lp://staging/ubuntu/dapper/mozilla-thunderbird
- Get this branch:
- bzr branch lp://staging/ubuntu/dapper/mozilla-thunderbird
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 10. By Adam Conrad
-
* Ship SVG and PNG icons alongside the XPM icons for window managers that
can deal with those. Also, use the SVG icon internally, rather than
the XPM, making the taskbar icon less ugly (closes: launchpad.net/45492)
* Include a slightly tweaked profile-manager icon for the (still disabled)
mozilla-thunderbird profile manager desktop entry, based on tango icons. - 9. By Adam Conrad
-
* New upstream incremental security and bugfix release (launchpad.
net/41096) :
- MFSA 2006-28, CVE-2006-1726: Security check of js_ValueToFunctionObject( )
can be circumvented
- MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution Vuln
- MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure
- MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
- MFSA 2006-24, CVE-2006-1728: Privilege escalation using
crypto.generateCRMFReq uest
- MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow Vuln
- MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when
forwarding in-line
- MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531,
CVE-2006-1723, CVE-2006-1724: Crashes with memory corruption.
- MFSA 2006-08, CVE-2006-0299: "AnyName" entrainment and access control
hazard
- MFSA 2006-07, CVE-2006-0298: Read beyond buffer while parsing XML
- MFSA 2006-06, CVE-2006-0297: Integer overflows in E4X, SVG and Canvas
- MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
XULDocument.persist( )
- MFSA 2006-04, CVE-2006-0295: Memory corruption via QueryInterface on
Location, Navigator objects
- MFSA 2006-02, CVE-2006-0294: Changing postion:relative to static
corrupts memory
- MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
* New upstream should have restored the ability to send attachments
via the command line interface (launchpad.net/35690)
* Add the (at this point, very well-tested) GNOME/MIME handling patch
from Firefox, so we get GNOME MIME definitions (launchpad.net/30375)
* Sync 91_fontsfix_359763. dpatch from Debian, to use the generic font
aliases instead of demanding "Times", "Courier", and "Helvetica".
* Sync isolated arch build failure fixes from Debian as well, for people
who feel the urge to port dapper after it's released: 50_arch_*.dpatch
* Drop all references to mozilla-thunderbird- update- chrome, and the *.d
directories in /var/lib/mozilla- thunderbird and stop shipping them, as
they've been obsolete and broken since 1.5 (launchpad.net/{35465, 25997})
* Stop shipping /tmp in the typeaheadfind package (launchpad.net/43470)
* Rework the Debconf www-browser selection so it automatically chooses to
use gnome-control-center' s choice if it detects it installed, otherwise
falling back to x-www-browser (launchpad.net/{31841, 34546,41706, 25704})
* Drop suggests on xprint, which we stopped using (launchpad.net/33307)
* Depend on "myspell-en-us | myspell-dictionary" , since we now appear to
require it unconditionally for operation (launchpad.net/{35212, 37825})
* Fix the default theme so it shows up in themes list, so you can remove
added themes, since they're not the "last one" (launchpad.net/43022)
* Hide the Profile Manager menu icon by default (launchpad.net/12874)
* Add proper branding (Yay, we're Thunderbird again, not Mail/News, and we
have an icon and an about box, oh my!), icon thanks to Andy Fitzsimon,
integration mangling thanks to Alexander Sack. (launchpad.net/19439) - 8. By Sebastien Bacher
-
* debian/
mozilla- thunderbird. desktop:
- change menu title from "Thunderbird Mail Client" to "Thunderbird Mail" - 7. By Martin Pitt
-
debian/
global- config. js: Set intl.locale.matchOS by default to make locale
packages work. - 6. By Adam Conrad
-
* Re-enable patch 20_mailnews_
mime_makefile_ in.dpatch to export proper
headers to our -dev package so we can get engimail building again.
* Re-enable pango support, adding 10_pangoxft_linkage. dpatch, which
fixes the build to link pangoxft, which we directly include and use. - 5. By Adam Conrad
-
Revert pango support for now. We appear to be calling into libpangoxft
without linking to it, and I don't have time this week to sort it out. - 4. By Adam Conrad
-
* SECURITY UPDATE: Update to 1.0.7 to resolve multiple issues:
+ CAN-2005-2871, MFSA-2005-57 - IDN heap overrun
+ CAN-2005-2701, MFSA-2005-58 - Heap overrun in XBM image processing
+ CAN-2005-2702, MFSA-2005-58 - Crash on "zero-width non-joiner" sequence
+ CAN-2005-2703, MFSA-2005-58 - XMLHttpRequest header spoofing
+ CAN-2005-2704, MFSA-2005-58 - Object spoofing using XBL <implements>
+ CAN-2005-2705, MFSA-2005-58 - JavaScript integer overflow
+ CAN-2005-2706, MFSA-2005-58 - Privilege escalation using about: scheme
+ CAN-2005-2707, MFSA-2005-58 - Chrome window spoofing
* CAN-2005-2968, MFSA-2005-59 (Command-line shell execution vulnerability)
was addressed in Debian in 1.0.6-4, and we're preferring their patch
over upstream's, as it allows us to update with the minimum amount of
fuss, without re-diffing all our other patches (see Debian bug #329667)
* Drop 81_security-idn-normalizati on.dpatch, now included upstream.
* Compile with -fno-strict-aliasing (as discussed in Ubuntu bug #17276) - 3. By Tollef Fog Heen <email address hidden>
-
* New upstream release with security and stability fixes:
- MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
- MFSA 2005-25 Image drag and drop executable spoofing
- MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
- MFSA 2005-18 Memory overwrite in string library
- MFSA 2005-17 Install source spoofing with user:pass@host
- MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)