Monday, October 29, 2012

17.0 beta 2 and QTE v.116

17.0 beta 2 is out, available from (guess where?) the Downloads tab. I wanted to do some work on issue 187 first, since I suspect it is a simple issue, but it was more important to get this into your hands since there is security content in it. Please upgrade if you are still using beta 1.

The font fix has either completely repaired or significantly improved the situation of all those who have reported in. If you are experiencing missing text, "boxes" or weird fonts, please try this release. Fonts that are filtered by this fix are logged to so you can see what's going on, and the filtering only affects TenFourFox, not other apps on the system.

In addition, the new QuickTime Enabler v.116 is out for 17. There are no new features, but it fixes the jetpack SDK in use to avoid a potential security hazard. You should upgrade to 116 if you are using 17. Only use v.115 if you are still using 10.x.

Finally, we have German, French and Polish language packs in issue 61, and our new addition is Swedish. Please test the locale installer for your chosen language and give Chris feedback so we can have the language packs available on 17's launch day. 10.0.11, the final release of 10.x (I hope), will be built and made available the weekend of November 16; 17.0 will be out shortly after and made available to the public on November 20, just in time for us to give thanks for our bountiful Power Macintoshes.

In Mozilla news, Growl support gets a reprieve for Firefox 18 while we wait for XUL notifications to become a reality. I plan to support XUL notifications, since they will be more flexible than Growl and more future-proof, but until then we need Growl, and it looks like it will be still there for at least the next two releases. We'll see what happens with Fx19. Also, the patches currently landing for drawing browser content in the titlebar, which is a pre-requisite for Australis (the new Firefox interface), look like they will probably work fine with 10.4. More about that later; Australis is not likely to land for Mac anytime real soon.

Thursday, October 25, 2012

10.0.10 available

Please grab from the Downloads tab (and read the release notes). It will become final tomorrow afternoon Pacific time. 17 "beta 2" will be available early next week.

Wednesday, October 24, 2012

It's chemspill mania!

The bug repaired in 16.0.1 and 10.0.9 inspired people to go meddling around in that section of code and, of course, more potential problems were found. Both 10.x and 16.x (and, by extension, 17.x) are affected, so there will be a 10.0.10 coming out probably on Friday or Saturday, and 10.0.11 will be the final release for 10.x. Maybe.

Though I ordinarily don't respin betas, the issues involved have some nasty knock-on effects and I really want users testing 17 before it becomes final, so I will probably respin the 17 beta and also pick up any new fixes early next week. Users of AuroraFox will need to inquire with Tobias; the faulty code is present in both 17 and 18. SeaMonkeyPPC users are also affected.

Friday, October 19, 2012

Classilla 9.3.1

For those of you like me who still spend a significant amount of time in Mac OS 9 -- for me, while it's not as much as it was a few years ago, I'm still in OS 9 at least once every couple weeks -- Classilla 9.3.1 is out. It's not everything I wanted to get in that release, TenFourFox really delayed it (because it takes a lot of effort to stay on the Mozilla release treadmill), and in the middle of working on it the MDD chewed through its second power supply, stopping work for a couple weeks until I had time to get it on the bench to replace it. Still, it's a lot of security audits, some important bug fixes and even a few new features. Read about it from the announcement thread on LEM's Mac OS 9 list, or download it from

So far the reports look very encouraging for our font fix. Thanks to everyone who contributed the missing pieces. There haven't been any major TenFourFox-specific problems, but there are a few significant items Mozilla needs to fix and we will pick these up for the release candidate in early November. Also watch for v.116, which will be the new 17.0-only QuickTime Enabler.

Saturday, October 13, 2012

QuickTime Enabler v.115

Are you sick of me yet? QuickTime Enabler v.115 is out, but it requires TenFourFox 17; it is not tested, nor supported, with 10.x. and since by accident I built it with an old addon SDK version, we will offer it for 10.x users as well; there will be a v.116 for TenFourFox 17 with the correct SDK. This v.116 will become the new QTE when 17.0 becomes final. Test it!

This version fixes the problem with YouTube URLs, so they should work again (well, at least as well as they usually work, which is fine with non-ad-based videos and crummy with ones with ads), and allows you to directly feed a link to QuickTime Player (so you can right-click on a link to an MP3 or video file, and the URL will go straight to QuickTime Player as if you had right-clicked on an HTML5 video). Note that it will offer you this option on any link, since it really has no way of knowing what's on the other end, so don't expect you can play your tax returns in QuickTime Player, and they would probably sound pretty ominous.

So go grab the stuff. It's Christmas in October, yo.

17 beta released; more dark clouds of Judgment Day

17.0 beta is now available from the Downloads tab; read the (WIP) release notes.

Besides fixing the problem with canvases (possibly suboptimally, but that's better than not fixing it at all) and including the security fixes from 10.0.9, I'm going to go for broke with Barry/Chris' theory on Tenderapp that PostScript Type 1 fonts are the problem for those people who get disappearing or "boxed out" text. Actually, that's not quite the issue -- the issue is fonts that contain only bitmaps and no glyph or CFF information, which includes some TrueType/OpenType fonts as well -- so this version simply ignores those fonts and selects a fallback. The configure settings for Arial, Helvetica and Times remain, just in case. If a font is ignored, it is logged to the Console, so you can run and see which fonts it believes it cannot render. This doesn't affect downloadable fonts, just the fonts already installed on your system. The moral of this story is, use TrueType and OpenType fonts unless you absolutely have no other way of getting them.

In the Judgment Day department, Tobias' AuroraFox version of 18 has uncovered some unpleasant findings. While the problems with JPEG images and our use of the built-in AltiVec JPEG decoder can be worked around, version 18.0 removes support for QuickDraw plugins, and as a result plugins crash when instantiated on PowerPC in 18.0. I warned you this day would come. Plugin code will be completely disabled in 18.0 to prevent users who have it enabled from being affected. This code will not be restored, and it is unlikely it would work properly even if it were.

Also, for some absolutely ridiculous reason, Josh Aas in what can only be described as an obsession with wrecking functional old code has decided to remove Growl support from 18 also. I don't know how many of you have Growl installed, but I do, mostly for TTYtter Texapp. However, Firefox and TenFourFox could use Growl to notify users about downloads and updates, and because it was part of toolkit/, it could be used by other Gecko consumers. Allegedly this is being replaced by XUL notifications, but this doesn't even appear to be on the radar. This was a really bad move with half-assed justification, people in the bug weren't too enthusiastic about the idea, and bluntly I'm pretty peeved at him (and I bet people on 10.6 and 10.7 using the real Firefox won't be very happy either, because the only replacement is the Notification Center support which is only in iOS 10.8). We might restore this code if it looks like we have to drop to feature parity between 17 and 24, which is, sadly, probable. I'm curious about how many of you were using Growl, just to see.

QTE update is next.

Friday, October 12, 2012

10.0.9 chemspill

I said that 10.0.8 was not vulnerable to bug 720619 and I was wrong; it is vulnerable to a variety of the attack (in fairness, Mozilla initially didn't think it was vulnerable either). 10.0.9 is now available and 10.0.10 will conclude 10.x. There are no 10.0.9 changesets; 10.0.7's still apply unmodified.

Wednesday, October 10, 2012

16.0.1 chemspill (and 17 beta) imminent

For a high priority security bug (see today's Planning meeting notes) and a couple of ridealongs, Mozilla will chemspill 16.0.1. We never released a 10.4Fx 16.0, and 15.0.1 is not vulnerable, but 17a2 is and I will try to release our beta as soon as possible even though issue 180 (Mozilla bug 794337) is still not yet repaired. In the meantime, 10.0.8 is unaffected and would be the recommended workaround until the revised beta. 10.0.8 is in fact vulnerable to a variation attack: see 10.0.9 post Note for our AuroraFox users that AuroraFox 16 and 17 are vulnerable, and I will defer their mitigation to Tobias. SeaMonkey PPC 2.13 is also vulnerable.

Riding along with the 17 beta will be a prospective blacklist on Type 1 PostScript fonts, which Chris and one of our users demonstrated don't work with Harfbuzz and may be the underlying cause of this Tenderapp issue and this Tenderapp issue. However, I have a remarkably small amount of replies from users for whom this was allegedly a crippling issue. It would really help me if those of you affected would chime in and say if you see the same thing, because the fixes are shots in the dark as I have not been able to replicate them on my internal test systems. The specific workarounds for Arial, Helvetica and Times will stay in, just in case.

10.0.8 was made official Monday night, btw. Remember, 10.0.9 will be the last 10.x release.

In other news, 16.0.1 will probably be the last official Firefox release supporting 10.5 ("adieu, spotted cat"), assuming no further chemspills. For those of you still making PPC builds directly from source without modification, that will break when 17 comes out, including the current incarnation of SeaMonkey PPC.

Saturday, October 6, 2012

10.0.8 available

10.0.8 is now available from the Downloads tab. Please give it a quick spin prior to release. It will be released to the stable branch audience on Tuesday. Only one more 10.0.x release to go!

There are no changesets for 10.0.8 because the 10.0.7 ones applied cleanly, and I have decided not to do any more backporting for this release. I might add issue 130 to 10.0.9, but I haven't decided yet, as it is a minor nuisance bug.

For the 17 beta, there will be a couple significant changes. More on that soon. Also, there will be a new QTE release for 17 with some fixes.