Ubuntu

Change logs for “seamonkey” source package in Hardy

  • seamonkey (2.0.11+build1+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New upstream release v2.0.11 (SEAMONKEY_2_0_11_BUILD1)
      * SECURITY UPDATE:
        - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.11
      * Fixes LP: #575160 - seamonkey 2.0 crashes with 'RenderBadPicture'
     -- Chris Coulson <email address hidden>   Mon, 06 Dec 2010 13:48:43 +0000
  • seamonkey (2.0.10+build1+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New upstream release v2.0.10 (SEAMONKEY_2_0_10_BUILD1)
      * SECURITY UPDATE:
        - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.10
     -- Chris Coulson <email address hidden>   Wed, 27 Oct 2010 16:28:42 -0400
  • seamonkey (2.0.9+build1+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New upstream release v2.0.9 (SEAMONKEY_2_0_9_BUILD1)
      * SECURITY UPDATE:
        - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9
    
      * Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
        Bump minimum required version for system NSS to 3.12.8
        - update debian/rules
      * Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
        Bump minimum required version for system NSPR to 4.8.6
        - update debian/rules
      * Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
        symlink to the system dictionaries
        - update debian/rules
        - update debian/seamonkey-browser.install
      * Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
        postinst script. The seamonkey package is just a meta-package, and
        the file is shipped by seamonkey-browser. Changing this ensures that
        seamonkey doesn't fail to configure if there is version skew during
        upgrades, and avoids the need for having tight dependencies
        - update debian/rules
        - remove debian/seamonkey.postinst.in
        - remove debian/seamonkey.prerm.in
     -- Chris Coulson <email address hidden>   Tue, 05 Oct 2010 01:18:52 +0100
  • seamonkey (2.0.8+build1+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New upstream release v2.0.8 (SEAMONKEY_2_0_8_BUILD1)
    
      * SECURITY UPDATES:
      * MFSA 2010-49: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
        - CVE-2010-3169
      * MFSA 2010-50: Frameset integer overflow vulnerability
        - CVE-2010-2765
      * MFSA 2010-51: Dangling pointer vulnerability using DOM plugin array
        - CVE-2010-2767
      * MFSA 2010-52: Windows XP DLL loading vulnerability
        - CVE-2010-3131
      * MFSA 2010-53: Heap buffer overflow in nsTextFrameUtils::TransformText
        - CVE-2010-3166
      * MFSA 2010-54: Dangling pointer vulnerability in nsTreeSelection
        - CVE-2010-2760
      * MFSA 2010-55: XUL tree removal crash and remote code execution
        - CVE-2010-3168
      * MFSA 2010-56: Dangling pointer vulnerability in nsTreeContentView
        - CVE-2010-3167
      * MFSA 2010-57: Crash and remote code execution in normalizeDocument
        - CVE-2010-2766
      * MFSA 2010-58: Crash on Mac using fuzzed font in data: URL
        - CVE-2010-2770
      * MFSA 2010-60: XSS using SJOW scripted functio
        - CVE-2010-2763
      * MFSA 2010-61: UTF-7 XSS by overriding document charset using <object>
        type attribute
        - CVE-2010-2768
      * MFSA 2010-62: Copy-and-paste or drag-and-drop into designMode document
        allows XSS
        - CVE-2010-62
      * MFSA 2010-63: Information leak via XMLHttpRequest statusText
        - CVE-2010-63
    
      * Refresh patches for new upstream version
        - update debian/patches/seamonkey-fsh.patch
      * Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
        Install the newsblog.js XPCOM component
        - update debian/seamonkey-mailnews.install
     -- Chris Coulson <email address hidden>   Fri, 17 Sep 2010 11:21:00 +0100
  • seamonkey (2.0.5+build1+nobinonly-0ubuntu0.8.04.1~ums1) hardy-security; urgency=low
    
      * New upstream release v2.0.5 (SEAMONKEY_2_0_5_BUILD1)
    
      [ Fabien Tassin <email address hidden> ]
      * Add conditional support for system Cairo, NSS, NSPR
        - update debian/rules
      * Update icons from xpm to png
        - update debian/seamonkey-*.{install,links,menu}
      * We no longer need dynamic -lsoftokn, disable NSS_DYNAMIC_SOFTOKN
        - add debian/patches/no_dynamic_nss_softokn.patch
        - update debian/patches/series
    
      [ Micah Gersten <email address hidden> ]
      * Use versioned install directory
        - update debian/rules
      * Bump minimum versions of system libs; cairo to 1.8.8; NSPR to 4.8;
        NSS to 3.12.6
        - update debian/rules
      * Update .install files for latest release
        - update debian/seamonkey-browser.install
        - update debian/seamonkey-mailnews.install
      * Refresh patches
        - update debian/patches/cleaner_dist_clean.patch
        - update debian/patches/fix_installer.patch
        - update debian/patches/seamonkey-fsh.patch
      * Drop cairo FTBFS patch after upstream landing
        - drop debian/patches/fix_ftbfs_with_cairo_fb.patch
        - update debian/series
      * Install gnome components in -browser package so that it works out of the box
        - update debian/seamonkey-browser.install
        - update debian/control
        - update debian/rules
      * Move mozclient to be in source
        - add debian/mozclient/compare.mk
        - add debian/mozclient/seamonkey-remove.binonly.sh
        - add debian/mozclient/seamonkey.conf
        - add debian/mozclient/seamonkey.mk
        - update debian/rules
      * Fix FTBFS on Sparc by disabling jit (LP: #523627)
        - update debian/rules
    
      [ Chris Coulson <email address hidden> ]
      * Ensure the symlinks are installed correctly. File name expansion
        doesn't work in the .links files, so call dh_link explicitly in
        debian/rules instead
        - drop debian/seamonkey-browser.links
        - drop debian/seamonkey-mailnews.links
        - update debian/rules
      * Only the seamonkey-gnome-support package should have dependencies on GNOME
        libraries - ensure that seamonkey-browser doesn't have the GNOME components
        installed when dh_shlibdeps is run
        - update debian/rules
        - update debian/seamonkey-browser.install
     -- Micah Gersten <email address hidden>   Thu, 06 May 2010 12:11:52 -0500
  • seamonkey (1.1.17+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New upstream security release: 1.1.17 (LP: #356274)
        - CVE-2009-1841: JavaScript chrome privilege escalation
        - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
        - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
        - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
        - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
        - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
        - CVE-2009-1307:  Same-origin violations when Adobe Flash loaded via view-source: scheme
        - MFSA 2009-33  Crash viewing multipart/alternative message with text/enhanced part
      * removed debian/patches/90_181_484320_attachment_368977.patch
      * removed debian/patches/90_181_485217_attachment_369357.patch
      * removed debian/patches/90_181_485286_attachment_369457.patch
        - update debian/patches/series
    
     -- John Vivirito <email address hidden>   Mon, 06 Jul 2009 13:20:53 -0400
  • seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.2) hardy-security; urgency=low
    
      * CVE-2009-1044: Arbitrary code execution via XUL tree element
        - add debian/patches/90_181_484320_attachment_368977.patch
        - update debian/patches/series
      * CVE-2009-1169: XSL Transformation vulnerability
        - add 90_181_485217_attachment_369357.patch
        - add debian/patches/90_181_485286_attachment_369457.patch
    
    seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New security upstream release: 1.1.15 (LP: #309655)
        - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
        - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
        - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
        - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
        - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect
    
    seamonkey (1.1.14+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New security upstream release: 1.1.14 (LP: #309655)
        - CVE-2008-5511: XSS and JavaScript privilege escalation
        - CVE-2008-5510: Escaped null characters ignored by CSS parser
        - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$
        - CVE-2008-5507: Cross-domain data theft via script redirect error message
        - CVE-2008-5506: XMLHttpRequest 302 response disclosure
        - CVE-2008-5503: Information stealing via loadBindingDocument
        - CVE-2008-5501..5500: Crashes with evidence of memory corruption
          (rv:1.9.0.5/1.8.1.19)
      * drop patches applied upstream
        - delete debian/patches/35_zip_cache.patch
        - update debian/patches/series
    
     -- Alexander Sack <email address hidden>   Tue, 31 Mar 2009 13:21:19 +0200
  • seamonkey (1.1.12+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
    
      * New security upstream release: 1.1.12 (LP: #276437)
        - CVE-2008-4070: Heap overflow when canceling newsgroup message
        - CVE-2008-4069: XBM image uninitialized memory reading
        - CVE-2008-4067..4068: resource: traversal vulnerabilities
        - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
        - CVE-2008-4061..4064: Crashes with evidence of memory corruption
        - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
        - CVE-2008-3837: Forced mouse drag
        - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
        - CVE-2008-0016: UTF-8 URL stack buffer overflow
      * Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
        - CVE-2008-2785: Remote code execution by overflowing CSS reference counter
        - CVE-2008-2811: Crash and remote code execution in block reflow
        - CVE-2008-2810: Remote site run as local file via Windows URL shortcut
        - CVE-2008-2809: Peer-trusted certs can use alt names to spoof
        - CVE-2008-2808: File location URL in directory listings not escaped properly
        - CVE-2008-2807: Faulty .properties file results in uninitialized memory being used
        - CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on Mac OS X
        - CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
        - MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing
        - CVE-2008-2803: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
        - CVE-2008-2802: Chrome script loading from fastload file
        - CVE-2008-2801: Signed JAR tampering
        - CVE-2008-2800: XSS through JavaScript same-origin violation
        - CVE-2008-2798..2799: Crashes with evidence of memory corruption
        - CVE-2008-1380: Crash in JavaScript garbage collector
      * Refresh diverged patch:
        - update debian/patches/80_security_build.patch
      * Fix FTBFS with missing -lfontconfig
        - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
        - update debian/patches/series
    
     -- Fabien Tassin <email address hidden>   Tue, 30 Sep 2008 22:44:30 +0200
  • seamonkey (1.1.9+nobinonly-0ubuntu1) hardy; urgency=low
    
      * New security upstream release: 1.1.9 (LP: #207461)
      * Security fixes:
        - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
        - MFSA 2008-18 Java socket connection to any local port via LiveConnect
        - MFSA 2008-17 Privacy issue with SSL Client Authentication
        - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
        - MFSA 2008-15 Crashes with evidence of memory corruption
        - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
      * Drop patches applied upstream:
        - drop debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch
        - update debian/patches/series
      * Add missing Ubuntu-specific menu items (LP: #190845)
        - add debian/patches/85_ubuntu_menu.patch
        - update debian/patches/series
        Contributed by Andrea Colangelo <email address hidden>
    
     -- Fabien Tassin <email address hidden>   Thu, 27 Mar 2008 00:31:02 +0100
  • seamonkey (1.1.8+nobinonly-0ubuntu1) hardy; urgency=low
    
      * New security upstream release: 1.1.8
      * Security fixes:
        - MFSA 2008-10 URL token stealing via stylesheet redirect
        - MFSA 2008-09 Mishandling of locally-saved plain text files
        - MFSA 2008-06 Web browsing history and forward navigation stealing
        - MFSA 2008-05 Directory traversal via chrome: URI
        - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
        - MFSA 2008-02 Multiple file input focus stealing vulnerabilities
        - MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
      * Drop unwanted patches:
        - drop debian/patches/82_homepage.patch
        - drop debian/patches/85_about.patch
        - drop debian/patches/85_release_notes.patch
        - update debian/patches/series
      * Update diverged patch:
        - update debian/patches/99_configure.patch
    
     -- Fabien Tassin <email address hidden>   Fri, 08 Feb 2008 13:13:42 +0100
  • seamonkey (1.1.7+nobinonly-0ubuntu2) hardy; urgency=low
    
      * bump Standards-Version to 3.7.3
        - update debian/control
      * Add comments to patches lacking one
        - update debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch
        - update debian/patches/12_fix_ftbfs_with_nss.patch
      * Drop extensions from icons in the .desktop files
        - update debian/menu_dir/*.desktop
      * Drop Uploaders: field as it doesn't mean anything for Ubuntu
        - update debian/control
      * Reference the specific versions of the GPL and LGPL
        - update debian/copyright
      * Add get-orig-source and get-current-source to respectively
        fetch and repack a newer tarball or the current tarball needed
        to build this version of the package
        - update debian/rules
      * Update 'section' of all menu files to be compliant with Debian
        Menu System
        - update debian/*.menu
    
     -- Fabien Tassin <email address hidden>   Mon, 10 Dec 2007 17:32:39 +0100
  • seamonkey (1.1.7+nobinonly-0ubuntu1) hardy; urgency=low
    
      * New security upstream release: 1.1.7 (LP: #174739)
      * MSFA 2007-37, MSFA 2007-38, MSFA 2007-39
      * Drop patches applied upstream
        - drop debian/patches/65_branding_bug_401824.patch
        - drop debian/patches/65_composer_charset.patch
        - update debian/patches/series
      * Update debian/patches/99_configure.patch
      * Add Vcs-Bzr: and Homepage: fields to control
        - update debian/control
      * Change dfsg into nobinonly in watch file
        - update debian/watch
    
     -- Fabien Tassin <email address hidden>   Fri, 07 Dec 2007 20:52:32 +0100
  • seamonkey (1.1.6+nobinonly-0ubuntu1) hardy; urgency=low
    
      [ Fabien Tassin ]
      * Remove unused patches:
        - drop debian/patches/20_visibility.dpatch,
          debian/patches/28_ppc64_build.dpatch,
          debian/patches/38_unsupported_arch_build.dpatch,
          debian/patches/80_calendar_locale.dpatch,
          debian/patches/82_prefs_ubuntu.dpatch
      * Migrate from dpatch to quilt
        - update debian/control: build-depends on quilt
        - debian/rules: update patching rules
        - drop debian/patches/80_config.dpatch: done by quilt
        - rename and update debian/patches/00list => debian/patches/series
        - rename and update debian/patches/*.dpatch => debian/patches/*.patch
      * Fix unclean distclean leaving dist/ behind
        - update debian/patches/60_distclean.patch
      * Migrate to CDBS
        - update debian/rules and debian/control
      * Revert the Iceape unbranding to Seamonkey
        - drop debian/patches/80_app_name.patch and update
          debian/patches/series
        - update debian/patches/82_prefs.patch and
          debian/patches/99_configure.patch
        - drop iceape's icons:
          - update debian/rules
          - drop debian/extras/iceape* and debian/extras/Throbber*
          - drop debian/extras/license.txt
          - update wording
          - update debian/copyright
        - rename packages to seamonkey-*
          - update debian/control
          - rename debian/iceape-*.{dirs,install,links,postinst,postrm,preinst}
            to debian/seamonkey-*.{dirs,install,links,postinst,postrm,preinst}
          - rename debian/iceape-*.{menu,mime,manpages}
            to debian/seamonkey-*.{menu,mime,manpages}
        - rename and update debian/menu_dir/iceape-*.desktop to
          debian/menu_dir/seamonkey-*.desktop
        - rename and update debian/{iceape.cfg,iceaperc,iceape-runner} to
          debian/{seamonkey.cfg,seamonkeyrc,seamonkey-runner}
        - update debian/about_debian.js, debian/base.js and debian/homepagereset.js
      * Drop leftovers from calendar
        - drop debian/iceape-calendar.*
        - drop debian/extras/calendar.svg
        - drop debian/menu_dir/iceape-calendar.desktop
        - update debian/control
      * Clean-up
        - drop debian/README.source (no longer useful)
        - drop debian/mozconfig (leftover from previous commit)
      * Drop debian/patches/81_free_art_improvements.patch (was part of
        the unbranding)
        - update debian/patches/series
      * Make seamonkey build at last
        - fix FTBFS with new libnss (since bz399589 landed)
          - add debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch
          - update debian/patches/series
        - fix another FTBFS with libnss (caused by bad linking order with libcrmf)
          - add debian/patches/12_fix_ftbfs_with_nss.patch
          - update debian/patches/99_configure.patch
          - update debian/patches/series
        - fix bad syntax for --enable-extensions
          - update debian/rules
        - fix FTBFS with dh_install needing DEB_DH_INSTALL_SOURCEDIR
          - update debian/rules
        - fix install of additionnal searchplugins
          - update debian/rules
        - don't install hicolor icons (we don't have any)
          - update debian/seamonkey-browser.install
      * Install libnssckbi.so in seamonkey-browser and drop other libnss links
        - update debian/rules and debian/seamonkey-browser.links
      * Fix broken chrome.d files and clean-up install rules
        - update debian/rules
        - update debian/seamonkey-browser.{install,dirs}
        - update debian/seamonkey-chatzilla.install
        - update debian/seamonkey-dom-inspector.install
        - update debian/seamonkey-mailnews.install
      * Update bug link and README to point Seamonkey toward Ubuntu
        - update debian/about_debian.js
        - debian/README.Debian
      * Fix FTBFS on amd64 (don't depend on arch indep rules for binary
        packages
        - update debian/rules
        - update debian/seamonkey-browser.install
        - update debian/seamonkey-chatzilla.install
        - update debian/seamonkey-dom-inspector.install
        - update debian/seamonkey-mailnews.install
      * Update to upstream release 1.1.6 (from 1.1.4)
        - update debian/control
        - Security fixes provided by 1.1.5:
          MFSA 2007-36, MFSA 2007-35, MFSA 2007-34, MFSA 2007-33, MFSA 2007-32,
          MFSA 2007-31, MFSA 2007-30, MFSA 2007-29 and MFSA 2007-28.
      * Update diverged patches:
        - update debian/patches/35_theme_switch.patch
        - debian/patches/38_kbsd.patch
        - debian/patches/68_mips_performance.patch
        - debian/patches/99_configure.patch
      * Update Maintainer to Ubuntu Mozilla Team
        - update debian/control
      * Conflicts/Replaces iceape
        - update debian/control
      * Fix nss links not installed where CDBS would have done it
        - update debian/rules
      * Remove bin-only files from upstream tarball using debian/remove.binonly.sh.
        Add a nobinonly target in debian/rules to clean up the current tarball,
        preserve logs in mozilla/REMOVED+nobinonly.txt.
        - rename and update debian/remove.nonfree => debian/remove.binonly.sh
        - update debian/rules
      * Fix desktop files to make desktop-file-validate happy
        - update debian/menu_dir/*.desktop
      * Disable all desktop files except seamonkey.desktop, using the icon
        from branding (instead of the old style Mozilla one)
        - update debian/menu_dir/*.desktop
        - update debian/rules
      * Add dummy packages for migration of iceape and mozilla packages:
        mozilla, mozilla-browser, mozilla-dev, mozilla-mailnews, mozilla-chatzilla,
        mozilla-psm, mozilla-dom-inspector, mozilla-js-debugger, mozilla-calendar,
        iceape, iceape-browser, iceape-gnome-support, iceape-dev, iceape-dbg,
        iceape-mailnews, iceape-chatzilla, iceape-calendar and iceape-dom-inspector
        - update debian/control
      * Merge DSP settings from previously installed /etc/iceape/iceaperc or
        /etc/mozilla/mozillarc into /etc/seamonkey/seamonkeyrc
        - update debian/seamonkey-browser.preinst
      * Remove leftovers from iceape packages
        - add debian/iceape-browser.postrm
        - add debian/iceape-browser.preinst
      * Re-install /etc/seamonkey files previously disabled
        - update debian/seamonkey-browser.install
      * Add missing 'upgrade' target to preinst script
        - update debian/iceape-browser.preinst
      * Exclude CVS stuff when doing nobinonly tarballs
        - update debian/rules
      * Fix a recent FTBFS in hardy where gtk+ is no longer bringing
        some X libs in build-deps
        - add debian/patches/13_bz344818_att264996.patch
        - update debian/patches/99_configure.patch
        - update debian/patches/series
    
     -- Fabien Tassin <email address hidden>   Sun, 02 Dec 2007 19:27:42 +0100