Change log for xulrunner package in Ubuntu

128 of 28 results
Obsolete in intrepid-updates on 2013-02-20
Obsolete in intrepid-security on 2013-02-20
Superseded in intrepid-security on 2009-04-02
xulrunner (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * New security upstream release - backports for ffox 3.0.8
    + Fixed on Firefox EOL branch
      - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
      - MFSA 2009-12 XSL Transformation vulnerability
      - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
      - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
      - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
      - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
      - MFSA 2009-03 Local file stealing with SessionStore
      - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
    + Fixed in Firefox 2.0.0.20
      - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
    + Fixed in Firefox 2.0.0.19
      - MFSA 2008-69 XSS vulnerabilities in SessionStore
      - MFSA 2008-68 XSS and JavaScript privilege escalation
      - MFSA 2008-67 Escaped null characters ignored by CSS parser
      - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
      - MFSA 2008-65 Cross-domain data theft via script redirect error message
      - MFSA 2008-64 XMLHttpRequest 302 response disclosure
      - MFSA 2008-62 Additional XSS attack vectors in feed preview
      - MFSA 2008-61 Information stealing via loadBindingDocument
      - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
    + Fixed in Firefox 2.0.0.18
      - MFSA 2008-58 Parsing error in E4X default namespace
      - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
      - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
      - MFSA 2008-55 Crash and remote code execution in nsFrameManager
      - MFSA 2008-54 Buffer overflow in http-index-format parser
      - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
      - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
      - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
      - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
      - MFSA 2008-48 Image stealing via canvas and HTTP redirect
      - MFSA 2008-47 Information stealing via local shortcut files
    + Fixed in Firefox 2.0.0.17
      - MFSA 2008-45 XBM image uninitialized memory reading
      - MFSA 2008-44 resource: traversal vulnerabilities
      - MFSA 2008-43 BOM characters stripped from JavaScript before execution
      - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
      - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
      - MFSA 2008-40 Forced mouse drag
      - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
      - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
      - MFSA 2008-37 UTF-8 URL stack buffer overflow

 -- Alexander Sack <email address hidden>   Tue, 31 Mar 2009 19:26:56 +0200
Obsolete in hardy-updates on 2015-04-24
Obsolete in hardy-security on 2015-04-24
Superseded in hardy-security on 2009-04-02
xulrunner (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release - backports for ffox 3.0.8
    + Fixed on Firefox EOL branch
      - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
      - MFSA 2009-12 XSL Transformation vulnerability
      - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
      - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
      - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
      - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
      - MFSA 2009-03 Local file stealing with SessionStore
      - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
    + Fixed in Firefox 2.0.0.20
      - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
    + Fixed in Firefox 2.0.0.19
      - MFSA 2008-69 XSS vulnerabilities in SessionStore
      - MFSA 2008-68 XSS and JavaScript privilege escalation
      - MFSA 2008-67 Escaped null characters ignored by CSS parser
      - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
      - MFSA 2008-65 Cross-domain data theft via script redirect error message
      - MFSA 2008-64 XMLHttpRequest 302 response disclosure
      - MFSA 2008-62 Additional XSS attack vectors in feed preview
      - MFSA 2008-61 Information stealing via loadBindingDocument
      - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
    + Fixed in Firefox 2.0.0.18
      - MFSA 2008-58 Parsing error in E4X default namespace
      - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
      - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
      - MFSA 2008-55 Crash and remote code execution in nsFrameManager
      - MFSA 2008-54 Buffer overflow in http-index-format parser
      - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
      - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
      - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
      - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
      - MFSA 2008-48 Image stealing via canvas and HTTP redirect
      - MFSA 2008-47 Information stealing via local shortcut files
    + Fixed in Firefox 2.0.0.17
      - MFSA 2008-45 XBM image uninitialized memory reading
      - MFSA 2008-44 resource: traversal vulnerabilities
      - MFSA 2008-43 BOM characters stripped from JavaScript before execution
      - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
      - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
      - MFSA 2008-40 Forced mouse drag
      - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
      - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
      - MFSA 2008-37 UTF-8 URL stack buffer overflow
    + Fixed in Firefox 2.0.0.16
      - MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
      - MFSA 2008-34 Remote code execution by overflowing CSS reference counter
    + Fixed in Firefox 2.0.0.15
      - MFSA 2008-33 Crash and remote code execution in block reflow
      - MFSA 2008-32 Remote site run as local file via Windows URL shortcut
      - MFSA 2008-31 Peer-trusted certs can use alt names to spoof
      - MFSA 2008-30 File location URL in directory listings not escaped properly
      - MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
      - MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
      - MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
      - MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
      - MFSA 2008-24 Chrome script loading from fastload file
      - MFSA 2008-23 Signed JAR tampering
      - MFSA 2008-22 XSS through JavaScript same-origin violation
      - MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
    + Fixed in Firefox 2.0.0.14
      - MFSA 2008-20 Crash in JavaScript garbage collector

 -- Alexander Sack <email address hidden>   Tue, 31 Mar 2009 18:52:02 +0200
Obsolete in gutsy-updates on 2011-09-16
Obsolete in gutsy-security on 2011-09-16
Superseded in gutsy-security on 2009-04-02
xulrunner (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1) gutsy-security; urgency=low

  * two years worth of security updates for gutsy-security xulrunner 1.8
    + Fixed on Firefox EOL branch
      - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
      - MFSA 2009-12 XSL Transformation vulnerability
      - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
      - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
      - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
      - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
      - MFSA 2009-03 Local file stealing with SessionStore
      - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
    + Fixed in Firefox 2.0.0.20
      - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
    + Fixed in Firefox 2.0.0.19
      - MFSA 2008-69 XSS vulnerabilities in SessionStore
      - MFSA 2008-68 XSS and JavaScript privilege escalation
      - MFSA 2008-67 Escaped null characters ignored by CSS parser
      - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
      - MFSA 2008-65 Cross-domain data theft via script redirect error message
      - MFSA 2008-64 XMLHttpRequest 302 response disclosure
      - MFSA 2008-62 Additional XSS attack vectors in feed preview
      - MFSA 2008-61 Information stealing via loadBindingDocument
      - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
    + Fixed in Firefox 2.0.0.18
      - MFSA 2008-58 Parsing error in E4X default namespace
      - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
      - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
      - MFSA 2008-55 Crash and remote code execution in nsFrameManager
      - MFSA 2008-54 Buffer overflow in http-index-format parser
      - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
      - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
      - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
      - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
      - MFSA 2008-48 Image stealing via canvas and HTTP redirect
      - MFSA 2008-47 Information stealing via local shortcut files
    + Fixed in Firefox 2.0.0.17
      - MFSA 2008-45 XBM image uninitialized memory reading
      - MFSA 2008-44 resource: traversal vulnerabilities
      - MFSA 2008-43 BOM characters stripped from JavaScript before execution
      - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
      - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
      - MFSA 2008-40 Forced mouse drag
      - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
      - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
      - MFSA 2008-37 UTF-8 URL stack buffer overflow
    + Fixed in Firefox 2.0.0.16
      - MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
      - MFSA 2008-34 Remote code execution by overflowing CSS reference counter
    + Fixed in Firefox 2.0.0.15
      - MFSA 2008-33 Crash and remote code execution in block reflow
      - MFSA 2008-32 Remote site run as local file via Windows URL shortcut
      - MFSA 2008-31 Peer-trusted certs can use alt names to spoof
      - MFSA 2008-30 File location URL in directory listings not escaped properly
      - MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
      - MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
      - MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
      - MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
      - MFSA 2008-24 Chrome script loading from fastload file
      - MFSA 2008-23 Signed JAR tampering
      - MFSA 2008-22 XSS through JavaScript same-origin violation
      - MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
    + Fixed in Firefox 2.0.0.14
      - MFSA 2008-20 Crash in JavaScript garbage collector
    + Fixed in Firefox 2.0.0.13
      - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
      - MFSA 2008-18 Java socket connection to any local port via LiveConnect
      - MFSA 2008-17 Privacy issue with SSL Client Authentication
      - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
      - MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
      - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
    + Fixed in Firefox 2.0.0.12
      - MFSA 2008-13  Multiple XSS vulnerabilities from character encoding
      - MFSA 2008-11 Web forgery overwrite with div overlay
      - MFSA 2008-10 URL token stealing via stylesheet redirect
      - MFSA 2008-09 Mishandling of locally-saved plain text files
      - MFSA 2008-08 File action dialog tampering
      - MFSA 2008-07 Possible information disclosure in BMP decoder
      - MFSA 2008-06 Web browsing history and forward navigation stealing
      - MFSA 2008-05 Directory traversal via chrome: URI
      - MFSA 2008-04 Stored password corruption
      - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
      - MFSA 2008-02 Multiple file input focus stealing vulnerabilities
      - MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
    + Fixed in Firefox 2.0.0.11
      - Firefox 2.0.0.11 fixed a bug introduced by the 2.0.0.10 update in the <canvas>
        feature that affected some web pages and extensions. There were no security-related
        fixes in this release.
    + Fixed in Firefox 2.0.0.10
      - MFSA 2007-39 Referer-spoofing via window.location race condition
      - MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
      - MFSA 2007-37 jar: URI scheme XSS hazard
    + Fixed in Firefox 2.0.0.9
      - Firefox 2.0.0.9 fixed a small number of rendering bugs introduced by the 2.0.0.8 release;
        there were no security fixes.
    + Fixed in Firefox 2.0.0.8
      - MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
      - MFSA 2007-35 XPCNativeWrapper pollution using Script object
      - MFSA 2007-34 Possible file stealing through sftp protocol
      - MFSA 2007-33 XUL pages can hide the window titlebar
      - MFSA 2007-32 File input focus stealing vulnerability
      - MFSA 2007-31 Browser digest authentication request splitting
      - MFSA 2007-30 onUnload Tailgating
      - MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
    + Fixed in Firefox 2.0.0.7
      -  MFSA 2007-28  Code execution via QuickTime Media-link files
    + Fixed in Firefox 2.0.0.6
      - MFSA 2007-27 Unescaped URIs passed to external programs
      - MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
    + Fixed in Firefox 2.0.0.5
      - MFSA 2007-25 XPCNativeWrapper pollution
      - MFSA 2007-24 Unauthorized access to wyciwyg:// documents
      - MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
      - MFSA 2007-22 File type confusion due to %00 in name
      - MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
      - MFSA 2007-20 Frame spoofing while window is loading
      - MFSA 2007-19 XSS using addEventListener and setTimeout
      - MFSA 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)
  * drop patches applied upstream
    - delete debian/patches/35_psm_wakeups.dpatch
    - delete debian/patches/88_bz384304_lp117575_linkrecursion_fix_in_startscript.dpatch
    - update debian/patches/00list accordingly.
  * adjust diverged patches
    - update debian/patches/99_configure.dpatch

 -- Alexander Sack <email address hidden>   Tue, 31 Mar 2009 15:57:00 +0200
Deleted in lucid-release on 2013-03-04 (Reason: python 2.5 removal LP: #516932)
Obsolete in karmic-release on 2013-03-04
Obsolete in jaunty-release on 2013-02-28
Obsolete in intrepid-release on 2013-02-20
xulrunner (1.8.1.16+nobinonly-0ubuntu1) intrepid; urgency=low

  * New upstream release (taken from upstream CVS), LP: #254618.
  * Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
    MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
    MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
    known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
    CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
    CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
  * Drop 89_bz419350_attachment_306066 patch, merged upstream.
  * Bump Standards-Version to 3.8.0.

 -- Devid Antonio Filoni <email address hidden>   Mon, 25 Aug 2008 13:04:18 +0200
Superseded in intrepid-release on 2008-08-25
xulrunner (1.8.1.14+nobinonly-1ubuntu4) intrepid; urgency=low

  * No-change upload to build against current libhunspell.

 -- Martin Pitt <email address hidden>   Mon, 11 Aug 2008 18:47:11 +0000
Superseded in intrepid-release on 2008-08-11
xulrunner (1.8.1.14+nobinonly-1ubuntu3) intrepid; urgency=low

  * prepatch fix for FTBFS due to #include of not-existing
    iostream.h in ia64 code.
    - add debian/patches/bz419350_attachment_306066.dpatch
    - update debian/patches/00list

Superseded in intrepid-release on 2008-05-02
xulrunner (1.8.1.14+nobinonly-1ubuntu2) intrepid; urgency=low

  * fix FTBFS due to diverged configure patch
    - update debian/patches/99_configure.dpatch

Superseded in intrepid-release on 2008-05-02
xulrunner (1.8.1.14+nobinonly-1ubuntu1) intrepid; urgency=low

  * New security upstream release: 1.8.1.14 (LP: #218534)
    Fixes USN-602-1 / mfsa-2008-20 / CVE-2008-1380
  * Merge from debian unstable (1.8.1.14-1). Remaining ubuntu changes:
    - debian/patches/88_force-no-pragma-visibility-for-gcc-4.2_4.3.dpatch
    - xulrunner alternative in /usr/bin
  * Update configure for the visibility patch:
    - update debian/patches/99_configure.dpatch

 -- Fabien Tassin <email address hidden>   Fri, 2 May 2008 17:03:00 +0200
Superseded in intrepid-release on 2008-05-02
Obsolete in hardy-release on 2015-04-24
xulrunner (1.8.1.13+nobinonly-0ubuntu1) hardy; urgency=low

  * New security upstream release: 1.8.1.13 (LP: #207171)
  * Security fixes:
    - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
    - MFSA 2008-18 Java socket connection to any local port via LiveConnect
    - MFSA 2008-17 Privacy issue with SSL Client Authentication
    - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
    - MFSA 2008-15 Crashes with evidence of memory corruption
    - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
  * Merge from debian unstable (1.8.1.12-5). Remaining ubuntu changes:
    - debian/patches/88_force-no-pragma-visibility-for-gcc-4.2_4.3.dpatch
    - xulrunner alternative in /usr/bin
  * Drop patches applied upstream:
    - drop debian/patches/10_SECAlgorithmIDTemplate.dpatch
    - update debian/patches/00list
  * Update diverged patches:
    - update debian/patches/99_configure.dpatch

 -- Fabien Tassin <email address hidden>   Wed, 26 Mar 2008 00:07:56 +0000
Superseded in hardy-release on 2008-03-26
xulrunner (1.8.1.11-1ubuntu1) hardy; urgency=low

  * Merge from debian unstable (LP: #174219), remaining changes:
     - 88_bz384304_lp117575_linkrecursion_fix_in_startscript.dpatch
     - 88_bz399589_fix_missing_symbol_with_new_nss.dpatch
     - 88_force-no-pragma-visibility-for-gcc-4.2_4.3.dpatch
     - xulrunner alternative in /usr/bin
       - debian/xulrunner.install
       - debian/xulrunner.{postinst,prerm}
  * Update debian/patches/99_configure.dpatch

 -- Fabien Tassin <email address hidden>   Wed, 05 Dec 2007 21:35:09 +0100
Superseded in hardy-release on 2007-12-07
xulrunner (1.8.1.9-1ubuntu1) hardy; urgency=low

  * Merge from debian unstable (LP: #163271), remaining changes:
    - remaining Ubuntu patches in debian/patches:
      - 88_force-no-pragma-visibility-for-gcc-4.2_4.3
      - 88_bz384304_lp117575_linkrecursion_fix_in_startscript
    - xulrunner diversion (xulrunner.{postinst,prerm,install})
    - Maintainer set to Ubuntu MOTU Developers
  * Drop debian/patches/{68_python25_api_breakage.dpatch,
    88_ubuntu_pyginputstream.dpatch,88_ubuntu_pyiinputstream.dpatch}
    merge by Debian into debian/patches/35_python_2.5.dpatch
    - update debian/patches/00list
  * Drop debian/patches/61_python_py_ssize_t_detect now useless
    - update debian/patches/00list
  * Fix FTBFS with cairo lib needing Xrender:
    - add patch 88_bz344818_missing_library_check
    - update debian/patches/00list
  * Fix FTBFS with newer nss allowing to build with either old nss 3.11
    or upcoming 3.12.
    - add patch 88_bz399589_fix_missing_symbol_with_new_nss
    - update debian/patches/00list
  * Update debian/patches/99_configure.dpatch

 -- Fabien Tassin <email address hidden>   Sat, 17 Nov 2007 17:36:34 +0100
Superseded in hardy-release on 2007-11-21
Obsolete in gutsy-release on 2011-09-16
xulrunner (1.8.1.4-2ubuntu5) gutsy; urgency=low

  * debian/control: build depend on ecj instead of ecj-bootstrap, that doesn't
    exist anymore.

Superseded in gutsy-release on 2007-09-28
xulrunner (1.8.1.4-2ubuntu4) gutsy; urgency=low

  Prepare xul 1.8 to play nicely with forthcoming xulrunner 1.9 upload:

  * debian/xulrunner.install: install startup script as
    /usr/lib/xulrunner/xulrunner instead of /usr/bin/xulrunner
  * debian/xulrunner.{postinst,prerm}: introduce xulrunner alternative
    to allow multiple xulrunner versions to be installed on the same
    system.
  * debian/patches/88_bz384304_lp117575_linkrecursion_fix_in_startscript.dpatch:
    adapt patch from bugzilla 384304 to allow deep link recursions of xulrunner
    start script.

 -- Alexander Sack <email address hidden>   Thu, 27 Sep 2007 01:30:55 +0200
Superseded in gutsy-release on 2007-09-27
xulrunner (1.8.1.4-2ubuntu3) gutsy; urgency=low

  * debian/patches/88_ubuntu_pyginputstream.dpatch,
    debian/patches/88_ubuntu_pyiinputstream.dpatch: drop patches because they
    are not applied anyway.
  * debian/patches/88_force-no-pragma-visibility-for-gcc-4.2_4.3.dpatch,
    debian/patches/00list: add anti ftbfs-on-gcc-4.2_4.3 patch to force use of
    -fvisibility=hidden instead of pragma push (hidden) even if gcc bugs are not
    detected.
  * debian/patches/99_configure.dpatch: refresh configure accordingly.

 -- Alexander Sack <email address hidden>   Tue, 21 Aug 2007 18:30:06 +0200
Superseded in gutsy-release on 2007-08-21
xulrunner (1.8.1.4-2ubuntu2) gutsy; urgency=low

  * replacing bogus patches that can cause access to unintialized
    memory and that should have never ended up in here:
      - Dropped 88_ubuntu_pyginputstream.dpatch
      - Dropped 88_ubuntu_pyiinputstream.dpatch
      - Adding 61_python_py_ssize_t_detect.dpatch
      - Adding 68_python25_api_breakage.dpatch
      - Update 99_configure.dpatch because 61_python_py_ssize_t_detect.dpatch
        touches configure.in.
    New patches that do boundary checks are submitted to bugzilla
    bug 386610 and debian bug 431483.
      - update 00list accordingly

    Remaining Ubuntu Changes:
      - Adding 61_python_py_ssize_t_detect.dpatch
      - Adding 68_python25_api_breakage.dpatch
      - update 00list accordingly
      - Update 99_configure.dpatch like:
         1. dpatch-edit-patch 99_configure.dpatch
         2. autoconf2.13
         3. exit 0
      - debian/control: Change Maintainer/XSBC-Original-Maintainer field.

 -- Alexander Sack <email address hidden>   Wed, 04 Jul 2007 14:13:40 +0200
Superseded in gutsy-release on 2007-07-04
xulrunner (1.8.1.4-2ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable. Remaining Ubuntu changes:
    + Fixing __x86_64__ and __ia64__ FTBFS
      - Added 88_ubuntu_pyginputstream.dpatch
      - Added 88_ubuntu_pyiinputstream.dpatch
      - update debian/patches/00list
    + debian/control: Change Maintainer/XSBC-Original-Maintainer field.

Superseded in gutsy-release on 2007-06-13
xulrunner (1.8.1.4-1ubuntu2) gutsy; urgency=low

  * Apply the fix for AMD64 also to IA64
    (this should hopefully fix the FTBFS on IA64).

 -- Michael Bienia <email address hidden>   Wed,  6 Jun 2007 10:07:27 -0500
Superseded in gutsy-release on 2007-06-06
xulrunner (1.8.1.4-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable. Remaining Ubuntu changes:
    + Fixing __x86_64__ FTBFS
      - Added 88_ubuntu_pyginputstream.dpatch
      - Added 88_ubuntu_pyiinputstream.dpatch
    + debian/control: Change Maintainer/XSBC-Original-Maintainer field.

Superseded in gutsy-release on 2007-06-05
xulrunner (1.8.0.11-4ubuntu1) gutsy; urgency=low

  * Merge from debian unstable, remaining changes:
    - resolve conflict in debian/control + debian/rules
    - looks like candidate for sync

Superseded in gutsy-release on 2007-05-18
Obsolete in feisty-release on 2009-08-20
xulrunner (1.8.0.10-3ubuntu1) feisty; urgency=low

  * Merge from Debian unstable, remaining changes:
    + Fixing __x86_64__ FTBFS
      - Added 100_ubuntu_pyginputstream.dpatch
      - Added 100_ubuntu_pyiinputstream.dpatch
    + debian/control: Change Maintainer/XSBC-Original-Maintainer field.

Superseded in feisty-release on 2007-03-10
xulrunner (1.8.0.10-1ubuntu1) feisty; urgency=low

  * Merge from Debian unstable, remaining changes:
    + Fixing __x86_64__ FTBFS
      - Added 100_ubuntu_pyginputstream.dpatch
      - Added 100_ubuntu_pyiinputstream.dpatch
  * debian/control: Change Maintainer/XSBC-Original-Maintainer field.
  * UVF exception: LP: #89561

Superseded in feisty-release on 2007-03-05
xulrunner (1.8.0.9-1ubuntu1) feisty; urgency=low

  * Fixing __x86_64__ FTBFS
    + Added 100_ubuntu_pyginputstream.dpatch
    + Added 100_ubuntu_pyiinputstream.dpatch

 -- Stephan Hermann <email address hidden>   Fri, 19 Jan 2007 17:50:12 +0100
Superseded in feisty-release on 2007-01-20
xulrunner (1.8.0.9-1) unstable; urgency=low

  * New upstream release (taken from upstream CVS)
  * Fixes mfsa-2006-{68-73} also known as
    CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6500,
    CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504.
  * Removed non-free and sourceless binaries from source package
    with the script from the gnuzilla project, with 2 additional removals of
    IETF files. Closes: #393422.
    You can find this modified script for reference in debian/remove.nonfree.
    Note this script also removes useless CVS files.
  * debian/patches/80_uname.dpatch: Fix OS_TARGET so that it is correctly set
    to Linux for things that expect this value instead of linux-gnu (such as
    the extensions manager)
  * debian/libxul0d.links: Added a link for libgtkembedmoz in
    /usr/lib/xulrunner. Closes: #393440.
  * debian/patches/15_passwdmgr.dpatch: Adapted to changes in upstream. Thanks
    to Andreas Metzler.
  * debian/patches/35_crash_focus.dpatch: Removed: applied upstream.
  * debian/patches/15_nspr_setuid.dpatch: Patches from bz#351470 and bz#365703
    to fix privilege escalation issues with setuid/setgid program linked
    against libnspr and some other boundaries issue. Closes: #405062.
  * debian/patches/18_m68k_xpcom.dpatch: Apply changes provided by Roman
    Zippel to fix FTBFS of third party software on m68k. Closes: #402011.
    Renamed as 68_m68k_xpcom.dpatch, since it needs to be sent upstream.
  * debian/libnss3-dev.links: Add nss.pc symlink to xulrunner-nss.pc.
    Closes: #402846.
  * debian/patches/38_kbsd.dpatch, debian/patches/38_mips64_build.dpatch,
    debian/patches/80_uname.dpatch, debian/patches/18_kbsd_nspr.dpatch:
    Applied patch from Petr Salinger to build on GNU/kFreeBSD.
    Closes: #388475.
  * debian/patches/00list: Updated accordingly.
  * debian/patches/99_configure.dpatch: Updated with autoconf.
  * debian/patches/81_soname.dpatch: Updated to fit changes to Linux2.6.mk in
    38_kbsd.dpatch.
  * debian/patches/65_native_uconv.dpatch:
    - Reworked so that UTF-16 is used internally instead of UCS-2, and
      improved to better handle corner cases.
    - Allow claimed iso-8859-1 actually encoded as windows-1252 to be
      converted flawlessly. Closes: #368779, #401784, #405681

 -- Daniel T Chen <email address hidden>   Fri,  12 Jan 2007 12:54:59 +0000
Superseded in feisty-release on 2007-01-12
xulrunner (1.8.0.8-1) unstable; urgency=high

  * New upstream release (taken from upstream CVS)
  * Fixes several security issues, CVE-2006-5464, CVE-2006-5748,
    CVE-2006-5462, CVE-2006-5463, CVE-2006-4310 being some of these.
  * debian/patches/15_print_fontconfig.dpatch,
    debian/patches/15_embed_initial_visibility.dpatch: Removed:
    Applied upstream.
  * debian/patches/00list: Updated accordingly.
  * debian/rules: Changed the way we use uptodate config.guess and config.sub.
    If will make the .diff.gz file lighter.

Superseded in feisty-release on 2006-11-22
xulrunner (1.8.0.7-1) unstable; urgency=low

  * New upstream release (taken from the MOZILLA_1_8_0_7_RELEASE tag in
    upstream CVS)

  * Fixes the following security vulnerabilities:
    CVE-2006-4340, CVE-2006-4253, CVE-2006-4565, CVE-2006-4566,
    CVE-2006-4568, CVE-2006-4569, CVE-2006-4571.

  * Removed patches from NMUs by Matthias Klose, because work done on java
    build in this release makes them unnecessary.
  * debian/patches/15_nodataprotocolcontentpolicy_fix.dpatch,
    debian/patches/15_overthespot.dpatch: Removed, since they've been applied
    upstream.
  * debian/patches/35_embed_initial_visibility.dpatch: Renamed as
    debian/patches/15_embed_initial_visibility.dpatch, since it got applied in
    an upstream branch.
  * debian/patches/80_security_tools.dpatch: Added missing backslash.
    Closes: #385847.
  * debian/patches/15_jni.dpatch: Patch from bz#333738 to update java stubs.
  * debian/patches/80_javaxpcom.dpatch: Force creation of Makefiles in
    extensions/java, even when javaxpcom is disabled. Don't build the jars if
    DEB_NO_JAR is defined.
  * debian/patches/00list: Updated accordingly.
  * debian/mozconfig: Disable javaxpcom.
  * debian/rules:
    + Added rules to build the java class files only for binary
      independent build. This way, no more waiting on java on buildds
      (especially on arm).
    + Build the javaxpcomglue from the bundled jni headers instead of the gcj
      headers.
  * debian/control: Adapted build dependencies so that the minimum is taken to
    build the architecture dependant part, and added adequate
    Build-Depends-Indep field.
  * debian/patches/80_uname.dpatch: Don't use the ppc_linux stuff for ppc64.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  08 Nov 2006 22:18:47 +0000
Superseded in feisty-release on 2006-11-08
Obsolete in edgy-release on 2008-06-19
xulrunner (1.8.0.5-4.2) unstable; urgency=low

  * Relax the dependencies even more, so that the -dev packages can be
    installed with the arm binaries currently in the archive (1.8.0.4).

Superseded in edgy-release on 2006-09-22
xulrunner (1.8.0.4-2) unstable; urgency=low

  * The "finally enabling these stuff" release.

  * debian/watch: Stole the watch file from firefox.
  * debian/rules, debian/control, debian/mozconfig,
    debian/libmozillainterfaces-java.install,
    debian/libmozillainterfaces-java.links, debian/*.conf: Enable pyxpcom
    and javaxpcom again, with some changes on the python part, to fit the
    new python policy. Closes: #173264, #277120, #373906.
  * debian/python-xpcom.dirs, debian/python-xpcom.install: Replace the
    previous .in files, and replace PYVERS by a wildcard.
  * debian/control:
    + Added build dependency on python-support and python-dev.
    + Only create a python-xpcom package instead of pythonX.Y-xpcom.
    + Added XB-Python-Version field to python-xpcom.
    + Bumped debhelper dependency.
  * debian/pyversions, debian/pycompat: Files necessary for dh_pysupport and
    dh_python.

  * debian/libxul-common.*, debian/libxul0d.*, debian/control: Create a new
    libxul-common package for most architecture independant files.

  * debian/control: Add a build dependency on binutils >= 2.17-1 for mips and
    mipsel, where #274738 is fixed.
  * debian/patches/90_mips_performance.dpatch: Remove the xgot hack.
    Closes: #374389. Thanks Thiemo Seufer.
    Also remove the specific setting of MOZ_DEBUG_FLAGS="-g" for mips, it's
    built with -g anyways.
  * debian/rules:
    + Bump shlib for libmozjs0d because of a new symbol. Other libraries were
      not subject to symbol additions, so we can keep them as they are.
      Closes: #376374.
    + Removed an extra parenthesis to really build with minimal toc on ppc64.
      Dammit. Closes: #361188.
  * debian/patches/01_crash_focus: Fix a crasher and several similar potential
    crashers.
  * debian/patches/00list: Updated accordingly.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  10 Jul 2006 12:39:31 +0100
Superseded in edgy-release on 2006-07-10
xulrunner (1.8.0.4-1) unstable; urgency=high

  * The "finally a new upstream" release.
  * Fixes the following security vulnerabilities:
    CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2780,
    CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785,
    CVE-2006-2786, CVE-2006-2787.

  * debian/patches/00_securityfix.dpatch: Removed, since this release includes
    all the security changes we brought from CVS in this patch.
  * debian/patches/90_js_mipsel_endianness.dpatch: Removed, since it was
    applied upstream.
  * debian/patches/01_installer.dpatch,
    debian/patches/01_javaxpcom.dpatch: Removed parts that were applied
  * debian/patches/00list: Updated accordingly.
  * debian/patches/01_distclean.dpatch,
    debian/patches/01_xpcomglue.dpatch: Adapted to upstream changes.
    upstream.
  * debian/patches/99_configure.dpatch: Updated.

  * debian/patches/01_pyxpcom.dpatch: Use a make variable for PYTHON_SO.
  * debian/patches/90_unichar_alignment.dpatch.
  * debian/patches/00list: Added 90_unichar_alignment.
  * debian/rules:
    + Set this PYTHON_SO variable when building python modules.
    + Disabled strict aliasing from optimized builds.
    + Build with minimal toc on ppc64. Closes: #361188.
    + Fix for Gecko date extraction from client.mk.
  * debian/mozconfig: Set default mozilla home.
  * debian/control: Replaced some Conflicts with Replaces, which should be fine.

  * debian/rules, debian/control, debian/mozconfig, debian/python-xpcom.dirs.in,
    debian/python-xpcom.install.in, debian/libmozillainterfaces-java.install,
    debian/libmozillainterfaces-java.links, debian/libxul-common.*,
    debian/libxul0d.*, debian/*.conf: Remove pyxpcom and javaxpcom (again)
    packages and build. We want this release not to go through NEW (again).

128 of 28 results