thunderbird (1:115.12.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sat, 15 Jun 2024 07:35:58 +0200 thunderbird (1:115.12.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Fri, 14 Jun 2024 17:18:31 +0200 thunderbird (1:115.12.0-1) unstable; urgency=medium * [3d303c4] d/c-u-t.py: Ignore one more version * [2e7f143] New upstream version 115.12.0 Fixed CVE issues in upstream version 115.12 (MFSA 2024-28): CVE-2024-5702: Use-after-free in networking CVE-2024-5688: Use-after-free in JavaScript object transplant CVE-2024-5690: External protocol handlers leaked by timing attack CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window CVE-2024-5692: Bypass of file name restrictions during saving CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas CVE-2024-5696: Memory Corruption in Text Fragments CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 * [9afc3a0] d/logo/thunderbird: Update PNG files from newer SVG (Closes: #1071824) * [a92c8d1] d/thunderbird.install: Install the newer correct SVG graphic -- Carsten Schoenert Fri, 14 Jun 2024 13:26:00 +0200 thunderbird (1:115.11.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Wed, 15 May 2024 19:10:51 +0200 thunderbird (1:115.11.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Wed, 15 May 2024 17:49:39 +0200 thunderbird (1:115.11.0-1) unstable; urgency=medium * [47bb447] d/c-u-t.py: Ignore potentially non ESR versions * [f008566] New upstream version 115.11.0 Fixed CVE issues in upstream version 115.11 (MFSA 2024-23): CVE-2024-4367: Arbitrary JavaScript execution in PDF.js CVE-2024-4767: IndexedDB files retained in private browsing mode CVE-2024-4768: Potential permissions request bypass via clickjacking CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types CVE-2024-4770: Use-after-free could occur when printing to PDF CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 * [b029857] d/control: Re-add build and binary dep on rnp library (Closes: #1070871) -- Carsten Schoenert Tue, 14 May 2024 21:28:37 +0200 thunderbird (1:115.10.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sun, 21 Apr 2024 11:14:56 +0200 thunderbird (1:115.10.1-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Sun, 21 Apr 2024 10:16:07 +0200 thunderbird (1:115.10.1-1) unstable; urgency=medium [ William Desportes ] * [d0cbb66] Fix a typo in the wrapper file [ Carsten Schoenert ] * [47d140b] New upstream version 115.10.1 Fixed CVE issues in upstream version 115.10 (MFSA 2024-20): CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not in focus CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 * [5612f7b] d/control: Move libotr5 to libotr5t64 for bin:thunderbird (Closes: #1069337) * [195482a] d/mozconfig.default: Use internal shipped librnp version The Debian package has a RC bug for longer time which would prevent the migration of the thunderbird package to testing. * [cd4de72] d/control: Drop dependencies on librnp{0,-dev} * [761eb83] d/thunderbird.install: Install local built rnp tools * [ce212a8] d/control: Increase Standards-Version to 4.7.0 No further changes needed. -- Carsten Schoenert Sat, 20 Apr 2024 19:35:18 +0200 thunderbird (1:115.9.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Wed, 20 Mar 2024 18:18:28 +0100 thunderbird (1:115.9.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Tue, 19 Mar 2024 18:40:55 +0100 thunderbird (1:115.9.0-1) unstable; urgency=medium * [c122f7d] New upstream version 115.9.0 Fixed CVE issues in upstream version 115.9 (MFSA 2024-14): CVE-2024-0743: Crash in NSS TLS method CVE-2024-2607: JIT code failed to save return registers on Armv7-A CVE-2024-2608: Integer overflow could have led to out of bounds write CVE-2024-2616: Improve handling of out-of-memory conditions in ICU CVE-2023-5388: NSS susceptible to timing attack against RSA decryption CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions CVE-2024-2612: Self referencing object could have potentially led to a use-after-free CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 -- Carsten Schoenert Tue, 19 Mar 2024 16:55:17 +0100 thunderbird (1:115.8.1-1) unstable; urgency=medium * [b9b4842] New upstream version 115.8.1 Fixed CVE issues in upstream version 115.8.1 (MFSA 2024-11): CVE-2024-1936: Leaking of encrypted email subjects to other conversations -- Carsten Schoenert Mon, 04 Mar 2024 19:13:14 +0100 thunderbird (1:115.8.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 22 Feb 2024 17:28:37 +0100 thunderbird (1:115.8.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Wed, 21 Feb 2024 18:33:54 +0100 thunderbird (1:115.8.0-1) unstable; urgency=medium * [68f2fbe] New upstream version 115.8.0 Fixed CVE issues in upstream version 115.8 (MFSA 2024-07): CVE-2024-1546: Out-of-bounds memory read in networking channels CVE-2024-1547: Alert dialog could have been spoofed on another site CVE-2024-1548: Fullscreen Notification could have been hidden by select element CVE-2024-1549: Custom cursor could obscure the permission dialog CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts CVE-2024-1552: Incorrect code generation on 32-bit ARM devices CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 -- Carsten Schoenert Tue, 21 Feb 2024 17:18:14 +0100 thunderbird (1:115.7.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Tue, 23 Jan 2024 19:35:14 +0100 thunderbird (1:115.7.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Tue, 23 Jan 2024 17:40:44 +0100 thunderbird (1:115.7.0-1) unstable; urgency=medium * [6e0c26c] New upstream version 115.7.0 Fixed CVE issues in upstream version 115.7 (MFSA 2024-04): CVE-2024-0741: Out of bounds write in ANGLE CVE-2024-0742: Failure to update user input timestamp CVE-2024-0746: Crash when listing printers on Linux CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set CVE-2024-0749: Phishing site popup could show local origin in address bar CVE-2024-0750: Potential permissions request bypass via clickjacking CVE-2024-0751: Privilege escalation through devtools CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 -- Carsten Schoenert Tue, 23 Jan 2024 16:56:31 +0100 thunderbird (1:115.6.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Wed, 20 Dec 2023 21:48:37 +0100 thunderbird (1:115.6.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Allow-to-build-oxilangtag-ffi-with-rustc-1.65.patch * Rebuild for bookworm-security -- Carsten Schoenert Tue, 19 Dec 2023 21:23:24 +0100 thunderbird (1:115.6.0-1) unstable; urgency=medium * [aea3623] New upstream version 115.6.0 Fixed CVE issues in upstream version 115.6 (MFSA 2023-55): CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature CVE-2023-50761: S/MIME signature accepted despite mismatching message date CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6857: Symlinks may resolve to smaller than expected buffers CVE-2023-6858: Heap buffer overflow in nsTextFragment CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode CVE-2023-6862: Use-after-free in nsDNSService CVE-2023-6863: Undefined behavior in ShutdownObserver() CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 * [6ecaa01] d/control: Remove B-D on libiw-dev (Closes: #1058737) -- Carsten Schoenert Tue, 19 Dec 2023 20:24:02 +0100 thunderbird (1:115.5.2-1) unstable; urgency=medium * [34f6404] New upstream version 115.5.2 -- Carsten Schoenert Fri, 08 Dec 2023 21:21:26 +0100 thunderbird (1:115.5.1-1) unstable; urgency=medium * [eec913b] New upstream version 115.5.1 -- Carsten Schoenert Wed, 29 Nov 2023 18:13:11 +0100 thunderbird (1:115.5.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 23 Nov 2023 19:18:23 +0000 thunderbird (1:115.5.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Thu, 23 Nov 2023 14:33:32 +0000 thunderbird (1:115.5.0-1) unstable; urgency=medium [ intrigeri ] * [a6be3ab] AppArmor: update profile from upstream at commit 9d3fa88cdab512e45f6fd80f067337f200d356bc [ Carsten Schoenert ] * [ed61fd6] New upstream version 115.5.0 Fixed CVE issues in upstream version 115.5 (MFSA 2023-52): CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6205: Use-after-free in MessagePort::Entangled CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 -- Carsten Schoenert Wed, 22 Nov 2023 21:50:16 +0000 thunderbird (1:115.4.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 26 Oct 2023 20:34:34 +0200 thunderbird (1:115.4.1-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Thu, 26 Oct 2023 19:15:36 +0200 thunderbird (1:115.4.1-1) unstable; urgency=medium * [c51ab77] New upstream version 115.4.1 Fixed CVE issues in upstream version 115.4.1 (MFSA 2023-47): CVE-2023-5721: Queued up rendering could have allowed websites to clickjack CVE-2023-5732: Address bar spoofing via bidirectional characters CVE-2023-5724: Large WebGL draw could have led to a crash CVE-2023-5725: WebExtensions could open arbitrary URLs CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 -- Carsten Schoenert Wed, 25 Oct 2023 21:05:23 +0200 thunderbird (1:115.3.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security * [5758be4] d/mozconfig.default: Use internal shipped vpx version * [f6cd3cb] d/control: Drop libvpx-dev from Build-Depnds -- Carsten Schoenert Sat, 30 Sep 2023 09:36:59 +0200 thunderbird (1:115.3.1-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security * [6d72841] d/mozconfig.default: Use internal shipped librnp version * [fb349c5] d/control: Drop librnp0 package from Depends * [0a8206b] d/thunderbird.install: Install local build rnp tools * [e556e49] d/mozconfig.default: Use internal shipped nss version * [73412b7] d/control: Adjust the Build-Depends packages -- Carsten Schoenert Fri, 29 Sep 2023 22:24:58 +0200 thunderbird (1:115.3.1-1) unstable; urgency=medium * [276a53a] New upstream version 115.3.1 Fixed CVE issues in upstream version 115.3.1 (MFSA 2023-44): CVE-2023-5217: Heap buffer overflow in libvpx * [a360abf] d/control: Point VCS links to debian/sid -- Carsten Schoenert Fri, 29 Sep 2023 19:26:42 +0200 thunderbird (1:115.3.0-1) unstable; urgency=medium * [2e67467] New upstream version 115.3.0 Fixed CVE issues in upstream version 115.3 (MFSA 2023-43): CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 CVE-2023-5169: Out-of-bounds write in PathOps CVE-2023-5171: Use-after-free in Ion Compiler CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 -- Carsten Schoenert Wed, 27 Sep 2023 19:07:47 +0200 thunderbird (1:115.2.2-1) unstable; urgency=medium * [08bc8c9] d/thunderbird.desktop: Update data with upstream data (Closes: #1042912, #1051261) * [2fd665b] New upstream version 115.2.2 Fixed CVE issues in upstream version 115.2.2 (MFSA 2023-40): CVE-2023-4863: Heap buffer overflow in libwebp * [7b862be] d/copyright: Update content due upstream changes * [140b77d] d/s/lintian-overrides: Update data for overrides -- Carsten Schoenert Wed, 13 Sep 2023 22:59:59 +0530 thunderbird (1:115.2.0-1) unstable; urgency=medium * [1415d01] New upstream version 115.2.0 Fixed CVE issues in upstream version 115.2 (MFSA 2023-36): CVE-2023-4573: Memory corruption in IPC CanvasTranslator CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics CVE-2023-4051: Full screen notification obscured by file open dialog CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception CVE-2023-4053: Full screen notification obscured by external program CVE-2023-4580: Push notifications saved to disk unencrypted CVE-2023-4581: XLL file extensions were downloadable without warnings CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 -- Christoph Goehre Wed, 30 Aug 2023 17:41:36 +0200 thunderbird (1:115.1.1-1) unstable; urgency=medium [ Christoph Goehre ] * [880cabe] ship glxtest and vaapitest binaries (Closes: #1043057) [ Carsten Schoenert ] * [8474b9b] d/thunderbird.install: Use upstream graphics for icons * [85f99a2] d/c-u-t.py: Use Version() from python3-packaging * [86e3335] d/thunderbird.desktop: Sort MimeType entries alphabetically * [2bc5f47] New upstream version 115.1.1 * [ddec51f] Revert "d/mozconfig.default: Use internal shipped librnp version" * [3ef27e2] Revert "d/control: Drop librnp0 package from Depends" * [9011502] Revert "d/thunderbird.install: Install rnp tools too" * [d5eef62] d/control: Bump version of librnp{0,-dev} (Closes: #1041409) [ Max Nikulin ] * [0e04b0e] d/thunderbird.desktop: Add IANA MIME type for .vcf vcard * [ce01092] d/thunderbird.desktop: Add mid: URI to MIME types (Closes: #1008159) * [c11a22f] d/thunderbird.desktop: Add news: URI to MIME types * [bf5586f] d/thunderbird.desktop: Add webcal: URI to MIME types -- Carsten Schoenert Wed, 16 Aug 2023 17:18:04 +0200 thunderbird (1:115.1.0-1) unstable; urgency=medium * [8c11865] d/gbp.conf: Adjust upstream branch to new ESR cycle * [fb76340] New upstream version 115.1.0 Fixed CVE issues in upstream version 115.1 (MFSA 2023-33): CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4046: Incorrect value used during WASM compilation CVE-2023-4047: Potential permissions request bypass via clickjacking CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions CVE-2023-4049: Fix potential race conditions when releasing platform objects CVE-2023-4050: Stack buffer overflow in StorageManager CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 * [b562827] Rebuild patch queue from patch-queue branch Removed patches (included upstream): fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch -- Carsten Schoenert Tue, 01 Aug 2023 19:19:27 +0200 thunderbird (1:115.0.1-2) experimental; urgency=medium [ Carsten Schoenert ] * [39b1576] d/create-upstream-tarballs.py: Catch non existing versions * [f663f6a] d/create-upstream-tarballs.py: Running black formatter * [8e6d7fe] d/create-upstream-tarballs.py: Use speaking variable name [ Christoph Goehre ] * [cdab989] Rebuild patch queue from patch-queue branch Added patch: porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch -- Carsten Schoenert Sat, 29 Jul 2023 09:22:57 +0200 thunderbird (1:115.0.1-1) experimental; urgency=medium * [30f2fcc] New upstream version 115.0.1 Fixed CVE issues in upstream version 115.0.1 (MFSA 2023-27): CVE-2023-3600: Use-after-free in workers CVE-2023-3417: File Extension Spoofing using the Text Direction Override Character * [efbb370] Rebuild patch queue from patch-queue branch Added patches: debian-hacks/rnp-Fix-include-for-format-specifiers-for-uint32_t.patch fixes/skia-Cast-SkEndian_SwapBE32-n-to-uint32_t-on-big-endian.patch porting-mips64el/skia-Disable-musttail-on-mips64.patch porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch * [f78b777] d/mozconfig.default: Use internal shipped librnp version * [a606cdb] d/control: Drop librnp0 package from Depends * [104bf35] d/thunderbird.install: Install rnp tools too -- Carsten Schoenert Sun, 23 Jul 2023 09:07:08 +0200 thunderbird (1:115.0-1) experimental; urgency=medium [ Carsten Schoenert ] * [3a6b0eb] New upstream version 115.0 * [1c11a15] Rebuild patch queue from patch-queue branch Dropped patches: debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch fixes/Bug-628252-os2.cc-fails-to-compile-against-GCC-4.6-m.patch porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch porting-ppc64el/work-around-a-build-failure-with-clang-on-ppc64el.patch porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch Added patches: fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch fixes/Fix-math_private.h-for-i386-FTBFS.patch porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch * [8d1d0e0] d/source.filter: Add build/android to list [ Bo YU ] * [ddf55dc] riscv64: Add build support for Riscv64 (Closes: #1026118) -- Carsten Schoenert Sun, 16 Jul 2023 12:22:50 +0200 thunderbird (1:115.0~b6-1) experimental; urgency=medium * [1d7c51d] New upstream version 115.0~b6 -- Carsten Schoenert Thu, 29 Jun 2023 20:13:46 +0200 thunderbird (1:115.0~b4-1) experimental; urgency=medium * [5685662] New upstream version 115.0~b4 * [0ff4fd0] Rebuild patch queue from patch-queue branch Updated patches: porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch * [67def1f] d/control: Add libotr5 to Depends -- Carsten Schoenert Fri, 23 Jun 2023 16:03:31 +0200 thunderbird (1:114.0~b2-1) experimental; urgency=medium * [1f5bec1] New upstream version 114.0~b2 * [df5220a] Rebuild patch queue from patch-queue branch Updated patches: porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch * [71e654b] d/rules: Add 2 files to dh_missing -- Carsten Schoenert Tue, 16 May 2023 21:38:11 +0200 thunderbird (1:113.0~b3-1) experimental; urgency=medium [ Carsten Schoenert ] * [569da29] apparmor: Expand profile folder about .mozilla-thunderbird (Closes: #1030532) * [777be0a] New upstream version 113.0~b3 * [ae90792] Rebuild patch queue from patch-queue branch Dropped patch (included upstream): debian-hacks/Make-Thunderbird-build-reproducible.patch [ Timothy Pearson ] * [5dff12c] Explicitly set SQLite endianness on ppc64el [ intrigeri ] * [c0ea3f9] AppArmor: update profile from upstream at commit a03a894c6c30b7a566aa74645802de1cea580bca -- Carsten Schoenert Fri, 21 Apr 2023 19:11:41 +0200 thunderbird (1:112.0~b1-1) experimental; urgency=medium * [c89a60d] d/source.filter: Update content to filter out * [12cd2c8] New upstream version 112.0~b1 * [6655d37] Rebuild patch queue from patch-queue branch Removed patch: debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch * [c4744df] d/control: Increade B-D on rustc to >= 1.65 * [ad73ef1] d/thunderbird.docs: Readd Apache-2 related Notice file * [ebf44e8] d/control: Adjust B-D to libfontconfig-dev * [6cea088] d/control: Increase Standards-Version to 4.6.2 * [2d0d8ee] d/copyright: Update content due upstream changes * [268ee53] Lintian: Update overrides for source package * [28ffd63] Lintian: Update overrides for thunderbird package * [200f86d] Lintian: Update override for thunderbird-l10n-all -- Carsten Schoenert Sat, 18 Mar 2023 19:31:18 +0100 thunderbird (1:110.0~b4-1) experimental; urgency=medium [ Amr Ibrahim ] * [22b9eb7] thunderbird.desktop: Update StartupWMClass [ Carsten Schoenert ] * [afe6c6a] d/copyright: Update content due upstream changes * [7b31b9d] d/source.filter: Update content to filter out * [03b50b4] Lintian: Adjust overrides for thunderbird package * [d3510d8] Lintian: Adjust overrides for source package * [57839a2] d/control: Increase version in B-D for libnss-dev * [958648e] d-create-upstream-tarballs.py: Use correct variable * [208f93e] New upstream version 110.0~b4 (Closes: #1031541) * [ba87378] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch Adjusted patch: debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch * [3104ede] Drop usage of autoconf calls * [42a2545] d/control: Increase some versions in B-D * [551a17f] d/rules: Don't remove configure on dh_clean * [3b7b408] d/source.filter: Don't filter configure from upstream data * [48913d3] d/thunderbird.docs: Drop install of NOTICE file * [44589db] d/mozconfig.default: Use internal version of ICU * [3eba559] d/control: Drop libicu-dev from B-D for now -- Carsten Schoenert Tue, 07 Mar 2023 16:41:43 +0100 thunderbird (1:104.0~b2-1) experimental; urgency=medium * [92670b2] d/repack.py: Small rework and adjustments * [06fb656] d/create-upstream-tarballs.py: Adding new helper script * [331247d] d/README.source: Update information on importing data * [57a6dd7] d/source.filter: Relax filter rule for old-configure * [36696b6] d/repack.py: Don't exit(1) if unused filter items exist * [3b14d11] d/create-thunderbird-l10n-tarball.sh: Drop old helper * [5468bb8] d/gbp.conf: Drop 'import-orig' section * [fd4d5c1] d/source.filter: Add files named *.orig and *.rej * [5035e50] New upstream version 104.0~b2 * [cc89049] Rebuild patch queue from patch-queue branch Removed patch: debian-hacks/Lower-down-required-NSS-version.patch -- Carsten Schoenert Sat, 06 Aug 2022 09:13:35 +0200 thunderbird (1:103.0~b5-1) experimental; urgency=medium * [a060ea2] d/gbp.conf: Sign tags automatically (cherry-picked from debian/sid) * [ac331c8] New upstream version 103.0~b5 * [00dd354] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Lower-down-required-NSS-version.patch * [5c35afb] d/watch: Look now for versions starting with 3 digits (cherry-picked from debian/sid) * [a897f48] d/control: Add package thunderbird-l10n-es-mx (cherry-picked from debian/sid) -- Carsten Schoenert Wed, 13 Jul 2022 18:08:16 +0200 thunderbird (1:102.15.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 14 Sep 2023 15:16:46 +0530 thunderbird (1:102.15.1-1~deb12u1) bookworm-security; urgency=medium * [59acecf] New upstream version 102.15.1 Fixed CVE issues in upstream version 102.15.1 (MFSA 2023-40): CVE-2023-4863: Heap buffer overflow in libwebp -- Carsten Schoenert Thu, 14 Sep 2023 09:12:52 +0530 thunderbird (1:102.15.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Christoph Goehre Fri, 01 Sep 2023 18:52:34 +0200 thunderbird (1:102.15.0-1~deb12u1) bookworm-security; urgency=medium * [6c701df] New upstream version 102.15.0 Fixed CVE issues in upstream version 102.15 (MFSA 2023-35): CVE-2023-4573: Memory corruption in IPC CanvasTranslator CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation CVE-2023-4581: XLL file extensions were downloadable without warnings CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 -- Christoph Goehre Thu, 31 Aug 2023 17:15:52 +0200 thunderbird (1:102.14.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sat, 05 Aug 2023 07:43:40 +0200 thunderbird (1:102.14.0-1~deb12u1) bookworm-security; urgency=medium * [bcc7c87] New upstream version 102.14.0 Fixed CVE issues in upstream version 102.14 (MFSA 2023-32): CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4046: Incorrect value used during WASM compilation CVE-2023-4047: Potential permissions request bypass via clickjacking CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions CVE-2023-4049: Fix potential race conditions when releasing platform objects CVE-2023-4050: Stack buffer overflow in StorageManager CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 * Rebuild for bookworm-security -- Carsten Schoenert Fri, 04 Aug 2023 19:48:57 +0200 thunderbird (1:102.13.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Fri, 28 Jul 2023 19:11:39 +0200 thunderbird (1:102.13.1-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Fri, 28 Jul 2023 16:02:28 +0200 thunderbird (1:102.13.1-1) unstable; urgency=medium * [e803b54] New upstream version 102.13.1 Fixed CVE issues in upstream version 102.13.1 (MFSA 2023-28): CVE-2023-3417: File Extension Spoofing using the Text Direction Override Character * [456ce20] Rebuild patch queue from patch-queue branch Added patch: fixes/gfx-Fix-inclusion-of-C-header.patch fixes/toolkit-Fix-inclusion-of-C-header.patch (Closes: #1037872) -- Carsten Schoenert Wed, 26 Jul 2023 19:48:59 +0200 thunderbird (1:102.13.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security (Closes: #971790, #1006432) -- Carsten Schoenert Sat, 08 Jul 2023 10:35:52 +0200 thunderbird (1:102.13.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security (Closes: #971790, #1006432) -- Carsten Schoenert Sat, 08 Jul 2023 08:15:29 +0200 thunderbird (1:102.13.0-1) unstable; urgency=medium * [7168011] New upstream version 102.13.0 Fixed CVE issues in upstream version 102.13 (MFSA 2023-24): CVE-2023-37201: Use-after-free in WebRTC certificate generation CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey CVE-2023-37207: Fullscreen notification obscured CVE-2023-37208: Lack of warning when opening Diagcab files CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (Closes: #971790, #1006432) -- Carsten Schoenert Sat, 08 Jul 2023 06:15:04 +0200 thunderbird (1:102.12.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sat, 10 Jun 2023 10:27:22 +0200 thunderbird (1:102.12.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert Sat, 10 Jun 2023 08:23:12 +0200 thunderbird (1:102.12.0-1) unstable; urgency=medium * [a285966] New upstream version 102.12.0 Fixed CVE issues in upstream version 102.12 (MFSA 2023-21): CVE-2023-34414: Click-jacking certificate exceptions through rendering lag CVE-2023-34416: Memory safety bugs fixed in Thunderbird 102.12 * [73c48d4] d/control: Add libotr5 to Depends -- Carsten Schoenert Mon, 05 Jun 2023 18:51:11 +0200 thunderbird (1:102.11.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Fri, 12 May 2023 18:30:14 +0200 thunderbird (1:102.11.0-1) unstable; urgency=medium [ intrigeri ] * [f3e5479] AppArmor: update profile from upstream at commit a03a894c6c30b7a566aa74645802de1cea580bca [ Carsten Schoenert ] * [0626d72] New upstream version 102.11.0 Fixed CVE issues in upstream version 102.11 (MFSA 2023-18): CVE-2023-32205: Browser prompts could have been obscured by popups CVE-2023-32206: Crash in RLBox Expat driver CVE-2023-32207: Potential permissions request bypass via clickjacking CVE-2023-32211: Content process crash due to invalid wasm code CVE-2023-32212: Potential spoof due to obscured address bar CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() CVE-2023-32215: Memory safety bugs fixed in Thunderbird 102.11 -- Carsten Schoenert Fri, 12 May 2023 17:11:29 +0200 thunderbird (1:102.10.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Wed, 19 Apr 2023 17:28:54 +0200 thunderbird (1:102.10.0-1) unstable; urgency=medium * [8afefce] New upstream version 102.10.0 Fixed CVE issues in upstream version 102.10 (MFSA 2023-15): CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass CVE-2023-29533: Fullscreen notification obscured CVE-2023-1999: Double-free in libwebp CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction CVE-2023-29536: Invalid free from JavaScript code CVE-2023-0547: Revocation status of S/Mime recipient certificates was not checked CVE-2023-29479: Hang when processing certain OpenPGP messages CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux CVE-2023-29542: Bypass of file download extension restrictions CVE-2023-1945: Memory Corruption in Safe Browsing Code CVE-2023-29548: Incorrect optimization result on ARM64 CVE-2023-29550: Memory safety bugs fixed in Thunderbird 102.10 -- Carsten Schoenert Mon, 17 Apr 2023 21:32:45 +0200 thunderbird (1:102.9.1-1) unstable; urgency=medium [ Timothy Pearson ] * [de7c4f8] Explicitly set SQLite endianness on ppc64el (Closes: #1033534) [ Carsten Schoenert ] * [06059fb] New upstream version 102.9.1 Fixed CVE issues in upstream version 102.9.1 (MFSA 2023-12): CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack -- Carsten Schoenert Wed, 29 Mar 2023 17:34:39 +0200 thunderbird (1:102.9.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 16 Mar 2023 16:55:25 +0100 thunderbird (1:102.9.0-1) unstable; urgency=medium * [ad8cc7c] New upstream version 102.9.0 Fixed CVE issues in upstream version 102.9 (MFSA 2023-11): CVE-2023-25751: Incorrect code generation during JIT compilation CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation CVE-2023-28162: Invalid downcast in Worklets CVE-2023-25752: Potential out-of-bounds when accessing throttled streams CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 * [b0a22c0] d/control: Increase Standards-Version to 4.6.2 No further changes needed. -- Carsten Schoenert Wed, 15 Mar 2023 19:54:53 +0100 thunderbird (1:102.8.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sat, 18 Feb 2023 11:35:51 +0100 thunderbird (1:102.8.0-1) unstable; urgency=medium * [b130936] New upstream version 102.8.0 Fixed CVE issues in upstream version 102.8.0 (MFSA 2023-07): CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP CVE-2023-25728: Content security policy leak in violation reports using iframes CVE-2023-25730: Screen hijack via browser fullscreen mode CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext CVE-2023-25729: Extensions could have opened external schemes without user knowledge CVE-2023-25732: Out of bounds memory write from EncodeInputStream CVE-2023-25742: Web Crypto ImportKey crashes tab CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8 * [66e2335] Rebuild patch queue from patch-queue branch Removed patch (included upstream): debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch -- Carsten Schoenert Fri, 17 Feb 2023 20:17:32 +0100 thunderbird (1:102.7.2-1) unstable; urgency=medium * [468e468] New upstream version 102.7.2 -- Carsten Schoenert Wed, 08 Feb 2023 18:34:59 +0100 thunderbird (1:102.7.1+1-1) unstable; urgency=medium * [5ce0e7d] New upstream version 102.7.1+1 Fixed CVE issues in upstream version 102.7.1 (MFSA 2023-04): CVE-2023-0430: Revocation status of S/Mime signature certificates was not checked Note: The previous version 1:102.7.1-1 was build on top of a release candidate which does not fixed CVE-2023-0430 fully. (Closes: #1029594, #1029606) * [c7c81a5] apparmor: Expand profile folder about .mozilla-thunderbird (Closes: #1030532) -- Carsten Schoenert Sun, 05 Feb 2023 17:27:40 +0100 thunderbird (1:102.7.1-1) unstable; urgency=medium * [dbc3385] New upstream version 102.7.1 Fixed CVE issues in upstream version 102.7 (MFSA 2023-03): CVE-2022-46871: libusrsctp library out of date CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers CVE-2022-46877: Fullscreen notification bypass CVE-2023-23603: Calls to console.log allowed bypasing Content Security Policy via format directive CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7 * [af92a36] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch (Closes: #1028885) -- Carsten Schoenert Tue, 24 Jan 2023 16:32:06 +0100 thunderbird (1:102.6.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Wed, 14 Dec 2022 17:34:40 +0100 thunderbird (1:102.6.0-1) unstable; urgency=medium [ Paul Gevers ] * [6bbbd94] tests: thunderbird no longer builds on armel and armhf, so let's not fail while trying to test there * [d9e09a0] tests: help.sh is really a very superficial test, so let's mark it as such [ Carsten Schoenert ] * [43b90d6] New upstream version 102.6.0 Fixed CVE issues in upstream version 102.6 (MFSA 2022-53): CVE-2022-46880: Use-after-free in WebGL CVE-2022-46872: Arbitrary file read from a compromised content process CVE-2022-46881: Memory corruption in WebGL CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions CVE-2022-46882: Use-after-free in WebGL CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 * [745c1a3] Rebuild patch queue from patch-queue branch Removed patches (included upstream): fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch * [1e74214] d/control: Increase buid dep on libnss3-dev to 3.79.2 -- Carsten Schoenert Tue, 13 Dec 2022 19:40:57 +0100 thunderbird (1:102.5.1-1) unstable; urgency=medium * [ae4d1ff] New upstream version 102.5.1 Fixed CVE issues in upstream version 102.5.1 (MFSA 2022-50): CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content -- Carsten Schoenert Wed, 30 Nov 2022 12:27:38 +0100 thunderbird (1:102.5.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Wed, 16 Nov 2022 17:59:56 +0100 thunderbird (1:102.5.0-1) unstable; urgency=medium * [2f04265] New upstream version 102.5.0 Fixed CVE issues in upstream version 102.5 (MFSA 2022-49): CVE-2022-45403: Service Workers might have learned size of cross-origin media files CVE-2022-45404: Fullscreen notification bypass CVE-2022-45405: Use-after-free in InputStream implementation CVE-2022-45406: Use-after-free of a JavaScript Realm CVE-2022-45408: Fullscreen notification bypass via windowName CVE-2022-45409: Use-after-free in Garbage Collection CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers CVE-2022-45416: Keystroke Side-Channel Leakage CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI CVE-2022-45420: Iframe contents could be rendered outside the iframe CVE-2022-45421: Memory safety bugs fixed in Thunderbird 102.5 * [57e94ac] Rebuild patch queue from patch-queue branch Added patches: fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch (Closes: #1023789) -- Carsten Schoenert Sat, 15 Nov 2022 19:34:55 +0100 thunderbird (1:102.4.1-1) unstable; urgency=medium [ intrigeri ] * [37c5b01] AppArmor: update profile from upstream at commit 09fa2669dc95cb336d133a6b96cac227e3aa73dc This allows running Thunderbird as a native Wayland application. [ Carsten Schoenert ] * [031c4a2] New upstream version 102.4.1 -- Carsten Schoenert Mon, 31 Oct 2022 18:50:44 +0100 thunderbird (1:102.4.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Wed, 26 Oct 2022 18:17:06 +0200 thunderbird (1:102.4.0-1) unstable; urgency=medium * [6bfe8cd] New upstream version 102.4.0 Fixed CVE issues in upstream version 102.4 (MFSA 2022-46): CVE-2022-42927: Same-origin policy violation could have leaked cross-origin URLs CVE-2022-42928: Memory Corruption in JS Engine CVE-2022-42929: Denial of Service via window.print CVE-2022-42932: Memory safety bugs fixed in Thunderbird 102.4 -- Carsten Schoenert Mon, 24 Oct 2022 22:33:05 +0200 thunderbird (1:102.3.3-1) unstable; urgency=medium * [6729f5d] New upstream version 102.3.3 -- Carsten Schoenert Thu, 13 Oct 2022 16:09:50 +0200 thunderbird (1:102.3.2-1) unstable; urgency=medium * [db7a24f] New upstream version 102.3.2 -- Carsten Schoenert Thu, 06 Oct 2022 20:34:42 +0200 thunderbird (1:102.3.1-1) unstable; urgency=medium * [f845126] New upstream version 102.3.1 Fixed CVE issues in upstream version 102.3.1 (MFSA 2022-43): CVE-2022-39249: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39250: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack CVE-2022-39251: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack CVE-2022-39236: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue * [4555808] Rebuild patch queu from patch-queue branch debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch fixes/Properly-launch-applications-set-in-HOME-.mailcap.patch * [344dbfa] d/copyright: Add info about code from Matrix -- Carsten Schoenert Thu, 29 Sep 2022 19:09:02 +0200 thunderbird (1:102.3.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Fri, 23 Sep 2022 16:22:23 +0200 thunderbird (1:102.3.0-1) unstable; urgency=medium * [0e841a7] New upstream version 102.3.0 Fixed CVE issues in upstream version 102.3 (MFSA 2022-42): CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix CVE-2022-40956: Content-Security-Policy base-uri bypass CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64 CVE-2022-40962: Memory safety bugs fixed in Thunderbird 102.3 -- Carsten Schoenert Fri, 16 Sep 2022 16:56:20 +0200 thunderbird (1:102.2.2-1) unstable; urgency=medium * [f1dc81f] New upstream version 102.2.2 -- Carsten Schoenert Thu, 08 Sep 2022 17:25:57 +0200 thunderbird (1:102.2.1-1) unstable; urgency=medium * [e1d0f74] New upstream version 102.2.1 Fixed CVE issues in upstream version 102.2.1 (MFSA 2022-38): CVE-2022-3033: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3032: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked CVE-2022-3034: An iframe element in an HTML email could trigger a network request CVE-2022-36059: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack -- Carsten Schoenert Thu, 01 Sep 2022 07:52:16 +0200 thunderbird (1:102.2.0-1) unstable; urgency=medium [ Amr Ibrahim ] * [02a3990] thunderbird.desktop: Update StartupWMClass (Closes: #1017420, #1014748) [ Carsten Schoenert ] * [f7b62a8] d-create-upstream-tarballs.py: Use correct variable * [7194457] New upstream version 102.2.0 Fixed CVE issues in upstream version 102.2 (MFSA 2022-36): CVE-2022-38472: Address bar spoofing via XSLT error handling CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW CVE-2022-38477: Memory safety bugs fixed in Thunderbird 102.2 CVE-2022-38478: Memory safety bugs fixed in Thunderbird 102.2, and Thunderbird 91.13 -- Carsten Schoenert Sun, 28 Aug 2022 17:23:50 +0200 thunderbird (1:102.1.2-1) unstable; urgency=medium * [78f2899] d/copyright: Update content due upstream changes * [55dba1d] d/source.filter: Update content to filter out * [3e19497] Lintian: Adjust overrides for thunderbird package * [567e0c4] Lintian: Adjust overrides for source package * [c201484] New upstream version 102.1.2 (Closes: #1016944) -- Carsten Schoenert Thu, 11 Aug 2022 16:37:07 +0200 thunderbird (1:102.1.1-1) unstable; urgency=medium * [2c1b12f] d/create-upstream-tarballs.py: Adding new helper script * [a9633b9] d/README.source: Update information on importing data * [1d2cdc0] d/source.filter: Relax filter rule for old-configure * [f1afe9b] d/repack.py: Don't exit(1) if unused filter items exist * [165593a] d/create-thunderbird-l10n-tarball.sh: Drop old helper * [b4d73ee] d/gbp.conf: Drop 'import-orig' section * [d186832] d/source.filter: Add files named *.orig and *.rej * [933b099] New upstream version 102.1.1 (Closes: #1014675:) -- Carsten Schoenert Sat, 06 Aug 2022 11:26:44 +0200 thunderbird (1:102.1.0-1) unstable; urgency=medium * [3b7bb0d] New upstream version 102.1.0 Fixed CVE issues in upstream version 102.1 (MFSA 2022-32): CVE-2022-36319: Mouse Position spoofing with CSS transforms CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1 (Closes: #1016083, #1014745, #1014675, #1014638) -- Carsten Schoenert Fri, 29 Jul 2022 17:00:53 +0200 thunderbird (1:102.0.2-1) unstable; urgency=medium * [079e135] d/repack.py: Small rework and adjustments * [fc2518e] d/control: Readjust Vcs links to unstable * [a7b09b3] d/gbp.conf: Sign tags automatically * [faf115d] New upstream version 102.0.2 -- Carsten Schoenert Tue, 12 Jul 2022 18:41:04 +0200 thunderbird (1:102.0.1-1) unstable; urgency=medium * [68c9410] d/gbp.conf: Adjust upstream branch to new ESR cycle * [45eca79] New upstream version 102.0.1 Fixed CVE issues in upstream version 102.0 (MFSA 2022-26): CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content CVE-2022-34470: Use-after-free in nsSHistory CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid CVE-2022-34481: Potential integer overflow in ReplaceElementsAt CVE-2022-31744: CSP bypass enabling stylesheet injection CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked CVE-2022-2200: Undesired attributes could be set as part of prototype pollution CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 * [1842425] d/watch: Look now for versions starting with 3 digits * [0a32bb3] d/control: Add package thunderbird-l10n-es-mx -- Carsten Schoenert Fri, 08 Jul 2022 17:47:21 +0200 thunderbird (1:102.0~b7-1) experimental; urgency=medium * [edf32aa] New upstream version 102.0~b7 * [c9dd3e0] d/control: Remove not required B-D * [ac2ec70] d/mozconfig.default: Remove commented out options -- Carsten Schoenert Tue, 21 Jun 2022 19:06:58 +0200 thunderbird (1:102.0~b4-1) experimental; urgency=medium * [8f34a01] d/source.filter: Small updates to filtering list * [e1d4c7c] New upstream version 102.0~b4 * [c97416b] Rebuild patch-queue from patch queue branch Removed patch (needs update): fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch Removed patch (fixed upstream): porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch * [68712eb] d/mozconfig.default: Disable wasm sandboxing * [a1df764] d/mozconfig.default: Remove openpgp option Supporting OpenPGP functionality is now set on by default. * [607c321] d/mozconfig.default: Add/Update some configure options * [efc728e] d/rules: Add new needed variable MOZBUILD_STATE_PATH * [7b0d743] d/rules: Ensure python is used from the environment * [26053f1] Build against system librnp library Unfortunately using librnp-dev requires the usage of the internal versions of botan, bz2 and jsonc. (Closes: #998848) * [5e904d8] d/control: Bump various build dependencies * [94ee0da] d/thunderbird.docs: Update content to install * [477f949] d/control: Increase Standards-Version to 4.6.1 No further changes needed. -- Carsten Schoenert Wed, 15 Jun 2022 16:47:29 +0200 thunderbird (1:91.13.0-1~deb11u1) bullseye-security; urgency=medium * [06edfee] New upstream version 91.13.0 Fixed CVE issues in upstream version 91.13 (MFSA 2022-37): CVE-2022-38472: Address bar spoofing via XSLT error handling CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-38478: Memory safety bugs fixed in Thunderbird 102.2, and Thunderbird 91.13 -- Carsten Schoenert Sun, 28 Aug 2022 19:49:01 +0200 thunderbird (1:91.12.0-1~deb11u1) bullseye-security; urgency=medium * [f7c7e7d] New upstream version 91.12.0 Fixed CVE issues in upstream version 91.12 (MFSA 2022-31): CVE-2022-36319: Mouse Position spoofing with CSS transforms CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters (Closes: #1014004) -- Carsten Schoenert Fri, 29 Jul 2022 19:23:20 +0200 thunderbird (1:91.11.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security * [f23e5c8] Revert "Rebuild patch queue from patch-queue branch" The {old-,}stable release doesn't have an "to new" version of cbindgen, so we don't need this added patch. -- Carsten Schoenert Sat, 02 Jul 2022 10:53:56 +0200 thunderbird (1:91.11.0-1) unstable; urgency=medium * [05a947d] New upstream version 91.11.0 Fixed CVE issues in upstream version 91.11 (MFSA 2022-26): CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content CVE-2022-34470: Use-after-free in nsSHistory CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid CVE-2022-34481: Potential integer overflow in ReplaceElementsAt CVE-2022-31744: CSP bypass enabling stylesheet injection CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked CVE-2022-2200: Undesired attributes could be set as part of prototype pollution CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (Closes: #1014004) * [4c4944d] Rebuild patch queue from patch-queue branch Added patch: fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch -- Carsten Schoenert Fri, 01 Jul 2022 20:12:40 +0200 thunderbird (1:91.10.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 02 Jun 2022 20:57:37 +0200 thunderbird (1:91.10.0-1) unstable; urgency=medium * [969960a] New upstream version 91.10.0 Fixed CVE issues in upstream version 91.9.1 (MFSA 2022-19): CVE-2022-1802: Prototype pollution in Top-Level Await implementation CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution Fixed CVE issues in upstream version 91.10 (MFSA 2022-22): CVE-2022-31736: Cross-Origin resource's length leaked CVE-2022-31737: Heap buffer overflow in WebGL CVE-2022-31738: Browser window spoof using fullscreen mode CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files CVE-2022-31740: Register allocation problem in WASM on arm64 CVE-2022-31741: Uninitialized variable leads to invalid memory read CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 * [4b55e16] d/control: Increase Standards-Version to 4.6.0 No further changes needed. -- Carsten Schoenert Mon, 30 May 2022 19:36:06 +0200 thunderbird (1:91.9.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security (Closes: #1009321) -- Carsten Schoenert Tue, 17 May 2022 08:17:47 +0200 thunderbird (1:91.9.0-1) unstable; urgency=medium * [88b99d1] New upstream version 91.9.0 Fixed CVE issues in upstream version 91.9 (MFSA 2022-18): CVE-2022-1520: Incorrect security status shown after viewing an attached email CVE-2022-29914: Fullscreen notification bypass using popups CVE-2022-29909: Bypassing permission prompt in nested browsing contexts CVE-2022-29916: Leaking browser history with CSS variables CVE-2022-29911: iframe sandbox bypass CVE-2022-29912: Reader mode bypassed SameSite cookies CVE-2022-29913: Speech Synthesis feature not properly disabled CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 -- Carsten Schoenert Mon, 16 May 2022 13:51:59 +0200 thunderbird (1:91.8.1-1) unstable; urgency=medium * [b57406c] New upstream version 91.8.1 (Closes: #1009321) -- Carsten Schoenert Tue, 19 Apr 2022 20:27:13 +0200 thunderbird (1:91.8.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 07 Apr 2022 18:45:43 +0200 thunderbird (1:91.8.0-1) unstable; urgency=medium * [06619c5] New upstream version 91.8.0 Fixed CVE issues in upstream version 91.8 (MFSA 2022-15): CVE-2022-1097: Use-after-free in NSSToken objects CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions CVE-2022-1197: OpenPGP revocation information was ignored CVE-2022-1196: Use-after-free after VR Process destruction CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument CVE-2022-28285: Incorrect AliasSet used in JIT Codegen CVE-2022-28286: iframe contents could be rendered outside the border CVE-2022-24713: Denial of Service via complex regular expressions CVE-2022-28289: Memory safety bugs fixed in Thunderbird 91.8 -- Carsten Schoenert Wed, 06 Apr 2022 20:08:25 +0200 thunderbird (1:91.7.0-2~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sat, 19 Mar 2022 18:24:05 +0100 thunderbird (1:91.7.0-2) unstable; urgency=medium * [c348b62] Rebuild patch-queue from patch queue branch Added patch: fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch (Closes: #948691) Thanks go out to Simon McVittie for preparing this patch! -- Carsten Schoenert Wed, 16 Mar 2022 06:55:46 +0100 thunderbird (1:91.7.0-1) unstable; urgency=medium * [952f6d0] New upstream version 91.7.0 Fixed CVE issues in upstream version 91.7 (MFSA 2022-12): CVE-2022-26383: Browser window spoof using fullscreen mode CVE-2022-26384: iframe allow-scripts sandbox bypass CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures CVE-2022-26381: Use-after-free in text reflows CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users -- Carsten Schoenert Tue, 15 Mar 2022 17:54:46 +0100 thunderbird (1:91.6.2-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Tue, 08 Mar 2022 09:57:12 +0100 thunderbird (1:91.6.2-1) unstable; urgency=medium * [2f95b97] New upstream version 91.6.2 Fixed CVE issues in upstream version 91.6.2 (MFSA 2022-09): CVE-2022-26485: Use-after-free in XSLT parameter processing CVE-2022-26486: Use-after-free in WebGPU IPC Framework -- Carsten Schoenert Tue, 08 Mar 2022 08:40:12 +0100 thunderbird (1:91.6.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sun, 20 Feb 2022 09:26:38 +0100 thunderbird (1:91.6.1-1) unstable; urgency=medium * [3edb855] New upstream version 91.6.1 Fixed CVE issues in upstream version 91.6.1 (MFSA 2022-07): CVE-2022-0566: Crafted email could trigger an out-of-bounds write -- Carsten Schoenert Sat, 19 Feb 2022 11:01:46 +0100 thunderbird (1:91.6.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Sat, 12 Feb 2022 17:44:50 +0100 thunderbird (1:91.6.0-1) unstable; urgency=medium * [884ccb6] New upstream version 91.6.0 Fixed CVE issues in upstream version 91.6 (MFSA 2022-06): CVE-2022-22754: Extensions could have bypassed permission confirmation during update CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages CVE-2022-22763: Script Execution during invalid object state CVE-2022-22764: Memory safety bugs fixed in Thunderbird 91.6 (Closes: #1004951) -- Carsten Schoenert Fri, 11 Feb 2022 18:50:23 +0100 thunderbird (1:91.5.1-1) unstable; urgency=medium * [130bab2] New upstream version 91.5.1 -- Carsten Schoenert Sun, 23 Jan 2022 18:41:12 +0100 thunderbird (1:91.5.0-2~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security * [3fb049d] d/thunderbird.NEWS: Information about solved issue -- Carsten Schoenert Thu, 13 Jan 2022 16:10:00 +0100 thunderbird (1:91.5.0-2) unstable; urgency=medium * [fd07163] autopkgtest: Run check-global-config-path.py only on Intel -- Carsten Schoenert Wed, 12 Jan 2022 20:46:54 +0100 thunderbird (1:91.5.0-1) unstable; urgency=medium [ Carsten Schoenert ] * [8d4e5f8] New upstream version 91.5.0 Fixed CVE issues in upstream version 91.5 (MFSA 2022-03): CVE-2022-22743: Browser window spoof using fullscreen mode CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode CVE-2022-22741: Browser window spoof using fullscreen mode CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur CVE-2022-22737: Race condition when playing audio files CVE-2021-4140: Iframe sandbox bypass with XSLT CVE-2022-22748: Spoofed origin on external protocol launch dialog CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection CVE-2022-22747: Crash when handling empty pkcs7 sequence CVE-2022-22739: Missing throttling on external protocol launch dialog CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5 * [a86c0b4] Rebuild patch queue from patch-queue branch Modified patch: debian-hacks/Add-another-preferences-directory-for-applications-p.patch Reworking the patch so LoadDirIntoArray is working again that is adding an additional syspref folder for global settings to use. (Closes: #997841, #1003280) * [442988b] autopkgtest: Adding check for accessing syspref folder [ Jochen Sprickerhof ] * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v' (Closes:#1002570 ) -- Carsten Schoenert Tue, 11 Jan 2022 19:12:50 +0100 thunderbird (1:91.4.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security * [303eebe] d/thunderbird.NEWS: Inform about broken system locale detection -- Carsten Schoenert Wed, 22 Dec 2021 15:16:52 +0100 thunderbird (1:91.4.1-1) unstable; urgency=medium * [c5b36d3] New upstream version 91.4.1 Fixed CVE issues in upstream version 91.4.1 (MFSA 2021-55): CVE-2021-4126: OpenPGP signature status doesn't consider additional message content CVE-2021-44538: Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow * [b66bebb] d/changelog: Update some MOZ-* entries with assigned CVEs -- Carsten Schoenert Mon, 20 Dec 2021 16:05:02 +0100 thunderbird (1:91.4.0-1) unstable; urgency=medium * [7752be0] d/source.filter: Small updates to filtering list * [0899850] New upstream version 91.4.0 Fixed CVE issues in upstream version 91.4 (MFSA 2021-54): CVE-2021-43536: URL leakage when navigating while executing asynchronous function CVE-2021-43537: Heap buffer overflow when using structured clone CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both CVE-2021-43539: GC rooting failure when calling wasm instance methods CVE-2021-43541: External protocol handler parameters were unescaped CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler CVE-2021-43543: Bypass of CSP sandbox directive when embedding CVE-2021-43545: Denial of Service when using the Location API in a loop CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed CVE-2021-43528: JavaScript unexpectedly enabled for the composition area CVE-2021-4129: Memory safety bugs fixed in Thunderbird 91.4.0 * [afd7750] d/t.lintian-overrides: Update entries due renamed tags Some Lintan tags were renamed, thus requires am adjustment of the existing overrides. * [30a387c] d/s/lintian-overrides: Adjust most of the existing entries Same as before but for the source package. -- Carsten Schoenert Tue, 07 Dec 2021 18:26:44 +0100 thunderbird (1:91.3.2-1) unstable; urgency=medium * [7fd56f0] New upstream version 91.3.2 * [4fccecb] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch -- Carsten Schoenert Sun, 21 Nov 2021 18:29:42 +0100 thunderbird (1:91.3.0-1) unstable; urgency=medium * [1d3e0b1] Revert "Rebuild patch queue from patch-queue branch" The patch for fixing the broken build on i386 breaks other architectures, so reverting for now. * [66755b4] New upstream version 91.3.0 Fixed CVE issues in upstream version 91.3 (MFSA 2021-50): CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38504: Use-after-free in file picker dialog CVE-2021-38506: Thunderbird could be coaxed into going into fullscreen mode without notification or warning CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports CVE-2021-43535: Use-after-free in HTTP2 Session object CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain CVE-2021-43534: Memory safety bugs fixed in Thunderbird ESR 91.3 -- Carsten Schoenert Wed, 03 Nov 2021 18:14:09 +0100 thunderbird (1:91.2.1-1) unstable; urgency=medium [ Carsten Schoenert ] * [bcb5677] d/gbp.conf: Adjust to upstream-91.x * [12a433a] New upstream version 91.2.1 * [f935b52] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch * [3faba71] Disable usage of system icu package The system packages of libicu-dev are to old for Thunderbird, we need to use the internel pre-shipped ICU sources. -- Carsten Schoenert Sat, 23 Oct 2021 08:59:32 +0200 thunderbird (1:91.2.0-1) experimental; urgency=medium * [3c88844] New upstream version 91.2.0 Fixed CVE issues in upstream version 91.2 (MFSA 2021-47): CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections CVE-2021-38496: Use-after-free in MessageTask CVE-2021-38497: Validation message could have been overlaid on another origin CVE-2021-38498: Use-after-free of nsLanguageAtomService object CVE-2021-32810: Data race in crossbeam-deque CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 (Closes: #973042) -- Carsten Schoenert Sat, 16 Oct 2021 08:27:55 +0200 thunderbird (1:91.1.1-1) experimental; urgency=medium * [73e3b75] New upstream version 91.1.1 * [3413d35] Rebuild patch queue from patch-queue branch Removed patch: fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch -- Carsten Schoenert Mon, 20 Sep 2021 20:43:25 +0200 thunderbird (1:91.1.0-1) experimental; urgency=medium * [0b1d9f9] New upstream version 91.1.0 Fixed CVE issues in upstream version 91.1 (MFSA 2021-41): CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1 * [4313e64] Rebuild patch queue from patch-queue branch Added patch: fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch (Closes: #993594) Modified patch: porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch * [234c566] d/rules: Don't run dh_autoreconf (Closes: #993494) * [bce15d7] thunderbird: Set package x11-utils as fallback Install x11-utils only if kdialog or zenity aren't present on the system. -- Carsten Schoenert Sun, 05 Sep 2021 07:36:10 +0200 thunderbird (1:91.0.2-1) experimental; urgency=medium * [a5efefd] New upstream version 91.0.2 Fixed CVE issues in upstream version 91.0.1 (MFSA 2021-37): CVE-2021-29991: Header Splitting possible with HTTP/3 Responses * [b21a07b] d/control: increase Standards-Version to 4.6.0 No further changes needed. -- Carsten Schoenert Mon, 23 Aug 2021 20:05:01 +0200 thunderbird (1:91.0-1) experimental; urgency=medium * [3be73b6] d/source.filter: some updates to filtering list * [5c87a00] New upstream version 91.0 Fixed CVE issues in upstream version 91.0 (MFSA 2021-36): CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT CVE-2021-29988: Memory corruption as a result of incorrect style treatment CVE-2021-29984: Incorrect instruction reordering during JIT optimization CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux CVE-2021-29985: Use-after-free media channels CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion CVE-2021-29989: Memory safety bugs fixed in Thunderbird 91 (Closes: #640927, #944208, #958433, #952853, #971722, #982670) * [0157fe4] d/control: Add new package thunderbird-l10n-af Upstream ships localizations for Africaans. * [f23e9e0] d/control: Add new package thunderbird-l10n-en-ca Upstream ships localizations for English (Canada). * [8b3cee9] d/control: Add new package thunderbird-l10n-lv Upstream ships localizations for Latvian. * [cad58ea] d/control: Add new package thunderbird-l10n-pa-in Upstream ships localizations for Punjabi (Gurmukhi). * [aecc2da] d/control: Add new package thunderbird-l10n-th Upstream ships localizations for Thai. * [9707e8a] Moving over to debhelper-compat Switch over to recent debhelper-compat 13. * [2934049] d/rules: Customize dh_missing call Due debhelper-compat dh_missing needs some aditional tweaking as we need to ignore some files which are built and installed into the tempory install folder but not installed into the package(s). * [7df72c6] d/rules: Don't use dwz Running and using dwz is bringing no gain and produces issues to, can be ignored for now. * [1709f28] d/control: Remove non existing packages from Breaks xul-ext-firetray and xul-ext-quotecolors are gone from the supported releases. * [f160918] d/control: Adding Rules-Requires-Root: no No specific root access required so far while package build. -- Carsten Schoenert Sat, 14 Aug 2021 18:27:21 +0200 thunderbird (1:91.0~b5-1) experimental; urgency=medium * [119a49f] d/control: Adjust VCS links to branch debian/experimental * [7ae6acc] d/source.filter: some updates to filtering list * [e28b2f9] New upstream version 91.0~b5 -- Carsten Schoenert Sun, 01 Aug 2021 09:21:27 +0200 thunderbird (1:91.0~b3-1) experimental; urgency=medium * [90a153b] New upstream version 91.0~b3 * [ada2cf0] d/control: Remove transitional package lightning * [3e5087f] d/control: Remove obsolete lightning-l10-* packages * [6eac520] d/control: Remove Suggests on libgtk2.0-0 fur thunderbird (Closes: #967771) -- Carsten Schoenert Sat, 24 Jul 2021 10:37:52 +0200 thunderbird (1:91.0~b1-1) experimental; urgency=medium * [78f0ddb] d/source.filter: some updates to filtering list * [3d29fcf] New upstream version 91.0~b1 (Closes: #990631) * [daa7fab] d/control: Increase some Build-Depends * [f4bfd22] d/control: Remove libgtk2.0-dev from Build-Depends * [ad4e281] d/s/lintian-overrides: Adding one more file to ignore -- Carsten Schoenert Mon, 19 Jul 2021 22:04:15 +0200 thunderbird (1:90.0~b2-1) experimental; urgency=medium [ Carsten Schoenert ] * [3cc0d66] d/source.filter: some updates to filtering list * [3c76a94] New upstream version 90.0~b2 * [46718fe] rebuild patch queue from patch-queue branch removed patches: fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch debian-hacks/Work-around-Debian-bug-844357.patch * [156d3c9] d/thunderbird.1: Correct debugger option * [ca7daca] /u/l/thunderbird: Correct escape sequencing for gdb calling (Closes: #976979) * [f310330] d/thunderbird-wrapper.sh: Use '${}' syntax for variables * [0ef3788] d/thunderbird.install: Remove gtk2 cruft * [17b0510] d/copyright: Update due removed content * [feca305] d/s/lintian-override: Remove two no longer existing entries [ Kevin Locke ] * [dbe3c3e] d/thunderbird-wrapper.sh: Make gdb call more fail safe (Closes:#942799) -- Carsten Schoenert Sun, 20 Jun 2021 14:51:49 +0200 thunderbird (1:89.0~b2-1) experimental; urgency=medium * [74911c7] New upstream version 89.0~b2 * [b4fef2a] rebuild patch queue from patch-queue branch modified patches: debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch removed patches: debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch * [ea6a29e] d/control: Increase B-D for cbindgen and libnss3-dev -- Carsten Schoenert Thu, 03 Jun 2021 19:40:08 +0200 thunderbird (1:88.0~b2-1) experimental; urgency=medium [ Carsten Schoenert ] * [7af1a0b] New upstream version 88.0~b2 * [30d1d48] rebuild patch queue from patch-queue branch modified patch: debian-hacks/Add-another-preferences-directory-for-applications-p.patch porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch removed patches (included upstream): porting-arm/Reduce-memory-usage-while-linking-on-arm-el-hf-platforms.patch porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch renamed patch: fixes/Load-dependent-libraries-with-their-real-path-to-avo.patch -> fixes/Load-dependent-libraries-with-their-real-path.patch * [f45da92] d/control: Increase B-D for libnss3-dev [ Colomban Wendling ] * [bbf78cb] d/thunderbird.desktop: Switch StartupWMClass (Closes: #985366) [ Carsten Schoenert ] * [a2cc9e0] d/control: Adding nasm to Build-Depends * [41fad62] d/copyright: update due removed content -- Carsten Schoenert Sun, 11 Apr 2021 13:50:27 +0200 thunderbird (1:86.0~b3-1) experimental; urgency=medium [ Carsten Schoenert ] * [002f597,fe0515b] d/source.filter: updating the filtering list * [dfafc89,35d050f] d/copyright: updates due upstream changes Add Apache2 notice for third_party/python/coverage * [24c009c] lintian: adding override for false positive in SVG file * [d316a1c] New upstream version 86.0~b3 * [20dc687] rebuild patch queue from patch-queue branch modified patch: debian/patches/porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch * [21b86f0] d/copyright: update due removed content * [7fc9755] d/s/lintian-override: path for TeXZilla.js has changed * [33c5d5a] d/s/lintian-override: remove JS file * [825a440] d/control: Increase B-D for cbindgen [ Pino Toscano ] * [35c3c3b] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink -- Carsten Schoenert Sat, 13 Feb 2021 13:41:36 +0100 thunderbird (1:85.0~b3-1) experimental; urgency=medium * [b142ac6] New upstream version 85.0~b3 * [0d2221a] d/control: Increase various B-D versions * [e4eb52e] rebuild patch queue from patch-queue branch added patch: debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch updated patches: debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch -- Carsten Schoenert Thu, 31 Dec 2020 20:39:53 +0100 thunderbird (1:84.0~b3-1) experimental; urgency=medium * [fad5103] calendar-google-provider*: removing left over cruft * [b095d8e] thunderbird.NEWS: Add hint about integration of OpenPGP support * [0f6bdf3] Revert "d/tb.lintian-overrides: ignore warning about none versioned breaks" * [f10f80c] d/copyright: update content * [9c3fb20] d/source.filter: some updates to filtering list * [c9b8274] New upstream version 84.0~b3 * [adf3835] rebuild patch queue from patch-queue branch removed patches: fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch porting-sh4/Add-sh4-support-to-Thunderbird.patch * [3ff9c9d] thunderbird-l10n-all: add thunderbird-l10n-cy (Closes: #974127) * [393490c] d/control: remove l10n package for Sinhala * [1f4e966] d/control: increase Standards-Version to 4.5.1 No further changes needed. * [288afdd] d/rules: use python3 explicitly while calling mach Using the Python 3 interpreter is needed otherwise the Mozilla magic tries to use a non existing virtualenv environment. * [a509bdf] d/watch: update to version 4 No further changes needed. * [fc6b358] d/copyright: update some more content Updating the copyright information due upstream modifications. * [3bd5713] d/s/lintian-overrides: Adding more file to ignore -- Carsten Schoenert Mon, 14 Dec 2020 15:24:59 +0100 thunderbird (1:78.14.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert Thu, 09 Sep 2021 16:34:19 +0200 thunderbird (1:78.14.0-1) unstable; urgency=medium * [6dc6817] d/changelog: Correct TB version for referenced MFSA * [38f01f4] d/rules: Don't run dh_autoreconf (Closes: #993494) * [09c4cde] New upstream version 78.14.0 Fixed CVE issues in upstream version 78.14.0 (MFSA 2021-42): CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and Thunderbird 91.1 -- Carsten Schoenert Wed, 08 Sep 2021 19:57:22 +0200 thunderbird (1:78.13.0-1~deb11u1) bullseye-security; urgency=medium * [6dc6817] d/changelog: Correct TB version for referenced MFSA * Rebuild for bullseye-security -- Carsten Schoenert Thu, 12 Aug 2021 20:17:02 +0200 thunderbird (1:78.13.0-1) unstable; urgency=medium * [b4498b0] New upstream version 78.13.0 Fixed CVE issues in upstream version 78.13.0 (MFSA 2021-35): CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption CVE-2021-29988: Memory corruption as a result of incorrect style treatment CVE-2021-29984: Incorrect instruction reordering during JIT optimization CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption CVE-2021-29985: Use-after-free media channels CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13 -- Carsten Schoenert Thu, 12 Aug 2021 16:13:25 +0200 thunderbird (1:78.12.0-1) unstable; urgency=medium * [74d3cdb] New upstream version 78.12.0 Fixed CVE issues in upstream version 78.12 (MFSA 2021-30): CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29970: Use-after-free in accessibility features of a document CVE-2021-30547: Out of bounds write in ANGLE CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12 -- Carsten Schoenert Sat, 17 Jul 2021 09:33:28 +0200 thunderbird (1:78.11.0-2) unstable; urgency=medium [ Carsten Schoenert ] * [241e539] d/thunderbird.1: Correct debugger option Remove parts that are no longer valid, especially there is no dedicated shell script any more the user has to start, calling 'thunderbird -g' is enough to start a GDB call. * [66deb37] thunderbird: Use internal NSS source while package built (Closes: #989839, #989843, #989979, #989983, #989922, #990012) * [07fb6ef] d/thunderbird-wrapper.sh: Use '${}' syntax for variables [ Kevin Locke ] * [d003e26] d/thunderbird-wrapper.sh: Make gdb call more fail safe (Closes: #942799) -- Carsten Schoenert Sun, 20 Jun 2021 07:20:41 +0200 thunderbird (1:78.11.0-1) unstable; urgency=medium * [42c4a87] New upstream version 78.11.0 Fixed CVE issues in upstream version 78.11 (MFSA 2021-26): CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11 -- Carsten Schoenert Thu, 03 Jun 2021 17:22:34 +0200 thunderbird (1:78.10.2-1) unstable; urgency=medium * [69552d8] New upstream version 78.10.2 Fixed CVE issues in upstream version 78.10.2 (MFSA 2021-22): CVE-2021-29957: Partial protection of inline OpenPGP message not indicated CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password protection -- Carsten Schoenert Wed, 19 May 2021 21:57:11 +0200 thunderbird (1:78.10.0-1) unstable; urgency=medium * [f38d78f] New upstream version 78.10.0 Fixed CVE issues in upstream version 78.10 (MFSA 2021-15): CVE-2021-23994: Out of bound write due to lazy initialization CVE-2021-23995: Use-after-free in Responsive Design Mode CVE-2021-23998: Secure Lock icon could have been spoofed CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage CVE-2021-23999: Blob URLs may have been granted additional privileges CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads (This issue only affected x86-32 platforms.) CVE-2021-29946: Port blocking could be bypassed CVE-2021-29948: Race condition when reading from disk while verifying signatures -- Carsten Schoenert Mon, 19 Apr 2021 20:00:32 +0200 thunderbird (1:78.9.0-1) unstable; urgency=medium [ Colomban Wendling ] * [7d454de] d/thunderbird.desktop: Switch StartupWMClass (Closes: #985366) [ Carsten Schoenert ] * [23fe9ce] d/source.filter: small update to filtering list * [828b9d7] New upstream version 78.9.0 Fixed CVE issues in upstream version 78.9 (MFSA 2021-12): CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage CVE-2021-23984: Malicious extensions could have spoofed popup information CVE-2021-23987: Memory safety bugs fixed in Thunderbird 78.9 * [cf4fbde] rebuild patch queue from patch-queue branch Removed patch (included upstream): porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch -- Carsten Schoenert Tue, 23 Mar 2021 15:55:43 +0100 thunderbird (1:78.8.0-1) unstable; urgency=medium [ Pino Toscano ] * [f2f1f3f] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink [ Carsten Schoenert ] * [f5707a7] New upstream version 78.8.0 Fixed CVE issues in upstream version 78.8 (MFSA 2021-09): CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8 -- Carsten Schoenert Sun, 21 Feb 2021 14:58:05 +0100 thunderbird (1:78.7.1-1) unstable; urgency=medium * [406f9d7] New upstream version 78.7.1 -- Carsten Schoenert Fri, 05 Feb 2021 20:12:59 +0100 thunderbird (1:78.7.0-1) unstable; urgency=medium * [8751354] New upstream version 78.7.0 Fixed CVE issues in upstream version 78.7 (MFSA 2021-05): CVE-2021-23953: Cross-origin information leakage via redirected PDF requests CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements CVE-2020-15685: IMAP Response Injection when using STARTTLS CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7 * [4b0c0a7] rebuild patch queue from patch-queue branch removed patch (included upstream): porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch -- Carsten Schoenert Fri, 29 Jan 2021 20:45:49 +0100 thunderbird (1:78.6.1-1) unstable; urgency=medium [ Carsten Schoenert ] * [67f6117] Add Apache2 notice for third_party/python/coverage * [38b9ff7] lintian: adding override for false positive in SVG file [ Carles Pina i Estany ] * [529d53a] d/thunderbird-wrapper.sh: Unset DEBUG/DEBUGGER variables (Closes: #960230) * [6d48708] d/thunderbird-wrapper-helper.sh: Adjust help text [ Carsten Schoenert ] * [5309e91] d/thunderbird-wrapper*.sh: Prefixing some local variables * [07b4733] New upstream version 78.6.1 Fixed CVE issues in upstream version 78.6.1 (MFSA 2021-02): CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk -- Carsten Schoenert Sat, 16 Jan 2021 14:59:02 +0100 thunderbird (1:78.6.0-1) unstable; urgency=medium * [1410f1e] d/watch: update to version 4 * [a8303b7] d/rules: use python3 explicitly while calling mach * [f3f535e] New upstream version 78.6.0 Fixed CVE issues in upstream version 78.6 (MFSA 2020-56): CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed CVE-2020-26971: Heap buffer overflow in WebGL CVE-2020-26973: CSS Sanitizer performed incorrect sanitization CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6 (Closes: #972072, #973697) * [16a7ab7] /u/l/thunderbird: Correct escape sequencing for gdb calling We need to do a better escaping of values of the '-ex' option otherwise the shell is refusing the concatenated string we want to use as call. (Closes: #976979) -- Carsten Schoenert Tue, 15 Dec 2020 10:12:34 +0100 thunderbird (1:78.5.1-1) unstable; urgency=medium * [08556c2] New upstream version 78.5.1 Fixed CVE issues in upstream version 78.5.1 (MFSA 2020-53): CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes * [7047340] rebuild patch queue from patch-queue branch removed patch (included upstream): fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch * [40663bb] debian/control: increase Standards-Version to 4.5.1 No further changes needed. -- Carsten Schoenert Thu, 03 Dec 2020 05:35:04 +0100 thunderbird (1:78.5.0-1) unstable; urgency=medium * [7842f02] New upstream version 78.5.0 Fixed CVE issues in upstream version 78.5 (MFSA 2020-51): CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls CVE-2020-26953: Fullscreen could be enabled without displaying the security UI CVE-2020-26956: XSS through paste (manual and clipboard API) CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions CVE-2020-26959: Use-after-free in WebRequestService CVE-2020-26960: Potential use-after-free in uses of nsTArray CVE-2020-15999: Heap buffer overflow in freetype CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses CVE-2020-26965: Software keyboards may have remembered typed passwords CVE-2020-26966: Single-word search queries were also broadcast to local network CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5 * [e19743e] rebuild patch queue from patch-queue branch removed patch (included upstream): fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch -- Carsten Schoenert Wed, 18 Nov 2020 20:06:09 +0100 thunderbird (1:78.4.2-1) unstable; urgency=medium * [c7f4ed2] New upstream version 78.4.2 Fixed CVE issues in upstream version 78.4 (MFSA 2020-49): CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for * [c3a617d] rebuild patch queue from patch-queue branch added patch: fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch * [8e4e7ad] thunderbird-l10n-all: add thunderbird-l10n-cy (Closes: #974127) -- Carsten Schoenert Tue, 10 Nov 2020 21:19:15 +0100 thunderbird (1:78.4.1-1) unstable; urgency=medium * [cf8bf1e] New upstream version 78.4.1 * [529000c] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1650299-Unify-the-inclusion-of-the-ICU-data-file.-r-f.patch fixes/Don-t-build-ICU-in-parallel.patch Patches are picked from Firefox and fixing FTBFS on s390x within buster. -- Carsten Schoenert Fri, 06 Nov 2020 21:53:24 +0100 thunderbird (1:78.4.0-1) unstable; urgency=medium [ Emilio Pozuelo Monfort ] * [652f8de] install the apparmor profile in thunderbird.install [ Carsten Schoenert ] * [5240d53] Revert "thunderbird.install: adjust.desktop renamed file name" (Closes: #972601) * [861b21a] Revert "Rename .desktop file for AppStream compliance" (Closes: #972578) * [ffc5818] New upstream version 78.4.0 Fixed CVE issues in upstream version 78.4 (MFSA 2020-47): CVE-2020-15969: Use-after-free in usersctp CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4 * [81396e3] rebuild patch queue from patch-queue branch removed patches (fixed upstream): porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch modified patches: fixes/Appdata-Adding-some-German-translations.patch fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch Minor fine tuning to the AppStream specific parts but also revert some translation entries as they are not intend to be translatable. These modification also in correlation with the mentioned bug reports above which are closed by the other adjustments. -- Carsten Schoenert Thu, 22 Oct 2020 18:48:25 +0200 thunderbird (1:78.3.3-1) unstable; urgency=medium [ Emilio Pozuelo Monfort ] * [6f18974] Remove duplicated --disable-debug-symbols flag * [1119d50] Print a verbose build log by not calling the mach wrapper * [fcf7c11] Exclude -g from CXXFLAGS as well [ Carsten Schoenert ] * [9eb159f] New upstream version 78.3.3 * [47171dc] rebuild patch queue from patch-queue branch added patches: fixes/Appdata-Adding-some-German-translations.patch fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch * [1474d91] Rename .desktop file for AppStream compliance * [10e49a9] thunderbird.install: adjust.desktop renamed file name * [018bbc1] thunderbird.pc: remove left over cruft -- Carsten Schoenert Sun, 18 Oct 2020 08:49:20 +0200 thunderbird (1:78.3.2-1) unstable; urgency=medium * [0b2f19f] d/rules: remove hand crafted icu build Cherry-picked from debian/buster branch. The possible required build of the ICU if the usage of an external ICU library is now handled by the upstream build system. * [1583517] d/rules: rewrite dpkg_buildflags to remove option '-g' Cherry-picked from debian/buster branch. We need to remove the option '-g' from the dpkg_buildflags variable for real if we want a build without debugging information (e.g. on 32bit architectures). * [fb4c9c4] New upstream version 78.3.2 * [9d5e2b9] d/rules: install the language Add-ons into /u/l/t/e Do not install the thunderbird-l10n packages into /usr/share/thunderbird any more, install them directly into /usr/libt/thunderbird/extensions. This simplifies the package structures as there is no real need to install the packages into /usr/share/thunderbird and linking them back. -- Carsten Schoenert Fri, 09 Oct 2020 19:49:45 +0200 thunderbird (1:78.3.1-2) unstable; urgency=medium * [649f664] rebuild patch queue from patch-queue branch added patches: fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch -- Carsten Schoenert Wed, 30 Sep 2020 19:10:27 +0200 thunderbird (1:78.3.1-1) unstable; urgency=medium [ Carsten Schoenert ] * [6bd965f] New upstream version 78.3.1 Fixed CVE issues in upstream version 78.3.1 (MFSA 2020-44): CVE-2020-15677: Download origin spoofing via redirect CVE-2020-15676: XSS when pasting attacker-controlled data into a contenteditable element CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3 * [8ba13c5] rebuild patch queue from patch-queue branch added patches(picked from firefox packaging): fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch removed patch(fixed upstream): fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch * [c6d282d] calendar-google-provider*: removing left over cruft There are two left over sequencer files from the calendar-google-package, not need any more since 1:68.2.2-1 * [cf37615] d/README.Debian: Update and adding new information Some updated information regarding the now included OpenPGP support, also updating some grammar for 'Add-on'. * [faf225b] thunderbird.NEWS: Add hint about integration of OpenPGP support Giving the user a information about the OpenPGP status within Thunderbird since the version 78.0. * [d6f4f0e] Revert "d/tb.lintian-overrides: ignore warning about none versioned breaks" * [9e6cbec] d/copyright: update content -- Carsten Schoenert Sun, 27 Sep 2020 09:08:29 +0200 thunderbird (1:78.2.2-1) experimental; urgency=medium * [c6592e8] New upstream version 78.2.2 * [28f5fce] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch * [4866c06] d/mozconfig.default: add extra config options for ppc64el -- Carsten Schoenert Sun, 13 Sep 2020 08:58:44 +0200 thunderbird (1:78.2.1-1) experimental; urgency=medium * [1f3f76b] d/rules: drop C{,XX}FLAGS originally intended for GCC6 * [4490e37] d/mozconfig.default: add options for mips64el * [17b4e5c] d/rules: Don't build debug symbols on 32Bit arch * [6dff7e0] d/rules: adding -Wl,--as-needed to linker flags * [a213a7f] New upstream version 78.2.1 -- Carsten Schoenert Sun, 30 Aug 2020 14:38:17 +0200 thunderbird (1:78.2.0-1) experimental; urgency=medium [ intrigeri ] * [f6fcafd] d/control: drop hard dependency on libgtk2.0-0 (Closes: #908654) * [85b7a2e] autopkgtests: fix typo in comment * [4bd70ae] d/mozconfig.default: fix typos in comments * [d986a6d] d/control: allow Enigmail 2.2.0 and newer (Closes: #968707) [ Carsten Schoenert ] * [52b4006] d/control: increase B-D for libnss3 (Closes: #966805) * [7794563] New upstream version 78.2.0 Fixed CVE issues in upstream version 78.2.0 (MFSA 2020-41): CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege CVE-2020-15664: Attacker-induced prompt for extension installation CVE-2020-15670: Memory safety bugs fixed in Thunderbird 78.2 * [623f853] rebuild patch queue from patch-queue branch No modifications made, just updating the index. -- Carsten Schoenert Wed, 26 Aug 2020 20:41:28 +0200 thunderbird (1:78.1.1-1) experimental; urgency=medium * [5fb842b] d/mozconfig.default: adding new option regarding Add-Ons Adding additional options --allow-addon-sideload and --with-unsigned-addon-scopes=app,system. These option are adopted and taken from the firefox package. * [8de0b35] New upstream version 78.1.1 * [4abe5ed] d/copyright: update content Some small updates to the copyright information. * [3caa541] d/control: adding new B-D for botan and json-c The upstream source now offers the possibility to use the system libraries for botan and json-c, for this we need to have both libraries installed for building Thunderbird. * [251d524] d/mozconfig.default: use botan and json-c system libraries Turn on the configuration flags for botan and also for json-c that let the build use the installed provided system libraries instead of using internal versions. * [a32a163] rebuild patch queue from patch-queue branch removed patch: debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch Upstream has now (again) a configure option for using a installed system bzip2 library that makes our added patch for this not needed anymore. * [16c91c0] lintian: remove override for embedded bzip2 in librnp.so -- Carsten Schoenert Sat, 08 Aug 2020 19:16:08 +0200 thunderbird (1:78.1.0-1) experimental; urgency=medium * [c4099cd] New upstream version 78.1.0 Fixed CVE issues in upstream version 78.1.0 (MFSA 2020-33): CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker CVE-2020-6514: WebRTC data channel leaks internal address to peer CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy CVE-2020-15653: Bypassing iframe sandbox when allowing popups CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture CVE-2020-15656: Type confusion for special arguments in IonMonkey CVE-2020-15658: Overriding file type when saving to disk CVE-2020-15657: DLL hijacking due to incorrect loading path CVE-2020-15654: Custom cursor can overlay user interface CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1 -- Carsten Schoenert Fri, 31 Jul 2020 19:35:57 +0200 thunderbird (1:78.0.1-1) experimental; urgency=medium * [5450d8d] d/control: increase B-D for libnss3 * [9749d1d] d/control: drop B-D on python2 and move over to python3 * [b31360b] d/xpi-pack.sh: adding xpi-pack shell script * [89ede80] Drop mozilla-devscripts as B-D * [f3b2ced] New upstream version 78.0.1 * [1847202] d/tb.lintian-overrides: ignore warning about none versioned breaks * [d56c922] d/lightning.links: removing left over sequencer file -- Carsten Schoenert Wed, 22 Jul 2020 20:11:25 +0200 thunderbird (1:78.0-1) experimental; urgency=medium * [1016cc5] New upstream version 78.0 Fixed CVE issues in upstream version 78.0 (MFSA 2020-29): CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12418: Information disclosure due to manipulated URL object CVE-2020-12419: Use-after-free in nsGlobalWindowInner CVE-2020-12420: Use-After-Free when trying to connect to a STUN server CVE-2020-15648: X-Frame-Options bypass using object or embed tags CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process CVE-2020-12425: Out of bound read in Date.parse() CVE-2020-12426: Memory safety bugs fixed in Thunderbird 78 * [ad66b04] rebuild patch queue from patch-queue branch reworked patch: porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch * [4a2039c] d/mozconfig.default: enable OpenPGP feature build -- Carsten Schoenert Thu, 16 Jul 2020 19:15:25 +0200 thunderbird (1:78.0~b2-1) experimental; urgency=medium * [c8da927] d/source.filter: fix obviously happen typo * [c513a96] New upstream version 78.0~b2 * [6e9104e] d/control: tb, adding binary version to lightning provides Make the Provides for Lightning a versioned provide. * [8adec8f] enigmail: let any version of Enigmail break We now can break on any Enigmail version, the Enigmail functions are now included in Thunderbird and don't want to have an Enigmail package get installed in parallel. * [696b1fc] xul-ext-*/webext-*: adding more extensions to break Quite all of the current packaged Thunderbird extensions will not work for now with Thunderbird 78.*, adding/renaming the current know packages with recent versions to Breaks for thunderbird. * [e488d0c] thunderbird: remove some non-existing packages from Breaks The listed packages xul-ext-foxyproxy-standard xul-ext-gnome-keyring xul-ext-nostalgy aren't in any supported release so we don't need them any more within a Breaks for thunderbird. * [039ee90] thunderbird: remove outdated myspell packages from Breaks All previously listed myspell packages in Breaks for thunderbird aren't reachable with the given version any more. We can remove them safely. * [08ea0ba] thunderbird: remove outdated hunspell packages from Breaks The same is true for the hunspell packages that were listed in the Breaks field for thunderbird. -- Carsten Schoenert Sat, 20 Jun 2020 18:04:59 +0200 thunderbird (1:78.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [625efa9] d/source.filter: some updates to filtering list Recent modification of the shipped files in the upstream tarball do require small updates of the filter list we use to repack the tarball. * [967ee19] New upstream version 78.0~b1 * [240991e] rebuild patch queue from patch-queue branch removed patch: debian-hacks/use-icudt-b-l-.dat-depending-on-architecture.patch This will require some additional adjustment later for the stable-security uploads as this patch was required to get a recent ICU version build before the build of the thunderbird sources did start. reworked patch: debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch * [07cab53] d/mozconfig.default: remove no longer existing options By this release a lot of old configure options are kicked out, some of them we have used until now. We need to remove these from the config. * [df2e99b] d/copyright: update content As usual some required update of the copyright file, more files are not shipped anymore. [ intrigeri ] * [82a4b03] AppArmor: update profile from upstream at commit 860d2d9 (cherry-picked from unstable) -- Carsten Schoenert Sat, 13 Jun 2020 20:01:39 +0200 thunderbird (1:77.0~b3-1) experimental; urgency=medium * [82de2f6] New upstream version 77.0~b3 * [8beaf6f] rebuild patch queue from patch-queue branch removed patch (included upstream): fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch * [ab2d7a2] d/copyright: Add license for appstream xml file * [1533187] d/source.filter: Remove some *.wasm files as well * [7cdfe03] d/thunderbird.lintian-overrides: Some more needed overrides We need currently the included bzip library. Also add a false positive about the misread postinst script. * [9385fd4b] d/control: Remove doubled listed package libglib2.0-dev Drop a doubled listed package libglib2.0-dev within B-D. -- Carsten Schoenert Wed, 20 May 2020 20:58:09 +0200 thunderbird (1:77.0~b2-1) experimental; urgency=medium * [185d4f7] New upstream version 77.0~b2 * [e918036] rebuild patch queue from patch-queue branch removed patch: fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch * [c1979ce] d/mozconfig.default: Remove obsolete options Drop the options '--with-distribution-id' and '--with-user-appdir'. The former is basically only supporting the given default 'org.mozilla' and the latter was set to the default '.mozilla' anyway. -- Carsten Schoenert Sat, 16 May 2020 14:04:02 +0200 thunderbird (1:77.0~b1-1) experimental; urgency=medium * [ee06e6e] New upstream version 77.0~b1 * [a21b649] rebuild patch queue from patch-queue branch removed patches (not needed any more): lower-down-required-version-on-NSS3.patch added patches: fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch * [295cc4d] d/control: increase B-D for libnss3 The build requires now libnss3-dev >= 2:3.52. * [f998baf] lintian-overrides: remove overrides for kinto-http-client.js No override needed for this file, it's not included any more. -- Carsten Schoenert Fri, 08 May 2020 15:18:44 +0200 thunderbird (1:76.0~b2-1) experimental; urgency=medium * [87988db] d/control: increase B-D for cargo to 0.42 * [b9b0dfd] rebuild patch queue from patch-queue branch removed patch: debian-hacks/Ignore-version-check-for-cargo.patch * [8386db0] d/control: Remove B-D on libjson-dev and libsqlite3-dev The built uses internal copies for libjson and libsqlite as there are made modifications to them. For now we can decrease the list of build dependencies by removing this two packages. * [6324222] New upstream version 76.0~b2 * [629b3bb] d/rules: Remove default compiler flag No needed for '-Wl,--as-needed' any more, it's default now. -- Carsten Schoenert Mon, 27 Apr 2020 09:55:43 +0200 thunderbird (1:76.0~b1-1) experimental; urgency=medium * [b52cd52] d/c-thunderbird-l10n-tarball.sh: change upstream resource Upstream has changed the folder were we can find the language providing XPI packages. They simply moved over from linux-i686 to linux-x86_64. * [22e697a] d/rules: drop set up of LIGHTNING_VERSION variable We don't need this variable any more for building the packages (like all the lightning-foo named stuff), there is no dedicated Lighting named stuff around. * [4ad871b] d/gbp.conf: Remove additional tarball for lightning-l10n git-buildpackage won't find this additional tarball as it's not needed starting by the import of the next upstream version (this is 76.0b1). * [25d8d42] d/c-l-l10n-t.sh: Remove helper script We also don't need to build the l10n specific additional tarball for Lighting related parts any more. Dropping this helper script. * [9d33d06] d/README.source: Remove part of lightning-l10n * [b063d7f] New upstream version 76.0~b1 * [e7a23ec] rebuild patch queue from patch-queue branch removed patches (not needed or included upstream): debian-hacks/Build-against-system-libjsoncpp.patch debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch added patches: debian-hacks/Ignore-version-check-for-cargo.patch lower-down-required-version-on-NSS3.patch * [94d8593] d/control: adding new packages thunderbird-l10n-{cak,kab,uz} After the final release of Thunderbird 68.0 new l10n support for the languages Kacqhikel, Georgian and Uzbek was added. Reflect this by adding new binary packages for those languages. * [5397182] d/mozconfig.default: remove option for system-sqlite Upstream is using their own version of an modified SQLite now and has dropping the additional configure option about this. * [abb0ded] d/control: increase various versions in B-D The current source requires some more recent versions of the helping tools for building the sources as usual. * [abfc8b2] d/rules: remove any action related to old lightning stuff As the sources doesn't have any Lightning specific parts any more we need to adjust the build process within debian/rules a bit. Thus dropping all the rules around Lighting things. * [f95b3ad] d/control: Turn lightning into transitional package For now switch the behaviour of the lightning package into a transitional one. We might can drop the whole package rather soon. * [c3062cb] d/thunderbird.install: Remove blocklist.xml Don't install the file blocklist.xml any more, it's now not shipped by upstream any more. * [856e99e] d/mozconfig.thunderbird: Remove --enable-calendar Previously the build of the Lightning extension was needed to get enabled to built this as an extension. Now it's fully integrated into the core this configure option isn't needed any longer. * [5551a8a] d/copyright: update content As usual there is some moving within the source code between the major versions, reflect this by adjusting the content of the copyright file. * [21e9b7f] lintian-overrides: adjust overrides for needed files Also the override file for the source is needing some adjustments. * [f25ddc4] d/source.filter: update the filter sequences The control for filtering non needed stuff from the upstream tarball must also get adjusted due changed versions, moved folders etc. * [e4a81ba] d/thunderbird.install: Install also appdata.xml Upstream is providing an AppStream data file which we want install mow also. * [80385c9] d/source.filter: Sorting entries alphabetically No functional modifications, just sorting entries to find stuff more easily. * [585cf0a] d/thunderbird.lintian-overrides: update after config changes We also need to modify the content for Lintian overrides for the thunderbird package a bit. Thunderbird comes now (again) with own versions of the libraries libtheora and libjsoncpp. Mostly because Mozilla has made some own modifications within these libraries. -- Carsten Schoenert Sat, 18 Apr 2020 08:28:25 +0200 thunderbird (1:68.12.0-1) unstable; urgency=medium * [103cab7] New upstream version 68.12.0 Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35): CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege CVE-2020-15664: Attacker-induced prompt for extension installation CVE-2020-15669: Use-After-Free when aborting an operation -- Carsten Schoenert Thu, 27 Aug 2020 21:23:55 +0200 thunderbird (1:68.11.0-3) unstable; urgency=medium * [28707fd] d/xpi-pack.sh: adding xpi-pack shell script As we can't depend on mozilla-devscripts anymore we pick up the shell script from that package as this builds XPI files we need. * [037212e] Drop mozilla-devscripts as B-D mozilla-devscripts isn't ported to Python3 yet and depends on Python2 so. We don't need that package as B-D as we picked the main shell script from that and we can drop that package from the build dependencies. * [31eda41] Drop python-{minimal,ply} from B-D These packages are removed from teh archive and we don't need them for building Thunderbird as long we have python2 as package available. (Closes: #967223) -- Carsten Schoenert Tue, 04 Aug 2020 19:06:20 +0200 thunderbird (1:68.11.0-2) unstable; urgency=medium * [110a375] d/control: increase B-D for libnss3 * [73fa23e] d/control: tb manually set dep on libnss3 to 2:3.55 (Closes: #966806) -- Carsten Schoenert Sun, 02 Aug 2020 20:12:49 +0200 thunderbird (1:68.11.0-1) unstable; urgency=medium * [093b080] New upstream version 68.11.0 Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35): CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker CVE-2020-6514: WebRTC data channel leaks internal address to peer CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11 -- Carsten Schoenert Wed, 29 Jul 2020 22:26:14 +0200 thunderbird (1:68.10.0-1) unstable; urgency=medium * [7537684] New upstream version 68.10.0 Fixed CVE issues in upstream version 68.10.0 (MFSA 2020-26): CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12418: Information disclosure due to manipulated URL object CVE-2020-12419: Use-after-free in nsGlobalWindowInner CVE-2020-12420: Use-After-Free when trying to connect to a STUN server MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login credentials CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates -- Carsten Schoenert Sat, 04 Jul 2020 10:55:31 +0200 thunderbird (1:68.9.0-1) unstable; urgency=medium [ intrigeri ] * [fd13825] AppArmor: update profile from upstream at commit 860d2d9 (Closes: #960465) [ Carsten Schoenert ] * [c310c40] New upstream version 68.9.0 Fixed CVE issues in upstream version 68.9.0 (MFSA 2020-22): CVE-2020-12399: Timing attack on DSA signatures in NSS library CVE-2020-12405: Use-after-free in SharedWorkerService CVE-2020-12406: JavaScript Type confusion with NativeTypes CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0 CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage -- Carsten Schoenert Fri, 05 Jun 2020 20:29:35 +0200 thunderbird (1:68.8.1-1) unstable; urgency=medium * [7495e7a] New upstream version 68.8.1 -- Carsten Schoenert Fri, 22 May 2020 19:04:20 +0200 thunderbird (1:68.8.0-1) unstable; urgency=medium * [9b5ae46] New upstream version 68.8.0 Fixed CVE issues in upstream version 68.8.0 (MFSA 2020-18): CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters CVE-2020-12387: Use-after-free during worker shutdown CVE-2020-6831: Buffer overflow in SCTP chunk input validation CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0 -- Carsten Schoenert Tue, 05 May 2020 20:47:29 +0200 thunderbird (1:68.7.0-1) unstable; urgency=medium * [c0052af] New upstream version 68.7.0 Fixed CVE issues in upstream version 68.7.0 (MFSA 2020-14): CVE-2020-6819: Use-after-free while running the nsDocShell destructor CVE-2020-6820: Use-after-free when handling a ReadableStream CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7 -- Carsten Schoenert Sun, 12 Apr 2020 07:40:41 +0200 thunderbird (1:68.6.0-1) unstable; urgency=medium * [5709774] New upstream version 68.6.0 Fixed CVE issues in upstream version 68.6.0 (MFSA 2020-10): CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init CVE-2020-6805: Use-after-free when removing data about origins CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6807: Use-after-free in cubeb during stream destruction CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6 -- Carsten Schoenert Mon, 16 Mar 2020 20:01:29 +0100 thunderbird (1:68.5.0-1) unstable; urgency=medium * [d79bf82] New upstream version 68.5.0 Fixed CVE issues in upstream version 68.5.0 (MFSA 2020-07): CVE-2020-6793: Out-of-bounds read when processing certain email messages CVE-2020-6794: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords CVE-2020-6795: Crash processing S/MIME messages with multiple signatures CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection CVE-2020-6792: Message ID calculcation was based on uninitialized data CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5 (Closes: #891848) * [0884df6] d/control: increase Standards-Version to 4.5.0 No further changes needed. -- Carsten Schoenert Thu, 13 Feb 2020 17:58:44 +0100 thunderbird (1:68.4.2-1) unstable; urgency=medium * [7ab7786] d/gbp.conf: add some more files we need to filter out * [9c02c34] New upstream version 68.4.2 -- Carsten Schoenert Sun, 26 Jan 2020 13:13:49 +0100 thunderbird (1:68.4.1-1) unstable; urgency=medium * [a00f3e9] New upstream version 68.4.1 Fixed CVE issues in upstream version 68.4.1 (MFSA 2020-04): CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting CVE-2019-17017: Type Confusion in XPCVariant.cpp CVE-2019-17022: CSS sanitization does not escape HTML tags CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1 * [6b1fd82] rebuild patch queue from patch-queue branch removed patch (included upstream) fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch -- Carsten Schoenert Fri, 10 Jan 2020 18:33:43 +0100 thunderbird (1:68.3.1-1) unstable; urgency=medium [ Emilio Pozuelo Monfort ] * [6f59313] Fix MOZ_BUILD_DATE to have the expected format [ Carsten Schoenert ] * [5d0f4b1] d/rules: don't use SOURCE_DATE_EPOCH for MOZ_BUILD_DATE (Closes: #946588) * [1467af5] New upstream version 68.3.1 -- Carsten Schoenert Wed, 18 Dec 2019 15:54:44 +0100 thunderbird (1:68.3.0-2) unstable; urgency=medium * [0625d30] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch * [ea8d98c] Breaks: add versioned birdtray package -- Carsten Schoenert Mon, 09 Dec 2019 18:22:15 +0100 thunderbird (1:68.3.0-1) unstable; urgency=medium * [fe289ec] /u/b/thunderbird: export variable DICPATH before start (Closes: #944295) * [a9a48c6] New upstream version 68.3.0 Fixed CVE issues in upstream version 68.3 (MFSA 2019-38): CVE-2019-17008: Use-after-free in worker destruction CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher CVE-2019-17009: Updater temporary files accessible to unprivileged processes CVE-2019-17010: Use-after-free when performing device orientation checks CVE-2019-17005: Buffer overflow in plain text serializer CVE-2019-17011: Use-after-free when retrieving a document in antitracking CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3 * [fb23473] d/control: increase B-D version on NSS to 3.44.3 * [6f59938] Breaks: adding more non compatible packaged AddOns -- Carsten Schoenert Thu, 05 Dec 2019 10:03:22 +0100 thunderbird (1:68.2.2-1) unstable; urgency=medium * [198d539] xul-ext-compactheader: allow also version << 3.0.0 * [0e93753] d/control: add incompatibility with jsunit << 0.2.2 * [87c84cb] New upstream version 68.2.2 This upstream version has removed the source for calendar-google-provider, thus we can't provide the related binary package any more. * [a3cea2a] rebuild patch queue from patch-queue branch rebuild patch queue from patch-queue branch removed patches (included upstream): debian/patches/fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch debian/patches/fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch debian/patches/fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch debian/patches/fixes/Build-also-gdata-provider-as-xpi-file.patch debian/patches/fixes/rust-ignore-not-available-documentation.patch debian/patches/porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch debian/patches/porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch debian/patches/porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch debian/patches/porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch debian/patches/porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch * [1730f5f] d/control: remove references to calendar-google-provider Don't build calendar-google-provider any more and remove any references from other binary packages. * [1b0bbb8] d/rules: remove any calendar-google-provider stuff * [92f681c] thunderbird.NEWS: Adding hint about removal of gdata Give out an announcement about the removal of a possible previously installed package calendar-google-provider. -- Carsten Schoenert Sun, 10 Nov 2019 12:09:17 +0100 thunderbird (1:68.2.1-1) unstable; urgency=medium [ intrigeri ] * [c48e2cb] AppArmor: update profile from upstream at commit a27a1a5 (Closes: #941290) [ Carsten Schoenert ] * [98497ae] New upstream version 68.2.0 Fixed CVE issues in upstream version 68.2 (MFSA 2019-35): CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber CVE-2019-11757: Use-after-free when creating index updates in IndexedDB CVE-2019-11758: Potentially exploitable crash due to 360 Total Security CVE-2019-11759: Stack buffer overflow in HKDF output CVE-2019-11760: Stack buffer overflow in WebRTC networking CVE-2019-11761: Unintended access to a privileged JSONView object CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2 (Closes: #925841) * [a104c51] d/control: increase Standards-Version to 4.4.1 * [6c9d012] xul-ext-dispmua: set current min usable version * [b3bf16f] New upstream version 68.2.1 * [8f89b90] d/control: decrease build architecture list Decreasing the current list of build architectures. Not meant to keep this forever, removed RC architectures needing support and volunteering to get them back. (Closes: #921258) -- Carsten Schoenert Fri, 01 Nov 2019 20:36:59 +0100 thunderbird (1:68.1.2-1~exp1) experimental; urgency=medium * [81f4144] xul-ext-compactheader: increase minimal usable version * [a815589] Update the global information about TB in Debian * [bb5f5f7] rebuild patch queue from patch-queue branch * [6fe7d3f] xul-ext-sogo-connector: increase minimal usable version * [2e29af5] New upstream version 68.1.2 -- Carsten Schoenert Sat, 26 Oct 2019 08:41:50 +0200 thunderbird (1:68.1.1-1~exp1) experimental; urgency=medium [ intrigeri ] * [3f49653] AppArmor: update profile from upstream at commit ed52e4a [ Carsten Schoenert ] * [348f476] New upstream version 68.0~b5 * [2a2f101] New upstream version 68.1.1 Fixed CVE issues in upstream version 68.1 (MFSA 2019-20): CVE-2019-11711: Script injection within domain through inner window reuse CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects CVE-2019-11713: Use-after-free with HTTP/2 cached stream CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault CVE-2019-11715: HTML parsing error can contribute to content XSS CVE-2019-11716: globalThis not enumerable until accessed CVE-2019-11717: Caret character improperly escaped in origins CVE-2019-11719: Out-of-bounds read when importing curve25519 private key CVE-2019-11720: Character encoding XSS vulnerability CVE-2019-11721: Domain spoofing through unicode latin 'kra' character CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions CVE-2019-11725: Websocket resources bypass safebrowsing protections CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3 CVE-2019-11728: Port scanning through Alt-Svc header CVE-2019-11710: Memory safety bugs fixed in Firefox 68 and Thunderbird 68 CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68 Fixed CVE issues in upstream version 68.1 (MFSA 2019-20): CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB CVE-2019-11743: Cross-origin access to unload event attributes CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 Fixed CVE issues in upstream version 68.1.1 (MFSA 2019-32): CVE-2019-11755: Spoofing a message author via a crafted S/MIME message * [9342624] rebuild patch queue from patch-queue branch added patches: debian-hacks/Set-program-name-from-the-remoting-name.patch debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch debian-hacks/Work-around-Debian-bug-844357.patch fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch removed patch (fixed upstream): porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch * [25cb500] d/control: increase various versions in B-D * [ee5b713] d/control: remove B-D on librust-cbindgen-dev Use librust-toml-dev instead, we only need some files from this package, librust-cbindgen-dev is a metapackage which is broken while packaging. * [442a6b1] d/rules: work around cargo needs a HOME dir * [4894a4c] d/control: increase Standards-Version to 4.4.0 No further changes needed. * [bb47b68] d/control: update upstream homepage for Thunderbird Since some time Mozilla Thunderbird has a new homepage placed on URI https://www.thunderbird.net/ * [a3b680e] d/source.filter: update the filter sequences New Thunderbird upstream versions bringing some new unwanted files within the source. * [7290ff4] d/control: remove transitional lightning l10n packages The Lightning l10n packages moved into transitional packages before Buster was released, now after the Buster release removing these transitional packages. All required l10n files are available in the packages thunderbird-$(locale) even for Lightning. * [3d1d27d] enigmail: increase minimal usable version Thunderbird 68.x needs at least Enigmal in version 2.1, but increase the version on Enigmail to the most recent version which is released while packaging. * [66069d9] calendar-exchange-provider: removed from Breaks This package isn't alive in unstable and testing. * [3b9f936] d/control: remove Xb-Xul-AppId field Thunderbird don't has any Xul based AddOns since version 68.0 * [7d8cd7d] lintian-overrides: remove not needed overrides -- Carsten Schoenert Sat, 28 Sep 2019 15:38:28 +0200 thunderbird (1:68.0~b1-1) experimental; urgency=medium * [0eabe70] New upstream version 68.0~b1 * [2febf67] rebuild patch queue from patch-queue branch added patch: debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch * [cfa5973] d/s/lintian-overrides: adjust overrides for needed files * [46077e2] d/copyright: update after upstream changes -- Carsten Schoenert Sun, 16 Jun 2019 10:28:52 +0200 thunderbird (1:67.0~b3-1) experimental; urgency=medium [ intrigeri ] * [9ad75ad] d/rules: drop useless usage of dpkg-parsechangelog [ Carsten Schoenert ] * [d6f6747] New upstream version 67.0~b3 * [90f73be] rebuild patch queue from patch-queue branch removed patch: fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch * [7dd5c54] d/control: increase various B-D versions Increasing the version for the build depending packages of cargo, cbindgen, libnspr4-dev, libnss3-dev, libsqlite3-dev and rustc. -- Carsten Schoenert Tue, 11 Jun 2019 19:36:00 +0200 thunderbird (1:66.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [afe31d9] New upstream version 66.0~b1 * [4ec53cc] apparmor: update profile from upstream (commit 7ace41b1) (cherry-picked from debian/sid) * [b3657a0] d/rules: make dh_clean more robust Remove some regenerated files in dh_clean to the build will not fail in case the build needs to be started twice within the same build environment. (cherry-picked from debian/sid) * [dceb027] d/rules: move disable debug option into configure step Adding the option '--disable-debug-symbols' to the file mozconfig.default in case the build is running on a 32bit architecture instead of expanding the variable 'CONFIGURE_FLAGS'. The configuration approach for this option taken from firefox-esr was not working for the thunderbird package. (cherry-picked from debian/sid) * [f7f02a9] d/rules: reorder LDFLAGS for better readability Make the used additional options for LDFLAGS better readable by reordering the various used options. Also adding the option '-Wl, --as-needed' to the list of used options here. (cherry-picked from debian/sid) * [79801fb] d/rules: use 'compress-debug-sections' only on 64bit Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets use this option only if we are on a 64bit architecture as otherwise the build is failing on 32bit architectures again. We don't want to build any debug information on 32bit anyway so we don't need this option on these platforms. (cherry-picked from debian/sid) * [11f9e14] d/mozconfig.default: adding option for mipsel We don't have set up any options for the mipsel platform before, but the build needs some additional options too on this platform to succeed. (cherry-picked from debian/sid) * [e46e178] d/mozconfig.default: disable ion on mips and mipsel The build will fail on mips{,el} if we have enabled ION, the JavaScript JIT compiler on these platforms will loose some performance by this. (cherry-picked from debian/sid) [ Alexander Nitsch ] * [31b87e9] Make the logo SVG square The original SVG source isn't completely square, modifying the SVG file so all generated other files from the input are also exactly square. * [c0f19a3] Add script for generating PNGs from logo SVG * [c153c5f] Update icon PNGs to be properly scaled [ Carsten Schoenert ] * [c372e1f] d/source.filter: add some configure scripts Filter out some files that are named 'configure', they are rebuild later anyway. The filtering of these files is moved from gbp.conf to source.filter. (cherry-picked from debian/sid) * [a40c5df] d/c-lightning-l10n-t.sh: drop version checking Remove an old check for a version string within the file install.rdf. It's not created any more by upstream since > 60.0. * [05b325e] d/source.filter: don't ignore files in root folder Try to not ignore files which are in the top root folder of the upstream source tarball. * [d2ca267] rebuild patch queue from patch-queue branch added patch: fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch modified (refreshed) patches: porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch removed patches (applied upstream): fixes/Fix-big-endian-build-for-SKIA.patch porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch * [cb1dde9] d/control: increase version in B-D for libsqlite3-dev * [54e8890] d/mozconfig.default: add new configure option We need to disable the usage of libav1 for an successful build. The used configure option was added by the new added patch to the patch queue. * [ecd3ade] d/copyright: update after upstream changes * [af58ed8] d/source.filter: add extra content to ignore -- Carsten Schoenert Sun, 17 Feb 2019 10:58:46 +0100 thunderbird (1:65.0~b1-1) experimental; urgency=medium * [e5956ef] Merge tag 'debian/1%60.4.0-1' into debian/experimental * [389748b] d/source.filter: adjust files to filter while repack Rework of the file filter list due new upstream version but also to no filter out files we obviously need later, e.g. for the omni.jar archive. * [4b86a78] New upstream version 65.0~b1 * [3db29ed] rebuild patch queue from patch-queue branch removed patches (fixed upstream): debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch fixes/Build-also-gdata-provider-as-xpi-file.patch fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch removed patches (dropped for Debian specific build): debian-hacks/Don-t-build-testing-suites-and-stuff.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch adjusted patches: debian-hacks/Add-another-preferences-directory-for-applications-p.patch debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch patches/fixes/Fix-big-endian-build-for-SKIA.patch (but currently disabled) porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch * [e918c6c] d/control: increase versions in B-D New Thunderbirds version typically need other packages available with higher versions like NSS, NSPR, rust ... Also adding cbindgen and nodejs()!!). * [b6c63bf] d/mozconfig.default: remove dead options More old configure option are now not available anymore and we need to drop them. * [0f959ad] remove GCC specific options LLVM's clang is now widely used, and clang isn't knowing the GCC options '-fno-schedule-insns2' and '-fno-lifetime-dse', removing these options from CFLAGS and CXXFLAGS. * [d0b1f4b] d/rules: work around about strong quotings in .mk files After the configuration of the source some Makefiles in the build folder 'obj-thunderbird' have a strong qouting on some entries. This will later provoke a build failure if we don't remove the single quotes before in the Makefiles. * [093053e] copyright: update after upstream changes * [95eaacf] d/s/lintian-overrides: adjust overrides for needed files -- Carsten Schoenert Sun, 20 Jan 2019 15:48:06 +0100 thunderbird (1:60.4.0-1) unstable; urgency=medium * [2e5a9d0] d/control: don't hard code LLVM packages in B-D (Closes: #912797) * [3aaa4a6] New upstream version 60.4.0 No MFSA published yet by Mozilla Security while packaging this version. (Closes: #913645) * [12d3be3] debian/control: increase Standards-Version to 4.3.0 No further changes needed. -- Carsten Schoenert Mon, 24 Dec 2018 17:04:10 +0100 thunderbird (1:60.3.1-1) unstable; urgency=medium * [e1b489a] New upstream version 60.3.1 * [f376b38] lightning: use ${source:Version} in Breaks and Recommends (Closes: #914175) * [7e560b3] Revert "lintian: adding a semi automated lintian-override" The override about a misspelled word Synopsys isn't needed any more. * [893c0e6] rebuild patch queue from patch-queue branch modified patches: debian-hacks/Don-t-build-testing-suites-and-stuff.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch * [20d8827] d/source.filter: update the filter sequences -- Carsten Schoenert Sun, 25 Nov 2018 10:02:50 +0100 thunderbird (1:60.3.0-1) unstable; urgency=medium [ intrigeri ] * [7949b31] AppArmor: update profile from upstream at commit f3d9a8b (Closes: #903898) * [e31dc14] AppArmor: update profile from upstream at commit 81c9457 (Closes: #908206) [ Carsten Schoenert ] * [0dcbe22] d/control: add xul-ext-gnome-keyring to Breaks for thunderbird (Closes: #907979) * [65db00d] armel: adding extra LDFLAGS so rust compiler isn't confused The settings that are builtin within rust are conflicting with the GCC. * [9c65884] New upstream version 60.3.0 Fixed CVE issues in upstream version 60.3.0 (MFSA 2018-28) CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3 CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 * [8726bb1] rebuild patch queue from patch-queue branch removed patches (included upstream) fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch -- Carsten Schoenert Thu, 01 Nov 2018 12:19:34 +0100 thunderbird (1:60.2.1-1) unstable; urgency=medium * [ba75ca3] logo: move old TB graphics into dedicated folder * [ba47234] logo: adding new TB icon *.png graphics Like Firefox Thunderbird has also got a reworked logo. As we use some own icon created from a SVG graphic this commit adds the new icons in the various sizes. The source of the SVG graphic is taken from https://demo.identihub.co/thunderbird#/view/icon/element/612 (Closes: #909108) * [0b16a87] d/source.filter: don't remove react files from source (Closes: #909046) * [d01dfd6] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch (Closes: #909628, #909039, #906816) * [bf64065] New upstream version 60.2.1 Fixed CVE issues in upstream version 60.2.1 (MFSA 2018-25) CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12385: Crash in TransportSecurityInfo due to cached data CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords * [b4712af] rebuild patch queue from patch-queue branch removed patches (fixed upstream): fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch * [79057f6] d/control: make lightning-l10n packages transitional The l10n content for Lightning and a specific language is now much more related to the Thunderbird l10n content. By this the existing lightning l10n packages are not really useful any more as we move the Lightning l10n content into the respective Thunderbird l10n package a we need to turn the existing Lightning l10n packages into transitional packages. * [a0ac3b7] d/control: adding Replaces, Breaks, Provides to thunderbird-l10n-* Related to the previous commit the Thunderbird l10n packages need some more fields in the control file so the transition from lightning-l10n into thunderbird-l10n can work. * [c82ee7c] d/rules: install lightning l10n into thunderbird-l10n-* packages The content for the lightning l10n stuff needs now to be installed into thunderbird-l10n packages. * [72cd535] d/control: add thunderbird-l10n-cy Oops, seems like we never have introduced this language for Thunderbird before. Now required to provide the l10n content for Lightning. * [510bea6] d/thunderbird-wrapper.sh: improve GDB switch Since TB 60 upstream isn't installing the old wrapper script run-mozilla.sh any more. By this we need to adjust our starting wrapper so the call to start Thunderbird within the GDB debugger is working. -- Carsten Schoenert Fri, 05 Oct 2018 17:43:49 +0200 thunderbird (1:60.0-3) unstable; urgency=medium * [daa0dd7] locale: use 'intl.locale.requested' correctly Thanks to hint from Sven Joachim we can use the preference setting 'intl.locale.requested' in way that users don't need to use this setting within their prefs.js to control the language of the Thunderbird UI. 'intl.locale.requested' is somehow the successor of 'intl.locale.matchOS'. (Closes: #908034) * [f8ac1b2] debian/control: increase Standards-Version to 4.2.1 No further changes needed. * [a001579] d/control: remove empty 'Replaces' in thunderbird-l10n-da We can remove that line of Replaces without any key. -- Carsten Schoenert Thu, 06 Sep 2018 18:46:31 +0200 thunderbird (1:60.0-2) unstable; urgency=medium [ Carsten Schoenert ] * [71ac5e7] rebuild patch queue from patch-queue branch added patches: porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch * [d94e5dc] d/control: B-D on {lib}clang-6.0* and llvm-6.0-dev (Closes: #906707) -- Carsten Schoenert Mon, 20 Aug 2018 17:57:07 +0200 thunderbird (1:60.0-1) unstable; urgency=medium [ Cyril Brulebois ] * [4f1fcd4] Bump B-D libsqlite3-dev version Upstream requires a more recent version that is already available in unstable but not in Stretch later e.g. * [5a790c2] Add libicu-dev to Build-Depends (required for icu-i18n.pc) This package was pulled from some other package already but we need this explicit now again as we don't use the internal ICU version any more. * [8c86207] Bump libhunspell-dev version The same as for libsqlite3-dev, adding the correct B-D version. (Closes: #905465) [ Carsten Schoenert ] * [901f257] New upstream version 60.0 Fixed CVE issues in upstream version 60.0 (MFSA 2018-19) CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus() CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12362: Integer overflow in SSSE3 scaler CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture CVE-2018-12363: Use-after-free when appending DOM nodes CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365: Compromised IPC child process can list local filenames CVE-2018-12371: Integer overflow in Skia library during edge builder allocation CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60 * [44ab834] rebuild patch queue from patch-queue branch removed patches (applied upstream): porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch * [3168b29] debian/control: increase Standards-Version to 4.2.0 No further changes needed. * [f2f206e] d/rules: use MOZ_LANGPACK_ID instead of hard coding * [996352a] d/rules: ensure l10n MOZ_LANGPACK_ID matches variable from makefile Previous beta versions for the thunderbird-l10n data have used '@firefox.mozilla.org' within their application.id setting. Thunderbird now expects '@thunderbird.mozilla.org' instead. Make the build more flexible so we can detect mismatches here. (Closes: #906176) -- Carsten Schoenert Sun, 19 Aug 2018 11:32:11 +0200 thunderbird (1:60.0~b10-1) experimental; urgency=medium [ intrigeri ] * [596869d] AppArmor: update profile from upstream (at commit edc9487) (Closes: #901471) [ Carsten Schoenert ] * [57195ff] New upstream version 60.0~b10 * [770c9a6] rebuild patch queue from patch-queue branch added patches: porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch * [7fa6ebd] debian/control: increase Standards-Version to 4.1.5 No further changes needed. * [22e701c] c-l-l10n-t.sh: adjust the path to the python helper Adjust the shell script helper to use the changed path to makeversion.py. * [90a1d9e] sticky prefs: use the new syntax in vendor.js The syntax for locked preferences has been changed a while ago, it's time to adjust the entry within vendor.js to disable automatic updates for AddOns. -- Carsten Schoenert Thu, 12 Jul 2018 17:52:27 +0200 thunderbird (1:60.0~b9-2) experimental; urgency=medium [ intrigeri ] * [eb7cb44] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" * [4cd8baf] AppArmor: update profile from upstream (Closes: #900840) * [807eb99] AppArmor: update profile from upstream (at commit 104da32) [ Carsten Schoenert ] * [c980546] rebuild patch queue from patch-queue branch added patch: porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch -- Carsten Schoenert Sun, 01 Jul 2018 19:15:00 +0200 thunderbird (1:60.0~b9-1) experimental; urgency=medium * [be64a3e] d/source.filter: update due upstream changes Writing the import filter file source.filter mostly complete new from scratch. Needed because upstream has changed the structure of the source completely. * [c4b9113] New upstream version 60.0~b9 * [3dc900a] rebuild patch queue from patch-queue branch Related to the changed source structure the patches for the patch queue needs to be adjusted to the new folders and their structure. Thanks to git this wasn't that painful as git did all of the job. Two new patches are needed to add. added patches: fixes/Build-also-gdata-provider-as-xpi-file.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch * [e50ae04] d/rules: remove references to folder 'mozilla' To get the source built some targets in debian/rules are needed to be modified. All references to the old used folder 'mozilla/' are removed now. * [a650500] ICU: don't build the Paragraph Layout library Disable the build of the Paragraph Layout library, we don't need them if we need to built the ICU stuff. Cherry-picked from current ESR 52 packaging. * [977b7fe] d/mozconfig.default: use the ICU package from system The Debian packages of icu are recent enough so we don't need to build own dedicated ICU binaries. * [0c7ed7e] adjust the configuration of the built Because of the modified source structure some more adjustments are needed while going through the built targets like different paths, and built calls of the Thunderbird source. * [1c09011] adjust the install temporary folder Upstream is now wrapping all internal make calls through a Python wrapper called 'mach'. This also involves a changed behavior for installing the Thunderbird files into the temporary folder we later use by the debhelper sequencer. * [bfbc9ca] d/s/lintian-overrides: update content due changed source.filter The modified file debian/source.filter make some adjustments needed in the lintian-overrides file for the source files related part. * [44a4c5a] d/thunderbird.lintian-overrides: update after config changes Like before some adjustments are needed for the lintian override rules for the source files. * [dd48091] d/copyright: adjust the content due folder changes And one more file that needs to be adjusted due the changed source files. -- Carsten Schoenert Sun, 01 Jul 2018 16:12:33 +0200 thunderbird (1:60.0~b6-1) experimental; urgency=medium [ Carsten Schoenert ] * [3d91710] create-lightning-l10n: adjust folder structure To build more easy lightning-l10n packages let's modify the helper script for building the additional tarball. Change the content structure so we can simple copy the needed l10n stuff into the l10n packages. * [f1d6031] New upstream version 60.0~b6 * [6643c31] Revert the linking into /u/l/tb/d/extensions Thunderbird in Debian won't detecting extension which are placed in /usr/lib/thunderbird/distribution/extensions, going back to the old folder /usr/lib/thunderbird/extensions to link extensions into Thunderbird. * [26549a3] lightning: turning package into Architecture all Change the architecture for the lightning package from 'any' to 'all'. Lightning is only build by Javascript, CSS, JSM and other text based files and we don't need to build and install it as a architecture dependent package. * [86cd48f] mozconfig.default: disable webrtc build and inclusion Let's drop the build of support for WebRTC, Thunderbird isn't able to use this as there is no component which is depending on this. The chat component would be a potential use case but right now it lacks any functionality by webrtc features. -- Carsten Schoenert Sat, 05 May 2018 13:56:36 +0200 thunderbird (1:60.0~b5-1) experimental; urgency=medium [ Carsten Schoenert ] * [b8625ea] New upstream version 60.0~b5 -- Carsten Schoenert Sat, 28 Apr 2018 19:15:07 +0200 thunderbird (1:60.0~b4-1) experimental; urgency=medium [ Carsten Schoenert ] * [62ae939] New upstream version 60.0~b4 -- Carsten Schoenert Mon, 23 Apr 2018 18:19:11 +0200 thunderbird (1:60.0~b3-1) experimental; urgency=medium [ Carsten Schoenert ] * [94f8505] debian/control: increase Standards-Version to 4.1.4 No further changes needed.f2f206eb34a619f7a684d1216fcd918454135d41 * [3ba10c6] rebuild patch queue from patch-queue branch added patches: porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch fixes/Fix-big-endian-build-for-SKIA.patch (re-added) Thanks Andreas Glaubitz for providing these patches! * [dabf294] New upstream version 60.0~b3 * [24f8a38] re-enable usage of lib{nspr4,nss3}-dev while built The available versions of these libraries now recent enough so we can drop the usage of the embedded code copies. -- Carsten Schoenert Sun, 15 Apr 2018 12:47:43 +0200 thunderbird (1:60.0~b2-1) experimental; urgency=medium [ Agustin Henze ] * [3639717] apparmor: allow access to @{HOME}/.gnupg/tofu.db (Closes: #894907) [ intrigeri ] * [3895bba] AppArmor: fix empty black windows in Thunderbird 58+ (Closes: #887973) * [353ca25] AppArmor: update profile from upstream (Closes: #882048, #882122) [ Carsten Schoenert ] * [37e0bbe] New upstream version 59.0~b1 * [d75c4be] rebuild patch queue from patch-queue branch added patches: fixes/Fix-build-against-libcairo2-dev-1.15.10.patch patches/fixes/Fix-big-endian-build-for-SKIA.patch removed patches: debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch thunderbird/Thunderbird-fix-installdir-for-icons.patch * [9615d6a] New upstream version 60.0~b1 * [431006c] d/source.filter: update due upstream changes Update the list of files we filter out, Upstream added various new files mostly used for auto-testing we don't use. * [2cb4635] d/s/lintian-overrides: remove entries about brace expansion We can remove the override about brace expansion in dh sequencer files. * [4c9f185] debian/rules: using 'rm -f' because probably non existing files The file app.ini isn't existing in some l10n folders for lightning, simply use '-f' for convenience. * [ed00442] debian/rules: fix typo to grep app ID of calendar-g-p * [4a993c5] adding additional packages to Breaks with thunderbird The packages calendar-exchange-provider and enigmail xul-ext-sogo-connector aren't compatible to the webextension interface and we need to add a versioned Breaks. * [9bd8286] adjust Breaks for enigmail Also enigmail needs an adjusted version for Breaks. * [24382c2] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7" (Closes: #892404) * [f0ac8a5] rebuild patch queue from patch-queue branch removed patches: debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch debian-hacks/remove-non-free-W3C-icon-valid.png.patch fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch fixes/Fix-build-against-libcairo2-dev-1.15.10.patch modified patches: debian-hacks/Build-against-system-libjsoncpp.patch debian-hacks/Don-t-build-testing-suites-and-stuff.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch * [6ab35ad] d/mozconfig.default: don't use nspr and nss from system We need to switch back to the embedded source for NSS and NSPR, the versions in unstable aren't usable. * [055ed65] d/mozconfig.default: remove no longer alive option The option '--enable-system-cairo' is gone with TB 60. * [663d6f1] lightning-l10n-bn-bd: remove Bengali (Bangladesh) l10n package * [02b21cb] lightning-l10n-pa-in: remove Punjabi (India) l10ng package * [0cc0b5d] lightning-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package * [62f23a5] thunderbird-l10n-bn-bd: remove (Bangladesh) l10n package * [61bfdf4] thunderbird-l10n-pa-in: remove Punjabi (India) l10n package * [a361750] thunderbird-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package * [8ba5b0d] debian/control: add new packages for *-kk language * [e4280ac] debian/control: add new packages for *-ms language * [aaef9fe] adjust Vcs fields to salsa.debian.org * [144c492, 009b145] debian/copyright: update after upstream changes Upstream removed some files/folders, which reflects in needed adjustments for the copyright file. * [3623f84] d/thunderbird.lintian-overrides: add libnspr4.so and libnss3.so We now need to ship (again) embedded libraries for NSPR and NSS. * [0d3de65] lightning: move linking into /u/l/tb/distribution/extensions Following upstream with the folder for the Lightning to not differ. * [4d6cefe] New upstream version 60.0~b2 * [e1c40a7] rebuild patch queue from patch-queue branch removed patches: fixes/Fix-big-endian-build-for-SKIA.patch * [4834a1d] add entries to README and NEWS for thunderbird Adding notes about the current situation foe the l10n packages and their integration into the UI of Thunderbird and Lightning. -- Carsten Schoenert Sat, 07 Apr 2018 11:12:37 +0200 thunderbird (1:58.0~b3-1) experimental; urgency=medium [ Carsten Schoenert ] * [d114338] d/source.filter: update due upstream changes Update the filtering list for excluding some unwanted source files as usual while preparing new major upstream versions. * [91d23a9] New upstream version 58.0~b3 * [f34e555] rebuild patch queue from patch-queue branch added patches: debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch modified patches: debian-hacks/Build-against-system-libjsoncpp.patch debian-hacks/Don-t-build-testing-suites-and-stuff.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch porting-sh4/Add-sh4-support-to-Thunderbird.patch porting/Disable-optimization-on-alpha-for-the-url-classifier.patch prefs/Don-t-auto-disable-extensions-in-system-directories.patch prefs/Set-javascript.options.showInConsole.patch obsolete patches (included somehow or fixed upstream): debian-hacks/Force-use-the-i686-rust-target.patch porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch patches/porting-alpha/fix-FTBFS-on-alpha.patch patches/porting-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch patches/porting-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch porting-kfreebsd-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch porting-mips/FTBFS-mips-add-missing-char-variable.patch porting/ppc-fix-divide-page-size-in-jemalloc.patch thunderbird-l10n/thunderbird-l10n-disable-external-extension-update.patch * [bd45d47] debian/control: adding new Build-Depends Since this is the first version > 52 we need now cargo, clang, rustc and llvm development files. * [c63a03f] d/mozconfig.default: remove no longer alive options Some old options like --disable-gnomeui, --enable-gio, and --with-default-mozilla-five-home are history now. * [609dbbe] l10n lightning: modify script to work with recent version We still need to use the shellscript create-lightning-l10n-tarball.sh (and also *-thunderbird-l10n-*) to create the additional tarballs. * [2f276b7] thunderbird-l10n: change tb-l10n package installation Due the changed structure from upstream for the thunderbird l10n files the packaging needs also to be adopted. * [ee476f8] d/thunderbird.install: update install sequencer file Also small adjustments are needed for the installation of the thunderbird binary files. The old script run-mozilla.sh (which we didn't have used within the Debian packaging) isn't shipped now, and there is now a new folder gtk2 which includes the libmozgtk library linked against GTK2. * [ced9d18] thunderbird-dev: remove the package and adjustments on this The complete content that was packaged previously in thunderbird-dev isn't created and installed now. Thus makes the old package thunderbird-dev obsolete. * [484a142] autopkgtests: disable tests around thunderbird-dev Disable all autopkgtests which have used thunderbird-dev. * [0aa2546] switch to system libraries back We can now use the system libararies libnspr4, libnss3 and libsqlite3 again, the version of libicu is still to old for usage within the package build. * [858ae82] d/control: thunderbird, remove variable ${gnome:Depends} * [7c3a258] d/control: lightning, remove variable ${shlibs:Depends} * [aabf0d4] debian/source/lintian-overrides: update entries * [94b00db] debian/control: increase Standards-Version to 4.1.3 No further changes needed. * [245e8c2] debian/copyright: update after upstream changes Also almost needed with new major upstream versions reflect the changes from upstream in the copyright file. * [72507b2] d/control: enigmail < 1.9.9 isn't working with TB > 55 Due the new plugin interface some old plugins doesn't work with this thunderbird version anymore, or behaving unexpected. Enigmal is one of the this (known) plugins which needs to be at least in version 2.0a2pre installed to work with Thunderbird. * [6cf0133] lightning-l1on: change l10n installation Related to [4abc7f2] the various thunderbird-l10n packages need to be installed differently to old package installations. * [6af7054] calendar-google-provider: tweak installation a bit More a hack but the Mozilla plugin installation by mozilla-devscripts isn't prepared for the new webextension logic by Mozilla. Symlinking the c-g-p plugin for now directly from the thunderbird extension folder. -- Carsten Schoenert Sun, 21 Jan 2018 14:03:39 +0100 thunderbird (1:52.9.1-1) unstable; urgency=high [ intrigeri ] * [1259eaa] AppArmor: update profile from upstream (at commit edc9487) (Closes: #901471) [ Carsten Schoenert ] * [d706f5b] debian/control: increase Standards-Version to 4.1.5 No further changes needed. * [f5a3eb2] New upstream version 52.9.1 (Closes: #903160) -- Carsten Schoenert Tue, 10 Jul 2018 19:40:41 +0200 thunderbird (1:52.9.0-1) unstable; urgency=high [ intrigeri ] * [c33dba2] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" * [cb64397] AppArmor: update profile from upstream (Closes: #900840) * [b5d6545] AppArmor: update profile from upstream (at commit 104da32) [ Carsten Schoenert ] * [099b525] d/source.filter: add some more files to filter There are some more files we want to filter out. * [376e5f3] New upstream version 52.9.0 Fixed CVE issues in upstream version 52.9 (MFSA 2018-18) CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus() CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward CVE-2018-12362: Integer overflow in SSSE3 scaler CVE-2018-12363: Use-after-free when appending DOM nodes CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365: Compromised IPC child process can list local filenames CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9 * [83a9c9b] rebuild patch queue from patch-queue branch As we have filtered more files out from the source we need to modify the list of tests we won't to built while built the source too so a small adjustment on that. Also fixing some spelling issues which Lintian has found. modified patches: debian-hacks/Don-t-build-testing-suites-and-stuff.patch porting-alpha/fix-FTBFS-on-alpha.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch renamed patches: Allow-to-override-ICU_DATA_FILE-from-the-environment.patch -> Allow-one-to-override-ICU_DATA_FILE-from-the-environment.patch fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch -> fix-function-nsMsgComposeAndSend-to-respect-ReploToSend.patch * [d5254e2] Removed unneded lintian override about brace expansion -- Carsten Schoenert Wed, 04 Jul 2018 21:44:26 +0200 thunderbird (1:52.8.0-1) unstable; urgency=high [ intrigeri ] * [4656ebf] AppArmor: update profile from upstream (Closes: #882048, #882122) [ Agustin Henze ] * [840cbc8] apparmor: allow access to @{HOME}/.gnupg/tofu.db (Closes: #894907) [ Carsten Schoenert ] * [514e9e8] New upstream version 52.8.0 Fixed CVE issues in upstream version 52.8 (MFSA 2018-13) CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack (aka Efail) CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5161: Hang via malformed headers CVE-2018-5162: Encrypted mail leaks plaintext through src attribute (aka Efail) CVE-2018-5170: Filename spoofing for external attachments CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension CVE-2018-5185: Leaking plaintext through HTML forms (aka Efail) CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8 (Closes: #898631) * [7845229] ICU: don't build the Paragraph Layout library Disable the build of the layout library in the internal ICU build as we don't need this and can cause build issues. * [e0a79fc] debian/control: increase Standards-Version to 4.1.4 No further changes needed. -- Carsten Schoenert Thu, 17 May 2018 21:04:15 +0200 thunderbird (1:52.7.0-1) unstable; urgency=medium * [9eb2692] New upstream version 52.7.0 Fixed CVE issues in upstream version 52.7 (MFSA 2018-09) CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5144: Integer overflow during Unicode conversion CVE-2018-5146: Out of bounds memory write in libvorbis CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7 CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7 * [a01cf4b] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7" Switching now back to GCC7 as we don't have any longer issues with broken visuals in the GUI. (Closes: #892404) -- Carsten Schoenert Mon, 26 Mar 2018 17:21:40 +0200 thunderbird (1:52.6.0-1) unstable; urgency=high * [97e1cd7] New upstream version 52.6.0 Fixed CVE issues in upstream version 52.6 (MFSA 2018-04) CVE-2018-5095: Integer overflow in Skia library during edge builder allocation CVE-2018-5096: Use-after-free while editing form elements CVE-2018-5097: Use-after-free when source document is manipulated during XSLT CVE-2018-5098: Use-after-free while manipulating form input elements CVE-2018-5099: Use-after-free with widget listener CVE-2018-5102: Use-after-free in HTML media elements CVE-2018-5103: Use-after-free during mouse event handling CVE-2018-5104: Use-after-free during font face manipulation CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6 * [0300242] rebuild patch queue from patch-queue branch Added patch debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch that fixes the build of the included ICU source against glibc 2.26. (Closes: #887766) * [4bf22e0] debian/control: increase Standards-Version to 4.1.3 No further changes needed. * [3616443] adjust Vcs fields to salsa.debian.org The Vcs for Thunderbird packaging live now on Salsa as Alioth will be shutdown in the future. * [c2f3e14] lintian: ignore non multiarch install folder for thunderbird.pc Ignore a lintian warning about unavailable pkg-config file thunderbird.pc as the ESR versions 52.x are the last series which will have a thunderbird-dev. The next ESR version will be 60.x which uses webextension and makes thunderbird-dev obsolete. -- Carsten Schoenert Thu, 25 Jan 2018 20:21:10 +0100 thunderbird (1:52.5.2-2) unstable; urgency=medium [ Carsten Schoenert ] * [f597157] Revert "d/thunderbird.postinst: reload AA profile on updates" The trigger automatics for appamor already is handling the needed reload on profile updates for the applications. (Closes: #885158) * [8ebdb96] debian/control: increase Standards-Version to 4.1.2 No further changes needed. * [81a8c00] use inverse logic on version for AA profile status check By this change we don't enforce the disabled profile from the previous version in some cases and can also handle possible version strings from -security and -backports. (Closes: #885157) -- Carsten Schoenert Tue, 26 Dec 2017 14:56:40 +0100 thunderbird (1:52.5.2-1) unstable; urgency=high [ intrigeri ] * [b791221] AppArmor: support new thunderbird executable path (Closes: #883561, #884217) [ Carsten Schoenert ] * [1f46308] New upstream version 52.5.2 Fixed CVE issues in upstream version 52.5 (MFSA 2017-30) CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to new line Injection * [0dd21b9] d/thunderbird.postinst: reload AA profile on updates * [8c57218] don't disable AA profile on package updates As people want to re-enable the AA profile a update of thunderbird doesn't have to disable this again. (Closes: #884191) -- Carsten Schoenert Sun, 24 Dec 2017 11:30:09 +0100 thunderbird (1:52.5.0-1) unstable; urgency=high [ intrigeri ] * [48e6b65] AppArmor: fix the Crash Reporter and avoid noisy denial logs (Closes: #880953) * [ad8b3b5] AppArmor: fix compatibility with NVIDIA hardware (Closes: #880532) * [d8ff6b6] Disable the AppArmor profile by default Due the various side effects by the enabled AppArmor profile in Thunderbird it's currently better for a user experience we disabling the AppArmor profile for to not get people get mad with to many broken things. Users can always enable the profile by themselves again. (Closes: #882672) * [e50eac5] README.Debian: document how to opt-in for AppArmor confinement * [860d325] README.Debian: document how one can debug the AppArmor profile [ Guido Günther ] * [50a8f60] Drop myself from maintainers Thank you Guido for always helping out if we had some questions! [ Carsten Schoenert ] * [b64509b] New upstream version 52.5.0 Fixed CVE issues in upstream version 52.5 (MFSA 2017-26) CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5 * [3166018] thunderbird.links: let thunderbird pointing to thunderbird-bin (Closes: #856492) * [6fff70c] [buster] tb-wrapper: searching the correct dbgsym package * [4763ca6] adding a NEWS file for thunderbird package Giving a note about the now disabled AppArmor profile. * [0b9d656] disabling crashreporter for now Also don't build and ship the Crashreporter any more, it's useless until we can collect all symbols correctly. * [a285647] move AppArmor specific things into own README file Put all AppArmor related information into one dedicated file. * [5d56439] d/thunderbird.js: prepare a line for extra X-Debbugs-Cc A really old bug report ... building a compromise and put the requested extra header config into the configuration file but keep it deactivated as default. (Closes: #379304) -- Carsten Schoenert Sun, 03 Dec 2017 19:58:57 +0100 thunderbird (1:52.4.0-2~exp1) experimental; urgency=medium [ Carsten Schoenert ] * [a3e73e9] disable usage of libgnomeui parts The libgnomeui stuff (only relevant for GTK+2) is deprecated for a long time and will be removed in buster, and we don't need this at all. See https://lists.debian.org/debian-devel/2017/10/msg00299.html * [9efc5c9] debian/watch: switch to https * [bd5a635] rebuild patch queue from patch-queue branch Fixup for [da3c5cc], add ppc64 to the list of BE architectures. Thanks Adrian Glaubitz for pointing the issue. (Closes: #879270) * [42f5ab5] apparmor: update profile from upstream (Closes: #876333, #855346) [ intrigeri ] * [d7febc8, b026d28] AppArmor: update profile from upstream (Closes: #880425, #877324) * [377e7b5] README.Debian: fixing small typo * [3b0a63a] AppArmor: fix importing public OpenPGP keys from file (Closes: #880715) [ Carsten Schoenert ] * [241690e] d/control: s/Icedove/Thunderbird in desc's for lightning-l10n-* The lightning-l10n package were still using the name 'Icdeove' instead of 'Thunderbird'. * [f17f735] debian/control: moving transitional packages at bottom * [91f9897] autopkg: adjust icedove to thunderbird depends Now move over to depend in favor of thunderbird for some of the autopkg tests. * [8ae2ad7] autopkg: adjust icedove-dev to thunderbird-dev depends Doing the same as before for thunderbird-dev as the native replacement for icedove-dev. * [fa0134c] bump debhelper >= 10.2.5 * [8752789] debian/rules: try to build extensions reproducible The two extensions (lightning and calendar-google-provider) don't build reproducible right now. Trying to fix this by using the timestamp from the changelog entry for the files. May not work correctly and we need to tune more. * [1496368] d/thunderbird.install: also install the fonts folder Recent versions of Thunderbird needing the font EmojiOne which isn't provided by any other package. (Closes: #881299) The following changes are take effect in removing all transitional packages related to the old icedove packaging only for buster. We still need all the transitional packages in wheezy, jessie and stretch! * [54c8a9b] [buster] remove transitional iceowl-l10n-* packages * [c338630] [buster] remove Replace, Breaks and Provides for iceowl-l10n-* * [4311683] [buster] remove transitional icedove-l10n-* packages * [f6e3a01] [buster] remove Replace, Breaks and Provides for icedove-l10n-* * [a9117e4] [buster] remove transitional iceowl-extension package * [5aed012] [buster] remove Replace, Breaks and Provides for iceowl-extension * [27fc04b] [buster] remove transitional icedove-dbg package * [53b4825] [buster] remove transitional icedove-dev package * [e2d808f] [buster] remove Replace, Breaks and Provides for icedove-dev * [97edfbe] [buster] remove transitional icedove package * [3748054] [buster] remove Replace and Breaks for icedove * [611a704] [buster] move thunderbird-dbg into *-dbgsym package -- Carsten Schoenert Sun, 12 Nov 2017 16:01:07 +0100 thunderbird (1:52.4.0-1) unstable; urgency=medium [ Guido Günther ] * [da3c5cc] Simplify endianness selection for ICU Since we need to build ICU on the various Debian releases we need to ensure the architecture detection isn't to strict. Thanks Guido for helping out here! [ Carsten Schoenert ] * [47748ca] debian/control: be more relaxed on Breaks for enigmail * [6a54666] thunderbird-wrapper: fix small typo in help output A small typo was happen in the example call with the JS console. * [6d5266e] README.Debian: update info around tls fallback-limit The default behavior on the TLS fallback has changed some versions ago, document this accordingly. * [24ad883] debian/control: change maintainer Thanks Christoph for the work over the past years! * [c78200e] debian/control: move src pkg name to thunderbird By this version we move the source package name also back to thunderbird. This follows the changes that are already made to the binary package names and we can call the source package now also again thunderbird. (Closes: #857075) * [c26133d] debian/gbp.conf: rename components to real used names Due the changes of the source package the names for the sub-folders within the additional tarballs can also be changed to be closer on the real upstream used names. * [a5ce4f7] New upstream version 52.4.0 (Closes: #878845, #878870) Fixed CVE issues in upstream version 52.4 (MFSA 2017-23) CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4, and Thunderbird 52.4 * [104b4e5] rebuild patch queue from patch-queue branch * [d63662a] lintian: move oldlibs/extra -> oldlibs/optional By moving all transitional package to oldlibs/optional we can help deborphan to detect better not needed packages. * [fb56001] d/rules: reflect changes from renamed component tarballs The additional tarballs are stored in folders which reflect the upstream names of those components. This also needs to be respected for the build instructions of the package. * [61288fb] debian/control: change Vcs* fields due the src name change Addressing the changed source package name in the Git Vcs urls. * [ef95ab5] debian/control: increase Standards-Version to 4.1.1 No further changes needed. * [45e8fe2] apparmor: update profile from upstream Thanks to Simon Deziel and intrigeri we can simply use the apparmor profile changes done for the Ubuntu releases. * [6b1649c] lintian: adding a override for thunderbird-l10n-all * [ceab93f] debian/README.source: reflect src package name change -- Carsten Schoenert Tue, 17 Oct 2017 18:20:29 +0200 icedove (1:52.3.0-4) unstable; urgency=medium [ Carsten Schoenert ] * [3ddf57b] rebuild patch queue from patch-queue branch * [3bd845d] debian/control: increase Standards-Version to 4.1.0 -- Carsten Schoenert Tue, 29 Aug 2017 16:17:24 +0200 icedove (1:52.3.0-3) unstable; urgency=medium [ Carsten Schoenert ] * [c08f005] rebuild patch queue from patch-queue branch * [f658cab] debian/rules: enable verbose build for ICU -- Carsten Schoenert Mon, 28 Aug 2017 19:44:07 +0200 icedove (1:52.3.0-2) unstable; urgency=medium [ Carsten Schoenert ] * [d544a01] debian/rules: correct icu build sequence -- Carsten Schoenert Tue, 22 Aug 2017 18:57:36 +0200 icedove (1:52.3.0-1) unstable; urgency=medium [ Carsten Schoenert ] * [8e852be] New upstream version 52.3.0 Fixed CVE issues in upstream version 52.3 (MFSA 2017-20) CVE-2017-7800: Use-after-free in WebSockets during disconnection CVE-2017-7801: Use-after-free with marquee during window resizing CVE-2017-7809: Use-after-free while deleting attached editor DOM node CVE-2017-7784: Use-after-free with image observers CVE-2017-7802: Use-after-free resizing image elements CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7787: Same-origin policy bypass with iframes through page reloads CVE-2017-7807: Domain hijacking through AppCache fallback CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections CVE-2017-7803: CSP containing 'sandbox' improperly applied CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3, and Thunderbird 52.3 * [0b7243b] debian/rules: build icudt5*.dat on our own if needed If we need to use the internal sources of ICU (triggered by using --with-system-icu) we need to build the platform depended file icudt*[b,l].dat before we can call the configure run. This is needed as Mozilla only ships a precompiled little endian version of the file icudt*.dat and all platforms with big endianness are failing later due issues related to the wrong endianness. * [1964469] debian/mozconfig.default: enable i18n on big endian * [6b58ac5] debian/control: increase Standards-Version to 4.0.1 * [e59cf81] rebuild patch queue from patch-queue branch removed patche(s) (applied upstream): - fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch updated/refreshed patches (no changes): - porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch [ Simon Deziel ] * [a574010] apparmor/usr.bin.thunderbird: small update to avoid noise -- Carsten Schoenert Sat, 19 Aug 2017 18:27:19 +0200 icedove (1:52.2.1-5) unstable; urgency=high [ Carsten Schoenert ] * [133a574] Use gcc-6 and g++-6 due broken GUI with GCC-7 The usage of the GCC-7 suite introduces a broken GUI currently that make using thunderbird mostly impossible. (Closes: #871629) * [3ebacd1] d/rules: use DEB_* variables for entries from changelog By using variables that are prepared by dpkg we don't need to manually search for dates and versions. etc. * [52c2b83] d/copyright: MPL-1.1 and MPL-2.0 now provided by common-licenses Since policy 4.0.0 the two Mozilla related licenses are included and don't need to be added extra. * [3f37967] adjust X-Debian-Homepage to existing Thunderbird page * [41b5c03] debian/control: increase Standards-Version to 4.0.0 * [e3c3994] mozconfig.default: use proper disabled options * [2d4b846] debian/control: increase Breaks for enigmail version (Closes: #869789) [ John Paul Adrian Glaubitz ] * [4879401] sh4: disable option --disable-pie (Closes: #867553) [ Carsten Schoenert ] * [2646f3f] autpkgtests: disable the idlTest.sh test case -- Carsten Schoenert Fri, 11 Aug 2017 22:02:47 -0400 icedove (1:52.2.1-4) unstable; urgency=medium [ Guido Günther ] * [04de899] Don't use different profile folder for jessie and wheezy [ Carsten Schoenert ] * [692d3ce] rebuild patch queue from patch-queue branch (Closes: #867013) added patch (provided by Adrian): - porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch removed patch: - porting-hurd/FTBFS-hurd-adding-GNU-to-the-configure-platform-detection.patch (wrong approach, the Python wrapper around configure isn't yet smart enough) [ John Paul Adrian Glaubitz ] * [5153ce2] mips: final fixups to prevent FTBFS -- Carsten Schoenert Thu, 06 Jul 2017 16:53:30 +0200 icedove (1:52.2.1-3) unstable; urgency=medium [ John Paul Adrian Glaubitz ] * [99b323a] d/mozconfig.default: fixups for --without-intl-api -- Carsten Schoenert Sat, 01 Jul 2017 10:18:05 +0200 icedove (1:52.2.1-2) unstable; urgency=medium [ Carsten Schoenert ] * [e8ce299] disabling ICU support on some big endian systems This hack should enable at least successful building of all RC platforms and needs to be solved in a not such agressive way without loosing ICU support on the problematic platforms. Thanks John Paul Adrian Glaubitz for catching the root of the issue. * [a66e812] rebuild patch queue from patch-queue branch Adding a small needed fix for getting mips* out od FTBFS. Also GNU/Hurd should pass the configure script now. -- Carsten Schoenert Fri, 30 Jun 2017 19:38:28 +0200 icedove (1:52.2.1-1) unstable; urgency=medium [ Guido Günther ] * [4e87d6b] d/rules: Make sure DIST is not passed on to configure [ Carsten Schoenert ] * [35b84ef] rebuild patch queue from patch-queue branch added patches: - porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch - porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch (Closes: #864974) * [c818874] New upstream version 52.2.1 (Closes: #861840) * [8c776c9] Icedove2Thunderbird: add opt out for dialogue pop-up (Closes: #860381) -- Carsten Schoenert Wed, 28 Jun 2017 20:01:44 +0200 icedove (1:52.2.0-1) unstable; urgency=medium [ Christoph Goehre ] * [9ebc11d] mozconfig.default: remove configure option '--disable-methodjit' on armel This options isn't alive any more and was forgotten to removed on the previous upload. [ Simon Deziel ] * [d8e5d42] usr.bin.thunderbird: merge gpg(1) and gpg2 subprofiles (Closes: #859179) * [f18884e] usr.bin.thunderbird: allow accessing gpgconf in gpg subprofile * [e73afbb] usr.bin.thunderbird: allow accessing any gpg2keys providers [ Carsten Schoenert ] * [066ddb9] mozconfig.default: switch back to internal libjpeg Going back and using the libjpeg library that's shipped by Mozilla, the system library probably provoking broken builds on various platforms. As we prepare the uploads for (old-)stable-security we need to use the internal libjpeg library at all. * [ff92bfa] rebuild patch queue from patch-queue branch modified patches: - porting-m68k/Add-m68k-support-to-Thunderbird.patch - porting-sh4/Add-sh4-support-to-Thunderbird.patch (Closes: #859271, #859508) * [0a89f76] New upstream version 52.2.0 Fixed CVE issues in upstream version 52.2 (MFSA 2017-17) CVE-2017-5472: Use-after-free using destroyed node when regenerating trees CVE-2017-7749: Use-after-free during docshell reloading CVE-2017-7750: Use-after-free with track elements CVE-2017-7751: Use-after-free with content viewer listeners CVE-2017-7752: Use-after-free with IME input CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors CVE-2017-7757: Use-after-free in IndexedDB CVE-2017-7778: Vulnerabilities in the Graphite 2 library CVE-2017-7758: Out-of-bounds read in Opus encoder CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52 * [e03380e] rebuild patch queue from patch-queue branch modified patch: - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch -- Carsten Schoenert Fri, 16 Jun 2017 20:37:06 +0200 icedove (1:52.1.1-1) experimental; urgency=medium [ Guido Günther ] * [db8d0db] Tighten meta package dependencies Be more strict on depends and add a version to all related Thunderbird specific packages. * [defb689] Copy-edit thunderbird-wrapper-helper.sh * [54b35d4] Allow one to override the location of the wrapper-helper Make $TB_HELPER more flexible and give the variable a default value, so a user can override it with it's own. * [a187364] dh-exec: avoid multiple spaces around filenames * [a85bc7a] thunderbird-wrapper: robustness when sourcing helper * [eee56ab] Drop replaces on packages no longer in any release [ Carsten Schoenert ] * [1d85980] rebuild patch queue from patch-queue branch added patches: - porting-mk68/Add-m68k-support-to-Thunderbird.patch - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch (Closes: #859151, #859271) * [2717849] tb-wrapper: call thunderbird starting with exec (Closes: #858100) * [8afa31b] d/gbp.conf: adjust upstream branch to new ESR version * [43d2e70] New upstream version 52.1.1 Fixed CVE issues in upstream version 52.1 (MFSA 2017-09) CVE-2017-5413: Segmentation fault during bidirectional operations CVE-2017-5414: File picker can choose incorrect default directory CVE-2017-5416: Null dereference crash in HttpChannel CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses CVE-2017-5419: Repeated authentication prompts lead to DOS attack CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports CVE-2017-5421: Print preview spoofing CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52 Fixed CVE issues in upstream version 52.1 (MFSA 2017-13) CVE-2017-5433: Use-after-free in SMIL animation functions CVE-2017-5435: Use-after-free during transaction processing in the editor CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS CVE-2017-5459: Buffer overflow in WebGL CVE-2017-5466: Origin confusion when reloading isolated data:text/html URLs CVE-2017-5434: Use-after-free during focus handling CVE-2017-5432: Use-after-free in text input selection CVE-2017-5460: Use-after-free in frame selection CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing CVE-2017-5441: Use-after-free with selection during scroll events CVE-2017-5442: Use-after-free during style changes CVE-2017-5464: Memory corruption with accessibility and DOM manipulation CVE-2017-5443: Out-of-bounds write during BinHex decoding CVE-2017-5444: Buffer overflow while parsing application/http-index-format contents CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data CVE-2017-5447: Out-of-bounds read during glyph processing CVE-2017-5465: Out-of-bounds read in ConvolvePixel CVE-2016-10196: Vulnerabilities in Libevent library CVE-2017-5454: Sandbox escape allowing file system read access through file picker CVE-2017-5469: Potential Buffer overflow in flex-generated code CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content CVE-2017-5449: Crash during bidirectional unicode manipulation with animation CVE-2017-5451: Addressbar spoofing with onblur event CVE-2017-5462: DRBG flaw in NSS CVE-2017-5467: Memory corruption when drawing Skia content CVE-2017-5430: Memory safety bugs fixed in Firefox 53, Firefox ESR 52.1, Thunderbird 52.1 CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, Firefox ESR 52.1, and Thunderbird 52.1 (Closes: #855344, #495372, #861480, #682208, #698244, #859909, #857593, #837771) * [de561ef] rebuild patch queue from patch-queue branch added patches: - debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch - debian-hacks/Build-against-system-libjsoncpp.patch - debian-hacks/Don-t-build-testing-suites-and-stuff.patch - debian-hacks/Force-use-the-i686-rust-target.patch - fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch (Closes: #826325) - porting-sh4/Add-sh4-support-to-Thunderbird.patch (Closes: #859508) removed patches (obsoleted by upstream changes): - debian-hacks/Don-t-build-example-component.patch - debian-hacks/fix-identification-of-ObjdirMismatchException.patch - fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch - fixes/Bug-1273020-Add-missing-null-checks-in-ApplicationAccessi.patch - fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch - fixes/Bug-1340724-fix-SMTP-server-name-output-in-SMTP-logging.-.patch - fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch - porting-arm64/Bug-1091515-Don-t-set-64KB-page-size-on-aarch64.-r-glandi.patch - porting-kfreebsd-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hurd.patch - porting-kfreebsd-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch - porting-kfreebsd-hurd/correcting-file-inclusion-for-kfreebsd-and-hurd.patch - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch - porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch - porting-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch (unclear state, will be added later again) - porting/Add-xptcall-support-for-SH4-processors.patch (Closes: #859362) - debian-hacks/Move-profile.patch modified or adjusted patches: - debian-hacks/changing-the-default-search-engine.patch - debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch - icedove-l10n/disable-extension-update-extension-is-managed-by-apt.patch --> icedove-l10n/thunderbird-l10n-disable-external-extension-update.patch (renamed to and modified due new languages) - icedove/fix-installdir.patch --> debian-hacks/Thunderbird-fix-installdir-for-icons.patch * [684ad58] d/source.filter: update due upstream changes * [d005649] debian/control: modify various B-D * [7a8a98d] debian/rules: add some extra C*FLAGS Adding '-fno-lifetime-dse' to not enable dead store elimination of objects within their lifetime, some parts of the source is relying on the persistent values of such objects. Some other distributions as Ubuntu, Fedora and Arch e.g. use this flag too (at least with ESR52) to prevent possible segfaults. * [56f8f4b] debian/rules: adding hack to preserve correct config.status * [fb500a6] mozconfig.default: remove no longer existing options * [c9a3e60] mozconfig.default: some minor adjustments to configure options * [f584857] mozconfig.default: enable GTK3 theme explicit (Closes: #857593) * [3cbe1fb] debian/control: add packages for *-dsb language * [8317735] debian/control: add packages for *-hsb language * [39d90c1] debian/control: add packages for *-kab language * [82b4f50] debian/control: add missing packages for *-ast language * [0edde96] debian/rules: include also l10n folder with 3 characters * [47f17a4] lintian-overrides: modify the list for the js files to ignore * [8872d34] debian/copyright: update after upstream changes * [6755547] mozconfig.default: use some internal libraries Use libicu-dev, libnspr4-dev, libnss3-dev, libsqlite3-dev from shipped source as Stretch versions not recent enough. * [5b04b32] thunderbird.install: pick up icu*.dat if around * [edf24d7] debian/control: mark thunderbird-dbg as Multi-Arch: same * [5d5392b] apparmor/usr.bin.thunderbird: update for version 52 (cherry-picked from upstream) (Closes: #859179) * [f49ad79] apparmor/usr.bin.thunderbird: grant access to commonly used locations (cherry-picked from upstream) * [510fd6f] debian/rules: install lightning-l10n files into correct place * [d70ade4] lightning-l10n: adjust min/max version for ESR 52 cycle With the new ESR version tweaking the extension version of l10n packages for lightning > 52.0 and < 52.*. * [c0dd18f] debian/rules: install icudt5*.dat file more flexible * [b5136f7] autopkg: improve the output of idlTest.sh * [7ac04f6] autopkg: add extra test icudatfileTest.sh [ Christoph Goehre ] * [13f5178] lintian-overrides: we build against internal nspr and nss * [56bbf23] rebuild patch queue from patch-queue branch added patches: - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch (Closes: #859151) modified patches: - porting-mk68/Add-m68k-support-to-Thunderbird.patch -> porting-m68k/Add-m68k-support-to-Thunderbird.patch (renamed) * [6a7ef60] tests/idlTest.sh: remove duplicated 'done' output * [42bf8e1] debian/rules: remove duplicate .so files in thunderbird-dev * [5dc08bc] tests/soSymlinkTest.sh: check for symlinked .so files -- Carsten Schoenert Sat, 03 Jun 2017 19:54:43 +0200 icedove (1:45.8.0-3) unstable; urgency=medium [ Carsten Schoenert ] * [d923505] AppArmor: be more flexible on profile folders (Closes: #858735, #858737) * [1e04099] tb-wrapper: use readlink also on ${ID_PROFILE_FOLDER} (Closes: #858771) * [9f6b771] tb-wrapper: correct check for -dbg package (Closes: #858804) * [8b5271a] rebuild patch queue from patch-queue branch added patches: - fixes/Bug-1273020-Add-missing-null-checks-in-ApplicationAccessi.patch -- Christoph Goehre Wed, 29 Mar 2017 19:28:32 -0400 icedove (1:45.8.0-2) unstable; urgency=medium [ Carsten Schoenert ] * [c2a1d77] tb-helper: pass arguments correctly through tb call (Closes: #855334) * [5c49348] rebuild patch queue from patch-queue branch added patches: - fixes/Bug-1340724-fix-SMTP-server-name-output-in-SMTP-logging.patch (Closes: #855470) * [9d420c0] Revert "register MIME type application/octet-stream for Thunderbird" (Closes: #857755) * [c9960e5] tb-helper: pass arguments by using a array to TB call -- Christoph Goehre Tue, 14 Mar 2017 20:37:48 -0400 icedove (1:45.8.0-1) unstable; urgency=medium [ Carsten Schoenert ] * [3388899] New upstream version 45.8.0 * [24d25e9] tb-helper*: fix up that silly comments behind the if statement (Closes: #857029, #857032, #857098, #857112) * [788b7fa] bash-completion: adding a completion script for /u/b/thunderbird * [9ac9d07] rebuild patch queue from patch-queue branch added patches: - p-arm64/Bug-1091515-Don-t-set-64KB-page-size-on-aarch64.-r-glandi.patch - p-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch * [ad0860b] copyright: small updates reflecting upstream changes [ Christoph Goehre ] * [69577cf] lintian: replace hardlink in thunderbird-dev with symbolic link -- Christoph Goehre Thu, 09 Mar 2017 20:24:49 -0500 icedove (1:45.7.1-2) unstable; urgency=medium [ Christoph Goehre ] * [5e2c618] crashreporter: build only on amd64, armel, armhf and i386 * [36a922f] Apparmor: replace '·' with spaces (Closes: #855343) * [bbbc917] rebuild patch queue from patch-queue branch added patches: - p-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch * [8b5d601] icedove|thunderbird.desktop: update danish (da) translation [ Carsten Schoenert ] * [f8debbd] debian/control: separate transitional mark by extra line (Closes: #855806) * [583c798] {tb,id}.maintscript: modify start-version (Closes: #854587) * [94e557c] thunderbird: adding x11-utils to Depends (Closes: #854488) * [dc878e7] thunderbird-wrapper.sh: fix command line transfer to TB (Closes: #855334) * [9734349] thunderbird helper: split helper function into extra file (Closes: #855286) * [3089a97] tb-helper*: wrapping X11 dialog calls * [e0331e1] tb-helper*: rework option parsing for wrapper script (Closes: #855872) * [31d9899] thunderbird.postinst: try to remove empty profile folder (Closes: #855228) * [c9e5b70] tb-wrapper*: complete rework and moving over for symlinking (Closes: #855265, #855391, #855501, #856490) * [9ef920f] README.Debian: adopt content to current wrapper script behavior * [4cf88e5] icedove|thunderbird.desktop: adopt binary call * [101e0ad] tb-helper*: call subfunctions not within the case loop * [c061107] register MIME type application/octet-stream for Thunderbird -- Christoph Goehre Mon, 06 Mar 2017 20:39:23 -0500 icedove (1:45.7.1-1) unstable; urgency=medium * Bye-bye Icedove (Closes: #749965, #776359, #816679, #363811) [ Carsten Schoenert ] * [90c0d6f] New upstream version 45.7.1 * [a6d21de] rebuild patch queue from patch-queue branch added patches: - fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch (Closes: #837177) removed patches (fixed upstream): - debian-hacks/icu.m4-adding-extra-bracket-to-not-confuse-grep.patch * [8572e34] lintian: adding a semi automated lintian-override * [aa2bda2] crashreporter: enable the reporter for thunderbird * [b96ae57] move icedove.desktop into package icedove (Closes: #850865, #851829) * [304921f] debian/rules: set SHELL explicit to /bin/bash (Closes: #852867) * [072b899] thunderbird: adding extra check while migration * [284912d] debian/README.Debian: update after recent changes * [6dc7e32] icedove-l10n-bn-bd: fix typo in Depends field (Closes: #854135) * [c5d4bf5] {tb,id}.maintscript: modify start-version (Closes: #854587) * [f3d64ae] thunderbird-wrapper.sh: adding extra information window (Closes: #854488) * [6b432c7] README.Debian: hint about issue in global configuration [ Douglas Bagnall ] * [e2c8a23] Apparmor: allowing exo-open-ixr launcher (Closes: #853929) [ Christoph Goehre ] * [ef36e0b] thunderbird-wrapper.sh: fix typos * [f98d5d1] thunderbird-wrapper.sh: add small changes from Guido and Carsten * [7dd6841] README.Debian: fix/correct spelling * [e038694] debian/control: remove depends-on-essential-package 'sed' [ Jens Reyer ] * [ea58e17] thunderbird-wrapper.sh: add extra function for migration (Closes: #849592) -- Christoph Goehre Tue, 14 Feb 2017 18:46:23 -0500 icedove (1:45.6.0-3) experimental; urgency=medium [ Carsten Schoenert ] * [78b3296] rebuild patch queue from patch-queue branch added patch: - debian-hacks/icu.m4-adding-extra-bracket-to-not-confuse-grep.patch * [a272f85] thunderbird-wrapper.sh: also migrate mimeapps.list (Closes: #850864) * [3d4e303] icedove.desktop: don't use categories and mimetypes (Closes: #850866) * [db15d43] icedove: link icedove to thunderbird * [59a9e05] debian/control: change Replaces and Breaks versions [ Christoph Goehre ] * [55cce4a] thunderbird-wrapper.sh: remove 'set -e' -- Christoph Goehre Tue, 17 Jan 2017 18:26:06 -0500 icedove (1:45.6.0-1) experimental; urgency=medium [ Carsten Schoenert ] * [26f8f2d] New upstream version 45.6.0 * [15b7797] iceowl-l10n-*: rearrange Recommends field for various packages (Closes: #824727, #824750, #824763, #824764, #824768, #824780) * [3f75b56] debian/vendor.js: adjust to new version related wiki site * [6bd7f89] d/c-id-l10n: adjusting download URL for stable versions * [f15d1a2] icedove-l10n-all: change Section into metapackages (Closes: #824785) * [25c3ba1] debian/README.source: info about import of multitarballs * [3ebcf59] debian/control: adding Recommends to icedove-l10n-uk (Closes: #825806) * [3e57d5e] debian/control: Icedove, adding dependency on libatk-adaptor * [e19c59d] debian/control: rework Recommends for icedove-l10n-* * [4741d80] debian/control: small fixup Recommends on iceowl-l10n-* * [f9f5193] debian/control: sort iceowl-l10n-* alphabetical * [5220187] de-branding: move iceowl* back to lightning* * [6e28ce5] de-branding: remove Icedove naming from icedove-l10n* * [3dc3b4b] de-branding: remove Icedove branding in the main binary * [8b715cf] de-branding: remove hard name branding in addon managger * [9f609fa] de-branding: adopting dh files for icedove package * [caba322] de-branding: adopting dh files for icedove-dev package * [6538f66] de-branding: change debian/rules to reflect appname change * [871588d] de-branding: adopting dh files for iceowl-extension package * [a0b20e7] debian/tests/*: adopt change of the binary icedove * [29025cc] de-branding: adjust icedove-l10n installation folder * [2b8dd99] de-branding: adjust iceowl-l10n installation folder * [1f3043c] de-branding: remove the Debian visual branding * [272e420] de-branding: removing icedove branding files and folder * [093bc58] de-branding: revitalize *.desktop file with Thunderbird * [4a35d9d] de-branding: move iceowl-l10n-* into lightning-l10n-* * [68d8d79] de-branding: adding transitional iceowl-l10n packages * [4b2febd] de-branding: adding 'Breaks', 'Replaces', 'Provides' to lightning-l10n-* * [9cdb427] de-branding: rework d/r to reflect changes for lightning-l10n * [ec3b427] de-branding: move icedove-l10n-* into thunderbird-l10n-* * [387bfa2] de-branding: adding transitional icedove-l10n packages * [f3cfecb] de-branding: adding 'Breaks', 'Replaces', 'Provides' to thunderbird-l10n-* * [03b222e] de-branding: rework d/r to reflect changes for thunderbird-l10n * [0c9a6ab] de-branding: (re)adding a wrapper script for TB starting * [f9c8aef] de-branding: move icedove-dev to thunderbird-dev * [a4313e6] de-branding: adding transitional icedove-dev package * [0508866] de-branding: rework d/r to reflect changes for thunderbird-dev * [048b29f] de-branding: move icedove-dbg to thunderbird-dbg * [da01077] de-branding: adding transitional icedove-dbg package * [a371079] de-branding: rework d/r to reflect changes for thunderbird-dbg * [b34b8f8] de-branding: move iceowl-extension to lightning * [fa8f9b3] de-branding: adding transitional iceowl-extension package * [848f178] de-branding: rework d/r to reflect changes for lightning * [a708c35] de-branding: move icedove to thunderbird * [cccef90] de-branding: moving icedove dh files into thunderbird * [8c2b27d] de-branding: rework icedove.1 into thunderbird.1 * [19406fe] de-branding: transition of mozconfig.* * [88ed684] de-branding: rework d/r to reflect changes for thunderbird * [c8011d3] de-branding: adding transitional icedove package * [5e399aa] de-branding: adjusting package calendar-google-provider * [a03329c] debian/tests/help.sh: use absolute path for binary call * [10adb34] move old icedove graphic stuff into own folder * [abc6c8c] create various thunderbird png graphics from SVG file * [a2067ae] debian/copyright: update copyright information * [a9c6f9f] de-branding: add own created thunderbird icons to install * [1d8b524] mozconfig.default: enable the official brandind * [9f3a673] debian/control: adding dh-exec to the Build-Depends * [cddbc63] move Thunderbird install files into thunderbird.install * [5037bb5] de-branding: transition of apparmor profile for TB * [14f094d] de-branding: remove extra URL for What's New inside * [c2a06db] manpage thunderbird; adjust and correct manpage entries * [8fa3365] debian/control: adding package dpkg to Build-Depends * [ba84ede] thunderbird: switching dpkg-maintscript-helper to *.maintscript * [d0e675b] debian/thunderbird.postinst: adding some moving mechanism * [cbae415] de-branding: let helper scripts reflect thunderbird change * [da402a4] thunderbird-wrapper.sh: adding fixing inside mimeTypes.rdf (Closes: #837516) * [030d49e] de-branding: adding some hints about the debranding * [662f7af] debian/README.source: adjusting hints due name changes * [8fbedc1] debian/thunderbird.install: install additional icedove.desktop * [9089d9f] debian/*lintian-overrides: adopt name changes * [b9b7665] debian/rules: use the old profile folder for wheezy and jessie * [f9c137e] fix *.desktop files for proper GNOME app mechanism (Closes: #817973, #832302) * [1c85ff7] debian/rules: chmod certain *.py tb-devel files * [356694a] thunderbird.links: linking the default TB icon to u/s/p [ Guido Günther ] * [24bbee9] Wrap and sort control information (Closes: #825806) * [fcfe4ac] Add minimalistic autopkgtest * [f7a32e8] Add autopkgtest to test header and typelib generation * [189d835] Add autopkgtest to smoke test xpcshell [ Christoph Goehre ] * [354f836] turn the reduce of memory usage of the linker on again * [5e48e17] don't build dbgsym packages on unreleased builds * [09679eb] rebuild patch queue from patch-queue branch (Closes: #808183) * [ec3a50b] debian/NEWS: change urgency to medium -- Christoph Goehre Sat, 31 Dec 2016 10:26:36 +0100 icedove (1:45.5.1-1) unstable; urgency=medium [ Carsten Schoenert ] * [efe836f] New upstream version 45.5.1 * [48999ac] rebuild patch queue from patch-queue branch -- Carsten Schoenert Wed, 30 Nov 2016 18:27:57 +0100 icedove (1:45.4.0-1) unstable; urgency=medium [ Guido Günther ] * [a159bc9] autopkgtests: let xfvb-run pick the port to avoid clashes with already running servers * [5384838] Snapshot 1:45.3.0-1~1.gbpa159bc * [8d3ac18] autopkgtest: Dont print on stderr * [8afc7be] Put test deps on a simgle line [ Carsten Schoenert ] * [99e9c40] New upstream version 45.4.0 (Closes: #835866, #836798, #837107) * [6195d7b] debian/README.source: update instructions for importing * [5150624] debian/icedove.js: disabling baselinejit functionality (Closes: #837930) -- Carsten Schoenert Mon, 03 Oct 2016 12:18:09 +0200 icedove (1:45.3.0-1) unstable; urgency=medium [ Carsten Schoenert ] * [3cc29ee] Imported Upstream version 45.3.0 * [ed8cf89] Imported icedove-l10n Upstream version 45.3.0 * [bc20676] Imported iceowl-l10n Upstream version 45.3.0 * [54bd9c4] debian/README.source: fix up some hints * [756ec86] mozconfig.default: enable build of PIE binaries * [1cef6f8] rebuild patch queue from patch-queue branch added patch: - porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch (Closes: #836400) * [7a1ec74] AppArmor: grant access to local mailboxes and enigmail(2) (Closes: #837656) -- Carsten Schoenert Wed, 28 Sep 2016 22:52:03 +0200 icedove (1:45.2.0-4) unstable; urgency=medium [ Carsten Schoenert ] * [cc8cd76] mozconfig.default: relaxe optimization on arm{64,el,hf} to -O1 -- Christoph Goehre Thu, 18 Aug 2016 10:45:17 -0400 icedove (1:45.2.0-3) unstable; urgency=medium [ Guido Günther ] * [9a8f4e1] tests: Fix typo [ Carsten Schoenert ] * [53aab10] AppArmor: allow self execution for -ProfileManager (Closes: #833742) * [a459d6a] debian/rules: adding one more CFLAGS/CXXFLAGS compiler flag (Closes: #833864, #833532, #833591, #833635, #833698) * [e32c460] AppArmor: grant access to local mailboxes and enigmail (Closes: #833184) * [f34e41e] debian/rules: fix typo CXLAGS -> CFLAGS -- Christoph Goehre Fri, 12 Aug 2016 12:00:44 -0400 icedove (1:45.2.0-2) unstable; urgency=medium [ Christoph Goehre ] * [8b4f306] rebuild patch queue from patch-queue branch added patches: - p-kfree-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hur.patch (Closes: #808183) [ Carsten Schoenert ] * [08e20a0] rebuild patch queue from patch-queue branch added patches: - fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch (Closes: #827592) - fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch (Closes: #831192) * [1ea97f1] debian/icedove.js: disable Icedove startup check (Closes: #817973) * [83bdcdf] debian/rules: adding additional CFLAGS and CXXFLAGS * [7dc0588] debian/control: addjust breaks for xul-ext-foxyproxy-standard (Closes: #825749) * [50a0f1e] autopkg: fixup small type within test call [ Ulrike Uhlig ] * [b24bbaa] Add rebranded apparmor profile from upstream (Closes: #829731) * [0a28f91] apparmor/usr.bin.icedove: refresh Icedove AppArmor profile [ Guido Günther ] * [6fe4897] Fix apparmor profile installation -- Christoph Goehre Tue, 26 Jul 2016 13:25:21 -0400 icedove (1:45.2.0-1) unstable; urgency=medium [ Guido Günther ] * [f777843] Wrap and sort control information via 'wrap-and-sort -ast' to simplify backporting (Closes: #825806) * [457dffe] Register components with gbp * [8e73822] Rediff patches [ Carsten Schoenert ] * [789ed6f] Imported Upstream version 45.1.1 * [8b8bd3c] Imported icedove-l10n Upstream version 45.1.1 * [23b2984] Imported iceowl-l10n Upstream version 45.1.1 * [411b27d] Imported Upstream version 45.2.0 * [975287a] Imported icedove-l10n Upstream version 45.2.0 * [09b6652] Imported iceowl-l10n Upstream version 45.2.0 * [2b99997] icedove-l10n-all: change Section into metapackages. As Jonas Smedegaard pointed out, the icedove-l10n-all package is a metapackage and localization. (Closes: #824785) * [a7eec24] debian/README.source: info about import of multitarballs. As the VCS is using git-buildpackage for package maintenace adding some hints on how to handle the impoert of the used mutitarballs since version 45.0. * [73e8b1a] debian/control: adding Recommends to icedove-l10n-uk (Closes: #825806) * [f118470] debian/control: Icedove, adding dependency on libatk-adaptor. After the adding of some first small autopkg test it turns out that we miss a dependency on libatk-adaptor. * [e6e95c9] debian/control: rework Recommends for icedove-l10n-* As addition to 711468b933f280fe9d6ed78bb1d7d763dede9ea7 also rework the various Recommends for the icedove-l10n packages. * [1275b3d] debian/control: small fixup Recommends on iceowl-l10n-* Fix small typos for iceowl-l10n-{pt-pt,sl} * [c4c9a02] debian/control: sort iceowl-l10n-* alphabetical -- Guido Günther Fri, 08 Jul 2016 15:55:46 +0200 icedove (1:45.2~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [68883af] rebuild patch queue from patch-queue branch added patches: - porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch * [ee509d2] debian/mozconfig.default: switching back to gtk2 as default (Closes: #821744) * [f72fe06] adding helper script create-iceowl-l10n-tarball.sh * [28fba93] debian/README.source: adding additional info for iceowl-l10n * [826af5b] adding iceowl-l10n related patches to the patch queue * [1aa6f37] debian/iceowl-*.in: adding needed base files * [a5946b4] debian/rules: adding iceowl-l10n related rules * [b1da616] debian/control: adding the current iceowl-l10n-* packages * [b359c95] debian/source.filter: some adjustments to the filter * [e45ab44] debian/README.source: use recent version and reformating * [50b3830] debian/control: increase Standards-Version to 3.9.8 * [3a767b8] debian/rules: remove no longer needed LDFLAGS * [29a7739] Imported Upstream version 45.2~b1 * [15b7797] iceowl-l10n-*: rearrange Recommends field for various packages (Closes: #824727, #824750, #824763, #824764, #824768, #824780) * [3f75b56] debian/vendor.js: adjust to new version related wiki site * [6bd7f89] d/c-id-l10n: adjusting download URL for stable versions * [f15d1a2] icedove-l10n-all: change Section into metapackages (Closes: #824785) * [25c3ba1] debian/README.source: info about import of multitarballs * [3ebcf59] debian/control: adding Recommends to icedove-l10n-uk (Closes: #825806) * [3e57d5e] debian/control: Icedove, adding dependency on libatk-adaptor * [e19c59d] debian/control: rework Recommends for icedove-l10n-* * [4741d80] debian/control: small fixup Recommends on iceowl-l10n-* * [f9f5193] debian/control: sort iceowl-l10n-* alphabetical [ Christoph Goehre ] * [ce58560] debian/rules: add option to dh_auto_clean * [8cfbeca] debian/rules: export necessary DEB_ vars into environment (Closes: #819020) * [7512da8] debian/rules: ignore build folder and run 'build' target instead (Closes: #819020) * [354f836] turn the reduce of memory usage of the linker on again * [5e48e17] don't build dbgsym packages on unreleased builds * [09679eb] rebuild patch queue from patch-queue branch added patches: - p-kfree-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hu.patch (Closes: #808183) [ Guido Günther ] * [24bbee9] Wrap and sort control information (Closes: #825806) * [fcfe4ac] Add minimalistic autopkgtest * [f7a32e8] Add autopkgtest to test header and typelib generation * [189d835] Add autopkgtest to smoke test xpcshell -- Christoph Goehre Wed, 01 Jun 2016 17:56:29 -0400 icedove (1:45.0~b4-2) experimental; urgency=medium * [fa7bc47] debian/control: fix FTBFS by moving Build-Depends-Indep to Build-Depends -- Christoph Goehre Sun, 10 Apr 2016 15:24:39 -0400 icedove (1:45.0~b4-1) experimental; urgency=medium [ Carsten Schoenert ] * [3bf50c7] Imported Upstream version 45.0~b4 * [11744a7] debian/source.filter: fixup for previous change * [0bd3753] debian/gbp.conf: adding default filter out pattern * [a9f6cfa] rebuild patch queue from patch-queue branch removed patches (fixed upstream): - fixes/Bug-1178266-Link-against-libatomic-when-necessary.patch - p-arm64/FTBFS-arm64-Adding-configure-option-for-aarch64-platform.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-1-4.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-2-4.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-3-4.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-4-4.patch modified patches: - p-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch * [9dcb46e] debian/control: increase B-D on libnspr-dev * [b31fba5] debian/control: increase Standards-Version to 3.9.7 * [623250d] Icedove Branding: adopt usptream changes to branding * [2fa9b24] debian/copyright: update copyright information * [c5dd11d] debian/copyright: include the license text for MPL-1.0 * [3a90ecd] debian/copyright: include the license text for MPL-1.1 * [7291650] debian/copyright: include the license text for MPL-2.0 * [0ebdd3f] debian/copyright: include the license text for libpng * [9ee79fa] d/icedove.install: remove no longer existing parts * [880c9e9] debian/rules: remove obsolet dpkg-shlibdeps call * [e4fb8a2] adding helper script create-icedove-l10n-tarball.sh * [8826951] debian/README.source: adding hint for creating l10n tarball * [08f9071] debian/control: adding the current icedove-l10n-* packages (Closes: #680488) * [d839f37] debian/rules: adding icedove.l10n install to targets * [5b0df21] debian/gbp.conf: use a Tuple for selecting multiple files * [e32519f] debian/control: increase B-D on libnss-dev * [2200691] debian/control: increase B-D on libnspr4-dev * [0f5660e] debian/control: increase increase B-D on libnss3-dev * [5fd8af8] mozconfig.default: adding new configure option * [e288c6e] debian/control: adding a B-D on libpng-dev [ Christoph Goehre ] * [f8c7ca5] debian/control: make depends between icedove-l10n and icedove dynamic * [ac760d7] debian/control: add section localization to all l10n packages * [72ef6c7] debian/NEWS: rename to icedove.NEWS to ship only in icedove core package * add epoch in version number to update l10n packages smoothly -- Christoph Goehre Sat, 09 Apr 2016 18:56:59 -0400 icedove (44.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [a24f78b] Imported Upstream version 44.0~b1 * [7f52453] rebuild patch queue from patch-queue branch removed patches: - d-hacks/Add-unminified-jquery-and-jquery-ui-files.patch - d-hacks/Allow-unsigned-addons-in-usr-lib-share-mozilla-extensions.patch - d-hacks/creating-a-dummy-.deps-directory-to-get-make-happy.patch added patches: - p-arm64/FTBFS-arm64-Adding-configure-option-for-aarch64-platform.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-1-4.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-2-4.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-3-4.patch - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-4-4.patch modified patches: - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch * [ecf1110] debian/watch: adjust to new CDN structure * [dd5efe8] debian/control: increase Build-Depends on libsqlite3-dev * [57165b5] debian/control: switch URI for the Vcs fields to https * [c9ded96] debian/source.filter: adding more filters on testings js files * [31ce42f] debian/copyright: update due upstream/import changes -- Christoph Goehre Sat, 13 Feb 2016 19:08:55 -0500 icedove (43.0~b1-1) experimental; urgency=medium [ Christoph Goehre ] * [ef5b1ef] debian/rules: split override_dh_install into arch and indep section (Closes: #806047) * [02d5d7c] debian/source.filter: remove filter for searchplugins [ Guido Günther ] * [2008a71] Clarify relation between icedove and the calendar extensions (Closes: #809017) [ Carsten Schoenert ] * [11ffac0] debian/source.filter: modifying file list to ignore * [926912b] Imported Upstream version 43.0~b1 * [32cd8c0] rebuild patch queue from patch-queue branch added patches: - d-hacks/Allow-unsigned-addons-in-usr-lib-share-mozilla-extensions.patch removed patches (fixed upstream): - reproducible/Generate-sorted-libical-header-list.patch * [a1637e4] debian/control: increase B-D on libnspr-dev and libnss3-dev * [f9937c1] debian/source.filter: sort entries alphabetical * [326f74d] debian/source.filter: adding new files to filter out * [9b9d9b9] debian/copyright: update due upstream changes * [69664c7] d/icedove.install: searchplugins isn't alive anymore -- Christoph Goehre Tue, 19 Jan 2016 11:41:50 -0500 icedove (42.0~b2-1) experimental; urgency=medium [ Carsten Schoenert ] * [8842d85] Imported Upstream version 42.0~b2 * [6d14aca] rebuild patch queue from patch-queue branch added patches: - fixes/Bug-1178266-Link-against-libatomic-when-necessary.patch * [320c43d] add myself to the uploaders * [797a290] lintian: remove icedove.menu file due CTTE#741573 [ Guido Günther ] * [caca7c2] Add unminified jquery and jquery-ui files (Closes: #802281) -- Christoph Goehre Sun, 08 Nov 2015 15:30:56 -0500 icedove (42.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [c599b6b] Imported Upstream version 42.0~b1 * [41285cb] debian/copyright: fixup's and update * [6b270be] debian/control: increase various build depends * [be75969] adopting needed changes for GTK3 into the Debian branding * [245161e] fixup branding about.png file -- Christoph Goehre Sat, 10 Oct 2015 21:26:24 -0400 icedove (41.0~b2-1) experimental; urgency=medium [ Carsten Schoenert ] * [b1d982c] Imported Upstream version 41.0~b2 * [8389b9b] rebuild patch queue from patch-queue branch added patches: - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch modified patches: - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch dropped patches (fixed upstream): - fixes/Bug-1168231-Fixup-to-keep-file-type.patch - fixes/Bug-1168231-Normalize-file-mode-in-jars.patch - reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch - reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patch * [9ebf7b9] debian/source.filter: modifying file list to ignore * [b25d990] debian/copyright: fixup's and update [ Christoph Goehre ] * [8ebffb0] relax optimize to -O1 on s390x (Closes: #797551) * [dea1627] debian/rules: Disable jit on mips (Closes: #797548) -- Christoph Goehre Fri, 25 Sep 2015 18:43:44 -0400 icedove (40.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [9d358dc] debian/source.filter: adjust new files * [328cdc7] Imported Upstream version 40.0~b1 * [8813d89] debian/rules: setting MOZ_BUILD_DATE explicitly. This patch is based on work from Mike Hommey within the Iceweasel package to enable reproducible builds. It defines the MOZ_BUILD_DATE with a pre defined timezone. * [8dd5b9f] debian/rules: add switch to skip icedove-dbg build to speed up the build. * [a6beec7] debian/control: Let icedove recommendiceowl-extension * [691dfe9] add release related information * [bdfdfd8] debian/vendor.js: adjusting WhatNew link to more dedicated URL * [5ba6ec7] rebuild patch queue from patch-queue branch added patches: debian-hacks/changing-the-default-search-engine.patch fixes/Bug-1168231-Fixup-to-keep-file-type.patch fixes/Bug-1168231-Normalize-file-mode-in-jars.patch reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patc reproducible/Generate-sorted-libical-header-list modified patches: fixes/Allow-.js-preference-files-to-set-locked-prefs-with-.patch porting-kfreebsd-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch porting/Disable-optimization-on-alpha-for-the-url-classifier.patch deleted patches: debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch debian/patches/fixes/Link-libldap-against-libpthread.patch debian/patches/icedove/no-dynamic-nss-softokn.patch debian/patches/porting/Remove-duplicate-SkDiscardableMemory_none.cpp-from-g.patch * [59046ae,12d4f4b] debian/copyright: update due upstream changes * [7c1f002] debian/iceowl-extension.lintian-overrides: remove file, no longer needed * [23eed8c] debian/source.lintian-overrides: adding new entries. Lintian is detecting the braces within the folder names incorrectly as brace expansion. * [2f95cd3] add changes due ldap restructure. [ Christoph Goehre ] * [ff66528] lintian: fix spelling error in debian/README.Debian -- Guido Guenther Wed, 19 Aug 2015 09:39:23 +0200 icedove (38.7.2-1) unstable; urgency=medium * [397cd7a] Imported Upstream version 38.7.2 -- Christoph Goehre Wed, 13 Apr 2016 12:05:05 -0400 icedove (38.7.0-1) unstable; urgency=medium [ Christoph Goehre ] * [cb9c003] Imported Upstream version 38.7.0 * [7273cb9] bump up standards version to 3.9.7 (no changes needed) [ Carsten Schoenert ] * [0341a8c] debian/control: switch URI for the Vcs fields to https -- Christoph Goehre Wed, 16 Mar 2016 13:22:57 +0100 icedove (38.6.0-1) unstable; urgency=medium [ Guido Günther ] * [195730d] Clarify relation between icedove and the calendar extensions (Closes: #809017) [ Christoph Goehre ] * [988ce5b] Imported Upstream version 38.6.0 * [6763f6f] debian/source.filter: remove evil-licensed jshint.js (Closes: #813053) -- Christoph Goehre Sun, 14 Feb 2016 16:08:13 -0500 icedove (38.5.0-1) unstable; urgency=medium [ Christoph Goehre ] * [6d45b0b] Imported Upstream version 38.5.0 * [316798f] debian/rules: split override_dh_install into arch and indep section (Closes: #806047) [ Carsten Schoenert ] * [5b3cb7a] add myself to the uploaders -- Christoph Goehre Thu, 24 Dec 2015 22:36:37 -0500 icedove (38.4.0-1) unstable; urgency=medium [ Christoph Goehre ] * [754392e] Imported Upstream version 38.4.0 * [ef4b733] debian/watch: adjust download url [ Carsten Schoenert ] * [f3f5455] lintian: remove icedove.menu file due CTTE#741573 -- Christoph Goehre Fri, 27 Nov 2015 12:54:27 -0500 icedove (38.3.0-2) unstable; urgency=medium * [c988747] Add unminified jquery and jquery-ui files with the exact version as used by upstream thunderbird. We don't want to use the minified versions mozilla ships and can't use what is currently packaged in Jessie or Stretch since these are too recent. (Closes: #802281) -- Guido Günther Sun, 01 Nov 2015 18:06:33 +0100 icedove (38.3.0-1) unstable; urgency=medium [ Carsten Schoenert ] * [0f8b6a4] Imported Upstream version 38.3.0 * [566273a] debian/copyright: fixup's and update -- Christoph Goehre Sat, 10 Oct 2015 13:21:05 -0400 icedove (38.2.0-2) unstable; urgency=medium * [8bcb08b] relax optimize to -O1 on s390x (Closes: #797551) * [6aa0915] debian/rules: Disable jit on mips (Closes: #797548) -- Christoph Goehre Thu, 24 Sep 2015 19:09:54 -0400 icedove (38.2.0-1) unstable; urgency=medium * [d46d5f6] rebuild patch queue from patch-queue branch added patches: - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch -- Christoph Goehre Mon, 21 Sep 2015 19:42:03 -0400 icedove (38.2.0-1~stretch) stretch; urgency=medium [ Carsten Schoenert ] * [05b245f] Imported Upstream version 38.2.0 (Closes: #796323) - MFSA 2015-59 aka CVE-2015-2724, CVE-2015-2725, CVE-2015-2726 - MFSA 2015-63 aka CVE-2015-2731 - MFSA 2015-66 aka CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740 - MFSA 2015-70 aka CVE-2015-4000 - MFSA 2015-71 aka CVE-2015-2721 - MFSA 2015-65 aka CVE-2015-2741 - MFSA 2015-79 aka CVE-2015-4474 * [43c8195] rebuild patch queue from patch-queue branch * [c75bdad] debian/control: increase B-D on libnss3-dev * [942bcbe] debian/iceowl-extension.lintian-overrides: remove file * [7131e4d] debian/source.lintian-overrides: adding new entries * [8882360] mozconfig.default: don't use icu from system -- Carsten Schoenert Fri, 21 Aug 2015 12:29:42 +0200 icedove (38.1.0-1) unstable; urgency=medium [ Carsten Schoenert ] * [3d27760] Imported Upstream version 38.1.0 (Closes: #790651) * [2cb6cd7] rebuild patch queue from patch-queue branch added patches: - fixes/Bug-1165654-Cleanup-how-libjpeg-turbo-assembly-build.patch - reproducible/Generate-sorted-libical-header-list (Closes: #794456) -- Christoph Goehre Tue, 04 Aug 2015 20:20:53 -0400 icedove (38.0.1-1) unstable; urgency=medium [ Carsten Schoenert ] * [5acef6a] debian/gbp.conf: adopt new upstream branch * [6f88792] Imported Upstream version 38.0.1 (Closes: #358680, #472601, #634316, #691176, #751786, #777908) * [18bba9d] debian/gbp.conf: respect new git-buildpackage behaviour * [26bbdac] rebuild patch queue from patch-queue branch added patches: - debian-hacks/changing-the-default-search-engine.patch (Closes: #780595) - fixes/Bug-1168231-Fixup-to-keep-file-type.patch - fixes/Bug-1168231-Normalize-file-mode-in-jars.patch - reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch - reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patc deleted patches: - debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch * [71938b9] debian/rules: setting MOZ_BUILD_DATE explicitly * [e50d708] debian/copyright: more minor updates to the copyright file * [b232895] debian/rules: adding switch for no icedove-dbg build * [bcc15aa] debian/control: icedove is now recommending iceowl-extension * [564a19e] adding release related information * [2ec0053] debian/vendor.js: adjusting WhatNew link to more dedicated URL [ Christoph Goehre ] * [a9c25b6] lintian: fix spelling error in debian/README.Debian * [2cc2c07] debian/rules: fix icedove-dbg build switch -- Christoph Goehre Mon, 27 Jul 2015 17:46:40 -0400 icedove (38.0~b5-1) experimental; urgency=medium [ Carsten Schoenert ] * [7e3cab4] Imported Upstream version 38.0~b5 * [3edbafc] Revert "debian/control: remove build-dep on libnotify-dev" * [5e69bab] debian/control: increase b-d versions * [6e6ae36] rebuild patch queue from patch-queue branch added patches: - debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch obsolete patches (fixed in Debian): - adopting-SQLITE3-version.patch * [ac7b760] mozconfig.default: adding some explicit configure options * [81fd6e6] complete rewrite of copyright information * [327dd45] switching to libgstreamer1.0* [ Christoph Goehre ] * [9877ea3] lintian: add override for libpng -- Christoph Goehre Fri, 22 May 2015 20:42:19 -0400 icedove (38.0~b2-1) experimental; urgency=medium [ Carsten Schoenert ] * [b08d966] debian/source.filter: modifying file list to ignore * [88fd018] Imported Upstream version 38.0~b2 * [e9da8f8] icedove branding: adopt upstream changes * [3610daa] debian/control: increase b-d versions * [950fae7] rebuild patch queue from patch-queue branch modified patches: - system-libs/Allow-to-build-against-system-libffi.patch - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch obsolete patches (fixed upstream): - porting/Reintroduce-pixman-code-path-removed-in-bug-1097776-.patch * [1820d7c] debian/control: adding xul-ext-compactheader to Breaks field [ Dominik George ] * [4181126] debian/control: Upgrade Breaks relation to enigmail (Closes: #782686) -- Christoph Goehre Tue, 28 Apr 2015 18:19:00 -0400 icedove (36.0~b1-2) experimental; urgency=medium * [26c0027] rebuild patch queue from patch-queue branch added patches: - porting/Reintroduce-pixman-code-path-removed-in-bug-1097776-.patch - porting/Remove-duplicate-SkDiscardableMemory_none.cpp-from-g.patch - porting/ppc-fix-divide-page-size-in-jemalloc.patch (Closes: #780404) -- Christoph Goehre Sat, 28 Mar 2015 15:35:58 -0400 icedove (36.0~b1-1) experimental; urgency=medium [ Carsten Schoenert ] * [68112a3] Imported Upstream version 36.0~b1 * [3120361] rebuild patch queue from patch-queue branch obsolete patches (fixed upstream): - debian-hacks/fixing-various-FTBFS-due-different-datatype-char-beh.patch - porting-arm/FTBFS-armhf-fixing-ARM-CPU-detection.patch modified patches: - debian-hacks/Strip-version-number.patch - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch - p-kfree-hurd/correcting-file-inclusion-for-kfreebsd.patch - p-kfree-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch * [ee185a2] d/icedove.install: mozilla-xremote-client was removed * [64adc44] debian/source.filter: modifying file list to ignore * [dbdd152] debian/control: increase package versions * [fb3307c] lintian: adding one more source override * [2a07495] lintian: adding new override for the icedove package * [38c21ad] debian/README.Debian: adding note around HTTPS Everythere (Closes: #774790) [ Christoph Goehre ] * [3dce89c] debian/icedove.desktop: correct StartupWMClass to 'Icedove' (Closes: #773876) * [deb3f58] debian/icedove.desktop: add MimeType text/calendar (Closes: #762190) * [4dd96fe] rebuild patch queue from patch-queue branch added patches: - p-kfree-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch - p-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch (Closes: #772933) modified patches: - p-kfree-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch - p-kfree-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch - p-kfree-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch * [373ed05] add missing epoch in libnss3-dev build depends -- Christoph Goehre Wed, 11 Mar 2015 19:19:28 -0400 icedove (34.0~b1-2) experimental; urgency=low [ Carsten Schoenert ] * [7a4edc4] rebuild patch queue from patch-queue branch added patches: - debian-hacks/fixing-various-FTBFS-due-different-datatype-char-beh.patch - porting-arm/FTBFS-armhf-fixing-ARM-CPU-detection.patch -- Christoph Goehre Mon, 24 Nov 2014 18:56:21 -0500 icedove (34.0~b1-1) experimental; urgency=low [ Carsten Schoenert ] * [1be8ab1] debian/source.filter: more files to ignore * [66e6488] debian/README.source: adjust description for beta versions * [e63d375] Imported Upstream version 34.0~b1 (Closes: #770180) * [1cb54d2] rebuild patch queue from patch-queue branch obsolete patches (fixed upstream): - porting-armel/disable-some-libopus-feature-for-ARCH-ARMv6.patch * [ad29bb1] debian/rules: be more flexible on *.xpi files * [b055e78] debian/NEWS: fixing default SSL/TLS behavior description * [d64a847] debian/NEWS: adding notes around new security changes -- Christoph Goehre Wed, 19 Nov 2014 19:15:46 -0500 icedove (33.0~b1-1) experimental; urgency=low [ Carsten Schoenert ] * [5029c8b] debian/source.filter: more files to ignore * [d4b03d9] README.source: let's use xz while creating the orig.tar.xz * [ebd442f] debian/gbp.conf: some instructions for git-dch * [cc594ea] Imported Upstream version 33.0~b1 * [23b57cf] rebuild patch queue from patch-queue branch added patches: - debian-hacks/fix-identification-of-ObjdirMismatchException.patch - debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch modified patches: - debian-hacks/Strip-version-number.patch - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch - obsolete patches (fixed upstream): - fixes/Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch - porting-alpha/fix-FTBFS-on-alpha.patch * [a5a2a1b] adding additional config options for hppa and ppc64 Both platforms failing on running xpcshell. [ Christoph Goehre ] * [5a0ba43] linitan: bump up standards version to 3.9.6 * [aaca6a7] debian/NEWS: adding note around increased default TLS version 1.2 (Closes: #761245) -- Christoph Goehre Sat, 25 Oct 2014 12:47:37 -0400 icedove (32.0~b1-1) experimental; urgency=low [ Christoph Goehre ] * [65ad797] icedove.postinst: remove obsolete symlink handling [ Carsten Schoenert ] * [baef95a] debian/gbp.conf: adopting experimental branch * [8384eee] Imported Upstream version 32.0~b1 * [75145f3] rebuild patch queue from patch-queue branch modified patches: - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch - debian-hacks/remove-non-free-W3C-icon-valid.png.patch obsolete patches (fixed upstream): - porting-armel/fix-skia-for-ARMv4.patch [ Christoph Goehre ] * [51c3cee] cleanup branding patch -- Christoph Goehre Thu, 28 Aug 2014 15:52:51 -0700 icedove (31.0-2) unstable; urgency=low [ Carsten Schoenert ] * [d2bc0ef] armel: correcting #if statement for skia fix * [959b801] adding GNU/Hurd to gyp.mozbuild * [215bc7d] kfreebsd*: adding CrossProcessMutex_posix.cpp to list * [892c39c] d/icedove.links: remove unneeded link to /u/s/i/e (Closes: #638489) * [928158c] debian/source.filter: more files to ignore * [b81c238] fixing lintian warning 'unused-override' * [7bc2568] fixing lintian warning 'jar-not-in-usr-share' * [cd0d289] fixing lintian warning 'image-file-in-usr-lib' * [045a960] fixing lintian error 'source-is-missing' * [1fe016a] correcting FTBFS patch for alpha [ Christoph Goehre ] * [c827d81] iceowl-extension: replace skin and icon dir with symlink -- Christoph Goehre Sat, 23 Aug 2014 18:42:23 -0700 icedove (31.0-1) unstable; urgency=low [ Carsten Schoenert ] * [b7cdeb4] Imported Upstream version 31.0 (Closes: #756769) * [1f2ff0b] debian/rules: fixing file permissions in iceowl-extension * [c8d2036] adding fix for skia on armel * [77093e2] fixing FTBFS on armel (Closes: #754633) * [a458959] debian/control: increase b-d on libsqlite-dev * [a98ebca] fix runtime error on alpha while jemalloc run * [6f6b576] disable optimization on alpha while linking -- Christoph Goehre Mon, 04 Aug 2014 10:23:09 -0400 icedove (31.0~b2-1) unstable; urgency=low [ Carsten Schoenert ] * [76059a9] debian/source.filter: more files to ignore * [5067b0e] Imported Upstream version 31.0~b2 (Closes: #754464) * [e31ac79] debian/control: remove build-dep on libnotify-dev * [35324a5] debian/control: increase build-depends on libnss3-dev to 3.16.2~ -- Christoph Goehre Fri, 18 Jul 2014 21:47:06 +0200 icedove (31.0~b1-2) unstable; urgency=low * [7ba4d01] lintian: add override for embedded srtp library -- Christoph Goehre Sun, 22 Jun 2014 18:18:04 -0400 icedove (31.0~b1-1) unstable; urgency=low * [02dc94c] remove example file, which cause git-archive to change the source tree * [ba233b1] Imported Upstream version 31.0~b1 * [4c2380f] rebuild patch queue from patch-queue branch modified patches: - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-.patch obsolete patches (fixed upstream): - fixes/unbreak-with-system-pixman-in-mailnews.patch - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch -- Christoph Goehre Sun, 22 Jun 2014 11:50:07 -0400 icedove (30.0~b1-1) unstable; urgency=low [ Carsten Schoenert ] * [b3eadf1] debian/source.filter: more files to ignore * [fb71012] debian/control: bumping build-depends for debhelper * [dc4ad0c] debian/control: add libpulse-dev build dependency * [b8d3ee7] debian/control: bumping some version of build dependencies * [3443df9] debian/icedove-dev.install: adopt upstream changes * [d0f9d0e] icedove.lintian-overrides: adding libtheora * [982c8a6] debian/rules: adding removing for temporary files [ Christoph Goehre ] * [f6292d5] Imported Upstream version 30.0~b1 (Closes: #743421) * [dacd658] rebuild patch queue from patch-queue branch modified patches: - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch - porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch - porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-.patch - prefs/Set-javascript.options.showInConsole.patch - debian-hacks/Icedove-branding.patch - fixes/unbreak-with-system-pixman-in-mailnews.patch obsolete patches (fixed upstream): - debian-hacks/Do-build-time-detection-of-2-bytes-wchar_t-and-char1.patch - debian-hacks/Fix-build-failure-for-header.py-and-typelib.py.patch - fixes/Make-system-cairo-work-again.patch - porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch * [df93d26] branding: add jar.mn to moz.build * [648853d] only copy debian/mozconfig.default into mozilla subdir * [4f9dc9e] MOZ_OBJDIR need a absolute path, $(pwd) didn't work * [33794c3] icedove.pc: remove non-existent library mozjs (Closes: #748746) * [dcbce5c] iceowl-extension: use breaks instead of conflicts against calendar-timezones (Closes: #747532) * [545415a] add breaks to enigmail (<< 2:1.6-4~deb7u1) which won't work with us (Closes: #747546) -- Christoph Goehre Fri, 30 May 2014 12:11:53 -0400 icedove (24.5.0-2) unstable; urgency=low * [e4a43ed] debian/rules: remove duplicate LDFLAGS += -Wl,--stats * [f9dba4b] debian/rules: export all compiler flags into build environment * [8dc0712] debian/rules: run autoconf for all configue files * [95d4b48] debian/rules: export MOZCONFIG onces * [577bd03] debian/rules: update config.sub and config.guess before autoconf run * [7f958c7] parse DEB_BUILD_OPTIONS for how many parallel buildjobs to start (Closes: #746984) * [0f8b062] debian/rules: export MOZILLA_OFFICIAL * [1c3d277] run configure with --build and --host * [f190e19] don't build a shared js library (Closes: #724688, #729073, #745593) -- Christoph Goehre Thu, 08 May 2014 20:07:06 -0400 icedove (24.5.0-1) unstable; urgency=low [ Carsten Schoenert ] * [7c13dbf] calender-timezones: remove no longer needed helper files * [2d4328c] debian/control: sort various fields alphabetically * [436c212] debian/control: remove build-depens on cdbs * [dae8b3e] icedove branding: adopt current Makefile.in style to upstream * [045be10] debian/rules: switch to debhelper * [b852c8c] debian/mozconfig*: adding mozconfig files * [7bac68c] debian/icedove.configopts: Remove no longer needed file * [6c597b9] Switch the old thunderbird*.in files to icedove.* * [9781e61] debian/icedove.links: adding /u/b/i link * [f325194] debian/icedove.dirs: add helper file for needed directories * [fe0376a] debian/icedove.install: sort entrys alphabetical * [0111ccc] debian/icedove.js: fix small typo and reformat * [a7e5b05] debian/rules: add override for dh_fixperms * [8e44df2] debian/rules: add override for dh_install * [24fa03a] debian/rules: add override for dh_shlibdeps * [2f22ed0] debian/rules: add override for dh_strip * [259a6f4] debian/control: remove ${shlibs:Depends} from c-g-p depends * [cdc9272] debian/rules: add additional LDFLAGS * [9d620d5] debian/rules: correct Icedove version inside icedove.pc during install [ Christoph Goehre ] * [460818b] Imported Upstream version 24.5.0 * [4c65ecc] rebuild patch queue from patch-queue branch added patches: - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch obsolete patches: - porting-kfreebsd-hurd/Another-fix-to-build-ipc-code-on-GNU-hurd-an.patch -- Christoph Goehre Tue, 29 Apr 2014 17:56:40 -0400 icedove (24.4.0-1) unstable; urgency=low * [a2b13c0] Imported Upstream version 24.4.0 * [fd90463] rebuild patch queue from patch-queue branch added patches: - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch (Closes: #741245) -- Christoph Goehre Sat, 22 Mar 2014 11:10:18 -0400 icedove (24.3.0-2) unstable; urgency=low [ Christoph Goehre ] * [122ffe9] remove ldif60 from pkgconfig file (Closes: #732652) * [b64ccac] rebuild patch queue from patch-queue branch added patches: - porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch (Closes: #734859) [ Carsten Schoenert ] * [aa4f5b1] thunderbird.install.in: shipping all files in /u/l/i/components (Closes: #737811) * [3bf4738] debian/rules: fix *.js file-permissions for iceowl-extension * [50ab7a5] debian/rules: remove -Wl,--as-needed linker option (Closes: #732652, #730450, #724688) -- Christoph Goehre Sun, 09 Mar 2014 15:33:05 -0400 icedove (24.3.0-1) unstable; urgency=low * [a656560] lintian: remove non-free w3c valid.png icon (Closes: #735119) * [f4e6c08] lintian: remove prebuild javascript objects from upstream tarball (Closes: #735234) * [adf9c96] Imported Upstream version 24.3.0 * [8419e65] rebuild patch queue from patch-queue branch added patches: - debian-hacks/remove-non-free-W3C-icon-valid.png.patch - debian-hacks/use-system-jquery-jquery-ui.patch * [948af3e] a newer icedove will break iceowl-extension (Closes: #732742) -- Christoph Goehre Mon, 10 Feb 2014 19:44:36 -0500 icedove (24.2.0-1) unstable; urgency=low [ Christoph Goehre ] * [963a61e] Imported Upstream version 24.2.0 * [852abe3] rebuild patch queue from patch-queue branch obsolete patches (fixed upstream): - fixes/Wrap-non-prefixed-freetype-headers-from-newer-freety.patch - porting/Don-t-hardcode-page-size-on-ia64-sparc-or-mipsel.patch (Closes: #734074) * [a9d6680] lintian: remove prebuild-binaries from upstream tarball * [fc25943] linitan: remove prebuilt-windows-binary from upstream tarball * [faa24eb] lintian: fix comma separated files copyright * [835790d] lintian: declare public-domain license at the beginning [ Carsten Schoenert ] * [c583a2f] debian/copyright: fix indentation for 'public domain' license * [78ddee2] linitan: bump up standards version to 3.9.5 -- Christoph Goehre Sat, 11 Jan 2014 20:17:24 -0500 icedove (24.1.1-1) experimental; urgency=low [ Carsten Schoenert ] * [e8cbac4] debian/copyright: correcting wrong comma usage. * [d24a6be] debian/copyright: adjusting copyright infos * [51a32a1] debian/copyright: correcting various lintian warning. * [50874e0] debian/control: expanding icedove-dev dependency on python * [2996a33] debian/control: adding a more specific description for iceowl-extension and google-cal-prov. * [85b4400] debian/control: adjust proper version dependencies. (Closes: #729712) * [4d6b204] debian/control: adding metadata for mozilla-devscripts. (Closes: #562984) [ Christoph Goehre ] * [aa7782b] Imported Upstream version 24.1.1 (Closes: #720931, #723630) * [e4ca9cd] rebuild patch queue from patch-queue branch added patches: - fixes/Wrap-non-prefixed-freetype-headers-from-newer-freety.patch - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and.patch * [849988b] make python scripts in /usr/lib/icedove-devel/sdk/bin executable * [9890b1c] ship python config scripts to make building of extensions easier (Closes: #729431) * [8b08106] remove libxpcom.so from pkgconfig file (Closes: #729168) * [4759bde] add libldif60 to pkgconfig file * [db575b4] lintian: remove unsafe symlink from upstream tarball -- Christoph Goehre Sun, 08 Dec 2013 10:08:19 -0500 icedove (24.0-1) experimental; urgency=low [ Guido Günther ] * [6f9d98e] New upstream version 24.0 * [ef58a98] Refresh patches * [435516d] Switch to xz compressed upstream tarball * [f529a99] repack.py: port to python3 * [50423d9] repack.py: allow to specify compression [ Christoph Goehre ] * [b45b2b9] remove superfluous gstreamer build depends * [96ac1d0] Reduce memory usage of the linker. Thanks to Mike Hommey * [af55374] ia64 don't like LDFLAG --no-keep-memory * [c3cb093] remove export-subst in mozilla/addon-sdk/source/.gitattributes. [ Carsten Schoenert ] * [ac4caea] debian/copyright: correcting out-of-date-copyright-format-uri. * [585bf84] debian/copyright: remove obsolete field 'Name:' -- Christoph Goehre Tue, 15 Oct 2013 18:51:16 -0400 icedove (24.0~b3-2) experimental; urgency=low * [47fe004] Add lintian override for our use of the embedded libjpeg * [3c103e6] Make sure xpcshell is executable so dh_shlibdeps picks it up to calculate lib dependencies -- Guido Günther Tue, 24 Sep 2013 20:03:33 +0200 icedove (24.0~b3-1) experimental; urgency=low [ Guido Günther ] * Upload to experimental * [eae533c] Adjust watch file once again * [5280050] Invoke repack.py directly * [0f4e8de] New upstream version 24.0~b3 (Closes: #706859, #720931, #723630) * [3b6374b] Don't use system jpeg since it doesn't have the needed features * [f6aeba2] Don't try to remove nonexistent libxpcom.so [ Carsten Schoenert ] * [04844ae] icedove-branding: adopt new build schema to Debian branding by using moz.build. * [11c4677] icedove-branding: change the target directory for preview.png. * [55f6762] debian/control: remove package calendar-timezones. The calendar-timezones related files are now inside the lightning package. * [6f4948d] debian/rules: catch any gdata-provider*.xpi file. The gdata-provider XPI file now has a version appended. * [d5a63c9] debian/rules: catch any lightning*.xpi file. The lightning XPI file now has a version appended. * [e77e911] debian/thunderbird.install.in: remove mozilla/components/binary.manifest since it no longer exists. * [ef3f3b1] debian/control: Build-Depend on gstreamer an yasm now used by icedove. * [9f5fe3e] Drop patches fixed upstream. Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch Bug-723497-Saving-message-to-disk-fails-silently-fai.patch Bug-746112-Don-t-decommit-if-page-size-is-too-large.patch Bug-814693-Allow-webrtc-to-build-on-more-architectur.patch Bug-840242-Use-the-runtime-page-size-to-control-aren.patch virtualenv-changing-the-path-to-virtualenv.py.patch * [4503610] Adjust to build system changes: debian-hacks/Don-t-build-example-component.patch * [290f1e0] Partially applied upstream: Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch * [2eaf6ae] Rediff remaining patches * [4217c0e] Create missing .deps dir. Workaround to make build complete * [f95db9c] Drop autoconf.mk mangling since it confuses the build system -- Guido Günther Thu, 19 Sep 2013 20:10:24 +0200 icedove (17.0.8-1) unstable; urgency=low [ Carsten Schoenert ] * [af98dad] The vendorShortName is of course "Mozilla" and not "Icedove" The packages in icedove-l10n already use the correct substition. (Closes: #707207, #715326) * [8ceae38] Sawfish: fix wrong size of resized window. Backported from the TB20 release. https://bugzilla.mozilla.org/show_bug.cgi?id=813997 (Closes: #715464) * [b69cb68] Fix error while saving a message to disk or network. If the user tries to save a message to disk or network share without enough user rights to write the message Icedove fails silently. This backport from TB 21 fixes this. * [fd8f588] Desktop file: shorten the icon name to 'Icedove' (Closes: #507962) * [24b1b45] fix JS compiler segfault errors for various platforms (Closes: #708331) [ Christoph Goehre ] * [01f6b7a] add README.Debian to describe upstream status of Thunderbird (Closes: #710888) * [7fa36d6] rebuild patch queue from patch-queue branch added patches: - porting/Fix-ipc-chromium-on-kFreeBSD-and-Hurd.patch [ Guido Günther ] * [455bfe7] New upstream version 17.0.8 -- Guido Günther Tue, 20 Aug 2013 16:12:17 +0200 icedove (17.0.7-1) unstable; urgency=low * [b8fd345] Imported Upstream version 17.0.7 * [3133999] rebuild patch queue from patch-queue branch modified patches: - porting/Don-t-hardcode-page-size-on-ia64-sparc-or-mipsel.patch * [3332f92] lintian: change url to version control system * [534e2d1] linitan: bump up standards version to 3.9.4 * [2b511d2] lintian: remove obsolete thunderbird dependency in iceowl-extension * [2081e7e] lintian: add Keywords to icedove desktop file * [7f8333c] lintian: mask minus signs in manpage with a backslash -- Christoph Goehre Sun, 30 Jun 2013 18:46:16 -0400 icedove (17.0.5-2) unstable; urgency=low [ Guido Günther ] * [4c7a88a] Install calendar-google-provider to /u/s/xul-ext (Closes: #638480) * [4c97096] Move calendar-timezones to /u/s/xul-ext (Closes: #638481) * [e9d0085] Move arch indep parts to common-install-indep [ Carsten Schoenert ] * [40d68d5] Fix build error on IA64 and Sparc * [59939c3] manpage: add example section and convert to UTF-8 * [10647cf] fixing build failure depended on python-2.7 changes [ Christoph Goehre ] * [0a7bb8b] create links for extension in /usr/share/mozilla/extensions/APPID * [5047e6b] remove icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch (Closes: #695323) -- Christoph Goehre Sat, 18 May 2013 17:53:21 -0400 icedove (17.0.5-1) experimental; urgency=low [ Guido Günther ] * [894ea6d] Include all needed libs to link against icedove's libxpcom (Closes: #477747) [ Carsten Schoenert ] * [6e00625] Point "Help->What's new" to the Debian Wiki (Closes: #570577) [ Christoph Goehre ] * [4766bc9] replace icon in searchplugin (bing, twitter) with download url * [e3dc726] Imported Upstream version 17.0.5 -- Christoph Goehre Sat, 13 Apr 2013 12:19:06 -0400 icedove (17.0.4-1) experimental; urgency=low [ Guido Günther ] * [9ed54cb] Add Homepage * [bd41337] Add X-Debian-Homepage [ Carsten Schoenert ] * [1fba87f] New patch fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch fix function nsMsgComposeAndSend to respect ReploToSend Thanks to Emilio Pozuelo Monfort for the patch (Closes: #565903) [ Christoph Goehre ] * [7a1071b] update debug section in icedove manpage (Closes: #698163) * [017f5b5] Imported Upstream version 17.0.4 (Closes: #702927) * [7c35529] compress debian packages with xz -- Christoph Goehre Wed, 13 Mar 2013 19:00:07 -0400 icedove (17.0.2-1) experimental; urgency=low * [8911b88] Finally set Christoph as Maintainer. Thanks for your work Alexander. * [d456018] parallel build: Use number or available cores by default * [daeee47] Don't refer to paths containing thunderbird (Closes: #486617) * [52a202a] New upstream version 17.0.2 * [fa07537] Allow webrtc to build on more architectures. Thanks to Mike Hommey and Christoph Göhre -- Guido Günther Fri, 11 Jan 2013 17:37:46 +0100 icedove (17.0.2-1~1) experimental; urgency=low * [8911b88] Finally set Christoph as Maintainer. Thanks for your work Alexander. * [d456018] parallel build: Use number or available cores by default * [daeee47] Don't refer to paths containing thunderbird (Closes: #486617) * [52a202a] New upstream version 17.0.2 * [fa07537] Allow webrtc to build on more architectures. Thanks to Mike Hommey and Christoph Göhre -- Guido Günther Fri, 11 Jan 2013 17:35:22 +0100 icedove (17.0-1) experimental; urgency=low [ Christoph Goehre ] * [0b8ac79] replace transitional depens ttf-lyx with fonts-lyx (Closes: #676505) * [4473d67] fix typo in calendar-google-provider description * [b3a57c0] rebuild patch queue from patch-queue branch added patches: porting/Another-fix-to-build-ipc-code-on-GNU-hurd-and-kfreeb.patch [ Jens Reyer ] * [c0e30b6] clarify the relation between iceowl, lightning and sunbird (Closes: #686206) [ Guido Günther ] * [394b6a1] New upstream version 17.0 * [a17c23f] Update patches. The thunderbird-3-profile.patch got split into three since it addresses different issues: * Strip-version-number.patch * Icedove-branding.patch * Move-profile.patch * [01eef04] Don't overwrite DEB_BUILD_OPTIONS and drop dependency on essential package [ Ritesh Raj Sarraf ] * [1ab9095] Add parallel build support -- Guido Günther Sat, 24 Nov 2012 19:26:19 +0100 icedove (16.0.2-1) experimental; urgency=low [ Christoph Goehre ] * [e94445f] cleanup source.filer file * [33b9f4c] Imported Upstream version 12.0.1 [ Guido Günther ] * [88a39e3] watch: only look for two digit versions since 3.1.20 lacks the source/ dir * [eb4f5c3] New upstream version 14.0 * [b451442] Update patches for 14.0 obsolete patches: Avoid-libxpcom-being-excluded-from-linked-libraries-.patch Bug-515232-Try-getting-general.useragent.locale-as-a.patch Bug-696636-Block-OpenGL-1-drivers-explicitly-to-stee.patch Bug-710972-Define-G_VARIANT_TYPE_STRING_ARRAY-when-b.patch Bug-722127-Bump-required-libvpx-version-to-1.0.0.-r-.patch Bug-728136-Port-bug-528687-to-comm-central.patch Bug-728229-Allow-to-build-with-system-python-ply-lib.patch Bug-729817-Allow-the-Nouveau-driver-with-Mesa-8.0.1-.patch Bug-729817-Block-the-Nouveau-3D-driver-as-it-s-insta.patch Bug-734335-Only-build-SPS-on-supported-platforms.patch Revert-investigation-patch-for-bug-621446.patch Bug-698923-Don-t-require-16-bytes-alignment-for-VMFr.patch Bug-711353-Add-support-for-GNU-kFreeBSD-and-GNU-Hurd.patch modified patches: Add-another-preferences-directory-for-applications-p.patch Do-build-time-detection-of-2-bytes-wchar_t-and-char1.patch Don-t-build-example-component.patch Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch Gross-workaround-to-avoid-installing-test-idl-and-in.patch Ignore-system-libjpeg-libpng-and-zlib-version-checki.patch stop-configure-if-with-system-bz2-was-passed-but-no-.patch Allow-.js-preference-files-to-set-locked-prefs-with-.patch Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch Link-libldap-against-libpthread.patch Load-dependent-libraries-with-their-real-path-to-avo.patch Properly-launch-applications-set-in-HOME-.mailcap.patch Remove-the-js-shell-from-the-build-directory-during-.patch fix-branding-in-migration-wizard-and-the-addon-manag.patch fix-installdir.patch save-a-copy-of-a-attached-file-when-sending-from-OOo.patch thunderbird-3-profile.patch Change-extension-s-name-to-Iceowl.patch Add-xptcall-support-for-SH4-processors.patch Allow-ipc-code-to-build-on-GNU-hurd.patch Allow-ipc-code-to-build-on-GNU-kfreebsd.patch Bug-703833-Avoid-invalid-conversion-from-const-size_.patch Disable-optimization-on-alpha-for-the-url-classifier.patch Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch Don-t-auto-disable-extensions-in-system-directories.patch Set-javascript.options.showInConsole.patch Allow-to-build-against-system-libffi.patch * [907be61] Make sure we only match the generated files. Patch taken from iceowl 1.5 package * [772b9a0] Make system cairo work again. Patch taken from iceweasel. * [0b6a8b3] Update Add-another-preferences-directory-for-applications-p.patch to new method name. * [3395f21] Don't use APP_UA_NAME in application.ini since the replacement fails and isn't needed. * [6dea9fb] New upstream version 16.0.1 * [664153d] Add README.source describing howto import new upstream versions * [a653bd0] Adjust to upstream changes: * stop-configure-if-with-system-bz2-was-passed-but-no-.patch * [f088193] Add a proper patch header * to Fix-build-failure-for-header.py-and-typelib.py.patch so we don't lose the patch description. * [268cca5] New upstream version 16.0.2 * [a453a92] Rediff patches - no content changes * [263bbeb] BUILD_OFFICIAL is now MOZILLA_OFFICIAL * [a798e6b] Install dependentlibs.list to fix dlopen() of XPCOM [ Ritesh Raj Sarraf ] * [f871ba9] Refresh patches. Droped patches: * fixes/Remove-the-js-shell-from-the-build-directory-during-.patch * porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch * fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch * debian-hacks/Make-sure-we-only-match-the-generated-files.patch * [9b02e4c] Refreshed patches for TB16 * [dc83dd7] Fix build failure for header.py and typelib.py. Earlier builds were passing the --cachedir option Sometime during TB15, Mozilla changed that to variables. This change was not passing the --cachedir option, hence the build failure. This patch just hacks the build by passing the cachedir option manually -- Guido Günther Tue, 30 Oct 2012 22:05:49 +0100 icedove (11.0-1) experimental; urgency=low * [ffb767a] Imported Upstream version 11.0 (Closes: #663897) * [2b75f48] relax optimize to -O1 on sparc to fix FTBFS * [fa9a610] update build dependencies (Thanks to Mike) (Closes: #666722) * [5b552f2] rebuild patch queue from patch-queue branch added patches: - fixes/Bug-710972-Define-G_VARIANT_TYPE_STRING_ARRAY-when-b.patch - fixes/Bug-734335-Only-build-SPS-on-supported-platforms.patch - fixes/Revert-investigation-patch-for-bug-621446.patch modified patches: - fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch - icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch obsolete patches (fixed upstream): - debian-hacks/Fix-tracejit-to-build-against-nanojit-headers-in-dis.patch - debian-hacks/Install-missing-nanojit-and-.tbl-headers-from-js-src.patch - fixes/Bug-710268-Sign-NSS-libraries-only-when-they-exist-r.patch - fixes/Fixup-bz-730195-for-Linux-ARM-use-_URC_FOREIGN_EXCEP.patch - fixes/mozilla-config.h-was-renamed-js-confdefs.h-in-js-src.patch - fixes/Remove-generated-files-from-js-src-during-make-distc.patch - porting/Bug-703531-Fix-ARMAssembler-getOp2RegScale-on-ARMv5.patch - porting/Bug-703534-Fix-build-failure-on-platforms-without-YA.patch - porting/Bug-703842-Avoid-R_SPARC_WDISP22-relocation-in-Tramp.patch -- Christoph Goehre Wed, 18 Apr 2012 18:36:31 +0200 icedove (10.0.3-2) unstable; urgency=low [ Christoph Goehre ] * [1223204] bump up standards version to 3.9.3 [ Guido Günther ] * [7d7b5f5] Don't put symlinks into iceowl/extensions [ Christoph Goehre ] * [94c07e5] update copyright file * [88098a8] GNOME 3 integration: Use GIO instead of deprecated GnomeVFS. Thanks to Michael Biebl (Closes: #658688) * [9543fd1] add build depends python * [ec62dcb] build a debug package, if DEB_BUILD_OPTIONS contains 'debug' -- Christoph Goehre Tue, 27 Mar 2012 18:21:52 +0200 icedove (10.0.3-1) unstable; urgency=low [ Christoph Goehre ] * [ee4b49c] adjust source.filter list * [b5f3064] New Upstream version 10.0.3 (Closes: #661115, #663897) * [fd35da8] build against system python-ply * [4964bb2] build against system libreadline * [5412685] rebuild patch queue from patch-queue branch added patches: - debian-hacks/Don-t-build-example-component.patch - fixes/Bug-515232-Try-getting-general.useragent.locale-as-a.patch - fixes/Bug-628252-os2.cc-fails-to-compile-against-GCC-4.6-m.patch - fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch - fixes/Bug-696636-Block-OpenGL-1-drivers-explicitly-to-stee.patch - fixes/Bug-710268-Sign-NSS-libraries-only-when-they-exist-r.patch - fixes/Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch - fixes/Bug-722127-Bump-required-libvpx-version-to-1.0.0.-r-.patch - fixes/Bug-728136-Port-bug-528687-to-comm-central.patch - fixes/Bug-728229-Allow-to-build-with-system-python-ply-lib.patch - fixes/Bug-729817-Allow-the-Nouveau-driver-with-Mesa-8.0.1-.patch - fixes/Bug-729817-Block-the-Nouveau-3D-driver-as-it-s-insta.patch - fixes/Fixup-bz-730195-for-Linux-ARM-use-_URC_FOREIGN_EXCEP.patch - fixes/Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch - fixes/Link-libldap-against-libpthread.patch - fixes/Load-dependent-libraries-with-their-real-path-to-avo.patch - porting/Bug-703534-Fix-build-failure-on-platforms-without-YA.patch - prefs/Don-t-auto-disable-extensions-in-system-directories.patch (Closes: #648712) modified patches: - debian-hacks/Install-missing-nanojit-and-.tbl-headers-from-js-src.patch - fixes/Allow-.js-preference-files-to-set-locked-prefs-with-.patch - fixes/Properly-launch-applications-set-in-HOME-.mailcap.patch - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch - porting/Allow-ipc-code-to-build-on-GNU-hurd.patch - porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch - prefs/Set-javascript.options.showInConsole.patch obsolete patches (fixed upstream): - debian-hacks/get-ride-of-default-debian-hardering-options.patch - iceowl/Install-calendar-timezones-mode-0644-not-0755.patch - porting/Add-mips-hppa-ia64-s390-and-sparc-defines-in-ipc-chr.patch - porting/Bug-680917-Use-a-pool-size-of-16kB-on-ia64-for-bump-.patch - porting/Bug-694533-LDRH-STRH-LDRSB-STRSB-are-supported-on-AR.patch - porting/Bug-696393-Reimplement-NS_InvokeByIndex-in-C-on-S390.patch - porting/Revert-bz-164580.patch [ Michael Biebl ] * [c0a3ee2] Install chrome.manifest file to ensure the various components (like GNOME support module) are correctly loaded. (Closes: #658479) [ Christoph Goehre ] * [02687fc] adjust install/link files for new upstream * [b551d6a] omni.jar was renamed to omni.ja -- Christoph Goehre Sat, 24 Mar 2012 23:10:47 +0100 icedove (9.0.1-1) experimental; urgency=low * [e2002b8] New Upstream version 9.0.1 (Closes: #653266, #653556) * [9c14e8b] replace dfsg cleanup script with Mike's repack.py * [2a34bd8] rebuild patch queue from patch-queue branch added patches: - porting/Bug-698923-Don-t-require-16-bytes-alignment-for-VMFr.patch - porting/Bug-703531-Fix-ARMAssembler-getOp2RegScale-on-ARMv5.patch - porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch - porting/Bug-703842-Avoid-R_SPARC_WDISP22-relocation-in-Tramp.patch - porting/Bug-711353-Add-support-for-GNU-kFreeBSD-and-GNU-Hurd.patch - porting/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch * [03ed85d] remove Build-Depends python-ply, it's shipped and searched in mozilla/other-licenses -- Christoph Goehre Tue, 24 Jan 2012 19:13:30 +0100 icedove (8.0-2) unstable; urgency=low * Upload to unstable * [b02c21d] fix crash in xpcshell on sparc linux -- Christoph Goehre Wed, 04 Jan 2012 18:09:14 +0100 icedove (8.0-1) experimental; urgency=low [ Guido Günther ] * [17a7a80] Add x-scheme-handler/mailto to. Thanks to Michael Biebl for the patch (Closes: #645556) [ Christoph Goehre ] * [4066038] New Upstream version 8.0 * [aa9105e] update autoconfig for e-mail accounts from riseup.net (Closes: #648907) * [decc1ac] fix wrong description text in iceowl-extension (Closes: #649073) * [c97dda6] rebuild patch queue from patch-queue branch added patches: - debian-hacks/Statically-link-jemalloc-to-all-programs.patch - fixes/Bug-670719-Only-add-DENABLE_JIT-1-to-CXXFLAGS-if-any.patch - fixes/Bug-680642-Don-t-enable-YARR-JIT-on-MIPS-as-the-impl.patch - porting/Bug-589735-Allocate-memory-with-an-address-with-high.patch - porting/Bug-589735-Allow-static-JS-strings-to-be-turned-off-.patch - porting/Bug-680917-Use-a-pool-size-of-16kB-on-ia64-for-bump-.patch - porting/Bug-694533-LDRH-STRH-LDRSB-STRSB-are-supported-on-AR.patch - porting/Bug-696393-Reimplement-NS_InvokeByIndex-in-C-on-S390.patch - porting/Revert-bz-164580.patch -- Christoph Goehre Sun, 20 Nov 2011 19:58:37 +0100 icedove (8.0~b4-2) experimental; urgency=low [ Guido Günther ] * [5d043ec] Install calendar extension * [07feb49] Change extension's name to Iceowl * [c597212] iceowl-extension: don't ignore errors in postinst * [30ec51d] Disable patch numbers * [73f80ed] Don't install timezones file mode 0755 [ Christoph Goehre ] * [0fa13be] remove duplicate build depends unzip -- Christoph Goehre Tue, 08 Nov 2011 22:29:19 +0100 icedove (8.0~b4-1) experimental; urgency=low * [4e90977] New Upstream Version 8.0b4 (Closes: #591771, #638161) * [955423a] replace duplicate .so files in icedove and icedove-dev with symlinks * [6ffb325] remove obsolete cdbs rule to extract tarball * [f98837b] build against libnotify4 (libnotify-dev >= 0.7)(Closes: #637194) * [66f72bc] Build-depend on libjpeg-dev instead of libjpeg62-dev * [8af21a2] rebuild patch queue from patch-queue branch added patches: - debian-hacks/get-ride-of-default-debian-hardering-options.patch - fixes/packager-fails-when-MOZILLA_DIR-is-a-relative-path.patch modified patches: - icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch obsolete patches (fixed upstream): - debian-hacks/bzXXX-ftbfs-static-with-system-hunspell.patch - fixes/Bug-626035-Modify-the-way-arm-compiler-flags-are-set.patch - fixes/Bug-639554-Install-sdk-bin-with-make-install.-r-bsme.patch - fixes/Bug-640494-part-1-Get-rid-of-STL-algorithm-use-in-js.patch - fixes/Bug-640494-part-2-Use-bitwise-operations-in-JSDOUBLE.patch - fixes/Bug-652139-Use-an-integer-type-in-DocumentViewerImpl.patch - fixes/Bug-662224-Define-NS_ATTR_MALLOC-and-NS_WARN_UNUSED_.patch - fixes/Bug-668906-Do-not-call-openUnsharedDatabase-with-a-n.patch - fixes/Bug-671564-Initialize-NS_XPCOM_LIBRARY_FILE-from-NS_.patch - fixes/Disable-building-embedded-libjpeg-turbo-when-buildin.patch - porting/Allow-to-build-yuv_convert_arm.cpp-on-armv4t.patch - porting/Bug-638056-Avoid-The-cacheFlush-support-is-missing-o.patch - porting/Fix-FTBFS-in-IPC-on-Linux-PPC.patch - porting/Fix-FTBFS-in-xpcom-base-on-armv4t.patch - system-libs/libxul-linking-error-with-enable-system-ffi-and-stat.patch * [5f6e50f] add Japanese translation for desktop menu entry. Thanks to Hideki Yamane (Closes: #640679) * [591f76c] add build depends unzip * [0af372f] remove upstream integrated CFLAGS and CXXFLAGS '-g -std=gnu++0x' * [a4c8b2f] adjust install and links file to new upstream * [332b7a8] Revert "override libtheora embedded-library error" no longer needed -- Christoph Goehre Sat, 05 Nov 2011 20:31:29 +0100 icedove (5.0-2) experimental; urgency=low * [7f92927] fix FTBFS on ia64: use gcc with -O2 instead of -Os * [b6b8dea] Disable methodjit on armel * [5b45336] remove obsolete conffiles with dpkg-maintscript-helper (Closes: #636819) * [868cfa3] rebuild patch queue from patch-queue branch added patches: - porting/Allow-ipc-code-to-build-on-GNU-hurd.patch - fix building on GNU/hurd - Thanks to Pino Toscano -- Christoph Goehre Sun, 07 Aug 2011 15:35:09 +0200 icedove (5.0-1) experimental; urgency=low * New Upstream Version (Closes: #632037) * [98c5a8f] build against libffi and libvpx * [52dff12] build javascript lib as shared library * [6f1c24d] build against mozilla png library * [9e16beb] c-sdk moved from directory/sdks/c-sdk to ldap/sdks/c-sdk * [57763a0] override libtheora embedded-library error * [fc71b62] adjust install/links files for new upstream version * [6e83a58] Revert "lintian: override ancient-libtool warning" override no longer needed * [d65b463] change hardcoded list of non-Linux build depends into linux-any (Closes: #634301) * [ff3a8f3] remove file compare in build run * [a21efa9] add branding for icedove 5.0 * [7023939] update porting/Fix-FTBFS-in-xpcom-base-on-armv4t.patch - fix building on armhf -- Christoph Goehre Wed, 03 Aug 2011 18:25:17 +0200 icedove (3.1.11-1) unstable; urgency=high * New Upstream Version - MFSA 2011-19 aka CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2376: Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) - MFSA 2011-20 aka CVE-2011-2373: Use-after-free vulnerability when viewing XUL document with script disabled - MFSA 2011-21 aka CVE-2011-2377: Memory corruption due to multipart/x-mixed-replace images - MFSA 2011-22 aka CVE-2011-2371: Integer overflow and arbitrary code execution in Array.reduceRight() - MFSA 2011-23 aka CVE-2011-0083, CVE-2011-0085, CVE-2011-2363: Multiple dangling pointer vulnerabilities - MFSA 2011-24 aka CVE-2011-2362: Cookie isolation error * [2a82ce8] DM-Upload-Allowed is superfluous since I'm DD -- Christoph Goehre Sun, 26 Jun 2011 10:35:31 +0200 icedove (3.1.10-2) unstable; urgency=low * [de81b7f] remove obsolete build depends libxp-dev (Closes: #623668) * [633782d] change DEB_HOST_MULTIARCH back to DEB_HOST_GNU_TYPE and downgrade sqlite version (Closes: #627598) -- Christoph Goehre Mon, 06 Jun 2011 20:53:54 +0200 icedove (3.1.10-1) unstable; urgency=high * New Upstream Version (Closes: #625207) - MFSA 2011-12 aka CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081: Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19) - MFSA 2011-16 aka CVE-2011-0071: Directory traversal in resource: protocol * [78e0217] build against system libbz2 * [e6af761] build against system libpng * [4b57c30] build against system libhunspell * [937f0bd] double check to build against most system libraries * [d6de723] rebuild patch queue from patch-queue branch added patches (Closes: #624969): - 0072-fix-building-with-gcc-4.6-Add-constructor-to-placate.patch - 0073-fix-building-with-gcc-4.6-os2.cc-missing-include-cst.patch - 0074-Add-constructor-for-nsCaseInsensitiveStringComparato.patch - 0075-Add-constructor-for-nsXULAppInfo-which-inherits-from.patch - 0076-Add-constructor-for-GTKEmbedDirectoryProvider.patch modified patches: - 0056-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch obsolete patches (fixed upstream): - 0051-Do-exec-instead-of-uselessly-forking-in-xulrunner-la.patch - 0072-Add-support-for-libnotify-0.7.patch * [e190ef1] bump up standards version to 3.9.2 (change DEB_HOST_GNU_TYPE to DEB_HOST_MULTIARCH) -- Christoph Goehre Tue, 10 May 2011 20:03:04 +0200 icedove (3.1.9-2) unstable; urgency=low * Upload to unstable * [ace3b6f] rebuild patch queue from patch-queue branch added patches: - 0072-Add-support-for-libnotify-0.7.patch * [910f213] use DEP5 for copyright file * [3ae4c8b] set global section to 'mail' * [42c9c89] icedove.1: icedove is derived from Thunderbird instead of Mozilla suite -- Christoph Goehre Sat, 02 Apr 2011 09:43:04 +0200 icedove (3.1.9-1) experimental; urgency=low * New Upstream Version - MFSA 2011-01 aka CVE-2011-0053, CVE-2011-0062: Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) - MFSA 2011-08 aka CVE-2010-1585: ParanoidFragmentSink allows javascript: URLs in chrome documents - MFSA 2011-09 aka CVE-2011-0061: Crash caused by corrupted JPEG image * [699536a] rebuild patch queue from patch-queue branch added patches: - 0069-save-a-copy-of-a-attached-file-when-sending-from-OOo.patch (Closes: #505875) - 0070-News-article-is-empty-if-selected-during-download-fr.patch (Closes: #487494) - 0071-restore-icedove-on-login-by-session-management.patch (Closes: #403458) modified patches: - 0003-no_dynamic_nss_softokn.patch - 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch - 0030-Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch * [98d8ac0] c-sdk move to sdks/c-sdk - adjust debian/{copyright,remove.nonfree,rules} -- Christoph Goehre Wed, 09 Mar 2011 20:21:59 +0100 icedove (3.1.7-1) experimental; urgency=low * New Upstream Version (Closes: #606977) - MFSA 2010-74 aka CVE-2010-3776, CVE-2010-3777: Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16) - MFSA 2010-75 aka CVE-2010-3769: Buffer overflow while line breaking after document.write with long string - MFSA 2010-78 aka CVE-2010-3768: Add support for OTS font sanitizer * [46e3e8a] rebuild patch queue from patch-queue branch added patches: - 0068-fix-forwarding-of-Simple-HTML-email.patch obsolete patches (fixed upstream): - 0017-Implement-sync_instruction_memory-for-sparc-linux.patch - 0059-Fix-startup-problem-with-symlinked-components-e.g.-e.patch * [9fcce0c] add license info for gfx/ots -- Christoph Goehre Mon, 13 Dec 2010 17:59:50 +0100 icedove (3.1.6-1) experimental; urgency=low * New Upstream Version (Closes: #601334) - MFSA 2010-64 aka CVE-2010-3175, CVE-2010-3176: Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14) - MFSA 2010-65 aka CVE-2010-3179: Buffer overflow and memory corruption using document.write - MFSA 2010-66 aka CVE-2010-3180: Use-after-free error in nsBarProp - MFSA 2010-67 aka CVE-2010-3183: Dangling pointer vulnerability in LookupGetterOrSetter - MFSA 2010-69 aka CVE-2010-3178: Cross-site information disclosure via modal calls - MFSA 2010-71 aka CVE-2010-3182: Unsafe library loading vulnerabilities - MFSA 2010-73 aka CVE-2010-3765: Heap buffer overflow mixing document.write and DOM insertion * [270fd51] rebuild patch queue from patch-queue branch added patches: - 0069-Use-errno.ENOENT-instead-of-2-in-JarMaker.py.patch modified patches: - 0009-fix-branding-in-migration-wizard-and-the-addon-manag.patch * [24421f4] bump build depends for libnspr4-dev, libnss3-dev and libsqlite3-dev -- Christoph Goehre Wed, 10 Nov 2010 07:11:17 +0100 icedove (3.1.4-1) experimental; urgency=low * New Upstream Version -- Christoph Goehre Sat, 18 Sep 2010 18:25:37 +0200 icedove (3.1.3-1) experimental; urgency=low * New Upstream Version - MFSA 2010-49 aka CVE-2010-3169: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12) - MFSA 2010-50 aka CVE-2010-2765: Frameset integer overflow vulnerability - MFSA 2010-51 aka CVE-2010-2767: Dangling pointer vulnerability using DOM plugin array - MFSA 2010-53 aka CVE-2010-3166: Heap buffer overflow in nsTextFrameUtils::TransformText - MFSA 2010-54 aka CVE-2010-2760: Dangling pointer vulnerability in nsTreeSelection - MFSA 2010-55 aka CVE-2010-3168: XUL tree removal crash and remote code execution - MFSA 2010-56 aka CVE-2010-3167: Dangling pointer vulnerability in nsTreeContentView - MFSA 2010-57 aka CVE-2010-2766: Crash and remote code execution in normalizeDocument - MFSA 2010-59 aka CVE-2010-2762: SJOW creates scope chains ending in outer object - MFSA 2010-61 aka CVE-2010-2768: UTF-7 XSS by overriding document charset using type attribute - MFSA 2010-62 aka CVE-2010-2769: Copy-and-paste or drag-and-drop into designMode document allows XSS - MFSA 2010-63 aka CVE-2010-2764: Information leak via XMLHttpRequest statusText * [9a03eb1] rebuild patch queue from patch-queue branch added patches: - 0060-fix-FTBFS-on-hurd.patch (Closes: #595665) - 0061-Enable-x64-JIT-backend-by-default.patch - 0062-Fix-unaligned-reads-in-qcms.patch - 0063-Import-js-src-nanojit-njcpudetect.h.patch - 0064-Use-clz-on-android-even-for-armv5-target.patch - 0065-Fix-ARM-verbose-assembly-output-for-BLX.patch - 0066-Get-rid-of-blx_lr_bug.patch - 0067-Avoid-some-ARM-CPU-arch-related-runtime-tests-depend.patch - 0068-ARMv4T-support-for-nanojit.patch -- Christoph Goehre Tue, 14 Sep 2010 13:41:19 +0200 icedove (3.1.2-2) experimental; urgency=low * [e1435dc] rebuild patch queue from patch-queue branch added patches: - 0060-Fix-startup-problem-with-symlinked-components-e.g.-e.patch (Closes: #592531) modified patches: - 0048-Add-nanojit-support-for-ARMv4T.patch - Fix FTBFS on armel -- Christoph Goehre Sat, 21 Aug 2010 14:51:03 +0200 icedove (3.1.2-1) experimental; urgency=low * New Upstream Version (Closes: #589666, #591899) - MFSA 2010-34 aka CVE-2010-1211, CVE-2010-1212: Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) - MFSA 2010-38 aka CVE-2010-1215: Arbitrary code execution using SJOW and fast native function - MFSA 2010-39 aka CVE-2010-2752: nsCSSValue::Array index integer overflow - MFSA 2010-40 aka CVE-2010-2753: nsTreeSelection dangling pointer remote code execution vulnerability - MFSA 2010-41 aka CVE-2010-1205: Remote code execution using malformed PNG image - MFSA 2010-42 aka CVE-2010-1213: Cross-origin data disclosure via Web Workers and importScripts - MFSA 2010-43 aka CVE-2010-1207: Same-origin bypass using canvas context - MFSA 2010-44 aka CVE-2010-1210: Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish - MFSA 2010-46 aka CVE-2010-0654: Cross-domain data theft using CSS - MFSA 2010-47 aka CVE-2010-2754: Cross-origin data leakage from script filename in error messages * [6b9976e] rebuild patch queue from patch-queue branch modified patches: - 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch - 0015-Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch - 0018-Work-around-FTBFS-on-mips-by-disabling-TLS-support.patch - 0034-Fix-compiler-errors-with-g-4.4-with-std-gnu-0x.patch - 0045-Expose-fullpath-from-nsIPluginTag.patch - 0047-Use-syscall-for-mmap-and-munmap-and-disable-ncpus-in.patch - 0050-Set-javascript.options.showInConsole.patch - 0057-Allow-to-build-against-system-libffi.patch - 0058-Ignore-system-libjpeg-libpng-and-zlib-version-checki.patch - 0059-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch * [16b0e7e] fix FTBFS on kfreebsd-* and hurd-i386 by passing --disable-necko-wifi to configure (Closes: #589476) * [15a02c7] bump up standards version to 3.9.1 -- Christoph Goehre Fri, 13 Aug 2010 12:18:21 +0200 icedove (3.1-1) experimental; urgency=low * New Upstream Version * [124a316] add additional build depends libnotify-dev * [5ed6a72] adjust branding for Icedove 3.1 * [bed8969] install further js files shipped with Icedove 3.1 * [02456e6] replace blue icedove icons with green version * [036921f] regenerate patch queue for 3.1 Icedove release * [a7fa393] build with system ffi * [d8650f7] ship icedove svg file for low resolution icons too * [7718c55] bump Standards Version to 3.9.0 and downgrade Conflicts to Breaks * [9621fc6] lintian: override ancient-libtool warning -- Christoph Goehre Sat, 17 Jul 2010 17:19:58 +0200 icedove (3.0.5-1) unstable; urgency=low * New Upstream Version - MFSA 2010-25 aka CVE-2010-1121: Re-use of freed object due to scope confusion - MFSA 2010-26 aka CVE-2010-1200, CVE-2010-1201, CVE-2010-1202: Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10) - MFSA 2010-29 aka CVE-2010-1196: Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal - MFSA 2010-30 aka CVE-2010-1199: Integer Overflow in XSLT Node Sorting * [9774410] rebuild patch queue from patch-queue branch added patches: - 0045-Fix-misalignments-in-help-command-line.patch - 0046-Fix-misalignments-in-help-command-line.patch - 0047-KDE-Gnome-startup-notification-not-disappearing-when.patch - 0048-KDE-Gnome-startup-notification-not-disappearing-for-.patch - 0049-Use-char16_t-when-available-and-when-it-is-don-t-tes.patch - 0050-Fix-compiler-errors-with-g-4.4-with-std-gnu-0x.patch - 0051-Add-xptcall-support-for-SH4-processors.patch modified patches: - 0028-Avoid-crashing-when-trying-to-kill-a-nsProcess-that-.patch obsolete patches (fixed upstream): - 0021-Avoid-creating-the-updates-directory-when-update-ser.patch - 0035-Fix-stack-alignment-on-function-calls-in-JIT-on-ARM.patch * [3b98c84] avoid unneeded package depends by building with '-Wl,--as-needed' * [0067020] Build with -std=gnu++0x * [72d4300] add pkg-config file for icedove (Closes: #577740) * [e6af35d] enlarge package description with specification from icedove 2.0 (Closes: #565887) * [ef0bc10] add support for new Debian arch: powerpcspe (Closes: #586100) - thanks to Sebastian Andrzej Siewior * [5ae6099] use high bandwidth server in watch file to get new upstream release * [5e6d641] remove obsolete build depends libkrb5-dev * [8ed7848] remove unused DEBIAN_VERSION vars in rules file * [9959bd5] DEB_HOST_GNU_TYPE, DEB_BUILD_GNU_TYPE and DEB_BUILD_ARCH are defined by cdbs too * [9f6c088] Fix misalignments in --help command line -- Christoph Goehre Sat, 19 Jun 2010 23:26:55 +0200 icedove (3.0.4-3) unstable; urgency=low * [4026b50] icedove-dev need depend on libnspr4-dev and libnss3-dev (Closes: #455725) * [1fee936] don't run configure with --enable-optimize and --disable- optimize if DEB_BUILD_OPTIONS contains noopt * [02c0ea3] ship account autoconfig file for Riseup Networks (riseup.net) (Closes: #577616) * [e710d08] suggest libgssapi-krb5-2 for Kerberos login possibility * [7609291] build a shared icedove binary. This avoid crashes because of mixed functions from system and icedove itself (e.g. str2charray from libldap_r-2.4.so.2 and libldap60.so). (Closes: #578916) * [68f4b49] downgrade gnome stuff from Recommends to Suggests (Closes: #579714) * [bcff10b] install mailViews.dat into usr/share/icedove/defaults/messenger -- Christoph Goehre Fri, 14 May 2010 22:21:32 +0200 icedove (3.0.4-2) unstable; urgency=low * [57f0a8b] remove icedove-3.0 transitional package (Closes: #576741) * [8008231] remove wrong mime types in desktop file * [a12edde] set StartupWMClass in desktop file to Icedove-bin * [7512224] extend package description of icedove, icedove-dev and icedove-dbg * [7e725b9] fix FTBFS on alpha by passing '-Wl,--no-relax' to gcc * [92d3515] Switch to dpkg-source 3.0 (quilt) format * [14d5894] rebuild patch queue from patch-queue branch added patches: - 0046-add-missing-headers-for-icedove-dev-package.patch (Closes: #577021) modified patches: - 0012-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch - 0020-Work-around-FTBFS-on-mips-by-disabling-TLS-support.patch * [2cdd850] remove obsolete thunderbird 3.0a1pre postinst stuff * [443f44b] process directory/c-sdk/configure with autoconf too * [66c2f65] remove obsolete build depends librsvg2-bin and patchutils -- Christoph Goehre Sun, 11 Apr 2010 12:44:26 +0200 icedove (3.0.4-1) unstable; urgency=low [ Guido Günther ] * [01983a4] Add missing message/rfc822 mime type for eml files (Closes: #574528) [ Christoph Goehre ] * New Upstream Version fixes: - MFSA 2010-16 aka CVE-2010-0173, CVE-2010-0174: Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19) - MFSA 2010-17 aka CVE-2010-0175: Remote code execution with use-after-free in nsTreeSelection - MFSA 2010-18 aka CVE-2010-0176: Dangling pointer vulnerability in nsTreeContentView - MFSA 2010-22 aka CVE-2009-3555: Update NSS to support TLS renegotiation indication - MFSA 2010-24 aka CVE-2010-0182: XMLDocument::load() doesn't check nsIContentPolicy * upload icedove 3 to unstable (Closes: #401848, #422886, #425497, #430644, #483550, #495522, #501113, #552617, #574188) * rebuild patch queue from patch-queue branch: added patches: - 0044-don-t-remove-xpt-tools.patch - 0045-Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch modified patches: - 0011-fix-branding-in-migration-wizard-and-the-addon-manag.patch - 0012-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch - 0030-Force-better-nsAutoT-Ptr-Array-buffer-alignment.patch - 0035-Fix-stack-alignment-on-function-calls-in-JIT-on-ARM.patch obsolete patches (fixed upstream): - 0021-Fix-crash-with-SwitchProxy-installed.patch - 0023-Don-t-remove-build-automationutils.py-on-make-clean.patch - 0039-Don-t-show-the-SVG-output-option-in-the-print-dialog.patch * [a7f3529] Revert "disable prefetch service". This bug was already fixed in 3.0.2 (CVE-2009-4629) and 'network.prefetch-next' has no effect in icedove. * [fecc0b4] install versioned build depends instead of checking on build time * [4806890] enable building of icedove-dev package * [412b8ac] be more explicit on installing file into icedove package * [23b1d4b] depends on newer version of libnspr4-dev and libnss3-dev * [809c723] lintian: idl files didn't need to be executable * [ecd284e] lintian: add ${shlibs:Depends} to icedove-dev package * [da75ee2] replace/remove non-free searchplugin icons and doubtful origin file in mozilla folder (Closes: #567917) * [eaf405e] update /usr/lib/icedove/dictionaries symlink to point to /usr/share/hunspell * [fe362ba] describe profile renaming on update to icedove 3.0 (Closes: #566329) -- Christoph Goehre Mon, 05 Apr 2010 21:11:42 +0200 icedove (3.0.3-1) experimental; urgency=low * New Upstream Version fixes: - missing folders or empty folder pane after updating to version 3.0.2 * [a69cdfd] rebuild patches from patch-queue: - additional fix for FTBFS on kfreeBSD * [e4bffd4] disable prefetch service (Closes: #572789) * [3838bbe] branding files shouldn't be executable * [3dc6688] add missing newline in logo license file -- Christoph Goehre Sat, 06 Mar 2010 21:48:50 +0100 icedove (3.0.2-1) experimental; urgency=low * New Upstream Version fixes: - MFSA 2010-01 aka CVE-2010-0159: Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18) - MFSA 2010-03 aka CVE-2009-1571: Use-after-free crash in HTML parser * [1fd705f] install menu file (Closes: #569166) * [8df3f99] generate desktop files at build process * [5b0bb84] add icedove branding logos * [1ef1c10] copyright explanation of icedove artwork (Closes: #406849) * [6cdc0b0] remove forgotten firefox branding icons (Closes: #567917) * [cec6a38] swedish translation for desktop file (Closes: #420050) * [0256328] readd translation for desktop file * [20311f4] rebuild patches (most patches from Mike Hommey) - fix FTBFS on kFreeBSD, hppa, mips - stability patched for mips, alpha, sparc, ppc and arm - really cleanup build directory on 'make clean/distclean' - allow intl.locale.matchOS to be modified in user profile * [0098f90] write manpage for icedove (Closes: #425490, #487493) * [fbccfaa] no longer suggest libthai0 (Closes: #524436) * [26d3e39] change suggests from transitional package latex-xft-fonts to ttf-lyx (Closes: #539535) * [e24801a] improve desktop file (remove deprecated items and warnings/errors) * [68885c4] bump up standards version to 3.8.4 * [df39ede] use xpm icon in menu file to calm lintian * [8303887] adjust sqlite version to new upstream dependency -- Christoph Goehre Sun, 28 Feb 2010 18:19:13 +0100 icedove (3.0.1-2) experimental; urgency=low [ Guido Günther ] * [7ea7367] Explicitly pass build and host type to configure (Closes: #546011) - thanks to Sven Joachim for the patch * [7fca9e1] Add back icedove changelog of earlier versions [ Christoph Goehre ] * [72b78cc] Support both - and _ separators in dictionary names - patch from Reed Loden * [9a96759] fix branding in migration wizard and the addon manager (Closes: #565559)- patch from Edward J. Shornock -- Christoph Goehre Tue, 02 Feb 2010 20:32:24 +0100 icedove (3.0.1-1) experimental; urgency=low * New Upstream Version * [8a2f5dc] define default options for git-import-orig * [ac65b1b] refresh debian patches * [851c5dc] rename binary packages to icedove (without version number) * [6e12d1b] adjust cairo version to 1.8.8 * [cd7cd6f] moving the old profile dir instead of copy * [c342380] replace theme directory always by link to /usr/share if we update to version 3 * [c88eaa7] expansion of lib{dbusservice,mozgnome,nkgnomevfs}.so didn't work with dpkg-shlibdeps - lets use the '-e' switch -- Christoph Goehre Thu, 21 Jan 2010 20:53:57 +0100 icedove (3.0-2) experimental; urgency=low * [f07e702] Add Replaces for icedove-gnome-support * [72e66e7] Fix typo -- Guido Günther Fri, 08 Jan 2010 16:05:10 +0100 icedove (3.0-1) experimental; urgency=low * Final upstream version without any source code changes against RC2 [ Guido Günther ] * [77d611e] Add Vcs-{Git,Browser} * [ec7ddd6] Move VCS to where they belong [ Christoph Goehre ] * [524d1f5] don't hardcode $MOZ_APP_NAME in Makefile.in file * [0407ff3] mailclient bin called now $DEB_MOZ_APPLICATION * [e6040b5] merge icedove-3.0-gnome-support into icedove-3.0 package * [07417e0] install default theme and components/*.js into /usr/share/icedove-3.0 * [3d37478] add missed components files * [f09cfad] add another preferences directory for applications: preferences/syspref - thanks to Mike Hommey * [d92e265] install debian config into /etc/icedove-3.0/pref and link into defaults/syspref * [18a886b] disable application update * [76ea38a] let lockPref() in .js files work - thanks to Mike Hommey * [e44133e] gnome-default-mail-client: check for MOZ_APP_NAME instead for hardcoded 'thunderbird' * [8573c8d] set DM-Upload-Allowed to yes * [1c63920] install modules directory into /usr/share/icedove-3.0 * [3a85ac6] add gbp.conf for easier package build with git-buildpackage * [7feb54a] add watch file * [e0a1624] document how to clean upstream source code -- Christoph Goehre Fri, 08 Jan 2010 10:42:09 +0100 icedove (3.0~rc2-2) experimental; urgency=low [ Christoph Goehre ] * [5b7992b] rename source package to unversioned name * [cde3507] change Maintainer back to asac, add Uploaders Guido and me * [978c58d] disable icedove-3.0-dev package build for now until it is fixed upstream * Upstream is identical to 3.0 final -- Guido Günther Thu, 17 Dec 2009 18:36:58 +0100 icedove-3.0 (3.0~rc2-1) experimental; urgency=low [ Christoph Goehre ] * New Upstream Version (RC2) - fixes 494014, 516950, 531278, 531502 in Mozilla Bugzilla * [fc3fa5c] Revert "mark icedove-3.0-dev as transitional package for xulrunner-dev" [ Guido Günther ] * [51c1cca] Bump standards version * [5e2a53c] Refer to versioned license * [171f382] s/explicitely/explicitly/ -- Christoph Goehre Tue, 08 Dec 2009 18:46:28 +0100 icedove-3.0 (3.0~rc1-1) experimental; urgency=low * New Upstream Version (RC1) * [cce57db] ship extracted upstream tarball in orig file * [ee7677f] remove obsolet licence fix * [7051ca8] install TB_ICON only once * [4f20bb1] add unbranded preview theme icon * [0002285] install non-binary stuff in /usr/share and link it into /usr/lib * [c9ce50f] get right of system myspell * [5c96edf] remove version check for hunspell in debian/rules * [13b57a3] mark icedove-3.0-dev as transitional package for xulrunner-dev * [8ecaec9] all packages need ${misc:Depends} as depends, if we use debhelper * [fc0dd78] dbg package must have section debug and priority extra * [3a00f22] enable more config options and add build depends (filched from iceape 2.0) * [fd8e3ca] build against system sqlite if available * [81165e1] build with 'export BUILD_OFFICIAL=1' -- Christoph Goehre Thu, 03 Dec 2009 10:16:46 +0100 icedove-3.0 (3.0~b3~hg20090713r3057-1~gbp253e4ab) sid; urgency=low * New snapshot. -- Guido Günther Tue, 14 Jul 2009 10:24:57 +0200 icedove-3.0 (3.0~b3~hg20090713r3057-1~gbpefd0706) sid; urgency=low * New snapshot. -- Guido Günther Tue, 14 Jul 2009 10:24:50 +0200 icedove-3.0 (3.0~b3~hg20090713r3057-1~gbpfeeee47) sid; urgency=low * New snapshot. -- Guido Günther Tue, 14 Jul 2009 10:11:10 +0200 icedove-3.0 (3.0~b3~hg20090505r2552-1~gbp595a0b7) sid; urgency=low * New snapshot. -- Guido Günther Tue, 05 May 2009 18:03:25 +0200 icedove-3.0 (3.0~b3~hg20090427r2499-1~gbpbeb7cd6) sid; urgency=low * New snapshot. -- Guido Günther Mon, 27 Apr 2009 20:05:51 +0200 icedove-3.0 (3.0~b3~hg20090427r2499-1~gbp80a8829) sid; urgency=low * New snapshot. -- Guido Günther Mon, 27 Apr 2009 19:56:09 +0200 icedove-3.0 (3.0~b3~hg20090422r2448-1~gbpd4ee3b3) pkg-mozext; urgency=low * New snapshot. -- Guido Günther Wed, 22 Apr 2009 09:14:54 +0200 icedove-3.0 (3.0~b3~hg20090421r2441-1~gbp66d9bed) pkg-mozext; urgency=low * New snapshot. -- Guido Günther Tue, 21 Apr 2009 19:35:09 +0200 icedove-3.0 (3.0~b3~hg20090420r2424-1~gbp47b25b8) pkg-mozext; urgency=low * New snapshot. -- Guido Günther Mon, 20 Apr 2009 11:28:56 +0200 icedove-3.0 (3.0~b3~hg20090418r2418+nobinonly-1~0~gbpa19783) pkg-mozext; urgency=low * Initial release -- Guido Günther Sun, 19 Apr 2009 13:44:33 +0200 icedove (2.0.0.22-1.1) unstable; urgency=low * Non-maintainer upload. * update /usr/lib/icedove/dictionaries symlink to point to /usr/share/hunspell (closes: #549876) * add $[shlibs:Depends} to iceape-dev -- Rene Engelhard Mon, 09 Nov 2009 17:11:50 +0100 icedove (2.0.0.22-1) unstable; urgency=low * New upstream security/stability update (v2.0.0.21/v2.0.0.22) (Closes: 535124) * MFSA 2009-33: Crash viewing multipart/alternative message with text/enhanced part * MFSA 2009-32 aka CVE-2009-1841: JavaScript chrome privilege escalation * MFSA 2009-29 aka CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null * MFSA 2009-27 aka CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests * MFSA 2009-24 aka CVE-2009-1832+CVE-2009-1831: Crashes with evidence of memory corruption (rv:1.9.0.11) * MFSA 2009-17 aka CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme * MFSA 2009-14 aka CVE-2009-1303+CVE-2009-1302: Crashes with evidence of memory corruption (rv:1.9.0.9) * MFSA 2009-15 aka CVE-2009-0652: URL spoofing with box drawing character * MFSA 2009-10 aka CVE-2009-0040: Upgrade PNG library to fix memory safety hazards * MFSA 2009-09 aka CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect * MFSA 2009-07 aka CVE-2009-0771,-0772,-0773,-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) * MFSA 2009-01 aka CVE-2009-0352,CVE-2009-0353 Crashes with evidence of memory corruption (rv:1.9.0.6) * adjust patches to changed codebase - update debian/patches/ubuntu-mail-app-xre-name -- Alexander Sack Wed, 01 Jul 2009 12:18:03 +0200 icedove (2.0.0.19-1) unstable; urgency=medium * New upstream security/stability update (v.2.0.0.18/2.0.0.19) Closes: 505563 2.0.0.18: * MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect * MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering * MFSA 2008-52 aka CVE-2008-5017 - Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18); Browser engine crash in "Firefox 2 and 3" * MFSA 2008-52 aka CVE-2008-5018 - Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18); JavaScript engine crash - "Firefox 2 and 3" * MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager * MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation * MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace * MFSA 2008-59 aka CVE-2008-4582 - Script access to .documentURI and .textContent in mail 2.0.0.19: * MFSA 2008-60 aka CVE-2008-5500 - Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19); Layout engine crashes - Firefox 2 and 3 * MFSA 2008-61 aka CVE-2008-5503 - Information stealing via loadBindingDocument * MFSA 2008-64 aka CVE-2008-5506 - XMLHttpRequest 302 response disclosure * MFSA 2008-65 aka CVE-2008-5507 - Cross-domain data theft via script redirect error message * MFSA 2008-66 aka CVE-2008-5508 - Errors parsing URLs with leading whitespace and control characters * MFSA 2008-67 aka CVE-2008-5510 - Escaped null characters ignored by CSS parser * apply Maintainers, Uploaders changes done in 2.0.0.17 upload to debian/control - update debian/control * adjust/refresh patches to changed upstream code - update debian/patches/moz-app-name-as-mail-binary-name - update debian/patches/autoconf2.13-rerun -- Alexander Sack Sat, 03 Jan 2009 16:27:42 +0100 icedove (2.0.0.17-1) unstable; urgency=low * New upstream security/stability update (v.2.0.0.17), Closes: #500721 * MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow * MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation * MFSA 2008-41 aka CVE-2008-4058, CVE-2008-4059, CVE-2008-4060 - Privilege escalation via XPCnativeWrapper pollution * MFSA 2008-42 aka CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064 - Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) * MFSA 2008-43 aka CVE-2008-4065, CVE-2008-4066 - BOM characters, low surrogates stripped from JavaScript before execution * MFSA 2008-44 aka CVE-2008-4067, CVE-2008-4068 - resource: traversal vulnerabilities * MFSA 2008-46 aka CVE-2008-4070 - Heap overflow when canceling newsgroup message [ Michael Casadevall ] * debian/control: - Changed maintainer to Ubuntu Mozillateam - Added Uploaders to the team - Set DM-Upload-Allowed - Bumped standards version to 3.8.0 [ Alexander Sack ] * Closes: #497491 - Icedove inappropriately sets file-/MIME-type associations in .desktop database; we drop the Mime-Type= entry from debian/icedove.desktop - update debian/icedove.desktop -- Michael Casadevall Sat, 18 Oct 2008 09:07:20 -0400 icedove (2.0.0.16-1) unstable; urgency=low * New upstream security/stability update (v2.0.0.16) fixes: * MFSA 2008-21 aka CVE-2008-2798 - Crashes with evidence of memory corruption * MFSA 2008-21 aka CVE-2008-2799 - Crashes with evidence of memory corruption * MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file * MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() * MFSA 2008-26 aka CVE-2008-0304 - (followup) Buffer length checks in MIME processing * MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in uninitialized memory being used * MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to spoof * MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block reflow * MFSA 2008-34 aka CVE-2008-2785 - Remote code execution by overflowing CSS reference counter * Closes: #483938 - add .desktop file translations (contributed by Timo Jyrinki ) - update debian/icedove.desktop (cherry pick rev77 from lp:~mozillateam/thunderbird/thunderbird.dev branch) * drop patches applied upstream - drop debian/patches/bz419350_attachment_306066.patch - update debian/patches/series (cherry pick rev78 from lp:~mozillateam/thunderbird/thunderbird.dev branch) * adjust patches diverged upstream - update debian/patches/ubuntu-look-and-feel-report-a-bug-menuitem (cherry pick rev80 from lp:~mozillateam/thunderbird/thunderbird.dev branch) * Closes: #489093 - add explicit -lfontconfig to linker flags used for gfx/ps module to fix ftbfs in intrepid - add debian/patches/bzXXX_ftbfs_fontconfig.patch - update debian/patches/series -- Alexander Sack Thu, 24 Jul 2008 17:38:51 +0200 icedove (2.0.0.14-1) unstable; urgency=medium * Upstream stability/security release, fixes + MFSA 2008-15 aka CVE-2008-1236 - Crashes with evidence of memory corruption (rv:1.8.1.13) - browser engine + MFSA 2008-15 aka CVE-2008-1237 - Crashes with evidence of memory corruption (rv:1.8.1.13) - javascript engine + MFSA 2008-14 aka CVE-2008-1233, CVE-2008-1234, CVE-2008-1235 - JavaScript privilege escalation and arbitrary code execution * update debian/remove.nonfree script to pull branding from bzr branch hosted at https://code.edge.launchpad.net/~mozillateam/thunderbird/icedove-branding-2.0.0.x - update debian/remove.nonfree * fix fallback https handler by adding pref("network.protocol-handler.app.https", "x-www-browser") to default system preference file. (Closes: #460954) - update debian/icedove.js * drop patches applied upstream: - delete debian/patches/bz399589_fix_missing_symbol_with_new_nss.patch - update debian/patches/series * fix broken reply-to-list extension (Closes: #439369) - add debian/patches/replytolist_2.x.patch - update debian/patches/series * fix ftbfs on ia64 (Closes: #477281) - add debian/patches/bz419350_attachment_306066.patch - update debian/patches/series * drop forced use of gcc/g++ 4.2 and use default compiler again; in turn we drop gcc-4.2 and g++-4.2 from Build-Depends - update debian/control - update debian/rules -- Alexander Sack Fri, 09 May 2008 17:57:55 +0200 icedove (2.0.0.12-1) unstable; urgency=low * New Upstream stability/security release, fixes various advisories: + CVE-2008-0416 aka MFSA 2008-13 Multiple XSS vulnerabilities from character encoding + CVE-2008-0304 aka MFSA 2008-12 Heap buffer overflow in external MIME bodies + CVE-2008-0418 aka MFSA 2008-05 Directory traversal via chrome: URI + CVE-2008-0415 aka MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution + CVE-2008-0412 and CVE-2008-0413 aka MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12) - layout and javascript * Fix severe problems for powerpc architecture, by reverting arch-detect patch to introduce special behaviour only when FORCE_USE_HOST_OS is set in environment. For now only s390 is special cased in rules - as thats the architecture we introduced this patch for (Closes: #461981). - update debian/rules - debian/patches/arch-detect * fix "FTBFS with libnss3-dev=3.12.0~beta2-1" by introducing symbols not exported by new nss anymore. Reuse thunderbird patch from ubuntu. (Closes: #470128) - added debian/patches/bz399589_fix_missing_symbol_with_new_nss.patch - update debian/patches/series * add Vcs-Bzr: header to control pointing to the mozillateam packaging branch https://code.launchpad.net/~mozillateam/thunderbird/icedove-2.0.0.x - update debian/control * introduce .autoreg feature and touch /usr/lib/icedove/.autoreg in icedove-gnome-support.postinst and icedove-gnome-support.prerm iif that file exists. - update debian/rules - added debian/icedove-gnome-support.postinst - added debian/icedove-gnome-support.prerm * Adjust multiple patches because of changed upstream code base - update debian/patches/ubuntu-mail-app-xre-name - update debian/patches/autoconf2.13-rerun -- Alexander Sack Sat, 05 Apr 2008 23:05:11 +0200 icedove (2.0.0.9-3) unstable; urgency=low * drop network.protocol-handler.external.http setting as it caused regressions (Closes: 459564) - update debian/icedove.js -- Alexander Sack Wed, 09 Jan 2008 18:56:28 +0100 icedove (2.0.0.9-2) unstable; urgency=low * pass host arch information to configure and trust the supplied architecture information. Thanks to Bastian Blank. (Closes: 445959) - update debian/rules - add debian/patches/arch-detect - update debian/patches/autoconf2.13-rerun - update debian/patches/series * use /usr/lib/icedove/icedove as gnome integration command used to update gconf protocol handler. (Closes: 452919) - add debian/patches/icedove_gnome_command - update debian/patches/series * prefer gnome registry to lookup protocol handler if we are in a gnome session; in turn we enable x-www-browser as the http protocol by default (Closes: 452882) - add debian/patches/prefer_gnome_registry_in_gnome_session - update debian/patches/series - update debian/icedove.js -- Alexander Sack Sun, 30 Dec 2007 20:21:26 +0100 icedove (2.0.0.9-1) unstable; urgency=medium * new upstream stability/security update (v2.0.0.9): - MFSA 2007-36 aka CVE-2007-4841: "URIs with invalid %-encoding mishandled by Windows" - MFSA 2007-29 aka CVE-2007-5339: "Crashes with evidence of memory corruption (rv:1.8.1.8) - browser engine" - MFSA 2007-29 aka CVE-2007-5340: "Crashes with evidence of memory corruption (rv:1.8.1.8) - javascript engine" * adapt adapt patches to new upstream codebase: - drop debian/patches/bz389801_deb443454_fix_gtk_theme_crashes.patch - update debian/patches/68_mips_performance.dpatch - update debian/patches/series - update debian/patches/autoconf2.13-rerun * fix ftbfs due to changed cairo pc Requires: (Closes: 453179) - add debian/patches/bz344818_att264996.patch - update debian/patches/autoconf2.13-rerun - update debian/patches/series * add copyright file (Closes: 453365) - add debian/copyright * quote some if test ! ... lines to fix preinst errors (Closes: 427336) - update debian/icedove.preinst * update icedove menu section - use "Applications/Network/Communication" (Closes: 444903) - update debian/icedove.menu * don't try to install debian/tmp/usr/lib/icedove/defaults/isp as its not shipped by make install anymore - update debian/icedove.install -- Alexander Sack Fri, 28 Dec 2007 16:05:05 +0100 icedove (2.0.0.6-1) unstable; urgency=low * new upstream release 2.0.0.6-1 fixes various security issues (Closes: #444010): - MFSA 2007-18 aka CVE-2007-3734, CVE-2007-3735 - Crashes with evidence of memory corruption (rv:1.8.1.5). - MFSA 2007-23 aka CVE-2007-3670 - Remote code execution by launching Firefox from Internet Explorer (doesn't apply to linux). - MFSA 2007-26 aka CVE-2007-3844 - Privilege escalation through chrome-loaded about:blank windows. - MFSA 2007-27 aka # CVE-2007-3845 - Unescaped URIs passed to external programs. * debian/patches/debian/patches/credits-rebranding: refresh patch because of code-base change in new upstream release. * debian/patche/bz389801_deb443454_fix_gtk_theme_crashes.patch,series: import fix for theme crashes from bugzilla (Closes: 443454). -- Alexander Sack Mon, 08 Oct 2007 12:09:42 +0000 icedove (2.0.0.4.dfsg1-2) unstable; urgency=low * debian/patches/autoconf2.13-rerun: rerun to apply last commits configure.in patch addition to configure. * debian/patches/force-no-pragma-visibility-for-gcc-4.2_4.3, debian/patches/series: don't use pragma for visibility as visibility hints are not perfect yet in mozilla code base. * debian/icedove.desktop: drop explicit .png extension from desktop icon name * debian/icedove.desktop, debian/icedove.links, debian/icedove.menu: fix various icon issues, by using /usr/share/icedove/icons/default.png instead of mozicon128.png as source for standard icedove pixmaps link (Closes: #427076, #437064, #437090). * debian/control, debian/rules: use gcc-4.2 and g++-4.2 on all archs; add gcc-4.2 and g++-4.2 to build-depends in control file. * debian/icedove.links: provide usr/share/icedove/chrome/icons/default/messengerWindow16.png as a link to usr/share/icedove/icons/mozicon16.png (Closes: #427723). * debian/icedove.install, debian/icedove.links: install isp directories /usr/share/icedove/isp and /usr/share/icedove/defaults/isp and link them to pkglibdir accordingly (Closes: #428421). -- Alexander Sack Mon, 27 Aug 2007 23:48:53 +0200 icedove (2.0.0.4.dfsg1-1) unstable; urgency=low * debian/remove.nonfree: update list of non-free/binary-only file from latest iceape updates" debian/remove.nonfree; update orig tarball accordingly. (Closes: 400340) * debian/control[.in]: icedove package now provides mail-reader, imap-client, news-reader instead of www-browser (Closes: 425167) -- Alexander Sack Tue, 19 Jun 2007 15:00:12 +0200 icedove (2.0.0.4-1) unstable; urgency=low * stability/security upstream release 2.0.0.4 - CVE-2007-2867 aka MFSA 2007-12 (l): Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4) - layout engine - CVE-2007-2868 aka MFSA 2007-12 (j): Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4) - javascript engine - CVE-2007-1558 aka MFSA 2007-15: Security Vulnerability in APOP Authentication * debian/patches/gcc-workaround-visibility-hidden, debian/patches/series: applied upstream -> dropped visibility workaround patch * debian/patches/gnome-mime-handling: updated patch for bz273524 in response to upstream landing of bz373955 * debian/patches/autoconf-regen: rerun autoconf accordingly * debian/patches/82_prefs.dpatch|series: import default font fixes from xulrunner 1.8.1.4-1 patchset (thanks to Mike Hommey ) * debian/control[.in]: libnss3-dev build-depend is now versioned (Closes: 429202) -- Alexander Sack Mon, 18 Jun 2007 16:50:34 +0200 icedove (2.0.0.0-4) unstable; urgency=low * One that fix them all release - maybe. * fix symlinks for chrome/greprefs/defaults in .preinst (Closes: 425390, 425438, 425476, 425479, 425550, 425552, 425559, 425564, 425672, 425727, 426019) * debian/control[.in]: fix section -> s/web/mail/ -- Alexander Sack Fri, 1 Jun 2007 13:13:13 +0200 icedove (2.0.0.0-3) unstable; urgency=low * fixing links in preinst (Closes: 424963, 425061, 425223) greprefs, chrome and defaults need to point to /usr/share/icedove/* * drop searchplugin link which even had a typo :) * debian/icedove.menu: ship debian menu entry (Closes: 425224) -- Alexander Sack Sat, 20 May 2007 16:48:00 +0200 icedove (2.0.0.0-2) unstable; urgency=low * adding icedove-dbg package -- Alexander Sack Sat, 19 May 2007 17:33:00 +0200 icedove (2.0.0.0-1) unstable; urgency=low * icedovising * add debian/remove.nonfree * set upstream application fixed to 'thunderbird' in update-orig, so you can just drop thunderbird tarball and produce new orig * fix debian/control.in, drop transition packages. update debian/control for these modifications. * no autogen of configure and debian/control for release -- Alexander Sack Thu, 17 May 2007 14:00:00 +0200 thunderbird (1.99.rc1+2.0-1) feisty; urgency=low * branch firefox-trunk package for 2.0 thunderbird package * debian/control.in, debian/control: add transition packages: mozilla-thunderbird, mozilla-thunderbird-dev; disable dom-inspector package as there is nearly no hope that it ever will get maintained upstream again. * debian/rules: remove inspector extension from configure; add excludes to dh_install of thunderbird and thunderbird-dev package: - DEB_DH_INSTALL_ARGS_thunderbird := -Xgnome -Ximgicon -Xmozlibthai DEB_DH_INSTALL_ARGS_thunderbird-dev := -Xnspr -Xnss -- Alexander Sack Wed, 18 Apr 2007 13:35:34 +0200 icedove (1.5.0.10.dfsg1-3) unstable; urgency=low * debian/icedove*.xpm updated to use correct icon (Closes: 413976, 416476) * debian/patches/25_gnome_helpers_with_params.dpatch: Make helper applications with parameters work (bz#273524); this is an improved version of bugzilla patch by Mike Hommey -- Alexander Sack Wed, 28 Mar 2007 21:55:08 +0200 icedove (1.5.0.10.dfsg1-2) unstable; urgency=low * debian/tmpls-typeaheadfind/install.rdf: fix version depends of typeaheadfind (Closes: 413770) -- Alexander Sack Wed, 7 Mar 2007 13:13:13 +0100 icedove (1.5.0.10.dfsg1-1) unstable; urgency=low * new upstream release fixing security issues: - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow Vulnerability - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow Vulnerability - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01: Crashes with evidence of memory corruption * 91_credits_icedove.dpatch: dump new xml entities from credits dialog (Closes: 404984, 412423) * 50_kbsd_nspr.dpatch, 50_kbsd.dpatch: adapt kbsd patches to apply to latest upstream code-base [ Christian Perrier ] * Rewrite debconf templates to fit the current Developer's Reference recommendations * Correct the name of the debconf templates file in debian/po/POTFILES.in Closes: #407220 * Debconf translations: - Bulgarian added. Closes: #410627 - Basque updated. Closes: #410633 - German updated. Closes: #410672 - Catalan updated. Closes: #410676 - Spanish updated. Closes: #410709 - Galician updated. Closes: #410720, #407944 - Japanese updated. Closes: #410753 - Tamil added. Closes: #410892 - Portuguese updated. Closes: #409562 - Vietnamese updated. - Malayalam added. Closes: #408109 - Russian updated. Closes: #411064, #405741 - Swedish. Closes: #410632 - Polish. Closes: #411302 - Fix typo in Italian translation. Closes: #363806 - Romanian. Closes: #411361 - Czech. Closes: #411409 - Danish. Closes: #411402 - Dutch. Closes: #411406 - Italian. Closes: #411452 - Brazilian Portuguese. Closes: #411538 - Korean. Closes: #411624, #411581 - Malayalam. Closes: #411647 - Finnish. Closes: #411765 -- Alexander Sack Fri, 23 Feb 2007 09:00:00 +0100 icedove (1.5.0.10.dfsg1-1.1) unstable; urgency=low * Non-maintainer upload to fix pending l10n issues. * Debconf translations: - Italian fixed. Closes: #363806 - Russian added. Closes: #405741 - Galician added. Closes: #407944 - Malayalam added. Closes: #408109 - Portuguese updated. Closes: #409562 -- Christian Perrier Tue, 6 Feb 2007 06:55:08 +0100 icedove (1.5.0.9.dfsg1-1) unstable; urgency=high * new upstream version, fixes various security issues: - CVE-2006-6497 mfsa2006-68 layout engine - CVE-2006-6498 mfsa2006-68 javascript engine - CVE-2006-6499 mfsa2006-68 floating point - CVE-2006-6500 mfsa2006-69 - CVE-2006-6501 mfsa2006-70 - CVE-2006-6502 mfsa2006-71 - CVE-2006-6503 mfsa2006-72 - CVE-2006-6504 mfsa2006-73 - CVE-2006-6505 mfsa2006-74 - CVE-2006-6506 mfsa2006-75 - CVE-2006-6507 mfsa2006-76 * landing icedove artwork contributed by Ricardo Fernández ; svgs are in debian/branding. xpms and some pngs are generated with rsvg-convert and convert -> adding build-depends to librsvg2-bin, imagemagick * including es.po translation contributed by Felipe Caminos (Closes: 402928) * updateing pt_BR.po provided by André Luís Lopes (Closes: 403827) * adapting credits dialog and Icedove Motto in 91_credits_icedove.dpatch * fix bad link in icedove manpage (icedove.sgml) (Closes: 398344) * rebranding install.rdf of default theme for icedove in 91_rebranding_theme.dpatch (Closes: 393134) * adapt README.Debian to new icedove directories and name * clean old/not-needed files from debian/ directory: theme.part.defaultclassic, mail-jar.mn, messenger_jar_includes.csv * disabling patch: 99_bz360409_deb400383, which is applied upstream now. -- Alexander Sack Tue, 19 Dec 2006 12:00:00 +0100 icedove (1.5.0.8.dfsg1-1) unstable; urgency=medium * removing all currently known non-free and sourceless binaries from source package by running the script included for reference in debian/remove.nonfree from the gnuzilla project (Closes: 400340) * added upstream approved quickfix for grave bug in debian/patches/99_bz360409_deb400383.dpatch (Closes: 400383) * last chance kbsd upload ... reenabling kbsd patch with fix by Petr Salinger (Closes: 399692) * remove missed non-free icons from debian/fhunderbird-branding.tmpl/ : background.png.uu, disk.icns.uu -- Alexander Sack Sun, 26 Nov 2006 19:00:00 +0100 icedove (1.5.0.8-3) unstable; urgency=low * disable kbsd patches in 00list because they appear to break build on other platforms. In consequence, 399692 and 363865 will be reopened. Reenable 90_ppc64-build-fix (Closes: 400090) -- Alexander Sack Mon, 22 Nov 2006 15:10:00 +0100 icedove (1.5.0.8-2) unstable; urgency=low * fix mozilla.in for real (for transitional thunderbird link (Closes: 393123, 398037) * apply basque debconf translation (eu.po) for real (Closes: 398468) * included nl.po provided by Nick Niktaris renaming as icedove first (Closes: 378360) * include greek translation in icedove.desktop provided by Nick Niktaris (Closes: 384359) * include updated de.po translation provided by Alwin Meschede (Closes: 399083) * apply FTBFS on GNU/kFreeBSD porters patch provided by Petr Salinger (Closes: 399692), which is claimed to provide a fix for ppc64 ftbfs too (Closes: 363865) * remove debug echo from icedove.preinst (Closes: 399723) -- Alexander Sack Mon, 21 Nov 2006 19:35:00 +0100 icedove (1.5.0.8-1) unstable; urgency=medium * new upstream version fixes various security issues * added transition package: thunderbird-gnome-support -> icedove-gnome-support as well as thunderbird-dbg -> icedove-dbg (Closes: 393105) * fix typo in postinst to fix browser integration scheme recognition as selected by debconf (Closes: 393765, 398427) * apply patch by Ted Percival to fix broken transitional thunderbird symlink (Closes: 393123, 398037) * apply patch by Andre Lehovich that fixes icedove package description typos (Closes: 398468) * add basque debconf translation (eu.po) provided by Piarres Beobide (Closes: 398719) * remove non-free rfc files from source tarball (Closes: 395095) -- Alexander Sack Wed, 15 Nov 2006 18:00:00 +0100 icedove (1.5.0.7-3) unstable; urgency=medium * unbrand thunderbird mail -> Icedove Mail/News due to trademark issues (Closes: 354622) -- Alexander Sack Thu, 12 Oct 2006 13:00:00 +0100 thunderbird (1.5.0.7-2) unstable; urgency=low * go through new upload ... reenable thunderbird-dbg * increase reference count for fontconfig charset 91_fontconfig_reference_increment_388739 (Closes: 388739) -- Alexander Sack Wed, 27 Sep 2006 02:00:00 +0100 thunderbird (1.5.0.7-1) unstable; urgency=high * disabled new package to avoid queue new: thunderbird-dbg * new upstream release fixes security issues: + MFSA 2006-64 - CVE-2006-4571 + MFSA 2006-63 - CVE-2006-4570 + MFSA 2006-62 - CVE-2006-4569 + MFSA 2006-61 - CVE-2006-4568 + MFSA 2006-60 - CVE-2006-4340 (related to CVE-2006-4339) + MFSA 2006-59 - CVE-2006-4253 + MFSA 2006-58 - CVE-2006-4567 + MFSA 2006-57 - CVE-2006-4565, CVE-2006-4566 * disable patch 90_gcc-extern-fix, because it has been pulled in upstream * disable 91_271815.overthespot.v1.2, because applied upstream -- Alexander Sack Fri, 15 Sep 2006 16:00:00 +0100 thunderbird (1.5.0.5-2) unstable; urgency=low * new package: thunderbird-dbg + improve configure options + enable svg + use debian build options to determine optimization flags * added build depends on libcairo-dev -- Alexander Sack Sat, 12 Aug 2006 15:00:00 +0100 thunderbird (1.5.0.5-1) unstable; urgency=high * new upstream release fixes various security flaws: + MFSA 2006-44, CVE-2006-3801 + MFSA 2006-46, CVE-2006-3113 + MFSA 2006-47, CVE-2006-3802 + MFSA 2006-48, CVE-2006-3803 + MFSA 2006-49, CVE-2006-3804 + MFSA 2006-50, CVE-2006-3805, CVE-2006-3806 + MFSA 2006-51, CVE-2006-3807 + MFSA 2006-52, CVE-2006-3808 + MFSA 2006-53, CVE-2006-3809 + MFSA 2006-54, CVE-2006-3810 + MFSA 2006-55, CVE-2006-3811 * including patch 91_271815.overthespot.v1.2.dpatch (Closes: 379936, 363814) * improve manpage: Document -g, --debug options (Closes: 381096) * update for ja.po, contributed by Kenshi Muto (Closes: 379946) * update for pt.po, contributed by Rui Branco (Closes: 381444) * Provide virtual package news-reader (Closes: 363834) * Apply patch which introduces ReplyToList MessageType. This is the base to allow extensions that provide ReplyToList button to get installed. Thanks to Armin Berres for pointing out this unintrusive patch. (Closes: 381273) * fix README.Debian for firefox integration as well as example of global pref.js (firefox.js.tmpl) (Closes: 363723) * further improvements for README.Debian * fix gnome integration program path in a hard-coded fashion in 91_gnome_path_fix.dpatch (Closes: 365610) -- Alexander Sack Sat, 12 Aug 2006 15:00:00 +0100 thunderbird (1.5.0.4-3) unstable; urgency=critical * fixing gcc-4.1 ftbfs (Closes: 377176) * improved manpage by Bastian Kleineidam documenting -safe-mode option (Closes: 370254) * include *no xgot* patch for mips/mipsel contributed by Thiemo Seufer (Closes: 374882) -- Alexander Sack Thu, 13 Jul 2006 15:00:00 +0100 thunderbird (1.5.0.4-2) unstable; urgency=critical * fix version in install.rdf for inspector and typeaheafind (Closes: 374382) * (last one was a new upstream release fixing various security issues (Closes: 373878, 373553) * urgency=critical -- Alexander Sack Mon, 19 Jun 2006 10:00:00 +0100 thunderbird (1.5.0.4-1) unstable; urgency=low * new upstream release fixing various security issues: MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8 pages MFSA 2006-40, CVE-2006-2781: Double-free on malformed VCard MFSA 2006-38, CVE-2006-2778: Buffer overflow in crypto.signText() MFSA 2006-37, CVE-2006-2776: Remote compromise via content-defined setter on object prototypes MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL persist MFSA 2006-33, CVE-2006-2786: HTTP response smuggling MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with potential memory corruption MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) * build depends: + xorg-dev -> libx11-dev, libxt-dev, libxinerama-dev, libxft-dev, libfreetype6-dev, libxrender-dev + removed binutils, coreutils and po-debconf * enable xinerama in debian/rules * fixed lintian errors: + do not depend on xorg dev meta package + debhelper depend is now versioned + changed package description(s) to not start with 'thunderbird' -- Alexander Sack Tue, 23 May 2006 15:00:00 +0100 thunderbird (1.5.0.2-3) unstable; urgency=low * patch-robbery from firefox package: + removed old mips and arm patches + added 50_arch_arm_fix + added 50_arch_alpha_fix + added 50_arch_m68k_fix + added 50_arch_mips_Makefile_fix + added 50_arch_mips_fix (Closes: 357755) + added 50_arch_parisc_Makefile_fix + added 50_arch_parisc_fix * included install.rdf for default theme in extensions dir (Closes: 363956) * removed chrome.d locales.d extensions.d from var/lib/thunderbird -- Alexander Sack Tue, 16 May 2006 19:45:00 +0100 thunderbird (1.5.0.2-2) unstable; urgency=critical * debian/thunderbird.sgml. Greatly improved manpage for thunderbird, thanks to Sam Morris for contributing this (Closes: 361069) * add missing build depend to sharutils to fix ftbfs (Closes: 365539) * fix gnome-support package removing gnome dependencies from pure thunderbird package. * set urgency to critical which I forgot to set properly for the last upload -- Alexander Sack Sat, 29 Apr 2006 14:00:00 +0100 thunderbird (1.5.0.2-1) unstable; urgency=low * removed enable xprint in order to build after X11R7 transition. * removed xprint recommends from control file. * 91_fontsfix_359763.dpatch: fix for 'thunderbird shows text illegibly' for some encodings. (Closes: 359763) * myspell is now depends (Closes: 357623) * (re-)including 10_mips_optimization_patch * debian/patches/90_ppc64-build-fix.dpatch: patch for 'FTBFS (ppc64)', thanks to Andreas Jochens for adding the final patch to the report. (Closes: 361036) * Thanks to Bastian Kleineidam for contributing: * Standards version 3.6.2.1 * Use debhelper v5 with debian/compat * Remove unneeded thunderbird.conffiles now that debhelper v5 is used * Remove CVS directories in debian/ * Fix debian/changelog syntax errors, and convert to UTF-8 * Fix bashism in debian/thunderbird.postrm, using 2> instead of &>. * Add ${misc:Depends} to thunderbird* dependencies, fixing a missing dependency on debconf * Move db_input commands from postinst into a separate thunderbird.config file. * distinct gnome-support package added. adds a good bunch of gnome build depends to allow module linking against gnome libs. * added new fhunderbird-branding in debian/fhunderbird-branding.tmpl (Closes: 358198) * use only one profile directory in configure (Closes: 358378) * Various security issues are fixed in this release. Namely: CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 CVE-2006-1731 CVE-2006-1724 CVE-2006-0884 CVE-2006-1730 CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-1045 CVE-2006-0748 CVE-2006-1726 CVE-2006-1725 CVE-2005-2353 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-0292/CVE-2006-0293 (Closes: 349242) CVE-2006-0294 CVE-2006-0295 CVE-2006-0296 CVE-2006-0297 CVE-2006-0298 CVE-2006-0299 -- Alexander Sack Thu, 20 Mar 2006 21:00:00 +0100 thunderbird (1.5-4) unstable; urgency=low * great package renaming release: mozilla-thunderbird -> thunderbird * removed not maintained and not needed update-mozilla-thunderbird facilities. Extensions/locales etc. don't need to call this anymore in order to install themselves globally. * added -fno-strict-aliasing -fno-unsigned-char as parameters to build * patch: 10_visibility_hidden_patch.dpatch - by Adam Conrad * new upstream version fixes various bugs (Closes: 288601, 291912, 295662) * included new fr.po translation by Mohammed Adnène Trojette (Closes: 323367) * included new cs.po translation by Jan Outrata (Closes: 321736, 335354) * included new pt.po translation by Traduz! (Closes: 348440) * included new da.po translation by Claus Hindsgaul (Closes: 350687) * added intl.locale.matchOS, true to debian/global-config.js instead of hacking startup script -- Alexander Sack Tue, 28 Feb 2006 15:00:00 +0100 mozilla-thunderbird (1.5-2) experimental; urgency=low * reenable patch 20_mailnews_mime_makefile_in.dpatch to export proper headers to -dev package for enigmail * last upload with old package name -- Alexander Sack Thu, 12 Jan 2006 15:00:00 +0100 mozilla-thunderbird (1.5-1) experimental; urgency=low * experimental upload of 1.5 (Closes: 348007) * major package housekeeping + removed extension template pieces + bye -offline extension release - this is now completely integrated in thunderbird default install + disable all patches ... but those that are obviously needed - please shout if you got struck by a regression due to this :). + use upstream startup script in the hope that they did fix it! + branding removed again. Keep it white labeled - for now. -- Alexander Sack Thu, 12 Jan 2006 15:00:00 +0100 mozilla-thunderbird (1.0.7-3) unstable; urgency=high * apply backported patch for amd64 (Closes: 332481,332484) Thanks to Martin Sarsale for testing and preparing the patch + debian/patches/91_gcc4_imgLoader.fix.dpatch * updated vietnam translation contributed by Clytie Siddall (Closes: 324224) * added swedish translation contributed by Daniel Nylander (Closes: 331606) -- Alexander Sack Mon, 17 Oct 2005 23:30:00 +0100 mozilla-thunderbird (1.0.7-2) unstable; urgency=high * still high to indicate that security bugs have not been fixed in etch. * apply debian/patches/90_xptcinvoke_arm.dpatch to fix ftbfs on arm/sid -- Alexander Sack Mon, 10 Oct 2005 19:00:00 +0100 mozilla-thunderbird (1.0.7-1) unstable; urgency=high * MFSA-2005-57: IDN heap overrun Summary: Tom Ferris reported a Firefox crash when processing a domain name consisting solely of soft-hyphen characters. Closes: - CVE-Ids: CAN-2005-2871 Bugzilla: 307259 Issues addressed: + CAN-2005-2871 - IDN heap overrun * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities Summary: Fixes for multiple vulnerabilities with an overall severity of "critical" have been released in Mozilla Firefox 1.0.7 and the Mozilla Suite 1.7.12 Closes: - CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261 306804 291178 300853 301180 302100 Issues addressed: + CAN-2005-2701 - Heap overrun in XBM image processing + CAN-2005-2702 - Crash on "zero-width non-joiner" sequence + CAN-2005-2703 - XMLHttpRequest header spoofing + CAN-2005-2704 - Object spoofing using XBL + CAN-2005-2705 - JavaScript integer overflow + CAN-2005-2706 - Privilege escalation using about: scheme + CAN-2005-2707 - Chrome window spoofing + Regression fixes * MFSA-2005-59: Command-line handling on Linux allows shell execution -> was addressed in 1.0.6-4 already. Reverting upstream changes to mozilla/mail/mozilla.in by copying debian/mozilla.in_1.0.6 over to allow our patches to still apply. debian/patches/01_old_mozilla.in.dpatch -- Alexander Sack Sat, 1 Oct 2005 17:00:00 +0100 mozilla-thunderbird (1.0.6-4) unstable; urgency=high * now using bash to overcome possible security flaws of our thunderbird start script (mozilla-thunderbird). Patch by Florian Weimer debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667) * added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch to build on alpha, arm, and ia64 that now uses __attribute__((used)) instead of ((unused)) by Steve Langasek (Closes: 325536) * fix debsums error reported by Y Giridhar Appaji Nag . Now removing files in postrm. Further moved /usr/lib/mozilla-thunderbird/chrome/chrome.rdf to the /var/... adding a link to the new location. (Closes: 292475) * added depends for system libs: mng, png, jpeg to not build with unmaintained image included libs. * modified 21_mozilla_in-patch.dpatch to recognize -mail as a -compose alias. This makes thunderbird work well with current gnome default mailto: command for thunderbird. Thanks to Sam Morris for the workaround patch (Closes: 330168) * still work left: fix window.open(); overlay problem. added rejar-chrome.sh util script below debian. It rejars .jar files by extracting paths given in _jar_includes.csv from the .jar zip file and zipping only those files to a new jar file again. Anyway, still broken, thus disabled for this build. (See: 306522) -- Alexander Sack Mon, 23 Sep 2005 17:00:00 +0100 mozilla-thunderbird (1.0.6-3) unstable; urgency=low * remove gcc-3.4 from amd64 build ... this time for sure (Closes: 320723) * remove special optimization flags for other archs too -- Alexander Sack Mon, 2 Aug 2005 17:00:00 +0100 mozilla-thunderbird (1.0.6-2) unstable; urgency=low * remove gcc-3.4 from amd64 build (Closes: 320723) * added arabic po translation by Mohammed Adnène Trojette (Closes: 320771) -- Alexander Sack Mon, 1 Aug 2005 17:00:00 +0100 mozilla-thunderbird (1.0.6-1) unstable; urgency=high * GCC/G++ 4.0 API transition upload. * include 90_new_freetype_fix.dpatch to fix new freetype API (Closes: 301481, 301481) - consumed from mozilla-firefox packages ... thx to Eric Dorland * include 90_gcc4_fix.dpatch * fixes multiple security bugs (Closes: 318728) CAN-2005-2270: Code execution through shared function objects CAN-2005-2269: XHTML node spoofing CAN-2005-2266: Same origin violation: frame calling top.focus() CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo() CAN-2005-2261: XML scripts ran even when Javascript disabled CAN-2005-1532: Privilege escalation via non-DOM property overrides CAN-2005-1160: Privilege escalation via DOM property overrides CAN-2005-1159: Missing Install object instance checks CAN-2005-0989: Javascript "lambda" replace exposes memory contents * fix gdk_property_get problem that might cause a segfault (Closes: 317937) patch by Loic Minier debian/patches/gdk_property_get.dpatch * fix CAN-2005-2353: insecure tmp file usage in run-mozilla.sh (Closes: 306893) debian/patches/20_run-mozilla_sh_306893_fix.dpatch * include german de.po translation (Closes: 318747) by Alwin Meschede * fixed whitespace in mozilla-thunderbird.templates (Closes: 308961) hint by Clytie Siddall * apply fix for seamonkey migration crash (Closes: 285728) 90_mail_components_miration_src_nsSeamonkeyProfileMigrator_cpp * fix 'find' in update-mozilla-thunderbird-chrome (Closes: 315588) patch by Michael Spang -- Alexander Sack Thu, 21 Jul 2005 21:00:00 +0100 mozilla-thunderbird (1.0.2-3) unstable; urgency=high * last maybe sarge upload with urgency high, contains only translations (po files + gnome .desktop file lines) + cs translation by Jan Outrata (Closes: 309023) + fi translation by Matti Pöllä (Closes: 303805) + ja translation by Kenshi Muto (Closes: 307005) + pt_BR translation by Andre Luis Lopes (Closes: 304261) + vi translation by Clytie Siddall (Closes: 308959) + added missed translation entries in gnome .desktop files for it, ko, pl -- Alexander Sack Thu, 02 Jun 2005 22:00:00 +0100 mozilla-thunderbird (1.0.2-2) unstable; urgency=low * fixed TYPO in 71_extensionManagerAutoReRegister.dpatch, probably causing #302218 (Closes: 302218) * extended patch 71_extensionManagerAutoReRegister.dpatch, now checking components.ini timestamp instead of compreg.dat timestamp. removing components.ini compreg.dat and XUL.mfasl if global Extensions.rdf file is newer then components.ini. Probably helping to fix #302218 too. * renamed xprt-xprintorg recommends to xprint (Closes: 300975) * (re-)enabled pref extension (Closes: 302130) -- Alexander Sack Thu, 31 Mar 2005 07:00:00 +0100 mozilla-thunderbird (1.0.2-1) unstable; urgency=medium * new upstream version (Closes: 301542) fixes some security issues according to upstream (http://www.mozilla.org/projects/security/known-vulnerabilities.html) 1.0.2 fixes the following security related issues. MFSA 2005-30 GIF heap overflow parsing Netscape extension 2 MFSA 2005-25 Image drag and drop executable spoofing MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice MFSA 2005-18 Memory overwrite in string library MFSA 2005-17 Install source spoofing with user:pass@host MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion -- Alexander Sack Sun, 27 Mar 2005 16:00:00 +0100 mozilla-thunderbird (1.0-4) unstable; urgency=low * removed not needed build-deps: csh * included debconf (and gnome .desktop file) translations for various languages: (Closes: 292072, 294622, 291477, 292507) + debian/po/fr.po (Mohammed Adnène TROJETTE , Aurelien Jarno ) + debian/po/nl.po (Luk Claes ) + debian/po/ca.po (Jordi Mallach ) + debian/po/ko.po (Yooseong Yang ) + debian/po/it.po (Vittorio Palmisano ) + debian/po/pl.po (Robert Luberda ) * fixed startscript problem - updated 21_mozilla_in-patch.dpatch - thanks to Kevin B. McCarty * moved code of component debCleanComp.js to nsExtensionManager, so it can automatically restart the application if needed. This should again lower the probabilty that some upgrade, downgrade of thunderbird or extensions breaks the chrome or component registry in your profile dir. -- Alexander Sack Sun, 13 Mar 2005 13:00:00 +0100 mozilla-thunderbird (1.0-3) unstable; urgency=low * first upload to official archive for tbird 1.0 (first since 0.9-6) * finally I decided to upload this package to unstable, though there is a debian-legal discussion going on about the mozilla trademark. Since it might take some time until a solution is found, I decided to upload as usual. * started to debrand the app to 'Debian Thunderbird' -- Alexander Sack Sun, 16 Jan 2005 14:00:00 +0100 mozilla-thunderbird (1.0-2) unstable; urgency=low * Uninstall file and dummy-empty-file must not be empty * Included latest patch for extension manager * Included Jaap Haitsma icons (Closes: 257640) * fixed regression compared to 0.9-6 official package that had problems to build because empty files where not included in diff.gz -- Alexander Sack Fri, 10 Dec 2004 23:00:00 +0100 mozilla-thunderbird (1.0-1) unstable; urgency=low * new upstream release - 1.0 (Closes: 284560) * includes new icons as default theme * changed start.html page to not use the mozilla partical in the package naming. This app is now officially called 'Debian Thunderbird' * removed -O from sparch arch (See: 284532) * README.Debian improved * adapted new manpage inspired by Ralf Katz -- Alexander Sack Tue, 08 Dec 2004 12:00:00 +0100 mozilla-thunderbird (0.9-7) unstable; urgency=low * added debconf capability to define what browser integration is wanted -> added /etc/mozilla-thunderbird/auto-config.js to store automatically generated configs by debconf -- Alexander Sack Thu, 24 Nov 2004 12:00:00 +0100 mozilla-thunderbird (0.9-6) unstable; urgency=low * fixed bug in preinst script by strictly testing the existance of files before invoking mv operations (Closes: 282186) * fixed stupid upgrade bug in preinst script. ls uses now -d to produce no garbage when used as source for moving. This closes a bug reported against enigmail, but is a bug of the thunderbird package. This release fixes it (Closes: 282505) * still missing reply for current grave bug 282506. I think this is due to the initial upgrade problems. Those problem should not occur anymore with the fixes of this packages upgrade mechanism (Closes: 282506) -- Alexander Sack Thu, 24 Nov 2004 12:00:00 +0100 mozilla-thunderbird (0.9-5) unstable; urgency=low * added patch by Kevin B. McCarty adds In-Reply-To mailto: link capability (Closes: 268055) * late verification of bug fixed by preview package: fixes: message editor steals keyboard focus (Closes: 274313) -- Alexander Sack Thu, 18 Nov 2004 12:00:00 +0100 mozilla-thunderbird (0.9-4) unstable; urgency=low * fixed upgrade bug - when /usr/lib/mozilla-thunderbird/extensions is a link, remove it and create a directory for it! After that move all extensions from /var/lib/mozilla-thunderbird/extensions to the new folder. * added example firefox-config.js.tmpl to use the new wrapper script. This config should only be used if you are in a non gconf capable window environment, e.g. pure openbox, etc. See the README.Debian for further details on howto integrate thunderbird properly. * added uninstall and extension directory for default theme extension. This should make it possible to remove the package cleanly. * Bug#280254: mozilla-thunderbird: Please package thunderbird 0.9 (Closes: 280076) * patch by Kevin McCarty , fixes Subject munging if thunderbird is running (Closes: 263971) * fixed: typo in welcome message for preview pane (Closes: 278690) * thx to bug submitters that verified the fix of the following bugs in my preview package at people.debian.org: + Bug#277304: mozilla-thunderbird: thunderbird dies silently on some mails (Closes: 277304) + no sound when new mail arrives (Closes: 274044) + Focus Problem when a filter is selected (Closes: 272157) + "Get Mail" button fails intermittently on additional accounts (Closes: 280482) * added patch to fix /tmp/ file permissions during processing of imap directory (Closes: 280363) * cleaning up compreg.dat on Extensions.rdf change, so after restart all troubles with this issue are gone (Closes: 273213) * Already since 0.9-1, but I forgot to mention: + set default smtp server option should work now (Closes: 274177) + with view filter: unread on, newly read messages are not removed from the message list anymore (Closes: 275708) * other bugs resolved by upstream: + problems while threads refresh (Closes: 239203) + Shortcuts conflict with ISO 14755 (Closes: 246916) -- Alexander Sack Mon, 15 Nov 2004 22:45:00 +0100 mozilla-thunderbird (0.9-3) unstable; urgency=low * rm -f /usr/lib/mozilla-thunderbird/extensions in postinst if it is a link! After that move stuff from /var/lib/mozilla-thunderbird/extensions to /usr/lib/mozilla-thunderbird/extensions. The rest will be done by update-mozilla-thunderbird-chrome -- Alexander Sack Thu, 11 Nov 2004 22:45:00 +0100 mozilla-thunderbird (0.9-2) unstable; urgency=low * fixed bad bug in mozilla-thunderbird.install, that removed the fulls extensions dir * fixed broken upgrade problem due to mozilla-thunderbird-inspector that tried to install resource files under /usr/lib/.../res, but that is a link. Now storing under /usr/share/ -- Alexander Sack Wed, 10 Nov 2004 22:00:00 +0100 mozilla-thunderbird (0.9-1) unstable; urgency=low * new upstream version (0.9) * include patch amd64: by Frederik Schueler -> use gcc-3.4,g++3.4 (Closes: 261365) * pasting issues partially fixed (See: 279656) * Local Folders needed, cannot be deleted anymore (Closes: 226253) * including great patch of Mike Hommey who brought the final fix for the extension manager problems; changed update-mozilla-thunderbird-chrome according to the new -register capability -- Alexander Sack Wed, 10 Nov 2004 20:00:00 +0100 mozilla-thunderbird (0.8-3) unstable; urgency=medium * respin for new binutils version (Closes: 273354) * removing essential and build-essential build dependencies to: base-files, libc6-dev * update-mozilla-thunderbird-chrome: output of find(s) to /dev/null (Closes: 267661) * included mozilla-thunderbird-compose script in docs section -- Alexander Sack Sat, 26 Sep 2004 13:00:00 +0100 mozilla-thunderbird (0.8-2) unstable; urgency=medium * include good build_id during build fixes upgrade problems (Closes: 272175, 272182) * fixed some startup-script regressions. Remote commands are almost ready by upstream. Only -compose argument is interpreted in a debian specific way. Of course, locale settings are still debian specific too. * improved changelog to list important notes for upgrading to 0.8 * 10_mips_optimization_patch.dpatch: thiemo seufers mips(el) workaround removing CFLAGS="$CFLAGS -Wa,-xgot" and CXXFLAGS="$CXXFLAGS -Wa,-xgot" and adding inline when DEBUG is true (Closes: 272162). -- Alexander Sack Sat, 18 Sep 2004 21:00:00 +0100 mozilla-thunderbird (0.8-1) unstable; urgency=medium * new upstream version 0.8 * fixes various security issues in sarge and sid (Closes: 263752) * hacked a tiny patch for nsExtensionManager.js.in bug that lets thunderbird (and firefox) loop on startup if launched with non-root account. -- Alexander Sack Fri, 17 Sep 2004 10:00:00 +0100 mozilla-thunderbird (0.7.3-6) unstable; urgency=high * still fixes the security bug in sarge (see #263752) ... thus urgency=high * applied 50_mozilla-thunderbird-xpcom-xptcall-mips.dpatch provided by Thiemo Seufer (Closes: 267017) * removed as Uploader as he expressed that he has no more time to co-maintaining this package. Thanks for your work! -- Alexander Sack Sun, 12 Sep 2004 17:30:00 +0100 mozilla-thunderbird (0.7.3-5) unstable; urgency=high * ping tbird to find a running instance instead of searching for lock file that could still be there after a crash (redone) (Closes: 267144) * still fixes the security bug in sarge ... thus urgency=high -- Alexander Sack Thu, 21 Aug 2004 14:00:00 +0100 mozilla-thunderbird (0.7.3-4) unstable; urgency=high * ping tbird to find a running instance instead of searching for lock file that could still be there after a crash (Closes: 267144) * still fixes the security bug in sarge ... thus urgency=high -- Alexander Sack Thu, 21 Aug 2004 14:00:00 +0100 mozilla-thunderbird (0.7.3-3) unstable; urgency=high * extended patch for mips: 50_xpcom_xptcall_xptcstubs_asm_mips_s (Closes: 266851) * still fixes the security bug in sarge ... thus urgency=high -- Alexander Sack Thu, 19 Aug 2004 17:00:00 +0100 mozilla-thunderbird (0.7.3-2) unstable; urgency=high * included patch for mips: 50_xpcom_xptcall_xptcstubs_asm_mips_s * made global-config.js more up to date (Closes: 261815) * recommend myspell-en-us | myspell-dictionary (Closes: 265272) * enigmail is now suggested and not recommended anymore * still fixes the security bug in sarge ... thus urgency=high -- Alexander Sack Wed, 18 Aug 2004 16:00:00 +0100 mozilla-thunderbird (0.7.3-1) unstable; urgency=high * new upstream release 0.7.3 - fixes security issues (Closes: 263752) * changed maintainer email to debian address * removing /var/lib/mozilla-thunderbird dir on purge (Closes: 260212). * reverting gcc-3.2 and g++-3.2 for hppa architecture to back to default gcc/g++ compiler * fixed package description of mozilla-thunderbird-inspector and mozilla-thunderbird-offline (Closes: 260374, 260376) * plain mozilla-thunderbird now opens Inbox window to front instead of profile manager when already running (Closes: 259476) -- Alexander Sack Wed, 04 Aug 2004 20:00:00 +0100 mozilla-thunderbird (0.7.1-3) unstable; urgency=low * updated README.Debian to be more specific on the lost profile workaround! * added 10_profile_migration.dpatch to fix profile migration issues (Closes: 258741, 258747) * updated .desktop file Comment (Closes: 257596) * trying gcc-3.2 and g++-3.2 for hppa architecture -- Alexander Sack Tue, 13 Jul 2004 11:00:00 +0100 mozilla-thunderbird (0.7.1-2) unstable; urgency=low * added 10_profile_migration.dpatch to fix profile migration issues (Closes: 258741, 258747) * updated .desktop file Comment (Closes: 257596) * trying gcc-3.2 and g++-3.2 for alpha and amd64 architecture -- Alexander Sack Mon, 12 Jul 2004 11:00:00 +0100 mozilla-thunderbird (0.7.1-1) unstable; urgency=low * new upstream source 0.7.1 (Closes: 257320, 256843) * fixed broken theme ID * include extension descriptions and set them to locked * fixed typo in branding patch ( Hompage ->Homepage ) * included movemail for handling local mail (Closes: 219893) * provides new mozilla-thunderbird-dev * does not build enigmail anymore. enigmail has got its own source package for now. Hopefully this package will build soon against mozilla-mailnews and mozilla-thunderbird, so only one package is needed for both. * update-mozilla-thunderbird-chrome: LD_LIBRARY_PATH bug fixed (Closes: 254144) * verified that -compose mailto:email@host.com works (Closes: 252261) * include upgrade info in README.debian. Documented new global-config.js file in README.debian too (Closes: 253315) * crash on corrupt bmp fixed by upstream (Closes: 248857) * added Provides: mail-reader, imap-client (Closes: 257199) * renamed menu entry to 'Thunderbird Mail' (Closes: 257596) -- Alexander Sack Mon, 5 Jul 2004 11:00:00 +0100 mozilla-thunderbird (0.7.1-0.0.asac1) unstable; urgency=low * new upstream source 0.7.1 * fixed broken theme ID * include extension descriptions and set them to locked * fixed typo in branding patch ( Hompage ->Homepage ) * included movemail for handling local mail -- Alexander Sack Thu, 1 Jul 2004 11:00:00 +0100 mozilla-thunderbird (0.7-0.0.asac1) unstable; urgency=low * new upstream source 0.7 * provides new mozilla-thunderbird-dev * does not build enigmail anymore. enigmail has got its own source package for now. Hopefully this package will build soon against mozilla-mailnews and mozilla-thunderbird, so only one package is needed for both. * update-mozilla-thunderbird-chrome: LD_LIBRARY_PATH bug fixed (Closes: 254144) * verified that -compose mailto:email@host.com works (Closes: 252261) * include upgrade info in README.debian (Closes: 253315) * crash on corrupt bmp fixed by upstream (Closes: 248857) -- Alexander Sack Wed, 23 Jun 2004 11:00:00 +0100 mozilla-thunderbird (0.6-asac1) unstable; urgency=low * new binary package for development files mozilla-thunderbird-dev * mozilla-thunderbird now Provides: mail-reader and imap-client -- Alexander Sack Tue, 08 Jun 2004 15:00:00 +0100 mozilla-thunderbird (0.6-3) unstable; urgency=low * added libx11-dev, libxp-dev, libxt-dev to Build-Depends * removed xlibs-dev from Build-Depends * fixed typo in starting screen (Closes: 249850) * removed duplicate readme file (Closes: 247162) * added readme file upgrade note to remove the chrome.rdf in the users profile directory after upgrade. -- Alexander Sack Thu, 03 Jun 2004 00:20:00 +0100 mozilla-thunderbird (0.6-2) unstable; urgency=low * Fix missing build-dep on xlibs-dev, causing FTBFS errors (closes: Bug#251166) -- Soeren Boll Overgaard Fri, 28 May 2004 11:02:07 +0000 mozilla-thunderbird (0.6-1) unstable; urgency=low * accumulated changelog: 0.6-0.1rc1 + 0.6-0.1rc2 * repackaged upstream source tarball to not-include non-free icons of the trademarked new branding * changed menu icon size to 32x32 * added suggestions for mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline and mozilla-thunderbird-inspector * new upstream version: 0.6 * MAP users can now benefit from support for the IMAP IDLE command which allows the mail server to push notifications such as new mail arriving as soon as it arrives (Closes: 232544) * Thunderbird supports server wide news filters that apply to all news groups on a server * Mail filters can now mark messages as junk * Offline support is now available as an extension package (Closes: 231920) * Command line parsing problems fixed (Closes: 232342) * Find broken in view source is fixed (Closes: 232580) * Alerts and crash when deleting multiple nested folders inside the trash folder is fixed (Closes: 237705, 244414) * shift-c selects all as read (Closes: 245039) * menu hint changed to mail (Closes: 246211) * Alt-A selects all messages (Closes: 229518) * typeahead find extension added as extra package (Closes: 232562) * suggesting mozilla-firefox now (Closes: 240708, 234918) * changed mozilla-thunderbird.xpm to envelope with flames (Closes: 243028) * new enigmail upstream version included (0.86.6), (Closes: 235553) * now bulding with -O2 on all platforms, but ia64, arm, sparc, alpha, powerpc * global enigmail config file now in /etc/mozilla-thunderbird/pref/enigmail.js * new binary targets: mozilla-thunderbird-inspector, mozilla-thunderbird-offline, mozilla-thunderbird-typeaheadfind * restructured conffiles: now a single global config file exists: /etc/mozilla-thunderbird/global-config.js, which may be used by admins to make their preconfigurations. Old config files in /etc/mozilla-thunderbird/pref will be reserved till next --purge -- Alexander Sack Sat, 08 May 2004 08:45:00 +0100 mozilla-thunderbird (0.5+.040427-1) unstable; urgency=low * new snapshot of 040427 * added build depend: libgnomevfs2-dev * increased debian policy standard version to 3.6.1 -- Alexander Sack Tue, 27 Apr 2004 12:45:00 +0100 mozilla-thunderbird (0.5+.040418-1) unstable; urgency=low * new snapshot of 040418 * changed desktop icon to envelope with flames (Closes: 243028) -- Alexander Sack Sun, 18 Apr 2004 12:45:00 +0100 mozilla-thunderbird (0.5+.040412-1) unstable; urgency=low * new snapshot of 040412 * Updated enigmail to 0.83.6 -- Alexander Sack Mon, 12 Apr 2004 01:37:00 +0100 mozilla-thunderbird (0.5+.040330-1) unstable; urgency=low * new snapshot of 040320 * Updated enigmail to 0.83.5 (Closes: 235553) -- Alexander Sack Tue, 30 Mar 2004 17:30:20 +0100 mozilla-thunderbird (0.5-4) unstable; urgency=low * reenabled hppa patch, which apparently led to FTBFS on hppa -- Alexander Sack Thu, 04 Mar 2004 21:30:20 +0100 mozilla-thunderbird (0.5-3) unstable; urgency=medium * preinst added to allow clean upgrade path to this (Closes: 234118, Closes: 234267) * added prerm script to allow a clean remove of package -- Alexander Sack Sun, 29 Feb 2004 10:30:20 +0100 mozilla-thunderbird (0.5-2) unstable; urgency=low * new source package layout!! Now using orig.tar.gz with diff.gz (Closes: 232055) * moved arch-indep chrome stuff to /usr/share/mozilla-thunderbird/chrome * moved images to /usr/share/mozilla-thunderbird/res /usr/share/mozilla-thunderbird/icons /usr/share/mozilla-thunderbird/chrome/icons -- Alexander Sack Thu, 19 Feb 2004 19:30:20 +0100 mozilla-thunderbird (0.5-1.1) unstable; urgency=low * new source package layout!! Now using orig.tar.gz with diff.gz -- Alexander Sack Mon, 11 Feb 2003 19:30:20 +0100 mozilla-thunderbird (0.5-1) unstable; urgency=low * Aggregated changes since 0.4-1: * new upstream release 0.5 included * added xprt-xprintorg to Recommends (Closes: 226626) * upgraded enigmail to 0.83.2 (Closes: 228678) + includes a workaround for mozilla bug leading to a crash in rare situations (fixed in 0.82.6) * improved package structure. Sources now are included as original archives & are extracted to build-dir. (Closes: 225033) * Minor wording changes in package description, pointed out by Mark Stevenson. * New debianization of appearance (branding) * added switches for pref.js config entries for individual doubleclick timeout & drag threshold settings in gtk2 (Closes: 229146) -- Alexander Sack Mon, 09 Feb 2003 19:30:20 +0100 mozilla-thunderbird (0.5-0.1) unstable; urgency=low * preview of thunderbird-0.5 rc2 -- Alexander Sack Mon, 07 Feb 2003 19:30:20 +0100 mozilla-thunderbird (0.4-1.6) unstable; urgency=low * added basic gtk settings as mozilla prefs: + widget.gtk2.dnd.threshold - treshold in pixel before a drag starts + widget.gtk2.double_click_timeout - maximum time in milliseconds between two clicks to become recognized as double-click e.g. to get rid of unexpected folder moves, etc. * upgraded enigmail to 0.83.2 -- Alexander Sack Mon, 05 Feb 2003 10:30:20 +0100 mozilla-thunderbird (0.4-1.5) unstable; urgency=low * added xprt-xprintorg to Recommends * upgraded enigmail to 0.83.1 -- Alexander Sack Mon, 04 Feb 2003 10:30:20 +0100 mozilla-thunderbird (0.4-1.4) unstable; urgency=low * improved package structure. Sources now are included as original archives & are extracted to build-dir. (Closes: 225033) * late checkin. Already uploaded to mentors -- Alexander Sack Mon, 27 Jan 2003 10:30:20 +0100 mozilla-thunderbird (0.4-1.31) unstable; urgency=low * Minor wording changes in package description, pointed out by Mark Stevenson. -- Soeren Boll Overgaard Wed, 14 Jan 2004 12:46:23 +0000 mozilla-thunderbird (0.4-1.3) unstable; urgency=low * further debinized branding. updated 10_debian-branding patch * do not use MOZILLA_FIVE_HOME. Always set the MOZILLA_FIVE_HOME correctly. -> This is not anymore mozilla suite, so it is obsolete. -- Alexander Sack Mon, 06 Jan 2003 10:30:20 +0100 mozilla-thunderbird (0.4-1.2) unstable; urgency=low * updated enigmail to 0.82.6 - includes a workaround for mozilla bug leading to a crash. -- Alexander Sack Mon, 30 Dec 2003 20:30:20 +0100 mozilla-thunderbird (0.4-1.1) unstable; urgency=low * switched to .orig.tgz file approach -- Alexander Sack Mon, 12 Dec 2003 00:30:20 +0100 mozilla-thunderbird (0.4-1) unstable; urgency=low * version for first debian official upload of 0.4 -- Alexander Sack Mon, 12 Dec 2003 00:30:20 +0100 mozilla-thunderbird (0.4-0.3) unstable; urgency=low * updated latest enigmail source to version 0.82.5 -- Alexander Sack Mon, 12 Dec 2003 00:30:20 +0100 mozilla-thunderbird (0.4-0.2) unstable; urgency=low * added locale support: default locale is en-US -- Alexander Sack Mon, 12 Dec 2003 00:30:20 +0100 mozilla-thunderbird (0.4-0.1) unstable; urgency=low * upgraded official 0.4 release * browser integration works on gnome/kde * new mozilla-theme * latest engimail included -- Alexander Sack Mon, 10 Nov 2003 00:30:20 +0100 mozilla-thunderbird (0.3-7) unstable; urgency=low * added patches for hppa & alpha, arm & mips specfic stuff. took the patches from the debian mozilla package -- Alexander Sack Mon, 10 Nov 2003 00:30:20 +0100 mozilla-thunderbird (0.3-6) unstable; urgency=low * added patch to switch from ex to sed which certainly won't have terminal problems * added .desktop file for menu integration in gnome, kde, etc. -- Alexander Sack Sun, 2 Nov 2003 22:23:40 +0100 mozilla-thunderbird (0.3-5) unstable; urgency=low * Alexander Sack: - added build depend nvi. * Soeren Boll Overgaard - added dependency on gnupg for enigmail. -- Alexander Sack Thu, 29 Oct 2003 21:00:59 +0200 mozilla-thunderbird (0.3-4) unstable; urgency=low * Soeren Boll Overgaard: - Improve wording in long descriptions. - Fix dependency problem of the enigmail-package. -- Soeren Boll Overgaard Tue, 28 Oct 2003 17:08:55 +0100 mozilla-thunderbird (0.3-3) unstable; urgency=low * Build-depend on m4 * Actually do something in binary-arch * asac: Applied Patch for myspell issue (closes: Bug#217555) * fixed mozilla-thunderbird.sgml according to docbook DTD (closes: Bug#217708) -- Soeren Boll Overgaard Sun, 26 Oct 2003 23:24:25 +0100 mozilla-thunderbird (0.3-2) unstable; urgency=low * Build-depend on dpatch. -- Soeren Boll Overgaard Sun, 26 Oct 2003 13:26:31 +0100 mozilla-thunderbird (0.3-1) unstable; urgency=low * Make my name look right in Uploaders. * Change version to one suited to Debian. * Update standards version to 3.6.1 (No changes). -- Soeren Boll Overgaard Sun, 26 Oct 2003 09:38:24 +0000 mozilla-thunderbird (0.3-0.3) unstable; urgency=low * readded forgotten patch hunks -- Alexander Sack Thu, 24 Oct 2003 09:00:59 +0200 mozilla-thunderbird (0.3-0.2) unstable; urgency=low * New upstream release * latest patches of mozilla-thunderbird-0.2-3 are included -- Alexander Sack Thu, 21 Oct 2003 20:55:59 +0200 mozilla-thunderbird (0.2-3) unstable; urgency=low * fixed sudo bug (closes: Bug#216469) * repackaging because of enigmail build exception -- Alexander Sack Wed, 15 Oct 2003 17:56:59 +0200 mozilla-thunderbird (0.2-2) unstable; urgency=low * Don't limit archs to i386. -- Soeren Boll Overgaard Sat, 18 Oct 2003 10:27:05 +0000 mozilla-thunderbird (0.2-1) unstable; urgency=low * restarted versioning for official debian upload * Uploaded by S. Boll Overgaard - Closes thunderbird ITP (closes: Bug#196504) -- Alexander Sack Wed, 15 Oct 2003 17:56:59 +0200 mozilla-thunderbird (0.3-0.1) unstable; urgency=low * New upstream release -- Alexander Sack Thu, 16 Oct 2003 10:51:59 +0200 mozilla-thunderbird (0.2asac-5) unstable; urgency=low * some more lintian cleaning of source package * added boll@debian.org as co-maintainer * reduction of build depends redundancy -- Alexander Sack Wed, 15 Oct 2003 17:56:50 +0000 mozilla-thunderbird (0.2asac-4) unstable; urgency=low * minimized build-depends & removed version constraints from build-deps to ease backporting * added lintian override * added long description for enigmail * adjusted preference directory to $HOME/.mozilla-thunderbird -- Alexander Sack Mon, 13 Oct 2003 20:53:45 +0000 mozilla-thunderbird (0.2asac-3) unstable; urgency=low * needed to get the the source archive up again :( -- Alexander Sack Thu, 9 Oct 2003 18:51:01 +0200 mozilla-thunderbird (0.2asac-2) unstable; urgency=high * fixed the build procedure for enigmail binary package -- Alexander Sack Tue, 7 Oct 2003 23:04:01 +0200 mozilla-thunderbird (0.2asac-1) unstable; urgency=low * New upstream release * added binary package mozilla-thunderbird-enigmail * now update-chrome enabled * startup hooks (currently for enigmail) allowed in /var/lib/mozilla-thunderbird/startup-hooks.d -- Alexander Sack Fri, 3 Oct 2003 22:16:05 +0200 mozilla-thunderbird (0.2-5) unstable; urgency=low * changed menu entry image to gif image of size 32x32 -> lintian --check tested * added manual pages for mozilla-thunderbird & thunderbird * remove mozilla-thunderbird-config from binary package -- Alexander Sack Thu, 2 Oct 2003 02:30:44 +0200 mozilla-thunderbird (0.2-4) unstable; urgency=low * fixed conflict with snapshot build -- Alexander Sack Wed, 1 Oct 2003 16:50:33 +0200 mozilla-thunderbird (0.2-3) unstable; urgency=low * apply quickfix for bug #212604 (bugzilla.mozilla.org) -> firebird ist remote startable even if thunderbird is running * added basic man pages -- Alexander Sack Wed, 1 Oct 2003 12:21:04 +0200 mozilla-thunderbird (0.2-2) unstable; urgency=low * corrected menu entry command to thunderbird -- Alexander Sack Thu, 25 Sep 2003 12:00:36 +0200 mozilla-thunderbird (0.2-1) unstable; urgency=low * Initial Release. -- Alexander Sack Wed, 24 Sep 2003 18:55:50 +0200