| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
linkage. I love platform dependent magic in each Makefile.
|
|
the exact names of the freebl libraries depends on the platform and they
have a habit of changing even on minor releases. This causes these mozilla
packages to be broken quite a lot on platforms other than NetBSD/i386.
Hopefully this fix will last longer than previous ones. pkgrevision bumps
all around.
|
|
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.10.html
|
|
two issues. The PLIST was incorrect and since the PLIST is used by
the "moz-install" script, anything missing from the PLIST is never
installed even when building from source. When libfreebl* were not
installed it caused the clients to fail to load the security component
and fail with "The browser failed to load its security component".
The second issue is that many installations of solaris-2.9 include
various glib/gtk/gnome libraries in /usr/lib. This causes failures
because the pkgsrc ones were used at link time and the /usr/lib ones
at run time. Work around this by setting a LD_LIBRARY_PATH that includes
the pkgsrc lib directory first.
pkgrevision bumps all around.
|
|
inside of single quotes
|
|
PR/32905, and PR/33583 and also
https://bugzilla.mozilla.org/show_bug.cgi?id=77788
|
|
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.9.html
|
|
MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html
|
|
talking to ipv4 addresses using ipv6 addresses isn't allowed, which is
the default on NetBSD. Patch to use a v4 socket when talking to an ipv4
ldap server. Fixes my PR 33511.
seamonkey/firefox/sunbird have the same code so make the same patch.
OKed ghen. Bump PKGREVISION.
|
|
GSSAPI authentication to work on NetBSD-current. Fixes my PR 33512.
OKed by ghen. Bump PKGREVISION.
|
|
|
|
structure multiple times. Bump PKGREVISION.
|
|
|
|
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-63 JavaScript execution in mail via XBL
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption
For more info, see http://www.mozilla.com/thunderbird/releases/1.5.0.7.html
|
|
|
|
This is a security update announce at July 26, 2006. See the following URLs
in detail:
http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
|
|
from PR pkg/33181.
|
|
bumping PKGREVISION for.
|
|
mail/thunderbird-gtk1 to 1.5.0.4, and www/seamonkey, www/seamonkey-gtk1
and www/seamonkey-bin to 1.0.2 (salo has already updated www/firefox-bin).
Note that thunderbird skipped one release number (again) to stay on par
with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in SeaMonkey 1.0.2:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
|
|
|
|
MESSAGE_SUBST properly. No package should be setting MESSAGE anyway.
|
|
Firefox).
Thunderbird 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards
For a detailed ChangeLog, see:
http://weblogs.mozillazine.org/rumblingedge/archives/2006/02/1-5-0-2.html
|
|
|
|
It's Just Broken (TM). Bump revision.
|
|
|
|
names starting with an underscore are reserved for internal pkgsrc use).
Ok with wiz.
|
|
|
|
What's new:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Thunderbird may now be half a
megabyte or smaller. Updating extensions has also improved.
* Sort address autocomplete results by how often you send e-mail to each recipient.
* Spell check as you type.
* Saved Search Folders can now search across multiple accounts.
* Built in phishing detector to help protect users against email scams.
* Podcasting and other RSS Improvements.
* Deleting attachments from messages.
* Integration with server side spam filtering.
* Reply and forward actions for message filters.
* Kerberos Authentication.
* Auto save as draft for mail composition.
* Message aging.
* Filters for Global Inbox.
* Improvements to product usability including redesigned options interface,
and SMTP server management.
* Many security enhancements.
For a more detailed list of changes, see http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html
Ok with wiz.
|
|
days.
|
|
of the shlib major bump.
PKGREVISION++ for the dependencies.
|
|
|
|
www/firefox.
|
|
"pkglint --autofix" change.
|
|
What's New in Thunderbird 1.0.7 (from Release Notes)
Thunderbird 1.0.7 is a security and stability update that is
part of our ongoing program to provide a safe Internet experience
for our customers. We recommend that all users upgrade to this
latest version.
|
|
mozilla/Makefile.common, which no longer includes bsd.pkg.mk, so
include bsd.pkg.mk ourselves.
|
|
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
|
|
|
|
This is a security fix release.
Fixed in Thunderbird 1.0.5/1.0.6
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-41 Privilege escalation via DOM property overrides
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
|
|
an underscore.
|
|
thunderbird works again.
|
|
thunderbird is linked against gtk2, so follow suit. The old version
has been re-imported as thunderbird-gtk1.
|
|
Thunderbird 1.0.2 is a security and stability update.
Fixed vulnerbilities are follows.
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
|
|
libnsl on Solaris), as well as another sh(1) portability fix.
https://bugzilla.mozilla.org/show_bug.cgi?id=260337
no PKGREVISION bump because this didn't build on Solaris without
libnsl.
|
|
|
|
Here are some of the new features to look for in Thunderbird:
* Adaptive Junk Mail Controls
* RSS Integration
* Saved Search Folders
Saved Search Folders display messages based on previously set search
criteria. For example, instead of filtering messages into a new
folder, you can create a Saved Search Folder that lists all the
messages received from a certain person over the past 30 days, even if
those messages are stored in different folders and subfolders.
* Global Inbox Support
POP3 users can now combine all of their POP3 accounts into a single
global inbox under local folders.
* Message Grouping
You can now group messages in a folder by attributes such as date,
sender, priority or a custom label. For instance, a folder grouped by
date will group messages from today, yesterday, last week, etc. into
self-contained groups in the message list pane. (View > Sort By >
Grouped By Sort)
* Privacy Protection
In order to help protect your privacy, Thunderbird now automatically
blocks remote image requests in emails from senders you don't know.
* Comprehensive Mail Migration from other Mail Clients
Switching to Thunderbird has never been easier since Thunderbird can
now migrate all of your email data including settings, mail folders
and address book data from common mail applications such as the
Mozilla 1.x Suite, Outlook Express, Outlook and Eudora.
|
|
2)sync patches from www/mozilla.
- update patch-ab
from commit log
>> date: 2004/08/31 02:37:57; author: danw; state: Exp; lines: +13 -6
>> darwin fixes (tested against firefox-gtk2)
- update patch-ac
- update patch-bx
- add patch-bz
- add patch-ca
- add patch-cb
from commit log
>> date: 2004/07/07 09:08:31; author: aymeric; state: Exp; lines: +14 -7
>> . on PowerPC, update files so that Mozilla works properly when compiled with
>> gcc version 3+.
>> . generally reduce diffs to Linux version
>> . retain compatibility with older ABI (AIX-like) thanks to useful comments
>> from Charles Hannum
>>
>> Thanks to Matthew Green for the fruitful discussion. This should address
>> PR#23240 as far as mozilla is concerned.
- remove patch-bn
enable HAVE_SOCKLEN_T
- update patch-br
from commit log
>> date: 2004/10/04 11:52:45; author: grant; state: Exp; lines: +10 -6
>> bring across a patch in Firefox for using thread-safe resolver library
>> functions on NetBSD >=2.0F.
- update patch-cc
make mozilla work on NetBSD-current/alpha
3)bump PKGREVISION
|
|
|
|
Here are the highlights for this Thunderbird release:
* Saved Search Folders
- Saved Search Folders display messages based on previously set search
criteria. For example, instead of filtering messages into a new
folder, you could create a Saved Search Folder that lists all the
messages received from a certain person over the past 30 days, even if
those messages are stored in different folders and subfolders.
* Message Grouping
- You can now group messages in a folder by attributes such as date,
sender, priority or a custom label. For instance, a folder grouped by
date will group messages from today, yesterday, last week, etc. into
self-contained groups in the message list pane. (View > Sort By >
Grouped By Sort)
* Other New Features
- Messages with attachments now get marked as such in the message list
pane immediately and not when the message is displayed.
- Improvements to Thunderbird's Global Inbox support for POP3 users.
- The new quick search bar introduced in 0.8 now features a clear
button when search text is present inside the quick search box.
- Fixed a regression introduced in 0.8 where a user could not change
the local folder path in the Account Manager.
- Improved offline support including fixes for common offline-related
problems.
- Improved privacy controls block remote content in e-mail messages
from senders not in your address book.
- Long file attachment names are no longer truncated in the message
pane.
- Bug fixes too numerous to mention!
|
|
since the build use -ansi that in turn makes gcc 3.4 modify its pre-
defined symbols in such a way that va_copy is not defined.
|
|
What's new from Release Notes:
* Global Inbox
POP3 users can now combine all of their POP3 accounts into a single
global inbox under local folders.
* Comprehensive Data Migration
Switching to Thunderbird has never been easier since Thunderbird can
now migrate all of your e-mail data including settings, mail folders
and address book data from common mail applications such as the
Mozilla 1.x Suite, Outlook Express, Outlook and Eudora.
* RSS Integration
Thunderbird now features a built in RSS reader which allows you to
easily subscribe to and read news and weblogs that support RSS.
* Improved Privacy Controls
In order to help protect your privacy, Thunderbird now automatically
blocks remote image requests in e-mails from senders you don't know.
* Improved Quick Search
Thunderbird now makes it even easier to manage your e-mail. Quick
search now supports many different types of search criteria including
the ability to search message body text. Thunderbird can also
highlight the quick search terms in the message body.
* Other New Features
Support for using a master password to encrypt saved e-mail account passwords.
Linux GNOME users can now make Thunderbird their default e-mail client
(Tools > Options > General).
If your network uses proxy authentication for HTTP, Thunderbird now
correctly prompts for proxy authentication instead of silently
failing.
Bug fixes too numerous to mention!
---
Several security holes have been fixed. See the page bellow for
detail.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
