| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html
|
|
|
|
talking to ipv4 addresses using ipv6 addresses isn't allowed, which is
the default on NetBSD. Patch to use a v4 socket when talking to an ipv4
ldap server. Fixes my PR 33511.
seamonkey/firefox/sunbird have the same code so make the same patch.
OKed ghen. Bump PKGREVISION.
|
|
structure multiple times. Bump PKGREVISION.
|
|
|
|
|
|
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption
For more info, see http://www.mozilla.com/firefox/releases/1.5.0.7.html
|
|
|
|
Just one change:
- Fixed an issue with playing Windows Media content
|
|
(Don't bump because this must have never been built since 1.5.0.5 update.)
|
|
security problems with 1.5.0.4. No functional changes at all in the
package -- this is purely a security update.
See CERT advisory TA06-208A (last revised July 27) for details.
|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
the pkglint warning:
As {INSTALL,DEINSTALL}_TEMPLATE is modified using "+=", its name
should indicate plural.
This does make the variables a bit more suggestive of the fact that they
hold lists of values.
|
|
bumping PKGREVISION for.
|
|
mail/thunderbird-gtk1 to 1.5.0.4, and www/seamonkey, www/seamonkey-gtk1
and www/seamonkey-bin to 1.0.2 (salo has already updated www/firefox-bin).
Note that thunderbird skipped one release number (again) to stay on par
with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in SeaMonkey 1.0.2:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
|
|
|
|
MESSAGE_SUBST properly. No package should be setting MESSAGE anyway.
|
|
advertized version), so there's no reason to upgrade. :-)
Fixes a denial of service vulnerability (MFSA 2006-30).
|
|
possible code injection, affecting nested iframes.
See https://bugzilla.mozilla.org/show_bug.cgi?id=334515 and
http://www.securident.com/vuln/ff.txt
bump PKGREVISION
|
|
|
|
Firefox 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-29 Spoofing with translucent windows (pkgsrc vulnid. 1818)
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented (vulnid. 1819)
MFSA 2006-25 Privilege escalation through Print Preview (vulnid. 1820)
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest (vulnid. 1821)
MFSA 2006-23 File stealing by changing input type (vulnid. 1822)
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability (vulnid. 1823)
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2) (vulnid. 1824)
For a detailed ChangeLog, see:
http://www.squarefree.com/burningedge/releases/1.5.0.2.html
|
|
fix PR/33181.
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
|
|
patches are for DragonFly support. This makes it easier for me (and The
Mozilla Foundation) to sort them out.
|
|
|
|
|
|
|
|
names starting with an underscore are reserved for internal pkgsrc use).
Ok with wiz.
|
|
|
|
|
|
|
|
What's new:
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
For a more detailed list changes, see http://www.squarefree.com/burningedge/releases/1.5.0.1.html
Ok with wiz.
|
|
days.
|
|
|
|
of the shlib major bump.
PKGREVISION++ for the dependencies.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
packages needing them, e.g., epiphany). Bump PKGREVISION to 2.
|
|
Since the build with DragonFly's system gcc was successful before, but
segilled on startup, a revision bump is necessary.
|
|
|
|
regen.
|
|
Including fix for long title & history file problem.
http://www.mozilla.org/security/history-title.html
https://bugzilla.mozilla.org/show_bug.cgi?id=319004
What's New in Firefox 1.5
Firefox 1.5 is the next version of our award-winning Web browser.
Here's what's new in Firefox 1.5:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Firefox may now be half a
megabyte or smaller. Updating extensions has also improved.
* Faster browser navigation with improvements to back and forward
button performance.
* Drag and drop reordering for browser tabs.
* Improvements to popup blocking.
* Clear Private Data feature provides an easy way to quickly remove
personal data through a menu item or keyboard shortcut.
* Answers.com is added to the search engine list.
* Improvements to product usability including descriptive error pages,
redesigned options menu, RSS discovery, and "Safe Mode" experience.
* Better accessibility including support for DHTML accessibility and
assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on a
Braille display, enabling blind and visually impaired users to use
equivalent software functionality as their sighted peers.
* Report a broken Web site wizard to report Web sites that are not
working in Firefox.
* Better support for Mac OS X (10.2 and greater) including profile
migration from Safari and Mac Internet Explorer.
* New support for Web Standards including SVG, CSS 2 and CSS 3, and
JavaScript 1.6.
* Many security enhancements.
The Burning Edge has more detailed lists of new features and notable bug fixes.
http://www.squarefree.com/burningedge/releases/1.5-comprehensive.html
|
|
"pkglint --autofix" change.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
|
|
version 1.0.6 include:
* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes
Approved by taya.
|
|
registration out of the installation step and into the INSTALL script.
Also, remove the registration commands from the PLIST as well. Putting
them into the INSTALL script allows for the same commands to be run
in the same way, so that there are fewer differences between installing
from source and installing from a binary package. Also, this makes
these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox,
firefox-gtk1, mozilla, and mozilla-gtk2.
Also, include bsd.pkg.mk from the package Makefiles, not from within
Makefile.common. This is a style issue and allows for appending to
variables originally defined in Makefile.common from the package
Makefile.
|
|
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
|
