Update to firefox-3.6.9 (xulrunner-1.9.2.9)

MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
             attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)

10 files changed, 61 insertions, 65 deletions

diff --git a/devel/xulrunner/PLIST b/devel/xulrunner/PLIST
index d7cab8cd2b9..7c2b07806dd 100644
--- a/devel/xulrunner/PLIST
+++ b/devel/xulrunner/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.23 2010/07/21 16:55:33 tnn Exp $
+@comment $NetBSD: PLIST,v 1.24 2010/09/09 09:41:21 tnn Exp $
 bin/xulrunner
 ${PLIST.jit}include/xulrunner/Allocator.h
 ${PLIST.jit}include/xulrunner/Assembler.h
@@ -590,6 +590,7 @@ include/xulrunner/nsIContentSerializer.h
 include/xulrunner/nsIContentSink.h
 include/xulrunner/nsIContentSniffer.h
 include/xulrunner/nsIContentURIGrouper.h
+include/xulrunner/nsIContentUtils.h
 include/xulrunner/nsIContentViewer.h
 include/xulrunner/nsIContentViewerContainer.h
 include/xulrunner/nsIContentViewerEdit.h
@@ -1944,7 +1945,6 @@ include/xulrunner/nspr/plbase64.h
 include/xulrunner/nspr/plerror.h
 include/xulrunner/nspr/plgetopt.h
 include/xulrunner/nspr/plhash.h
-include/xulrunner/nspr/plresolv.h
 include/xulrunner/nspr/plstr.h
 include/xulrunner/nspr/pratom.h
 include/xulrunner/nspr/prbit.h
@@ -2067,7 +2067,6 @@ include/xulrunner/pldhash.h
 include/xulrunner/plerror.h
 include/xulrunner/plgetopt.h
 include/xulrunner/plhash.h
-include/xulrunner/plresolv.h
 include/xulrunner/plstr.h
 include/xulrunner/png.h
 include/xulrunner/pngconf.h
diff --git a/devel/xulrunner/dist.mk b/devel/xulrunner/dist.mk
index 4e58cb6ac74..bf0ca603746 100644
--- a/devel/xulrunner/dist.mk
+++ b/devel/xulrunner/dist.mk
@@ -1,4 +1,4 @@
-# $NetBSD: dist.mk,v 1.13 2010/07/27 07:58:52 tnn Exp $
+# $NetBSD: dist.mk,v 1.14 2010/09/09 09:41:21 tnn Exp $
 #
 # used by devel/nspr/Makefile
 # used by devel/nss/Makefile
@@ -8,7 +8,7 @@
 DISTNAME=	firefox-${FIREFOX_VER}.source
 FIREFOX_VER=	3.6${MOZ_BRANCH_MINOR}
 MOZ_BRANCH=	1.9.2
-MOZ_BRANCH_MINOR=	.8
+MOZ_BRANCH_MINOR=	.9
 MASTER_SITES=	${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 EXTRACT_SUFX=	.tar.bz2
 
diff --git a/devel/xulrunner/distinfo b/devel/xulrunner/distinfo
index 01a239793d3..084fe115572 100644
--- a/devel/xulrunner/distinfo
+++ b/devel/xulrunner/distinfo
@@ -1,24 +1,24 @@
-$NetBSD: distinfo,v 1.35 2010/07/27 07:58:52 tnn Exp $
+$NetBSD: distinfo,v 1.36 2010/09/09 09:41:21 tnn Exp $
 
-SHA1 (firefox-3.6.8.source.tar.bz2) = 4936e543f6c7492c5954cbd5b30ddda6b20e3797
-RMD160 (firefox-3.6.8.source.tar.bz2) = 14e245c643d41a1da25fe4dbc15d6ae466a19e5b
-Size (firefox-3.6.8.source.tar.bz2) = 51238976 bytes
+SHA1 (firefox-3.6.9.source.tar.bz2) = 2429154c8d50bb5eeef80233b56fb26dcf727ea3
+RMD160 (firefox-3.6.9.source.tar.bz2) = 530b1d64cc02ba0433c3a39d1c97c569dad090ef
+Size (firefox-3.6.9.source.tar.bz2) = 51240588 bytes
 SHA1 (patch-aa) = d719f801f340688102e3b1c07b53655f4053180a
 SHA1 (patch-ab) = a9a9db3f53ecac231007de9ed163bd99f2184462
 SHA1 (patch-ac) = e50356963fd235ea11fa45baae356fcf21c6669d
 SHA1 (patch-ad) = 7afb960af4e4a311481e7a7b25008ca9b9f7fba1
 SHA1 (patch-ae) = 6679dd9c28f8029cc0ed2a32ae60da696099f351
 SHA1 (patch-af) = 13a9617cd2894cf342487d2a9cfe8cf3066ba0df
-SHA1 (patch-ag) = 62e55040130d5e6cfb10b839fce6abd40a902f08
+SHA1 (patch-ag) = 890b3d559c55fae75ca91fe742bc104bb8c452db
 SHA1 (patch-ah) = 5f8bf19d5ac5ea7e263366a56d10d2eeeee61bac
 SHA1 (patch-ai) = 3444882b0f7f4b63273d8888af88be35ae60933a
 SHA1 (patch-aj) = 423e8915f6e6a166bf3bcbc00c22d590821d6e97
 SHA1 (patch-ak) = d9aca1f9e143d600d8bc841984a2244a50b0ac8c
-SHA1 (patch-al) = ca1a1fb5f875ab9c84c0afea5d913172a6f7ab57
+SHA1 (patch-al) = 7f369b954c413bd52f89236c5dfcc237d72150a5
 SHA1 (patch-am) = 75eb92d1941309ffc13f01d7f1946a2f09170220
 SHA1 (patch-an) = e975941955b578f1d3336d546e99f0c464cdd9d7
 SHA1 (patch-ao) = 353d2098564c7b29849b6f5f4f80d9ac393b23f3
-SHA1 (patch-ap) = dbcf27b23fec35ea838d281a97c7aed94739c8b5
+SHA1 (patch-ap) = 862e97677fa6c473eeb5c000300aa0645239a98e
 SHA1 (patch-aq) = ffb927e222f98c7288e37ddadf1b08a8126c6a55
 SHA1 (patch-ar) = bfeaa055b7192e5874427615424496b41410f24b
 SHA1 (patch-as) = aa83f9b834d796982a2b580ed908e188a28c6a41
@@ -36,7 +36,7 @@ SHA1 (patch-bf) = 6295d27762eb91162c00362306acbd47eeda61ac
 SHA1 (patch-bg) = ab79e04b5ac1453157cfb57754613210c74c3b90
 SHA1 (patch-ma) = a20b263ff14c841fd0ae1634962b90a41173b524
 SHA1 (patch-mb) = b3ba0de4c70d9892a5427fe493e132bad72ae905
-SHA1 (patch-mc) = fc355347943e21f8d4fb9c873f336d5b2d04a68e
+SHA1 (patch-mc) = 8e1a0dd83563f467028a51deb898141fb79d3ffe
 SHA1 (patch-md) = 6bf5242245b17fbd868a6a978eb5849726f81393
 SHA1 (patch-me) = da6324dd21a40dd3cc7b7b9321a18bd11a3434fd
 SHA1 (patch-mf) = 153dfd5cd611e4364fe1c540f4e8eb500115baff
@@ -46,8 +46,8 @@ SHA1 (patch-mi) = 787cb043bb7e687936afaf8f0c67b6b3a7b03e5b
 SHA1 (patch-mj) = 197fab0e00256dedc8a5f181ee0d0d6e42d8177f
 SHA1 (patch-mk) = 793dfa16e19e213d78995c893a28bc0d514135d9
 SHA1 (patch-ml) = 9003af056e5b671b2345d0a75e99836746369c00
-SHA1 (patch-mm) = 51d84cacbfa0430dad21f86f66979b6222299b31
-SHA1 (patch-mn) = 7d162a96959315a143c68b3ca2ca4dea6060f1f2
+SHA1 (patch-mm) = 8e70a87f8c609f504f6d2fa9bfbc91dfbcd289a8
+SHA1 (patch-mn) = e7e5e615ca26f7cee0fb27b796fd3d423d693f6b
 SHA1 (patch-mp) = 34bf95224cdecedd93566f9405f725b0c9b5ee0f
 SHA1 (patch-nd) = f5156ca4d1e61dd1b355bbaa5ebd9cc490d8d865
 SHA1 (patch-pa) = 7dffaba78ee254a545c3f7669a3eb2a92196becc
diff --git a/devel/xulrunner/mozilla-common.mk b/devel/xulrunner/mozilla-common.mk
index 8e10bc4a341..7a617a2a1c5 100644
--- a/devel/xulrunner/mozilla-common.mk
+++ b/devel/xulrunner/mozilla-common.mk
@@ -1,4 +1,4 @@
-# $NetBSD: mozilla-common.mk,v 1.15 2010/06/24 12:20:38 tnn Exp $
+# $NetBSD: mozilla-common.mk,v 1.16 2010/09/09 09:41:21 tnn Exp $
 #
 # common Makefile fragment for mozilla packages based on gecko 1.9.1.
 # 
@@ -85,6 +85,7 @@ PREFER.bzip2?=	pkgsrc
 .endif
 .include "../../archivers/bzip2/buildlink3.mk"
 BUILDLINK_API_DEPENDS.sqlite3+=	sqlite3>=3.6.22
+CONFIGURE_ENV+= ac_cv_sqlite_secure_delete=yes	# c.f. patches/patch-al
 .include "../../databases/sqlite3/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../graphics/jpeg/buildlink3.mk"
diff --git a/devel/xulrunner/patches/patch-ag b/devel/xulrunner/patches/patch-ag
index 23804c0e7b7..68139366a18 100644
--- a/devel/xulrunner/patches/patch-ag
+++ b/devel/xulrunner/patches/patch-ag
@@ -1,9 +1,9 @@
-$NetBSD: patch-ag,v 1.1.1.1 2009/08/05 02:59:48 tnn Exp $
+$NetBSD: patch-ag,v 1.2 2010/09/09 09:41:22 tnn Exp $
 
---- nsprpub/pr/include/md/_freebsd.h.orig	2009-06-29 18:15:06.000000000 +0200
+--- nsprpub/pr/include/md/_freebsd.h.orig	2010-08-24 21:32:07.000000000 +0000
 +++ nsprpub/pr/include/md/_freebsd.h
 @@ -79,7 +79,7 @@
- #define _PR_NO_LARGE_FILES
+ #define _PR_HAVE_LARGE_OFF_T
  
  #if defined(_PR_PTHREADS)
 -#if __FreeBSD_version >= 400008
diff --git a/devel/xulrunner/patches/patch-al b/devel/xulrunner/patches/patch-al
index dd29f65dacc..d56f3a4f593 100644
--- a/devel/xulrunner/patches/patch-al
+++ b/devel/xulrunner/patches/patch-al
@@ -1,27 +1,16 @@
-$NetBSD: patch-al,v 1.1.1.1 2009/08/05 02:59:48 tnn Exp $
+$NetBSD: patch-al,v 1.2 2010/09/09 09:41:22 tnn Exp $
 
-# Reported upstream as https://bugzilla.mozilla.org/show_bug.cgi?id=471179
-
---- nsprpub/pr/src/misc/prsystem.c.orig	2009-06-29 18:15:07.000000000 +0200
-+++ nsprpub/pr/src/misc/prsystem.c
-@@ -284,6 +284,20 @@ PR_IMPLEMENT(PRUint64) PR_GetPhysicalMem
-     long pageCount = sysconf(_SC_PHYS_PAGES);
-     bytes = (PRUint64) pageSize * pageCount;
+--- storage/src/mozStorageConnection.cpp.orig	2010-08-24 21:32:09.000000000 +0000
++++ storage/src/mozStorageConnection.cpp
+@@ -405,6 +405,11 @@ Connection::initialize(nsIFile *aDatabas
+       break;
+   }
  
-+#elif defined(NETBSD)
-+
-+    int mib[2];
-+    int rc;
-+    uint64_t memSize;
-+    size_t len = sizeof(memSize);
-+
-+    mib[0] = CTL_HW;
-+    mib[1] = HW_PHYSMEM64;
-+    rc = sysctl( mib, 2, &memSize, &len, NULL, 0 );
-+    if ( -1 != rc )  {
-+        bytes = memSize;
-+    }
++  // XXX tnn: the configure script demands that sqlite3 is compiled with
++  // SECURE_DELETE on by default. sqlite3 in pkgsrc does not have that,
++  // so instead we enable secure_delete manually here.
++  (void)ExecuteSimpleSQL(NS_LITERAL_CSTRING("PRAGMA secure_delete = 1;"));
 +
- #elif defined(HPUX)
+   return NS_OK;
+ }
  
-     struct pst_static info;
diff --git a/devel/xulrunner/patches/patch-ap b/devel/xulrunner/patches/patch-ap
index c12a0c03d19..7d97e926a5e 100644
--- a/devel/xulrunner/patches/patch-ap
+++ b/devel/xulrunner/patches/patch-ap
@@ -1,13 +1,13 @@
-$NetBSD: patch-ap,v 1.3 2009/09/20 15:30:54 sno Exp $
+$NetBSD: patch-ap,v 1.4 2010/09/09 09:41:22 tnn Exp $
 
---- media/liboggz/include/oggz/oggz_off_t_generated.h.orig	2009-08-24 17:52:50.000000000 +0200
+--- media/liboggz/include/oggz/oggz_off_t_generated.h.orig	2010-08-24 21:32:05.000000000 +0000
 +++ media/liboggz/include/oggz/oggz_off_t_generated.h
 @@ -59,7 +59,7 @@
  
  #include <sys/types.h>
  
--#if defined(__APPLE__) || defined(SOLARIS) || defined(OS2)
-+#if defined(__APPLE__) || defined(SOLARIS) || defined(OS2) || defined(__NetBSD__) || defined(__DragonFly__) || defined(__FreeBSD__)
+-#if defined(__APPLE__) || defined(SOLARIS) || defined(OS2) || defined (_AIX)
++#if defined(__APPLE__) || defined(SOLARIS) || defined(OS2) || defined (_AIX) ||  defined(__NetBSD__) || defined(__DragonFly__) || defined(__FreeBSD__)
  typedef off_t oggz_off_t;
  #else
  typedef loff_t oggz_off_t;
diff --git a/devel/xulrunner/patches/patch-mc b/devel/xulrunner/patches/patch-mc
index fae7a03721c..42fffcef52b 100644
--- a/devel/xulrunner/patches/patch-mc
+++ b/devel/xulrunner/patches/patch-mc
@@ -1,12 +1,12 @@
-$NetBSD: patch-mc,v 1.1 2010/04/26 12:47:08 tnn Exp $
+$NetBSD: patch-mc,v 1.2 2010/09/09 09:41:22 tnn Exp $
 
 Avoid extra file appearing in PLIST on Linux.
 
---- security/nss/lib/freebl/manifest.mn.orig	2010-04-13 22:22:54.000000000 +0000
-+++ security/nss/lib/freebl/manifest.mn
-@@ -72,7 +72,7 @@ endif
+--- security/nss/lib/freebl/config.mk.orig	2010-08-24 21:32:09.000000000 +0000
++++ security/nss/lib/freebl/config.mk
+@@ -68,7 +68,7 @@ else
  
- ifdef FREEBL_NO_DEPEND
+ ifeq ($(FREEBL_NO_DEPEND),1)
  LOWHASH_SRCS = stubs.c nsslowhash.c
 -LOWHASH_EXPORTS = nsslowhash.h
 +#LOWHASH_EXPORTS = nsslowhash.h
diff --git a/devel/xulrunner/patches/patch-mm b/devel/xulrunner/patches/patch-mm
index ffa844a6c76..20e25c64444 100644
--- a/devel/xulrunner/patches/patch-mm
+++ b/devel/xulrunner/patches/patch-mm
@@ -1,11 +1,11 @@
-$NetBSD: patch-mm,v 1.2 2009/12/16 08:18:33 tnn Exp $
+$NetBSD: patch-mm,v 1.3 2010/09/09 09:41:22 tnn Exp $
 
 Don't link with -lCstd on Solaris when using GCC. From Tim Zingelman.
 part of PR pkg/39085
 
---- toolkit/library/Makefile.in.orig	2009-12-02 05:28:58.000000000 +0100
+--- toolkit/library/Makefile.in.orig	2010-08-24 21:32:11.000000000 +0000
 +++ toolkit/library/Makefile.in
-@@ -252,7 +252,14 @@ EXTRA_DSO_LDOPTS += -lbe -ltracker
+@@ -253,7 +253,10 @@ EXTRA_DSO_LDOPTS += -lbe -ltracker
  endif
  
  ifeq ($(OS_ARCH),SunOS)
@@ -14,10 +14,17 @@ part of PR pkg/39085
 +ifndef GNU_CC
 +EXTRA_DSO_LDOPTS += -lCstd
 +endif
-+endif
-+
-+ifeq ($(OS_ARCH),NetBSD)
-+EXTRA_DSO_LDOPTS += -lossaudio
  endif
  
+ ifeq ($(OS_ARCH),AIX)
+@@ -262,6 +265,10 @@ EXTRA_DSO_LDOPTS += -bbigtoc 
+ endif
+ endif
+ 
++ifeq ($(OS_ARCH),NetBSD)
++EXTRA_DSO_LDOPTS += -lossaudio
++endif
++
  ifeq ($(OS_ARCH),WINNT)
+ EXTRA_DSO_LDOPTS += $(call EXPAND_LIBNAME,shell32 ole32 uuid version winspool comdlg32 imm32 winmm wsock32 msimg32)
+ ifneq (,$(MOZ_DEBUG)$(NS_TRACE_MALLOC))
diff --git a/devel/xulrunner/patches/patch-mn b/devel/xulrunner/patches/patch-mn
index 6f1aff8c825..6b4d15251a4 100644
--- a/devel/xulrunner/patches/patch-mn
+++ b/devel/xulrunner/patches/patch-mn
@@ -1,15 +1,15 @@
-$NetBSD: patch-mn,v 1.2 2009/10/28 11:36:36 tnn Exp $
+$NetBSD: patch-mn,v 1.3 2010/09/09 09:41:22 tnn Exp $
 
 Make sure we link correctly with sqlite3 from pkgsrc.
 
---- security/nss/lib/softoken/config.mk.orig	2009-10-16 17:14:19.000000000 +0200
+--- security/nss/lib/softoken/config.mk.orig	2010-08-24 21:32:09.000000000 +0000
 +++ security/nss/lib/softoken/config.mk
-@@ -83,7 +83,7 @@ EXTRA_SHARED_LIBS += \
+@@ -80,7 +80,7 @@ else
+ # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+ EXTRA_SHARED_LIBS += \
  	-L$(DIST)/lib \
+-	-l$(SQLITE_LIB_NAME) \
++	`pkg-config --libs sqlite3` \
  	-L$(NSSUTIL_LIB_DIR) \
  	-lnssutil3 \
--	-lsqlite3 \
-+	`pkg-config --libs sqlite3` \
  	-L$(NSPR_LIB_DIR) \
- 	-lplc4 \
- 	-lplds4 \