-
iceweasel (38.8.0esr-1~deb8u1) stable-security; urgency=medium
* New upstream release.
* Fixes for mfsa2016-{39,44,47}, also known as:
CVE-2016-2807, CVE-2016-2805, CVE-2016-2814, CVE-2016-2808.
-- Mike Hommey <email address hidden> Wed, 27 Apr 2016 07:56:41 +0900
-
iceweasel (38.7.1esr-1~deb8u1) stable-security; urgency=medium
* New upstream release.
- Disables Graphite font shaping library.
-- Mike Hommey <email address hidden> Sat, 19 Mar 2016 03:13:16 +0900
-
iceweasel (38.5.0esr-1~deb8u2) stable-security; urgency=medium
* security/nss/lib/ckfw/builtins/certdata.txt: Remove the SPI Inc. and
CAcert.org CA certificates. The former was removed in NSS 3.21-1 and
the latter in 3.16-1, and remained here largely overlooked.
-- Mike Hommey <email address hidden> Wed, 16 Dec 2015 17:08:06 +0900
-
iceweasel (38.2.1esr-1~deb8u1) stable-security; urgency=high
* New upstream release.
* Fixes for mfsa2015-{94-95}, also known as:
CVE-2015-4497, CVE-2015-4498.
* configure.in: Build libvpx neon code with -mfloat-abi=softfp on armel.
* media/libjpeg/simd/jsimd_mips_dspr2.S: Fix build error in MIPS SIMD
when compiling with -mfpxx.
-- Mike Hommey <email address hidden> Fri, 28 Aug 2015 18:04:03 +0900
-
iceweasel (31.6.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2015-{30-31,33,37,40}, also known as:
CVE-2015-0815, CVE-2015-0813, CVE-2015-0816, CVE-2015-0807,
CVE-2015-0801.
-- Mike Hommey <email address hidden> Wed, 01 Apr 2015 08:04:18 +0900
-
iceweasel (31.5.3esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2015-{28-29}, also known as:
CVE-2015-0818, CVE-2015-0817.
-- Mike Hommey <email address hidden> Sun, 22 Mar 2015 10:16:54 +0900
-
iceweasel (31.5.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2015-{11,16,19,24}, also known as:
CVE-2015-0836, CVE-2015-0831, CVE-2015-0827, CVE-2015-0822.
* debian/source.filter: Remove files that were mistakenly added to upstream
source tarballs. bz#1136240.
* debian/repack.py: Fix to support those new filters.
* memory/mozjemalloc/jemalloc.c: Make powerpc not use static page sizes.
Closes: #763900
-- Mike Hommey <email address hidden> Wed, 25 Feb 2015 10:47:23 +0900
-
iceweasel (31.4.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2015-{01,03-04,06}, also known as:
CVE-2014-8634, CVE-2014-8638, CVE-2014-8639, CVE-2014-8641.
-- Mike Hommey <email address hidden> Tue, 13 Jan 2015 18:48:51 +0900
-
iceweasel (31.3.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2014-{83,85,87-88}, also known as:
CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593,
CVE-2014-1594.
* debian/browser.mozconfig.in: Revert change from release 31.2.0esr-3,
because it made no difference.
* debian/branding/firefox-branding.js:
- Set browser.startup.homepage_override.mstone to "ignore".
- Set browser.aboutHomeSnippets.updateUrl to "data:text/html,", which
disables downloading snippets from Mozilla servers and resets previously
downloaded snippets after a day. Closes: #721689.
-- Mike Hommey <email address hidden> Tue, 02 Dec 2014 22:46:00 -0800
-
iceweasel (31.2.0esr-3) unstable; urgency=medium
* debian/changelog: Add missing entries for 27.0.1-1.
* debian/rules: Don't force to build with GCC 4.9 on armhf anymore.
* debian/browser.mozconfig.in: Don't build with --enable-unified-compilation.
It may be causing build problems on architectures with limited resources.
* Import patches from the nss source package that are relevant to building
iceweasel against the in-tree nss source, for backports:
- security/nss/lib/freebl/unix_rand.c,
security/nss/cmd/shlibsign/shlibsign.c: Fix FTBFS on Hurd because of
MAXPATHLEN
- security/nss/coreconf/Linux.mk,
security/nss/coreconf/arch.mk, security/nss/coreconf/config.mk,
security/nss/lib/freebl/unix_rand.c, security/nss/lib/softoken/softoken.h,
security/nss/lib/ssl/sslmutex.*: GNU/kFreeBSD support.
- security/nss/lib/ckfw/builtins/certdata.txt: Adds the SPI Inc. and
CAcert.org CA certificates.
Those patches were applied on the esr24 branch, but were forgotten on the
release branch at the time.
* media/libcubeb/tests/moz.build: Work around binutils assertion on mips.
-- Mike Hommey <email address hidden> Sun, 02 Nov 2014 10:29:42 +0900
-
iceweasel (31.1.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2014-{67-70,72}, also known as:
CVE-2014-1562, CVE-2014-1553, CVE-2014-1563, CVE-2014-1564,
CVE-2014-1565, CVE-2014-1567.
* debian/browser.bug-script.in, debian/browser.install.in,
debian/extra-stuff/Makefile.in, debian/extra-stuff/reportbug-helper-script,
debian/installer/package-manifest.browser: Fix bug script.
* debian/branding/content/Makefile.in: Revert branding changes for SVG
wordmark, not used on ESR
-- Mike Hommey <email address hidden> Wed, 03 Sep 2014 12:17:18 +0900
-
iceweasel (31.0-3) unstable; urgency=high
* The "this time it's going to build on armel" release.
* debian/rules, debian/control*: Update configure with autoconf2.13 every
time.
* configure.in: Use integers for audio when on Android, or when using ARM
on other OSes, and disable webm encoding. bz#1047791.
-- Mike Hommey <email address hidden> Sun, 03 Aug 2014 09:52:28 +0900
-
iceweasel (30.0-2) unstable; urgency=medium
* debian/browser-dev.install.in, debian/control*, debian/libxul.pc.in,
debian/mozilla-nspr.pc.in, debian/mozilla-plugin.pc.in, debian/rules:
Add a few pkg-config files to the iceweasel-dev package. Closes: #751268.
* gfx/skia/trunk/src/opts/SkBlitRow_opts_arm.cpp: Re-apply patch from
bz#901208 that upstream dropped when updating skia.
-- Mike Hommey <email address hidden> Sat, 14 Jun 2014 09:30:39 +0900
-
iceweasel (29.0.1-2) unstable; urgency=medium
* debian/rules:
- Don't pull MOZ_UA_BUILDID from official branding, it's not there anymore
and not useful anyways since bz#728773.
- Properly create all stamp files.
* debian/control*: xulrunner-dev conflicts with libmozjs-dev. Closes: #747761
* debian/rules, debian/control*: Use GCC 4.9 on armhf to work around bug
#748422.
* js/xpconnect/src/XPCWrappedJSClass.cpp,
xpcom/reflect/xptcall/src/md/unix/xptcinvoke_ppc_*.cpp,
xpcom/reflect/xptcall/src/md/unix/xptcinvoke_sparc_*.cpp: Fixup ppc and
sparc xpconnect
-- Mike Hommey <email address hidden> Sat, 24 May 2014 08:11:59 +0900
-
iceweasel (24.5.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2014-{34,37-38,42-44,46}, also known as
CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529,
CVE-2014-1530, CVE-2014-1531, CVE-2014-1532.
* debian/control.in: Don't depend on nss and nspr dev and dbg packages when
building with LESS_SYSTEM_LIBS. Closes: #744187.
* debian/control*, debian/browser.mozconfig, debian/xulrunner.mozconfig.in:
Disable gstreamer support. Because the ffmpeg gstreamer 0.10 plugin is not
available in testing/unstable anymore, and gstreamer support is not
enabled by default anyways.
* debiab/control*: Build depend on iso-codes.
-- Mike Hommey <email address hidden> Tue, 29 Apr 2014 07:10:56 -0700
-
iceweasel (24.4.0esr-1) unstable; urgency=high
* New upstream release.
* Fixes for mfsa2014-{15,17,26-32}, also known as
CVE-2014-1493, CVE-2014-1497, CVE-2014-1508, CVE-2014-1509,
CVE-2014-1505, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,
CVE-2014-1513, CVE-2014-1514.
* debian/noinstall.in, debian/xulrunner-dev.install.in: Install
mozilla-nspr.pc and mozilla-nss.pc when building backports. Closes: #739490.
* xulrunner/installer/mozilla-ns*.pc.in: Fix includedir in mozilla-nspr.pc
and mozilla-nss.pc. bz#985200.
-- Mike Hommey <email address hidden> Wed, 19 Mar 2014 08:28:20 +0900
-
iceweasel (24.3.0esr-1) unstable; urgency=high
* New upstream release.
* Fixes for mfsa2014-{01-02,04,08-09,13} also known as
CVE-2014-1477, CVE-2014-1479, CVE-2014-1482, CVE-2014-1486,
CVE-2014-1487, CVE-2014-1481.
* Import patches from the nss source package that are relevant to building
iceweasel against the in-tree nss source, for backports:
- security/nss/lib/freebl/unix_rand.c,
security/nss/cmd/shlibsign/shlibsign.c: Fix FTBFS on Hurd because of
MAXPATHLEN
- security/nss/coreconf/Linux.mk,
security/nss/coreconf/arch.mk, security/nss/coreconf/config.mk,
security/nss/lib/freebl/unix_rand.c, security/nss/lib/softoken/softoken.h,
security/nss/lib/ssl/sslmutex.*: GNU/kFreeBSD support.
- security/nss/lib/ckfw/builtins/certdata.txt: Adds the SPI Inc. and
CAcert.org CA certificates.
* debian/copyright, debian/rules: Update copyright info. Closes: #735297.
* debian/source.filter:
- Remove build/pgo/blueprint/valid.png from the source archive.
Closes: #736592
- Remove minified jquery from source archive. Closes: #736725.
* debian/control*: Bump nspr and nss build dependencies.
* debian/rules: Work around build failure following the removal of valid.png.
-- Mike Hommey <email address hidden> Wed, 05 Feb 2014 16:20:18 +0900
-
iceweasel (24.2.0esr-1) unstable; urgency=high
* New upstream release.
* Fixes for mfsa2013-{104,108-109,111,113-116}, also known as
CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671,
CVE-2013-6673, CVE-2013-5613, CVE-2013-5615, CVE-2013-6629,
CVE-2013-6630.
* debian/control*, debian/noinstall.in, debian/rules, debian/upstream.mk,
debian/xulrunner-GRE_VERSION.install.in, debian/xulrunner.mozconfig:
Don't build against system nspr, nss and sqlite3 when building backports.
* debian/control*, debian/xulrunner.mozconfig.in: Build with the in-tree
cairo. I think it's time to admit that there are too many issues with
system cairo.
* debian/rules: Ensure debian/control is updated when running debian/rules
clean.
* configure*: Fixup NSPR_CFLAGS when building with libxul-sdk and in-tree
nspr.
-- Mike Hommey <email address hidden> Sun, 15 Dec 2013 15:13:58 +0900
-
iceweasel (17.0.10esr-1~deb7u1) stable-security; urgency=low
* New upstream release.
* Fixes for mfsa2013-{93,95-96,98,100-101}, also known as
CVE-2013-5590, CVE-2013-5604, CVE-2013-5595, CVE-2013-5597,
CVE-2013-5599, CVE-2013-5600, CVE-2013-5602.
-- Mike Hommey <email address hidden> Wed, 30 Oct 2013 11:23:13 +0900
-
iceweasel (17.0.9esr-1~deb7u1) stable-security; urgency=low
* New upstream release.
* Fixes for mfsa2013-{76,79,82,88-91}, also known as
CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730,
CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737.
-- Mike Hommey <email address hidden> Tue, 17 Sep 2013 22:17:40 +0900
-
iceweasel (17.0.8esr-2) unstable; urgency=low
* debian/rules:
- Don't use --no-keep-memory on ia64. Somehow, it makes ld fail to relax
some relocations.
- Don't use --as-needed on ia64. Somehow, it makes ld crash on some files.
-- Mike Hommey <email address hidden> Sun, 11 Aug 2013 08:15:26 +0900
-
iceweasel (10.0.12esr-1+nmu1) unstable; urgency=medium
* Non-maintainer upload.
* Fix javascript resource consumption issue on ia64 (closes: #692053).
* Clear high 17 bits from pointers in the javascript engine on ia64
(closes: #696041).
-- Michael Gilbert <email address hidden> Mon, 04 Mar 2013 01:27:56 +0000
