SecurityPublication

COMPLETED: see http://www.ubuntu.com/usn for details

This page contains the notes and procedures that will be used for publishing the USNs for the firefox 3.6 transitions.

USNs

The packages and USNs for nss, nspr, firefox 3.6.6 and firefox 3.6.6 rdepends will be published at the same time for Ubuntu 8.04 LTS and 10.04 LTS, and then later for 9.04 and 9.10 (due to openjdk issue). While packages for epiphany/webkit were backported from 9.10 to 8.04 LTS, they had too many regressions over the functionality provided by epiphany/gecko. As an alternative, epiphany was updated to use the new xulrunner-1.9.2. 9.10 already has the latest nss.

Ubuntu was originally targeting 3.6.4 for the transition, but shortly after release or 3.6.4, upstream issued an emergency bug fix release with 3.6.6, so we are now targeting 3.6.6 for the transition.

USN1

Ubuntu Release

Software

SRCPKG

927-4: DONE

8.04 LTS

nss (for CVE-2009-3555)

export SRCPKG="nss"

927-5: DONE

8.04 LTS

nspr (see USN-810-2 for example)

export SRCPKG="nspr"

927-6: DONE

9.04

nss (for CVE-2009-3555)

export SRCPKG="nss"

927-7: DONE

9.04

nspr (see USN-810-2 for example)

export SRCPKG="nspr"

927-8: DONE

9.04

thunderbird

export SRCPKG="thunderbird"

930-1: DONE

8.04 LTS, 10.04 LTS

firefox 3.6/xulrunner 1.9.2

export SRCPKG="firefox-3.0 firefox xulrunner-1.9.2"

930-2: DONE

8.04 LTS

rdepends of firefox (see below)

export SRCPKG="adblock-plus all-in-one-sidebar apturl blam chmsee edbrowse epiphany-browser firebug firefox-showcase flashblock foxyproxy gecko-sharp2 gnome-python-extras greasemonkey icedtea-gcjwebplugin imagezoom  liferea listen livehttpheaders miro mozgest mozilla-noscript mozilla-stumbleupon nukeimage penguintv prism  rhythmbox scrapbook speeddial torbutton totem ubufox ubuntu-it-menu useragentswitcher webdeveloper yelp"

930-4: DONE

9.04, 9.10

firefox 3.6/xulrunner 1.9.2

export SRCPKG="firefox-3.0 firefox-3.5 xulrunner-1.9.2"

930-5: DONE

9.04. 9.10

rdepends of firefox (see below)

export SRCPKG="adblock-plus all-in-one-sidebar ant apturl beagle bindwood chmsee conkeror ctxextensions edbrowse epiphany-browser fennec firebug firefoxnotify firefox-sage firefox-showcase flashblock foxyproxy galeon gluezilla gnome-python-extras gnome-web-photo google-gadgets greasemonkey imagezoom itsalltext kazehakase liferea listen livehttpheaders long-url-please miro moon mozgest mozilla-noscript mozilla-stumbleupon mozvoikko mozzemberek nukeimage openjdk-6 packagekit penguintv prism pwdhash scrapbook speeddial torbutton tuxguitar ubufox ubuntu-it-menu useragentswitcher venkman webdeveloper webfav xiphos yelp"

930-X REJECTED

8.04 LTS

epiphany and webkit

export SRCPKG="epiphany-browser epiphany-extensions webkit-1.1"

930-X REJECTED

8.04 LTS

depends for epiphany and webkit

export SRCPKG="libsoup2.4-2.28"

N/A

8.04 LTS

language packs

export SRCPKG="language-pack-af language-pack-af-base language-pack-ar language-pack-ar-base language-pack-as language-pack-as-base language-pack-ast language-pack-ast-base language-pack-be language-pack-be-base language-pack-bg language-pack-bg-base language-pack-bn language-pack-bn-base language-pack-ca language-pack-ca-base language-pack-cs language-pack-cs-base language-pack-cy language-pack-cy-base language-pack-da language-pack-da-base language-pack-de language-pack-de-base language-pack-el language-pack-el-base language-pack-en language-pack-en-base language-pack-eo language-pack-eo-base language-pack-es language-pack-es-base language-pack-et language-pack-et-base language-pack-eu language-pack-eu-base language-pack-fa language-pack-fa-base language-pack-fi language-pack-fi-base language-pack-fr language-pack-fr-base language-pack-fy language-pack-fy-base language-pack-ga language-pack-ga-base language-pack-gl language-pack-gl-base language-pack-gnome-af language-pack-gnome-af-base language-pack-gnome-ar language-pack-gnome-ar-base language-pack-gnome-as language-pack-gnome-as-base language-pack-gnome-ast language-pack-gnome-ast-base language-pack-gnome-be language-pack-gnome-be-base language-pack-gnome-bg language-pack-gnome-bg-base language-pack-gnome-bn language-pack-gnome-bn-base language-pack-gnome-ca language-pack-gnome-ca-base language-pack-gnome-cs language-pack-gnome-cs-base language-pack-gnome-cy language-pack-gnome-cy-base language-pack-gnome-da language-pack-gnome-da-base language-pack-gnome-de language-pack-gnome-de-base language-pack-gnome-el language-pack-gnome-el-base language-pack-gnome-en language-pack-gnome-en-base language-pack-gnome-eo language-pack-gnome-eo-base language-pack-gnome-es language-pack-gnome-es-base language-pack-gnome-et language-pack-gnome-et-base language-pack-gnome-eu language-pack-gnome-eu-base language-pack-gnome-fa language-pack-gnome-fa-base language-pack-gnome-fi language-pack-gnome-fi-base language-pack-gnome-fr language-pack-gnome-fr-base language-pack-gnome-fy language-pack-gnome-fy-base language-pack-gnome-ga language-pack-gnome-ga-base language-pack-gnome-gl language-pack-gnome-gl-base language-pack-gnome-gu language-pack-gnome-gu-base language-pack-gnome-he language-pack-gnome-he-base language-pack-gnome-hi language-pack-gnome-hi-base language-pack-gnome-hr language-pack-gnome-hr-base language-pack-gnome-hu language-pack-gnome-hu-base language-pack-gnome-id language-pack-gnome-id-base language-pack-gnome-is language-pack-gnome-is-base language-pack-gnome-it language-pack-gnome-it-base language-pack-gnome-ja language-pack-gnome-ja-base language-pack-gnome-ka language-pack-gnome-ka-base language-pack-gnome-kk language-pack-gnome-kk-base language-pack-gnome-kn language-pack-gnome-kn-base language-pack-gnome-ko language-pack-gnome-ko-base language-pack-gnome-ku language-pack-gnome-ku-base language-pack-gnome-lt language-pack-gnome-lt-base language-pack-gnome-lv language-pack-gnome-lv-base language-pack-gnome-mk language-pack-gnome-mk-base language-pack-gnome-ml language-pack-gnome-ml-base language-pack-gnome-mr language-pack-gnome-mr-base language-pack-gnome-nb language-pack-gnome-nb-base language-pack-gnome-nl language-pack-gnome-nl-base language-pack-gnome-nn language-pack-gnome-nn-base language-pack-gnome-oc language-pack-gnome-oc-base language-pack-gnome-or language-pack-gnome-or-base language-pack-gnome-pa language-pack-gnome-pa-base language-pack-gnome-pl language-pack-gnome-pl-base language-pack-gnome-pt language-pack-gnome-pt-base language-pack-gnome-ro language-pack-gnome-ro-base language-pack-gnome-ru language-pack-gnome-ru-base language-pack-gnome-si language-pack-gnome-si-base language-pack-gnome-sk language-pack-gnome-sk-base language-pack-gnome-sl language-pack-gnome-sl-base language-pack-gnome-sq language-pack-gnome-sq-base language-pack-gnome-sr language-pack-gnome-sr-base language-pack-gnome-sv language-pack-gnome-sv-base language-pack-gnome-ta language-pack-gnome-ta-base language-pack-gnome-te language-pack-gnome-te-base language-pack-gnome-th language-pack-gnome-th-base language-pack-gnome-tr language-pack-gnome-tr-base language-pack-gnome-uk language-pack-gnome-uk-base language-pack-gnome-vi language-pack-gnome-vi-base language-pack-gnome-zh language-pack-gnome-zh-base language-pack-gu language-pack-gu-base language-pack-he language-pack-he-base language-pack-hi language-pack-hi-base language-pack-hr language-pack-hr-base language-pack-hu language-pack-hu-base language-pack-id language-pack-id-base language-pack-is language-pack-is-base language-pack-it language-pack-it-base language-pack-ja language-pack-ja-base language-pack-ka language-pack-ka-base language-pack-kde-af language-pack-kde-af-base language-pack-kde-ar language-pack-kde-ar-base language-pack-kde-as language-pack-kde-as-base language-pack-kde-ast language-pack-kde-ast-base language-pack-kde-be language-pack-kde-be-base language-pack-kde-bg language-pack-kde-bg-base language-pack-kde-bn language-pack-kde-bn-base language-pack-kde-ca language-pack-kde-ca-base language-pack-kde-cs language-pack-kde-cs-base language-pack-kde-cy language-pack-kde-cy-base language-pack-kde-da language-pack-kde-da-base language-pack-kde-de language-pack-kde-de-base language-pack-kde-el language-pack-kde-el-base language-pack-kde-en language-pack-kde-en-base language-pack-kde-eo language-pack-kde-eo-base language-pack-kde-es language-pack-kde-es-base language-pack-kde-et language-pack-kde-et-base language-pack-kde-eu language-pack-kde-eu-base language-pack-kde-fa language-pack-kde-fa-base language-pack-kde-fi language-pack-kde-fi-base language-pack-kde-fr language-pack-kde-fr-base language-pack-kde-fy language-pack-kde-fy-base language-pack-kde-ga language-pack-kde-ga-base language-pack-kde-gl language-pack-kde-gl-base language-pack-kde-gu language-pack-kde-gu-base language-pack-kde-he language-pack-kde-he-base language-pack-kde-hi language-pack-kde-hi-base language-pack-kde-hr language-pack-kde-hr-base language-pack-kde-hu language-pack-kde-hu-base language-pack-kde-id language-pack-kde-id-base language-pack-kde-is language-pack-kde-is-base language-pack-kde-it language-pack-kde-it-base language-pack-kde-ja language-pack-kde-ja-base language-pack-kde-ka language-pack-kde-ka-base language-pack-kde-kk language-pack-kde-kk-base language-pack-kde-kn language-pack-kde-kn-base language-pack-kde-ko language-pack-kde-ko-base language-pack-kde-ku language-pack-kde-ku-base language-pack-kde-lt language-pack-kde-lt-base language-pack-kde-lv language-pack-kde-lv-base language-pack-kde-mk language-pack-kde-mk-base language-pack-kde-ml language-pack-kde-ml-base language-pack-kde-mr language-pack-kde-mr-base language-pack-kde-nb language-pack-kde-nb-base language-pack-kde-nl language-pack-kde-nl-base language-pack-kde-nn language-pack-kde-nn-base language-pack-kde-oc language-pack-kde-oc-base language-pack-kde-or language-pack-kde-or-base language-pack-kde-pa language-pack-kde-pa-base language-pack-kde-pl language-pack-kde-pl-base language-pack-kde-pt language-pack-kde-pt-base language-pack-kde-ro language-pack-kde-ro-base language-pack-kde-ru language-pack-kde-ru-base language-pack-kde-si language-pack-kde-si-base language-pack-kde-sk language-pack-kde-sk-base language-pack-kde-sl language-pack-kde-sl-base language-pack-kde-sq language-pack-kde-sq-base language-pack-kde-sr language-pack-kde-sr-base language-pack-kde-sv language-pack-kde-sv-base language-pack-kde-ta language-pack-kde-ta-base language-pack-kde-te language-pack-kde-te-base language-pack-kde-th language-pack-kde-th-base language-pack-kde-tr language-pack-kde-tr-base language-pack-kde-uk language-pack-kde-uk-base language-pack-kde-vi language-pack-kde-vi-base language-pack-kde-zh language-pack-kde-zh-base language-pack-kk language-pack-kk-base language-pack-kn language-pack-kn-base language-pack-ko language-pack-ko-base language-pack-ku language-pack-ku-base language-pack-lt language-pack-lt-base language-pack-lv language-pack-lv-base language-pack-mk language-pack-mk-base language-pack-ml language-pack-ml-base language-pack-mr language-pack-mr-base language-pack-nb language-pack-nb-base language-pack-nl language-pack-nl-base language-pack-nn language-pack-nn-base language-pack-oc language-pack-oc-base language-pack-or language-pack-or-base language-pack-pa language-pack-pa-base language-pack-pl language-pack-pl-base language-pack-pt language-pack-pt-base language-pack-ro language-pack-ro-base language-pack-ru language-pack-ru-base language-pack-si language-pack-si-base language-pack-sk language-pack-sk-base language-pack-sl language-pack-sl-base language-pack-sq language-pack-sq-base language-pack-sr language-pack-sr-base language-pack-sv language-pack-sv-base language-pack-ta language-pack-ta-base language-pack-te language-pack-te-base language-pack-th language-pack-th-base language-pack-tr language-pack-tr-base language-pack-uk language-pack-uk-base language-pack-vi language-pack-vi-base language-pack-zh language-pack-zh-base"

N/A

9.04, 9.10

language packs

export SRCPKG="language-pack-af language-pack-af-base language-pack-ar language-pack-ar-base language-pack-as language-pack-as-base language-pack-ast language-pack-ast-base language-pack-be language-pack-be-base language-pack-bg language-pack-bg-base language-pack-bn language-pack-bn-base language-pack-ca language-pack-ca-base language-pack-cs language-pack-cs-base language-pack-cy language-pack-cy-base language-pack-da language-pack-da-base language-pack-de language-pack-de-base language-pack-el language-pack-el-base language-pack-en language-pack-en-base language-pack-eo language-pack-eo-base language-pack-es language-pack-es-base language-pack-et language-pack-et-base language-pack-eu language-pack-eu-base language-pack-fa language-pack-fa-base language-pack-fi language-pack-fi-base language-pack-fr language-pack-fr-base language-pack-fy language-pack-fy-base language-pack-ga language-pack-ga-base language-pack-gl language-pack-gl-base language-pack-gnome-af language-pack-gnome-af-base language-pack-gnome-ar language-pack-gnome-ar-base language-pack-gnome-as language-pack-gnome-as-base  language-pack-gnome-ast language-pack-gnome-ast-base language-pack-gnome-be language-pack-gnome-be-base language-pack-gnome-bg language-pack-gnome-bg-base language-pack-gnome-bn language-pack-gnome-bn-base language-pack-gnome-ca language-pack-gnome-ca-base language-pack-gnome-cs language-pack-gnome-cs-base language-pack-gnome-cy language-pack-gnome-cy-base language-pack-gnome-da language-pack-gnome-da-base language-pack-gnome-de language-pack-gnome-de-base language-pack-gnome-el language-pack-gnome-el-base language-pack-gnome-en language-pack-gnome-en-base language-pack-gnome-eo language-pack-gnome-eo-base language-pack-gnome-es language-pack-gnome-es-base language-pack-gnome-et language-pack-gnome-et-base language-pack-gnome-eu language-pack-gnome-eu-base language-pack-gnome-fa language-pack-gnome-fa-base language-pack-gnome-fi language-pack-gnome-fi-base language-pack-gnome-fr language-pack-gnome-fr-base language-pack-gnome-fy language-pack-gnome-fy-base language-pack-gnome-ga language-pack-gnome-ga-base language-pack-gnome-gl language-pack-gnome-gl-base language-pack-gnome-gu language-pack-gnome-gu-base language-pack-gnome-he language-pack-gnome-he-base language-pack-gnome-hi language-pack-gnome-hi-base language-pack-gnome-hr language-pack-gnome-hr-base language-pack-gnome-hu language-pack-gnome-hu-base language-pack-gnome-id language-pack-gnome-id-base language-pack-gnome-is language-pack-gnome-is-base language-pack-gnome-it language-pack-gnome-it-base language-pack-gnome-ja language-pack-gnome-ja-base language-pack-gnome-ka language-pack-gnome-ka-base language-pack-gnome-kk language-pack-gnome-kk-base language-pack-gnome-kn language-pack-gnome-kn-base language-pack-gnome-ko language-pack-gnome-ko-base language-pack-gnome-ku language-pack-gnome-ku-base language-pack-gnome-lt language-pack-gnome-lt-base language-pack-gnome-lv language-pack-gnome-lv-base language-pack-gnome-mk language-pack-gnome-mk-base language-pack-gnome-ml language-pack-gnome-ml-base language-pack-gnome-mr language-pack-gnome-mr-base language-pack-gnome-nb language-pack-gnome-nb-base language-pack-gnome-nl language-pack-gnome-nl-base language-pack-gnome-nn language-pack-gnome-nn-base language-pack-gnome-oc language-pack-gnome-oc-base language-pack-gnome-or language-pack-gnome-or-base language-pack-gnome-pa language-pack-gnome-pa-base language-pack-gnome-pl language-pack-gnome-pl-base language-pack-gnome-pt language-pack-gnome-pt-base language-pack-gnome-ro language-pack-gnome-ro-base language-pack-gnome-ru language-pack-gnome-ru-base language-pack-gnome-si language-pack-gnome-si-base language-pack-gnome-sk language-pack-gnome-sk-base language-pack-gnome-sl language-pack-gnome-sl-base language-pack-gnome-sq language-pack-gnome-sq-base language-pack-gnome-sr language-pack-gnome-sr-base language-pack-gnome-sv language-pack-gnome-sv-base language-pack-gnome-ta language-pack-gnome-ta-base language-pack-gnome-te language-pack-gnome-te-base language-pack-gnome-th language-pack-gnome-th-base language-pack-gnome-tr language-pack-gnome-tr-base language-pack-gnome-uk language-pack-gnome-uk-base language-pack-gnome-vi language-pack-gnome-vi-base language-pack-gnome-zh language-pack-gnome-zh-base language-pack-gu language-pack-gu-base language-pack-he language-pack-he-base language-pack-hi language-pack-hi-base language-pack-hr language-pack-hr-base language-pack-hu language-pack-hu-base language-pack-id language-pack-id-base language-pack-is language-pack-is-base language-pack-it language-pack-it-base language-pack-ja language-pack-ja-base language-pack-ka language-pack-ka-base language-pack-kde-af language-pack-kde-af-base language-pack-kde-ar language-pack-kde-ar-base language-pack-kde-as language-pack-kde-as-base language-pack-kde-ast language-pack-kde-ast-base language-pack-kde-be language-pack-kde-be-base language-pack-kde-bg language-pack-kde-bg-base language-pack-kde-bn language-pack-kde-bn-base language-pack-kde-ca language-pack-kde-ca-base language-pack-kde-cs language-pack-kde-cs-base language-pack-kde-cy language-pack-kde-cy-base language-pack-kde-da language-pack-kde-da-base language-pack-kde-de language-pack-kde-de-base language-pack-kde-el language-pack-kde-el-base language-pack-kde-en language-pack-kde-en-base language-pack-kde-eo language-pack-kde-eo-base language-pack-kde-es language-pack-kde-es-base language-pack-kde-et language-pack-kde-et-base language-pack-kde-eu language-pack-kde-eu-base language-pack-kde-fa language-pack-kde-fa-base language-pack-kde-fi language-pack-kde-fi-base language-pack-kde-fr language-pack-kde-fr-base language-pack-kde-fy language-pack-kde-fy-base language-pack-kde-ga language-pack-kde-ga-base language-pack-kde-gl language-pack-kde-gl-base language-pack-kde-gu language-pack-kde-gu-base language-pack-kde-he language-pack-kde-he-base language-pack-kde-hi language-pack-kde-hi-base language-pack-kde-hr language-pack-kde-hr-base language-pack-kde-hu language-pack-kde-hu-base language-pack-kde-id language-pack-kde-id-base language-pack-kde-is language-pack-kde-is-base language-pack-kde-it language-pack-kde-it-base language-pack-kde-ja language-pack-kde-ja-base language-pack-kde-ka language-pack-kde-ka-base language-pack-kde-kk language-pack-kde-kk-base language-pack-kde-kn language-pack-kde-kn-base language-pack-kde-ko language-pack-kde-ko-base language-pack-kde-ku language-pack-kde-ku-base language-pack-kde-lt language-pack-kde-lt-base language-pack-kde-lv language-pack-kde-lv-base language-pack-kde-mk language-pack-kde-mk-base language-pack-kde-ml language-pack-kde-ml-base language-pack-kde-mr language-pack-kde-mr-base language-pack-kde-nb language-pack-kde-nb-base language-pack-kde-nl language-pack-kde-nl-base language-pack-kde-nn language-pack-kde-nn-base language-pack-kde-oc language-pack-kde-oc-base language-pack-kde-or language-pack-kde-or-base language-pack-kde-pa language-pack-kde-pa-base language-pack-kde-pl language-pack-kde-pl-base language-pack-kde-pt language-pack-kde-pt-base language-pack-kde-ro language-pack-kde-ro-base language-pack-kde-ru language-pack-kde-ru-base language-pack-kde-si language-pack-kde-si-base language-pack-kde-sk language-pack-kde-sk-base language-pack-kde-sl language-pack-kde-sl-base language-pack-kde-sq language-pack-kde-sq-base language-pack-kde-sr language-pack-kde-sr-base language-pack-kde-sv language-pack-kde-sv-base language-pack-kde-ta language-pack-kde-ta-base language-pack-kde-te language-pack-kde-te-base language-pack-kde-th language-pack-kde-th-base language-pack-kde-tr language-pack-kde-tr-base language-pack-kde-uk language-pack-kde-uk-base language-pack-kde-vi language-pack-kde-vi-base language-pack-kde-zh language-pack-kde-zh-base language-pack-kk language-pack-kk-base language-pack-kn language-pack-kn-base language-pack-ko language-pack-ko-base language-pack-ku language-pack-ku-base language-pack-lt language-pack-lt-base language-pack-lv language-pack-lv-base language-pack-mk language-pack-mk-base language-pack-ml language-pack-ml-base language-pack-mr language-pack-mr-base language-pack-nb language-pack-nb-base language-pack-nl language-pack-nl-base language-pack-nn language-pack-nn-base language-pack-oc language-pack-oc-base language-pack-or language-pack-or-base language-pack-pa language-pack-pa-base language-pack-pl language-pack-pl-base language-pack-pt language-pack-pt-base language-pack-ro language-pack-ro-base language-pack-ru language-pack-ru-base language-pack-si language-pack-si-base language-pack-sk language-pack-sk-base language-pack-sl language-pack-sl-base language-pack-sq language-pack-sq-base language-pack-sr language-pack-sr-base language-pack-sv language-pack-sv-base language-pack-ta language-pack-ta-base language-pack-te language-pack-te-base language-pack-th language-pack-th-base language-pack-tr language-pack-tr-base language-pack-uk language-pack-uk-base language-pack-vi language-pack-vi-base language-pack-zh language-pack-zh-base"

  1. USN numbers greater than -1 are subject to change based on regression fixes
    • 930-3 is for LP: #600022

Publication

In general, follow SecurityTeam/UpdatePublication with the following exceptions:

  • use the above table to determine the SRCPKG for each USN

  • use --ppa=ubuntu-mozilla-security with unembargo.py and copy_sppa_to_repos

  • be sure to clean out new-usn.sh for unrelated items. Eg, USN-927-4 should only have nss for 8.04 LTS and 930-1 should only have firefox-3.0 for hardy. Verify these against what is listed in USNs, above

  • run copy-report manually on cocoplum

Release Notes

The following USNs have release note specific items:

USN

Note

930-1

sun-java5-plugin is not supported in firefox 3.6 on Ubuntu 8.04 LTS. Use icedtea-java7-plugin or sun-java6-plugin instead.

930-4

sun-java5-plugin is not supported in firefox 3.6 on Ubuntu 9.04. Use icedtea6-plugin or sun-java6-plugin instead.

930-1

Upgrades to Ubuntu 8.10 from Ubuntu 8.04 LTS may break the browser. Ubuntu 8.10 is no longer supported so users will need to upgrade to 9.04 to receive active security support and a functional browser.

930-1, 930-4

Font configuration cannot be controlled via Gnome settings. This is a known issue being tracked in https://launchpad.net/bugs/559149 and will be fixed in a later update.

930-1, 930-4

helix-player is not currently supported in firefox 3.6. This is a known issue and may be fixed in a future update.

930-1

RealAudio via the totem plugin is no longer supported in firefox 3.6 in Ubuntu 8.04 LTS. Affected users navigating to Real content will be prompted to install optional community supported packages.

930-1

In Ubuntu 8.04 LTS the xine plugin is non-functional. After upgrading to Firefox 3.6, the plugin may cause the browser to crash, while in Firefox 3.0 it would be silently ignored. Users are advised to uninstall xine-plugin and/or gxineplugin.

930-1, 930-4

After upgrading to Firefox 3.6.6, users may be prompted to upgrade some 3rd party Add-Ons. In some cases, an Add-On will not be compatible with Firefox 3.6.6 and have no update available. In these cases, Firefox will notify the user that it is disabling the Add-On.

930-1

Plugins using external helpers (such as Totem) may not close when using the Epiphany browser. This is a known issue being tracked in https://launchpad.net/bugs/599796 and will be fixed in a later update. This issue only affects Ubuntu 8.04 LTS.

930-4

Plugins using external helpers (such as Totem) may not close when using the Epiphany browser. This is a known issue being tracked in https://launchpad.net/bugs/599796 and will be fixed in a later update. This issue only affects Ubuntu 9.04.

930-4

The OpenJDK java plugin is not available in Ubuntu 9.04 on Sparc hardware. This will be fixed in a future update.

930-4

The Xulrunner package provided by this update is incompatible with the Kazehakase browser in Ubuntu 9.04. This is a known issue being tracked in https://launchpad.net/bugs/608705 and will be fixed in a future update.

930-4

Plugins using external helpers (such as Totem) may not close when using the Epiphany browser. This is a known issue being tracked in https://launchpad.net/bugs/599796 and will be fixed in a later update. This issue only affects Ubuntu 9.04.

930-2

USN-930-1 fixed vulnerabilities in Firefox. This update provides rebuilt packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS.

930-5

USN-930-1 fixed vulnerabilities in Firefox. This update provides rebuilt packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 9.04 and 9.10.

930-X REJECTED

epiphany now uses webkit exclusively. This results in changes in behavior including no prompts for untrusted SSL certs (only broken lock) and CA certificate imports are done system-wide in /etc/ssl/certs as opposed to per user. Plugins are no longer listed via 'about:plugins', 'Use image as background' is no longer available. Javascript heavy applications like maps.google.com do not work.

Regressions

  • firefox (8.04 LTS)

    • sun-java5-plugin no longer supported: WONT FIX (see release note)

    • font rendering (LP: #588311): RESOLVED (chriscoulson)

    • font configuration (LP: #379761, LP: #559149): WONT FIX (chriscoulson, patch reviewed by upstream and it needs work. Will be handled in SRU. See release note)

    • openjdk plugin does not work: RESOLVED (micahg)

    • language packs (Translations) not updated: RESOLVED

    • xine-plugin crashes firefox after upgrade: WONT FIX (See release note)

    • totem issues (see below)
  • firefox (9.04):

    • openjdk plugin does not work: RESOLVED (chriscoulson, micahg: requires backported openjdk-6 from lucid-proposed (for bug #597714))

  • firefox (9.10):

    • openjdk plugin does not work: RESOLVED (chriscoulson, micahg: requires backported openjdk-6 from lucid-proposed (for bug #597714))

  • epiphany/webkit (8.04 LTS) REJECTED:

    • LP: #589877 (epiphany (webkit) does not prompt with untrusted SSL certificates): BLOCKER

      • also can no longer add CA certificates on a per-user basis
      • affects all versions of epiphany/webkit in Ubuntu

    • LP: #589879 (epiphany (webkit) does not work with maps.google.com): BLOCKER

      • major javascript issue
      • works in 10.04 LTS, does not work in 9.10

    • LP: #589882 (epiphany (webkit) doesn't detect java plugin): BLOCKER

      • affects all versions of epiphany/webkit in Ubuntu

    • LP: #589884 (epiphany (webkit) 'Use Image as Background' no longer available): WONT FIX (see release note)

      • works in 10.04 LTS, does not work in 9.10

    • LP: #589891 (epiphany (webkit) in mozilla PPA cannot play ogg video): BLOCKER

      • sort of works in 9.10 and 10.04 LTS

    • about:plugins no longer works: WONT FIX (see release note)

    • extra mouse buttons do not work (bug reference?): WONT FIX (chriscoulson, not a blocker)

  • epiphany/gecko using xulrunner-1.9.2 (8.04 LTS):

    • can't initialize EphyBrowser: RESOLVED (chriscoulson)

    • cannot open URLs for many file types (xulrunner-1.9.2-gnome-support not installed on upgrade): RESOLVED (chriscoulson)

    • LP: #599796: plugins using external helpers (eg totem-mozilla) are not killed on browser close after viewing embedded media: WONT FIX (chriscoulson, will be handled in SRU. See release note)

  • epiphany/gecko using xulrunner-1.9.2 (9.04):

    • openjdk plugin does not work: RESOLVED (chriscoulson, micahg: requires backported openjdk-6 from lucid-proposed (for bug #597714))

    • LP: #599796: plugins using external helpers (eg totem-mozilla) are not killed on browser close after viewing embedded media: WONT FIX (chriscoulson, will be handled in SRU. See release note)

  • nss 9.04:

    • bug #559918 regressed: RESOLVED (chriscoulson)

  • totem:
    • 8.04 LTS:

      • plugin is not detected: RESOLVED (chriscoulson)

      • plugin detected, but disabled after upgrade: RESOLVED (chriscoulson)

      • plugin can't find media with HTML files using file://: RESOLVED (chriscoulson)

Testing

Please see: Testing/Firefox3.6.4Upgrade for procedures and reporting. Regressions are listed above. Tests also include:

  • using QRT/scripts/test-browser.py for firefox with icedtea6-plugin/icedtea-java7-plugin and sun-java6-plugin:
    • 8.04 LTS: PASS (see Regressions, above)
    • 9.04: PASS (see Regressions, above)
    • 9.10: PASS (see Regressions, above)
  • using QRT/scripts/test-browser.py for epiphany-browser/webkit:
    • 8.04 LTS: PASS (see Regressions, above)
  • using QRT/scripts/test-browser.py for new epiphany-browser/gecko using xulrunner-1.9.2:
    • 8.04 LTS: PASS (see Regressions, above)
    • 9.04: PASS (see Regressions, above)
  • testing NSS with evolution and thunderbird:
    • 8.04 LTS:
      • pop/tls: PASS
      • pop/ssl: PASS
      • imap/tls: PASS
      • imap/ssl: PASS
      • smtp/tls: PASS
      • smtp/tls/smtp auth: PASS
      • import/view CA certificate: PASS
      • verify not prompted with imported CA certificate (pop/tls): PASS

      • verify not to regress fix for https://launchpad.net/bugs/559881: PASS

      • verify not to regress fix for https://launchpad.net/bugs/559918 (must enable FIPS first): PASS

    • 9.04:
      • pop/tls: PASS
      • pop/ssl: PASS
      • imap/tls: PASS
      • imap/ssl: PASS
      • smtp/tls: PASS
      • smtp/tls/smtp auth: PASS
      • import/view CA certificate: PASS
      • verify not prompted with imported CA certificate (pop/tls): PASS

      • verify not to regress fix for https://launchpad.net/bugs/559881: PASS

      • verify not to regress fix for https://launchpad.net/bugs/559918: RESOLVED

        • to test/reproduce:
          1. setup a POP3 account
          2. enable master password in thunderbird
          3. enable FIPS in thunderbird
          4. close thunderbird
          5. apt-get install libnss3-0d
          6. start thunderbird

    The above can be verified with:

    sudo tcpdump -s 0 -n -X -i eth0 port 110 or port 995 or port 143 or port 993 or port 25
  • verify acroread:
    • 8.04 LTS: PASS
    • 9.04: PASS
    • 9.10: PASS
  • verify yelp:
    • 8.04 LTS: PASS
      • internal links work
      • search works
      • bookmarks work
      • forward/back/find/about/preferences all work
      • external links open firefox
    • 9.04: PASS (found it crashes a bit after clicking search results. This is not a regression as it happens with yelp in official 9.04)
      • internal links work
      • search works
      • bookmarks work
      • forward/back/find/about/preferences all work
      • external links open firefox
    • 9.10: PASS
      • internal links work
      • search works
      • bookmarks work
      • forward/back/find/about/preferences all work
      • external links open firefox
  • verify extensions:
  • verify rhythmbox
    • 8.04 LTS: PASS
  • verify apturl:
    • 8.04 LTS: PASS (is a bit flaky when lots of extensions/plugins are installed. Several times I got an unknown protocol error (apt). I saw this with firefox 3.0 as well as 3.6)
    • 9.04: PASS
    • 9.10: PASS
  • apparmor profile:
    • 8.04 LTS
      • profile is not shipped: PASS
    • 9.04:
      • profile is not shipped: PASS
    • 9.10:
      • no new denials: PASS

      • status same after upgrade: RESOLVED (enabled profile is disabled after upgrade -- jdstrand)

  • openjdk-6 backport:
    • 9.04
      • upload: DONE (micahg, chriscoulson)
      • TCK testing: DONE (sbeattie)
      • eucalyptus testing: IGNORED (per ttx)
      • tomcat testing: DONE (ttx)
      • browser testing: DONE (jdstrand)
    • 9.10
      • upload: DONE (micahg, chriscoulson)
      • TCK testing: DONE (sbeattie)
      • eucalyptus testing: DONE (kirkland)
      • tomcat testing: DONE (ttx)
      • browser testing: DONE (jdstrand)

Making sure you have the latest packages

The ubuntu-mozilla-security PPA is being updated regularly with bug fixes and backports. To make sure you have the latest packages for testing locally, you can use the following shell script :

set -e

repo="/var/www/debs/testing"
output="$HOME/ums.list"

force_update=""
if [ "$1" = "-u" ]; then
    force_update="yes"
    shift
fi

# remote
tmpdir=`mktemp -d`
trap "rm -rf $tmpdir" EXIT HUP INT QUIT TERM
if [ "$force_update" = "yes" ] || [ ! -e "$output" ]; then
    echo "Downloading package list from ubuntu-mozilla-security to '$output'."
    echo "(this will take a while)"
    ls-ppa --ppa=ubuntu-mozilla-security > "$tmpdir/ums.list"
    mv -f "$tmpdir/ums.list" "$output"
fi

if [ -z "$1" ]; then
     echo "Need to specify a release" >&2
     exit
fi
ums_release="$1"

cat "$output" | grep "$ums_release" | grep -v language | sed -e 's/: / /' -e "s/ ($ums_release)//" | sort > "$tmpdir/remote"
mv -f "$tmpdir/remote" /tmp/remote."$ums_release"

# local
ls -1 "$repo/$ums_release/"*source.changes | sed -e 's#.*/##g' -e 's/_/ /g' -e 's/ source.changes//' | sort > "$tmpdir/local"
mv -f "$tmpdir/local" /tmp/local."$ums_release"

# diff
diff -Nau /tmp/remote."$ums_release" /tmp/local."$ums_release"

The basic idea with the above is that you have a local apt repository where you download all the latest packages (see copy_sppa_to_repos and then you use ls-ppa to generate a listing of the PPA and compare that to what is in your local repository for a specific release. Eg:

$ ./tmp/ums-diff -u hardy
Downloading package list from ubuntu-mozilla-security to '/home/<user>/ums.list'.
(this will take a while)
...
 chmsee 1.0.0-1ubuntu1.8.04.2
 edbrowse 3.3.1-1ubuntu0.1
+epiphany-browser 2.28.0-4ubuntu0.8.04.3
+epiphany-extensions 2.28.0-0ubuntu0.8.04.2
 firebug 1.5.0-0ubuntu0.8.04.2
 firefox-3.0 3.6.4+build7+nobinonly-0ubuntu0.8.04.1
...

Hardy

Below lists a few things for pulling down packages to test in VMs (see SecurityTeam/TestingEnvironment):

  • copy the architecture 'all' binaries to local repository:

    $ export SRCPKG="adblock-plus all-in-one-sidebar apturl firebug firefox-showcase flashblock foxyproxy greasemonkey imagezoom livehttpheaders mozgest mozilla-noscript mozilla-stumbleupon nukeimage penguintv scrapbook speeddial torbutton ubufox ubuntu-it-menu useragentswitcher webdeveloper"
$ copy_sppa_to_repos --release hardy --ppa=ubuntu-mozilla-security -a i386 $SRCPKG

  • copy the architecture 'any' binaries to local repository:

    $ export SRCPKG="blam chmsee edbrowse epiphany-browser gecko-sharp2 gnome-python-extras icedtea-gcjwebplugin liferea listen miro prism rhythmbox totem yelp"
$ copy_sppa_to_repos --release hardy --ppa=ubuntu-mozilla-security $SRCPKG

  • install the standard binaries:

    $ sudo apt-get install epiphany-browser firefox firefox-gnome-support flashplugin-nonfree totem-mozilla apturl icedtea-java7-plugin

  • install the extra binaries for everything:

    export BINS="blam chmsee edbrowse epiphany-browser epiphany-browser-dev epiphany-gecko epiphany-browser-data libgecko2.0-cil python-gnome2-extras-dev python-gtkhtml2 liferea listen miro democracyplayer prism prism-facebook prism-google-analytics prism-google-calendar prism-google-docs prism-google-mail prism-google-reader prism-google-groups prism-google-talk prism-twitter rhythmbox yelp adblock-plus all-in-one-sidebar apturl firebug firefox-showcase flashblock foxyproxy firefox-greasemonkey mozilla-imagezoom mozilla-livehttpheaders mozgest mozilla-noscript mozilla-stumbleupon mozilla-nukeimage penguintv scrapbook speeddial torbutton-extension ubufox firefox-ubuntu-it-menu useragentswitcher firefox-webdeveloper"
$ sudo apt-get install $BINS

  • install for nss/nspr testing (evolution and thunderbird):

    export SRCPKG="nss nspr"
$ copy_sppa_to_repos --release hardy --ppa=ubuntu-mozilla-security $SRCPKG
$ sudo apt-get install evolution thunderbird

Jaunty

Below lists a few things for pulling down packages to test in VMs (see SecurityTeam/TestingEnvironment):

  • copy the architecture 'all' binaries to local repository:

    $ export SRCPKG="adblock-plus all-in-one-sidebar apturl ctxextensions firebug firefox-sage firefox-showcase flashblock foxyproxy greasemonkey imagezoom itsalltext livehttpheaders mozgest mozilla-noscript mozilla-stumbleupon nukeimage penguintv scrapbook speeddial torbutton ubufox ubuntu-it-menu useragentswitcher venkman webdeveloper webfav"
$ copy_sppa_to_repos --release jaunty --ppa=ubuntu-mozilla-security -a i386 $SRCPKG

  • copy the architecture 'any' binaries to local repository:

    $ export SRCPKG="ant beagle chmsee conkeror edbrowse fennec epiphany-browser galeon gluezilla gnome-python-extras gnome-web-photo google-gadgets kazehakase liferea listen miro moon mozvoikko openjdk-6 packagekit prism tuxguitar yelp"
$ copy_sppa_to_repos --release jaunty --ppa=ubuntu-mozilla-security $SRCPKG

  • install the standard binaries:

    $ sudo apt-get install epiphany-browser firefox firefox-gnome-support flashplugin-nonfree totem-mozilla apturl icedtea6-plugin

  • install the extra binaries for everything:

    export BINS="beagle beagle-dev chmsee conkeror mozilla-beagle epiphany-browser galeon python-gnome2-extras-dev python-gtkhtml2 gnome-web-photo liferea listen miro moonlight-plugin-mozilla mozvoikko prism prism-facebook prism-google-analytics prism-google-calendar prism-google-docs prism-google-mail prism-google-reader prism-google-groups prism-google-talk prism-twitter yelp adblock-plus all-in-one-sidebar apturl mozilla-ctxextensions firebug flashblock foxyproxy firefox-greasemonkey firefox-sage firefox-showcase mozilla-imagezoom itsalltext mozilla-livehttpheaders mozilla-mozgest mozilla-noscript mozilla-stumbleupon mozilla-nukeimage mozilla-packagekit penguintv iceweasel-scrapbook speeddial torbutton-extension tuxguitar ubufox firefox-ubuntu-it-menu useragentswitcher mozilla-venkman firefox-webdeveloper webfav"
$ sudo apt-get install $BINS

  • install for nss/nspr testing (evolution and thunderbird):

    export SRCPKG="nss nspr thunderbird"
$ copy_sppa_to_repos --release jaunty --ppa=ubuntu-mozilla-security $SRCPKG
$ sudo apt-get install evolution thunderbird

Karmic

Below lists a few things for pulling down packages to test in VMs (see SecurityTeam/TestingEnvironment):

  • copy the architecture 'all' binaries to local repository:

    $ export SRCPKG="adblock-plus all-in-one-sidebar bindwood ctxextensions firebug firefox-sage firefoxnotify flashblock foxyproxy greasemonkey livehttpheaders long-url-please mozgest mozilla-noscript nukeimage penguintv pwdhash scrapbook speeddial torbutton ubufox ubuntu-it-menu webdeveloper webfav"
$ copy_sppa_to_repos --release karmic --ppa=ubuntu-mozilla-security -a i386 $SRCPKG

  • copy the architecture 'any' binaries to local repository:

    $ export SRCPKG="ant beagle chmsee conkeror edbrowse fennec galeon gnome-web-photo google-gadgets miro moon mozvoikko mozzemberek openjdk-6 prism tuxguitar xiphos yelp"
$ copy_sppa_to_repos --release karmic --ppa=ubuntu-mozilla-security $SRCPKG

  • install the standard binaries:

    $ sudo apt-get install firefox firefox-gnome-support flashplugin-nonfree totem-mozilla apturl icedtea6-plugin

  • install the extra binaries for everything:

    export BINS="beagle beagle-dev mozilla-beagle adblock-plus all-in-one-sidebar bindwood mozilla-ctxextensions firebug flashblock foxyproxy firefox-greasemonkey mozilla-livehttpheaders long-url-please mozilla-mozgest mozilla-noscript mozilla-nukeimage pwdhash firefox-sage iceweasel-scrapbook speeddial torbutton-extension ubufox firefox-ubuntu-it-menu firefox-webdeveloper webfav"
$ sudo apt-get install $BINS

Testing/Firefox3.6.4Upgrade/SecurityPublication (last edited 2010-08-03 15:19:16 by pool-71-123-6-194)