seamonkey (1.1.17+nobinonly-0ubuntu0.9.04.1) jaunty-security; urgency=low * New upstream security release: 1.1.17 (LP: #356274) - CVE-2009-1841: JavaScript chrome privilege escalation - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests - CVE-2009-1835: Arbitrary domain cookie access by local file: resources - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part * removed debian/patches/90_181_484320_attachment_368977.patch * removed debian/patches/90_181_485217_attachment_369357.patch * removed debian/patches/90_181_485286_attachment_369457.patch - update debian/patches/series -- John Vivirito Mon, 06 Jul 2009 13:20:53 -0400 seamonkey (1.1.15+nobinonly-0ubuntu2) jaunty; urgency=low * CVE-2009-1044: Arbitrary code execution via XUL tree element - add debian/patches/90_181_484320_attachment_368977.patch - update debian/patches/series * CVE-2009-1169: XSL Transformation vulnerability - add 90_181_485217_attachment_369357.patch - add debian/patches/90_181_485286_attachment_369457.patch -- Alexander Sack Tue, 31 Mar 2009 13:21:19 +0200 seamonkey (1.1.15+nobinonly-0ubuntu1) jaunty; urgency=low * New security upstream release: 1.1.15 (LP: #309655) - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6) - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7) - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect -- John Vivirito Sat, 21 Mar 2009 11:26:47 -0400 seamonkey (1.1.14+nobinonly-0ubuntu1) jaunty; urgency=low [ Alexander Sack ] * New security upstream release: 1.1.14 (LP: #309655) - CVE-2008-5511: XSS and JavaScript privilege escalation - CVE-2008-5510: Escaped null characters ignored by CSS parser - CVE-2008-5508: Errors parsing URLs with leading whitespace and controlcharacters - CVE-2008-5507: Cross-domain data theft via script redirect error message - CVE-2008-5506: XMLHttpRequest 302 response disclosure - CVE-2008-5503: Information stealing via loadBindingDocument - CVE-2008-5501..5500: Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) * drop patches applied upstream - delete debian/patches/35_zip_cache.patch - update debian/patches/series -- John Vivirito Sat, 14 Feb 2009 12:17:58 -0500 seamonkey (1.1.13+nobinonly-0ubuntu1) jaunty; urgency=low * New security upstream release: 1.1.13 (LP: #297789) - CVE-2008-4582: Information stealing via local shortcut files - CVE-2008-5012: Image stealing via canvas and HTTP redirect - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading - CVE-2008-5014: Crash and remote code execution via __proto__ tampering - CVE-2008-5017: Browser engine crash - Firefox 2 and 3 - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3 - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore - CVE-2008-0017: Buffer overflow in http-index-format parser - CVE-2008-5021: Crash and remote code execution in nsFrameManager - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals - CVE-2008-5024: Parsing error in E4X default namespace - CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail * re-run autoconf2.13 to update configure patch to changed upstream codebase - update debian/patches/99_configure.patch -- Alexander Sack Wed, 26 Nov 2008 14:54:21 +0100 seamonkey (1.1.12+nobinonly-0ubuntu1) intrepid; urgency=low * New security upstream release: 1.1.12 (LP: #276437) - CVE-2008-4070: Heap overflow when canceling newsgroup message - CVE-2008-4069: XBM image uninitialized memory reading - CVE-2008-4067..4068: resource: traversal vulnerabilities - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution - CVE-2008-4061..4064: Crashes with evidence of memory corruption - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution - CVE-2008-3837: Forced mouse drag - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation - CVE-2008-0016: UTF-8 URL stack buffer overflow -- Fabien Tassin Tue, 30 Sep 2008 00:41:24 +0200 seamonkey (1.1.11+nobinonly-0ubuntu1) intrepid; urgency=low * New security upstream release: 1.1.11 (LP: #218534) Fixes USN-602-1, USN-619-1, USN-623-1 and USN-629-1 * Refresh diverged patch: - update debian/patches/80_security_build.patch * Fix FTBFS with missing -lfontconfig - add debian/patches/11_fix_ftbfs_with_fontconfig.patch - update debian/patches/series * Build with default gcc (hardy: 4.2, intrepid: 4.3) - update debian/rules - update debian/control -- Fabien Tassin Tue, 29 Jul 2008 21:29:02 +0200 seamonkey (1.1.9+nobinonly-0ubuntu1) hardy; urgency=low * New security upstream release: 1.1.9 (LP: #207461) * Security fixes: - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18 Java socket connection to any local port via LiveConnect - MFSA 2008-17 Privacy issue with SSL Client Authentication - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs - MFSA 2008-15 Crashes with evidence of memory corruption - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution * Drop patches applied upstream: - drop debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch - update debian/patches/series * Add missing Ubuntu-specific menu items (LP: #190845) - add debian/patches/85_ubuntu_menu.patch - update debian/patches/series Contributed by Andrea Colangelo -- Fabien Tassin Thu, 27 Mar 2008 00:31:02 +0100 seamonkey (1.1.8+nobinonly-0ubuntu1) hardy; urgency=low * New security upstream release: 1.1.8 * Security fixes: - MFSA 2008-13 Multiple XSS vulnerabilities from character encoding - MFSA 2008-10 URL token stealing via stylesheet redirect - MFSA 2008-09 Mishandling of locally-saved plain text files - MFSA 2008-07 Possible information disclosure in BMP decoder - MFSA 2008-06 Web browsing history and forward navigation stealing - MFSA 2008-05 Directory traversal via chrome: URI - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02 Multiple file input focus stealing vulnerabilities - MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12) * Drop unwanted patches: - drop debian/patches/82_homepage.patch - drop debian/patches/85_about.patch - drop debian/patches/85_release_notes.patch - update debian/patches/series * Update diverged patch: - update debian/patches/99_configure.patch -- Fabien Tassin Fri, 08 Feb 2008 13:13:42 +0100 seamonkey (1.1.7+nobinonly-0ubuntu2) hardy; urgency=low * bump Standards-Version to 3.7.3 - update debian/control * Add comments to patches lacking one - update debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch - update debian/patches/12_fix_ftbfs_with_nss.patch * Drop extensions from icons in the .desktop files - update debian/menu_dir/*.desktop * Drop Uploaders: field as it doesn't mean anything for Ubuntu - update debian/control * Reference the specific versions of the GPL and LGPL - update debian/copyright * Add get-orig-source and get-current-source to respectively fetch and repack a newer tarball or the current tarball needed to build this version of the package - update debian/rules * Update 'section' of all menu files to be compliant with Debian Menu System - update debian/*.menu -- Fabien Tassin Mon, 10 Dec 2007 17:32:39 +0100 seamonkey (1.1.7+nobinonly-0ubuntu1) hardy; urgency=low * New security upstream release: 1.1.7 (LP: #174739) * MSFA 2007-37, MSFA 2007-38, MSFA 2007-39 * Drop patches applied upstream - drop debian/patches/65_branding_bug_401824.patch - drop debian/patches/65_composer_charset.patch - update debian/patches/series * Update debian/patches/99_configure.patch * Add Vcs-Bzr: and Homepage: fields to control - update debian/control * Change dfsg into nobinonly in watch file - update debian/watch -- Fabien Tassin Fri, 07 Dec 2007 20:52:32 +0100 seamonkey (1.1.6+nobinonly-0ubuntu1) hardy; urgency=low [ Fabien Tassin ] * Remove unused patches: - drop debian/patches/20_visibility.dpatch, debian/patches/28_ppc64_build.dpatch, debian/patches/38_unsupported_arch_build.dpatch, debian/patches/80_calendar_locale.dpatch, debian/patches/82_prefs_ubuntu.dpatch * Migrate from dpatch to quilt - update debian/control: build-depends on quilt - debian/rules: update patching rules - drop debian/patches/80_config.dpatch: done by quilt - rename and update debian/patches/00list => debian/patches/series - rename and update debian/patches/*.dpatch => debian/patches/*.patch * Fix unclean distclean leaving dist/ behind - update debian/patches/60_distclean.patch * Migrate to CDBS - update debian/rules and debian/control * Revert the Iceape unbranding to Seamonkey - drop debian/patches/80_app_name.patch and update debian/patches/series - update debian/patches/82_prefs.patch and debian/patches/99_configure.patch - drop iceape's icons: - update debian/rules - drop debian/extras/iceape* and debian/extras/Throbber* - drop debian/extras/license.txt - update wording - update debian/copyright - rename packages to seamonkey-* - update debian/control - rename debian/iceape-*.{dirs,install,links,postinst,postrm,preinst} to debian/seamonkey-*.{dirs,install,links,postinst,postrm,preinst} - rename debian/iceape-*.{menu,mime,manpages} to debian/seamonkey-*.{menu,mime,manpages} - rename and update debian/menu_dir/iceape-*.desktop to debian/menu_dir/seamonkey-*.desktop - rename and update debian/{iceape.cfg,iceaperc,iceape-runner} to debian/{seamonkey.cfg,seamonkeyrc,seamonkey-runner} - update debian/about_debian.js, debian/base.js and debian/homepagereset.js * Drop leftovers from calendar - drop debian/iceape-calendar.* - drop debian/extras/calendar.svg - drop debian/menu_dir/iceape-calendar.desktop - update debian/control * Clean-up - drop debian/README.source (no longer useful) - drop debian/mozconfig (leftover from previous commit) * Drop debian/patches/81_free_art_improvements.patch (was part of the unbranding) - update debian/patches/series * Make seamonkey build at last - fix FTBFS with new libnss (since bz399589 landed) - add debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch - update debian/patches/series - fix another FTBFS with libnss (caused by bad linking order with libcrmf) - add debian/patches/12_fix_ftbfs_with_nss.patch - update debian/patches/99_configure.patch - update debian/patches/series - fix bad syntax for --enable-extensions - update debian/rules - fix FTBFS with dh_install needing DEB_DH_INSTALL_SOURCEDIR - update debian/rules - fix install of additionnal searchplugins - update debian/rules - don't install hicolor icons (we don't have any) - update debian/seamonkey-browser.install * Install libnssckbi.so in seamonkey-browser and drop other libnss links - update debian/rules and debian/seamonkey-browser.links * Fix broken chrome.d files and clean-up install rules - update debian/rules - update debian/seamonkey-browser.{install,dirs} - update debian/seamonkey-chatzilla.install - update debian/seamonkey-dom-inspector.install - update debian/seamonkey-mailnews.install * Update bug link and README to point Seamonkey toward Ubuntu - update debian/about_debian.js - debian/README.Debian * Fix FTBFS on amd64 (don't depend on arch indep rules for binary packages - update debian/rules - update debian/seamonkey-browser.install - update debian/seamonkey-chatzilla.install - update debian/seamonkey-dom-inspector.install - update debian/seamonkey-mailnews.install * Update to upstream release 1.1.6 (from 1.1.4) - update debian/control - Security fixes provided by 1.1.5: MFSA 2007-36, MFSA 2007-35, MFSA 2007-34, MFSA 2007-33, MFSA 2007-32, MFSA 2007-31, MFSA 2007-30, MFSA 2007-29 and MFSA 2007-28. * Update diverged patches: - update debian/patches/35_theme_switch.patch - debian/patches/38_kbsd.patch - debian/patches/68_mips_performance.patch - debian/patches/99_configure.patch * Update Maintainer to Ubuntu Mozilla Team - update debian/control * Conflicts/Replaces iceape - update debian/control * Fix nss links not installed where CDBS would have done it - update debian/rules * Remove bin-only files from upstream tarball using debian/remove.binonly.sh. Add a nobinonly target in debian/rules to clean up the current tarball, preserve logs in mozilla/REMOVED+nobinonly.txt. - rename and update debian/remove.nonfree => debian/remove.binonly.sh - update debian/rules * Fix desktop files to make desktop-file-validate happy - update debian/menu_dir/*.desktop * Disable all desktop files except seamonkey.desktop, using the icon from branding (instead of the old style Mozilla one) - update debian/menu_dir/*.desktop - update debian/rules * Add dummy packages for migration of iceape and mozilla packages: mozilla, mozilla-browser, mozilla-dev, mozilla-mailnews, mozilla-chatzilla, mozilla-psm, mozilla-dom-inspector, mozilla-js-debugger, mozilla-calendar, iceape, iceape-browser, iceape-gnome-support, iceape-dev, iceape-dbg, iceape-mailnews, iceape-chatzilla, iceape-calendar and iceape-dom-inspector - update debian/control * Merge DSP settings from previously installed /etc/iceape/iceaperc or /etc/mozilla/mozillarc into /etc/seamonkey/seamonkeyrc - update debian/seamonkey-browser.preinst * Remove leftovers from iceape packages - add debian/iceape-browser.postrm - add debian/iceape-browser.preinst * Re-install /etc/seamonkey files previously disabled - update debian/seamonkey-browser.install * Add missing 'upgrade' target to preinst script - update debian/iceape-browser.preinst * Exclude CVS stuff when doing nobinonly tarballs - update debian/rules * Fix a recent FTBFS in hardy where gtk+ is no longer bringing some X libs in build-deps - add debian/patches/13_bz344818_att264996.patch - update debian/patches/99_configure.patch - update debian/patches/series -- Fabien Tassin Sun, 02 Dec 2007 19:27:42 +0100 iceape (1.1.4-1ubuntu3) gutsy; urgency=low * debian/control: Removed iceape-calendar from Suggested packages, We no longer build iceape-calendar, We have sunbird instead. LP: #145073 * debian/patches/00list/82_prefs_ubuntu: Disabled this patch for now, maybe we will enable it again for iceape-2.x.x, -- John Vivirito Fri, 27 Sep 2007 15:32:16 -0400 iceape (1.1.4-1ubuntu2) gutsy; urgency=low * debian/rules: use don't build lpia with gcc-4.1/g++-4.1 anymore, but use gcc-4.2/g++-4.2 for all archs now * debian/control: Added g++-4.2, gcc-4.2 to build-deps to satisfy lpia builds * debian/patches/20_force-no-pragma-visibility-for-gcc-4.2_4.3: add patch to siable pragma visibility strategy to hide symbols. stick to -fvisibility=hidden * debian/patches/00list: Updated for 20_force-no-pragma-visibility- for-gcc-4.2_4.3 [ Alexander Sack ] * debian/patches/99_configure.dpatch: rerun autoconf2.13 to make new force-no-pragma-visibility-for-gcc-4.2_4.3.dpatch effective -- John Vivirito Thu, 30 Aug 2007 16:46:30 -0400 iceape (1.1.4-1ubuntu1) gutsy; urgency=low * New security/stability upstream release. * debian/patches/80_system_libs.dpatch: carried over from Debian to make sure we dont have problems with upstream changing libjpeg, libpng or zlib internal version * debian/patches/35_psm_wakeups.dpatch: removed, it was applied upstream * debian/patches/00list: updated accordingly * debian/control: commented out iceape-calendar to prevent binaries from being built at this time, when debian decides to add it back to orig tarball than we will decide if we want to follow. -- John Vivirito Tue, 7 Aug 2007 12:58:32 -0400 iceape (1.1.4-1) unstable; urgency=low * New security/stability upstream release. * debian/patches/90_MFSA_2007_26.dpatch, debian/patches/90_MFSA_2007_27.dpatch: Removed, as applied upstream. * debian/patches/00list: Updated accordingly. -- Mike Hommey Sun, 05 Aug 2007 08:32:42 +0200 iceape (1.1.3-2) unstable; urgency=high * debian/patches/90_MFSA_2007_26.dpatch, debian/patches/90_MFSA_2007_27.dpatch: Patches, respectively, for mfsa-2007-26 (aka CVE-2007-3844) and mfsa-2007-27 (aka CVE-2007-3845). * debian/patches/00list: Updated accordingly. * debian/patches/80_system_libs.dpatch: Make sure we won't be bitten by upstream changing libjpeg, libpng or zlib internal version, which makes system library not used even though --with-system-* argument is given to configure. This time, it happened with libpng. * debian/patches/99_configure.dpatch: Updated. * debian/patches/00list: Updated accordingly. -- Mike Hommey Sat, 21 Jul 2007 23:00:45 +0200 iceape (1.1.3-1) unstable; urgency=high * New security/stability upstream release (v1.1.3) * Fixes mfsa-2007-{18-22}, mfsa-2007-{24-25}, alsa known as CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738. * debian/remove.nonfree: add more binary files from tarball that don't have sources (Thanks Alexander Sack). * debian/patches/82_prefs.dpatch: Set layout.css.dpi to 0 instead of -1. libxul will use system DPI and avoid using huge fonts on systems where DPI < 96. * debian/patches/80_system_libs.dpatch: Make sure we won't be bitten by upstream changing libjpeg, libpng or zlib internal version, which makes system library not used even though --with-system-* argument is given to configure. This time, it happened with libpng. * debian/patches/99_configure.dpatch: Updated. * debian/patches/00list: Updated accordingly. -- Mike Hommey Sat, 21 Jul 2007 23:00:45 +0200 iceape (1.1.2.dfsg1~ubuntu1-0ubuntu1) unstable; urgency=low * new upstream version for ubuntu based on 1.1.2.dfsg1-2 * ubuntu changes not in debian are: + changes of version 1.1.1-3.mt9 aka show-go-button in addressbar by John Vivirito -- Alexander Sack Wed, 13 Jun 2007 08:55:00 -0200 iceape (1.1.2.dfsg1-2) unstable; urgency=low * debian/remove.nonfree: add more binary files from tarball that don't have sources: ./toolkit/mozapps/installer/windows/nsis/Processes.dll ./toolkit/mozapps/installer/windows/nsis/ShellLink.dll ./toolkit/mozapps/installer/windows/nsis/nsProcess.dll ./xpfe/bootstrap/macbuild/Contents/Resources/command.icns ./xpfe/bootstrap/macbuild/Contents/Resources/component.icns ./xpfe/bootstrap/macbuild/Contents/Resources/html.icns ./xpfe/bootstrap/macbuild/Contents/Resources/mozilla.icns ./xpfe/bootstrap/macbuild/Contents/Resources/plugin.icns ./xpfe/bootstrap/macbuild/Contents/Resources/pref.icns ./xpfe/bootstrap/macbuild/Contents/Resources/text.icns ./widget/src/os2/res/aliasb.ptr ./widget/src/os2/res/arrow_wait.ptr ./widget/src/os2/res/cell.ptr ./widget/src/os2/res/col_resize.ptr ./widget/src/os2/res/copy.ptr ./widget/src/os2/res/crosshair.ptr ./widget/src/os2/res/grabbing.ptr ./widget/src/os2/res/grab.ptr ./widget/src/os2/res/help.ptr ./widget/src/os2/res/row_resize.ptr ./widget/src/os2/res/select.ptr ./widget/src/os2/res/vertical_text.ptr ./widget/src/os2/res/zoom_in.ptr ./widget/src/os2/res/zoom_out.ptr -- Alexander Sack Mon, 11 Jun 2007 13:00:00 +0200 iceape (1.1.2-1) unstable; urgency=low * New upstream release. * Fixes mfsa-2007-12, mfsa-2007-{14-17}, also known as CVE-2007-1362, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2870, CVE-2007-2871. * debian/patches/15_gecko_1.8.1.3.dpatch, debian/patches/20_visibility.dpatch: Removed, as being applied upstream. * debian/patches/25_gnome_helpers_with_params.dpatch: Adapted to upstream changes. (Stolen from xulrunner) * debian/control, debian/rules: Removed dummy packages for transition from mozilla. * debian/*mozilla*: Removed. * debian/control: + Update dependencies for iceape-dev and iceape-chatzilla so that there's no problem with future -0lennyx releases. + Build depend on libnspr4-dev and libnss3-dev. * debian/mozconfig: Use system nspr and nss. * debian/rules: + Don't shlibsign. + Install symlinks for nspr and nss libraries in /usr/lib/iceape. * debian/iceape-browser.install: Don't install libfreebl. * shlibs.local: Force versioned dependencies on libnss because of our use of the libnssckbi.so file under /usr/lib/nss which appeared in version 3.11.5-1. * debian/patches/99_configure.dpatch: + Updated with autoconf. + Removed nsprpub/configure changes, not required anymore. * debian/patches/80_config.dpatch: Don't copy config.{guess|sub} in nsprpub/build. * debian/patches/18_kbsd_nspr.dpatch: Removed, since we now use system nspr. * debian/patches/00list: Updated accordingly. * debian/iceape-browser.links, debian/iceape-browser.install: Install the isp directory. -- Mike Hommey Sat, 09 Jun 2007 20:29:39 +0200 iceape (1.1.1-2) unstable; urgency=low [ Alexander Sack ] * debian/patches/20_visibility.dpatch: update from bz366844 to prevent failures due to bashism * debian/patches/60_distclean.dpatch: use DIST_GARBAGE for sqlite3.h instead of GARBAGE to prevent ftbfs on second run -> sqlite3.h is a source file; maybe drop this completely. * debian/patches/99_configure.dpatch: update configure accordingly [ Mike Hommey ] * Merged changes from 1.0.8-4. * Target at unstable. * debian/patches/15_gecko_1.8.0.11.dpatch: Replaced with debian/patches/15_gecko_1.8.1.3.dpatch, for 1.8.1 branch. * debian/patches/35_system_myspell.dpatch: Renamed 80_hunspell.dpatch and modified to have system hunspell library used instead of myspell. * debian/patches/00list: Updated accordingly. * debian/control: Don't build depend on libmyspell-dev but on correct version of libhunspell-dev. * debian/patches/99_configure.dpatch: Updated with autoconf. * debian/mozconfig: Replaced --enable-system-myspell with --enable-system-hunspell. -- Mike Hommey Sun, 15 Apr 2007 17:28:09 +0200 iceape (1.0.8-4) unstable; urgency=low * debian/iceape-composer.png.uue, debian/iceape-news.png.uue: Removed, as they are not used. * debian/patches/15_gecko_1.8.0.11.dpatch: Update to 1.8.0.11 codebase. Fixes mfsa-2007-11. * debian/patches/00list: Updated accordingly. * debian/patches/25_gnome_helpers_with_params.dpatch: Make MIME registry use system mime.types when it doesn't get extensions from the Gnome registry. This will make the helper configuration dialogs work better. * debian/rules: Install several icons in the hicolor theme. * debian/iceape-browser.install: + Install /usr/lib/iceape/chrome/icons/default/default.xpm and /usr/lib/iceape/chrome/icons/default/default16.xpm files that were missing. + Install files from the hicolor theme. * debian/patches/10_icons.dpath: Install the icons into the correct place. -- Mike Hommey Sat, 24 Mar 2007 00:54:51 +0100 iceape (1.1.1-1) experimental; urgency=low * New upstream release, targetted at experimental. Closes: #409295. * debian/patches/10_dash_workaround.dpatch, debian/patches/10_pangoxft.dpatch, debian/patches/15_atk_crash.dpatch, debian/patches/15_passwdmgr.dpatch, debian/patches/82_ssl.dpatch: Removed, as being applied upstream. * debian/patches/00list: Updated accordingly. * debian/patches/20_visibility.dpatch: Stole new version of the visibility patch from iceweasel. * debian/patches/60_distclean.dpatch, debian/patches/80_security_build.dpatch, debian/patches/82_prefs.dpatch, debian/patches/85_about.dpatch: Adapted to upstream changes. * debian/iceape-calendar.install, debian/iceape-calendar.links, debian/rules, debian/mozconfig, debian/patches/60_distclean.dpatch, debian/patches/85_release_notes.dpatch, debian/patches/00list: Disabled calendar, as it is not provided by the upstream tarball anymore. * debian/control, debian/iceape-calendar.NEWS: Add a note that the calendar package is empty. * debian/iceape-calendar.menu: Renamed as .disabled. * debian/iceape-browser.install, debian/iceape-browser.links: + Install new components + Don't install the webdav component that was provided by the calendar + Install the inspector.xpt file, since the inspector component is now a static component. + Update link for myspell dictionaries. * debian/iceape-dom-inspector.install: Don't install the inspector component. * debian/iceape-dom-inspector.links: Removed. * debian/mozconfig: Don't disable xpcom obsolete, it is needed for xpinstall. * debian/patches/99_configure.dpatch: Updated with autoconf. -- Mike Hommey Tue, 13 Mar 2007 07:59:52 +0100 iceape (1.0.8-3) unstable; urgency=low * debian/patches/15_passwdmgr.dpatch: Restore parts that were actually NOT applied upstream, and adapt them. Thanks Sam Hocevar for spotting this. Closes: #414010. -- Mike Hommey Thu, 8 Mar 2007 18:50:21 +0100 iceape (1.0.8-2) unstable; urgency=low * debian/copyright: Added licensing terms for the content in the debian directory. * debian/patches/35_xembed_crash.dpatch: Removed. The problem lies in the totem plugin, actually. Closes: #413256. * debian/about_debian.js: Custom component to add support for about:README.Debian and about:bugs addresses. * debian/iceape-browser.install, debian/iceape-browser.links, debian/rules: Install the new about_debian.js component. * debian/patches/85_about.dpatch: Link to newly added about:bugs and about:README.Debian pages instead of direct links. * debian/patches/35_about_security.dpatch: Removed, since we don't directly link to file:/// and http:// urls anymore. * debian/patches/85_release_notes.dpatch: Remove "Release Notes" item from Help menu. * debian/patches/00list: Updated accordingly. -- Mike Hommey Sun, 4 Mar 2007 20:58:30 +0100 iceape (1.0.8-1) unstable; urgency=low * New upstream release. * Fixes mfsa-2007-{01-07}, also known as CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0045, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995. * debian/iceape-browser.install: Install libfreebl. * debian/rules: + Invert /usr/share/pixmaps/iceape-mailnews.xpm and /usr/share/pixmaps/iceape-mail-compose.xpm. Closes: #409812. + Do shlibsign on libsoftokn and libfreebl. * debian/patches/25_passwdmgr_crash.dpatch, debian/patches/20_broken_perl.dpatch: Removed, as being applied upstream. * debian/patches/18_kbsd_nspr.dpatch, debian/patches/25_entropy.dpatch, debian/patches/35_system_myspell.dpatch, debian/patches/38_kbsd.dpatch, debian/patches/80_security_build.dpatch: Adapted to upstream changes. * debian/patches/60_distclean.dpatch: Removed parts that were applied upstream ; added another cleanup in nss directory. * debian/patches/15_passwdmgr.dpatch: Removed parts that were applied upstream. * debian/patches/99_configure.dpatch: Updated with autoconf. * debian/patches/35_theme_switch.dpatch: Fix for hang up when switching GTK theme. bz#352096. * debian/patches/35_xembed_crash.dpatch: Fix for crash on restyle after closing tab with xembed plugin. bz#359870. Thanks Alexander Sack. * debian/patches/00list: Updated accordingly. -- Mike Hommey Fri, 2 Mar 2007 23:04:24 +0100 iceape (1.0.7-3) unstable; urgency=low * debian/mozilla-browser.postinst: Renamed to mozilla-browser.postrm, since it is about postrm rules for purge. * debian/control: + Make iceape conflict with mozilla (<< 2:1.8) instead of mozilla. Closes: #405911. + iceape is built without xprint support, drop outdated and useless Suggests to xprt. Thanks to Andreas Metzler. Closes: #301649. * debian/iceape-browser.prerm: Don't forget to remove the alternatives at removal time. Closes: #407411. * debian/iceape-runner: + Add missing quotes in a test. Thanks to Kevin Ryde. Closes: #408575. + Add check on ${HOME}. Closes: #361999, #294425. * debian/patches/65_composer_charset.dpatch: Align editor character set with meta tag character set at document creation. Closes: #408220. * debian/patches/15_atk_crash.dpatch: Fix random crashed in GetMaiAtkType. bz#302250. Closes: #406861. * debian/patches/18_m68k_xpcom.dpatch: Apply changes provided by Roman Zippel to fix FTBFS of third party software on m68k. Renamed as 68_m68k_xpcom.dpatch, since it needs to be sent upstream. (Stolen from xulrunner) * debian/patches/35_zip_cache.dpatch: Invalidate cache for a zip file that got modified. It will prevent corruption of the XUL FastLoad cache when upgrade is performed while an instance of the application is running. bz#368428. Closes: #406618. * debian/patches/80_calendar_locale.dpatch: Don't install calendar locales. Closes: #406748. Locale packagers: Please add the locales from the calendar but double check that they include all the strings. * debian/patches/82_prefs.dpatch: Workaround for freeze error with mail compose window after a couple of hours of use. bz#307672. Closes: #405662. * debian/extras/iceape_icon_plain.svg, debian/extras/iceape_logo_plain.svg, debian/extras/iceape_logo_splash.xpm: Changed colors and improved contrast on logo and icon. Closes: #408441. * debian/extras/calendar_orig_309293.svg: Removed, because it is non-free. * debian/iceape-calendar.install: Install calendar.jar instead of calendar*. * debian/patches/25_pango_null_char.dpatch: Avoid freeze/crash when null characters are present in justified text by discarding NULL characters before displaying. bz#366902. (Stolen from xulrunner svn) Closes: #406698. * debian/patches/38_sparc64_unichar_alignment.dpatch: Add ia64 to the list of arches that need strict alignment. (Stolen from iceweasel svn) * debian/patches/15_pango_textarea_position.dpatch: Fix for cursor position when moving in a textarea. bz#366796. Closes: #408913. * debian/patches/00list: Updated accordingly. -- Mike Hommey Mon, 29 Jan 2007 08:12:13 +0100 iceape (1.0.7-2) unstable; urgency=high * The "OMFFSM" Release ! * debian/iceape-browser.preinst: Move files from /usr/lib/iceape/chrome, not ., dammit ! Closes: #405586. -- Mike Hommey Thu, 4 Jan 2007 20:24:44 +0100 iceape (1.0.7-1) unstable; urgency=low [ Mike Hommey ] * New upstream release. Fixes mfsa-2006-{68-74} also known as CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6500, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504. Closes: #404892. * This release is dedicated to Andreas Metzler, who is doing a great job at bug triaging the huge pile of bugs that has been accumulating for years on mozilla-* packages. [ Alexander Sack ] * debian/extras/iceape_icon_plain.svg,debian/extras/calendar_orig_309293.svg, debian/extras/iceape_logo_splash.xpm,debian/extras/iceape_logo.svg, debian/extras/calendar.svg,debian/extras/iceape_logo_plain.svg, debian/extras/iceape_icon.svg,debian/extras/license.txt, debian/extras/Throbber-small.png.uue,debian/extras/Throbber-small.gif.uue, debian/control,debian/rules, debian/patches/81_free_art_improvements.dpatch: Adding free artwork contributed by unicko2000 aka Ricardo Fernándezi ; added build-depends on imagemagick and librsvg2-bin to convert svg artwork to various image formats; generate various image formats of free artwork and place them in build tree appropriately. Picking Throbber Icons from toolkit to replace trademarked seamonkey throbber. Closes: #401265. * debian/patches/81_free_art_improvements.dpatch: use .png for about:logo instead of .gif ... to improve about page appearence. * debian/rules,debian/remove.nonfree: Execute debian/remove.nonfree in source target; adding more trademarked logos/icons to remove list; for now sedding hardcoded sunbird trademarks in calendar/sunbird/app/brand.properties and calendar/sunbird/app/brand.dtd. Closes: #400341,#401266. * debian/patches/80_free_art_fixes.dpatch: added patch to prevent build failure due to removed throbber icons that are not used by seamonkey * debian/patches/65_branding_bug_401824.dpatch: fix for profile branding bug Closes: #401824. * debian/patches/00list: added 81_free_art_improvements, 80_free_art_fixes, 65_branding_bug_401824 [ Mike Hommey ] * Removed non-free and sourceless binaries from source package with the script from the gnuzilla project, with 2 additional removals of IETF files. Closes: #401266. You can find this modified script for reference in debian/remove.nonfree. Note this script also removes useless CVS files. * debian/control: iceape-chatzilla conflicts with older versions of mozilla-browser. Closes: #401298. * debian/watch: Added a watch file to track seamonkey versions. * debian/patches/80_config.dpatch: Use config.guess and config.sub from autotools-dev. * debian/iceape-runner: + Removed -a option passed to iceape (but we keep the parsing, for when it will become useful). This option prevented iceape to start with the configured application. Closes: #401620. + Added a MOZ_PLUGIN_PATH to add support for plugins in /usr/lib/mozilla/plugins. Closes: #404258. + Removed some bashisms. * debian/watch: Added rule to mangle dfsg versions. * debian/patches/15_passwdmgr.dpatch: Adapted to changes in upstream. Thanks to Andreas Metzler. * debian/patches/35_crash_focus.dpatch: Removed: applied upstream. * debian/iceape-browser.preinst: Move files away from /usr/lib/iceape/chrome to /usr/share/iceape/chrome if there are. Thanks to Andreas Barth. Closes: #401372. * debian/patches/82_prefs.dpatch: Set filename for general config file for locks and set the obscure value to 0 so that the file needs not be "encrypted". * debian/iceape.cfg: Disable upgrade notification and lock the value of the property so that it is not possible to change it from the UI. Thanks to Thijs Kinkhorst for the hint on the preference. * debian/rules, debian/iceape-browser.install: Install iceape.cfg. Closes: #404699. * debian/README.Debian: Rewrote, stealing stuff we wrote for firefox^Wiceweasel, including a note about Emacs key bindings. Closes: #199090, #291418, #292435, #294542, #296347, #306213. * debian/control: Fix mozilla-js-debugger package description to refer to mozilla-venkman instead of iceape. Thanks to Andreas Metzler. * debian/README.build: Removed. * debian/README.chrome: Put reference on mozilla-venkman and mozilla-checky instead of non-existant iceape-locale-ja. * debian/README.source: Added instructions on how to get the patched sources and to build the package from SVN. Thanks to Andreas Metzler. * debian/copyright: Fixed typos. Thanks to Thijs Kinkhorst. Closes: #405225. * debian/homepagereset.js: Custom component to reset the browser homepage if it is set to the old localstart.html page from the mozilla-browser package, which doesn't exist any more. * debian/patches/85_about.dpatch: Beautifulize about: page (enhancements stolen from Firefox) and added some useful links for Debian. * debian/patches/82_homepage.dpatch: Set homepage and throbber url to about:. * debian/patches/35_about_security.dpatch: Relax security on what about: urls can load, to match that of chrome and resources urls. bz#365526. * debian/rules, debian/iceape-browser.install, debian/iceape-browser.links: Install this custom component. Closes: #401537, #402337. * debian/iceape-dom-inspector.install: Only install inspector.jar from chrome, manifest files are not useful for iceape (yet). * debian/menu_dir/iceape.desktop: Set this menu item to be used for the Iceape Suite. Which means that will open whatever is configured to be opened at Iceape Suite startup (see preferences). * debian/menu_dir/iceape-navigator.desktop: Add a new menu item for the Iceape Navigator, which will launch a browser window. * debian/iceape-browser.install: Install this new desktop file. * debian/patches/65_xremote.dpatch: Add commands to open calendar, chatzilla and address book via the XRemote interface. * debian/iceape-runner: Modify to make use of the new commands in the XRemote interface. This means iceape -chat and friends works whether an iceape window is already opened or not. * debian/patches/38_kbsd.dpatch, debian/patches/38_mips64_build.dpatch, debian/patches/80_uname.dpatch, debian/patches/18_kbsd_nspr.dpatch: Applied patch from Petr Salinger to build on GNU/kFreeBSD. Closes: #401401. * debian/patches/99_configure.dpatch: Updated. * debian/patches/35_mail_navigator_overlay.dpatch: Set the overlay for mailnews options in navigator in mailnews instead of navigator. bz#365701. Closes: #227705. * debian/patches/00list: Updated according to all modified and added patches. * debian/update-iceape-chrome: Redirect regchrome's stderr, too. * debian/patches/80_uname.dpatch: Fix OS_TARGET so that it is correctly set to Linux for things that expect this value instead of linux-gnu. * debian/control: Various changes in packages descriptions. Closes: #401431, #403047. [ Alexander Sack ] * debian/rules: update target 'source' to not include epoch in generated orig.tar.gz name. Patch by Andreas Metzler. -- Mike Hommey Wed, 3 Jan 2007 19:37:41 +0100 iceape (1.0.6-1) unstable; urgency=low * Initial Release. (Closes: #350740) * Thanks to Hendrik-Jan Heins for his help. -- Mike Hommey Thu, 23 Nov 2006 00:05:52 +0100