patch porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch patches/porting-alpha/fix-FTBFS-on-alpha.patch patches/porting-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch patches/porting-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch porting-kfreebsd-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch porting-mips/FTBFS-mips-add-missing-char-variable.patch porting/ppc-fix-divide-page-size-in-jemalloc.patch thunderbird-l10n/thunderbird-l10n-disable-external-extension-update.patch * [bd45d47] debian/control: adding new Build-Depends Since this is the first version > 52 we need now cargo, clang, rustc and llvm development files. * [c63a03f] d/mozconfig.default: remove no longer alive options Some old options like --disable-gnomeui, --enable-gio, and --with-default-mozilla-five-home are history now. * [609dbbe] l10n lightning: modify script to work with recent version We still need to use the shellscript create-lightning-l10n-tarball.sh (and also *-thunderbird-l10n-*) to create the additional tarballs. * [2f276b7] thunderbird-l10n: change tb-l10n package installation Due the changed structure from upstream for the thunderbird l10n files the packaging needs also to be adopted. * [ee476f8] d/thunderbird.install: update install sequencer file Also small adjustments are needed for the installation of the thunderbird binary files. The old script run-mozilla.sh (which we didn't have used within the Debian packaging) isn't shipped now, and there is now a new folder gtk2 which includes the libmozgtk library linked against GTK2. * [ced9d18] thunderbird-dev: remove the package and adjustments on this The complete content that was packaged previously in thunderbird-dev isn't created and installed now. Thus makes the old package thunderbird-dev obsolete. * [484a142] autopkgtests: disable tests around thunderbird-dev Disable all autopkgtests which have used thunderbird-dev. * [0aa2546] switch to system libraries back We can now use the system libararies libnspr4, libnss3 and libsqlite3 again, the version of libicu is still to old for usage within the package build. * [858ae82] d/control: thunderbird, remove variable ${gnome:Depends} * [7c3a258] d/control: lightning, remove variable ${shlibs:Depends} * [aabf0d4] debian/source/lintian-overrides: update entries * [94b00db] debian/control: increase Standards-Version to 4.1.3 No further changes needed. * [245e8c2] debian/copyright: update after upstream changes Also almost needed with new major upstream versions reflect the changes from upstream in the copyright file. * [72507b2] d/control: enigmail < 1.9.9 isn't working with TB > 55 Due the new plugin interface some old plugins doesn't work with this thunderbird version anymore, or behaving unexpected. Enigmal is one of the this (known) plugins which needs to be at least in version 2.0a2pre installed to work with Thunderbird. * [6cf0133] lightning-l1on: change l10n installation Related to [4abc7f2] the various thunderbird-l10n packages need to be installed differently to old package installations. * [6af7054] calendar-google-provider: tweak installation a bit More a hack but the Mozilla plugin installation by mozilla-devscripts isn't prepared for the new webextension logic by Mozilla. Symlinking the c-g-p plugin for now directly from the thunderbird extension folder. -- Carsten Schoenert <email address hidden> Sun, 21 Jan 2018 14:03:39 +0100
thunderbird (1:52.5.2-2) unstable; urgency=medium [ Carsten Schoenert ] * [f597157] Revert "d/thunderbird.postinst: reload AA profile on updates" The trigger automatics for appamor already is handling the needed reload on profile updates for the applications. (Closes: #885158) * [8ebdb96] debian/control: increase Standards-Version to 4.1.2 No further changes needed. * [81a8c00] use inverse logic on version for AA profile status check By this change we don't enforce the disabled profile from the previous version in some cases and can also handle possible version strings from -security and -backports. (Closes: #885157) -- Carsten Schoenert <email address hidden> Tue, 26 Dec 2017 14:56:40 +0100
Superseded in sid-release |
thunderbird (1:52.5.2-1) unstable; urgency=high [ intrigeri ] * [b791221] AppArmor: support new thunderbird executable path (Closes: #883561, #884217) [ Carsten Schoenert ] * [1f46308] New upstream version 52.5.2 Fixed CVE issues in upstream version 52.5 (MFSA 2017-30) CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to new line Injection * [0dd21b9] d/thunderbird.postinst: reload AA profile on updates * [8c57218] don't disable AA profile on package updates As people want to re-enable the AA profile a update of thunderbird doesn't have to disable this again. (Closes: #884191) -- Carsten Schoenert <email address hidden> Sun, 24 Dec 2017 11:30:09 +0100
151 → 225 of 229 results | First • Previous • Next • Last |