Bug#771262: unblock: iceweasel/31.3.0esr-1
tag 771262 - moreinfo
thanks
On Fri, Nov 28, 2014 at 07:18:09PM +0000, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
>
> On Fri, Nov 28, 2014 at 10:46:34AM +0900, Mike Hommey wrote:
> > There is going to be a (mostly) security update of iceweasel early next week.
> > Please allow it in Jessie (the same package will make it to wheezy through
> > stable-security, as usual).
>
> Please ping this bug and remove the moreinfo tag when it's in sid. A bug we
> can't deal with is in the way, and we don't have the capacity to keep
> checking.
Following is an updated non-upstream interdiff. The only difference from
the previous one is a couple pref change to avoid the obnoxious Firefox-
branded things on the homepage, like the video that's currently for the
10 years of Firefox.
diff --git a/debian/branding/firefox-branding.js b/debian/branding/firefox-branding.js
index eccbddf..75bfb22 100644
--- a/debian/branding/firefox-branding.js
+++ b/debian/branding/firefox-branding.js
@@ -1,3 +1,5 @@
+lockPref("browser.startup.homepage_override.mstone", "ignore");
+pref("browser.aboutHomeSnippets.updateUrl", "data:text/html,");
pref("startup.homepage_override_url","");
pref("startup.homepage_welcome_url","");
pref("app.releaseNotesURL", "http://mozilla.debian.net/%LOCALE%/%APP%/%VERSION%/releasenotes/");
diff --git a/debian/browser.mozconfig.in b/debian/browser.mozconfig.in
index 1e1604c..8144e59 100644
--- a/debian/browser.mozconfig.in
+++ b/debian/browser.mozconfig.in
@@ -2,6 +2,7 @@
# packages for Debian or a derivative.
. $topsrcdir/browser/config/mozconfig
ac_add_options --enable-release
+ac_add_options --enable-unified-compilation
ac_add_options --prefix=/usr
ac_add_options --enable-default-toolkit=cairo-gtk2
ac_add_options --enable-pango
diff --git a/debian/changelog b/debian/changelog
index 07b1f47..b59e7bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+iceweasel (31.3.0esr-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fixes for mfsa2014-{83,85,87-88}, also known as:
+ CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593,
+ CVE-2014-1594.
+
+ * debian/browser.mozconfig.in: Revert change from release 31.2.0esr-3,
+ because it made no difference.
+ * debian/branding/firefox-branding.js:
+ - Set browser.startup.homepage_override.mstone to "ignore".
+ - Set browser.aboutHomeSnippets.updateUrl to "data:text/html,", which
+ disables downloading snippets from Mozilla servers and resets previously
+ downloaded snippets after a day. Closes: #721689.
+
+ -- Mike Hommey <glandium@debian.org> Tue, 02 Dec 2014 22:46:00 -0800
+
iceweasel (31.2.0esr-3) unstable; urgency=medium
* debian/changelog: Add missing entries for 27.0.1-1.
Reply to: