| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
release notes.
|
|
New Features and Fixes:
Security fixes
END OF LIFE for SeaMonkey 1.x comes with this version, which does NOT fix all
issues. Only SeaMonkey 2.0 fixes all known issues, we strongly encourage all our
users to switch to that new release series.
Rough Changelog for SeaMonkey 1.1.19:
504523 Thunderbird 2 needs NSS 3.12.3.1
512187 1.1.18 candidate fails to connect with SSL/TLS secured sites, PSM fails to initialize
512085 tracking bug for build and release of SeaMonkey 1.1.18
523984 Old (1.9.0/1.8.1) Default Plugin.plugin Makefile uses non-portable "echo -n"
376192 Thunderbird crashes immediately upon accessing IMAP server (duplicate entries in .mailboxlist) [@ nsImapServerResponseParser::mailbox] - imap protocol log "Internal Syntax Error
494706 [1.8 branch only] Thunderbird creates 4 GB Trash file out of less than 200 kB of deleted mail (If data write to file for "target folder of mail move/copy" is temporary interfered by other software, Tb 2 generates file of file_size=4GB-1)
387502 Mailboxes are allowed to grow larger than 4gb in size
535193 DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth
363455 Enhance PSM's SSL handling on blocking sockets
389087 nsILocalFileUnix affected by 32bit stat/statvfs/truncate, therefore does not work with large files
495098 Crash when using single XMLHttpRequest object for two simultaneous requests; test case included [@ nsXMLHttpRequest::StreamReaderFunc ]
537307 Update SeaMonkey's copyright strings to 2010
440982 To avoid calling JS at unsafe times from JS_GC, jsds_ScriptHookProc should not get the script hook unless it needs to and it is safe to call
305168 Too many recipients when copy/paste address line or sending from MS Access (increase max to 2000)
511521 downloading file with RTL override (RLO) presents conflicting filenames
344818 Linking - missing library deps
505305 Probably Exploitable - Read Access Violation on Block Data Move starting at MSVCR80D!memcpy+0x000000000000005a
440236 crash after connection lost [@ nsMsgDatabase::GetTableCreateIfMissing(char const*, char const*, nsIMdbTable**, unsigned int&, unsigned int&)], in v2 [@ nsMsgDatabase::GetTableCreateIfMissing]
483437 PSM doesn't properly escape AVA Values in Cert Viewer Details tab
483440 PSM doesn't detect invalid OID encodings in Cert Viewer Details tab
284876 Trunk TB10 crash while sending mail [@ nsMsgLocalMailFolder::WriteStartOfNewMessage() ]
516862 Array indexing error in js/src/dtoa.c's Balloc() leads to floating point memory vulnerability (SA36711)
506871 TreeColumns Dangling Pointer Vulnerability (ZDI-CAN-536)
519839 SVG fails to render correctly
|
|
Security fixes in this version:
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.18/
|
|
Security fixes in this version:
MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.17/
|
|
|
|
Security fixes in this version:
MFSA 2009-12 XSL Transformation vulnerability
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.16/
|
|
Security fixes in this version:
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.15/
|
|
Security fixes in this version:
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.14/
|
|
These binaries also depend on alsa and resmgr -- include those in EMUL_MODULES.
Partially fixes PR 40119 -- the binaries don't run yet.
OK by wiz@.
|
|
Security fixes in this version:
MFSA 2008-59 Script access to .documentURI and .textContent in mail
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-47 Information stealing via local shortcut files
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.13/
|
|
<pkgsrc-users@NetBSD.org> and only assign the "firefox-bin" package
to <grant@NetBSD.org> because that is the package he really created.
|
|
Security fixes in this version:
MFSA 2008-46 Heap overflow when canceling newsgroup message
MFSA 2008-45 XBM image uninitialized memory reading
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.12/
|
|
Security fixes in this version:
MFSA 2008-34 Remote code execution by overflowing CSS reference counter
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.11/
|
|
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
MFSA 2008-20 Crash in JavaScript garbage collector
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.10/
|
|
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
|
Security fixes in this version:
MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.9/
|
|
has already been altered to support user-destdir, so we just need to turn
it on in these packages.
|
|
|
|
No package using "contrib" sub directory now and it is redundant.
If such a package exists on a platform, should use MOZ_DIR individually instead.
This change also fixes fetch problem of www/firefox-bin when MASTER_SITE_MOZILLA
is not defined in /etc/mk.conf.
|
|
Security fixes in this version:
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.8/
|
|
There are three types Mozilla mirrors.
(http://www.mozilla.org/mirroring.html)
* mozilla-current
contains only the current version of Firefox and Thunderbird
* mozilla-release
contains Firefox, Thunderbird, and Sunbird releases
* mozilla-all
complete archive
Define following variables for mozilla master sites:
MASTER_SITE_MOZILLA_ALL = mozilla-all
MASTER_SITE_MOZILLA = mozilla-release
and change some packages to use appropriate variable.
Update contents of MASTER_SITE_MOZILLA with master and primary mirrors
taken from http://www.mozilla.org/mirrors.html and add some sample definitions.
|
|
Security fixes in this version:
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.7/
|
|
Fixes a number of regressions introduced in 1.1.5. No details given.
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.6/
|
|
targets and into a GENERATE_PLIST variable definition. Remove some
unnecessary empty PLISTs as a result of properly setting GENERATE_PLIST.
|
|
that directly manipulate empty PLISTs.
Modify plist/plist.mk so that if the PLIST files are missing and no
GENERATE_PLIST is defined, then the package fails to build.
|
|
can handle packages having no PLIST files.
|
|
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
MFSA 2007-28 Code execution via QuickTime Media-link files
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.5/
|
|
|
|
|
|
of an emulated operating system. Instead of proliferating things like
SUSE_VERSION_REQD, NETBSD_VERSION_REQD, SOLARIS_VERSION_REQD, etc., a
package can say:
EMUL_REQD= suse>=9.1 netbsd>=2.0 solaris>=10
all in one, succinct line.
|
|
matches the native operating system. Use it in place of checking
whether EMUL_DISTRO matches "native-*" as EMUL_DISTRO is no longer
defined after bsd.prefs.mk is included.
This should fix PR pkg/36823 by Robert Elz.
|
|
depend upon to supply the Linux shared libraries already tell the user
this. The JDK packages also depend on the corresponding JRE package,
so they don't need to show the same message -- keep the message with
the JRE packages instead.
|
|
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.4/
|
|
the necessary dependence on the "suse_gtk2" package.
|
|
binary-only packages that require binary "emulation" on the native
operating system. Please see pkgsrc/mk/emulator/README for more
details.
* Teach the plist framework to automatically use any existing
PLIST.${EMUL_PLATFORM} as part of the default PLIST_SRC definition.
* Convert all of the binary-only packages in pkgsrc to use the
emulator framework. Most of them have been tested to install and
deinstall correctly. This involves the following cleanup actions:
* Remove use of custom PLIST code and use PLIST.${EMUL_PLATFORM}
more consistently.
* Simplify packages by using default INSTALL and DEINSTALL scripts
instead of custom INSTALL/DEINSTALL code.
* Remove "SUSE_COMPAT32" and "PKG_OPTIONS.suse" from pkgsrc.
Packages only need to state exactly which emulations they support,
and the framework handles any i386-on-x86_64 or sparc-on-sparc64
uses.
* Remove "USE_NATIVE_LINUX" from pkgsrc. The framework will
automatically detect when the package is installing on Linux.
Specific changes to packages include:
* Bump the PKGREVISIONs for all of the suse100* and suse91* packages
due to changes in the +INSTALL/+DEINSTALL scripts used in all
of the packages.
* Remove pkgsrc/emulators/suse_linux, which is unused by any
packages.
* cad/lc -- remove custom code to create the distinfo file for
all supported platforms; just use "emul-fetch" and "emul-distinfo"
instead.
* lang/Cg-compiler -- install the shared libraries under ${EMULDIR}
instead of ${PREFIX}/lib so that compiled programs will find
the shared libraries.
* mail/thunderbird-bin-nightly -- update to latest binary
distributions for supported platforms.
* multimedia/ns-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
* security/uvscan -- set LD_LIBRARY_PATH explicitly so that
it's not necessary to install library symlinks into
${EMULDIR}/usr/local/lib.
* www/firefox-bin-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
|
|
Security fixes in this version:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.3/
|
|
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-12 Crashes with evidence of memory corruption
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.2/changelog.html
|
|
New Features and Fixes: (Windows-specific fixes ommitted)
* Some QuickLaunch issues have been resolved.
* The tab-preview tooltips no longer show a preview for the active tab.
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.1/changelog.html
|
|
|
|
|
|
release.
The calendar component has been removed from Seamonkey in favour of Sunbird
(time/sunbird) and Lightning, see http://www.mozilla.org/projects/calendar/
New features and fixes in this version:
General
* ChatZilla has been updated to a newer version (Bug 324439)
* When launching SeaMonkey, already-running instances are detected (Bug 122698)
Browser
* Spelling is checked when writing in textareas (Bug 302050 and bug 338318)
* A warning page is now shown before displaying about:config (Bug 339720)
* Tooltips from web pages can now be multiple lines, either due to automatic
text wrapping or explicit newlines added to the text value (Bug 356900)
* When you visit a secure site, the URL bar changes color to turns make
security status more visible (Bug 335113)
* When using keyword URLs, it is no longer necessary to type "keyword:" (typing
"keyword:" will no longer work). Just type the keyword name (Bug 337339)
* You can now drop URLs and bookmarks between existing tabs, which will result
in a new tab being created where you dropped the URL (Bug 324591)
* When hovering on a tab, the tooltip now displays a preview of the tab's
contents (Bug 315207)
* The search sidebar now behaves better (Bug 252802)
* The bookmarks menu and personal toolbar folder overflow menu now have context
menus (Bug 50504)
Mail & Newsgroups
* Message labelling has been superceded by tagging, which provides much more
than the original 5 labels and comes with new preferences (Bug 342560 and
others)
* The preferences for junk mail have been reorganized, and can now be set on a
per-account basis (Bug 335846)
* Improved phishing detection (Bug 326082 and others)
* New mail notification has been improved (Bug 327613, 305384, and others)
Address Book
* It is now possible to move or copy cards between address books. Cards can
only be copied to mailing lists, so you need to use ctrl key while dragging
to copy the card to the mailing list. When dragging cards between address
books, the default action is move, use ctrl to copy instead. (Bug 35837)
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1/changelog.html
|
|
version:
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.7/README.html
|
|
update firefox-bin and firefox2-bin to override MOZ_DIR to point
to the binary Linux distribution; kill their own MASTER_SITES
now firefox-bin and firefox2-bin automaticaly pick up mirror
changes in the master script
|
|
connectivity then ftp.fu-berlin.de (at least into .CZ)
|
|
version:
MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.6/README.html
|
|
|
|
instead of mozilla-bin.
|
|
updates will follow later.
Fixed in Firefox 1.5.0.7:
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption
Fixed in SeaMonkey 1.0.5:
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-63 JavaScript execution in mail via XBL
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-57 JavaScript Regular Expression Heap Corruption
For more info, see http://www.mozilla.com/firefox/releases/1.5.0.7.html and
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.5/
|
|
Just one change:
- Fixed an issue with playing Windows Media content
|
|
Changes:
* Improved stability
* Several security fixes (see below)
* A bug was introduced in SeaMonkey 1.0.2 that sometimes caused the URL bar to
stop working properly when switching tabs. This has been fixed. (Bug 332874)
* If you have more bookmarks on your personal toolbar than there is space for,
the ">>" overflow icon will now display more reliably (Bug 338803)
* If you choose to update SeaMonkey when it notifies you that an update is
available, the update page will load in a more useful browser window (with
navigation buttons and toolbars) (Bug 334903)
Security fixes:
MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-49 Heap buffer overwrite on malformed VCard
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference
For a detailed ChangeLog, see:
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.3/changelog.html
|
