From 0cf80c8cc65b4e72a2030dba79878e48b72fdac3 Mon Sep 17 00:00:00 2001 From: salo Date: Sun, 4 Jun 2006 00:54:05 +0000 Subject: Pullup ticket 1682 - requested by ghen security update for firefox and thunderbird Revisions pulled up: - pkgsrc/www/firefox/Makefile 1.35 - pkgsrc/www/firefox/Makefile-firefox.common 1.30, 1.33 - pkgsrc/www/firefox/distinfo 1.49, 1.50 - pkgsrc/www/firefox-gtk1/Makefile 1.13 - pkgsrc/www/firefox/patches/patch-fa removed - pkgsrc/www/firefox/patches/patch-fb removed - pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.15 - pkgsrc/mail/thunderbird/PLIST 1.14 - pkgsrc/mail/thunderbird/distinfo 1.23 - pkgsrc/mail/thunderbird-gtk1/PLIST 1.5 Module Name: pkgsrc Committed By: ghen Date: Thu May 4 05:16:13 UTC 2006 Modified Files: pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo pkgsrc/www/firefox-gtk1: Makefile Removed Files: pkgsrc/www/firefox/patches: patch-fa patch-fb Log Message: Update Firefox to 1.5.0.3, which is identical to our 1.5.0.2nb2 (except for the advertized version), so there's no reason to upgrade. :-) Fixes a denial of service vulnerability (MFSA 2006-30). --- Module Name: pkgsrc Committed By: ghen Date: Sat Jun 3 08:04:36 UTC 2006 Modified Files: pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo pkgsrc/mail/thunderbird-gtk1: PLIST pkgsrc/www/firefox: Makefile-firefox.common distinfo Log Message: Update www/firefox and www/firefox-gtk to 1.5.0.4, mail/thunderbird and mail/thunderbird-gtk1 to 1.5.0.4 (salo has already updated www/firefox-bin). Note that thunderbird skipped one release number (again) to stay on par with firefox. These updates provide: * improvements to product stability, * several important security fixes (see below). Fixed in Firefox 1.5.0.4: MFSA 2006-43 Privilege escalation using addSelectionListener MFSA 2006-42 Web site XSS using BOM on UTF-8 pages MFSA 2006-41 File stealing by changing input type (variant) MFSA 2006-39 "View Image" local resource linking (Windows) MFSA 2006-38 Buffer overflow in crypto.signText() MFSA 2006-37 Remote compromise via content-defined setter on object prototypes MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2 MFSA 2006-35 Privilege escalation through XUL persist MFSA 2006-34 XSS viewing javascript: frames or images from context menu MFSA 2006-33 HTTP response smuggling MFSA 2006-32 Fixes for crashes with potential memory corruption MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) Fixed in Thunderbird 1.5.0.4: MFSA 2006-42 Web site XSS using BOM on UTF-8 pages MFSA 2006-40 Double-free on malformed VCard MFSA 2006-38 Buffer overflow in crypto.signText() MFSA 2006-37 Remote compromise via content-defined setter on object prototypes MFSA 2006-35 Privilege escalation through XUL persist MFSA 2006-33 HTTP response smuggling MFSA 2006-32 Fixes for crashes with potential memory corruption MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) --- mail/thunderbird-gtk1/PLIST | 4 +- mail/thunderbird/Makefile-thunderbird.common | 4 +- mail/thunderbird/PLIST | 4 +- mail/thunderbird/distinfo | 8 ++-- www/firefox-gtk1/Makefile | 3 +- www/firefox/Makefile | 3 +- www/firefox/Makefile-firefox.common | 4 +- www/firefox/distinfo | 10 ++-- www/firefox/patches/patch-fa | 22 --------- www/firefox/patches/patch-fb | 70 ---------------------------- 10 files changed, 18 insertions(+), 114 deletions(-) delete mode 100644 www/firefox/patches/patch-fa delete mode 100644 www/firefox/patches/patch-fb diff --git a/mail/thunderbird-gtk1/PLIST b/mail/thunderbird-gtk1/PLIST index ad5268426cb..feb32994ec3 100644 --- a/mail/thunderbird-gtk1/PLIST +++ b/mail/thunderbird-gtk1/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.4 2006/02/06 22:17:59 ghen Exp $ +@comment $NetBSD: PLIST,v 1.4.2.1 2006/06/04 00:54:05 salo Exp $ bin/${MOZILLA} @comment begin PROGRAMS lib/${MOZILLA}/${MOZILLA_BIN} @@ -2685,7 +2685,7 @@ include/${MOZILLA}/nss/swfortt.h include/${MOZILLA}/nss/watcomfx.h @comment end INCLUDE-PUBLIC @exec env LD_LIBRARY_PATH=%D/lib/${MOZILLA} MOZILLA_FIVE_HOME=%D/lib/${MOZILLA} %D/lib/${MOZILLA}/regxpcom -@unexec ${RM} %D/lib/${MOZILLA}/chrome/app-chrome.manifest +@unexec ${RM} -f %D/lib/${MOZILLA}/chrome/app-chrome.manifest @unexec ${RM} %D/lib/${MOZILLA}/components/compreg.dat @unexec ${RM} %D/lib/${MOZILLA}/components/xpti.dat @comment begin DIRS diff --git a/mail/thunderbird/Makefile-thunderbird.common b/mail/thunderbird/Makefile-thunderbird.common index 9173851843e..99f8b5e68db 100644 --- a/mail/thunderbird/Makefile-thunderbird.common +++ b/mail/thunderbird/Makefile-thunderbird.common @@ -1,7 +1,7 @@ -# $NetBSD: Makefile-thunderbird.common,v 1.11.2.1 2006/04/23 23:11:55 salo Exp $ +# $NetBSD: Makefile-thunderbird.common,v 1.11.2.2 2006/06/04 00:54:05 salo Exp $ MOZILLA_BIN= thunderbird-bin -MOZ_VER= 1.5.0.2 +MOZ_VER= 1.5.0.4 EXTRACT_SUFX= .tar.bz2 DISTNAME= thunderbird-${MOZ_VER}-source CATEGORIES= mail diff --git a/mail/thunderbird/PLIST b/mail/thunderbird/PLIST index c81d4b04534..30d73cd25b7 100644 --- a/mail/thunderbird/PLIST +++ b/mail/thunderbird/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.13 2006/02/06 22:17:59 ghen Exp $ +@comment $NetBSD: PLIST,v 1.13.2.1 2006/06/04 00:54:05 salo Exp $ bin/${MOZILLA} @comment begin PROGRAMS lib/${MOZILLA}/${MOZILLA_BIN} @@ -2689,7 +2689,7 @@ include/${MOZILLA}/nss/swfortt.h include/${MOZILLA}/nss/watcomfx.h @comment end INCLUDE-PUBLIC @exec env LD_LIBRARY_PATH=%D/lib/${MOZILLA} MOZILLA_FIVE_HOME=%D/lib/${MOZILLA} %D/lib/${MOZILLA}/regxpcom -@unexec ${RM} %D/lib/${MOZILLA}/chrome/app-chrome.manifest +@unexec ${RM} -f %D/lib/${MOZILLA}/chrome/app-chrome.manifest @unexec ${RM} %D/lib/${MOZILLA}/components/compreg.dat @unexec ${RM} %D/lib/${MOZILLA}/components/xpti.dat @comment begin DIRS diff --git a/mail/thunderbird/distinfo b/mail/thunderbird/distinfo index e15d040fdd7..f959165af27 100644 --- a/mail/thunderbird/distinfo +++ b/mail/thunderbird/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.21.2.1 2006/04/23 23:11:55 salo Exp $ +$NetBSD: distinfo,v 1.21.2.2 2006/06/04 00:54:05 salo Exp $ -SHA1 (thunderbird-1.5.0.2-source.tar.bz2) = 6805470f93871916909e4fb4fea9c1354a76ec25 -RMD160 (thunderbird-1.5.0.2-source.tar.bz2) = 8aaf02c205b131a38fa0384fe6126eec325c3e9e -Size (thunderbird-1.5.0.2-source.tar.bz2) = 35880369 bytes +SHA1 (thunderbird-1.5.0.4-source.tar.bz2) = 492dd76460fc14543a70349263b64b0a2803bee9 +RMD160 (thunderbird-1.5.0.4-source.tar.bz2) = 27e88578d8857e48b46ee4dff2900f27b8a0f447 +Size (thunderbird-1.5.0.4-source.tar.bz2) = 35872600 bytes SHA1 (patch-aa) = ff3586c00ff8d3fa6a1bda639116778169ad4466 SHA1 (patch-ab) = 824a3ce1f608e8fff16e2366c7962f23a4321b10 SHA1 (patch-ac) = 5561b6fedb5417534fefdf3404a93b1915d00be3 diff --git a/www/firefox-gtk1/Makefile b/www/firefox-gtk1/Makefile index 172eb0467ba..ae686d67509 100644 --- a/www/firefox-gtk1/Makefile +++ b/www/firefox-gtk1/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.9.2.2 2006/05/02 20:59:47 salo Exp $ +# $NetBSD: Makefile,v 1.9.2.3 2006/06/04 00:54:06 salo Exp $ MOZILLA= firefox-gtk1 -PKGREVISION= 2 COMMENT= Lightweight gecko-based web browser built with GTK+-1.x .include "../../www/firefox/Makefile-firefox.common" diff --git a/www/firefox/Makefile b/www/firefox/Makefile index fa4d532a2ac..8b3683d2b11 100644 --- a/www/firefox/Makefile +++ b/www/firefox/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.31.2.2 2006/05/02 20:59:47 salo Exp $ +# $NetBSD: Makefile,v 1.31.2.3 2006/06/04 00:54:05 salo Exp $ MOZILLA= firefox -PKGREVISION= 2 EXTRACT_SUFX= .tar.bz2 COMMENT= Lightweight gecko-based web browser diff --git a/www/firefox/Makefile-firefox.common b/www/firefox/Makefile-firefox.common index ba535bb05b0..0866ce3cbe1 100644 --- a/www/firefox/Makefile-firefox.common +++ b/www/firefox/Makefile-firefox.common @@ -1,7 +1,7 @@ -# $NetBSD: Makefile-firefox.common,v 1.28.2.1 2006/04/15 23:32:58 salo Exp $ +# $NetBSD: Makefile-firefox.common,v 1.28.2.2 2006/06/04 00:54:05 salo Exp $ MOZILLA_BIN= firefox-bin -MOZ_VER= 1.5.0.2 +MOZ_VER= 1.5.0.4 EXTRACT_SUFX= .tar.bz2 DISTNAME= firefox-${MOZ_VER}-source diff --git a/www/firefox/distinfo b/www/firefox/distinfo index d3959798548..fb6787f2b84 100644 --- a/www/firefox/distinfo +++ b/www/firefox/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.45.2.2 2006/05/02 20:59:47 salo Exp $ +$NetBSD: distinfo,v 1.45.2.3 2006/06/04 00:54:05 salo Exp $ -SHA1 (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = 21f5497a4cdd4b142bdcb9c3fbdfea43cae1455f -RMD160 (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = a3128798930d069a175d278b5522cdc8e43dc352 -Size (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = 35234245 bytes +SHA1 (firefox-1.5.0.4/firefox-1.5.0.4-source.tar.bz2) = 3659272e3de17cd263fbe5e328635ed7a18f70c5 +RMD160 (firefox-1.5.0.4/firefox-1.5.0.4-source.tar.bz2) = e119bbd4a65205f92341cb664222a9d6f1299991 +Size (firefox-1.5.0.4/firefox-1.5.0.4-source.tar.bz2) = 35337540 bytes SHA1 (patch-aa) = 5095449d4e979085fc5791b9d0251076b9c969c3 SHA1 (patch-ab) = eda86e19dbf45be392b6be4a40dbb25936c91439 SHA1 (patch-ac) = c0cfa9805d883e0761b5bc63b4015cbf1e951eec @@ -59,5 +59,3 @@ SHA1 (patch-du) = c6e66bb420ce9ea988f89b57d1c20a247704cfcf SHA1 (patch-dv) = a380d261d4c2771a672d2b0f4f1f23821e3e5266 SHA1 (patch-ea) = 14e31d17c2493e468cd01f99abfc996853a11032 SHA1 (patch-eb) = dc9232b10075d17f7ed742e7be8ea036db2f0241 -SHA1 (patch-fa) = 64f09a71d4d3c36a42e8ccf28b2d3e43dbf8f202 -SHA1 (patch-fb) = fb32614d012565c4cb97e489ef05f3f76d75c841 diff --git a/www/firefox/patches/patch-fa b/www/firefox/patches/patch-fa deleted file mode 100644 index ac317efe275..00000000000 --- a/www/firefox/patches/patch-fa +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-fa,v 1.1.2.2 2006/05/02 20:59:47 salo Exp $ - ---- embedding/components/commandhandler/src/nsBaseCommandController.h.orig 2006-04-28 12:43:57.000000000 +0200 -+++ embedding/components/commandhandler/src/nsBaseCommandController.h -@@ -49,6 +49,8 @@ - #include "nsIControllerContext.h" - #include "nsIControllerCommandTable.h" - #include "nsIInterfaceRequestor.h" -+#include "nsIWeakReference.h" -+#include "nsIWeakReferenceUtils.h" - - // The base editor controller is used for both text widgets, - // and all other text and html editing -@@ -79,7 +81,7 @@ public: - - private: - -- nsISupports *mCommandContext; -+ nsWeakPtr mCommandContext; - - // Our reference to the command manager - nsCOMPtr mCommandTable; diff --git a/www/firefox/patches/patch-fb b/www/firefox/patches/patch-fb deleted file mode 100644 index 5d4e80f14a4..00000000000 --- a/www/firefox/patches/patch-fb +++ /dev/null @@ -1,70 +0,0 @@ -$NetBSD: patch-fb,v 1.1.2.2 2006/05/02 20:59:47 salo Exp $ - ---- embedding/components/commandhandler/src/nsBaseCommandController.cpp.orig 2006-04-28 12:43:57.000000000 +0200 -+++ embedding/components/commandhandler/src/nsBaseCommandController.cpp -@@ -55,7 +55,6 @@ NS_INTERFACE_MAP_BEGIN(nsBaseCommandCont - NS_INTERFACE_MAP_END - - nsBaseCommandController::nsBaseCommandController() --: mCommandContext(nsnull) - { - } - -@@ -79,7 +78,7 @@ nsBaseCommandController::Init(nsIControl - NS_IMETHODIMP - nsBaseCommandController::SetCommandContext(nsISupports *aCommandContext) - { -- mCommandContext = aCommandContext; // no addref -+ mCommandContext = do_GetWeakReference(aCommandContext); - return NS_OK; - } - -@@ -113,7 +112,8 @@ nsBaseCommandController::IsCommandEnable - { - NS_ENSURE_ARG_POINTER(aCommand); - NS_ENSURE_ARG_POINTER(aResult); -- return mCommandTable->IsCommandEnabled(aCommand, mCommandContext, aResult); -+ nsCOMPtr context = do_QueryReferent(mCommandContext); -+ return mCommandTable->IsCommandEnabled(aCommand, context, aResult); - } - - NS_IMETHODIMP -@@ -121,14 +121,16 @@ nsBaseCommandController::SupportsCommand - { - NS_ENSURE_ARG_POINTER(aCommand); - NS_ENSURE_ARG_POINTER(aResult); -- return mCommandTable->SupportsCommand(aCommand, mCommandContext, aResult); -+ nsCOMPtr context = do_QueryReferent(mCommandContext); -+ return mCommandTable->SupportsCommand(aCommand, context, aResult); - } - - NS_IMETHODIMP - nsBaseCommandController::DoCommand(const char *aCommand) - { - NS_ENSURE_ARG_POINTER(aCommand); -- return mCommandTable->DoCommand(aCommand, mCommandContext); -+ nsCOMPtr context = do_QueryReferent(mCommandContext); -+ return mCommandTable->DoCommand(aCommand, context); - } - - NS_IMETHODIMP -@@ -136,7 +138,8 @@ nsBaseCommandController::DoCommandWithPa - nsICommandParams *aParams) - { - NS_ENSURE_ARG_POINTER(aCommand); -- return mCommandTable->DoCommandParams(aCommand, aParams, mCommandContext); -+ nsCOMPtr context = do_QueryReferent(mCommandContext); -+ return mCommandTable->DoCommandParams(aCommand, aParams, context); - } - - NS_IMETHODIMP -@@ -144,7 +147,8 @@ nsBaseCommandController::GetCommandState - nsICommandParams *aParams) - { - NS_ENSURE_ARG_POINTER(aCommand); -- return mCommandTable->GetCommandState(aCommand, aParams, mCommandContext); -+ nsCOMPtr context = do_QueryReferent(mCommandContext); -+ return mCommandTable->GetCommandState(aCommand, aParams, context); - } - - NS_IMETHODIMP -- cgit v1.2.3