Update mozilla & mozilla-gtk2 to 1.7.7

This is a security fix release. Fixed vulnerabilities are follows: MFSA 2005-33 Javascript "lambda" replace exposes memory contents MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context MFSA 2005-36 Cross-site scripting through global scope pollution MFSA 2005-37 Code execution through javascript: favicons MFSA 2005-38 Search plugin cross-site scripting MFSA 2005-40 Missing Install object instance checks MFSA 2005-41 Privilege escalation via DOM property overrides
author: taya <taya@pkgsrc.org> 2005-04-19 15:15:29 +0000
committer: taya <taya@pkgsrc.org> 2005-04-19 15:15:29 +0000
commit: cc3bb588e0975c5d62511096f992f687c657ac9d (patch)
tree: d867f89699cf4d4ec3decedb77fa0bcf32d19a12 /www
parent: b1f706bfa864ac07ed268cd7518c96fbbd76a491 (diff)
download: pkgsrc-cc3bb588e0975c5d62511096f992f687c657ac9d.tar.gz
6 files changed, 19 insertions, 53 deletions
diff --git a/www/mozilla-gtk2/Makefile b/www/mozilla-gtk2/Makefile
index b4bcc096b6c..d82bbcf7b56 100644
--- a/www/mozilla-gtk2/Makefile
+++ b/www/mozilla-gtk2/Makefile
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.20 2005/04/07 23:48:36 taya Exp $
+# $NetBSD: Makefile,v 1.21 2005/04/19 15:15:29 taya Exp $
 
 MOZILLA=	mozilla-gtk2
 MOZILLA_BIN=	mozilla-bin
-MOZ_VER=	1.7.6
-PKGREVISION=	1
+MOZ_VER=	1.7.7
 EXTRACT_SUFX=	.tar.bz2
 
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+=	mozilla-source-1.7.3-libart_lgpl.tar.bz2
+SITES_mozilla-source-1.7.3-libart_lgpl.tar.bz2=${MASTER_SITE_LOCAL}
 DISTINFO_FILE=	${.CURDIR}/../../www/mozilla/distinfo
 PATCHDIR=	${.CURDIR}/../../www/mozilla/patches
 FILESDIR=	${.CURDIR}/../../www/mozilla/files
diff --git a/www/mozilla-gtk2/buildlink3.mk b/www/mozilla-gtk2/buildlink3.mk
index 79f954c6ddd..b28c48dd0eb 100644
--- a/www/mozilla-gtk2/buildlink3.mk
+++ b/www/mozilla-gtk2/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.7 2005/03/26 13:49:31 taya Exp $
+# $NetBSD: buildlink3.mk,v 1.8 2005/04/19 15:15:29 taya Exp $
 
 BUILDLINK_DEPTH:=		${BUILDLINK_DEPTH}+
 MOZILLA_GTK2_BUILDLINK3_MK:=	${MOZILLA_GTK2_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+=	mozilla-gtk2
 
 .if !empty(MOZILLA_GTK2_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.mozilla-gtk2+=	mozilla-gtk2>=1.7.5
-BUILDLINK_RECOMMENDED.mozilla-gtk2+=	mozilla-gtk2>=1.7.6
+BUILDLINK_RECOMMENDED.mozilla-gtk2+=	mozilla-gtk2>=1.7.7
 BUILDLINK_PKGSRCDIR.mozilla-gtk2?=	../../www/mozilla-gtk2
 .endif	# MOZILLA_GTK2_BUILDLINK3_MK
 
diff --git a/www/mozilla/Makefile b/www/mozilla/Makefile
index d76d6bda45b..7ece7c505db 100644
--- a/www/mozilla/Makefile
+++ b/www/mozilla/Makefile
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.143 2005/04/07 23:48:36 taya Exp $
+# $NetBSD: Makefile,v 1.144 2005/04/19 15:15:29 taya Exp $
 
 MOZILLA=	mozilla
 MOZILLA_BIN=	mozilla-bin
-MOZ_VER=	1.7.6
-PKGREVISION=	1
+MOZ_VER=	1.7.7
 EXTRACT_SUFX=	.tar.bz2
 
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+=    mozilla-source-1.7.3-libart_lgpl.tar.bz2
+SITES_mozilla-source-1.7.3-libart_lgpl.tar.bz2=${MASTER_SITE_LOCAL}
 
 COMMENT=	Full featured gecko-based browser
 
diff --git a/www/mozilla/buildlink3.mk b/www/mozilla/buildlink3.mk
index 7aacd5fdeeb..25286f0c299 100644
--- a/www/mozilla/buildlink3.mk
+++ b/www/mozilla/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.9 2005/03/26 13:49:31 taya Exp $
+# $NetBSD: buildlink3.mk,v 1.10 2005/04/19 15:15:29 taya Exp $
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH}+
 MOZILLA_BUILDLINK3_MK:=	${MOZILLA_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+=	mozilla
 
 .if !empty(MOZILLA_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.mozilla+=	mozilla>=1.7.5
-BUILDLINK_RECOMMENDED.mozilla+=	mozilla>=1.7.6
+BUILDLINK_RECOMMENDED.mozilla+=	mozilla>=1.7.7
 BUILDLINK_PKGSRCDIR.mozilla?=	../../www/mozilla
 .endif	# MOZILLA_BUILDLINK3_MK
 
diff --git a/www/mozilla/distinfo b/www/mozilla/distinfo
index 00ccc5f8417..356fb5547c4 100644
--- a/www/mozilla/distinfo
+++ b/www/mozilla/distinfo
@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.74 2005/04/07 23:48:36 taya Exp $
+$NetBSD: distinfo,v 1.75 2005/04/19 15:15:29 taya Exp $
 
-SHA1 (mozilla-source-1.7.6.tar.bz2) = 3c47a28173c912098ab37d3fc844451320463d00
-RMD160 (mozilla-source-1.7.6.tar.bz2) = 3352d9a67213664bbe72bf1075420837028b3db4
-Size (mozilla-source-1.7.6.tar.bz2) = 30448120 bytes
+SHA1 (mozilla-source-1.7.7.tar.bz2) = c660db518add97ed54e30a901c1e4e60dbafab3a
+RMD160 (mozilla-source-1.7.7.tar.bz2) = 410017e874ba058bf1dbc7f265db95a2311545a0
+Size (mozilla-source-1.7.7.tar.bz2) = 29776225 bytes
+SHA1 (mozilla-source-1.7.3-libart_lgpl.tar.bz2) = cb8f05dc11eb6fd954a15f6c04e2904c8d4d3f94
+RMD160 (mozilla-source-1.7.3-libart_lgpl.tar.bz2) = 4371536b745882de8dbd736ed03f3b661067251b
+Size (mozilla-source-1.7.3-libart_lgpl.tar.bz2) = 102926 bytes
 SHA1 (patch-aa) = be62070f062e8ae13f06bd7b3f4f0d4a9ee67bef
 SHA1 (patch-ab) = 77038a3dee47573782d912a928327d046c6d3c7f
 SHA1 (patch-ac) = 32aa4b92eea19aca07077a292cb759d074026642
@@ -28,7 +31,6 @@ SHA1 (patch-br) = 52d5b595f1e25ac5d6664864ab0cbe5e14012168
 SHA1 (patch-bs) = fb9f8f13ce481c04a0f7ecfd0ad4d8016cddc2e4
 SHA1 (patch-bt) = 70746626648624b38cc6e8795eb9c061be992342
 SHA1 (patch-bu) = db33b8651e3cb1fbf9a18dbe78e1e8288cfda0ee
-SHA1 (patch-bugzilla288688) = cebe5ad483a4cfcd55c6be0f0823b75ed1bd4aba
 SHA1 (patch-bv) = 4f23dfd885131ea866f31370f1421e7c19706860
 SHA1 (patch-bw) = fc3a518d3762be6e85104a6dc7fffd5ae1a463c8
 SHA1 (patch-bx) = 046e19c9c4b431369411658373b14c1822841d85
diff --git a/www/mozilla/patches/patch-bugzilla288688 b/www/mozilla/patches/patch-bugzilla288688
deleted file mode 100644
index 13eb93cbc26..00000000000
--- a/www/mozilla/patches/patch-bugzilla288688
+++ /dev/null
@@ -1,38 +0,0 @@
-$NetBSD: patch-bugzilla288688,v 1.1 2005/04/07 23:48:36 taya Exp $
-
-diff -ru ../Orig/mozilla/js/src/jsstr.c ./js/src/jsstr.c
---- ../Orig/mozilla/js/src/jsstr.c	2003-12-22 15:13:07.000000000 +0900
-+++ ./js/src/jsstr.c	2005-04-06 23:33:09.000000000 +0900
-@@ -1378,11 +1378,17 @@
-         JSBool ok;
- 
-         /*
--         * Save the rightContext from the current regexp, since it
--         * gets stuck at the end of the replacement string and may
--         * be clobbered by a RegExp usage in the lambda function.
-+         * Save the regExpStatics from the current regexp, since they may be
-+         * clobbered by a RegExp usage in the lambda function.  Note that all
-+         * members of JSRegExpStatics are JSSubStrings, so not GC roots, save
-+         * input, which is rooted otherwise via argv[-1] in str_replace.
-+         *
-+         * We need to clear moreParens in the top-of-stack cx->regExpStatics
-+         * to it won't be possibly realloc'ed, leaving the bottom-of-stack
-+         * moreParens pointing to freed memory.
-          */
--        JSSubString saveRightContext = cx->regExpStatics.rightContext;
-+        JSRegExpStatics save = cx->regExpStatics;
-+        cx->regExpStatics.moreParens = NULL;
- 
-         /*
-          * In the lambda case, not only do we find the replacement string's
-@@ -1460,7 +1466,9 @@
- 
-       lambda_out:
-         js_FreeStack(cx, mark);
--        cx->regExpStatics.rightContext = saveRightContext;
-+        if (cx->regExpStatics.moreParens)
-+            JS_free(cx, cx->regExpStatics.moreParens);
-+        cx->regExpStatics = save;
-         return ok;
-     }
- #endif /* JS_HAS_REPLACE_LAMBDA */
author	taya <taya@pkgsrc.org>	2005-04-19 15:15:29 +0000
committer	taya <taya@pkgsrc.org>	2005-04-19 15:15:29 +0000
commit	cc3bb588e0975c5d62511096f992f687c657ac9d (patch)
tree	d867f89699cf4d4ec3decedb77fa0bcf32d19a12 /www
parent	b1f706bfa864ac07ed268cd7518c96fbbd76a491 (diff)
download	pkgsrc-cc3bb588e0975c5d62511096f992f687c657ac9d.tar.gz