summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog8029
1 files changed, 8029 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000000..6739c9b290
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,8029 @@
+thunderbird (1:115.7.0-1) unstable; urgency=medium
+
+ * [6e0c26c] New upstream version 115.7.0
+ Fixed CVE issues in upstream version 115.7 (MFSA 2024-04):
+ CVE-2024-0741: Out of bounds write in ANGLE
+ CVE-2024-0742: Failure to update user input timestamp
+ CVE-2024-0746: Crash when listing printers on Linux
+ CVE-2024-0747: Bypass of Content Security Policy when directive
+ unsafe-inline was set
+ CVE-2024-0749: Phishing site popup could show local origin in address bar
+ CVE-2024-0750: Potential permissions request bypass via clickjacking
+ CVE-2024-0751: Privilege escalation through devtools
+ CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
+ CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
+ and Thunderbird 115.7
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 23 Jan 2024 16:56:31 +0100
+
+thunderbird (1:115.6.0-1) unstable; urgency=medium
+
+ * [aea3623] New upstream version 115.6.0
+ Fixed CVE issues in upstream version 115.6 (MFSA 2023-55):
+ CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP
+ signature
+ CVE-2023-50761: S/MIME signature accepted despite mismatching message
+ date
+ CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
+ method with Mesa VM driver
+ CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
+ CVE-2023-6858: Heap buffer overflow in nsTextFragment
+ CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
+ CVE-2023-6860: Potential sandbox escape due to VideoBridge lack
+ of texture validation
+ CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void)
+ in headless mode
+ CVE-2023-6862: Use-after-free in nsDNSService
+ CVE-2023-6863: Undefined behavior in ShutdownObserver()
+ CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
+ and Thunderbird 115.6
+ * [6ecaa01] d/control: Remove B-D on libiw-dev
+ (Closes: #1058737)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 19 Dec 2023 20:24:02 +0100
+
+thunderbird (1:115.5.2-1) unstable; urgency=medium
+
+ * [34f6404] New upstream version 115.5.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 08 Dec 2023 21:21:26 +0100
+
+thunderbird (1:115.5.1-1) unstable; urgency=medium
+
+ * [eec913b] New upstream version 115.5.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 29 Nov 2023 18:13:11 +0100
+
+thunderbird (1:115.5.0-1) unstable; urgency=medium
+
+ [ intrigeri ]
+ * [a6be3ab] AppArmor: update profile from upstream at commit
+ 9d3fa88cdab512e45f6fd80f067337f200d356bc
+
+ [ Carsten Schoenert ]
+ * [ed61fd6] New upstream version 115.5.0
+ Fixed CVE issues in upstream version 115.5 (MFSA 2023-52):
+ CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
+ CVE-2023-6205: Use-after-free in MessagePort::Entangled
+ CVE-2023-6206: Clickjacking permission prompts using the fullscreen
+ transition
+ CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
+ CVE-2023-6208: Using Selection API would copy contents into X11 primary
+ selection.
+ CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
+ CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
+ and Thunderbird 115.5
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 22 Nov 2023 21:50:16 +0000
+
+thunderbird (1:115.4.1-1) unstable; urgency=medium
+
+ * [c51ab77] New upstream version 115.4.1
+ Fixed CVE issues in upstream version 115.4.1 (MFSA 2023-47):
+ CVE-2023-5721: Queued up rendering could have allowed websites to
+ clickjack
+ CVE-2023-5732: Address bar spoofing via bidirectional characters
+ CVE-2023-5724: Large WebGL draw could have led to a crash
+ CVE-2023-5725: WebExtensions could open arbitrary URLs
+ CVE-2023-5728: Improper object tracking during GC in the JavaScript
+ engine could have led to a crash.
+ CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
+ and Thunderbird 115.4.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 25 Oct 2023 21:05:23 +0200
+
+thunderbird (1:115.3.1-1) unstable; urgency=medium
+
+ * [276a53a] New upstream version 115.3.1
+ Fixed CVE issues in upstream version 115.3.1 (MFSA 2023-44):
+ CVE-2023-5217: Heap buffer overflow in libvpx
+ * [a360abf] d/control: Point VCS links to debian/sid
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 29 Sep 2023 19:26:42 +0200
+
+thunderbird (1:115.3.0-1) unstable; urgency=medium
+
+ * [2e67467] New upstream version 115.3.0
+ Fixed CVE issues in upstream version 115.3 (MFSA 2023-43):
+ CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
+ CVE-2023-5169: Out-of-bounds write in PathOps
+ CVE-2023-5171: Use-after-free in Ion Compiler
+ CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox
+ ESR 115.3, and Thunderbird 115.3
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 27 Sep 2023 19:07:47 +0200
+
+thunderbird (1:115.2.2-1) unstable; urgency=medium
+
+ * [08bc8c9] d/thunderbird.desktop: Update data with upstream data
+ (Closes: #1042912, #1051261)
+ * [2fd665b] New upstream version 115.2.2
+ Fixed CVE issues in upstream version 115.2.2 (MFSA 2023-40):
+ CVE-2023-4863: Heap buffer overflow in libwebp
+ * [7b862be] d/copyright: Update content due upstream changes
+ * [140b77d] d/s/lintian-overrides: Update data for overrides
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 13 Sep 2023 22:59:59 +0530
+
+thunderbird (1:115.2.0-1) unstable; urgency=medium
+
+ * [1415d01] New upstream version 115.2.0
+ Fixed CVE issues in upstream version 115.2 (MFSA 2023-36):
+ CVE-2023-4573: Memory corruption in IPC CanvasTranslator
+ CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
+ CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
+ CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
+ CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
+ CVE-2023-4051: Full screen notification obscured by file open dialog
+ CVE-2023-4578: Error reporting methods in SpiderMonkey could have
+ triggered an Out of Memory Exception
+ CVE-2023-4053: Full screen notification obscured by external program
+ CVE-2023-4580: Push notifications saved to disk unencrypted
+ CVE-2023-4581: XLL file extensions were downloadable without warnings
+ CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
+ CVE-2023-4583: Browsing Context potentially not cleared when closing
+ Private Window
+ CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR
+ 102.15, Firefox ESR 115.2, Thunderbird 102.15, and
+ Thunderbird 115.2
+ CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2,
+ and Thunderbird 115.2
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 30 Aug 2023 17:41:36 +0200
+
+thunderbird (1:115.1.1-1) unstable; urgency=medium
+
+ [ Christoph Goehre ]
+ * [880cabe] ship glxtest and vaapitest binaries
+ (Closes: #1043057)
+
+ [ Carsten Schoenert ]
+ * [8474b9b] d/thunderbird.install: Use upstream graphics for icons
+ * [85f99a2] d/c-u-t.py: Use Version() from python3-packaging
+ * [86e3335] d/thunderbird.desktop: Sort MimeType entries alphabetically
+ * [2bc5f47] New upstream version 115.1.1
+ * [ddec51f] Revert "d/mozconfig.default: Use internal shipped librnp
+ version"
+ * [3ef27e2] Revert "d/control: Drop librnp0 package from Depends"
+ * [9011502] Revert "d/thunderbird.install: Install rnp tools too"
+ * [d5eef62] d/control: Bump version of librnp{0,-dev}
+ (Closes: #1041409)
+
+ [ Max Nikulin ]
+ * [0e04b0e] d/thunderbird.desktop: Add IANA MIME type for .vcf vcard
+ * [ce01092] d/thunderbird.desktop: Add mid: URI to MIME types
+ (Closes: #1008159)
+ * [c11a22f] d/thunderbird.desktop: Add news: URI to MIME types
+ * [bf5586f] d/thunderbird.desktop: Add webcal: URI to MIME types
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 16 Aug 2023 17:18:04 +0200
+
+thunderbird (1:115.1.0-1) unstable; urgency=medium
+
+ * [8c11865] d/gbp.conf: Adjust upstream branch to new ESR cycle
+ * [fb76340] New upstream version 115.1.0
+ Fixed CVE issues in upstream version 115.1 (MFSA 2023-33):
+ CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin
+ restrictions
+ CVE-2023-4046: Incorrect value used during WASM compilation
+ CVE-2023-4047: Potential permissions request bypass via clickjacking
+ CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions
+ CVE-2023-4049: Fix potential race conditions when releasing platform
+ objects
+ CVE-2023-4050: Stack buffer overflow in StorageManager
+ CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state
+ CVE-2023-4056: Memory safety bugs fixed in Firefox 116,
+ Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1,
+ and Thunderbird 102.14
+ CVE-2023-4057: Memory safety bugs fixed in Firefox 116,
+ Firefox ESR 115.1, and Thunderbird 115.1
+ * [b562827] Rebuild patch queue from patch-queue branch
+ Removed patches (included upstream):
+ fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch
+ fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch
+ porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch
+ porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch
+ porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 01 Aug 2023 19:19:27 +0200
+
+thunderbird (1:115.0.1-2) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [39b1576] d/create-upstream-tarballs.py: Catch non existing versions
+ * [f663f6a] d/create-upstream-tarballs.py: Running black formatter
+ * [8e6d7fe] d/create-upstream-tarballs.py: Use speaking variable name
+
+ [ Christoph Goehre ]
+ * [cdab989] Rebuild patch queue from patch-queue branch
+ Added patch:
+ porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 29 Jul 2023 09:22:57 +0200
+
+thunderbird (1:115.0.1-1) experimental; urgency=medium
+
+ * [30f2fcc] New upstream version 115.0.1
+ Fixed CVE issues in upstream version 115.0.1 (MFSA 2023-27):
+ CVE-2023-3600: Use-after-free in workers
+ CVE-2023-3417: File Extension Spoofing using the Text Direction
+ Override Character
+ * [efbb370] Rebuild patch queue from patch-queue branch
+ Added patches:
+ debian-hacks/rnp-Fix-include-for-format-specifiers-for-uint32_t.patch
+ fixes/skia-Cast-SkEndian_SwapBE32-n-to-uint32_t-on-big-endian.patch
+ porting-mips64el/skia-Disable-musttail-on-mips64.patch
+ porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch
+ * [f78b777] d/mozconfig.default: Use internal shipped librnp version
+ * [a606cdb] d/control: Drop librnp0 package from Depends
+ * [104bf35] d/thunderbird.install: Install rnp tools too
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 23 Jul 2023 09:07:08 +0200
+
+thunderbird (1:115.0-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3a6b0eb] New upstream version 115.0
+ * [1c11a15] Rebuild patch queue from patch-queue branch
+ Dropped patches:
+ debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch
+ debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch
+ debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
+ fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch
+ fixes/Bug-628252-os2.cc-fails-to-compile-against-GCC-4.6-m.patch
+ porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch
+ porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch
+ porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+ porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
+ porting-ppc64el/work-around-a-build-failure-with-clang-on-ppc64el.patch
+ porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch
+ Added patches:
+ fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch
+ fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch
+ fixes/Fix-math_private.h-for-i386-FTBFS.patch
+ porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch
+ porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch
+ porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch
+ * [8d1d0e0] d/source.filter: Add build/android to list
+
+ [ Bo YU ]
+ * [ddf55dc] riscv64: Add build support for Riscv64 (Closes: #1026118)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 16 Jul 2023 12:22:50 +0200
+
+thunderbird (1:115.0~b6-1) experimental; urgency=medium
+
+ * [1d7c51d] New upstream version 115.0~b6
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 29 Jun 2023 20:13:46 +0200
+
+thunderbird (1:115.0~b4-1) experimental; urgency=medium
+
+ * [5685662] New upstream version 115.0~b4
+ * [0ff4fd0] Rebuild patch queue from patch-queue branch
+ Updated patches:
+ porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch
+ porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
+ * [67def1f] d/control: Add libotr5 to Depends
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 23 Jun 2023 16:03:31 +0200
+
+thunderbird (1:114.0~b2-1) experimental; urgency=medium
+
+ * [1f5bec1] New upstream version 114.0~b2
+ * [df5220a] Rebuild patch queue from patch-queue branch
+ Updated patches:
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch
+ * [71e654b] d/rules: Add 2 files to dh_missing
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 16 May 2023 21:38:11 +0200
+
+thunderbird (1:113.0~b3-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [569da29] apparmor: Expand profile folder about .mozilla-thunderbird
+ (Closes: #1030532)
+ * [777be0a] New upstream version 113.0~b3
+ * [ae90792] Rebuild patch queue from patch-queue branch
+ Dropped patch (included upstream):
+ debian-hacks/Make-Thunderbird-build-reproducible.patch
+
+ [ Timothy Pearson ]
+ * [5dff12c] Explicitly set SQLite endianness on ppc64el
+
+ [ intrigeri ]
+ * [c0ea3f9] AppArmor: update profile from upstream at
+ commit a03a894c6c30b7a566aa74645802de1cea580bca
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 21 Apr 2023 19:11:41 +0200
+
+thunderbird (1:112.0~b1-1) experimental; urgency=medium
+
+ * [c89a60d] d/source.filter: Update content to filter out
+ * [12cd2c8] New upstream version 112.0~b1
+ * [6655d37] Rebuild patch queue from patch-queue branch
+ Removed patch:
+ debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch
+ * [c4744df] d/control: Increade B-D on rustc to >= 1.65
+ * [ad73ef1] d/thunderbird.docs: Readd Apache-2 related Notice file
+ * [ebf44e8] d/control: Adjust B-D to libfontconfig-dev
+ * [6cea088] d/control: Increase Standards-Version to 4.6.2
+ * [2d0d8ee] d/copyright: Update content due upstream changes
+ * [268ee53] Lintian: Update overrides for source package
+ * [28ffd63] Lintian: Update overrides for thunderbird package
+ * [200f86d] Lintian: Update override for thunderbird-l10n-all
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 18 Mar 2023 19:31:18 +0100
+
+thunderbird (1:110.0~b4-1) experimental; urgency=medium
+
+
+ [ Amr Ibrahim ]
+ * [22b9eb7] thunderbird.desktop: Update StartupWMClass
+
+ [ Carsten Schoenert ]
+ * [afe6c6a] d/copyright: Update content due upstream changes
+ * [7b31b9d] d/source.filter: Update content to filter out
+ * [03b50b4] Lintian: Adjust overrides for thunderbird package
+ * [d3510d8] Lintian: Adjust overrides for source package
+ * [57839a2] d/control: Increase version in B-D for libnss-dev
+ * [958648e] d-create-upstream-tarballs.py: Use correct variable
+ * [208f93e] New upstream version 110.0~b4
+ (Closes: #1031541)
+ * [ba87378] Rebuild patch queue from patch-queue branch
+ Added patch:
+ debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch
+ Adjusted patch:
+ debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ * [3104ede] Drop usage of autoconf calls
+ * [42a2545] d/control: Increase some versions in B-D
+ * [551a17f] d/rules: Don't remove configure on dh_clean
+ * [3b7b408] d/source.filter: Don't filter configure from upstream data
+ * [48913d3] d/thunderbird.docs: Drop install of NOTICE file
+ * [44589db] d/mozconfig.default: Use internal version of ICU
+ * [3eba559] d/control: Drop libicu-dev from B-D for now
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 07 Mar 2023 16:41:43 +0100
+
+thunderbird (1:104.0~b2-1) experimental; urgency=medium
+
+ * [92670b2] d/repack.py: Small rework and adjustments
+ * [06fb656] d/create-upstream-tarballs.py: Adding new helper script
+ * [331247d] d/README.source: Update information on importing data
+ * [57a6dd7] d/source.filter: Relax filter rule for old-configure
+ * [36696b6] d/repack.py: Don't exit(1) if unused filter items exist
+ * [3b14d11] d/create-thunderbird-l10n-tarball.sh: Drop old helper
+ * [5468bb8] d/gbp.conf: Drop 'import-orig' section
+ * [fd4d5c1] d/source.filter: Add files named *.orig and *.rej
+ * [5035e50] New upstream version 104.0~b2
+ * [cc89049] Rebuild patch queue from patch-queue branch
+ Removed patch:
+ debian-hacks/Lower-down-required-NSS-version.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 06 Aug 2022 09:13:35 +0200
+
+thunderbird (1:103.0~b5-1) experimental; urgency=medium
+
+ * [a060ea2] d/gbp.conf: Sign tags automatically
+ (cherry-picked from debian/sid)
+ * [ac331c8] New upstream version 103.0~b5
+ * [00dd354] Rebuild patch queue from patch-queue branch
+ Added patch:
+ debian-hacks/Lower-down-required-NSS-version.patch
+ * [5c35afb] d/watch: Look now for versions starting with 3 digits
+ (cherry-picked from debian/sid)
+ * [a897f48] d/control: Add package thunderbird-l10n-es-mx
+ (cherry-picked from debian/sid)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 13 Jul 2022 18:08:16 +0200
+
+thunderbird (1:102.13.1-1) unstable; urgency=medium
+
+ * [e803b54] New upstream version 102.13.1
+ Fixed CVE issues in upstream version 102.13.1 (MFSA 2023-28):
+ CVE-2023-3417: File Extension Spoofing using the Text Direction
+ Override Character
+ * [456ce20] Rebuild patch queue from patch-queue branch
+ Added patch:
+ fixes/gfx-Fix-inclusion-of-C-header.patch
+ fixes/toolkit-Fix-inclusion-of-C-header.patch
+ (Closes: #1037872)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 26 Jul 2023 19:48:59 +0200
+
+thunderbird (1:102.13.0-1) unstable; urgency=medium
+
+ * [7168011] New upstream version 102.13.0
+ Fixed CVE issues in upstream version 102.13 (MFSA 2023-24):
+ CVE-2023-37201: Use-after-free in WebRTC certificate generation
+ CVE-2023-37202: Potential use-after-free from compartment mismatch in
+ SpiderMonkey
+ CVE-2023-37207: Fullscreen notification obscured
+ CVE-2023-37208: Lack of warning when opening Diagcab files
+ CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR
+ 102.13, and Thunderbird 102.13
+ (Closes: #971790, #1006432)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 08 Jul 2023 06:15:04 +0200
+
+thunderbird (1:102.12.0-1) unstable; urgency=medium
+
+ * [a285966] New upstream version 102.12.0
+ Fixed CVE issues in upstream version 102.12 (MFSA 2023-21):
+ CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
+ CVE-2023-34416: Memory safety bugs fixed in Thunderbird 102.12
+ * [73c48d4] d/control: Add libotr5 to Depends
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 05 Jun 2023 18:51:11 +0200
+
+thunderbird (1:102.11.0-1) unstable; urgency=medium
+
+ [ intrigeri ]
+ * [f3e5479] AppArmor: update profile from upstream at
+ commit a03a894c6c30b7a566aa74645802de1cea580bca
+
+ [ Carsten Schoenert ]
+ * [0626d72] New upstream version 102.11.0
+ Fixed CVE issues in upstream version 102.11 (MFSA 2023-18):
+ CVE-2023-32205: Browser prompts could have been obscured by popups
+ CVE-2023-32206: Crash in RLBox Expat driver
+ CVE-2023-32207: Potential permissions request bypass via clickjacking
+ CVE-2023-32211: Content process crash due to invalid wasm code
+ CVE-2023-32212: Potential spoof due to obscured address bar
+ CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
+ CVE-2023-32215: Memory safety bugs fixed in Thunderbird 102.11
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 12 May 2023 17:11:29 +0200
+
+thunderbird (1:102.10.0-1) unstable; urgency=medium
+
+ * [8afefce] New upstream version 102.10.0
+ Fixed CVE issues in upstream version 102.10 (MFSA 2023-15):
+ CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
+ CVE-2023-29533: Fullscreen notification obscured
+ CVE-2023-1999: Double-free in libwebp
+ CVE-2023-29535: Potential Memory Corruption following Garbage Collector
+ compaction
+ CVE-2023-29536: Invalid free from JavaScript code
+ CVE-2023-0547: Revocation status of S/Mime recipient certificates was
+ not checked
+ CVE-2023-29479: Hang when processing certain OpenPGP messages
+ CVE-2023-29539: Content-Disposition filename truncation leads to
+ Reflected File Download
+ CVE-2023-29541: Files with malicious extensions could have been
+ downloaded unsafely on Linux
+ CVE-2023-29542: Bypass of file download extension restrictions
+ CVE-2023-1945: Memory Corruption in Safe Browsing Code
+ CVE-2023-29548: Incorrect optimization result on ARM64
+ CVE-2023-29550: Memory safety bugs fixed in Thunderbird 102.10
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 17 Apr 2023 21:32:45 +0200
+
+thunderbird (1:102.9.1-1) unstable; urgency=medium
+
+ [ Timothy Pearson ]
+ * [de7c4f8] Explicitly set SQLite endianness on ppc64el
+ (Closes: #1033534)
+
+ [ Carsten Schoenert ]
+ * [06059fb] New upstream version 102.9.1
+ Fixed CVE issues in upstream version 102.9.1 (MFSA 2023-12):
+ CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to
+ denial-of-service attack
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 29 Mar 2023 17:34:39 +0200
+
+thunderbird (1:102.9.0-1) unstable; urgency=medium
+
+ * [ad8cc7c] New upstream version 102.9.0
+ Fixed CVE issues in upstream version 102.9 (MFSA 2023-11):
+ CVE-2023-25751: Incorrect code generation during JIT compilation
+ CVE-2023-28164: URL being dragged from a removed cross-origin iframe
+ into the same tab triggered navigation
+ CVE-2023-28162: Invalid downcast in Worklets
+ CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
+ CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9
+ * [b0a22c0] d/control: Increase Standards-Version to 4.6.2
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 15 Mar 2023 19:54:53 +0100
+
+thunderbird (1:102.8.0-1) unstable; urgency=medium
+
+ * [b130936] New upstream version 102.8.0
+ Fixed CVE issues in upstream version 102.8.0 (MFSA 2023-07):
+ CVE-2023-0616: User Interface lockup with messages combining S/MIME and
+ OpenPGP
+ CVE-2023-25728: Content security policy leak in violation reports using
+ iframes
+ CVE-2023-25730: Screen hijack via browser fullscreen mode
+ CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
+ CVE-2023-25735: Potential use-after-free from compartment mismatch in
+ SpiderMonkey
+ CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
+ CVE-2023-25739: Use-after-free in
+ mozilla::dom::ScriptLoadContext::~ScriptLoadContext
+ CVE-2023-25729: Extensions could have opened external schemes without
+ user knowledge
+ CVE-2023-25732: Out of bounds memory write from EncodeInputStream
+ CVE-2023-25742: Web Crypto ImportKey crashes tab
+ CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8
+ * [66e2335] Rebuild patch queue from patch-queue branch
+ Removed patch (included upstream):
+ debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 17 Feb 2023 20:17:32 +0100
+
+thunderbird (1:102.7.2-1) unstable; urgency=medium
+
+ * [468e468] New upstream version 102.7.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 08 Feb 2023 18:34:59 +0100
+
+thunderbird (1:102.7.1+1-1) unstable; urgency=medium
+
+ * [5ce0e7d] New upstream version 102.7.1+1
+ Fixed CVE issues in upstream version 102.7.1 (MFSA 2023-04):
+ CVE-2023-0430: Revocation status of S/Mime signature certificates was
+ not checked
+ Note: The previous version 1:102.7.1-1 was build on top of a release
+ candidate which does not fixed CVE-2023-0430 fully.
+ (Closes: #1029594, #1029606)
+ * [c7c81a5] apparmor: Expand profile folder about .mozilla-thunderbird
+ (Closes: #1030532)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 05 Feb 2023 17:27:40 +0100
+
+thunderbird (1:102.7.1-1) unstable; urgency=medium
+
+ * [dbc3385] New upstream version 102.7.1
+ Fixed CVE issues in upstream version 102.7 (MFSA 2023-03):
+ CVE-2022-46871: libusrsctp library out of date
+ CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23601: URL being dragged from cross-origin iframe into same
+ tab triggers navigation
+ CVE-2023-23602: Content Security Policy wasn't being correctly applied
+ to WebSockets in WebWorkers
+ CVE-2022-46877: Fullscreen notification bypass
+ CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing
+ Content Security Policy via format directive
+ CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7
+ * [af92a36] Rebuild patch queue from patch-queue branch
+ Added patch:
+ debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch
+ (Closes: #1028885)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 24 Jan 2023 16:32:06 +0100
+
+thunderbird (1:102.6.0-1) unstable; urgency=medium
+
+ [ Paul Gevers ]
+ * [6bbbd94] tests: thunderbird no longer builds on armel and armhf, so
+ let's not fail while trying to test there
+ * [d9e09a0] tests: help.sh is really a very superficial test, so let's
+ mark it as such
+
+ [ Carsten Schoenert ]
+ * [43b90d6] New upstream version 102.6.0
+ Fixed CVE issues in upstream version 102.6 (MFSA 2022-53):
+ CVE-2022-46880: Use-after-free in WebGL
+ CVE-2022-46872: Arbitrary file read from a compromised content process
+ CVE-2022-46881: Memory corruption in WebGL
+ CVE-2022-46874: Drag and Dropped Filenames could have been truncated to
+ malicious extensions
+ CVE-2022-46882: Use-after-free in WebGL
+ CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6
+ * [745c1a3] Rebuild patch queue from patch-queue branch
+ Removed patches (included upstream):
+ fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch
+ fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch
+ fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch
+ * [1e74214] d/control: Increase buid dep on libnss3-dev to 3.79.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 13 Dec 2022 19:40:57 +0100
+
+thunderbird (1:102.5.1-1) unstable; urgency=medium
+
+ * [ae4d1ff] New upstream version 102.5.1
+ Fixed CVE issues in upstream version 102.5.1 (MFSA 2022-50):
+ CVE-2022-45414: Quoting from an HTML email with certain tags will trigger
+ network requests and load remote content, regardless of
+ a configuration to block remote content
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 30 Nov 2022 12:27:38 +0100
+
+thunderbird (1:102.5.0-1) unstable; urgency=medium
+
+ * [2f04265] New upstream version 102.5.0
+ Fixed CVE issues in upstream version 102.5 (MFSA 2022-49):
+ CVE-2022-45403: Service Workers might have learned size of cross-origin
+ media files
+ CVE-2022-45404: Fullscreen notification bypass
+ CVE-2022-45405: Use-after-free in InputStream implementation
+ CVE-2022-45406: Use-after-free of a JavaScript Realm
+ CVE-2022-45408: Fullscreen notification bypass via windowName
+ CVE-2022-45409: Use-after-free in Garbage Collection
+ CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite
+ cookie policy
+ CVE-2022-45411: Cross-Site Tracing was possible via non-standard
+ override headers
+ CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
+ CVE-2022-45416: Keystroke Side-Channel Leakage
+ CVE-2022-45418: Custom mouse cursor could have been drawn over
+ browser UI
+ CVE-2022-45420: Iframe contents could be rendered outside the iframe
+ CVE-2022-45421: Memory safety bugs fixed in Thunderbird 102.5
+ * [57e94ac] Rebuild patch queue from patch-queue branch
+ Added patches:
+ fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch
+ fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch
+ (Closes: #1023789)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 15 Nov 2022 19:34:55 +0100
+
+thunderbird (1:102.4.1-1) unstable; urgency=medium
+
+ [ intrigeri ]
+ * [37c5b01] AppArmor: update profile from upstream at commit
+ 09fa2669dc95cb336d133a6b96cac227e3aa73dc
+ This allows running Thunderbird as a native Wayland application.
+
+ [ Carsten Schoenert ]
+ * [031c4a2] New upstream version 102.4.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 31 Oct 2022 18:50:44 +0100
+
+thunderbird (1:102.4.0-1) unstable; urgency=medium
+
+ * [6bfe8cd] New upstream version 102.4.0
+ Fixed CVE issues in upstream version 102.4 (MFSA 2022-46):
+ CVE-2022-42927: Same-origin policy violation could have leaked
+ cross-origin URLs
+ CVE-2022-42928: Memory Corruption in JS Engine
+ CVE-2022-42929: Denial of Service via window.print
+ CVE-2022-42932: Memory safety bugs fixed in Thunderbird 102.4
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 24 Oct 2022 22:33:05 +0200
+
+thunderbird (1:102.3.3-1) unstable; urgency=medium
+
+ * [6729f5d] New upstream version 102.3.3
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 13 Oct 2022 16:09:50 +0200
+
+thunderbird (1:102.3.2-1) unstable; urgency=medium
+
+ * [db7a24f] New upstream version 102.3.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 06 Oct 2022 20:34:42 +0200
+
+thunderbird (1:102.3.1-1) unstable; urgency=medium
+
+ * [f845126] New upstream version 102.3.1
+ Fixed CVE issues in upstream version 102.3.1 (MFSA 2022-43):
+ CVE-2022-39249: Matrix SDK bundled with Thunderbird vulnerable to an
+ impersonation attack by malicious server administrators
+ CVE-2022-39250: Matrix SDK bundled with Thunderbird vulnerable to a device
+ verification attack
+ CVE-2022-39251: Matrix SDK bundled with Thunderbird vulnerable to an
+ impersonation attack
+ CVE-2022-39236: Matrix SDK bundled with Thunderbird vulnerable to a data
+ corruption issue
+ * [4555808] Rebuild patch queu from patch-queue branch
+ debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
+ fixes/Properly-launch-applications-set-in-HOME-.mailcap.patch
+ * [344dbfa] d/copyright: Add info about code from Matrix
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 29 Sep 2022 19:09:02 +0200
+
+thunderbird (1:102.3.0-1) unstable; urgency=medium
+
+ * [0e841a7] New upstream version 102.3.0
+ Fixed CVE issues in upstream version 102.3 (MFSA 2022-42):
+ CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
+ CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
+ CVE-2022-40958: Bypassing Secure Context restriction for cookies with
+ __Host and __Secure prefix
+ CVE-2022-40956: Content-Security-Policy base-uri bypass
+ CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
+ CVE-2022-40962: Memory safety bugs fixed in Thunderbird 102.3
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 16 Sep 2022 16:56:20 +0200
+
+thunderbird (1:102.2.2-1) unstable; urgency=medium
+
+ * [f1dc81f] New upstream version 102.2.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 08 Sep 2022 17:25:57 +0200
+
+thunderbird (1:102.2.1-1) unstable; urgency=medium
+
+ * [e1d0f74] New upstream version 102.2.1
+ Fixed CVE issues in upstream version 102.2.1 (MFSA 2022-38):
+ CVE-2022-3033: Leaking of sensitive information when composing a response
+ to an HTML email with a META refresh tag
+ CVE-2022-3032: Remote content specified in an HTML document that was
+ nested inside an iframe's srcdoc attribute was not blocked
+ CVE-2022-3034: An iframe element in an HTML email could trigger a
+ network request
+ CVE-2022-36059: Matrix SDK bundled with Thunderbird vulnerable to
+ denial-of-service attack
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 01 Sep 2022 07:52:16 +0200
+
+thunderbird (1:102.2.0-1) unstable; urgency=medium
+
+ [ Amr Ibrahim ]
+ * [02a3990] thunderbird.desktop: Update StartupWMClass
+ (Closes: #1017420, #1014748)
+
+ [ Carsten Schoenert ]
+ * [f7b62a8] d-create-upstream-tarballs.py: Use correct variable
+ * [7194457] New upstream version 102.2.0
+ Fixed CVE issues in upstream version 102.2 (MFSA 2022-36):
+ CVE-2022-38472: Address bar spoofing via XSLT error handling
+ CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
+ parent's permissions
+ CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW
+ CVE-2022-38477: Memory safety bugs fixed in Thunderbird 102.2
+ CVE-2022-38478: Memory safety bugs fixed in Thunderbird 102.2, and
+ Thunderbird 91.13
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 28 Aug 2022 17:23:50 +0200
+
+thunderbird (1:102.1.2-1) unstable; urgency=medium
+
+ * [78f2899] d/copyright: Update content due upstream changes
+ * [55dba1d] d/source.filter: Update content to filter out
+ * [3e19497] Lintian: Adjust overrides for thunderbird package
+ * [567e0c4] Lintian: Adjust overrides for source package
+ * [c201484] New upstream version 102.1.2
+ (Closes: #1016944)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 11 Aug 2022 16:37:07 +0200
+
+thunderbird (1:102.1.1-1) unstable; urgency=medium
+
+ * [2c1b12f] d/create-upstream-tarballs.py: Adding new helper script
+ * [a9633b9] d/README.source: Update information on importing data
+ * [1d2cdc0] d/source.filter: Relax filter rule for old-configure
+ * [f1afe9b] d/repack.py: Don't exit(1) if unused filter items exist
+ * [165593a] d/create-thunderbird-l10n-tarball.sh: Drop old helper
+ * [b4d73ee] d/gbp.conf: Drop 'import-orig' section
+ * [d186832] d/source.filter: Add files named *.orig and *.rej
+ * [933b099] New upstream version 102.1.1
+ (Closes: #1014675:)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 06 Aug 2022 11:26:44 +0200
+
+thunderbird (1:102.1.0-1) unstable; urgency=medium
+
+ * [3b7bb0d] New upstream version 102.1.0
+ Fixed CVE issues in upstream version 102.1 (MFSA 2022-32):
+ CVE-2022-36319: Mouse Position spoofing with CSS transforms
+ CVE-2022-36318: Directory indexes for bundled resources reflected URL
+ parameters
+ CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1
+ (Closes: #1016083, #1014745, #1014675, #1014638)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 29 Jul 2022 17:00:53 +0200
+
+thunderbird (1:102.0.2-1) unstable; urgency=medium
+
+ * [079e135] d/repack.py: Small rework and adjustments
+ * [fc2518e] d/control: Readjust Vcs links to unstable
+ * [a7b09b3] d/gbp.conf: Sign tags automatically
+ * [faf115d] New upstream version 102.0.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 12 Jul 2022 18:41:04 +0200
+
+thunderbird (1:102.0.1-1) unstable; urgency=medium
+
+ * [68c9410] d/gbp.conf: Adjust upstream branch to new ESR cycle
+ * [45eca79] New upstream version 102.0.1
+ Fixed CVE issues in upstream version 102.0 (MFSA 2022-26):
+ CVE-2022-34479: A popup window could be resized in a way to overlay the
+ address bar with web content
+ CVE-2022-34470: Use-after-free in nsSHistory
+ CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
+ via retargeted javascript: URI
+ CVE-2022-2226: An email with a mismatching OpenPGP signature date was
+ accepted as valid
+ CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
+ CVE-2022-31744: CSP bypass enabling stylesheet injection
+ CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
+ blocked
+ CVE-2022-2200: Undesired attributes could be set as part of prototype
+ pollution
+ CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and
+ Thunderbird 102
+ * [1842425] d/watch: Look now for versions starting with 3 digits
+ * [0a32bb3] d/control: Add package thunderbird-l10n-es-mx
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 08 Jul 2022 17:47:21 +0200
+
+thunderbird (1:102.0~b7-1) experimental; urgency=medium
+
+ * [edf32aa] New upstream version 102.0~b7
+ * [c9dd3e0] d/control: Remove not required B-D
+ * [ac2ec70] d/mozconfig.default: Remove commented out options
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 21 Jun 2022 19:06:58 +0200
+
+thunderbird (1:102.0~b4-1) experimental; urgency=medium
+
+ * [8f34a01] d/source.filter: Small updates to filtering list
+ * [e1d4c7c] New upstream version 102.0~b4
+ * [c97416b] Rebuild patch-queue from patch queue branch
+ Removed patch (needs update):
+ fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch
+ Removed patch (fixed upstream):
+ porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch
+ * [68712eb] d/mozconfig.default: Disable wasm sandboxing
+ * [a1df764] d/mozconfig.default: Remove openpgp option
+ Supporting OpenPGP functionality is now set on by default.
+ * [607c321] d/mozconfig.default: Add/Update some configure options
+ * [efc728e] d/rules: Add new needed variable MOZBUILD_STATE_PATH
+ * [7b0d743] d/rules: Ensure python is used from the environment
+ * [26053f1] Build against system librnp library
+ Unfortunately using librnp-dev requires the usage of the internal
+ versions of botan, bz2 and jsonc.
+ (Closes: #998848)
+ * [5e904d8] d/control: Bump various build dependencies
+ * [94ee0da] d/thunderbird.docs: Update content to install
+ * [477f949] d/control: Increase Standards-Version to 4.6.1
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 15 Jun 2022 16:47:29 +0200
+
+thunderbird (1:91.11.0-1) unstable; urgency=medium
+
+ * [05a947d] New upstream version 91.11.0
+ Fixed CVE issues in upstream version 91.11 (MFSA 2022-26):
+ CVE-2022-34479: A popup window could be resized in a way to overlay the
+ address bar with web content
+ CVE-2022-34470: Use-after-free in nsSHistory
+ CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
+ via retargeted javascript: URI
+ CVE-2022-2226: An email with a mismatching OpenPGP signature date was
+ accepted as valid
+ CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
+ CVE-2022-31744: CSP bypass enabling stylesheet injection
+ CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
+ blocked
+ CVE-2022-2200: Undesired attributes could be set as part of prototype
+ pollution
+ CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and
+ Thunderbird 102
+ (Closes: #1014004)
+ * [4c4944d] Rebuild patch queue from patch-queue branch
+ Added patch:
+ fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 01 Jul 2022 20:12:40 +0200
+
+thunderbird (1:91.10.0-1) unstable; urgency=medium
+
+ * [969960a] New upstream version 91.10.0
+ Fixed CVE issues in upstream version 91.9.1 (MFSA 2022-19):
+ CVE-2022-1802: Prototype pollution in Top-Level Await implementation
+ CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading
+ to prototype pollution
+
+ Fixed CVE issues in upstream version 91.10 (MFSA 2022-22):
+ CVE-2022-31736: Cross-Origin resource's length leaked
+ CVE-2022-31737: Heap buffer overflow in WebGL
+ CVE-2022-31738: Browser window spoof using fullscreen mode
+ CVE-2022-31739: Attacker-influenced path traversal when saving downloaded
+ files
+ CVE-2022-31740: Register allocation problem in WASM on arm64
+ CVE-2022-31741: Uninitialized variable leads to invalid memory read
+ CVE-2022-1834: Braille space character caused incorrect sender email to be
+ shown for a digitally signed email
+ CVE-2022-31742: Querying a WebAuthn token with a large number of
+ allowCredential entries may have leaked cross-origin
+ information
+ CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10
+ * [4b55e16] d/control: Increase Standards-Version to 4.6.0
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 30 May 2022 19:36:06 +0200
+
+thunderbird (1:91.9.0-1) unstable; urgency=medium
+
+ * [88b99d1] New upstream version 91.9.0
+ Fixed CVE issues in upstream version 91.9 (MFSA 2022-18):
+ CVE-2022-1520: Incorrect security status shown after viewing an attached
+ email
+ CVE-2022-29914: Fullscreen notification bypass using popups
+ CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
+ CVE-2022-29916: Leaking browser history with CSS variables
+ CVE-2022-29911: iframe sandbox bypass
+ CVE-2022-29912: Reader mode bypassed SameSite cookies
+ CVE-2022-29913: Speech Synthesis feature not properly disabled
+ CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 16 May 2022 13:51:59 +0200
+
+thunderbird (1:91.8.1-1) unstable; urgency=medium
+
+ * [b57406c] New upstream version 91.8.1
+ (Closes: #1009321)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 19 Apr 2022 20:27:13 +0200
+
+thunderbird (1:91.8.0-1) unstable; urgency=medium
+
+ * [06619c5] New upstream version 91.8.0
+ Fixed CVE issues in upstream version 91.8 (MFSA 2022-15):
+ CVE-2022-1097: Use-after-free in NSSToken objects
+ CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
+ CVE-2022-1197: OpenPGP revocation information was ignored
+ CVE-2022-1196: Use-after-free after VR Process destruction
+ CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
+ CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
+ CVE-2022-28286: iframe contents could be rendered outside the border
+ CVE-2022-24713: Denial of Service via complex regular expressions
+ CVE-2022-28289: Memory safety bugs fixed in Thunderbird 91.8
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 06 Apr 2022 20:08:25 +0200
+
+thunderbird (1:91.7.0-2) unstable; urgency=medium
+
+ * [c348b62] Rebuild patch-queue from patch queue branch
+ Added patch:
+ fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch
+ (Closes: #948691)
+ Thanks go out to Simon McVittie for preparing this patch!
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 16 Mar 2022 06:55:46 +0100
+
+thunderbird (1:91.7.0-1) unstable; urgency=medium
+
+ * [952f6d0] New upstream version 91.7.0
+ Fixed CVE issues in upstream version 91.7 (MFSA 2022-12):
+ CVE-2022-26383: Browser window spoof using fullscreen mode
+ CVE-2022-26384: iframe allow-scripts sandbox bypass
+ CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
+ signatures
+ CVE-2022-26381: Use-after-free in text reflows
+ CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
+ local users
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 15 Mar 2022 17:54:46 +0100
+
+thunderbird (1:91.6.2-1) unstable; urgency=medium
+
+ * [2f95b97] New upstream version 91.6.2
+ Fixed CVE issues in upstream version 91.6.2 (MFSA 2022-09):
+ CVE-2022-26485: Use-after-free in XSLT parameter processing
+ CVE-2022-26486: Use-after-free in WebGPU IPC Framework
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 08 Mar 2022 08:40:12 +0100
+
+thunderbird (1:91.6.1-1) unstable; urgency=medium
+
+ * [3edb855] New upstream version 91.6.1
+ Fixed CVE issues in upstream version 91.6.1 (MFSA 2022-07):
+ CVE-2022-0566: Crafted email could trigger an out-of-bounds write
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 19 Feb 2022 11:01:46 +0100
+
+thunderbird (1:91.6.0-1) unstable; urgency=medium
+
+ * [884ccb6] New upstream version 91.6.0
+ Fixed CVE issues in upstream version 91.6 (MFSA 2022-06):
+ CVE-2022-22754: Extensions could have bypassed permission confirmation
+ during update
+ CVE-2022-22756: Drag and dropping an image could have resulted in the
+ dropped object being an executable
+ CVE-2022-22759: Sandboxed iframes could have executed script if the parent
+ appended elements
+ CVE-2022-22760: Cross-Origin responses could be distinguished between
+ script and non-script content-types
+ CVE-2022-22761: frame-ancestors Content Security Policy directive was not
+ enforced for framed extension pages
+ CVE-2022-22763: Script Execution during invalid object state
+ CVE-2022-22764: Memory safety bugs fixed in Thunderbird 91.6
+ (Closes: #1004951)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 11 Feb 2022 18:50:23 +0100
+
+thunderbird (1:91.5.1-1) unstable; urgency=medium
+
+ * [130bab2] New upstream version 91.5.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 23 Jan 2022 18:41:12 +0100
+
+thunderbird (1:91.5.0-2) unstable; urgency=medium
+
+ * [fd07163] autopkgtest: Run check-global-config-path.py only on Intel
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 12 Jan 2022 20:46:54 +0100
+
+thunderbird (1:91.5.0-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [8d4e5f8] New upstream version 91.5.0
+ Fixed CVE issues in upstream version 91.5 (MFSA 2022-03):
+ CVE-2022-22743: Browser window spoof using fullscreen mode
+ CVE-2022-22742: Out-of-bounds memory access when inserting text in edit
+ mode
+ CVE-2022-22741: Browser window spoof using fullscreen mode
+ CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
+ CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
+ CVE-2022-22737: Race condition when playing audio files
+ CVE-2021-4140: Iframe sandbox bypass with XSLT
+ CVE-2022-22748: Spoofed origin on external protocol launch dialog
+ CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
+ event
+ CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully
+ escape website-controlled data, potentially leading to
+ command injection
+ CVE-2022-22747: Crash when handling empty pkcs7 sequence
+ CVE-2022-22739: Missing throttling on external protocol launch dialog
+ CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5
+ * [a86c0b4] Rebuild patch queue from patch-queue branch
+ Modified patch:
+ debian-hacks/Add-another-preferences-directory-for-applications-p.patch
+ Reworking the patch so LoadDirIntoArray is working again that is adding
+ an additional syspref folder for global settings to use.
+ (Closes: #997841, #1003280)
+ * [442988b] autopkgtest: Adding check for accessing syspref folder
+
+ [ Jochen Sprickerhof ]
+ * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v'
+ (Closes:#1002570 )
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 11 Jan 2022 19:12:50 +0100
+
+thunderbird (1:91.4.1-1) unstable; urgency=medium
+
+ * [c5b36d3] New upstream version 91.4.1
+ Fixed CVE issues in upstream version 91.4.1 (MFSA 2021-55):
+ CVE-2021-4126: OpenPGP signature status doesn't consider additional
+ message content
+ CVE-2021-44538: Matrix chat library libolm bundled with Thunderbird
+ vulnerable to a buffer overflow
+ * [b66bebb] d/changelog: Update some MOZ-* entries with assigned CVEs
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 20 Dec 2021 16:05:02 +0100
+
+thunderbird (1:91.4.0-1) unstable; urgency=medium
+
+ * [7752be0] d/source.filter: Small updates to filtering list
+ * [0899850] New upstream version 91.4.0
+ Fixed CVE issues in upstream version 91.4 (MFSA 2021-54):
+ CVE-2021-43536: URL leakage when navigating while executing asynchronous
+ function
+ CVE-2021-43537: Heap buffer overflow when using structured clone
+ CVE-2021-43538: Missing fullscreen and pointer lock notification when
+ requesting both
+ CVE-2021-43539: GC rooting failure when calling wasm instance methods
+ CVE-2021-43541: External protocol handler parameters were unescaped
+ CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
+ of an external protocol handler
+ CVE-2021-43543: Bypass of CSP sandbox directive when embedding
+ CVE-2021-43545: Denial of Service when using the Location API in a loop
+ CVE-2021-43546: Cursor spoofing could overlay user interface when native
+ cursor is zoomed
+ CVE-2021-43528: JavaScript unexpectedly enabled for the composition area
+ CVE-2021-4129: Memory safety bugs fixed in Thunderbird 91.4.0
+ * [afd7750] d/t.lintian-overrides: Update entries due renamed tags
+ Some Lintan tags were renamed, thus requires am adjustment of the existing
+ overrides.
+ * [30a387c] d/s/lintian-overrides: Adjust most of the existing entries
+ Same as before but for the source package.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 07 Dec 2021 18:26:44 +0100
+
+thunderbird (1:91.3.2-1) unstable; urgency=medium
+
+ * [7fd56f0] New upstream version 91.3.2
+ * [4fccecb] Rebuild patch queue from patch-queue branch
+ Added patch:
+ debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 21 Nov 2021 18:29:42 +0100
+
+thunderbird (1:91.3.0-1) unstable; urgency=medium
+
+ * [1d3e0b1] Revert "Rebuild patch queue from patch-queue branch"
+ The patch for fixing the broken build on i386 breaks other architectures,
+ so reverting for now.
+ * [66755b4] New upstream version 91.3.0
+ Fixed CVE issues in upstream version 91.3 (MFSA 2021-50):
+ CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504: Use-after-free in file picker dialog
+ CVE-2021-38506: Thunderbird could be coaxed into going into fullscreen
+ mode without notification or warning
+ CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
+ the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-43535: Use-after-free in HTTP2 Session object
+ CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
+ confusion and potential spoofing
+ CVE-2021-38509: Javascript alert box could have been spoofed onto an
+ arbitrary domain
+ CVE-2021-43534: Memory safety bugs fixed in Thunderbird ESR 91.3
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 03 Nov 2021 18:14:09 +0100
+
+thunderbird (1:91.2.1-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [bcb5677] d/gbp.conf: Adjust to upstream-91.x
+ * [12a433a] New upstream version 91.2.1
+ * [f935b52] Rebuild patch queue from patch-queue branch
+ Added patch:
+ debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch
+ * [3faba71] Disable usage of system icu package
+ The system packages of libicu-dev are to old for Thunderbird, we need to
+ use the internel pre-shipped ICU sources.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 23 Oct 2021 08:59:32 +0200
+
+thunderbird (1:91.2.0-1) experimental; urgency=medium
+
+ * [3c88844] New upstream version 91.2.0
+ Fixed CVE issues in upstream version 91.2 (MFSA 2021-47):
+ CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections
+ CVE-2021-38496: Use-after-free in MessageTask
+ CVE-2021-38497: Validation message could have been overlaid on another
+ origin
+ CVE-2021-38498: Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810: Data race in crossbeam-deque
+ CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2
+ CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2
+ (Closes: #973042)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 16 Oct 2021 08:27:55 +0200
+
+thunderbird (1:91.1.1-1) experimental; urgency=medium
+
+ * [73e3b75] New upstream version 91.1.1
+ * [3413d35] Rebuild patch queue from patch-queue branch
+ Removed patch:
+ fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 20 Sep 2021 20:43:25 +0200
+
+thunderbird (1:91.1.0-1) experimental; urgency=medium
+
+ * [0b1d9f9] New upstream version 91.1.0
+ Fixed CVE issues in upstream version 91.1 (MFSA 2021-41):
+ CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1
+ * [4313e64] Rebuild patch queue from patch-queue branch
+ Added patch:
+ fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch
+ (Closes: #993594)
+ Modified patch:
+ porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch
+ * [234c566] d/rules: Don't run dh_autoreconf
+ (Closes: #993494)
+ * [bce15d7] thunderbird: Set package x11-utils as fallback
+ Install x11-utils only if kdialog or zenity aren't present on the system.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 05 Sep 2021 07:36:10 +0200
+
+thunderbird (1:91.0.2-1) experimental; urgency=medium
+
+ * [a5efefd] New upstream version 91.0.2
+ Fixed CVE issues in upstream version 91.0.1 (MFSA 2021-37):
+ CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
+ * [b21a07b] d/control: increase Standards-Version to 4.6.0
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 23 Aug 2021 20:05:01 +0200
+
+thunderbird (1:91.0-1) experimental; urgency=medium
+
+ * [3be73b6] d/source.filter: some updates to filtering list
+ * [5c87a00] New upstream version 91.0
+ Fixed CVE issues in upstream version 91.0 (MFSA 2021-36):
+ CVE-2021-29986: Race condition when resolving DNS names could have led to
+ memory corruption
+ CVE-2021-29981: Live range splitting could have led to conflicting
+ assignments in the JIT
+ CVE-2021-29988: Memory corruption as a result of incorrect style treatment
+ CVE-2021-29984: Incorrect instruction reordering during JIT optimization
+ CVE-2021-29980: Uninitialized memory in a canvas object could have led to
+ memory corruption
+ CVE-2021-29987: Users could have been tricked into accepting unwanted
+ permissions on Linux
+ CVE-2021-29985: Use-after-free media channels
+ CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
+ type confusion
+ CVE-2021-29989: Memory safety bugs fixed in Thunderbird 91
+ (Closes: #640927, #944208, #958433, #952853, #971722, #982670)
+ * [0157fe4] d/control: Add new package thunderbird-l10n-af
+ Upstream ships localizations for Africaans.
+ * [f23e9e0] d/control: Add new package thunderbird-l10n-en-ca
+ Upstream ships localizations for English (Canada).
+ * [8b3cee9] d/control: Add new package thunderbird-l10n-lv
+ Upstream ships localizations for Latvian.
+ * [cad58ea] d/control: Add new package thunderbird-l10n-pa-in
+ Upstream ships localizations for Punjabi (Gurmukhi).
+ * [aecc2da] d/control: Add new package thunderbird-l10n-th
+ Upstream ships localizations for Thai.
+ * [9707e8a] Moving over to debhelper-compat
+ Switch over to recent debhelper-compat 13.
+ * [2934049] d/rules: Customize dh_missing call
+ Due debhelper-compat dh_missing needs some aditional tweaking as we need
+ to ignore some files which are built and installed into the tempory
+ install folder but not installed into the package(s).
+ * [7df72c6] d/rules: Don't use dwz
+ Running and using dwz is bringing no gain and produces issues to, can be
+ ignored for now.
+ * [1709f28] d/control: Remove non existing packages from Breaks
+ xul-ext-firetray and xul-ext-quotecolors are gone from the supported
+ releases.
+ * [f160918] d/control: Adding Rules-Requires-Root: no
+ No specific root access required so far while package build.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 14 Aug 2021 18:27:21 +0200
+
+thunderbird (1:91.0~b5-1) experimental; urgency=medium
+
+ * [119a49f] d/control: Adjust VCS links to branch debian/experimental
+ * [7ae6acc] d/source.filter: some updates to filtering list
+ * [e28b2f9] New upstream version 91.0~b5
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 01 Aug 2021 09:21:27 +0200
+
+thunderbird (1:91.0~b3-1) experimental; urgency=medium
+
+ * [90a153b] New upstream version 91.0~b3
+ * [ada2cf0] d/control: Remove transitional package lightning
+ * [3e5087f] d/control: Remove obsolete lightning-l10-* packages
+ * [6eac520] d/control: Remove Suggests on libgtk2.0-0 fur thunderbird
+ (Closes: #967771)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 24 Jul 2021 10:37:52 +0200
+
+thunderbird (1:91.0~b1-1) experimental; urgency=medium
+
+ * [78f0ddb] d/source.filter: some updates to filtering list
+ * [3d29fcf] New upstream version 91.0~b1
+ (Closes: #990631)
+ * [daa7fab] d/control: Increase some Build-Depends
+ * [f4bfd22] d/control: Remove libgtk2.0-dev from Build-Depends
+ * [ad4e281] d/s/lintian-overrides: Adding one more file to ignore
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 19 Jul 2021 22:04:15 +0200
+
+thunderbird (1:90.0~b2-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3cc0d66] d/source.filter: some updates to filtering list
+ * [3c76a94] New upstream version 90.0~b2
+ * [46718fe] rebuild patch queue from patch-queue branch
+ removed patches:
+ fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch
+ debian-hacks/Work-around-Debian-bug-844357.patch
+ * [156d3c9] d/thunderbird.1: Correct debugger option
+ * [ca7daca] /u/l/thunderbird: Correct escape sequencing for gdb calling
+ (Closes: #976979)
+ * [f310330] d/thunderbird-wrapper.sh: Use '${}' syntax for variables
+ * [0ef3788] d/thunderbird.install: Remove gtk2 cruft
+ * [17b0510] d/copyright: Update due removed content
+ * [feca305] d/s/lintian-override: Remove two no longer existing entries
+
+ [ Kevin Locke ]
+ * [dbe3c3e] d/thunderbird-wrapper.sh: Make gdb call more fail safe
+ (Closes:#942799)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 20 Jun 2021 14:51:49 +0200
+
+thunderbird (1:89.0~b2-1) experimental; urgency=medium
+
+ * [74911c7] New upstream version 89.0~b2
+ * [b4fef2a] rebuild patch queue from patch-queue branch
+ modified patches:
+ debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch
+ porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ removed patches:
+ debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch
+ * [ea6a29e] d/control: Increase B-D for cbindgen and libnss3-dev
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 03 Jun 2021 19:40:08 +0200
+
+thunderbird (1:88.0~b2-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [7af1a0b] New upstream version 88.0~b2
+ * [30d1d48] rebuild patch queue from patch-queue branch
+ modified patch:
+ debian-hacks/Add-another-preferences-directory-for-applications-p.patch
+ porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch
+ removed patches (included upstream):
+ porting-arm/Reduce-memory-usage-while-linking-on-arm-el-hf-platforms.patch
+ porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch
+ renamed patch:
+ fixes/Load-dependent-libraries-with-their-real-path-to-avo.patch ->
+ fixes/Load-dependent-libraries-with-their-real-path.patch
+ * [f45da92] d/control: Increase B-D for libnss3-dev
+
+ [ Colomban Wendling ]
+ * [bbf78cb] d/thunderbird.desktop: Switch StartupWMClass (Closes: #985366)
+
+ [ Carsten Schoenert ]
+ * [a2cc9e0] d/control: Adding nasm to Build-Depends
+ * [41fad62] d/copyright: update due removed content
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 11 Apr 2021 13:50:27 +0200
+
+thunderbird (1:86.0~b3-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [002f597,fe0515b] d/source.filter: updating the filtering list
+ * [dfafc89,35d050f] d/copyright: updates due upstream changes
+ Add Apache2 notice for third_party/python/coverage
+ * [24c009c] lintian: adding override for false positive in SVG file
+ * [d316a1c] New upstream version 86.0~b3
+ * [20dc687] rebuild patch queue from patch-queue branch
+ modified patch:
+ debian/patches/porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+ * [21b86f0] d/copyright: update due removed content
+ * [7fc9755] d/s/lintian-override: path for TeXZilla.js has changed
+ * [33c5d5a] d/s/lintian-override: remove JS file
+ * [825a440] d/control: Increase B-D for cbindgen
+
+ [ Pino Toscano ]
+ * [35c3c3b] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 13 Feb 2021 13:41:36 +0100
+
+thunderbird (1:85.0~b3-1) experimental; urgency=medium
+
+ * [b142ac6] New upstream version 85.0~b3
+ * [0d2221a] d/control: Increase various B-D versions
+ * [e4eb52e] rebuild patch queue from patch-queue branch
+ added patch:
+ debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch
+ updated patches:
+ debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
+ fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 31 Dec 2020 20:39:53 +0100
+
+thunderbird (1:84.0~b3-1) experimental; urgency=medium
+
+ * [fad5103] calendar-google-provider*: removing left over cruft
+ * [b095d8e] thunderbird.NEWS: Add hint about integration of OpenPGP support
+ * [0f6bdf3] Revert "d/tb.lintian-overrides: ignore warning about none
+ versioned breaks"
+ * [f10f80c] d/copyright: update content
+ * [9c3fb20] d/source.filter: some updates to filtering list
+ * [c9b8274] New upstream version 84.0~b3
+ * [adf3835] rebuild patch queue from patch-queue branch
+ removed patches:
+ fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch
+ fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch
+ porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch
+ porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch
+ porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch
+ porting-m68k/Add-m68k-support-to-Thunderbird.patch
+ porting-sh4/Add-sh4-support-to-Thunderbird.patch
+ * [3ff9c9d] thunderbird-l10n-all: add thunderbird-l10n-cy
+ (Closes: #974127)
+ * [393490c] d/control: remove l10n package for Sinhala
+ * [1f4e966] d/control: increase Standards-Version to 4.5.1
+ No further changes needed.
+ * [288afdd] d/rules: use python3 explicitly while calling mach
+ Using the Python 3 interpreter is needed otherwise the Mozilla magic tries
+ to use a non existing virtualenv environment.
+ * [a509bdf] d/watch: update to version 4
+ No further changes needed.
+ * [fc6b358] d/copyright: update some more content
+ Updating the copyright information due upstream modifications.
+ * [3bd5713] d/s/lintian-overrides: Adding more file to ignore
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 14 Dec 2020 15:24:59 +0100
+
+thunderbird (1:78.14.0-1) unstable; urgency=medium
+
+ * [6dc6817] d/changelog: Correct TB version for referenced MFSA
+ * [38f01f4] d/rules: Don't run dh_autoreconf
+ (Closes: #993494)
+ * [09c4cde] New upstream version 78.14.0
+ Fixed CVE issues in upstream version 78.14.0 (MFSA 2021-42):
+ CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and
+ Thunderbird 91.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 08 Sep 2021 19:57:22 +0200
+
+thunderbird (1:78.13.0-1) unstable; urgency=medium
+
+ * [b4498b0] New upstream version 78.13.0
+ Fixed CVE issues in upstream version 78.13.0 (MFSA 2021-35):
+ CVE-2021-29986: Race condition when resolving DNS names could have led to
+ memory corruption
+ CVE-2021-29988: Memory corruption as a result of incorrect style treatment
+ CVE-2021-29984: Incorrect instruction reordering during JIT optimization
+ CVE-2021-29980: Uninitialized memory in a canvas object could have led to
+ memory corruption
+ CVE-2021-29985: Use-after-free media channels
+ CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 12 Aug 2021 16:13:25 +0200
+
+thunderbird (1:78.12.0-1) unstable; urgency=medium
+
+ * [74d3cdb] New upstream version 78.12.0
+ Fixed CVE issues in upstream version 78.12 (MFSA 2021-30):
+ CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS
+ could be processed
+ CVE-2021-29970: Use-after-free in accessibility features of a document
+ CVE-2021-30547: Out of bounds write in ANGLE
+ CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 17 Jul 2021 09:33:28 +0200
+
+thunderbird (1:78.11.0-2) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [241e539] d/thunderbird.1: Correct debugger option
+ Remove parts that are no longer valid, especially there is no dedicated
+ shell script any more the user has to start, calling 'thunderbird -g' is
+ enough to start a GDB call.
+ * [66deb37] thunderbird: Use internal NSS source while package built
+ (Closes: #989839, #989843, #989979, #989983, #989922, #990012)
+ * [07fb6ef] d/thunderbird-wrapper.sh: Use '${}' syntax for variables
+
+ [ Kevin Locke ]
+ * [d003e26] d/thunderbird-wrapper.sh: Make gdb call more fail safe
+ (Closes: #942799)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 20 Jun 2021 07:20:41 +0200
+
+thunderbird (1:78.11.0-1) unstable; urgency=medium
+
+ * [42c4a87] New upstream version 78.11.0
+ Fixed CVE issues in upstream version 78.11 (MFSA 2021-26):
+ CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 03 Jun 2021 17:22:34 +0200
+
+thunderbird (1:78.10.2-1) unstable; urgency=medium
+
+ * [69552d8] New upstream version 78.10.2
+ Fixed CVE issues in upstream version 78.10.2 (MFSA 2021-22):
+ CVE-2021-29957: Partial protection of inline OpenPGP message not indicated
+ CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master
+ password protection
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 19 May 2021 21:57:11 +0200
+
+thunderbird (1:78.10.0-1) unstable; urgency=medium
+
+ * [f38d78f] New upstream version 78.10.0
+ Fixed CVE issues in upstream version 78.10 (MFSA 2021-15):
+ CVE-2021-23994: Out of bound write due to lazy initialization
+ CVE-2021-23995: Use-after-free in Responsive Design Mode
+ CVE-2021-23998: Secure Lock icon could have been spoofed
+ CVE-2021-23961: More internal network hosts could have been probed by a
+ malicious webpage
+ CVE-2021-23999: Blob URLs may have been granted additional privileges
+ CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
+ encoded URL
+ CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead
+ to null-reads (This issue only affected x86-32 platforms.)
+ CVE-2021-29946: Port blocking could be bypassed
+ CVE-2021-29948: Race condition when reading from disk while verifying
+ signatures
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 19 Apr 2021 20:00:32 +0200
+
+thunderbird (1:78.9.0-1) unstable; urgency=medium
+
+ [ Colomban Wendling ]
+ * [7d454de] d/thunderbird.desktop: Switch StartupWMClass
+ (Closes: #985366)
+
+ [ Carsten Schoenert ]
+ * [23fe9ce] d/source.filter: small update to filtering list
+ * [828b9d7] New upstream version 78.9.0
+ Fixed CVE issues in upstream version 78.9 (MFSA 2021-12):
+ CVE-2021-23981: Texture upload into an unbound backing buffer resulted in
+ an out-of-bound read
+ CVE-2021-23982: Internal network hosts could have been probed by a
+ malicious webpage
+ CVE-2021-23984: Malicious extensions could have spoofed popup information
+ CVE-2021-23987: Memory safety bugs fixed in Thunderbird 78.9
+ * [cf4fbde] rebuild patch queue from patch-queue branch
+ Removed patch (included upstream):
+ porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 23 Mar 2021 15:55:43 +0100
+
+thunderbird (1:78.8.0-1) unstable; urgency=medium
+
+ [ Pino Toscano ]
+ * [f2f1f3f] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink
+
+ [ Carsten Schoenert ]
+ * [f5707a7] New upstream version 78.8.0
+ Fixed CVE issues in upstream version 78.8 (MFSA 2021-09):
+ CVE-2021-23969: Content Security Policy violation report could have
+ contained the destination of a redirect
+ CVE-2021-23968: Content Security Policy violation report could have
+ contained the destination of a redirect
+ CVE-2021-23973: MediaError message property could have leaked information
+ about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 21 Feb 2021 14:58:05 +0100
+
+thunderbird (1:78.7.1-1) unstable; urgency=medium
+
+ * [406f9d7] New upstream version 78.7.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 05 Feb 2021 20:12:59 +0100
+
+thunderbird (1:78.7.0-1) unstable; urgency=medium
+
+ * [8751354] New upstream version 78.7.0
+ Fixed CVE issues in upstream version 78.7 (MFSA 2021-05):
+ CVE-2021-23953: Cross-origin information leakage via redirected PDF
+ requests
+ CVE-2021-23954: Type confusion when using logical assignment operators in
+ JavaScript switch statements
+ CVE-2020-15685: IMAP Response Injection when using STARTTLS
+ CVE-2020-26976: HTTPS pages could have been intercepted by a registered
+ service worker when they should not have been
+ CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
+ variables during GC
+ CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7
+ * [4b0c0a7] rebuild patch queue from patch-queue branch
+ removed patch (included upstream):
+ porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 29 Jan 2021 20:45:49 +0100
+
+thunderbird (1:78.6.1-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [67f6117] Add Apache2 notice for third_party/python/coverage
+ * [38b9ff7] lintian: adding override for false positive in SVG file
+
+ [ Carles Pina i Estany ]
+ * [529d53a] d/thunderbird-wrapper.sh: Unset DEBUG/DEBUGGER variables
+ (Closes: #960230)
+ * [6d48708] d/thunderbird-wrapper-helper.sh: Adjust help text
+
+ [ Carsten Schoenert ]
+ * [5309e91] d/thunderbird-wrapper*.sh: Prefixing some local variables
+ * [07b4733] New upstream version 78.6.1
+ Fixed CVE issues in upstream version 78.6.1 (MFSA 2021-02):
+ CVE-2020-16044: Use-after-free write when handling a malicious
+ COOKIE-ECHO SCTP chunk
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 16 Jan 2021 14:59:02 +0100
+
+thunderbird (1:78.6.0-1) unstable; urgency=medium
+
+ * [1410f1e] d/watch: update to version 4
+ * [a8303b7] d/rules: use python3 explicitly while calling mach
+ * [f3f535e] New upstream version 78.6.0
+ Fixed CVE issues in upstream version 78.6 (MFSA 2020-56):
+ CVE-2020-16042: Operations on a BigInt could have caused uninitialized
+ memory to be exposed
+ CVE-2020-26971: Heap buffer overflow in WebGL
+ CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
+ CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
+ use-after-free
+ CVE-2020-26978: Internal network hosts could have been probed by a
+ malicious webpage
+ CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
+ CVE-2020-35112: Opening an extension-less download may have inadvertently
+ launched an executable instead
+ CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6
+ (Closes: #972072, #973697)
+ * [16a7ab7] /u/l/thunderbird: Correct escape sequencing for gdb calling
+ We need to do a better escaping of values of the '-ex' option otherwise
+ the shell is refusing the concatenated string we want to use as call.
+ (Closes: #976979)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 15 Dec 2020 10:12:34 +0100
+
+thunderbird (1:78.5.1-1) unstable; urgency=medium
+
+ * [08556c2] New upstream version 78.5.1
+ Fixed CVE issues in upstream version 78.5.1 (MFSA 2020-53):
+ CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server
+ response codes
+ * [7047340] rebuild patch queue from patch-queue branch
+ removed patch (included upstream):
+ fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch
+ * [40663bb] debian/control: increase Standards-Version to 4.5.1
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 03 Dec 2020 05:35:04 +0100
+
+thunderbird (1:78.5.0-1) unstable; urgency=medium
+
+ * [7842f02] New upstream version 78.5.0
+ Fixed CVE issues in upstream version 78.5 (MFSA 2020-51):
+ CVE-2020-26951: Parsing mismatches could confuse and bypass security
+ sanitizer for chrome privileged code
+ CVE-2020-16012: Variable time processing of cross-origin images during
+ drawImage calls
+ CVE-2020-26953: Fullscreen could be enabled without displaying the
+ security UI
+ CVE-2020-26956: XSS through paste (manual and clipboard API)
+ CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
+ type restrictions
+ CVE-2020-26959: Use-after-free in WebRequestService
+ CVE-2020-26960: Potential use-after-free in uses of nsTArray
+ CVE-2020-15999: Heap buffer overflow in freetype
+ CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965: Software keyboards may have remembered typed passwords
+ CVE-2020-26966: Single-word search queries were also broadcast to local
+ network
+ CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5
+ * [e19743e] rebuild patch queue from patch-queue branch
+ removed patch (included upstream):
+ fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 18 Nov 2020 20:06:09 +0100
+
+thunderbird (1:78.4.2-1) unstable; urgency=medium
+
+ * [c7f4ed2] New upstream version 78.4.2
+ Fixed CVE issues in upstream version 78.4 (MFSA 2020-49):
+ CVE-2020-26950: Write side effects in MCallGetProperty opcode not
+ accounted for
+ * [c3a617d] rebuild patch queue from patch-queue branch
+ added patch:
+ fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch
+ * [8e4e7ad] thunderbird-l10n-all: add thunderbird-l10n-cy
+ (Closes: #974127)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 10 Nov 2020 21:19:15 +0100
+
+thunderbird (1:78.4.1-1) unstable; urgency=medium
+
+ * [cf8bf1e] New upstream version 78.4.1
+ * [529000c] rebuild patch queue from patch-queue branch
+ added patches:
+ fixes/Bug-1650299-Unify-the-inclusion-of-the-ICU-data-file.-r-f.patch
+ fixes/Don-t-build-ICU-in-parallel.patch
+ Patches are picked from Firefox and fixing FTBFS on s390x within buster.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 06 Nov 2020 21:53:24 +0100
+
+thunderbird (1:78.4.0-1) unstable; urgency=medium
+
+ [ Emilio Pozuelo Monfort ]
+ * [652f8de] install the apparmor profile in thunderbird.install
+
+ [ Carsten Schoenert ]
+ * [5240d53] Revert "thunderbird.install: adjust.desktop renamed file name"
+ (Closes: #972601)
+ * [861b21a] Revert "Rename .desktop file for AppStream compliance"
+ (Closes: #972578)
+ * [ffc5818] New upstream version 78.4.0
+ Fixed CVE issues in upstream version 78.4 (MFSA 2020-47):
+ CVE-2020-15969: Use-after-free in usersctp
+ CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4
+ * [81396e3] rebuild patch queue from patch-queue branch
+ removed patches (fixed upstream):
+ porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch
+ porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch
+
+ modified patches:
+ fixes/Appdata-Adding-some-German-translations.patch
+ fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch
+
+ Minor fine tuning to the AppStream specific parts but also revert some
+ translation entries as they are not intend to be translatable.
+ These modification also in correlation with the mentioned bug reports above
+ which are closed by the other adjustments.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 22 Oct 2020 18:48:25 +0200
+
+thunderbird (1:78.3.3-1) unstable; urgency=medium
+
+ [ Emilio Pozuelo Monfort ]
+ * [6f18974] Remove duplicated --disable-debug-symbols flag
+ * [1119d50] Print a verbose build log by not calling the mach wrapper
+ * [fcf7c11] Exclude -g from CXXFLAGS as well
+
+ [ Carsten Schoenert ]
+ * [9eb159f] New upstream version 78.3.3
+ * [47171dc] rebuild patch queue from patch-queue branch
+ added patches:
+ fixes/Appdata-Adding-some-German-translations.patch
+ fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch
+ * [1474d91] Rename .desktop file for AppStream compliance
+ * [10e49a9] thunderbird.install: adjust.desktop renamed file name
+ * [018bbc1] thunderbird.pc: remove left over cruft
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 18 Oct 2020 08:49:20 +0200
+
+thunderbird (1:78.3.2-1) unstable; urgency=medium
+
+ * [0b2f19f] d/rules: remove hand crafted icu build
+ Cherry-picked from debian/buster branch.
+ The possible required build of the ICU if the usage of an external ICU
+ library is now handled by the upstream build system.
+ * [1583517] d/rules: rewrite dpkg_buildflags to remove option '-g'
+ Cherry-picked from debian/buster branch.
+ We need to remove the option '-g' from the dpkg_buildflags variable for
+ real if we want a build without debugging information (e.g. on 32bit
+ architectures).
+ * [fb4c9c4] New upstream version 78.3.2
+ * [9d5e2b9] d/rules: install the language Add-ons into /u/l/t/e
+ Do not install the thunderbird-l10n packages into /usr/share/thunderbird
+ any more, install them directly into /usr/libt/thunderbird/extensions.
+ This simplifies the package structures as there is no real need to install
+ the packages into /usr/share/thunderbird and linking them back.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 09 Oct 2020 19:49:45 +0200
+
+thunderbird (1:78.3.1-2) unstable; urgency=medium
+
+ * [649f664] rebuild patch queue from patch-queue branch
+ added patches:
+ fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch
+ porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 30 Sep 2020 19:10:27 +0200
+
+thunderbird (1:78.3.1-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [6bd965f] New upstream version 78.3.1
+ Fixed CVE issues in upstream version 78.3.1 (MFSA 2020-44):
+ CVE-2020-15677: Download origin spoofing via redirect
+ CVE-2020-15676: XSS when pasting attacker-controlled data into a
+ contenteditable element
+ CVE-2020-15678: When recursing through layers while scrolling, an iterator
+ may have become invalid, resulting in a potential
+ use-after-free scenario
+ CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3
+ * [8ba13c5] rebuild patch queue from patch-queue branch
+ added patches(picked from firefox packaging):
+ fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch
+ porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch
+ porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch
+ porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch
+ removed patch(fixed upstream):
+ fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch
+ * [c6d282d] calendar-google-provider*: removing left over cruft
+ There are two left over sequencer files from the calendar-google-package,
+ not need any more since 1:68.2.2-1
+ * [cf37615] d/README.Debian: Update and adding new information
+ Some updated information regarding the now included OpenPGP support, also
+ updating some grammar for 'Add-on'.
+ * [faf225b] thunderbird.NEWS: Add hint about integration of OpenPGP support
+ Giving the user a information about the OpenPGP status within Thunderbird
+ since the version 78.0.
+ * [d6f4f0e] Revert "d/tb.lintian-overrides: ignore warning about none
+ versioned breaks"
+ * [9e6cbec] d/copyright: update content
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 27 Sep 2020 09:08:29 +0200
+
+thunderbird (1:78.2.2-1) experimental; urgency=medium
+
+ * [c6592e8] New upstream version 78.2.2
+ * [28f5fce] rebuild patch queue from patch-queue branch
+ added patches:
+ fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch
+ porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch
+ * [4866c06] d/mozconfig.default: add extra config options for ppc64el
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 13 Sep 2020 08:58:44 +0200
+
+thunderbird (1:78.2.1-1) experimental; urgency=medium
+
+ * [1f3f76b] d/rules: drop C{,XX}FLAGS originally intended for GCC6
+ * [4490e37] d/mozconfig.default: add options for mips64el
+ * [17b4e5c] d/rules: Don't build debug symbols on 32Bit arch
+ * [6dff7e0] d/rules: adding -Wl,--as-needed to linker flags
+ * [a213a7f] New upstream version 78.2.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 30 Aug 2020 14:38:17 +0200
+
+thunderbird (1:78.2.0-1) experimental; urgency=medium
+
+ [ intrigeri ]
+ * [f6fcafd] d/control: drop hard dependency on libgtk2.0-0
+ (Closes: #908654)
+ * [85b7a2e] autopkgtests: fix typo in comment
+ * [4bd70ae] d/mozconfig.default: fix typos in comments
+ * [d986a6d] d/control: allow Enigmail 2.2.0 and newer
+ (Closes: #968707)
+
+ [ Carsten Schoenert ]
+ * [52b4006] d/control: increase B-D for libnss3
+ (Closes: #966805)
+ * [7794563] New upstream version 78.2.0
+ Fixed CVE issues in upstream version 78.2.0 (MFSA 2020-41):
+ CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could
+ have resulted in escalation of privilege
+ CVE-2020-15664: Attacker-induced prompt for extension installation
+ CVE-2020-15670: Memory safety bugs fixed in Thunderbird 78.2
+ * [623f853] rebuild patch queue from patch-queue branch
+ No modifications made, just updating the index.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 26 Aug 2020 20:41:28 +0200
+
+thunderbird (1:78.1.1-1) experimental; urgency=medium
+
+ * [5fb842b] d/mozconfig.default: adding new option regarding Add-Ons
+ Adding additional options --allow-addon-sideload and
+ --with-unsigned-addon-scopes=app,system. These option are adopted and
+ taken from the firefox package.
+ * [8de0b35] New upstream version 78.1.1
+ * [4abe5ed] d/copyright: update content
+ Some small updates to the copyright information.
+ * [3caa541] d/control: adding new B-D for botan and json-c
+ The upstream source now offers the possibility to use the system
+ libraries for botan and json-c, for this we need to have both libraries
+ installed for building Thunderbird.
+ * [251d524] d/mozconfig.default: use botan and json-c system libraries
+ Turn on the configuration flags for botan and also for json-c that let
+ the build use the installed provided system libraries instead of using
+ internal versions.
+ * [a32a163] rebuild patch queue from patch-queue branch
+ removed patch:
+ debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch
+ Upstream has now (again) a configure option for using a installed system
+ bzip2 library that makes our added patch for this not needed anymore.
+ * [16c91c0] lintian: remove override for embedded bzip2 in librnp.so
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 08 Aug 2020 19:16:08 +0200
+
+thunderbird (1:78.1.0-1) experimental; urgency=medium
+
+ * [c4099cd] New upstream version 78.1.0
+ Fixed CVE issues in upstream version 78.1.0 (MFSA 2020-33):
+ CVE-2020-15652: Potential leak of redirect targets when loading scripts in
+ a worker
+ CVE-2020-6514: WebRTC data channel leaks internal address to peer
+ CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
+ CVE-2020-15653: Bypassing iframe sandbox when allowing popups
+ CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ CVE-2020-15656: Type confusion for special arguments in IonMonkey
+ CVE-2020-15658: Overriding file type when saving to disk
+ CVE-2020-15657: DLL hijacking due to incorrect loading path
+ CVE-2020-15654: Custom cursor can overlay user interface
+ CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 31 Jul 2020 19:35:57 +0200
+
+thunderbird (1:78.0.1-1) experimental; urgency=medium
+
+ * [5450d8d] d/control: increase B-D for libnss3
+ * [9749d1d] d/control: drop B-D on python2 and move over to python3
+ * [b31360b] d/xpi-pack.sh: adding xpi-pack shell script
+ * [89ede80] Drop mozilla-devscripts as B-D
+ * [f3b2ced] New upstream version 78.0.1
+ * [1847202] d/tb.lintian-overrides: ignore warning about none versioned
+ breaks
+ * [d56c922] d/lightning.links: removing left over sequencer file
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 22 Jul 2020 20:11:25 +0200
+
+thunderbird (1:78.0-1) experimental; urgency=medium
+
+ * [1016cc5] New upstream version 78.0
+ Fixed CVE issues in upstream version 78.0 (MFSA 2020-29):
+ CVE-2020-12415: AppCache manifest poisoning due to url encoded character
+ processing
+ CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster
+ CVE-2020-12417: Memory corruption due to missing sign-extension for
+ ValueTags on ARM64
+ CVE-2020-12418: Information disclosure due to manipulated URL object
+ CVE-2020-12419: Use-after-free in nsGlobalWindowInner
+ CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
+ CVE-2020-15648: X-Frame-Options bypass using object or embed tags
+ CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack
+ CVE-2020-12421: Add-On updates did not respect the same certificate trust
+ rules as software updates
+ CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+ CVE-2020-12424: WebRTC permission prompt could have been bypassed by a
+ compromised content process
+ CVE-2020-12425: Out of bound read in Date.parse()
+ CVE-2020-12426: Memory safety bugs fixed in Thunderbird 78
+ * [ad66b04] rebuild patch queue from patch-queue branch
+ reworked patch:
+ porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ * [4a2039c] d/mozconfig.default: enable OpenPGP feature build
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 16 Jul 2020 19:15:25 +0200
+
+thunderbird (1:78.0~b2-1) experimental; urgency=medium
+
+ * [c8da927] d/source.filter: fix obviously happen typo
+ * [c513a96] New upstream version 78.0~b2
+ * [6e9104e] d/control: tb, adding binary version to lightning provides
+ Make the Provides for Lightning a versioned provide.
+ * [8adec8f] enigmail: let any version of Enigmail break
+ We now can break on any Enigmail version, the Enigmail functions are now
+ included in Thunderbird and don't want to have an Enigmail package get
+ installed in parallel.
+ * [696b1fc] xul-ext-*/webext-*: adding more extensions to break
+ Quite all of the current packaged Thunderbird extensions will not work
+ for now with Thunderbird 78.*, adding/renaming the current know packages
+ with recent versions to Breaks for thunderbird.
+ * [e488d0c] thunderbird: remove some non-existing packages from Breaks
+ The listed packages
+ xul-ext-foxyproxy-standard
+ xul-ext-gnome-keyring
+ xul-ext-nostalgy
+ aren't in any supported release so we don't need them any more within a
+ Breaks for thunderbird.
+ * [039ee90] thunderbird: remove outdated myspell packages from Breaks
+ All previously listed myspell packages in Breaks for thunderbird aren't
+ reachable with the given version any more. We can remove them safely.
+ * [08ea0ba] thunderbird: remove outdated hunspell packages from Breaks
+ The same is true for the hunspell packages that were listed in the Breaks
+ field for thunderbird.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 20 Jun 2020 18:04:59 +0200
+
+thunderbird (1:78.0~b1-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [625efa9] d/source.filter: some updates to filtering list
+ Recent modification of the shipped files in the upstream tarball do
+ require small updates of the filter list we use to repack the tarball.
+ * [967ee19] New upstream version 78.0~b1
+ * [240991e] rebuild patch queue from patch-queue branch
+ removed patch:
+ debian-hacks/use-icudt-b-l-.dat-depending-on-architecture.patch
+ This will require some additional adjustment later for the stable-security
+ uploads as this patch was required to get a recent ICU version build
+ before the build of the thunderbird sources did start.
+ reworked patch:
+ debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch
+ * [07cab53] d/mozconfig.default: remove no longer existing options
+ By this release a lot of old configure options are kicked out, some of
+ them we have used until now. We need to remove these from the config.
+ * [df2e99b] d/copyright: update content
+ As usual some required update of the copyright file, more files are not
+ shipped anymore.
+
+ [ intrigeri ]
+ * [82a4b03] AppArmor: update profile from upstream at commit 860d2d9
+ (cherry-picked from unstable)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 13 Jun 2020 20:01:39 +0200
+
+thunderbird (1:77.0~b3-1) experimental; urgency=medium
+
+ * [82de2f6] New upstream version 77.0~b3
+ * [8beaf6f] rebuild patch queue from patch-queue branch
+ removed patch (included upstream):
+ fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch
+ * [ab2d7a2] d/copyright: Add license for appstream xml file
+ * [1533187] d/source.filter: Remove some *.wasm files as well
+ * [7cdfe03] d/thunderbird.lintian-overrides: Some more needed overrides
+ We need currently the included bzip library. Also add a false positive
+ about the misread postinst script.
+ * [9385fd4b] d/control: Remove doubled listed package libglib2.0-dev
+ Drop a doubled listed package libglib2.0-dev within B-D.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 20 May 2020 20:58:09 +0200
+
+thunderbird (1:77.0~b2-1) experimental; urgency=medium
+
+ * [185d4f7] New upstream version 77.0~b2
+ * [e918036] rebuild patch queue from patch-queue branch
+ removed patch:
+ fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch
+ * [c1979ce] d/mozconfig.default: Remove obsolete options
+ Drop the options '--with-distribution-id' and '--with-user-appdir'.
+ The former is basically only supporting the given default 'org.mozilla'
+ and the latter was set to the default '.mozilla' anyway.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 16 May 2020 14:04:02 +0200
+
+thunderbird (1:77.0~b1-1) experimental; urgency=medium
+
+ * [ee06e6e] New upstream version 77.0~b1
+ * [a21b649] rebuild patch queue from patch-queue branch
+ removed patches (not needed any more):
+ lower-down-required-version-on-NSS3.patch
+
+ added patches:
+ fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch
+ fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch
+ * [295cc4d] d/control: increase B-D for libnss3
+ The build requires now libnss3-dev >= 2:3.52.
+ * [f998baf] lintian-overrides: remove overrides for kinto-http-client.js
+ No override needed for this file, it's not included any more.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 08 May 2020 15:18:44 +0200
+
+thunderbird (1:76.0~b2-1) experimental; urgency=medium
+
+ * [87988db] d/control: increase B-D for cargo to 0.42
+ * [b9b0dfd] rebuild patch queue from patch-queue branch
+ removed patch:
+ debian-hacks/Ignore-version-check-for-cargo.patch
+ * [8386db0] d/control: Remove B-D on libjson-dev and libsqlite3-dev
+ The built uses internal copies for libjson and libsqlite as there are
+ made modifications to them. For now we can decrease the list of build
+ dependencies by removing this two packages.
+ * [6324222] New upstream version 76.0~b2
+ * [629b3bb] d/rules: Remove default compiler flag
+ No needed for '-Wl,--as-needed' any more, it's default now.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 27 Apr 2020 09:55:43 +0200
+
+thunderbird (1:76.0~b1-1) experimental; urgency=medium
+
+ * [b52cd52] d/c-thunderbird-l10n-tarball.sh: change upstream resource
+ Upstream has changed the folder were we can find the language providing
+ XPI packages. They simply moved over from linux-i686 to linux-x86_64.
+ * [22e697a] d/rules: drop set up of LIGHTNING_VERSION variable
+ We don't need this variable any more for building the packages (like all
+ the lightning-foo named stuff), there is no dedicated Lighting named stuff
+ around.
+ * [4ad871b] d/gbp.conf: Remove additional tarball for lightning-l10n
+ git-buildpackage won't find this additional tarball as it's not needed
+ starting by the import of the next upstream version (this is 76.0b1).
+ * [25d8d42] d/c-l-l10n-t.sh: Remove helper script
+ We also don't need to build the l10n specific additional tarball for
+ Lighting related parts any more. Dropping this helper script.
+ * [9d33d06] d/README.source: Remove part of lightning-l10n
+ * [b063d7f] New upstream version 76.0~b1
+ * [e7a23ec] rebuild patch queue from patch-queue branch
+ removed patches (not needed or included upstream):
+ debian-hacks/Build-against-system-libjsoncpp.patch
+ debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch
+ fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch
+ fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch
+
+ added patches:
+ debian-hacks/Ignore-version-check-for-cargo.patch
+ lower-down-required-version-on-NSS3.patch
+ * [94d8593] d/control: adding new packages thunderbird-l10n-{cak,kab,uz}
+ After the final release of Thunderbird 68.0 new l10n support for the
+ languages Kacqhikel, Georgian and Uzbek was added. Reflect this by adding
+ new binary packages for those languages.
+ * [5397182] d/mozconfig.default: remove option for system-sqlite
+ Upstream is using their own version of an modified SQLite now and has
+ dropping the additional configure option about this.
+ * [abb0ded] d/control: increase various versions in B-D
+ The current source requires some more recent versions of the helping tools
+ for building the sources as usual.
+ * [abfc8b2] d/rules: remove any action related to old lightning stuff
+ As the sources doesn't have any Lightning specific parts any more we need
+ to adjust the build process within debian/rules a bit. Thus dropping all
+ the rules around Lighting things.
+ * [f95b3ad] d/control: Turn lightning into transitional package
+ For now switch the behaviour of the lightning package into a transitional
+ one. We might can drop the whole package rather soon.
+ * [c3062cb] d/thunderbird.install: Remove blocklist.xml
+ Don't install the file blocklist.xml any more, it's now not shipped by
+ upstream any more.
+ * [856e99e] d/mozconfig.thunderbird: Remove --enable-calendar
+ Previously the build of the Lightning extension was needed to get enabled
+ to built this as an extension. Now it's fully integrated into the core
+ this configure option isn't needed any longer.
+ * [5551a8a] d/copyright: update content
+ As usual there is some moving within the source code between the major
+ versions, reflect this by adjusting the content of the copyright file.
+ * [21e9b7f] lintian-overrides: adjust overrides for needed files
+ Also the override file for the source is needing some adjustments.
+ * [f25ddc4] d/source.filter: update the filter sequences
+ The control for filtering non needed stuff from the upstream tarball must
+ also get adjusted due changed versions, moved folders etc.
+ * [e4a81ba] d/thunderbird.install: Install also appdata.xml
+ Upstream is providing an AppStream data file which we want install mow
+ also.
+ * [80385c9] d/source.filter: Sorting entries alphabetically
+ No functional modifications, just sorting entries to find stuff more easily.
+ * [585cf0a] d/thunderbird.lintian-overrides: update after config changes
+ We also need to modify the content for Lintian overrides for the
+ thunderbird package a bit. Thunderbird comes now (again) with own versions
+ of the libraries libtheora and libjsoncpp. Mostly because Mozilla has made
+ some own modifications within these libraries.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 18 Apr 2020 08:28:25 +0200
+
+thunderbird (1:68.12.0-1) unstable; urgency=medium
+
+ * [103cab7] New upstream version 68.12.0
+ Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35):
+ CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could
+ have resulted in escalation of privilege
+ CVE-2020-15664: Attacker-induced prompt for extension installation
+ CVE-2020-15669: Use-After-Free when aborting an operation
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 27 Aug 2020 21:23:55 +0200
+
+thunderbird (1:68.11.0-3) unstable; urgency=medium
+
+ * [28707fd] d/xpi-pack.sh: adding xpi-pack shell script
+ As we can't depend on mozilla-devscripts anymore we pick up the shell
+ script from that package as this builds XPI files we need.
+ * [037212e] Drop mozilla-devscripts as B-D
+ mozilla-devscripts isn't ported to Python3 yet and depends on Python2 so.
+ We don't need that package as B-D as we picked the main shell script from
+ that and we can drop that package from the build dependencies.
+ * [31eda41] Drop python-{minimal,ply} from B-D
+ These packages are removed from teh archive and we don't need them for
+ building Thunderbird as long we have python2 as package available.
+ (Closes: #967223)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 04 Aug 2020 19:06:20 +0200
+
+thunderbird (1:68.11.0-2) unstable; urgency=medium
+
+ * [110a375] d/control: increase B-D for libnss3
+ * [73fa23e] d/control: tb manually set dep on libnss3 to 2:3.55
+ (Closes: #966806)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 02 Aug 2020 20:12:49 +0200
+
+thunderbird (1:68.11.0-1) unstable; urgency=medium
+
+ * [093b080] New upstream version 68.11.0
+ Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35):
+ CVE-2020-15652: Potential leak of redirect targets when loading scripts
+ in a worker
+ CVE-2020-6514: WebRTC data channel leaks internal address to peer
+ CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 29 Jul 2020 22:26:14 +0200
+
+thunderbird (1:68.10.0-1) unstable; urgency=medium
+
+ * [7537684] New upstream version 68.10.0
+ Fixed CVE issues in upstream version 68.10.0 (MFSA 2020-26):
+ CVE-2020-12417: Memory corruption due to missing sign-extension for
+ ValueTags on ARM64
+ CVE-2020-12418: Information disclosure due to manipulated URL object
+ CVE-2020-12419: Use-after-free in nsGlobalWindowInner
+ CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
+ MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login
+ credentials
+ CVE-2020-12421: Add-On updates did not respect the same certificate trust
+ rules as software updates
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 04 Jul 2020 10:55:31 +0200
+
+thunderbird (1:68.9.0-1) unstable; urgency=medium
+
+ [ intrigeri ]
+ * [fd13825] AppArmor: update profile from upstream at commit 860d2d9
+ (Closes: #960465)
+
+ [ Carsten Schoenert ]
+ * [c310c40] New upstream version 68.9.0
+ Fixed CVE issues in upstream version 68.9.0 (MFSA 2020-22):
+ CVE-2020-12399: Timing attack on DSA signatures in NSS library
+ CVE-2020-12405: Use-after-free in SharedWorkerService
+ CVE-2020-12406: JavaScript Type confusion with NativeTypes
+ CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0
+ CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to
+ information leakage
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 05 Jun 2020 20:29:35 +0200
+
+thunderbird (1:68.8.1-1) unstable; urgency=medium
+
+ * [7495e7a] New upstream version 68.8.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 22 May 2020 19:04:20 +0200
+
+thunderbird (1:68.8.0-1) unstable; urgency=medium
+
+ * [9b5ae46] New upstream version 68.8.0
+ Fixed CVE issues in upstream version 68.8.0 (MFSA 2020-18):
+ CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode
+ characters
+ CVE-2020-12387: Use-after-free during worker shutdown
+ CVE-2020-6831: Buffer overflow in SCTP chunk input validation
+ CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
+ CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape
+ website-controlled data, potentially leading to command
+ injection
+ CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 05 May 2020 20:47:29 +0200
+
+thunderbird (1:68.7.0-1) unstable; urgency=medium
+
+ * [c0052af] New upstream version 68.7.0
+ Fixed CVE issues in upstream version 68.7.0 (MFSA 2020-14):
+ CVE-2020-6819: Use-after-free while running the nsDocShell destructor
+ CVE-2020-6820: Use-after-free when handling a ReadableStream
+ CVE-2020-6821: Uninitialized memory could be read when using the WebGL
+ copyTexSubImage method
+ CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large
+ images
+ CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 12 Apr 2020 07:40:41 +0200
+
+thunderbird (1:68.6.0-1) unstable; urgency=medium
+
+ * [5709774] New upstream version 68.6.0
+ Fixed CVE issues in upstream version 68.6.0 (MFSA 2020-10):
+ CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
+ CVE-2020-6805: Use-after-free when removing data about origins
+ CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections
+ against state confusion
+ CVE-2020-6807: Use-after-free in cubeb during stream destruction
+ CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape
+ website-controlled data, potentially leading to
+ command injection
+ CVE-2020-6812: The names of AirPods with personally identifiable
+ information were exposed to websites with camera or
+ microphone permission
+ CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 16 Mar 2020 20:01:29 +0100
+
+thunderbird (1:68.5.0-1) unstable; urgency=medium
+
+ * [d79bf82] New upstream version 68.5.0
+ Fixed CVE issues in upstream version 68.5.0 (MFSA 2020-07):
+ CVE-2020-6793: Out-of-bounds read when processing certain email messages
+ CVE-2020-6794: Setting a master password post-Thunderbird 52 does not
+ delete unencrypted previously stored passwords
+ CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
+ CVE-2020-6798: Incorrect parsing of template tag could result in
+ JavaScript injection
+ CVE-2020-6792: Message ID calculcation was based on uninitialized data
+ CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5
+ (Closes: #891848)
+ * [0884df6] d/control: increase Standards-Version to 4.5.0
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 13 Feb 2020 17:58:44 +0100
+
+thunderbird (1:68.4.2-1) unstable; urgency=medium
+
+ * [7ab7786] d/gbp.conf: add some more files we need to filter out
+ * [9c02c34] New upstream version 68.4.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 26 Jan 2020 13:13:49 +0100
+
+thunderbird (1:68.4.1-1) unstable; urgency=medium
+
+ * [a00f3e9] New upstream version 68.4.1
+ Fixed CVE issues in upstream version 68.4.1 (MFSA 2020-04):
+ CVE-2019-17026: IonMonkey type confusion with StoreElementHole and
+ FallibleStoreElement
+ CVE-2019-17015: Memory corruption in parent process during new content
+ process initialization on Windows
+ CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
+ CVE-2019-17017: Type Confusion in XPCVariant.cpp
+ CVE-2019-17022: CSS sanitization does not escape HTML tags
+ CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1
+ * [6b1fd82] rebuild patch queue from patch-queue branch
+ removed patch (included upstream)
+ fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 10 Jan 2020 18:33:43 +0100
+
+thunderbird (1:68.3.1-1) unstable; urgency=medium
+
+ [ Emilio Pozuelo Monfort ]
+ * [6f59313] Fix MOZ_BUILD_DATE to have the expected format
+
+ [ Carsten Schoenert ]
+ * [5d0f4b1] d/rules: don't use SOURCE_DATE_EPOCH for MOZ_BUILD_DATE
+ (Closes: #946588)
+ * [1467af5] New upstream version 68.3.1
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 18 Dec 2019 15:54:44 +0100
+
+thunderbird (1:68.3.0-2) unstable; urgency=medium
+
+ * [0625d30] rebuild patch queue from patch-queue branch
+ added patches:
+ fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch
+ fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch
+ * [ea8d98c] Breaks: add versioned birdtray package
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 09 Dec 2019 18:22:15 +0100
+
+thunderbird (1:68.3.0-1) unstable; urgency=medium
+
+ * [fe289ec] /u/b/thunderbird: export variable DICPATH before start
+ (Closes: #944295)
+ * [a9a48c6] New upstream version 68.3.0
+ Fixed CVE issues in upstream version 68.3 (MFSA 2019-38):
+ CVE-2019-17008: Use-after-free in worker destruction
+ CVE-2019-13722: Stack corruption due to incorrect number of arguments in
+ WebRTC code
+ CVE-2019-11745: Out of bounds write in NSS when encrypting with a block
+ cipher
+ CVE-2019-17009: Updater temporary files accessible to unprivileged
+ processes
+ CVE-2019-17010: Use-after-free when performing device orientation checks
+ CVE-2019-17005: Buffer overflow in plain text serializer
+ CVE-2019-17011: Use-after-free when retrieving a document in
+ antitracking
+ CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR
+ 68.3, and Thunderbird 68.3
+ * [fb23473] d/control: increase B-D version on NSS to 3.44.3
+ * [6f59938] Breaks: adding more non compatible packaged AddOns
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 05 Dec 2019 10:03:22 +0100
+
+thunderbird (1:68.2.2-1) unstable; urgency=medium
+
+ * [198d539] xul-ext-compactheader: allow also version << 3.0.0
+ * [0e93753] d/control: add incompatibility with jsunit << 0.2.2
+ * [87c84cb] New upstream version 68.2.2
+ This upstream version has removed the source for calendar-google-provider,
+ thus we can't provide the related binary package any more.
+ * [a3cea2a] rebuild patch queue from patch-queue branch
+ rebuild patch queue from patch-queue branch
+
+ removed patches (included upstream):
+ debian/patches/fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch
+ debian/patches/fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch
+ debian/patches/fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch
+ debian/patches/fixes/Build-also-gdata-provider-as-xpi-file.patch
+ debian/patches/fixes/rust-ignore-not-available-documentation.patch
+ debian/patches/porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
+ debian/patches/porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
+ debian/patches/porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
+ debian/patches/porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch
+ debian/patches/porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch
+ * [1730f5f] d/control: remove references to calendar-google-provider
+ Don't build calendar-google-provider any more and remove any references
+ from other binary packages.
+ * [1b0bbb8] d/rules: remove any calendar-google-provider stuff
+ * [92f681c] thunderbird.NEWS: Adding hint about removal of gdata
+ Give out an announcement about the removal of a possible previously
+ installed package calendar-google-provider.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 10 Nov 2019 12:09:17 +0100
+
+thunderbird (1:68.2.1-1) unstable; urgency=medium
+
+ [ intrigeri ]
+ * [c48e2cb] AppArmor: update profile from upstream at commit a27a1a5
+ (Closes: #941290)
+
+ [ Carsten Schoenert ]
+ * [98497ae] New upstream version 68.2.0
+ Fixed CVE issues in upstream version 68.2 (MFSA 2019-35):
+ CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
+ CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
+ CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
+ CVE-2019-11759: Stack buffer overflow in HKDF output
+ CVE-2019-11760: Stack buffer overflow in WebRTC networking
+ CVE-2019-11761: Unintended access to a privileged JSONView object
+ CVE-2019-11762: document.domain-based origin isolation has
+ same-origin-property violation
+ CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
+ CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2
+ (Closes: #925841)
+ * [a104c51] d/control: increase Standards-Version to 4.4.1
+ * [6c9d012] xul-ext-dispmua: set current min usable version
+ * [b3bf16f] New upstream version 68.2.1
+ * [8f89b90] d/control: decrease build architecture list
+ Decreasing the current list of build architectures. Not meant to keep this
+ forever, removed RC architectures needing support and volunteering to get
+ them back.
+ (Closes: #921258)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 01 Nov 2019 20:36:59 +0100
+
+thunderbird (1:68.1.2-1~exp1) experimental; urgency=medium
+
+ * [81f4144] xul-ext-compactheader: increase minimal usable version
+ * [a815589] Update the global information about TB in Debian
+ * [bb5f5f7] rebuild patch queue from patch-queue branch
+ * [6fe7d3f] xul-ext-sogo-connector: increase minimal usable version
+ * [2e29af5] New upstream version 68.1.2
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 26 Oct 2019 08:41:50 +0200
+
+thunderbird (1:68.1.1-1~exp1) experimental; urgency=medium
+
+ [ intrigeri ]
+ * [3f49653] AppArmor: update profile from upstream at commit ed52e4a
+
+ [ Carsten Schoenert ]
+ * [348f476] New upstream version 68.0~b5
+ * [2a2f101] New upstream version 68.1.1
+ Fixed CVE issues in upstream version 68.1 (MFSA 2019-20):
+ CVE-2019-11711: Script injection within domain through inner window reuse
+ CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins
+ by following 308 redirects
+ CVE-2019-11713: Use-after-free with HTTP/2 cached stream
+ CVE-2019-11714: NeckoChild can trigger crash when accessed off of main
+ thread
+ CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a
+ segmentation fault
+ CVE-2019-11715: HTML parsing error can contribute to content XSS
+ CVE-2019-11716: globalThis not enumerable until accessed
+ CVE-2019-11717: Caret character improperly escaped in origins
+ CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11720: Character encoding XSS vulnerability
+ CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
+ CVE-2019-11730: Same-origin policy treats all files in a directory as
+ having the same-origin
+ CVE-2019-11723: Cookie leakage during add-on fetching across private
+ browsing boundaries
+ CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting
+ permissions
+ CVE-2019-11725: Websocket resources bypass safebrowsing protections
+ CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
+ CVE-2019-11728: Port scanning through Alt-Svc header
+ CVE-2019-11710: Memory safety bugs fixed in Firefox 68 and Thunderbird 68
+ CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8,
+ and Thunderbird 68
+
+ Fixed CVE issues in upstream version 68.1 (MFSA 2019-20):
+ CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted
+ multipart/alternative message
+ CVE-2019-11746: Use-after-free while manipulating video
+ CVE-2019-11744: XSS by breaking out of title and textarea elements using
+ innerHTML
+ CVE-2019-11742: Same-origin policy violation with SVG filters and canvas
+ to steal cross-origin images
+ CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-11743: Cross-origin access to unload event attributes
+ CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
+ Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
+
+ Fixed CVE issues in upstream version 68.1.1 (MFSA 2019-32):
+ CVE-2019-11755: Spoofing a message author via a crafted S/MIME message
+
+ * [9342624] rebuild patch queue from patch-queue branch
+ added patches:
+ debian-hacks/Set-program-name-from-the-remoting-name.patch
+ debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
+ debian-hacks/Work-around-Debian-bug-844357.patch
+ fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch
+ fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch
+ fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch
+ porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch
+
+ removed patch (fixed upstream):
+ porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch
+ porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch
+
+ * [25cb500] d/control: increase various versions in B-D
+ * [ee5b713] d/control: remove B-D on librust-cbindgen-dev
+ Use librust-toml-dev instead, we only need some files from this package,
+ librust-cbindgen-dev is a metapackage which is broken while packaging.
+ * [442a6b1] d/rules: work around cargo needs a HOME dir
+ * [4894a4c] d/control: increase Standards-Version to 4.4.0
+ No further changes needed.
+ * [bb47b68] d/control: update upstream homepage for Thunderbird
+ Since some time Mozilla Thunderbird has a new homepage placed on URI
+ https://www.thunderbird.net/
+ * [a3b680e] d/source.filter: update the filter sequences
+ New Thunderbird upstream versions bringing some new unwanted files within
+ the source.
+ * [7290ff4] d/control: remove transitional lightning l10n packages
+ The Lightning l10n packages moved into transitional packages before Buster
+ was released, now after the Buster release removing these transitional
+ packages. All required l10n files are available in the packages
+ thunderbird-$(locale) even for Lightning.
+ * [3d1d27d] enigmail: increase minimal usable version
+ Thunderbird 68.x needs at least Enigmal in version 2.1, but increase the
+ version on Enigmail to the most recent version which is released while
+ packaging.
+ * [66069d9] calendar-exchange-provider: removed from Breaks
+ This package isn't alive in unstable and testing.
+ * [3b9f936] d/control: remove Xb-Xul-AppId field
+ Thunderbird don't has any Xul based AddOns since version 68.0
+ * [7d8cd7d] lintian-overrides: remove not needed overrides
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 28 Sep 2019 15:38:28 +0200
+
+thunderbird (1:68.0~b1-1) experimental; urgency=medium
+
+ * [0eabe70] New upstream version 68.0~b1
+ * [2febf67] rebuild patch queue from patch-queue branch
+ added patch:
+ debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch
+ * [cfa5973] d/s/lintian-overrides: adjust overrides for needed files
+ * [46077e2] d/copyright: update after upstream changes
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 16 Jun 2019 10:28:52 +0200
+
+thunderbird (1:67.0~b3-1) experimental; urgency=medium
+
+ [ intrigeri ]
+ * [9ad75ad] d/rules: drop useless usage of dpkg-parsechangelog
+
+ [ Carsten Schoenert ]
+ * [d6f6747] New upstream version 67.0~b3
+ * [90f73be] rebuild patch queue from patch-queue branch
+ removed patch:
+ fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch
+ * [7dd5c54] d/control: increase various B-D versions
+ Increasing the version for the build depending packages of cargo, cbindgen,
+ libnspr4-dev, libnss3-dev, libsqlite3-dev and rustc.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 11 Jun 2019 19:36:00 +0200
+
+thunderbird (1:66.0~b1-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [afe31d9] New upstream version 66.0~b1
+ * [4ec53cc] apparmor: update profile from upstream (commit 7ace41b1)
+ (cherry-picked from debian/sid)
+ * [b3657a0] d/rules: make dh_clean more robust
+ Remove some regenerated files in dh_clean to the build will not fail in
+ case the build needs to be started twice within the same build environment.
+ (cherry-picked from debian/sid)
+ * [dceb027] d/rules: move disable debug option into configure step
+ Adding the option '--disable-debug-symbols' to the file mozconfig.default
+ in case the build is running on a 32bit architecture instead of expanding
+ the variable 'CONFIGURE_FLAGS'. The configuration approach for this option
+ taken from firefox-esr was not working for the thunderbird package.
+ (cherry-picked from debian/sid)
+ * [f7f02a9] d/rules: reorder LDFLAGS for better readability
+ Make the used additional options for LDFLAGS better readable by reordering
+ the various used options. Also adding the option '-Wl, --as-needed' to the
+ list of used options here.
+ (cherry-picked from debian/sid)
+ * [79801fb] d/rules: use 'compress-debug-sections' only on 64bit
+ Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets
+ use this option only if we are on a 64bit architecture as otherwise the
+ build is failing on 32bit architectures again. We don't want to build any
+ debug information on 32bit anyway so we don't need this option on these
+ platforms.
+ (cherry-picked from debian/sid)
+ * [11f9e14] d/mozconfig.default: adding option for mipsel
+ We don't have set up any options for the mipsel platform before, but the
+ build needs some additional options too on this platform to succeed.
+ (cherry-picked from debian/sid)
+ * [e46e178] d/mozconfig.default: disable ion on mips and mipsel
+ The build will fail on mips{,el} if we have enabled ION, the JavaScript
+ JIT compiler on these platforms will loose some performance by this.
+ (cherry-picked from debian/sid)
+
+ [ Alexander Nitsch ]
+ * [31b87e9] Make the logo SVG square
+ The original SVG source isn't completely square, modifying the SVG file
+ so all generated other files from the input are also exactly square.
+ * [c0f19a3] Add script for generating PNGs from logo SVG
+ * [c153c5f] Update icon PNGs to be properly scaled
+
+ [ Carsten Schoenert ]
+ * [c372e1f] d/source.filter: add some configure scripts
+ Filter out some files that are named 'configure', they are rebuild later
+ anyway. The filtering of these files is moved from gbp.conf to
+ source.filter.
+ (cherry-picked from debian/sid)
+ * [a40c5df] d/c-lightning-l10n-t.sh: drop version checking
+ Remove an old check for a version string within the file install.rdf.
+ It's not created any more by upstream since > 60.0.
+ * [05b325e] d/source.filter: don't ignore files in root folder
+ Try to not ignore files which are in the top root folder of the upstream
+ source tarball.
+ * [d2ca267] rebuild patch queue from patch-queue branch
+ added patch:
+ fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch
+
+ modified (refreshed) patches:
+ porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
+ porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch
+ porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch
+ porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
+ porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+ porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
+ porting-m68k/Add-m68k-support-to-Thunderbird.patch
+
+ removed patches (applied upstream):
+ fixes/Fix-big-endian-build-for-SKIA.patch
+ porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
+ porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
+ * [cb1dde9] d/control: increase version in B-D for libsqlite3-dev
+ * [54e8890] d/mozconfig.default: add new configure option
+ We need to disable the usage of libav1 for an successful build. The used
+ configure option was added by the new added patch to the patch queue.
+ * [ecd3ade] d/copyright: update after upstream changes
+ * [af58ed8] d/source.filter: add extra content to ignore
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 17 Feb 2019 10:58:46 +0100
+
+thunderbird (1:65.0~b1-1) experimental; urgency=medium
+
+ * [e5956ef] Merge tag 'debian/1%60.4.0-1' into debian/experimental
+ * [389748b] d/source.filter: adjust files to filter while repack
+ Rework of the file filter list due new upstream version but also to no
+ filter out files we obviously need later, e.g. for the omni.jar archive.
+ * [4b86a78] New upstream version 65.0~b1
+ * [3db29ed] rebuild patch queue from patch-queue branch
+ removed patches (fixed upstream):
+ debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch
+ debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch
+ fixes/Build-also-gdata-provider-as-xpi-file.patch
+ fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch
+ porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
+ porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
+ porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch
+
+ removed patches (dropped for Debian specific build):
+ debian-hacks/Don-t-build-testing-suites-and-stuff.patch
+ debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch
+ adjusted patches:
+
+ debian-hacks/Add-another-preferences-directory-for-applications-p.patch
+ debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch
+ patches/fixes/Fix-big-endian-build-for-SKIA.patch (but currently disabled)
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+ porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
+ porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
+ * [e918c6c] d/control: increase versions in B-D
+ New Thunderbirds version typically need other packages available with
+ higher versions like NSS, NSPR, rust ...
+ Also adding cbindgen and nodejs()!!).
+ * [b6c63bf] d/mozconfig.default: remove dead options
+ More old configure option are now not available anymore and we need to
+ drop them.
+ * [0f959ad] remove GCC specific options
+ LLVM's clang is now widely used, and clang isn't knowing the GCC options
+ '-fno-schedule-insns2' and '-fno-lifetime-dse', removing these options
+ from CFLAGS and CXXFLAGS.
+ * [d0b1f4b] d/rules: work around about strong quotings in .mk files
+ After the configuration of the source some Makefiles in the build folder
+ 'obj-thunderbird' have a strong qouting on some entries. This will
+ later provoke a build failure if we don't remove the single quotes
+ before in the Makefiles.
+ * [093053e] copyright: update after upstream changes
+ * [95eaacf] d/s/lintian-overrides: adjust overrides for needed files
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 20 Jan 2019 15:48:06 +0100
+
+thunderbird (1:60.4.0-1) unstable; urgency=medium
+
+ * [2e5a9d0] d/control: don't hard code LLVM packages in B-D
+ (Closes: #912797)
+ * [3aaa4a6] New upstream version 60.4.0
+ No MFSA published yet by Mozilla Security while packaging this version.
+ (Closes: #913645)
+ * [12d3be3] debian/control: increase Standards-Version to 4.3.0
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 24 Dec 2018 17:04:10 +0100
+
+thunderbird (1:60.3.1-1) unstable; urgency=medium
+
+ * [e1b489a] New upstream version 60.3.1
+ * [f376b38] lightning: use ${source:Version} in Breaks and Recommends
+ (Closes: #914175)
+ * [7e560b3] Revert "lintian: adding a semi automated lintian-override"
+ The override about a misspelled word Synopsys isn't needed any more.
+ * [893c0e6] rebuild patch queue from patch-queue branch
+ modified patches:
+ debian-hacks/Don-t-build-testing-suites-and-stuff.patch
+ debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch
+ * [20d8827] d/source.filter: update the filter sequences
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 25 Nov 2018 10:02:50 +0100
+
+thunderbird (1:60.3.0-1) unstable; urgency=medium
+
+ [ intrigeri ]
+ * [7949b31] AppArmor: update profile from upstream at commit f3d9a8b
+ (Closes: #903898)
+ * [e31dc14] AppArmor: update profile from upstream at commit 81c9457
+ (Closes: #908206)
+
+ [ Carsten Schoenert ]
+ * [0dcbe22] d/control: add xul-ext-gnome-keyring to Breaks for thunderbird
+ (Closes: #907979)
+ * [65db00d] armel: adding extra LDFLAGS so rust compiler isn't confused
+ The settings that are builtin within rust are conflicting with the GCC.
+ * [9c65884] New upstream version 60.3.0
+ Fixed CVE issues in upstream version 60.3.0 (MFSA 2018-28)
+ CVE-2018-12392: Crash with nested event loops
+ CVE-2018-12393: Integer overflow during Unicode conversion while loading
+ JavaScript
+ CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and
+ Thunderbird 60.3
+ CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3,
+ and Thunderbird 60.3
+ * [8726bb1] rebuild patch queue from patch-queue branch
+ removed patches (included upstream)
+ fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch
+ fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch
+ fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch
+ porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 01 Nov 2018 12:19:34 +0100
+
+thunderbird (1:60.2.1-1) unstable; urgency=medium
+
+ * [ba75ca3] logo: move old TB graphics into dedicated folder
+ * [ba47234] logo: adding new TB icon *.png graphics
+ Like Firefox Thunderbird has also got a reworked logo. As we use some own
+ icon created from a SVG graphic this commit adds the new icons in the
+ various sizes. The source of the SVG graphic is taken from
+ https://demo.identihub.co/thunderbird#/view/icon/element/612
+ (Closes: #909108)
+ * [0b16a87] d/source.filter: don't remove react files from source
+ (Closes: #909046)
+ * [d01dfd6] rebuild patch queue from patch-queue branch
+ added patches:
+ fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch
+ fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch
+ fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch
+ fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch
+ (Closes: #909628, #909039, #906816)
+ * [bf64065] New upstream version 60.2.1
+ Fixed CVE issues in upstream version 60.2.1 (MFSA 2018-25)
+ CVE-2018-12377: Use-after-free in refresh driver timers
+ CVE-2018-12378: Use-after-free in IndexedDB
+ CVE-2018-12379: Out-of-bounds write with malicious MAR file
+ CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
+ CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
+ CVE-2018-12383: Setting a master password post-Firefox 58 does not delete
+ unencrypted previously stored passwords
+ * [b4712af] rebuild patch queue from patch-queue branch
+ removed patches (fixed upstream):
+ fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch
+ * [79057f6] d/control: make lightning-l10n packages transitional
+ The l10n content for Lightning and a specific language is now much more
+ related to the Thunderbird l10n content. By this the existing lightning
+ l10n packages are not really useful any more as we move the Lightning
+ l10n content into the respective Thunderbird l10n package a we need to
+ turn the existing Lightning l10n packages into transitional packages.
+ * [a0ac3b7] d/control: adding Replaces, Breaks, Provides to thunderbird-l10n-*
+ Related to the previous commit the Thunderbird l10n packages need some
+ more fields in the control file so the transition from lightning-l10n into
+ thunderbird-l10n can work.
+ * [c82ee7c] d/rules: install lightning l10n into thunderbird-l10n-* packages
+ The content for the lightning l10n stuff needs now to be installed into
+ thunderbird-l10n packages.
+ * [72cd535] d/control: add thunderbird-l10n-cy
+ Oops, seems like we never have introduced this language for Thunderbird
+ before. Now required to provide the l10n content for Lightning.
+ * [510bea6] d/thunderbird-wrapper.sh: improve GDB switch
+ Since TB 60 upstream isn't installing the old wrapper script
+ run-mozilla.sh any more. By this we need to adjust our starting wrapper
+ so the call to start Thunderbird within the GDB debugger is working.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 05 Oct 2018 17:43:49 +0200
+
+thunderbird (1:60.0-3) unstable; urgency=medium
+
+ * [daa0dd7] locale: use 'intl.locale.requested' correctly
+ Thanks to hint from Sven Joachim we can use the preference setting
+ 'intl.locale.requested' in way that users don't need to use this setting
+ within their prefs.js to control the language of the Thunderbird UI.
+ 'intl.locale.requested' is somehow the successor of 'intl.locale.matchOS'.
+ (Closes: #908034)
+ * [f8ac1b2] debian/control: increase Standards-Version to 4.2.1
+ No further changes needed.
+ * [a001579] d/control: remove empty 'Replaces' in thunderbird-l10n-da
+ We can remove that line of Replaces without any key.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 06 Sep 2018 18:46:31 +0200
+
+thunderbird (1:60.0-2) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [71ac5e7] rebuild patch queue from patch-queue branch
+ added patches:
+ porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch
+ porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
+ porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
+ * [d94e5dc] d/control: B-D on {lib}clang-6.0* and llvm-6.0-dev
+ (Closes: #906707)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 20 Aug 2018 17:57:07 +0200
+
+thunderbird (1:60.0-1) unstable; urgency=medium
+
+ [ Cyril Brulebois ]
+ * [4f1fcd4] Bump B-D libsqlite3-dev version
+ Upstream requires a more recent version that is already available in
+ unstable but not in Stretch later e.g.
+ * [5a790c2] Add libicu-dev to Build-Depends (required for icu-i18n.pc)
+ This package was pulled from some other package already but we need this
+ explicit now again as we don't use the internal ICU version any more.
+ * [8c86207] Bump libhunspell-dev version
+ The same as for libsqlite3-dev, adding the correct B-D version.
+ (Closes: #905465)
+
+ [ Carsten Schoenert ]
+ * [901f257] New upstream version 60.0
+ Fixed CVE issues in upstream version 60.0 (MFSA 2018-19)
+ CVE-2018-12359: Buffer overflow using computed size of canvas element
+ CVE-2018-12360: Use-after-free when using focus()
+ CVE-2018-12361: Integer overflow in SwizzleData
+ CVE-2018-12362: Integer overflow in SSSE3 scaler
+ CVE-2018-5156: Media recorder segmentation fault when track type is
+ changed during capture
+ CVE-2018-12363: Use-after-free when appending DOM nodes
+ CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365: Compromised IPC child process can list local filenames
+ CVE-2018-12371: Integer overflow in Skia library during edge builder
+ allocation
+ CVE-2018-12366: Invalid data handling during QCMS transformations
+ CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
+ CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1,
+ and Thunderbird 60
+ CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1,
+ Firefox ESR 52.9, and Thunderbird 60
+ * [44ab834] rebuild patch queue from patch-queue branch
+ removed patches (applied upstream):
+ porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch
+ porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch
+ porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch
+ * [3168b29] debian/control: increase Standards-Version to 4.2.0
+ No further changes needed.
+ * [f2f206e] d/rules: use MOZ_LANGPACK_ID instead of hard coding
+ * [996352a] d/rules: ensure l10n MOZ_LANGPACK_ID matches variable from
+ makefile
+ Previous beta versions for the thunderbird-l10n data have used
+ '@firefox.mozilla.org' within their application.id setting. Thunderbird
+ now expects '@thunderbird.mozilla.org' instead. Make the build more
+ flexible so we can detect mismatches here.
+ (Closes: #906176)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 19 Aug 2018 11:32:11 +0200
+
+thunderbird (1:60.0~b10-1) experimental; urgency=medium
+
+ [ intrigeri ]
+ * [596869d] AppArmor: update profile from upstream (at commit edc9487)
+ (Closes: #901471)
+
+ [ Carsten Schoenert ]
+ * [57195ff] New upstream version 60.0~b10
+ * [770c9a6] rebuild patch queue from patch-queue branch
+ added patches:
+ porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch
+ porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
+ porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch
+ porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch
+ * [7fa6ebd] debian/control: increase Standards-Version to 4.1.5
+ No further changes needed.
+ * [22e701c] c-l-l10n-t.sh: adjust the path to the python helper
+ Adjust the shell script helper to use the changed path to makeversion.py.
+ * [90a1d9e] sticky prefs: use the new syntax in vendor.js
+ The syntax for locked preferences has been changed a while ago, it's
+ time to adjust the entry within vendor.js to disable automatic updates
+ for AddOns.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 12 Jul 2018 17:52:27 +0200
+
+thunderbird (1:60.0~b9-2) experimental; urgency=medium
+
+ [ intrigeri ]
+ * [eb7cb44] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db"
+ * [4cd8baf] AppArmor: update profile from upstream
+ (Closes: #900840)
+ * [807eb99] AppArmor: update profile from upstream (at commit 104da32)
+
+ [ Carsten Schoenert ]
+ * [c980546] rebuild patch queue from patch-queue branch
+ added patch:
+ porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 01 Jul 2018 19:15:00 +0200
+
+thunderbird (1:60.0~b9-1) experimental; urgency=medium
+
+ * [be64a3e] d/source.filter: update due upstream changes
+ Writing the import filter file source.filter mostly complete new from
+ scratch. Needed because upstream has changed the structure of the source
+ completely.
+ * [c4b9113] New upstream version 60.0~b9
+ * [3dc900a] rebuild patch queue from patch-queue branch
+ Related to the changed source structure the patches for the patch queue
+ needs to be adjusted to the new folders and their structure. Thanks to
+ git this wasn't that painful as git did all of the job. Two new patches
+ are needed to add.
+ added patches:
+ fixes/Build-also-gdata-provider-as-xpi-file.patch
+ debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch
+ * [e50ae04] d/rules: remove references to folder 'mozilla'
+ To get the source built some targets in debian/rules are needed to be
+ modified. All references to the old used folder 'mozilla/' are removed
+ now.
+ * [a650500] ICU: don't build the Paragraph Layout library
+ Disable the build of the Paragraph Layout library, we don't need them if
+ we need to built the ICU stuff. Cherry-picked from current ESR 52
+ packaging.
+ * [977b7fe] d/mozconfig.default: use the ICU package from system
+ The Debian packages of icu are recent enough so we don't need to build
+ own dedicated ICU binaries.
+ * [0c7ed7e] adjust the configuration of the built
+ Because of the modified source structure some more adjustments are needed
+ while going through the built targets like different paths, and built
+ calls of the Thunderbird source.
+ * [1c09011] adjust the install temporary folder
+ Upstream is now wrapping all internal make calls through a Python wrapper
+ called 'mach'. This also involves a changed behavior for installing the
+ Thunderbird files into the temporary folder we later use by the debhelper
+ sequencer.
+ * [bfbc9ca] d/s/lintian-overrides: update content due changed source.filter
+ The modified file debian/source.filter make some adjustments needed in
+ the lintian-overrides file for the source files related part.
+ * [44a4c5a] d/thunderbird.lintian-overrides: update after config changes
+ Like before some adjustments are needed for the lintian override rules
+ for the source files.
+ * [dd48091] d/copyright: adjust the content due folder changes
+ And one more file that needs to be adjusted due the changed source files.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 01 Jul 2018 16:12:33 +0200
+
+thunderbird (1:60.0~b6-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3d91710] create-lightning-l10n: adjust folder structure
+ To build more easy lightning-l10n packages let's modify the helper script
+ for building the additional tarball. Change the content structure so we
+ can simple copy the needed l10n stuff into the l10n packages.
+ * [f1d6031] New upstream version 60.0~b6
+ * [6643c31] Revert the linking into /u/l/tb/d/extensions
+ Thunderbird in Debian won't detecting extension which are placed in
+ /usr/lib/thunderbird/distribution/extensions, going back to the old
+ folder /usr/lib/thunderbird/extensions to link extensions into
+ Thunderbird.
+ * [26549a3] lightning: turning package into Architecture all
+ Change the architecture for the lightning package from 'any' to 'all'.
+ Lightning is only build by Javascript, CSS, JSM and other text based
+ files and we don't need to build and install it as a architecture
+ dependent package.
+ * [86cd48f] mozconfig.default: disable webrtc build and inclusion
+ Let's drop the build of support for WebRTC, Thunderbird isn't able to use
+ this as there is no component which is depending on this. The chat
+ component would be a potential use case but right now it lacks any
+ functionality by webrtc features.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 05 May 2018 13:56:36 +0200
+
+thunderbird (1:60.0~b5-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [b8625ea] New upstream version 60.0~b5
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 28 Apr 2018 19:15:07 +0200
+
+thunderbird (1:60.0~b4-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [62ae939] New upstream version 60.0~b4
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 23 Apr 2018 18:19:11 +0200
+
+thunderbird (1:60.0~b3-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [94f8505] debian/control: increase Standards-Version to 4.1.4
+ No further changes needed.f2f206eb34a619f7a684d1216fcd918454135d41
+ * [3ba10c6] rebuild patch queue from patch-queue branch
+ added patches:
+ porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch
+ fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch
+ fixes/Fix-big-endian-build-for-SKIA.patch (re-added)
+ Thanks Andreas Glaubitz for providing these patches!
+ * [dabf294] New upstream version 60.0~b3
+ * [24f8a38] re-enable usage of lib{nspr4,nss3}-dev while built
+ The available versions of these libraries now recent enough so we can
+ drop the usage of the embedded code copies.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 15 Apr 2018 12:47:43 +0200
+
+thunderbird (1:60.0~b2-1) experimental; urgency=medium
+
+ [ Agustin Henze ]
+ * [3639717] apparmor: allow access to @{HOME}/.gnupg/tofu.db
+ (Closes: #894907)
+
+ [ intrigeri ]
+ * [3895bba] AppArmor: fix empty black windows in Thunderbird 58+
+ (Closes: #887973)
+ * [353ca25] AppArmor: update profile from upstream
+ (Closes: #882048, #882122)
+
+ [ Carsten Schoenert ]
+ * [37e0bbe] New upstream version 59.0~b1
+ * [d75c4be] rebuild patch queue from patch-queue branch
+ added patches:
+ fixes/Fix-build-against-libcairo2-dev-1.15.10.patch
+ patches/fixes/Fix-big-endian-build-for-SKIA.patch
+
+ removed patches:
+ debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch
+ fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch
+ thunderbird/Thunderbird-fix-installdir-for-icons.patch
+ * [9615d6a] New upstream version 60.0~b1
+ * [431006c] d/source.filter: update due upstream changes
+ Update the list of files we filter out, Upstream added various new files
+ mostly used for auto-testing we don't use.
+ * [2cb4635] d/s/lintian-overrides: remove entries about brace expansion
+ We can remove the override about brace expansion in dh sequencer files.
+ * [4c9f185] debian/rules: using 'rm -f' because probably non existing files
+ The file app.ini isn't existing in some l10n folders for lightning,
+ simply use '-f' for convenience.
+ * [ed00442] debian/rules: fix typo to grep app ID of calendar-g-p
+ * [4a993c5] adding additional packages to Breaks with thunderbird
+ The packages calendar-exchange-provider and enigmail
+ xul-ext-sogo-connector aren't compatible to the webextension interface
+ and we need to add a versioned Breaks.
+ * [9bd8286] adjust Breaks for enigmail
+ Also enigmail needs an adjusted version for Breaks.
+ * [24382c2] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7"
+ (Closes: #892404)
+ * [f0ac8a5] rebuild patch queue from patch-queue branch
+ removed patches:
+ debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch
+ debian-hacks/remove-non-free-W3C-icon-valid.png.patch
+ fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch
+ fixes/Fix-build-against-libcairo2-dev-1.15.10.patch
+
+ modified patches:
+ debian-hacks/Build-against-system-libjsoncpp.patch
+ debian-hacks/Don-t-build-testing-suites-and-stuff.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+ * [6ab35ad] d/mozconfig.default: don't use nspr and nss from system
+ We need to switch back to the embedded source for NSS and NSPR, the
+ versions in unstable aren't usable.
+ * [055ed65] d/mozconfig.default: remove no longer alive option
+ The option '--enable-system-cairo' is gone with TB 60.
+ * [663d6f1] lightning-l10n-bn-bd: remove Bengali (Bangladesh) l10n package
+ * [02b21cb] lightning-l10n-pa-in: remove Punjabi (India) l10ng package
+ * [0cc0b5d] lightning-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package
+ * [62f23a5] thunderbird-l10n-bn-bd: remove (Bangladesh) l10n package
+ * [61bfdf4] thunderbird-l10n-pa-in: remove Punjabi (India) l10n package
+ * [a361750] thunderbird-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package
+ * [8ba5b0d] debian/control: add new packages for *-kk language
+ * [e4280ac] debian/control: add new packages for *-ms language
+ * [aaef9fe] adjust Vcs fields to salsa.debian.org
+ * [144c492, 009b145] debian/copyright: update after upstream changes
+ Upstream removed some files/folders, which reflects in needed adjustments
+ for the copyright file.
+ * [3623f84] d/thunderbird.lintian-overrides: add libnspr4.so and libnss3.so
+ We now need to ship (again) embedded libraries for NSPR and NSS.
+ * [0d3de65] lightning: move linking into /u/l/tb/distribution/extensions
+ Following upstream with the folder for the Lightning to not differ.
+ * [4d6cefe] New upstream version 60.0~b2
+ * [e1c40a7] rebuild patch queue from patch-queue branch
+ removed patches:
+ fixes/Fix-big-endian-build-for-SKIA.patch
+ * [4834a1d] add entries to README and NEWS for thunderbird
+ Adding notes about the current situation foe the l10n packages and their
+ integration into the UI of Thunderbird and Lightning.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 07 Apr 2018 11:12:37 +0200
+
+thunderbird (1:58.0~b3-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [d114338] d/source.filter: update due upstream changes
+ Update the filtering list for excluding some unwanted source files as
+ usual while preparing new major upstream versions.
+ * [91d23a9] New upstream version 58.0~b3
+ * [f34e555] rebuild patch queue from patch-queue branch
+ added patches:
+ debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch
+ debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch
+ debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch
+ fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch
+
+ modified patches:
+ debian-hacks/Build-against-system-libjsoncpp.patch
+ debian-hacks/Don-t-build-testing-suites-and-stuff.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+ porting-m68k/Add-m68k-support-to-Thunderbird.patch
+ porting-sh4/Add-sh4-support-to-Thunderbird.patch
+ porting/Disable-optimization-on-alpha-for-the-url-classifier.patch
+ prefs/Don-t-auto-disable-extensions-in-system-directories.patch
+ prefs/Set-javascript.options.showInConsole.patch
+
+ obsolete patches (included somehow or fixed upstream):
+ debian-hacks/Force-use-the-i686-rust-target.patch
+ porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch
+ patches/porting-alpha/fix-FTBFS-on-alpha.patch
+ patches/porting-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch
+ patches/porting-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch
+ porting-mips/FTBFS-mips-add-missing-char-variable.patch
+ porting/ppc-fix-divide-page-size-in-jemalloc.patch
+ thunderbird-l10n/thunderbird-l10n-disable-external-extension-update.patch
+ * [bd45d47] debian/control: adding new Build-Depends
+ Since this is the first version > 52 we need now cargo, clang, rustc and
+ llvm development files.
+ * [c63a03f] d/mozconfig.default: remove no longer alive options
+ Some old options like --disable-gnomeui, --enable-gio, and
+ --with-default-mozilla-five-home are history now.
+ * [609dbbe] l10n lightning: modify script to work with recent version
+ We still need to use the shellscript create-lightning-l10n-tarball.sh
+ (and also *-thunderbird-l10n-*) to create the additional tarballs.
+ * [2f276b7] thunderbird-l10n: change tb-l10n package installation
+ Due the changed structure from upstream for the thunderbird l10n files
+ the packaging needs also to be adopted.
+ * [ee476f8] d/thunderbird.install: update install sequencer file
+ Also small adjustments are needed for the installation of the thunderbird
+ binary files. The old script run-mozilla.sh (which we didn't have used
+ within the Debian packaging) isn't shipped now, and there is now a new
+ folder gtk2 which includes the libmozgtk library linked against GTK2.
+ * [ced9d18] thunderbird-dev: remove the package and adjustments on this
+ The complete content that was packaged previously in thunderbird-dev
+ isn't created and installed now. Thus makes the old package
+ thunderbird-dev obsolete.
+ * [484a142] autopkgtests: disable tests around thunderbird-dev
+ Disable all autopkgtests which have used thunderbird-dev.
+ * [0aa2546] switch to system libraries back
+ We can now use the system libararies libnspr4, libnss3 and libsqlite3
+ again, the version of libicu is still to old for usage within the
+ package build.
+ * [858ae82] d/control: thunderbird, remove variable ${gnome:Depends}
+ * [7c3a258] d/control: lightning, remove variable ${shlibs:Depends}
+ * [aabf0d4] debian/source/lintian-overrides: update entries
+ * [94b00db] debian/control: increase Standards-Version to 4.1.3
+ No further changes needed.
+ * [245e8c2] debian/copyright: update after upstream changes
+ Also almost needed with new major upstream versions reflect the
+ changes from upstream in the copyright file.
+ * [72507b2] d/control: enigmail < 1.9.9 isn't working with TB > 55
+ Due the new plugin interface some old plugins doesn't work with this
+ thunderbird version anymore, or behaving unexpected. Enigmal is one of
+ the this (known) plugins which needs to be at least in version 2.0a2pre
+ installed to work with Thunderbird.
+ * [6cf0133] lightning-l1on: change l10n installation
+ Related to [4abc7f2] the various thunderbird-l10n packages need to be
+ installed differently to old package installations.
+ * [6af7054] calendar-google-provider: tweak installation a bit
+ More a hack but the Mozilla plugin installation by mozilla-devscripts
+ isn't prepared for the new webextension logic by Mozilla. Symlinking the
+ c-g-p plugin for now directly from the thunderbird extension folder.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 21 Jan 2018 14:03:39 +0100
+
+thunderbird (1:52.9.1-1) unstable; urgency=high
+
+ [ intrigeri ]
+ * [1259eaa] AppArmor: update profile from upstream (at commit edc9487)
+ (Closes: #901471)
+
+ [ Carsten Schoenert ]
+ * [d706f5b] debian/control: increase Standards-Version to 4.1.5
+ No further changes needed.
+ * [f5a3eb2] New upstream version 52.9.1
+ (Closes: #903160)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 10 Jul 2018 19:40:41 +0200
+
+thunderbird (1:52.9.0-1) unstable; urgency=high
+
+ [ intrigeri ]
+ * [c33dba2] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db"
+ * [cb64397] AppArmor: update profile from upstream (Closes: #900840)
+ * [b5d6545] AppArmor: update profile from upstream (at commit 104da32)
+
+ [ Carsten Schoenert ]
+ * [099b525] d/source.filter: add some more files to filter
+ There are some more files we want to filter out.
+ * [376e5f3] New upstream version 52.9.0
+ Fixed CVE issues in upstream version 52.9 (MFSA 2018-18)
+ CVE-2018-12359: Buffer overflow using computed size of canvas element
+ CVE-2018-12360: Use-after-free when using focus()
+ CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML
+ emails
+ CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
+ CVE-2018-12362: Integer overflow in SSSE3 scaler
+ CVE-2018-12363: Use-after-free when appending DOM nodes
+ CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365: Compromised IPC child process can list local filenames
+ CVE-2018-12366: Invalid data handling during QCMS transformations
+ CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing
+ enter in form field
+ CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1,
+ Firefox ESR 52.9, and Thunderbird 52.9
+ * [83a9c9b] rebuild patch queue from patch-queue branch
+ As we have filtered more files out from the source we need to modify the
+ list of tests we won't to built while built the source too so a small
+ adjustment on that.
+ Also fixing some spelling issues which Lintian has found.
+ modified patches:
+ debian-hacks/Don-t-build-testing-suites-and-stuff.patch
+ porting-alpha/fix-FTBFS-on-alpha.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
+ renamed patches:
+ Allow-to-override-ICU_DATA_FILE-from-the-environment.patch ->
+ Allow-one-to-override-ICU_DATA_FILE-from-the-environment.patch
+ fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch ->
+ fix-function-nsMsgComposeAndSend-to-respect-ReploToSend.patch
+ * [d5254e2] Removed unneded lintian override about brace expansion
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 04 Jul 2018 21:44:26 +0200
+
+thunderbird (1:52.8.0-1) unstable; urgency=high
+
+ [ intrigeri ]
+ * [4656ebf] AppArmor: update profile from upstream
+ (Closes: #882048, #882122)
+
+ [ Agustin Henze ]
+ * [840cbc8] apparmor: allow access to @{HOME}/.gnupg/tofu.db
+ (Closes: #894907)
+
+ [ Carsten Schoenert ]
+ * [514e9e8] New upstream version 52.8.0
+ Fixed CVE issues in upstream version 52.8 (MFSA 2018-13)
+ CVE-2018-5183: Backport critical security fixes in Skia
+ CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext
+ attack (aka Efail)
+ CVE-2018-5154: Use-after-free with SVG animations and clip paths
+ CVE-2018-5155: Use-after-free with SVG animations and text paths
+ CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5161: Hang via malformed headers
+ CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
+ (aka Efail)
+ CVE-2018-5170: Filename spoofing for external attachments
+ CVE-2018-5168: Lightweight themes can be installed without user
+ interaction
+ CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
+ through legacy extension
+ CVE-2018-5185: Leaking plaintext through HTML forms (aka Efail)
+ CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8,
+ and Thunderbird 52.8
+ (Closes: #898631)
+ * [7845229] ICU: don't build the Paragraph Layout library
+ Disable the build of the layout library in the internal ICU build as we
+ don't need this and can cause build issues.
+ * [e0a79fc] debian/control: increase Standards-Version to 4.1.4
+ No further changes needed.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 17 May 2018 21:04:15 +0200
+
+thunderbird (1:52.7.0-1) unstable; urgency=medium
+
+ * [9eb2692] New upstream version 52.7.0
+ Fixed CVE issues in upstream version 52.7 (MFSA 2018-09)
+ CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129: Out-of-bounds write with malformed IPC messages
+ CVE-2018-5144: Integer overflow during Unicode conversion
+ CVE-2018-5146: Out of bounds memory write in libvorbis
+ CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7,
+ and Thunderbird 52.7
+ CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and
+ Thunderbird 52.7
+ * [a01cf4b] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7"
+ Switching now back to GCC7 as we don't have any longer issues with
+ broken visuals in the GUI.
+ (Closes: #892404)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 26 Mar 2018 17:21:40 +0200
+
+thunderbird (1:52.6.0-1) unstable; urgency=high
+
+ * [97e1cd7] New upstream version 52.6.0
+ Fixed CVE issues in upstream version 52.6 (MFSA 2018-04)
+ CVE-2018-5095: Integer overflow in Skia library during edge builder
+ allocation
+ CVE-2018-5096: Use-after-free while editing form elements
+ CVE-2018-5097: Use-after-free when source document is manipulated
+ during XSLT
+ CVE-2018-5098: Use-after-free while manipulating form input elements
+ CVE-2018-5099: Use-after-free with widget listener
+ CVE-2018-5102: Use-after-free in HTML media elements
+ CVE-2018-5103: Use-after-free during mouse event handling
+ CVE-2018-5104: Use-after-free during font face manipulation
+ CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
+ CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6,
+ and Thunderbird 52.6
+ * [0300242] rebuild patch queue from patch-queue branch
+ Added patch debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch
+ that fixes the build of the included ICU source against glibc 2.26.
+ (Closes: #887766)
+ * [4bf22e0] debian/control: increase Standards-Version to 4.1.3
+ No further changes needed.
+ * [3616443] adjust Vcs fields to salsa.debian.org
+ The Vcs for Thunderbird packaging live now on Salsa as Alioth will be
+ shutdown in the future.
+ * [c2f3e14] lintian: ignore non multiarch install folder for thunderbird.pc
+ Ignore a lintian warning about unavailable pkg-config file thunderbird.pc
+ as the ESR versions 52.x are the last series which will have a
+ thunderbird-dev. The next ESR version will be 60.x which uses
+ webextension and makes thunderbird-dev obsolete.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 25 Jan 2018 20:21:10 +0100
+
+thunderbird (1:52.5.2-2) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [f597157] Revert "d/thunderbird.postinst: reload AA profile on updates"
+ The trigger automatics for appamor already is handling the
+ needed reload on profile updates for the applications.
+ (Closes: #885158)
+ * [8ebdb96] debian/control: increase Standards-Version to 4.1.2
+ No further changes needed.
+ * [81a8c00] use inverse logic on version for AA profile status check
+ By this change we don't enforce the disabled profile from the
+ previous version in some cases and can also handle possible
+ version strings from -security and -backports.
+ (Closes: #885157)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 26 Dec 2017 14:56:40 +0100
+
+thunderbird (1:52.5.2-1) unstable; urgency=high
+
+ [ intrigeri ]
+ * [b791221] AppArmor: support new thunderbird executable path
+ (Closes: #883561, #884217)
+
+ [ Carsten Schoenert ]
+ * [1f46308] New upstream version 52.5.2
+ Fixed CVE issues in upstream version 52.5 (MFSA 2017-30)
+ CVE-2017-7829: Mailsploit part 1: From address with encoded null character
+ is cut off in message header display
+ CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin
+ CVE-2017-7847: Local path string can be leaked from RSS feed
+ CVE-2017-7848: RSS Feed vulnerable to new line Injection
+ * [0dd21b9] d/thunderbird.postinst: reload AA profile on updates
+ * [8c57218] don't disable AA profile on package updates
+ As people want to re-enable the AA profile a update of
+ thunderbird doesn't have to disable this again.
+ (Closes: #884191)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 24 Dec 2017 11:30:09 +0100
+
+thunderbird (1:52.5.0-1) unstable; urgency=high
+
+ [ intrigeri ]
+ * [48e6b65] AppArmor: fix the Crash Reporter and avoid noisy denial logs
+ (Closes: #880953)
+ * [ad8b3b5] AppArmor: fix compatibility with NVIDIA hardware
+ (Closes: #880532)
+ * [d8ff6b6] Disable the AppArmor profile by default
+ Due the various side effects by the enabled AppArmor profile in
+ Thunderbird it's currently better for a user experience we
+ disabling the AppArmor profile for to not get people get mad with
+ to many broken things.
+ Users can always enable the profile by themselves again.
+ (Closes: #882672)
+ * [e50eac5] README.Debian: document how to opt-in for AppArmor confinement
+ * [860d325] README.Debian: document how one can debug the AppArmor profile
+
+ [ Guido Günther ]
+ * [50a8f60] Drop myself from maintainers
+ Thank you Guido for always helping out if we had some questions!
+
+ [ Carsten Schoenert ]
+ * [b64509b] New upstream version 52.5.0
+ Fixed CVE issues in upstream version 52.5 (MFSA 2017-26)
+ CVE-2017-7828: Use-after-free of PressShell while restyling layout
+ CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
+ CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
+ and Thunderbird 52.5
+ * [3166018] thunderbird.links: let thunderbird pointing to thunderbird-bin
+ (Closes: #856492)
+ * [6fff70c] [buster] tb-wrapper: searching the correct dbgsym package
+ * [4763ca6] adding a NEWS file for thunderbird package
+ Giving a note about the now disabled AppArmor profile.
+ * [0b9d656] disabling crashreporter for now
+ Also don't build and ship the Crashreporter any more, it's useless
+ until we can collect all symbols correctly.
+ * [a285647] move AppArmor specific things into own README file
+ Put all AppArmor related information into one dedicated file.
+ * [5d56439] d/thunderbird.js: prepare a line for extra X-Debbugs-Cc
+ A really old bug report ... building a compromise and put the
+ requested extra header config into the configuration file but keep
+ it deactivated as default.
+ (Closes: #379304)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 03 Dec 2017 19:58:57 +0100
+
+thunderbird (1:52.4.0-2~exp1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [a3e73e9] disable usage of libgnomeui parts
+ The libgnomeui stuff (only relevant for GTK+2) is deprecated
+ for a long time and will be removed in buster, and we don't need
+ this at all.
+ See https://lists.debian.org/debian-devel/2017/10/msg00299.html
+ * [9efc5c9] debian/watch: switch to https
+ * [bd5a635] rebuild patch queue from patch-queue branch
+ Fixup for [da3c5cc], add ppc64 to the list of BE architectures.
+ Thanks Adrian Glaubitz for pointing the issue. (Closes: #879270)
+ * [42f5ab5] apparmor: update profile from upstream (Closes: #876333, #855346)
+
+ [ intrigeri ]
+ * [d7febc8, b026d28] AppArmor: update profile from upstream
+ (Closes: #880425, #877324)
+ * [377e7b5] README.Debian: fixing small typo
+ * [3b0a63a] AppArmor: fix importing public OpenPGP keys from file
+ (Closes: #880715)
+
+ [ Carsten Schoenert ]
+ * [241690e] d/control: s/Icedove/Thunderbird in desc's for lightning-l10n-*
+ The lightning-l10n package were still using the name 'Icdeove'
+ instead of 'Thunderbird'.
+ * [f17f735] debian/control: moving transitional packages at bottom
+ * [91f9897] autopkg: adjust icedove to thunderbird depends
+ Now move over to depend in favor of thunderbird for some of
+ the autopkg tests.
+ * [8ae2ad7] autopkg: adjust icedove-dev to thunderbird-dev depends
+ Doing the same as before for thunderbird-dev as the native
+ replacement for icedove-dev.
+ * [fa0134c] bump debhelper >= 10.2.5
+ * [8752789] debian/rules: try to build extensions reproducible
+ The two extensions (lightning and calendar-google-provider)
+ don't build reproducible right now. Trying to fix this by using
+ the timestamp from the changelog entry for the files. May not
+ work correctly and we need to tune more.
+ * [1496368] d/thunderbird.install: also install the fonts folder
+ Recent versions of Thunderbird needing the font EmojiOne which
+ isn't provided by any other package.
+ (Closes: #881299)
+
+ The following changes are take effect in removing all transitional packages
+ related to the old icedove packaging only for buster. We still need all the
+ transitional packages in wheezy, jessie and stretch!
+ * [54c8a9b] [buster] remove transitional iceowl-l10n-* packages
+ * [c338630] [buster] remove Replace, Breaks and Provides for iceowl-l10n-*
+ * [4311683] [buster] remove transitional icedove-l10n-* packages
+ * [f6e3a01] [buster] remove Replace, Breaks and Provides for icedove-l10n-*
+ * [a9117e4] [buster] remove transitional iceowl-extension package
+ * [5aed012] [buster] remove Replace, Breaks and Provides for iceowl-extension
+ * [27fc04b] [buster] remove transitional icedove-dbg package
+ * [53b4825] [buster] remove transitional icedove-dev package
+ * [e2d808f] [buster] remove Replace, Breaks and Provides for icedove-dev
+ * [97edfbe] [buster] remove transitional icedove package
+ * [3748054] [buster] remove Replace and Breaks for icedove
+ * [611a704] [buster] move thunderbird-dbg into *-dbgsym package
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 12 Nov 2017 16:01:07 +0100
+
+thunderbird (1:52.4.0-1) unstable; urgency=medium
+
+ [ Guido Günther ]
+ * [da3c5cc] Simplify endianness selection for ICU
+ Since we need to build ICU on the various Debian releases we
+ need to ensure the architecture detection isn't to strict.
+ Thanks Guido for helping out here!
+
+ [ Carsten Schoenert ]
+ * [47748ca] debian/control: be more relaxed on Breaks for enigmail
+ * [6a54666] thunderbird-wrapper: fix small typo in help output
+ A small typo was happen in the example call with the JS console.
+ * [6d5266e] README.Debian: update info around tls fallback-limit
+ The default behavior on the TLS fallback has changed some
+ versions ago, document this accordingly.
+ * [24ad883] debian/control: change maintainer
+ Thanks Christoph for the work over the past years!
+ * [c78200e] debian/control: move src pkg name to thunderbird
+ By this version we move the source package name also back to
+ thunderbird. This follows the changes that are already made to
+ the binary package names and we can call the source package now
+ also again thunderbird.
+ (Closes: #857075)
+ * [c26133d] debian/gbp.conf: rename components to real used names
+ Due the changes of the source package the names for the
+ sub-folders within the additional tarballs can also be changed
+ to be closer on the real upstream used names.
+ * [a5ce4f7] New upstream version 52.4.0
+ (Closes: #878845, #878870)
+ Fixed CVE issues in upstream version 52.4 (MFSA 2017-23)
+ CVE-2017-7793: Use-after-free with Fetch API
+ CVE-2017-7818: Use-after-free during ARIA array manipulation
+ CVE-2017-7819: Use-after-free while resizing images in design mode
+ CVE-2017-7824: Buffer overflow when drawing and validating elements with
+ ANGLE
+ CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7814: Blob and data URLs bypass phishing and malware protection
+ warnings
+ CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters
+ as spaces
+ CVE-2017-7823: CSP sandbox directive did not create a unique origin
+ CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4,
+ and Thunderbird 52.4
+ * [104b4e5] rebuild patch queue from patch-queue branch
+ * [d63662a] lintian: move oldlibs/extra -> oldlibs/optional
+ By moving all transitional package to oldlibs/optional we can
+ help deborphan to detect better not needed packages.
+ * [fb56001] d/rules: reflect changes from renamed component tarballs
+ The additional tarballs are stored in folders which reflect
+ the upstream names of those components. This also needs to be
+ respected for the build instructions of the package.
+ * [61288fb] debian/control: change Vcs* fields due the src name change
+ Addressing the changed source package name in the Git Vcs urls.
+ * [ef95ab5] debian/control: increase Standards-Version to 4.1.1
+ No further changes needed.
+ * [45e8fe2] apparmor: update profile from upstream
+ Thanks to Simon Deziel and intrigeri we can simply use the
+ apparmor profile changes done for the Ubuntu releases.
+ * [6b1649c] lintian: adding a override for thunderbird-l10n-all
+ * [ceab93f] debian/README.source: reflect src package name change
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 17 Oct 2017 18:20:29 +0200
+
+icedove (1:52.3.0-4) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3ddf57b] rebuild patch queue from patch-queue branch
+ * [3bd845d] debian/control: increase Standards-Version to 4.1.0
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 29 Aug 2017 16:17:24 +0200
+
+icedove (1:52.3.0-3) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [c08f005] rebuild patch queue from patch-queue branch
+ * [f658cab] debian/rules: enable verbose build for ICU
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 28 Aug 2017 19:44:07 +0200
+
+icedove (1:52.3.0-2) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [d544a01] debian/rules: correct icu build sequence
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 22 Aug 2017 18:57:36 +0200
+
+icedove (1:52.3.0-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [8e852be] New upstream version 52.3.0
+ Fixed CVE issues in upstream version 52.3 (MFSA 2017-20)
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and
+ pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely
+ long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and
+ modal alerts
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP
+ protections
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3,
+ and Thunderbird 52.3
+ * [0b7243b] debian/rules: build icudt5*.dat on our own if needed
+ If we need to use the internal sources of ICU (triggered by
+ using --with-system-icu) we need to build the platform depended file
+ icudt*[b,l].dat before we can call the configure run.
+ This is needed as Mozilla only ships a precompiled little endian version
+ of the file icudt*.dat and all platforms with big endianness are failing
+ later due issues related to the wrong endianness.
+ * [1964469] debian/mozconfig.default: enable i18n on big endian
+ * [6b58ac5] debian/control: increase Standards-Version to 4.0.1
+ * [e59cf81] rebuild patch queue from patch-queue branch
+ removed patche(s) (applied upstream):
+ - fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch
+ updated/refreshed patches (no changes):
+ - porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+
+ [ Simon Deziel ]
+ * [a574010] apparmor/usr.bin.thunderbird: small update to avoid noise
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 19 Aug 2017 18:27:19 +0200
+
+icedove (1:52.2.1-5) unstable; urgency=high
+
+ [ Carsten Schoenert ]
+ * [133a574] Use gcc-6 and g++-6 due broken GUI with GCC-7
+ The usage of the GCC-7 suite introduces a broken GUI currently that make
+ using thunderbird mostly impossible.
+ (Closes: #871629)
+ * [3ebacd1] d/rules: use DEB_* variables for entries from changelog
+ By using variables that are prepared by dpkg we don't need to manually
+ search for dates and versions. etc.
+ * [52c2b83] d/copyright: MPL-1.1 and MPL-2.0 now provided by common-licenses
+ Since policy 4.0.0 the two Mozilla related licenses are included and don't
+ need to be added extra.
+ * [3f37967] adjust X-Debian-Homepage to existing Thunderbird page
+ * [41b5c03] debian/control: increase Standards-Version to 4.0.0
+ * [e3c3994] mozconfig.default: use proper disabled options
+ * [2d4b846] debian/control: increase Breaks for enigmail version
+ (Closes: #869789)
+
+ [ John Paul Adrian Glaubitz ]
+ * [4879401] sh4: disable option --disable-pie (Closes: #867553)
+
+ [ Carsten Schoenert ]
+ * [2646f3f] autpkgtests: disable the idlTest.sh test case
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 11 Aug 2017 22:02:47 -0400
+
+icedove (1:52.2.1-4) unstable; urgency=medium
+
+ [ Guido Günther ]
+ * [04de899] Don't use different profile folder for jessie and wheezy
+
+ [ Carsten Schoenert ]
+ * [692d3ce] rebuild patch queue from patch-queue branch (Closes: #867013)
+ added patch (provided by Adrian):
+ - porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch
+ removed patch:
+ - porting-hurd/FTBFS-hurd-adding-GNU-to-the-configure-platform-detection.patch
+ (wrong approach, the Python wrapper around configure isn't yet smart enough)
+
+ [ John Paul Adrian Glaubitz ]
+ * [5153ce2] mips: final fixups to prevent FTBFS
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 06 Jul 2017 16:53:30 +0200
+
+icedove (1:52.2.1-3) unstable; urgency=medium
+
+ [ John Paul Adrian Glaubitz ]
+ * [99b323a] d/mozconfig.default: fixups for --without-intl-api
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 01 Jul 2017 10:18:05 +0200
+
+icedove (1:52.2.1-2) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [e8ce299] disabling ICU support on some big endian systems
+ This hack should enable at least successful building of all RC platforms
+ and needs to be solved in a not such agressive way without loosing ICU
+ support on the problematic platforms.
+ Thanks John Paul Adrian Glaubitz for catching the root of the issue.
+ * [a66e812] rebuild patch queue from patch-queue branch
+ Adding a small needed fix for getting mips* out od FTBFS. Also GNU/Hurd
+ should pass the configure script now.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 30 Jun 2017 19:38:28 +0200
+
+icedove (1:52.2.1-1) unstable; urgency=medium
+
+ [ Guido Günther ]
+ * [4e87d6b] d/rules: Make sure DIST is not passed on to configure
+
+ [ Carsten Schoenert ]
+ * [35b84ef] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch
+ - porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
+ (Closes: #864974)
+ * [c818874] New upstream version 52.2.1
+ (Closes: #861840)
+ * [8c776c9] Icedove2Thunderbird: add opt out for dialogue pop-up
+ (Closes: #860381)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 28 Jun 2017 20:01:44 +0200
+
+icedove (1:52.2.0-1) unstable; urgency=medium
+
+ [ Christoph Goehre ]
+ * [9ebc11d] mozconfig.default: remove configure option
+ '--disable-methodjit' on armel
+ This options isn't alive any more and was forgotten to removed on the
+ previous upload.
+ [ Simon Deziel ]
+ * [d8e5d42] usr.bin.thunderbird: merge gpg(1) and gpg2 subprofiles
+ (Closes: #859179)
+ * [f18884e] usr.bin.thunderbird: allow accessing gpgconf in gpg subprofile
+ * [e73afbb] usr.bin.thunderbird: allow accessing any gpg2keys providers
+
+ [ Carsten Schoenert ]
+ * [066ddb9] mozconfig.default: switch back to internal libjpeg
+ Going back and using the libjpeg library that's shipped by Mozilla, the
+ system library probably provoking broken builds on various platforms.
+ As we prepare the uploads for (old-)stable-security we need to use the
+ internal libjpeg library at all.
+ * [ff92bfa] rebuild patch queue from patch-queue branch
+ modified patches:
+ - porting-m68k/Add-m68k-support-to-Thunderbird.patch
+ - porting-sh4/Add-sh4-support-to-Thunderbird.patch
+ (Closes: #859271, #859508)
+ * [0a89f76] New upstream version 52.2.0
+ Fixed CVE issues in upstream version 52.2 (MFSA 2017-17)
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header
+ errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and
+ other unicode blocks
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2,
+ and Thunderbird 52
+ * [e03380e] rebuild patch queue from patch-queue branch
+ modified patch:
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 16 Jun 2017 20:37:06 +0200
+
+icedove (1:52.1.1-1) experimental; urgency=medium
+
+ [ Guido Günther ]
+ * [db8d0db] Tighten meta package dependencies
+ Be more strict on depends and add a version to all related
+ Thunderbird specific packages.
+ * [defb689] Copy-edit thunderbird-wrapper-helper.sh
+ * [54b35d4] Allow one to override the location of the wrapper-helper
+ Make $TB_HELPER more flexible and give the variable a default value, so a
+ user can override it with it's own.
+ * [a187364] dh-exec: avoid multiple spaces around filenames
+ * [a85bc7a] thunderbird-wrapper: robustness when sourcing helper
+ * [eee56ab] Drop replaces on packages no longer in any release
+
+ [ Carsten Schoenert ]
+ * [1d85980] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-mk68/Add-m68k-support-to-Thunderbird.patch
+ - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch
+ (Closes: #859151, #859271)
+ * [2717849] tb-wrapper: call thunderbird starting with exec
+ (Closes: #858100)
+ * [8afa31b] d/gbp.conf: adjust upstream branch to new ESR version
+ * [43d2e70] New upstream version 52.1.1
+ Fixed CVE issues in upstream version 52.1 (MFSA 2017-09)
+ CVE-2017-5413: Segmentation fault during bidirectional operations
+ CVE-2017-5414: File picker can choose incorrect default directory
+ CVE-2017-5416: Null dereference crash in HttpChannel
+ CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf
+ filter is running
+ CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization
+ responses
+ CVE-2017-5419: Repeated authentication prompts lead to DOS attack
+ CVE-2017-5405: FTP response codes can cause use of uninitialized values
+ for ports
+ CVE-2017-5421: Print preview spoofing
+ CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one
+ hyperlink
+ CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
+ Fixed CVE issues in upstream version 52.1 (MFSA 2017-13)
+ CVE-2017-5433: Use-after-free in SMIL animation functions
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5466: Origin confusion when reloading isolated data:text/html URLs
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ processing
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ contents
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ incorrect data
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2016-10196: Vulnerabilities in Libevent library
+ CVE-2017-5454: Sandbox escape allowing file system read access through
+ file picker
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5445: Uninitialized values used while parsing
+ application/http-index-format content
+ CVE-2017-5449: Crash during bidirectional unicode manipulation with
+ animation
+ CVE-2017-5451: Addressbar spoofing with onblur event
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5467: Memory corruption when drawing Skia content
+ CVE-2017-5430: Memory safety bugs fixed in Firefox 53, Firefox ESR 52.1,
+ Thunderbird 52.1
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ Firefox ESR 52.1, and Thunderbird 52.1
+ (Closes: #855344, #495372, #861480, #682208, #698244, #859909, #857593,
+ #837771)
+ * [de561ef] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch
+ - debian-hacks/Build-against-system-libjsoncpp.patch
+ - debian-hacks/Don-t-build-testing-suites-and-stuff.patch
+ - debian-hacks/Force-use-the-i686-rust-target.patch
+ - fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch
+ (Closes: #826325)
+ - porting-sh4/Add-sh4-support-to-Thunderbird.patch
+ (Closes: #859508)
+ removed patches (obsoleted by upstream changes):
+ - debian-hacks/Don-t-build-example-component.patch
+ - debian-hacks/fix-identification-of-ObjdirMismatchException.patch
+ - fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch
+ - fixes/Bug-1273020-Add-missing-null-checks-in-ApplicationAccessi.patch
+ - fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch
+ - fixes/Bug-1340724-fix-SMTP-server-name-output-in-SMTP-logging.-.patch
+ - fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch
+ - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch
+ - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch
+ - porting-arm64/Bug-1091515-Don-t-set-64KB-page-size-on-aarch64.-r-glandi.patch
+ - porting-kfreebsd-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hurd.patch
+ - porting-kfreebsd-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch
+ - porting-kfreebsd-hurd/correcting-file-inclusion-for-kfreebsd-and-hurd.patch
+ - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch
+ - porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch
+ - porting-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch
+ - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch
+ (unclear state, will be added later again)
+ - porting/Add-xptcall-support-for-SH4-processors.patch
+ (Closes: #859362)
+ - debian-hacks/Move-profile.patch
+ modified or adjusted patches:
+ - debian-hacks/changing-the-default-search-engine.patch
+ - debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch
+ - icedove-l10n/disable-extension-update-extension-is-managed-by-apt.patch
+ --> icedove-l10n/thunderbird-l10n-disable-external-extension-update.patch
+ (renamed to and modified due new languages)
+ - icedove/fix-installdir.patch
+ --> debian-hacks/Thunderbird-fix-installdir-for-icons.patch
+ * [684ad58] d/source.filter: update due upstream changes
+ * [d005649] debian/control: modify various B-D
+ * [7a8a98d] debian/rules: add some extra C*FLAGS
+ Adding '-fno-lifetime-dse' to not enable dead store elimination of
+ objects within their lifetime, some parts of the source is relying
+ on the persistent values of such objects.
+ Some other distributions as Ubuntu, Fedora and Arch e.g. use this flag too
+ (at least with ESR52) to prevent possible segfaults.
+ * [56f8f4b] debian/rules: adding hack to preserve correct config.status
+ * [fb500a6] mozconfig.default: remove no longer existing options
+ * [c9a3e60] mozconfig.default: some minor adjustments to configure options
+ * [f584857] mozconfig.default: enable GTK3 theme explicit
+ (Closes: #857593)
+ * [3cbe1fb] debian/control: add packages for *-dsb language
+ * [8317735] debian/control: add packages for *-hsb language
+ * [39d90c1] debian/control: add packages for *-kab language
+ * [82b4f50] debian/control: add missing packages for *-ast language
+ * [0edde96] debian/rules: include also l10n folder with 3 characters
+ * [47f17a4] lintian-overrides: modify the list for the js files to ignore
+ * [8872d34] debian/copyright: update after upstream changes
+ * [6755547] mozconfig.default: use some internal libraries
+ Use libicu-dev, libnspr4-dev, libnss3-dev, libsqlite3-dev from
+ shipped source as Stretch versions not recent enough.
+ * [5b04b32] thunderbird.install: pick up icu*.dat if around
+ * [edf24d7] debian/control: mark thunderbird-dbg as Multi-Arch: same
+ * [5d5392b] apparmor/usr.bin.thunderbird: update for version 52
+ (cherry-picked from upstream)
+ (Closes: #859179)
+ * [f49ad79] apparmor/usr.bin.thunderbird: grant access to commonly used
+ locations (cherry-picked from upstream)
+ * [510fd6f] debian/rules: install lightning-l10n files into correct place
+ * [d70ade4] lightning-l10n: adjust min/max version for ESR 52 cycle
+ With the new ESR version tweaking the extension version of l10n packages
+ for lightning > 52.0 and < 52.*.
+ * [c0dd18f] debian/rules: install icudt5*.dat file more flexible
+ * [b5136f7] autopkg: improve the output of idlTest.sh
+ * [7ac04f6] autopkg: add extra test icudatfileTest.sh
+
+ [ Christoph Goehre ]
+ * [13f5178] lintian-overrides: we build against internal nspr and nss
+ * [56bbf23] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch
+ (Closes: #859151)
+ modified patches:
+ - porting-mk68/Add-m68k-support-to-Thunderbird.patch
+ -> porting-m68k/Add-m68k-support-to-Thunderbird.patch (renamed)
+ * [6a7ef60] tests/idlTest.sh: remove duplicated 'done' output
+ * [42bf8e1] debian/rules: remove duplicate .so files in thunderbird-dev
+ * [5dc08bc] tests/soSymlinkTest.sh: check for symlinked .so files
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 03 Jun 2017 19:54:43 +0200
+
+icedove (1:45.8.0-3) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [d923505] AppArmor: be more flexible on profile folders
+ (Closes: #858735, #858737)
+ * [1e04099] tb-wrapper: use readlink also on ${ID_PROFILE_FOLDER}
+ (Closes: #858771)
+ * [9f6b771] tb-wrapper: correct check for -dbg package (Closes: #858804)
+ * [8b5271a] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Bug-1273020-Add-missing-null-checks-in-ApplicationAccessi.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 29 Mar 2017 19:28:32 -0400
+
+icedove (1:45.8.0-2) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [c2a1d77] tb-helper: pass arguments correctly through tb call
+ (Closes: #855334)
+ * [5c49348] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Bug-1340724-fix-SMTP-server-name-output-in-SMTP-logging.patch
+ (Closes: #855470)
+ * [9d420c0] Revert "register MIME type application/octet-stream for
+ Thunderbird" (Closes: #857755)
+ * [c9960e5] tb-helper: pass arguments by using a array to TB call
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 14 Mar 2017 20:37:48 -0400
+
+icedove (1:45.8.0-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3388899] New upstream version 45.8.0
+ * [24d25e9] tb-helper*: fix up that silly comments behind the if statement
+ (Closes: #857029, #857032, #857098, #857112)
+ * [788b7fa] bash-completion: adding a completion script for /u/b/thunderbird
+ * [9ac9d07] rebuild patch queue from patch-queue branch
+ added patches:
+ - p-arm64/Bug-1091515-Don-t-set-64KB-page-size-on-aarch64.-r-glandi.patch
+ - p-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch
+ * [ad0860b] copyright: small updates reflecting upstream changes
+
+ [ Christoph Goehre ]
+ * [69577cf] lintian: replace hardlink in thunderbird-dev with symbolic link
+
+ -- Christoph Goehre <chris@sigxcpu.org> Thu, 09 Mar 2017 20:24:49 -0500
+
+icedove (1:45.7.1-2) unstable; urgency=medium
+
+ [ Christoph Goehre ]
+ * [5e2c618] crashreporter: build only on amd64, armel, armhf and i386
+ * [36a922f] Apparmor: replace '·' with spaces (Closes: #855343)
+ * [bbbc917] rebuild patch queue from patch-queue branch
+ added patches:
+ - p-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch
+ * [8b5d601] icedove|thunderbird.desktop: update danish (da) translation
+
+ [ Carsten Schoenert ]
+ * [f8debbd] debian/control: separate transitional mark by extra line
+ (Closes: #855806)
+ * [583c798] {tb,id}.maintscript: modify start-version (Closes: #854587)
+ * [94e557c] thunderbird: adding x11-utils to Depends (Closes: #854488)
+ * [dc878e7] thunderbird-wrapper.sh: fix command line transfer to TB
+ (Closes: #855334)
+ * [9734349] thunderbird helper: split helper function into extra file
+ (Closes: #855286)
+ * [3089a97] tb-helper*: wrapping X11 dialog calls
+ * [e0331e1] tb-helper*: rework option parsing for wrapper script
+ (Closes: #855872)
+ * [31d9899] thunderbird.postinst: try to remove empty profile folder
+ (Closes: #855228)
+ * [c9e5b70] tb-wrapper*: complete rework and moving over for symlinking
+ (Closes: #855265, #855391, #855501, #856490)
+ * [9ef920f] README.Debian: adopt content to current wrapper script behavior
+ * [4cf88e5] icedove|thunderbird.desktop: adopt binary call
+ * [101e0ad] tb-helper*: call subfunctions not within the case loop
+ * [c061107] register MIME type application/octet-stream for Thunderbird
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 06 Mar 2017 20:39:23 -0500
+
+icedove (1:45.7.1-1) unstable; urgency=medium
+
+ * Bye-bye Icedove (Closes: #749965, #776359, #816679, #363811)
+
+ [ Carsten Schoenert ]
+ * [90c0d6f] New upstream version 45.7.1
+ * [a6d21de] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch
+ - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch
+ - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch
+ (Closes: #837177)
+ removed patches (fixed upstream):
+ - debian-hacks/icu.m4-adding-extra-bracket-to-not-confuse-grep.patch
+ * [8572e34] lintian: adding a semi automated lintian-override
+ * [aa2bda2] crashreporter: enable the reporter for thunderbird
+ * [b96ae57] move icedove.desktop into package icedove
+ (Closes: #850865, #851829)
+ * [304921f] debian/rules: set SHELL explicit to /bin/bash (Closes: #852867)
+ * [072b899] thunderbird: adding extra check while migration
+ * [284912d] debian/README.Debian: update after recent changes
+ * [6dc7e32] icedove-l10n-bn-bd: fix typo in Depends field (Closes: #854135)
+ * [c5d4bf5] {tb,id}.maintscript: modify start-version (Closes: #854587)
+ * [f3d64ae] thunderbird-wrapper.sh: adding extra information window
+ (Closes: #854488)
+ * [6b432c7] README.Debian: hint about issue in global configuration
+
+ [ Douglas Bagnall ]
+ * [e2c8a23] Apparmor: allowing exo-open-ixr launcher (Closes: #853929)
+
+ [ Christoph Goehre ]
+ * [ef36e0b] thunderbird-wrapper.sh: fix typos
+ * [f98d5d1] thunderbird-wrapper.sh: add small changes from Guido and Carsten
+ * [7dd6841] README.Debian: fix/correct spelling
+ * [e038694] debian/control: remove depends-on-essential-package 'sed'
+
+ [ Jens Reyer ]
+ * [ea58e17] thunderbird-wrapper.sh: add extra function for migration
+ (Closes: #849592)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 14 Feb 2017 18:46:23 -0500
+
+icedove (1:45.6.0-3) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [78b3296] rebuild patch queue from patch-queue branch
+ added patch:
+ - debian-hacks/icu.m4-adding-extra-bracket-to-not-confuse-grep.patch
+ * [a272f85] thunderbird-wrapper.sh: also migrate mimeapps.list
+ (Closes: #850864)
+ * [3d4e303] icedove.desktop: don't use categories and mimetypes
+ (Closes: #850866)
+ * [db15d43] icedove: link icedove to thunderbird
+ * [59a9e05] debian/control: change Replaces and Breaks versions
+
+ [ Christoph Goehre ]
+ * [55cce4a] thunderbird-wrapper.sh: remove 'set -e'
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 17 Jan 2017 18:26:06 -0500
+
+icedove (1:45.6.0-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [26f8f2d] New upstream version 45.6.0
+ * [15b7797] iceowl-l10n-*: rearrange Recommends field for various packages
+ (Closes: #824727, #824750, #824763, #824764, #824768, #824780)
+ * [3f75b56] debian/vendor.js: adjust to new version related wiki site
+ * [6bd7f89] d/c-id-l10n: adjusting download URL for stable versions
+ * [f15d1a2] icedove-l10n-all: change Section into metapackages
+ (Closes: #824785)
+ * [25c3ba1] debian/README.source: info about import of multitarballs
+ * [3ebcf59] debian/control: adding Recommends to icedove-l10n-uk
+ (Closes: #825806)
+ * [3e57d5e] debian/control: Icedove, adding dependency on libatk-adaptor
+ * [e19c59d] debian/control: rework Recommends for icedove-l10n-*
+ * [4741d80] debian/control: small fixup Recommends on iceowl-l10n-*
+ * [f9f5193] debian/control: sort iceowl-l10n-* alphabetical
+ * [5220187] de-branding: move iceowl* back to lightning*
+ * [6e28ce5] de-branding: remove Icedove naming from icedove-l10n*
+ * [3dc3b4b] de-branding: remove Icedove branding in the main binary
+ * [8b715cf] de-branding: remove hard name branding in addon managger
+ * [9f609fa] de-branding: adopting dh files for icedove package
+ * [caba322] de-branding: adopting dh files for icedove-dev package
+ * [6538f66] de-branding: change debian/rules to reflect appname change
+ * [871588d] de-branding: adopting dh files for iceowl-extension package
+ * [a0b20e7] debian/tests/*: adopt change of the binary icedove
+ * [29025cc] de-branding: adjust icedove-l10n installation folder
+ * [2b8dd99] de-branding: adjust iceowl-l10n installation folder
+ * [1f3043c] de-branding: remove the Debian visual branding
+ * [272e420] de-branding: removing icedove branding files and folder
+ * [093bc58] de-branding: revitalize *.desktop file with Thunderbird
+ * [4a35d9d] de-branding: move iceowl-l10n-* into lightning-l10n-*
+ * [68d8d79] de-branding: adding transitional iceowl-l10n packages
+ * [4b2febd] de-branding: adding 'Breaks', 'Replaces', 'Provides' to
+ lightning-l10n-*
+ * [9cdb427] de-branding: rework d/r to reflect changes for lightning-l10n
+ * [ec3b427] de-branding: move icedove-l10n-* into thunderbird-l10n-*
+ * [387bfa2] de-branding: adding transitional icedove-l10n packages
+ * [f3cfecb] de-branding: adding 'Breaks', 'Replaces', 'Provides' to
+ thunderbird-l10n-*
+ * [03b222e] de-branding: rework d/r to reflect changes for thunderbird-l10n
+ * [0c9a6ab] de-branding: (re)adding a wrapper script for TB starting
+ * [f9c8aef] de-branding: move icedove-dev to thunderbird-dev
+ * [a4313e6] de-branding: adding transitional icedove-dev package
+ * [0508866] de-branding: rework d/r to reflect changes for thunderbird-dev
+ * [048b29f] de-branding: move icedove-dbg to thunderbird-dbg
+ * [da01077] de-branding: adding transitional icedove-dbg package
+ * [a371079] de-branding: rework d/r to reflect changes for thunderbird-dbg
+ * [b34b8f8] de-branding: move iceowl-extension to lightning
+ * [fa8f9b3] de-branding: adding transitional iceowl-extension package
+ * [848f178] de-branding: rework d/r to reflect changes for lightning
+ * [a708c35] de-branding: move icedove to thunderbird
+ * [cccef90] de-branding: moving icedove dh files into thunderbird
+ * [8c2b27d] de-branding: rework icedove.1 into thunderbird.1
+ * [19406fe] de-branding: transition of mozconfig.*
+ * [88ed684] de-branding: rework d/r to reflect changes for thunderbird
+ * [c8011d3] de-branding: adding transitional icedove package
+ * [5e399aa] de-branding: adjusting package calendar-google-provider
+ * [a03329c] debian/tests/help.sh: use absolute path for binary call
+ * [10adb34] move old icedove graphic stuff into own folder
+ * [abc6c8c] create various thunderbird png graphics from SVG file
+ * [a2067ae] debian/copyright: update copyright information
+ * [a9c6f9f] de-branding: add own created thunderbird icons to install
+ * [1d8b524] mozconfig.default: enable the official brandind
+ * [9f3a673] debian/control: adding dh-exec to the Build-Depends
+ * [cddbc63] move Thunderbird install files into thunderbird.install
+ * [5037bb5] de-branding: transition of apparmor profile for TB
+ * [14f094d] de-branding: remove extra URL for What's New inside
+ * [c2a06db] manpage thunderbird; adjust and correct manpage entries
+ * [8fa3365] debian/control: adding package dpkg to Build-Depends
+ * [ba84ede] thunderbird: switching dpkg-maintscript-helper to *.maintscript
+ * [d0e675b] debian/thunderbird.postinst: adding some moving mechanism
+ * [cbae415] de-branding: let helper scripts reflect thunderbird change
+ * [da402a4] thunderbird-wrapper.sh: adding fixing inside mimeTypes.rdf
+ (Closes: #837516)
+ * [030d49e] de-branding: adding some hints about the debranding
+ * [662f7af] debian/README.source: adjusting hints due name changes
+ * [8fbedc1] debian/thunderbird.install: install additional icedove.desktop
+ * [9089d9f] debian/*lintian-overrides: adopt name changes
+ * [b9b7665] debian/rules: use the old profile folder for wheezy and jessie
+ * [f9c137e] fix *.desktop files for proper GNOME app mechanism
+ (Closes: #817973, #832302)
+ * [1c85ff7] debian/rules: chmod certain *.py tb-devel files
+ * [356694a] thunderbird.links: linking the default TB icon to u/s/p
+
+ [ Guido Günther ]
+ * [24bbee9] Wrap and sort control information (Closes: #825806)
+ * [fcfe4ac] Add minimalistic autopkgtest
+ * [f7a32e8] Add autopkgtest to test header and typelib generation
+ * [189d835] Add autopkgtest to smoke test xpcshell
+
+ [ Christoph Goehre ]
+ * [354f836] turn the reduce of memory usage of the linker on again
+ * [5e48e17] don't build dbgsym packages on unreleased builds
+ * [09679eb] rebuild patch queue from patch-queue branch (Closes: #808183)
+ * [ec3a50b] debian/NEWS: change urgency to medium
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 31 Dec 2016 10:26:36 +0100
+
+icedove (1:45.5.1-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [efe836f] New upstream version 45.5.1
+ * [48999ac] rebuild patch queue from patch-queue branch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 30 Nov 2016 18:27:57 +0100
+
+icedove (1:45.4.0-1) unstable; urgency=medium
+
+ [ Guido Günther ]
+ * [a159bc9] autopkgtests: let xfvb-run pick the port to avoid clashes with
+ already running servers
+ * [5384838] Snapshot 1:45.3.0-1~1.gbpa159bc
+ * [8d3ac18] autopkgtest: Dont print on stderr
+ * [8afc7be] Put test deps on a simgle line
+
+ [ Carsten Schoenert ]
+ * [99e9c40] New upstream version 45.4.0
+ (Closes: #835866, #836798, #837107)
+ * [6195d7b] debian/README.source: update instructions for importing
+ * [5150624] debian/icedove.js: disabling baselinejit functionality
+ (Closes: #837930)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 03 Oct 2016 12:18:09 +0200
+
+icedove (1:45.3.0-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3cc29ee] Imported Upstream version 45.3.0
+ * [ed8cf89] Imported icedove-l10n Upstream version 45.3.0
+ * [bc20676] Imported iceowl-l10n Upstream version 45.3.0
+ * [54bd9c4] debian/README.source: fix up some hints
+ * [756ec86] mozconfig.default: enable build of PIE binaries
+ * [1cef6f8] rebuild patch queue from patch-queue branch
+ added patch:
+ - porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch
+ (Closes: #836400)
+ * [7a1ec74] AppArmor: grant access to local mailboxes and enigmail(2)
+ (Closes: #837656)
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 28 Sep 2016 22:52:03 +0200
+
+icedove (1:45.2.0-4) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [cc8cd76] mozconfig.default: relaxe optimization on arm{64,el,hf} to -O1
+
+ -- Christoph Goehre <chris@sigxcpu.org> Thu, 18 Aug 2016 10:45:17 -0400
+
+icedove (1:45.2.0-3) unstable; urgency=medium
+
+ [ Guido Günther ]
+ * [9a8f4e1] tests: Fix typo
+
+ [ Carsten Schoenert ]
+ * [53aab10] AppArmor: allow self execution for -ProfileManager
+ (Closes: #833742)
+ * [a459d6a] debian/rules: adding one more CFLAGS/CXXFLAGS compiler flag
+ (Closes: #833864, #833532, #833591, #833635, #833698)
+ * [e32c460] AppArmor: grant access to local mailboxes and enigmail
+ (Closes: #833184)
+ * [f34e41e] debian/rules: fix typo CXLAGS -> CFLAGS
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 12 Aug 2016 12:00:44 -0400
+
+icedove (1:45.2.0-2) unstable; urgency=medium
+
+ [ Christoph Goehre ]
+ * [8b4f306] rebuild patch queue from patch-queue branch
+ added patches:
+ - p-kfree-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hur.patch
+ (Closes: #808183)
+
+ [ Carsten Schoenert ]
+ * [08e20a0] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch
+ (Closes: #827592)
+ - fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch
+ (Closes: #831192)
+ * [1ea97f1] debian/icedove.js: disable Icedove startup check
+ (Closes: #817973)
+ * [83bdcdf] debian/rules: adding additional CFLAGS and CXXFLAGS
+ * [7dc0588] debian/control: addjust breaks for xul-ext-foxyproxy-standard
+ (Closes: #825749)
+ * [50a0f1e] autopkg: fixup small type within test call
+
+ [ Ulrike Uhlig ]
+ * [b24bbaa] Add rebranded apparmor profile from upstream (Closes: #829731)
+ * [0a28f91] apparmor/usr.bin.icedove: refresh Icedove AppArmor profile
+
+ [ Guido Günther ]
+ * [6fe4897] Fix apparmor profile installation
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 26 Jul 2016 13:25:21 -0400
+
+icedove (1:45.2.0-1) unstable; urgency=medium
+
+ [ Guido Günther ]
+ * [f777843] Wrap and sort control information
+ via 'wrap-and-sort -ast' to simplify backporting (Closes: #825806)
+ * [457dffe] Register components with gbp
+ * [8e73822] Rediff patches
+
+ [ Carsten Schoenert ]
+ * [789ed6f] Imported Upstream version 45.1.1
+ * [8b8bd3c] Imported icedove-l10n Upstream version 45.1.1
+ * [23b2984] Imported iceowl-l10n Upstream version 45.1.1
+ * [411b27d] Imported Upstream version 45.2.0
+ * [975287a] Imported icedove-l10n Upstream version 45.2.0
+ * [09b6652] Imported iceowl-l10n Upstream version 45.2.0
+ * [2b99997] icedove-l10n-all: change Section into metapackages.
+ As Jonas Smedegaard pointed out, the icedove-l10n-all package is a
+ metapackage and localization.
+ (Closes: #824785)
+ * [a7eec24] debian/README.source: info about import of multitarballs.
+ As the VCS is using git-buildpackage for package maintenace adding some
+ hints on how to handle the impoert of the used mutitarballs since
+ version 45.0.
+ * [73e8b1a] debian/control: adding Recommends to icedove-l10n-uk
+ (Closes: #825806)
+ * [f118470] debian/control: Icedove, adding dependency on libatk-adaptor.
+ After the adding of some first small autopkg test it turns out that we
+ miss a dependency on libatk-adaptor.
+ * [e6e95c9] debian/control: rework Recommends for icedove-l10n-*
+ As addition to 711468b933f280fe9d6ed78bb1d7d763dede9ea7 also rework the
+ various Recommends for the icedove-l10n packages.
+ * [1275b3d] debian/control: small fixup Recommends on iceowl-l10n-*
+ Fix small typos for iceowl-l10n-{pt-pt,sl}
+ * [c4c9a02] debian/control: sort iceowl-l10n-* alphabetical
+
+ -- Guido Günther <agx@sigxcpu.org> Fri, 08 Jul 2016 15:55:46 +0200
+
+icedove (1:45.2~b1-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [68883af] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
+ * [ee509d2] debian/mozconfig.default: switching back to gtk2 as default
+ (Closes: #821744)
+ * [f72fe06] adding helper script create-iceowl-l10n-tarball.sh
+ * [28fba93] debian/README.source: adding additional info for iceowl-l10n
+ * [826af5b] adding iceowl-l10n related patches to the patch queue
+ * [1aa6f37] debian/iceowl-*.in: adding needed base files
+ * [a5946b4] debian/rules: adding iceowl-l10n related rules
+ * [b1da616] debian/control: adding the current iceowl-l10n-* packages
+ * [b359c95] debian/source.filter: some adjustments to the filter
+ * [e45ab44] debian/README.source: use recent version and reformating
+ * [50b3830] debian/control: increase Standards-Version to 3.9.8
+ * [3a767b8] debian/rules: remove no longer needed LDFLAGS
+ * [29a7739] Imported Upstream version 45.2~b1
+ * [15b7797] iceowl-l10n-*: rearrange Recommends field for various packages
+ (Closes: #824727, #824750, #824763, #824764, #824768, #824780)
+ * [3f75b56] debian/vendor.js: adjust to new version related wiki site
+ * [6bd7f89] d/c-id-l10n: adjusting download URL for stable versions
+ * [f15d1a2] icedove-l10n-all: change Section into metapackages
+ (Closes: #824785)
+ * [25c3ba1] debian/README.source: info about import of multitarballs
+ * [3ebcf59] debian/control: adding Recommends to icedove-l10n-uk
+ (Closes: #825806)
+ * [3e57d5e] debian/control: Icedove, adding dependency on libatk-adaptor
+ * [e19c59d] debian/control: rework Recommends for icedove-l10n-*
+ * [4741d80] debian/control: small fixup Recommends on iceowl-l10n-*
+ * [f9f5193] debian/control: sort iceowl-l10n-* alphabetical
+
+ [ Christoph Goehre ]
+ * [ce58560] debian/rules: add option to dh_auto_clean
+ * [8cfbeca] debian/rules: export necessary DEB_ vars into environment
+ (Closes: #819020)
+ * [7512da8] debian/rules: ignore build folder and run 'build' target instead
+ (Closes: #819020)
+ * [354f836] turn the reduce of memory usage of the linker on again
+ * [5e48e17] don't build dbgsym packages on unreleased builds
+ * [09679eb] rebuild patch queue from patch-queue branch
+ added patches:
+ - p-kfree-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hu.patch
+ (Closes: #808183)
+
+ [ Guido Günther ]
+ * [24bbee9] Wrap and sort control information (Closes: #825806)
+ * [fcfe4ac] Add minimalistic autopkgtest
+ * [f7a32e8] Add autopkgtest to test header and typelib generation
+ * [189d835] Add autopkgtest to smoke test xpcshell
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 01 Jun 2016 17:56:29 -0400
+
+icedove (1:45.0~b4-2) experimental; urgency=medium
+
+ * [fa7bc47] debian/control: fix FTBFS by moving Build-Depends-Indep to
+ Build-Depends
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 10 Apr 2016 15:24:39 -0400
+
+icedove (1:45.0~b4-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3bf50c7] Imported Upstream version 45.0~b4
+ * [11744a7] debian/source.filter: fixup for previous change
+ * [0bd3753] debian/gbp.conf: adding default filter out pattern
+ * [a9f6cfa] rebuild patch queue from patch-queue branch
+ removed patches (fixed upstream):
+ - fixes/Bug-1178266-Link-against-libatomic-when-necessary.patch
+ - p-arm64/FTBFS-arm64-Adding-configure-option-for-aarch64-platform.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-1-4.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-2-4.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-3-4.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-4-4.patch
+ modified patches:
+ - p-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
+ * [9dcb46e] debian/control: increase B-D on libnspr-dev
+ * [b31fba5] debian/control: increase Standards-Version to 3.9.7
+ * [623250d] Icedove Branding: adopt usptream changes to branding
+ * [2fa9b24] debian/copyright: update copyright information
+ * [c5dd11d] debian/copyright: include the license text for MPL-1.0
+ * [3a90ecd] debian/copyright: include the license text for MPL-1.1
+ * [7291650] debian/copyright: include the license text for MPL-2.0
+ * [0ebdd3f] debian/copyright: include the license text for libpng
+ * [9ee79fa] d/icedove.install: remove no longer existing parts
+ * [880c9e9] debian/rules: remove obsolet dpkg-shlibdeps call
+ * [e4fb8a2] adding helper script create-icedove-l10n-tarball.sh
+ * [8826951] debian/README.source: adding hint for creating l10n tarball
+ * [08f9071] debian/control: adding the current icedove-l10n-* packages
+ (Closes: #680488)
+ * [d839f37] debian/rules: adding icedove.l10n install to targets
+ * [5b0df21] debian/gbp.conf: use a Tuple for selecting multiple files
+ * [e32519f] debian/control: increase B-D on libnss-dev
+ * [2200691] debian/control: increase B-D on libnspr4-dev
+ * [0f5660e] debian/control: increase increase B-D on libnss3-dev
+ * [5fd8af8] mozconfig.default: adding new configure option
+ * [e288c6e] debian/control: adding a B-D on libpng-dev
+
+ [ Christoph Goehre ]
+ * [f8c7ca5] debian/control: make depends between icedove-l10n and icedove
+ dynamic
+ * [ac760d7] debian/control: add section localization to all l10n packages
+ * [72ef6c7] debian/NEWS: rename to icedove.NEWS to ship only in icedove core
+ package
+ * add epoch in version number to update l10n packages smoothly
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 09 Apr 2016 18:56:59 -0400
+
+icedove (44.0~b1-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [a24f78b] Imported Upstream version 44.0~b1
+ * [7f52453] rebuild patch queue from patch-queue branch
+ removed patches:
+ - d-hacks/Add-unminified-jquery-and-jquery-ui-files.patch
+ - d-hacks/Allow-unsigned-addons-in-usr-lib-share-mozilla-extensions.patch
+ - d-hacks/creating-a-dummy-.deps-directory-to-get-make-happy.patch
+ added patches:
+ - p-arm64/FTBFS-arm64-Adding-configure-option-for-aarch64-platform.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-1-4.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-2-4.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-3-4.patch
+ - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-4-4.patch
+ modified patches:
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ * [ecf1110] debian/watch: adjust to new CDN structure
+ * [dd5efe8] debian/control: increase Build-Depends on libsqlite3-dev
+ * [57165b5] debian/control: switch URI for the Vcs fields to https
+ * [c9ded96] debian/source.filter: adding more filters on testings js files
+ * [31ce42f] debian/copyright: update due upstream/import changes
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 13 Feb 2016 19:08:55 -0500
+
+icedove (43.0~b1-1) experimental; urgency=medium
+
+ [ Christoph Goehre ]
+ * [ef5b1ef] debian/rules: split override_dh_install into arch and indep
+ section (Closes: #806047)
+ * [02d5d7c] debian/source.filter: remove filter for searchplugins
+
+ [ Guido Günther ]
+ * [2008a71] Clarify relation between icedove and the calendar extensions
+ (Closes: #809017)
+
+ [ Carsten Schoenert ]
+ * [11ffac0] debian/source.filter: modifying file list to ignore
+ * [926912b] Imported Upstream version 43.0~b1
+ * [32cd8c0] rebuild patch queue from patch-queue branch
+ added patches:
+ - d-hacks/Allow-unsigned-addons-in-usr-lib-share-mozilla-extensions.patch
+ removed patches (fixed upstream):
+ - reproducible/Generate-sorted-libical-header-list.patch
+ * [a1637e4] debian/control: increase B-D on libnspr-dev and libnss3-dev
+ * [f9937c1] debian/source.filter: sort entries alphabetical
+ * [326f74d] debian/source.filter: adding new files to filter out
+ * [9b9d9b9] debian/copyright: update due upstream changes
+ * [69664c7] d/icedove.install: searchplugins isn't alive anymore
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 19 Jan 2016 11:41:50 -0500
+
+icedove (42.0~b2-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [8842d85] Imported Upstream version 42.0~b2
+ * [6d14aca] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Bug-1178266-Link-against-libatomic-when-necessary.patch
+ * [320c43d] add myself to the uploaders
+ * [797a290] lintian: remove icedove.menu file due CTTE#741573
+
+ [ Guido Günther ]
+ * [caca7c2] Add unminified jquery and jquery-ui files (Closes: #802281)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 08 Nov 2015 15:30:56 -0500
+
+icedove (42.0~b1-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [c599b6b] Imported Upstream version 42.0~b1
+ * [41285cb] debian/copyright: fixup's and update
+ * [6b270be] debian/control: increase various build depends
+ * [be75969] adopting needed changes for GTK3 into the Debian branding
+ * [245161e] fixup branding about.png file
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 10 Oct 2015 21:26:24 -0400
+
+icedove (41.0~b2-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [b1d982c] Imported Upstream version 41.0~b2
+ * [8389b9b] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch
+ modified patches:
+ - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ dropped patches (fixed upstream):
+ - fixes/Bug-1168231-Fixup-to-keep-file-type.patch
+ - fixes/Bug-1168231-Normalize-file-mode-in-jars.patch
+ - reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch
+ - reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patch
+ * [9ebf7b9] debian/source.filter: modifying file list to ignore
+ * [b25d990] debian/copyright: fixup's and update
+
+ [ Christoph Goehre ]
+ * [8ebffb0] relax optimize to -O1 on s390x (Closes: #797551)
+ * [dea1627] debian/rules: Disable jit on mips (Closes: #797548)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 25 Sep 2015 18:43:44 -0400
+
+icedove (40.0~b1-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [9d358dc] debian/source.filter: adjust new files
+ * [328cdc7] Imported Upstream version 40.0~b1
+ * [8813d89] debian/rules: setting MOZ_BUILD_DATE explicitly.
+ This patch is based on work from Mike Hommey within the Iceweasel
+ package to enable reproducible builds. It defines the MOZ_BUILD_DATE
+ with a pre defined timezone.
+ * [8dd5b9f] debian/rules: add switch to skip icedove-dbg build to
+ speed up the build.
+ * [a6beec7] debian/control: Let icedove recommendiceowl-extension
+ * [691dfe9] add release related information
+ * [bdfdfd8] debian/vendor.js: adjusting WhatNew link to more dedicated URL
+ * [5ba6ec7] rebuild patch queue from patch-queue branch
+ added patches:
+ debian-hacks/changing-the-default-search-engine.patch
+ fixes/Bug-1168231-Fixup-to-keep-file-type.patch
+ fixes/Bug-1168231-Normalize-file-mode-in-jars.patch
+ reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch
+ reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patc
+ reproducible/Generate-sorted-libical-header-list
+ modified patches:
+ fixes/Allow-.js-preference-files-to-set-locked-prefs-with-.patch
+ porting-kfreebsd-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch
+ porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ porting/Disable-optimization-on-alpha-for-the-url-classifier.patch
+ deleted patches:
+ debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch
+ debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch
+ debian/patches/fixes/Link-libldap-against-libpthread.patch
+ debian/patches/icedove/no-dynamic-nss-softokn.patch
+ debian/patches/porting/Remove-duplicate-SkDiscardableMemory_none.cpp-from-g.patch
+ * [59046ae,12d4f4b] debian/copyright: update due upstream changes
+ * [7c1f002] debian/iceowl-extension.lintian-overrides: remove file, no longer needed
+ * [23eed8c] debian/source.lintian-overrides: adding new entries.
+ Lintian is detecting the braces within the folder names incorrectly as
+ brace expansion.
+ * [2f95cd3] add changes due ldap restructure.
+
+ [ Christoph Goehre ]
+ * [ff66528] lintian: fix spelling error in debian/README.Debian
+
+ -- Guido Guenther <agx@sigxcpu.org> Wed, 19 Aug 2015 09:39:23 +0200
+
+icedove (38.7.2-1) unstable; urgency=medium
+
+ * [397cd7a] Imported Upstream version 38.7.2
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 13 Apr 2016 12:05:05 -0400
+
+icedove (38.7.0-1) unstable; urgency=medium
+
+ [ Christoph Goehre ]
+ * [cb9c003] Imported Upstream version 38.7.0
+ * [7273cb9] bump up standards version to 3.9.7 (no changes needed)
+
+ [ Carsten Schoenert ]
+ * [0341a8c] debian/control: switch URI for the Vcs fields to https
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 16 Mar 2016 13:22:57 +0100
+
+icedove (38.6.0-1) unstable; urgency=medium
+
+ [ Guido Günther ]
+ * [195730d] Clarify relation between icedove and the calendar extensions
+ (Closes: #809017)
+
+ [ Christoph Goehre ]
+ * [988ce5b] Imported Upstream version 38.6.0
+ * [6763f6f] debian/source.filter: remove evil-licensed jshint.js
+ (Closes: #813053)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 14 Feb 2016 16:08:13 -0500
+
+icedove (38.5.0-1) unstable; urgency=medium
+
+ [ Christoph Goehre ]
+ * [6d45b0b] Imported Upstream version 38.5.0
+ * [316798f] debian/rules: split override_dh_install into arch and indep
+ section (Closes: #806047)
+
+ [ Carsten Schoenert ]
+ * [5b3cb7a] add myself to the uploaders
+
+ -- Christoph Goehre <chris@sigxcpu.org> Thu, 24 Dec 2015 22:36:37 -0500
+
+icedove (38.4.0-1) unstable; urgency=medium
+
+ [ Christoph Goehre ]
+ * [754392e] Imported Upstream version 38.4.0
+ * [ef4b733] debian/watch: adjust download url
+
+ [ Carsten Schoenert ]
+ * [f3f5455] lintian: remove icedove.menu file due CTTE#741573
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 27 Nov 2015 12:54:27 -0500
+
+icedove (38.3.0-2) unstable; urgency=medium
+
+ * [c988747] Add unminified jquery and jquery-ui files with the exact
+ version as used by upstream thunderbird.
+ We don't want to use the minified versions mozilla ships and can't use
+ what is currently packaged in Jessie or Stretch since these are too
+ recent.
+ (Closes: #802281)
+
+ -- Guido Günther <agx@sigxcpu.org> Sun, 01 Nov 2015 18:06:33 +0100
+
+icedove (38.3.0-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [0f8b6a4] Imported Upstream version 38.3.0
+ * [566273a] debian/copyright: fixup's and update
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 10 Oct 2015 13:21:05 -0400
+
+icedove (38.2.0-2) unstable; urgency=medium
+
+ * [8bcb08b] relax optimize to -O1 on s390x (Closes: #797551)
+ * [6aa0915] debian/rules: Disable jit on mips (Closes: #797548)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Thu, 24 Sep 2015 19:09:54 -0400
+
+icedove (38.2.0-1) unstable; urgency=medium
+
+ * [d46d5f6] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 21 Sep 2015 19:42:03 -0400
+
+icedove (38.2.0-1~stretch) stretch; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [05b245f] Imported Upstream version 38.2.0 (Closes: #796323)
+ - MFSA 2015-59 aka CVE-2015-2724, CVE-2015-2725, CVE-2015-2726
+ - MFSA 2015-63 aka CVE-2015-2731
+ - MFSA 2015-66 aka CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,
+ CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740
+ - MFSA 2015-70 aka CVE-2015-4000
+ - MFSA 2015-71 aka CVE-2015-2721
+ - MFSA 2015-65 aka CVE-2015-2741
+ - MFSA 2015-79 aka CVE-2015-4474
+ * [43c8195] rebuild patch queue from patch-queue branch
+ * [c75bdad] debian/control: increase B-D on libnss3-dev
+ * [942bcbe] debian/iceowl-extension.lintian-overrides: remove file
+ * [7131e4d] debian/source.lintian-overrides: adding new entries
+ * [8882360] mozconfig.default: don't use icu from system
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 21 Aug 2015 12:29:42 +0200
+
+icedove (38.1.0-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [3d27760] Imported Upstream version 38.1.0 (Closes: #790651)
+ * [2cb6cd7] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Bug-1165654-Cleanup-how-libjpeg-turbo-assembly-build.patch
+ - reproducible/Generate-sorted-libical-header-list (Closes: #794456)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 04 Aug 2015 20:20:53 -0400
+
+icedove (38.0.1-1) unstable; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [5acef6a] debian/gbp.conf: adopt new upstream branch
+ * [6f88792] Imported Upstream version 38.0.1 (Closes: #358680, #472601,
+ #634316, #691176, #751786, #777908)
+ * [18bba9d] debian/gbp.conf: respect new git-buildpackage behaviour
+ * [26bbdac] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/changing-the-default-search-engine.patch (Closes: #780595)
+ - fixes/Bug-1168231-Fixup-to-keep-file-type.patch
+ - fixes/Bug-1168231-Normalize-file-mode-in-jars.patch
+ - reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch
+ - reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patc
+ deleted patches:
+ - debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch
+ * [71938b9] debian/rules: setting MOZ_BUILD_DATE explicitly
+ * [e50d708] debian/copyright: more minor updates to the copyright file
+ * [b232895] debian/rules: adding switch for no icedove-dbg build
+ * [bcc15aa] debian/control: icedove is now recommending iceowl-extension
+ * [564a19e] adding release related information
+ * [2ec0053] debian/vendor.js: adjusting WhatNew link to more dedicated URL
+
+ [ Christoph Goehre ]
+ * [a9c25b6] lintian: fix spelling error in debian/README.Debian
+ * [2cc2c07] debian/rules: fix icedove-dbg build switch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 27 Jul 2015 17:46:40 -0400
+
+icedove (38.0~b5-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [7e3cab4] Imported Upstream version 38.0~b5
+ * [3edbafc] Revert "debian/control: remove build-dep on libnotify-dev"
+ * [5e69bab] debian/control: increase b-d versions
+ * [6e6ae36] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch
+ obsolete patches (fixed in Debian):
+ - adopting-SQLITE3-version.patch
+ * [ac7b760] mozconfig.default: adding some explicit configure options
+ * [81fd6e6] complete rewrite of copyright information
+ * [327dd45] switching to libgstreamer1.0*
+
+ [ Christoph Goehre ]
+ * [9877ea3] lintian: add override for libpng
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 22 May 2015 20:42:19 -0400
+
+icedove (38.0~b2-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [b08d966] debian/source.filter: modifying file list to ignore
+ * [88fd018] Imported Upstream version 38.0~b2
+ * [e9da8f8] icedove branding: adopt upstream changes
+ * [3610daa] debian/control: increase b-d versions
+ * [950fae7] rebuild patch queue from patch-queue branch
+ modified patches:
+ - system-libs/Allow-to-build-against-system-libffi.patch
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ obsolete patches (fixed upstream):
+ - porting/Reintroduce-pixman-code-path-removed-in-bug-1097776-.patch
+ * [1820d7c] debian/control: adding xul-ext-compactheader to Breaks field
+
+ [ Dominik George ]
+ * [4181126] debian/control: Upgrade Breaks relation to enigmail
+ (Closes: #782686)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 28 Apr 2015 18:19:00 -0400
+
+icedove (36.0~b1-2) experimental; urgency=medium
+
+ * [26c0027] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting/Reintroduce-pixman-code-path-removed-in-bug-1097776-.patch
+ - porting/Remove-duplicate-SkDiscardableMemory_none.cpp-from-g.patch
+ - porting/ppc-fix-divide-page-size-in-jemalloc.patch (Closes: #780404)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 28 Mar 2015 15:35:58 -0400
+
+icedove (36.0~b1-1) experimental; urgency=medium
+
+ [ Carsten Schoenert ]
+ * [68112a3] Imported Upstream version 36.0~b1
+ * [3120361] rebuild patch queue from patch-queue branch
+ obsolete patches (fixed upstream):
+ - debian-hacks/fixing-various-FTBFS-due-different-datatype-char-beh.patch
+ - porting-arm/FTBFS-armhf-fixing-ARM-CPU-detection.patch
+ modified patches:
+ - debian-hacks/Strip-version-number.patch
+ - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ - p-kfree-hurd/correcting-file-inclusion-for-kfreebsd.patch
+ - p-kfree-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
+ * [ee185a2] d/icedove.install: mozilla-xremote-client was removed
+ * [64adc44] debian/source.filter: modifying file list to ignore
+ * [dbdd152] debian/control: increase package versions
+ * [fb3307c] lintian: adding one more source override
+ * [2a07495] lintian: adding new override for the icedove package
+ * [38c21ad] debian/README.Debian: adding note around HTTPS Everythere
+ (Closes: #774790)
+
+ [ Christoph Goehre ]
+ * [3dce89c] debian/icedove.desktop: correct StartupWMClass to 'Icedove'
+ (Closes: #773876)
+ * [deb3f58] debian/icedove.desktop: add MimeType text/calendar
+ (Closes: #762190)
+ * [4dd96fe] rebuild patch queue from patch-queue branch
+ added patches:
+ - p-kfree-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch
+ - p-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch
+ (Closes: #772933)
+ modified patches:
+ - p-kfree-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch
+ - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ - p-kfree-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ - p-kfree-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
+ * [373ed05] add missing epoch in libnss3-dev build depends
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 11 Mar 2015 19:19:28 -0400
+
+icedove (34.0~b1-2) experimental; urgency=low
+
+ [ Carsten Schoenert ]
+ * [7a4edc4] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/fixing-various-FTBFS-due-different-datatype-char-beh.patch
+ - porting-arm/FTBFS-armhf-fixing-ARM-CPU-detection.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 24 Nov 2014 18:56:21 -0500
+
+icedove (34.0~b1-1) experimental; urgency=low
+
+ [ Carsten Schoenert ]
+ * [1be8ab1] debian/source.filter: more files to ignore
+ * [66e6488] debian/README.source: adjust description for beta versions
+ * [e63d375] Imported Upstream version 34.0~b1 (Closes: #770180)
+ * [1cb54d2] rebuild patch queue from patch-queue branch
+ obsolete patches (fixed upstream):
+ - porting-armel/disable-some-libopus-feature-for-ARCH-ARMv6.patch
+ * [ad29bb1] debian/rules: be more flexible on *.xpi files
+ * [b055e78] debian/NEWS: fixing default SSL/TLS behavior description
+ * [d64a847] debian/NEWS: adding notes around new security changes
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 19 Nov 2014 19:15:46 -0500
+
+icedove (33.0~b1-1) experimental; urgency=low
+
+ [ Carsten Schoenert ]
+ * [5029c8b] debian/source.filter: more files to ignore
+ * [d4b03d9] README.source: let's use xz while creating the orig.tar.xz
+ * [ebd442f] debian/gbp.conf: some instructions for git-dch
+ * [cc594ea] Imported Upstream version 33.0~b1
+ * [23b57cf] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/fix-identification-of-ObjdirMismatchException.patch
+ - debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch
+ modified patches:
+ - debian-hacks/Strip-version-number.patch
+ - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ - obsolete patches (fixed upstream):
+ - fixes/Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch
+ - porting-alpha/fix-FTBFS-on-alpha.patch
+ * [a5a2a1b] adding additional config options for hppa and ppc64
+ Both platforms failing on running xpcshell.
+
+ [ Christoph Goehre ]
+ * [5a0ba43] linitan: bump up standards version to 3.9.6
+ * [aaca6a7] debian/NEWS: adding note around increased default TLS version 1.2
+ (Closes: #761245)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 25 Oct 2014 12:47:37 -0400
+
+icedove (32.0~b1-1) experimental; urgency=low
+
+ [ Christoph Goehre ]
+ * [65ad797] icedove.postinst: remove obsolete symlink handling
+
+ [ Carsten Schoenert ]
+ * [baef95a] debian/gbp.conf: adopting experimental branch
+ * [8384eee] Imported Upstream version 32.0~b1
+ * [75145f3] rebuild patch queue from patch-queue branch
+ modified patches:
+ - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ - debian-hacks/remove-non-free-W3C-icon-valid.png.patch
+ obsolete patches (fixed upstream):
+ - porting-armel/fix-skia-for-ARMv4.patch
+
+ [ Christoph Goehre ]
+ * [51c3cee] cleanup branding patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Thu, 28 Aug 2014 15:52:51 -0700
+
+icedove (31.0-2) unstable; urgency=low
+
+ [ Carsten Schoenert ]
+ * [d2bc0ef] armel: correcting #if statement for skia fix
+ * [959b801] adding GNU/Hurd to gyp.mozbuild
+ * [215bc7d] kfreebsd*: adding CrossProcessMutex_posix.cpp to list
+ * [892c39c] d/icedove.links: remove unneeded link to /u/s/i/e
+ (Closes: #638489)
+ * [928158c] debian/source.filter: more files to ignore
+ * [b81c238] fixing lintian warning 'unused-override'
+ * [7bc2568] fixing lintian warning 'jar-not-in-usr-share'
+ * [cd0d289] fixing lintian warning 'image-file-in-usr-lib'
+ * [045a960] fixing lintian error 'source-is-missing'
+ * [1fe016a] correcting FTBFS patch for alpha
+
+ [ Christoph Goehre ]
+ * [c827d81] iceowl-extension: replace skin and icon dir with symlink
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 23 Aug 2014 18:42:23 -0700
+
+icedove (31.0-1) unstable; urgency=low
+
+ [ Carsten Schoenert ]
+ * [b7cdeb4] Imported Upstream version 31.0 (Closes: #756769)
+ * [1f2ff0b] debian/rules: fixing file permissions in iceowl-extension
+ * [c8d2036] adding fix for skia on armel
+ * [77093e2] fixing FTBFS on armel (Closes: #754633)
+ * [a458959] debian/control: increase b-d on libsqlite-dev
+ * [a98ebca] fix runtime error on alpha while jemalloc run
+ * [6f6b576] disable optimization on alpha while linking
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 04 Aug 2014 10:23:09 -0400
+
+icedove (31.0~b2-1) unstable; urgency=low
+
+ [ Carsten Schoenert ]
+ * [76059a9] debian/source.filter: more files to ignore
+ * [5067b0e] Imported Upstream version 31.0~b2 (Closes: #754464)
+ * [e31ac79] debian/control: remove build-dep on libnotify-dev
+ * [35324a5] debian/control: increase build-depends on libnss3-dev to 3.16.2~
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 18 Jul 2014 21:47:06 +0200
+
+icedove (31.0~b1-2) unstable; urgency=low
+
+ * [7ba4d01] lintian: add override for embedded srtp library
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 22 Jun 2014 18:18:04 -0400
+
+icedove (31.0~b1-1) unstable; urgency=low
+
+ * [02dc94c] remove example file, which cause git-archive to change the
+ source tree
+ * [ba233b1] Imported Upstream version 31.0~b1
+ * [4c2380f] rebuild patch queue from patch-queue branch
+ modified patches:
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-.patch
+ obsolete patches (fixed upstream):
+ - fixes/unbreak-with-system-pixman-in-mailnews.patch
+ - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 22 Jun 2014 11:50:07 -0400
+
+icedove (30.0~b1-1) unstable; urgency=low
+
+ [ Carsten Schoenert ]
+ * [b3eadf1] debian/source.filter: more files to ignore
+ * [fb71012] debian/control: bumping build-depends for debhelper
+ * [dc4ad0c] debian/control: add libpulse-dev build dependency
+ * [b8d3ee7] debian/control: bumping some version of build dependencies
+ * [3443df9] debian/icedove-dev.install: adopt upstream changes
+ * [d0f9d0e] icedove.lintian-overrides: adding libtheora
+ * [982c8a6] debian/rules: adding removing for temporary files
+
+ [ Christoph Goehre ]
+ * [f6292d5] Imported Upstream version 30.0~b1 (Closes: #743421)
+ * [dacd658] rebuild patch queue from patch-queue branch
+ modified patches:
+ - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch
+ - porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch
+ - porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-.patch
+ - prefs/Set-javascript.options.showInConsole.patch
+ - debian-hacks/Icedove-branding.patch
+ - fixes/unbreak-with-system-pixman-in-mailnews.patch
+ obsolete patches (fixed upstream):
+ - debian-hacks/Do-build-time-detection-of-2-bytes-wchar_t-and-char1.patch
+ - debian-hacks/Fix-build-failure-for-header.py-and-typelib.py.patch
+ - fixes/Make-system-cairo-work-again.patch
+ - porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch
+ * [df93d26] branding: add jar.mn to moz.build
+ * [648853d] only copy debian/mozconfig.default into mozilla subdir
+ * [4f9dc9e] MOZ_OBJDIR need a absolute path, $(pwd) didn't work
+ * [33794c3] icedove.pc: remove non-existent library mozjs (Closes: #748746)
+ * [dcbce5c] iceowl-extension: use breaks instead of conflicts against
+ calendar-timezones (Closes: #747532)
+ * [545415a] add breaks to enigmail (<< 2:1.6-4~deb7u1) which won't work with
+ us (Closes: #747546)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 30 May 2014 12:11:53 -0400
+
+icedove (24.5.0-2) unstable; urgency=low
+
+ * [e4a43ed] debian/rules: remove duplicate LDFLAGS += -Wl,--stats
+ * [f9dba4b] debian/rules: export all compiler flags into build environment
+ * [8dc0712] debian/rules: run autoconf for all configue files
+ * [95d4b48] debian/rules: export MOZCONFIG onces
+ * [577bd03] debian/rules: update config.sub and config.guess before autoconf
+ run
+ * [7f958c7] parse DEB_BUILD_OPTIONS for how many parallel buildjobs to start
+ (Closes: #746984)
+ * [0f8b062] debian/rules: export MOZILLA_OFFICIAL
+ * [1c3d277] run configure with --build and --host
+ * [f190e19] don't build a shared js library (Closes: #724688, #729073,
+ #745593)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Thu, 08 May 2014 20:07:06 -0400
+
+icedove (24.5.0-1) unstable; urgency=low
+
+ [ Carsten Schoenert ]
+ * [7c13dbf] calender-timezones: remove no longer needed helper files
+ * [2d4328c] debian/control: sort various fields alphabetically
+ * [436c212] debian/control: remove build-depens on cdbs
+ * [dae8b3e] icedove branding: adopt current Makefile.in style to upstream
+ * [045be10] debian/rules: switch to debhelper
+ * [b852c8c] debian/mozconfig*: adding mozconfig files
+ * [7bac68c] debian/icedove.configopts: Remove no longer needed file
+ * [6c597b9] Switch the old thunderbird*.in files to icedove.*
+ * [9781e61] debian/icedove.links: adding /u/b/i link
+ * [f325194] debian/icedove.dirs: add helper file for needed directories
+ * [fe0376a] debian/icedove.install: sort entrys alphabetical
+ * [0111ccc] debian/icedove.js: fix small typo and reformat
+ * [a7e5b05] debian/rules: add override for dh_fixperms
+ * [8e44df2] debian/rules: add override for dh_install
+ * [24fa03a] debian/rules: add override for dh_shlibdeps
+ * [2f22ed0] debian/rules: add override for dh_strip
+ * [259a6f4] debian/control: remove ${shlibs:Depends} from c-g-p depends
+ * [cdc9272] debian/rules: add additional LDFLAGS
+ * [9d620d5] debian/rules: correct Icedove version inside icedove.pc during
+ install
+
+ [ Christoph Goehre ]
+ * [460818b] Imported Upstream version 24.5.0
+ * [4c65ecc] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
+ obsolete patches:
+ - porting-kfreebsd-hurd/Another-fix-to-build-ipc-code-on-GNU-hurd-an.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 29 Apr 2014 17:56:40 -0400
+
+icedove (24.4.0-1) unstable; urgency=low
+
+ * [a2b13c0] Imported Upstream version 24.4.0
+ * [fd90463] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch
+ (Closes: #741245)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 22 Mar 2014 11:10:18 -0400
+
+icedove (24.3.0-2) unstable; urgency=low
+
+ [ Christoph Goehre ]
+ * [122ffe9] remove ldif60 from pkgconfig file (Closes: #732652)
+ * [b64ccac] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch
+ (Closes: #734859)
+
+ [ Carsten Schoenert ]
+ * [aa4f5b1] thunderbird.install.in: shipping all files in /u/l/i/components
+ (Closes: #737811)
+ * [3bf4738] debian/rules: fix *.js file-permissions for iceowl-extension
+ * [50ab7a5] debian/rules: remove -Wl,--as-needed linker option
+ (Closes: #732652, #730450, #724688)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 09 Mar 2014 15:33:05 -0400
+
+icedove (24.3.0-1) unstable; urgency=low
+
+ * [a656560] lintian: remove non-free w3c valid.png icon (Closes: #735119)
+ * [f4e6c08] lintian: remove prebuild javascript objects from upstream
+ tarball (Closes: #735234)
+ * [adf9c96] Imported Upstream version 24.3.0
+ * [8419e65] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/remove-non-free-W3C-icon-valid.png.patch
+ - debian-hacks/use-system-jquery-jquery-ui.patch
+ * [948af3e] a newer icedove will break iceowl-extension (Closes: #732742)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 10 Feb 2014 19:44:36 -0500
+
+icedove (24.2.0-1) unstable; urgency=low
+
+ [ Christoph Goehre ]
+ * [963a61e] Imported Upstream version 24.2.0
+ * [852abe3] rebuild patch queue from patch-queue branch
+ obsolete patches (fixed upstream):
+ - fixes/Wrap-non-prefixed-freetype-headers-from-newer-freety.patch
+ - porting/Don-t-hardcode-page-size-on-ia64-sparc-or-mipsel.patch
+ (Closes: #734074)
+ * [a9d6680] lintian: remove prebuild-binaries from upstream tarball
+ * [fc25943] linitan: remove prebuilt-windows-binary from upstream tarball
+ * [faa24eb] lintian: fix comma separated files copyright
+ * [835790d] lintian: declare public-domain license at the beginning
+
+ [ Carsten Schoenert ]
+ * [c583a2f] debian/copyright: fix indentation for 'public domain' license
+ * [78ddee2] linitan: bump up standards version to 3.9.5
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 11 Jan 2014 20:17:24 -0500
+
+icedove (24.1.1-1) experimental; urgency=low
+
+ [ Carsten Schoenert ]
+ * [e8cbac4] debian/copyright: correcting wrong comma usage.
+ * [d24a6be] debian/copyright: adjusting copyright infos
+ * [51a32a1] debian/copyright: correcting various lintian warning.
+ * [50874e0] debian/control: expanding icedove-dev dependency on python
+ * [2996a33] debian/control: adding a more specific description for
+ iceowl-extension and google-cal-prov.
+ * [85b4400] debian/control: adjust proper version dependencies.
+ (Closes: #729712)
+ * [4d6b204] debian/control: adding metadata for mozilla-devscripts.
+ (Closes: #562984)
+
+ [ Christoph Goehre ]
+ * [aa7782b] Imported Upstream version 24.1.1 (Closes: #720931, #723630)
+ * [e4ca9cd] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Wrap-non-prefixed-freetype-headers-from-newer-freety.patch
+ - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and.patch
+ * [849988b] make python scripts in /usr/lib/icedove-devel/sdk/bin executable
+ * [9890b1c] ship python config scripts to make building of extensions easier
+ (Closes: #729431)
+ * [8b08106] remove libxpcom.so from pkgconfig file (Closes: #729168)
+ * [4759bde] add libldif60 to pkgconfig file
+ * [db575b4] lintian: remove unsafe symlink from upstream tarball
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 08 Dec 2013 10:08:19 -0500
+
+icedove (24.0-1) experimental; urgency=low
+
+ [ Guido Günther ]
+ * [6f9d98e] New upstream version 24.0
+ * [ef58a98] Refresh patches
+ * [435516d] Switch to xz compressed upstream tarball
+ * [f529a99] repack.py: port to python3
+ * [50423d9] repack.py: allow to specify compression
+
+ [ Christoph Goehre ]
+ * [b45b2b9] remove superfluous gstreamer build depends
+ * [96ac1d0] Reduce memory usage of the linker. Thanks to Mike Hommey
+ * [af55374] ia64 don't like LDFLAG --no-keep-memory
+ * [c3cb093] remove export-subst in mozilla/addon-sdk/source/.gitattributes.
+
+ [ Carsten Schoenert ]
+ * [ac4caea] debian/copyright: correcting out-of-date-copyright-format-uri.
+ * [585bf84] debian/copyright: remove obsolete field 'Name:'
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 15 Oct 2013 18:51:16 -0400
+
+icedove (24.0~b3-2) experimental; urgency=low
+
+ * [47fe004] Add lintian override for our use of the embedded libjpeg
+ * [3c103e6] Make sure xpcshell is executable so dh_shlibdeps picks it up to
+ calculate lib dependencies
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 24 Sep 2013 20:03:33 +0200
+
+icedove (24.0~b3-1) experimental; urgency=low
+
+ [ Guido Günther ]
+ * Upload to experimental
+ * [eae533c] Adjust watch file once again
+ * [5280050] Invoke repack.py directly
+ * [0f4e8de] New upstream version 24.0~b3
+ (Closes: #706859, #720931, #723630)
+ * [3b6374b] Don't use system jpeg
+ since it doesn't have the needed features
+ * [f6aeba2] Don't try to remove nonexistent libxpcom.so
+
+ [ Carsten Schoenert ]
+ * [04844ae] icedove-branding: adopt new build schema to Debian branding
+ by using moz.build.
+ * [11c4677] icedove-branding: change the target directory for preview.png.
+ * [55f6762] debian/control: remove package calendar-timezones.
+ The calendar-timezones related files are now inside the lightning
+ package.
+ * [6f4948d] debian/rules: catch any gdata-provider*.xpi file.
+ The gdata-provider XPI file now has a version appended.
+ * [d5a63c9] debian/rules: catch any lightning*.xpi file.
+ The lightning XPI file now has a version appended.
+ * [e77e911] debian/thunderbird.install.in:
+ remove mozilla/components/binary.manifest since it no longer exists.
+ * [ef3f3b1] debian/control: Build-Depend on gstreamer an yasm now used by
+ icedove.
+ * [9f5fe3e] Drop patches fixed upstream.
+ Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch
+ Bug-723497-Saving-message-to-disk-fails-silently-fai.patch
+ Bug-746112-Don-t-decommit-if-page-size-is-too-large.patch
+ Bug-814693-Allow-webrtc-to-build-on-more-architectur.patch
+ Bug-840242-Use-the-runtime-page-size-to-control-aren.patch
+ virtualenv-changing-the-path-to-virtualenv.py.patch
+ * [4503610] Adjust to build system changes:
+ debian-hacks/Don-t-build-example-component.patch
+ * [290f1e0] Partially applied upstream:
+ Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ * [2eaf6ae] Rediff remaining patches
+ * [4217c0e] Create missing .deps dir.
+ Workaround to make build complete
+ * [f95db9c] Drop autoconf.mk mangling since it confuses the build system
+
+ -- Guido Günther <agx@sigxcpu.org> Thu, 19 Sep 2013 20:10:24 +0200
+
+icedove (17.0.8-1) unstable; urgency=low
+
+ [ Carsten Schoenert ]
+ * [af98dad] The vendorShortName is of course "Mozilla" and not "Icedove" The
+ packages in icedove-l10n already use the correct substition.
+ (Closes: #707207, #715326)
+ * [8ceae38] Sawfish: fix wrong size of resized window.
+ Backported from the TB20 release.
+ https://bugzilla.mozilla.org/show_bug.cgi?id=813997 (Closes: #715464)
+ * [b69cb68] Fix error while saving a message to disk or network.
+ If the user tries to save a message to disk or network share without
+ enough user rights to write the message Icedove fails silently. This
+ backport from TB 21 fixes this.
+ * [fd8f588] Desktop file: shorten the icon name to 'Icedove' (Closes: #507962)
+ * [24b1b45] fix JS compiler segfault errors for various platforms
+ (Closes: #708331)
+
+ [ Christoph Goehre ]
+ * [01f6b7a] add README.Debian to describe upstream status of Thunderbird
+ (Closes: #710888)
+ * [7fa36d6] rebuild patch queue from patch-queue branch added patches:
+ - porting/Fix-ipc-chromium-on-kFreeBSD-and-Hurd.patch
+
+ [ Guido Günther ]
+ * [455bfe7] New upstream version 17.0.8
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 20 Aug 2013 16:12:17 +0200
+
+icedove (17.0.7-1) unstable; urgency=low
+
+ * [b8fd345] Imported Upstream version 17.0.7
+ * [3133999] rebuild patch queue from patch-queue branch
+ modified patches:
+ - porting/Don-t-hardcode-page-size-on-ia64-sparc-or-mipsel.patch
+ * [3332f92] lintian: change url to version control system
+ * [534e2d1] linitan: bump up standards version to 3.9.4
+ * [2b511d2] lintian: remove obsolete thunderbird dependency in
+ iceowl-extension
+ * [2081e7e] lintian: add Keywords to icedove desktop file
+ * [7f8333c] lintian: mask minus signs in manpage with a backslash
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 30 Jun 2013 18:46:16 -0400
+
+icedove (17.0.5-2) unstable; urgency=low
+
+ [ Guido Günther ]
+ * [4c7a88a] Install calendar-google-provider to /u/s/xul-ext
+ (Closes: #638480)
+ * [4c97096] Move calendar-timezones to /u/s/xul-ext (Closes: #638481)
+ * [e9d0085] Move arch indep parts to common-install-indep
+
+ [ Carsten Schoenert ]
+ * [40d68d5] Fix build error on IA64 and Sparc
+ * [59939c3] manpage: add example section and convert to UTF-8
+ * [10647cf] fixing build failure depended on python-2.7 changes
+
+ [ Christoph Goehre ]
+ * [0a7bb8b] create links for extension in
+ /usr/share/mozilla/extensions/APPID
+ * [5047e6b] remove
+ icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch
+ (Closes: #695323)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 18 May 2013 17:53:21 -0400
+
+icedove (17.0.5-1) experimental; urgency=low
+
+ [ Guido Günther ]
+ * [894ea6d] Include all needed libs to link against icedove's libxpcom
+ (Closes: #477747)
+
+ [ Carsten Schoenert ]
+ * [6e00625] Point "Help->What's new" to the Debian Wiki (Closes: #570577)
+
+ [ Christoph Goehre ]
+ * [4766bc9] replace icon in searchplugin (bing, twitter) with download url
+ * [e3dc726] Imported Upstream version 17.0.5
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 13 Apr 2013 12:19:06 -0400
+
+icedove (17.0.4-1) experimental; urgency=low
+
+ [ Guido Günther ]
+ * [9ed54cb] Add Homepage
+ * [bd41337] Add X-Debian-Homepage
+
+ [ Carsten Schoenert ]
+ * [1fba87f] New patch
+ fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch fix function
+ nsMsgComposeAndSend to respect ReploToSend
+ Thanks to Emilio Pozuelo Monfort for the patch (Closes: #565903)
+
+ [ Christoph Goehre ]
+ * [7a1071b] update debug section in icedove manpage (Closes: #698163)
+ * [017f5b5] Imported Upstream version 17.0.4 (Closes: #702927)
+ * [7c35529] compress debian packages with xz
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 13 Mar 2013 19:00:07 -0400
+
+icedove (17.0.2-1) experimental; urgency=low
+
+ * [8911b88] Finally set Christoph as Maintainer.
+ Thanks for your work Alexander.
+ * [d456018] parallel build: Use number or available cores by default
+ * [daeee47] Don't refer to paths containing thunderbird (Closes: #486617)
+ * [52a202a] New upstream version 17.0.2
+ * [fa07537] Allow webrtc to build on more architectures.
+ Thanks to Mike Hommey and Christoph Göhre
+
+ -- Guido Günther <agx@sigxcpu.org> Fri, 11 Jan 2013 17:37:46 +0100
+
+icedove (17.0.2-1~1) experimental; urgency=low
+
+ * [8911b88] Finally set Christoph as Maintainer. Thanks for your work
+ Alexander.
+ * [d456018] parallel build: Use number or available cores by default
+ * [daeee47] Don't refer to paths containing thunderbird (Closes: #486617)
+ * [52a202a] New upstream version 17.0.2
+ * [fa07537] Allow webrtc to build on more architectures.
+ Thanks to Mike Hommey and Christoph Göhre
+
+ -- Guido Günther <agx@sigxcpu.org> Fri, 11 Jan 2013 17:35:22 +0100
+
+icedove (17.0-1) experimental; urgency=low
+
+ [ Christoph Goehre ]
+ * [0b8ac79] replace transitional depens ttf-lyx with fonts-lyx
+ (Closes: #676505)
+ * [4473d67] fix typo in calendar-google-provider description
+ * [b3a57c0] rebuild patch queue from patch-queue branch
+ added patches:
+ porting/Another-fix-to-build-ipc-code-on-GNU-hurd-and-kfreeb.patch
+
+ [ Jens Reyer ]
+ * [c0e30b6] clarify the relation between iceowl, lightning and sunbird
+ (Closes: #686206)
+
+ [ Guido Günther ]
+ * [394b6a1] New upstream version 17.0
+ * [a17c23f] Update patches.
+ The thunderbird-3-profile.patch got split into three since it
+ addresses different issues:
+ * Strip-version-number.patch
+ * Icedove-branding.patch
+ * Move-profile.patch
+ * [01eef04] Don't overwrite DEB_BUILD_OPTIONS
+ and drop dependency on essential package
+
+ [ Ritesh Raj Sarraf ]
+ * [1ab9095] Add parallel build support
+
+ -- Guido Günther <agx@sigxcpu.org> Sat, 24 Nov 2012 19:26:19 +0100
+
+icedove (16.0.2-1) experimental; urgency=low
+
+ [ Christoph Goehre ]
+ * [e94445f] cleanup source.filer file
+ * [33b9f4c] Imported Upstream version 12.0.1
+
+ [ Guido Günther ]
+ * [88a39e3] watch: only look for two digit versions since 3.1.20 lacks the
+ source/ dir
+ * [eb4f5c3] New upstream version 14.0
+ * [b451442] Update patches for 14.0
+ obsolete patches:
+ Avoid-libxpcom-being-excluded-from-linked-libraries-.patch
+ Bug-515232-Try-getting-general.useragent.locale-as-a.patch
+ Bug-696636-Block-OpenGL-1-drivers-explicitly-to-stee.patch
+ Bug-710972-Define-G_VARIANT_TYPE_STRING_ARRAY-when-b.patch
+ Bug-722127-Bump-required-libvpx-version-to-1.0.0.-r-.patch
+ Bug-728136-Port-bug-528687-to-comm-central.patch
+ Bug-728229-Allow-to-build-with-system-python-ply-lib.patch
+ Bug-729817-Allow-the-Nouveau-driver-with-Mesa-8.0.1-.patch
+ Bug-729817-Block-the-Nouveau-3D-driver-as-it-s-insta.patch
+ Bug-734335-Only-build-SPS-on-supported-platforms.patch
+ Revert-investigation-patch-for-bug-621446.patch
+ Bug-698923-Don-t-require-16-bytes-alignment-for-VMFr.patch
+ Bug-711353-Add-support-for-GNU-kFreeBSD-and-GNU-Hurd.patch
+ modified patches:
+ Add-another-preferences-directory-for-applications-p.patch
+ Do-build-time-detection-of-2-bytes-wchar_t-and-char1.patch
+ Don-t-build-example-component.patch
+ Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch
+ Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch
+ Gross-workaround-to-avoid-installing-test-idl-and-in.patch
+ Ignore-system-libjpeg-libpng-and-zlib-version-checki.patch
+ stop-configure-if-with-system-bz2-was-passed-but-no-.patch
+ Allow-.js-preference-files-to-set-locked-prefs-with-.patch
+ Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch
+ Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch
+ Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch
+ Link-libldap-against-libpthread.patch
+ Load-dependent-libraries-with-their-real-path-to-avo.patch
+ Properly-launch-applications-set-in-HOME-.mailcap.patch
+ Remove-the-js-shell-from-the-build-directory-during-.patch
+ fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ fix-installdir.patch
+ save-a-copy-of-a-attached-file-when-sending-from-OOo.patch
+ thunderbird-3-profile.patch
+ Change-extension-s-name-to-Iceowl.patch
+ Add-xptcall-support-for-SH4-processors.patch
+ Allow-ipc-code-to-build-on-GNU-hurd.patch
+ Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
+ Bug-703833-Avoid-invalid-conversion-from-const-size_.patch
+ Disable-optimization-on-alpha-for-the-url-classifier.patch
+ Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
+ Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ Don-t-auto-disable-extensions-in-system-directories.patch
+ Set-javascript.options.showInConsole.patch
+ Allow-to-build-against-system-libffi.patch
+ * [907be61] Make sure we only match the generated files. Patch taken from
+ iceowl 1.5 package
+ * [772b9a0] Make system cairo work again. Patch taken from iceweasel.
+ * [0b6a8b3] Update
+ Add-another-preferences-directory-for-applications-p.patch to new method
+ name.
+ * [3395f21] Don't use APP_UA_NAME in application.ini since the replacement
+ fails and isn't needed.
+ * [6dea9fb] New upstream version 16.0.1
+ * [664153d] Add README.source describing howto import new upstream versions
+ * [a653bd0] Adjust to upstream changes:
+ * stop-configure-if-with-system-bz2-was-passed-but-no-.patch
+ * [f088193] Add a proper patch header
+ * to Fix-build-failure-for-header.py-and-typelib.py.patch
+ so we don't lose the patch description.
+ * [268cca5] New upstream version 16.0.2
+ * [a453a92] Rediff patches - no content changes
+ * [263bbeb] BUILD_OFFICIAL is now MOZILLA_OFFICIAL
+ * [a798e6b] Install dependentlibs.list to fix dlopen() of XPCOM
+
+ [ Ritesh Raj Sarraf ]
+ * [f871ba9] Refresh patches.
+ Droped patches:
+ * fixes/Remove-the-js-shell-from-the-build-directory-during-.patch
+ * porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch
+ * fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch
+ * debian-hacks/Make-sure-we-only-match-the-generated-files.patch
+ * [9b02e4c] Refreshed patches for TB16
+ * [dc83dd7] Fix build failure for header.py and typelib.py.
+ Earlier builds were passing the --cachedir option
+ Sometime during TB15, Mozilla changed that to variables.
+ This change was not passing the --cachedir option, hence the build
+ failure. This patch just hacks the build by passing the cachedir option
+ manually
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 30 Oct 2012 22:05:49 +0100
+
+icedove (11.0-1) experimental; urgency=low
+
+ * [ffb767a] Imported Upstream version 11.0 (Closes: #663897)
+ * [2b75f48] relax optimize to -O1 on sparc to fix FTBFS
+ * [fa9a610] update build dependencies (Thanks to Mike) (Closes: #666722)
+ * [5b552f2] rebuild patch queue from patch-queue branch
+ added patches:
+ - fixes/Bug-710972-Define-G_VARIANT_TYPE_STRING_ARRAY-when-b.patch
+ - fixes/Bug-734335-Only-build-SPS-on-supported-platforms.patch
+ - fixes/Revert-investigation-patch-for-bug-621446.patch
+ modified patches:
+ - fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch
+ - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ - icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch
+ obsolete patches (fixed upstream):
+ - debian-hacks/Fix-tracejit-to-build-against-nanojit-headers-in-dis.patch
+ - debian-hacks/Install-missing-nanojit-and-.tbl-headers-from-js-src.patch
+ - fixes/Bug-710268-Sign-NSS-libraries-only-when-they-exist-r.patch
+ - fixes/Fixup-bz-730195-for-Linux-ARM-use-_URC_FOREIGN_EXCEP.patch
+ - fixes/mozilla-config.h-was-renamed-js-confdefs.h-in-js-src.patch
+ - fixes/Remove-generated-files-from-js-src-during-make-distc.patch
+ - porting/Bug-703531-Fix-ARMAssembler-getOp2RegScale-on-ARMv5.patch
+ - porting/Bug-703534-Fix-build-failure-on-platforms-without-YA.patch
+ - porting/Bug-703842-Avoid-R_SPARC_WDISP22-relocation-in-Tramp.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 18 Apr 2012 18:36:31 +0200
+
+icedove (10.0.3-2) unstable; urgency=low
+
+ [ Christoph Goehre ]
+ * [1223204] bump up standards version to 3.9.3
+
+ [ Guido Günther ]
+ * [7d7b5f5] Don't put symlinks into iceowl/extensions
+
+ [ Christoph Goehre ]
+ * [94c07e5] update copyright file
+ * [88098a8] GNOME 3 integration: Use GIO instead of deprecated GnomeVFS.
+ Thanks to Michael Biebl <biebl@debian.org> (Closes: #658688)
+ * [9543fd1] add build depends python
+ * [ec62dcb] build a debug package, if DEB_BUILD_OPTIONS contains 'debug'
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 27 Mar 2012 18:21:52 +0200
+
+icedove (10.0.3-1) unstable; urgency=low
+
+ [ Christoph Goehre ]
+ * [ee4b49c] adjust source.filter list
+ * [b5f3064] New Upstream version 10.0.3 (Closes: #661115, #663897)
+ * [fd35da8] build against system python-ply
+ * [4964bb2] build against system libreadline
+ * [5412685] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/Don-t-build-example-component.patch
+ - fixes/Bug-515232-Try-getting-general.useragent.locale-as-a.patch
+ - fixes/Bug-628252-os2.cc-fails-to-compile-against-GCC-4.6-m.patch
+ - fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch
+ - fixes/Bug-696636-Block-OpenGL-1-drivers-explicitly-to-stee.patch
+ - fixes/Bug-710268-Sign-NSS-libraries-only-when-they-exist-r.patch
+ - fixes/Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch
+ - fixes/Bug-722127-Bump-required-libvpx-version-to-1.0.0.-r-.patch
+ - fixes/Bug-728136-Port-bug-528687-to-comm-central.patch
+ - fixes/Bug-728229-Allow-to-build-with-system-python-ply-lib.patch
+ - fixes/Bug-729817-Allow-the-Nouveau-driver-with-Mesa-8.0.1-.patch
+ - fixes/Bug-729817-Block-the-Nouveau-3D-driver-as-it-s-insta.patch
+ - fixes/Fixup-bz-730195-for-Linux-ARM-use-_URC_FOREIGN_EXCEP.patch
+ - fixes/Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch
+ - fixes/Link-libldap-against-libpthread.patch
+ - fixes/Load-dependent-libraries-with-their-real-path-to-avo.patch
+ - porting/Bug-703534-Fix-build-failure-on-platforms-without-YA.patch
+ - prefs/Don-t-auto-disable-extensions-in-system-directories.patch
+ (Closes: #648712)
+ modified patches:
+ - debian-hacks/Install-missing-nanojit-and-.tbl-headers-from-js-src.patch
+ - fixes/Allow-.js-preference-files-to-set-locked-prefs-with-.patch
+ - fixes/Properly-launch-applications-set-in-HOME-.mailcap.patch
+ - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ - porting/Allow-ipc-code-to-build-on-GNU-hurd.patch
+ - porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch
+ - prefs/Set-javascript.options.showInConsole.patch
+ obsolete patches (fixed upstream):
+ - debian-hacks/get-ride-of-default-debian-hardering-options.patch
+ - iceowl/Install-calendar-timezones-mode-0644-not-0755.patch
+ - porting/Add-mips-hppa-ia64-s390-and-sparc-defines-in-ipc-chr.patch
+ - porting/Bug-680917-Use-a-pool-size-of-16kB-on-ia64-for-bump-.patch
+ - porting/Bug-694533-LDRH-STRH-LDRSB-STRSB-are-supported-on-AR.patch
+ - porting/Bug-696393-Reimplement-NS_InvokeByIndex-in-C-on-S390.patch
+ - porting/Revert-bz-164580.patch
+
+ [ Michael Biebl ]
+ * [c0a3ee2] Install chrome.manifest file to ensure the various components
+ (like GNOME support module) are correctly loaded. (Closes: #658479)
+
+ [ Christoph Goehre ]
+ * [02687fc] adjust install/link files for new upstream
+ * [b551d6a] omni.jar was renamed to omni.ja
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 24 Mar 2012 23:10:47 +0100
+
+icedove (9.0.1-1) experimental; urgency=low
+
+ * [e2002b8] New Upstream version 9.0.1 (Closes: #653266, #653556)
+ * [9c14e8b] replace dfsg cleanup script with Mike's repack.py
+ * [2a34bd8] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting/Bug-698923-Don-t-require-16-bytes-alignment-for-VMFr.patch
+ - porting/Bug-703531-Fix-ARMAssembler-getOp2RegScale-on-ARMv5.patch
+ - porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch
+ - porting/Bug-703842-Avoid-R_SPARC_WDISP22-relocation-in-Tramp.patch
+ - porting/Bug-711353-Add-support-for-GNU-kFreeBSD-and-GNU-Hurd.patch
+ - porting/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
+ * [03ed85d] remove Build-Depends python-ply, it's shipped and searched in
+ mozilla/other-licenses
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 24 Jan 2012 19:13:30 +0100
+
+icedove (8.0-2) unstable; urgency=low
+
+ * Upload to unstable
+ * [b02c21d] fix crash in xpcshell on sparc linux
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 04 Jan 2012 18:09:14 +0100
+
+icedove (8.0-1) experimental; urgency=low
+
+ [ Guido Günther ]
+ * [17a7a80] Add x-scheme-handler/mailto to. Thanks to Michael Biebl for the
+ patch (Closes: #645556)
+
+ [ Christoph Goehre ]
+ * [4066038] New Upstream version 8.0
+ * [aa9105e] update autoconfig for e-mail accounts from riseup.net
+ (Closes: #648907)
+ * [decc1ac] fix wrong description text in iceowl-extension (Closes: #649073)
+ * [c97dda6] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/Statically-link-jemalloc-to-all-programs.patch
+ - fixes/Bug-670719-Only-add-DENABLE_JIT-1-to-CXXFLAGS-if-any.patch
+ - fixes/Bug-680642-Don-t-enable-YARR-JIT-on-MIPS-as-the-impl.patch
+ - porting/Bug-589735-Allocate-memory-with-an-address-with-high.patch
+ - porting/Bug-589735-Allow-static-JS-strings-to-be-turned-off-.patch
+ - porting/Bug-680917-Use-a-pool-size-of-16kB-on-ia64-for-bump-.patch
+ - porting/Bug-694533-LDRH-STRH-LDRSB-STRSB-are-supported-on-AR.patch
+ - porting/Bug-696393-Reimplement-NS_InvokeByIndex-in-C-on-S390.patch
+ - porting/Revert-bz-164580.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 20 Nov 2011 19:58:37 +0100
+
+icedove (8.0~b4-2) experimental; urgency=low
+
+ [ Guido Günther ]
+ * [5d043ec] Install calendar extension
+ * [07feb49] Change extension's name to Iceowl
+ * [c597212] iceowl-extension: don't ignore errors in postinst
+ * [30ec51d] Disable patch numbers
+ * [73f80ed] Don't install timezones file mode 0755
+
+ [ Christoph Goehre ]
+ * [0fa13be] remove duplicate build depends unzip
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 08 Nov 2011 22:29:19 +0100
+
+icedove (8.0~b4-1) experimental; urgency=low
+
+ * [4e90977] New Upstream Version 8.0b4 (Closes: #591771, #638161)
+ * [955423a] replace duplicate .so files in icedove and icedove-dev with
+ symlinks
+ * [6ffb325] remove obsolete cdbs rule to extract tarball
+ * [f98837b] build against libnotify4 (libnotify-dev >= 0.7)(Closes: #637194)
+ * [66f72bc] Build-depend on libjpeg-dev instead of libjpeg62-dev
+ * [8af21a2] rebuild patch queue from patch-queue branch
+ added patches:
+ - debian-hacks/get-ride-of-default-debian-hardering-options.patch
+ - fixes/packager-fails-when-MOZILLA_DIR-is-a-relative-path.patch
+ modified patches:
+ - icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch
+ obsolete patches (fixed upstream):
+ - debian-hacks/bzXXX-ftbfs-static-with-system-hunspell.patch
+ - fixes/Bug-626035-Modify-the-way-arm-compiler-flags-are-set.patch
+ - fixes/Bug-639554-Install-sdk-bin-with-make-install.-r-bsme.patch
+ - fixes/Bug-640494-part-1-Get-rid-of-STL-algorithm-use-in-js.patch
+ - fixes/Bug-640494-part-2-Use-bitwise-operations-in-JSDOUBLE.patch
+ - fixes/Bug-652139-Use-an-integer-type-in-DocumentViewerImpl.patch
+ - fixes/Bug-662224-Define-NS_ATTR_MALLOC-and-NS_WARN_UNUSED_.patch
+ - fixes/Bug-668906-Do-not-call-openUnsharedDatabase-with-a-n.patch
+ - fixes/Bug-671564-Initialize-NS_XPCOM_LIBRARY_FILE-from-NS_.patch
+ - fixes/Disable-building-embedded-libjpeg-turbo-when-buildin.patch
+ - porting/Allow-to-build-yuv_convert_arm.cpp-on-armv4t.patch
+ - porting/Bug-638056-Avoid-The-cacheFlush-support-is-missing-o.patch
+ - porting/Fix-FTBFS-in-IPC-on-Linux-PPC.patch
+ - porting/Fix-FTBFS-in-xpcom-base-on-armv4t.patch
+ - system-libs/libxul-linking-error-with-enable-system-ffi-and-stat.patch
+ * [5f6e50f] add Japanese translation for desktop menu entry. Thanks to
+ Hideki Yamane <henrich@debian.org> (Closes: #640679)
+ * [591f76c] add build depends unzip
+ * [0af372f] remove upstream integrated CFLAGS and CXXFLAGS '-g -std=gnu++0x'
+ * [a4c8b2f] adjust install and links file to new upstream
+ * [332b7a8] Revert "override libtheora embedded-library error" no longer
+ needed
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 05 Nov 2011 20:31:29 +0100
+
+icedove (5.0-2) experimental; urgency=low
+
+ * [7f92927] fix FTBFS on ia64: use gcc with -O2 instead of -Os
+ * [b6b8dea] Disable methodjit on armel
+ * [5b45336] remove obsolete conffiles with dpkg-maintscript-helper
+ (Closes: #636819)
+ * [868cfa3] rebuild patch queue from patch-queue branch
+ added patches:
+ - porting/Allow-ipc-code-to-build-on-GNU-hurd.patch - fix building on
+ GNU/hurd - Thanks to Pino Toscano
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 07 Aug 2011 15:35:09 +0200
+
+icedove (5.0-1) experimental; urgency=low
+
+ * New Upstream Version (Closes: #632037)
+ * [98c5a8f] build against libffi and libvpx
+ * [52dff12] build javascript lib as shared library
+ * [6f1c24d] build against mozilla png library
+ * [9e16beb] c-sdk moved from directory/sdks/c-sdk to ldap/sdks/c-sdk
+ * [57763a0] override libtheora embedded-library error
+ * [fc71b62] adjust install/links files for new upstream version
+ * [6e83a58] Revert "lintian: override ancient-libtool warning" override no
+ longer needed
+ * [d65b463] change hardcoded list of non-Linux build depends into linux-any
+ (Closes: #634301)
+ * [ff3a8f3] remove file compare in build run
+ * [a21efa9] add branding for icedove 5.0
+ * [7023939] update porting/Fix-FTBFS-in-xpcom-base-on-armv4t.patch - fix
+ building on armhf
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 03 Aug 2011 18:25:17 +0200
+
+icedove (3.1.11-1) unstable; urgency=high
+
+ * New Upstream Version
+ - MFSA 2011-19 aka CVE-2011-2364, CVE-2011-2365, CVE-2011-2374,
+ CVE-2011-2376:
+ Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)
+ - MFSA 2011-20 aka CVE-2011-2373: Use-after-free vulnerability when
+ viewing XUL document with script disabled
+ - MFSA 2011-21 aka CVE-2011-2377: Memory corruption due to
+ multipart/x-mixed-replace images
+ - MFSA 2011-22 aka CVE-2011-2371: Integer overflow and arbitrary code
+ execution in Array.reduceRight()
+ - MFSA 2011-23 aka CVE-2011-0083, CVE-2011-0085, CVE-2011-2363:
+ Multiple dangling pointer vulnerabilities
+ - MFSA 2011-24 aka CVE-2011-2362: Cookie isolation error
+ * [2a82ce8] DM-Upload-Allowed is superfluous since I'm DD
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 26 Jun 2011 10:35:31 +0200
+
+icedove (3.1.10-2) unstable; urgency=low
+
+ * [de81b7f] remove obsolete build depends libxp-dev (Closes: #623668)
+ * [633782d] change DEB_HOST_MULTIARCH back to DEB_HOST_GNU_TYPE and
+ downgrade sqlite version (Closes: #627598)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 06 Jun 2011 20:53:54 +0200
+
+icedove (3.1.10-1) unstable; urgency=high
+
+ * New Upstream Version (Closes: #625207)
+ - MFSA 2011-12 aka CVE-2011-0069, CVE-2011-0070, CVE-2011-0072,
+ CVE-2011-0074, CVE-2011-0075, CVE-2011-0077,
+ CVE-2011-0078, CVE-2011-0080, CVE-2011-0081:
+ Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
+ - MFSA 2011-16 aka CVE-2011-0071: Directory traversal in resource: protocol
+ * [78e0217] build against system libbz2
+ * [e6af761] build against system libpng
+ * [4b57c30] build against system libhunspell
+ * [937f0bd] double check to build against most system libraries
+ * [d6de723] rebuild patch queue from patch-queue branch
+ added patches (Closes: #624969):
+ - 0072-fix-building-with-gcc-4.6-Add-constructor-to-placate.patch
+ - 0073-fix-building-with-gcc-4.6-os2.cc-missing-include-cst.patch
+ - 0074-Add-constructor-for-nsCaseInsensitiveStringComparato.patch
+ - 0075-Add-constructor-for-nsXULAppInfo-which-inherits-from.patch
+ - 0076-Add-constructor-for-GTKEmbedDirectoryProvider.patch
+ modified patches:
+ - 0056-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch
+ obsolete patches (fixed upstream):
+ - 0051-Do-exec-instead-of-uselessly-forking-in-xulrunner-la.patch
+ - 0072-Add-support-for-libnotify-0.7.patch
+ * [e190ef1] bump up standards version to 3.9.2 (change DEB_HOST_GNU_TYPE to
+ DEB_HOST_MULTIARCH)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 10 May 2011 20:03:04 +0200
+
+icedove (3.1.9-2) unstable; urgency=low
+
+ * Upload to unstable
+ * [ace3b6f] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0072-Add-support-for-libnotify-0.7.patch
+ * [910f213] use DEP5 for copyright file
+ * [3ae4c8b] set global section to 'mail'
+ * [42c9c89] icedove.1: icedove is derived from Thunderbird instead of
+ Mozilla suite
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 02 Apr 2011 09:43:04 +0200
+
+icedove (3.1.9-1) experimental; urgency=low
+
+ * New Upstream Version
+ - MFSA 2011-01 aka CVE-2011-0053, CVE-2011-0062: Miscellaneous memory
+ safety hazards (rv:1.9.2.14/ 1.9.1.17)
+ - MFSA 2011-08 aka CVE-2010-1585: ParanoidFragmentSink allows javascript:
+ URLs in chrome documents
+ - MFSA 2011-09 aka CVE-2011-0061: Crash caused by corrupted JPEG image
+ * [699536a] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0069-save-a-copy-of-a-attached-file-when-sending-from-OOo.patch
+ (Closes: #505875)
+ - 0070-News-article-is-empty-if-selected-during-download-fr.patch
+ (Closes: #487494)
+ - 0071-restore-icedove-on-login-by-session-management.patch
+ (Closes: #403458)
+ modified patches:
+ - 0003-no_dynamic_nss_softokn.patch
+ - 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ - 0030-Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch
+ * [98d8ac0] c-sdk move to sdks/c-sdk - adjust
+ debian/{copyright,remove.nonfree,rules}
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 09 Mar 2011 20:21:59 +0100
+
+icedove (3.1.7-1) experimental; urgency=low
+
+ * New Upstream Version (Closes: #606977)
+ - MFSA 2010-74 aka CVE-2010-3776, CVE-2010-3777: Miscellaneous memory
+ safety hazards (rv:1.9.2.13/ 1.9.1.16)
+ - MFSA 2010-75 aka CVE-2010-3769: Buffer overflow while line breaking
+ after document.write with long string
+ - MFSA 2010-78 aka CVE-2010-3768: Add support for OTS font sanitizer
+ * [46e3e8a] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0068-fix-forwarding-of-Simple-HTML-email.patch
+ obsolete patches (fixed upstream):
+ - 0017-Implement-sync_instruction_memory-for-sparc-linux.patch
+ - 0059-Fix-startup-problem-with-symlinked-components-e.g.-e.patch
+ * [9fcce0c] add license info for gfx/ots
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 13 Dec 2010 17:59:50 +0100
+
+icedove (3.1.6-1) experimental; urgency=low
+
+ * New Upstream Version (Closes: #601334)
+ - MFSA 2010-64 aka CVE-2010-3175, CVE-2010-3176: Miscellaneous memory
+ safety hazards (rv:1.9.2.11/ 1.9.1.14)
+ - MFSA 2010-65 aka CVE-2010-3179: Buffer overflow and memory corruption
+ using document.write
+ - MFSA 2010-66 aka CVE-2010-3180: Use-after-free error in nsBarProp
+ - MFSA 2010-67 aka CVE-2010-3183: Dangling pointer vulnerability in
+ LookupGetterOrSetter
+ - MFSA 2010-69 aka CVE-2010-3178: Cross-site information disclosure via
+ modal calls
+ - MFSA 2010-71 aka CVE-2010-3182: Unsafe library loading vulnerabilities
+ - MFSA 2010-73 aka CVE-2010-3765: Heap buffer overflow mixing
+ document.write and DOM insertion
+ * [270fd51] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0069-Use-errno.ENOENT-instead-of-2-in-JarMaker.py.patch
+ modified patches:
+ - 0009-fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ * [24421f4] bump build depends for libnspr4-dev, libnss3-dev and
+ libsqlite3-dev
+
+ -- Christoph Goehre <chris@sigxcpu.org> Wed, 10 Nov 2010 07:11:17 +0100
+
+icedove (3.1.4-1) experimental; urgency=low
+
+ * New Upstream Version
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 18 Sep 2010 18:25:37 +0200
+
+icedove (3.1.3-1) experimental; urgency=low
+
+ * New Upstream Version
+ - MFSA 2010-49 aka CVE-2010-3169: Miscellaneous memory safety hazards
+ (rv:1.9.2.9/ 1.9.1.12)
+ - MFSA 2010-50 aka CVE-2010-2765: Frameset integer overflow vulnerability
+ - MFSA 2010-51 aka CVE-2010-2767: Dangling pointer vulnerability using DOM
+ plugin array
+ - MFSA 2010-53 aka CVE-2010-3166: Heap buffer overflow in
+ nsTextFrameUtils::TransformText
+ - MFSA 2010-54 aka CVE-2010-2760: Dangling pointer vulnerability in
+ nsTreeSelection
+ - MFSA 2010-55 aka CVE-2010-3168: XUL tree removal crash and remote code
+ execution
+ - MFSA 2010-56 aka CVE-2010-3167: Dangling pointer vulnerability in
+ nsTreeContentView
+ - MFSA 2010-57 aka CVE-2010-2766: Crash and remote code execution in
+ normalizeDocument
+ - MFSA 2010-59 aka CVE-2010-2762: SJOW creates scope chains ending in
+ outer object
+ - MFSA 2010-61 aka CVE-2010-2768: UTF-7 XSS by overriding document charset
+ using <object> type attribute
+ - MFSA 2010-62 aka CVE-2010-2769: Copy-and-paste or drag-and-drop into
+ designMode document allows XSS
+ - MFSA 2010-63 aka CVE-2010-2764: Information leak via XMLHttpRequest
+ statusText
+ * [9a03eb1] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0060-fix-FTBFS-on-hurd.patch (Closes: #595665)
+ - 0061-Enable-x64-JIT-backend-by-default.patch
+ - 0062-Fix-unaligned-reads-in-qcms.patch
+ - 0063-Import-js-src-nanojit-njcpudetect.h.patch
+ - 0064-Use-clz-on-android-even-for-armv5-target.patch
+ - 0065-Fix-ARM-verbose-assembly-output-for-BLX.patch
+ - 0066-Get-rid-of-blx_lr_bug.patch
+ - 0067-Avoid-some-ARM-CPU-arch-related-runtime-tests-depend.patch
+ - 0068-ARMv4T-support-for-nanojit.patch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Tue, 14 Sep 2010 13:41:19 +0200
+
+icedove (3.1.2-2) experimental; urgency=low
+
+ * [e1435dc] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0060-Fix-startup-problem-with-symlinked-components-e.g.-e.patch
+ (Closes: #592531)
+ modified patches:
+ - 0048-Add-nanojit-support-for-ARMv4T.patch - Fix FTBFS on armel
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 21 Aug 2010 14:51:03 +0200
+
+icedove (3.1.2-1) experimental; urgency=low
+
+ * New Upstream Version (Closes: #589666, #591899)
+ - MFSA 2010-34 aka CVE-2010-1211, CVE-2010-1212: Miscellaneous memory
+ safety hazards (rv:1.9.2.7/ 1.9.1.11)
+ - MFSA 2010-38 aka CVE-2010-1215: Arbitrary code execution using SJOW and
+ fast native function
+ - MFSA 2010-39 aka CVE-2010-2752: nsCSSValue::Array index integer overflow
+ - MFSA 2010-40 aka CVE-2010-2753: nsTreeSelection dangling pointer remote
+ code execution vulnerability
+ - MFSA 2010-41 aka CVE-2010-1205: Remote code execution using malformed PNG
+ image
+ - MFSA 2010-42 aka CVE-2010-1213: Cross-origin data disclosure via Web
+ Workers and importScripts
+ - MFSA 2010-43 aka CVE-2010-1207: Same-origin bypass using canvas context
+ - MFSA 2010-44 aka CVE-2010-1210: Characters mapped to U+FFFD in 8 bit
+ encodings cause subsequent character to vanish
+ - MFSA 2010-46 aka CVE-2010-0654: Cross-domain data theft using CSS
+ - MFSA 2010-47 aka CVE-2010-2754: Cross-origin data leakage from script
+ filename in error messages
+ * [6b9976e] rebuild patch queue from patch-queue branch
+ modified patches:
+ - 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ - 0015-Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch
+ - 0018-Work-around-FTBFS-on-mips-by-disabling-TLS-support.patch
+ - 0034-Fix-compiler-errors-with-g-4.4-with-std-gnu-0x.patch
+ - 0045-Expose-fullpath-from-nsIPluginTag.patch
+ - 0047-Use-syscall-for-mmap-and-munmap-and-disable-ncpus-in.patch
+ - 0050-Set-javascript.options.showInConsole.patch
+ - 0057-Allow-to-build-against-system-libffi.patch
+ - 0058-Ignore-system-libjpeg-libpng-and-zlib-version-checki.patch
+ - 0059-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch
+ * [16b0e7e] fix FTBFS on kfreebsd-* and hurd-i386 by passing
+ --disable-necko-wifi to configure (Closes: #589476)
+ * [15a02c7] bump up standards version to 3.9.1
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 13 Aug 2010 12:18:21 +0200
+
+icedove (3.1-1) experimental; urgency=low
+
+ * New Upstream Version
+ * [124a316] add additional build depends libnotify-dev
+ * [5ed6a72] adjust branding for Icedove 3.1
+ * [bed8969] install further js files shipped with Icedove 3.1
+ * [02456e6] replace blue icedove icons with green version
+ * [036921f] regenerate patch queue for 3.1 Icedove release
+ * [a7fa393] build with system ffi
+ * [d8650f7] ship icedove svg file for low resolution icons too
+ * [7718c55] bump Standards Version to 3.9.0 and downgrade Conflicts to
+ Breaks
+ * [9621fc6] lintian: override ancient-libtool warning
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 17 Jul 2010 17:19:58 +0200
+
+icedove (3.0.5-1) unstable; urgency=low
+
+ * New Upstream Version
+ - MFSA 2010-25 aka CVE-2010-1121: Re-use of freed object due to scope
+ confusion
+ - MFSA 2010-26 aka CVE-2010-1200, CVE-2010-1201, CVE-2010-1202: Crashes
+ with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)
+ - MFSA 2010-29 aka CVE-2010-1196: Heap buffer overflow in
+ nsGenericDOMDataNode::SetTextInternal
+ - MFSA 2010-30 aka CVE-2010-1199: Integer Overflow in XSLT Node Sorting
+ * [9774410] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0045-Fix-misalignments-in-help-command-line.patch
+ - 0046-Fix-misalignments-in-help-command-line.patch
+ - 0047-KDE-Gnome-startup-notification-not-disappearing-when.patch
+ - 0048-KDE-Gnome-startup-notification-not-disappearing-for-.patch
+ - 0049-Use-char16_t-when-available-and-when-it-is-don-t-tes.patch
+ - 0050-Fix-compiler-errors-with-g-4.4-with-std-gnu-0x.patch
+ - 0051-Add-xptcall-support-for-SH4-processors.patch
+ modified patches:
+ - 0028-Avoid-crashing-when-trying-to-kill-a-nsProcess-that-.patch
+ obsolete patches (fixed upstream):
+ - 0021-Avoid-creating-the-updates-directory-when-update-ser.patch
+ - 0035-Fix-stack-alignment-on-function-calls-in-JIT-on-ARM.patch
+ * [3b98c84] avoid unneeded package depends by building with
+ '-Wl,--as-needed'
+ * [0067020] Build with -std=gnu++0x
+ * [72d4300] add pkg-config file for icedove (Closes: #577740)
+ * [e6af35d] enlarge package description with specification from icedove 2.0
+ (Closes: #565887)
+ * [ef0bc10] add support for new Debian arch: powerpcspe (Closes: #586100) -
+ thanks to Sebastian Andrzej Siewior
+ * [5ae6099] use high bandwidth server in watch file to get new upstream
+ release
+ * [5e6d641] remove obsolete build depends libkrb5-dev
+ * [8ed7848] remove unused DEBIAN_VERSION vars in rules file
+ * [9959bd5] DEB_HOST_GNU_TYPE, DEB_BUILD_GNU_TYPE and DEB_BUILD_ARCH are
+ defined by cdbs too
+ * [9f6c088] Fix misalignments in --help command line
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 19 Jun 2010 23:26:55 +0200
+
+icedove (3.0.4-3) unstable; urgency=low
+
+ * [4026b50] icedove-dev need depend on libnspr4-dev and libnss3-dev
+ (Closes: #455725)
+ * [1fee936] don't run configure with --enable-optimize and --disable-
+ optimize if DEB_BUILD_OPTIONS contains noopt
+ * [02c0ea3] ship account autoconfig file for Riseup Networks (riseup.net)
+ (Closes: #577616)
+ * [e710d08] suggest libgssapi-krb5-2 for Kerberos login possibility
+ * [7609291] build a shared icedove binary. This avoid crashes because of
+ mixed functions from system and icedove itself (e.g. str2charray from
+ libldap_r-2.4.so.2 and libldap60.so). (Closes: #578916)
+ * [68f4b49] downgrade gnome stuff from Recommends to Suggests
+ (Closes: #579714)
+ * [bcff10b] install mailViews.dat into usr/share/icedove/defaults/messenger
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 14 May 2010 22:21:32 +0200
+
+icedove (3.0.4-2) unstable; urgency=low
+
+ * [57f0a8b] remove icedove-3.0 transitional package (Closes: #576741)
+ * [8008231] remove wrong mime types in desktop file
+ * [a12edde] set StartupWMClass in desktop file to Icedove-bin
+ * [7512224] extend package description of icedove, icedove-dev and
+ icedove-dbg
+ * [7e725b9] fix FTBFS on alpha by passing '-Wl,--no-relax' to gcc
+ * [92d3515] Switch to dpkg-source 3.0 (quilt) format
+ * [14d5894] rebuild patch queue from patch-queue branch
+ added patches:
+ - 0046-add-missing-headers-for-icedove-dev-package.patch (Closes: #577021)
+ modified patches:
+ - 0012-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ - 0020-Work-around-FTBFS-on-mips-by-disabling-TLS-support.patch
+ * [2cdd850] remove obsolete thunderbird 3.0a1pre postinst stuff
+ * [443f44b] process directory/c-sdk/configure with autoconf too
+ * [66c2f65] remove obsolete build depends librsvg2-bin and patchutils
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 11 Apr 2010 12:44:26 +0200
+
+icedove (3.0.4-1) unstable; urgency=low
+
+ [ Guido Günther ]
+ * [01983a4] Add missing message/rfc822 mime type for eml files
+ (Closes: #574528)
+
+ [ Christoph Goehre ]
+ * New Upstream Version fixes:
+ - MFSA 2010-16 aka CVE-2010-0173, CVE-2010-0174: Crashes with evidence of
+ memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)
+ - MFSA 2010-17 aka CVE-2010-0175: Remote code execution with
+ use-after-free in nsTreeSelection
+ - MFSA 2010-18 aka CVE-2010-0176: Dangling pointer vulnerability in
+ nsTreeContentView
+ - MFSA 2010-22 aka CVE-2009-3555: Update NSS to support TLS renegotiation
+ indication
+ - MFSA 2010-24 aka CVE-2010-0182: XMLDocument::load() doesn't check
+ nsIContentPolicy
+ * upload icedove 3 to unstable (Closes: #401848, #422886, #425497, #430644,
+ #483550, #495522, #501113, #552617, #574188)
+ * rebuild patch queue from patch-queue branch:
+ added patches:
+ - 0044-don-t-remove-xpt-tools.patch
+ - 0045-Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch
+ modified patches:
+ - 0011-fix-branding-in-migration-wizard-and-the-addon-manag.patch
+ - 0012-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
+ - 0030-Force-better-nsAutoT-Ptr-Array-buffer-alignment.patch
+ - 0035-Fix-stack-alignment-on-function-calls-in-JIT-on-ARM.patch
+ obsolete patches (fixed upstream):
+ - 0021-Fix-crash-with-SwitchProxy-installed.patch
+ - 0023-Don-t-remove-build-automationutils.py-on-make-clean.patch
+ - 0039-Don-t-show-the-SVG-output-option-in-the-print-dialog.patch
+ * [a7f3529] Revert "disable prefetch service". This bug was already fixed in
+ 3.0.2 (CVE-2009-4629) and 'network.prefetch-next' has no effect in
+ icedove.
+ * [fecc0b4] install versioned build depends instead of checking on build
+ time
+ * [4806890] enable building of icedove-dev package
+ * [412b8ac] be more explicit on installing file into icedove package
+ * [23b1d4b] depends on newer version of libnspr4-dev and libnss3-dev
+ * [809c723] lintian: idl files didn't need to be executable
+ * [ecd284e] lintian: add ${shlibs:Depends} to icedove-dev package
+ * [da75ee2] replace/remove non-free searchplugin icons and doubtful
+ origin file in mozilla folder (Closes: #567917)
+ * [eaf405e] update /usr/lib/icedove/dictionaries symlink to point to
+ /usr/share/hunspell
+ * [fe362ba] describe profile renaming on update to icedove 3.0
+ (Closes: #566329)
+
+ -- Christoph Goehre <chris@sigxcpu.org> Mon, 05 Apr 2010 21:11:42 +0200
+
+icedove (3.0.3-1) experimental; urgency=low
+
+ * New Upstream Version fixes:
+ - missing folders or empty folder pane after updating to version 3.0.2
+ * [a69cdfd] rebuild patches from patch-queue:
+ - additional fix for FTBFS on kfreeBSD
+ * [e4bffd4] disable prefetch service (Closes: #572789)
+ * [3838bbe] branding files shouldn't be executable
+ * [3dc6688] add missing newline in logo license file
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sat, 06 Mar 2010 21:48:50 +0100
+
+icedove (3.0.2-1) experimental; urgency=low
+
+ * New Upstream Version fixes:
+ - MFSA 2010-01 aka CVE-2010-0159: Crashes with evidence of memory
+ corruption (rv:1.9.1.8/ 1.9.0.18)
+ - MFSA 2010-03 aka CVE-2009-1571: Use-after-free crash in HTML parser
+ * [1fd705f] install menu file (Closes: #569166)
+ * [8df3f99] generate desktop files at build process
+ * [5b0bb84] add icedove branding logos
+ * [1ef1c10] copyright explanation of icedove artwork (Closes: #406849)
+ * [6cdc0b0] remove forgotten firefox branding icons (Closes: #567917)
+ * [cec6a38] swedish translation for desktop file (Closes: #420050)
+ * [0256328] readd translation for desktop file
+ * [20311f4] rebuild patches (most patches from Mike Hommey)
+ - fix FTBFS on kFreeBSD, hppa, mips
+ - stability patched for mips, alpha, sparc, ppc and arm
+ - really cleanup build directory on 'make clean/distclean'
+ - allow intl.locale.matchOS to be modified in user profile
+ * [0098f90] write manpage for icedove (Closes: #425490, #487493)
+ * [fbccfaa] no longer suggest libthai0 (Closes: #524436)
+ * [26d3e39] change suggests from transitional package latex-xft-fonts
+ to ttf-lyx (Closes: #539535)
+ * [e24801a] improve desktop file (remove deprecated items and
+ warnings/errors)
+ * [68885c4] bump up standards version to 3.8.4
+ * [df39ede] use xpm icon in menu file to calm lintian
+ * [8303887] adjust sqlite version to new upstream dependency
+
+ -- Christoph Goehre <chris@sigxcpu.org> Sun, 28 Feb 2010 18:19:13 +0100
+
+icedove (3.0.1-2) experimental; urgency=low
+
+ [ Guido Günther ]
+ * [7ea7367] Explicitly pass build and host type to configure (Closes:
+ #546011) - thanks to Sven Joachim <svenjoac@gmx.de> for the patch
+ * [7fca9e1] Add back icedove changelog of earlier versions
+
+ [ Christoph Goehre ]
+ * [72b78cc] Support both - and _ separators in dictionary names - patch from
+ Reed Loden
+ * [9a96759] fix branding in migration wizard and the addon manager (Closes:
+ #565559)- patch from Edward J. Shornock
+
+ -- Christoph Goehre <christoph.goehre@gmx.de> Tue, 02 Feb 2010 20:32:24 +0100
+
+icedove (3.0.1-1) experimental; urgency=low
+
+ * New Upstream Version
+ * [8a2f5dc] define default options for git-import-orig
+ * [ac65b1b] refresh debian patches
+ * [851c5dc] rename binary packages to icedove (without version number)
+ * [6e12d1b] adjust cairo version to 1.8.8
+ * [cd7cd6f] moving the old profile dir instead of copy
+ * [c342380] replace theme directory always by link to /usr/share if we
+ update to version 3
+ * [c88eaa7] expansion of lib{dbusservice,mozgnome,nkgnomevfs}.so didn't work
+ with dpkg-shlibdeps - lets use the '-e' switch
+
+ -- Christoph Goehre <chris@sigxcpu.org> Thu, 21 Jan 2010 20:53:57 +0100
+
+icedove (3.0-2) experimental; urgency=low
+
+ * [f07e702] Add Replaces for icedove-gnome-support
+ * [72e66e7] Fix typo
+
+ -- Guido Günther <agx@sigxcpu.org> Fri, 08 Jan 2010 16:05:10 +0100
+
+icedove (3.0-1) experimental; urgency=low
+
+ * Final upstream version without any source code changes against RC2
+
+ [ Guido Günther ]
+ * [77d611e] Add Vcs-{Git,Browser}
+ * [ec7ddd6] Move VCS to where they belong
+
+ [ Christoph Goehre ]
+ * [524d1f5] don't hardcode $MOZ_APP_NAME in Makefile.in file
+ * [0407ff3] mailclient bin called now $DEB_MOZ_APPLICATION
+ * [e6040b5] merge icedove-3.0-gnome-support into icedove-3.0 package
+ * [07417e0] install default theme and components/*.js into
+ /usr/share/icedove-3.0
+ * [3d37478] add missed components files
+ * [f09cfad] add another preferences directory for applications:
+ preferences/syspref - thanks to Mike Hommey
+ * [d92e265] install debian config into /etc/icedove-3.0/pref and link
+ into defaults/syspref
+ * [18a886b] disable application update
+ * [76ea38a] let lockPref() in .js files work - thanks to Mike Hommey
+ * [e44133e] gnome-default-mail-client: check for MOZ_APP_NAME instead
+ for hardcoded 'thunderbird'
+ * [8573c8d] set DM-Upload-Allowed to yes
+ * [1c63920] install modules directory into /usr/share/icedove-3.0
+ * [3a85ac6] add gbp.conf for easier package build with
+ git-buildpackage
+ * [7feb54a] add watch file
+ * [e0a1624] document how to clean upstream source code
+
+ -- Christoph Goehre <chris@sigxcpu.org> Fri, 08 Jan 2010 10:42:09 +0100
+
+icedove (3.0~rc2-2) experimental; urgency=low
+
+ [ Christoph Goehre ]
+ * [5b7992b] rename source package to unversioned name
+ * [cde3507] change Maintainer back to asac, add Uploaders Guido and me
+ * [978c58d] disable icedove-3.0-dev package build for now until it is fixed
+ upstream
+ * Upstream is identical to 3.0 final
+
+ -- Guido Günther <agx@sigxcpu.org> Thu, 17 Dec 2009 18:36:58 +0100
+
+icedove-3.0 (3.0~rc2-1) experimental; urgency=low
+
+ [ Christoph Goehre ]
+ * New Upstream Version (RC2)
+ - fixes 494014, 516950, 531278, 531502 in Mozilla Bugzilla
+ * [fc3fa5c] Revert "mark icedove-3.0-dev as transitional package for
+ xulrunner-dev"
+
+ [ Guido Günther ]
+ * [51c1cca] Bump standards version
+ * [5e2a53c] Refer to versioned license
+ * [171f382] s/explicitely/explicitly/
+
+ -- Christoph Goehre <christoph.goehre@gmx.de> Tue, 08 Dec 2009 18:46:28 +0100
+
+icedove-3.0 (3.0~rc1-1) experimental; urgency=low
+
+ * New Upstream Version (RC1)
+ * [cce57db] ship extracted upstream tarball in orig file
+ * [ee7677f] remove obsolet licence fix
+ * [7051ca8] install TB_ICON only once
+ * [4f20bb1] add unbranded preview theme icon
+ * [0002285] install non-binary stuff in /usr/share and link it into
+ /usr/lib
+ * [c9ce50f] get right of system myspell
+ * [5c96edf] remove version check for hunspell in debian/rules
+ * [13b57a3] mark icedove-3.0-dev as transitional package for
+ xulrunner-dev
+ * [8ecaec9] all packages need ${misc:Depends} as depends, if we use
+ debhelper
+ * [fc0dd78] dbg package must have section debug and priority extra
+ * [3a00f22] enable more config options and add build depends (filched from
+ iceape 2.0)
+ * [fd8e3ca] build against system sqlite if available
+ * [81165e1] build with 'export BUILD_OFFICIAL=1'
+
+ -- Christoph Goehre <christoph.goehre@gmx.de> Thu, 03 Dec 2009 10:16:46 +0100
+
+icedove-3.0 (3.0~b3~hg20090713r3057-1~gbp253e4ab) sid; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 14 Jul 2009 10:24:57 +0200
+
+icedove-3.0 (3.0~b3~hg20090713r3057-1~gbpefd0706) sid; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 14 Jul 2009 10:24:50 +0200
+
+icedove-3.0 (3.0~b3~hg20090713r3057-1~gbpfeeee47) sid; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 14 Jul 2009 10:11:10 +0200
+
+icedove-3.0 (3.0~b3~hg20090505r2552-1~gbp595a0b7) sid; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 05 May 2009 18:03:25 +0200
+
+icedove-3.0 (3.0~b3~hg20090427r2499-1~gbpbeb7cd6) sid; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Mon, 27 Apr 2009 20:05:51 +0200
+
+icedove-3.0 (3.0~b3~hg20090427r2499-1~gbp80a8829) sid; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Mon, 27 Apr 2009 19:56:09 +0200
+
+icedove-3.0 (3.0~b3~hg20090422r2448-1~gbpd4ee3b3) pkg-mozext; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Wed, 22 Apr 2009 09:14:54 +0200
+
+icedove-3.0 (3.0~b3~hg20090421r2441-1~gbp66d9bed) pkg-mozext; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Tue, 21 Apr 2009 19:35:09 +0200
+
+icedove-3.0 (3.0~b3~hg20090420r2424-1~gbp47b25b8) pkg-mozext; urgency=low
+
+ * New snapshot.
+
+ -- Guido Günther <agx@sigxcpu.org> Mon, 20 Apr 2009 11:28:56 +0200
+
+icedove-3.0 (3.0~b3~hg20090418r2418+nobinonly-1~0~gbpa19783) pkg-mozext; urgency=low
+
+ * Initial release
+
+ -- Guido Günther <agx@sigxcpu.org> Sun, 19 Apr 2009 13:44:33 +0200
+
+icedove (2.0.0.22-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * update /usr/lib/icedove/dictionaries symlink to point to
+ /usr/share/hunspell (closes: #549876)
+ * add $[shlibs:Depends} to iceape-dev
+
+ -- Rene Engelhard <rene@debian.org> Mon, 09 Nov 2009 17:11:50 +0100
+
+icedove (2.0.0.22-1) unstable; urgency=low
+
+ * New upstream security/stability update (v2.0.0.21/v2.0.0.22) (Closes: 535124)
+ * MFSA 2009-33: Crash viewing multipart/alternative message with text/enhanced part
+ * MFSA 2009-32 aka CVE-2009-1841: JavaScript chrome privilege escalation
+ * MFSA 2009-29 aka CVE-2009-1838: Arbitrary code execution using event listeners
+ attached to an element whose owner document is null
+ * MFSA 2009-27 aka CVE-2009-1836: SSL tampering via non-200 responses to proxy
+ CONNECT requests
+ * MFSA 2009-24 aka CVE-2009-1832+CVE-2009-1831: Crashes with evidence of memory
+ corruption (rv:1.9.0.11)
+ * MFSA 2009-17 aka CVE-2009-1307: Same-origin violations when Adobe Flash loaded
+ via view-source: scheme
+ * MFSA 2009-14 aka CVE-2009-1303+CVE-2009-1302: Crashes with evidence of memory
+ corruption (rv:1.9.0.9)
+ * MFSA 2009-15 aka CVE-2009-0652: URL spoofing with box drawing character
+ * MFSA 2009-10 aka CVE-2009-0040: Upgrade PNG library to fix memory safety hazards
+ * MFSA 2009-09 aka CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain
+ redirect
+ * MFSA 2009-07 aka CVE-2009-0771,-0772,-0773,-0774: Crashes with evidence of memory
+ corruption (rv:1.9.0.7)
+ * MFSA 2009-01 aka CVE-2009-0352,CVE-2009-0353 Crashes with evidence of memory
+ corruption (rv:1.9.0.6)
+ * adjust patches to changed codebase
+ - update debian/patches/ubuntu-mail-app-xre-name
+
+ -- Alexander Sack <asac@debian.org> Wed, 01 Jul 2009 12:18:03 +0200
+
+icedove (2.0.0.19-1) unstable; urgency=medium
+
+ * New upstream security/stability update (v.2.0.0.18/2.0.0.19) Closes: 505563
+ 2.0.0.18:
+ * MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP
+ redirect
+ * MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via
+ __proto__ tampering
+ * MFSA 2008-52 aka CVE-2008-5017 - Crashes with evidence of memory
+ corruption (rv:1.9.0.4/1.8.1.18); Browser engine crash in "Firefox 2
+ and 3"
+ * MFSA 2008-52 aka CVE-2008-5018 - Crashes with evidence of memory
+ corruption (rv:1.9.0.4/1.8.1.18); JavaScript engine crash - "Firefox 2
+ and 3"
+ * MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in
+ nsFrameManager
+ * MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners()
+ same-origin violation
+ * MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace
+ * MFSA 2008-59 aka CVE-2008-4582 - Script access to .documentURI and
+ .textContent in mail
+ 2.0.0.19:
+ * MFSA 2008-60 aka CVE-2008-5500 - Crashes with evidence of memory
+ corruption (rv:1.9.0.5/1.8.1.19); Layout engine crashes - Firefox 2 and 3
+ * MFSA 2008-61 aka CVE-2008-5503 - Information stealing via
+ loadBindingDocument
+ * MFSA 2008-64 aka CVE-2008-5506 - XMLHttpRequest 302 response disclosure
+ * MFSA 2008-65 aka CVE-2008-5507 - Cross-domain data theft via script
+ redirect error message
+ * MFSA 2008-66 aka CVE-2008-5508 - Errors parsing URLs with leading
+ whitespace and control characters
+ * MFSA 2008-67 aka CVE-2008-5510 - Escaped null characters ignored by CSS
+ parser
+ * apply Maintainers, Uploaders changes done in 2.0.0.17 upload to
+ debian/control
+ - update debian/control
+ * adjust/refresh patches to changed upstream code
+ - update debian/patches/moz-app-name-as-mail-binary-name
+ - update debian/patches/autoconf2.13-rerun
+
+ -- Alexander Sack <asac@debian.org> Sat, 03 Jan 2009 16:27:42 +0100
+
+icedove (2.0.0.17-1) unstable; urgency=low
+
+ * New upstream security/stability update (v.2.0.0.17), Closes: #500721
+ * MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow
+ * MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect()
+ same-origin violation
+ * MFSA 2008-41 aka CVE-2008-4058, CVE-2008-4059, CVE-2008-4060 - Privilege
+ escalation via XPCnativeWrapper pollution
+ * MFSA 2008-42 aka CVE-2008-4061, CVE-2008-4062, CVE-2008-4063,
+ CVE-2008-4064 - Crashes with evidence of memory corruption
+ (rv:1.9.0.2/1.8.1.17)
+ * MFSA 2008-43 aka CVE-2008-4065, CVE-2008-4066 - BOM characters, low
+ surrogates stripped from JavaScript before execution
+ * MFSA 2008-44 aka CVE-2008-4067, CVE-2008-4068 - resource: traversal
+ vulnerabilities
+ * MFSA 2008-46 aka CVE-2008-4070 - Heap overflow when canceling newsgroup
+ message
+
+ [ Michael Casadevall <sonicmctails@gmail.com> ]
+ * debian/control:
+ - Changed maintainer to Ubuntu Mozillateam
+ - Added Uploaders to the team
+ - Set DM-Upload-Allowed
+ - Bumped standards version to 3.8.0
+
+ [ Alexander Sack <asac@debian.org> ]
+ * Closes: #497491 - Icedove inappropriately sets file-/MIME-type
+ associations in .desktop database; we drop the Mime-Type= entry
+ from debian/icedove.desktop
+ - update debian/icedove.desktop
+
+ -- Michael Casadevall <sonicmctails@gmail.com> Sat, 18 Oct 2008 09:07:20 -0400
+
+icedove (2.0.0.16-1) unstable; urgency=low
+
+ * New upstream security/stability update (v2.0.0.16) fixes:
+ * MFSA 2008-21 aka CVE-2008-2798 - Crashes with evidence of memory
+ corruption
+ * MFSA 2008-21 aka CVE-2008-2799 - Crashes with evidence of memory
+ corruption
+ * MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file
+ * MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in
+ mozIJSSubScriptLoader.loadSubScript()
+ * MFSA 2008-26 aka CVE-2008-0304 - (followup) Buffer length checks in MIME
+ processing
+ * MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in
+ uninitialized memory being used
+ * MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to
+ spoof
+ * MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block
+ reflow
+ * MFSA 2008-34 aka CVE-2008-2785 - Remote code execution by overflowing CSS
+ reference counter
+
+ * Closes: #483938 - add .desktop file translations (contributed by Timo
+ Jyrinki <timo.jyrinki@iki.fi>)
+ - update debian/icedove.desktop
+
+ (cherry pick rev77 from lp:~mozillateam/thunderbird/thunderbird.dev branch)
+ * drop patches applied upstream
+ - drop debian/patches/bz419350_attachment_306066.patch
+ - update debian/patches/series
+
+ (cherry pick rev78 from lp:~mozillateam/thunderbird/thunderbird.dev branch)
+ * adjust patches diverged upstream
+ - update debian/patches/ubuntu-look-and-feel-report-a-bug-menuitem
+
+ (cherry pick rev80 from lp:~mozillateam/thunderbird/thunderbird.dev branch)
+ * Closes: #489093 - add explicit -lfontconfig to linker flags used for gfx/ps
+ module to fix ftbfs in intrepid
+ - add debian/patches/bzXXX_ftbfs_fontconfig.patch
+ - update debian/patches/series
+
+ -- Alexander Sack <asac@canonical.com> Thu, 24 Jul 2008 17:38:51 +0200
+
+icedove (2.0.0.14-1) unstable; urgency=medium
+
+ * Upstream stability/security release, fixes
+ + MFSA 2008-15 aka CVE-2008-1236 - Crashes with evidence of memory corruption
+ (rv:1.8.1.13) - browser engine
+ + MFSA 2008-15 aka CVE-2008-1237 - Crashes with evidence of memory corruption
+ (rv:1.8.1.13) - javascript engine
+ + MFSA 2008-14 aka CVE-2008-1233, CVE-2008-1234, CVE-2008-1235 - JavaScript
+ privilege escalation and arbitrary code execution
+ * update debian/remove.nonfree script to pull branding from bzr branch hosted
+ at https://code.edge.launchpad.net/~mozillateam/thunderbird/icedove-branding-2.0.0.x
+ - update debian/remove.nonfree
+ * fix fallback https handler by adding pref("network.protocol-handler.app.https",
+ "x-www-browser") to default system preference file. (Closes: #460954)
+ - update debian/icedove.js
+ * drop patches applied upstream:
+ - delete debian/patches/bz399589_fix_missing_symbol_with_new_nss.patch
+ - update debian/patches/series
+ * fix broken reply-to-list extension (Closes: #439369)
+ - add debian/patches/replytolist_2.x.patch
+ - update debian/patches/series
+ * fix ftbfs on ia64 (Closes: #477281)
+ - add debian/patches/bz419350_attachment_306066.patch
+ - update debian/patches/series
+ * drop forced use of gcc/g++ 4.2 and use default compiler again; in turn we
+ drop gcc-4.2 and g++-4.2 from Build-Depends
+ - update debian/control
+ - update debian/rules
+
+ -- Alexander Sack <asac@debian.org> Fri, 09 May 2008 17:57:55 +0200
+
+icedove (2.0.0.12-1) unstable; urgency=low
+
+ * New Upstream stability/security release, fixes various advisories:
+ + CVE-2008-0416 aka MFSA 2008-13 Multiple XSS vulnerabilities from
+ character encoding
+ + CVE-2008-0304 aka MFSA 2008-12 Heap buffer overflow in external MIME
+ bodies
+ + CVE-2008-0418 aka MFSA 2008-05 Directory traversal via chrome: URI
+ + CVE-2008-0415 aka MFSA 2008-03 Privilege escalation, XSS, Remote Code
+ Execution
+ + CVE-2008-0412 and CVE-2008-0413 aka MFSA 2008-01 Crashes with evidence
+ of memory corruption (rv:1.8.1.12) - layout and javascript
+ * Fix severe problems for powerpc architecture, by reverting arch-detect
+ patch to introduce special behaviour only when FORCE_USE_HOST_OS is set in
+ environment. For now only s390 is special cased in rules - as thats the
+ architecture we introduced this patch for (Closes: #461981).
+ - update debian/rules
+ - debian/patches/arch-detect
+ * fix "FTBFS with libnss3-dev=3.12.0~beta2-1" by introducing symbols not
+ exported by new nss anymore. Reuse thunderbird patch from ubuntu.
+ (Closes: #470128)
+ - added debian/patches/bz399589_fix_missing_symbol_with_new_nss.patch
+ - update debian/patches/series
+ * add Vcs-Bzr: header to control pointing to the mozillateam packaging
+ branch https://code.launchpad.net/~mozillateam/thunderbird/icedove-2.0.0.x
+ - update debian/control
+ * introduce .autoreg feature and touch /usr/lib/icedove/.autoreg in
+ icedove-gnome-support.postinst and icedove-gnome-support.prerm iif that
+ file exists.
+ - update debian/rules
+ - added debian/icedove-gnome-support.postinst
+ - added debian/icedove-gnome-support.prerm
+ * Adjust multiple patches because of changed upstream code base
+ - update debian/patches/ubuntu-mail-app-xre-name
+ - update debian/patches/autoconf2.13-rerun
+
+ -- Alexander Sack <asac@debian.org> Sat, 05 Apr 2008 23:05:11 +0200
+
+icedove (2.0.0.9-3) unstable; urgency=low
+
+ * drop network.protocol-handler.external.http setting as it caused
+ regressions (Closes: 459564)
+ - update debian/icedove.js
+
+ -- Alexander Sack <asac@debian.org> Wed, 09 Jan 2008 18:56:28 +0100
+
+icedove (2.0.0.9-2) unstable; urgency=low
+
+ * pass host arch information to configure and trust the supplied architecture
+ information. Thanks to Bastian Blank. (Closes: 445959)
+ - update debian/rules
+ - add debian/patches/arch-detect
+ - update debian/patches/autoconf2.13-rerun
+ - update debian/patches/series
+ * use /usr/lib/icedove/icedove as gnome integration command used to update
+ gconf protocol handler. (Closes: 452919)
+ - add debian/patches/icedove_gnome_command
+ - update debian/patches/series
+ * prefer gnome registry to lookup protocol handler if we are in a gnome
+ session; in turn we enable x-www-browser as the http protocol by default
+ (Closes: 452882)
+ - add debian/patches/prefer_gnome_registry_in_gnome_session
+ - update debian/patches/series
+ - update debian/icedove.js
+
+ -- Alexander Sack <asac@debian.org> Sun, 30 Dec 2007 20:21:26 +0100
+
+icedove (2.0.0.9-1) unstable; urgency=medium
+
+ * new upstream stability/security update (v2.0.0.9):
+ - MFSA 2007-36 aka CVE-2007-4841: "URIs with invalid %-encoding mishandled
+ by Windows"
+ - MFSA 2007-29 aka CVE-2007-5339: "Crashes with evidence of memory
+ corruption (rv:1.8.1.8) - browser engine"
+ - MFSA 2007-29 aka CVE-2007-5340: "Crashes with evidence of memory
+ corruption (rv:1.8.1.8) - javascript engine"
+ * adapt adapt patches to new upstream codebase:
+ - drop debian/patches/bz389801_deb443454_fix_gtk_theme_crashes.patch
+ - update debian/patches/68_mips_performance.dpatch
+ - update debian/patches/series
+ - update debian/patches/autoconf2.13-rerun
+ * fix ftbfs due to changed cairo pc Requires: (Closes: 453179)
+ - add debian/patches/bz344818_att264996.patch
+ - update debian/patches/autoconf2.13-rerun
+ - update debian/patches/series
+ * add copyright file (Closes: 453365)
+ - add debian/copyright
+ * quote some if test ! ... lines to fix preinst errors (Closes: 427336)
+ - update debian/icedove.preinst
+ * update icedove menu section - use "Applications/Network/Communication"
+ (Closes: 444903)
+ - update debian/icedove.menu
+ * don't try to install debian/tmp/usr/lib/icedove/defaults/isp as its not
+ shipped by make install anymore
+ - update debian/icedove.install
+
+ -- Alexander Sack <asac@ubuntu.com> Fri, 28 Dec 2007 16:05:05 +0100
+
+icedove (2.0.0.6-1) unstable; urgency=low
+
+ * new upstream release 2.0.0.6-1 fixes various security issues
+ (Closes: #444010):
+ - MFSA 2007-18 aka CVE-2007-3734, CVE-2007-3735 - Crashes with evidence of
+ memory corruption (rv:1.8.1.5).
+ - MFSA 2007-23 aka CVE-2007-3670 - Remote code execution by launching
+ Firefox from Internet Explorer (doesn't apply to linux).
+ - MFSA 2007-26 aka CVE-2007-3844 - Privilege escalation through
+ chrome-loaded about:blank windows.
+ - MFSA 2007-27 aka # CVE-2007-3845 - Unescaped URIs passed to external
+ programs.
+ * debian/patches/debian/patches/credits-rebranding: refresh patch because of
+ code-base change in new upstream release.
+ * debian/patche/bz389801_deb443454_fix_gtk_theme_crashes.patch,series:
+ import fix for theme crashes from bugzilla (Closes: 443454).
+
+ -- Alexander Sack <asac@debian.org> Mon, 08 Oct 2007 12:09:42 +0000
+
+icedove (2.0.0.4.dfsg1-2) unstable; urgency=low
+
+ * debian/patches/autoconf2.13-rerun: rerun to apply last commits
+ configure.in patch addition to configure.
+ * debian/patches/force-no-pragma-visibility-for-gcc-4.2_4.3,
+ debian/patches/series: don't use pragma for visibility as visibility
+ hints are not perfect yet in mozilla code base.
+ * debian/icedove.desktop: drop explicit .png extension from desktop icon name
+ * debian/icedove.desktop, debian/icedove.links, debian/icedove.menu: fix various
+ icon issues, by using /usr/share/icedove/icons/default.png instead of
+ mozicon128.png as source for standard icedove pixmaps link
+ (Closes: #427076, #437064, #437090).
+ * debian/control, debian/rules: use gcc-4.2 and g++-4.2 on all archs; add gcc-4.2
+ and g++-4.2 to build-depends in control file.
+ * debian/icedove.links: provide usr/share/icedove/chrome/icons/default/messengerWindow16.png
+ as a link to usr/share/icedove/icons/mozicon16.png (Closes: #427723).
+ * debian/icedove.install, debian/icedove.links: install isp directories
+ /usr/share/icedove/isp and /usr/share/icedove/defaults/isp and link them to
+ pkglibdir accordingly (Closes: #428421).
+
+ -- Alexander Sack <asac@debian.org> Mon, 27 Aug 2007 23:48:53 +0200
+
+icedove (2.0.0.4.dfsg1-1) unstable; urgency=low
+
+ * debian/remove.nonfree: update list of non-free/binary-only file from
+ latest iceape updates" debian/remove.nonfree; update orig
+ tarball accordingly. (Closes: 400340)
+ * debian/control[.in]: icedove package now provides mail-reader,
+ imap-client, news-reader instead of www-browser (Closes: 425167)
+
+ -- Alexander Sack <asac@ubuntu.com> Tue, 19 Jun 2007 15:00:12 +0200
+
+icedove (2.0.0.4-1) unstable; urgency=low
+
+ * stability/security upstream release 2.0.0.4
+ - CVE-2007-2867 aka MFSA 2007-12 (l): Crashes with evidence of memory
+ corruption (rv:1.8.0.12/1.8.1.4) - layout engine
+ - CVE-2007-2868 aka MFSA 2007-12 (j): Crashes with evidence of memory
+ corruption (rv:1.8.0.12/1.8.1.4) - javascript engine
+ - CVE-2007-1558 aka MFSA 2007-15: Security Vulnerability in APOP
+ Authentication
+ * debian/patches/gcc-workaround-visibility-hidden, debian/patches/series:
+ applied upstream -> dropped visibility workaround patch
+ * debian/patches/gnome-mime-handling: updated patch for bz273524 in
+ response to upstream landing of bz373955
+ * debian/patches/autoconf-regen: rerun autoconf accordingly
+ * debian/patches/82_prefs.dpatch|series: import default font fixes
+ from xulrunner 1.8.1.4-1 patchset (thanks to Mike Hommey
+ <glandium@debian.org>)
+ * debian/control[.in]: libnss3-dev build-depend is now versioned
+ (Closes: 429202)
+
+ -- Alexander Sack <asac@debian.org> Mon, 18 Jun 2007 16:50:34 +0200
+
+icedove (2.0.0.0-4) unstable; urgency=low
+
+ * One that fix them all release - maybe.
+ * fix symlinks for chrome/greprefs/defaults in .preinst
+ (Closes: 425390, 425438, 425476, 425479, 425550, 425552, 425559, 425564, 425672, 425727, 426019)
+ * debian/control[.in]: fix section -> s/web/mail/
+
+ -- Alexander Sack <asac@debian.org> Fri, 1 Jun 2007 13:13:13 +0200
+
+icedove (2.0.0.0-3) unstable; urgency=low
+
+ * fixing links in preinst (Closes: 424963, 425061, 425223)
+ greprefs, chrome and defaults need to point to
+ /usr/share/icedove/*
+ * drop searchplugin link which even had a typo :)
+ * debian/icedove.menu: ship debian menu entry
+ (Closes: 425224)
+
+ -- Alexander Sack <asac@debian.org> Sat, 20 May 2007 16:48:00 +0200
+
+icedove (2.0.0.0-2) unstable; urgency=low
+
+ * adding icedove-dbg package
+
+ -- Alexander Sack <asac@debian.org> Sat, 19 May 2007 17:33:00 +0200
+
+icedove (2.0.0.0-1) unstable; urgency=low
+
+ * icedovising
+ * add debian/remove.nonfree
+ * set upstream application fixed to 'thunderbird' in update-orig,
+ so you can just drop thunderbird tarball and produce new orig
+ * fix debian/control.in, drop transition packages. update debian/control
+ for these modifications.
+ * no autogen of configure and debian/control for release
+
+ -- Alexander Sack <asac@debian.org> Thu, 17 May 2007 14:00:00 +0200
+
+thunderbird (1.99.rc1+2.0-1) feisty; urgency=low
+
+ * branch firefox-trunk package for 2.0 thunderbird package
+ * debian/control.in, debian/control: add transition packages:
+ mozilla-thunderbird, mozilla-thunderbird-dev; disable dom-inspector
+ package as there is nearly no hope that it ever will get maintained
+ upstream again.
+ * debian/rules: remove inspector extension from configure; add excludes
+ to dh_install of thunderbird and thunderbird-dev package:
+ -
+ DEB_DH_INSTALL_ARGS_thunderbird := -Xgnome -Ximgicon -Xmozlibthai
+ DEB_DH_INSTALL_ARGS_thunderbird-dev := -Xnspr -Xnss
+
+ -- Alexander Sack <asac@ubuntu.com> Wed, 18 Apr 2007 13:35:34 +0200
+
+icedove (1.5.0.10.dfsg1-3) unstable; urgency=low
+
+ * debian/icedove*.xpm updated to use correct icon
+ (Closes: 413976, 416476)
+ * debian/patches/25_gnome_helpers_with_params.dpatch:
+ Make helper applications with parameters work (bz#273524);
+ this is an improved version of bugzilla patch by Mike Hommey
+ <glandium@debian.org>
+
+ -- Alexander Sack <asac@debian.org> Wed, 28 Mar 2007 21:55:08 +0200
+
+icedove (1.5.0.10.dfsg1-2) unstable; urgency=low
+
+ * debian/tmpls-typeaheadfind/install.rdf: fix version depends of
+ typeaheadfind (Closes: 413770)
+
+ -- Alexander Sack <asac@debian.org> Wed, 7 Mar 2007 13:13:13 +0100
+
+icedove (1.5.0.10.dfsg1-1) unstable; urgency=low
+
+ * new upstream release fixing security issues:
+ - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
+ Vulnerability
+ - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
+ Vulnerability
+ - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
+ Crashes with evidence of memory corruption
+ * 91_credits_icedove.dpatch: dump new xml entities from
+ credits dialog (Closes: 404984, 412423)
+ * 50_kbsd_nspr.dpatch, 50_kbsd.dpatch: adapt kbsd patches to apply to
+ latest upstream code-base
+
+ [ Christian Perrier <bubulle@debian.org>]
+
+ * Rewrite debconf templates to fit the current Developer's Reference
+ recommendations
+ * Correct the name of the debconf templates file in debian/po/POTFILES.in
+ Closes: #407220
+ * Debconf translations:
+ - Bulgarian added. Closes: #410627
+ - Basque updated. Closes: #410633
+ - German updated. Closes: #410672
+ - Catalan updated. Closes: #410676
+ - Spanish updated. Closes: #410709
+ - Galician updated. Closes: #410720, #407944
+ - Japanese updated. Closes: #410753
+ - Tamil added. Closes: #410892
+ - Portuguese updated. Closes: #409562
+ - Vietnamese updated.
+ - Malayalam added. Closes: #408109
+ - Russian updated. Closes: #411064, #405741
+ - Swedish. Closes: #410632
+ - Polish. Closes: #411302
+ - Fix typo in Italian translation. Closes: #363806
+ - Romanian. Closes: #411361
+ - Czech. Closes: #411409
+ - Danish. Closes: #411402
+ - Dutch. Closes: #411406
+ - Italian. Closes: #411452
+ - Brazilian Portuguese. Closes: #411538
+ - Korean. Closes: #411624, #411581
+ - Malayalam. Closes: #411647
+ - Finnish. Closes: #411765
+
+ -- Alexander Sack <asac@debian.org> Fri, 23 Feb 2007 09:00:00 +0100
+
+icedove (1.5.0.10.dfsg1-1.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix pending l10n issues.
+ * Debconf translations:
+ - Italian fixed. Closes: #363806
+ - Russian added. Closes: #405741
+ - Galician added. Closes: #407944
+ - Malayalam added. Closes: #408109
+ - Portuguese updated. Closes: #409562
+
+ -- Christian Perrier <bubulle@debian.org> Tue, 6 Feb 2007 06:55:08 +0100
+
+icedove (1.5.0.9.dfsg1-1) unstable; urgency=high
+
+ * new upstream version, fixes various security issues:
+ - CVE-2006-6497 mfsa2006-68 layout engine
+ - CVE-2006-6498 mfsa2006-68 javascript engine
+ - CVE-2006-6499 mfsa2006-68 floating point
+ - CVE-2006-6500 mfsa2006-69
+ - CVE-2006-6501 mfsa2006-70
+ - CVE-2006-6502 mfsa2006-71
+ - CVE-2006-6503 mfsa2006-72
+ - CVE-2006-6504 mfsa2006-73
+ - CVE-2006-6505 mfsa2006-74
+ - CVE-2006-6506 mfsa2006-75
+ - CVE-2006-6507 mfsa2006-76
+ * landing icedove artwork contributed by Ricardo Fernández
+ <unicko2000@yahoo.es>; svgs are in debian/branding. xpms and some
+ pngs are generated with rsvg-convert and convert -> adding
+ build-depends to librsvg2-bin, imagemagick
+ * including es.po translation contributed by Felipe Caminos
+ <felipem@gigared.com> (Closes: 402928)
+ * updateing pt_BR.po provided by André Luís Lopes
+ <andrelop@debian.org> (Closes: 403827)
+ * adapting credits dialog and Icedove Motto in 91_credits_icedove.dpatch
+ * fix bad link in icedove manpage (icedove.sgml) (Closes: 398344)
+ * rebranding install.rdf of default theme for icedove in
+ 91_rebranding_theme.dpatch (Closes: 393134)
+ * adapt README.Debian to new icedove directories and name
+ * clean old/not-needed files from debian/ directory:
+ theme.part.defaultclassic, mail-jar.mn, messenger_jar_includes.csv
+ * disabling patch: 99_bz360409_deb400383, which is applied
+ upstream now.
+
+ -- Alexander Sack <asac@debian.org> Tue, 19 Dec 2006 12:00:00 +0100
+
+icedove (1.5.0.8.dfsg1-1) unstable; urgency=medium
+
+ * removing all currently known non-free and sourceless binaries
+ from source package by running the script included for
+ reference in debian/remove.nonfree from the gnuzilla project
+ (Closes: 400340)
+ * added upstream approved quickfix for grave bug in
+ debian/patches/99_bz360409_deb400383.dpatch (Closes: 400383)
+ * last chance kbsd upload ... reenabling kbsd patch with fix
+ by Petr Salinger <Petr.Salinger@seznam.cz> (Closes: 399692)
+ * remove missed non-free icons from
+ debian/fhunderbird-branding.tmpl/ : background.png.uu, disk.icns.uu
+
+ -- Alexander Sack <asac@debian.org> Sun, 26 Nov 2006 19:00:00 +0100
+
+icedove (1.5.0.8-3) unstable; urgency=low
+
+ * disable kbsd patches in 00list because they appear to break
+ build on other platforms. In consequence, 399692 and 363865
+ will be reopened. Reenable 90_ppc64-build-fix (Closes: 400090)
+
+ -- Alexander Sack <asac@debian.org> Mon, 22 Nov 2006 15:10:00 +0100
+
+icedove (1.5.0.8-2) unstable; urgency=low
+
+ * fix mozilla.in for real (for transitional thunderbird link
+ (Closes: 393123, 398037)
+ * apply basque debconf translation (eu.po) for real
+ (Closes: 398468)
+ * included nl.po provided by Nick Niktaris <niktaris@knoppel.org>
+ renaming as icedove first (Closes: 378360)
+ * include greek translation in icedove.desktop provided by
+ Nick Niktaris <niktaris@knoppel.org> (Closes: 384359)
+ * include updated de.po translation provided by
+ Alwin Meschede <ameschede@gmx.de> (Closes: 399083)
+ * apply FTBFS on GNU/kFreeBSD porters patch provided by
+ Petr Salinger <Petr.Salinger@seznam.cz> (Closes: 399692),
+ which is claimed to provide a fix for ppc64 ftbfs too
+ (Closes: 363865)
+ * remove debug echo from icedove.preinst (Closes: 399723)
+
+ -- Alexander Sack <asac@debian.org> Mon, 21 Nov 2006 19:35:00 +0100
+
+icedove (1.5.0.8-1) unstable; urgency=medium
+
+ * new upstream version fixes various security issues
+ * added transition package: thunderbird-gnome-support
+ -> icedove-gnome-support as well as thunderbird-dbg
+ -> icedove-dbg (Closes: 393105)
+ * fix typo in postinst to fix browser integration scheme
+ recognition as selected by debconf (Closes: 393765, 398427)
+ * apply patch by Ted Percival <ted@midg3t.net> to fix broken
+ transitional thunderbird symlink (Closes: 393123, 398037)
+ * apply patch by Andre Lehovich <andrel@yahoo.com> that fixes
+ icedove package description typos (Closes: 398468)
+ * add basque debconf translation (eu.po) provided by Piarres
+ Beobide <pi@beobide.net> (Closes: 398719)
+ * remove non-free rfc files from source tarball (Closes: 395095)
+
+ -- Alexander Sack <asac@debian.org> Wed, 15 Nov 2006 18:00:00 +0100
+
+icedove (1.5.0.7-3) unstable; urgency=medium
+
+ * unbrand thunderbird mail -> Icedove Mail/News due
+ to trademark issues (Closes: 354622)
+
+ -- Alexander Sack <asac@debian.org> Thu, 12 Oct 2006 13:00:00 +0100
+
+thunderbird (1.5.0.7-2) unstable; urgency=low
+
+ * go through new upload ... reenable thunderbird-dbg
+ * increase reference count for fontconfig charset
+ 91_fontconfig_reference_increment_388739 (Closes: 388739)
+
+ -- Alexander Sack <asac@debian.org> Wed, 27 Sep 2006 02:00:00 +0100
+
+thunderbird (1.5.0.7-1) unstable; urgency=high
+
+ * disabled new package to avoid queue new: thunderbird-dbg
+ * new upstream release fixes security issues:
+ + MFSA 2006-64 - CVE-2006-4571
+ + MFSA 2006-63 - CVE-2006-4570
+ + MFSA 2006-62 - CVE-2006-4569
+ + MFSA 2006-61 - CVE-2006-4568
+ + MFSA 2006-60 - CVE-2006-4340 (related to CVE-2006-4339)
+ + MFSA 2006-59 - CVE-2006-4253
+ + MFSA 2006-58 - CVE-2006-4567
+ + MFSA 2006-57 - CVE-2006-4565, CVE-2006-4566
+ * disable patch 90_gcc-extern-fix, because it has been pulled in upstream
+ * disable 91_271815.overthespot.v1.2, because applied upstream
+
+ -- Alexander Sack <asac@debian.org> Fri, 15 Sep 2006 16:00:00 +0100
+
+thunderbird (1.5.0.5-2) unstable; urgency=low
+
+ * new package: thunderbird-dbg
+ + improve configure options
+ + enable svg
+ + use debian build options to determine optimization flags
+ * added build depends on libcairo-dev
+
+ -- Alexander Sack <asac@debian.org> Sat, 12 Aug 2006 15:00:00 +0100
+
+thunderbird (1.5.0.5-1) unstable; urgency=high
+
+ * new upstream release fixes various security flaws:
+ + MFSA 2006-44, CVE-2006-3801
+ + MFSA 2006-46, CVE-2006-3113
+ + MFSA 2006-47, CVE-2006-3802
+ + MFSA 2006-48, CVE-2006-3803
+ + MFSA 2006-49, CVE-2006-3804
+ + MFSA 2006-50, CVE-2006-3805, CVE-2006-3806
+ + MFSA 2006-51, CVE-2006-3807
+ + MFSA 2006-52, CVE-2006-3808
+ + MFSA 2006-53, CVE-2006-3809
+ + MFSA 2006-54, CVE-2006-3810
+ + MFSA 2006-55, CVE-2006-3811
+ * including patch 91_271815.overthespot.v1.2.dpatch
+ (Closes: 379936, 363814)
+ * improve manpage: Document -g, --debug options (Closes: 381096)
+ * update for ja.po, contributed by Kenshi Muto <kmuto@debian.org>
+ (Closes: 379946)
+ * update for pt.po, contributed by Rui Branco <ruipb@debianpt.org>
+ (Closes: 381444)
+ * Provide virtual package news-reader (Closes: 363834)
+ * Apply patch which introduces ReplyToList MessageType. This is
+ the base to allow extensions that provide ReplyToList button to
+ get installed. Thanks to Armin Berres <trigger@space-based.de>
+ for pointing out this unintrusive patch. (Closes: 381273)
+ * fix README.Debian for firefox integration as well as example of
+ global pref.js (firefox.js.tmpl) (Closes: 363723)
+ * further improvements for README.Debian
+ * fix gnome integration program path in a hard-coded fashion
+ in 91_gnome_path_fix.dpatch (Closes: 365610)
+
+ -- Alexander Sack <asac@debian.org> Sat, 12 Aug 2006 15:00:00 +0100
+
+thunderbird (1.5.0.4-3) unstable; urgency=critical
+
+ * fixing gcc-4.1 ftbfs (Closes: 377176)
+ * improved manpage by Bastian Kleineidam <calvin@debian.org>
+ documenting -safe-mode option (Closes: 370254)
+ * include *no xgot* patch for mips/mipsel contributed by
+ Thiemo Seufer <ths@networkno.de> (Closes: 374882)
+
+ -- Alexander Sack <asac@debian.org> Thu, 13 Jul 2006 15:00:00 +0100
+
+thunderbird (1.5.0.4-2) unstable; urgency=critical
+
+ * fix version in install.rdf for inspector and
+ typeaheafind (Closes: 374382)
+ * (last one was a new upstream release fixing
+ various security issues (Closes: 373878, 373553)
+ * urgency=critical
+
+ -- Alexander Sack <asac@debian.org> Mon, 19 Jun 2006 10:00:00 +0100
+
+thunderbird (1.5.0.4-1) unstable; urgency=low
+
+ * new upstream release fixing various security issues:
+ MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8 pages
+ MFSA 2006-40, CVE-2006-2781: Double-free on malformed VCard
+ MFSA 2006-38, CVE-2006-2778: Buffer overflow in crypto.signText()
+ MFSA 2006-37, CVE-2006-2776: Remote compromise via content-defined
+ setter on object prototypes
+ MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL persist
+ MFSA 2006-33, CVE-2006-2786: HTTP response smuggling
+ MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with
+ potential memory corruption
+ MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy Autoconfig,
+ Greasemonkey)
+ * build depends:
+ + xorg-dev -> libx11-dev, libxt-dev, libxinerama-dev,
+ libxft-dev, libfreetype6-dev, libxrender-dev
+ + removed binutils, coreutils and po-debconf
+ * enable xinerama in debian/rules
+ * fixed lintian errors:
+ + do not depend on xorg dev meta package
+ + debhelper depend is now versioned
+ + changed package description(s) to not start with 'thunderbird'
+
+ -- Alexander Sack <asac@debian.org> Tue, 23 May 2006 15:00:00 +0100
+
+thunderbird (1.5.0.2-3) unstable; urgency=low
+
+ * patch-robbery from firefox package:
+ + removed old mips and arm patches
+ + added 50_arch_arm_fix
+ + added 50_arch_alpha_fix
+ + added 50_arch_m68k_fix
+ + added 50_arch_mips_Makefile_fix
+ + added 50_arch_mips_fix (Closes: 357755)
+ + added 50_arch_parisc_Makefile_fix
+ + added 50_arch_parisc_fix
+ * included install.rdf for default theme in extensions dir
+ (Closes: 363956)
+ * removed chrome.d locales.d extensions.d from var/lib/thunderbird
+
+ -- Alexander Sack <asac@debian.org> Tue, 16 May 2006 19:45:00 +0100
+
+thunderbird (1.5.0.2-2) unstable; urgency=critical
+
+ * debian/thunderbird.sgml. Greatly improved manpage for thunderbird,
+ thanks to Sam Morris <sam@robots.org.uk> for contributing this
+ (Closes: 361069)
+ * add missing build depend to sharutils to fix ftbfs (Closes: 365539)
+ * fix gnome-support package removing gnome dependencies from
+ pure thunderbird package.
+ * set urgency to critical which I forgot to set properly
+ for the last upload
+
+ -- Alexander Sack <asac@debian.org> Sat, 29 Apr 2006 14:00:00 +0100
+
+thunderbird (1.5.0.2-1) unstable; urgency=low
+
+ * removed enable xprint in order to build after X11R7 transition.
+ * removed xprint recommends from control file.
+ * 91_fontsfix_359763.dpatch: fix for 'thunderbird shows text illegibly'
+ for some encodings. (Closes: 359763)
+ * myspell is now depends (Closes: 357623)
+ * (re-)including 10_mips_optimization_patch
+ * debian/patches/90_ppc64-build-fix.dpatch: patch for
+ 'FTBFS (ppc64)', thanks to Andreas Jochens <aj@andaco.de>
+ for adding the final patch to the report. (Closes: 361036)
+ * Thanks to Bastian Kleineidam <calvin@debian.org> for
+ contributing:
+ * Standards version 3.6.2.1
+ * Use debhelper v5 with debian/compat
+ * Remove unneeded thunderbird.conffiles now that debhelper v5 is used
+ * Remove CVS directories in debian/
+ * Fix debian/changelog syntax errors, and convert to UTF-8
+ * Fix bashism in debian/thunderbird.postrm, using 2> instead of &>.
+ * Add ${misc:Depends} to thunderbird* dependencies, fixing a missing
+ dependency on debconf
+ * Move db_input commands from postinst into a separate thunderbird.config
+ file.
+ * distinct gnome-support package added. adds a good bunch
+ of gnome build depends to allow module linking against
+ gnome libs.
+ * added new fhunderbird-branding in debian/fhunderbird-branding.tmpl
+ (Closes: 358198)
+ * use only one profile directory in configure
+ (Closes: 358378)
+ * Various security issues are fixed in this release. Namely:
+ CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738
+ CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735
+ CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749
+ CVE-2006-1731 CVE-2006-1724 CVE-2006-0884 CVE-2006-1730
+ CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-1045
+ CVE-2006-0748 CVE-2006-1726 CVE-2006-1725 CVE-2005-2353
+ CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723
+ CVE-2006-0292/CVE-2006-0293 (Closes: 349242)
+ CVE-2006-0294 CVE-2006-0295 CVE-2006-0296 CVE-2006-0297
+ CVE-2006-0298 CVE-2006-0299
+
+ -- Alexander Sack <asac@debian.org> Thu, 20 Mar 2006 21:00:00 +0100
+
+thunderbird (1.5-4) unstable; urgency=low
+
+ * great package renaming release: mozilla-thunderbird -> thunderbird
+ * removed not maintained and not needed update-mozilla-thunderbird
+ facilities. Extensions/locales etc. don't need to call this anymore
+ in order to install themselves globally.
+ * added -fno-strict-aliasing -fno-unsigned-char as parameters to build
+ * patch: 10_visibility_hidden_patch.dpatch - by Adam Conrad
+ * new upstream version fixes various bugs
+ (Closes: 288601, 291912, 295662)
+ * included new fr.po translation by Mohammed Adnène Trojette
+ <adn+deb@diwi.org> (Closes: 323367)
+ * included new cs.po translation by Jan Outrata
+ <outrataj@upcase.inf.upol.cz> (Closes: 321736, 335354)
+ * included new pt.po translation by Traduz! <traduz@debianpt.org>
+ (Closes: 348440)
+ * included new da.po translation by Claus Hindsgaul <claus_h@image.dk>
+ (Closes: 350687)
+ * added intl.locale.matchOS, true to debian/global-config.js instead
+ of hacking startup script
+
+ -- Alexander Sack <asac@debian.org> Tue, 28 Feb 2006 15:00:00 +0100
+
+mozilla-thunderbird (1.5-2) experimental; urgency=low
+
+ * reenable patch 20_mailnews_mime_makefile_in.dpatch
+ to export proper headers to -dev package for enigmail
+ * last upload with old package name
+
+ -- Alexander Sack <asac@debian.org> Thu, 12 Jan 2006 15:00:00 +0100
+
+mozilla-thunderbird (1.5-1) experimental; urgency=low
+
+ * experimental upload of 1.5 (Closes: 348007)
+ * major package housekeeping
+ + removed extension template pieces
+ + bye -offline extension release - this is now completely
+ integrated in thunderbird default install
+ + disable all patches ... but those that are obviously
+ needed - please shout if you got struck by a regression
+ due to this :).
+ + use upstream startup script in the hope that they
+ did fix it!
+ + branding removed again. Keep it white labeled - for
+ now.
+
+ -- Alexander Sack <asac@debian.org> Thu, 12 Jan 2006 15:00:00 +0100
+
+mozilla-thunderbird (1.0.7-3) unstable; urgency=high
+
+ * apply backported patch for amd64 (Closes: 332481,332484)
+ Thanks to Martin Sarsale <martin@malditainternet.com>
+ for testing and preparing the patch
+ + debian/patches/91_gcc4_imgLoader.fix.dpatch
+ * updated vietnam translation contributed by Clytie Siddall
+ <clytie@riverland.net.au> (Closes: 324224)
+ * added swedish translation contributed by Daniel Nylander
+ <yeager@lidkoping.net> (Closes: 331606)
+
+ -- Alexander Sack <asac@debian.org> Mon, 17 Oct 2005 23:30:00 +0100
+
+mozilla-thunderbird (1.0.7-2) unstable; urgency=high
+
+ * still high to indicate that security bugs have not been
+ fixed in etch.
+ * apply debian/patches/90_xptcinvoke_arm.dpatch to fix ftbfs on
+ arm/sid
+
+ -- Alexander Sack <asac@debian.org> Mon, 10 Oct 2005 19:00:00 +0100
+
+mozilla-thunderbird (1.0.7-1) unstable; urgency=high
+ * MFSA-2005-57: IDN heap overrun
+ Summary: Tom Ferris reported a Firefox crash when processing a domain
+ name consisting solely of soft-hyphen characters.
+ Closes: -
+ CVE-Ids: CAN-2005-2871
+ Bugzilla: 307259
+ Issues addressed:
+ + CAN-2005-2871 - IDN heap overrun
+ * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
+ Summary: Fixes for multiple vulnerabilities with an overall severity
+ of "critical" have been released in Mozilla Firefox 1.0.7 and
+ the Mozilla Suite 1.7.12
+ Closes: -
+ CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
+ CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
+ Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
+ 306804 291178 300853 301180 302100
+ Issues addressed:
+ + CAN-2005-2701 - Heap overrun in XBM image processing
+ + CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
+ + CAN-2005-2703 - XMLHttpRequest header spoofing
+ + CAN-2005-2704 - Object spoofing using XBL <implements>
+ + CAN-2005-2705 - JavaScript integer overflow
+ + CAN-2005-2706 - Privilege escalation using about: scheme
+ + CAN-2005-2707 - Chrome window spoofing
+ + Regression fixes
+ * MFSA-2005-59: Command-line handling on Linux allows shell execution
+ -> was addressed in 1.0.6-4 already. Reverting upstream changes
+ to mozilla/mail/mozilla.in by copying debian/mozilla.in_1.0.6 over
+ to allow our patches to still apply. debian/patches/01_old_mozilla.in.dpatch
+
+ -- Alexander Sack <asac@debian.org> Sat, 1 Oct 2005 17:00:00 +0100
+
+mozilla-thunderbird (1.0.6-4) unstable; urgency=high
+
+ * now using bash to overcome possible security flaws of
+ our thunderbird start script (mozilla-thunderbird). Patch
+ by Florian Weimer <fw@deneb.enyo.de>
+ debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667)
+ * added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch
+ to build on alpha, arm, and ia64 that now uses
+ __attribute__((used)) instead of ((unused)) by
+ Steve Langasek <vorlon@debian.org>
+ (Closes: 325536)
+ * fix debsums error reported by Y Giridhar Appaji Nag
+ <debian@appaji.net>. Now removing files in postrm.
+ Further moved /usr/lib/mozilla-thunderbird/chrome/chrome.rdf
+ to the /var/... adding a link to the new location.
+ (Closes: 292475)
+ * added depends for system libs: mng, png, jpeg to not build with
+ unmaintained image included libs.
+ * modified 21_mozilla_in-patch.dpatch to recognize -mail as a -compose
+ alias. This makes thunderbird work well with current gnome default
+ mailto: command for thunderbird. Thanks to Sam Morris <sam@robots.org.uk>
+ for the workaround patch (Closes: 330168)
+ * still work left: fix window.open(); overlay problem.
+ added rejar-chrome.sh <jarbasename> util script below debian. It
+ rejars .jar files by extracting paths given in
+ <jarbasename>_jar_includes.csv from the <jarbasename>.jar zip file
+ and zipping only those files to a new jar file again. Anyway, still
+ broken, thus disabled for this build.
+ (See: 306522)
+
+ -- Alexander Sack <asac@debian.org> Mon, 23 Sep 2005 17:00:00 +0100
+
+mozilla-thunderbird (1.0.6-3) unstable; urgency=low
+
+ * remove gcc-3.4 from amd64 build ... this time for sure
+ (Closes: 320723)
+ * remove special optimization flags for other archs too
+
+ -- Alexander Sack <asac@debian.org> Mon, 2 Aug 2005 17:00:00 +0100
+
+mozilla-thunderbird (1.0.6-2) unstable; urgency=low
+
+ * remove gcc-3.4 from amd64 build (Closes: 320723)
+ * added arabic po translation by Mohammed Adnène Trojette
+ <adn+deb@diwi.org> (Closes: 320771)
+
+ -- Alexander Sack <asac@debian.org> Mon, 1 Aug 2005 17:00:00 +0100
+
+mozilla-thunderbird (1.0.6-1) unstable; urgency=high
+
+ * GCC/G++ 4.0 API transition upload.
+ * include 90_new_freetype_fix.dpatch to fix new freetype API
+ (Closes: 301481, 301481) - consumed from mozilla-firefox packages ...
+ thx to Eric Dorland <eric@debian.org>
+ * include 90_gcc4_fix.dpatch
+ * fixes multiple security bugs (Closes: 318728)
+ CAN-2005-2270: Code execution through shared function objects
+ CAN-2005-2269: XHTML node spoofing
+ CAN-2005-2266: Same origin violation: frame calling top.focus()
+ CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo()
+ CAN-2005-2261: XML scripts ran even when Javascript disabled
+ CAN-2005-1532: Privilege escalation via non-DOM property overrides
+ CAN-2005-1160: Privilege escalation via DOM property overrides
+ CAN-2005-1159: Missing Install object instance checks
+ CAN-2005-0989: Javascript "lambda" replace exposes memory contents
+ * fix gdk_property_get problem that might cause a segfault (Closes: 317937)
+ patch by Loic Minier <lool@dooz.org>
+ debian/patches/gdk_property_get.dpatch
+ * fix CAN-2005-2353: insecure tmp file usage in run-mozilla.sh (Closes: 306893)
+ debian/patches/20_run-mozilla_sh_306893_fix.dpatch
+ * include german de.po translation (Closes: 318747)
+ by Alwin Meschede <ameschede@gmx.de>
+ * fixed whitespace in mozilla-thunderbird.templates (Closes: 308961)
+ hint by Clytie Siddall <clytie@riverland.net.au>
+ * apply fix for seamonkey migration crash (Closes: 285728)
+ 90_mail_components_miration_src_nsSeamonkeyProfileMigrator_cpp
+ * fix 'find' in update-mozilla-thunderbird-chrome (Closes: 315588)
+ patch by Michael Spang <mspang@twcny.rr.com>
+
+ -- Alexander Sack <asac@debian.org> Thu, 21 Jul 2005 21:00:00 +0100
+
+mozilla-thunderbird (1.0.2-3) unstable; urgency=high
+
+ * last maybe sarge upload with urgency high, contains only
+ translations (po files + gnome .desktop file lines)
+ + cs translation by Jan Outrata <outrataj@upcase.inf.upol.cz>
+ (Closes: 309023)
+ + fi translation by Matti Pöllä <mpo@iki.fi>
+ (Closes: 303805)
+ + ja translation by Kenshi Muto <kmuto@debian.org>
+ (Closes: 307005)
+ + pt_BR translation by Andre Luis Lopes <andrelop@debian.org>
+ (Closes: 304261)
+ + vi translation by Clytie Siddall <clytie@riverland.net.au>
+ (Closes: 308959)
+ + added missed translation entries in gnome .desktop files
+ for it, ko, pl
+
+ -- Alexander Sack <asac@debian.org> Thu, 02 Jun 2005 22:00:00 +0100
+
+mozilla-thunderbird (1.0.2-2) unstable; urgency=low
+
+ * fixed TYPO in 71_extensionManagerAutoReRegister.dpatch,
+ probably causing #302218 (Closes: 302218)
+ * extended patch 71_extensionManagerAutoReRegister.dpatch,
+ now checking components.ini timestamp instead of
+ compreg.dat timestamp. removing components.ini compreg.dat
+ and XUL.mfasl if global Extensions.rdf file is newer then
+ components.ini. Probably helping to fix #302218 too.
+ * renamed xprt-xprintorg recommends to xprint (Closes: 300975)
+ * (re-)enabled pref extension (Closes: 302130)
+
+ -- Alexander Sack <asac@debian.org> Thu, 31 Mar 2005 07:00:00 +0100
+
+mozilla-thunderbird (1.0.2-1) unstable; urgency=medium
+ * new upstream version (Closes: 301542) fixes some
+ security issues according to upstream
+ (http://www.mozilla.org/projects/security/known-vulnerabilities.html)
+ 1.0.2 fixes the following security related issues.
+
+ MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
+ MFSA 2005-25 Image drag and drop executable spoofing
+ MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
+ MFSA 2005-18 Memory overwrite in string library
+ MFSA 2005-17 Install source spoofing with user:pass@host
+ MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
+
+ -- Alexander Sack <asac@debian.org> Sun, 27 Mar 2005 16:00:00 +0100
+
+mozilla-thunderbird (1.0-4) unstable; urgency=low
+
+ * removed not needed build-deps: csh
+ * included debconf (and gnome .desktop file) translations for
+ various languages: (Closes: 292072, 294622, 291477, 292507)
+ + debian/po/fr.po (Mohammed Adnène TROJETTE <adn+deb@diwi.org>,
+ Aurelien Jarno <aurel32@debian.org>)
+ + debian/po/nl.po (Luk Claes <luk.claes@ugent.be>)
+ + debian/po/ca.po (Jordi Mallach <jordi@debian.org>)
+ + debian/po/ko.po (Yooseong Yang <yooseong@debian.org>)
+ + debian/po/it.po (Vittorio Palmisano <redclay@email.it>)
+ + debian/po/pl.po (Robert Luberda <robert@debian.org>)
+ * fixed startscript problem
+ - updated 21_mozilla_in-patch.dpatch - thanks to
+ Kevin B. McCarty <kmccarty@Princeton.EDU>
+ * moved code of component debCleanComp.js to
+ nsExtensionManager, so it can automatically restart the
+ application if needed.
+ This should again lower the probabilty that
+ some upgrade, downgrade of thunderbird or extensions
+ breaks the chrome or component registry in your profile
+ dir.
+
+ -- Alexander Sack <asac@debian.org> Sun, 13 Mar 2005 13:00:00 +0100
+
+mozilla-thunderbird (1.0-3) unstable; urgency=low
+
+ * first upload to official archive for tbird 1.0
+ (first since 0.9-6)
+ * finally I decided to upload this package to unstable,
+ though there is a debian-legal discussion going on
+ about the mozilla trademark. Since it might take some
+ time until a solution is found, I decided to upload
+ as usual.
+ * started to debrand the app to 'Debian Thunderbird'
+
+ -- Alexander Sack <asac@debian.org> Sun, 16 Jan 2005 14:00:00 +0100
+
+mozilla-thunderbird (1.0-2) unstable; urgency=low
+
+ * Uninstall file and dummy-empty-file must not be empty
+ * Included latest patch for extension manager
+ * Included Jaap Haitsma icons (Closes: 257640)
+ * fixed regression compared to 0.9-6 official package
+ that had problems to build because empty files where
+ not included in diff.gz
+
+ -- Alexander Sack <asac@debian.org> Fri, 10 Dec 2004 23:00:00 +0100
+
+mozilla-thunderbird (1.0-1) unstable; urgency=low
+
+ * new upstream release - 1.0 (Closes: 284560)
+ * includes new icons as default theme
+ * changed start.html page to not use the mozilla partical
+ in the package naming. This app is now officially called
+ 'Debian Thunderbird'
+ * removed -O from sparch arch (See: 284532)
+ * README.Debian improved
+ * adapted new manpage inspired by Ralf Katz <ralph.katz@rcn.com>
+
+ -- Alexander Sack <asac@debian.org> Tue, 08 Dec 2004 12:00:00 +0100
+
+mozilla-thunderbird (0.9-7) unstable; urgency=low
+
+ * added debconf capability to define what browser
+ integration is wanted
+ -> added /etc/mozilla-thunderbird/auto-config.js
+ to store automatically generated configs by debconf
+
+ -- Alexander Sack <asac@debian.org> Thu, 24 Nov 2004 12:00:00 +0100
+
+mozilla-thunderbird (0.9-6) unstable; urgency=low
+
+ * fixed bug in preinst script by strictly testing
+ the existance of files before invoking mv
+ operations (Closes: 282186)
+ * fixed stupid upgrade bug in preinst script.
+ ls uses now -d to produce no garbage when
+ used as source for moving. This closes
+ a bug reported against enigmail, but is a
+ bug of the thunderbird package. This release
+ fixes it (Closes: 282505)
+ * still missing reply for current grave bug
+ 282506. I think this is due to the initial
+ upgrade problems. Those problem should not
+ occur anymore with the fixes of this packages
+ upgrade mechanism (Closes: 282506)
+
+ -- Alexander Sack <asac@debian.org> Thu, 24 Nov 2004 12:00:00 +0100
+
+mozilla-thunderbird (0.9-5) unstable; urgency=low
+
+ * added patch by Kevin B. McCarty <kmccarty@Princeton.EDU>
+ adds In-Reply-To mailto: link capability (Closes: 268055)
+ * late verification of bug fixed by preview package:
+ fixes: message editor steals keyboard focus (Closes: 274313)
+
+ -- Alexander Sack <asac@debian.org> Thu, 18 Nov 2004 12:00:00 +0100
+
+mozilla-thunderbird (0.9-4) unstable; urgency=low
+
+ * fixed upgrade bug - when /usr/lib/mozilla-thunderbird/extensions
+ is a link, remove it and create a directory for it! After that
+ move all extensions from /var/lib/mozilla-thunderbird/extensions
+ to the new folder.
+ * added example firefox-config.js.tmpl to use the new wrapper
+ script. This config should only be used if you are in a non
+ gconf capable window environment, e.g. pure openbox, etc.
+ See the README.Debian for further details on howto integrate
+ thunderbird properly.
+ * added uninstall and extension directory for default theme
+ extension. This should make it possible to remove the package
+ cleanly.
+ * Bug#280254: mozilla-thunderbird: Please package
+ thunderbird 0.9 (Closes: 280076)
+ * patch by Kevin McCarty <kmccarty@Princeton.EDU>, fixes
+ Subject munging if thunderbird is running (Closes: 263971)
+ * fixed: typo in welcome message for preview pane (Closes: 278690)
+ * thx to bug submitters that verified the fix of the following
+ bugs in my preview package at people.debian.org:
+ + Bug#277304: mozilla-thunderbird: thunderbird dies silently on
+ some mails (Closes: 277304)
+ + no sound when new mail arrives (Closes: 274044)
+ + Focus Problem when a filter is selected (Closes: 272157)
+ + "Get Mail" button fails intermittently on additional accounts
+ (Closes: 280482)
+ * added patch to fix /tmp/ file permissions during processing of
+ imap directory (Closes: 280363)
+ * cleaning up compreg.dat on Extensions.rdf change, so after
+ restart all troubles with this issue are gone (Closes: 273213)
+ * Already since 0.9-1, but I forgot to mention:
+ + set default smtp server option should work now
+ (Closes: 274177)
+ + with view filter: unread on, newly read messages are
+ not removed from the message list anymore (Closes: 275708)
+ * other bugs resolved by upstream:
+ + problems while threads refresh (Closes: 239203)
+ + Shortcuts conflict with ISO 14755 (Closes: 246916)
+
+ -- Alexander Sack <asac@debian.org> Mon, 15 Nov 2004 22:45:00 +0100
+
+mozilla-thunderbird (0.9-3) unstable; urgency=low
+
+ * rm -f /usr/lib/mozilla-thunderbird/extensions
+ in postinst if it is a link! After that move
+ stuff from /var/lib/mozilla-thunderbird/extensions
+ to /usr/lib/mozilla-thunderbird/extensions.
+ The rest will be done by update-mozilla-thunderbird-chrome
+
+ -- Alexander Sack <asac@debian.org> Thu, 11 Nov 2004 22:45:00 +0100
+
+mozilla-thunderbird (0.9-2) unstable; urgency=low
+
+ * fixed bad bug in mozilla-thunderbird.install,
+ that removed the fulls extensions dir
+ * fixed broken upgrade problem due to
+ mozilla-thunderbird-inspector that tried to
+ install resource files under /usr/lib/.../res,
+ but that is a link. Now storing under /usr/share/
+
+ -- Alexander Sack <asac@debian.org> Wed, 10 Nov 2004 22:00:00 +0100
+
+mozilla-thunderbird (0.9-1) unstable; urgency=low
+
+ * new upstream version (0.9)
+ * include patch amd64:
+ by Frederik Schueler <fs@lowpingbastards.de>
+ -> use gcc-3.4,g++3.4 (Closes: 261365)
+ * pasting issues partially fixed (See: 279656)
+ * Local Folders needed, cannot be deleted anymore
+ (Closes: 226253)
+ * including great patch of Mike Hommey <mh@glandium.org>
+ who brought the final fix for the extension manager
+ problems; changed update-mozilla-thunderbird-chrome
+ according to the new -register capability
+
+ -- Alexander Sack <asac@debian.org> Wed, 10 Nov 2004 20:00:00 +0100
+
+mozilla-thunderbird (0.8-3) unstable; urgency=medium
+
+ * respin for new binutils version (Closes: 273354)
+ * removing essential and build-essential build
+ dependencies to: base-files, libc6-dev
+ * update-mozilla-thunderbird-chrome: output of find(s)
+ to /dev/null (Closes: 267661)
+ * included mozilla-thunderbird-compose script in docs
+ section
+
+ -- Alexander Sack <asac@debian.org> Sat, 26 Sep 2004 13:00:00 +0100
+
+mozilla-thunderbird (0.8-2) unstable; urgency=medium
+
+ * include good build_id during build fixes
+ upgrade problems
+ (Closes: 272175, 272182)
+ * fixed some startup-script regressions. Remote
+ commands are almost ready by upstream. Only
+ -compose argument is interpreted in a debian
+ specific way. Of course, locale settings
+ are still debian specific too.
+ * improved changelog to list important notes
+ for upgrading to 0.8
+ * 10_mips_optimization_patch.dpatch:
+ thiemo seufers mips(el) workaround
+ removing CFLAGS="$CFLAGS -Wa,-xgot" and
+ CXXFLAGS="$CXXFLAGS -Wa,-xgot" and adding
+ inline when DEBUG is true (Closes: 272162).
+
+ -- Alexander Sack <asac@debian.org> Sat, 18 Sep 2004 21:00:00 +0100
+
+mozilla-thunderbird (0.8-1) unstable; urgency=medium
+
+ * new upstream version 0.8
+ * fixes various security issues in sarge and sid
+ (Closes: 263752)
+ * hacked a tiny patch for nsExtensionManager.js.in bug that
+ lets thunderbird (and firefox) loop on startup if
+ launched with non-root account.
+
+ -- Alexander Sack <asac@debian.org> Fri, 17 Sep 2004 10:00:00 +0100
+
+mozilla-thunderbird (0.7.3-6) unstable; urgency=high
+
+ * still fixes the security bug in sarge (see #263752)
+ ... thus urgency=high
+ * applied 50_mozilla-thunderbird-xpcom-xptcall-mips.dpatch
+ provided by Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>
+ (Closes: 267017)
+ * removed <boll@debian.org> as Uploader as he expressed
+ that he has no more time to co-maintaining this package.
+ Thanks for your work!
+
+ -- Alexander Sack <asac@debian.org> Sun, 12 Sep 2004 17:30:00 +0100
+
+mozilla-thunderbird (0.7.3-5) unstable; urgency=high
+
+ * ping tbird to find a running instance instead of searching
+ for lock file that could still be there after a crash (redone)
+ (Closes: 267144)
+ * still fixes the security bug in sarge ... thus urgency=high
+
+ -- Alexander Sack <asac@debian.org> Thu, 21 Aug 2004 14:00:00 +0100
+
+mozilla-thunderbird (0.7.3-4) unstable; urgency=high
+
+ * ping tbird to find a running instance instead of searching
+ for lock file that could still be there after a crash
+ (Closes: 267144)
+ * still fixes the security bug in sarge ... thus urgency=high
+
+ -- Alexander Sack <asac@debian.org> Thu, 21 Aug 2004 14:00:00 +0100
+
+mozilla-thunderbird (0.7.3-3) unstable; urgency=high
+
+ * extended patch for mips: 50_xpcom_xptcall_xptcstubs_asm_mips_s
+ (Closes: 266851)
+ * still fixes the security bug in sarge ... thus urgency=high
+
+ -- Alexander Sack <asac@debian.org> Thu, 19 Aug 2004 17:00:00 +0100
+
+mozilla-thunderbird (0.7.3-2) unstable; urgency=high
+
+ * included patch for mips: 50_xpcom_xptcall_xptcstubs_asm_mips_s
+ * made global-config.js more up to date (Closes: 261815)
+ * recommend myspell-en-us | myspell-dictionary (Closes: 265272)
+ * enigmail is now suggested and not recommended anymore
+ * still fixes the security bug in sarge ... thus urgency=high
+
+ -- Alexander Sack <asac@debian.org> Wed, 18 Aug 2004 16:00:00 +0100
+
+mozilla-thunderbird (0.7.3-1) unstable; urgency=high
+
+ * new upstream release 0.7.3 - fixes security issues
+ (Closes: 263752)
+ * changed maintainer email to debian address
+ * removing /var/lib/mozilla-thunderbird dir on purge
+ (Closes: 260212).
+ * reverting gcc-3.2 and g++-3.2 for hppa architecture to back to
+ default gcc/g++ compiler
+ * fixed package description of mozilla-thunderbird-inspector and
+ mozilla-thunderbird-offline (Closes: 260374, 260376)
+ * plain mozilla-thunderbird now opens Inbox window to front
+ instead of profile manager when already running (Closes: 259476)
+
+ -- Alexander Sack <asac@debian.org> Wed, 04 Aug 2004 20:00:00 +0100
+
+mozilla-thunderbird (0.7.1-3) unstable; urgency=low
+
+ * updated README.Debian to be more specific
+ on the lost profile workaround!
+ * added 10_profile_migration.dpatch to fix
+ profile migration issues (Closes: 258741, 258747)
+ * updated .desktop file Comment (Closes: 257596)
+ * trying gcc-3.2 and g++-3.2 for hppa architecture
+
+ -- Alexander Sack <asac@jwsdot.com> Tue, 13 Jul 2004 11:00:00 +0100
+
+mozilla-thunderbird (0.7.1-2) unstable; urgency=low
+
+ * added 10_profile_migration.dpatch to fix
+ profile migration issues (Closes: 258741, 258747)
+ * updated .desktop file Comment (Closes: 257596)
+ * trying gcc-3.2 and g++-3.2 for alpha and amd64
+ architecture
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 12 Jul 2004 11:00:00 +0100
+
+mozilla-thunderbird (0.7.1-1) unstable; urgency=low
+
+ * new upstream source 0.7.1 (Closes: 257320, 256843)
+ * fixed broken theme ID
+ * include extension descriptions and set them
+ to locked
+ * fixed typo in branding patch ( Hompage ->Homepage )
+ * included movemail for handling local mail (Closes: 219893)
+ * provides new mozilla-thunderbird-dev
+ * does not build enigmail anymore. enigmail has got its
+ own source package for now. Hopefully this package will
+ build soon against mozilla-mailnews and mozilla-thunderbird,
+ so only one package is needed for both.
+ * update-mozilla-thunderbird-chrome: LD_LIBRARY_PATH bug fixed
+ (Closes: 254144)
+ * verified that -compose mailto:email@host.com works (Closes: 252261)
+ * include upgrade info in README.debian. Documented
+ new global-config.js file in README.debian too (Closes: 253315)
+ * crash on corrupt bmp fixed by upstream (Closes: 248857)
+ * added Provides: mail-reader, imap-client (Closes: 257199)
+ * renamed menu entry to 'Thunderbird Mail' (Closes: 257596)
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 5 Jul 2004 11:00:00 +0100
+
+mozilla-thunderbird (0.7.1-0.0.asac1) unstable; urgency=low
+
+ * new upstream source 0.7.1
+ * fixed broken theme ID
+ * include extension descriptions and set them
+ to locked
+ * fixed typo in branding patch ( Hompage ->Homepage )
+ * included movemail for handling local mail
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 1 Jul 2004 11:00:00 +0100
+
+mozilla-thunderbird (0.7-0.0.asac1) unstable; urgency=low
+
+ * new upstream source 0.7
+ * provides new mozilla-thunderbird-dev
+ * does not build enigmail anymore. enigmail has got its
+ own source package for now. Hopefully this package will
+ build soon against mozilla-mailnews and mozilla-thunderbird,
+ so only one package is needed for both.
+ * update-mozilla-thunderbird-chrome: LD_LIBRARY_PATH bug fixed
+ (Closes: 254144)
+ * verified that -compose mailto:email@host.com works (Closes: 252261)
+ * include upgrade info in README.debian (Closes: 253315)
+ * crash on corrupt bmp fixed by upstream (Closes: 248857)
+
+ -- Alexander Sack <asac@jwsdot.com> Wed, 23 Jun 2004 11:00:00 +0100
+
+mozilla-thunderbird (0.6-asac1) unstable; urgency=low
+
+ * new binary package for development files
+ mozilla-thunderbird-dev
+ * mozilla-thunderbird now Provides: mail-reader and imap-client
+
+ -- Alexander Sack <asac@jwsdot.com> Tue, 08 Jun 2004 15:00:00 +0100
+
+mozilla-thunderbird (0.6-3) unstable; urgency=low
+
+ * added libx11-dev, libxp-dev, libxt-dev to Build-Depends
+ * removed xlibs-dev from Build-Depends
+ * fixed typo in starting screen (Closes: 249850)
+ * removed duplicate readme file (Closes: 247162)
+ * added readme file upgrade note to remove the
+ chrome.rdf in the users profile directory after
+ upgrade.
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 03 Jun 2004 00:20:00 +0100
+
+mozilla-thunderbird (0.6-2) unstable; urgency=low
+
+ * Fix missing build-dep on xlibs-dev, causing FTBFS errors
+ (closes: Bug#251166)
+
+ -- Soeren Boll Overgaard <boll@debian.org> Fri, 28 May 2004 11:02:07 +0000
+
+mozilla-thunderbird (0.6-1) unstable; urgency=low
+ * accumulated changelog: 0.6-0.1rc1 + 0.6-0.1rc2
+ * repackaged upstream source tarball to not-include
+ non-free icons of the trademarked new branding
+ * changed menu icon size to 32x32
+ * added suggestions for mozilla-thunderbird-typeaheadfind
+ mozilla-thunderbird-offline and mozilla-thunderbird-inspector
+ * new upstream version: 0.6
+ * MAP users can now benefit from support for the IMAP IDLE command
+ which allows the mail server to push notifications such as new
+ mail arriving as soon as it arrives (Closes: 232544)
+ * Thunderbird supports server wide news filters that apply to all
+ news groups on a server
+ * Mail filters can now mark messages as junk
+ * Offline support is now available as an extension package
+ (Closes: 231920)
+ * Command line parsing problems fixed (Closes: 232342)
+ * Find broken in view source is fixed (Closes: 232580)
+ * Alerts and crash when deleting multiple nested
+ folders inside the trash folder is fixed (Closes: 237705, 244414)
+ * shift-c selects all as read (Closes: 245039)
+ * menu hint changed to mail (Closes: 246211)
+ * Alt-A selects all messages (Closes: 229518)
+ * typeahead find extension added as extra package
+ (Closes: 232562)
+ * suggesting mozilla-firefox now (Closes: 240708, 234918)
+ * changed mozilla-thunderbird.xpm to envelope with flames
+ (Closes: 243028)
+ * new enigmail upstream version included (0.86.6),
+ (Closes: 235553)
+ * now bulding with -O2 on all platforms, but ia64, arm,
+ sparc, alpha, powerpc
+ * global enigmail config file now in
+ /etc/mozilla-thunderbird/pref/enigmail.js
+ * new binary targets:
+ mozilla-thunderbird-inspector,
+ mozilla-thunderbird-offline,
+ mozilla-thunderbird-typeaheadfind
+ * restructured conffiles: now a single global config
+ file exists: /etc/mozilla-thunderbird/global-config.js,
+ which may be used by admins to make their
+ preconfigurations.
+ Old config files in /etc/mozilla-thunderbird/pref
+ will be reserved till next --purge
+
+ -- Alexander Sack <asac@jwsdot.com> Sat, 08 May 2004 08:45:00 +0100
+
+mozilla-thunderbird (0.5+.040427-1) unstable; urgency=low
+
+ * new snapshot of 040427
+ * added build depend: libgnomevfs2-dev
+ * increased debian policy standard version to 3.6.1
+
+ -- Alexander Sack <asac@jwsdot.com> Tue, 27 Apr 2004 12:45:00 +0100
+
+mozilla-thunderbird (0.5+.040418-1) unstable; urgency=low
+
+ * new snapshot of 040418
+ * changed desktop icon to envelope with flames (Closes: 243028)
+
+ -- Alexander Sack <asac@jwsdot.com> Sun, 18 Apr 2004 12:45:00 +0100
+
+mozilla-thunderbird (0.5+.040412-1) unstable; urgency=low
+
+ * new snapshot of 040412
+ * Updated enigmail to 0.83.6
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 12 Apr 2004 01:37:00 +0100
+
+mozilla-thunderbird (0.5+.040330-1) unstable; urgency=low
+
+ * new snapshot of 040320
+ * Updated enigmail to 0.83.5 (Closes: 235553)
+
+ -- Alexander Sack <asac@jwsdot.com> Tue, 30 Mar 2004 17:30:20 +0100
+
+mozilla-thunderbird (0.5-4) unstable; urgency=low
+
+ * reenabled hppa patch, which apparently led to FTBFS on hppa
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 04 Mar 2004 21:30:20 +0100
+
+mozilla-thunderbird (0.5-3) unstable; urgency=medium
+
+ * preinst added to allow clean upgrade path to this
+ (Closes: 234118, Closes: 234267)
+ * added prerm script to allow a clean remove of package
+
+ -- Alexander Sack <asac@jwsdot.com> Sun, 29 Feb 2004 10:30:20 +0100
+
+mozilla-thunderbird (0.5-2) unstable; urgency=low
+
+ * new source package layout!! Now using orig.tar.gz with diff.gz
+ (Closes: 232055)
+ * moved arch-indep chrome stuff to /usr/share/mozilla-thunderbird/chrome
+ * moved images to /usr/share/mozilla-thunderbird/res
+ /usr/share/mozilla-thunderbird/icons
+ /usr/share/mozilla-thunderbird/chrome/icons
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 19 Feb 2004 19:30:20 +0100
+
+mozilla-thunderbird (0.5-1.1) unstable; urgency=low
+
+ * new source package layout!! Now using orig.tar.gz with diff.gz
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 11 Feb 2003 19:30:20 +0100
+
+mozilla-thunderbird (0.5-1) unstable; urgency=low
+
+ * Aggregated changes since 0.4-1:
+ * new upstream release 0.5 included
+ * added xprt-xprintorg to Recommends (Closes: 226626)
+ * upgraded enigmail to 0.83.2 (Closes: 228678)
+ + includes a workaround for mozilla bug
+ leading to a crash in rare situations
+ (fixed in 0.82.6)
+ * improved package structure. Sources now are included as original archives
+ & are extracted to build-dir. (Closes: 225033)
+ * Minor wording changes in package description, pointed out by
+ Mark Stevenson.
+ * New debianization of appearance (branding)
+ * added switches for pref.js config entries for
+ individual doubleclick timeout & drag threshold
+ settings in gtk2 (Closes: 229146)
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 09 Feb 2003 19:30:20 +0100
+
+mozilla-thunderbird (0.5-0.1) unstable; urgency=low
+
+ * preview of thunderbird-0.5 rc2
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 07 Feb 2003 19:30:20 +0100
+
+mozilla-thunderbird (0.4-1.6) unstable; urgency=low
+
+ * added basic gtk settings as mozilla prefs:
+ + widget.gtk2.dnd.threshold - treshold in pixel before a drag starts
+ + widget.gtk2.double_click_timeout -
+ maximum time in milliseconds between two clicks
+ to become recognized as double-click e.g. to get
+ rid of unexpected folder moves, etc.
+ * upgraded enigmail to 0.83.2
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 05 Feb 2003 10:30:20 +0100
+
+mozilla-thunderbird (0.4-1.5) unstable; urgency=low
+
+ * added xprt-xprintorg to Recommends
+ * upgraded enigmail to 0.83.1
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 04 Feb 2003 10:30:20 +0100
+
+mozilla-thunderbird (0.4-1.4) unstable; urgency=low
+
+ * improved package structure. Sources now are included as original archives
+ & are extracted to build-dir. (Closes: 225033)
+ * late checkin. Already uploaded to mentors
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 27 Jan 2003 10:30:20 +0100
+
+mozilla-thunderbird (0.4-1.31) unstable; urgency=low
+
+ * Minor wording changes in package description, pointed out by
+ Mark Stevenson.
+
+ -- Soeren Boll Overgaard <boll@debian.org> Wed, 14 Jan 2004 12:46:23 +0000
+
+mozilla-thunderbird (0.4-1.3) unstable; urgency=low
+
+ * further debinized branding. updated 10_debian-branding patch
+ * do not use MOZILLA_FIVE_HOME. Always set the MOZILLA_FIVE_HOME
+ correctly. -> This is not anymore mozilla suite, so it is obsolete.
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 06 Jan 2003 10:30:20 +0100
+
+mozilla-thunderbird (0.4-1.2) unstable; urgency=low
+
+ * updated enigmail to 0.82.6 - includes a workaround for mozilla bug
+ leading to a crash.
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 30 Dec 2003 20:30:20 +0100
+
+mozilla-thunderbird (0.4-1.1) unstable; urgency=low
+
+ * switched to .orig.tgz file approach
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100
+
+mozilla-thunderbird (0.4-1) unstable; urgency=low
+
+ * version for first debian official upload of 0.4
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100
+
+mozilla-thunderbird (0.4-0.3) unstable; urgency=low
+
+ * updated latest enigmail source to version 0.82.5
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100
+
+mozilla-thunderbird (0.4-0.2) unstable; urgency=low
+
+ * added locale support: default locale is en-US
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100
+
+mozilla-thunderbird (0.4-0.1) unstable; urgency=low
+
+ * upgraded official 0.4 release
+ * browser integration works on gnome/kde
+ * new mozilla-theme
+ * latest engimail included
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 10 Nov 2003 00:30:20 +0100
+
+mozilla-thunderbird (0.3-7) unstable; urgency=low
+
+ * added patches for hppa & alpha, arm & mips specfic stuff. took the patches from
+ the debian mozilla package
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 10 Nov 2003 00:30:20 +0100
+
+mozilla-thunderbird (0.3-6) unstable; urgency=low
+
+ * added patch to switch from ex to sed which certainly won't
+ have terminal problems
+ * added .desktop file for menu integration in gnome, kde, etc.
+
+ -- Alexander Sack <asac@jwsdot.com> Sun, 2 Nov 2003 22:23:40 +0100
+
+
+mozilla-thunderbird (0.3-5) unstable; urgency=low
+
+ * Alexander Sack:
+ - added build depend nvi.
+ * Soeren Boll Overgaard
+ - added dependency on gnupg for enigmail.
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 29 Oct 2003 21:00:59 +0200
+
+mozilla-thunderbird (0.3-4) unstable; urgency=low
+
+ * Soeren Boll Overgaard:
+ - Improve wording in long descriptions.
+ - Fix dependency problem of the enigmail-package.
+
+ -- Soeren Boll Overgaard <boll@debian.org> Tue, 28 Oct 2003 17:08:55 +0100
+
+mozilla-thunderbird (0.3-3) unstable; urgency=low
+
+ * Build-depend on m4
+ * Actually do something in binary-arch
+ * asac: Applied Patch for myspell issue (closes: Bug#217555)
+ * fixed mozilla-thunderbird.sgml according to docbook DTD (closes: Bug#217708)
+
+ -- Soeren Boll Overgaard <boll@debian.org> Sun, 26 Oct 2003 23:24:25 +0100
+
+mozilla-thunderbird (0.3-2) unstable; urgency=low
+
+ * Build-depend on dpatch.
+
+ -- Soeren Boll Overgaard <boll@debian.org> Sun, 26 Oct 2003 13:26:31 +0100
+
+mozilla-thunderbird (0.3-1) unstable; urgency=low
+
+ * Make my name look right in Uploaders.
+ * Change version to one suited to Debian.
+ * Update standards version to 3.6.1 (No changes).
+
+ -- Soeren Boll Overgaard <boll@debian.org> Sun, 26 Oct 2003 09:38:24 +0000
+
+mozilla-thunderbird (0.3-0.3) unstable; urgency=low
+
+ * readded forgotten patch hunks
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 24 Oct 2003 09:00:59 +0200
+
+mozilla-thunderbird (0.3-0.2) unstable; urgency=low
+
+ * New upstream release
+ * latest patches of mozilla-thunderbird-0.2-3 are included
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 21 Oct 2003 20:55:59 +0200
+
+mozilla-thunderbird (0.2-3) unstable; urgency=low
+
+ * fixed sudo bug (closes: Bug#216469)
+ * repackaging because of enigmail build exception
+
+ -- Alexander Sack <asac@jwsdot.com> Wed, 15 Oct 2003 17:56:59 +0200
+
+mozilla-thunderbird (0.2-2) unstable; urgency=low
+
+ * Don't limit archs to i386.
+
+ -- Soeren Boll Overgaard <boll@debian.org> Sat, 18 Oct 2003 10:27:05 +0000
+
+mozilla-thunderbird (0.2-1) unstable; urgency=low
+
+ * restarted versioning for official debian upload
+ * Uploaded by S. Boll Overgaard <boll@debian.org>
+ - Closes thunderbird ITP (closes: Bug#196504)
+
+ -- Alexander Sack <asac@jwsdot.com> Wed, 15 Oct 2003 17:56:59 +0200
+
+mozilla-thunderbird (0.3-0.1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 16 Oct 2003 10:51:59 +0200
+
+mozilla-thunderbird (0.2asac-5) unstable; urgency=low
+
+ * some more lintian cleaning of source package
+ * added boll@debian.org as co-maintainer
+ * reduction of build depends redundancy
+
+ -- Alexander Sack <asac@jwsdot.com> Wed, 15 Oct 2003 17:56:50 +0000
+
+mozilla-thunderbird (0.2asac-4) unstable; urgency=low
+
+ * minimized build-depends & removed version constraints from build-deps to ease backporting
+ * added lintian override
+ * added long description for enigmail
+ * adjusted preference directory to $HOME/.mozilla-thunderbird
+
+ -- Alexander Sack <asac@jwsdot.com> Mon, 13 Oct 2003 20:53:45 +0000
+
+mozilla-thunderbird (0.2asac-3) unstable; urgency=low
+
+ * needed to get the the source archive up again :(
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 9 Oct 2003 18:51:01 +0200
+
+mozilla-thunderbird (0.2asac-2) unstable; urgency=high
+
+ * fixed the build procedure for enigmail binary package
+
+ -- Alexander Sack <asac@jwsdot.com> Tue, 7 Oct 2003 23:04:01 +0200
+
+mozilla-thunderbird (0.2asac-1) unstable; urgency=low
+
+ * New upstream release
+ * added binary package mozilla-thunderbird-enigmail
+ * now update-chrome enabled
+ * startup hooks (currently for enigmail) allowed in
+ /var/lib/mozilla-thunderbird/startup-hooks.d
+
+ -- Alexander Sack <asac@jwsdot.com> Fri, 3 Oct 2003 22:16:05 +0200
+
+mozilla-thunderbird (0.2-5) unstable; urgency=low
+
+ * changed menu entry image to gif image of size 32x32 -> lintian --check
+ tested
+ * added manual pages for mozilla-thunderbird & thunderbird
+ * remove mozilla-thunderbird-config from binary package
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 2 Oct 2003 02:30:44 +0200
+
+mozilla-thunderbird (0.2-4) unstable; urgency=low
+
+ * fixed conflict with snapshot build
+
+
+ -- Alexander Sack <asac@jwsdot.com> Wed, 1 Oct 2003 16:50:33 +0200
+
+mozilla-thunderbird (0.2-3) unstable; urgency=low
+
+ * apply quickfix for bug #212604 (bugzilla.mozilla.org)
+ -> firebird ist remote startable even if thunderbird is
+ running
+ * added basic man pages
+
+ -- Alexander Sack <asac@jwsdot.com> Wed, 1 Oct 2003 12:21:04 +0200
+
+mozilla-thunderbird (0.2-2) unstable; urgency=low
+
+ * corrected menu entry command to thunderbird
+
+ -- Alexander Sack <asac@jwsdot.com> Thu, 25 Sep 2003 12:00:36 +0200
+
+mozilla-thunderbird (0.2-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Alexander Sack <asac@jwsdot.com> Wed, 24 Sep 2003 18:55:50 +0200