Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for firefox and thunderbird
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.35
- pkgsrc/www/firefox/Makefile-firefox.common 1.30, 1.33
- pkgsrc/www/firefox/distinfo 1.49, 1.50
- pkgsrc/www/firefox-gtk1/Makefile 1.13
- pkgsrc/www/firefox/patches/patch-fa removed
- pkgsrc/www/firefox/patches/patch-fb removed
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.15
- pkgsrc/mail/thunderbird/PLIST 1.14
- pkgsrc/mail/thunderbird/distinfo 1.23
- pkgsrc/mail/thunderbird-gtk1/PLIST 1.5
Module Name: pkgsrc
Committed By: ghen
Date: Thu May 4 05:16:13 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo
pkgsrc/www/firefox-gtk1: Makefile
Removed Files:
pkgsrc/www/firefox/patches: patch-fa patch-fb
Log Message:
Update Firefox to 1.5.0.3, which is identical to our 1.5.0.2nb2 (except
for the advertized version), so there's no reason to upgrade. :-)
Fixes a denial of service vulnerability (MFSA 2006-30).
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Jun 3 08:04:36 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
pkgsrc/www/firefox: Makefile-firefox.common distinfo
Log Message:
Update www/firefox and www/firefox-gtk to 1.5.0.4, mail/thunderbird and
mail/thunderbird-gtk1 to 1.5.0.4 (salo has already updated
www/firefox-bin). Note that thunderbird skipped one release number
(again) to stay on par with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
|
|
security fix for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.34
- pkgsrc/www/firefox/distinfo 1.48
- pkgsrc/www/firefox/patches/patch-fa 1.1
- pkgsrc/www/firefox/patches/patch-fb 1.1
- pkgsrc/www/firefox-gtk1/Makefile 1.12
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 28 16:11:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-fa patch-fb
Log Message:
Fix a memory management / refcount problem which can lead to a DOS or
possible code injection, affecting nested iframes.
See https://bugzilla.mozilla.org/show_bug.cgi?id=334515 and
http://www.securident.com/vuln/ff.txt
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue May 2 10:10:43 UTC 2006
Modified Files:
pkgsrc/www/firefox-gtk1: Makefile
Log Message:
PKGREVISION bump for firefox security fix, pointed out by Lubomir Sedlacik
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.32
- pkgsrc/www/firefox/Makefile-firefox.common 1.29
- pkgsrc/www/firefox/distinfo 1.46, 1.47
- pkgsrc/www/firefox/patches/patch-ab 1.6
- pkgsrc/www/firefox/patches/patch-ac 1.8
- pkgsrc/www/firefox/patches/patch-bu removed
- pkgsrc/www/firefox/patches/patch-bv removed
- pkgsrc/www/firefox-gtk1/Makefile 1.10
Module Name: pkgsrc
Committed By: taya
Date: Thu Apr 13 14:47:50 UTC 2006
Modified Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-ac
Removed Files:
pkgsrc/www/firefox/patches: patch-bu patch-bv
Log Message:
use xpcom code for linux instead of our original.
fix PR/33181.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Apr 15 14:20:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo
pkgsrc/www/firefox-gtk1: Makefile
pkgsrc/www/firefox/patches: patch-ab
Log Message:
Update to Firefox 1.5.0.2.
Firefox 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
For a detailed ChangeLog, see:
http://www.squarefree.com/burningedge/releases/1.5.0.2.html
|
|
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
|
|
patches are for DragonFly support. This makes it easier for me (and The
Mozilla Foundation) to sort them out.
|
|
|
|
|
|
|
|
names starting with an underscore are reserved for internal pkgsrc use).
Ok with wiz.
|
|
|
|
|
|
|
|
What's new:
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
For a more detailed list changes, see http://www.squarefree.com/burningedge/releases/1.5.0.1.html
Ok with wiz.
|
|
days.
|
|
|
|
of the shlib major bump.
PKGREVISION++ for the dependencies.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
packages needing them, e.g., epiphany). Bump PKGREVISION to 2.
|
|
Since the build with DragonFly's system gcc was successful before, but
segilled on startup, a revision bump is necessary.
|
|
|
|
regen.
|
|
Including fix for long title & history file problem.
http://www.mozilla.org/security/history-title.html
https://bugzilla.mozilla.org/show_bug.cgi?id=319004
What's New in Firefox 1.5
Firefox 1.5 is the next version of our award-winning Web browser.
Here's what's new in Firefox 1.5:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Firefox may now be half a
megabyte or smaller. Updating extensions has also improved.
* Faster browser navigation with improvements to back and forward
button performance.
* Drag and drop reordering for browser tabs.
* Improvements to popup blocking.
* Clear Private Data feature provides an easy way to quickly remove
personal data through a menu item or keyboard shortcut.
* Answers.com is added to the search engine list.
* Improvements to product usability including descriptive error pages,
redesigned options menu, RSS discovery, and "Safe Mode" experience.
* Better accessibility including support for DHTML accessibility and
assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on a
Braille display, enabling blind and visually impaired users to use
equivalent software functionality as their sighted peers.
* Report a broken Web site wizard to report Web sites that are not
working in Firefox.
* Better support for Mac OS X (10.2 and greater) including profile
migration from Safari and Mac Internet Explorer.
* New support for Web Standards including SVG, CSS 2 and CSS 3, and
JavaScript 1.6.
* Many security enhancements.
The Burning Edge has more detailed lists of new features and notable bug fixes.
http://www.squarefree.com/burningedge/releases/1.5-comprehensive.html
|
|
"pkglint --autofix" change.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
|
|
version 1.0.6 include:
* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes
Approved by taya.
|
|
registration out of the installation step and into the INSTALL script.
Also, remove the registration commands from the PLIST as well. Putting
them into the INSTALL script allows for the same commands to be run
in the same way, so that there are fewer differences between installing
from source and installing from a binary package. Also, this makes
these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox,
firefox-gtk1, mozilla, and mozilla-gtk2.
Also, include bsd.pkg.mk from the package Makefiles, not from within
Makefile.common. This is a style issue and allows for appending to
variables originally defined in Makefile.common from the package
Makefile.
|
|
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
|
|
|
|
a powerpc architecture (e.g. NetBSD-mapcppc). This cures display glitches
(e.g. text appearing at the wrong location). Bump package revision
because of this change.
|
|
|
|
Firefox 1.0.6 is a stability update. We recommend that users upgrade
to this latest version.
Here's what's new in Firefox 1.0.6:
* Restore API compatibility for extensions and web applications
that did not work in Firefox 1.0.5.
|
|
Firefox 1.0.5 is a security update.
Fixed vulnerabilities are:
2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
|
|
older C environments as well.
|
|
broke the package for NetBSD 1.6.
|
|
state was completely broken.
|
|
an underscore.
|
|
by macros from math.h to avoid alignement problems described in
PR pkg/30106.
(Same as ../mozilla/patches/patch-cd)
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
|
|
taya ... well really he said "I don't object your idea.")
This fixes a build bug when heimdal is detected but not buildlinked.
It is a known mozilla bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=245467
I didn't put this in the mozilla/Makefile.common, because didn't test that
yet.
This issue probably only happens when using /usr as the LOCALBASE,
which is not really supported and maybe I am the only one to hit this
with pkgsrc.
Maybe later someone can consider adding a build option for GSSAPI,
but I don't know anything about it in regards to a web browser myself.
|
|
instead of using ':ts' modifier.
becase make of NetBSD-1.6.x doesn't have it.
suggested by Jeremy C. Reed.
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
|
|
to fix binary packages.
|
|
bump PKGREVISION.
fix PR pkg/29595
|
|
fixes "Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability"
See following pages for detail.
http://secunia.com/advisories/14820/
https://bugzilla.mozilla.org/show_bug.cgi?id=288688
Bump PKGREVISION.
|
|
mozilla/Makefile.common, rather than adding it into each Makefile
(also fixes thunderbird-gtk2).
|
|
and some extension tried to be built which fails because not buildlink'd
|
|
|
|
Firefox 1.0.2 is a security and stability update.
Followings bugs are fixed in this release.
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
|