Debian Thunderbird

... finally I got my blog up again and I start with yet another lame post

My latest security backports to the upstream abandoned mozilla 1.8.0 branch are now available at http://people.ubuntu.com/~asac/mozilla-security/moz-1.8.1.12a-backports.tar.gz.

Those patches should cover all security related fixes that landed on the 1.8 branch (firefox 2) as of 2.0.0.12 RC3.

I noticed that I didn’t really release any of the post-mortem security patches released in debian and ubuntu. So, here the patchsets for the 1.8.0 branch that contains them all:

• firefox – http://people.ubuntu.com/~asac/mozilla-security/moz-backports-ffox-all-1.8.1.12.tar.gz


• thunderbird – http://people.ubuntu.com/~asac/mozilla-security/moz-backports-tbird-all-1.8.1.12.tar.gz


• xulrunner – http://people.ubuntu.com/~asac/mozilla-security/moz-backports-xul-all-1.8.1.12.tar.gz

Those tarballs ship quilt patch directories. This means that the sequence to apply them cleanly can be found in the contained series file. To apply them to MOZILLA_1_8_0_BRANCH checkout, just copy the directory contained to your checkout (name the directory patches if you like) and run

Have fun!

Well, I am impressed. Iceowl slipped through NEW in just a few hours. Many thanks to our ftp-masters … well done!

Two screenshots Iceowl and its Icedove extension:

Iceowl – Standalone Calendar

Iceowl Calendar Extension for Icedove

tags 388218 + pending
tags 270533 + pending
thanks

Ladies and Gentleman,

I am finally happy to mark this pending … upload should go to sid
today.

iceowl is the unbranded sunbird standalone application.

lightning, the sunbird based thunderbird extension will be called
iceowl-extension … and will be usable in icedove + thunderbird.

I will announce on debian planet once those are uploaded.

Have fun,

... are available for testing. firefox will be available soon.

use my security preview archive to help testing this release:

• mozilla: 1.7.8-1sarge9
• mozilla-thunderbird: 1.0.2-2.sarge1.0.8e.1

For reference: The raw patches are http://people.debian.org/~asac/backports-1.5.0.9.tar.gz

Thanks to Ricardo Fernandez we have a great new and consistent artwork for our ice-lizard applications.

For icedove they will land with the next upload … so here some screens.

icedove start-page thumb

icedove about box

icedove credits dialog with new motto: “Icedoves are Free!”

mconnor (Mozilla Corp) and caillon (Red Hat) give hope that mozillas attitude finally starts to change (in the right direction):

• mozilla admits and encourages that distribution builds are the primary way of distributing mozilla software to linux users
• linux contributors will get a chance to form a “strong group of maintainers to drive and own Linux-specific development”, which will have “responsibility for branch policies for Linux-specific code”
• in consequence, distributors will get their chance to integrate linux specific changes into stable branches in order to reduce the patchset needed

That’s all good news, but even better …

“Red Hat and Novell are both going to commit some effort into maintaining the Firefox 1.5.0.x line past the current EOL date this spring” ... thank $GOD for that

Thanks to Mike Hommey we have another set of security updates for
our mozilla apps in sarge. The versions are:

mozilla-firefox 1.0.4-2sarge13
mozilla-thunderbird 1.0.2-2.sarge1.0.8d.1
mozilla 1.7.8-1sarge8

Please use my security archive to get the preview packages and
test them as extensively as possible.

If you encounter any NEW problems, please let us know at pkg-mozilla-maintainers@lists.alioth.debian.org.

Thanks for your support.

As I red the post of MJ Ray on planet, I contacted the gnuzilla project and offered to join them in order to make them a good upstream for distributors that cannot obey the new mozilla trademark policy.

My current preference is to use snoweagle for thunderbird. IMO it would be a good choice, as it would be in the same spirit as iceweasel for firefox.

Anyway, more ideas are welcome …

As promissed I made available a preview package for the next mozilla-firefox security update.

The version of this prospective package is: 1.0.4-2sarge12.

If you have a sarge desktop install at hand and want to help, just add my security apt sources from http://www.asoftsite.org/apt-archives.html and upgrade/install mozilla-firefox.

Please test and send NEW bugs to me (asac@jwsdot.com) or to pkg-mozilla-maintainers@lists.alioth.debian.org.

Thanks!

I uploaded another round of security updates for mozilla and mozilla-thunderbird to my security preview archive.

The preview build for firefox will be made available from the same location in a day or two.

The versions of concern here are:

If you see any NEW bugs, let me know.

Thanks

Yesterday, I uploaded a first thunderbird 1.5.0.5 build. It fixes – as you might know – several security issues, applies several patches … so nothing unusual.

However, there is one interesting and maybe useful change: a patch which provides the core feature needed to make a reply-to-list extension possible in thunderbird.

I often red complains that thunderbird has no reply-to-list feature. Thus, I decided to ship this patch for etch. In general, I don’t add features upstream has not yet included. But this one looks important enough for me to not remember my own rules .

In order to make use of this feature, do this:

1. Install enigmail or mnenhy extension. I would suggest enigmail which is in the debian archive (aptitude install enigmail)
2. Install the Reply-To-List Extension from this address.
3. Press Ctrl+I (yes, Ctrl-L is already in use, sorry) in order to reply to list.
4. or add the Reply-To-List button to your toolbar and press that one.

Ah, here a screenshot,

Reply To List Button and Key-Binding in Debian Thunderbird 1.5.0.5

Anyone disagrees with the decision to ship this in etch?

... I have backported security fixes recently announced by mozilla for firefox and thunderbird to the old branch – which we have in debian stable.

You can grab the patchset I produced from http://people.debian.org/~asac/patchset_109b.tar.gz.

In it you find patches that fix:

• all security flaws whose security advisories had been announced together with firefox/thunderbird 1.5.0.5 – if applicable
• a tricky issue that had not been fixed in the last debian stable-security update for mozilla, mozilla-firefox and mozilla-thunderbird (aka mfsa2006-32, Part 2/7).
• two regressions introduced in our last stable-security update that broke some extensions.

Good news is that a bunch of critical flaws have been identified to not affect debian stable, namely:

Another good news is that MFSA2006-45 – which was recently /.ed with a working exploit – is in that list too. So debian stable users are not affected by that issue.

In order to get feedback and testing I am now preparing packages. Testing this is critical, because upstream has abandoned 1.0.x development. So please help to test and report regressions … otherwise those might go unseen and finally slip through to our users. I will announce new packages available for testing on my site and on the pkg-mozilla-maintainers mailing-list.

Thanks for your support!

mozilla-thunderbird 1.0.2-2.sarge1.0.8a has been uploaded to the security buildds. It addresses the same issues recently fixed in DSA-1118 for mozilla and DSA-1120 for mozilla-firefox.

I don’t expect hard regressions, but if you find any, please let me know. Otherwise, this package will enter stable-security soon.

You can obtain this build from:

http://people.debian.org/~asac/security/

Just pushed a first revision of thunderbird 1.5.0.2 to unstable. It fixes multiple security issues outlined on the mozilla security advisory page here:

In addition it ships with a new free branding. I hope you like it!!

Since I added a thunderbird-gnome-support package it might take a day or two (or a week ) until this upload finally reaches the official archives. Thus, I uploaded this release to my experimental archive again.

Have fun!

Debian ftp-masters finally approved thunderbird 1.5 for sid. Now that thunderbird is in the official archives, I will stop to provide regular releases through my experimental archive … instead I will release “official” backports for sarge to my stable archive.

I hope a first version for sarge will arrive next weekend … so stay tuned.