lp:ubuntu/feisty/firefox
- Get this branch:
- bzr branch lp:ubuntu/feisty/firefox
Branch merges
Branch information
Recent revisions
- 47. By Alexander Sack
-
* debian/control: fix missing firefox-libthai depends on firefox
* xpfe/components/killAll/ Makefile. in: drop unapproved/useless patch
to install/remove nsKillAll.js component.
* browser/locales/ en-US/profile/ bookmarks. html: fix bookmarks urls;
www.ubuntulinux.org/ wiki/FrontPage -> wiki.ubuntu.com; www.ubuntulinux.org
-> www.ubuntu.com (LP#93502)
* browser/base/content/ baseMenuOverlay .xul: commenting out ubuntu help
menu entries: Get Help Online; Translate This application. Reenable as
soon as launchpad supports these features.
* layout/svg/renderer/ src/cairo/ nsSVGCairoGradi ent.cpp: fix for bz358930
(LP#69721): 2.0 doesn't respect SVG gradient spreadMethod="pad"
* gfx/src/gtk/nsFontMetri csPango. cpp: fix for bz335810: cursor up/down
keypresses do not preserve horizontal position when using pango (LP#36571)
* debian/firefoxrc: fix old malone url in comment (LP#94392) - 46. By Alexander Sack
-
* new upstream security/stability update (v2.0.0.3)
* MFSA-2006-11 aka CVE-2007-1562: FTP PASV port-scanning
* add Report a Bug ... menu entry to Help menu overlay (LP#85041)
* gfx/src/gtk/nsFontMetri csXft.cpp: revert not-approved patch
bz252033-gtk2-xft- text-clipping- problem, because fix seems to
have pretty bad performance overhead.
* config/autoconf. mk.in, configure.in, gfx/src/ gtk/mozilla- decoder. cpp:
revert not-approved patch bz305185-system- pango-fix- for-gtk- 2-8, because
no longer necessary, upstream bug was duped to
https://bugzilla. mozilla. org/show_ bug.cgi? id=338446
* xpfe/components/killAll/ Makefile. in: revert not-approved patch
bz333289-nskillall- not-installed, because its just cruft from
old suite and not used for firefox.
* debian/control: add depends on libnspr4 to libnss3 (LP#84481) - 45. By Alexander Sack
-
* new upstream release 2.0.0.2
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/ 1.8.1.2) :
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks - 44. By Alexander Sack
-
* repackage with new upstream mozilla.org and split up patches
into distinct feature patches available at
http://people. ubuntu. com/~asac/ firefox- patches/
* make use of original source tarball as distributed from
ftp.mozilla.org
* debian/rules: use --enable-official- branding to produce
official firefox branding; remove icons in debian/ dir;
add more garbage cleanup
* debian/firefox. links: /usr/share/ pixmaps/ firefox. png and
usr/share/pixmaps/ mozilla- firefox. png now link to
usr/share/firefox/ icons/mozicon12 8.png
* drop FeedWriter.js patch, no rational available.
* xpcom/reflect/xptcall/ src/md/ unix/xptcinvoke _arm.cpp,
xpcom/reflect/ xptcall/ src/md/ unix/xptcstubs_ arm.cpp,
xpcom/reflect/ xptcall/ src/md/ unix/Makefile. in,
xpcom/reflect/ xptcall/ src/md/ unix/xptcinvoke _mips.cpp,
xpcom/reflect/ xptcall/ src/md/ unix/xptcinvoke _asm_mips. s,
xpcom/reflect/ xptcall/ src/md/ unix/xptcstubs_ linux_m68k. cpp,
xpcom/reflect/ xptcall/ src/md/ unix/xptcinvoke _asm_parisc_ linux.s,
xpcom/reflect/ xptcall/ src/md/ unix/xptcstubs_ asm_parisc_ linux.s,
xpcom/reflect/ xptcall/ src/md/ unix/xptcstubs_ asm_mips. s,
configure.in, config/rules.mk, security/coreconf/ Linux.mk:
drop debian architecture patches for
not ubuntu platforms
* debian/control: taking over maintainership
* configure.in: update hidden visibility patch from bugzilla
* configure.in: drop
* Makefile.in: drop explicit export of nss as build system is not
broken anymore
* browser/app/Makefile. in: drop linker tweaks for now.
* browser/app/profile/ firefox. js: drop override for homepage
* browser/locales/ en-US/chrome/ branding/ brand.propertie s: drop further
branding hacks not needed anymore
* browser/components/ search/ nsSearchService .js: drop not needed
official browser hacks
* prefs-size.diff: removed garbage file from source - 43. By Matthias Klose
-
* Build using hunspell instead of myspell.
- debian/control: Build-depend on libhunspell-dev instead of libmyspell-dev.
- config/autoconf. mk.in: Add MOZ_MYSPELL_CFLAGS.
- extensions/spellcheck/ myspell/ src/Makefile. in: Use MOZ_MYSPELL_CFLAGS.
- extensions/spellcheck/ myspell/ src/mozMySpell. h: Include hunspell.cxx
instead of myspell.cxx.
- configure.in, configure: Overwrite myspell detection with hunspell. - 42. By Kees Cook
-
* New upstream security update:
- CVE-2006-6507, MFSA 2006-76: XSS using outer window's Function object.
- CVE-2006-6506, MFSA 2006-75: RSS Feed-preview referrer leak.
- CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption.
* debian/rules: use original upstream icons (Closes LP#68180).
* debian/debsearch. src: make feisty the default debsearch target.
* browser/base/content/ utilityOverlay. js: change Launchpad translation/help
pages for Feisty. - 41. By Matt Zimmerman
-
Patch from upstream CVS to fix RSS preview/
subscription, thanks to Mike
Connor and Martin Jürgens (Closes: LP#61182) - 40. By Tollef Fog Heen
-
* uudecode debsearch.gif too. Fixes FTBFS
* Make edgy the default debsearch target. Closes: Malone: #61687 - 39. By Matt Zimmerman
-
* Bump version to 2.0 (no upstream changes from rc3)
* browser/components/ search/ nsSearchService .js
- Set MOZ_OFFICIAL to "official", distributionID to "com.ubuntu"
* debian/branding: new subdirectory with images
* debian/rules:
- build: uudecode and substitute images in source tree, use debian/branding/ icon64. png
instead of debian/firefox.png
- clean: restore images in source tree, remove uudecoded versions - 38. By Martin Pitt
-
* New upstream version 2.0rc3, UVF exception approved by Matt Zimmerman.
* configure: Fix bashism to let the gcc visibility=hidden bug detection
work.
* configure{,.in}: Change MOZ_APP_DISPLAYNAME from 'BonEcho' to 'Firefox' to
make UserAgent string work with web sites which evaluate it.
* browser/base/content/ utilityOverlay. js: Open the Launchpad
translation/help pages for Edgy, not Dapper.
* For the sake of automatic vulnerability tracking: All 1.5.0.x and earlier
vulnerabilities were fixed in the 2.0 branch as well:
CVE-2005-0752 CVE-2005-1531 CVE-2005-1532 CVE-2005-2114 CVE-2006-0749
CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735
CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740
CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CVE-2006-2775 CVE-2006-2776
CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782
CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787
CVE-2006-2788 CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802
CVE-2006-3803 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808
CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812 CVE-2006-4253
CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568
CVE-2006-4569 CVE-2006-4571
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)