pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q1]: pkgsrc/www Pullup ticket 460 - requested by Shin'ichi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8d6119b71f4e
branches: pkgsrc-2005Q1
changeset: 490984:8d6119b71f4e
user: snj <snj%pkgsrc.org@localhost>
date: Fri Apr 22 07:22:33 2005 +0000
description:
Pullup ticket 460 - requested by Shin'ichiro TAYA
security fix for mozilla and mozilla-gtk2
Revisions pulled up:
- pkgsrc/www/mozilla/Makefile 1.144
- pkgsrc/www/mozilla/buildlink3.mk 1.10
- pkgsrc/www/mozilla/distinfo 1.75
- pkgsrc/www/mozilla-gtk2/Makefile 1.21
- pkgsrc/www/mozilla-gtk2/buildlink3.mk 1.8
- pkgsrc/www/mozilla/patches/patch-bugzilla288688 removed
Module Name: pkgsrc
Committed By: taya
Date: Tue Apr 19 15:15:30 UTC 2005
Modified Files:
pkgsrc/www/mozilla: Makefile buildlink3.mk distinfo
pkgsrc/www/mozilla-gtk2: Makefile buildlink3.mk
Removed Files:
pkgsrc/www/mozilla/patches: patch-bugzilla288688
Log Message:
Update mozilla & mozilla-gtk2 to 1.7.7
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
diffstat:
www/mozilla-gtk2/Makefile | 7 +++--
www/mozilla-gtk2/buildlink3.mk | 3 +-
www/mozilla/Makefile | 7 +++--
www/mozilla/buildlink3.mk | 4 +-
www/mozilla/distinfo | 12 +++++----
www/mozilla/patches/patch-bugzilla288688 | 38 --------------------------------
6 files changed, 19 insertions(+), 52 deletions(-)
diffs (144 lines):
diff -r 402f1167f523 -r 8d6119b71f4e www/mozilla-gtk2/Makefile
--- a/www/mozilla-gtk2/Makefile Fri Apr 22 06:48:32 2005 +0000
+++ b/www/mozilla-gtk2/Makefile Fri Apr 22 07:22:33 2005 +0000
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.16.2.2 2005/04/08 10:53:14 salo Exp $
+# $NetBSD: Makefile,v 1.16.2.3 2005/04/22 07:22:34 snj Exp $
MOZILLA= mozilla-gtk2
MOZILLA_BIN= mozilla-bin
-MOZ_VER= 1.7.6
-PKGREVISION= 1
+MOZ_VER= 1.7.7
EXTRACT_SUFX= .tar.bz2
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+= mozilla-source-1.7.3-libart_lgpl.tar.bz2
+SITES_mozilla-source-1.7.3-libart_lgpl.tar.bz2=${MASTER_SITE_LOCAL}
DISTINFO_FILE= ${.CURDIR}/../../www/mozilla/distinfo
PATCHDIR= ${.CURDIR}/../../www/mozilla/patches
FILESDIR= ${.CURDIR}/../../www/mozilla/files
diff -r 402f1167f523 -r 8d6119b71f4e www/mozilla-gtk2/buildlink3.mk
--- a/www/mozilla-gtk2/buildlink3.mk Fri Apr 22 06:48:32 2005 +0000
+++ b/www/mozilla-gtk2/buildlink3.mk Fri Apr 22 07:22:33 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/03/27 05:32:19 snj Exp $
+# $NetBSD: buildlink3.mk,v 1.5.2.2 2005/04/22 07:22:34 snj Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
MOZILLA_GTK2_BUILDLINK3_MK:= ${MOZILLA_GTK2_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@
.if !empty(MOZILLA_GTK2_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.mozilla-gtk2+= mozilla-gtk2>=1.7.6
+BUILDLINK_RECOMMENDED.mozilla-gtk2+= mozilla-gtk2>=1.7.7
BUILDLINK_PKGSRCDIR.mozilla-gtk2?= ../../www/mozilla-gtk2
.endif # MOZILLA_GTK2_BUILDLINK3_MK
diff -r 402f1167f523 -r 8d6119b71f4e www/mozilla/Makefile
--- a/www/mozilla/Makefile Fri Apr 22 06:48:32 2005 +0000
+++ b/www/mozilla/Makefile Fri Apr 22 07:22:33 2005 +0000
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.141.2.2 2005/04/08 10:53:14 salo Exp $
+# $NetBSD: Makefile,v 1.141.2.3 2005/04/22 07:22:33 snj Exp $
MOZILLA= mozilla
MOZILLA_BIN= mozilla-bin
-MOZ_VER= 1.7.6
-PKGREVISION= 1
+MOZ_VER= 1.7.7
EXTRACT_SUFX= .tar.bz2
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+= mozilla-source-1.7.3-libart_lgpl.tar.bz2
+SITES_mozilla-source-1.7.3-libart_lgpl.tar.bz2=${MASTER_SITE_LOCAL}
COMMENT= Full featured gecko-based browser
diff -r 402f1167f523 -r 8d6119b71f4e www/mozilla/buildlink3.mk
--- a/www/mozilla/buildlink3.mk Fri Apr 22 06:48:32 2005 +0000
+++ b/www/mozilla/buildlink3.mk Fri Apr 22 07:22:33 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.7.2.1 2005/03/27 05:32:19 snj Exp $
+# $NetBSD: buildlink3.mk,v 1.7.2.2 2005/04/22 07:22:33 snj Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
MOZILLA_BUILDLINK3_MK:= ${MOZILLA_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(MOZILLA_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.mozilla+= mozilla>=1.7.5
-BUILDLINK_RECOMMENDED.mozilla+= mozilla>=1.7.6
+BUILDLINK_RECOMMENDED.mozilla+= mozilla>=1.7.7
BUILDLINK_PKGSRCDIR.mozilla?= ../../www/mozilla
.endif # MOZILLA_BUILDLINK3_MK
diff -r 402f1167f523 -r 8d6119b71f4e www/mozilla/distinfo
--- a/www/mozilla/distinfo Fri Apr 22 06:48:32 2005 +0000
+++ b/www/mozilla/distinfo Fri Apr 22 07:22:33 2005 +0000
@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.72.2.2 2005/04/08 10:53:14 salo Exp $
+$NetBSD: distinfo,v 1.72.2.3 2005/04/22 07:22:33 snj Exp $
-SHA1 (mozilla-source-1.7.6.tar.bz2) = 3c47a28173c912098ab37d3fc844451320463d00
-RMD160 (mozilla-source-1.7.6.tar.bz2) = 3352d9a67213664bbe72bf1075420837028b3db4
-Size (mozilla-source-1.7.6.tar.bz2) = 30448120 bytes
+SHA1 (mozilla-source-1.7.7.tar.bz2) = c660db518add97ed54e30a901c1e4e60dbafab3a
+RMD160 (mozilla-source-1.7.7.tar.bz2) = 410017e874ba058bf1dbc7f265db95a2311545a0
+Size (mozilla-source-1.7.7.tar.bz2) = 29776225 bytes
+SHA1 (mozilla-source-1.7.3-libart_lgpl.tar.bz2) = cb8f05dc11eb6fd954a15f6c04e2904c8d4d3f94
+RMD160 (mozilla-source-1.7.3-libart_lgpl.tar.bz2) = 4371536b745882de8dbd736ed03f3b661067251b
+Size (mozilla-source-1.7.3-libart_lgpl.tar.bz2) = 102926 bytes
SHA1 (patch-aa) = be62070f062e8ae13f06bd7b3f4f0d4a9ee67bef
SHA1 (patch-ab) = 77038a3dee47573782d912a928327d046c6d3c7f
SHA1 (patch-ac) = 32aa4b92eea19aca07077a292cb759d074026642
@@ -28,7 +31,6 @@
SHA1 (patch-bs) = fb9f8f13ce481c04a0f7ecfd0ad4d8016cddc2e4
SHA1 (patch-bt) = 70746626648624b38cc6e8795eb9c061be992342
SHA1 (patch-bu) = db33b8651e3cb1fbf9a18dbe78e1e8288cfda0ee
-SHA1 (patch-bugzilla288688) = cebe5ad483a4cfcd55c6be0f0823b75ed1bd4aba
SHA1 (patch-bv) = 4f23dfd885131ea866f31370f1421e7c19706860
SHA1 (patch-bw) = fc3a518d3762be6e85104a6dc7fffd5ae1a463c8
SHA1 (patch-bx) = 046e19c9c4b431369411658373b14c1822841d85
diff -r 402f1167f523 -r 8d6119b71f4e www/mozilla/patches/patch-bugzilla288688
--- a/www/mozilla/patches/patch-bugzilla288688 Fri Apr 22 06:48:32 2005 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,38 +0,0 @@
-$NetBSD: patch-bugzilla288688,v 1.1.2.2 2005/04/08 10:53:14 salo Exp $
-
-diff -ru ../Orig/mozilla/js/src/jsstr.c ./js/src/jsstr.c
---- ../Orig/mozilla/js/src/jsstr.c 2003-12-22 15:13:07.000000000 +0900
-+++ ./js/src/jsstr.c 2005-04-06 23:33:09.000000000 +0900
-@@ -1378,11 +1378,17 @@
- JSBool ok;
-
- /*
-- * Save the rightContext from the current regexp, since it
-- * gets stuck at the end of the replacement string and may
-- * be clobbered by a RegExp usage in the lambda function.
-+ * Save the regExpStatics from the current regexp, since they may be
-+ * clobbered by a RegExp usage in the lambda function. Note that all
-+ * members of JSRegExpStatics are JSSubStrings, so not GC roots, save
-+ * input, which is rooted otherwise via argv[-1] in str_replace.
-+ *
-+ * We need to clear moreParens in the top-of-stack cx->regExpStatics
-+ * to it won't be possibly realloc'ed, leaving the bottom-of-stack
-+ * moreParens pointing to freed memory.
- */
-- JSSubString saveRightContext = cx->regExpStatics.rightContext;
-+ JSRegExpStatics save = cx->regExpStatics;
-+ cx->regExpStatics.moreParens = NULL;
-
- /*
- * In the lambda case, not only do we find the replacement string's
-@@ -1460,7 +1466,9 @@
-
- lambda_out:
- js_FreeStack(cx, mark);
-- cx->regExpStatics.rightContext = saveRightContext;
-+ if (cx->regExpStatics.moreParens)
-+ JS_free(cx, cx->regExpStatics.moreParens);
-+ cx->regExpStatics = save;
- return ok;
- }
- #endif /* JS_HAS_REPLACE_LAMBDA */
Home |
Main Index |
Thread Index |
Old Index