| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
users of the Mozilla Suite are adviced to switch over to Firefox (www/firefox)
and Thunderbird (mail/thunderbird). For those who still like the Suite, there
is Seamonkey (pkgsrc/www/seamonkey), a community-driven project to continue the
Mozilla Suite.
For more information, see the Mozilla Suite 1.7.x Product Sunset Announcement:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
|
|
|
|
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
- additional patch to fix pr#33333
Shin'ichiro TAYA told me that i can do this update.
|
|
|
|
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
|
|
|
|
Seamonkey 1.0) don't have regchrome anymore, but Mozilla 1.7.x still does.
Patch the INSTALL script (used by all those) to run regchrome only if it's
installed.
Ok with wiz.
|
|
|
|
|
|
names starting with an underscore are reserved for internal pkgsrc use).
Ok with wiz.
|
|
|
|
|
|
(without it, it is called "Mail/News Client").
|
|
can override it. Ok for wiz.
|
|
|
|
Firefox is called "Deerpark" and has the blue globe logo without the fox.
As of currently, we do not have permission of The Mozilla Foundation to
redistribute builds with official branding, but users are allowed to build it
for themselves, hence the option. Once we've got this permission from Mozilla
(Hubert and I are working on this), this option will become a default.
The same will apply to Thunderbird once we've updated it to 1.5.
Ok by hubertf.
|
|
of the shlib major bump.
PKGREVISION++ for the dependencies.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
"pkglint --autofix" change.
|
|
change.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
|
|
|
|
This is a bug fix release.
Fixed bugs are follows:
* Fix for a potential buffer overflow vulnerability when loading
a hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Fix a crash in mail when stopping a search and then searching again
* Other stability and security fixes
MFSA 2005-59 Command-line handling on Linux allows shell execution
MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
MFSA 2005-57 IDN heap overrun using soft-hyphens
|
|
|
|
registration out of the installation step and into the INSTALL script.
Also, remove the registration commands from the PLIST as well. Putting
them into the INSTALL script allows for the same commands to be run
in the same way, so that there are fewer differences between installing
from source and installing from a binary package. Also, this makes
these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox,
firefox-gtk1, mozilla, and mozilla-gtk2.
Also, include bsd.pkg.mk from the package Makefiles, not from within
Makefile.common. This is a style issue and allows for appending to
variables originally defined in Makefile.common from the package
Makefile.
|
|
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
|
|
|
|
update distinfo & remove our original libart source tarball from DISTFILES.
|
|
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
|
|
this release fixed two issues
Changelog for Mozilla 1.7.11
300749 Switching folders doesn't work on 1st try/Click to mail folder displays
messages not always [JS error in msgMail3PaneWindow.js::ClearMessagePane]
301917 Cursor keys disabled/Caret not moving with keyboard in message compose window
|
|
|
|
This is a security fix release.
Fixed in Mozilla 1.7.9/1.7.10
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
|
|
No PKGREVISION bump since pkg-config is only a BUILD_DEPENDS.
|
|
and mozilla. Backwards compatibilty is provided.
Reviewed by wiz.
|
|
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
|
|
older C environments as well.
|
|
broke the package for NetBSD 1.6.
|
|
state was completely broken.
|
|
an underscore.
|
|
USE_TOOLS and any of "autoconf", "autoconf213", "automake" or
"automake14". Also, we don't need to call the auto* tools via
${ACLOCAL}, ${AUTOCONF}, etc., since the tools framework takes care
to symlink the correct tool to the correct name, so we can just use
aclocal, autoconf, etc.
|
|
Several changes are involved since they are all interrelated. These
changes affect about 1000 files.
The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files. Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred. This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.
The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.
The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc. The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.
The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files. Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories. These files are used as input
to imake since imake can't use stdin for that purpose.
The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead. This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed. Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries. Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
|
|
by macros from math.h to avoid alignement problems described in
PR pkg/30106.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
|
|
explicitly, because it fails to detect them with default setting.
suggested by Todd Willey.
|
|
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
|
