| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
by macros from math.h to avoid alignement problems described in
PR pkg/30106.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
|
|
explicitly, because it fails to detect them with default setting.
suggested by Todd Willey.
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
|
|
|
|
fixes "Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability"
See following pages for detail.
http://secunia.com/advisories/14820/
https://bugzilla.mozilla.org/show_bug.cgi?id=288688
Bump PKGREVISION.
|
|
mozilla/Makefile.common, rather than adding it into each Makefile
(also fixes thunderbird-gtk2).
|
|
|
|
BUILDLINK_DEPENDS.
|
|
This is a security fix release.
Fixed bugs are follows.
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
see changelog for detail.
http://www.mozilla.org/releases/mozilla1.7.6/changelog.html
|
|
|
|
- add $NetBSD$ to patch-ah
thanks to adrianp, wiz, kambe san.
|
|
Changes from release notes
- NPRuntime support. NPRuntime is an extension to the Netscape Plugin API
that was developed in cooperation with Apple, Opera, and a group of plugin
vendors. http://www.mozilla.org/projects/plugins/npruntime.html
- Added undetectable document.all support, and support for exposing elements
by their ID in the global scope for greater IE compatibility when viewing
pages that don't request standards compliant behaviour.
https://bugzilla.mozilla.org/show_bug.cgi?id=248549 and
https://bugzilla.mozilla.org/show_bug.cgi?id=256932.
|
|
Suggested by Roland Illig, ok'd by various.
|
|
former) for applications that are known to require C++.
|
|
from mozilla CVS.
|
|
More specifically, this lets Mozilla NSS be used by other programs.
Also make the pkgconfig substitutions happen at post-build time, so that
the right rpaths are added to the mozilla-nspr.pc file (which is filled
in during the build).
Bump PKGREVISION to 1 for both packages. Ok'ed by taya@, the maintainer.
|
|
derivatives) now appears to work properly on amd64.
Patches from Nicholas Joly.
|
|
functions on NetBSD >=2.0F.
|
|
Mozilla 1.7.3 is a security update to Mozilla 1.7 that fixes a several
security vulnerabilities.
#93 "Send page" heap overrun (258005)
#92 javascript clipboard access (257523)
#91 Privilege request confusion (253942)
#90 Buffer overflow when displaying VCard (257314)
#89 BMP integer overflow (255067)
#88 javascript: link dragging (250862)
#87 non-ascii hostname heap overrun (256316)
#86 Malicious POP3 server III (245066, 226669)
#85 Wrong file permissions after installing on Linux (231083, 235781)
#84 Wrong file permissions in linux archive (254303)
See the page bellow for detail
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
|
|
|
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
|
|
It has (probably long since) been replaced by configuration checks
in mozilla's configure script. The resulting source still compiles
and works on netbsd-1-5 / i386.
|
|
|
|
mozilla 1.7.2 is a security fix release.
Fixed bugs are:
- lock icon and certificate spoof with onunload document.write (Bugzilla#253121)
- Malicious certificates can permanently break HTTPS/SSL (Bugzilla#249004)
See the page below.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2
|
|
- Use socklen_t for 5th arg. of getsockopt() instead of size_t
Now mozilla runs on sparc64.
But It's not complete (e.g. can't connect to IPv6 site)
|
|
gcc version 3+.
. generally reduce diffs to Linux version
. retain compatibility with older ABI (AIX-like) thanks to useful comments
from Charles Hannum
Thanks to Matthew Green for the fruitful discussion. This should address
PR#23240 as far as mozilla is concerned.
|
|
bump PKGREVISION
fix PR 26125
|
|
New features and fixes
Browser
* A new option to prevent sites from using JavaScript to block the
browser's context menu.
* Password Manager has a "show passwords" mode which will display
saved passwords. You will need to enter your master password if
you are using one.
* The "Set As Wallpaper" feature now has a confirmation dialog.
* Linux GTK2 builds have improved support for OS themes.
* Cookie dialogs have been reworked to make them more usable.
* Date handling, especially on OS X, has been improved.
* It is now possible to fine-tune Mozilla's pop-up blocking using
two preferences (dom.popup_maximum and dom.popup_allowed_events)
but there's no UI for that yet. Even without a UI, users should
notice a greater variety of pop-ups blocked (primarily mouseover
pop-ups) and a limit of 20 or so open at one time - regardless
of whether pop-up blocking is active. This will provide some
protection from sites that open hundreds of windows in a loop.
* Downloaded files are now moved to the target directory as soon
as the user selects the desired location. This was the
frequently reported bug 55690.
* There is now user interface to activate Smooth Scrolling
(Preferences -> Appearance).
* Mozilla now supports basic FTP upload.
Mail
* Many improvements to Palm Sync.
* IMAP IDLE support has been added.
* Support for "MSN Authentication" and Secure Password
* Authentication using SSPI NTLM auth for SMTP and POP3.
* A new preference to "always use the default character encoding
for replies" rather than using the encoding of the message being
replied to.
* Improvements to performance of downloading, viewing, and saving
mail messages.
* Support for multiple identities on the same mail account. See
the Multiple Identity Support documentation for more details.
* Support for relative paths for mail folders in prefs.js. This
makes it easier to copy profiles around without having to fix up
prefs.js afterwards.
* You can now edit address lists containing "Last, First" style
names.
* When composing mail, you can now use the up and down arrow keys
to scroll through the To/Cc/Bcc list.
* All Mozilla LDAP queries now default to using LDAPv3
(previously, they used LDAPv2). Mozilla should gracefully fall
back to v2 if v3 isn't found.
Chatzilla
* Chatzilla now supports zooming of fonts with keyboard shortcuts
(Ctrl + and Ctrl -), as well as with the View menu.
* Improved date handling; using the date/time format for the
locale.
* Support for the /ignore command.
* The ability to change the font family and size.
* Working custom sounds on Windows and Linux.
* Improvements to the preferences panel and the user interface for
half-op mode.
Under the Hood
* Size and performance have improved dramatically with this
release. When compared to Mozilla 1.6, Mozilla 1.7 is 7% faster at
startup, is 8% faster to open a window, has 9% faster page
loading, and is 5% smaller in binary size.
* A long-standing bug with CSS backgrounds on table elements has
been fixed (standards mode only).
* Support for Kerberos HTTP authentication using GSSAPI (benefits
Unix-like platforms including Linux and OS X).
* Support for smb:// URLs using the gnome-vfs library (only
enabled in GTK2+XFT Linux builds).
* Support for server push of XML documents using
multipart/x-mixed-replace and XMLHttpRequest.
* Liveconnect now works when a Java applet's codebase is in a
different domain.
* Support for the CSS3 opacity property.
* Mozilla adds support for the onbeforeunload event. This lets web
application developers add code that alerts the user about
potential data-loss when closing a web application, or when
leaving a HTML page with potentially sensitive information.
* This release has a new SVG backend. The feature is not yet
enabled in the mozilla.org releases but developers may wish to
compile with this feature enabled.
* Mozilla handles dynamic style changes much better (see bug 15608
for details.)
* Mozilla has upgraded the NSS libraries to version 3.9. NSS 3.9
passes all the NISCC SSL/TLS and S/MIME tests (1.6 million test
cases of invalid input data) without crashes or memory leaks.
|
|
use CONFLICTS, because they are installing the same files...
|
|
find the headers/files, and this breaks some packages using the .pc files
with firefox*.
|
|
are required to build some packages.
Bump PKGREVISION.
|
|
even if it's main app creates another user config directory.
e.g. firefox creates .phoenix, thunderbird creates .thunderbird
so no need to define user config directory for each package based on mozilla.
simply remove ${WRKDIR}/.mozilla is enough
|
|
|
|
|
|
- correct ARM architecture handling
- add g++-3.0 support for xpcom module on alpha
- bump PKGREVISION
|
|
|
|
|
|
|
|
|
|
shouldn't have bumped at all.
|
|
accidental version number downgrade. We are now at version 1.6nb3.
|
|
|
|
|
|
errors on it.
|
|
|
|
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
|
|
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
|
|
|
