-
firefox (2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1) gutsy-security; urgency=low
* New security/stability release 2.0.0.21 tb + 308 release
(MOZILLA_1_8_BRANCH - Fri Mar 27 11:36:18 CET 2009)
- see USN-745-2
-- Alexander Sack <email address hidden> Fri, 27 Mar 2009 11:54:44 +0100
-
firefox (2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1) gutsy-security; urgency=low
* New security/stability release 2.0.0.21 tb release (THUNDERBIRD_2_0_0_21_RELEASE)
- see USN-728-2
-- Alexander Sack <email address hidden> Wed, 04 Mar 2009 23:02:45 +0100
-
firefox (2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1) gutsy-security; urgency=low
* New security/stability release 2.0.0.21pre (9th Feb 2009)
- see USN-717-2
-- Alexander Sack <email address hidden> Mon, 09 Feb 2009 12:36:33 +0100
-
firefox (2.0.0.19+nobinonly1-0ubuntu0.7.10.1) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.19)
- see USN-690-2
-- Alexander Sack <email address hidden> Tue, 16 Dec 2008 18:54:43 +0100
-
firefox (2.0.0.18+nobinonly-0ubuntu0.7.10) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.18)
- see USN-667-1
* update configure patch (re-run autoconf2.13)
- update debian/patches/configure-autoconf2-13-reconfigure.patch
-- Alexander Sack <email address hidden> Wed, 12 Nov 2008 21:33:37 +0100
-
firefox (2.0.0.17+1nobinonly-0ubuntu0.7.10) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.17)
- see USN-645-1
-- Alexander Sack <email address hidden> Thu, 18 Sep 2008 15:04:17 +0200
-
firefox (2.0.0.16+1nobinonly-0ubuntu0.7.10) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.16)
- see USN-623-1
-- Alexander Sack <email address hidden> Mon, 14 Jul 2008 19:31:01 +0200
-
firefox (2.0.0.15+1nobinonly-0ubuntu0.7.10) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.15)
- see USN-619-1
-- Alexander Sack <email address hidden> Mon, 23 Jun 2008 15:11:11 +0200
-
firefox (2.0.0.14+2nobinonly-0ubuntu0.7.10) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.14)
- see USN-602-1
-- Alexander Sack <email address hidden> Fri, 18 Apr 2008 13:02:41 +0200
-
firefox (2.0.0.13+1nobinonly-0ubuntu0.7.10) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.13)
- see USN-592-1
-- Alexander Sack <email address hidden> Tue, 25 Mar 2008 11:10:11 +0100
-
firefox (2.0.0.12+2nobinonly+2-0ubuntu0.7.10) gutsy-security; urgency=low
* New stability upstream release (v2.0.0.12)
* MFSA 2008-01 aka CVE-2008-0412: Crashes with evidence of memory corruption
v1.8.1.12 (Browser crashes)
* MFSA 2008-01 aka CVE-2008-0413: Crashes with evidence of memory corruption
v1.8.1.12 (javascript crashes)
* MFSA 2008-02 aka CVE-2008-0414: Multiple file input focus stealing
vulnerabilities: 1. Focus shifting bugs and 2. Selective keystroke
blocking bugs
* MFSA 2008-03 aka CVE-2008-0415: Privilege escalation, XSS, Remote Code
Execution (JavaScript privilege escalation bugs)
* MFSA 2008-04 aka CVE-2008-0416: Multiple XSS vulnerabilities from
character encoding
* MFSA 2008-05 aka CVE-2008-0417: Stored password corruption
* MFSA 2008-06 aka CVE-2008-0418: Directory traversal via chrome: URI
* MFSA 2008-07 aka CVE-2008-0419: Web browsing history and forward
navigation
stealing
* MFSA 2008-08 aka CVE-2008-0420: Possible information disclosure in BMP
decoder
* MFSA 2008-09 aka CVE-2008-0591: File action dialog tampering
* MFSA 2008-10 aka CVE-2008-0592: Mishandling of locally-saved plain text
files
* MFSA 2008-11 aka CVE-2008-0593: URL token stealing via stylesheet redirect
* MFSA 2008-12 aka CVE-2008-0594: Web forgery overwrite with div overlay
* updated diverged patches
- debian/patches/ubuntu-look-and-feel-patch.patch
- debian/patches/configure-autoconf2-13-reconfigure.patch
-- Alexander Sack <email address hidden> Mon, 04 Feb 2008 13:37:45 +0100
-
firefox (2.0.0.11+2nobinonly-0ubuntu0.7.10) gutsy-security; urgency=low
* New stability upstream release (v2.0.0.11)
* upstream fix for canvas regression introduced in firefox
2.0.0.10:
- delete debian/patches/bz391028_att284556.patch
- update debian/patches/series
-- Alexander Sack <email address hidden> Tue, 04 Dec 2007 10:45:29 +0100
-
firefox (2.0.0.10+2nobinonly-0ubuntu1.7.10.1) gutsy-security; urgency=low
* New security/stability upstream release (v2.0.0.10)
* MFSA 2007-37 aka CVE-2007-5947
* MFSA 2007-38 aka CVE-2007-5959
* MFSA 2007-39 aka CVE-2007-5960
* debian/control: fix package description to not include "development
version disclaimer (LP: #150791).
* debian/patches/bz384304_lp117575_linkrecursion_fix_in_startscript.patch,
series: drop patch applied upstream.
* debian/patches/configure-autoconf2-13-reconfigure.patch: rerun
autconf2.13 to resolve upstream merge conflicts.
-- Alexander Sack <email address hidden> Sun, 25 Nov 2007 19:39:25 +0100
-
firefox (2.0.0.8+2nobinonly-0ubuntu1) gutsy-security; urgency=low
New security/stability upstream release (v2.0.0.8):
* MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript)
* MFSA 2007-30 aka CVE-2007-1095
* MFSA 2007-31 aka CVE-2007-2292
* MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894
* MFSA 2007-33 aka CVE-2007-5334
* MFSA 2007-34 aka CVE-2007-5337
* MFSA 2007-35 aka CVE-2007-5338
* MFSA 2007-36 aka CVE-2007-4841 (windows only)
Packaging changes:
* debian/patches/bz389801-theme-crash-with-GtkOptionMenu-indicator_size-and-indicator_spacing.patch,
series: drop patch - applied upstream.
* debian/patches/build-system-garbage.patch: drop allmakefiles.sh hunk -
applied upstream.
* debian/patches/configure-autoconf2-13-reconfigure.patch: rerun
autoconf2.13
-- Alexander Sack <email address hidden> Fri, 19 Oct 2007 13:04:01 +0200
-
firefox (2.0.0.6+2nobinonly-0ubuntu1) gutsy; urgency=low
* Reupload source tarball without binaries (LP: #121734) - sanitized using
debian/remove.binonly.sh
* debian/remove.binonly.sh: add script to strip original tarball from
binary only cruft.
* debian/debsearch.src: debsearch plugin now searches for gutsy packages
(LP: #150503).
-- Alexander Sack <email address hidden> Mon, 08 Oct 2007 13:04:06 +0200
-
firefox (2.0.0.6+2-0ubuntu4) gutsy; urgency=low
* patch shaping: rename patches and include there bugzilla id
where available; document bzXXX-dont-reset-user-prefs-on-upgrade and
force-no-pragma-visibility-for-gcc-4.2_4.3 patches.
* debian/patches/bz389801-theme-crash-with-GtkOptionMenu-indicator_size-and-indicator_spacing.patch:
prefetch latest patch from bugzilla 389801 to fix top-crasher
(LP: #129007).
* debian/firefox-gnome-support.install: properly install gnome support files
previously missing in firefox-gnome-support package (LP: #131743).
-- Alexander Sack <email address hidden> Wed, 19 Sep 2007 18:16:37 +0200
-
firefox (2.0.0.6+2-0ubuntu3) gutsy; urgency=low
* debian/rules, debian/control: use don't build lpia with gcc-4.1/g++-4.1 anymore, but
use gcc-4.2/g++-4.2 for all archs now.
* debian/patches/force-no-pragma-visibility-for-gcc-4.2_4.3, debian/patches/series:
add patch to siable pragma visibility strategy to hide symbols. stick to
-fvisibility=hidden.
* debian/patches/configure-autoconf2-13-reconfigure.patch: rerun autoconf2.13 to make
new force-no-pragma-visibility-for-gcc-4.2_4.3 effective.
* remove unused patches from debian/patches directory:
- debian/patches/bz364093-thebes-system-cairo-fix
- debian/patches/ftbfs-with-branding-dir
- debian/patches/no-have-stdint-h-ftbfs.patch
- debian/patches/submakefiles-fix
- debian/patches/test
- debian/patches/trunk-fsh
-- Alexander Sack <email address hidden> Mon, 27 Aug 2007 13:28:05 +0200
-
firefox (2.0.0.6+2-0ubuntu2) gutsy; urgency=low
* use gXX 4.1 on lpia for now:
- debian/control: build-depend on gcc-4.1 and g++-4.1 on lpia
architectures
- debian/rules: use CXX=g++-4.1 and CC=gcc-4.1 on lpia if those
variables are not user defined
-- Alexander Sack <email address hidden> Fri, 10 Aug 2007 16:37:32 +0200
-
firefox (2.0.0.6+2-0ubuntu1) gutsy; urgency=low
New security/stability upstream release (v2.0.0.6)
* MFSA 2007-26 aka CVE-2007-3844
* MFSA 2007-27 aka CVE-2007-3845
++
LP: #126110 - [gutsy] menu item translations lost
* resurrect feisty .desktop file
* reapply sv translations
++
LP: #123045 - Launcher icon missing, red "X" displayed instead
* debian/changelog: document 'fix firefox-nspr.pc/firefox-nss.pc to
use system provided libs' checkin.
* debian/changelog: bump version for next release, but keep NOTRELEASED
++
Fix firefox-nspr.pc/firefox-nss.pc to use system provided libs
* debian/firefox-nspr.pc, debian/firefox-nss.pc: drop old .pc files
* debian/firefox-dev.install: don't install those handcrafted .pc files anymore
* debian/firefox-dev.links: in turn setup compatibility links
/usr/lib/pkgconfig/firefox-nss.pc -> /usr/lib/pkgconfig/nss.pc
/usr/lib/pkgconfig/firefox-nspr.pc -> /usr/lib/pkgconfig/nspr.pc
(LP: #112818)
++
migrate ubuntu help menu entries to ubufox:
* debian/patches/ubuntu-look-and-feel-report-a-bug-menuitem.patch,
debian/patches/ubuntu-look-and-feel-disable-help-translate-menu.patch:
remove patch which completely lives in ubufox as of version 0.3
* debian/patches/series: remove that patch from series accordingly
* debian/patches/ubuntu-look-and-feel-patch.patch: drop menu entry modifications
from main look-and-feel patch as they live in ubufox since 0.3
-- Alexander Sack <email address hidden> Tue, 31 Jul 2007 14:19:57 +0200
-
firefox (2.0.0.5+2-0ubuntu2) gutsy; urgency=low
* debian/patches/dont-reset-user-prefs-on-upgrade,
debian/patches/series: patch to prevent user prefs being reset to
default during upgrade
* debian/firefox.install, debian/firefox.links: install
browserconfig.properties properly (LP: #123800)
-- Alexander Sack <email address hidden> Fri, 20 Jul 2007 15:37:22 +0200
-
firefox (2.0.0.5+2-0ubuntu1) gutsy; urgency=low
* New security/stability upstream release (v2.0.0.5)
* MFSA 2007-18 aka CVE-2007-3734 (browser), CVE-2007-3735 (Javascript)
* MFSA 2007-19 aka CVE-2007-3736
* MFSA 2007-20 aka CVE-2007-3089
* MFSA 2007-21 aka CVE-2007-3737
* MFSA 2007-22 aka CVE-2007-3285
* MFSA 2007-23 aka CVE-2007-3670
* MFSA 2007-24 aka CVE-2007-3656
* MFSA 2007-25 aka CVE-2007-3738
-- Alexander Sack <email address hidden> Wed, 18 Jul 2007 10:54:27 +0200
-
firefox (2.0.0.4+2-0ubuntu4) gutsy; urgency=low
* debian/firefox.install: Resurrect /etc/firefox/profile/. Without it,
Firefox creates an empty profile as a file instead of a directory, which
both makes it break, and also would not have our Ubuntu specific
bookmarks, settings, etc. (LP: #123917)
-- Martin Pitt <email address hidden> Wed, 18 Jul 2007 20:11:59 +0200
-
firefox (2.0.0.4+2-0ubuntu3) gutsy; urgency=low
* drop more patches:
* debian/patches/ubuntu-look-and-feel-patch.patch: drop patch removes
File->Import dialog (LP: #28563)
* debian/patches/series: drop ubuntu-look-and-feel-geometries.patch
from patch series; remove that patch-file from debian/patches dir
accordingly
* debian/control: firefox recommends ubufox - the ubuntu firefox extension
* drop config tweaks from patchset as they are now shipped in
ubufox extension:
* debian/patches/disable-default-setting-for-app.update.enabled-and-app.update.auto.patch,
debian/patches/enable-kerberos-for-https.patch,
debian/patches/locale-my-matchOS.patch,
debian/patches/ubuntu-disable-default-browser-check.patch,
debian/patches/use-intl.properties.patch: drop property only
patches from patchset
* debian/patches/ubuntu-no-nss-chk-create.patch: drop useless patch
as we are now using system nss.
* debian/patches/series: remove property only patches above from
series file as well.
* debian/patches/ubuntu-disable-welcome-update-url.patch,
debian/patches/ubuntu-look-and-feel-disable-help-translate-menu.patch,
debian/patches/ubuntu-look-and-feel-patch-fix-bookmarks-ubuntu-urls.patch,
debian/patches/ubuntu-look-and-feel-patch.patch,
debian/patches/ubuntu-look-and-feel-report-a-bug-menuitem.patch,
debian/patches/ubuntu-printing-patch.patch: drop property parts
and add TODO for patches that contain tweakings that can be
moved to distro mods extension by overlays or other tricks.
* debian/patches/no-have-stdint-h-ftbfs.patch: drop unused trunk
patch from release branch package.
* debian/build-tools/obscure.c, debian/rules: provide C helper
(obscure-tool) to obscure firefox.cfg; build this helper in rules on
pre-build:: and clean up on clean::
* debian/firefox-dev.install: ship obscure-tool binary in pkglibdir of
firefox-dev package.
* Obscure firefox.cfg:
- debian/firefox.cfg renamed to debian/firefox.cfg.source
- debian/rules: produce obscured debian/firefox.cfg in pre-build:: and
remove it in clean::" debian/rules debian/firefox.cfg.source
- debian/firefox.cfg.source: don't tweak obscure_value anymore
* debian/patches/bz270159-lp65164-empty-file-or-duplicate-extension-on-fat32-ntfs,
debian/patches/series: added patch for bugzilla bug bz270159 "Download
manager adds extension regardless of file's own extension" and bugzilla
bug bz336113 "empty file saving on download (NTFS/FAT/SMB)" - patch
submitted to bugzilla (LP: #65164).
* debian/firefox.links: install compatibility links for libnspr4 and
libnss3 shared libraries. This is done because our libnss and libnspr libs
don't have same library name as upstream ones (e.g. we use versioned soname);
so now we install links with original filename to pkglibdir of each mozilla
application.
[ Andrea Veri ]
* Added svedish translations support to firefox's .desktop file.
(LP: #107683)
-- Alexander Sack <email address hidden> Fri, 8 Jun 2007 01:11:00 +0200
-
firefox (2.0.0.4+2-0ubuntu2) gutsy; urgency=low
Cherry pick release for tribe-2:
* debian/docs, debian/MPL: ship MPL (LP: #119814)
* debian/patches/bz384304_lp117575_linkrecursion_fix_in_startscript.patch,
debian/patches/series: patch to fix symlink handling of startup-script
by Hilario Montoliu <email address hidden> - (LP: #117575).
* debian/apport/firefox.py, debian/firefox.install: new apport hook for
firefox by Hilario J. Montoliu <email address hidden>; install hook to
/usr/share/apport/package-hooks/ (LP: #88506)
-- Alexander Sack <email address hidden> Mon, 25 Jun 2007 10:38:55 +0200
-
firefox (2.0.0.4+2-0ubuntu1) gutsy; urgency=low
* new upstream security/stability update (Closes: LP#117990)
* MFSA2007-17 aka CVE-2007-2871: XUL Popup Spoofing
* MFSA2007-16 aka CVE-2007-2870: XSS using addEventListener
* MFSA2007-14 aka CVE-2007-1362: Path Abuse in Cookies
* MFSA2007-13 aka CVE-2007-2869: Persistent Autocomplete Denial of Service
* MFSA2007-12 aka CVE-2007-2867 (layout engine) + CVE-2007-2868
(javascript engine): Crashes with evidence of memory corruption
* drop upstream applied patches:
bz312998-GetVisibility-patch.patch,
bz358930-gradient-spread-method-pad-fix.patch,
bz366844-mozilla-configure-in-patch-to-workaround-gcc-visibility-bug.patch
* adapted patches to upstream codebase changes:
bz273524-gnome-mime-registry-ubuntu.patch
* debian/firefox.1, debian/firefox.manpages: install firefox.1 (Closes: LP#115112)
* install gnome-www-browser alternative in postinst and remove
that alternative in prerm - copied over from feisty
* debian/firefox.preinst: uninstall x-www-browser and mozilla alternative
* debian/firefox-dev.install: install nsBuildID.h to /usr/include/firefox/
(Closes: LP#115630)
-- Alexander Sack <email address hidden> Tue, 15 May 2007 12:10:00 +0200
-
firefox (2.0.0.3+3-0ubuntu4) gutsy; urgency=low
* firefox: conflicts libnss3 to install proper symlink
/usr/lib/firefox/libnssckbi.so -> ../nss/libnssckbi.so
* add DisplayIf: instruction to test for running firefox; this is ment to
prevent restart notification from being displayed if ffox has been crashed in
the time between file replacement and update notification
* debian/firefox.postinst added - which was accidentially left behind when
migrating to new package layout
-- Alexander Sack <email address hidden> Tue, 15 May 2007 12:10:00 +0200
-
firefox (2.0.0.3+3-0ubuntu3) gutsy; urgency=low
* firefox-dev: Depend on libnss3-dev.
-- Matthias Klose <email address hidden> Sun, 06 May 2007 14:11:05 +0000
-
firefox (2.0.0.3+3-0ubuntu2) gutsy; urgency=low
* don't use -Xnss for dh_install of firefox-dev files - fix missing headers
for epiphany
-- Alexander Sack <email address hidden> Fri, 4 May 2007 18:10:00 +0200
-
firefox (2.0.0.3+3-0ubuntu1) gutsy; urgency=low
* debian/patches/series, debian/patches/ubuntu-prevent-distributor-user-agent-part-reset.patch:
enable update of user-agent parts on startup again
* debian/firefox.install: install default.xpm in /usr/share/firefox/chrome/icons
by debhelper
* debian/rules, debian/vendor.js.in: create vendor.js pref file from
.in template with data from /etc/lsb-release; add preprocessing of
vendor.js.in to cdbs 'common-install-arch' target.
* merging down patches and tweaks from old firefox package to
new package structure with cdbs.
* debian/cdbs-rules/debhelper.mk: custom cdbs rules which allows
to specify dh_install extra args on a per package base
* debian/control.in, debian/control, debian/rules: use
system-nspr and system-nss; drop libnss3 and libnspr4 and
friends from control files; remove debhelper files
accordingly
* debian/rules: added update-orig target
* merging down modification and changelog entries for firefox updates
(2.0.0.2+1-0ubuntu1, 2.0.0.2+1-0ubuntu2, 2.0.0.3+1-0ubuntu1,
2.0.0.3+1-0ubuntu2) imported using (feisty) approved patchset
at http://people.ubuntu.com/~asac/moz-screen.3
== Bugzilla Patches ==
+ bz161826-nsTextFrame-MeasureText-s-crash-on-RISC.patch
+ bz241535-Assertion-failure-on-destroying-XEmbed-plug-in.patch
+ bz273524-gnome-mime-registry-ubuntu.patch
+ bz289394-align-double-on-ia64-deb-bug-303518.patch
+ bz312998-GetVisibility-patch.patch
+ bz331818-fix-crash-xpidl-zero-arguments.patch
+ bz335810-pango-cursor-up-down-fix.patch
+ bz343360-feed-flat-chrome-fix.patch
+ bz345077-make-install-installs-extensions-in-chrome-and-extensions.patch
+ bz358930-gradient-spread-method-pad-fix.patch
+ bz366844-mozilla-configure-in-patch-to-workaround-gcc-visibility-bug.patch
+ bz51429-anti-netstat-zombie-linux.patch
+ bz7969-a-thai-patch.patch
== Patches for Upstream ==
+ bzXXX-syntax-fixes-for-.m4-files-needed-for-proper-embedding.patch
+ bzXXX-wl-no-as-needed-for-libxpcom-lp85112.patch
+ deb299697-lp42559-use-FC_ANY_METRICS.patch
+ disable-default-setting-for-app.update.enabled-and-app.update.auto.patch
+ myspell-hunspell-support-configure-in-add-enable-system-myspell-support.patch
== Patches Ubuntu/Distribution ==
+ enable-kerberos-for-https.patch
+ flat-chrome-fix.patch
+ locale-my-matchOS.patch
+ add-a-recognized-pref-folder-called-syspref-inside-the-defaults-hierarchy.patch
+ ubuntu-disable-default-browser-check.patch,
+ ubuntu-disable-welcome-update-url.patch,
+ ubuntu-look-and-feel-disable-help-translate-menu.patch,
+ ubuntu-look-and-feel-geometries.patch,
+ ubuntu-look-and-feel-home-folder.patch,
+ ubuntu-look-and-feel-patch-fix-bookmarks-ubuntu-urls.patch,
+ ubuntu-look-and-feel-patch.patch,
+ ubuntu-look-and-feel-report-a-bug-menuitem.patch,
+ ubuntu-no-nss-chk-create.patch,
+ ubuntu-prevent-distributor-user-agent-part-reset.patch
== Misc Patches ==
+ build-system-garbage.patch
== Debian Directory ==
+ debian/firefoxrc: fix old malone url in comment
(LP#94392)
+ debian/control.in, debian/control: fix missing firefox-libthai
depends on firefox; produce firefox-libthai binary package,
which contains libthai component introduced in patch
-- Alexander Sack <email address hidden> Fri, 4 May 2007 01:16:00 +0200
-
firefox (2.0.0.3+1-0ubuntu2) feisty; urgency=low
* debian/control: fix missing firefox-libthai depends on firefox
* xpfe/components/killAll/Makefile.in: drop unapproved/useless patch
to install/remove nsKillAll.js component.
* browser/locales/en-US/profile/bookmarks.html: fix bookmarks urls;
www.ubuntulinux.org/wiki/FrontPage -> wiki.ubuntu.com; www.ubuntulinux.org
-> www.ubuntu.com (LP#93502)
* browser/base/content/baseMenuOverlay.xul: commenting out ubuntu help
menu entries: Get Help Online; Translate This application. Reenable as
soon as launchpad supports these features.
* layout/svg/renderer/src/cairo/nsSVGCairoGradient.cpp: fix for bz358930
(LP#69721): 2.0 doesn't respect SVG gradient spreadMethod="pad"
* gfx/src/gtk/nsFontMetricsPango.cpp: fix for bz335810: cursor up/down
keypresses do not preserve horizontal position when using pango (LP#36571)
* debian/firefoxrc: fix old malone url in comment (LP#94392)
-- Alexander Sack <email address hidden> Tue, 3 Apr 2007 12:45:00 +0200