lp:ubuntu/maverick/seamonkey

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/maverick/seamonkey
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

18. By Mathieu Trudel-Lapierre

[ Chris Coulson <email address hidden> ]
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
  symlink to the system dictionaries and add the necessary postinst
  magic to fix current 2.0.8 users
  - update debian/seamonkey-browser.postinst
  - update debian/rules
  - update debian/seamonkey-browser.install

[ Mathieu Trudel-Lapierre <email address hidden> ]
* Fix LP: #575160 - Apply patch set from Debian iceape to fix RenderBadPicture
  errors: properly walk through child windows as a window is destroyed.
  - update debian/patches/series
  - add debian/patches/lp575160_destroy_child_windows.patch

17. By Chris Coulson

New upstream release v2.0.8 (SEAMONKEY_2_0_8_BUILD1)

16. By Chris Coulson

* New upstream release v2.0.7 (SEAMONKEY_2_0_7_BUILD1)

* Refresh patches for new upstream version
  - update debian/patches/seamonkey-fsh.patch
* Don't touch $LIBDIR/.autoreg from the seamonkey postinst script. The
  seamonkey package is just a meta-package, and the file is shipped by
  seamonkey-browser. Changing this ensures that seamonkey doesn't fail to
  configure if there is version skew between arch-all and arch-any packages
  - update debian/rules
  - remove debian/seamonkey.postinst.in
  - remove debian/seamonkey.prerm.in
* Ensure that the timestamp of $LIBDIR/.autoreg is updated when installing
  or removing seamonkey-mailnews, to ensure XPCOM component re-registration
  - add debian/seamonkey-mailnews.postinst.in
  - add debian/seamonkey-mailnews.prerm.in
  - update debian/rules
* Move the newsblog.js component to seamonkey-mailnews, and add appropriately
  versioned conflicts/replaces
  - update debian/seamonkey-browser.install
  - update debian/seamonkey-mailnews.install
  - update debian/control

15. By Chris Coulson

* New upstream release v2.0.6 (SEAMONKEY_2_0_6_BUILD1)
* Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
  Install the newsblog.js XPCOM component
  - update debian/seamonkey-browser.install
* Fix some Lintian warnings
  - update debian/control
  - add debian/README.source

14. By Micah Gersten

* New upstream release v2.0.5 (SEAMONKEY_2_0_5_BUILD1)
* MFSA 2010-25: Re-use of freed object due to scope confusion
  - CVE-2010-1121
* MFSA 2010-26: Crashes with evidence of memory corruption
  - CVE-2010-1200
  - CVE-2010-1201
  - CVE-2010-1202
* MFSA 2010-27: Use-after-free error in nsCycleCollector::MarkRoots()
  - CVE-2010-0183
* MFSA 2010-28: Freed object reuse across plugin instances
  - CVE-2010-1198
* MFSA 2010-29: Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
  - CVE-2010-1196
* MFSA 2010-30: Integer Overflow in XSLT Node Sorting
  - CVE-2010-1199
* MFSA 2010-31: focus() behavior can be used to inject or steal keystrokes
  - CVE-2010-1125
* MFSA 2010-32: Content-Disposition: attachment ignored if Content-Type:
  multipart also present
  - CVE-2010-1197
* MFSA 2010-33: User tracking across sites using Math.random()
  - CVE-2008-5913

* Fix FTBFS on Sparc by disabling jit (LP: #523627)
  - update debian/rules

13. By Micah Gersten

* New upstream release v2.0.4 (SEAMONKEY_2_0_4_RELEASE) (LP: #461864)

[ Fabien Tassin <email address hidden> ]
* Add conditional support for system Cairo, NSS, NSPR
  - update debian/rules
* Update icons from xpm to png
  - update debian/seamonkey-*.{install,links,menu}
* We no longer need dynamic -lsoftokn, disable NSS_DYNAMIC_SOFTOKN
  - add debian/patches/no_dynamic_nss_softokn.patch
  - update debian/patches/series

[ Micah Gersten <email address hidden> ]
* Use versioned install directory
  - update debian/rules
* Bump minimum versions of system libs; cairo to 1.8.8; NSPR to 4.8;
  NSS to 3.12.6
  - update debian/rules
* Update .install files for latest release
  - update debian/seamonkey-browser.install
  - update debian/seamonkey-mailnews.install
* Refresh patches
  - update debian/patches/cleaner_dist_clean.patch
  - update debian/patches/fix_installer.patch
  - update debian/patches/seamonkey-fsh.patch
* Drop cairo FTBFS patch after upstream landing
  - drop debian/patches/fix_ftbfs_with_cairo_fb.patch
  - update debian/series
* Install gnome components in -browser package so that it works out of the box
  - update debian/seamonkey-browser.install
  - update debian/control
  - update debian/rules
* Move mozclient to be in source
  - add debian/mozclient/compare.mk
  - add debian/mozclient/seamonkey-remove.binonly.sh
  - add debian/mozclient/seamonkey.conf
  - add debian/mozclient/seamonkey.mk
  - update debian/rules

[ Chris Coulson <email address hidden> ]
* Ensure the symlinks are installed correctly. File name expansion
  doesn't work in the .links files, so call dh_link explicitly in
  debian/rules instead
  - drop debian/seamonkey-browser.links
  - drop debian/seamonkey-mailnews.links
  - update debian/rules
* Only the seamonkey-gnome-support package should have dependencies on GNOME
  libraries - ensure that seamonkey-browser doesn't have the GNOME components
  installed when dh_shlibdeps is run
  - update debian/rules
  - update debian/seamonkey-browser.install

12. By John Vivirito

* New upstream security release: 1.1.17 (LP: #356274)
  - CVE-2009-1841: JavaScript chrome privilege escalation
  - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
  - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
  - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
  - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
  - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
  - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
  - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
  - update debian/patches/series

11. By Alexander Sack

* CVE-2009-1044: Arbitrary code execution via XUL tree element
  - add debian/patches/90_181_484320_attachment_368977.patch
  - update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
  - add 90_181_485217_attachment_369357.patch
  - add debian/patches/90_181_485286_attachment_369457.patch

10. By John Vivirito

* New security upstream release: 1.1.15 (LP: #309655)
  - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
  - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
  - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
  - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
  - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

9. By Alexander Sack

* New security upstream release: 1.1.13 (LP: #297789)
  - CVE-2008-4582: Information stealing via local shortcut files
  - CVE-2008-5012: Image stealing via canvas and HTTP redirect
  - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
  - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
  - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
  - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
  - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
  - CVE-2008-0017: Buffer overflow in http-index-format parser
  - CVE-2008-5021: Crash and remote code execution in nsFrameManager
  - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
  - CVE-2008-5024: Parsing error in E4X default namespace
  - CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail

* re-run autoconf2.13 to update configure patch to changed upstream codebase
  - update debian/patches/99_configure.patch

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/seamonkey
This branch contains Public information 
Everyone can see this information.

Subscribers