From bbc9d95eb810abe81a6b6b2c7622570b6bf91840 Mon Sep 17 00:00:00 2001 From: tnn Date: Fri, 22 Oct 2010 10:08:14 +0000 Subject: Security and stability update of seamonkey to 2.0.9. MFSA 2010-72 Insecure Diffie-Hellman key exchange MFSA 2010-71 Unsafe library loading vulnerabilities MFSA 2010-70 SSL wildcard certificate matching IP addresses MFSA 2010-69 Cross-site information disclosure via modal calls MFSA 2010-68 XSS in gopher parser when parsing hrefs MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter MFSA 2010-66 Use-after-free error in nsBarProp MFSA 2010-65 Buffer overflow and memory corruption using document.write MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14) --- www/seamonkey/Makefile | 5 ++--- www/seamonkey/distinfo | 13 ++++++------- www/seamonkey/patches/patch-ag | 6 +++--- www/seamonkey/patches/patch-al | 27 --------------------------- www/seamonkey/patches/patch-mn | 14 +++++++------- 5 files changed, 18 insertions(+), 47 deletions(-) delete mode 100644 www/seamonkey/patches/patch-al (limited to 'www') diff --git a/www/seamonkey/Makefile b/www/seamonkey/Makefile index 62cf65aa74e..095ed8abb25 100644 --- a/www/seamonkey/Makefile +++ b/www/seamonkey/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.40 2010/09/14 11:13:16 wiz Exp $ +# $NetBSD: Makefile,v 1.41 2010/10/22 10:08:14 tnn Exp $ # DISTNAME= seamonkey-${SM_VER}.source PKGNAME= seamonkey-${SM_VER} -SM_VER= 2.0.7 -PKGREVISION= 1 +SM_VER= 2.0.9 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/} EXTRACT_SUFX= .tar.bz2 diff --git a/www/seamonkey/distinfo b/www/seamonkey/distinfo index 99ceaabc86f..da511e1d851 100644 --- a/www/seamonkey/distinfo +++ b/www/seamonkey/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.55 2010/09/09 11:12:27 tnn Exp $ +$NetBSD: distinfo,v 1.56 2010/10/22 10:08:14 tnn Exp $ -SHA1 (seamonkey-2.0.7.source.tar.bz2) = ec03e359accdd40d0183ee1bef623aeaf7d04b81 -RMD160 (seamonkey-2.0.7.source.tar.bz2) = 6f3fd9ea0352718631fd11c568f869f626782e56 -Size (seamonkey-2.0.7.source.tar.bz2) = 61496455 bytes +SHA1 (seamonkey-2.0.9.source.tar.bz2) = c23f61d06c54cda841da128b3e2a649a2390eebb +RMD160 (seamonkey-2.0.9.source.tar.bz2) = d6f7cc463564b4e18ed5d71f15ccd611c7b7050b +Size (seamonkey-2.0.9.source.tar.bz2) = 61599701 bytes SHA1 (patch-aa) = 0d46562e73fce3fc1bf590ac93a28b2202a8e214 SHA1 (patch-aa-toplevel) = 458051a1b3318b49124192c6e97cb9ed0d92dead SHA1 (patch-ab) = c7a6961362b131f0a39f65355562b115fae3be85 @@ -10,12 +10,11 @@ SHA1 (patch-ac) = e181323e153ee061b7f3644b599294a4c4a3e3e8 SHA1 (patch-ad) = f49147e2fa28400986b659ec50918e3835db0105 SHA1 (patch-ae) = cf4cb737fc29ef7ac6ffe1b3bc504743441e4828 SHA1 (patch-af) = 16cae98e043dedeb6331212fd15ce914196fe8c7 -SHA1 (patch-ag) = 7f8c3ac1bec475dd2b6fd6e10e5304ab9c112a67 +SHA1 (patch-ag) = 22cca24b67c85fbf9bafb35441dfcb460ecde6bf SHA1 (patch-ah) = 10c80ec60801295b037b4a45fbad8937922da235 SHA1 (patch-ai) = 4d701ece9a2aaa0b640c189745fa7e731617fb7c SHA1 (patch-aj) = 89d390f7eeeb52256265955610b3cad4b62c5aa7 SHA1 (patch-ak) = dca377e3cb733a48c3aa071a74bba8d2535ee161 -SHA1 (patch-al) = 893eb0c096f61b52a6299eff1e5ab520014fbda4 SHA1 (patch-am) = 81bcda476a7b54050ed1ae87bd47cf9de8f19919 SHA1 (patch-an) = e30362e1a07c6c8e96dc81d134517685c3f19ca9 SHA1 (patch-ao) = 6307d82a2eb65131908b0d4d05da7433b6cf38d1 @@ -47,7 +46,7 @@ SHA1 (patch-mj) = 9b28802eb665a7a77e879ec44e9da52e2e79ec8b SHA1 (patch-mk) = 3c25934e0c7b9277d96a5635b961e1fb6682ab7b SHA1 (patch-ml) = ef7d87fff48f298f4c1ed037439eaf8c7c574f68 SHA1 (patch-mm) = 1ef13fbf0872484778cb8edfff769214ea9a39a4 -SHA1 (patch-mn) = beb92ccc59f909f0d4f5f5bb62ad834b55fc94ce +SHA1 (patch-mn) = 3a1c25a3f5a1532331424fc1e720f35cd0ed5d5b SHA1 (patch-mp) = 24bac4975548f0a058c2770865706fedb27aa0e6 SHA1 (patch-na) = b7c0feed9546ca1168c696bf7ea6bbc8ea4564c4 SHA1 (patch-nd) = 007b8d1310990253e86dab579397b02ced42cb71 diff --git a/www/seamonkey/patches/patch-ag b/www/seamonkey/patches/patch-ag index ed3730f9082..0cddee4d5f5 100644 --- a/www/seamonkey/patches/patch-ag +++ b/www/seamonkey/patches/patch-ag @@ -1,9 +1,9 @@ -$NetBSD: patch-ag,v 1.3 2010/03/16 10:59:10 tnn Exp $ +$NetBSD: patch-ag,v 1.4 2010/10/22 10:08:14 tnn Exp $ ---- mozilla/nsprpub/pr/include/md/_freebsd.h.orig 2009-06-29 18:15:06.000000000 +0200 +--- mozilla/nsprpub/pr/include/md/_freebsd.h.orig 2010-08-24 21:32:07.000000000 +0000 +++ mozilla/nsprpub/pr/include/md/_freebsd.h @@ -79,7 +79,7 @@ - #define _PR_NO_LARGE_FILES + #define _PR_HAVE_LARGE_OFF_T #if defined(_PR_PTHREADS) -#if __FreeBSD_version >= 400008 diff --git a/www/seamonkey/patches/patch-al b/www/seamonkey/patches/patch-al deleted file mode 100644 index 7890d57da4b..00000000000 --- a/www/seamonkey/patches/patch-al +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-al,v 1.3 2010/03/16 10:59:10 tnn Exp $ - -# Reported upstream as https://bugzilla.mozilla.org/show_bug.cgi?id=471179 - ---- mozilla/nsprpub/pr/src/misc/prsystem.c.orig 2009-06-29 18:15:07.000000000 +0200 -+++ mozilla/nsprpub/pr/src/misc/prsystem.c -@@ -284,6 +284,20 @@ PR_IMPLEMENT(PRUint64) PR_GetPhysicalMem - long pageCount = sysconf(_SC_PHYS_PAGES); - bytes = (PRUint64) pageSize * pageCount; - -+#elif defined(NETBSD) -+ -+ int mib[2]; -+ int rc; -+ uint64_t memSize; -+ size_t len = sizeof(memSize); -+ -+ mib[0] = CTL_HW; -+ mib[1] = HW_PHYSMEM64; -+ rc = sysctl( mib, 2, &memSize, &len, NULL, 0 ); -+ if ( -1 != rc ) { -+ bytes = memSize; -+ } -+ - #elif defined(HPUX) - - struct pst_static info; diff --git a/www/seamonkey/patches/patch-mn b/www/seamonkey/patches/patch-mn index 65cb97767c5..53665efc558 100644 --- a/www/seamonkey/patches/patch-mn +++ b/www/seamonkey/patches/patch-mn @@ -1,15 +1,15 @@ -$NetBSD: patch-mn,v 1.1 2010/03/16 10:59:10 tnn Exp $ +$NetBSD: patch-mn,v 1.2 2010/10/22 10:08:14 tnn Exp $ Make sure we link correctly with sqlite3 from pkgsrc. ---- mozilla/security/nss/lib/softoken/config.mk.orig 2009-10-16 17:14:19.000000000 +0200 +--- mozilla/security/nss/lib/softoken/config.mk.orig 2010-08-24 21:32:09.000000000 +0000 +++ mozilla/security/nss/lib/softoken/config.mk -@@ -83,7 +83,7 @@ EXTRA_SHARED_LIBS += \ +@@ -80,7 +80,7 @@ else + # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. + EXTRA_SHARED_LIBS += \ -L$(DIST)/lib \ +- -l$(SQLITE_LIB_NAME) \ ++ `pkg-config --libs sqlite3` \ -L$(NSSUTIL_LIB_DIR) \ -lnssutil3 \ -- -lsqlite3 \ -+ `pkg-config --libs sqlite3` \ -L$(NSPR_LIB_DIR) \ - -lplc4 \ - -lplds4 \ -- cgit v1.2.3