diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 8029 |
1 files changed, 8029 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000000..6739c9b290 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,8029 @@ +thunderbird (1:115.7.0-1) unstable; urgency=medium + + * [6e0c26c] New upstream version 115.7.0 + Fixed CVE issues in upstream version 115.7 (MFSA 2024-04): + CVE-2024-0741: Out of bounds write in ANGLE + CVE-2024-0742: Failure to update user input timestamp + CVE-2024-0746: Crash when listing printers on Linux + CVE-2024-0747: Bypass of Content Security Policy when directive + unsafe-inline was set + CVE-2024-0749: Phishing site popup could show local origin in address bar + CVE-2024-0750: Potential permissions request bypass via clickjacking + CVE-2024-0751: Privilege escalation through devtools + CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain + CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, + and Thunderbird 115.7 + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 23 Jan 2024 16:56:31 +0100 + +thunderbird (1:115.6.0-1) unstable; urgency=medium + + * [aea3623] New upstream version 115.6.0 + Fixed CVE issues in upstream version 115.6 (MFSA 2023-55): + CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP + signature + CVE-2023-50761: S/MIME signature accepted despite mismatching message + date + CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced + method with Mesa VM driver + CVE-2023-6857: Symlinks may resolve to smaller than expected buffers + CVE-2023-6858: Heap buffer overflow in nsTextFragment + CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer + CVE-2023-6860: Potential sandbox escape due to VideoBridge lack + of texture validation + CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) + in headless mode + CVE-2023-6862: Use-after-free in nsDNSService + CVE-2023-6863: Undefined behavior in ShutdownObserver() + CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, + and Thunderbird 115.6 + * [6ecaa01] d/control: Remove B-D on libiw-dev + (Closes: #1058737) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 19 Dec 2023 20:24:02 +0100 + +thunderbird (1:115.5.2-1) unstable; urgency=medium + + * [34f6404] New upstream version 115.5.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 08 Dec 2023 21:21:26 +0100 + +thunderbird (1:115.5.1-1) unstable; urgency=medium + + * [eec913b] New upstream version 115.5.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 29 Nov 2023 18:13:11 +0100 + +thunderbird (1:115.5.0-1) unstable; urgency=medium + + [ intrigeri ] + * [a6be3ab] AppArmor: update profile from upstream at commit + 9d3fa88cdab512e45f6fd80f067337f200d356bc + + [ Carsten Schoenert ] + * [ed61fd6] New upstream version 115.5.0 + Fixed CVE issues in upstream version 115.5 (MFSA 2023-52): + CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer + CVE-2023-6205: Use-after-free in MessagePort::Entangled + CVE-2023-6206: Clickjacking permission prompts using the fullscreen + transition + CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer + CVE-2023-6208: Using Selection API would copy contents into X11 primary + selection. + CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" + CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, + and Thunderbird 115.5 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 22 Nov 2023 21:50:16 +0000 + +thunderbird (1:115.4.1-1) unstable; urgency=medium + + * [c51ab77] New upstream version 115.4.1 + Fixed CVE issues in upstream version 115.4.1 (MFSA 2023-47): + CVE-2023-5721: Queued up rendering could have allowed websites to + clickjack + CVE-2023-5732: Address bar spoofing via bidirectional characters + CVE-2023-5724: Large WebGL draw could have led to a crash + CVE-2023-5725: WebExtensions could open arbitrary URLs + CVE-2023-5728: Improper object tracking during GC in the JavaScript + engine could have led to a crash. + CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, + and Thunderbird 115.4.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 25 Oct 2023 21:05:23 +0200 + +thunderbird (1:115.3.1-1) unstable; urgency=medium + + * [276a53a] New upstream version 115.3.1 + Fixed CVE issues in upstream version 115.3.1 (MFSA 2023-44): + CVE-2023-5217: Heap buffer overflow in libvpx + * [a360abf] d/control: Point VCS links to debian/sid + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 29 Sep 2023 19:26:42 +0200 + +thunderbird (1:115.3.0-1) unstable; urgency=medium + + * [2e67467] New upstream version 115.3.0 + Fixed CVE issues in upstream version 115.3 (MFSA 2023-43): + CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 + CVE-2023-5169: Out-of-bounds write in PathOps + CVE-2023-5171: Use-after-free in Ion Compiler + CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox + ESR 115.3, and Thunderbird 115.3 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 27 Sep 2023 19:07:47 +0200 + +thunderbird (1:115.2.2-1) unstable; urgency=medium + + * [08bc8c9] d/thunderbird.desktop: Update data with upstream data + (Closes: #1042912, #1051261) + * [2fd665b] New upstream version 115.2.2 + Fixed CVE issues in upstream version 115.2.2 (MFSA 2023-40): + CVE-2023-4863: Heap buffer overflow in libwebp + * [7b862be] d/copyright: Update content due upstream changes + * [140b77d] d/s/lintian-overrides: Update data for overrides + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 13 Sep 2023 22:59:59 +0530 + +thunderbird (1:115.2.0-1) unstable; urgency=medium + + * [1415d01] New upstream version 115.2.0 + Fixed CVE issues in upstream version 115.2 (MFSA 2023-36): + CVE-2023-4573: Memory corruption in IPC CanvasTranslator + CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback + CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback + CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation + CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics + CVE-2023-4051: Full screen notification obscured by file open dialog + CVE-2023-4578: Error reporting methods in SpiderMonkey could have + triggered an Out of Memory Exception + CVE-2023-4053: Full screen notification obscured by external program + CVE-2023-4580: Push notifications saved to disk unencrypted + CVE-2023-4581: XLL file extensions were downloadable without warnings + CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv + CVE-2023-4583: Browsing Context potentially not cleared when closing + Private Window + CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR + 102.15, Firefox ESR 115.2, Thunderbird 102.15, and + Thunderbird 115.2 + CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, + and Thunderbird 115.2 + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 30 Aug 2023 17:41:36 +0200 + +thunderbird (1:115.1.1-1) unstable; urgency=medium + + [ Christoph Goehre ] + * [880cabe] ship glxtest and vaapitest binaries + (Closes: #1043057) + + [ Carsten Schoenert ] + * [8474b9b] d/thunderbird.install: Use upstream graphics for icons + * [85f99a2] d/c-u-t.py: Use Version() from python3-packaging + * [86e3335] d/thunderbird.desktop: Sort MimeType entries alphabetically + * [2bc5f47] New upstream version 115.1.1 + * [ddec51f] Revert "d/mozconfig.default: Use internal shipped librnp + version" + * [3ef27e2] Revert "d/control: Drop librnp0 package from Depends" + * [9011502] Revert "d/thunderbird.install: Install rnp tools too" + * [d5eef62] d/control: Bump version of librnp{0,-dev} + (Closes: #1041409) + + [ Max Nikulin ] + * [0e04b0e] d/thunderbird.desktop: Add IANA MIME type for .vcf vcard + * [ce01092] d/thunderbird.desktop: Add mid: URI to MIME types + (Closes: #1008159) + * [c11a22f] d/thunderbird.desktop: Add news: URI to MIME types + * [bf5586f] d/thunderbird.desktop: Add webcal: URI to MIME types + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 16 Aug 2023 17:18:04 +0200 + +thunderbird (1:115.1.0-1) unstable; urgency=medium + + * [8c11865] d/gbp.conf: Adjust upstream branch to new ESR cycle + * [fb76340] New upstream version 115.1.0 + Fixed CVE issues in upstream version 115.1 (MFSA 2023-33): + CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin + restrictions + CVE-2023-4046: Incorrect value used during WASM compilation + CVE-2023-4047: Potential permissions request bypass via clickjacking + CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions + CVE-2023-4049: Fix potential race conditions when releasing platform + objects + CVE-2023-4050: Stack buffer overflow in StorageManager + CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state + CVE-2023-4056: Memory safety bugs fixed in Firefox 116, + Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, + and Thunderbird 102.14 + CVE-2023-4057: Memory safety bugs fixed in Firefox 116, + Firefox ESR 115.1, and Thunderbird 115.1 + * [b562827] Rebuild patch queue from patch-queue branch + Removed patches (included upstream): + fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch + fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch + porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch + porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch + porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 01 Aug 2023 19:19:27 +0200 + +thunderbird (1:115.0.1-2) experimental; urgency=medium + + [ Carsten Schoenert ] + * [39b1576] d/create-upstream-tarballs.py: Catch non existing versions + * [f663f6a] d/create-upstream-tarballs.py: Running black formatter + * [8e6d7fe] d/create-upstream-tarballs.py: Use speaking variable name + + [ Christoph Goehre ] + * [cdab989] Rebuild patch queue from patch-queue branch + Added patch: + porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 29 Jul 2023 09:22:57 +0200 + +thunderbird (1:115.0.1-1) experimental; urgency=medium + + * [30f2fcc] New upstream version 115.0.1 + Fixed CVE issues in upstream version 115.0.1 (MFSA 2023-27): + CVE-2023-3600: Use-after-free in workers + CVE-2023-3417: File Extension Spoofing using the Text Direction + Override Character + * [efbb370] Rebuild patch queue from patch-queue branch + Added patches: + debian-hacks/rnp-Fix-include-for-format-specifiers-for-uint32_t.patch + fixes/skia-Cast-SkEndian_SwapBE32-n-to-uint32_t-on-big-endian.patch + porting-mips64el/skia-Disable-musttail-on-mips64.patch + porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch + * [f78b777] d/mozconfig.default: Use internal shipped librnp version + * [a606cdb] d/control: Drop librnp0 package from Depends + * [104bf35] d/thunderbird.install: Install rnp tools too + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 23 Jul 2023 09:07:08 +0200 + +thunderbird (1:115.0-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [3a6b0eb] New upstream version 115.0 + * [1c11a15] Rebuild patch queue from patch-queue branch + Dropped patches: + debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch + debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch + debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch + fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch + fixes/Bug-628252-os2.cc-fails-to-compile-against-GCC-4.6-m.patch + porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch + porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch + porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch + porting-ppc64el/work-around-a-build-failure-with-clang-on-ppc64el.patch + porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch + Added patches: + fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch + fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch + fixes/Fix-math_private.h-for-i386-FTBFS.patch + porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch + porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch + porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch + * [8d1d0e0] d/source.filter: Add build/android to list + + [ Bo YU ] + * [ddf55dc] riscv64: Add build support for Riscv64 (Closes: #1026118) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 16 Jul 2023 12:22:50 +0200 + +thunderbird (1:115.0~b6-1) experimental; urgency=medium + + * [1d7c51d] New upstream version 115.0~b6 + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 29 Jun 2023 20:13:46 +0200 + +thunderbird (1:115.0~b4-1) experimental; urgency=medium + + * [5685662] New upstream version 115.0~b4 + * [0ff4fd0] Rebuild patch queue from patch-queue branch + Updated patches: + porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch + porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch + * [67def1f] d/control: Add libotr5 to Depends + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 23 Jun 2023 16:03:31 +0200 + +thunderbird (1:114.0~b2-1) experimental; urgency=medium + + * [1f5bec1] New upstream version 114.0~b2 + * [df5220a] Rebuild patch queue from patch-queue branch + Updated patches: + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch + * [71e654b] d/rules: Add 2 files to dh_missing + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 16 May 2023 21:38:11 +0200 + +thunderbird (1:113.0~b3-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [569da29] apparmor: Expand profile folder about .mozilla-thunderbird + (Closes: #1030532) + * [777be0a] New upstream version 113.0~b3 + * [ae90792] Rebuild patch queue from patch-queue branch + Dropped patch (included upstream): + debian-hacks/Make-Thunderbird-build-reproducible.patch + + [ Timothy Pearson ] + * [5dff12c] Explicitly set SQLite endianness on ppc64el + + [ intrigeri ] + * [c0ea3f9] AppArmor: update profile from upstream at + commit a03a894c6c30b7a566aa74645802de1cea580bca + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 21 Apr 2023 19:11:41 +0200 + +thunderbird (1:112.0~b1-1) experimental; urgency=medium + + * [c89a60d] d/source.filter: Update content to filter out + * [12cd2c8] New upstream version 112.0~b1 + * [6655d37] Rebuild patch queue from patch-queue branch + Removed patch: + debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch + * [c4744df] d/control: Increade B-D on rustc to >= 1.65 + * [ad73ef1] d/thunderbird.docs: Readd Apache-2 related Notice file + * [ebf44e8] d/control: Adjust B-D to libfontconfig-dev + * [6cea088] d/control: Increase Standards-Version to 4.6.2 + * [2d0d8ee] d/copyright: Update content due upstream changes + * [268ee53] Lintian: Update overrides for source package + * [28ffd63] Lintian: Update overrides for thunderbird package + * [200f86d] Lintian: Update override for thunderbird-l10n-all + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 18 Mar 2023 19:31:18 +0100 + +thunderbird (1:110.0~b4-1) experimental; urgency=medium + + + [ Amr Ibrahim ] + * [22b9eb7] thunderbird.desktop: Update StartupWMClass + + [ Carsten Schoenert ] + * [afe6c6a] d/copyright: Update content due upstream changes + * [7b31b9d] d/source.filter: Update content to filter out + * [03b50b4] Lintian: Adjust overrides for thunderbird package + * [d3510d8] Lintian: Adjust overrides for source package + * [57839a2] d/control: Increase version in B-D for libnss-dev + * [958648e] d-create-upstream-tarballs.py: Use correct variable + * [208f93e] New upstream version 110.0~b4 + (Closes: #1031541) + * [ba87378] Rebuild patch queue from patch-queue branch + Added patch: + debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch + Adjusted patch: + debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + * [3104ede] Drop usage of autoconf calls + * [42a2545] d/control: Increase some versions in B-D + * [551a17f] d/rules: Don't remove configure on dh_clean + * [3b7b408] d/source.filter: Don't filter configure from upstream data + * [48913d3] d/thunderbird.docs: Drop install of NOTICE file + * [44589db] d/mozconfig.default: Use internal version of ICU + * [3eba559] d/control: Drop libicu-dev from B-D for now + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 07 Mar 2023 16:41:43 +0100 + +thunderbird (1:104.0~b2-1) experimental; urgency=medium + + * [92670b2] d/repack.py: Small rework and adjustments + * [06fb656] d/create-upstream-tarballs.py: Adding new helper script + * [331247d] d/README.source: Update information on importing data + * [57a6dd7] d/source.filter: Relax filter rule for old-configure + * [36696b6] d/repack.py: Don't exit(1) if unused filter items exist + * [3b14d11] d/create-thunderbird-l10n-tarball.sh: Drop old helper + * [5468bb8] d/gbp.conf: Drop 'import-orig' section + * [fd4d5c1] d/source.filter: Add files named *.orig and *.rej + * [5035e50] New upstream version 104.0~b2 + * [cc89049] Rebuild patch queue from patch-queue branch + Removed patch: + debian-hacks/Lower-down-required-NSS-version.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 06 Aug 2022 09:13:35 +0200 + +thunderbird (1:103.0~b5-1) experimental; urgency=medium + + * [a060ea2] d/gbp.conf: Sign tags automatically + (cherry-picked from debian/sid) + * [ac331c8] New upstream version 103.0~b5 + * [00dd354] Rebuild patch queue from patch-queue branch + Added patch: + debian-hacks/Lower-down-required-NSS-version.patch + * [5c35afb] d/watch: Look now for versions starting with 3 digits + (cherry-picked from debian/sid) + * [a897f48] d/control: Add package thunderbird-l10n-es-mx + (cherry-picked from debian/sid) + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 13 Jul 2022 18:08:16 +0200 + +thunderbird (1:102.13.1-1) unstable; urgency=medium + + * [e803b54] New upstream version 102.13.1 + Fixed CVE issues in upstream version 102.13.1 (MFSA 2023-28): + CVE-2023-3417: File Extension Spoofing using the Text Direction + Override Character + * [456ce20] Rebuild patch queue from patch-queue branch + Added patch: + fixes/gfx-Fix-inclusion-of-C-header.patch + fixes/toolkit-Fix-inclusion-of-C-header.patch + (Closes: #1037872) + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 26 Jul 2023 19:48:59 +0200 + +thunderbird (1:102.13.0-1) unstable; urgency=medium + + * [7168011] New upstream version 102.13.0 + Fixed CVE issues in upstream version 102.13 (MFSA 2023-24): + CVE-2023-37201: Use-after-free in WebRTC certificate generation + CVE-2023-37202: Potential use-after-free from compartment mismatch in + SpiderMonkey + CVE-2023-37207: Fullscreen notification obscured + CVE-2023-37208: Lack of warning when opening Diagcab files + CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR + 102.13, and Thunderbird 102.13 + (Closes: #971790, #1006432) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 08 Jul 2023 06:15:04 +0200 + +thunderbird (1:102.12.0-1) unstable; urgency=medium + + * [a285966] New upstream version 102.12.0 + Fixed CVE issues in upstream version 102.12 (MFSA 2023-21): + CVE-2023-34414: Click-jacking certificate exceptions through rendering lag + CVE-2023-34416: Memory safety bugs fixed in Thunderbird 102.12 + * [73c48d4] d/control: Add libotr5 to Depends + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 05 Jun 2023 18:51:11 +0200 + +thunderbird (1:102.11.0-1) unstable; urgency=medium + + [ intrigeri ] + * [f3e5479] AppArmor: update profile from upstream at + commit a03a894c6c30b7a566aa74645802de1cea580bca + + [ Carsten Schoenert ] + * [0626d72] New upstream version 102.11.0 + Fixed CVE issues in upstream version 102.11 (MFSA 2023-18): + CVE-2023-32205: Browser prompts could have been obscured by popups + CVE-2023-32206: Crash in RLBox Expat driver + CVE-2023-32207: Potential permissions request bypass via clickjacking + CVE-2023-32211: Content process crash due to invalid wasm code + CVE-2023-32212: Potential spoof due to obscured address bar + CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() + CVE-2023-32215: Memory safety bugs fixed in Thunderbird 102.11 + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 12 May 2023 17:11:29 +0200 + +thunderbird (1:102.10.0-1) unstable; urgency=medium + + * [8afefce] New upstream version 102.10.0 + Fixed CVE issues in upstream version 102.10 (MFSA 2023-15): + CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass + CVE-2023-29533: Fullscreen notification obscured + CVE-2023-1999: Double-free in libwebp + CVE-2023-29535: Potential Memory Corruption following Garbage Collector + compaction + CVE-2023-29536: Invalid free from JavaScript code + CVE-2023-0547: Revocation status of S/Mime recipient certificates was + not checked + CVE-2023-29479: Hang when processing certain OpenPGP messages + CVE-2023-29539: Content-Disposition filename truncation leads to + Reflected File Download + CVE-2023-29541: Files with malicious extensions could have been + downloaded unsafely on Linux + CVE-2023-29542: Bypass of file download extension restrictions + CVE-2023-1945: Memory Corruption in Safe Browsing Code + CVE-2023-29548: Incorrect optimization result on ARM64 + CVE-2023-29550: Memory safety bugs fixed in Thunderbird 102.10 + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 17 Apr 2023 21:32:45 +0200 + +thunderbird (1:102.9.1-1) unstable; urgency=medium + + [ Timothy Pearson ] + * [de7c4f8] Explicitly set SQLite endianness on ppc64el + (Closes: #1033534) + + [ Carsten Schoenert ] + * [06059fb] New upstream version 102.9.1 + Fixed CVE issues in upstream version 102.9.1 (MFSA 2023-12): + CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to + denial-of-service attack + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 29 Mar 2023 17:34:39 +0200 + +thunderbird (1:102.9.0-1) unstable; urgency=medium + + * [ad8cc7c] New upstream version 102.9.0 + Fixed CVE issues in upstream version 102.9 (MFSA 2023-11): + CVE-2023-25751: Incorrect code generation during JIT compilation + CVE-2023-28164: URL being dragged from a removed cross-origin iframe + into the same tab triggered navigation + CVE-2023-28162: Invalid downcast in Worklets + CVE-2023-25752: Potential out-of-bounds when accessing throttled streams + CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 + * [b0a22c0] d/control: Increase Standards-Version to 4.6.2 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 15 Mar 2023 19:54:53 +0100 + +thunderbird (1:102.8.0-1) unstable; urgency=medium + + * [b130936] New upstream version 102.8.0 + Fixed CVE issues in upstream version 102.8.0 (MFSA 2023-07): + CVE-2023-0616: User Interface lockup with messages combining S/MIME and + OpenPGP + CVE-2023-25728: Content security policy leak in violation reports using + iframes + CVE-2023-25730: Screen hijack via browser fullscreen mode + CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS + CVE-2023-25735: Potential use-after-free from compartment mismatch in + SpiderMonkey + CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry + CVE-2023-25739: Use-after-free in + mozilla::dom::ScriptLoadContext::~ScriptLoadContext + CVE-2023-25729: Extensions could have opened external schemes without + user knowledge + CVE-2023-25732: Out of bounds memory write from EncodeInputStream + CVE-2023-25742: Web Crypto ImportKey crashes tab + CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8 + * [66e2335] Rebuild patch queue from patch-queue branch + Removed patch (included upstream): + debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 17 Feb 2023 20:17:32 +0100 + +thunderbird (1:102.7.2-1) unstable; urgency=medium + + * [468e468] New upstream version 102.7.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 08 Feb 2023 18:34:59 +0100 + +thunderbird (1:102.7.1+1-1) unstable; urgency=medium + + * [5ce0e7d] New upstream version 102.7.1+1 + Fixed CVE issues in upstream version 102.7.1 (MFSA 2023-04): + CVE-2023-0430: Revocation status of S/Mime signature certificates was + not checked + Note: The previous version 1:102.7.1-1 was build on top of a release + candidate which does not fixed CVE-2023-0430 fully. + (Closes: #1029594, #1029606) + * [c7c81a5] apparmor: Expand profile folder about .mozilla-thunderbird + (Closes: #1030532) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 05 Feb 2023 17:27:40 +0100 + +thunderbird (1:102.7.1-1) unstable; urgency=medium + + * [dbc3385] New upstream version 102.7.1 + Fixed CVE issues in upstream version 102.7 (MFSA 2023-03): + CVE-2022-46871: libusrsctp library out of date + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux + CVE-2023-23601: URL being dragged from cross-origin iframe into same + tab triggers navigation + CVE-2023-23602: Content Security Policy wasn't being correctly applied + to WebSockets in WebWorkers + CVE-2022-46877: Fullscreen notification bypass + CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing + Content Security Policy via format directive + CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7 + * [af92a36] Rebuild patch queue from patch-queue branch + Added patch: + debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch + (Closes: #1028885) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 24 Jan 2023 16:32:06 +0100 + +thunderbird (1:102.6.0-1) unstable; urgency=medium + + [ Paul Gevers ] + * [6bbbd94] tests: thunderbird no longer builds on armel and armhf, so + let's not fail while trying to test there + * [d9e09a0] tests: help.sh is really a very superficial test, so let's + mark it as such + + [ Carsten Schoenert ] + * [43b90d6] New upstream version 102.6.0 + Fixed CVE issues in upstream version 102.6 (MFSA 2022-53): + CVE-2022-46880: Use-after-free in WebGL + CVE-2022-46872: Arbitrary file read from a compromised content process + CVE-2022-46881: Memory corruption in WebGL + CVE-2022-46874: Drag and Dropped Filenames could have been truncated to + malicious extensions + CVE-2022-46882: Use-after-free in WebGL + CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 + * [745c1a3] Rebuild patch queue from patch-queue branch + Removed patches (included upstream): + fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch + fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch + fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch + * [1e74214] d/control: Increase buid dep on libnss3-dev to 3.79.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 13 Dec 2022 19:40:57 +0100 + +thunderbird (1:102.5.1-1) unstable; urgency=medium + + * [ae4d1ff] New upstream version 102.5.1 + Fixed CVE issues in upstream version 102.5.1 (MFSA 2022-50): + CVE-2022-45414: Quoting from an HTML email with certain tags will trigger + network requests and load remote content, regardless of + a configuration to block remote content + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 30 Nov 2022 12:27:38 +0100 + +thunderbird (1:102.5.0-1) unstable; urgency=medium + + * [2f04265] New upstream version 102.5.0 + Fixed CVE issues in upstream version 102.5 (MFSA 2022-49): + CVE-2022-45403: Service Workers might have learned size of cross-origin + media files + CVE-2022-45404: Fullscreen notification bypass + CVE-2022-45405: Use-after-free in InputStream implementation + CVE-2022-45406: Use-after-free of a JavaScript Realm + CVE-2022-45408: Fullscreen notification bypass via windowName + CVE-2022-45409: Use-after-free in Garbage Collection + CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite + cookie policy + CVE-2022-45411: Cross-Site Tracing was possible via non-standard + override headers + CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers + CVE-2022-45416: Keystroke Side-Channel Leakage + CVE-2022-45418: Custom mouse cursor could have been drawn over + browser UI + CVE-2022-45420: Iframe contents could be rendered outside the iframe + CVE-2022-45421: Memory safety bugs fixed in Thunderbird 102.5 + * [57e94ac] Rebuild patch queue from patch-queue branch + Added patches: + fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch + fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch + (Closes: #1023789) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 15 Nov 2022 19:34:55 +0100 + +thunderbird (1:102.4.1-1) unstable; urgency=medium + + [ intrigeri ] + * [37c5b01] AppArmor: update profile from upstream at commit + 09fa2669dc95cb336d133a6b96cac227e3aa73dc + This allows running Thunderbird as a native Wayland application. + + [ Carsten Schoenert ] + * [031c4a2] New upstream version 102.4.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 31 Oct 2022 18:50:44 +0100 + +thunderbird (1:102.4.0-1) unstable; urgency=medium + + * [6bfe8cd] New upstream version 102.4.0 + Fixed CVE issues in upstream version 102.4 (MFSA 2022-46): + CVE-2022-42927: Same-origin policy violation could have leaked + cross-origin URLs + CVE-2022-42928: Memory Corruption in JS Engine + CVE-2022-42929: Denial of Service via window.print + CVE-2022-42932: Memory safety bugs fixed in Thunderbird 102.4 + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 24 Oct 2022 22:33:05 +0200 + +thunderbird (1:102.3.3-1) unstable; urgency=medium + + * [6729f5d] New upstream version 102.3.3 + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 13 Oct 2022 16:09:50 +0200 + +thunderbird (1:102.3.2-1) unstable; urgency=medium + + * [db7a24f] New upstream version 102.3.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 06 Oct 2022 20:34:42 +0200 + +thunderbird (1:102.3.1-1) unstable; urgency=medium + + * [f845126] New upstream version 102.3.1 + Fixed CVE issues in upstream version 102.3.1 (MFSA 2022-43): + CVE-2022-39249: Matrix SDK bundled with Thunderbird vulnerable to an + impersonation attack by malicious server administrators + CVE-2022-39250: Matrix SDK bundled with Thunderbird vulnerable to a device + verification attack + CVE-2022-39251: Matrix SDK bundled with Thunderbird vulnerable to an + impersonation attack + CVE-2022-39236: Matrix SDK bundled with Thunderbird vulnerable to a data + corruption issue + * [4555808] Rebuild patch queu from patch-queue branch + debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch + fixes/Properly-launch-applications-set-in-HOME-.mailcap.patch + * [344dbfa] d/copyright: Add info about code from Matrix + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 29 Sep 2022 19:09:02 +0200 + +thunderbird (1:102.3.0-1) unstable; urgency=medium + + * [0e841a7] New upstream version 102.3.0 + Fixed CVE issues in upstream version 102.3 (MFSA 2022-42): + CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages + CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads + CVE-2022-40958: Bypassing Secure Context restriction for cookies with + __Host and __Secure prefix + CVE-2022-40956: Content-Security-Policy base-uri bypass + CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64 + CVE-2022-40962: Memory safety bugs fixed in Thunderbird 102.3 + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 16 Sep 2022 16:56:20 +0200 + +thunderbird (1:102.2.2-1) unstable; urgency=medium + + * [f1dc81f] New upstream version 102.2.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 08 Sep 2022 17:25:57 +0200 + +thunderbird (1:102.2.1-1) unstable; urgency=medium + + * [e1d0f74] New upstream version 102.2.1 + Fixed CVE issues in upstream version 102.2.1 (MFSA 2022-38): + CVE-2022-3033: Leaking of sensitive information when composing a response + to an HTML email with a META refresh tag + CVE-2022-3032: Remote content specified in an HTML document that was + nested inside an iframe's srcdoc attribute was not blocked + CVE-2022-3034: An iframe element in an HTML email could trigger a + network request + CVE-2022-36059: Matrix SDK bundled with Thunderbird vulnerable to + denial-of-service attack + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 01 Sep 2022 07:52:16 +0200 + +thunderbird (1:102.2.0-1) unstable; urgency=medium + + [ Amr Ibrahim ] + * [02a3990] thunderbird.desktop: Update StartupWMClass + (Closes: #1017420, #1014748) + + [ Carsten Schoenert ] + * [f7b62a8] d-create-upstream-tarballs.py: Use correct variable + * [7194457] New upstream version 102.2.0 + Fixed CVE issues in upstream version 102.2 (MFSA 2022-36): + CVE-2022-38472: Address bar spoofing via XSLT error handling + CVE-2022-38473: Cross-origin XSLT Documents would have inherited the + parent's permissions + CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW + CVE-2022-38477: Memory safety bugs fixed in Thunderbird 102.2 + CVE-2022-38478: Memory safety bugs fixed in Thunderbird 102.2, and + Thunderbird 91.13 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 28 Aug 2022 17:23:50 +0200 + +thunderbird (1:102.1.2-1) unstable; urgency=medium + + * [78f2899] d/copyright: Update content due upstream changes + * [55dba1d] d/source.filter: Update content to filter out + * [3e19497] Lintian: Adjust overrides for thunderbird package + * [567e0c4] Lintian: Adjust overrides for source package + * [c201484] New upstream version 102.1.2 + (Closes: #1016944) + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 11 Aug 2022 16:37:07 +0200 + +thunderbird (1:102.1.1-1) unstable; urgency=medium + + * [2c1b12f] d/create-upstream-tarballs.py: Adding new helper script + * [a9633b9] d/README.source: Update information on importing data + * [1d2cdc0] d/source.filter: Relax filter rule for old-configure + * [f1afe9b] d/repack.py: Don't exit(1) if unused filter items exist + * [165593a] d/create-thunderbird-l10n-tarball.sh: Drop old helper + * [b4d73ee] d/gbp.conf: Drop 'import-orig' section + * [d186832] d/source.filter: Add files named *.orig and *.rej + * [933b099] New upstream version 102.1.1 + (Closes: #1014675:) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 06 Aug 2022 11:26:44 +0200 + +thunderbird (1:102.1.0-1) unstable; urgency=medium + + * [3b7bb0d] New upstream version 102.1.0 + Fixed CVE issues in upstream version 102.1 (MFSA 2022-32): + CVE-2022-36319: Mouse Position spoofing with CSS transforms + CVE-2022-36318: Directory indexes for bundled resources reflected URL + parameters + CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1 + (Closes: #1016083, #1014745, #1014675, #1014638) + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 29 Jul 2022 17:00:53 +0200 + +thunderbird (1:102.0.2-1) unstable; urgency=medium + + * [079e135] d/repack.py: Small rework and adjustments + * [fc2518e] d/control: Readjust Vcs links to unstable + * [a7b09b3] d/gbp.conf: Sign tags automatically + * [faf115d] New upstream version 102.0.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 12 Jul 2022 18:41:04 +0200 + +thunderbird (1:102.0.1-1) unstable; urgency=medium + + * [68c9410] d/gbp.conf: Adjust upstream branch to new ESR cycle + * [45eca79] New upstream version 102.0.1 + Fixed CVE issues in upstream version 102.0 (MFSA 2022-26): + CVE-2022-34479: A popup window could be resized in a way to overlay the + address bar with web content + CVE-2022-34470: Use-after-free in nsSHistory + CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed + via retargeted javascript: URI + CVE-2022-2226: An email with a mismatching OpenPGP signature date was + accepted as valid + CVE-2022-34481: Potential integer overflow in ReplaceElementsAt + CVE-2022-31744: CSP bypass enabling stylesheet injection + CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being + blocked + CVE-2022-2200: Undesired attributes could be set as part of prototype + pollution + CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and + Thunderbird 102 + * [1842425] d/watch: Look now for versions starting with 3 digits + * [0a32bb3] d/control: Add package thunderbird-l10n-es-mx + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 08 Jul 2022 17:47:21 +0200 + +thunderbird (1:102.0~b7-1) experimental; urgency=medium + + * [edf32aa] New upstream version 102.0~b7 + * [c9dd3e0] d/control: Remove not required B-D + * [ac2ec70] d/mozconfig.default: Remove commented out options + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 21 Jun 2022 19:06:58 +0200 + +thunderbird (1:102.0~b4-1) experimental; urgency=medium + + * [8f34a01] d/source.filter: Small updates to filtering list + * [e1d4c7c] New upstream version 102.0~b4 + * [c97416b] Rebuild patch-queue from patch queue branch + Removed patch (needs update): + fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch + Removed patch (fixed upstream): + porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch + * [68712eb] d/mozconfig.default: Disable wasm sandboxing + * [a1df764] d/mozconfig.default: Remove openpgp option + Supporting OpenPGP functionality is now set on by default. + * [607c321] d/mozconfig.default: Add/Update some configure options + * [efc728e] d/rules: Add new needed variable MOZBUILD_STATE_PATH + * [7b0d743] d/rules: Ensure python is used from the environment + * [26053f1] Build against system librnp library + Unfortunately using librnp-dev requires the usage of the internal + versions of botan, bz2 and jsonc. + (Closes: #998848) + * [5e904d8] d/control: Bump various build dependencies + * [94ee0da] d/thunderbird.docs: Update content to install + * [477f949] d/control: Increase Standards-Version to 4.6.1 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 15 Jun 2022 16:47:29 +0200 + +thunderbird (1:91.11.0-1) unstable; urgency=medium + + * [05a947d] New upstream version 91.11.0 + Fixed CVE issues in upstream version 91.11 (MFSA 2022-26): + CVE-2022-34479: A popup window could be resized in a way to overlay the + address bar with web content + CVE-2022-34470: Use-after-free in nsSHistory + CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed + via retargeted javascript: URI + CVE-2022-2226: An email with a mismatching OpenPGP signature date was + accepted as valid + CVE-2022-34481: Potential integer overflow in ReplaceElementsAt + CVE-2022-31744: CSP bypass enabling stylesheet injection + CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being + blocked + CVE-2022-2200: Undesired attributes could be set as part of prototype + pollution + CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and + Thunderbird 102 + (Closes: #1014004) + * [4c4944d] Rebuild patch queue from patch-queue branch + Added patch: + fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 01 Jul 2022 20:12:40 +0200 + +thunderbird (1:91.10.0-1) unstable; urgency=medium + + * [969960a] New upstream version 91.10.0 + Fixed CVE issues in upstream version 91.9.1 (MFSA 2022-19): + CVE-2022-1802: Prototype pollution in Top-Level Await implementation + CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading + to prototype pollution + + Fixed CVE issues in upstream version 91.10 (MFSA 2022-22): + CVE-2022-31736: Cross-Origin resource's length leaked + CVE-2022-31737: Heap buffer overflow in WebGL + CVE-2022-31738: Browser window spoof using fullscreen mode + CVE-2022-31739: Attacker-influenced path traversal when saving downloaded + files + CVE-2022-31740: Register allocation problem in WASM on arm64 + CVE-2022-31741: Uninitialized variable leads to invalid memory read + CVE-2022-1834: Braille space character caused incorrect sender email to be + shown for a digitally signed email + CVE-2022-31742: Querying a WebAuthn token with a large number of + allowCredential entries may have leaked cross-origin + information + CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 + * [4b55e16] d/control: Increase Standards-Version to 4.6.0 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 30 May 2022 19:36:06 +0200 + +thunderbird (1:91.9.0-1) unstable; urgency=medium + + * [88b99d1] New upstream version 91.9.0 + Fixed CVE issues in upstream version 91.9 (MFSA 2022-18): + CVE-2022-1520: Incorrect security status shown after viewing an attached + email + CVE-2022-29914: Fullscreen notification bypass using popups + CVE-2022-29909: Bypassing permission prompt in nested browsing contexts + CVE-2022-29916: Leaking browser history with CSS variables + CVE-2022-29911: iframe sandbox bypass + CVE-2022-29912: Reader mode bypassed SameSite cookies + CVE-2022-29913: Speech Synthesis feature not properly disabled + CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 16 May 2022 13:51:59 +0200 + +thunderbird (1:91.8.1-1) unstable; urgency=medium + + * [b57406c] New upstream version 91.8.1 + (Closes: #1009321) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 19 Apr 2022 20:27:13 +0200 + +thunderbird (1:91.8.0-1) unstable; urgency=medium + + * [06619c5] New upstream version 91.8.0 + Fixed CVE issues in upstream version 91.8 (MFSA 2022-15): + CVE-2022-1097: Use-after-free in NSSToken objects + CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions + CVE-2022-1197: OpenPGP revocation information was ignored + CVE-2022-1196: Use-after-free after VR Process destruction + CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument + CVE-2022-28285: Incorrect AliasSet used in JIT Codegen + CVE-2022-28286: iframe contents could be rendered outside the border + CVE-2022-24713: Denial of Service via complex regular expressions + CVE-2022-28289: Memory safety bugs fixed in Thunderbird 91.8 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 06 Apr 2022 20:08:25 +0200 + +thunderbird (1:91.7.0-2) unstable; urgency=medium + + * [c348b62] Rebuild patch-queue from patch queue branch + Added patch: + fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch + (Closes: #948691) + Thanks go out to Simon McVittie for preparing this patch! + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 16 Mar 2022 06:55:46 +0100 + +thunderbird (1:91.7.0-1) unstable; urgency=medium + + * [952f6d0] New upstream version 91.7.0 + Fixed CVE issues in upstream version 91.7 (MFSA 2022-12): + CVE-2022-26383: Browser window spoof using fullscreen mode + CVE-2022-26384: iframe allow-scripts sandbox bypass + CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on + signatures + CVE-2022-26381: Use-after-free in text reflows + CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other + local users + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 15 Mar 2022 17:54:46 +0100 + +thunderbird (1:91.6.2-1) unstable; urgency=medium + + * [2f95b97] New upstream version 91.6.2 + Fixed CVE issues in upstream version 91.6.2 (MFSA 2022-09): + CVE-2022-26485: Use-after-free in XSLT parameter processing + CVE-2022-26486: Use-after-free in WebGPU IPC Framework + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 08 Mar 2022 08:40:12 +0100 + +thunderbird (1:91.6.1-1) unstable; urgency=medium + + * [3edb855] New upstream version 91.6.1 + Fixed CVE issues in upstream version 91.6.1 (MFSA 2022-07): + CVE-2022-0566: Crafted email could trigger an out-of-bounds write + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 19 Feb 2022 11:01:46 +0100 + +thunderbird (1:91.6.0-1) unstable; urgency=medium + + * [884ccb6] New upstream version 91.6.0 + Fixed CVE issues in upstream version 91.6 (MFSA 2022-06): + CVE-2022-22754: Extensions could have bypassed permission confirmation + during update + CVE-2022-22756: Drag and dropping an image could have resulted in the + dropped object being an executable + CVE-2022-22759: Sandboxed iframes could have executed script if the parent + appended elements + CVE-2022-22760: Cross-Origin responses could be distinguished between + script and non-script content-types + CVE-2022-22761: frame-ancestors Content Security Policy directive was not + enforced for framed extension pages + CVE-2022-22763: Script Execution during invalid object state + CVE-2022-22764: Memory safety bugs fixed in Thunderbird 91.6 + (Closes: #1004951) + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 11 Feb 2022 18:50:23 +0100 + +thunderbird (1:91.5.1-1) unstable; urgency=medium + + * [130bab2] New upstream version 91.5.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 23 Jan 2022 18:41:12 +0100 + +thunderbird (1:91.5.0-2) unstable; urgency=medium + + * [fd07163] autopkgtest: Run check-global-config-path.py only on Intel + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 12 Jan 2022 20:46:54 +0100 + +thunderbird (1:91.5.0-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [8d4e5f8] New upstream version 91.5.0 + Fixed CVE issues in upstream version 91.5 (MFSA 2022-03): + CVE-2022-22743: Browser window spoof using fullscreen mode + CVE-2022-22742: Out-of-bounds memory access when inserting text in edit + mode + CVE-2022-22741: Browser window spoof using fullscreen mode + CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner + CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur + CVE-2022-22737: Race condition when playing audio files + CVE-2021-4140: Iframe sandbox bypass with XSLT + CVE-2022-22748: Spoofed origin on external protocol launch dialog + CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation + event + CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully + escape website-controlled data, potentially leading to + command injection + CVE-2022-22747: Crash when handling empty pkcs7 sequence + CVE-2022-22739: Missing throttling on external protocol launch dialog + CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5 + * [a86c0b4] Rebuild patch queue from patch-queue branch + Modified patch: + debian-hacks/Add-another-preferences-directory-for-applications-p.patch + Reworking the patch so LoadDirIntoArray is working again that is adding + an additional syspref folder for global settings to use. + (Closes: #997841, #1003280) + * [442988b] autopkgtest: Adding check for accessing syspref folder + + [ Jochen Sprickerhof ] + * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v' + (Closes:#1002570 ) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 11 Jan 2022 19:12:50 +0100 + +thunderbird (1:91.4.1-1) unstable; urgency=medium + + * [c5b36d3] New upstream version 91.4.1 + Fixed CVE issues in upstream version 91.4.1 (MFSA 2021-55): + CVE-2021-4126: OpenPGP signature status doesn't consider additional + message content + CVE-2021-44538: Matrix chat library libolm bundled with Thunderbird + vulnerable to a buffer overflow + * [b66bebb] d/changelog: Update some MOZ-* entries with assigned CVEs + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 20 Dec 2021 16:05:02 +0100 + +thunderbird (1:91.4.0-1) unstable; urgency=medium + + * [7752be0] d/source.filter: Small updates to filtering list + * [0899850] New upstream version 91.4.0 + Fixed CVE issues in upstream version 91.4 (MFSA 2021-54): + CVE-2021-43536: URL leakage when navigating while executing asynchronous + function + CVE-2021-43537: Heap buffer overflow when using structured clone + CVE-2021-43538: Missing fullscreen and pointer lock notification when + requesting both + CVE-2021-43539: GC rooting failure when calling wasm instance methods + CVE-2021-43541: External protocol handler parameters were unescaped + CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence + of an external protocol handler + CVE-2021-43543: Bypass of CSP sandbox directive when embedding + CVE-2021-43545: Denial of Service when using the Location API in a loop + CVE-2021-43546: Cursor spoofing could overlay user interface when native + cursor is zoomed + CVE-2021-43528: JavaScript unexpectedly enabled for the composition area + CVE-2021-4129: Memory safety bugs fixed in Thunderbird 91.4.0 + * [afd7750] d/t.lintian-overrides: Update entries due renamed tags + Some Lintan tags were renamed, thus requires am adjustment of the existing + overrides. + * [30a387c] d/s/lintian-overrides: Adjust most of the existing entries + Same as before but for the source package. + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 07 Dec 2021 18:26:44 +0100 + +thunderbird (1:91.3.2-1) unstable; urgency=medium + + * [7fd56f0] New upstream version 91.3.2 + * [4fccecb] Rebuild patch queue from patch-queue branch + Added patch: + debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 21 Nov 2021 18:29:42 +0100 + +thunderbird (1:91.3.0-1) unstable; urgency=medium + + * [1d3e0b1] Revert "Rebuild patch queue from patch-queue branch" + The patch for fixing the broken build on i386 breaks other architectures, + so reverting for now. + * [66755b4] New upstream version 91.3.0 + Fixed CVE issues in upstream version 91.3 (MFSA 2021-50): + CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets + CVE-2021-38504: Use-after-free in file picker dialog + CVE-2021-38506: Thunderbird could be coaxed into going into fullscreen + mode without notification or warning + CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass + the Same-Origin-Policy on services hosted on other ports + CVE-2021-43535: Use-after-free in HTTP2 Session object + CVE-2021-38508: Permission Prompt could be overlaid, resulting in user + confusion and potential spoofing + CVE-2021-38509: Javascript alert box could have been spoofed onto an + arbitrary domain + CVE-2021-43534: Memory safety bugs fixed in Thunderbird ESR 91.3 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 03 Nov 2021 18:14:09 +0100 + +thunderbird (1:91.2.1-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [bcb5677] d/gbp.conf: Adjust to upstream-91.x + * [12a433a] New upstream version 91.2.1 + * [f935b52] Rebuild patch queue from patch-queue branch + Added patch: + debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch + * [3faba71] Disable usage of system icu package + The system packages of libicu-dev are to old for Thunderbird, we need to + use the internel pre-shipped ICU sources. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 23 Oct 2021 08:59:32 +0200 + +thunderbird (1:91.2.0-1) experimental; urgency=medium + + * [3c88844] New upstream version 91.2.0 + Fixed CVE issues in upstream version 91.2 (MFSA 2021-47): + CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections + CVE-2021-38496: Use-after-free in MessageTask + CVE-2021-38497: Validation message could have been overlaid on another + origin + CVE-2021-38498: Use-after-free of nsLanguageAtomService object + CVE-2021-32810: Data race in crossbeam-deque + CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 + CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 + (Closes: #973042) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 16 Oct 2021 08:27:55 +0200 + +thunderbird (1:91.1.1-1) experimental; urgency=medium + + * [73e3b75] New upstream version 91.1.1 + * [3413d35] Rebuild patch queue from patch-queue branch + Removed patch: + fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 20 Sep 2021 20:43:25 +0200 + +thunderbird (1:91.1.0-1) experimental; urgency=medium + + * [0b1d9f9] New upstream version 91.1.0 + Fixed CVE issues in upstream version 91.1 (MFSA 2021-41): + CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1 + * [4313e64] Rebuild patch queue from patch-queue branch + Added patch: + fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch + (Closes: #993594) + Modified patch: + porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch + * [234c566] d/rules: Don't run dh_autoreconf + (Closes: #993494) + * [bce15d7] thunderbird: Set package x11-utils as fallback + Install x11-utils only if kdialog or zenity aren't present on the system. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 05 Sep 2021 07:36:10 +0200 + +thunderbird (1:91.0.2-1) experimental; urgency=medium + + * [a5efefd] New upstream version 91.0.2 + Fixed CVE issues in upstream version 91.0.1 (MFSA 2021-37): + CVE-2021-29991: Header Splitting possible with HTTP/3 Responses + * [b21a07b] d/control: increase Standards-Version to 4.6.0 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 23 Aug 2021 20:05:01 +0200 + +thunderbird (1:91.0-1) experimental; urgency=medium + + * [3be73b6] d/source.filter: some updates to filtering list + * [5c87a00] New upstream version 91.0 + Fixed CVE issues in upstream version 91.0 (MFSA 2021-36): + CVE-2021-29986: Race condition when resolving DNS names could have led to + memory corruption + CVE-2021-29981: Live range splitting could have led to conflicting + assignments in the JIT + CVE-2021-29988: Memory corruption as a result of incorrect style treatment + CVE-2021-29984: Incorrect instruction reordering during JIT optimization + CVE-2021-29980: Uninitialized memory in a canvas object could have led to + memory corruption + CVE-2021-29987: Users could have been tricked into accepting unwanted + permissions on Linux + CVE-2021-29985: Use-after-free media channels + CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and + type confusion + CVE-2021-29989: Memory safety bugs fixed in Thunderbird 91 + (Closes: #640927, #944208, #958433, #952853, #971722, #982670) + * [0157fe4] d/control: Add new package thunderbird-l10n-af + Upstream ships localizations for Africaans. + * [f23e9e0] d/control: Add new package thunderbird-l10n-en-ca + Upstream ships localizations for English (Canada). + * [8b3cee9] d/control: Add new package thunderbird-l10n-lv + Upstream ships localizations for Latvian. + * [cad58ea] d/control: Add new package thunderbird-l10n-pa-in + Upstream ships localizations for Punjabi (Gurmukhi). + * [aecc2da] d/control: Add new package thunderbird-l10n-th + Upstream ships localizations for Thai. + * [9707e8a] Moving over to debhelper-compat + Switch over to recent debhelper-compat 13. + * [2934049] d/rules: Customize dh_missing call + Due debhelper-compat dh_missing needs some aditional tweaking as we need + to ignore some files which are built and installed into the tempory + install folder but not installed into the package(s). + * [7df72c6] d/rules: Don't use dwz + Running and using dwz is bringing no gain and produces issues to, can be + ignored for now. + * [1709f28] d/control: Remove non existing packages from Breaks + xul-ext-firetray and xul-ext-quotecolors are gone from the supported + releases. + * [f160918] d/control: Adding Rules-Requires-Root: no + No specific root access required so far while package build. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 14 Aug 2021 18:27:21 +0200 + +thunderbird (1:91.0~b5-1) experimental; urgency=medium + + * [119a49f] d/control: Adjust VCS links to branch debian/experimental + * [7ae6acc] d/source.filter: some updates to filtering list + * [e28b2f9] New upstream version 91.0~b5 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 01 Aug 2021 09:21:27 +0200 + +thunderbird (1:91.0~b3-1) experimental; urgency=medium + + * [90a153b] New upstream version 91.0~b3 + * [ada2cf0] d/control: Remove transitional package lightning + * [3e5087f] d/control: Remove obsolete lightning-l10-* packages + * [6eac520] d/control: Remove Suggests on libgtk2.0-0 fur thunderbird + (Closes: #967771) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 24 Jul 2021 10:37:52 +0200 + +thunderbird (1:91.0~b1-1) experimental; urgency=medium + + * [78f0ddb] d/source.filter: some updates to filtering list + * [3d29fcf] New upstream version 91.0~b1 + (Closes: #990631) + * [daa7fab] d/control: Increase some Build-Depends + * [f4bfd22] d/control: Remove libgtk2.0-dev from Build-Depends + * [ad4e281] d/s/lintian-overrides: Adding one more file to ignore + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 19 Jul 2021 22:04:15 +0200 + +thunderbird (1:90.0~b2-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [3cc0d66] d/source.filter: some updates to filtering list + * [3c76a94] New upstream version 90.0~b2 + * [46718fe] rebuild patch queue from patch-queue branch + removed patches: + fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch + debian-hacks/Work-around-Debian-bug-844357.patch + * [156d3c9] d/thunderbird.1: Correct debugger option + * [ca7daca] /u/l/thunderbird: Correct escape sequencing for gdb calling + (Closes: #976979) + * [f310330] d/thunderbird-wrapper.sh: Use '${}' syntax for variables + * [0ef3788] d/thunderbird.install: Remove gtk2 cruft + * [17b0510] d/copyright: Update due removed content + * [feca305] d/s/lintian-override: Remove two no longer existing entries + + [ Kevin Locke ] + * [dbe3c3e] d/thunderbird-wrapper.sh: Make gdb call more fail safe + (Closes:#942799) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 20 Jun 2021 14:51:49 +0200 + +thunderbird (1:89.0~b2-1) experimental; urgency=medium + + * [74911c7] New upstream version 89.0~b2 + * [b4fef2a] rebuild patch queue from patch-queue branch + modified patches: + debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch + porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + removed patches: + debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch + * [ea6a29e] d/control: Increase B-D for cbindgen and libnss3-dev + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 03 Jun 2021 19:40:08 +0200 + +thunderbird (1:88.0~b2-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [7af1a0b] New upstream version 88.0~b2 + * [30d1d48] rebuild patch queue from patch-queue branch + modified patch: + debian-hacks/Add-another-preferences-directory-for-applications-p.patch + porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch + removed patches (included upstream): + porting-arm/Reduce-memory-usage-while-linking-on-arm-el-hf-platforms.patch + porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch + renamed patch: + fixes/Load-dependent-libraries-with-their-real-path-to-avo.patch -> + fixes/Load-dependent-libraries-with-their-real-path.patch + * [f45da92] d/control: Increase B-D for libnss3-dev + + [ Colomban Wendling ] + * [bbf78cb] d/thunderbird.desktop: Switch StartupWMClass (Closes: #985366) + + [ Carsten Schoenert ] + * [a2cc9e0] d/control: Adding nasm to Build-Depends + * [41fad62] d/copyright: update due removed content + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 11 Apr 2021 13:50:27 +0200 + +thunderbird (1:86.0~b3-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [002f597,fe0515b] d/source.filter: updating the filtering list + * [dfafc89,35d050f] d/copyright: updates due upstream changes + Add Apache2 notice for third_party/python/coverage + * [24c009c] lintian: adding override for false positive in SVG file + * [d316a1c] New upstream version 86.0~b3 + * [20dc687] rebuild patch queue from patch-queue branch + modified patch: + debian/patches/porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + * [21b86f0] d/copyright: update due removed content + * [7fc9755] d/s/lintian-override: path for TeXZilla.js has changed + * [33c5d5a] d/s/lintian-override: remove JS file + * [825a440] d/control: Increase B-D for cbindgen + + [ Pino Toscano ] + * [35c3c3b] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 13 Feb 2021 13:41:36 +0100 + +thunderbird (1:85.0~b3-1) experimental; urgency=medium + + * [b142ac6] New upstream version 85.0~b3 + * [0d2221a] d/control: Increase various B-D versions + * [e4eb52e] rebuild patch queue from patch-queue branch + added patch: + debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch + updated patches: + debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch + fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 31 Dec 2020 20:39:53 +0100 + +thunderbird (1:84.0~b3-1) experimental; urgency=medium + + * [fad5103] calendar-google-provider*: removing left over cruft + * [b095d8e] thunderbird.NEWS: Add hint about integration of OpenPGP support + * [0f6bdf3] Revert "d/tb.lintian-overrides: ignore warning about none + versioned breaks" + * [f10f80c] d/copyright: update content + * [9c3fb20] d/source.filter: some updates to filtering list + * [c9b8274] New upstream version 84.0~b3 + * [adf3835] rebuild patch queue from patch-queue branch + removed patches: + fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch + fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch + porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch + porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch + porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch + porting-m68k/Add-m68k-support-to-Thunderbird.patch + porting-sh4/Add-sh4-support-to-Thunderbird.patch + * [3ff9c9d] thunderbird-l10n-all: add thunderbird-l10n-cy + (Closes: #974127) + * [393490c] d/control: remove l10n package for Sinhala + * [1f4e966] d/control: increase Standards-Version to 4.5.1 + No further changes needed. + * [288afdd] d/rules: use python3 explicitly while calling mach + Using the Python 3 interpreter is needed otherwise the Mozilla magic tries + to use a non existing virtualenv environment. + * [a509bdf] d/watch: update to version 4 + No further changes needed. + * [fc6b358] d/copyright: update some more content + Updating the copyright information due upstream modifications. + * [3bd5713] d/s/lintian-overrides: Adding more file to ignore + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 14 Dec 2020 15:24:59 +0100 + +thunderbird (1:78.14.0-1) unstable; urgency=medium + + * [6dc6817] d/changelog: Correct TB version for referenced MFSA + * [38f01f4] d/rules: Don't run dh_autoreconf + (Closes: #993494) + * [09c4cde] New upstream version 78.14.0 + Fixed CVE issues in upstream version 78.14.0 (MFSA 2021-42): + CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and + Thunderbird 91.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 08 Sep 2021 19:57:22 +0200 + +thunderbird (1:78.13.0-1) unstable; urgency=medium + + * [b4498b0] New upstream version 78.13.0 + Fixed CVE issues in upstream version 78.13.0 (MFSA 2021-35): + CVE-2021-29986: Race condition when resolving DNS names could have led to + memory corruption + CVE-2021-29988: Memory corruption as a result of incorrect style treatment + CVE-2021-29984: Incorrect instruction reordering during JIT optimization + CVE-2021-29980: Uninitialized memory in a canvas object could have led to + memory corruption + CVE-2021-29985: Use-after-free media channels + CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13 + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 12 Aug 2021 16:13:25 +0200 + +thunderbird (1:78.12.0-1) unstable; urgency=medium + + * [74d3cdb] New upstream version 78.12.0 + Fixed CVE issues in upstream version 78.12 (MFSA 2021-30): + CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS + could be processed + CVE-2021-29970: Use-after-free in accessibility features of a document + CVE-2021-30547: Out of bounds write in ANGLE + CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 17 Jul 2021 09:33:28 +0200 + +thunderbird (1:78.11.0-2) unstable; urgency=medium + + [ Carsten Schoenert ] + * [241e539] d/thunderbird.1: Correct debugger option + Remove parts that are no longer valid, especially there is no dedicated + shell script any more the user has to start, calling 'thunderbird -g' is + enough to start a GDB call. + * [66deb37] thunderbird: Use internal NSS source while package built + (Closes: #989839, #989843, #989979, #989983, #989922, #990012) + * [07fb6ef] d/thunderbird-wrapper.sh: Use '${}' syntax for variables + + [ Kevin Locke ] + * [d003e26] d/thunderbird-wrapper.sh: Make gdb call more fail safe + (Closes: #942799) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 20 Jun 2021 07:20:41 +0200 + +thunderbird (1:78.11.0-1) unstable; urgency=medium + + * [42c4a87] New upstream version 78.11.0 + Fixed CVE issues in upstream version 78.11 (MFSA 2021-26): + CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11 + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 03 Jun 2021 17:22:34 +0200 + +thunderbird (1:78.10.2-1) unstable; urgency=medium + + * [69552d8] New upstream version 78.10.2 + Fixed CVE issues in upstream version 78.10.2 (MFSA 2021-22): + CVE-2021-29957: Partial protection of inline OpenPGP message not indicated + CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master + password protection + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 19 May 2021 21:57:11 +0200 + +thunderbird (1:78.10.0-1) unstable; urgency=medium + + * [f38d78f] New upstream version 78.10.0 + Fixed CVE issues in upstream version 78.10 (MFSA 2021-15): + CVE-2021-23994: Out of bound write due to lazy initialization + CVE-2021-23995: Use-after-free in Responsive Design Mode + CVE-2021-23998: Secure Lock icon could have been spoofed + CVE-2021-23961: More internal network hosts could have been probed by a + malicious webpage + CVE-2021-23999: Blob URLs may have been granted additional privileges + CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an + encoded URL + CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead + to null-reads (This issue only affected x86-32 platforms.) + CVE-2021-29946: Port blocking could be bypassed + CVE-2021-29948: Race condition when reading from disk while verifying + signatures + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 19 Apr 2021 20:00:32 +0200 + +thunderbird (1:78.9.0-1) unstable; urgency=medium + + [ Colomban Wendling ] + * [7d454de] d/thunderbird.desktop: Switch StartupWMClass + (Closes: #985366) + + [ Carsten Schoenert ] + * [23fe9ce] d/source.filter: small update to filtering list + * [828b9d7] New upstream version 78.9.0 + Fixed CVE issues in upstream version 78.9 (MFSA 2021-12): + CVE-2021-23981: Texture upload into an unbound backing buffer resulted in + an out-of-bound read + CVE-2021-23982: Internal network hosts could have been probed by a + malicious webpage + CVE-2021-23984: Malicious extensions could have spoofed popup information + CVE-2021-23987: Memory safety bugs fixed in Thunderbird 78.9 + * [cf4fbde] rebuild patch queue from patch-queue branch + Removed patch (included upstream): + porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 23 Mar 2021 15:55:43 +0100 + +thunderbird (1:78.8.0-1) unstable; urgency=medium + + [ Pino Toscano ] + * [f2f1f3f] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink + + [ Carsten Schoenert ] + * [f5707a7] New upstream version 78.8.0 + Fixed CVE issues in upstream version 78.8 (MFSA 2021-09): + CVE-2021-23969: Content Security Policy violation report could have + contained the destination of a redirect + CVE-2021-23968: Content Security Policy violation report could have + contained the destination of a redirect + CVE-2021-23973: MediaError message property could have leaked information + about cross-origin resources + CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 21 Feb 2021 14:58:05 +0100 + +thunderbird (1:78.7.1-1) unstable; urgency=medium + + * [406f9d7] New upstream version 78.7.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 05 Feb 2021 20:12:59 +0100 + +thunderbird (1:78.7.0-1) unstable; urgency=medium + + * [8751354] New upstream version 78.7.0 + Fixed CVE issues in upstream version 78.7 (MFSA 2021-05): + CVE-2021-23953: Cross-origin information leakage via redirected PDF + requests + CVE-2021-23954: Type confusion when using logical assignment operators in + JavaScript switch statements + CVE-2020-15685: IMAP Response Injection when using STARTTLS + CVE-2020-26976: HTTPS pages could have been intercepted by a registered + service worker when they should not have been + CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript + variables during GC + CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7 + * [4b0c0a7] rebuild patch queue from patch-queue branch + removed patch (included upstream): + porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 29 Jan 2021 20:45:49 +0100 + +thunderbird (1:78.6.1-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [67f6117] Add Apache2 notice for third_party/python/coverage + * [38b9ff7] lintian: adding override for false positive in SVG file + + [ Carles Pina i Estany ] + * [529d53a] d/thunderbird-wrapper.sh: Unset DEBUG/DEBUGGER variables + (Closes: #960230) + * [6d48708] d/thunderbird-wrapper-helper.sh: Adjust help text + + [ Carsten Schoenert ] + * [5309e91] d/thunderbird-wrapper*.sh: Prefixing some local variables + * [07b4733] New upstream version 78.6.1 + Fixed CVE issues in upstream version 78.6.1 (MFSA 2021-02): + CVE-2020-16044: Use-after-free write when handling a malicious + COOKIE-ECHO SCTP chunk + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 16 Jan 2021 14:59:02 +0100 + +thunderbird (1:78.6.0-1) unstable; urgency=medium + + * [1410f1e] d/watch: update to version 4 + * [a8303b7] d/rules: use python3 explicitly while calling mach + * [f3f535e] New upstream version 78.6.0 + Fixed CVE issues in upstream version 78.6 (MFSA 2020-56): + CVE-2020-16042: Operations on a BigInt could have caused uninitialized + memory to be exposed + CVE-2020-26971: Heap buffer overflow in WebGL + CVE-2020-26973: CSS Sanitizer performed incorrect sanitization + CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap + use-after-free + CVE-2020-26978: Internal network hosts could have been probed by a + malicious webpage + CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs + CVE-2020-35112: Opening an extension-less download may have inadvertently + launched an executable instead + CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6 + (Closes: #972072, #973697) + * [16a7ab7] /u/l/thunderbird: Correct escape sequencing for gdb calling + We need to do a better escaping of values of the '-ex' option otherwise + the shell is refusing the concatenated string we want to use as call. + (Closes: #976979) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 15 Dec 2020 10:12:34 +0100 + +thunderbird (1:78.5.1-1) unstable; urgency=medium + + * [08556c2] New upstream version 78.5.1 + Fixed CVE issues in upstream version 78.5.1 (MFSA 2020-53): + CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server + response codes + * [7047340] rebuild patch queue from patch-queue branch + removed patch (included upstream): + fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch + * [40663bb] debian/control: increase Standards-Version to 4.5.1 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 03 Dec 2020 05:35:04 +0100 + +thunderbird (1:78.5.0-1) unstable; urgency=medium + + * [7842f02] New upstream version 78.5.0 + Fixed CVE issues in upstream version 78.5 (MFSA 2020-51): + CVE-2020-26951: Parsing mismatches could confuse and bypass security + sanitizer for chrome privileged code + CVE-2020-16012: Variable time processing of cross-origin images during + drawImage calls + CVE-2020-26953: Fullscreen could be enabled without displaying the + security UI + CVE-2020-26956: XSS through paste (manual and clipboard API) + CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME + type restrictions + CVE-2020-26959: Use-after-free in WebRequestService + CVE-2020-26960: Potential use-after-free in uses of nsTArray + CVE-2020-15999: Heap buffer overflow in freetype + CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses + CVE-2020-26965: Software keyboards may have remembered typed passwords + CVE-2020-26966: Single-word search queries were also broadcast to local + network + CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5 + * [e19743e] rebuild patch queue from patch-queue branch + removed patch (included upstream): + fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 18 Nov 2020 20:06:09 +0100 + +thunderbird (1:78.4.2-1) unstable; urgency=medium + + * [c7f4ed2] New upstream version 78.4.2 + Fixed CVE issues in upstream version 78.4 (MFSA 2020-49): + CVE-2020-26950: Write side effects in MCallGetProperty opcode not + accounted for + * [c3a617d] rebuild patch queue from patch-queue branch + added patch: + fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch + * [8e4e7ad] thunderbird-l10n-all: add thunderbird-l10n-cy + (Closes: #974127) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 10 Nov 2020 21:19:15 +0100 + +thunderbird (1:78.4.1-1) unstable; urgency=medium + + * [cf8bf1e] New upstream version 78.4.1 + * [529000c] rebuild patch queue from patch-queue branch + added patches: + fixes/Bug-1650299-Unify-the-inclusion-of-the-ICU-data-file.-r-f.patch + fixes/Don-t-build-ICU-in-parallel.patch + Patches are picked from Firefox and fixing FTBFS on s390x within buster. + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 06 Nov 2020 21:53:24 +0100 + +thunderbird (1:78.4.0-1) unstable; urgency=medium + + [ Emilio Pozuelo Monfort ] + * [652f8de] install the apparmor profile in thunderbird.install + + [ Carsten Schoenert ] + * [5240d53] Revert "thunderbird.install: adjust.desktop renamed file name" + (Closes: #972601) + * [861b21a] Revert "Rename .desktop file for AppStream compliance" + (Closes: #972578) + * [ffc5818] New upstream version 78.4.0 + Fixed CVE issues in upstream version 78.4 (MFSA 2020-47): + CVE-2020-15969: Use-after-free in usersctp + CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4 + * [81396e3] rebuild patch queue from patch-queue branch + removed patches (fixed upstream): + porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch + porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch + + modified patches: + fixes/Appdata-Adding-some-German-translations.patch + fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch + + Minor fine tuning to the AppStream specific parts but also revert some + translation entries as they are not intend to be translatable. + These modification also in correlation with the mentioned bug reports above + which are closed by the other adjustments. + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 22 Oct 2020 18:48:25 +0200 + +thunderbird (1:78.3.3-1) unstable; urgency=medium + + [ Emilio Pozuelo Monfort ] + * [6f18974] Remove duplicated --disable-debug-symbols flag + * [1119d50] Print a verbose build log by not calling the mach wrapper + * [fcf7c11] Exclude -g from CXXFLAGS as well + + [ Carsten Schoenert ] + * [9eb159f] New upstream version 78.3.3 + * [47171dc] rebuild patch queue from patch-queue branch + added patches: + fixes/Appdata-Adding-some-German-translations.patch + fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch + * [1474d91] Rename .desktop file for AppStream compliance + * [10e49a9] thunderbird.install: adjust.desktop renamed file name + * [018bbc1] thunderbird.pc: remove left over cruft + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 18 Oct 2020 08:49:20 +0200 + +thunderbird (1:78.3.2-1) unstable; urgency=medium + + * [0b2f19f] d/rules: remove hand crafted icu build + Cherry-picked from debian/buster branch. + The possible required build of the ICU if the usage of an external ICU + library is now handled by the upstream build system. + * [1583517] d/rules: rewrite dpkg_buildflags to remove option '-g' + Cherry-picked from debian/buster branch. + We need to remove the option '-g' from the dpkg_buildflags variable for + real if we want a build without debugging information (e.g. on 32bit + architectures). + * [fb4c9c4] New upstream version 78.3.2 + * [9d5e2b9] d/rules: install the language Add-ons into /u/l/t/e + Do not install the thunderbird-l10n packages into /usr/share/thunderbird + any more, install them directly into /usr/libt/thunderbird/extensions. + This simplifies the package structures as there is no real need to install + the packages into /usr/share/thunderbird and linking them back. + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 09 Oct 2020 19:49:45 +0200 + +thunderbird (1:78.3.1-2) unstable; urgency=medium + + * [649f664] rebuild patch queue from patch-queue branch + added patches: + fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch + porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 30 Sep 2020 19:10:27 +0200 + +thunderbird (1:78.3.1-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [6bd965f] New upstream version 78.3.1 + Fixed CVE issues in upstream version 78.3.1 (MFSA 2020-44): + CVE-2020-15677: Download origin spoofing via redirect + CVE-2020-15676: XSS when pasting attacker-controlled data into a + contenteditable element + CVE-2020-15678: When recursing through layers while scrolling, an iterator + may have become invalid, resulting in a potential + use-after-free scenario + CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3 + * [8ba13c5] rebuild patch queue from patch-queue branch + added patches(picked from firefox packaging): + fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch + porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch + porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch + porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch + removed patch(fixed upstream): + fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch + * [c6d282d] calendar-google-provider*: removing left over cruft + There are two left over sequencer files from the calendar-google-package, + not need any more since 1:68.2.2-1 + * [cf37615] d/README.Debian: Update and adding new information + Some updated information regarding the now included OpenPGP support, also + updating some grammar for 'Add-on'. + * [faf225b] thunderbird.NEWS: Add hint about integration of OpenPGP support + Giving the user a information about the OpenPGP status within Thunderbird + since the version 78.0. + * [d6f4f0e] Revert "d/tb.lintian-overrides: ignore warning about none + versioned breaks" + * [9e6cbec] d/copyright: update content + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 27 Sep 2020 09:08:29 +0200 + +thunderbird (1:78.2.2-1) experimental; urgency=medium + + * [c6592e8] New upstream version 78.2.2 + * [28f5fce] rebuild patch queue from patch-queue branch + added patches: + fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch + porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch + * [4866c06] d/mozconfig.default: add extra config options for ppc64el + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 13 Sep 2020 08:58:44 +0200 + +thunderbird (1:78.2.1-1) experimental; urgency=medium + + * [1f3f76b] d/rules: drop C{,XX}FLAGS originally intended for GCC6 + * [4490e37] d/mozconfig.default: add options for mips64el + * [17b4e5c] d/rules: Don't build debug symbols on 32Bit arch + * [6dff7e0] d/rules: adding -Wl,--as-needed to linker flags + * [a213a7f] New upstream version 78.2.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 30 Aug 2020 14:38:17 +0200 + +thunderbird (1:78.2.0-1) experimental; urgency=medium + + [ intrigeri ] + * [f6fcafd] d/control: drop hard dependency on libgtk2.0-0 + (Closes: #908654) + * [85b7a2e] autopkgtests: fix typo in comment + * [4bd70ae] d/mozconfig.default: fix typos in comments + * [d986a6d] d/control: allow Enigmail 2.2.0 and newer + (Closes: #968707) + + [ Carsten Schoenert ] + * [52b4006] d/control: increase B-D for libnss3 + (Closes: #966805) + * [7794563] New upstream version 78.2.0 + Fixed CVE issues in upstream version 78.2.0 (MFSA 2020-41): + CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could + have resulted in escalation of privilege + CVE-2020-15664: Attacker-induced prompt for extension installation + CVE-2020-15670: Memory safety bugs fixed in Thunderbird 78.2 + * [623f853] rebuild patch queue from patch-queue branch + No modifications made, just updating the index. + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 26 Aug 2020 20:41:28 +0200 + +thunderbird (1:78.1.1-1) experimental; urgency=medium + + * [5fb842b] d/mozconfig.default: adding new option regarding Add-Ons + Adding additional options --allow-addon-sideload and + --with-unsigned-addon-scopes=app,system. These option are adopted and + taken from the firefox package. + * [8de0b35] New upstream version 78.1.1 + * [4abe5ed] d/copyright: update content + Some small updates to the copyright information. + * [3caa541] d/control: adding new B-D for botan and json-c + The upstream source now offers the possibility to use the system + libraries for botan and json-c, for this we need to have both libraries + installed for building Thunderbird. + * [251d524] d/mozconfig.default: use botan and json-c system libraries + Turn on the configuration flags for botan and also for json-c that let + the build use the installed provided system libraries instead of using + internal versions. + * [a32a163] rebuild patch queue from patch-queue branch + removed patch: + debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch + Upstream has now (again) a configure option for using a installed system + bzip2 library that makes our added patch for this not needed anymore. + * [16c91c0] lintian: remove override for embedded bzip2 in librnp.so + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 08 Aug 2020 19:16:08 +0200 + +thunderbird (1:78.1.0-1) experimental; urgency=medium + + * [c4099cd] New upstream version 78.1.0 + Fixed CVE issues in upstream version 78.1.0 (MFSA 2020-33): + CVE-2020-15652: Potential leak of redirect targets when loading scripts in + a worker + CVE-2020-6514: WebRTC data channel leaks internal address to peer + CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy + CVE-2020-15653: Bypassing iframe sandbox when allowing popups + CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture + CVE-2020-15656: Type confusion for special arguments in IonMonkey + CVE-2020-15658: Overriding file type when saving to disk + CVE-2020-15657: DLL hijacking due to incorrect loading path + CVE-2020-15654: Custom cursor can overlay user interface + CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 31 Jul 2020 19:35:57 +0200 + +thunderbird (1:78.0.1-1) experimental; urgency=medium + + * [5450d8d] d/control: increase B-D for libnss3 + * [9749d1d] d/control: drop B-D on python2 and move over to python3 + * [b31360b] d/xpi-pack.sh: adding xpi-pack shell script + * [89ede80] Drop mozilla-devscripts as B-D + * [f3b2ced] New upstream version 78.0.1 + * [1847202] d/tb.lintian-overrides: ignore warning about none versioned + breaks + * [d56c922] d/lightning.links: removing left over sequencer file + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 22 Jul 2020 20:11:25 +0200 + +thunderbird (1:78.0-1) experimental; urgency=medium + + * [1016cc5] New upstream version 78.0 + Fixed CVE issues in upstream version 78.0 (MFSA 2020-29): + CVE-2020-12415: AppCache manifest poisoning due to url encoded character + processing + CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster + CVE-2020-12417: Memory corruption due to missing sign-extension for + ValueTags on ARM64 + CVE-2020-12418: Information disclosure due to manipulated URL object + CVE-2020-12419: Use-after-free in nsGlobalWindowInner + CVE-2020-12420: Use-After-Free when trying to connect to a STUN server + CVE-2020-15648: X-Frame-Options bypass using object or embed tags + CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack + CVE-2020-12421: Add-On updates did not respect the same certificate trust + rules as software updates + CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer + CVE-2020-12424: WebRTC permission prompt could have been bypassed by a + compromised content process + CVE-2020-12425: Out of bound read in Date.parse() + CVE-2020-12426: Memory safety bugs fixed in Thunderbird 78 + * [ad66b04] rebuild patch queue from patch-queue branch + reworked patch: + porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + * [4a2039c] d/mozconfig.default: enable OpenPGP feature build + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 16 Jul 2020 19:15:25 +0200 + +thunderbird (1:78.0~b2-1) experimental; urgency=medium + + * [c8da927] d/source.filter: fix obviously happen typo + * [c513a96] New upstream version 78.0~b2 + * [6e9104e] d/control: tb, adding binary version to lightning provides + Make the Provides for Lightning a versioned provide. + * [8adec8f] enigmail: let any version of Enigmail break + We now can break on any Enigmail version, the Enigmail functions are now + included in Thunderbird and don't want to have an Enigmail package get + installed in parallel. + * [696b1fc] xul-ext-*/webext-*: adding more extensions to break + Quite all of the current packaged Thunderbird extensions will not work + for now with Thunderbird 78.*, adding/renaming the current know packages + with recent versions to Breaks for thunderbird. + * [e488d0c] thunderbird: remove some non-existing packages from Breaks + The listed packages + xul-ext-foxyproxy-standard + xul-ext-gnome-keyring + xul-ext-nostalgy + aren't in any supported release so we don't need them any more within a + Breaks for thunderbird. + * [039ee90] thunderbird: remove outdated myspell packages from Breaks + All previously listed myspell packages in Breaks for thunderbird aren't + reachable with the given version any more. We can remove them safely. + * [08ea0ba] thunderbird: remove outdated hunspell packages from Breaks + The same is true for the hunspell packages that were listed in the Breaks + field for thunderbird. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 20 Jun 2020 18:04:59 +0200 + +thunderbird (1:78.0~b1-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [625efa9] d/source.filter: some updates to filtering list + Recent modification of the shipped files in the upstream tarball do + require small updates of the filter list we use to repack the tarball. + * [967ee19] New upstream version 78.0~b1 + * [240991e] rebuild patch queue from patch-queue branch + removed patch: + debian-hacks/use-icudt-b-l-.dat-depending-on-architecture.patch + This will require some additional adjustment later for the stable-security + uploads as this patch was required to get a recent ICU version build + before the build of the thunderbird sources did start. + reworked patch: + debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch + * [07cab53] d/mozconfig.default: remove no longer existing options + By this release a lot of old configure options are kicked out, some of + them we have used until now. We need to remove these from the config. + * [df2e99b] d/copyright: update content + As usual some required update of the copyright file, more files are not + shipped anymore. + + [ intrigeri ] + * [82a4b03] AppArmor: update profile from upstream at commit 860d2d9 + (cherry-picked from unstable) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 13 Jun 2020 20:01:39 +0200 + +thunderbird (1:77.0~b3-1) experimental; urgency=medium + + * [82de2f6] New upstream version 77.0~b3 + * [8beaf6f] rebuild patch queue from patch-queue branch + removed patch (included upstream): + fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch + * [ab2d7a2] d/copyright: Add license for appstream xml file + * [1533187] d/source.filter: Remove some *.wasm files as well + * [7cdfe03] d/thunderbird.lintian-overrides: Some more needed overrides + We need currently the included bzip library. Also add a false positive + about the misread postinst script. + * [9385fd4b] d/control: Remove doubled listed package libglib2.0-dev + Drop a doubled listed package libglib2.0-dev within B-D. + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 20 May 2020 20:58:09 +0200 + +thunderbird (1:77.0~b2-1) experimental; urgency=medium + + * [185d4f7] New upstream version 77.0~b2 + * [e918036] rebuild patch queue from patch-queue branch + removed patch: + fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch + * [c1979ce] d/mozconfig.default: Remove obsolete options + Drop the options '--with-distribution-id' and '--with-user-appdir'. + The former is basically only supporting the given default 'org.mozilla' + and the latter was set to the default '.mozilla' anyway. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 16 May 2020 14:04:02 +0200 + +thunderbird (1:77.0~b1-1) experimental; urgency=medium + + * [ee06e6e] New upstream version 77.0~b1 + * [a21b649] rebuild patch queue from patch-queue branch + removed patches (not needed any more): + lower-down-required-version-on-NSS3.patch + + added patches: + fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch + fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch + * [295cc4d] d/control: increase B-D for libnss3 + The build requires now libnss3-dev >= 2:3.52. + * [f998baf] lintian-overrides: remove overrides for kinto-http-client.js + No override needed for this file, it's not included any more. + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 08 May 2020 15:18:44 +0200 + +thunderbird (1:76.0~b2-1) experimental; urgency=medium + + * [87988db] d/control: increase B-D for cargo to 0.42 + * [b9b0dfd] rebuild patch queue from patch-queue branch + removed patch: + debian-hacks/Ignore-version-check-for-cargo.patch + * [8386db0] d/control: Remove B-D on libjson-dev and libsqlite3-dev + The built uses internal copies for libjson and libsqlite as there are + made modifications to them. For now we can decrease the list of build + dependencies by removing this two packages. + * [6324222] New upstream version 76.0~b2 + * [629b3bb] d/rules: Remove default compiler flag + No needed for '-Wl,--as-needed' any more, it's default now. + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 27 Apr 2020 09:55:43 +0200 + +thunderbird (1:76.0~b1-1) experimental; urgency=medium + + * [b52cd52] d/c-thunderbird-l10n-tarball.sh: change upstream resource + Upstream has changed the folder were we can find the language providing + XPI packages. They simply moved over from linux-i686 to linux-x86_64. + * [22e697a] d/rules: drop set up of LIGHTNING_VERSION variable + We don't need this variable any more for building the packages (like all + the lightning-foo named stuff), there is no dedicated Lighting named stuff + around. + * [4ad871b] d/gbp.conf: Remove additional tarball for lightning-l10n + git-buildpackage won't find this additional tarball as it's not needed + starting by the import of the next upstream version (this is 76.0b1). + * [25d8d42] d/c-l-l10n-t.sh: Remove helper script + We also don't need to build the l10n specific additional tarball for + Lighting related parts any more. Dropping this helper script. + * [9d33d06] d/README.source: Remove part of lightning-l10n + * [b063d7f] New upstream version 76.0~b1 + * [e7a23ec] rebuild patch queue from patch-queue branch + removed patches (not needed or included upstream): + debian-hacks/Build-against-system-libjsoncpp.patch + debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch + fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch + fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch + + added patches: + debian-hacks/Ignore-version-check-for-cargo.patch + lower-down-required-version-on-NSS3.patch + * [94d8593] d/control: adding new packages thunderbird-l10n-{cak,kab,uz} + After the final release of Thunderbird 68.0 new l10n support for the + languages Kacqhikel, Georgian and Uzbek was added. Reflect this by adding + new binary packages for those languages. + * [5397182] d/mozconfig.default: remove option for system-sqlite + Upstream is using their own version of an modified SQLite now and has + dropping the additional configure option about this. + * [abb0ded] d/control: increase various versions in B-D + The current source requires some more recent versions of the helping tools + for building the sources as usual. + * [abfc8b2] d/rules: remove any action related to old lightning stuff + As the sources doesn't have any Lightning specific parts any more we need + to adjust the build process within debian/rules a bit. Thus dropping all + the rules around Lighting things. + * [f95b3ad] d/control: Turn lightning into transitional package + For now switch the behaviour of the lightning package into a transitional + one. We might can drop the whole package rather soon. + * [c3062cb] d/thunderbird.install: Remove blocklist.xml + Don't install the file blocklist.xml any more, it's now not shipped by + upstream any more. + * [856e99e] d/mozconfig.thunderbird: Remove --enable-calendar + Previously the build of the Lightning extension was needed to get enabled + to built this as an extension. Now it's fully integrated into the core + this configure option isn't needed any longer. + * [5551a8a] d/copyright: update content + As usual there is some moving within the source code between the major + versions, reflect this by adjusting the content of the copyright file. + * [21e9b7f] lintian-overrides: adjust overrides for needed files + Also the override file for the source is needing some adjustments. + * [f25ddc4] d/source.filter: update the filter sequences + The control for filtering non needed stuff from the upstream tarball must + also get adjusted due changed versions, moved folders etc. + * [e4a81ba] d/thunderbird.install: Install also appdata.xml + Upstream is providing an AppStream data file which we want install mow + also. + * [80385c9] d/source.filter: Sorting entries alphabetically + No functional modifications, just sorting entries to find stuff more easily. + * [585cf0a] d/thunderbird.lintian-overrides: update after config changes + We also need to modify the content for Lintian overrides for the + thunderbird package a bit. Thunderbird comes now (again) with own versions + of the libraries libtheora and libjsoncpp. Mostly because Mozilla has made + some own modifications within these libraries. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 18 Apr 2020 08:28:25 +0200 + +thunderbird (1:68.12.0-1) unstable; urgency=medium + + * [103cab7] New upstream version 68.12.0 + Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35): + CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could + have resulted in escalation of privilege + CVE-2020-15664: Attacker-induced prompt for extension installation + CVE-2020-15669: Use-After-Free when aborting an operation + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 27 Aug 2020 21:23:55 +0200 + +thunderbird (1:68.11.0-3) unstable; urgency=medium + + * [28707fd] d/xpi-pack.sh: adding xpi-pack shell script + As we can't depend on mozilla-devscripts anymore we pick up the shell + script from that package as this builds XPI files we need. + * [037212e] Drop mozilla-devscripts as B-D + mozilla-devscripts isn't ported to Python3 yet and depends on Python2 so. + We don't need that package as B-D as we picked the main shell script from + that and we can drop that package from the build dependencies. + * [31eda41] Drop python-{minimal,ply} from B-D + These packages are removed from teh archive and we don't need them for + building Thunderbird as long we have python2 as package available. + (Closes: #967223) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 04 Aug 2020 19:06:20 +0200 + +thunderbird (1:68.11.0-2) unstable; urgency=medium + + * [110a375] d/control: increase B-D for libnss3 + * [73fa23e] d/control: tb manually set dep on libnss3 to 2:3.55 + (Closes: #966806) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 02 Aug 2020 20:12:49 +0200 + +thunderbird (1:68.11.0-1) unstable; urgency=medium + + * [093b080] New upstream version 68.11.0 + Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35): + CVE-2020-15652: Potential leak of redirect targets when loading scripts + in a worker + CVE-2020-6514: WebRTC data channel leaks internal address to peer + CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture + CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 29 Jul 2020 22:26:14 +0200 + +thunderbird (1:68.10.0-1) unstable; urgency=medium + + * [7537684] New upstream version 68.10.0 + Fixed CVE issues in upstream version 68.10.0 (MFSA 2020-26): + CVE-2020-12417: Memory corruption due to missing sign-extension for + ValueTags on ARM64 + CVE-2020-12418: Information disclosure due to manipulated URL object + CVE-2020-12419: Use-after-free in nsGlobalWindowInner + CVE-2020-12420: Use-After-Free when trying to connect to a STUN server + MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login + credentials + CVE-2020-12421: Add-On updates did not respect the same certificate trust + rules as software updates + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 04 Jul 2020 10:55:31 +0200 + +thunderbird (1:68.9.0-1) unstable; urgency=medium + + [ intrigeri ] + * [fd13825] AppArmor: update profile from upstream at commit 860d2d9 + (Closes: #960465) + + [ Carsten Schoenert ] + * [c310c40] New upstream version 68.9.0 + Fixed CVE issues in upstream version 68.9.0 (MFSA 2020-22): + CVE-2020-12399: Timing attack on DSA signatures in NSS library + CVE-2020-12405: Use-after-free in SharedWorkerService + CVE-2020-12406: JavaScript Type confusion with NativeTypes + CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0 + CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to + information leakage + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 05 Jun 2020 20:29:35 +0200 + +thunderbird (1:68.8.1-1) unstable; urgency=medium + + * [7495e7a] New upstream version 68.8.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 22 May 2020 19:04:20 +0200 + +thunderbird (1:68.8.0-1) unstable; urgency=medium + + * [9b5ae46] New upstream version 68.8.0 + Fixed CVE issues in upstream version 68.8.0 (MFSA 2020-18): + CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode + characters + CVE-2020-12387: Use-after-free during worker shutdown + CVE-2020-6831: Buffer overflow in SCTP chunk input validation + CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' + CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to command + injection + CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0 + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 05 May 2020 20:47:29 +0200 + +thunderbird (1:68.7.0-1) unstable; urgency=medium + + * [c0052af] New upstream version 68.7.0 + Fixed CVE issues in upstream version 68.7.0 (MFSA 2020-14): + CVE-2020-6819: Use-after-free while running the nsDocShell destructor + CVE-2020-6820: Use-after-free when handling a ReadableStream + CVE-2020-6821: Uninitialized memory could be read when using the WebGL + copyTexSubImage method + CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large + images + CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 12 Apr 2020 07:40:41 +0200 + +thunderbird (1:68.6.0-1) unstable; urgency=medium + + * [5709774] New upstream version 68.6.0 + Fixed CVE issues in upstream version 68.6.0 (MFSA 2020-10): + CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init + CVE-2020-6805: Use-after-free when removing data about origins + CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections + against state confusion + CVE-2020-6807: Use-after-free in cubeb during stream destruction + CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to + command injection + CVE-2020-6812: The names of AirPods with personally identifiable + information were exposed to websites with camera or + microphone permission + CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6 + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 16 Mar 2020 20:01:29 +0100 + +thunderbird (1:68.5.0-1) unstable; urgency=medium + + * [d79bf82] New upstream version 68.5.0 + Fixed CVE issues in upstream version 68.5.0 (MFSA 2020-07): + CVE-2020-6793: Out-of-bounds read when processing certain email messages + CVE-2020-6794: Setting a master password post-Thunderbird 52 does not + delete unencrypted previously stored passwords + CVE-2020-6795: Crash processing S/MIME messages with multiple signatures + CVE-2020-6798: Incorrect parsing of template tag could result in + JavaScript injection + CVE-2020-6792: Message ID calculcation was based on uninitialized data + CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5 + (Closes: #891848) + * [0884df6] d/control: increase Standards-Version to 4.5.0 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 13 Feb 2020 17:58:44 +0100 + +thunderbird (1:68.4.2-1) unstable; urgency=medium + + * [7ab7786] d/gbp.conf: add some more files we need to filter out + * [9c02c34] New upstream version 68.4.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 26 Jan 2020 13:13:49 +0100 + +thunderbird (1:68.4.1-1) unstable; urgency=medium + + * [a00f3e9] New upstream version 68.4.1 + Fixed CVE issues in upstream version 68.4.1 (MFSA 2020-04): + CVE-2019-17026: IonMonkey type confusion with StoreElementHole and + FallibleStoreElement + CVE-2019-17015: Memory corruption in parent process during new content + process initialization on Windows + CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting + CVE-2019-17017: Type Confusion in XPCVariant.cpp + CVE-2019-17022: CSS sanitization does not escape HTML tags + CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1 + * [6b1fd82] rebuild patch queue from patch-queue branch + removed patch (included upstream) + fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 10 Jan 2020 18:33:43 +0100 + +thunderbird (1:68.3.1-1) unstable; urgency=medium + + [ Emilio Pozuelo Monfort ] + * [6f59313] Fix MOZ_BUILD_DATE to have the expected format + + [ Carsten Schoenert ] + * [5d0f4b1] d/rules: don't use SOURCE_DATE_EPOCH for MOZ_BUILD_DATE + (Closes: #946588) + * [1467af5] New upstream version 68.3.1 + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 18 Dec 2019 15:54:44 +0100 + +thunderbird (1:68.3.0-2) unstable; urgency=medium + + * [0625d30] rebuild patch queue from patch-queue branch + added patches: + fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch + fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch + * [ea8d98c] Breaks: add versioned birdtray package + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 09 Dec 2019 18:22:15 +0100 + +thunderbird (1:68.3.0-1) unstable; urgency=medium + + * [fe289ec] /u/b/thunderbird: export variable DICPATH before start + (Closes: #944295) + * [a9a48c6] New upstream version 68.3.0 + Fixed CVE issues in upstream version 68.3 (MFSA 2019-38): + CVE-2019-17008: Use-after-free in worker destruction + CVE-2019-13722: Stack corruption due to incorrect number of arguments in + WebRTC code + CVE-2019-11745: Out of bounds write in NSS when encrypting with a block + cipher + CVE-2019-17009: Updater temporary files accessible to unprivileged + processes + CVE-2019-17010: Use-after-free when performing device orientation checks + CVE-2019-17005: Buffer overflow in plain text serializer + CVE-2019-17011: Use-after-free when retrieving a document in + antitracking + CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR + 68.3, and Thunderbird 68.3 + * [fb23473] d/control: increase B-D version on NSS to 3.44.3 + * [6f59938] Breaks: adding more non compatible packaged AddOns + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 05 Dec 2019 10:03:22 +0100 + +thunderbird (1:68.2.2-1) unstable; urgency=medium + + * [198d539] xul-ext-compactheader: allow also version << 3.0.0 + * [0e93753] d/control: add incompatibility with jsunit << 0.2.2 + * [87c84cb] New upstream version 68.2.2 + This upstream version has removed the source for calendar-google-provider, + thus we can't provide the related binary package any more. + * [a3cea2a] rebuild patch queue from patch-queue branch + rebuild patch queue from patch-queue branch + + removed patches (included upstream): + debian/patches/fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch + debian/patches/fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch + debian/patches/fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch + debian/patches/fixes/Build-also-gdata-provider-as-xpi-file.patch + debian/patches/fixes/rust-ignore-not-available-documentation.patch + debian/patches/porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch + debian/patches/porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch + debian/patches/porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch + debian/patches/porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch + debian/patches/porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch + * [1730f5f] d/control: remove references to calendar-google-provider + Don't build calendar-google-provider any more and remove any references + from other binary packages. + * [1b0bbb8] d/rules: remove any calendar-google-provider stuff + * [92f681c] thunderbird.NEWS: Adding hint about removal of gdata + Give out an announcement about the removal of a possible previously + installed package calendar-google-provider. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 10 Nov 2019 12:09:17 +0100 + +thunderbird (1:68.2.1-1) unstable; urgency=medium + + [ intrigeri ] + * [c48e2cb] AppArmor: update profile from upstream at commit a27a1a5 + (Closes: #941290) + + [ Carsten Schoenert ] + * [98497ae] New upstream version 68.2.0 + Fixed CVE issues in upstream version 68.2 (MFSA 2019-35): + CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber + CVE-2019-11757: Use-after-free when creating index updates in IndexedDB + CVE-2019-11758: Potentially exploitable crash due to 360 Total Security + CVE-2019-11759: Stack buffer overflow in HKDF output + CVE-2019-11760: Stack buffer overflow in WebRTC networking + CVE-2019-11761: Unintended access to a privileged JSONView object + CVE-2019-11762: document.domain-based origin isolation has + same-origin-property violation + CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique + CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2 + (Closes: #925841) + * [a104c51] d/control: increase Standards-Version to 4.4.1 + * [6c9d012] xul-ext-dispmua: set current min usable version + * [b3bf16f] New upstream version 68.2.1 + * [8f89b90] d/control: decrease build architecture list + Decreasing the current list of build architectures. Not meant to keep this + forever, removed RC architectures needing support and volunteering to get + them back. + (Closes: #921258) + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 01 Nov 2019 20:36:59 +0100 + +thunderbird (1:68.1.2-1~exp1) experimental; urgency=medium + + * [81f4144] xul-ext-compactheader: increase minimal usable version + * [a815589] Update the global information about TB in Debian + * [bb5f5f7] rebuild patch queue from patch-queue branch + * [6fe7d3f] xul-ext-sogo-connector: increase minimal usable version + * [2e29af5] New upstream version 68.1.2 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 26 Oct 2019 08:41:50 +0200 + +thunderbird (1:68.1.1-1~exp1) experimental; urgency=medium + + [ intrigeri ] + * [3f49653] AppArmor: update profile from upstream at commit ed52e4a + + [ Carsten Schoenert ] + * [348f476] New upstream version 68.0~b5 + * [2a2f101] New upstream version 68.1.1 + Fixed CVE issues in upstream version 68.1 (MFSA 2019-20): + CVE-2019-11711: Script injection within domain through inner window reuse + CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins + by following 308 redirects + CVE-2019-11713: Use-after-free with HTTP/2 cached stream + CVE-2019-11714: NeckoChild can trigger crash when accessed off of main + thread + CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a + segmentation fault + CVE-2019-11715: HTML parsing error can contribute to content XSS + CVE-2019-11716: globalThis not enumerable until accessed + CVE-2019-11717: Caret character improperly escaped in origins + CVE-2019-11719: Out-of-bounds read when importing curve25519 private key + CVE-2019-11720: Character encoding XSS vulnerability + CVE-2019-11721: Domain spoofing through unicode latin 'kra' character + CVE-2019-11730: Same-origin policy treats all files in a directory as + having the same-origin + CVE-2019-11723: Cookie leakage during add-on fetching across private + browsing boundaries + CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting + permissions + CVE-2019-11725: Websocket resources bypass safebrowsing protections + CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3 + CVE-2019-11728: Port scanning through Alt-Svc header + CVE-2019-11710: Memory safety bugs fixed in Firefox 68 and Thunderbird 68 + CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, + and Thunderbird 68 + + Fixed CVE issues in upstream version 68.1 (MFSA 2019-20): + CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted + multipart/alternative message + CVE-2019-11746: Use-after-free while manipulating video + CVE-2019-11744: XSS by breaking out of title and textarea elements using + innerHTML + CVE-2019-11742: Same-origin policy violation with SVG filters and canvas + to steal cross-origin images + CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB + CVE-2019-11743: Cross-origin access to unload event attributes + CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, + Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 + + Fixed CVE issues in upstream version 68.1.1 (MFSA 2019-32): + CVE-2019-11755: Spoofing a message author via a crafted S/MIME message + + * [9342624] rebuild patch queue from patch-queue branch + added patches: + debian-hacks/Set-program-name-from-the-remoting-name.patch + debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch + debian-hacks/Work-around-Debian-bug-844357.patch + fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch + fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch + fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch + porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch + + removed patch (fixed upstream): + porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch + porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch + + * [25cb500] d/control: increase various versions in B-D + * [ee5b713] d/control: remove B-D on librust-cbindgen-dev + Use librust-toml-dev instead, we only need some files from this package, + librust-cbindgen-dev is a metapackage which is broken while packaging. + * [442a6b1] d/rules: work around cargo needs a HOME dir + * [4894a4c] d/control: increase Standards-Version to 4.4.0 + No further changes needed. + * [bb47b68] d/control: update upstream homepage for Thunderbird + Since some time Mozilla Thunderbird has a new homepage placed on URI + https://www.thunderbird.net/ + * [a3b680e] d/source.filter: update the filter sequences + New Thunderbird upstream versions bringing some new unwanted files within + the source. + * [7290ff4] d/control: remove transitional lightning l10n packages + The Lightning l10n packages moved into transitional packages before Buster + was released, now after the Buster release removing these transitional + packages. All required l10n files are available in the packages + thunderbird-$(locale) even for Lightning. + * [3d1d27d] enigmail: increase minimal usable version + Thunderbird 68.x needs at least Enigmal in version 2.1, but increase the + version on Enigmail to the most recent version which is released while + packaging. + * [66069d9] calendar-exchange-provider: removed from Breaks + This package isn't alive in unstable and testing. + * [3b9f936] d/control: remove Xb-Xul-AppId field + Thunderbird don't has any Xul based AddOns since version 68.0 + * [7d8cd7d] lintian-overrides: remove not needed overrides + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 28 Sep 2019 15:38:28 +0200 + +thunderbird (1:68.0~b1-1) experimental; urgency=medium + + * [0eabe70] New upstream version 68.0~b1 + * [2febf67] rebuild patch queue from patch-queue branch + added patch: + debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch + * [cfa5973] d/s/lintian-overrides: adjust overrides for needed files + * [46077e2] d/copyright: update after upstream changes + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 16 Jun 2019 10:28:52 +0200 + +thunderbird (1:67.0~b3-1) experimental; urgency=medium + + [ intrigeri ] + * [9ad75ad] d/rules: drop useless usage of dpkg-parsechangelog + + [ Carsten Schoenert ] + * [d6f6747] New upstream version 67.0~b3 + * [90f73be] rebuild patch queue from patch-queue branch + removed patch: + fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch + * [7dd5c54] d/control: increase various B-D versions + Increasing the version for the build depending packages of cargo, cbindgen, + libnspr4-dev, libnss3-dev, libsqlite3-dev and rustc. + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 11 Jun 2019 19:36:00 +0200 + +thunderbird (1:66.0~b1-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [afe31d9] New upstream version 66.0~b1 + * [4ec53cc] apparmor: update profile from upstream (commit 7ace41b1) + (cherry-picked from debian/sid) + * [b3657a0] d/rules: make dh_clean more robust + Remove some regenerated files in dh_clean to the build will not fail in + case the build needs to be started twice within the same build environment. + (cherry-picked from debian/sid) + * [dceb027] d/rules: move disable debug option into configure step + Adding the option '--disable-debug-symbols' to the file mozconfig.default + in case the build is running on a 32bit architecture instead of expanding + the variable 'CONFIGURE_FLAGS'. The configuration approach for this option + taken from firefox-esr was not working for the thunderbird package. + (cherry-picked from debian/sid) + * [f7f02a9] d/rules: reorder LDFLAGS for better readability + Make the used additional options for LDFLAGS better readable by reordering + the various used options. Also adding the option '-Wl, --as-needed' to the + list of used options here. + (cherry-picked from debian/sid) + * [79801fb] d/rules: use 'compress-debug-sections' only on 64bit + Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets + use this option only if we are on a 64bit architecture as otherwise the + build is failing on 32bit architectures again. We don't want to build any + debug information on 32bit anyway so we don't need this option on these + platforms. + (cherry-picked from debian/sid) + * [11f9e14] d/mozconfig.default: adding option for mipsel + We don't have set up any options for the mipsel platform before, but the + build needs some additional options too on this platform to succeed. + (cherry-picked from debian/sid) + * [e46e178] d/mozconfig.default: disable ion on mips and mipsel + The build will fail on mips{,el} if we have enabled ION, the JavaScript + JIT compiler on these platforms will loose some performance by this. + (cherry-picked from debian/sid) + + [ Alexander Nitsch ] + * [31b87e9] Make the logo SVG square + The original SVG source isn't completely square, modifying the SVG file + so all generated other files from the input are also exactly square. + * [c0f19a3] Add script for generating PNGs from logo SVG + * [c153c5f] Update icon PNGs to be properly scaled + + [ Carsten Schoenert ] + * [c372e1f] d/source.filter: add some configure scripts + Filter out some files that are named 'configure', they are rebuild later + anyway. The filtering of these files is moved from gbp.conf to + source.filter. + (cherry-picked from debian/sid) + * [a40c5df] d/c-lightning-l10n-t.sh: drop version checking + Remove an old check for a version string within the file install.rdf. + It's not created any more by upstream since > 60.0. + * [05b325e] d/source.filter: don't ignore files in root folder + Try to not ignore files which are in the top root folder of the upstream + source tarball. + * [d2ca267] rebuild patch queue from patch-queue branch + added patch: + fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch + + modified (refreshed) patches: + porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch + porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch + porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch + porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch + porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch + porting-m68k/Add-m68k-support-to-Thunderbird.patch + + removed patches (applied upstream): + fixes/Fix-big-endian-build-for-SKIA.patch + porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch + porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch + * [cb1dde9] d/control: increase version in B-D for libsqlite3-dev + * [54e8890] d/mozconfig.default: add new configure option + We need to disable the usage of libav1 for an successful build. The used + configure option was added by the new added patch to the patch queue. + * [ecd3ade] d/copyright: update after upstream changes + * [af58ed8] d/source.filter: add extra content to ignore + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 17 Feb 2019 10:58:46 +0100 + +thunderbird (1:65.0~b1-1) experimental; urgency=medium + + * [e5956ef] Merge tag 'debian/1%60.4.0-1' into debian/experimental + * [389748b] d/source.filter: adjust files to filter while repack + Rework of the file filter list due new upstream version but also to no + filter out files we obviously need later, e.g. for the omni.jar archive. + * [4b86a78] New upstream version 65.0~b1 + * [3db29ed] rebuild patch queue from patch-queue branch + removed patches (fixed upstream): + debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch + debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch + fixes/Build-also-gdata-provider-as-xpi-file.patch + fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch + porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch + porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch + porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch + + removed patches (dropped for Debian specific build): + debian-hacks/Don-t-build-testing-suites-and-stuff.patch + debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch + adjusted patches: + + debian-hacks/Add-another-preferences-directory-for-applications-p.patch + debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch + patches/fixes/Fix-big-endian-build-for-SKIA.patch (but currently disabled) + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch + porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch + * [e918c6c] d/control: increase versions in B-D + New Thunderbirds version typically need other packages available with + higher versions like NSS, NSPR, rust ... + Also adding cbindgen and nodejs()!!). + * [b6c63bf] d/mozconfig.default: remove dead options + More old configure option are now not available anymore and we need to + drop them. + * [0f959ad] remove GCC specific options + LLVM's clang is now widely used, and clang isn't knowing the GCC options + '-fno-schedule-insns2' and '-fno-lifetime-dse', removing these options + from CFLAGS and CXXFLAGS. + * [d0b1f4b] d/rules: work around about strong quotings in .mk files + After the configuration of the source some Makefiles in the build folder + 'obj-thunderbird' have a strong qouting on some entries. This will + later provoke a build failure if we don't remove the single quotes + before in the Makefiles. + * [093053e] copyright: update after upstream changes + * [95eaacf] d/s/lintian-overrides: adjust overrides for needed files + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 20 Jan 2019 15:48:06 +0100 + +thunderbird (1:60.4.0-1) unstable; urgency=medium + + * [2e5a9d0] d/control: don't hard code LLVM packages in B-D + (Closes: #912797) + * [3aaa4a6] New upstream version 60.4.0 + No MFSA published yet by Mozilla Security while packaging this version. + (Closes: #913645) + * [12d3be3] debian/control: increase Standards-Version to 4.3.0 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 24 Dec 2018 17:04:10 +0100 + +thunderbird (1:60.3.1-1) unstable; urgency=medium + + * [e1b489a] New upstream version 60.3.1 + * [f376b38] lightning: use ${source:Version} in Breaks and Recommends + (Closes: #914175) + * [7e560b3] Revert "lintian: adding a semi automated lintian-override" + The override about a misspelled word Synopsys isn't needed any more. + * [893c0e6] rebuild patch queue from patch-queue branch + modified patches: + debian-hacks/Don-t-build-testing-suites-and-stuff.patch + debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch + * [20d8827] d/source.filter: update the filter sequences + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 25 Nov 2018 10:02:50 +0100 + +thunderbird (1:60.3.0-1) unstable; urgency=medium + + [ intrigeri ] + * [7949b31] AppArmor: update profile from upstream at commit f3d9a8b + (Closes: #903898) + * [e31dc14] AppArmor: update profile from upstream at commit 81c9457 + (Closes: #908206) + + [ Carsten Schoenert ] + * [0dcbe22] d/control: add xul-ext-gnome-keyring to Breaks for thunderbird + (Closes: #907979) + * [65db00d] armel: adding extra LDFLAGS so rust compiler isn't confused + The settings that are builtin within rust are conflicting with the GCC. + * [9c65884] New upstream version 60.3.0 + Fixed CVE issues in upstream version 60.3.0 (MFSA 2018-28) + CVE-2018-12392: Crash with nested event loops + CVE-2018-12393: Integer overflow during Unicode conversion while loading + JavaScript + CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and + Thunderbird 60.3 + CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, + and Thunderbird 60.3 + * [8726bb1] rebuild patch queue from patch-queue branch + removed patches (included upstream) + fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch + fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch + fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch + porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 01 Nov 2018 12:19:34 +0100 + +thunderbird (1:60.2.1-1) unstable; urgency=medium + + * [ba75ca3] logo: move old TB graphics into dedicated folder + * [ba47234] logo: adding new TB icon *.png graphics + Like Firefox Thunderbird has also got a reworked logo. As we use some own + icon created from a SVG graphic this commit adds the new icons in the + various sizes. The source of the SVG graphic is taken from + https://demo.identihub.co/thunderbird#/view/icon/element/612 + (Closes: #909108) + * [0b16a87] d/source.filter: don't remove react files from source + (Closes: #909046) + * [d01dfd6] rebuild patch queue from patch-queue branch + added patches: + fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch + fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch + fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch + fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch + (Closes: #909628, #909039, #906816) + * [bf64065] New upstream version 60.2.1 + Fixed CVE issues in upstream version 60.2.1 (MFSA 2018-25) + CVE-2018-12377: Use-after-free in refresh driver timers + CVE-2018-12378: Use-after-free in IndexedDB + CVE-2018-12379: Out-of-bounds write with malicious MAR file + CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 + CVE-2018-12385: Crash in TransportSecurityInfo due to cached data + CVE-2018-12383: Setting a master password post-Firefox 58 does not delete + unencrypted previously stored passwords + * [b4712af] rebuild patch queue from patch-queue branch + removed patches (fixed upstream): + fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch + * [79057f6] d/control: make lightning-l10n packages transitional + The l10n content for Lightning and a specific language is now much more + related to the Thunderbird l10n content. By this the existing lightning + l10n packages are not really useful any more as we move the Lightning + l10n content into the respective Thunderbird l10n package a we need to + turn the existing Lightning l10n packages into transitional packages. + * [a0ac3b7] d/control: adding Replaces, Breaks, Provides to thunderbird-l10n-* + Related to the previous commit the Thunderbird l10n packages need some + more fields in the control file so the transition from lightning-l10n into + thunderbird-l10n can work. + * [c82ee7c] d/rules: install lightning l10n into thunderbird-l10n-* packages + The content for the lightning l10n stuff needs now to be installed into + thunderbird-l10n packages. + * [72cd535] d/control: add thunderbird-l10n-cy + Oops, seems like we never have introduced this language for Thunderbird + before. Now required to provide the l10n content for Lightning. + * [510bea6] d/thunderbird-wrapper.sh: improve GDB switch + Since TB 60 upstream isn't installing the old wrapper script + run-mozilla.sh any more. By this we need to adjust our starting wrapper + so the call to start Thunderbird within the GDB debugger is working. + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 05 Oct 2018 17:43:49 +0200 + +thunderbird (1:60.0-3) unstable; urgency=medium + + * [daa0dd7] locale: use 'intl.locale.requested' correctly + Thanks to hint from Sven Joachim we can use the preference setting + 'intl.locale.requested' in way that users don't need to use this setting + within their prefs.js to control the language of the Thunderbird UI. + 'intl.locale.requested' is somehow the successor of 'intl.locale.matchOS'. + (Closes: #908034) + * [f8ac1b2] debian/control: increase Standards-Version to 4.2.1 + No further changes needed. + * [a001579] d/control: remove empty 'Replaces' in thunderbird-l10n-da + We can remove that line of Replaces without any key. + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 06 Sep 2018 18:46:31 +0200 + +thunderbird (1:60.0-2) unstable; urgency=medium + + [ Carsten Schoenert ] + * [71ac5e7] rebuild patch queue from patch-queue branch + added patches: + porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch + porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch + porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch + * [d94e5dc] d/control: B-D on {lib}clang-6.0* and llvm-6.0-dev + (Closes: #906707) + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 20 Aug 2018 17:57:07 +0200 + +thunderbird (1:60.0-1) unstable; urgency=medium + + [ Cyril Brulebois ] + * [4f1fcd4] Bump B-D libsqlite3-dev version + Upstream requires a more recent version that is already available in + unstable but not in Stretch later e.g. + * [5a790c2] Add libicu-dev to Build-Depends (required for icu-i18n.pc) + This package was pulled from some other package already but we need this + explicit now again as we don't use the internal ICU version any more. + * [8c86207] Bump libhunspell-dev version + The same as for libsqlite3-dev, adding the correct B-D version. + (Closes: #905465) + + [ Carsten Schoenert ] + * [901f257] New upstream version 60.0 + Fixed CVE issues in upstream version 60.0 (MFSA 2018-19) + CVE-2018-12359: Buffer overflow using computed size of canvas element + CVE-2018-12360: Use-after-free when using focus() + CVE-2018-12361: Integer overflow in SwizzleData + CVE-2018-12362: Integer overflow in SSSE3 scaler + CVE-2018-5156: Media recorder segmentation fault when track type is + changed during capture + CVE-2018-12363: Use-after-free when appending DOM nodes + CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins + CVE-2018-12365: Compromised IPC child process can list local filenames + CVE-2018-12371: Integer overflow in Skia library during edge builder + allocation + CVE-2018-12366: Invalid data handling during QCMS transformations + CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming + CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, + and Thunderbird 60 + CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, + Firefox ESR 52.9, and Thunderbird 60 + * [44ab834] rebuild patch queue from patch-queue branch + removed patches (applied upstream): + porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch + porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch + porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch + * [3168b29] debian/control: increase Standards-Version to 4.2.0 + No further changes needed. + * [f2f206e] d/rules: use MOZ_LANGPACK_ID instead of hard coding + * [996352a] d/rules: ensure l10n MOZ_LANGPACK_ID matches variable from + makefile + Previous beta versions for the thunderbird-l10n data have used + '@firefox.mozilla.org' within their application.id setting. Thunderbird + now expects '@thunderbird.mozilla.org' instead. Make the build more + flexible so we can detect mismatches here. + (Closes: #906176) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 19 Aug 2018 11:32:11 +0200 + +thunderbird (1:60.0~b10-1) experimental; urgency=medium + + [ intrigeri ] + * [596869d] AppArmor: update profile from upstream (at commit edc9487) + (Closes: #901471) + + [ Carsten Schoenert ] + * [57195ff] New upstream version 60.0~b10 + * [770c9a6] rebuild patch queue from patch-queue branch + added patches: + porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch + porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch + porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch + porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch + * [7fa6ebd] debian/control: increase Standards-Version to 4.1.5 + No further changes needed. + * [22e701c] c-l-l10n-t.sh: adjust the path to the python helper + Adjust the shell script helper to use the changed path to makeversion.py. + * [90a1d9e] sticky prefs: use the new syntax in vendor.js + The syntax for locked preferences has been changed a while ago, it's + time to adjust the entry within vendor.js to disable automatic updates + for AddOns. + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 12 Jul 2018 17:52:27 +0200 + +thunderbird (1:60.0~b9-2) experimental; urgency=medium + + [ intrigeri ] + * [eb7cb44] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" + * [4cd8baf] AppArmor: update profile from upstream + (Closes: #900840) + * [807eb99] AppArmor: update profile from upstream (at commit 104da32) + + [ Carsten Schoenert ] + * [c980546] rebuild patch queue from patch-queue branch + added patch: + porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 01 Jul 2018 19:15:00 +0200 + +thunderbird (1:60.0~b9-1) experimental; urgency=medium + + * [be64a3e] d/source.filter: update due upstream changes + Writing the import filter file source.filter mostly complete new from + scratch. Needed because upstream has changed the structure of the source + completely. + * [c4b9113] New upstream version 60.0~b9 + * [3dc900a] rebuild patch queue from patch-queue branch + Related to the changed source structure the patches for the patch queue + needs to be adjusted to the new folders and their structure. Thanks to + git this wasn't that painful as git did all of the job. Two new patches + are needed to add. + added patches: + fixes/Build-also-gdata-provider-as-xpi-file.patch + debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch + * [e50ae04] d/rules: remove references to folder 'mozilla' + To get the source built some targets in debian/rules are needed to be + modified. All references to the old used folder 'mozilla/' are removed + now. + * [a650500] ICU: don't build the Paragraph Layout library + Disable the build of the Paragraph Layout library, we don't need them if + we need to built the ICU stuff. Cherry-picked from current ESR 52 + packaging. + * [977b7fe] d/mozconfig.default: use the ICU package from system + The Debian packages of icu are recent enough so we don't need to build + own dedicated ICU binaries. + * [0c7ed7e] adjust the configuration of the built + Because of the modified source structure some more adjustments are needed + while going through the built targets like different paths, and built + calls of the Thunderbird source. + * [1c09011] adjust the install temporary folder + Upstream is now wrapping all internal make calls through a Python wrapper + called 'mach'. This also involves a changed behavior for installing the + Thunderbird files into the temporary folder we later use by the debhelper + sequencer. + * [bfbc9ca] d/s/lintian-overrides: update content due changed source.filter + The modified file debian/source.filter make some adjustments needed in + the lintian-overrides file for the source files related part. + * [44a4c5a] d/thunderbird.lintian-overrides: update after config changes + Like before some adjustments are needed for the lintian override rules + for the source files. + * [dd48091] d/copyright: adjust the content due folder changes + And one more file that needs to be adjusted due the changed source files. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 01 Jul 2018 16:12:33 +0200 + +thunderbird (1:60.0~b6-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [3d91710] create-lightning-l10n: adjust folder structure + To build more easy lightning-l10n packages let's modify the helper script + for building the additional tarball. Change the content structure so we + can simple copy the needed l10n stuff into the l10n packages. + * [f1d6031] New upstream version 60.0~b6 + * [6643c31] Revert the linking into /u/l/tb/d/extensions + Thunderbird in Debian won't detecting extension which are placed in + /usr/lib/thunderbird/distribution/extensions, going back to the old + folder /usr/lib/thunderbird/extensions to link extensions into + Thunderbird. + * [26549a3] lightning: turning package into Architecture all + Change the architecture for the lightning package from 'any' to 'all'. + Lightning is only build by Javascript, CSS, JSM and other text based + files and we don't need to build and install it as a architecture + dependent package. + * [86cd48f] mozconfig.default: disable webrtc build and inclusion + Let's drop the build of support for WebRTC, Thunderbird isn't able to use + this as there is no component which is depending on this. The chat + component would be a potential use case but right now it lacks any + functionality by webrtc features. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 05 May 2018 13:56:36 +0200 + +thunderbird (1:60.0~b5-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [b8625ea] New upstream version 60.0~b5 + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 28 Apr 2018 19:15:07 +0200 + +thunderbird (1:60.0~b4-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [62ae939] New upstream version 60.0~b4 + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 23 Apr 2018 18:19:11 +0200 + +thunderbird (1:60.0~b3-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [94f8505] debian/control: increase Standards-Version to 4.1.4 + No further changes needed.f2f206eb34a619f7a684d1216fcd918454135d41 + * [3ba10c6] rebuild patch queue from patch-queue branch + added patches: + porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch + fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch + fixes/Fix-big-endian-build-for-SKIA.patch (re-added) + Thanks Andreas Glaubitz for providing these patches! + * [dabf294] New upstream version 60.0~b3 + * [24f8a38] re-enable usage of lib{nspr4,nss3}-dev while built + The available versions of these libraries now recent enough so we can + drop the usage of the embedded code copies. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 15 Apr 2018 12:47:43 +0200 + +thunderbird (1:60.0~b2-1) experimental; urgency=medium + + [ Agustin Henze ] + * [3639717] apparmor: allow access to @{HOME}/.gnupg/tofu.db + (Closes: #894907) + + [ intrigeri ] + * [3895bba] AppArmor: fix empty black windows in Thunderbird 58+ + (Closes: #887973) + * [353ca25] AppArmor: update profile from upstream + (Closes: #882048, #882122) + + [ Carsten Schoenert ] + * [37e0bbe] New upstream version 59.0~b1 + * [d75c4be] rebuild patch queue from patch-queue branch + added patches: + fixes/Fix-build-against-libcairo2-dev-1.15.10.patch + patches/fixes/Fix-big-endian-build-for-SKIA.patch + + removed patches: + debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch + fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch + thunderbird/Thunderbird-fix-installdir-for-icons.patch + * [9615d6a] New upstream version 60.0~b1 + * [431006c] d/source.filter: update due upstream changes + Update the list of files we filter out, Upstream added various new files + mostly used for auto-testing we don't use. + * [2cb4635] d/s/lintian-overrides: remove entries about brace expansion + We can remove the override about brace expansion in dh sequencer files. + * [4c9f185] debian/rules: using 'rm -f' because probably non existing files + The file app.ini isn't existing in some l10n folders for lightning, + simply use '-f' for convenience. + * [ed00442] debian/rules: fix typo to grep app ID of calendar-g-p + * [4a993c5] adding additional packages to Breaks with thunderbird + The packages calendar-exchange-provider and enigmail + xul-ext-sogo-connector aren't compatible to the webextension interface + and we need to add a versioned Breaks. + * [9bd8286] adjust Breaks for enigmail + Also enigmail needs an adjusted version for Breaks. + * [24382c2] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7" + (Closes: #892404) + * [f0ac8a5] rebuild patch queue from patch-queue branch + removed patches: + debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch + debian-hacks/remove-non-free-W3C-icon-valid.png.patch + fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch + fixes/Fix-build-against-libcairo2-dev-1.15.10.patch + + modified patches: + debian-hacks/Build-against-system-libjsoncpp.patch + debian-hacks/Don-t-build-testing-suites-and-stuff.patch + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + * [6ab35ad] d/mozconfig.default: don't use nspr and nss from system + We need to switch back to the embedded source for NSS and NSPR, the + versions in unstable aren't usable. + * [055ed65] d/mozconfig.default: remove no longer alive option + The option '--enable-system-cairo' is gone with TB 60. + * [663d6f1] lightning-l10n-bn-bd: remove Bengali (Bangladesh) l10n package + * [02b21cb] lightning-l10n-pa-in: remove Punjabi (India) l10ng package + * [0cc0b5d] lightning-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package + * [62f23a5] thunderbird-l10n-bn-bd: remove (Bangladesh) l10n package + * [61bfdf4] thunderbird-l10n-pa-in: remove Punjabi (India) l10n package + * [a361750] thunderbird-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package + * [8ba5b0d] debian/control: add new packages for *-kk language + * [e4280ac] debian/control: add new packages for *-ms language + * [aaef9fe] adjust Vcs fields to salsa.debian.org + * [144c492, 009b145] debian/copyright: update after upstream changes + Upstream removed some files/folders, which reflects in needed adjustments + for the copyright file. + * [3623f84] d/thunderbird.lintian-overrides: add libnspr4.so and libnss3.so + We now need to ship (again) embedded libraries for NSPR and NSS. + * [0d3de65] lightning: move linking into /u/l/tb/distribution/extensions + Following upstream with the folder for the Lightning to not differ. + * [4d6cefe] New upstream version 60.0~b2 + * [e1c40a7] rebuild patch queue from patch-queue branch + removed patches: + fixes/Fix-big-endian-build-for-SKIA.patch + * [4834a1d] add entries to README and NEWS for thunderbird + Adding notes about the current situation foe the l10n packages and their + integration into the UI of Thunderbird and Lightning. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 07 Apr 2018 11:12:37 +0200 + +thunderbird (1:58.0~b3-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [d114338] d/source.filter: update due upstream changes + Update the filtering list for excluding some unwanted source files as + usual while preparing new major upstream versions. + * [91d23a9] New upstream version 58.0~b3 + * [f34e555] rebuild patch queue from patch-queue branch + added patches: + debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch + debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch + debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch + fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch + + modified patches: + debian-hacks/Build-against-system-libjsoncpp.patch + debian-hacks/Don-t-build-testing-suites-and-stuff.patch + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + porting-m68k/Add-m68k-support-to-Thunderbird.patch + porting-sh4/Add-sh4-support-to-Thunderbird.patch + porting/Disable-optimization-on-alpha-for-the-url-classifier.patch + prefs/Don-t-auto-disable-extensions-in-system-directories.patch + prefs/Set-javascript.options.showInConsole.patch + + obsolete patches (included somehow or fixed upstream): + debian-hacks/Force-use-the-i686-rust-target.patch + porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch + patches/porting-alpha/fix-FTBFS-on-alpha.patch + patches/porting-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch + patches/porting-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch + porting-kfreebsd-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch + porting-mips/FTBFS-mips-add-missing-char-variable.patch + porting/ppc-fix-divide-page-size-in-jemalloc.patch + thunderbird-l10n/thunderbird-l10n-disable-external-extension-update.patch + * [bd45d47] debian/control: adding new Build-Depends + Since this is the first version > 52 we need now cargo, clang, rustc and + llvm development files. + * [c63a03f] d/mozconfig.default: remove no longer alive options + Some old options like --disable-gnomeui, --enable-gio, and + --with-default-mozilla-five-home are history now. + * [609dbbe] l10n lightning: modify script to work with recent version + We still need to use the shellscript create-lightning-l10n-tarball.sh + (and also *-thunderbird-l10n-*) to create the additional tarballs. + * [2f276b7] thunderbird-l10n: change tb-l10n package installation + Due the changed structure from upstream for the thunderbird l10n files + the packaging needs also to be adopted. + * [ee476f8] d/thunderbird.install: update install sequencer file + Also small adjustments are needed for the installation of the thunderbird + binary files. The old script run-mozilla.sh (which we didn't have used + within the Debian packaging) isn't shipped now, and there is now a new + folder gtk2 which includes the libmozgtk library linked against GTK2. + * [ced9d18] thunderbird-dev: remove the package and adjustments on this + The complete content that was packaged previously in thunderbird-dev + isn't created and installed now. Thus makes the old package + thunderbird-dev obsolete. + * [484a142] autopkgtests: disable tests around thunderbird-dev + Disable all autopkgtests which have used thunderbird-dev. + * [0aa2546] switch to system libraries back + We can now use the system libararies libnspr4, libnss3 and libsqlite3 + again, the version of libicu is still to old for usage within the + package build. + * [858ae82] d/control: thunderbird, remove variable ${gnome:Depends} + * [7c3a258] d/control: lightning, remove variable ${shlibs:Depends} + * [aabf0d4] debian/source/lintian-overrides: update entries + * [94b00db] debian/control: increase Standards-Version to 4.1.3 + No further changes needed. + * [245e8c2] debian/copyright: update after upstream changes + Also almost needed with new major upstream versions reflect the + changes from upstream in the copyright file. + * [72507b2] d/control: enigmail < 1.9.9 isn't working with TB > 55 + Due the new plugin interface some old plugins doesn't work with this + thunderbird version anymore, or behaving unexpected. Enigmal is one of + the this (known) plugins which needs to be at least in version 2.0a2pre + installed to work with Thunderbird. + * [6cf0133] lightning-l1on: change l10n installation + Related to [4abc7f2] the various thunderbird-l10n packages need to be + installed differently to old package installations. + * [6af7054] calendar-google-provider: tweak installation a bit + More a hack but the Mozilla plugin installation by mozilla-devscripts + isn't prepared for the new webextension logic by Mozilla. Symlinking the + c-g-p plugin for now directly from the thunderbird extension folder. + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 21 Jan 2018 14:03:39 +0100 + +thunderbird (1:52.9.1-1) unstable; urgency=high + + [ intrigeri ] + * [1259eaa] AppArmor: update profile from upstream (at commit edc9487) + (Closes: #901471) + + [ Carsten Schoenert ] + * [d706f5b] debian/control: increase Standards-Version to 4.1.5 + No further changes needed. + * [f5a3eb2] New upstream version 52.9.1 + (Closes: #903160) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 10 Jul 2018 19:40:41 +0200 + +thunderbird (1:52.9.0-1) unstable; urgency=high + + [ intrigeri ] + * [c33dba2] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db" + * [cb64397] AppArmor: update profile from upstream (Closes: #900840) + * [b5d6545] AppArmor: update profile from upstream (at commit 104da32) + + [ Carsten Schoenert ] + * [099b525] d/source.filter: add some more files to filter + There are some more files we want to filter out. + * [376e5f3] New upstream version 52.9.0 + Fixed CVE issues in upstream version 52.9 (MFSA 2018-18) + CVE-2018-12359: Buffer overflow using computed size of canvas element + CVE-2018-12360: Use-after-free when using focus() + CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML + emails + CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward + CVE-2018-12362: Integer overflow in SSSE3 scaler + CVE-2018-12363: Use-after-free when appending DOM nodes + CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins + CVE-2018-12365: Compromised IPC child process can list local filenames + CVE-2018-12366: Invalid data handling during QCMS transformations + CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing + enter in form field + CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, + Firefox ESR 52.9, and Thunderbird 52.9 + * [83a9c9b] rebuild patch queue from patch-queue branch + As we have filtered more files out from the source we need to modify the + list of tests we won't to built while built the source too so a small + adjustment on that. + Also fixing some spelling issues which Lintian has found. + modified patches: + debian-hacks/Don-t-build-testing-suites-and-stuff.patch + porting-alpha/fix-FTBFS-on-alpha.patch + porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch + renamed patches: + Allow-to-override-ICU_DATA_FILE-from-the-environment.patch -> + Allow-one-to-override-ICU_DATA_FILE-from-the-environment.patch + fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch -> + fix-function-nsMsgComposeAndSend-to-respect-ReploToSend.patch + * [d5254e2] Removed unneded lintian override about brace expansion + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 04 Jul 2018 21:44:26 +0200 + +thunderbird (1:52.8.0-1) unstable; urgency=high + + [ intrigeri ] + * [4656ebf] AppArmor: update profile from upstream + (Closes: #882048, #882122) + + [ Agustin Henze ] + * [840cbc8] apparmor: allow access to @{HOME}/.gnupg/tofu.db + (Closes: #894907) + + [ Carsten Schoenert ] + * [514e9e8] New upstream version 52.8.0 + Fixed CVE issues in upstream version 52.8 (MFSA 2018-13) + CVE-2018-5183: Backport critical security fixes in Skia + CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext + attack (aka Efail) + CVE-2018-5154: Use-after-free with SVG animations and clip paths + CVE-2018-5155: Use-after-free with SVG animations and text paths + CVE-2018-5159: Integer overflow and out-of-bounds write in Skia + CVE-2018-5161: Hang via malformed headers + CVE-2018-5162: Encrypted mail leaks plaintext through src attribute + (aka Efail) + CVE-2018-5170: Filename spoofing for external attachments + CVE-2018-5168: Lightweight themes can be installed without user + interaction + CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion + through legacy extension + CVE-2018-5185: Leaking plaintext through HTML forms (aka Efail) + CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, + and Thunderbird 52.8 + (Closes: #898631) + * [7845229] ICU: don't build the Paragraph Layout library + Disable the build of the layout library in the internal ICU build as we + don't need this and can cause build issues. + * [e0a79fc] debian/control: increase Standards-Version to 4.1.4 + No further changes needed. + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 17 May 2018 21:04:15 +0200 + +thunderbird (1:52.7.0-1) unstable; urgency=medium + + * [9eb2692] New upstream version 52.7.0 + Fixed CVE issues in upstream version 52.7 (MFSA 2018-09) + CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList + CVE-2018-5129: Out-of-bounds write with malformed IPC messages + CVE-2018-5144: Integer overflow during Unicode conversion + CVE-2018-5146: Out of bounds memory write in libvorbis + CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, + and Thunderbird 52.7 + CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and + Thunderbird 52.7 + * [a01cf4b] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7" + Switching now back to GCC7 as we don't have any longer issues with + broken visuals in the GUI. + (Closes: #892404) + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 26 Mar 2018 17:21:40 +0200 + +thunderbird (1:52.6.0-1) unstable; urgency=high + + * [97e1cd7] New upstream version 52.6.0 + Fixed CVE issues in upstream version 52.6 (MFSA 2018-04) + CVE-2018-5095: Integer overflow in Skia library during edge builder + allocation + CVE-2018-5096: Use-after-free while editing form elements + CVE-2018-5097: Use-after-free when source document is manipulated + during XSLT + CVE-2018-5098: Use-after-free while manipulating form input elements + CVE-2018-5099: Use-after-free with widget listener + CVE-2018-5102: Use-after-free in HTML media elements + CVE-2018-5103: Use-after-free during mouse event handling + CVE-2018-5104: Use-after-free during font face manipulation + CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right + CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, + and Thunderbird 52.6 + * [0300242] rebuild patch queue from patch-queue branch + Added patch debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch + that fixes the build of the included ICU source against glibc 2.26. + (Closes: #887766) + * [4bf22e0] debian/control: increase Standards-Version to 4.1.3 + No further changes needed. + * [3616443] adjust Vcs fields to salsa.debian.org + The Vcs for Thunderbird packaging live now on Salsa as Alioth will be + shutdown in the future. + * [c2f3e14] lintian: ignore non multiarch install folder for thunderbird.pc + Ignore a lintian warning about unavailable pkg-config file thunderbird.pc + as the ESR versions 52.x are the last series which will have a + thunderbird-dev. The next ESR version will be 60.x which uses + webextension and makes thunderbird-dev obsolete. + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 25 Jan 2018 20:21:10 +0100 + +thunderbird (1:52.5.2-2) unstable; urgency=medium + + [ Carsten Schoenert ] + * [f597157] Revert "d/thunderbird.postinst: reload AA profile on updates" + The trigger automatics for appamor already is handling the + needed reload on profile updates for the applications. + (Closes: #885158) + * [8ebdb96] debian/control: increase Standards-Version to 4.1.2 + No further changes needed. + * [81a8c00] use inverse logic on version for AA profile status check + By this change we don't enforce the disabled profile from the + previous version in some cases and can also handle possible + version strings from -security and -backports. + (Closes: #885157) + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 26 Dec 2017 14:56:40 +0100 + +thunderbird (1:52.5.2-1) unstable; urgency=high + + [ intrigeri ] + * [b791221] AppArmor: support new thunderbird executable path + (Closes: #883561, #884217) + + [ Carsten Schoenert ] + * [1f46308] New upstream version 52.5.2 + Fixed CVE issues in upstream version 52.5 (MFSA 2017-30) + CVE-2017-7829: Mailsploit part 1: From address with encoded null character + is cut off in message header display + CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin + CVE-2017-7847: Local path string can be leaked from RSS feed + CVE-2017-7848: RSS Feed vulnerable to new line Injection + * [0dd21b9] d/thunderbird.postinst: reload AA profile on updates + * [8c57218] don't disable AA profile on package updates + As people want to re-enable the AA profile a update of + thunderbird doesn't have to disable this again. + (Closes: #884191) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 24 Dec 2017 11:30:09 +0100 + +thunderbird (1:52.5.0-1) unstable; urgency=high + + [ intrigeri ] + * [48e6b65] AppArmor: fix the Crash Reporter and avoid noisy denial logs + (Closes: #880953) + * [ad8b3b5] AppArmor: fix compatibility with NVIDIA hardware + (Closes: #880532) + * [d8ff6b6] Disable the AppArmor profile by default + Due the various side effects by the enabled AppArmor profile in + Thunderbird it's currently better for a user experience we + disabling the AppArmor profile for to not get people get mad with + to many broken things. + Users can always enable the profile by themselves again. + (Closes: #882672) + * [e50eac5] README.Debian: document how to opt-in for AppArmor confinement + * [860d325] README.Debian: document how one can debug the AppArmor profile + + [ Guido Günther ] + * [50a8f60] Drop myself from maintainers + Thank you Guido for always helping out if we had some questions! + + [ Carsten Schoenert ] + * [b64509b] New upstream version 52.5.0 + Fixed CVE issues in upstream version 52.5 (MFSA 2017-26) + CVE-2017-7828: Use-after-free of PressShell while restyling layout + CVE-2017-7830: Cross-origin URL information leak through Resource Timing API + CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, + and Thunderbird 52.5 + * [3166018] thunderbird.links: let thunderbird pointing to thunderbird-bin + (Closes: #856492) + * [6fff70c] [buster] tb-wrapper: searching the correct dbgsym package + * [4763ca6] adding a NEWS file for thunderbird package + Giving a note about the now disabled AppArmor profile. + * [0b9d656] disabling crashreporter for now + Also don't build and ship the Crashreporter any more, it's useless + until we can collect all symbols correctly. + * [a285647] move AppArmor specific things into own README file + Put all AppArmor related information into one dedicated file. + * [5d56439] d/thunderbird.js: prepare a line for extra X-Debbugs-Cc + A really old bug report ... building a compromise and put the + requested extra header config into the configuration file but keep + it deactivated as default. + (Closes: #379304) + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 03 Dec 2017 19:58:57 +0100 + +thunderbird (1:52.4.0-2~exp1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [a3e73e9] disable usage of libgnomeui parts + The libgnomeui stuff (only relevant for GTK+2) is deprecated + for a long time and will be removed in buster, and we don't need + this at all. + See https://lists.debian.org/debian-devel/2017/10/msg00299.html + * [9efc5c9] debian/watch: switch to https + * [bd5a635] rebuild patch queue from patch-queue branch + Fixup for [da3c5cc], add ppc64 to the list of BE architectures. + Thanks Adrian Glaubitz for pointing the issue. (Closes: #879270) + * [42f5ab5] apparmor: update profile from upstream (Closes: #876333, #855346) + + [ intrigeri ] + * [d7febc8, b026d28] AppArmor: update profile from upstream + (Closes: #880425, #877324) + * [377e7b5] README.Debian: fixing small typo + * [3b0a63a] AppArmor: fix importing public OpenPGP keys from file + (Closes: #880715) + + [ Carsten Schoenert ] + * [241690e] d/control: s/Icedove/Thunderbird in desc's for lightning-l10n-* + The lightning-l10n package were still using the name 'Icdeove' + instead of 'Thunderbird'. + * [f17f735] debian/control: moving transitional packages at bottom + * [91f9897] autopkg: adjust icedove to thunderbird depends + Now move over to depend in favor of thunderbird for some of + the autopkg tests. + * [8ae2ad7] autopkg: adjust icedove-dev to thunderbird-dev depends + Doing the same as before for thunderbird-dev as the native + replacement for icedove-dev. + * [fa0134c] bump debhelper >= 10.2.5 + * [8752789] debian/rules: try to build extensions reproducible + The two extensions (lightning and calendar-google-provider) + don't build reproducible right now. Trying to fix this by using + the timestamp from the changelog entry for the files. May not + work correctly and we need to tune more. + * [1496368] d/thunderbird.install: also install the fonts folder + Recent versions of Thunderbird needing the font EmojiOne which + isn't provided by any other package. + (Closes: #881299) + + The following changes are take effect in removing all transitional packages + related to the old icedove packaging only for buster. We still need all the + transitional packages in wheezy, jessie and stretch! + * [54c8a9b] [buster] remove transitional iceowl-l10n-* packages + * [c338630] [buster] remove Replace, Breaks and Provides for iceowl-l10n-* + * [4311683] [buster] remove transitional icedove-l10n-* packages + * [f6e3a01] [buster] remove Replace, Breaks and Provides for icedove-l10n-* + * [a9117e4] [buster] remove transitional iceowl-extension package + * [5aed012] [buster] remove Replace, Breaks and Provides for iceowl-extension + * [27fc04b] [buster] remove transitional icedove-dbg package + * [53b4825] [buster] remove transitional icedove-dev package + * [e2d808f] [buster] remove Replace, Breaks and Provides for icedove-dev + * [97edfbe] [buster] remove transitional icedove package + * [3748054] [buster] remove Replace and Breaks for icedove + * [611a704] [buster] move thunderbird-dbg into *-dbgsym package + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 12 Nov 2017 16:01:07 +0100 + +thunderbird (1:52.4.0-1) unstable; urgency=medium + + [ Guido Günther ] + * [da3c5cc] Simplify endianness selection for ICU + Since we need to build ICU on the various Debian releases we + need to ensure the architecture detection isn't to strict. + Thanks Guido for helping out here! + + [ Carsten Schoenert ] + * [47748ca] debian/control: be more relaxed on Breaks for enigmail + * [6a54666] thunderbird-wrapper: fix small typo in help output + A small typo was happen in the example call with the JS console. + * [6d5266e] README.Debian: update info around tls fallback-limit + The default behavior on the TLS fallback has changed some + versions ago, document this accordingly. + * [24ad883] debian/control: change maintainer + Thanks Christoph for the work over the past years! + * [c78200e] debian/control: move src pkg name to thunderbird + By this version we move the source package name also back to + thunderbird. This follows the changes that are already made to + the binary package names and we can call the source package now + also again thunderbird. + (Closes: #857075) + * [c26133d] debian/gbp.conf: rename components to real used names + Due the changes of the source package the names for the + sub-folders within the additional tarballs can also be changed + to be closer on the real upstream used names. + * [a5ce4f7] New upstream version 52.4.0 + (Closes: #878845, #878870) + Fixed CVE issues in upstream version 52.4 (MFSA 2017-23) + CVE-2017-7793: Use-after-free with Fetch API + CVE-2017-7818: Use-after-free during ARIA array manipulation + CVE-2017-7819: Use-after-free while resizing images in design mode + CVE-2017-7824: Buffer overflow when drawing and validating elements with + ANGLE + CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes + CVE-2017-7814: Blob and data URLs bypass phishing and malware protection + warnings + CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters + as spaces + CVE-2017-7823: CSP sandbox directive did not create a unique origin + CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4, + and Thunderbird 52.4 + * [104b4e5] rebuild patch queue from patch-queue branch + * [d63662a] lintian: move oldlibs/extra -> oldlibs/optional + By moving all transitional package to oldlibs/optional we can + help deborphan to detect better not needed packages. + * [fb56001] d/rules: reflect changes from renamed component tarballs + The additional tarballs are stored in folders which reflect + the upstream names of those components. This also needs to be + respected for the build instructions of the package. + * [61288fb] debian/control: change Vcs* fields due the src name change + Addressing the changed source package name in the Git Vcs urls. + * [ef95ab5] debian/control: increase Standards-Version to 4.1.1 + No further changes needed. + * [45e8fe2] apparmor: update profile from upstream + Thanks to Simon Deziel and intrigeri we can simply use the + apparmor profile changes done for the Ubuntu releases. + * [6b1649c] lintian: adding a override for thunderbird-l10n-all + * [ceab93f] debian/README.source: reflect src package name change + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 17 Oct 2017 18:20:29 +0200 + +icedove (1:52.3.0-4) unstable; urgency=medium + + [ Carsten Schoenert ] + * [3ddf57b] rebuild patch queue from patch-queue branch + * [3bd845d] debian/control: increase Standards-Version to 4.1.0 + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 29 Aug 2017 16:17:24 +0200 + +icedove (1:52.3.0-3) unstable; urgency=medium + + [ Carsten Schoenert ] + * [c08f005] rebuild patch queue from patch-queue branch + * [f658cab] debian/rules: enable verbose build for ICU + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 28 Aug 2017 19:44:07 +0200 + +icedove (1:52.3.0-2) unstable; urgency=medium + + [ Carsten Schoenert ] + * [d544a01] debian/rules: correct icu build sequence + + -- Carsten Schoenert <c.schoenert@t-online.de> Tue, 22 Aug 2017 18:57:36 +0200 + +icedove (1:52.3.0-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [8e852be] New upstream version 52.3.0 + Fixed CVE issues in upstream version 52.3 (MFSA 2017-20) + CVE-2017-7800: Use-after-free in WebSockets during disconnection + CVE-2017-7801: Use-after-free with marquee during window resizing + CVE-2017-7809: Use-after-free while deleting attached editor DOM node + CVE-2017-7784: Use-after-free with image observers + CVE-2017-7802: Use-after-free resizing image elements + CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM + CVE-2017-7786: Buffer overflow while painting non-displayable SVG + CVE-2017-7753: Out-of-bounds read with cached style data and + pseudo-elements + CVE-2017-7787: Same-origin policy bypass with iframes through page reloads + CVE-2017-7807: Domain hijacking through AppCache fallback + CVE-2017-7792: Buffer overflow viewing certificates with an extremely + long OID + CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher + CVE-2017-7791: Spoofing following page navigation with data: protocol and + modal alerts + CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP + protections + CVE-2017-7803: CSP containing 'sandbox' improperly applied + CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3, + and Thunderbird 52.3 + * [0b7243b] debian/rules: build icudt5*.dat on our own if needed + If we need to use the internal sources of ICU (triggered by + using --with-system-icu) we need to build the platform depended file + icudt*[b,l].dat before we can call the configure run. + This is needed as Mozilla only ships a precompiled little endian version + of the file icudt*.dat and all platforms with big endianness are failing + later due issues related to the wrong endianness. + * [1964469] debian/mozconfig.default: enable i18n on big endian + * [6b58ac5] debian/control: increase Standards-Version to 4.0.1 + * [e59cf81] rebuild patch queue from patch-queue branch + removed patche(s) (applied upstream): + - fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch + updated/refreshed patches (no changes): + - porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + + [ Simon Deziel ] + * [a574010] apparmor/usr.bin.thunderbird: small update to avoid noise + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 19 Aug 2017 18:27:19 +0200 + +icedove (1:52.2.1-5) unstable; urgency=high + + [ Carsten Schoenert ] + * [133a574] Use gcc-6 and g++-6 due broken GUI with GCC-7 + The usage of the GCC-7 suite introduces a broken GUI currently that make + using thunderbird mostly impossible. + (Closes: #871629) + * [3ebacd1] d/rules: use DEB_* variables for entries from changelog + By using variables that are prepared by dpkg we don't need to manually + search for dates and versions. etc. + * [52c2b83] d/copyright: MPL-1.1 and MPL-2.0 now provided by common-licenses + Since policy 4.0.0 the two Mozilla related licenses are included and don't + need to be added extra. + * [3f37967] adjust X-Debian-Homepage to existing Thunderbird page + * [41b5c03] debian/control: increase Standards-Version to 4.0.0 + * [e3c3994] mozconfig.default: use proper disabled options + * [2d4b846] debian/control: increase Breaks for enigmail version + (Closes: #869789) + + [ John Paul Adrian Glaubitz ] + * [4879401] sh4: disable option --disable-pie (Closes: #867553) + + [ Carsten Schoenert ] + * [2646f3f] autpkgtests: disable the idlTest.sh test case + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 11 Aug 2017 22:02:47 -0400 + +icedove (1:52.2.1-4) unstable; urgency=medium + + [ Guido Günther ] + * [04de899] Don't use different profile folder for jessie and wheezy + + [ Carsten Schoenert ] + * [692d3ce] rebuild patch queue from patch-queue branch (Closes: #867013) + added patch (provided by Adrian): + - porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch + removed patch: + - porting-hurd/FTBFS-hurd-adding-GNU-to-the-configure-platform-detection.patch + (wrong approach, the Python wrapper around configure isn't yet smart enough) + + [ John Paul Adrian Glaubitz ] + * [5153ce2] mips: final fixups to prevent FTBFS + + -- Carsten Schoenert <c.schoenert@t-online.de> Thu, 06 Jul 2017 16:53:30 +0200 + +icedove (1:52.2.1-3) unstable; urgency=medium + + [ John Paul Adrian Glaubitz ] + * [99b323a] d/mozconfig.default: fixups for --without-intl-api + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 01 Jul 2017 10:18:05 +0200 + +icedove (1:52.2.1-2) unstable; urgency=medium + + [ Carsten Schoenert ] + * [e8ce299] disabling ICU support on some big endian systems + This hack should enable at least successful building of all RC platforms + and needs to be solved in a not such agressive way without loosing ICU + support on the problematic platforms. + Thanks John Paul Adrian Glaubitz for catching the root of the issue. + * [a66e812] rebuild patch queue from patch-queue branch + Adding a small needed fix for getting mips* out od FTBFS. Also GNU/Hurd + should pass the configure script now. + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 30 Jun 2017 19:38:28 +0200 + +icedove (1:52.2.1-1) unstable; urgency=medium + + [ Guido Günther ] + * [4e87d6b] d/rules: Make sure DIST is not passed on to configure + + [ Carsten Schoenert ] + * [35b84ef] rebuild patch queue from patch-queue branch + added patches: + - porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch + - porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch + (Closes: #864974) + * [c818874] New upstream version 52.2.1 + (Closes: #861840) + * [8c776c9] Icedove2Thunderbird: add opt out for dialogue pop-up + (Closes: #860381) + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 28 Jun 2017 20:01:44 +0200 + +icedove (1:52.2.0-1) unstable; urgency=medium + + [ Christoph Goehre ] + * [9ebc11d] mozconfig.default: remove configure option + '--disable-methodjit' on armel + This options isn't alive any more and was forgotten to removed on the + previous upload. + [ Simon Deziel ] + * [d8e5d42] usr.bin.thunderbird: merge gpg(1) and gpg2 subprofiles + (Closes: #859179) + * [f18884e] usr.bin.thunderbird: allow accessing gpgconf in gpg subprofile + * [e73afbb] usr.bin.thunderbird: allow accessing any gpg2keys providers + + [ Carsten Schoenert ] + * [066ddb9] mozconfig.default: switch back to internal libjpeg + Going back and using the libjpeg library that's shipped by Mozilla, the + system library probably provoking broken builds on various platforms. + As we prepare the uploads for (old-)stable-security we need to use the + internal libjpeg library at all. + * [ff92bfa] rebuild patch queue from patch-queue branch + modified patches: + - porting-m68k/Add-m68k-support-to-Thunderbird.patch + - porting-sh4/Add-sh4-support-to-Thunderbird.patch + (Closes: #859271, #859508) + * [0a89f76] New upstream version 52.2.0 + Fixed CVE issues in upstream version 52.2 (MFSA 2017-17) + CVE-2017-5472: Use-after-free using destroyed node when regenerating trees + CVE-2017-7749: Use-after-free during docshell reloading + CVE-2017-7750: Use-after-free with track elements + CVE-2017-7751: Use-after-free with content viewer listeners + CVE-2017-7752: Use-after-free with IME input + CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object + CVE-2017-7756: Use-after-free and use-after-scope logging XHR header + errors + CVE-2017-7757: Use-after-free in IndexedDB + CVE-2017-7778: Vulnerabilities in the Graphite 2 library + CVE-2017-7758: Out-of-bounds read in Opus encoder + CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and + other unicode blocks + CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, + and Thunderbird 52 + * [e03380e] rebuild patch queue from patch-queue branch + modified patch: + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 16 Jun 2017 20:37:06 +0200 + +icedove (1:52.1.1-1) experimental; urgency=medium + + [ Guido Günther ] + * [db8d0db] Tighten meta package dependencies + Be more strict on depends and add a version to all related + Thunderbird specific packages. + * [defb689] Copy-edit thunderbird-wrapper-helper.sh + * [54b35d4] Allow one to override the location of the wrapper-helper + Make $TB_HELPER more flexible and give the variable a default value, so a + user can override it with it's own. + * [a187364] dh-exec: avoid multiple spaces around filenames + * [a85bc7a] thunderbird-wrapper: robustness when sourcing helper + * [eee56ab] Drop replaces on packages no longer in any release + + [ Carsten Schoenert ] + * [1d85980] rebuild patch queue from patch-queue branch + added patches: + - porting-mk68/Add-m68k-support-to-Thunderbird.patch + - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch + (Closes: #859151, #859271) + * [2717849] tb-wrapper: call thunderbird starting with exec + (Closes: #858100) + * [8afa31b] d/gbp.conf: adjust upstream branch to new ESR version + * [43d2e70] New upstream version 52.1.1 + Fixed CVE issues in upstream version 52.1 (MFSA 2017-09) + CVE-2017-5413: Segmentation fault during bidirectional operations + CVE-2017-5414: File picker can choose incorrect default directory + CVE-2017-5416: Null dereference crash in HttpChannel + CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf + filter is running + CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization + responses + CVE-2017-5419: Repeated authentication prompts lead to DOS attack + CVE-2017-5405: FTP response codes can cause use of uninitialized values + for ports + CVE-2017-5421: Print preview spoofing + CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one + hyperlink + CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52 + Fixed CVE issues in upstream version 52.1 (MFSA 2017-13) + CVE-2017-5433: Use-after-free in SMIL animation functions + CVE-2017-5435: Use-after-free during transaction processing in the editor + CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 + CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS + CVE-2017-5459: Buffer overflow in WebGL + CVE-2017-5466: Origin confusion when reloading isolated data:text/html URLs + CVE-2017-5434: Use-after-free during focus handling + CVE-2017-5432: Use-after-free in text input selection + CVE-2017-5460: Use-after-free in frame selection + CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing + CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing + CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT + processing + CVE-2017-5441: Use-after-free with selection during scroll events + CVE-2017-5442: Use-after-free during style changes + CVE-2017-5464: Memory corruption with accessibility and DOM manipulation + CVE-2017-5443: Out-of-bounds write during BinHex decoding + CVE-2017-5444: Buffer overflow while parsing application/http-index-format + contents + CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with + incorrect data + CVE-2017-5447: Out-of-bounds read during glyph processing + CVE-2017-5465: Out-of-bounds read in ConvolvePixel + CVE-2016-10196: Vulnerabilities in Libevent library + CVE-2017-5454: Sandbox escape allowing file system read access through + file picker + CVE-2017-5469: Potential Buffer overflow in flex-generated code + CVE-2017-5445: Uninitialized values used while parsing + application/http-index-format content + CVE-2017-5449: Crash during bidirectional unicode manipulation with + animation + CVE-2017-5451: Addressbar spoofing with onblur event + CVE-2017-5462: DRBG flaw in NSS + CVE-2017-5467: Memory corruption when drawing Skia content + CVE-2017-5430: Memory safety bugs fixed in Firefox 53, Firefox ESR 52.1, + Thunderbird 52.1 + CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, + Firefox ESR 52.1, and Thunderbird 52.1 + (Closes: #855344, #495372, #861480, #682208, #698244, #859909, #857593, + #837771) + * [de561ef] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch + - debian-hacks/Build-against-system-libjsoncpp.patch + - debian-hacks/Don-t-build-testing-suites-and-stuff.patch + - debian-hacks/Force-use-the-i686-rust-target.patch + - fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch + (Closes: #826325) + - porting-sh4/Add-sh4-support-to-Thunderbird.patch + (Closes: #859508) + removed patches (obsoleted by upstream changes): + - debian-hacks/Don-t-build-example-component.patch + - debian-hacks/fix-identification-of-ObjdirMismatchException.patch + - fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch + - fixes/Bug-1273020-Add-missing-null-checks-in-ApplicationAccessi.patch + - fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch + - fixes/Bug-1340724-fix-SMTP-server-name-output-in-SMTP-logging.-.patch + - fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch + - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch + - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch + - porting-arm64/Bug-1091515-Don-t-set-64KB-page-size-on-aarch64.-r-glandi.patch + - porting-kfreebsd-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hurd.patch + - porting-kfreebsd-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch + - porting-kfreebsd-hurd/correcting-file-inclusion-for-kfreebsd-and-hurd.patch + - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch + - porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch + - porting-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch + - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch + (unclear state, will be added later again) + - porting/Add-xptcall-support-for-SH4-processors.patch + (Closes: #859362) + - debian-hacks/Move-profile.patch + modified or adjusted patches: + - debian-hacks/changing-the-default-search-engine.patch + - debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch + - icedove-l10n/disable-extension-update-extension-is-managed-by-apt.patch + --> icedove-l10n/thunderbird-l10n-disable-external-extension-update.patch + (renamed to and modified due new languages) + - icedove/fix-installdir.patch + --> debian-hacks/Thunderbird-fix-installdir-for-icons.patch + * [684ad58] d/source.filter: update due upstream changes + * [d005649] debian/control: modify various B-D + * [7a8a98d] debian/rules: add some extra C*FLAGS + Adding '-fno-lifetime-dse' to not enable dead store elimination of + objects within their lifetime, some parts of the source is relying + on the persistent values of such objects. + Some other distributions as Ubuntu, Fedora and Arch e.g. use this flag too + (at least with ESR52) to prevent possible segfaults. + * [56f8f4b] debian/rules: adding hack to preserve correct config.status + * [fb500a6] mozconfig.default: remove no longer existing options + * [c9a3e60] mozconfig.default: some minor adjustments to configure options + * [f584857] mozconfig.default: enable GTK3 theme explicit + (Closes: #857593) + * [3cbe1fb] debian/control: add packages for *-dsb language + * [8317735] debian/control: add packages for *-hsb language + * [39d90c1] debian/control: add packages for *-kab language + * [82b4f50] debian/control: add missing packages for *-ast language + * [0edde96] debian/rules: include also l10n folder with 3 characters + * [47f17a4] lintian-overrides: modify the list for the js files to ignore + * [8872d34] debian/copyright: update after upstream changes + * [6755547] mozconfig.default: use some internal libraries + Use libicu-dev, libnspr4-dev, libnss3-dev, libsqlite3-dev from + shipped source as Stretch versions not recent enough. + * [5b04b32] thunderbird.install: pick up icu*.dat if around + * [edf24d7] debian/control: mark thunderbird-dbg as Multi-Arch: same + * [5d5392b] apparmor/usr.bin.thunderbird: update for version 52 + (cherry-picked from upstream) + (Closes: #859179) + * [f49ad79] apparmor/usr.bin.thunderbird: grant access to commonly used + locations (cherry-picked from upstream) + * [510fd6f] debian/rules: install lightning-l10n files into correct place + * [d70ade4] lightning-l10n: adjust min/max version for ESR 52 cycle + With the new ESR version tweaking the extension version of l10n packages + for lightning > 52.0 and < 52.*. + * [c0dd18f] debian/rules: install icudt5*.dat file more flexible + * [b5136f7] autopkg: improve the output of idlTest.sh + * [7ac04f6] autopkg: add extra test icudatfileTest.sh + + [ Christoph Goehre ] + * [13f5178] lintian-overrides: we build against internal nspr and nss + * [56bbf23] rebuild patch queue from patch-queue branch + added patches: + - porting-sparc64/Add-sparc64-support-to-Thunderbird.patch + (Closes: #859151) + modified patches: + - porting-mk68/Add-m68k-support-to-Thunderbird.patch + -> porting-m68k/Add-m68k-support-to-Thunderbird.patch (renamed) + * [6a7ef60] tests/idlTest.sh: remove duplicated 'done' output + * [42bf8e1] debian/rules: remove duplicate .so files in thunderbird-dev + * [5dc08bc] tests/soSymlinkTest.sh: check for symlinked .so files + + -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 03 Jun 2017 19:54:43 +0200 + +icedove (1:45.8.0-3) unstable; urgency=medium + + [ Carsten Schoenert ] + * [d923505] AppArmor: be more flexible on profile folders + (Closes: #858735, #858737) + * [1e04099] tb-wrapper: use readlink also on ${ID_PROFILE_FOLDER} + (Closes: #858771) + * [9f6b771] tb-wrapper: correct check for -dbg package (Closes: #858804) + * [8b5271a] rebuild patch queue from patch-queue branch + added patches: + - fixes/Bug-1273020-Add-missing-null-checks-in-ApplicationAccessi.patch + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 29 Mar 2017 19:28:32 -0400 + +icedove (1:45.8.0-2) unstable; urgency=medium + + [ Carsten Schoenert ] + * [c2a1d77] tb-helper: pass arguments correctly through tb call + (Closes: #855334) + * [5c49348] rebuild patch queue from patch-queue branch + added patches: + - fixes/Bug-1340724-fix-SMTP-server-name-output-in-SMTP-logging.patch + (Closes: #855470) + * [9d420c0] Revert "register MIME type application/octet-stream for + Thunderbird" (Closes: #857755) + * [c9960e5] tb-helper: pass arguments by using a array to TB call + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 14 Mar 2017 20:37:48 -0400 + +icedove (1:45.8.0-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [3388899] New upstream version 45.8.0 + * [24d25e9] tb-helper*: fix up that silly comments behind the if statement + (Closes: #857029, #857032, #857098, #857112) + * [788b7fa] bash-completion: adding a completion script for /u/b/thunderbird + * [9ac9d07] rebuild patch queue from patch-queue branch + added patches: + - p-arm64/Bug-1091515-Don-t-set-64KB-page-size-on-aarch64.-r-glandi.patch + - p-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch + * [ad0860b] copyright: small updates reflecting upstream changes + + [ Christoph Goehre ] + * [69577cf] lintian: replace hardlink in thunderbird-dev with symbolic link + + -- Christoph Goehre <chris@sigxcpu.org> Thu, 09 Mar 2017 20:24:49 -0500 + +icedove (1:45.7.1-2) unstable; urgency=medium + + [ Christoph Goehre ] + * [5e2c618] crashreporter: build only on amd64, armel, armhf and i386 + * [36a922f] Apparmor: replace '·' with spaces (Closes: #855343) + * [bbbc917] rebuild patch queue from patch-queue branch + added patches: + - p-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch + * [8b5d601] icedove|thunderbird.desktop: update danish (da) translation + + [ Carsten Schoenert ] + * [f8debbd] debian/control: separate transitional mark by extra line + (Closes: #855806) + * [583c798] {tb,id}.maintscript: modify start-version (Closes: #854587) + * [94e557c] thunderbird: adding x11-utils to Depends (Closes: #854488) + * [dc878e7] thunderbird-wrapper.sh: fix command line transfer to TB + (Closes: #855334) + * [9734349] thunderbird helper: split helper function into extra file + (Closes: #855286) + * [3089a97] tb-helper*: wrapping X11 dialog calls + * [e0331e1] tb-helper*: rework option parsing for wrapper script + (Closes: #855872) + * [31d9899] thunderbird.postinst: try to remove empty profile folder + (Closes: #855228) + * [c9e5b70] tb-wrapper*: complete rework and moving over for symlinking + (Closes: #855265, #855391, #855501, #856490) + * [9ef920f] README.Debian: adopt content to current wrapper script behavior + * [4cf88e5] icedove|thunderbird.desktop: adopt binary call + * [101e0ad] tb-helper*: call subfunctions not within the case loop + * [c061107] register MIME type application/octet-stream for Thunderbird + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 06 Mar 2017 20:39:23 -0500 + +icedove (1:45.7.1-1) unstable; urgency=medium + + * Bye-bye Icedove (Closes: #749965, #776359, #816679, #363811) + + [ Carsten Schoenert ] + * [90c0d6f] New upstream version 45.7.1 + * [a6d21de] rebuild patch queue from patch-queue branch + added patches: + - fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch + - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch + - fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch + (Closes: #837177) + removed patches (fixed upstream): + - debian-hacks/icu.m4-adding-extra-bracket-to-not-confuse-grep.patch + * [8572e34] lintian: adding a semi automated lintian-override + * [aa2bda2] crashreporter: enable the reporter for thunderbird + * [b96ae57] move icedove.desktop into package icedove + (Closes: #850865, #851829) + * [304921f] debian/rules: set SHELL explicit to /bin/bash (Closes: #852867) + * [072b899] thunderbird: adding extra check while migration + * [284912d] debian/README.Debian: update after recent changes + * [6dc7e32] icedove-l10n-bn-bd: fix typo in Depends field (Closes: #854135) + * [c5d4bf5] {tb,id}.maintscript: modify start-version (Closes: #854587) + * [f3d64ae] thunderbird-wrapper.sh: adding extra information window + (Closes: #854488) + * [6b432c7] README.Debian: hint about issue in global configuration + + [ Douglas Bagnall ] + * [e2c8a23] Apparmor: allowing exo-open-ixr launcher (Closes: #853929) + + [ Christoph Goehre ] + * [ef36e0b] thunderbird-wrapper.sh: fix typos + * [f98d5d1] thunderbird-wrapper.sh: add small changes from Guido and Carsten + * [7dd6841] README.Debian: fix/correct spelling + * [e038694] debian/control: remove depends-on-essential-package 'sed' + + [ Jens Reyer ] + * [ea58e17] thunderbird-wrapper.sh: add extra function for migration + (Closes: #849592) + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 14 Feb 2017 18:46:23 -0500 + +icedove (1:45.6.0-3) experimental; urgency=medium + + [ Carsten Schoenert ] + * [78b3296] rebuild patch queue from patch-queue branch + added patch: + - debian-hacks/icu.m4-adding-extra-bracket-to-not-confuse-grep.patch + * [a272f85] thunderbird-wrapper.sh: also migrate mimeapps.list + (Closes: #850864) + * [3d4e303] icedove.desktop: don't use categories and mimetypes + (Closes: #850866) + * [db15d43] icedove: link icedove to thunderbird + * [59a9e05] debian/control: change Replaces and Breaks versions + + [ Christoph Goehre ] + * [55cce4a] thunderbird-wrapper.sh: remove 'set -e' + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 17 Jan 2017 18:26:06 -0500 + +icedove (1:45.6.0-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [26f8f2d] New upstream version 45.6.0 + * [15b7797] iceowl-l10n-*: rearrange Recommends field for various packages + (Closes: #824727, #824750, #824763, #824764, #824768, #824780) + * [3f75b56] debian/vendor.js: adjust to new version related wiki site + * [6bd7f89] d/c-id-l10n: adjusting download URL for stable versions + * [f15d1a2] icedove-l10n-all: change Section into metapackages + (Closes: #824785) + * [25c3ba1] debian/README.source: info about import of multitarballs + * [3ebcf59] debian/control: adding Recommends to icedove-l10n-uk + (Closes: #825806) + * [3e57d5e] debian/control: Icedove, adding dependency on libatk-adaptor + * [e19c59d] debian/control: rework Recommends for icedove-l10n-* + * [4741d80] debian/control: small fixup Recommends on iceowl-l10n-* + * [f9f5193] debian/control: sort iceowl-l10n-* alphabetical + * [5220187] de-branding: move iceowl* back to lightning* + * [6e28ce5] de-branding: remove Icedove naming from icedove-l10n* + * [3dc3b4b] de-branding: remove Icedove branding in the main binary + * [8b715cf] de-branding: remove hard name branding in addon managger + * [9f609fa] de-branding: adopting dh files for icedove package + * [caba322] de-branding: adopting dh files for icedove-dev package + * [6538f66] de-branding: change debian/rules to reflect appname change + * [871588d] de-branding: adopting dh files for iceowl-extension package + * [a0b20e7] debian/tests/*: adopt change of the binary icedove + * [29025cc] de-branding: adjust icedove-l10n installation folder + * [2b8dd99] de-branding: adjust iceowl-l10n installation folder + * [1f3043c] de-branding: remove the Debian visual branding + * [272e420] de-branding: removing icedove branding files and folder + * [093bc58] de-branding: revitalize *.desktop file with Thunderbird + * [4a35d9d] de-branding: move iceowl-l10n-* into lightning-l10n-* + * [68d8d79] de-branding: adding transitional iceowl-l10n packages + * [4b2febd] de-branding: adding 'Breaks', 'Replaces', 'Provides' to + lightning-l10n-* + * [9cdb427] de-branding: rework d/r to reflect changes for lightning-l10n + * [ec3b427] de-branding: move icedove-l10n-* into thunderbird-l10n-* + * [387bfa2] de-branding: adding transitional icedove-l10n packages + * [f3cfecb] de-branding: adding 'Breaks', 'Replaces', 'Provides' to + thunderbird-l10n-* + * [03b222e] de-branding: rework d/r to reflect changes for thunderbird-l10n + * [0c9a6ab] de-branding: (re)adding a wrapper script for TB starting + * [f9c8aef] de-branding: move icedove-dev to thunderbird-dev + * [a4313e6] de-branding: adding transitional icedove-dev package + * [0508866] de-branding: rework d/r to reflect changes for thunderbird-dev + * [048b29f] de-branding: move icedove-dbg to thunderbird-dbg + * [da01077] de-branding: adding transitional icedove-dbg package + * [a371079] de-branding: rework d/r to reflect changes for thunderbird-dbg + * [b34b8f8] de-branding: move iceowl-extension to lightning + * [fa8f9b3] de-branding: adding transitional iceowl-extension package + * [848f178] de-branding: rework d/r to reflect changes for lightning + * [a708c35] de-branding: move icedove to thunderbird + * [cccef90] de-branding: moving icedove dh files into thunderbird + * [8c2b27d] de-branding: rework icedove.1 into thunderbird.1 + * [19406fe] de-branding: transition of mozconfig.* + * [88ed684] de-branding: rework d/r to reflect changes for thunderbird + * [c8011d3] de-branding: adding transitional icedove package + * [5e399aa] de-branding: adjusting package calendar-google-provider + * [a03329c] debian/tests/help.sh: use absolute path for binary call + * [10adb34] move old icedove graphic stuff into own folder + * [abc6c8c] create various thunderbird png graphics from SVG file + * [a2067ae] debian/copyright: update copyright information + * [a9c6f9f] de-branding: add own created thunderbird icons to install + * [1d8b524] mozconfig.default: enable the official brandind + * [9f3a673] debian/control: adding dh-exec to the Build-Depends + * [cddbc63] move Thunderbird install files into thunderbird.install + * [5037bb5] de-branding: transition of apparmor profile for TB + * [14f094d] de-branding: remove extra URL for What's New inside + * [c2a06db] manpage thunderbird; adjust and correct manpage entries + * [8fa3365] debian/control: adding package dpkg to Build-Depends + * [ba84ede] thunderbird: switching dpkg-maintscript-helper to *.maintscript + * [d0e675b] debian/thunderbird.postinst: adding some moving mechanism + * [cbae415] de-branding: let helper scripts reflect thunderbird change + * [da402a4] thunderbird-wrapper.sh: adding fixing inside mimeTypes.rdf + (Closes: #837516) + * [030d49e] de-branding: adding some hints about the debranding + * [662f7af] debian/README.source: adjusting hints due name changes + * [8fbedc1] debian/thunderbird.install: install additional icedove.desktop + * [9089d9f] debian/*lintian-overrides: adopt name changes + * [b9b7665] debian/rules: use the old profile folder for wheezy and jessie + * [f9c137e] fix *.desktop files for proper GNOME app mechanism + (Closes: #817973, #832302) + * [1c85ff7] debian/rules: chmod certain *.py tb-devel files + * [356694a] thunderbird.links: linking the default TB icon to u/s/p + + [ Guido Günther ] + * [24bbee9] Wrap and sort control information (Closes: #825806) + * [fcfe4ac] Add minimalistic autopkgtest + * [f7a32e8] Add autopkgtest to test header and typelib generation + * [189d835] Add autopkgtest to smoke test xpcshell + + [ Christoph Goehre ] + * [354f836] turn the reduce of memory usage of the linker on again + * [5e48e17] don't build dbgsym packages on unreleased builds + * [09679eb] rebuild patch queue from patch-queue branch (Closes: #808183) + * [ec3a50b] debian/NEWS: change urgency to medium + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 31 Dec 2016 10:26:36 +0100 + +icedove (1:45.5.1-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [efe836f] New upstream version 45.5.1 + * [48999ac] rebuild patch queue from patch-queue branch + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 30 Nov 2016 18:27:57 +0100 + +icedove (1:45.4.0-1) unstable; urgency=medium + + [ Guido Günther ] + * [a159bc9] autopkgtests: let xfvb-run pick the port to avoid clashes with + already running servers + * [5384838] Snapshot 1:45.3.0-1~1.gbpa159bc + * [8d3ac18] autopkgtest: Dont print on stderr + * [8afc7be] Put test deps on a simgle line + + [ Carsten Schoenert ] + * [99e9c40] New upstream version 45.4.0 + (Closes: #835866, #836798, #837107) + * [6195d7b] debian/README.source: update instructions for importing + * [5150624] debian/icedove.js: disabling baselinejit functionality + (Closes: #837930) + + -- Carsten Schoenert <c.schoenert@t-online.de> Mon, 03 Oct 2016 12:18:09 +0200 + +icedove (1:45.3.0-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [3cc29ee] Imported Upstream version 45.3.0 + * [ed8cf89] Imported icedove-l10n Upstream version 45.3.0 + * [bc20676] Imported iceowl-l10n Upstream version 45.3.0 + * [54bd9c4] debian/README.source: fix up some hints + * [756ec86] mozconfig.default: enable build of PIE binaries + * [1cef6f8] rebuild patch queue from patch-queue branch + added patch: + - porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch + (Closes: #836400) + * [7a1ec74] AppArmor: grant access to local mailboxes and enigmail(2) + (Closes: #837656) + + -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 28 Sep 2016 22:52:03 +0200 + +icedove (1:45.2.0-4) unstable; urgency=medium + + [ Carsten Schoenert ] + * [cc8cd76] mozconfig.default: relaxe optimization on arm{64,el,hf} to -O1 + + -- Christoph Goehre <chris@sigxcpu.org> Thu, 18 Aug 2016 10:45:17 -0400 + +icedove (1:45.2.0-3) unstable; urgency=medium + + [ Guido Günther ] + * [9a8f4e1] tests: Fix typo + + [ Carsten Schoenert ] + * [53aab10] AppArmor: allow self execution for -ProfileManager + (Closes: #833742) + * [a459d6a] debian/rules: adding one more CFLAGS/CXXFLAGS compiler flag + (Closes: #833864, #833532, #833591, #833635, #833698) + * [e32c460] AppArmor: grant access to local mailboxes and enigmail + (Closes: #833184) + * [f34e41e] debian/rules: fix typo CXLAGS -> CFLAGS + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 12 Aug 2016 12:00:44 -0400 + +icedove (1:45.2.0-2) unstable; urgency=medium + + [ Christoph Goehre ] + * [8b4f306] rebuild patch queue from patch-queue branch + added patches: + - p-kfree-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hur.patch + (Closes: #808183) + + [ Carsten Schoenert ] + * [08e20a0] rebuild patch queue from patch-queue branch + added patches: + - fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch + (Closes: #827592) + - fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch + (Closes: #831192) + * [1ea97f1] debian/icedove.js: disable Icedove startup check + (Closes: #817973) + * [83bdcdf] debian/rules: adding additional CFLAGS and CXXFLAGS + * [7dc0588] debian/control: addjust breaks for xul-ext-foxyproxy-standard + (Closes: #825749) + * [50a0f1e] autopkg: fixup small type within test call + + [ Ulrike Uhlig ] + * [b24bbaa] Add rebranded apparmor profile from upstream (Closes: #829731) + * [0a28f91] apparmor/usr.bin.icedove: refresh Icedove AppArmor profile + + [ Guido Günther ] + * [6fe4897] Fix apparmor profile installation + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 26 Jul 2016 13:25:21 -0400 + +icedove (1:45.2.0-1) unstable; urgency=medium + + [ Guido Günther ] + * [f777843] Wrap and sort control information + via 'wrap-and-sort -ast' to simplify backporting (Closes: #825806) + * [457dffe] Register components with gbp + * [8e73822] Rediff patches + + [ Carsten Schoenert ] + * [789ed6f] Imported Upstream version 45.1.1 + * [8b8bd3c] Imported icedove-l10n Upstream version 45.1.1 + * [23b2984] Imported iceowl-l10n Upstream version 45.1.1 + * [411b27d] Imported Upstream version 45.2.0 + * [975287a] Imported icedove-l10n Upstream version 45.2.0 + * [09b6652] Imported iceowl-l10n Upstream version 45.2.0 + * [2b99997] icedove-l10n-all: change Section into metapackages. + As Jonas Smedegaard pointed out, the icedove-l10n-all package is a + metapackage and localization. + (Closes: #824785) + * [a7eec24] debian/README.source: info about import of multitarballs. + As the VCS is using git-buildpackage for package maintenace adding some + hints on how to handle the impoert of the used mutitarballs since + version 45.0. + * [73e8b1a] debian/control: adding Recommends to icedove-l10n-uk + (Closes: #825806) + * [f118470] debian/control: Icedove, adding dependency on libatk-adaptor. + After the adding of some first small autopkg test it turns out that we + miss a dependency on libatk-adaptor. + * [e6e95c9] debian/control: rework Recommends for icedove-l10n-* + As addition to 711468b933f280fe9d6ed78bb1d7d763dede9ea7 also rework the + various Recommends for the icedove-l10n packages. + * [1275b3d] debian/control: small fixup Recommends on iceowl-l10n-* + Fix small typos for iceowl-l10n-{pt-pt,sl} + * [c4c9a02] debian/control: sort iceowl-l10n-* alphabetical + + -- Guido Günther <agx@sigxcpu.org> Fri, 08 Jul 2016 15:55:46 +0200 + +icedove (1:45.2~b1-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [68883af] rebuild patch queue from patch-queue branch + added patches: + - porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch + * [ee509d2] debian/mozconfig.default: switching back to gtk2 as default + (Closes: #821744) + * [f72fe06] adding helper script create-iceowl-l10n-tarball.sh + * [28fba93] debian/README.source: adding additional info for iceowl-l10n + * [826af5b] adding iceowl-l10n related patches to the patch queue + * [1aa6f37] debian/iceowl-*.in: adding needed base files + * [a5946b4] debian/rules: adding iceowl-l10n related rules + * [b1da616] debian/control: adding the current iceowl-l10n-* packages + * [b359c95] debian/source.filter: some adjustments to the filter + * [e45ab44] debian/README.source: use recent version and reformating + * [50b3830] debian/control: increase Standards-Version to 3.9.8 + * [3a767b8] debian/rules: remove no longer needed LDFLAGS + * [29a7739] Imported Upstream version 45.2~b1 + * [15b7797] iceowl-l10n-*: rearrange Recommends field for various packages + (Closes: #824727, #824750, #824763, #824764, #824768, #824780) + * [3f75b56] debian/vendor.js: adjust to new version related wiki site + * [6bd7f89] d/c-id-l10n: adjusting download URL for stable versions + * [f15d1a2] icedove-l10n-all: change Section into metapackages + (Closes: #824785) + * [25c3ba1] debian/README.source: info about import of multitarballs + * [3ebcf59] debian/control: adding Recommends to icedove-l10n-uk + (Closes: #825806) + * [3e57d5e] debian/control: Icedove, adding dependency on libatk-adaptor + * [e19c59d] debian/control: rework Recommends for icedove-l10n-* + * [4741d80] debian/control: small fixup Recommends on iceowl-l10n-* + * [f9f5193] debian/control: sort iceowl-l10n-* alphabetical + + [ Christoph Goehre ] + * [ce58560] debian/rules: add option to dh_auto_clean + * [8cfbeca] debian/rules: export necessary DEB_ vars into environment + (Closes: #819020) + * [7512da8] debian/rules: ignore build folder and run 'build' target instead + (Closes: #819020) + * [354f836] turn the reduce of memory usage of the linker on again + * [5e48e17] don't build dbgsym packages on unreleased builds + * [09679eb] rebuild patch queue from patch-queue branch + added patches: + - p-kfree-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hu.patch + (Closes: #808183) + + [ Guido Günther ] + * [24bbee9] Wrap and sort control information (Closes: #825806) + * [fcfe4ac] Add minimalistic autopkgtest + * [f7a32e8] Add autopkgtest to test header and typelib generation + * [189d835] Add autopkgtest to smoke test xpcshell + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 01 Jun 2016 17:56:29 -0400 + +icedove (1:45.0~b4-2) experimental; urgency=medium + + * [fa7bc47] debian/control: fix FTBFS by moving Build-Depends-Indep to + Build-Depends + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 10 Apr 2016 15:24:39 -0400 + +icedove (1:45.0~b4-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [3bf50c7] Imported Upstream version 45.0~b4 + * [11744a7] debian/source.filter: fixup for previous change + * [0bd3753] debian/gbp.conf: adding default filter out pattern + * [a9f6cfa] rebuild patch queue from patch-queue branch + removed patches (fixed upstream): + - fixes/Bug-1178266-Link-against-libatomic-when-necessary.patch + - p-arm64/FTBFS-arm64-Adding-configure-option-for-aarch64-platform.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-1-4.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-2-4.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-3-4.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-4-4.patch + modified patches: + - p-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch + * [9dcb46e] debian/control: increase B-D on libnspr-dev + * [b31fba5] debian/control: increase Standards-Version to 3.9.7 + * [623250d] Icedove Branding: adopt usptream changes to branding + * [2fa9b24] debian/copyright: update copyright information + * [c5dd11d] debian/copyright: include the license text for MPL-1.0 + * [3a90ecd] debian/copyright: include the license text for MPL-1.1 + * [7291650] debian/copyright: include the license text for MPL-2.0 + * [0ebdd3f] debian/copyright: include the license text for libpng + * [9ee79fa] d/icedove.install: remove no longer existing parts + * [880c9e9] debian/rules: remove obsolet dpkg-shlibdeps call + * [e4fb8a2] adding helper script create-icedove-l10n-tarball.sh + * [8826951] debian/README.source: adding hint for creating l10n tarball + * [08f9071] debian/control: adding the current icedove-l10n-* packages + (Closes: #680488) + * [d839f37] debian/rules: adding icedove.l10n install to targets + * [5b0df21] debian/gbp.conf: use a Tuple for selecting multiple files + * [e32519f] debian/control: increase B-D on libnss-dev + * [2200691] debian/control: increase B-D on libnspr4-dev + * [0f5660e] debian/control: increase increase B-D on libnss3-dev + * [5fd8af8] mozconfig.default: adding new configure option + * [e288c6e] debian/control: adding a B-D on libpng-dev + + [ Christoph Goehre ] + * [f8c7ca5] debian/control: make depends between icedove-l10n and icedove + dynamic + * [ac760d7] debian/control: add section localization to all l10n packages + * [72ef6c7] debian/NEWS: rename to icedove.NEWS to ship only in icedove core + package + * add epoch in version number to update l10n packages smoothly + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 09 Apr 2016 18:56:59 -0400 + +icedove (44.0~b1-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [a24f78b] Imported Upstream version 44.0~b1 + * [7f52453] rebuild patch queue from patch-queue branch + removed patches: + - d-hacks/Add-unminified-jquery-and-jquery-ui-files.patch + - d-hacks/Allow-unsigned-addons-in-usr-lib-share-mozilla-extensions.patch + - d-hacks/creating-a-dummy-.deps-directory-to-get-make-happy.patch + added patches: + - p-arm64/FTBFS-arm64-Adding-configure-option-for-aarch64-platform.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-1-4.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-2-4.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-3-4.patch + - p-mips/FTBFS-mips-adoptions-to-get-build-on-mips-el-working-4-4.patch + modified patches: + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + * [ecf1110] debian/watch: adjust to new CDN structure + * [dd5efe8] debian/control: increase Build-Depends on libsqlite3-dev + * [57165b5] debian/control: switch URI for the Vcs fields to https + * [c9ded96] debian/source.filter: adding more filters on testings js files + * [31ce42f] debian/copyright: update due upstream/import changes + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 13 Feb 2016 19:08:55 -0500 + +icedove (43.0~b1-1) experimental; urgency=medium + + [ Christoph Goehre ] + * [ef5b1ef] debian/rules: split override_dh_install into arch and indep + section (Closes: #806047) + * [02d5d7c] debian/source.filter: remove filter for searchplugins + + [ Guido Günther ] + * [2008a71] Clarify relation between icedove and the calendar extensions + (Closes: #809017) + + [ Carsten Schoenert ] + * [11ffac0] debian/source.filter: modifying file list to ignore + * [926912b] Imported Upstream version 43.0~b1 + * [32cd8c0] rebuild patch queue from patch-queue branch + added patches: + - d-hacks/Allow-unsigned-addons-in-usr-lib-share-mozilla-extensions.patch + removed patches (fixed upstream): + - reproducible/Generate-sorted-libical-header-list.patch + * [a1637e4] debian/control: increase B-D on libnspr-dev and libnss3-dev + * [f9937c1] debian/source.filter: sort entries alphabetical + * [326f74d] debian/source.filter: adding new files to filter out + * [9b9d9b9] debian/copyright: update due upstream changes + * [69664c7] d/icedove.install: searchplugins isn't alive anymore + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 19 Jan 2016 11:41:50 -0500 + +icedove (42.0~b2-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [8842d85] Imported Upstream version 42.0~b2 + * [6d14aca] rebuild patch queue from patch-queue branch + added patches: + - fixes/Bug-1178266-Link-against-libatomic-when-necessary.patch + * [320c43d] add myself to the uploaders + * [797a290] lintian: remove icedove.menu file due CTTE#741573 + + [ Guido Günther ] + * [caca7c2] Add unminified jquery and jquery-ui files (Closes: #802281) + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 08 Nov 2015 15:30:56 -0500 + +icedove (42.0~b1-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [c599b6b] Imported Upstream version 42.0~b1 + * [41285cb] debian/copyright: fixup's and update + * [6b270be] debian/control: increase various build depends + * [be75969] adopting needed changes for GTK3 into the Debian branding + * [245161e] fixup branding about.png file + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 10 Oct 2015 21:26:24 -0400 + +icedove (41.0~b2-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [b1d982c] Imported Upstream version 41.0~b2 + * [8389b9b] rebuild patch queue from patch-queue branch + added patches: + - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch + modified patches: + - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + dropped patches (fixed upstream): + - fixes/Bug-1168231-Fixup-to-keep-file-type.patch + - fixes/Bug-1168231-Normalize-file-mode-in-jars.patch + - reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch + - reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patch + * [9ebf7b9] debian/source.filter: modifying file list to ignore + * [b25d990] debian/copyright: fixup's and update + + [ Christoph Goehre ] + * [8ebffb0] relax optimize to -O1 on s390x (Closes: #797551) + * [dea1627] debian/rules: Disable jit on mips (Closes: #797548) + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 25 Sep 2015 18:43:44 -0400 + +icedove (40.0~b1-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [9d358dc] debian/source.filter: adjust new files + * [328cdc7] Imported Upstream version 40.0~b1 + * [8813d89] debian/rules: setting MOZ_BUILD_DATE explicitly. + This patch is based on work from Mike Hommey within the Iceweasel + package to enable reproducible builds. It defines the MOZ_BUILD_DATE + with a pre defined timezone. + * [8dd5b9f] debian/rules: add switch to skip icedove-dbg build to + speed up the build. + * [a6beec7] debian/control: Let icedove recommendiceowl-extension + * [691dfe9] add release related information + * [bdfdfd8] debian/vendor.js: adjusting WhatNew link to more dedicated URL + * [5ba6ec7] rebuild patch queue from patch-queue branch + added patches: + debian-hacks/changing-the-default-search-engine.patch + fixes/Bug-1168231-Fixup-to-keep-file-type.patch + fixes/Bug-1168231-Normalize-file-mode-in-jars.patch + reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch + reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patc + reproducible/Generate-sorted-libical-header-list + modified patches: + fixes/Allow-.js-preference-files-to-set-locked-prefs-with-.patch + porting-kfreebsd-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch + porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + porting/Disable-optimization-on-alpha-for-the-url-classifier.patch + deleted patches: + debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch + debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch + debian/patches/fixes/Link-libldap-against-libpthread.patch + debian/patches/icedove/no-dynamic-nss-softokn.patch + debian/patches/porting/Remove-duplicate-SkDiscardableMemory_none.cpp-from-g.patch + * [59046ae,12d4f4b] debian/copyright: update due upstream changes + * [7c1f002] debian/iceowl-extension.lintian-overrides: remove file, no longer needed + * [23eed8c] debian/source.lintian-overrides: adding new entries. + Lintian is detecting the braces within the folder names incorrectly as + brace expansion. + * [2f95cd3] add changes due ldap restructure. + + [ Christoph Goehre ] + * [ff66528] lintian: fix spelling error in debian/README.Debian + + -- Guido Guenther <agx@sigxcpu.org> Wed, 19 Aug 2015 09:39:23 +0200 + +icedove (38.7.2-1) unstable; urgency=medium + + * [397cd7a] Imported Upstream version 38.7.2 + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 13 Apr 2016 12:05:05 -0400 + +icedove (38.7.0-1) unstable; urgency=medium + + [ Christoph Goehre ] + * [cb9c003] Imported Upstream version 38.7.0 + * [7273cb9] bump up standards version to 3.9.7 (no changes needed) + + [ Carsten Schoenert ] + * [0341a8c] debian/control: switch URI for the Vcs fields to https + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 16 Mar 2016 13:22:57 +0100 + +icedove (38.6.0-1) unstable; urgency=medium + + [ Guido Günther ] + * [195730d] Clarify relation between icedove and the calendar extensions + (Closes: #809017) + + [ Christoph Goehre ] + * [988ce5b] Imported Upstream version 38.6.0 + * [6763f6f] debian/source.filter: remove evil-licensed jshint.js + (Closes: #813053) + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 14 Feb 2016 16:08:13 -0500 + +icedove (38.5.0-1) unstable; urgency=medium + + [ Christoph Goehre ] + * [6d45b0b] Imported Upstream version 38.5.0 + * [316798f] debian/rules: split override_dh_install into arch and indep + section (Closes: #806047) + + [ Carsten Schoenert ] + * [5b3cb7a] add myself to the uploaders + + -- Christoph Goehre <chris@sigxcpu.org> Thu, 24 Dec 2015 22:36:37 -0500 + +icedove (38.4.0-1) unstable; urgency=medium + + [ Christoph Goehre ] + * [754392e] Imported Upstream version 38.4.0 + * [ef4b733] debian/watch: adjust download url + + [ Carsten Schoenert ] + * [f3f5455] lintian: remove icedove.menu file due CTTE#741573 + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 27 Nov 2015 12:54:27 -0500 + +icedove (38.3.0-2) unstable; urgency=medium + + * [c988747] Add unminified jquery and jquery-ui files with the exact + version as used by upstream thunderbird. + We don't want to use the minified versions mozilla ships and can't use + what is currently packaged in Jessie or Stretch since these are too + recent. + (Closes: #802281) + + -- Guido Günther <agx@sigxcpu.org> Sun, 01 Nov 2015 18:06:33 +0100 + +icedove (38.3.0-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [0f8b6a4] Imported Upstream version 38.3.0 + * [566273a] debian/copyright: fixup's and update + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 10 Oct 2015 13:21:05 -0400 + +icedove (38.2.0-2) unstable; urgency=medium + + * [8bcb08b] relax optimize to -O1 on s390x (Closes: #797551) + * [6aa0915] debian/rules: Disable jit on mips (Closes: #797548) + + -- Christoph Goehre <chris@sigxcpu.org> Thu, 24 Sep 2015 19:09:54 -0400 + +icedove (38.2.0-1) unstable; urgency=medium + + * [d46d5f6] rebuild patch queue from patch-queue branch + added patches: + - porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 21 Sep 2015 19:42:03 -0400 + +icedove (38.2.0-1~stretch) stretch; urgency=medium + + [ Carsten Schoenert ] + * [05b245f] Imported Upstream version 38.2.0 (Closes: #796323) + - MFSA 2015-59 aka CVE-2015-2724, CVE-2015-2725, CVE-2015-2726 + - MFSA 2015-63 aka CVE-2015-2731 + - MFSA 2015-66 aka CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, + CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740 + - MFSA 2015-70 aka CVE-2015-4000 + - MFSA 2015-71 aka CVE-2015-2721 + - MFSA 2015-65 aka CVE-2015-2741 + - MFSA 2015-79 aka CVE-2015-4474 + * [43c8195] rebuild patch queue from patch-queue branch + * [c75bdad] debian/control: increase B-D on libnss3-dev + * [942bcbe] debian/iceowl-extension.lintian-overrides: remove file + * [7131e4d] debian/source.lintian-overrides: adding new entries + * [8882360] mozconfig.default: don't use icu from system + + -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 21 Aug 2015 12:29:42 +0200 + +icedove (38.1.0-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [3d27760] Imported Upstream version 38.1.0 (Closes: #790651) + * [2cb6cd7] rebuild patch queue from patch-queue branch + added patches: + - fixes/Bug-1165654-Cleanup-how-libjpeg-turbo-assembly-build.patch + - reproducible/Generate-sorted-libical-header-list (Closes: #794456) + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 04 Aug 2015 20:20:53 -0400 + +icedove (38.0.1-1) unstable; urgency=medium + + [ Carsten Schoenert ] + * [5acef6a] debian/gbp.conf: adopt new upstream branch + * [6f88792] Imported Upstream version 38.0.1 (Closes: #358680, #472601, + #634316, #691176, #751786, #777908) + * [18bba9d] debian/gbp.conf: respect new git-buildpackage behaviour + * [26bbdac] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/changing-the-default-search-engine.patch (Closes: #780595) + - fixes/Bug-1168231-Fixup-to-keep-file-type.patch + - fixes/Bug-1168231-Normalize-file-mode-in-jars.patch + - reproducible/Bug-1166243-Remove-build-function-from-js-and-xpc-sh.patch + - reproducible/Bug-1168316-Remove-build-machine-name-from-about-bui.patc + deleted patches: + - debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch + * [71938b9] debian/rules: setting MOZ_BUILD_DATE explicitly + * [e50d708] debian/copyright: more minor updates to the copyright file + * [b232895] debian/rules: adding switch for no icedove-dbg build + * [bcc15aa] debian/control: icedove is now recommending iceowl-extension + * [564a19e] adding release related information + * [2ec0053] debian/vendor.js: adjusting WhatNew link to more dedicated URL + + [ Christoph Goehre ] + * [a9c25b6] lintian: fix spelling error in debian/README.Debian + * [2cc2c07] debian/rules: fix icedove-dbg build switch + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 27 Jul 2015 17:46:40 -0400 + +icedove (38.0~b5-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [7e3cab4] Imported Upstream version 38.0~b5 + * [3edbafc] Revert "debian/control: remove build-dep on libnotify-dev" + * [5e69bab] debian/control: increase b-d versions + * [6e6ae36] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/remove-timestamps-from-c_cpp-macros-for-reproducibil.patch + obsolete patches (fixed in Debian): + - adopting-SQLITE3-version.patch + * [ac7b760] mozconfig.default: adding some explicit configure options + * [81fd6e6] complete rewrite of copyright information + * [327dd45] switching to libgstreamer1.0* + + [ Christoph Goehre ] + * [9877ea3] lintian: add override for libpng + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 22 May 2015 20:42:19 -0400 + +icedove (38.0~b2-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [b08d966] debian/source.filter: modifying file list to ignore + * [88fd018] Imported Upstream version 38.0~b2 + * [e9da8f8] icedove branding: adopt upstream changes + * [3610daa] debian/control: increase b-d versions + * [950fae7] rebuild patch queue from patch-queue branch + modified patches: + - system-libs/Allow-to-build-against-system-libffi.patch + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + obsolete patches (fixed upstream): + - porting/Reintroduce-pixman-code-path-removed-in-bug-1097776-.patch + * [1820d7c] debian/control: adding xul-ext-compactheader to Breaks field + + [ Dominik George ] + * [4181126] debian/control: Upgrade Breaks relation to enigmail + (Closes: #782686) + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 28 Apr 2015 18:19:00 -0400 + +icedove (36.0~b1-2) experimental; urgency=medium + + * [26c0027] rebuild patch queue from patch-queue branch + added patches: + - porting/Reintroduce-pixman-code-path-removed-in-bug-1097776-.patch + - porting/Remove-duplicate-SkDiscardableMemory_none.cpp-from-g.patch + - porting/ppc-fix-divide-page-size-in-jemalloc.patch (Closes: #780404) + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 28 Mar 2015 15:35:58 -0400 + +icedove (36.0~b1-1) experimental; urgency=medium + + [ Carsten Schoenert ] + * [68112a3] Imported Upstream version 36.0~b1 + * [3120361] rebuild patch queue from patch-queue branch + obsolete patches (fixed upstream): + - debian-hacks/fixing-various-FTBFS-due-different-datatype-char-beh.patch + - porting-arm/FTBFS-armhf-fixing-ARM-CPU-detection.patch + modified patches: + - debian-hacks/Strip-version-number.patch + - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + - p-kfree-hurd/correcting-file-inclusion-for-kfreebsd.patch + - p-kfree-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch + * [ee185a2] d/icedove.install: mozilla-xremote-client was removed + * [64adc44] debian/source.filter: modifying file list to ignore + * [dbdd152] debian/control: increase package versions + * [fb3307c] lintian: adding one more source override + * [2a07495] lintian: adding new override for the icedove package + * [38c21ad] debian/README.Debian: adding note around HTTPS Everythere + (Closes: #774790) + + [ Christoph Goehre ] + * [3dce89c] debian/icedove.desktop: correct StartupWMClass to 'Icedove' + (Closes: #773876) + * [deb3f58] debian/icedove.desktop: add MimeType text/calendar + (Closes: #762190) + * [4dd96fe] rebuild patch queue from patch-queue branch + added patches: + - p-kfree-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch + - p-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch + (Closes: #772933) + modified patches: + - p-kfree-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch + - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + - p-kfree-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + - p-kfree-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch + * [373ed05] add missing epoch in libnss3-dev build depends + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 11 Mar 2015 19:19:28 -0400 + +icedove (34.0~b1-2) experimental; urgency=low + + [ Carsten Schoenert ] + * [7a4edc4] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/fixing-various-FTBFS-due-different-datatype-char-beh.patch + - porting-arm/FTBFS-armhf-fixing-ARM-CPU-detection.patch + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 24 Nov 2014 18:56:21 -0500 + +icedove (34.0~b1-1) experimental; urgency=low + + [ Carsten Schoenert ] + * [1be8ab1] debian/source.filter: more files to ignore + * [66e6488] debian/README.source: adjust description for beta versions + * [e63d375] Imported Upstream version 34.0~b1 (Closes: #770180) + * [1cb54d2] rebuild patch queue from patch-queue branch + obsolete patches (fixed upstream): + - porting-armel/disable-some-libopus-feature-for-ARCH-ARMv6.patch + * [ad29bb1] debian/rules: be more flexible on *.xpi files + * [b055e78] debian/NEWS: fixing default SSL/TLS behavior description + * [d64a847] debian/NEWS: adding notes around new security changes + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 19 Nov 2014 19:15:46 -0500 + +icedove (33.0~b1-1) experimental; urgency=low + + [ Carsten Schoenert ] + * [5029c8b] debian/source.filter: more files to ignore + * [d4b03d9] README.source: let's use xz while creating the orig.tar.xz + * [ebd442f] debian/gbp.conf: some instructions for git-dch + * [cc594ea] Imported Upstream version 33.0~b1 + * [23b57cf] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/fix-identification-of-ObjdirMismatchException.patch + - debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch + modified patches: + - debian-hacks/Strip-version-number.patch + - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + - obsolete patches (fixed upstream): + - fixes/Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch + - porting-alpha/fix-FTBFS-on-alpha.patch + * [a5a2a1b] adding additional config options for hppa and ppc64 + Both platforms failing on running xpcshell. + + [ Christoph Goehre ] + * [5a0ba43] linitan: bump up standards version to 3.9.6 + * [aaca6a7] debian/NEWS: adding note around increased default TLS version 1.2 + (Closes: #761245) + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 25 Oct 2014 12:47:37 -0400 + +icedove (32.0~b1-1) experimental; urgency=low + + [ Christoph Goehre ] + * [65ad797] icedove.postinst: remove obsolete symlink handling + + [ Carsten Schoenert ] + * [baef95a] debian/gbp.conf: adopting experimental branch + * [8384eee] Imported Upstream version 32.0~b1 + * [75145f3] rebuild patch queue from patch-queue branch + modified patches: + - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch + - debian-hacks/remove-non-free-W3C-icon-valid.png.patch + obsolete patches (fixed upstream): + - porting-armel/fix-skia-for-ARMv4.patch + + [ Christoph Goehre ] + * [51c3cee] cleanup branding patch + + -- Christoph Goehre <chris@sigxcpu.org> Thu, 28 Aug 2014 15:52:51 -0700 + +icedove (31.0-2) unstable; urgency=low + + [ Carsten Schoenert ] + * [d2bc0ef] armel: correcting #if statement for skia fix + * [959b801] adding GNU/Hurd to gyp.mozbuild + * [215bc7d] kfreebsd*: adding CrossProcessMutex_posix.cpp to list + * [892c39c] d/icedove.links: remove unneeded link to /u/s/i/e + (Closes: #638489) + * [928158c] debian/source.filter: more files to ignore + * [b81c238] fixing lintian warning 'unused-override' + * [7bc2568] fixing lintian warning 'jar-not-in-usr-share' + * [cd0d289] fixing lintian warning 'image-file-in-usr-lib' + * [045a960] fixing lintian error 'source-is-missing' + * [1fe016a] correcting FTBFS patch for alpha + + [ Christoph Goehre ] + * [c827d81] iceowl-extension: replace skin and icon dir with symlink + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 23 Aug 2014 18:42:23 -0700 + +icedove (31.0-1) unstable; urgency=low + + [ Carsten Schoenert ] + * [b7cdeb4] Imported Upstream version 31.0 (Closes: #756769) + * [1f2ff0b] debian/rules: fixing file permissions in iceowl-extension + * [c8d2036] adding fix for skia on armel + * [77093e2] fixing FTBFS on armel (Closes: #754633) + * [a458959] debian/control: increase b-d on libsqlite-dev + * [a98ebca] fix runtime error on alpha while jemalloc run + * [6f6b576] disable optimization on alpha while linking + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 04 Aug 2014 10:23:09 -0400 + +icedove (31.0~b2-1) unstable; urgency=low + + [ Carsten Schoenert ] + * [76059a9] debian/source.filter: more files to ignore + * [5067b0e] Imported Upstream version 31.0~b2 (Closes: #754464) + * [e31ac79] debian/control: remove build-dep on libnotify-dev + * [35324a5] debian/control: increase build-depends on libnss3-dev to 3.16.2~ + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 18 Jul 2014 21:47:06 +0200 + +icedove (31.0~b1-2) unstable; urgency=low + + * [7ba4d01] lintian: add override for embedded srtp library + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 22 Jun 2014 18:18:04 -0400 + +icedove (31.0~b1-1) unstable; urgency=low + + * [02dc94c] remove example file, which cause git-archive to change the + source tree + * [ba233b1] Imported Upstream version 31.0~b1 + * [4c2380f] rebuild patch queue from patch-queue branch + modified patches: + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-.patch + obsolete patches (fixed upstream): + - fixes/unbreak-with-system-pixman-in-mailnews.patch + - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 22 Jun 2014 11:50:07 -0400 + +icedove (30.0~b1-1) unstable; urgency=low + + [ Carsten Schoenert ] + * [b3eadf1] debian/source.filter: more files to ignore + * [fb71012] debian/control: bumping build-depends for debhelper + * [dc4ad0c] debian/control: add libpulse-dev build dependency + * [b8d3ee7] debian/control: bumping some version of build dependencies + * [3443df9] debian/icedove-dev.install: adopt upstream changes + * [d0f9d0e] icedove.lintian-overrides: adding libtheora + * [982c8a6] debian/rules: adding removing for temporary files + + [ Christoph Goehre ] + * [f6292d5] Imported Upstream version 30.0~b1 (Closes: #743421) + * [dacd658] rebuild patch queue from patch-queue branch + modified patches: + - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch + - porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch + - porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-.patch + - prefs/Set-javascript.options.showInConsole.patch + - debian-hacks/Icedove-branding.patch + - fixes/unbreak-with-system-pixman-in-mailnews.patch + obsolete patches (fixed upstream): + - debian-hacks/Do-build-time-detection-of-2-bytes-wchar_t-and-char1.patch + - debian-hacks/Fix-build-failure-for-header.py-and-typelib.py.patch + - fixes/Make-system-cairo-work-again.patch + - porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch + * [df93d26] branding: add jar.mn to moz.build + * [648853d] only copy debian/mozconfig.default into mozilla subdir + * [4f9dc9e] MOZ_OBJDIR need a absolute path, $(pwd) didn't work + * [33794c3] icedove.pc: remove non-existent library mozjs (Closes: #748746) + * [dcbce5c] iceowl-extension: use breaks instead of conflicts against + calendar-timezones (Closes: #747532) + * [545415a] add breaks to enigmail (<< 2:1.6-4~deb7u1) which won't work with + us (Closes: #747546) + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 30 May 2014 12:11:53 -0400 + +icedove (24.5.0-2) unstable; urgency=low + + * [e4a43ed] debian/rules: remove duplicate LDFLAGS += -Wl,--stats + * [f9dba4b] debian/rules: export all compiler flags into build environment + * [8dc0712] debian/rules: run autoconf for all configue files + * [95d4b48] debian/rules: export MOZCONFIG onces + * [577bd03] debian/rules: update config.sub and config.guess before autoconf + run + * [7f958c7] parse DEB_BUILD_OPTIONS for how many parallel buildjobs to start + (Closes: #746984) + * [0f8b062] debian/rules: export MOZILLA_OFFICIAL + * [1c3d277] run configure with --build and --host + * [f190e19] don't build a shared js library (Closes: #724688, #729073, + #745593) + + -- Christoph Goehre <chris@sigxcpu.org> Thu, 08 May 2014 20:07:06 -0400 + +icedove (24.5.0-1) unstable; urgency=low + + [ Carsten Schoenert ] + * [7c13dbf] calender-timezones: remove no longer needed helper files + * [2d4328c] debian/control: sort various fields alphabetically + * [436c212] debian/control: remove build-depens on cdbs + * [dae8b3e] icedove branding: adopt current Makefile.in style to upstream + * [045be10] debian/rules: switch to debhelper + * [b852c8c] debian/mozconfig*: adding mozconfig files + * [7bac68c] debian/icedove.configopts: Remove no longer needed file + * [6c597b9] Switch the old thunderbird*.in files to icedove.* + * [9781e61] debian/icedove.links: adding /u/b/i link + * [f325194] debian/icedove.dirs: add helper file for needed directories + * [fe0376a] debian/icedove.install: sort entrys alphabetical + * [0111ccc] debian/icedove.js: fix small typo and reformat + * [a7e5b05] debian/rules: add override for dh_fixperms + * [8e44df2] debian/rules: add override for dh_install + * [24fa03a] debian/rules: add override for dh_shlibdeps + * [2f22ed0] debian/rules: add override for dh_strip + * [259a6f4] debian/control: remove ${shlibs:Depends} from c-g-p depends + * [cdc9272] debian/rules: add additional LDFLAGS + * [9d620d5] debian/rules: correct Icedove version inside icedove.pc during + install + + [ Christoph Goehre ] + * [460818b] Imported Upstream version 24.5.0 + * [4c65ecc] rebuild patch queue from patch-queue branch + added patches: + - porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch + obsolete patches: + - porting-kfreebsd-hurd/Another-fix-to-build-ipc-code-on-GNU-hurd-an.patch + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 29 Apr 2014 17:56:40 -0400 + +icedove (24.4.0-1) unstable; urgency=low + + * [a2b13c0] Imported Upstream version 24.4.0 + * [fd90463] rebuild patch queue from patch-queue branch + added patches: + - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch + (Closes: #741245) + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 22 Mar 2014 11:10:18 -0400 + +icedove (24.3.0-2) unstable; urgency=low + + [ Christoph Goehre ] + * [122ffe9] remove ldif60 from pkgconfig file (Closes: #732652) + * [b64ccac] rebuild patch queue from patch-queue branch + added patches: + - porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch + (Closes: #734859) + + [ Carsten Schoenert ] + * [aa4f5b1] thunderbird.install.in: shipping all files in /u/l/i/components + (Closes: #737811) + * [3bf4738] debian/rules: fix *.js file-permissions for iceowl-extension + * [50ab7a5] debian/rules: remove -Wl,--as-needed linker option + (Closes: #732652, #730450, #724688) + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 09 Mar 2014 15:33:05 -0400 + +icedove (24.3.0-1) unstable; urgency=low + + * [a656560] lintian: remove non-free w3c valid.png icon (Closes: #735119) + * [f4e6c08] lintian: remove prebuild javascript objects from upstream + tarball (Closes: #735234) + * [adf9c96] Imported Upstream version 24.3.0 + * [8419e65] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/remove-non-free-W3C-icon-valid.png.patch + - debian-hacks/use-system-jquery-jquery-ui.patch + * [948af3e] a newer icedove will break iceowl-extension (Closes: #732742) + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 10 Feb 2014 19:44:36 -0500 + +icedove (24.2.0-1) unstable; urgency=low + + [ Christoph Goehre ] + * [963a61e] Imported Upstream version 24.2.0 + * [852abe3] rebuild patch queue from patch-queue branch + obsolete patches (fixed upstream): + - fixes/Wrap-non-prefixed-freetype-headers-from-newer-freety.patch + - porting/Don-t-hardcode-page-size-on-ia64-sparc-or-mipsel.patch + (Closes: #734074) + * [a9d6680] lintian: remove prebuild-binaries from upstream tarball + * [fc25943] linitan: remove prebuilt-windows-binary from upstream tarball + * [faa24eb] lintian: fix comma separated files copyright + * [835790d] lintian: declare public-domain license at the beginning + + [ Carsten Schoenert ] + * [c583a2f] debian/copyright: fix indentation for 'public domain' license + * [78ddee2] linitan: bump up standards version to 3.9.5 + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 11 Jan 2014 20:17:24 -0500 + +icedove (24.1.1-1) experimental; urgency=low + + [ Carsten Schoenert ] + * [e8cbac4] debian/copyright: correcting wrong comma usage. + * [d24a6be] debian/copyright: adjusting copyright infos + * [51a32a1] debian/copyright: correcting various lintian warning. + * [50874e0] debian/control: expanding icedove-dev dependency on python + * [2996a33] debian/control: adding a more specific description for + iceowl-extension and google-cal-prov. + * [85b4400] debian/control: adjust proper version dependencies. + (Closes: #729712) + * [4d6b204] debian/control: adding metadata for mozilla-devscripts. + (Closes: #562984) + + [ Christoph Goehre ] + * [aa7782b] Imported Upstream version 24.1.1 (Closes: #720931, #723630) + * [e4ca9cd] rebuild patch queue from patch-queue branch + added patches: + - fixes/Wrap-non-prefixed-freetype-headers-from-newer-freety.patch + - porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and.patch + * [849988b] make python scripts in /usr/lib/icedove-devel/sdk/bin executable + * [9890b1c] ship python config scripts to make building of extensions easier + (Closes: #729431) + * [8b08106] remove libxpcom.so from pkgconfig file (Closes: #729168) + * [4759bde] add libldif60 to pkgconfig file + * [db575b4] lintian: remove unsafe symlink from upstream tarball + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 08 Dec 2013 10:08:19 -0500 + +icedove (24.0-1) experimental; urgency=low + + [ Guido Günther ] + * [6f9d98e] New upstream version 24.0 + * [ef58a98] Refresh patches + * [435516d] Switch to xz compressed upstream tarball + * [f529a99] repack.py: port to python3 + * [50423d9] repack.py: allow to specify compression + + [ Christoph Goehre ] + * [b45b2b9] remove superfluous gstreamer build depends + * [96ac1d0] Reduce memory usage of the linker. Thanks to Mike Hommey + * [af55374] ia64 don't like LDFLAG --no-keep-memory + * [c3cb093] remove export-subst in mozilla/addon-sdk/source/.gitattributes. + + [ Carsten Schoenert ] + * [ac4caea] debian/copyright: correcting out-of-date-copyright-format-uri. + * [585bf84] debian/copyright: remove obsolete field 'Name:' + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 15 Oct 2013 18:51:16 -0400 + +icedove (24.0~b3-2) experimental; urgency=low + + * [47fe004] Add lintian override for our use of the embedded libjpeg + * [3c103e6] Make sure xpcshell is executable so dh_shlibdeps picks it up to + calculate lib dependencies + + -- Guido Günther <agx@sigxcpu.org> Tue, 24 Sep 2013 20:03:33 +0200 + +icedove (24.0~b3-1) experimental; urgency=low + + [ Guido Günther ] + * Upload to experimental + * [eae533c] Adjust watch file once again + * [5280050] Invoke repack.py directly + * [0f4e8de] New upstream version 24.0~b3 + (Closes: #706859, #720931, #723630) + * [3b6374b] Don't use system jpeg + since it doesn't have the needed features + * [f6aeba2] Don't try to remove nonexistent libxpcom.so + + [ Carsten Schoenert ] + * [04844ae] icedove-branding: adopt new build schema to Debian branding + by using moz.build. + * [11c4677] icedove-branding: change the target directory for preview.png. + * [55f6762] debian/control: remove package calendar-timezones. + The calendar-timezones related files are now inside the lightning + package. + * [6f4948d] debian/rules: catch any gdata-provider*.xpi file. + The gdata-provider XPI file now has a version appended. + * [d5a63c9] debian/rules: catch any lightning*.xpi file. + The lightning XPI file now has a version appended. + * [e77e911] debian/thunderbird.install.in: + remove mozilla/components/binary.manifest since it no longer exists. + * [ef3f3b1] debian/control: Build-Depend on gstreamer an yasm now used by + icedove. + * [9f5fe3e] Drop patches fixed upstream. + Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch + Bug-723497-Saving-message-to-disk-fails-silently-fai.patch + Bug-746112-Don-t-decommit-if-page-size-is-too-large.patch + Bug-814693-Allow-webrtc-to-build-on-more-architectur.patch + Bug-840242-Use-the-runtime-page-size-to-control-aren.patch + virtualenv-changing-the-path-to-virtualenv.py.patch + * [4503610] Adjust to build system changes: + debian-hacks/Don-t-build-example-component.patch + * [290f1e0] Partially applied upstream: + Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + * [2eaf6ae] Rediff remaining patches + * [4217c0e] Create missing .deps dir. + Workaround to make build complete + * [f95db9c] Drop autoconf.mk mangling since it confuses the build system + + -- Guido Günther <agx@sigxcpu.org> Thu, 19 Sep 2013 20:10:24 +0200 + +icedove (17.0.8-1) unstable; urgency=low + + [ Carsten Schoenert ] + * [af98dad] The vendorShortName is of course "Mozilla" and not "Icedove" The + packages in icedove-l10n already use the correct substition. + (Closes: #707207, #715326) + * [8ceae38] Sawfish: fix wrong size of resized window. + Backported from the TB20 release. + https://bugzilla.mozilla.org/show_bug.cgi?id=813997 (Closes: #715464) + * [b69cb68] Fix error while saving a message to disk or network. + If the user tries to save a message to disk or network share without + enough user rights to write the message Icedove fails silently. This + backport from TB 21 fixes this. + * [fd8f588] Desktop file: shorten the icon name to 'Icedove' (Closes: #507962) + * [24b1b45] fix JS compiler segfault errors for various platforms + (Closes: #708331) + + [ Christoph Goehre ] + * [01f6b7a] add README.Debian to describe upstream status of Thunderbird + (Closes: #710888) + * [7fa36d6] rebuild patch queue from patch-queue branch added patches: + - porting/Fix-ipc-chromium-on-kFreeBSD-and-Hurd.patch + + [ Guido Günther ] + * [455bfe7] New upstream version 17.0.8 + + -- Guido Günther <agx@sigxcpu.org> Tue, 20 Aug 2013 16:12:17 +0200 + +icedove (17.0.7-1) unstable; urgency=low + + * [b8fd345] Imported Upstream version 17.0.7 + * [3133999] rebuild patch queue from patch-queue branch + modified patches: + - porting/Don-t-hardcode-page-size-on-ia64-sparc-or-mipsel.patch + * [3332f92] lintian: change url to version control system + * [534e2d1] linitan: bump up standards version to 3.9.4 + * [2b511d2] lintian: remove obsolete thunderbird dependency in + iceowl-extension + * [2081e7e] lintian: add Keywords to icedove desktop file + * [7f8333c] lintian: mask minus signs in manpage with a backslash + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 30 Jun 2013 18:46:16 -0400 + +icedove (17.0.5-2) unstable; urgency=low + + [ Guido Günther ] + * [4c7a88a] Install calendar-google-provider to /u/s/xul-ext + (Closes: #638480) + * [4c97096] Move calendar-timezones to /u/s/xul-ext (Closes: #638481) + * [e9d0085] Move arch indep parts to common-install-indep + + [ Carsten Schoenert ] + * [40d68d5] Fix build error on IA64 and Sparc + * [59939c3] manpage: add example section and convert to UTF-8 + * [10647cf] fixing build failure depended on python-2.7 changes + + [ Christoph Goehre ] + * [0a7bb8b] create links for extension in + /usr/share/mozilla/extensions/APPID + * [5047e6b] remove + icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch + (Closes: #695323) + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 18 May 2013 17:53:21 -0400 + +icedove (17.0.5-1) experimental; urgency=low + + [ Guido Günther ] + * [894ea6d] Include all needed libs to link against icedove's libxpcom + (Closes: #477747) + + [ Carsten Schoenert ] + * [6e00625] Point "Help->What's new" to the Debian Wiki (Closes: #570577) + + [ Christoph Goehre ] + * [4766bc9] replace icon in searchplugin (bing, twitter) with download url + * [e3dc726] Imported Upstream version 17.0.5 + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 13 Apr 2013 12:19:06 -0400 + +icedove (17.0.4-1) experimental; urgency=low + + [ Guido Günther ] + * [9ed54cb] Add Homepage + * [bd41337] Add X-Debian-Homepage + + [ Carsten Schoenert ] + * [1fba87f] New patch + fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch fix function + nsMsgComposeAndSend to respect ReploToSend + Thanks to Emilio Pozuelo Monfort for the patch (Closes: #565903) + + [ Christoph Goehre ] + * [7a1071b] update debug section in icedove manpage (Closes: #698163) + * [017f5b5] Imported Upstream version 17.0.4 (Closes: #702927) + * [7c35529] compress debian packages with xz + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 13 Mar 2013 19:00:07 -0400 + +icedove (17.0.2-1) experimental; urgency=low + + * [8911b88] Finally set Christoph as Maintainer. + Thanks for your work Alexander. + * [d456018] parallel build: Use number or available cores by default + * [daeee47] Don't refer to paths containing thunderbird (Closes: #486617) + * [52a202a] New upstream version 17.0.2 + * [fa07537] Allow webrtc to build on more architectures. + Thanks to Mike Hommey and Christoph Göhre + + -- Guido Günther <agx@sigxcpu.org> Fri, 11 Jan 2013 17:37:46 +0100 + +icedove (17.0.2-1~1) experimental; urgency=low + + * [8911b88] Finally set Christoph as Maintainer. Thanks for your work + Alexander. + * [d456018] parallel build: Use number or available cores by default + * [daeee47] Don't refer to paths containing thunderbird (Closes: #486617) + * [52a202a] New upstream version 17.0.2 + * [fa07537] Allow webrtc to build on more architectures. + Thanks to Mike Hommey and Christoph Göhre + + -- Guido Günther <agx@sigxcpu.org> Fri, 11 Jan 2013 17:35:22 +0100 + +icedove (17.0-1) experimental; urgency=low + + [ Christoph Goehre ] + * [0b8ac79] replace transitional depens ttf-lyx with fonts-lyx + (Closes: #676505) + * [4473d67] fix typo in calendar-google-provider description + * [b3a57c0] rebuild patch queue from patch-queue branch + added patches: + porting/Another-fix-to-build-ipc-code-on-GNU-hurd-and-kfreeb.patch + + [ Jens Reyer ] + * [c0e30b6] clarify the relation between iceowl, lightning and sunbird + (Closes: #686206) + + [ Guido Günther ] + * [394b6a1] New upstream version 17.0 + * [a17c23f] Update patches. + The thunderbird-3-profile.patch got split into three since it + addresses different issues: + * Strip-version-number.patch + * Icedove-branding.patch + * Move-profile.patch + * [01eef04] Don't overwrite DEB_BUILD_OPTIONS + and drop dependency on essential package + + [ Ritesh Raj Sarraf ] + * [1ab9095] Add parallel build support + + -- Guido Günther <agx@sigxcpu.org> Sat, 24 Nov 2012 19:26:19 +0100 + +icedove (16.0.2-1) experimental; urgency=low + + [ Christoph Goehre ] + * [e94445f] cleanup source.filer file + * [33b9f4c] Imported Upstream version 12.0.1 + + [ Guido Günther ] + * [88a39e3] watch: only look for two digit versions since 3.1.20 lacks the + source/ dir + * [eb4f5c3] New upstream version 14.0 + * [b451442] Update patches for 14.0 + obsolete patches: + Avoid-libxpcom-being-excluded-from-linked-libraries-.patch + Bug-515232-Try-getting-general.useragent.locale-as-a.patch + Bug-696636-Block-OpenGL-1-drivers-explicitly-to-stee.patch + Bug-710972-Define-G_VARIANT_TYPE_STRING_ARRAY-when-b.patch + Bug-722127-Bump-required-libvpx-version-to-1.0.0.-r-.patch + Bug-728136-Port-bug-528687-to-comm-central.patch + Bug-728229-Allow-to-build-with-system-python-ply-lib.patch + Bug-729817-Allow-the-Nouveau-driver-with-Mesa-8.0.1-.patch + Bug-729817-Block-the-Nouveau-3D-driver-as-it-s-insta.patch + Bug-734335-Only-build-SPS-on-supported-platforms.patch + Revert-investigation-patch-for-bug-621446.patch + Bug-698923-Don-t-require-16-bytes-alignment-for-VMFr.patch + Bug-711353-Add-support-for-GNU-kFreeBSD-and-GNU-Hurd.patch + modified patches: + Add-another-preferences-directory-for-applications-p.patch + Do-build-time-detection-of-2-bytes-wchar_t-and-char1.patch + Don-t-build-example-component.patch + Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch + Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch + Gross-workaround-to-avoid-installing-test-idl-and-in.patch + Ignore-system-libjpeg-libpng-and-zlib-version-checki.patch + stop-configure-if-with-system-bz2-was-passed-but-no-.patch + Allow-.js-preference-files-to-set-locked-prefs-with-.patch + Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch + Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch + Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch + Link-libldap-against-libpthread.patch + Load-dependent-libraries-with-their-real-path-to-avo.patch + Properly-launch-applications-set-in-HOME-.mailcap.patch + Remove-the-js-shell-from-the-build-directory-during-.patch + fix-branding-in-migration-wizard-and-the-addon-manag.patch + fix-installdir.patch + save-a-copy-of-a-attached-file-when-sending-from-OOo.patch + thunderbird-3-profile.patch + Change-extension-s-name-to-Iceowl.patch + Add-xptcall-support-for-SH4-processors.patch + Allow-ipc-code-to-build-on-GNU-hurd.patch + Allow-ipc-code-to-build-on-GNU-kfreebsd.patch + Bug-703833-Avoid-invalid-conversion-from-const-size_.patch + Disable-optimization-on-alpha-for-the-url-classifier.patch + Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch + Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + Don-t-auto-disable-extensions-in-system-directories.patch + Set-javascript.options.showInConsole.patch + Allow-to-build-against-system-libffi.patch + * [907be61] Make sure we only match the generated files. Patch taken from + iceowl 1.5 package + * [772b9a0] Make system cairo work again. Patch taken from iceweasel. + * [0b6a8b3] Update + Add-another-preferences-directory-for-applications-p.patch to new method + name. + * [3395f21] Don't use APP_UA_NAME in application.ini since the replacement + fails and isn't needed. + * [6dea9fb] New upstream version 16.0.1 + * [664153d] Add README.source describing howto import new upstream versions + * [a653bd0] Adjust to upstream changes: + * stop-configure-if-with-system-bz2-was-passed-but-no-.patch + * [f088193] Add a proper patch header + * to Fix-build-failure-for-header.py-and-typelib.py.patch + so we don't lose the patch description. + * [268cca5] New upstream version 16.0.2 + * [a453a92] Rediff patches - no content changes + * [263bbeb] BUILD_OFFICIAL is now MOZILLA_OFFICIAL + * [a798e6b] Install dependentlibs.list to fix dlopen() of XPCOM + + [ Ritesh Raj Sarraf ] + * [f871ba9] Refresh patches. + Droped patches: + * fixes/Remove-the-js-shell-from-the-build-directory-during-.patch + * porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch + * fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch + * debian-hacks/Make-sure-we-only-match-the-generated-files.patch + * [9b02e4c] Refreshed patches for TB16 + * [dc83dd7] Fix build failure for header.py and typelib.py. + Earlier builds were passing the --cachedir option + Sometime during TB15, Mozilla changed that to variables. + This change was not passing the --cachedir option, hence the build + failure. This patch just hacks the build by passing the cachedir option + manually + + -- Guido Günther <agx@sigxcpu.org> Tue, 30 Oct 2012 22:05:49 +0100 + +icedove (11.0-1) experimental; urgency=low + + * [ffb767a] Imported Upstream version 11.0 (Closes: #663897) + * [2b75f48] relax optimize to -O1 on sparc to fix FTBFS + * [fa9a610] update build dependencies (Thanks to Mike) (Closes: #666722) + * [5b552f2] rebuild patch queue from patch-queue branch + added patches: + - fixes/Bug-710972-Define-G_VARIANT_TYPE_STRING_ARRAY-when-b.patch + - fixes/Bug-734335-Only-build-SPS-on-supported-platforms.patch + - fixes/Revert-investigation-patch-for-bug-621446.patch + modified patches: + - fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch + - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch + - icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch + obsolete patches (fixed upstream): + - debian-hacks/Fix-tracejit-to-build-against-nanojit-headers-in-dis.patch + - debian-hacks/Install-missing-nanojit-and-.tbl-headers-from-js-src.patch + - fixes/Bug-710268-Sign-NSS-libraries-only-when-they-exist-r.patch + - fixes/Fixup-bz-730195-for-Linux-ARM-use-_URC_FOREIGN_EXCEP.patch + - fixes/mozilla-config.h-was-renamed-js-confdefs.h-in-js-src.patch + - fixes/Remove-generated-files-from-js-src-during-make-distc.patch + - porting/Bug-703531-Fix-ARMAssembler-getOp2RegScale-on-ARMv5.patch + - porting/Bug-703534-Fix-build-failure-on-platforms-without-YA.patch + - porting/Bug-703842-Avoid-R_SPARC_WDISP22-relocation-in-Tramp.patch + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 18 Apr 2012 18:36:31 +0200 + +icedove (10.0.3-2) unstable; urgency=low + + [ Christoph Goehre ] + * [1223204] bump up standards version to 3.9.3 + + [ Guido Günther ] + * [7d7b5f5] Don't put symlinks into iceowl/extensions + + [ Christoph Goehre ] + * [94c07e5] update copyright file + * [88098a8] GNOME 3 integration: Use GIO instead of deprecated GnomeVFS. + Thanks to Michael Biebl <biebl@debian.org> (Closes: #658688) + * [9543fd1] add build depends python + * [ec62dcb] build a debug package, if DEB_BUILD_OPTIONS contains 'debug' + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 27 Mar 2012 18:21:52 +0200 + +icedove (10.0.3-1) unstable; urgency=low + + [ Christoph Goehre ] + * [ee4b49c] adjust source.filter list + * [b5f3064] New Upstream version 10.0.3 (Closes: #661115, #663897) + * [fd35da8] build against system python-ply + * [4964bb2] build against system libreadline + * [5412685] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/Don-t-build-example-component.patch + - fixes/Bug-515232-Try-getting-general.useragent.locale-as-a.patch + - fixes/Bug-628252-os2.cc-fails-to-compile-against-GCC-4.6-m.patch + - fixes/Bug-691898-Use-YARR-interpreter-instead-of-PCRE-on-p.patch + - fixes/Bug-696636-Block-OpenGL-1-drivers-explicitly-to-stee.patch + - fixes/Bug-710268-Sign-NSS-libraries-only-when-they-exist-r.patch + - fixes/Bug-720682-Don-t-crash-an-app-using-libxul-because-o.patch + - fixes/Bug-722127-Bump-required-libvpx-version-to-1.0.0.-r-.patch + - fixes/Bug-728136-Port-bug-528687-to-comm-central.patch + - fixes/Bug-728229-Allow-to-build-with-system-python-ply-lib.patch + - fixes/Bug-729817-Allow-the-Nouveau-driver-with-Mesa-8.0.1-.patch + - fixes/Bug-729817-Block-the-Nouveau-3D-driver-as-it-s-insta.patch + - fixes/Fixup-bz-730195-for-Linux-ARM-use-_URC_FOREIGN_EXCEP.patch + - fixes/Include-cstdlib-in-gfx-angle-src-compiler-Types.h-fo.patch + - fixes/Link-libldap-against-libpthread.patch + - fixes/Load-dependent-libraries-with-their-real-path-to-avo.patch + - porting/Bug-703534-Fix-build-failure-on-platforms-without-YA.patch + - prefs/Don-t-auto-disable-extensions-in-system-directories.patch + (Closes: #648712) + modified patches: + - debian-hacks/Install-missing-nanojit-and-.tbl-headers-from-js-src.patch + - fixes/Allow-.js-preference-files-to-set-locked-prefs-with-.patch + - fixes/Properly-launch-applications-set-in-HOME-.mailcap.patch + - icedove/fix-branding-in-migration-wizard-and-the-addon-manag.patch + - porting/Allow-ipc-code-to-build-on-GNU-hurd.patch + - porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch + - prefs/Set-javascript.options.showInConsole.patch + obsolete patches (fixed upstream): + - debian-hacks/get-ride-of-default-debian-hardering-options.patch + - iceowl/Install-calendar-timezones-mode-0644-not-0755.patch + - porting/Add-mips-hppa-ia64-s390-and-sparc-defines-in-ipc-chr.patch + - porting/Bug-680917-Use-a-pool-size-of-16kB-on-ia64-for-bump-.patch + - porting/Bug-694533-LDRH-STRH-LDRSB-STRSB-are-supported-on-AR.patch + - porting/Bug-696393-Reimplement-NS_InvokeByIndex-in-C-on-S390.patch + - porting/Revert-bz-164580.patch + + [ Michael Biebl ] + * [c0a3ee2] Install chrome.manifest file to ensure the various components + (like GNOME support module) are correctly loaded. (Closes: #658479) + + [ Christoph Goehre ] + * [02687fc] adjust install/link files for new upstream + * [b551d6a] omni.jar was renamed to omni.ja + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 24 Mar 2012 23:10:47 +0100 + +icedove (9.0.1-1) experimental; urgency=low + + * [e2002b8] New Upstream version 9.0.1 (Closes: #653266, #653556) + * [9c14e8b] replace dfsg cleanup script with Mike's repack.py + * [2a34bd8] rebuild patch queue from patch-queue branch + added patches: + - porting/Bug-698923-Don-t-require-16-bytes-alignment-for-VMFr.patch + - porting/Bug-703531-Fix-ARMAssembler-getOp2RegScale-on-ARMv5.patch + - porting/Bug-703833-Avoid-invalid-conversion-from-const-size_.patch + - porting/Bug-703842-Avoid-R_SPARC_WDISP22-relocation-in-Tramp.patch + - porting/Bug-711353-Add-support-for-GNU-kFreeBSD-and-GNU-Hurd.patch + - porting/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch + * [03ed85d] remove Build-Depends python-ply, it's shipped and searched in + mozilla/other-licenses + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 24 Jan 2012 19:13:30 +0100 + +icedove (8.0-2) unstable; urgency=low + + * Upload to unstable + * [b02c21d] fix crash in xpcshell on sparc linux + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 04 Jan 2012 18:09:14 +0100 + +icedove (8.0-1) experimental; urgency=low + + [ Guido Günther ] + * [17a7a80] Add x-scheme-handler/mailto to. Thanks to Michael Biebl for the + patch (Closes: #645556) + + [ Christoph Goehre ] + * [4066038] New Upstream version 8.0 + * [aa9105e] update autoconfig for e-mail accounts from riseup.net + (Closes: #648907) + * [decc1ac] fix wrong description text in iceowl-extension (Closes: #649073) + * [c97dda6] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/Statically-link-jemalloc-to-all-programs.patch + - fixes/Bug-670719-Only-add-DENABLE_JIT-1-to-CXXFLAGS-if-any.patch + - fixes/Bug-680642-Don-t-enable-YARR-JIT-on-MIPS-as-the-impl.patch + - porting/Bug-589735-Allocate-memory-with-an-address-with-high.patch + - porting/Bug-589735-Allow-static-JS-strings-to-be-turned-off-.patch + - porting/Bug-680917-Use-a-pool-size-of-16kB-on-ia64-for-bump-.patch + - porting/Bug-694533-LDRH-STRH-LDRSB-STRSB-are-supported-on-AR.patch + - porting/Bug-696393-Reimplement-NS_InvokeByIndex-in-C-on-S390.patch + - porting/Revert-bz-164580.patch + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 20 Nov 2011 19:58:37 +0100 + +icedove (8.0~b4-2) experimental; urgency=low + + [ Guido Günther ] + * [5d043ec] Install calendar extension + * [07feb49] Change extension's name to Iceowl + * [c597212] iceowl-extension: don't ignore errors in postinst + * [30ec51d] Disable patch numbers + * [73f80ed] Don't install timezones file mode 0755 + + [ Christoph Goehre ] + * [0fa13be] remove duplicate build depends unzip + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 08 Nov 2011 22:29:19 +0100 + +icedove (8.0~b4-1) experimental; urgency=low + + * [4e90977] New Upstream Version 8.0b4 (Closes: #591771, #638161) + * [955423a] replace duplicate .so files in icedove and icedove-dev with + symlinks + * [6ffb325] remove obsolete cdbs rule to extract tarball + * [f98837b] build against libnotify4 (libnotify-dev >= 0.7)(Closes: #637194) + * [66f72bc] Build-depend on libjpeg-dev instead of libjpeg62-dev + * [8af21a2] rebuild patch queue from patch-queue branch + added patches: + - debian-hacks/get-ride-of-default-debian-hardering-options.patch + - fixes/packager-fails-when-MOZILLA_DIR-is-a-relative-path.patch + modified patches: + - icedove/save-a-copy-of-a-attached-file-when-sending-from-OOo.patch + obsolete patches (fixed upstream): + - debian-hacks/bzXXX-ftbfs-static-with-system-hunspell.patch + - fixes/Bug-626035-Modify-the-way-arm-compiler-flags-are-set.patch + - fixes/Bug-639554-Install-sdk-bin-with-make-install.-r-bsme.patch + - fixes/Bug-640494-part-1-Get-rid-of-STL-algorithm-use-in-js.patch + - fixes/Bug-640494-part-2-Use-bitwise-operations-in-JSDOUBLE.patch + - fixes/Bug-652139-Use-an-integer-type-in-DocumentViewerImpl.patch + - fixes/Bug-662224-Define-NS_ATTR_MALLOC-and-NS_WARN_UNUSED_.patch + - fixes/Bug-668906-Do-not-call-openUnsharedDatabase-with-a-n.patch + - fixes/Bug-671564-Initialize-NS_XPCOM_LIBRARY_FILE-from-NS_.patch + - fixes/Disable-building-embedded-libjpeg-turbo-when-buildin.patch + - porting/Allow-to-build-yuv_convert_arm.cpp-on-armv4t.patch + - porting/Bug-638056-Avoid-The-cacheFlush-support-is-missing-o.patch + - porting/Fix-FTBFS-in-IPC-on-Linux-PPC.patch + - porting/Fix-FTBFS-in-xpcom-base-on-armv4t.patch + - system-libs/libxul-linking-error-with-enable-system-ffi-and-stat.patch + * [5f6e50f] add Japanese translation for desktop menu entry. Thanks to + Hideki Yamane <henrich@debian.org> (Closes: #640679) + * [591f76c] add build depends unzip + * [0af372f] remove upstream integrated CFLAGS and CXXFLAGS '-g -std=gnu++0x' + * [a4c8b2f] adjust install and links file to new upstream + * [332b7a8] Revert "override libtheora embedded-library error" no longer + needed + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 05 Nov 2011 20:31:29 +0100 + +icedove (5.0-2) experimental; urgency=low + + * [7f92927] fix FTBFS on ia64: use gcc with -O2 instead of -Os + * [b6b8dea] Disable methodjit on armel + * [5b45336] remove obsolete conffiles with dpkg-maintscript-helper + (Closes: #636819) + * [868cfa3] rebuild patch queue from patch-queue branch + added patches: + - porting/Allow-ipc-code-to-build-on-GNU-hurd.patch - fix building on + GNU/hurd - Thanks to Pino Toscano + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 07 Aug 2011 15:35:09 +0200 + +icedove (5.0-1) experimental; urgency=low + + * New Upstream Version (Closes: #632037) + * [98c5a8f] build against libffi and libvpx + * [52dff12] build javascript lib as shared library + * [6f1c24d] build against mozilla png library + * [9e16beb] c-sdk moved from directory/sdks/c-sdk to ldap/sdks/c-sdk + * [57763a0] override libtheora embedded-library error + * [fc71b62] adjust install/links files for new upstream version + * [6e83a58] Revert "lintian: override ancient-libtool warning" override no + longer needed + * [d65b463] change hardcoded list of non-Linux build depends into linux-any + (Closes: #634301) + * [ff3a8f3] remove file compare in build run + * [a21efa9] add branding for icedove 5.0 + * [7023939] update porting/Fix-FTBFS-in-xpcom-base-on-armv4t.patch - fix + building on armhf + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 03 Aug 2011 18:25:17 +0200 + +icedove (3.1.11-1) unstable; urgency=high + + * New Upstream Version + - MFSA 2011-19 aka CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, + CVE-2011-2376: + Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) + - MFSA 2011-20 aka CVE-2011-2373: Use-after-free vulnerability when + viewing XUL document with script disabled + - MFSA 2011-21 aka CVE-2011-2377: Memory corruption due to + multipart/x-mixed-replace images + - MFSA 2011-22 aka CVE-2011-2371: Integer overflow and arbitrary code + execution in Array.reduceRight() + - MFSA 2011-23 aka CVE-2011-0083, CVE-2011-0085, CVE-2011-2363: + Multiple dangling pointer vulnerabilities + - MFSA 2011-24 aka CVE-2011-2362: Cookie isolation error + * [2a82ce8] DM-Upload-Allowed is superfluous since I'm DD + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 26 Jun 2011 10:35:31 +0200 + +icedove (3.1.10-2) unstable; urgency=low + + * [de81b7f] remove obsolete build depends libxp-dev (Closes: #623668) + * [633782d] change DEB_HOST_MULTIARCH back to DEB_HOST_GNU_TYPE and + downgrade sqlite version (Closes: #627598) + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 06 Jun 2011 20:53:54 +0200 + +icedove (3.1.10-1) unstable; urgency=high + + * New Upstream Version (Closes: #625207) + - MFSA 2011-12 aka CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, + CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, + CVE-2011-0078, CVE-2011-0080, CVE-2011-0081: + Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19) + - MFSA 2011-16 aka CVE-2011-0071: Directory traversal in resource: protocol + * [78e0217] build against system libbz2 + * [e6af761] build against system libpng + * [4b57c30] build against system libhunspell + * [937f0bd] double check to build against most system libraries + * [d6de723] rebuild patch queue from patch-queue branch + added patches (Closes: #624969): + - 0072-fix-building-with-gcc-4.6-Add-constructor-to-placate.patch + - 0073-fix-building-with-gcc-4.6-os2.cc-missing-include-cst.patch + - 0074-Add-constructor-for-nsCaseInsensitiveStringComparato.patch + - 0075-Add-constructor-for-nsXULAppInfo-which-inherits-from.patch + - 0076-Add-constructor-for-GTKEmbedDirectoryProvider.patch + modified patches: + - 0056-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch + obsolete patches (fixed upstream): + - 0051-Do-exec-instead-of-uselessly-forking-in-xulrunner-la.patch + - 0072-Add-support-for-libnotify-0.7.patch + * [e190ef1] bump up standards version to 3.9.2 (change DEB_HOST_GNU_TYPE to + DEB_HOST_MULTIARCH) + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 10 May 2011 20:03:04 +0200 + +icedove (3.1.9-2) unstable; urgency=low + + * Upload to unstable + * [ace3b6f] rebuild patch queue from patch-queue branch + added patches: + - 0072-Add-support-for-libnotify-0.7.patch + * [910f213] use DEP5 for copyright file + * [3ae4c8b] set global section to 'mail' + * [42c9c89] icedove.1: icedove is derived from Thunderbird instead of + Mozilla suite + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 02 Apr 2011 09:43:04 +0200 + +icedove (3.1.9-1) experimental; urgency=low + + * New Upstream Version + - MFSA 2011-01 aka CVE-2011-0053, CVE-2011-0062: Miscellaneous memory + safety hazards (rv:1.9.2.14/ 1.9.1.17) + - MFSA 2011-08 aka CVE-2010-1585: ParanoidFragmentSink allows javascript: + URLs in chrome documents + - MFSA 2011-09 aka CVE-2011-0061: Crash caused by corrupted JPEG image + * [699536a] rebuild patch queue from patch-queue branch + added patches: + - 0069-save-a-copy-of-a-attached-file-when-sending-from-OOo.patch + (Closes: #505875) + - 0070-News-article-is-empty-if-selected-during-download-fr.patch + (Closes: #487494) + - 0071-restore-icedove-on-login-by-session-management.patch + (Closes: #403458) + modified patches: + - 0003-no_dynamic_nss_softokn.patch + - 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + - 0030-Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch + * [98d8ac0] c-sdk move to sdks/c-sdk - adjust + debian/{copyright,remove.nonfree,rules} + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 09 Mar 2011 20:21:59 +0100 + +icedove (3.1.7-1) experimental; urgency=low + + * New Upstream Version (Closes: #606977) + - MFSA 2010-74 aka CVE-2010-3776, CVE-2010-3777: Miscellaneous memory + safety hazards (rv:1.9.2.13/ 1.9.1.16) + - MFSA 2010-75 aka CVE-2010-3769: Buffer overflow while line breaking + after document.write with long string + - MFSA 2010-78 aka CVE-2010-3768: Add support for OTS font sanitizer + * [46e3e8a] rebuild patch queue from patch-queue branch + added patches: + - 0068-fix-forwarding-of-Simple-HTML-email.patch + obsolete patches (fixed upstream): + - 0017-Implement-sync_instruction_memory-for-sparc-linux.patch + - 0059-Fix-startup-problem-with-symlinked-components-e.g.-e.patch + * [9fcce0c] add license info for gfx/ots + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 13 Dec 2010 17:59:50 +0100 + +icedove (3.1.6-1) experimental; urgency=low + + * New Upstream Version (Closes: #601334) + - MFSA 2010-64 aka CVE-2010-3175, CVE-2010-3176: Miscellaneous memory + safety hazards (rv:1.9.2.11/ 1.9.1.14) + - MFSA 2010-65 aka CVE-2010-3179: Buffer overflow and memory corruption + using document.write + - MFSA 2010-66 aka CVE-2010-3180: Use-after-free error in nsBarProp + - MFSA 2010-67 aka CVE-2010-3183: Dangling pointer vulnerability in + LookupGetterOrSetter + - MFSA 2010-69 aka CVE-2010-3178: Cross-site information disclosure via + modal calls + - MFSA 2010-71 aka CVE-2010-3182: Unsafe library loading vulnerabilities + - MFSA 2010-73 aka CVE-2010-3765: Heap buffer overflow mixing + document.write and DOM insertion + * [270fd51] rebuild patch queue from patch-queue branch + added patches: + - 0069-Use-errno.ENOENT-instead-of-2-in-JarMaker.py.patch + modified patches: + - 0009-fix-branding-in-migration-wizard-and-the-addon-manag.patch + * [24421f4] bump build depends for libnspr4-dev, libnss3-dev and + libsqlite3-dev + + -- Christoph Goehre <chris@sigxcpu.org> Wed, 10 Nov 2010 07:11:17 +0100 + +icedove (3.1.4-1) experimental; urgency=low + + * New Upstream Version + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 18 Sep 2010 18:25:37 +0200 + +icedove (3.1.3-1) experimental; urgency=low + + * New Upstream Version + - MFSA 2010-49 aka CVE-2010-3169: Miscellaneous memory safety hazards + (rv:1.9.2.9/ 1.9.1.12) + - MFSA 2010-50 aka CVE-2010-2765: Frameset integer overflow vulnerability + - MFSA 2010-51 aka CVE-2010-2767: Dangling pointer vulnerability using DOM + plugin array + - MFSA 2010-53 aka CVE-2010-3166: Heap buffer overflow in + nsTextFrameUtils::TransformText + - MFSA 2010-54 aka CVE-2010-2760: Dangling pointer vulnerability in + nsTreeSelection + - MFSA 2010-55 aka CVE-2010-3168: XUL tree removal crash and remote code + execution + - MFSA 2010-56 aka CVE-2010-3167: Dangling pointer vulnerability in + nsTreeContentView + - MFSA 2010-57 aka CVE-2010-2766: Crash and remote code execution in + normalizeDocument + - MFSA 2010-59 aka CVE-2010-2762: SJOW creates scope chains ending in + outer object + - MFSA 2010-61 aka CVE-2010-2768: UTF-7 XSS by overriding document charset + using <object> type attribute + - MFSA 2010-62 aka CVE-2010-2769: Copy-and-paste or drag-and-drop into + designMode document allows XSS + - MFSA 2010-63 aka CVE-2010-2764: Information leak via XMLHttpRequest + statusText + * [9a03eb1] rebuild patch queue from patch-queue branch + added patches: + - 0060-fix-FTBFS-on-hurd.patch (Closes: #595665) + - 0061-Enable-x64-JIT-backend-by-default.patch + - 0062-Fix-unaligned-reads-in-qcms.patch + - 0063-Import-js-src-nanojit-njcpudetect.h.patch + - 0064-Use-clz-on-android-even-for-armv5-target.patch + - 0065-Fix-ARM-verbose-assembly-output-for-BLX.patch + - 0066-Get-rid-of-blx_lr_bug.patch + - 0067-Avoid-some-ARM-CPU-arch-related-runtime-tests-depend.patch + - 0068-ARMv4T-support-for-nanojit.patch + + -- Christoph Goehre <chris@sigxcpu.org> Tue, 14 Sep 2010 13:41:19 +0200 + +icedove (3.1.2-2) experimental; urgency=low + + * [e1435dc] rebuild patch queue from patch-queue branch + added patches: + - 0060-Fix-startup-problem-with-symlinked-components-e.g.-e.patch + (Closes: #592531) + modified patches: + - 0048-Add-nanojit-support-for-ARMv4T.patch - Fix FTBFS on armel + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 21 Aug 2010 14:51:03 +0200 + +icedove (3.1.2-1) experimental; urgency=low + + * New Upstream Version (Closes: #589666, #591899) + - MFSA 2010-34 aka CVE-2010-1211, CVE-2010-1212: Miscellaneous memory + safety hazards (rv:1.9.2.7/ 1.9.1.11) + - MFSA 2010-38 aka CVE-2010-1215: Arbitrary code execution using SJOW and + fast native function + - MFSA 2010-39 aka CVE-2010-2752: nsCSSValue::Array index integer overflow + - MFSA 2010-40 aka CVE-2010-2753: nsTreeSelection dangling pointer remote + code execution vulnerability + - MFSA 2010-41 aka CVE-2010-1205: Remote code execution using malformed PNG + image + - MFSA 2010-42 aka CVE-2010-1213: Cross-origin data disclosure via Web + Workers and importScripts + - MFSA 2010-43 aka CVE-2010-1207: Same-origin bypass using canvas context + - MFSA 2010-44 aka CVE-2010-1210: Characters mapped to U+FFFD in 8 bit + encodings cause subsequent character to vanish + - MFSA 2010-46 aka CVE-2010-0654: Cross-domain data theft using CSS + - MFSA 2010-47 aka CVE-2010-2754: Cross-origin data leakage from script + filename in error messages + * [6b9976e] rebuild patch queue from patch-queue branch + modified patches: + - 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + - 0015-Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch + - 0018-Work-around-FTBFS-on-mips-by-disabling-TLS-support.patch + - 0034-Fix-compiler-errors-with-g-4.4-with-std-gnu-0x.patch + - 0045-Expose-fullpath-from-nsIPluginTag.patch + - 0047-Use-syscall-for-mmap-and-munmap-and-disable-ncpus-in.patch + - 0050-Set-javascript.options.showInConsole.patch + - 0057-Allow-to-build-against-system-libffi.patch + - 0058-Ignore-system-libjpeg-libpng-and-zlib-version-checki.patch + - 0059-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch + * [16b0e7e] fix FTBFS on kfreebsd-* and hurd-i386 by passing + --disable-necko-wifi to configure (Closes: #589476) + * [15a02c7] bump up standards version to 3.9.1 + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 13 Aug 2010 12:18:21 +0200 + +icedove (3.1-1) experimental; urgency=low + + * New Upstream Version + * [124a316] add additional build depends libnotify-dev + * [5ed6a72] adjust branding for Icedove 3.1 + * [bed8969] install further js files shipped with Icedove 3.1 + * [02456e6] replace blue icedove icons with green version + * [036921f] regenerate patch queue for 3.1 Icedove release + * [a7fa393] build with system ffi + * [d8650f7] ship icedove svg file for low resolution icons too + * [7718c55] bump Standards Version to 3.9.0 and downgrade Conflicts to + Breaks + * [9621fc6] lintian: override ancient-libtool warning + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 17 Jul 2010 17:19:58 +0200 + +icedove (3.0.5-1) unstable; urgency=low + + * New Upstream Version + - MFSA 2010-25 aka CVE-2010-1121: Re-use of freed object due to scope + confusion + - MFSA 2010-26 aka CVE-2010-1200, CVE-2010-1201, CVE-2010-1202: Crashes + with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10) + - MFSA 2010-29 aka CVE-2010-1196: Heap buffer overflow in + nsGenericDOMDataNode::SetTextInternal + - MFSA 2010-30 aka CVE-2010-1199: Integer Overflow in XSLT Node Sorting + * [9774410] rebuild patch queue from patch-queue branch + added patches: + - 0045-Fix-misalignments-in-help-command-line.patch + - 0046-Fix-misalignments-in-help-command-line.patch + - 0047-KDE-Gnome-startup-notification-not-disappearing-when.patch + - 0048-KDE-Gnome-startup-notification-not-disappearing-for-.patch + - 0049-Use-char16_t-when-available-and-when-it-is-don-t-tes.patch + - 0050-Fix-compiler-errors-with-g-4.4-with-std-gnu-0x.patch + - 0051-Add-xptcall-support-for-SH4-processors.patch + modified patches: + - 0028-Avoid-crashing-when-trying-to-kill-a-nsProcess-that-.patch + obsolete patches (fixed upstream): + - 0021-Avoid-creating-the-updates-directory-when-update-ser.patch + - 0035-Fix-stack-alignment-on-function-calls-in-JIT-on-ARM.patch + * [3b98c84] avoid unneeded package depends by building with + '-Wl,--as-needed' + * [0067020] Build with -std=gnu++0x + * [72d4300] add pkg-config file for icedove (Closes: #577740) + * [e6af35d] enlarge package description with specification from icedove 2.0 + (Closes: #565887) + * [ef0bc10] add support for new Debian arch: powerpcspe (Closes: #586100) - + thanks to Sebastian Andrzej Siewior + * [5ae6099] use high bandwidth server in watch file to get new upstream + release + * [5e6d641] remove obsolete build depends libkrb5-dev + * [8ed7848] remove unused DEBIAN_VERSION vars in rules file + * [9959bd5] DEB_HOST_GNU_TYPE, DEB_BUILD_GNU_TYPE and DEB_BUILD_ARCH are + defined by cdbs too + * [9f6c088] Fix misalignments in --help command line + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 19 Jun 2010 23:26:55 +0200 + +icedove (3.0.4-3) unstable; urgency=low + + * [4026b50] icedove-dev need depend on libnspr4-dev and libnss3-dev + (Closes: #455725) + * [1fee936] don't run configure with --enable-optimize and --disable- + optimize if DEB_BUILD_OPTIONS contains noopt + * [02c0ea3] ship account autoconfig file for Riseup Networks (riseup.net) + (Closes: #577616) + * [e710d08] suggest libgssapi-krb5-2 for Kerberos login possibility + * [7609291] build a shared icedove binary. This avoid crashes because of + mixed functions from system and icedove itself (e.g. str2charray from + libldap_r-2.4.so.2 and libldap60.so). (Closes: #578916) + * [68f4b49] downgrade gnome stuff from Recommends to Suggests + (Closes: #579714) + * [bcff10b] install mailViews.dat into usr/share/icedove/defaults/messenger + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 14 May 2010 22:21:32 +0200 + +icedove (3.0.4-2) unstable; urgency=low + + * [57f0a8b] remove icedove-3.0 transitional package (Closes: #576741) + * [8008231] remove wrong mime types in desktop file + * [a12edde] set StartupWMClass in desktop file to Icedove-bin + * [7512224] extend package description of icedove, icedove-dev and + icedove-dbg + * [7e725b9] fix FTBFS on alpha by passing '-Wl,--no-relax' to gcc + * [92d3515] Switch to dpkg-source 3.0 (quilt) format + * [14d5894] rebuild patch queue from patch-queue branch + added patches: + - 0046-add-missing-headers-for-icedove-dev-package.patch (Closes: #577021) + modified patches: + - 0012-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + - 0020-Work-around-FTBFS-on-mips-by-disabling-TLS-support.patch + * [2cdd850] remove obsolete thunderbird 3.0a1pre postinst stuff + * [443f44b] process directory/c-sdk/configure with autoconf too + * [66c2f65] remove obsolete build depends librsvg2-bin and patchutils + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 11 Apr 2010 12:44:26 +0200 + +icedove (3.0.4-1) unstable; urgency=low + + [ Guido Günther ] + * [01983a4] Add missing message/rfc822 mime type for eml files + (Closes: #574528) + + [ Christoph Goehre ] + * New Upstream Version fixes: + - MFSA 2010-16 aka CVE-2010-0173, CVE-2010-0174: Crashes with evidence of + memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19) + - MFSA 2010-17 aka CVE-2010-0175: Remote code execution with + use-after-free in nsTreeSelection + - MFSA 2010-18 aka CVE-2010-0176: Dangling pointer vulnerability in + nsTreeContentView + - MFSA 2010-22 aka CVE-2009-3555: Update NSS to support TLS renegotiation + indication + - MFSA 2010-24 aka CVE-2010-0182: XMLDocument::load() doesn't check + nsIContentPolicy + * upload icedove 3 to unstable (Closes: #401848, #422886, #425497, #430644, + #483550, #495522, #501113, #552617, #574188) + * rebuild patch queue from patch-queue branch: + added patches: + - 0044-don-t-remove-xpt-tools.patch + - 0045-Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch + modified patches: + - 0011-fix-branding-in-migration-wizard-and-the-addon-manag.patch + - 0012-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch + - 0030-Force-better-nsAutoT-Ptr-Array-buffer-alignment.patch + - 0035-Fix-stack-alignment-on-function-calls-in-JIT-on-ARM.patch + obsolete patches (fixed upstream): + - 0021-Fix-crash-with-SwitchProxy-installed.patch + - 0023-Don-t-remove-build-automationutils.py-on-make-clean.patch + - 0039-Don-t-show-the-SVG-output-option-in-the-print-dialog.patch + * [a7f3529] Revert "disable prefetch service". This bug was already fixed in + 3.0.2 (CVE-2009-4629) and 'network.prefetch-next' has no effect in + icedove. + * [fecc0b4] install versioned build depends instead of checking on build + time + * [4806890] enable building of icedove-dev package + * [412b8ac] be more explicit on installing file into icedove package + * [23b1d4b] depends on newer version of libnspr4-dev and libnss3-dev + * [809c723] lintian: idl files didn't need to be executable + * [ecd284e] lintian: add ${shlibs:Depends} to icedove-dev package + * [da75ee2] replace/remove non-free searchplugin icons and doubtful + origin file in mozilla folder (Closes: #567917) + * [eaf405e] update /usr/lib/icedove/dictionaries symlink to point to + /usr/share/hunspell + * [fe362ba] describe profile renaming on update to icedove 3.0 + (Closes: #566329) + + -- Christoph Goehre <chris@sigxcpu.org> Mon, 05 Apr 2010 21:11:42 +0200 + +icedove (3.0.3-1) experimental; urgency=low + + * New Upstream Version fixes: + - missing folders or empty folder pane after updating to version 3.0.2 + * [a69cdfd] rebuild patches from patch-queue: + - additional fix for FTBFS on kfreeBSD + * [e4bffd4] disable prefetch service (Closes: #572789) + * [3838bbe] branding files shouldn't be executable + * [3dc6688] add missing newline in logo license file + + -- Christoph Goehre <chris@sigxcpu.org> Sat, 06 Mar 2010 21:48:50 +0100 + +icedove (3.0.2-1) experimental; urgency=low + + * New Upstream Version fixes: + - MFSA 2010-01 aka CVE-2010-0159: Crashes with evidence of memory + corruption (rv:1.9.1.8/ 1.9.0.18) + - MFSA 2010-03 aka CVE-2009-1571: Use-after-free crash in HTML parser + * [1fd705f] install menu file (Closes: #569166) + * [8df3f99] generate desktop files at build process + * [5b0bb84] add icedove branding logos + * [1ef1c10] copyright explanation of icedove artwork (Closes: #406849) + * [6cdc0b0] remove forgotten firefox branding icons (Closes: #567917) + * [cec6a38] swedish translation for desktop file (Closes: #420050) + * [0256328] readd translation for desktop file + * [20311f4] rebuild patches (most patches from Mike Hommey) + - fix FTBFS on kFreeBSD, hppa, mips + - stability patched for mips, alpha, sparc, ppc and arm + - really cleanup build directory on 'make clean/distclean' + - allow intl.locale.matchOS to be modified in user profile + * [0098f90] write manpage for icedove (Closes: #425490, #487493) + * [fbccfaa] no longer suggest libthai0 (Closes: #524436) + * [26d3e39] change suggests from transitional package latex-xft-fonts + to ttf-lyx (Closes: #539535) + * [e24801a] improve desktop file (remove deprecated items and + warnings/errors) + * [68885c4] bump up standards version to 3.8.4 + * [df39ede] use xpm icon in menu file to calm lintian + * [8303887] adjust sqlite version to new upstream dependency + + -- Christoph Goehre <chris@sigxcpu.org> Sun, 28 Feb 2010 18:19:13 +0100 + +icedove (3.0.1-2) experimental; urgency=low + + [ Guido Günther ] + * [7ea7367] Explicitly pass build and host type to configure (Closes: + #546011) - thanks to Sven Joachim <svenjoac@gmx.de> for the patch + * [7fca9e1] Add back icedove changelog of earlier versions + + [ Christoph Goehre ] + * [72b78cc] Support both - and _ separators in dictionary names - patch from + Reed Loden + * [9a96759] fix branding in migration wizard and the addon manager (Closes: + #565559)- patch from Edward J. Shornock + + -- Christoph Goehre <christoph.goehre@gmx.de> Tue, 02 Feb 2010 20:32:24 +0100 + +icedove (3.0.1-1) experimental; urgency=low + + * New Upstream Version + * [8a2f5dc] define default options for git-import-orig + * [ac65b1b] refresh debian patches + * [851c5dc] rename binary packages to icedove (without version number) + * [6e12d1b] adjust cairo version to 1.8.8 + * [cd7cd6f] moving the old profile dir instead of copy + * [c342380] replace theme directory always by link to /usr/share if we + update to version 3 + * [c88eaa7] expansion of lib{dbusservice,mozgnome,nkgnomevfs}.so didn't work + with dpkg-shlibdeps - lets use the '-e' switch + + -- Christoph Goehre <chris@sigxcpu.org> Thu, 21 Jan 2010 20:53:57 +0100 + +icedove (3.0-2) experimental; urgency=low + + * [f07e702] Add Replaces for icedove-gnome-support + * [72e66e7] Fix typo + + -- Guido Günther <agx@sigxcpu.org> Fri, 08 Jan 2010 16:05:10 +0100 + +icedove (3.0-1) experimental; urgency=low + + * Final upstream version without any source code changes against RC2 + + [ Guido Günther ] + * [77d611e] Add Vcs-{Git,Browser} + * [ec7ddd6] Move VCS to where they belong + + [ Christoph Goehre ] + * [524d1f5] don't hardcode $MOZ_APP_NAME in Makefile.in file + * [0407ff3] mailclient bin called now $DEB_MOZ_APPLICATION + * [e6040b5] merge icedove-3.0-gnome-support into icedove-3.0 package + * [07417e0] install default theme and components/*.js into + /usr/share/icedove-3.0 + * [3d37478] add missed components files + * [f09cfad] add another preferences directory for applications: + preferences/syspref - thanks to Mike Hommey + * [d92e265] install debian config into /etc/icedove-3.0/pref and link + into defaults/syspref + * [18a886b] disable application update + * [76ea38a] let lockPref() in .js files work - thanks to Mike Hommey + * [e44133e] gnome-default-mail-client: check for MOZ_APP_NAME instead + for hardcoded 'thunderbird' + * [8573c8d] set DM-Upload-Allowed to yes + * [1c63920] install modules directory into /usr/share/icedove-3.0 + * [3a85ac6] add gbp.conf for easier package build with + git-buildpackage + * [7feb54a] add watch file + * [e0a1624] document how to clean upstream source code + + -- Christoph Goehre <chris@sigxcpu.org> Fri, 08 Jan 2010 10:42:09 +0100 + +icedove (3.0~rc2-2) experimental; urgency=low + + [ Christoph Goehre ] + * [5b7992b] rename source package to unversioned name + * [cde3507] change Maintainer back to asac, add Uploaders Guido and me + * [978c58d] disable icedove-3.0-dev package build for now until it is fixed + upstream + * Upstream is identical to 3.0 final + + -- Guido Günther <agx@sigxcpu.org> Thu, 17 Dec 2009 18:36:58 +0100 + +icedove-3.0 (3.0~rc2-1) experimental; urgency=low + + [ Christoph Goehre ] + * New Upstream Version (RC2) + - fixes 494014, 516950, 531278, 531502 in Mozilla Bugzilla + * [fc3fa5c] Revert "mark icedove-3.0-dev as transitional package for + xulrunner-dev" + + [ Guido Günther ] + * [51c1cca] Bump standards version + * [5e2a53c] Refer to versioned license + * [171f382] s/explicitely/explicitly/ + + -- Christoph Goehre <christoph.goehre@gmx.de> Tue, 08 Dec 2009 18:46:28 +0100 + +icedove-3.0 (3.0~rc1-1) experimental; urgency=low + + * New Upstream Version (RC1) + * [cce57db] ship extracted upstream tarball in orig file + * [ee7677f] remove obsolet licence fix + * [7051ca8] install TB_ICON only once + * [4f20bb1] add unbranded preview theme icon + * [0002285] install non-binary stuff in /usr/share and link it into + /usr/lib + * [c9ce50f] get right of system myspell + * [5c96edf] remove version check for hunspell in debian/rules + * [13b57a3] mark icedove-3.0-dev as transitional package for + xulrunner-dev + * [8ecaec9] all packages need ${misc:Depends} as depends, if we use + debhelper + * [fc0dd78] dbg package must have section debug and priority extra + * [3a00f22] enable more config options and add build depends (filched from + iceape 2.0) + * [fd8e3ca] build against system sqlite if available + * [81165e1] build with 'export BUILD_OFFICIAL=1' + + -- Christoph Goehre <christoph.goehre@gmx.de> Thu, 03 Dec 2009 10:16:46 +0100 + +icedove-3.0 (3.0~b3~hg20090713r3057-1~gbp253e4ab) sid; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Tue, 14 Jul 2009 10:24:57 +0200 + +icedove-3.0 (3.0~b3~hg20090713r3057-1~gbpefd0706) sid; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Tue, 14 Jul 2009 10:24:50 +0200 + +icedove-3.0 (3.0~b3~hg20090713r3057-1~gbpfeeee47) sid; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Tue, 14 Jul 2009 10:11:10 +0200 + +icedove-3.0 (3.0~b3~hg20090505r2552-1~gbp595a0b7) sid; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Tue, 05 May 2009 18:03:25 +0200 + +icedove-3.0 (3.0~b3~hg20090427r2499-1~gbpbeb7cd6) sid; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Mon, 27 Apr 2009 20:05:51 +0200 + +icedove-3.0 (3.0~b3~hg20090427r2499-1~gbp80a8829) sid; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Mon, 27 Apr 2009 19:56:09 +0200 + +icedove-3.0 (3.0~b3~hg20090422r2448-1~gbpd4ee3b3) pkg-mozext; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Wed, 22 Apr 2009 09:14:54 +0200 + +icedove-3.0 (3.0~b3~hg20090421r2441-1~gbp66d9bed) pkg-mozext; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Tue, 21 Apr 2009 19:35:09 +0200 + +icedove-3.0 (3.0~b3~hg20090420r2424-1~gbp47b25b8) pkg-mozext; urgency=low + + * New snapshot. + + -- Guido Günther <agx@sigxcpu.org> Mon, 20 Apr 2009 11:28:56 +0200 + +icedove-3.0 (3.0~b3~hg20090418r2418+nobinonly-1~0~gbpa19783) pkg-mozext; urgency=low + + * Initial release + + -- Guido Günther <agx@sigxcpu.org> Sun, 19 Apr 2009 13:44:33 +0200 + +icedove (2.0.0.22-1.1) unstable; urgency=low + + * Non-maintainer upload. + * update /usr/lib/icedove/dictionaries symlink to point to + /usr/share/hunspell (closes: #549876) + * add $[shlibs:Depends} to iceape-dev + + -- Rene Engelhard <rene@debian.org> Mon, 09 Nov 2009 17:11:50 +0100 + +icedove (2.0.0.22-1) unstable; urgency=low + + * New upstream security/stability update (v2.0.0.21/v2.0.0.22) (Closes: 535124) + * MFSA 2009-33: Crash viewing multipart/alternative message with text/enhanced part + * MFSA 2009-32 aka CVE-2009-1841: JavaScript chrome privilege escalation + * MFSA 2009-29 aka CVE-2009-1838: Arbitrary code execution using event listeners + attached to an element whose owner document is null + * MFSA 2009-27 aka CVE-2009-1836: SSL tampering via non-200 responses to proxy + CONNECT requests + * MFSA 2009-24 aka CVE-2009-1832+CVE-2009-1831: Crashes with evidence of memory + corruption (rv:1.9.0.11) + * MFSA 2009-17 aka CVE-2009-1307: Same-origin violations when Adobe Flash loaded + via view-source: scheme + * MFSA 2009-14 aka CVE-2009-1303+CVE-2009-1302: Crashes with evidence of memory + corruption (rv:1.9.0.9) + * MFSA 2009-15 aka CVE-2009-0652: URL spoofing with box drawing character + * MFSA 2009-10 aka CVE-2009-0040: Upgrade PNG library to fix memory safety hazards + * MFSA 2009-09 aka CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain + redirect + * MFSA 2009-07 aka CVE-2009-0771,-0772,-0773,-0774: Crashes with evidence of memory + corruption (rv:1.9.0.7) + * MFSA 2009-01 aka CVE-2009-0352,CVE-2009-0353 Crashes with evidence of memory + corruption (rv:1.9.0.6) + * adjust patches to changed codebase + - update debian/patches/ubuntu-mail-app-xre-name + + -- Alexander Sack <asac@debian.org> Wed, 01 Jul 2009 12:18:03 +0200 + +icedove (2.0.0.19-1) unstable; urgency=medium + + * New upstream security/stability update (v.2.0.0.18/2.0.0.19) Closes: 505563 + 2.0.0.18: + * MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP + redirect + * MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via + __proto__ tampering + * MFSA 2008-52 aka CVE-2008-5017 - Crashes with evidence of memory + corruption (rv:1.9.0.4/1.8.1.18); Browser engine crash in "Firefox 2 + and 3" + * MFSA 2008-52 aka CVE-2008-5018 - Crashes with evidence of memory + corruption (rv:1.9.0.4/1.8.1.18); JavaScript engine crash - "Firefox 2 + and 3" + * MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in + nsFrameManager + * MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() + same-origin violation + * MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace + * MFSA 2008-59 aka CVE-2008-4582 - Script access to .documentURI and + .textContent in mail + 2.0.0.19: + * MFSA 2008-60 aka CVE-2008-5500 - Crashes with evidence of memory + corruption (rv:1.9.0.5/1.8.1.19); Layout engine crashes - Firefox 2 and 3 + * MFSA 2008-61 aka CVE-2008-5503 - Information stealing via + loadBindingDocument + * MFSA 2008-64 aka CVE-2008-5506 - XMLHttpRequest 302 response disclosure + * MFSA 2008-65 aka CVE-2008-5507 - Cross-domain data theft via script + redirect error message + * MFSA 2008-66 aka CVE-2008-5508 - Errors parsing URLs with leading + whitespace and control characters + * MFSA 2008-67 aka CVE-2008-5510 - Escaped null characters ignored by CSS + parser + * apply Maintainers, Uploaders changes done in 2.0.0.17 upload to + debian/control + - update debian/control + * adjust/refresh patches to changed upstream code + - update debian/patches/moz-app-name-as-mail-binary-name + - update debian/patches/autoconf2.13-rerun + + -- Alexander Sack <asac@debian.org> Sat, 03 Jan 2009 16:27:42 +0100 + +icedove (2.0.0.17-1) unstable; urgency=low + + * New upstream security/stability update (v.2.0.0.17), Closes: #500721 + * MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow + * MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() + same-origin violation + * MFSA 2008-41 aka CVE-2008-4058, CVE-2008-4059, CVE-2008-4060 - Privilege + escalation via XPCnativeWrapper pollution + * MFSA 2008-42 aka CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, + CVE-2008-4064 - Crashes with evidence of memory corruption + (rv:1.9.0.2/1.8.1.17) + * MFSA 2008-43 aka CVE-2008-4065, CVE-2008-4066 - BOM characters, low + surrogates stripped from JavaScript before execution + * MFSA 2008-44 aka CVE-2008-4067, CVE-2008-4068 - resource: traversal + vulnerabilities + * MFSA 2008-46 aka CVE-2008-4070 - Heap overflow when canceling newsgroup + message + + [ Michael Casadevall <sonicmctails@gmail.com> ] + * debian/control: + - Changed maintainer to Ubuntu Mozillateam + - Added Uploaders to the team + - Set DM-Upload-Allowed + - Bumped standards version to 3.8.0 + + [ Alexander Sack <asac@debian.org> ] + * Closes: #497491 - Icedove inappropriately sets file-/MIME-type + associations in .desktop database; we drop the Mime-Type= entry + from debian/icedove.desktop + - update debian/icedove.desktop + + -- Michael Casadevall <sonicmctails@gmail.com> Sat, 18 Oct 2008 09:07:20 -0400 + +icedove (2.0.0.16-1) unstable; urgency=low + + * New upstream security/stability update (v2.0.0.16) fixes: + * MFSA 2008-21 aka CVE-2008-2798 - Crashes with evidence of memory + corruption + * MFSA 2008-21 aka CVE-2008-2799 - Crashes with evidence of memory + corruption + * MFSA 2008-24 aka CVE-2008-2802 - Chrome script loading from fastload file + * MFSA 2008-25 aka CVE-2008-2803 - Arbitrary code execution in + mozIJSSubScriptLoader.loadSubScript() + * MFSA 2008-26 aka CVE-2008-0304 - (followup) Buffer length checks in MIME + processing + * MFSA 2008-29 aka CVE-2008-2807 - Faulty .properties file results in + uninitialized memory being used + * MFSA 2008-31 aka CVE-2008-2809 - Peer-trusted certs can use alt names to + spoof + * MFSA 2008-33 aka CVE-2008-2811 - Crash and remote code execution in block + reflow + * MFSA 2008-34 aka CVE-2008-2785 - Remote code execution by overflowing CSS + reference counter + + * Closes: #483938 - add .desktop file translations (contributed by Timo + Jyrinki <timo.jyrinki@iki.fi>) + - update debian/icedove.desktop + + (cherry pick rev77 from lp:~mozillateam/thunderbird/thunderbird.dev branch) + * drop patches applied upstream + - drop debian/patches/bz419350_attachment_306066.patch + - update debian/patches/series + + (cherry pick rev78 from lp:~mozillateam/thunderbird/thunderbird.dev branch) + * adjust patches diverged upstream + - update debian/patches/ubuntu-look-and-feel-report-a-bug-menuitem + + (cherry pick rev80 from lp:~mozillateam/thunderbird/thunderbird.dev branch) + * Closes: #489093 - add explicit -lfontconfig to linker flags used for gfx/ps + module to fix ftbfs in intrepid + - add debian/patches/bzXXX_ftbfs_fontconfig.patch + - update debian/patches/series + + -- Alexander Sack <asac@canonical.com> Thu, 24 Jul 2008 17:38:51 +0200 + +icedove (2.0.0.14-1) unstable; urgency=medium + + * Upstream stability/security release, fixes + + MFSA 2008-15 aka CVE-2008-1236 - Crashes with evidence of memory corruption + (rv:1.8.1.13) - browser engine + + MFSA 2008-15 aka CVE-2008-1237 - Crashes with evidence of memory corruption + (rv:1.8.1.13) - javascript engine + + MFSA 2008-14 aka CVE-2008-1233, CVE-2008-1234, CVE-2008-1235 - JavaScript + privilege escalation and arbitrary code execution + * update debian/remove.nonfree script to pull branding from bzr branch hosted + at https://code.edge.launchpad.net/~mozillateam/thunderbird/icedove-branding-2.0.0.x + - update debian/remove.nonfree + * fix fallback https handler by adding pref("network.protocol-handler.app.https", + "x-www-browser") to default system preference file. (Closes: #460954) + - update debian/icedove.js + * drop patches applied upstream: + - delete debian/patches/bz399589_fix_missing_symbol_with_new_nss.patch + - update debian/patches/series + * fix broken reply-to-list extension (Closes: #439369) + - add debian/patches/replytolist_2.x.patch + - update debian/patches/series + * fix ftbfs on ia64 (Closes: #477281) + - add debian/patches/bz419350_attachment_306066.patch + - update debian/patches/series + * drop forced use of gcc/g++ 4.2 and use default compiler again; in turn we + drop gcc-4.2 and g++-4.2 from Build-Depends + - update debian/control + - update debian/rules + + -- Alexander Sack <asac@debian.org> Fri, 09 May 2008 17:57:55 +0200 + +icedove (2.0.0.12-1) unstable; urgency=low + + * New Upstream stability/security release, fixes various advisories: + + CVE-2008-0416 aka MFSA 2008-13 Multiple XSS vulnerabilities from + character encoding + + CVE-2008-0304 aka MFSA 2008-12 Heap buffer overflow in external MIME + bodies + + CVE-2008-0418 aka MFSA 2008-05 Directory traversal via chrome: URI + + CVE-2008-0415 aka MFSA 2008-03 Privilege escalation, XSS, Remote Code + Execution + + CVE-2008-0412 and CVE-2008-0413 aka MFSA 2008-01 Crashes with evidence + of memory corruption (rv:1.8.1.12) - layout and javascript + * Fix severe problems for powerpc architecture, by reverting arch-detect + patch to introduce special behaviour only when FORCE_USE_HOST_OS is set in + environment. For now only s390 is special cased in rules - as thats the + architecture we introduced this patch for (Closes: #461981). + - update debian/rules + - debian/patches/arch-detect + * fix "FTBFS with libnss3-dev=3.12.0~beta2-1" by introducing symbols not + exported by new nss anymore. Reuse thunderbird patch from ubuntu. + (Closes: #470128) + - added debian/patches/bz399589_fix_missing_symbol_with_new_nss.patch + - update debian/patches/series + * add Vcs-Bzr: header to control pointing to the mozillateam packaging + branch https://code.launchpad.net/~mozillateam/thunderbird/icedove-2.0.0.x + - update debian/control + * introduce .autoreg feature and touch /usr/lib/icedove/.autoreg in + icedove-gnome-support.postinst and icedove-gnome-support.prerm iif that + file exists. + - update debian/rules + - added debian/icedove-gnome-support.postinst + - added debian/icedove-gnome-support.prerm + * Adjust multiple patches because of changed upstream code base + - update debian/patches/ubuntu-mail-app-xre-name + - update debian/patches/autoconf2.13-rerun + + -- Alexander Sack <asac@debian.org> Sat, 05 Apr 2008 23:05:11 +0200 + +icedove (2.0.0.9-3) unstable; urgency=low + + * drop network.protocol-handler.external.http setting as it caused + regressions (Closes: 459564) + - update debian/icedove.js + + -- Alexander Sack <asac@debian.org> Wed, 09 Jan 2008 18:56:28 +0100 + +icedove (2.0.0.9-2) unstable; urgency=low + + * pass host arch information to configure and trust the supplied architecture + information. Thanks to Bastian Blank. (Closes: 445959) + - update debian/rules + - add debian/patches/arch-detect + - update debian/patches/autoconf2.13-rerun + - update debian/patches/series + * use /usr/lib/icedove/icedove as gnome integration command used to update + gconf protocol handler. (Closes: 452919) + - add debian/patches/icedove_gnome_command + - update debian/patches/series + * prefer gnome registry to lookup protocol handler if we are in a gnome + session; in turn we enable x-www-browser as the http protocol by default + (Closes: 452882) + - add debian/patches/prefer_gnome_registry_in_gnome_session + - update debian/patches/series + - update debian/icedove.js + + -- Alexander Sack <asac@debian.org> Sun, 30 Dec 2007 20:21:26 +0100 + +icedove (2.0.0.9-1) unstable; urgency=medium + + * new upstream stability/security update (v2.0.0.9): + - MFSA 2007-36 aka CVE-2007-4841: "URIs with invalid %-encoding mishandled + by Windows" + - MFSA 2007-29 aka CVE-2007-5339: "Crashes with evidence of memory + corruption (rv:1.8.1.8) - browser engine" + - MFSA 2007-29 aka CVE-2007-5340: "Crashes with evidence of memory + corruption (rv:1.8.1.8) - javascript engine" + * adapt adapt patches to new upstream codebase: + - drop debian/patches/bz389801_deb443454_fix_gtk_theme_crashes.patch + - update debian/patches/68_mips_performance.dpatch + - update debian/patches/series + - update debian/patches/autoconf2.13-rerun + * fix ftbfs due to changed cairo pc Requires: (Closes: 453179) + - add debian/patches/bz344818_att264996.patch + - update debian/patches/autoconf2.13-rerun + - update debian/patches/series + * add copyright file (Closes: 453365) + - add debian/copyright + * quote some if test ! ... lines to fix preinst errors (Closes: 427336) + - update debian/icedove.preinst + * update icedove menu section - use "Applications/Network/Communication" + (Closes: 444903) + - update debian/icedove.menu + * don't try to install debian/tmp/usr/lib/icedove/defaults/isp as its not + shipped by make install anymore + - update debian/icedove.install + + -- Alexander Sack <asac@ubuntu.com> Fri, 28 Dec 2007 16:05:05 +0100 + +icedove (2.0.0.6-1) unstable; urgency=low + + * new upstream release 2.0.0.6-1 fixes various security issues + (Closes: #444010): + - MFSA 2007-18 aka CVE-2007-3734, CVE-2007-3735 - Crashes with evidence of + memory corruption (rv:1.8.1.5). + - MFSA 2007-23 aka CVE-2007-3670 - Remote code execution by launching + Firefox from Internet Explorer (doesn't apply to linux). + - MFSA 2007-26 aka CVE-2007-3844 - Privilege escalation through + chrome-loaded about:blank windows. + - MFSA 2007-27 aka # CVE-2007-3845 - Unescaped URIs passed to external + programs. + * debian/patches/debian/patches/credits-rebranding: refresh patch because of + code-base change in new upstream release. + * debian/patche/bz389801_deb443454_fix_gtk_theme_crashes.patch,series: + import fix for theme crashes from bugzilla (Closes: 443454). + + -- Alexander Sack <asac@debian.org> Mon, 08 Oct 2007 12:09:42 +0000 + +icedove (2.0.0.4.dfsg1-2) unstable; urgency=low + + * debian/patches/autoconf2.13-rerun: rerun to apply last commits + configure.in patch addition to configure. + * debian/patches/force-no-pragma-visibility-for-gcc-4.2_4.3, + debian/patches/series: don't use pragma for visibility as visibility + hints are not perfect yet in mozilla code base. + * debian/icedove.desktop: drop explicit .png extension from desktop icon name + * debian/icedove.desktop, debian/icedove.links, debian/icedove.menu: fix various + icon issues, by using /usr/share/icedove/icons/default.png instead of + mozicon128.png as source for standard icedove pixmaps link + (Closes: #427076, #437064, #437090). + * debian/control, debian/rules: use gcc-4.2 and g++-4.2 on all archs; add gcc-4.2 + and g++-4.2 to build-depends in control file. + * debian/icedove.links: provide usr/share/icedove/chrome/icons/default/messengerWindow16.png + as a link to usr/share/icedove/icons/mozicon16.png (Closes: #427723). + * debian/icedove.install, debian/icedove.links: install isp directories + /usr/share/icedove/isp and /usr/share/icedove/defaults/isp and link them to + pkglibdir accordingly (Closes: #428421). + + -- Alexander Sack <asac@debian.org> Mon, 27 Aug 2007 23:48:53 +0200 + +icedove (2.0.0.4.dfsg1-1) unstable; urgency=low + + * debian/remove.nonfree: update list of non-free/binary-only file from + latest iceape updates" debian/remove.nonfree; update orig + tarball accordingly. (Closes: 400340) + * debian/control[.in]: icedove package now provides mail-reader, + imap-client, news-reader instead of www-browser (Closes: 425167) + + -- Alexander Sack <asac@ubuntu.com> Tue, 19 Jun 2007 15:00:12 +0200 + +icedove (2.0.0.4-1) unstable; urgency=low + + * stability/security upstream release 2.0.0.4 + - CVE-2007-2867 aka MFSA 2007-12 (l): Crashes with evidence of memory + corruption (rv:1.8.0.12/1.8.1.4) - layout engine + - CVE-2007-2868 aka MFSA 2007-12 (j): Crashes with evidence of memory + corruption (rv:1.8.0.12/1.8.1.4) - javascript engine + - CVE-2007-1558 aka MFSA 2007-15: Security Vulnerability in APOP + Authentication + * debian/patches/gcc-workaround-visibility-hidden, debian/patches/series: + applied upstream -> dropped visibility workaround patch + * debian/patches/gnome-mime-handling: updated patch for bz273524 in + response to upstream landing of bz373955 + * debian/patches/autoconf-regen: rerun autoconf accordingly + * debian/patches/82_prefs.dpatch|series: import default font fixes + from xulrunner 1.8.1.4-1 patchset (thanks to Mike Hommey + <glandium@debian.org>) + * debian/control[.in]: libnss3-dev build-depend is now versioned + (Closes: 429202) + + -- Alexander Sack <asac@debian.org> Mon, 18 Jun 2007 16:50:34 +0200 + +icedove (2.0.0.0-4) unstable; urgency=low + + * One that fix them all release - maybe. + * fix symlinks for chrome/greprefs/defaults in .preinst + (Closes: 425390, 425438, 425476, 425479, 425550, 425552, 425559, 425564, 425672, 425727, 426019) + * debian/control[.in]: fix section -> s/web/mail/ + + -- Alexander Sack <asac@debian.org> Fri, 1 Jun 2007 13:13:13 +0200 + +icedove (2.0.0.0-3) unstable; urgency=low + + * fixing links in preinst (Closes: 424963, 425061, 425223) + greprefs, chrome and defaults need to point to + /usr/share/icedove/* + * drop searchplugin link which even had a typo :) + * debian/icedove.menu: ship debian menu entry + (Closes: 425224) + + -- Alexander Sack <asac@debian.org> Sat, 20 May 2007 16:48:00 +0200 + +icedove (2.0.0.0-2) unstable; urgency=low + + * adding icedove-dbg package + + -- Alexander Sack <asac@debian.org> Sat, 19 May 2007 17:33:00 +0200 + +icedove (2.0.0.0-1) unstable; urgency=low + + * icedovising + * add debian/remove.nonfree + * set upstream application fixed to 'thunderbird' in update-orig, + so you can just drop thunderbird tarball and produce new orig + * fix debian/control.in, drop transition packages. update debian/control + for these modifications. + * no autogen of configure and debian/control for release + + -- Alexander Sack <asac@debian.org> Thu, 17 May 2007 14:00:00 +0200 + +thunderbird (1.99.rc1+2.0-1) feisty; urgency=low + + * branch firefox-trunk package for 2.0 thunderbird package + * debian/control.in, debian/control: add transition packages: + mozilla-thunderbird, mozilla-thunderbird-dev; disable dom-inspector + package as there is nearly no hope that it ever will get maintained + upstream again. + * debian/rules: remove inspector extension from configure; add excludes + to dh_install of thunderbird and thunderbird-dev package: + - + DEB_DH_INSTALL_ARGS_thunderbird := -Xgnome -Ximgicon -Xmozlibthai + DEB_DH_INSTALL_ARGS_thunderbird-dev := -Xnspr -Xnss + + -- Alexander Sack <asac@ubuntu.com> Wed, 18 Apr 2007 13:35:34 +0200 + +icedove (1.5.0.10.dfsg1-3) unstable; urgency=low + + * debian/icedove*.xpm updated to use correct icon + (Closes: 413976, 416476) + * debian/patches/25_gnome_helpers_with_params.dpatch: + Make helper applications with parameters work (bz#273524); + this is an improved version of bugzilla patch by Mike Hommey + <glandium@debian.org> + + -- Alexander Sack <asac@debian.org> Wed, 28 Mar 2007 21:55:08 +0200 + +icedove (1.5.0.10.dfsg1-2) unstable; urgency=low + + * debian/tmpls-typeaheadfind/install.rdf: fix version depends of + typeaheadfind (Closes: 413770) + + -- Alexander Sack <asac@debian.org> Wed, 7 Mar 2007 13:13:13 +0100 + +icedove (1.5.0.10.dfsg1-1) unstable; urgency=low + + * new upstream release fixing security issues: + - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow + Vulnerability + - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow + Vulnerability + - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01: + Crashes with evidence of memory corruption + * 91_credits_icedove.dpatch: dump new xml entities from + credits dialog (Closes: 404984, 412423) + * 50_kbsd_nspr.dpatch, 50_kbsd.dpatch: adapt kbsd patches to apply to + latest upstream code-base + + [ Christian Perrier <bubulle@debian.org>] + + * Rewrite debconf templates to fit the current Developer's Reference + recommendations + * Correct the name of the debconf templates file in debian/po/POTFILES.in + Closes: #407220 + * Debconf translations: + - Bulgarian added. Closes: #410627 + - Basque updated. Closes: #410633 + - German updated. Closes: #410672 + - Catalan updated. Closes: #410676 + - Spanish updated. Closes: #410709 + - Galician updated. Closes: #410720, #407944 + - Japanese updated. Closes: #410753 + - Tamil added. Closes: #410892 + - Portuguese updated. Closes: #409562 + - Vietnamese updated. + - Malayalam added. Closes: #408109 + - Russian updated. Closes: #411064, #405741 + - Swedish. Closes: #410632 + - Polish. Closes: #411302 + - Fix typo in Italian translation. Closes: #363806 + - Romanian. Closes: #411361 + - Czech. Closes: #411409 + - Danish. Closes: #411402 + - Dutch. Closes: #411406 + - Italian. Closes: #411452 + - Brazilian Portuguese. Closes: #411538 + - Korean. Closes: #411624, #411581 + - Malayalam. Closes: #411647 + - Finnish. Closes: #411765 + + -- Alexander Sack <asac@debian.org> Fri, 23 Feb 2007 09:00:00 +0100 + +icedove (1.5.0.10.dfsg1-1.1) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - Italian fixed. Closes: #363806 + - Russian added. Closes: #405741 + - Galician added. Closes: #407944 + - Malayalam added. Closes: #408109 + - Portuguese updated. Closes: #409562 + + -- Christian Perrier <bubulle@debian.org> Tue, 6 Feb 2007 06:55:08 +0100 + +icedove (1.5.0.9.dfsg1-1) unstable; urgency=high + + * new upstream version, fixes various security issues: + - CVE-2006-6497 mfsa2006-68 layout engine + - CVE-2006-6498 mfsa2006-68 javascript engine + - CVE-2006-6499 mfsa2006-68 floating point + - CVE-2006-6500 mfsa2006-69 + - CVE-2006-6501 mfsa2006-70 + - CVE-2006-6502 mfsa2006-71 + - CVE-2006-6503 mfsa2006-72 + - CVE-2006-6504 mfsa2006-73 + - CVE-2006-6505 mfsa2006-74 + - CVE-2006-6506 mfsa2006-75 + - CVE-2006-6507 mfsa2006-76 + * landing icedove artwork contributed by Ricardo Fernández + <unicko2000@yahoo.es>; svgs are in debian/branding. xpms and some + pngs are generated with rsvg-convert and convert -> adding + build-depends to librsvg2-bin, imagemagick + * including es.po translation contributed by Felipe Caminos + <felipem@gigared.com> (Closes: 402928) + * updateing pt_BR.po provided by André Luís Lopes + <andrelop@debian.org> (Closes: 403827) + * adapting credits dialog and Icedove Motto in 91_credits_icedove.dpatch + * fix bad link in icedove manpage (icedove.sgml) (Closes: 398344) + * rebranding install.rdf of default theme for icedove in + 91_rebranding_theme.dpatch (Closes: 393134) + * adapt README.Debian to new icedove directories and name + * clean old/not-needed files from debian/ directory: + theme.part.defaultclassic, mail-jar.mn, messenger_jar_includes.csv + * disabling patch: 99_bz360409_deb400383, which is applied + upstream now. + + -- Alexander Sack <asac@debian.org> Tue, 19 Dec 2006 12:00:00 +0100 + +icedove (1.5.0.8.dfsg1-1) unstable; urgency=medium + + * removing all currently known non-free and sourceless binaries + from source package by running the script included for + reference in debian/remove.nonfree from the gnuzilla project + (Closes: 400340) + * added upstream approved quickfix for grave bug in + debian/patches/99_bz360409_deb400383.dpatch (Closes: 400383) + * last chance kbsd upload ... reenabling kbsd patch with fix + by Petr Salinger <Petr.Salinger@seznam.cz> (Closes: 399692) + * remove missed non-free icons from + debian/fhunderbird-branding.tmpl/ : background.png.uu, disk.icns.uu + + -- Alexander Sack <asac@debian.org> Sun, 26 Nov 2006 19:00:00 +0100 + +icedove (1.5.0.8-3) unstable; urgency=low + + * disable kbsd patches in 00list because they appear to break + build on other platforms. In consequence, 399692 and 363865 + will be reopened. Reenable 90_ppc64-build-fix (Closes: 400090) + + -- Alexander Sack <asac@debian.org> Mon, 22 Nov 2006 15:10:00 +0100 + +icedove (1.5.0.8-2) unstable; urgency=low + + * fix mozilla.in for real (for transitional thunderbird link + (Closes: 393123, 398037) + * apply basque debconf translation (eu.po) for real + (Closes: 398468) + * included nl.po provided by Nick Niktaris <niktaris@knoppel.org> + renaming as icedove first (Closes: 378360) + * include greek translation in icedove.desktop provided by + Nick Niktaris <niktaris@knoppel.org> (Closes: 384359) + * include updated de.po translation provided by + Alwin Meschede <ameschede@gmx.de> (Closes: 399083) + * apply FTBFS on GNU/kFreeBSD porters patch provided by + Petr Salinger <Petr.Salinger@seznam.cz> (Closes: 399692), + which is claimed to provide a fix for ppc64 ftbfs too + (Closes: 363865) + * remove debug echo from icedove.preinst (Closes: 399723) + + -- Alexander Sack <asac@debian.org> Mon, 21 Nov 2006 19:35:00 +0100 + +icedove (1.5.0.8-1) unstable; urgency=medium + + * new upstream version fixes various security issues + * added transition package: thunderbird-gnome-support + -> icedove-gnome-support as well as thunderbird-dbg + -> icedove-dbg (Closes: 393105) + * fix typo in postinst to fix browser integration scheme + recognition as selected by debconf (Closes: 393765, 398427) + * apply patch by Ted Percival <ted@midg3t.net> to fix broken + transitional thunderbird symlink (Closes: 393123, 398037) + * apply patch by Andre Lehovich <andrel@yahoo.com> that fixes + icedove package description typos (Closes: 398468) + * add basque debconf translation (eu.po) provided by Piarres + Beobide <pi@beobide.net> (Closes: 398719) + * remove non-free rfc files from source tarball (Closes: 395095) + + -- Alexander Sack <asac@debian.org> Wed, 15 Nov 2006 18:00:00 +0100 + +icedove (1.5.0.7-3) unstable; urgency=medium + + * unbrand thunderbird mail -> Icedove Mail/News due + to trademark issues (Closes: 354622) + + -- Alexander Sack <asac@debian.org> Thu, 12 Oct 2006 13:00:00 +0100 + +thunderbird (1.5.0.7-2) unstable; urgency=low + + * go through new upload ... reenable thunderbird-dbg + * increase reference count for fontconfig charset + 91_fontconfig_reference_increment_388739 (Closes: 388739) + + -- Alexander Sack <asac@debian.org> Wed, 27 Sep 2006 02:00:00 +0100 + +thunderbird (1.5.0.7-1) unstable; urgency=high + + * disabled new package to avoid queue new: thunderbird-dbg + * new upstream release fixes security issues: + + MFSA 2006-64 - CVE-2006-4571 + + MFSA 2006-63 - CVE-2006-4570 + + MFSA 2006-62 - CVE-2006-4569 + + MFSA 2006-61 - CVE-2006-4568 + + MFSA 2006-60 - CVE-2006-4340 (related to CVE-2006-4339) + + MFSA 2006-59 - CVE-2006-4253 + + MFSA 2006-58 - CVE-2006-4567 + + MFSA 2006-57 - CVE-2006-4565, CVE-2006-4566 + * disable patch 90_gcc-extern-fix, because it has been pulled in upstream + * disable 91_271815.overthespot.v1.2, because applied upstream + + -- Alexander Sack <asac@debian.org> Fri, 15 Sep 2006 16:00:00 +0100 + +thunderbird (1.5.0.5-2) unstable; urgency=low + + * new package: thunderbird-dbg + + improve configure options + + enable svg + + use debian build options to determine optimization flags + * added build depends on libcairo-dev + + -- Alexander Sack <asac@debian.org> Sat, 12 Aug 2006 15:00:00 +0100 + +thunderbird (1.5.0.5-1) unstable; urgency=high + + * new upstream release fixes various security flaws: + + MFSA 2006-44, CVE-2006-3801 + + MFSA 2006-46, CVE-2006-3113 + + MFSA 2006-47, CVE-2006-3802 + + MFSA 2006-48, CVE-2006-3803 + + MFSA 2006-49, CVE-2006-3804 + + MFSA 2006-50, CVE-2006-3805, CVE-2006-3806 + + MFSA 2006-51, CVE-2006-3807 + + MFSA 2006-52, CVE-2006-3808 + + MFSA 2006-53, CVE-2006-3809 + + MFSA 2006-54, CVE-2006-3810 + + MFSA 2006-55, CVE-2006-3811 + * including patch 91_271815.overthespot.v1.2.dpatch + (Closes: 379936, 363814) + * improve manpage: Document -g, --debug options (Closes: 381096) + * update for ja.po, contributed by Kenshi Muto <kmuto@debian.org> + (Closes: 379946) + * update for pt.po, contributed by Rui Branco <ruipb@debianpt.org> + (Closes: 381444) + * Provide virtual package news-reader (Closes: 363834) + * Apply patch which introduces ReplyToList MessageType. This is + the base to allow extensions that provide ReplyToList button to + get installed. Thanks to Armin Berres <trigger@space-based.de> + for pointing out this unintrusive patch. (Closes: 381273) + * fix README.Debian for firefox integration as well as example of + global pref.js (firefox.js.tmpl) (Closes: 363723) + * further improvements for README.Debian + * fix gnome integration program path in a hard-coded fashion + in 91_gnome_path_fix.dpatch (Closes: 365610) + + -- Alexander Sack <asac@debian.org> Sat, 12 Aug 2006 15:00:00 +0100 + +thunderbird (1.5.0.4-3) unstable; urgency=critical + + * fixing gcc-4.1 ftbfs (Closes: 377176) + * improved manpage by Bastian Kleineidam <calvin@debian.org> + documenting -safe-mode option (Closes: 370254) + * include *no xgot* patch for mips/mipsel contributed by + Thiemo Seufer <ths@networkno.de> (Closes: 374882) + + -- Alexander Sack <asac@debian.org> Thu, 13 Jul 2006 15:00:00 +0100 + +thunderbird (1.5.0.4-2) unstable; urgency=critical + + * fix version in install.rdf for inspector and + typeaheafind (Closes: 374382) + * (last one was a new upstream release fixing + various security issues (Closes: 373878, 373553) + * urgency=critical + + -- Alexander Sack <asac@debian.org> Mon, 19 Jun 2006 10:00:00 +0100 + +thunderbird (1.5.0.4-1) unstable; urgency=low + + * new upstream release fixing various security issues: + MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8 pages + MFSA 2006-40, CVE-2006-2781: Double-free on malformed VCard + MFSA 2006-38, CVE-2006-2778: Buffer overflow in crypto.signText() + MFSA 2006-37, CVE-2006-2776: Remote compromise via content-defined + setter on object prototypes + MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL persist + MFSA 2006-33, CVE-2006-2786: HTTP response smuggling + MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with + potential memory corruption + MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy Autoconfig, + Greasemonkey) + * build depends: + + xorg-dev -> libx11-dev, libxt-dev, libxinerama-dev, + libxft-dev, libfreetype6-dev, libxrender-dev + + removed binutils, coreutils and po-debconf + * enable xinerama in debian/rules + * fixed lintian errors: + + do not depend on xorg dev meta package + + debhelper depend is now versioned + + changed package description(s) to not start with 'thunderbird' + + -- Alexander Sack <asac@debian.org> Tue, 23 May 2006 15:00:00 +0100 + +thunderbird (1.5.0.2-3) unstable; urgency=low + + * patch-robbery from firefox package: + + removed old mips and arm patches + + added 50_arch_arm_fix + + added 50_arch_alpha_fix + + added 50_arch_m68k_fix + + added 50_arch_mips_Makefile_fix + + added 50_arch_mips_fix (Closes: 357755) + + added 50_arch_parisc_Makefile_fix + + added 50_arch_parisc_fix + * included install.rdf for default theme in extensions dir + (Closes: 363956) + * removed chrome.d locales.d extensions.d from var/lib/thunderbird + + -- Alexander Sack <asac@debian.org> Tue, 16 May 2006 19:45:00 +0100 + +thunderbird (1.5.0.2-2) unstable; urgency=critical + + * debian/thunderbird.sgml. Greatly improved manpage for thunderbird, + thanks to Sam Morris <sam@robots.org.uk> for contributing this + (Closes: 361069) + * add missing build depend to sharutils to fix ftbfs (Closes: 365539) + * fix gnome-support package removing gnome dependencies from + pure thunderbird package. + * set urgency to critical which I forgot to set properly + for the last upload + + -- Alexander Sack <asac@debian.org> Sat, 29 Apr 2006 14:00:00 +0100 + +thunderbird (1.5.0.2-1) unstable; urgency=low + + * removed enable xprint in order to build after X11R7 transition. + * removed xprint recommends from control file. + * 91_fontsfix_359763.dpatch: fix for 'thunderbird shows text illegibly' + for some encodings. (Closes: 359763) + * myspell is now depends (Closes: 357623) + * (re-)including 10_mips_optimization_patch + * debian/patches/90_ppc64-build-fix.dpatch: patch for + 'FTBFS (ppc64)', thanks to Andreas Jochens <aj@andaco.de> + for adding the final patch to the report. (Closes: 361036) + * Thanks to Bastian Kleineidam <calvin@debian.org> for + contributing: + * Standards version 3.6.2.1 + * Use debhelper v5 with debian/compat + * Remove unneeded thunderbird.conffiles now that debhelper v5 is used + * Remove CVS directories in debian/ + * Fix debian/changelog syntax errors, and convert to UTF-8 + * Fix bashism in debian/thunderbird.postrm, using 2> instead of &>. + * Add ${misc:Depends} to thunderbird* dependencies, fixing a missing + dependency on debconf + * Move db_input commands from postinst into a separate thunderbird.config + file. + * distinct gnome-support package added. adds a good bunch + of gnome build depends to allow module linking against + gnome libs. + * added new fhunderbird-branding in debian/fhunderbird-branding.tmpl + (Closes: 358198) + * use only one profile directory in configure + (Closes: 358378) + * Various security issues are fixed in this release. Namely: + CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 + CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 + CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 + CVE-2006-1731 CVE-2006-1724 CVE-2006-0884 CVE-2006-1730 + CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-1045 + CVE-2006-0748 CVE-2006-1726 CVE-2006-1725 CVE-2005-2353 + CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 + CVE-2006-0292/CVE-2006-0293 (Closes: 349242) + CVE-2006-0294 CVE-2006-0295 CVE-2006-0296 CVE-2006-0297 + CVE-2006-0298 CVE-2006-0299 + + -- Alexander Sack <asac@debian.org> Thu, 20 Mar 2006 21:00:00 +0100 + +thunderbird (1.5-4) unstable; urgency=low + + * great package renaming release: mozilla-thunderbird -> thunderbird + * removed not maintained and not needed update-mozilla-thunderbird + facilities. Extensions/locales etc. don't need to call this anymore + in order to install themselves globally. + * added -fno-strict-aliasing -fno-unsigned-char as parameters to build + * patch: 10_visibility_hidden_patch.dpatch - by Adam Conrad + * new upstream version fixes various bugs + (Closes: 288601, 291912, 295662) + * included new fr.po translation by Mohammed Adnène Trojette + <adn+deb@diwi.org> (Closes: 323367) + * included new cs.po translation by Jan Outrata + <outrataj@upcase.inf.upol.cz> (Closes: 321736, 335354) + * included new pt.po translation by Traduz! <traduz@debianpt.org> + (Closes: 348440) + * included new da.po translation by Claus Hindsgaul <claus_h@image.dk> + (Closes: 350687) + * added intl.locale.matchOS, true to debian/global-config.js instead + of hacking startup script + + -- Alexander Sack <asac@debian.org> Tue, 28 Feb 2006 15:00:00 +0100 + +mozilla-thunderbird (1.5-2) experimental; urgency=low + + * reenable patch 20_mailnews_mime_makefile_in.dpatch + to export proper headers to -dev package for enigmail + * last upload with old package name + + -- Alexander Sack <asac@debian.org> Thu, 12 Jan 2006 15:00:00 +0100 + +mozilla-thunderbird (1.5-1) experimental; urgency=low + + * experimental upload of 1.5 (Closes: 348007) + * major package housekeeping + + removed extension template pieces + + bye -offline extension release - this is now completely + integrated in thunderbird default install + + disable all patches ... but those that are obviously + needed - please shout if you got struck by a regression + due to this :). + + use upstream startup script in the hope that they + did fix it! + + branding removed again. Keep it white labeled - for + now. + + -- Alexander Sack <asac@debian.org> Thu, 12 Jan 2006 15:00:00 +0100 + +mozilla-thunderbird (1.0.7-3) unstable; urgency=high + + * apply backported patch for amd64 (Closes: 332481,332484) + Thanks to Martin Sarsale <martin@malditainternet.com> + for testing and preparing the patch + + debian/patches/91_gcc4_imgLoader.fix.dpatch + * updated vietnam translation contributed by Clytie Siddall + <clytie@riverland.net.au> (Closes: 324224) + * added swedish translation contributed by Daniel Nylander + <yeager@lidkoping.net> (Closes: 331606) + + -- Alexander Sack <asac@debian.org> Mon, 17 Oct 2005 23:30:00 +0100 + +mozilla-thunderbird (1.0.7-2) unstable; urgency=high + + * still high to indicate that security bugs have not been + fixed in etch. + * apply debian/patches/90_xptcinvoke_arm.dpatch to fix ftbfs on + arm/sid + + -- Alexander Sack <asac@debian.org> Mon, 10 Oct 2005 19:00:00 +0100 + +mozilla-thunderbird (1.0.7-1) unstable; urgency=high + * MFSA-2005-57: IDN heap overrun + Summary: Tom Ferris reported a Firefox crash when processing a domain + name consisting solely of soft-hyphen characters. + Closes: - + CVE-Ids: CAN-2005-2871 + Bugzilla: 307259 + Issues addressed: + + CAN-2005-2871 - IDN heap overrun + * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities + Summary: Fixes for multiple vulnerabilities with an overall severity + of "critical" have been released in Mozilla Firefox 1.0.7 and + the Mozilla Suite 1.7.12 + Closes: - + CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 + CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 + Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261 + 306804 291178 300853 301180 302100 + Issues addressed: + + CAN-2005-2701 - Heap overrun in XBM image processing + + CAN-2005-2702 - Crash on "zero-width non-joiner" sequence + + CAN-2005-2703 - XMLHttpRequest header spoofing + + CAN-2005-2704 - Object spoofing using XBL <implements> + + CAN-2005-2705 - JavaScript integer overflow + + CAN-2005-2706 - Privilege escalation using about: scheme + + CAN-2005-2707 - Chrome window spoofing + + Regression fixes + * MFSA-2005-59: Command-line handling on Linux allows shell execution + -> was addressed in 1.0.6-4 already. Reverting upstream changes + to mozilla/mail/mozilla.in by copying debian/mozilla.in_1.0.6 over + to allow our patches to still apply. debian/patches/01_old_mozilla.in.dpatch + + -- Alexander Sack <asac@debian.org> Sat, 1 Oct 2005 17:00:00 +0100 + +mozilla-thunderbird (1.0.6-4) unstable; urgency=high + + * now using bash to overcome possible security flaws of + our thunderbird start script (mozilla-thunderbird). Patch + by Florian Weimer <fw@deneb.enyo.de> + debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667) + * added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch + to build on alpha, arm, and ia64 that now uses + __attribute__((used)) instead of ((unused)) by + Steve Langasek <vorlon@debian.org> + (Closes: 325536) + * fix debsums error reported by Y Giridhar Appaji Nag + <debian@appaji.net>. Now removing files in postrm. + Further moved /usr/lib/mozilla-thunderbird/chrome/chrome.rdf + to the /var/... adding a link to the new location. + (Closes: 292475) + * added depends for system libs: mng, png, jpeg to not build with + unmaintained image included libs. + * modified 21_mozilla_in-patch.dpatch to recognize -mail as a -compose + alias. This makes thunderbird work well with current gnome default + mailto: command for thunderbird. Thanks to Sam Morris <sam@robots.org.uk> + for the workaround patch (Closes: 330168) + * still work left: fix window.open(); overlay problem. + added rejar-chrome.sh <jarbasename> util script below debian. It + rejars .jar files by extracting paths given in + <jarbasename>_jar_includes.csv from the <jarbasename>.jar zip file + and zipping only those files to a new jar file again. Anyway, still + broken, thus disabled for this build. + (See: 306522) + + -- Alexander Sack <asac@debian.org> Mon, 23 Sep 2005 17:00:00 +0100 + +mozilla-thunderbird (1.0.6-3) unstable; urgency=low + + * remove gcc-3.4 from amd64 build ... this time for sure + (Closes: 320723) + * remove special optimization flags for other archs too + + -- Alexander Sack <asac@debian.org> Mon, 2 Aug 2005 17:00:00 +0100 + +mozilla-thunderbird (1.0.6-2) unstable; urgency=low + + * remove gcc-3.4 from amd64 build (Closes: 320723) + * added arabic po translation by Mohammed Adnène Trojette + <adn+deb@diwi.org> (Closes: 320771) + + -- Alexander Sack <asac@debian.org> Mon, 1 Aug 2005 17:00:00 +0100 + +mozilla-thunderbird (1.0.6-1) unstable; urgency=high + + * GCC/G++ 4.0 API transition upload. + * include 90_new_freetype_fix.dpatch to fix new freetype API + (Closes: 301481, 301481) - consumed from mozilla-firefox packages ... + thx to Eric Dorland <eric@debian.org> + * include 90_gcc4_fix.dpatch + * fixes multiple security bugs (Closes: 318728) + CAN-2005-2270: Code execution through shared function objects + CAN-2005-2269: XHTML node spoofing + CAN-2005-2266: Same origin violation: frame calling top.focus() + CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo() + CAN-2005-2261: XML scripts ran even when Javascript disabled + CAN-2005-1532: Privilege escalation via non-DOM property overrides + CAN-2005-1160: Privilege escalation via DOM property overrides + CAN-2005-1159: Missing Install object instance checks + CAN-2005-0989: Javascript "lambda" replace exposes memory contents + * fix gdk_property_get problem that might cause a segfault (Closes: 317937) + patch by Loic Minier <lool@dooz.org> + debian/patches/gdk_property_get.dpatch + * fix CAN-2005-2353: insecure tmp file usage in run-mozilla.sh (Closes: 306893) + debian/patches/20_run-mozilla_sh_306893_fix.dpatch + * include german de.po translation (Closes: 318747) + by Alwin Meschede <ameschede@gmx.de> + * fixed whitespace in mozilla-thunderbird.templates (Closes: 308961) + hint by Clytie Siddall <clytie@riverland.net.au> + * apply fix for seamonkey migration crash (Closes: 285728) + 90_mail_components_miration_src_nsSeamonkeyProfileMigrator_cpp + * fix 'find' in update-mozilla-thunderbird-chrome (Closes: 315588) + patch by Michael Spang <mspang@twcny.rr.com> + + -- Alexander Sack <asac@debian.org> Thu, 21 Jul 2005 21:00:00 +0100 + +mozilla-thunderbird (1.0.2-3) unstable; urgency=high + + * last maybe sarge upload with urgency high, contains only + translations (po files + gnome .desktop file lines) + + cs translation by Jan Outrata <outrataj@upcase.inf.upol.cz> + (Closes: 309023) + + fi translation by Matti Pöllä <mpo@iki.fi> + (Closes: 303805) + + ja translation by Kenshi Muto <kmuto@debian.org> + (Closes: 307005) + + pt_BR translation by Andre Luis Lopes <andrelop@debian.org> + (Closes: 304261) + + vi translation by Clytie Siddall <clytie@riverland.net.au> + (Closes: 308959) + + added missed translation entries in gnome .desktop files + for it, ko, pl + + -- Alexander Sack <asac@debian.org> Thu, 02 Jun 2005 22:00:00 +0100 + +mozilla-thunderbird (1.0.2-2) unstable; urgency=low + + * fixed TYPO in 71_extensionManagerAutoReRegister.dpatch, + probably causing #302218 (Closes: 302218) + * extended patch 71_extensionManagerAutoReRegister.dpatch, + now checking components.ini timestamp instead of + compreg.dat timestamp. removing components.ini compreg.dat + and XUL.mfasl if global Extensions.rdf file is newer then + components.ini. Probably helping to fix #302218 too. + * renamed xprt-xprintorg recommends to xprint (Closes: 300975) + * (re-)enabled pref extension (Closes: 302130) + + -- Alexander Sack <asac@debian.org> Thu, 31 Mar 2005 07:00:00 +0100 + +mozilla-thunderbird (1.0.2-1) unstable; urgency=medium + * new upstream version (Closes: 301542) fixes some + security issues according to upstream + (http://www.mozilla.org/projects/security/known-vulnerabilities.html) + 1.0.2 fixes the following security related issues. + + MFSA 2005-30 GIF heap overflow parsing Netscape extension 2 + MFSA 2005-25 Image drag and drop executable spoofing + MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice + MFSA 2005-18 Memory overwrite in string library + MFSA 2005-17 Install source spoofing with user:pass@host + MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion + + -- Alexander Sack <asac@debian.org> Sun, 27 Mar 2005 16:00:00 +0100 + +mozilla-thunderbird (1.0-4) unstable; urgency=low + + * removed not needed build-deps: csh + * included debconf (and gnome .desktop file) translations for + various languages: (Closes: 292072, 294622, 291477, 292507) + + debian/po/fr.po (Mohammed Adnène TROJETTE <adn+deb@diwi.org>, + Aurelien Jarno <aurel32@debian.org>) + + debian/po/nl.po (Luk Claes <luk.claes@ugent.be>) + + debian/po/ca.po (Jordi Mallach <jordi@debian.org>) + + debian/po/ko.po (Yooseong Yang <yooseong@debian.org>) + + debian/po/it.po (Vittorio Palmisano <redclay@email.it>) + + debian/po/pl.po (Robert Luberda <robert@debian.org>) + * fixed startscript problem + - updated 21_mozilla_in-patch.dpatch - thanks to + Kevin B. McCarty <kmccarty@Princeton.EDU> + * moved code of component debCleanComp.js to + nsExtensionManager, so it can automatically restart the + application if needed. + This should again lower the probabilty that + some upgrade, downgrade of thunderbird or extensions + breaks the chrome or component registry in your profile + dir. + + -- Alexander Sack <asac@debian.org> Sun, 13 Mar 2005 13:00:00 +0100 + +mozilla-thunderbird (1.0-3) unstable; urgency=low + + * first upload to official archive for tbird 1.0 + (first since 0.9-6) + * finally I decided to upload this package to unstable, + though there is a debian-legal discussion going on + about the mozilla trademark. Since it might take some + time until a solution is found, I decided to upload + as usual. + * started to debrand the app to 'Debian Thunderbird' + + -- Alexander Sack <asac@debian.org> Sun, 16 Jan 2005 14:00:00 +0100 + +mozilla-thunderbird (1.0-2) unstable; urgency=low + + * Uninstall file and dummy-empty-file must not be empty + * Included latest patch for extension manager + * Included Jaap Haitsma icons (Closes: 257640) + * fixed regression compared to 0.9-6 official package + that had problems to build because empty files where + not included in diff.gz + + -- Alexander Sack <asac@debian.org> Fri, 10 Dec 2004 23:00:00 +0100 + +mozilla-thunderbird (1.0-1) unstable; urgency=low + + * new upstream release - 1.0 (Closes: 284560) + * includes new icons as default theme + * changed start.html page to not use the mozilla partical + in the package naming. This app is now officially called + 'Debian Thunderbird' + * removed -O from sparch arch (See: 284532) + * README.Debian improved + * adapted new manpage inspired by Ralf Katz <ralph.katz@rcn.com> + + -- Alexander Sack <asac@debian.org> Tue, 08 Dec 2004 12:00:00 +0100 + +mozilla-thunderbird (0.9-7) unstable; urgency=low + + * added debconf capability to define what browser + integration is wanted + -> added /etc/mozilla-thunderbird/auto-config.js + to store automatically generated configs by debconf + + -- Alexander Sack <asac@debian.org> Thu, 24 Nov 2004 12:00:00 +0100 + +mozilla-thunderbird (0.9-6) unstable; urgency=low + + * fixed bug in preinst script by strictly testing + the existance of files before invoking mv + operations (Closes: 282186) + * fixed stupid upgrade bug in preinst script. + ls uses now -d to produce no garbage when + used as source for moving. This closes + a bug reported against enigmail, but is a + bug of the thunderbird package. This release + fixes it (Closes: 282505) + * still missing reply for current grave bug + 282506. I think this is due to the initial + upgrade problems. Those problem should not + occur anymore with the fixes of this packages + upgrade mechanism (Closes: 282506) + + -- Alexander Sack <asac@debian.org> Thu, 24 Nov 2004 12:00:00 +0100 + +mozilla-thunderbird (0.9-5) unstable; urgency=low + + * added patch by Kevin B. McCarty <kmccarty@Princeton.EDU> + adds In-Reply-To mailto: link capability (Closes: 268055) + * late verification of bug fixed by preview package: + fixes: message editor steals keyboard focus (Closes: 274313) + + -- Alexander Sack <asac@debian.org> Thu, 18 Nov 2004 12:00:00 +0100 + +mozilla-thunderbird (0.9-4) unstable; urgency=low + + * fixed upgrade bug - when /usr/lib/mozilla-thunderbird/extensions + is a link, remove it and create a directory for it! After that + move all extensions from /var/lib/mozilla-thunderbird/extensions + to the new folder. + * added example firefox-config.js.tmpl to use the new wrapper + script. This config should only be used if you are in a non + gconf capable window environment, e.g. pure openbox, etc. + See the README.Debian for further details on howto integrate + thunderbird properly. + * added uninstall and extension directory for default theme + extension. This should make it possible to remove the package + cleanly. + * Bug#280254: mozilla-thunderbird: Please package + thunderbird 0.9 (Closes: 280076) + * patch by Kevin McCarty <kmccarty@Princeton.EDU>, fixes + Subject munging if thunderbird is running (Closes: 263971) + * fixed: typo in welcome message for preview pane (Closes: 278690) + * thx to bug submitters that verified the fix of the following + bugs in my preview package at people.debian.org: + + Bug#277304: mozilla-thunderbird: thunderbird dies silently on + some mails (Closes: 277304) + + no sound when new mail arrives (Closes: 274044) + + Focus Problem when a filter is selected (Closes: 272157) + + "Get Mail" button fails intermittently on additional accounts + (Closes: 280482) + * added patch to fix /tmp/ file permissions during processing of + imap directory (Closes: 280363) + * cleaning up compreg.dat on Extensions.rdf change, so after + restart all troubles with this issue are gone (Closes: 273213) + * Already since 0.9-1, but I forgot to mention: + + set default smtp server option should work now + (Closes: 274177) + + with view filter: unread on, newly read messages are + not removed from the message list anymore (Closes: 275708) + * other bugs resolved by upstream: + + problems while threads refresh (Closes: 239203) + + Shortcuts conflict with ISO 14755 (Closes: 246916) + + -- Alexander Sack <asac@debian.org> Mon, 15 Nov 2004 22:45:00 +0100 + +mozilla-thunderbird (0.9-3) unstable; urgency=low + + * rm -f /usr/lib/mozilla-thunderbird/extensions + in postinst if it is a link! After that move + stuff from /var/lib/mozilla-thunderbird/extensions + to /usr/lib/mozilla-thunderbird/extensions. + The rest will be done by update-mozilla-thunderbird-chrome + + -- Alexander Sack <asac@debian.org> Thu, 11 Nov 2004 22:45:00 +0100 + +mozilla-thunderbird (0.9-2) unstable; urgency=low + + * fixed bad bug in mozilla-thunderbird.install, + that removed the fulls extensions dir + * fixed broken upgrade problem due to + mozilla-thunderbird-inspector that tried to + install resource files under /usr/lib/.../res, + but that is a link. Now storing under /usr/share/ + + -- Alexander Sack <asac@debian.org> Wed, 10 Nov 2004 22:00:00 +0100 + +mozilla-thunderbird (0.9-1) unstable; urgency=low + + * new upstream version (0.9) + * include patch amd64: + by Frederik Schueler <fs@lowpingbastards.de> + -> use gcc-3.4,g++3.4 (Closes: 261365) + * pasting issues partially fixed (See: 279656) + * Local Folders needed, cannot be deleted anymore + (Closes: 226253) + * including great patch of Mike Hommey <mh@glandium.org> + who brought the final fix for the extension manager + problems; changed update-mozilla-thunderbird-chrome + according to the new -register capability + + -- Alexander Sack <asac@debian.org> Wed, 10 Nov 2004 20:00:00 +0100 + +mozilla-thunderbird (0.8-3) unstable; urgency=medium + + * respin for new binutils version (Closes: 273354) + * removing essential and build-essential build + dependencies to: base-files, libc6-dev + * update-mozilla-thunderbird-chrome: output of find(s) + to /dev/null (Closes: 267661) + * included mozilla-thunderbird-compose script in docs + section + + -- Alexander Sack <asac@debian.org> Sat, 26 Sep 2004 13:00:00 +0100 + +mozilla-thunderbird (0.8-2) unstable; urgency=medium + + * include good build_id during build fixes + upgrade problems + (Closes: 272175, 272182) + * fixed some startup-script regressions. Remote + commands are almost ready by upstream. Only + -compose argument is interpreted in a debian + specific way. Of course, locale settings + are still debian specific too. + * improved changelog to list important notes + for upgrading to 0.8 + * 10_mips_optimization_patch.dpatch: + thiemo seufers mips(el) workaround + removing CFLAGS="$CFLAGS -Wa,-xgot" and + CXXFLAGS="$CXXFLAGS -Wa,-xgot" and adding + inline when DEBUG is true (Closes: 272162). + + -- Alexander Sack <asac@debian.org> Sat, 18 Sep 2004 21:00:00 +0100 + +mozilla-thunderbird (0.8-1) unstable; urgency=medium + + * new upstream version 0.8 + * fixes various security issues in sarge and sid + (Closes: 263752) + * hacked a tiny patch for nsExtensionManager.js.in bug that + lets thunderbird (and firefox) loop on startup if + launched with non-root account. + + -- Alexander Sack <asac@debian.org> Fri, 17 Sep 2004 10:00:00 +0100 + +mozilla-thunderbird (0.7.3-6) unstable; urgency=high + + * still fixes the security bug in sarge (see #263752) + ... thus urgency=high + * applied 50_mozilla-thunderbird-xpcom-xptcall-mips.dpatch + provided by Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de> + (Closes: 267017) + * removed <boll@debian.org> as Uploader as he expressed + that he has no more time to co-maintaining this package. + Thanks for your work! + + -- Alexander Sack <asac@debian.org> Sun, 12 Sep 2004 17:30:00 +0100 + +mozilla-thunderbird (0.7.3-5) unstable; urgency=high + + * ping tbird to find a running instance instead of searching + for lock file that could still be there after a crash (redone) + (Closes: 267144) + * still fixes the security bug in sarge ... thus urgency=high + + -- Alexander Sack <asac@debian.org> Thu, 21 Aug 2004 14:00:00 +0100 + +mozilla-thunderbird (0.7.3-4) unstable; urgency=high + + * ping tbird to find a running instance instead of searching + for lock file that could still be there after a crash + (Closes: 267144) + * still fixes the security bug in sarge ... thus urgency=high + + -- Alexander Sack <asac@debian.org> Thu, 21 Aug 2004 14:00:00 +0100 + +mozilla-thunderbird (0.7.3-3) unstable; urgency=high + + * extended patch for mips: 50_xpcom_xptcall_xptcstubs_asm_mips_s + (Closes: 266851) + * still fixes the security bug in sarge ... thus urgency=high + + -- Alexander Sack <asac@debian.org> Thu, 19 Aug 2004 17:00:00 +0100 + +mozilla-thunderbird (0.7.3-2) unstable; urgency=high + + * included patch for mips: 50_xpcom_xptcall_xptcstubs_asm_mips_s + * made global-config.js more up to date (Closes: 261815) + * recommend myspell-en-us | myspell-dictionary (Closes: 265272) + * enigmail is now suggested and not recommended anymore + * still fixes the security bug in sarge ... thus urgency=high + + -- Alexander Sack <asac@debian.org> Wed, 18 Aug 2004 16:00:00 +0100 + +mozilla-thunderbird (0.7.3-1) unstable; urgency=high + + * new upstream release 0.7.3 - fixes security issues + (Closes: 263752) + * changed maintainer email to debian address + * removing /var/lib/mozilla-thunderbird dir on purge + (Closes: 260212). + * reverting gcc-3.2 and g++-3.2 for hppa architecture to back to + default gcc/g++ compiler + * fixed package description of mozilla-thunderbird-inspector and + mozilla-thunderbird-offline (Closes: 260374, 260376) + * plain mozilla-thunderbird now opens Inbox window to front + instead of profile manager when already running (Closes: 259476) + + -- Alexander Sack <asac@debian.org> Wed, 04 Aug 2004 20:00:00 +0100 + +mozilla-thunderbird (0.7.1-3) unstable; urgency=low + + * updated README.Debian to be more specific + on the lost profile workaround! + * added 10_profile_migration.dpatch to fix + profile migration issues (Closes: 258741, 258747) + * updated .desktop file Comment (Closes: 257596) + * trying gcc-3.2 and g++-3.2 for hppa architecture + + -- Alexander Sack <asac@jwsdot.com> Tue, 13 Jul 2004 11:00:00 +0100 + +mozilla-thunderbird (0.7.1-2) unstable; urgency=low + + * added 10_profile_migration.dpatch to fix + profile migration issues (Closes: 258741, 258747) + * updated .desktop file Comment (Closes: 257596) + * trying gcc-3.2 and g++-3.2 for alpha and amd64 + architecture + + -- Alexander Sack <asac@jwsdot.com> Mon, 12 Jul 2004 11:00:00 +0100 + +mozilla-thunderbird (0.7.1-1) unstable; urgency=low + + * new upstream source 0.7.1 (Closes: 257320, 256843) + * fixed broken theme ID + * include extension descriptions and set them + to locked + * fixed typo in branding patch ( Hompage ->Homepage ) + * included movemail for handling local mail (Closes: 219893) + * provides new mozilla-thunderbird-dev + * does not build enigmail anymore. enigmail has got its + own source package for now. Hopefully this package will + build soon against mozilla-mailnews and mozilla-thunderbird, + so only one package is needed for both. + * update-mozilla-thunderbird-chrome: LD_LIBRARY_PATH bug fixed + (Closes: 254144) + * verified that -compose mailto:email@host.com works (Closes: 252261) + * include upgrade info in README.debian. Documented + new global-config.js file in README.debian too (Closes: 253315) + * crash on corrupt bmp fixed by upstream (Closes: 248857) + * added Provides: mail-reader, imap-client (Closes: 257199) + * renamed menu entry to 'Thunderbird Mail' (Closes: 257596) + + -- Alexander Sack <asac@jwsdot.com> Mon, 5 Jul 2004 11:00:00 +0100 + +mozilla-thunderbird (0.7.1-0.0.asac1) unstable; urgency=low + + * new upstream source 0.7.1 + * fixed broken theme ID + * include extension descriptions and set them + to locked + * fixed typo in branding patch ( Hompage ->Homepage ) + * included movemail for handling local mail + + -- Alexander Sack <asac@jwsdot.com> Thu, 1 Jul 2004 11:00:00 +0100 + +mozilla-thunderbird (0.7-0.0.asac1) unstable; urgency=low + + * new upstream source 0.7 + * provides new mozilla-thunderbird-dev + * does not build enigmail anymore. enigmail has got its + own source package for now. Hopefully this package will + build soon against mozilla-mailnews and mozilla-thunderbird, + so only one package is needed for both. + * update-mozilla-thunderbird-chrome: LD_LIBRARY_PATH bug fixed + (Closes: 254144) + * verified that -compose mailto:email@host.com works (Closes: 252261) + * include upgrade info in README.debian (Closes: 253315) + * crash on corrupt bmp fixed by upstream (Closes: 248857) + + -- Alexander Sack <asac@jwsdot.com> Wed, 23 Jun 2004 11:00:00 +0100 + +mozilla-thunderbird (0.6-asac1) unstable; urgency=low + + * new binary package for development files + mozilla-thunderbird-dev + * mozilla-thunderbird now Provides: mail-reader and imap-client + + -- Alexander Sack <asac@jwsdot.com> Tue, 08 Jun 2004 15:00:00 +0100 + +mozilla-thunderbird (0.6-3) unstable; urgency=low + + * added libx11-dev, libxp-dev, libxt-dev to Build-Depends + * removed xlibs-dev from Build-Depends + * fixed typo in starting screen (Closes: 249850) + * removed duplicate readme file (Closes: 247162) + * added readme file upgrade note to remove the + chrome.rdf in the users profile directory after + upgrade. + + -- Alexander Sack <asac@jwsdot.com> Thu, 03 Jun 2004 00:20:00 +0100 + +mozilla-thunderbird (0.6-2) unstable; urgency=low + + * Fix missing build-dep on xlibs-dev, causing FTBFS errors + (closes: Bug#251166) + + -- Soeren Boll Overgaard <boll@debian.org> Fri, 28 May 2004 11:02:07 +0000 + +mozilla-thunderbird (0.6-1) unstable; urgency=low + * accumulated changelog: 0.6-0.1rc1 + 0.6-0.1rc2 + * repackaged upstream source tarball to not-include + non-free icons of the trademarked new branding + * changed menu icon size to 32x32 + * added suggestions for mozilla-thunderbird-typeaheadfind + mozilla-thunderbird-offline and mozilla-thunderbird-inspector + * new upstream version: 0.6 + * MAP users can now benefit from support for the IMAP IDLE command + which allows the mail server to push notifications such as new + mail arriving as soon as it arrives (Closes: 232544) + * Thunderbird supports server wide news filters that apply to all + news groups on a server + * Mail filters can now mark messages as junk + * Offline support is now available as an extension package + (Closes: 231920) + * Command line parsing problems fixed (Closes: 232342) + * Find broken in view source is fixed (Closes: 232580) + * Alerts and crash when deleting multiple nested + folders inside the trash folder is fixed (Closes: 237705, 244414) + * shift-c selects all as read (Closes: 245039) + * menu hint changed to mail (Closes: 246211) + * Alt-A selects all messages (Closes: 229518) + * typeahead find extension added as extra package + (Closes: 232562) + * suggesting mozilla-firefox now (Closes: 240708, 234918) + * changed mozilla-thunderbird.xpm to envelope with flames + (Closes: 243028) + * new enigmail upstream version included (0.86.6), + (Closes: 235553) + * now bulding with -O2 on all platforms, but ia64, arm, + sparc, alpha, powerpc + * global enigmail config file now in + /etc/mozilla-thunderbird/pref/enigmail.js + * new binary targets: + mozilla-thunderbird-inspector, + mozilla-thunderbird-offline, + mozilla-thunderbird-typeaheadfind + * restructured conffiles: now a single global config + file exists: /etc/mozilla-thunderbird/global-config.js, + which may be used by admins to make their + preconfigurations. + Old config files in /etc/mozilla-thunderbird/pref + will be reserved till next --purge + + -- Alexander Sack <asac@jwsdot.com> Sat, 08 May 2004 08:45:00 +0100 + +mozilla-thunderbird (0.5+.040427-1) unstable; urgency=low + + * new snapshot of 040427 + * added build depend: libgnomevfs2-dev + * increased debian policy standard version to 3.6.1 + + -- Alexander Sack <asac@jwsdot.com> Tue, 27 Apr 2004 12:45:00 +0100 + +mozilla-thunderbird (0.5+.040418-1) unstable; urgency=low + + * new snapshot of 040418 + * changed desktop icon to envelope with flames (Closes: 243028) + + -- Alexander Sack <asac@jwsdot.com> Sun, 18 Apr 2004 12:45:00 +0100 + +mozilla-thunderbird (0.5+.040412-1) unstable; urgency=low + + * new snapshot of 040412 + * Updated enigmail to 0.83.6 + + -- Alexander Sack <asac@jwsdot.com> Mon, 12 Apr 2004 01:37:00 +0100 + +mozilla-thunderbird (0.5+.040330-1) unstable; urgency=low + + * new snapshot of 040320 + * Updated enigmail to 0.83.5 (Closes: 235553) + + -- Alexander Sack <asac@jwsdot.com> Tue, 30 Mar 2004 17:30:20 +0100 + +mozilla-thunderbird (0.5-4) unstable; urgency=low + + * reenabled hppa patch, which apparently led to FTBFS on hppa + + -- Alexander Sack <asac@jwsdot.com> Thu, 04 Mar 2004 21:30:20 +0100 + +mozilla-thunderbird (0.5-3) unstable; urgency=medium + + * preinst added to allow clean upgrade path to this + (Closes: 234118, Closes: 234267) + * added prerm script to allow a clean remove of package + + -- Alexander Sack <asac@jwsdot.com> Sun, 29 Feb 2004 10:30:20 +0100 + +mozilla-thunderbird (0.5-2) unstable; urgency=low + + * new source package layout!! Now using orig.tar.gz with diff.gz + (Closes: 232055) + * moved arch-indep chrome stuff to /usr/share/mozilla-thunderbird/chrome + * moved images to /usr/share/mozilla-thunderbird/res + /usr/share/mozilla-thunderbird/icons + /usr/share/mozilla-thunderbird/chrome/icons + + -- Alexander Sack <asac@jwsdot.com> Thu, 19 Feb 2004 19:30:20 +0100 + +mozilla-thunderbird (0.5-1.1) unstable; urgency=low + + * new source package layout!! Now using orig.tar.gz with diff.gz + + -- Alexander Sack <asac@jwsdot.com> Mon, 11 Feb 2003 19:30:20 +0100 + +mozilla-thunderbird (0.5-1) unstable; urgency=low + + * Aggregated changes since 0.4-1: + * new upstream release 0.5 included + * added xprt-xprintorg to Recommends (Closes: 226626) + * upgraded enigmail to 0.83.2 (Closes: 228678) + + includes a workaround for mozilla bug + leading to a crash in rare situations + (fixed in 0.82.6) + * improved package structure. Sources now are included as original archives + & are extracted to build-dir. (Closes: 225033) + * Minor wording changes in package description, pointed out by + Mark Stevenson. + * New debianization of appearance (branding) + * added switches for pref.js config entries for + individual doubleclick timeout & drag threshold + settings in gtk2 (Closes: 229146) + + -- Alexander Sack <asac@jwsdot.com> Mon, 09 Feb 2003 19:30:20 +0100 + +mozilla-thunderbird (0.5-0.1) unstable; urgency=low + + * preview of thunderbird-0.5 rc2 + + -- Alexander Sack <asac@jwsdot.com> Mon, 07 Feb 2003 19:30:20 +0100 + +mozilla-thunderbird (0.4-1.6) unstable; urgency=low + + * added basic gtk settings as mozilla prefs: + + widget.gtk2.dnd.threshold - treshold in pixel before a drag starts + + widget.gtk2.double_click_timeout - + maximum time in milliseconds between two clicks + to become recognized as double-click e.g. to get + rid of unexpected folder moves, etc. + * upgraded enigmail to 0.83.2 + + -- Alexander Sack <asac@jwsdot.com> Mon, 05 Feb 2003 10:30:20 +0100 + +mozilla-thunderbird (0.4-1.5) unstable; urgency=low + + * added xprt-xprintorg to Recommends + * upgraded enigmail to 0.83.1 + + -- Alexander Sack <asac@jwsdot.com> Mon, 04 Feb 2003 10:30:20 +0100 + +mozilla-thunderbird (0.4-1.4) unstable; urgency=low + + * improved package structure. Sources now are included as original archives + & are extracted to build-dir. (Closes: 225033) + * late checkin. Already uploaded to mentors + + -- Alexander Sack <asac@jwsdot.com> Mon, 27 Jan 2003 10:30:20 +0100 + +mozilla-thunderbird (0.4-1.31) unstable; urgency=low + + * Minor wording changes in package description, pointed out by + Mark Stevenson. + + -- Soeren Boll Overgaard <boll@debian.org> Wed, 14 Jan 2004 12:46:23 +0000 + +mozilla-thunderbird (0.4-1.3) unstable; urgency=low + + * further debinized branding. updated 10_debian-branding patch + * do not use MOZILLA_FIVE_HOME. Always set the MOZILLA_FIVE_HOME + correctly. -> This is not anymore mozilla suite, so it is obsolete. + + -- Alexander Sack <asac@jwsdot.com> Mon, 06 Jan 2003 10:30:20 +0100 + +mozilla-thunderbird (0.4-1.2) unstable; urgency=low + + * updated enigmail to 0.82.6 - includes a workaround for mozilla bug + leading to a crash. + + -- Alexander Sack <asac@jwsdot.com> Mon, 30 Dec 2003 20:30:20 +0100 + +mozilla-thunderbird (0.4-1.1) unstable; urgency=low + + * switched to .orig.tgz file approach + + -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100 + +mozilla-thunderbird (0.4-1) unstable; urgency=low + + * version for first debian official upload of 0.4 + + -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100 + +mozilla-thunderbird (0.4-0.3) unstable; urgency=low + + * updated latest enigmail source to version 0.82.5 + + -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100 + +mozilla-thunderbird (0.4-0.2) unstable; urgency=low + + * added locale support: default locale is en-US + + -- Alexander Sack <asac@jwsdot.com> Mon, 12 Dec 2003 00:30:20 +0100 + +mozilla-thunderbird (0.4-0.1) unstable; urgency=low + + * upgraded official 0.4 release + * browser integration works on gnome/kde + * new mozilla-theme + * latest engimail included + + -- Alexander Sack <asac@jwsdot.com> Mon, 10 Nov 2003 00:30:20 +0100 + +mozilla-thunderbird (0.3-7) unstable; urgency=low + + * added patches for hppa & alpha, arm & mips specfic stuff. took the patches from + the debian mozilla package + + -- Alexander Sack <asac@jwsdot.com> Mon, 10 Nov 2003 00:30:20 +0100 + +mozilla-thunderbird (0.3-6) unstable; urgency=low + + * added patch to switch from ex to sed which certainly won't + have terminal problems + * added .desktop file for menu integration in gnome, kde, etc. + + -- Alexander Sack <asac@jwsdot.com> Sun, 2 Nov 2003 22:23:40 +0100 + + +mozilla-thunderbird (0.3-5) unstable; urgency=low + + * Alexander Sack: + - added build depend nvi. + * Soeren Boll Overgaard + - added dependency on gnupg for enigmail. + + -- Alexander Sack <asac@jwsdot.com> Thu, 29 Oct 2003 21:00:59 +0200 + +mozilla-thunderbird (0.3-4) unstable; urgency=low + + * Soeren Boll Overgaard: + - Improve wording in long descriptions. + - Fix dependency problem of the enigmail-package. + + -- Soeren Boll Overgaard <boll@debian.org> Tue, 28 Oct 2003 17:08:55 +0100 + +mozilla-thunderbird (0.3-3) unstable; urgency=low + + * Build-depend on m4 + * Actually do something in binary-arch + * asac: Applied Patch for myspell issue (closes: Bug#217555) + * fixed mozilla-thunderbird.sgml according to docbook DTD (closes: Bug#217708) + + -- Soeren Boll Overgaard <boll@debian.org> Sun, 26 Oct 2003 23:24:25 +0100 + +mozilla-thunderbird (0.3-2) unstable; urgency=low + + * Build-depend on dpatch. + + -- Soeren Boll Overgaard <boll@debian.org> Sun, 26 Oct 2003 13:26:31 +0100 + +mozilla-thunderbird (0.3-1) unstable; urgency=low + + * Make my name look right in Uploaders. + * Change version to one suited to Debian. + * Update standards version to 3.6.1 (No changes). + + -- Soeren Boll Overgaard <boll@debian.org> Sun, 26 Oct 2003 09:38:24 +0000 + +mozilla-thunderbird (0.3-0.3) unstable; urgency=low + + * readded forgotten patch hunks + + -- Alexander Sack <asac@jwsdot.com> Thu, 24 Oct 2003 09:00:59 +0200 + +mozilla-thunderbird (0.3-0.2) unstable; urgency=low + + * New upstream release + * latest patches of mozilla-thunderbird-0.2-3 are included + + -- Alexander Sack <asac@jwsdot.com> Thu, 21 Oct 2003 20:55:59 +0200 + +mozilla-thunderbird (0.2-3) unstable; urgency=low + + * fixed sudo bug (closes: Bug#216469) + * repackaging because of enigmail build exception + + -- Alexander Sack <asac@jwsdot.com> Wed, 15 Oct 2003 17:56:59 +0200 + +mozilla-thunderbird (0.2-2) unstable; urgency=low + + * Don't limit archs to i386. + + -- Soeren Boll Overgaard <boll@debian.org> Sat, 18 Oct 2003 10:27:05 +0000 + +mozilla-thunderbird (0.2-1) unstable; urgency=low + + * restarted versioning for official debian upload + * Uploaded by S. Boll Overgaard <boll@debian.org> + - Closes thunderbird ITP (closes: Bug#196504) + + -- Alexander Sack <asac@jwsdot.com> Wed, 15 Oct 2003 17:56:59 +0200 + +mozilla-thunderbird (0.3-0.1) unstable; urgency=low + + * New upstream release + + -- Alexander Sack <asac@jwsdot.com> Thu, 16 Oct 2003 10:51:59 +0200 + +mozilla-thunderbird (0.2asac-5) unstable; urgency=low + + * some more lintian cleaning of source package + * added boll@debian.org as co-maintainer + * reduction of build depends redundancy + + -- Alexander Sack <asac@jwsdot.com> Wed, 15 Oct 2003 17:56:50 +0000 + +mozilla-thunderbird (0.2asac-4) unstable; urgency=low + + * minimized build-depends & removed version constraints from build-deps to ease backporting + * added lintian override + * added long description for enigmail + * adjusted preference directory to $HOME/.mozilla-thunderbird + + -- Alexander Sack <asac@jwsdot.com> Mon, 13 Oct 2003 20:53:45 +0000 + +mozilla-thunderbird (0.2asac-3) unstable; urgency=low + + * needed to get the the source archive up again :( + + -- Alexander Sack <asac@jwsdot.com> Thu, 9 Oct 2003 18:51:01 +0200 + +mozilla-thunderbird (0.2asac-2) unstable; urgency=high + + * fixed the build procedure for enigmail binary package + + -- Alexander Sack <asac@jwsdot.com> Tue, 7 Oct 2003 23:04:01 +0200 + +mozilla-thunderbird (0.2asac-1) unstable; urgency=low + + * New upstream release + * added binary package mozilla-thunderbird-enigmail + * now update-chrome enabled + * startup hooks (currently for enigmail) allowed in + /var/lib/mozilla-thunderbird/startup-hooks.d + + -- Alexander Sack <asac@jwsdot.com> Fri, 3 Oct 2003 22:16:05 +0200 + +mozilla-thunderbird (0.2-5) unstable; urgency=low + + * changed menu entry image to gif image of size 32x32 -> lintian --check + tested + * added manual pages for mozilla-thunderbird & thunderbird + * remove mozilla-thunderbird-config from binary package + + -- Alexander Sack <asac@jwsdot.com> Thu, 2 Oct 2003 02:30:44 +0200 + +mozilla-thunderbird (0.2-4) unstable; urgency=low + + * fixed conflict with snapshot build + + + -- Alexander Sack <asac@jwsdot.com> Wed, 1 Oct 2003 16:50:33 +0200 + +mozilla-thunderbird (0.2-3) unstable; urgency=low + + * apply quickfix for bug #212604 (bugzilla.mozilla.org) + -> firebird ist remote startable even if thunderbird is + running + * added basic man pages + + -- Alexander Sack <asac@jwsdot.com> Wed, 1 Oct 2003 12:21:04 +0200 + +mozilla-thunderbird (0.2-2) unstable; urgency=low + + * corrected menu entry command to thunderbird + + -- Alexander Sack <asac@jwsdot.com> Thu, 25 Sep 2003 12:00:36 +0200 + +mozilla-thunderbird (0.2-1) unstable; urgency=low + + * Initial Release. + + -- Alexander Sack <asac@jwsdot.com> Wed, 24 Sep 2003 18:55:50 +0200 |