Age | Commit message (Collapse) | Author | Files | Lines |
|
security update
Revisions pulled up:
- pkgsrc/devel/nspr/Makefile 1.37
- pkgsrc/devel/nspr/PLIST 1.11
- pkgsrc/devel/nss/Makefile 1.38
- pkgsrc/devel/xulrunner/PLIST 1.24
- pkgsrc/devel/xulrunner/dist.mk 1.14
- pkgsrc/devel/xulrunner/distinfo 1.36
- pkgsrc/devel/xulrunner/mozilla-common.mk 1.16
- pkgsrc/devel/xulrunner/patches/patch-ag 1.2
- pkgsrc/devel/xulrunner/patches/patch-al 1.2
- pkgsrc/devel/xulrunner/patches/patch-ap 1.4
- pkgsrc/devel/xulrunner/patches/patch-mc 1.2
- pkgsrc/devel/xulrunner/patches/patch-mm 1.3
- pkgsrc/devel/xulrunner/patches/patch-mn 1.3
-------------------------------------------------------------------------
Modified Files:
pkgsrc/devel/nspr: Makefile PLIST
Log Message:
Update to nspr-4.8.6 (via firefox-3.6.9). Changes unknown.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 pkgsrc/devel/nspr/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/devel/nspr/PLIST
-------------------------------------------------------------------------
Modified Files:
pkgsrc/devel/nss: Makefile
Log Message:
Update to nss-3.12.7.0 (via firefox-3.6.9). Changes unknown.
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/devel/nss/Makefile
-------------------------------------------------------------------------
Modified Files:
pkgsrc/devel/xulrunner: PLIST dist.mk distinfo mozilla-common.mk
pkgsrc/devel/xulrunner/patches: patch-ag patch-al patch-ap
patch-mc patch-mm patch-mn
Log Message:
Update to firefox-3.6.9 (xulrunner-1.9.2.9)
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/xulrunner/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/xulrunner/dist.mk
cvs rdiff -u -r1.35 -r1.36 pkgsrc/devel/xulrunner/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/xulrunner/mozilla-common.mk
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/devel/xulrunner/patches/patch-ag \
pkgsrc/devel/xulrunner/patches/patch-al
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/xulrunner/patches/patch-ap
cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/xulrunner/patches/patch-mc
cvs rdiff -u -r1.2 -r1.3 pkgsrc/devel/xulrunner/patches/patch-mm \
pkgsrc/devel/xulrunner/patches/patch-mn
|
|
devel/xulrunner: security update
www/firefox: security update
Revisions pulled up:
- devel/xulrunner/dist.mk 1.13
- devel/xulrunner/distinfo 1.35
---
Module Name: pkgsrc
Committed By: tnn
Date: Tue Jul 27 07:58:53 UTC 2010
Modified Files:
pkgsrc/devel/xulrunner: dist.mk distinfo
Log Message:
Update to firefox-3.6.8.
Fixes a heap corruption issue due to free() of garbage pointers when
parsing an invalid <object> tag.
|
|
devel/xulrunner: security update
www/firefox: security update
Revisions pulled up:
- devel/xulrunner/PLIST 1.23
- devel/xulrunner/dist.mk 1.12
- devel/xulrunner/distinfo 1.34
- devel/xulrunner/patches/patch-bc delete
- devel/xulrunner/patches/patch-mp 1.4
---
Module Name: pkgsrc
Committed By: tnn
Date: Wed Jul 21 16:55:34 UTC 2010
Modified Files:
pkgsrc/devel/xulrunner: PLIST dist.mk distinfo
pkgsrc/devel/xulrunner/patches: patch-mp
Removed Files:
pkgsrc/devel/xulrunner/patches: patch-bc
Log Message:
firefox-3.6.7 / xulrunner-1.9.2.7 security update.
MFSA 2010-47 Cross-origin data leakage from script filename in error
messages MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause
subsequent character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and
importScripts MFSA 2010-41 Remote code execution using malformed PNG
image MFSA 2010-40 nsTreeSelection dangling pointer remote code
execution MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native
function MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays
remote code execution MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
|
|
MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored
if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption
|
|
Also add some patches to remove use of deprecated symbols and fix other
problems when looking for or compiling against libpng-1.4.x.
|
|
|
|
|
|
|
|
|
|
This works around the PR pkg/43146 crash, at least on debian 5.0/i386.
|
|
run arbitrary code.
|
|
|
|
|
|
Also add patch for PR pkg/42988 crash, effectively disabling all
sound support until we decide on what sound API to use.
The current dlopen() guesswork is bad, mkay.
Bump PKGREVISION for this and previous changes.
|
|
patch-ab: NetBSD always has >4GB off_t, so use it.
|
|
.2 is not formally released yet, but is release tagged in the scm and I
want to get this update in before we freeze the tree.
"Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform,
which has been under development since early 2009 and contains many
improvements for web developers, add-on developers, and users."
- Improved JavaScript performance, overall browser responsiveness,
and startup time.
- The ability for web developers to indicate that scripts should run
asynchronously to speed up page load times.
- Continued support for downloadable web fonts using the new WOFF font format.
- Support for new CSS attributes such as gradients, background sizing,
and pointer events.
- Support for new DOM and HTML5 specifications including the Drag & Drop API
and the File API, which allow for more interactive web pages.
|
|
|
|
|
|
Security and bugfix release. (no MFSAs released at time of writing)
While here drop defunct debug option from firefox and reduce diff to wip/
|
|
|
|
- Fixed a common stability issue.
- Fixed a problem with how updates were being presented to users.
Approved by Tobias Nygren.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The native one doesn't export BZ2_crc32Table for some reason.
|
|
While here, switch NetBSD build from sunaudio to OSS emulation.
This greatly improves HTML5 video playback.
(Yes, we ought to fix the busted sunaudio support or PKG_OPTIONalize this.
Perhaps another day.)
Advisories relating to this release:
MFSA 2009-71 GeckoActiveXObject exception messages can be used to
enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
|
|
made the firefox addons site not automagically recognize the browser.
|
|
on Linux otherwise. There are still other problems with interference from
native libraries (i.e. sqlite3).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pkgsrc changes:
- assign devel/xulrunner maintainership to tnn@
- mozilla-common.mk: work around gcc __thread support misdetection on NetBSD
- separate distinfo related stuff into dist.mk for sharing with nss & nspr
"topcrash" bugs fixed:
468562 "ASSERTION: Inserting multiple children without flushing"
521750 Put a runtime NS_IsMainThread check in nsCycleCollector::Suspect2 ...
524462 startup crash [@ gfxWindowsFontGroup::WhichFontSupportsChar(nsTAr ...
525326 Crashes in gif decoder [@ xul.dll@0x348945][@ xul.dll@0x348864][@ ...
525276 crashes [@ nsDocument::RegisterNamedItems(nsIContent*)]
|
|
|
|
location during the course of time ...
|
|
|
|
reported by Snader_LB @ #pkgsrc
|
|
Also fix broken DESTDIR support.
Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
|
|
- install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin)
- bump revision for both packages
|
|
such as xulrunner-1.9.1, firefox-3.5, thunderbird-3.0 and seamonkey-2.0.
Nothing in the tree uses this file yet. Having it here now makes for one
less pullup later.
|
|
|
|
Let's use the latter directly instead to save bandwidth and allow faster
security updates.
|
|
|
|
|