>Number: 31426
>Category: pkg
>Synopsis: www/mozilla & www/mozilla-gtk2 update to 1.7.12
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Sep 30 11:18:00 +0000 2005
>Originator: Geert Hendrickx
>Release:
>Organization:
>Environment:
>Description:
Here's an update for the www/mozilla and www/mozilla-gtk2 packages to 1.7.12.
This release contains similar fixes as Firefox 1.0.7:
* Fix for a potential buffer overflow vulnerability when loading a hostname
with all soft-hyphens
* Fix to prevent URLs passed from external programs from being parsed by the
shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that
uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Fix a crash in mail when stopping a search and then searching again
* Other stability and security fixes
The changes are minor, and all patches/* still cleanly apply. Only the
version and distinfo had to be modified. See the diffs below.
(I also removed the DIST_SUBDIR lines as they seem useless to me.)
This should probably be pulled up to pkgsrc-2005Q3 as well.
>How-To-Repeat:
>Fix:
--- www/mozilla/Makefile 2005-09-19 12:14:05.000000000 +0200
+++ www/mozilla/Makefile 2005-09-29 11:34:15.000000000 +0200
@@ -2,16 +2,13 @@
MOZILLA= mozilla
MOZILLA_BIN= mozilla-bin
-MOZ_VER= 1.7.11
+MOZ_VER= 1.7.12
EXTRACT_SUFX= .tar.bz2
-PKGREVISION= 2
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
#DISTFILES+= mozilla-source-1.7.3-libart_lgpl.tar.bz2
#SITES_mozilla-source-1.7.3-libart_lgpl.tar.bz2=${MASTER_SITE_LOCAL}
-DIST_SUBDIR= mozilla-1.7.11
-
COMMENT= Full featured gecko-based browser
BUILD_SVG= # defined
--- www/mozilla/distinfo 2005-09-09 09:23:54.000000000 +0200
+++ www/mozilla/distinfo 2005-09-29 11:35:38.000000000 +0200
@@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.86 2005/09/08 22:03:45 abs Exp $
-SHA1 (mozilla-1.7.11/mozilla-1.7.11-source.tar.bz2) = 1805ee3f65c73ea66a8cb7a69b12273345c14184
-RMD160 (mozilla-1.7.11/mozilla-1.7.11-source.tar.bz2) = 32396e6654e3addff4cb494ac8ac7e5ecdbbc173
-Size (mozilla-1.7.11/mozilla-1.7.11-source.tar.bz2) = 30448903 bytes
+SHA1 (mozilla-1.7.12-source.tar.bz2) = d94251b86d36b8d5e3e45d31a67ebe334f1ba267
+RMD160 (mozilla-1.7.12-source.tar.bz2) = 8881779a39f360a814177ed948fab5a8330193aa
+Size (mozilla-1.7.12-source.tar.bz2) = 30446836 bytes
SHA1 (patch-aa) = be62070f062e8ae13f06bd7b3f4f0d4a9ee67bef
SHA1 (patch-ab) = ceff4fae4f3c1f7d23db41a04e5da81e1c897424
SHA1 (patch-ac) = 32aa4b92eea19aca07077a292cb759d074026642
--- www/mozilla-gtk2/Makefile 2005-09-19 12:14:05.000000000 +0200
+++ www/mozilla-gtk2/Makefile 2005-09-29 13:14:32.000000000 +0200
@@ -2,14 +2,12 @@
MOZILLA= mozilla-gtk2
MOZILLA_BIN= mozilla-bin
-MOZ_VER= 1.7.11
+MOZ_VER= 1.7.12
EXTRACT_SUFX= .tar.bz2
-PKGREVISION= 2
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
#DISTFILES+= mozilla-source-1.7.3-libart_lgpl.tar.bz2
#SITES_mozilla-source-1.7.3-libart_lgpl.tar.bz2=${MASTER_SITE_LOCAL}
-DIST_SUBDIR= mozilla-1.7.11
DISTINFO_FILE= ${.CURDIR}/../../www/mozilla/distinfo
PATCHDIR= ${.CURDIR}/../../www/mozilla/patches
FILESDIR= ${.CURDIR}/../../www/mozilla/files