| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on
invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
|
|
Security and bugfix release, patches the following advisories:
MFSA 2009-40 Multiple cross origin wrapper bypasses
MFSA 2009-39 setTimeout loses XPCNativeWrappers
MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__
on SVG element
MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
MFSA 2009-35 Crash and remote code execution during Flash player unloading
MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)
|
|
|
|
- Fixed several security issues:
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-31 XUL scripts bypass content-policy checks
MFSA 2009-30 Incorrect principal set for file: resources loaded via
location bar
MFSA 2009-29 Arbitrary code execution using event listeners attached
to an element whose owner document is null
MFSA 2009-28 Race condition while accessing the private data of a
NPObject JS wrapper class object
MFSA 2009-27 SSL tampering via non-200 responses to proxy
CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-25 URL spoofing with invalid unicode characters
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
- Fixed several stability issues.
- Several issues were reported with the internal database, SQLite, which
have now been fixed by upgrading to a newer version.
- Fixed an issue where, in some specific cases, the bookmarks database
would become corrupt. (bug 464486)
|
|
|
|
may result in crashes if certain addons are installed. (mfsa2009-23)
|
|
- Fixed several security issues:
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
MFSA 2009-21 POST data sent to wrong site when saving web page with
embedded frame
MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
MFSA 2009-19 Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString
MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via
view-source: scheme
MFSA 2009-16 jar: scheme ignores the content-disposition: header
on the inner URI
MFSA 2009-15 URL spoofing with box drawing character
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)
- Fixed several stability issues.
- Many users experienced an issue where a corrupt local database caused
Firefox to "lose" its stored cookies. (bug 470578)
- Fixed an issue where, starting with Firefox 3.0.7, inline image
attachments on popular webmail services (like AOL and AIM) would not
display. (bug 482659)
- Large forms would sometimes take a long time to submit. (bug 426991)
- In certain cases, new windows would not have proper focus. (bug 446568)
|
|
Bump PKGREVISION due to change in startup script.
|
|
|
|
|
|
Most of this work was done by "Kernigh" in PR pkg/39358.
|
|
|
|
|
|
Security update for MFSA2009-12 and MFSA2009-13.
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
INSTALL, and put it in seamonkey.
Ensure all build with USE_DESTDIR.
Bump PKGREVISIONs
|
|
|
|
- Fixed several security issues.
- Fixed several stability issues.
- Official releases for the Estonian, Kannada and Telugu languages are
now available.
- Items in the "File" menu show as inactive after using the "Print" item
from that menu - switching to a new tab restores them (bug 425844).
This issue has been fixed.
- For some users, cookies would appear to go “missing” after a few days
(bug 444600).
- Mac users of the Flashblock add-on, experienced an issue where sound
from the Flash plug-in would continue to play for a short time after
closing a tab or window (bug 474022).
- Fixed several issues related to accessibility features.
|
|
|
|
itself ships the sources nowaday, so this has become redundant.
|
|
at runtime via libcups or libgssapi so causing a crash due to using
the wrong binding. Rename here to avoid conflict.
Patch from Yorick Hardy. Fixes the crashes that had been seen when
trying to print that had previously been worked around by stopping
cups calling the routine. Also fixes PR pkg/39863
|
|
Firefox 3.0.6 fixes several issues found in Firefox 3.0.5:
* Fixed several security issues.
* Fixed several stability issues.
* In previous versions of Firefox, some users experienced a problem
where parts of the screen were not properly displaying after
Firefox was open for long periods of time.
* Improved the ability for scripted commands (including those
included in popular extensions like Adblock Plus) to work properly
with plugins. (bug 438830)
* Removed the client user ID from crash reports.
* Fixed issues with the display of some Indic scripts.
|
|
|
|
Bugzilla Ticket 476345.
|
|
|
|
correctly set up before any other include has a chaance to make use of
compiler.mk.
Fixes build (if compiler.mk gets used) by avoiding the C++ compiler being
replaced by the fail wrapper.
|
|
and fix the xptc call stubs for sparc64 so that tree views with a
javascript data source (like history and about:config) now work.
All changes already reported upstream.
|
|
|
|
|
|
generic icon and use 'Minefield 3' for the Name field in the .desktop
file. If it is set, install a proper Firefox icon and use 'Firefox 3'
for the Name field in the .desktop file.
|
|
Entry Specification can show a Firefox 3 menu entry. Bump PKGREVISION.
|
|
This should finally close PR pkg/39085.
Bump PKGREVISION for this change.
|
|
|
|
- eliminate some duplicate files (reachover to www/seamonkey/files again)
|
|
|
|
pkgsrc changes:
- drop the external sqlite3 dependency and add --disable-system-sqlite,
until the linkage issues have been resolved. (both external and internal
sqlite3 were linked previously.)
- remove patch-dm which doesn't seem to be needed.
(was inherited from firefox2, hardcoded a /usr/pkg run path)
upstream changes:
- Fixed several security issues.
- Fixed several stability issues.
- Official releases for the Bengali, Esperanto, Galician, Hindi, and Latvian languages are now available.
- Replaced the End-User License Agreement with a new "Know Your Rights" info bar on initial install.
- When installing multiple signed XPIs simultaneously, previous versions of Firefox would fail.
- Fixed several issues found in the accessibility implementation.
- Added the ability to send OS-specific system notes in the crash reporter.
|
|
ok: tnn
|
|
part of PR pkg/39085
|
|
|
|
- Fixed the following security issues:
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase
principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin
violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption
(rv:1.9.0.4/1.8.1.18)
MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome
MFSA 2008-47 Information stealing via local shortcut files
- Fixed several stability issues.
- Official releases for the Icelandic and Thai languages are now available.
- Beta releases for the Bulgarian, Esperanto, Estonian, Latvian, Occitan,
and Welsh languages are available for testing.
- Updated the internal Public Suffix list.
- Fixed an issue where the IME input tool used to enter Japanese, Korean,
Chinese and Indic characters was covered by the "Add Bookmark" panel.
(bug 433340)
- Enabled additional EV root certificates. (bug 451305)
- Fixed an issue where some passwords saved using Firefox 3.0.2 did not
work properly. (bug 457358)
- In some cases, Firefox would not properly save proxy settings for
protocols other than HTTP. (bug 446536)
|
|
|
|
Fixes a regression that broke the password manager.
|
|
Changes:
* Fixed several security issues.
* Fixed several stability issues.
* Fixed a number of minor issues with the layout of certain web pages.
* Fixed several theme issues that affected right-to-left locales.
* Fixed issue that caused some users with customized toolbars to have their
Back and Forward buttons go missing (bug 426026)
* Add new Extended Validation (EV) roots to Firefox 3.0.2.
* On certain IDN sites, the password manager would not fill in username
and password details properly.
* Fixed several hangs and crashes that occurred when using screen readers.
|
|
|
|
|
|
Do feel free to take it off my shoulders though :-)
|
|
* Fixed several security issues.
* Fixed several stability issues.
* Fixed an issue where the phishing and malware database did not update on first launch.
* Under certain circumstances, Firefox 3.0 did not properly save the SSL certificate exceptions list.
* Updated the internal Public Suffix list.
* In certain cases, installing Firefox 2 in the same directory in which Firefox 3 has been installed resulted in Firefox 2 being unstable. This issue was fixed as part of Firefox 2.0.0.15.
* Fixed an issue where, when printing a selected region of content from the middle of a page, some of the output was missing (bug 433373).
* Fixed a Linux issues where, for users on a PPP connection (dialup or DSL) Firefox always started in "Offline" mode (bug 424626).
|
|
|
|
on curl.
|
