| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
version 1.0.6 include:
* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes
Approved by taya.
|
|
registration out of the installation step and into the INSTALL script.
Also, remove the registration commands from the PLIST as well. Putting
them into the INSTALL script allows for the same commands to be run
in the same way, so that there are fewer differences between installing
from source and installing from a binary package. Also, this makes
these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox,
firefox-gtk1, mozilla, and mozilla-gtk2.
Also, include bsd.pkg.mk from the package Makefiles, not from within
Makefile.common. This is a style issue and allows for appending to
variables originally defined in Makefile.common from the package
Makefile.
|
|
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
|
|
|
|
a powerpc architecture (e.g. NetBSD-mapcppc). This cures display glitches
(e.g. text appearing at the wrong location). Bump package revision
because of this change.
|
|
|
|
Firefox 1.0.6 is a stability update. We recommend that users upgrade
to this latest version.
Here's what's new in Firefox 1.0.6:
* Restore API compatibility for extensions and web applications
that did not work in Firefox 1.0.5.
|
|
Firefox 1.0.5 is a security update.
Fixed vulnerabilities are:
2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
|
|
older C environments as well.
|
|
broke the package for NetBSD 1.6.
|
|
state was completely broken.
|
|
an underscore.
|
|
by macros from math.h to avoid alignement problems described in
PR pkg/30106.
(Same as ../mozilla/patches/patch-cd)
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
|
|
taya ... well really he said "I don't object your idea.")
This fixes a build bug when heimdal is detected but not buildlinked.
It is a known mozilla bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=245467
I didn't put this in the mozilla/Makefile.common, because didn't test that
yet.
This issue probably only happens when using /usr as the LOCALBASE,
which is not really supported and maybe I am the only one to hit this
with pkgsrc.
Maybe later someone can consider adding a build option for GSSAPI,
but I don't know anything about it in regards to a web browser myself.
|
|
instead of using ':ts' modifier.
becase make of NetBSD-1.6.x doesn't have it.
suggested by Jeremy C. Reed.
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
|
|
to fix binary packages.
|
|
bump PKGREVISION.
fix PR pkg/29595
|
|
fixes "Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability"
See following pages for detail.
http://secunia.com/advisories/14820/
https://bugzilla.mozilla.org/show_bug.cgi?id=288688
Bump PKGREVISION.
|
|
mozilla/Makefile.common, rather than adding it into each Makefile
(also fixes thunderbird-gtk2).
|
|
and some extension tried to be built which fails because not buildlink'd
|
|
|
|
Firefox 1.0.2 is a security and stability update.
Followings bugs are fixed in this release.
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
|
|
And switched to use gtk2.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
|
|
|
|
define HAVE_SOCKLEN_T
|
|
fix PR pkg/28396
bump PKGREVISION
|
|
|
|
fix pkg/28164.
bump PKGREVISION
|
|
- add some missing files to PLIST
|
|
This is a bugfix release, to fix the problems reported in Preview
Releases, etc.
|
|
since the build use -ansi that in turn makes gcc 3.4 modify its pre-
defined symbols in such a way that va_copy is not defined.
|
|
libnsl on Solaris), as well as another sh(1) portability fix.
https://bugzilla.mozilla.org/show_bug.cgi?id=260337
no PKGREVISION bump because this didn't build on Solaris without
libnsl.
|
|
Fixes build on NetBSD/macppc and maybe others, tested by Peter Bex
on 2-0/macppc and i386/-current/2-0 by me, closes PR pkg/27033.
|
|
to copy the extensions files.
On Solaris, cp doesn't know -L. (Reported by R. Quinn.)
Using pax was suggested by grant@.
|
|
cp -r copies symlinks as symlinks (which caused
files to be missing in install).
Hopefully, this is portable. I tested under NetBSD and with coreutils.
And I brought this up on tech-pkg in July.
|
|
NetBSD >=2.0F - I've been running with it for months on -current
without any problems.
|
|
http://www.mozilla.org/press/mozilla-2004-10-01-02.html
|
|
from Release Notes:
---
Firefox is a fast, full-featured browser that makes browsing more
efficient than ever before. More information about Firefox is
available.
Firefox Preview Release (henceforth refered to as PR) is a Technology
Preview. While this software works well enough to be relied upon as
your primary browser in most cases, we make no guarantees of its
performance or stability. It is a pre-release product and should not
be relied upon for mission-critical tasks. See the License Agreement
for more information.
These release notes cover what's new, download and installation
instructions, known issues and frequently asked questions for the
Firefox PR release. Please read these notes and the bug filing
instructions before reporting any bugs to Bugzilla.
We want to hear your feedback about Firefox. Please join us in the
Firefox forums, hosted by MozillaZine.
What's New
Here's what's new in this release of Firefox:
* Live Bookmarks
You can now subscribe to and read RSS feeds in your
Bookmarks. When you visit a page that advertises a RSS feed by using a
<link> tag, a RSS icon will appear in the status bar. Click it to view
a list of feeds the page is offering. Click one to subscribe - this
adds a Bookmark Folder that contains all the recent posts from the
feed.
* Improved Find
Find is easier and more powerful now with our new Find
toolbar. The Find toolbar (which shows at the bottom of the browser
window) automatically highlights text in the page as you type and has
a useful highlight feature.
* Managing Annoyances and Protecting Security
You can now open blocked popups, and the Extension install
system now blocks all attempts to install software from sites other
than update.mozilla.org. Users can add other sites to a list that
allows them to offer software, but software is never automatically
installed. In addition to these steps, several other measures have
been taken to prevent phishing attacks and to highlight when a page is
being viewed over a secure connection.
* Better Bookmarks
Numerous improvements to bookmarks including more reliable
presentation of Site icons, and a split pane view in the Bookmarks
window.
* Strong Encryption For Passwords Available
Passwords saved with the Password Manager can now be more easily
encrypted with strong encryption by creating a "Master Password". If
you create a Master Password, you are prompted once per session to
enter the Master Password so that Password Manager can automatically
fill in site logins. A useful feature for people who share computers
with others and want improved security.
* Improved Compatibility for IE users
Undetectable document.all support for site compatibility and
improved compatibility for keyboard accelerators further smooth the
transition for IE users
* Better System Integration for GNOME users
You can now configure Firefox as your Default Browser on GNOME,
and Firefox will adhere to your GNOME settings for edit field key
bindings, etc.
* And a horde of other bug fixes...
See The Burning Edge's Bigger Picture for more details.
-----
Several security holes have been fixed. See the page bellow for
detail.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
|
firefox-gtk2.
|
|
|
|
on ppc architectures
|
|
|
|
It has (probably long since) been replaced by configuration checks
in firefox's configure script. The resulting source still compiles
and works on netbsd-1-5 / i386.
|
|
|
|
firefox 0.9.3 is a security fix release.
Fixed bugs are:
- lock icon and certificate spoof with onunload document.write (Bugzilla#253121)
- Malicious certificates can permanently break HTTPS/SSL (Bugzilla#249004)
See the page below.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2
|
|
- add patch to fix compilation problem on NetBSD-1.6.2
- bump PKGREVISION
|
|
From the article from mozillazine.org:
mozilla.org today released upgrades to both Firefox 0.9 (0.9.1) and
Thunderbird 0.7 (0.7.1) to fix some minor bugs present in both
releases. Both releases correct some flaws in the extension system
that some users may have been experiencing, as well as a new icon set
for the navigation toolbar on Windows and Linux in Firefox 0.9.1. All
users of both products should get this upgrade.
|
