Change log for firefox package in Ubuntu
1276 → 1341 of 1341 results | First • Previous • Next • Last |
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.11-0ubuntu0.6.06.1) dapper-security; urgency=low * New upstream stability/security release * MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning -- Alexander Sack <email address hidden> Wed, 21 Mar 2007 15:00:00 +0100
Obsolete in breezy-security |
firefox (1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1) breezy-security; urgency=low * New upstream stability and security update * MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning -- Alexander Sack <email address hidden> Sat, 24 Mar 2007 20:00:00 +0100
Superseded in feisty-release |
firefox (2.0.0.3+1-0ubuntu1) feisty; urgency=low * new upstream security/stability update (v2.0.0.3) * MFSA-2006-11 aka CVE-2007-1562: FTP PASV port-scanning * add Report a Bug ... menu entry to Help menu overlay (LP#85041) * gfx/src/gtk/nsFontMetricsXft.cpp: revert not-approved patch bz252033-gtk2-xft-text-clipping-problem, because fix seems to have pretty bad performance overhead. * config/autoconf.mk.in, configure.in, gfx/src/gtk/mozilla-decoder.cpp: revert not-approved patch bz305185-system-pango-fix-for-gtk-2-8, because no longer necessary, upstream bug was duped to https://bugzilla.mozilla.org/show_bug.cgi?id=338446 * xpfe/components/killAll/Makefile.in: revert not-approved patch bz333289-nskillall-not-installed, because its just cruft from old suite and not used for firefox. * debian/control: add depends on libnspr4 to libnss3 (LP#84481)
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2) dapper-security; urgency=low * debian/rules: fix for regression: libfreebl3.so installed in wrong directory after libnss upstream branch switch (LP#89054, LP#88990). add libfreebl3.so to /usr/lib/ in libnss3 package - verified fix for evolution - verified fix for gaim-encryption -- Alexander Sack <email address hidden> Thu, 1 Mar 2007 23:50:00 +0100
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1) dapper-security; urgency=low * New upstream security update: * MFSA2007-01 - Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2): - CVE-2007-0775 - layout engine crashes - CVE-2007-0776 - SVG - CVE-2007-0777 - javascript engine corruption * MFSA2007-02 - Improvements to help protect against Cross-Site Scripting attacks: - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes - CVE-2007-0996 - Child frame character set inheritance - CVE-2006-6077 - Injected password forms * MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache collisions * MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3 hotspot * MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access by opening blocked popups * MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security Services (NSS) SSLv2 buffer overflow * MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname confuse same-domain checks * security/nss/lib/freebl/unix_rand.c: dropping preprocessor condition as an equivalent check has been introduced upstream (#ifndef LINUX -> #ifdef DO_NETSTAT) * security/coreconf/rules.mk: adapted patch to changed upstream code base * security/coreconf/Linux.mk: dropping ppc64 OS_TEST as it has been applied upstream * toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapting patch to updated code-base. -- Alexander Sack <email address hidden> Wed, 21 Feb 2007 18:05:00 -0800
Superseded in edgy-security |
firefox (2.0.0.2+0dfsg-0ubuntu0.6.10) edgy-security; urgency=low * New upstream security update: * MFSA2007-01 - Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2): - CVE-2007-0775 - layout engine crashes - CVE-2007-0776 - SVG - CVE-2007-0777 - javascript engine corruption * MFSA2007-02 - Improvements to help protect against Cross-Site Scripting attacks: - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes - CVE-2007-0996 - Child frame character set inheritance - CVE-2006-6077 - Injected password forms * MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache collisions * MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3 hotspot * MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access by opening blocked popups * MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security Services (NSS) SSLv2 buffer overflow * MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname confuse same-domain checks * browser/app/profile/firefox.js: resolved merge conflict -- Alexander Sack <email address hidden> Sun, 25 Feb 2006 16:00:00 +0100
Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1) breezy-security; urgency=low * New upstream security update: * MFSA2007-01 - Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2): - CVE-2007-0775 - layout engine crashes - CVE-2007-0776 - SVG - CVE-2007-0777 - javascript engine corruption * MFSA2007-02 - Improvements to help protect against Cross-Site Scripting attacks: - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes - CVE-2007-0996 - Child frame character set inheritance - CVE-2006-6077 - Injected password forms * MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache collisions * MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3 hotspot * MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access by opening blocked popups * MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security Services (NSS) SSLv2 buffer overflow * MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname confuse same-domain checks * security/nss/lib/freebl/unix_rand.c: drop no-netstat on linux patch, as this is now dealt with by #ifdef DO_NETSTAT * toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapt to changes in underlying codebase * security/coreconf/rules.mk: some ppc64 code has been applied upstream; dropping our patch. -- Alexander Sack <email address hidden> Wed, 21 Jan 2007 18:00:00 +0100
Superseded in feisty-release |
firefox (2.0.0.2+1-0ubuntu1) feisty; urgency=low * new upstream release 2.0.0.2 * MFSA2007-01 - Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2): - CVE-2007-0775 - layout engine crashes - CVE-2007-0776 - SVG - CVE-2007-0777 - javascript engine corruption * MFSA2007-02 - Improvements to help protect against Cross-Site Scripting attacks: - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes - CVE-2007-0996 - Child frame character set inheritance - CVE-2006-6077 - Injected password forms * MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache collisions * MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3 hotspot * MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access by opening blocked popups * MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security Services (NSS) SSLv2 buffer overflow * MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname confuse same-domain checks
Superseded in feisty-release |
firefox (2.0.0.1+1-0ubuntu1) feisty; urgency=low * repackage with new upstream mozilla.org and split up patches into distinct feature patches available at http://people.ubuntu.com/~asac/firefox-patches/ * make use of original source tarball as distributed from ftp.mozilla.org * debian/rules: use --enable-official-branding to produce official firefox branding; remove icons in debian/ dir; add more garbage cleanup * debian/firefox.links: /usr/share/pixmaps/firefox.png and usr/share/pixmaps/mozilla-firefox.png now link to usr/share/firefox/icons/mozicon128.png * drop FeedWriter.js patch, no rational available. * xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp, xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp, xpcom/reflect/xptcall/src/md/unix/Makefile.in, xpcom/reflect/xptcall/src/md/unix/xptcinvoke_mips.cpp, xpcom/reflect/xptcall/src/md/unix/xptcinvoke_asm_mips.s, xpcom/reflect/xptcall/src/md/unix/xptcstubs_linux_m68k.cpp, xpcom/reflect/xptcall/src/md/unix/xptcinvoke_asm_parisc_linux.s, xpcom/reflect/xptcall/src/md/unix/xptcstubs_asm_parisc_linux.s, xpcom/reflect/xptcall/src/md/unix/xptcstubs_asm_mips.s, configure.in, config/rules.mk, security/coreconf/Linux.mk: drop debian architecture patches for not ubuntu platforms * debian/control: taking over maintainership * configure.in: update hidden visibility patch from bugzilla * configure.in: drop * Makefile.in: drop explicit export of nss as build system is not broken anymore * browser/app/Makefile.in: drop linker tweaks for now. * browser/app/profile/firefox.js: drop override for homepage * browser/locales/en-US/chrome/branding/brand.properties: drop further branding hacks not needed anymore * browser/components/search/nsSearchService.js: drop not needed official browser hacks * prefs-size.diff: removed garbage file from source -- Alexander Sack <email address hidden> Wed, 15 Feb 2007 23:15:00 +0100
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1) dapper-security; urgency=low * toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Regression fix for crashes on auto-filling forms without usernames (Closes LP#77859). -- Kees Cook <email address hidden> Fri, 26 Jan 2007 09:14:16 -0800
Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1) breezy-security; urgency=low * toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Regression fix for crashes on auto-filling forms without usernames (Closes LP#77859). -- Kees Cook <email address hidden> Fri, 26 Jan 2007 10:36:49 -0800
Superseded in feisty-release |
firefox (2.0.0.1+0dfsg-0ubuntu2) feisty; urgency=low * Build using hunspell instead of myspell. - debian/control: Build-depend on libhunspell-dev instead of libmyspell-dev. - config/autoconf.mk.in: Add MOZ_MYSPELL_CFLAGS. - extensions/spellcheck/myspell/src/Makefile.in: Use MOZ_MYSPELL_CFLAGS. - extensions/spellcheck/myspell/src/mozMySpell.h: Include hunspell.cxx instead of myspell.cxx. - configure.in, configure: Overwrite myspell detection with hunspell. -- Matthias Klose <email address hidden> Thu, 18 Jan 2007 11:57:14 +0000
Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.5.10) breezy-security; urgency=low * New upstream security update: - CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution. - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI. - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects. - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point. - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes with evidence of memory corruption. -- Kees Cook <email address hidden> Tue, 2 Jan 2007 11:30:36 -0800
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.6.06) dapper-security; urgency=low * New upstream security update: - CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution. - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI. - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects. - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point. - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes with evidence of memory corruption. -- Kees Cook <email address hidden> Tue, 2 Jan 2007 11:23:28 -0800
Superseded in edgy-security |
firefox (2.0.0.1+0dfsg-0ubuntu0.6.10) edgy-security; urgency=low * New upstream security update: - CVE-2006-6507, MFSA 2006-76: XSS using outer window's Function object. - CVE-2006-6506, MFSA 2006-75: RSS Feed-preview referrer leak. - CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution. - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI. - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects. - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point. - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes with evidence of memory corruption. * debian/rules: restore original icons (Closes LP#68180). -- Kees Cook <email address hidden> Wed, 20 Dec 2006 17:55:02 -0800
Superseded in feisty-release |
firefox (2.0.0.1+0dfsg-0ubuntu1) feisty; urgency=low * New upstream security update: - CVE-2006-6507, MFSA 2006-76: XSS using outer window's Function object. - CVE-2006-6506, MFSA 2006-75: RSS Feed-preview referrer leak. - CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution. - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI. - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects. - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point. - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes with evidence of memory corruption. * debian/rules: use original upstream icons (Closes LP#68180). * debian/debsearch.src: make feisty the default debsearch target. * browser/base/content/utilityOverlay.js: change Launchpad translation/help pages for Feisty. -- Kees Cook <email address hidden> Thu, 21 Dec 2006 09:51:22 -0800
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.8-0ubuntu0.6.06) dapper-security; urgency=low * New upstream security update: - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled. - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant). - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with evidence of memory corruption. -- Martin Pitt <email address hidden> Tue, 14 Nov 2006 19:45:44 +0000
Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.8-0ubuntu0.5.10) breezy-security; urgency=low * New upstream security update: - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled. - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant). - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with evidence of memory corruption. -- Martin Pitt <email address hidden> Tue, 14 Nov 2006 18:20:10 -0800
firefox (2.0+0dfsg-0ubuntu3) edgy; urgency=low * Patch from upstream CVS to fix RSS preview/subscription, thanks to Mike Connor and Martin Jürgens (Closes: LP#61182) -- Matt Zimmerman <email address hidden> Mon, 23 Oct 2006 10:20:25 +0100
Superseded in edgy-release |
firefox (2.0+0dfsg-0ubuntu2) edgy; urgency=low * uudecode debsearch.gif too. Fixes FTBFS * Make edgy the default debsearch target. Closes: Malone: #61687 -- Tollef Fog Heen <email address hidden> Mon, 23 Oct 2006 08:52:11 +0200
Superseded in edgy-release |
firefox (2.0+0dfsg-0ubuntu1) edgy; urgency=low * Bump version to 2.0 (no upstream changes from rc3) * browser/components/search/nsSearchService.js - Set MOZ_OFFICIAL to "official", distributionID to "com.ubuntu" * debian/branding: new subdirectory with images * debian/rules: - build: uudecode and substitute images in source tree, use debian/branding/icon64.png instead of debian/firefox.png - clean: restore images in source tree, remove uudecoded versions -- Matt Zimmerman <email address hidden> Fri, 20 Oct 2006 15:56:42 -0700
Superseded in edgy-release |
firefox (1.99+2.0rc3+dfsg-0ubuntu1) edgy; urgency=low * New upstream version 2.0rc3, UVF exception approved by Matt Zimmerman. * configure: Fix bashism to let the gcc visibility=hidden bug detection work. * configure{,.in}: Change MOZ_APP_DISPLAYNAME from 'BonEcho' to 'Firefox' to make UserAgent string work with web sites which evaluate it. * browser/base/content/utilityOverlay.js: Open the Launchpad translation/help pages for Edgy, not Dapper. * For the sake of automatic vulnerability tracking: All 1.5.0.x and earlier vulnerabilities were fixed in the 2.0 branch as well: CVE-2005-0752 CVE-2005-1531 CVE-2005-1532 CVE-2005-2114 CVE-2006-0749 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CVE-2006-2788 CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812 CVE-2006-4253 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4571 -- Martin Pitt <email address hidden> Thu, 19 Oct 2006 09:28:15 +0200
Superseded in edgy-release |
firefox (1.99+2.0rc2+dfsg-0ubuntu3) edgy; urgency=low * debian/firefox-runner: Disable Pango if a Sinhala locale is present. LP 66270. -- Colin Watson <email address hidden> Sun, 15 Oct 2006 20:29:26 +0100
Superseded in edgy-release |
firefox (1.99+2.0rc2+dfsg-0ubuntu2) edgy; urgency=low * Delete /usr/lib/firefox/components/compreg.dat in the postinst. This is a partial workaround for LP 30791. -- Ian Jackson <email address hidden> Thu, 12 Oct 2006 12:19:11 +0100
Superseded in edgy-release |
firefox (1.99+2.0rc2+dfsg-0ubuntu1) edgy; urgency=low * New upstream version 2.0rc2. * Fix/workaround for epiphany GtkSocket lifetype crash: apply patch id=241087 from Mozilla Bugzilla #241535 to fix LP #63814. * Change application name to `Firefox', as requested by mdz. Files changed: - browser/locales/en-US/chrome/branding/brand.dtd - browser/locales/en-US/chrome/branding/brand.properties; New values: - brandShortName and brandFullName: `Bon Echo' => `Firefox' - vendorShortName: `Mozilla' => `Ubuntu' * Make preferences dialogue fit again (bah!). -- Ian Jackson <email address hidden> Tue, 10 Oct 2006 18:49:32 +0100
Superseded in edgy-release |
firefox (1.99+2.0b2+dfsg-1ubuntu3) edgy; urgency=low * Remove /usr/lib/mozilla-thunderbird from the LD_LIBRARY_PATH if we find it there. Workaround for LP 57923. * Remove pocket name (eg `-security') from distribution identifier in the browser user agent string. LP 55289. -- Ian Jackson <email address hidden> Tue, 3 Oct 2006 19:01:34 +0100
Superseded in breezy-security |
firefox (1.5.dfsg+1.5.0.7-0ubuntu5.10.3) breezy-security; urgency=low * Backported Firefox 1.5 to Breezy for security support, using new upstream version 1.5.0.7 (tarball from Debian). * Removed references to FC_ANY_METRICS. * libnspr and libnss packages not shipped from here in Breezy; leave those libraries in /usr/lib/firefox and adjust .pc files accordingly. * Do not provide firefox-dbg. * Completely disable `mstone' homepage override feature. -- Ian Jackson <email address hidden> Tue, 26 Sep 2006 13:05:42 +0100
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.7-ubuntu0.6.06) dapper-security; urgency=low * New upstream security update: - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption (rv:1.8.0.7) - MFSA 2006-62, CVE-2006-4569: Popup-blocker cross-site scripting (XSS) - MFSA 2006-61, CVE-2006-4568: Frame spoofing using document.open() - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL spoofing - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression Heap Corruption -- Martin Pitt <email address hidden> Thu, 21 Sep 2006 07:16:32 +0000
Superseded in edgy-release |
firefox (1.99+2.0b2+dfsg-1ubuntu2) edgy; urgency=low * Ship xpidl et al, in firefox-dev. Relates to Debian #362190. Fixes Malone #61160. -- Ian Jackson <email address hidden> Thu, 21 Sep 2006 16:33:50 +0100
Superseded in edgy-release |
firefox (1.99+2.0b2+dfsg-1ubuntu1) edgy; urgency=low * Merged from Debian unstable; new upstream version. * Remaining differences between Debian and Ubuntu in no particular order: - Build libnspr and libnss and corresponding -dev packages from this source package. Plus changes to make these libs build nicely. - Various changes to preferences, default bookmarks and search engines. - Support for `Get Help Online' and `Translate This Application'. - Size changes for various dialogue boxes to make the contents fit. - Downloads go to separate `Desktop' folder by default. - Fix some underquoted m4 arguments. - Minor changes in directories, symlinks and debian/control to cope with Ubuntu and Debian's different histories. - disable File / Import (wizard is nonfunctional). Malone #28563, Debian #350599, Mozilla Bugzilla 117844. - Change `Latest Headlines' to `Latest BBC Headlines' to properly disclose the source up front, and use a corresponding RSS URL. - Default for FIREFOX_DSP is none. - Pango support is enabled only if an installed locale seems to need it. - Note in README.Debian about how to run xpcshell. - Disable xprint. - No build dependency on libxp-dev; build-depend on zip instead. - Various icon changes. - Some currently-unused directory merging code in firefox.preinst. - Less detail in the user agent string. - Belt-and-braces removal for some cruft left over by some versions of the Mozilla build system. - Better firefox.menu entry (says `Firefox Web Browser'). - Build dynamically linked, since in Ubuntu embedders use firefox. - EbmedWindow::GetVisibility bugfix, Malone 40320, upstream 312998. - Pass FC_ANY_METRICS to Fontconfig where appropriate. - Extensive Thai language patch. - Print in serif by default even though default display is sans. - Some fixes to the (upstream-unused) nss makefiles. - Strip PostScript/ from printer names. - Better message about updates of read-only extension. - Include pointer to the Gecko Runtime (GRE registration). - Prevent websites from disabling context menus. All of these changes are fully documented in the changelog below. Please see those changelog entries for full details. Much historical information about changes either taken up by Debian or upstream, or dropped by us, is retained in this changelog. -- Ian Jackson <email address hidden> Wed, 13 Sep 2006 16:40:06 +0100
Superseded in edgy-release |
firefox (1.99+2.0b1+dfsg-1ubuntu3) edgy; urgency=low * Remove `Breaks' again; experience shows that we need proper support in apt before deploying this. -- Ian Jackson <email address hidden> Fri, 18 Aug 2006 11:46:20 +0100
Superseded in edgy-release |
firefox (1.99+2.0b1+dfsg-1ubuntu2) edgy; urgency=low * Put libfreebl3 in /usr/lib, not /usr/lib/firefox; it's part of libnss3. This fixes Malone #56202. * Disable main menu File / Import again; it seems that the Organise Bookmarks import is going to be fixed and not the main menu one. (See Mozilla Bugzilla #347956, #117844; Debian #350599.) * Remove default theme setting; this can now be done by the theme package creating another *.js file in /etc/firefox/pref. This means we don't need to depend on firefox-themes-ubuntu. (We Break older versions of firefox-themes-ubuntu.) * Relax version dependency from firefox to libnss and libnspr, since these remain largely binary compatible. -- Ian Jackson <email address hidden> Mon, 14 Aug 2006 17:03:25 +0100
Superseded in edgy-release |
firefox (1.99+2.0b1+dfsg-1ubuntu1) edgy; urgency=low * Merge from debian unstable. Remaining differences between Debian and Ubuntu in no particular order: - Build libnspr and libnss and corresponding -dev packages from this source package. Plus changes to make these libs build nicely. - Various changes to preferences, default bookmarks and search engines. - Support for `Get Help Online' and `Translate This Application'. - Size changes for various dialogue boxes to make the contents fit. - Downloads go to separate `Desktop' folder by default. - Fix some underquoted m4 arguments. - Minor changes in directories and symlinks to cope with Ubuntu and Debian's different histories. - Default for FIREFOX_DSP is none. - Pango support is enabled only if an installed locale seems to need it. - No build dependency on libxp-dev; build-depend on zip instead. - Note in README.Debian about how to run xpcshell. - Various icon changes. - Polish translation in firefox.desktop. Debian #382079, Malone 45447. - Do not attempt to run firefox for webdav URLs (firefox.desktop). - Use the new Human theme from firefox-themes-ubuntu, by default. - Better firefox.menu entry (says `Firefox Web Browser'). - Some currently-unused directory merging code in firefox.preinst. - Use GNOME MIME program registry (nsMIMEInfoUnix etc.) - Less detail in the user agent string. - Disable xprint. - Belt-and-braces removal for some cruft left over by some versions of the Mozilla build system. - Include pointer to the Gecko Runtime (GRE registration). - EbmedWindow::GetVisibility bugfix, Malone 40320, upstream 312998. - Pass FC_ANY_METRICS to Fontconfig where appropriate. - Extensive Thai language patch. - Print in serif by default even though default display is sans. - Prevent websites from disabling context menus. - Some fixes to the (upstream-unused) nss makefiles. - Strip PostScript/ from printer names. - Better message about updates of read-only extension. All of these changes are fully documented in the changelog below. Please see those changelog entries for full details. Much historical information about changes either taken up by Debian or upstream, or dropped by us, is retained in this changelog. -- Ian Jackson <email address hidden> Tue, 8 Aug 2006 19:02:51 +0100
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.5-0ubuntu6.06.1) dapper-security; urgency=low * Fix to non-HTTP loading of <object ...>'s (eg, streaming media files). Mozilla Bugzilla #346167. Expected to be the sole change in Firefox upstream 1.5.0.6. -- Ian Jackson <email address hidden> Mon, 31 Jul 2006 13:55:56 +0100
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.5-0ubuntu6.06) dapper-security; urgency=low * New upstream version 1.5.0.5, `security and stability fixes'. - MFSA 2006-44, CVE-2006-3801: Code execution through deleted frame reference [does not affect 1.0] - MFSA 2006-45, CVE-2006-3677: Javascript navigator Object Vulnerability [does not affect 1.0] - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous events [does not affect 1.0] - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked across domains [does not affect 1.0] - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race condition [does not affect 1.0] - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine vulnerabilities - MFSA 2006-51, CVE-2006-3807: Privilege escalation using named-functions and redefined "new Object()" - MFSA 2006-52, CVE-2006-3808: PAC privilege escalation using Function.prototype.call - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege escalation - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper (window).Function(...) [does not affect 1.0] - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory corruption (rv:1.8.0.5) - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote content * The above includes upstream's different fixes for Malone 45395's two crashing bugs in nsCopySupport.cpp and nsHTMLFormatConverter.cpp. * Reran autoconf2.13. -- Ian Jackson <email address hidden> Thu, 27 Jul 2006 12:13:37 +0100
Superseded in breezy-security |
firefox (1.0.8-0ubuntu5.10.1) breezy-security; urgency=low Security fix from Eric Dorland: * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. All security fixes prepared by Alexander Sack: * js/src/jsfun.c, js/src/jsinterp.c, netwerk/base/src/nsProxyAutoConfig.js: Fix for CVE-2006-2787, aka mfsa2006-31. * netwerk/protocol/http/src/nsHttp.cpp, netwerk/protocol/http/src/nsHttp.h, netwerk/protocol/http/src/nsHttpChannel.cpp, netwerk/protocol/http/src/nsHttpHeaderArray.cpp, netwerk/protocol/http/src/nsHttpTransaction.cpp: Fix for CVE-2006-2786, aka mfsa2006-33. * browser/base/content/browser.js, xpfe/browser/resources/content/nsBrowserStatusHandler.js, xpfe/communicator/resources/content/nsContextMenu.js, xpfe/communicator/resources/content/utilityOverlay.js: Fix for "XSS viewing javascript: frames or images from context menu", CVE-2006-2785 aka mfsa2006-34. * content/xul/document/src/nsXULDocument.cpp, content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULContentUtils.h, content/xul/templates/src/nsXULSortService.cpp: Fix for "Privilege escalation through XUL persist", CVE-2006-2775 aka mfsa2006-35. * caps/src/nsScriptSecurityManager.cpp: Fix for "PLUGINSPAGE privileged JavaScript execution II", CVE-2006-2784 aka mfsa2006-36. * dom/src/base/nsDOMClassInfo.cpp, dom/src/base/nsGlobalWindow.cpp: Fix for "Remote compromise via content-defined setter on object prototypes", CVE-2006-2776 aka mfsa2006-37. * security/manager/ssl/src/nsCrypto.cpp: Fix for "Buffer overflow in crypto.signText()", CVE-2006-2778 aka mfsa2006-38. * browser/base/content/contentAreaUtils.js, caps/src/nsScriptSecurityManager.cpp: Fix for ""View Image" local resource linking (Windows)", CVE-2006-1942 aka mfsa2006-39. * content/html/content/public/Makefile.in, content/html/content/public/nsIFileControlElement.h, content/html/content/src/nsHTMLInputElement.cpp, content/shared/public/nsHTMLAtomList.h, layout/html/forms/src/nsFileControlFrame.cpp, layout/html/forms/src/nsFileControlFrame.h: Fix for "File stealing by changing input type (variant)", CVE-2006-2782 aka mfsa2006-41. * intl/uconv/src/nsUTF8ToUnicode.cpp, intl/uconv/src/nsUTF8ToUnicode.h: Fix for " Web site XSS using BOM on UTF-8 pages", CVE-2006-2783 aka mfsa2006-42. * modules/libpref/src/init/all.js: Fix for "Privilege escalation using addSelectionListener", CVE-2006-2777 aka mfsa2006-43. * content/base/public/nsContentUtils.h, content/base/src/nsContentUtils.cpp, content/xul/templates/src/nsXULTreeBuilder.cpp, layout/xul/base/src/tree/public/nsITreeView.idl, layout/xul/base/src/tree/src/nsTreeBoxObject.cpp, layout/xul/base/src/tree/src/nsTreeContentView.h, content/base/src/nsDocument.cpp, layout/xul/base/src/nsBoxObject.cpp, content/html/document/src/nsHTMLContentSink.cpp, js/src/jsstr.c, content/xbl/src/nsXBLProtoImplProperty.cpp: Various patches for CVE-2006-2779 and CVE-2006-2780 aka mfsa2006-32. Note that this fix is incomplete, and is missing the fixes from bz#324918, bz#325730 and bz#329982 -- Ian Jackson <email address hidden> Mon, 24 Jul 2006 11:56:36 +0100
Superseded in edgy-release |
firefox (1.5.dfsg+1.5.0.4-1ubuntu2) edgy; urgency=low * Use the new Human theme from firefox-themes-ubuntu. * Use .orig.tar.gz and .diff.gz format not native format. (strange; the MoM buildpackage rune seems to have got it wrong). -- Ian Jackson <email address hidden> Fri, 7 Jul 2006 19:02:51 +0100
Superseded in edgy-release |
firefox (1.5.dfsg+1.5.0.4-1ubuntu1) edgy; urgency=low * Merge from debian unstable. Remaining differences between Debian and Ubuntu in no particular order: - Build libnspr and libnss and corresponding -dev packages from this source package. Plus changes to make these libs build nicely. - Various changes to preferences, default bookmarks and search engines. - Default for FIREFOX_DSP is none. - Slightly different handling of some firefox-runner command line options (eg, -ProfileManager). - Note in README.Debian about how to run xpcshell. - Pango support is enabled only if an installed locale seems to need it. - Support for `Get Help Online' and `Translate This Application'. - Size changes for various dialogue boxes to make the contents fit. - Downloads go to separate `Desktop' folder by default. - Fix some underquoted m4 arguments. - Thai-related crash fix (Malone 45395). - No build dependency on libxp-dev. - DOM Inspector is not a separate package. - Various icon changes. - Polish translation for firefox.desktop. - Do not attempt to run firefox for webdav URLs (firefox.desktop). - Better firefox.menu entry (says `Firefox Web Browser'). - Minor changes in directories and symlinks to cope with Ubuntu and Debian's different histories. - Use update-notifier to ask user to restart firefox. - Some currently-unused directory merging code in firefox.preinst. - Use GNOME MIME program registry (nsMIMEInfoUnix etc.) - Less detail in the user agent string. - Belt-and-braces removal for some cruft left over by some versions of the Mozilla build system. - EbmedWindow::GetVisibility bugfix. - Pass FC_ANY_METRICS to Fontconfig where appropriate. - Extensive Thai language patch. - Print in serif by default even though default display is sans. - Prevent websites from disabling context menus. - Strip CUPS from printer names. - Better message about updates of read-only extension. - Fix: do not crash if htmlConverter->Convert fails. All of these changes are fully documented in the changelog below. Please see those changelog entries for full details.
Superseded in dapper-security |
firefox (1.5.dfsg+1.5.0.4-0ubuntu6.06) dapper-security; urgency=low * New upstream version, 1.5.0.4, security/stability fixes from upstream. This is known to include the following security fixes: - MFSA 2006-43, CVE-2006-2777: Privilege escalation using addSelectionListener - MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8 pages - MFSA 2006-41, CVE-2006-2782: File stealing by changing input type (variant) - MFSA 2006-38, CVE-2006-2778: Buffer overflow in crypto.signText() - MFSA 2006-37, CVE-2006-2776: Remote compromise via content-defined setter on object prototypes - MFSA 2006-36, CVE-2006-2784: PLUGINSPAGE privileged JavaScript execution 2 - MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL persist - MFSA 2006-34, CVE-2006-2785: XSS viewing javascript: frames or images from context menu - MFSA 2006-33, CVE-2006-2786: HTTP response smuggling - MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with potential memory corruption - MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) - CVE-2006-2788: Double memory free in nsIX509::getRawDER when called from JavaScript (Mozilla bug #321598) This package is based on Debian's firefox_1.5.dfsg+1.5.0.4.orig.tar.gz but has none of the corresponding Debian changes. -- Ian Jackson <email address hidden> Tue, 6 Jun 2006 14:32:13 +0100
firefox (1.5.dfsg+1.5.0.3-0ubuntu3) dapper; urgency=low * Thai-related crash fix (Malone 45395): - nsCopySupport.cpp, nsCopySupport::HTMLCopy: do not crash if htmlConverter->Convert fails. - nsHTMLFormatConverter.cpp, nsHTMLFormatConverter::Convert: properly report failure if dataStr.IsEmpty. - nsJISx4501LineBreaker.cpp: fix printf(stderr -> fprintf. * Add Polish translation for firefox.desktop (Malone 45447). Thanks to contribution from Tomasz Dominikowski. * Do not attempt to merge /usr/lib/mozilla-firefox and /usr/lib/firefox and make the former a link to the latter; this is unfortunately error-prone and makes more problems than it solves. Fixes Malone 44487; regresses the plugins directory confusion bug. * Include MFSA and CVE numbers in changelog entry for 1.5.dfsg-1. -- Ian Jackson <email address hidden> Tue, 23 May 2006 17:45:30 +0100
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.3-0ubuntu2) dapper; urgency=low * Fix memory leak in large clipboard handling. Malone 41093. Mozilla Bugzilla 289897; applied attachments 218749, 218753. * Provide symlink /usr/lib/mozilla-firefox -> /usr/lib/firefox (and shuffle stuff across if both directories exist). * Remove update-notifier `restart required' on removal so that if you remove firefox you're no longer asked to restart it. Malone 36739. * Increase size of prefs window explicitly. Malone 43528. * Suppress the error if /var/lib/locales/supported.d/* can't be read (probably because it doesn't exist). If you get EIO or EACCES or some such then having pango mysteriously disabled will be the least of your worries. Malone 44016. * Really use firefox_1.5.dfsg+1.5.0.3.orig.tar.gz from Debian. -- Ian Jackson <email address hidden> Fri, 12 May 2006 19:20:30 +0100
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.3-0ubuntu1) dapper; urgency=low * New upstream version, 1.5.0.3, security/stability fix from upstream: MFSA 2006-30, CVE-2006-1993: Deleted object reference when designMode="on" This package is based on Debian's firefox_1.5.dfsg+1.5.0.3.orig.tar.gz but has none of the corresponding Debian changes. -- Ian Jackson <email address hidden> Wed, 10 May 2006 12:13:30 +0100
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.2-0ubuntu2) dapper; urgency=low * Increase sizes of various dialogue boxes so that all of the contents fit. Malone 26225, 36985, and probably others. * Set MOZ_DISABLE_PANGO=1 to disable pango, unless some locale is selected as supported which would need pango for rendering; the default can be overridden by setting MOZ_DISABLE_PANGO to 0 or 1. Malone 32561 (workaround). * Use update-notifier to request a firefox restart. Malone 36739. * Added Spanish translation to firefox.desktop. Malone 39972. Thanks to Rocco Stanzione for the patch. * Add a couple of missing trailing newlines. Malone 39972 again. Thanks Rocco Stanzione for the report. * EbmedWindow::GetVisibility bugfix, Malone 40320, upstream 312998, thanks to chpe for the patch and discussion. * Add FC_ANY_METRICS set to FcTrue to all patterns that are going to be used for finding (rather than enumerating) fonts. Malone 42559. -- Ian Jackson <email address hidden> Tue, 2 May 2006 18:59:32 +0100
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.2-0ubuntu1) dapper; urgency=low * New upstream version, 1.5.0.2. Described as `stability and security fixes' by upstream but many changes are included and producing a complete list is infeasible :-(. Fixes are known to be included for: - MFSA 2006-29, CVE-2006-1725: Spoofing with translucent windows - MFSA 2006-28, CVE-2006-1726: Security check of js_ValueToFunctionObject() can be circumvented - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution Vulnerability - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview - MFSA 2006-24, CVE-2006-1728: Privilege escalation using crypto.generateCRMFRequest - MFSA 2006-23, CVE-2006-1729: File stealing by changing input type - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow Vulnerability - MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724: Crashes with evidence of memory corruption. This package is based on Debian's firefox_1.5.dfsg+1.5.0.2.orig.tar.gz but has none of the corresponding Debian changes.
Superseded in breezy-security |
firefox (1.0.8-0ubuntu5.10) breezy-security; urgency=low * New upstream release which fixes the following vulnerabilities: - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview - MFSA 2006-24, CVE-2006-1728: Privilege escalation using crypto.generateCRMFRequest - MFSA 2006-23, CVE-2006-1729: File stealing by changing input type - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow Vulnerability - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call() - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability - MFSA 2006-17, CVE-2006-1732: cross-site scripting through window.controllers - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via valueOf.call() - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript function's cloned parent - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval - MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save Image As..." - MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security warning dialog) - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8) - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event handlers - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through XULDocument.persist() - MFSA 2006-03, CVE-2005-4134: Long document title causes startup denial of Service - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards -- Martin Pitt <email address hidden> Tue, 18 Apr 2006 11:59:52 +0200
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu12) dapper; urgency=low * Sponsored upload for Theppitak Karoonboonyanan * Updated Thai word breaking patch: - load `libthai.so.0' instead of `libthai.so'. - print debug message only when DEBUG is defined. - debian/control: Suggests libthai0 -- Michael Vogt <email address hidden> Thu, 13 Apr 2006 13:25:14 +0200
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu11) dapper; urgency=low * Fix silly lack of [ ] quoting in AC_DEFUN use. Malone 36659, Mozilla bugzilla 298457. * Make Preferences window not chop off various elements: - specify a width of 50em instead of 42em - do not specify a height - add another <separator/> to the bottom of privacy.xul's prefpane. I have no idea why this is necessary :-(. Malone 36985. * Fix broken UTF-8 in .desktop file (again). Malone 37779. * Document how to use xpcshell in README.Debian. Malone 35333. * Clarify updateReadOnlyMessage to refer to `system package manager' which will help the misunderstanding in Malone 31284. -- Ian Jackson <email address hidden> Wed, 12 Apr 2006 17:18:52 +0100
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu10) dapper; urgency=low * Generate `firefox-dbg' package with debugging symbols. This involves changing debian/compat to 5, which should be safe. * Fix Norwegian translation in firefox.desktop. (Malone 30603.) * Fix trivial syntax problems in firefox.desktop. (Malone 33567.) * Remove x-directory/webdav x-directory/webdav-prefer-directory from MimeType list in desktop file. (Malone 35928.) * Use `about.png.upstream' instead of `about.png.orig' is the saved original version for the branding; *.orig tends to get clobbered. -- Ian Jackson <email address hidden> Fri, 24 Mar 2006 18:49:46 +0000
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu9) dapper; urgency=low * added thai linebreaking support (thanks to Theppitak Karoonboonyanan) -- Michael Vogt <email address hidden> Tue, 14 Mar 2006 15:16:52 +0000
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu8) dapper; urgency=low * debian/rules: - renamed the idl directory to match the .pc name, replace mozilla-firefox by firefox for firefox-config too -- Sebastien Bacher <email address hidden> Mon, 13 Mar 2006 15:12:43 +0100
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu7) dapper; urgency=low * Pointing the .pc files to /usr/include/firefox is not enough, better install the headers there too. -- Matthias Klose <email address hidden> Sat, 11 Mar 2006 17:41:24 +0000
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu6) dapper; urgency=low * Replace Ubuntu Bugzilla bookmark with Launchpad's `Request support with Ubuntu' ticket creation page. (Malone 28896.) * Reinstate `Translate This Application' in Help menu, despite the fact that Launchpad doesn't do this yet - you just get a page saying there are no translations for Firefox. mdz assures us that this will be done some time during dapper's service life. * Make -P, -CreateProfile and -ProfileManager imply sensible values for -a, and document -a in firefox(1). (Malone 31746.) * Fix md5sum mismatch which causes spurious conffile prompt on bookmarks.html. * Set browser.startup.homepage_override.mstone to ignore, to avoid the silly thing where the first time after the upgrade, firefox looks like it has lost your home page because it is so keen to tell you about the release notes. (Malone 33895.) * Change `Latest Headlines' to `Latest BBC Headlines' to properly disclose the source up front, and use a corresponding RSS URL. * Revert the `you have chosen to open' dialogue, as discussed on ubuntu-devel. * Fix firefox-*.pc files to contain correct references to libs and includes, just like the mozilla-*.pc files. (Malone 34200.) -- Ian Jackson <email address hidden> Thu, 9 Mar 2006 19:56:58 +0000
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu5) dapper; urgency=low * Disable `Translate This Application' and don't try to have `Get Help Online' translated because we don't know how to translate firefox: https://launchpad.net/products/rosetta/+spec/rosetta-firefox-support -- Ian Jackson <email address hidden> Fri, 24 Feb 2006 14:49:23 +0000
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu4) dapper; urgency=low * Disable (by default) the `you have chosen to open' dialogue box; instead, we just take the default (which is to open with the application from the Gnome MIME database). This behaviour is controlled by browser.helperApps.defaultNoAsk.openFile. Bookmark, search and translation reference regression fixes: * Restore `Translate This Application' and `Get Help Online' * Add Ubuntu and Free Software links back to bookmarks Bookmark, search and translation references improvements: * Add Wikipedia to search box. * Remove `Quick searches' from bookmarks (these just replicate entries from the search box, and are broken anyway). * Get rid of README.Ubuntu - the contents are now no longer relevant. -- Ian Jackson <email address hidden> Thu, 23 Feb 2006 14:44:42 +0000
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu3) dapper; urgency=low * Move /usr/lib/libxpcom*.so etc. back to /usr/lib/firefox; avoids clashes with other packages (eg mozilla). * Add rpath setting for /usr/lib/firefox to all .pc files in firefox-dev. This is suboptimal, but at least it allows programs which use firefox-dev at compile-time to find firefox's .so's. * Take some redundant and perhaps privacy-leaking information out of the default User-Agent (Malone 30677). -- Ian Jackson <email address hidden> Fri, 10 Feb 2006 17:42:12 +0000
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu2) dapper; urgency=low * Fix stupid FTBFS on default.xpm introduced in last upload. * Retrospectively insert CVE numbers into 1ubuntu1 changelog entry.
Superseded in dapper-release |
firefox (1.5.dfsg+1.5.0.1-1ubuntu1) dapper; urgency=low Changes since 1.5.dfsg-4ubuntu6: * New upstream version (1.5.0.1) - security and stability fixes, allegedly. (About 7000 lines of diff, so not reviewed for Ubuntu.) * Fix Norwegian translation in .desktop file. (Malone #30603.) * mkdir /usr/include/mozilla in firefox-dev.preinst to avoid maintainer script sometimes preventing installation. * Move the shlibs needed for gtkmozembed to /usr/lib (avoids need for rpath and nonsense in firefox-gtkmozembed.pc). * Work around new GNU make braindamage by adding seddery to security/coreconf/rules.mk. Expected-permanent differences between Ubuntu and Debian: * Build nspr and nss for use by all other programs in the distribution (Packages: libnspr-dev, libnss-dev, libnspr4, libnss3. Fairly main changes to parts of the build system.) This is so that mozilla can be in Ubuntu universe. * Disable xprint. (xprint is not used in Ubuntu.) * Slightly different arrangements do with with transitional arrangements related to package renaming from mozilla-firefox-*. * Removed transitional packages mozilla-firefox-dom-inspector and mozilla-firefox-gnome-support (not needed in Ubuntu). * Build firefox-dev; applications which embed a browser in Ubuntu generally embed Firefox rather than mozilla. This also means that we build firefox with dynamic linking so that embedders and load ff. * Debian package search replaced by Ubuntu package search (and defaults to searching only in dapper, not all releases). * Changes to various icons (and their installation paths). * Strip CUPS/ from the front of displayed printer names, since all printing in Ubuntu is done via CUPS. Other differences remaining between Ubuntu and Debian: * debian/rules clean removes various junk left over by the mozilla build system. (Debian #350616.) * Exclude libssl3.so from dpkg_shlibdeps as this triggers a bug in fakeroot on amd64 in Ubuntu. * Set FIREFOX_DSP=none by default. Will sometimes break sound from eg Flash. See https://launchpad.net/malone/bugs/29760 for rationale. (Debian maintainers notified but no bug filed.) * Append our plugin path to any previous value of MOZ_PLUGIN_PATH. (Malone 29412. Debian #351806) * firefox.desktop file has more translations and consistently calls the application `Firefox Web Browser' (for better UI in the menus - this change is also in firefox.menu). Debian #351807. * Default printing command doesn't break if printer name contains spaces (actually a preference, in all.js). (Debian #351809, Mozilla Bugzilla #326245). * security/coreconf/rules.mk adjusted with awful seddery to cope with GNU make change to POSIXly interpretation of backslash line-joining. See http://lists.debian.org/debian-devel/2005/12/msg00988.html. Mozilla Bugzilla #325148. * security/coreconf/ruleset.mk has a set -e added. * Use GNOME mime database instead of mailcap. Patch imported from Red Hat; see debian/gnome-mime-handling.diff. * Change various preferences: - Ubuntu-specific default homepage - Ubuntu-specific release notes - default homepage can be locale-specific - middlebutton paste disabled - do not load a special home page on first start after an upgrade - disable File / Import (wizard is nonfunctional). Malone #28563, Debian #350599, Mozilla Bugzilla 117844. - save files to Desktop by default - README.Ubuntu file (still rather full of junk) - Prevent websites disabling the right-button context menu. - Default font for display is sans, but: - Default CSS for printing uses a serif font.
Superseded in dapper-release |
firefox (1.5.dfsg-4ubuntu6) dapper; urgency=low * Better comment regarding Import Wizard disablement, referring to upstream (117844) and Debian (350599) bugs. * Remove obsolete patch from run-mozilla.sh (which we don't use). * FIREFOX_DSP=none is really the default this time. (See 4ubuntu5; it turns out that /etc/firefoxrc exists for no good reason and contains an override for FIREFOX_DSP). * firefox(1) manpage adjusted wrt FIREFOX_DSP. * Fix mozilla-nss.pc to refer to mozilla-nspr, not firefox-nspr. -- Ian Jackson <email address hidden> Mon, 30 Jan 2006 19:15:43 +0000
firefox (1.5.dfsg-4ubuntu5) dapper; urgency=low * FIREFOX_DSP=none is the default everywhere, since the crashing problems due to esddsp non-thread-safety appear on i386 too. This will break sound from Flash in some situations. See https://launchpad.net/malone/bugs/29760 for the rationale. * Remove erroneous build-dependency on libxp-dev. * Append our plugin path to any previous value of MOZ_PLUGIN_PATH. (Malone 29412.) * Do not put anything in, or look at, /usr/lib/mozilla and /usr/include/mozilla. We use /usr/{lib,include}/firefox. -- Ian Jackson <email address hidden> Fri, 27 Jan 2006 16:40:28 +0000
Superseded in dapper-release |
firefox (1.5.dfsg-4ubuntu4) dapper; urgency=low * libnssckbi.so must not be installed in /usr/lib/mozilla, move it to /usr/lib/firefox; /usr/lib/mozilla is the namespace of the mozilla/ mozilla-browser package; we cannot conflict runtime packages like libnss3 and mozilla-browser as we do for the -dev packages. * Current libnss3 replaces older firefox package. * Set vendor name to Ubuntu. -- Matthias Klose <email address hidden> Sat, 21 Jan 2006 15:27:01 +0100
Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu12) dapper; urgency=low * downloads.js (twice): fix `download manager empty' bug. (Ubuntu Bugzilla 19927 20450.) -- Ian Jackson <email address hidden> Thu, 5 Jan 2006 19:20:27 +0000
Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu10) dapper; urgency=low * debian/rules: - fix lack of libnssckbi.so in the directory the firefox browser expects. (fallout from libnss/libnspr integration changes; Ubuntu bugzilla 21310). * debian/rules: - create a gre.conf (Ubuntu bugzilla 13750). * mozilla-firefox/include/{nspr,nss} (debian/rules etc.): - include these directories in firefox-dev, not libnss/libnspr-dev. - help dpkg with directory/symlink transition. -- Ian Jackson <email address hidden> Wed, 4 Jan 2006 18:39:15 +0000
Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu9) dapper; urgency=low * debian/rules: - use the correct arguments to call dh_install, install firefox-nspr.pc -- Sebastien Bacher <email address hidden> Wed, 21 Dec 2005 21:18:46 +0100
Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu4) dapper; urgency=low * Applied mozilla-1.7.12-2.src.rpm's firefox-1.0-uriloader.patch which causes firefox to look first in the Gnome MIME handling registry (MIME handling is still very wrong). * Disabled File / Import from main menu since it does not work at all (Ubuntu bugzilla 10339 still applies; patch brought forward). * Displayed printer names no longer show `CUPS/' prefix. (Ubuntu bugzilla 11481 regressed; patch from Breezy enhanced). * Print command fixed (again) to cope with spaces in printer names. * Remove incorrect note about Pango from README.Debian. * Re-fix-up localised startup URLs in en-US region.properties. * Fix incorrect layout/sizing in Help / About box (a bit hacky). * Re-forward-port patch to fix printer names with spaces. * Remove all subdirectories '*.OBJ' during clean. -- Ian Jackson <email address hidden> Fri, 2 Dec 2005 20:16:18 +0000
Superseded in dapper-release |
firefox (1.4.99+1.5rc3.dfsg-1ubuntu8) dapper; urgency=low * debian/rules: - use the same dirty fix for the libnss-dev headers. -- Matthias Klose <email address hidden> Tue, 20 Dec 2005 18:26:25 +0100
Obsolete in breezy-release |
firefox (1.0.7-0ubuntu20) breezy; urgency=low * Recompile everything -fno-strict-aliasing. See 17276. -- Ian Jackson <email address hidden> Mon, 10 Oct 2005 11:22:37 +0100
1276 → 1341 of 1341 results | First • Previous • Next • Last |