Change log for firefox package in Ubuntu
| 1276 → 1341 of 1341 results | First • Previous • Next • Last |
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1) dapper-security; urgency=low * New upstream stability/security release * MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning -- Alexander Sack <email address hidden> Wed, 21 Mar 2007 15:00:00 +0100
| Obsolete in breezy-security |
firefox (1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1) breezy-security; urgency=low * New upstream stability and security update * MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning -- Alexander Sack <email address hidden> Sat, 24 Mar 2007 20:00:00 +0100
| Superseded in feisty-release |
firefox (2.0.0.3+1-0ubuntu1) feisty; urgency=low
* new upstream security/stability update (v2.0.0.3)
* MFSA-2006-11 aka CVE-2007-1562: FTP PASV port-scanning
* add Report a Bug ... menu entry to Help menu overlay (LP#85041)
* gfx/src/gtk/nsFontMetricsXft.cpp: revert not-approved patch
bz252033-gtk2-xft-text-clipping-problem, because fix seems to
have pretty bad performance overhead.
* config/autoconf.mk.in, configure.in, gfx/src/gtk/mozilla-decoder.cpp:
revert not-approved patch bz305185-system-pango-fix-for-gtk-2-8, because
no longer necessary, upstream bug was duped to
https://bugzilla.mozilla.org/show_bug.cgi?id=338446
* xpfe/components/killAll/Makefile.in: revert not-approved patch
bz333289-nskillall-not-installed, because its just cruft from
old suite and not used for firefox.
* debian/control: add depends on libnspr4 to libnss3 (LP#84481)
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2) dapper-security; urgency=low
* debian/rules: fix for regression: libfreebl3.so installed in wrong directory
after libnss upstream branch switch (LP#89054, LP#88990).
add libfreebl3.so to /usr/lib/ in libnss3 package
- verified fix for evolution
- verified fix for gaim-encryption
-- Alexander Sack <email address hidden> Thu, 1 Mar 2007 23:50:00 +0100
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1) dapper-security; urgency=low
* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/1.8.1.2):
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks
* security/nss/lib/freebl/unix_rand.c: dropping preprocessor condition
as an equivalent check has been introduced upstream (#ifndef LINUX
-> #ifdef DO_NETSTAT)
* security/coreconf/rules.mk: adapted patch to changed upstream code base
* security/coreconf/Linux.mk: dropping ppc64 OS_TEST as it has been
applied upstream
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapting
patch to updated code-base.
-- Alexander Sack <email address hidden> Wed, 21 Feb 2007 18:05:00 -0800
| Superseded in edgy-security |
firefox (2.0.0.2+0dfsg-0ubuntu0.6.10) edgy-security; urgency=low
* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/1.8.1.2):
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks
* browser/app/profile/firefox.js: resolved merge conflict
-- Alexander Sack <email address hidden> Sun, 25 Feb 2006 16:00:00 +0100
| Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1) breezy-security; urgency=low
* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/1.8.1.2):
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks
* security/nss/lib/freebl/unix_rand.c: drop no-netstat on linux patch, as
this is now dealt with by #ifdef DO_NETSTAT
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapt to
changes in underlying codebase
* security/coreconf/rules.mk: some ppc64 code has been applied upstream;
dropping our patch.
-- Alexander Sack <email address hidden> Wed, 21 Jan 2007 18:00:00 +0100
| Superseded in feisty-release |
firefox (2.0.0.2+1-0ubuntu1) feisty; urgency=low
* new upstream release 2.0.0.2
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/1.8.1.2):
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks
| Superseded in feisty-release |
firefox (2.0.0.1+1-0ubuntu1) feisty; urgency=low
* repackage with new upstream mozilla.org and split up patches
into distinct feature patches available at
http://people.ubuntu.com/~asac/firefox-patches/
* make use of original source tarball as distributed from
ftp.mozilla.org
* debian/rules: use --enable-official-branding to produce
official firefox branding; remove icons in debian/ dir;
add more garbage cleanup
* debian/firefox.links: /usr/share/pixmaps/firefox.png and
usr/share/pixmaps/mozilla-firefox.png now link to
usr/share/firefox/icons/mozicon128.png
* drop FeedWriter.js patch, no rational available.
* xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp,
xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp,
xpcom/reflect/xptcall/src/md/unix/Makefile.in,
xpcom/reflect/xptcall/src/md/unix/xptcinvoke_mips.cpp,
xpcom/reflect/xptcall/src/md/unix/xptcinvoke_asm_mips.s,
xpcom/reflect/xptcall/src/md/unix/xptcstubs_linux_m68k.cpp,
xpcom/reflect/xptcall/src/md/unix/xptcinvoke_asm_parisc_linux.s,
xpcom/reflect/xptcall/src/md/unix/xptcstubs_asm_parisc_linux.s,
xpcom/reflect/xptcall/src/md/unix/xptcstubs_asm_mips.s,
configure.in, config/rules.mk, security/coreconf/Linux.mk:
drop debian architecture patches for
not ubuntu platforms
* debian/control: taking over maintainership
* configure.in: update hidden visibility patch from bugzilla
* configure.in: drop
* Makefile.in: drop explicit export of nss as build system is not
broken anymore
* browser/app/Makefile.in: drop linker tweaks for now.
* browser/app/profile/firefox.js: drop override for homepage
* browser/locales/en-US/chrome/branding/brand.properties: drop further
branding hacks not needed anymore
* browser/components/search/nsSearchService.js: drop not needed
official browser hacks
* prefs-size.diff: removed garbage file from source
-- Alexander Sack <email address hidden> Wed, 15 Feb 2007 23:15:00 +0100
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1) dapper-security; urgency=low
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Regression
fix for crashes on auto-filling forms without usernames (Closes LP#77859).
-- Kees Cook <email address hidden> Fri, 26 Jan 2007 09:14:16 -0800
| Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1) breezy-security; urgency=low
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Regression
fix for crashes on auto-filling forms without usernames (Closes LP#77859).
-- Kees Cook <email address hidden> Fri, 26 Jan 2007 10:36:49 -0800
| Superseded in feisty-release |
firefox (2.0.0.1+0dfsg-0ubuntu2) feisty; urgency=low
* Build using hunspell instead of myspell.
- debian/control: Build-depend on libhunspell-dev instead of libmyspell-dev.
- config/autoconf.mk.in: Add MOZ_MYSPELL_CFLAGS.
- extensions/spellcheck/myspell/src/Makefile.in: Use MOZ_MYSPELL_CFLAGS.
- extensions/spellcheck/myspell/src/mozMySpell.h: Include hunspell.cxx
instead of myspell.cxx.
- configure.in, configure: Overwrite myspell detection with hunspell.
-- Matthias Klose <email address hidden> Thu, 18 Jan 2007 11:57:14 +0000
| Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.5.10) breezy-security; urgency=low
* New upstream security update:
- CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption.
-- Kees Cook <email address hidden> Tue, 2 Jan 2007 11:30:36 -0800
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.6.06) dapper-security; urgency=low
* New upstream security update:
- CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption.
-- Kees Cook <email address hidden> Tue, 2 Jan 2007 11:23:28 -0800
| Superseded in edgy-security |
firefox (2.0.0.1+0dfsg-0ubuntu0.6.10) edgy-security; urgency=low
* New upstream security update:
- CVE-2006-6507, MFSA 2006-76: XSS using outer window's Function object.
- CVE-2006-6506, MFSA 2006-75: RSS Feed-preview referrer leak.
- CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption.
* debian/rules: restore original icons (Closes LP#68180).
-- Kees Cook <email address hidden> Wed, 20 Dec 2006 17:55:02 -0800
| Superseded in feisty-release |
firefox (2.0.0.1+0dfsg-0ubuntu1) feisty; urgency=low
* New upstream security update:
- CVE-2006-6507, MFSA 2006-76: XSS using outer window's Function object.
- CVE-2006-6506, MFSA 2006-75: RSS Feed-preview referrer leak.
- CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption.
* debian/rules: use original upstream icons (Closes LP#68180).
* debian/debsearch.src: make feisty the default debsearch target.
* browser/base/content/utilityOverlay.js: change Launchpad translation/help
pages for Feisty.
-- Kees Cook <email address hidden> Thu, 21 Dec 2006 09:51:22 -0800
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.8-0ubuntu0.6.06) dapper-security; urgency=low
* New upstream security update:
- CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
- CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
- CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
evidence of memory corruption.
-- Martin Pitt <email address hidden> Tue, 14 Nov 2006 19:45:44 +0000
| Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.8-0ubuntu0.5.10) breezy-security; urgency=low
* New upstream security update:
- CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
- CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
- CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
evidence of memory corruption.
-- Martin Pitt <email address hidden> Tue, 14 Nov 2006 18:20:10 -0800
firefox (2.0+0dfsg-0ubuntu3) edgy; urgency=low
* Patch from upstream CVS to fix RSS preview/subscription, thanks to Mike
Connor and Martin Jürgens (Closes: LP#61182)
-- Matt Zimmerman <email address hidden> Mon, 23 Oct 2006 10:20:25 +0100
| Superseded in edgy-release |
firefox (2.0+0dfsg-0ubuntu2) edgy; urgency=low * uudecode debsearch.gif too. Fixes FTBFS * Make edgy the default debsearch target. Closes: Malone: #61687 -- Tollef Fog Heen <email address hidden> Mon, 23 Oct 2006 08:52:11 +0200
| Superseded in edgy-release |
firefox (2.0+0dfsg-0ubuntu1) edgy; urgency=low
* Bump version to 2.0 (no upstream changes from rc3)
* browser/components/search/nsSearchService.js
- Set MOZ_OFFICIAL to "official", distributionID to "com.ubuntu"
* debian/branding: new subdirectory with images
* debian/rules:
- build: uudecode and substitute images in source tree, use debian/branding/icon64.png
instead of debian/firefox.png
- clean: restore images in source tree, remove uudecoded versions
-- Matt Zimmerman <email address hidden> Fri, 20 Oct 2006 15:56:42 -0700
| Superseded in edgy-release |
firefox (1.99+2.0rc3+dfsg-0ubuntu1) edgy; urgency=low
* New upstream version 2.0rc3, UVF exception approved by Matt Zimmerman.
* configure: Fix bashism to let the gcc visibility=hidden bug detection
work.
* configure{,.in}: Change MOZ_APP_DISPLAYNAME from 'BonEcho' to 'Firefox' to
make UserAgent string work with web sites which evaluate it.
* browser/base/content/utilityOverlay.js: Open the Launchpad
translation/help pages for Edgy, not Dapper.
* For the sake of automatic vulnerability tracking: All 1.5.0.x and earlier
vulnerabilities were fixed in the 2.0 branch as well:
CVE-2005-0752 CVE-2005-1531 CVE-2005-1532 CVE-2005-2114 CVE-2006-0749
CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735
CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740
CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CVE-2006-2775 CVE-2006-2776
CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782
CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787
CVE-2006-2788 CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802
CVE-2006-3803 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808
CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812 CVE-2006-4253
CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568
CVE-2006-4569 CVE-2006-4571
-- Martin Pitt <email address hidden> Thu, 19 Oct 2006 09:28:15 +0200
| Superseded in edgy-release |
firefox (1.99+2.0rc2+dfsg-0ubuntu3) edgy; urgency=low
* debian/firefox-runner: Disable Pango if a Sinhala locale is present. LP
66270.
-- Colin Watson <email address hidden> Sun, 15 Oct 2006 20:29:26 +0100
| Superseded in edgy-release |
firefox (1.99+2.0rc2+dfsg-0ubuntu2) edgy; urgency=low
* Delete /usr/lib/firefox/components/compreg.dat in the postinst.
This is a partial workaround for LP 30791.
-- Ian Jackson <email address hidden> Thu, 12 Oct 2006 12:19:11 +0100
| Superseded in edgy-release |
firefox (1.99+2.0rc2+dfsg-0ubuntu1) edgy; urgency=low
* New upstream version 2.0rc2.
* Fix/workaround for epiphany GtkSocket lifetype crash:
apply patch id=241087 from Mozilla Bugzilla #241535 to fix LP #63814.
* Change application name to `Firefox', as requested by mdz.
Files changed:
- browser/locales/en-US/chrome/branding/brand.dtd
- browser/locales/en-US/chrome/branding/brand.properties;
New values:
- brandShortName and brandFullName: `Bon Echo' => `Firefox'
- vendorShortName: `Mozilla' => `Ubuntu'
* Make preferences dialogue fit again (bah!).
-- Ian Jackson <email address hidden> Tue, 10 Oct 2006 18:49:32 +0100
| Superseded in edgy-release |
firefox (1.99+2.0b2+dfsg-1ubuntu3) edgy; urgency=low
* Remove /usr/lib/mozilla-thunderbird from the LD_LIBRARY_PATH
if we find it there. Workaround for LP 57923.
* Remove pocket name (eg `-security') from distribution identifier in
the browser user agent string. LP 55289.
-- Ian Jackson <email address hidden> Tue, 3 Oct 2006 19:01:34 +0100
| Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.7-0ubuntu5.10.3) breezy-security; urgency=low
* Backported Firefox 1.5 to Breezy for security support,
using new upstream version 1.5.0.7 (tarball from Debian).
* Removed references to FC_ANY_METRICS.
* libnspr and libnss packages not shipped from here in Breezy; leave
those libraries in /usr/lib/firefox and adjust .pc files accordingly.
* Do not provide firefox-dbg.
* Completely disable `mstone' homepage override feature.
-- Ian Jackson <email address hidden> Tue, 26 Sep 2006 13:05:42 +0100
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.7-ubuntu0.6.06) dapper-security; urgency=low
* New upstream security update:
- MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
(rv:1.8.0.7)
- MFSA 2006-62, CVE-2006-4569: Popup-blocker cross-site scripting (XSS)
- MFSA 2006-61, CVE-2006-4568: Frame spoofing using document.open()
- MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
- MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
- MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
spoofing
- MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
Heap Corruption
-- Martin Pitt <email address hidden> Thu, 21 Sep 2006 07:16:32 +0000
| Superseded in edgy-release |
firefox (1.99+2.0b2+dfsg-1ubuntu2) edgy; urgency=low
* Ship xpidl et al, in firefox-dev. Relates to Debian #362190.
Fixes Malone #61160.
-- Ian Jackson <email address hidden> Thu, 21 Sep 2006 16:33:50 +0100
| Superseded in edgy-release |
firefox (1.99+2.0b2+dfsg-1ubuntu1) edgy; urgency=low
* Merged from Debian unstable; new upstream version.
* Remaining differences between
Debian and Ubuntu in no particular order:
- Build libnspr and libnss and corresponding -dev packages from this
source package. Plus changes to make these libs build nicely.
- Various changes to preferences, default bookmarks and search engines.
- Support for `Get Help Online' and `Translate This Application'.
- Size changes for various dialogue boxes to make the contents fit.
- Downloads go to separate `Desktop' folder by default.
- Fix some underquoted m4 arguments.
- Minor changes in directories, symlinks and debian/control
to cope with Ubuntu and Debian's different histories.
- disable File / Import (wizard is nonfunctional).
Malone #28563, Debian #350599, Mozilla Bugzilla 117844.
- Change `Latest Headlines' to `Latest BBC Headlines' to properly
disclose the source up front, and use a corresponding RSS URL.
- Default for FIREFOX_DSP is none.
- Pango support is enabled only if an installed locale seems to need
it.
- Note in README.Debian about how to run xpcshell.
- Disable xprint.
- No build dependency on libxp-dev; build-depend on zip instead.
- Various icon changes.
- Some currently-unused directory merging code in firefox.preinst.
- Less detail in the user agent string.
- Belt-and-braces removal for some cruft left over by some versions of
the Mozilla build system.
- Better firefox.menu entry (says `Firefox Web Browser').
- Build dynamically linked, since in Ubuntu embedders use firefox.
- EbmedWindow::GetVisibility bugfix, Malone 40320, upstream 312998.
- Pass FC_ANY_METRICS to Fontconfig where appropriate.
- Extensive Thai language patch.
- Print in serif by default even though default display is sans.
- Some fixes to the (upstream-unused) nss makefiles.
- Strip PostScript/ from printer names.
- Better message about updates of read-only extension.
- Include pointer to the Gecko Runtime (GRE registration).
- Prevent websites from disabling context menus.
All of these changes are fully documented in the changelog below.
Please see those changelog entries for full details. Much historical
information about changes either taken up by Debian or upstream, or
dropped by us, is retained in this changelog.
-- Ian Jackson <email address hidden> Wed, 13 Sep 2006 16:40:06 +0100
| Superseded in edgy-release |
firefox (1.99+2.0b1+dfsg-1ubuntu3) edgy; urgency=low
* Remove `Breaks' again; experience shows that we need proper support in
apt before deploying this.
-- Ian Jackson <email address hidden> Fri, 18 Aug 2006 11:46:20 +0100
| Superseded in edgy-release |
firefox (1.99+2.0b1+dfsg-1ubuntu2) edgy; urgency=low
* Put libfreebl3 in /usr/lib, not /usr/lib/firefox;
it's part of libnss3. This fixes Malone #56202.
* Disable main menu File / Import again; it seems that the Organise
Bookmarks import is going to be fixed and not the main menu one.
(See Mozilla Bugzilla #347956, #117844; Debian #350599.)
* Remove default theme setting; this can now be done by the
theme package creating another *.js file in /etc/firefox/pref.
This means we don't need to depend on firefox-themes-ubuntu.
(We Break older versions of firefox-themes-ubuntu.)
* Relax version dependency from firefox to libnss and libnspr,
since these remain largely binary compatible.
-- Ian Jackson <email address hidden> Mon, 14 Aug 2006 17:03:25 +0100
| Superseded in edgy-release |
firefox (1.99+2.0b1+dfsg-1ubuntu1) edgy; urgency=low
* Merge from debian unstable. Remaining differences between
Debian and Ubuntu in no particular order:
- Build libnspr and libnss and corresponding -dev packages from this
source package. Plus changes to make these libs build nicely.
- Various changes to preferences, default bookmarks and search engines.
- Support for `Get Help Online' and `Translate This Application'.
- Size changes for various dialogue boxes to make the contents fit.
- Downloads go to separate `Desktop' folder by default.
- Fix some underquoted m4 arguments.
- Minor changes in directories and symlinks to cope with Ubuntu and
Debian's different histories.
- Default for FIREFOX_DSP is none.
- Pango support is enabled only if an installed locale seems to need
it.
- No build dependency on libxp-dev; build-depend on zip instead.
- Note in README.Debian about how to run xpcshell.
- Various icon changes.
- Polish translation in firefox.desktop. Debian #382079, Malone 45447.
- Do not attempt to run firefox for webdav URLs (firefox.desktop).
- Use the new Human theme from firefox-themes-ubuntu, by default.
- Better firefox.menu entry (says `Firefox Web Browser').
- Some currently-unused directory merging code in firefox.preinst.
- Use GNOME MIME program registry (nsMIMEInfoUnix etc.)
- Less detail in the user agent string.
- Disable xprint.
- Belt-and-braces removal for some cruft left over by some versions of
the Mozilla build system.
- Include pointer to the Gecko Runtime (GRE registration).
- EbmedWindow::GetVisibility bugfix, Malone 40320, upstream 312998.
- Pass FC_ANY_METRICS to Fontconfig where appropriate.
- Extensive Thai language patch.
- Print in serif by default even though default display is sans.
- Prevent websites from disabling context menus.
- Some fixes to the (upstream-unused) nss makefiles.
- Strip PostScript/ from printer names.
- Better message about updates of read-only extension.
All of these changes are fully documented in the changelog below.
Please see those changelog entries for full details. Much historical
information about changes either taken up by Debian or upstream, or
dropped by us, is retained in this changelog.
-- Ian Jackson <email address hidden> Tue, 8 Aug 2006 19:02:51 +0100
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.5-0ubuntu6.06.1) dapper-security; urgency=low
* Fix to non-HTTP loading of <object ...>'s (eg, streaming media
files). Mozilla Bugzilla #346167. Expected to be the sole
change in Firefox upstream 1.5.0.6.
-- Ian Jackson <email address hidden> Mon, 31 Jul 2006 13:55:56 +0100
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.5-0ubuntu6.06) dapper-security; urgency=low
* New upstream version 1.5.0.5, `security and stability fixes'.
- MFSA 2006-44, CVE-2006-3801: Code execution through deleted frame
reference [does not affect 1.0]
- MFSA 2006-45, CVE-2006-3677: Javascript navigator Object
Vulnerability [does not affect 1.0]
- MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous
events [does not affect 1.0]
- MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked
across domains [does not affect 1.0]
- MFSA 2006-48, CVE-2006-3803: JavaScript new Function race
condition [does not affect 1.0]
- MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine
vulnerabilities
- MFSA 2006-51, CVE-2006-3807: Privilege escalation using
named-functions and redefined "new Object()"
- MFSA 2006-52, CVE-2006-3808: PAC privilege escalation using
Function.prototype.call
- MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege
escalation
- MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper
(window).Function(...) [does not affect 1.0]
- MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory
corruption (rv:1.8.0.5)
- MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote
content
* The above includes upstream's different fixes for Malone 45395's
two crashing bugs in nsCopySupport.cpp and nsHTMLFormatConverter.cpp.
* Reran autoconf2.13.
-- Ian Jackson <email address hidden> Thu, 27 Jul 2006 12:13:37 +0100
| Superseded in breezy-security |
firefox (1.0.8-0ubuntu5.10.1) breezy-security; urgency=low
Security fix from Eric Dorland:
* content/xul/templates/src/nsXULContentUtils.cpp,
content/xul/templates/src/nsXULSortService.cpp: A couple of patches
from Alexander Sack to fix regressions caused by the previous security
fixes.
All security fixes prepared by Alexander Sack:
* js/src/jsfun.c, js/src/jsinterp.c,
netwerk/base/src/nsProxyAutoConfig.js: Fix for CVE-2006-2787, aka
mfsa2006-31.
* netwerk/protocol/http/src/nsHttp.cpp,
netwerk/protocol/http/src/nsHttp.h,
netwerk/protocol/http/src/nsHttpChannel.cpp,
netwerk/protocol/http/src/nsHttpHeaderArray.cpp,
netwerk/protocol/http/src/nsHttpTransaction.cpp: Fix for
CVE-2006-2786, aka mfsa2006-33.
* browser/base/content/browser.js,
xpfe/browser/resources/content/nsBrowserStatusHandler.js,
xpfe/communicator/resources/content/nsContextMenu.js,
xpfe/communicator/resources/content/utilityOverlay.js: Fix for "XSS
viewing javascript: frames or images from context menu", CVE-2006-2785
aka mfsa2006-34.
* content/xul/document/src/nsXULDocument.cpp,
content/xul/templates/src/nsXULContentUtils.cpp,
content/xul/templates/src/nsXULContentUtils.h,
content/xul/templates/src/nsXULSortService.cpp: Fix for "Privilege
escalation through XUL persist", CVE-2006-2775 aka mfsa2006-35.
* caps/src/nsScriptSecurityManager.cpp: Fix for "PLUGINSPAGE privileged
JavaScript execution II", CVE-2006-2784 aka mfsa2006-36.
* dom/src/base/nsDOMClassInfo.cpp, dom/src/base/nsGlobalWindow.cpp: Fix
for "Remote compromise via content-defined setter on object
prototypes", CVE-2006-2776 aka mfsa2006-37.
* security/manager/ssl/src/nsCrypto.cpp: Fix for "Buffer overflow in
crypto.signText()", CVE-2006-2778 aka mfsa2006-38.
* browser/base/content/contentAreaUtils.js,
caps/src/nsScriptSecurityManager.cpp: Fix for ""View Image" local
resource linking (Windows)", CVE-2006-1942 aka mfsa2006-39.
* content/html/content/public/Makefile.in,
content/html/content/public/nsIFileControlElement.h,
content/html/content/src/nsHTMLInputElement.cpp,
content/shared/public/nsHTMLAtomList.h,
layout/html/forms/src/nsFileControlFrame.cpp,
layout/html/forms/src/nsFileControlFrame.h: Fix for "File stealing by
changing input type (variant)", CVE-2006-2782 aka mfsa2006-41.
* intl/uconv/src/nsUTF8ToUnicode.cpp, intl/uconv/src/nsUTF8ToUnicode.h:
Fix for " Web site XSS using BOM on UTF-8 pages", CVE-2006-2783 aka
mfsa2006-42.
* modules/libpref/src/init/all.js: Fix for "Privilege escalation using
addSelectionListener", CVE-2006-2777 aka mfsa2006-43.
* content/base/public/nsContentUtils.h,
content/base/src/nsContentUtils.cpp,
content/xul/templates/src/nsXULTreeBuilder.cpp,
layout/xul/base/src/tree/public/nsITreeView.idl,
layout/xul/base/src/tree/src/nsTreeBoxObject.cpp,
layout/xul/base/src/tree/src/nsTreeContentView.h,
content/base/src/nsDocument.cpp, layout/xul/base/src/nsBoxObject.cpp,
content/html/document/src/nsHTMLContentSink.cpp, js/src/jsstr.c,
content/xbl/src/nsXBLProtoImplProperty.cpp: Various patches for
CVE-2006-2779 and CVE-2006-2780 aka mfsa2006-32. Note that this fix is
incomplete, and is missing the fixes from bz#324918, bz#325730 and
bz#329982
-- Ian Jackson <email address hidden> Mon, 24 Jul 2006 11:56:36 +0100
| Superseded in edgy-release |
firefox (1.5.dfsg+1.5.0.4-1ubuntu2) edgy; urgency=low
* Use the new Human theme from firefox-themes-ubuntu.
* Use .orig.tar.gz and .diff.gz format not native format.
(strange; the MoM buildpackage rune seems to have got it wrong).
-- Ian Jackson <email address hidden> Fri, 7 Jul 2006 19:02:51 +0100
| Superseded in edgy-release |
firefox (1.5.dfsg+1.5.0.4-1ubuntu1) edgy; urgency=low
* Merge from debian unstable. Remaining differences between
Debian and Ubuntu in no particular order:
- Build libnspr and libnss and corresponding -dev packages from this
source package. Plus changes to make these libs build nicely.
- Various changes to preferences, default bookmarks and search engines.
- Default for FIREFOX_DSP is none.
- Slightly different handling of some firefox-runner command line
options (eg, -ProfileManager).
- Note in README.Debian about how to run xpcshell.
- Pango support is enabled only if an installed locale seems to need
it.
- Support for `Get Help Online' and `Translate This Application'.
- Size changes for various dialogue boxes to make the contents fit.
- Downloads go to separate `Desktop' folder by default.
- Fix some underquoted m4 arguments.
- Thai-related crash fix (Malone 45395).
- No build dependency on libxp-dev.
- DOM Inspector is not a separate package.
- Various icon changes.
- Polish translation for firefox.desktop.
- Do not attempt to run firefox for webdav URLs (firefox.desktop).
- Better firefox.menu entry (says `Firefox Web Browser').
- Minor changes in directories and symlinks to cope with Ubuntu and
Debian's different histories.
- Use update-notifier to ask user to restart firefox.
- Some currently-unused directory merging code in firefox.preinst.
- Use GNOME MIME program registry (nsMIMEInfoUnix etc.)
- Less detail in the user agent string.
- Belt-and-braces removal for some cruft left over by some versions of
the Mozilla build system.
- EbmedWindow::GetVisibility bugfix.
- Pass FC_ANY_METRICS to Fontconfig where appropriate.
- Extensive Thai language patch.
- Print in serif by default even though default display is sans.
- Prevent websites from disabling context menus.
- Strip CUPS from printer names.
- Better message about updates of read-only extension.
- Fix: do not crash if htmlConverter->Convert fails.
All of these changes are fully documented in the changelog below.
Please see those changelog entries for full details.
| Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.4-0ubuntu6.06) dapper-security; urgency=low
* New upstream version, 1.5.0.4, security/stability fixes
from upstream. This is known to include the following security fixes:
- MFSA 2006-43, CVE-2006-2777: Privilege escalation using
addSelectionListener
- MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8
pages
- MFSA 2006-41, CVE-2006-2782: File stealing by changing input
type (variant)
- MFSA 2006-38, CVE-2006-2778: Buffer overflow in
crypto.signText()
- MFSA 2006-37, CVE-2006-2776: Remote compromise via
content-defined setter on object prototypes
- MFSA 2006-36, CVE-2006-2784: PLUGINSPAGE privileged JavaScript
execution 2
- MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL
persist
- MFSA 2006-34, CVE-2006-2785: XSS viewing javascript: frames or
images from context menu
- MFSA 2006-33, CVE-2006-2786: HTTP response smuggling
- MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with
potential memory corruption
- MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy
Autoconfig, Greasemonkey)
- CVE-2006-2788: Double memory free in nsIX509::getRawDER when
called from JavaScript (Mozilla bug #321598)
This package is based on Debian's firefox_1.5.dfsg+1.5.0.4.orig.tar.gz
but has none of the corresponding Debian changes.
-- Ian Jackson <email address hidden> Tue, 6 Jun 2006 14:32:13 +0100
firefox (1.5.dfsg+1.5.0.3-0ubuntu3) dapper; urgency=low
* Thai-related crash fix (Malone 45395):
- nsCopySupport.cpp, nsCopySupport::HTMLCopy:
do not crash if htmlConverter->Convert fails.
- nsHTMLFormatConverter.cpp, nsHTMLFormatConverter::Convert:
properly report failure if dataStr.IsEmpty.
- nsJISx4501LineBreaker.cpp: fix printf(stderr -> fprintf.
* Add Polish translation for firefox.desktop (Malone 45447).
Thanks to contribution from Tomasz Dominikowski.
* Do not attempt to merge /usr/lib/mozilla-firefox and /usr/lib/firefox
and make the former a link to the latter; this is unfortunately
error-prone and makes more problems than it solves.
Fixes Malone 44487; regresses the plugins directory confusion bug.
* Include MFSA and CVE numbers in changelog entry for 1.5.dfsg-1.
-- Ian Jackson <email address hidden> Tue, 23 May 2006 17:45:30 +0100
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.3-0ubuntu2) dapper; urgency=low
* Fix memory leak in large clipboard handling. Malone 41093.
Mozilla Bugzilla 289897; applied attachments 218749, 218753.
* Provide symlink /usr/lib/mozilla-firefox -> /usr/lib/firefox
(and shuffle stuff across if both directories exist).
* Remove update-notifier `restart required' on removal so that if you
remove firefox you're no longer asked to restart it. Malone 36739.
* Increase size of prefs window explicitly. Malone 43528.
* Suppress the error if /var/lib/locales/supported.d/* can't be read
(probably because it doesn't exist). If you get EIO or EACCES or some
such then having pango mysteriously disabled will be the least of your
worries. Malone 44016.
* Really use firefox_1.5.dfsg+1.5.0.3.orig.tar.gz from Debian.
-- Ian Jackson <email address hidden> Fri, 12 May 2006 19:20:30 +0100
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.3-0ubuntu1) dapper; urgency=low
* New upstream version, 1.5.0.3, security/stability fix from upstream:
MFSA 2006-30, CVE-2006-1993: Deleted
object reference when designMode="on"
This package is based on Debian's firefox_1.5.dfsg+1.5.0.3.orig.tar.gz
but has none of the corresponding Debian changes.
-- Ian Jackson <email address hidden> Wed, 10 May 2006 12:13:30 +0100
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.2-0ubuntu2) dapper; urgency=low
* Increase sizes of various dialogue boxes so that all of the contents
fit. Malone 26225, 36985, and probably others.
* Set MOZ_DISABLE_PANGO=1 to disable pango, unless some locale is
selected as supported which would need pango for rendering; the
default can be overridden by setting MOZ_DISABLE_PANGO to 0 or 1.
Malone 32561 (workaround).
* Use update-notifier to request a firefox restart. Malone 36739.
* Added Spanish translation to firefox.desktop.
Malone 39972. Thanks to Rocco Stanzione for the patch.
* Add a couple of missing trailing newlines.
Malone 39972 again. Thanks Rocco Stanzione for the report.
* EbmedWindow::GetVisibility bugfix, Malone 40320, upstream 312998,
thanks to chpe for the patch and discussion.
* Add FC_ANY_METRICS set to FcTrue to all patterns that are going to be
used for finding (rather than enumerating) fonts. Malone 42559.
-- Ian Jackson <email address hidden> Tue, 2 May 2006 18:59:32 +0100
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.2-0ubuntu1) dapper; urgency=low
* New upstream version, 1.5.0.2.
Described as `stability and security fixes' by upstream but many
changes are included and producing a complete list is infeasible :-(.
Fixes are known to be included for:
- MFSA 2006-29, CVE-2006-1725: Spoofing with translucent windows
- MFSA 2006-28, CVE-2006-1726: Security check of
js_ValueToFunctionObject() can be circumvented
- MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
Vulnerability
- MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
- MFSA 2006-24, CVE-2006-1728: Privilege escalation using
crypto.generateCRMFRequest
- MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
- MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
Vulnerability
- MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531,
CVE-2006-1723, CVE-2006-1724: Crashes with evidence of memory
corruption.
This package is based on Debian's firefox_1.5.dfsg+1.5.0.2.orig.tar.gz
but has none of the corresponding Debian changes.
| Superseded in breezy-security |
firefox (1.0.8-0ubuntu5.10) breezy-security; urgency=low
* New upstream release which fixes the following vulnerabilities:
- MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
- MFSA 2006-24, CVE-2006-1728: Privilege escalation using
crypto.generateCRMFRequest
- MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
- MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
Vulnerability
- MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
- MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17, CVE-2006-1732: cross-site scripting through
window.controllers
- MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
valueOf.call()
- MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
function's cloned parent
- MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
- MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save Image
As..."
- MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security
warning dialog)
- MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
- MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
handlers
- MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
XULDocument.persist()
- MFSA 2006-03, CVE-2005-4134: Long document title causes startup denial
of Service
- MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
-- Martin Pitt <email address hidden> Tue, 18 Apr 2006 11:59:52 +0200
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu12) dapper; urgency=low
* Sponsored upload for Theppitak Karoonboonyanan
* Updated Thai word breaking patch:
- load `libthai.so.0' instead of `libthai.so'.
- print debug message only when DEBUG is defined.
- debian/control: Suggests libthai0
-- Michael Vogt <email address hidden> Thu, 13 Apr 2006 13:25:14 +0200
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu11) dapper; urgency=low
* Fix silly lack of [ ] quoting in AC_DEFUN use.
Malone 36659, Mozilla bugzilla 298457.
* Make Preferences window not chop off various elements:
- specify a width of 50em instead of 42em
- do not specify a height
- add another <separator/> to the bottom of privacy.xul's prefpane.
I have no idea why this is necessary :-(.
Malone 36985.
* Fix broken UTF-8 in .desktop file (again). Malone 37779.
* Document how to use xpcshell in README.Debian. Malone 35333.
* Clarify updateReadOnlyMessage to refer to `system package manager'
which will help the misunderstanding in Malone 31284.
-- Ian Jackson <email address hidden> Wed, 12 Apr 2006 17:18:52 +0100
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu10) dapper; urgency=low
* Generate `firefox-dbg' package with debugging symbols.
This involves changing debian/compat to 5, which should be safe.
* Fix Norwegian translation in firefox.desktop. (Malone 30603.)
* Fix trivial syntax problems in firefox.desktop. (Malone 33567.)
* Remove x-directory/webdav x-directory/webdav-prefer-directory
from MimeType list in desktop file. (Malone 35928.)
* Use `about.png.upstream' instead of `about.png.orig' is the saved
original version for the branding; *.orig tends to get clobbered.
-- Ian Jackson <email address hidden> Fri, 24 Mar 2006 18:49:46 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu9) dapper; urgency=low * added thai linebreaking support (thanks to Theppitak Karoonboonyanan) -- Michael Vogt <email address hidden> Tue, 14 Mar 2006 15:16:52 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu8) dapper; urgency=low
* debian/rules:
- renamed the idl directory to match the .pc name,
replace mozilla-firefox by firefox for firefox-config too
-- Sebastien Bacher <email address hidden> Mon, 13 Mar 2006 15:12:43 +0100
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu7) dapper; urgency=low
* Pointing the .pc files to /usr/include/firefox is not enough,
better install the headers there too.
-- Matthias Klose <email address hidden> Sat, 11 Mar 2006 17:41:24 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu6) dapper; urgency=low
* Replace Ubuntu Bugzilla bookmark with Launchpad's `Request
support with Ubuntu' ticket creation page. (Malone 28896.)
* Reinstate `Translate This Application' in Help menu, despite the fact
that Launchpad doesn't do this yet - you just get a page saying there
are no translations for Firefox. mdz assures us that this will be
done some time during dapper's service life.
* Make -P, -CreateProfile and -ProfileManager imply sensible
values for -a, and document -a in firefox(1). (Malone 31746.)
* Fix md5sum mismatch which causes spurious conffile prompt on
bookmarks.html.
* Set browser.startup.homepage_override.mstone to ignore,
to avoid the silly thing where the first time after the upgrade,
firefox looks like it has lost your home page because it is so keen to
tell you about the release notes. (Malone 33895.)
* Change `Latest Headlines' to `Latest BBC Headlines' to properly
disclose the source up front, and use a corresponding RSS URL.
* Revert the `you have chosen to open' dialogue, as discussed on
ubuntu-devel.
* Fix firefox-*.pc files to contain correct references to libs and
includes, just like the mozilla-*.pc files. (Malone 34200.)
-- Ian Jackson <email address hidden> Thu, 9 Mar 2006 19:56:58 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu5) dapper; urgency=low
* Disable `Translate This Application' and don't try to have `Get Help
Online' translated because we don't know how to translate firefox:
https://launchpad.net/products/rosetta/+spec/rosetta-firefox-support
-- Ian Jackson <email address hidden> Fri, 24 Feb 2006 14:49:23 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu4) dapper; urgency=low
* Disable (by default) the `you have chosen to open' dialogue box;
instead, we just take the default (which is to open with the
application from the Gnome MIME database). This behaviour is
controlled by browser.helperApps.defaultNoAsk.openFile.
Bookmark, search and translation reference regression fixes:
* Restore `Translate This Application' and `Get Help Online'
* Add Ubuntu and Free Software links back to bookmarks
Bookmark, search and translation references improvements:
* Add Wikipedia to search box.
* Remove `Quick searches' from bookmarks (these just replicate
entries from the search box, and are broken anyway).
* Get rid of README.Ubuntu - the contents are now no longer relevant.
-- Ian Jackson <email address hidden> Thu, 23 Feb 2006 14:44:42 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu3) dapper; urgency=low
* Move /usr/lib/libxpcom*.so etc. back to /usr/lib/firefox; avoids
clashes with other packages (eg mozilla).
* Add rpath setting for /usr/lib/firefox to all .pc files in
firefox-dev. This is suboptimal, but at least it allows programs
which use firefox-dev at compile-time to find firefox's .so's.
* Take some redundant and perhaps privacy-leaking information out
of the default User-Agent (Malone 30677).
-- Ian Jackson <email address hidden> Fri, 10 Feb 2006 17:42:12 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu2) dapper; urgency=low * Fix stupid FTBFS on default.xpm introduced in last upload. * Retrospectively insert CVE numbers into 1ubuntu1 changelog entry.
| Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu1) dapper; urgency=low
Changes since 1.5.dfsg-4ubuntu6:
* New upstream version (1.5.0.1) - security and stability fixes,
allegedly. (About 7000 lines of diff, so not reviewed for Ubuntu.)
* Fix Norwegian translation in .desktop file. (Malone #30603.)
* mkdir /usr/include/mozilla in firefox-dev.preinst to avoid
maintainer script sometimes preventing installation.
* Move the shlibs needed for gtkmozembed to /usr/lib (avoids
need for rpath and nonsense in firefox-gtkmozembed.pc).
* Work around new GNU make braindamage by adding seddery to
security/coreconf/rules.mk.
Expected-permanent differences between Ubuntu and Debian:
* Build nspr and nss for use by all other programs in the distribution
(Packages: libnspr-dev, libnss-dev, libnspr4, libnss3. Fairly main
changes to parts of the build system.) This is so that mozilla
can be in Ubuntu universe.
* Disable xprint. (xprint is not used in Ubuntu.)
* Slightly different arrangements do with with transitional arrangements
related to package renaming from mozilla-firefox-*.
* Removed transitional packages mozilla-firefox-dom-inspector and
mozilla-firefox-gnome-support (not needed in Ubuntu).
* Build firefox-dev; applications which embed a browser in Ubuntu
generally embed Firefox rather than mozilla. This also means that we
build firefox with dynamic linking so that embedders and load ff.
* Debian package search replaced by Ubuntu package search (and defaults
to searching only in dapper, not all releases).
* Changes to various icons (and their installation paths).
* Strip CUPS/ from the front of displayed printer names, since
all printing in Ubuntu is done via CUPS.
Other differences remaining between Ubuntu and Debian:
* debian/rules clean removes various junk left over by the mozilla build
system. (Debian #350616.)
* Exclude libssl3.so from dpkg_shlibdeps as this triggers a bug in
fakeroot on amd64 in Ubuntu.
* Set FIREFOX_DSP=none by default. Will sometimes break sound from eg
Flash. See https://launchpad.net/malone/bugs/29760 for rationale.
(Debian maintainers notified but no bug filed.)
* Append our plugin path to any previous value of MOZ_PLUGIN_PATH.
(Malone 29412. Debian #351806)
* firefox.desktop file has more translations and consistently calls the
application `Firefox Web Browser' (for better UI in the menus - this
change is also in firefox.menu). Debian #351807.
* Default printing command doesn't break if printer name contains
spaces (actually a preference, in all.js). (Debian #351809,
Mozilla Bugzilla #326245).
* security/coreconf/rules.mk adjusted with awful seddery to cope with
GNU make change to POSIXly interpretation of backslash line-joining.
See http://lists.debian.org/debian-devel/2005/12/msg00988.html.
Mozilla Bugzilla #325148.
* security/coreconf/ruleset.mk has a set -e added.
* Use GNOME mime database instead of mailcap. Patch imported from Red
Hat; see debian/gnome-mime-handling.diff.
* Change various preferences:
- Ubuntu-specific default homepage
- Ubuntu-specific release notes
- default homepage can be locale-specific
- middlebutton paste disabled
- do not load a special home page on first start after an upgrade
- disable File / Import (wizard is nonfunctional).
Malone #28563, Debian #350599, Mozilla Bugzilla 117844.
- save files to Desktop by default
- README.Ubuntu file (still rather full of junk)
- Prevent websites disabling the right-button context menu.
- Default font for display is sans, but:
- Default CSS for printing uses a serif font.
| Superseded in dapper-release |
firefox (1.5.dfsg-4ubuntu6) dapper; urgency=low
* Better comment regarding Import Wizard disablement, referring to
upstream (117844) and Debian (350599) bugs.
* Remove obsolete patch from run-mozilla.sh (which we don't use).
* FIREFOX_DSP=none is really the default this time. (See 4ubuntu5; it
turns out that /etc/firefoxrc exists for no good reason and contains
an override for FIREFOX_DSP).
* firefox(1) manpage adjusted wrt FIREFOX_DSP.
* Fix mozilla-nss.pc to refer to mozilla-nspr, not firefox-nspr.
-- Ian Jackson <email address hidden> Mon, 30 Jan 2006 19:15:43 +0000
firefox (1.5.dfsg-4ubuntu5) dapper; urgency=low
* FIREFOX_DSP=none is the default everywhere, since the crashing
problems due to esddsp non-thread-safety appear on i386 too.
This will break sound from Flash in some situations.
See https://launchpad.net/malone/bugs/29760 for the rationale.
* Remove erroneous build-dependency on libxp-dev.
* Append our plugin path to any previous value of MOZ_PLUGIN_PATH.
(Malone 29412.)
* Do not put anything in, or look at, /usr/lib/mozilla and
/usr/include/mozilla. We use /usr/{lib,include}/firefox.
-- Ian Jackson <email address hidden> Fri, 27 Jan 2006 16:40:28 +0000
| Superseded in dapper-release |
firefox (1.5.dfsg-4ubuntu4) dapper; urgency=low
* libnssckbi.so must not be installed in /usr/lib/mozilla, move it to
/usr/lib/firefox; /usr/lib/mozilla is the namespace of the mozilla/
mozilla-browser package; we cannot conflict runtime packages like
libnss3 and mozilla-browser as we do for the -dev packages.
* Current libnss3 replaces older firefox package.
* Set vendor name to Ubuntu.
-- Matthias Klose <email address hidden> Sat, 21 Jan 2006 15:27:01 +0100
| Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu12) dapper; urgency=low
* downloads.js (twice): fix `download manager empty' bug.
(Ubuntu Bugzilla 19927 20450.)
-- Ian Jackson <email address hidden> Thu, 5 Jan 2006 19:20:27 +0000
| Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu10) dapper; urgency=low
* debian/rules:
- fix lack of libnssckbi.so in the directory the firefox browser
expects. (fallout from libnss/libnspr integration changes;
Ubuntu bugzilla 21310).
* debian/rules:
- create a gre.conf (Ubuntu bugzilla 13750).
* mozilla-firefox/include/{nspr,nss} (debian/rules etc.):
- include these directories in firefox-dev, not libnss/libnspr-dev.
- help dpkg with directory/symlink transition.
-- Ian Jackson <email address hidden> Wed, 4 Jan 2006 18:39:15 +0000
| Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu9) dapper; urgency=low
* debian/rules:
- use the correct arguments to call dh_install, install firefox-nspr.pc
-- Sebastien Bacher <email address hidden> Wed, 21 Dec 2005 21:18:46 +0100
| Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu4) dapper; urgency=low
* Applied mozilla-1.7.12-2.src.rpm's firefox-1.0-uriloader.patch
which causes firefox to look first in the Gnome MIME handling registry
(MIME handling is still very wrong).
* Disabled File / Import from main menu since it does not work at all
(Ubuntu bugzilla 10339 still applies; patch brought forward).
* Displayed printer names no longer show `CUPS/' prefix.
(Ubuntu bugzilla 11481 regressed; patch from Breezy enhanced).
* Print command fixed (again) to cope with spaces in printer names.
* Remove incorrect note about Pango from README.Debian.
* Re-fix-up localised startup URLs in en-US region.properties.
* Fix incorrect layout/sizing in Help / About box (a bit hacky).
* Re-forward-port patch to fix printer names with spaces.
* Remove all subdirectories '*.OBJ' during clean.
-- Ian Jackson <email address hidden> Fri, 2 Dec 2005 20:16:18 +0000
| Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu8) dapper; urgency=low
* debian/rules:
- use the same dirty fix for the libnss-dev headers.
-- Matthias Klose <email address hidden> Tue, 20 Dec 2005 18:26:25 +0100
| Obsolete in breezy-release |
firefox (1.0.7-0ubuntu20) breezy; urgency=low * Recompile everything -fno-strict-aliasing. See 17276. -- Ian Jackson <email address hidden> Mon, 10 Oct 2005 11:22:37 +0100
| 1276 → 1341 of 1341 results | First • Previous • Next • Last |
