pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q1]: pkgsrc Pullup ticket 1682 - requested by ghen
details: https://anonhg.NetBSD.org/pkgsrc/rev/708880609c83
branches: pkgsrc-2006Q1
changeset: 510309:708880609c83
user: salo <salo%pkgsrc.org@localhost>
date: Sun Jun 04 00:54:05 2006 +0000
description:
Pullup ticket 1682 - requested by ghen
security update for firefox and thunderbird
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.35
- pkgsrc/www/firefox/Makefile-firefox.common 1.30, 1.33
- pkgsrc/www/firefox/distinfo 1.49, 1.50
- pkgsrc/www/firefox-gtk1/Makefile 1.13
- pkgsrc/www/firefox/patches/patch-fa removed
- pkgsrc/www/firefox/patches/patch-fb removed
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.15
- pkgsrc/mail/thunderbird/PLIST 1.14
- pkgsrc/mail/thunderbird/distinfo 1.23
- pkgsrc/mail/thunderbird-gtk1/PLIST 1.5
Module Name: pkgsrc
Committed By: ghen
Date: Thu May 4 05:16:13 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo
pkgsrc/www/firefox-gtk1: Makefile
Removed Files:
pkgsrc/www/firefox/patches: patch-fa patch-fb
Log Message:
Update Firefox to 1.5.0.3, which is identical to our 1.5.0.2nb2 (except
for the advertized version), so there's no reason to upgrade. :-)
Fixes a denial of service vulnerability (MFSA 2006-30).
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Jun 3 08:04:36 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
pkgsrc/www/firefox: Makefile-firefox.common distinfo
Log Message:
Update www/firefox and www/firefox-gtk to 1.5.0.4, mail/thunderbird and
mail/thunderbird-gtk1 to 1.5.0.4 (salo has already updated
www/firefox-bin). Note that thunderbird skipped one release number
(again) to stay on par with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
diffstat:
mail/thunderbird-gtk1/PLIST | 4 +-
mail/thunderbird/Makefile-thunderbird.common | 4 +-
mail/thunderbird/PLIST | 4 +-
mail/thunderbird/distinfo | 8 +-
www/firefox-gtk1/Makefile | 3 +-
www/firefox/Makefile | 3 +-
www/firefox/Makefile-firefox.common | 4 +-
www/firefox/distinfo | 10 +--
www/firefox/patches/patch-fa | 22 --------
www/firefox/patches/patch-fb | 70 ----------------------------
10 files changed, 18 insertions(+), 114 deletions(-)
diffs (224 lines):
diff -r cf1626b17e2a -r 708880609c83 mail/thunderbird-gtk1/PLIST
--- a/mail/thunderbird-gtk1/PLIST Fri Jun 02 15:50:44 2006 +0000
+++ b/mail/thunderbird-gtk1/PLIST Sun Jun 04 00:54:05 2006 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2006/02/06 22:17:59 ghen Exp $
+@comment $NetBSD: PLIST,v 1.4.2.1 2006/06/04 00:54:05 salo Exp $
bin/${MOZILLA}
@comment begin PROGRAMS
lib/${MOZILLA}/${MOZILLA_BIN}
@@ -2685,7 +2685,7 @@
include/${MOZILLA}/nss/watcomfx.h
@comment end INCLUDE-PUBLIC
@exec env LD_LIBRARY_PATH=%D/lib/${MOZILLA} MOZILLA_FIVE_HOME=%D/lib/${MOZILLA} %D/lib/${MOZILLA}/regxpcom
-@unexec ${RM} %D/lib/${MOZILLA}/chrome/app-chrome.manifest
+@unexec ${RM} -f %D/lib/${MOZILLA}/chrome/app-chrome.manifest
@unexec ${RM} %D/lib/${MOZILLA}/components/compreg.dat
@unexec ${RM} %D/lib/${MOZILLA}/components/xpti.dat
@comment begin DIRS
diff -r cf1626b17e2a -r 708880609c83 mail/thunderbird/Makefile-thunderbird.common
--- a/mail/thunderbird/Makefile-thunderbird.common Fri Jun 02 15:50:44 2006 +0000
+++ b/mail/thunderbird/Makefile-thunderbird.common Sun Jun 04 00:54:05 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile-thunderbird.common,v 1.11.2.1 2006/04/23 23:11:55 salo Exp $
+# $NetBSD: Makefile-thunderbird.common,v 1.11.2.2 2006/06/04 00:54:05 salo Exp $
MOZILLA_BIN= thunderbird-bin
-MOZ_VER= 1.5.0.2
+MOZ_VER= 1.5.0.4
EXTRACT_SUFX= .tar.bz2
DISTNAME= thunderbird-${MOZ_VER}-source
CATEGORIES= mail
diff -r cf1626b17e2a -r 708880609c83 mail/thunderbird/PLIST
--- a/mail/thunderbird/PLIST Fri Jun 02 15:50:44 2006 +0000
+++ b/mail/thunderbird/PLIST Sun Jun 04 00:54:05 2006 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.13 2006/02/06 22:17:59 ghen Exp $
+@comment $NetBSD: PLIST,v 1.13.2.1 2006/06/04 00:54:05 salo Exp $
bin/${MOZILLA}
@comment begin PROGRAMS
lib/${MOZILLA}/${MOZILLA_BIN}
@@ -2689,7 +2689,7 @@
include/${MOZILLA}/nss/watcomfx.h
@comment end INCLUDE-PUBLIC
@exec env LD_LIBRARY_PATH=%D/lib/${MOZILLA} MOZILLA_FIVE_HOME=%D/lib/${MOZILLA} %D/lib/${MOZILLA}/regxpcom
-@unexec ${RM} %D/lib/${MOZILLA}/chrome/app-chrome.manifest
+@unexec ${RM} -f %D/lib/${MOZILLA}/chrome/app-chrome.manifest
@unexec ${RM} %D/lib/${MOZILLA}/components/compreg.dat
@unexec ${RM} %D/lib/${MOZILLA}/components/xpti.dat
@comment begin DIRS
diff -r cf1626b17e2a -r 708880609c83 mail/thunderbird/distinfo
--- a/mail/thunderbird/distinfo Fri Jun 02 15:50:44 2006 +0000
+++ b/mail/thunderbird/distinfo Sun Jun 04 00:54:05 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.21.2.1 2006/04/23 23:11:55 salo Exp $
+$NetBSD: distinfo,v 1.21.2.2 2006/06/04 00:54:05 salo Exp $
-SHA1 (thunderbird-1.5.0.2-source.tar.bz2) = 6805470f93871916909e4fb4fea9c1354a76ec25
-RMD160 (thunderbird-1.5.0.2-source.tar.bz2) = 8aaf02c205b131a38fa0384fe6126eec325c3e9e
-Size (thunderbird-1.5.0.2-source.tar.bz2) = 35880369 bytes
+SHA1 (thunderbird-1.5.0.4-source.tar.bz2) = 492dd76460fc14543a70349263b64b0a2803bee9
+RMD160 (thunderbird-1.5.0.4-source.tar.bz2) = 27e88578d8857e48b46ee4dff2900f27b8a0f447
+Size (thunderbird-1.5.0.4-source.tar.bz2) = 35872600 bytes
SHA1 (patch-aa) = ff3586c00ff8d3fa6a1bda639116778169ad4466
SHA1 (patch-ab) = 824a3ce1f608e8fff16e2366c7962f23a4321b10
SHA1 (patch-ac) = 5561b6fedb5417534fefdf3404a93b1915d00be3
diff -r cf1626b17e2a -r 708880609c83 www/firefox-gtk1/Makefile
--- a/www/firefox-gtk1/Makefile Fri Jun 02 15:50:44 2006 +0000
+++ b/www/firefox-gtk1/Makefile Sun Jun 04 00:54:05 2006 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.9.2.2 2006/05/02 20:59:47 salo Exp $
+# $NetBSD: Makefile,v 1.9.2.3 2006/06/04 00:54:06 salo Exp $
MOZILLA= firefox-gtk1
-PKGREVISION= 2
COMMENT= Lightweight gecko-based web browser built with GTK+-1.x
.include "../../www/firefox/Makefile-firefox.common"
diff -r cf1626b17e2a -r 708880609c83 www/firefox/Makefile
--- a/www/firefox/Makefile Fri Jun 02 15:50:44 2006 +0000
+++ b/www/firefox/Makefile Sun Jun 04 00:54:05 2006 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.31.2.2 2006/05/02 20:59:47 salo Exp $
+# $NetBSD: Makefile,v 1.31.2.3 2006/06/04 00:54:05 salo Exp $
MOZILLA= firefox
-PKGREVISION= 2
EXTRACT_SUFX= .tar.bz2
COMMENT= Lightweight gecko-based web browser
diff -r cf1626b17e2a -r 708880609c83 www/firefox/Makefile-firefox.common
--- a/www/firefox/Makefile-firefox.common Fri Jun 02 15:50:44 2006 +0000
+++ b/www/firefox/Makefile-firefox.common Sun Jun 04 00:54:05 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile-firefox.common,v 1.28.2.1 2006/04/15 23:32:58 salo Exp $
+# $NetBSD: Makefile-firefox.common,v 1.28.2.2 2006/06/04 00:54:05 salo Exp $
MOZILLA_BIN= firefox-bin
-MOZ_VER= 1.5.0.2
+MOZ_VER= 1.5.0.4
EXTRACT_SUFX= .tar.bz2
DISTNAME= firefox-${MOZ_VER}-source
diff -r cf1626b17e2a -r 708880609c83 www/firefox/distinfo
--- a/www/firefox/distinfo Fri Jun 02 15:50:44 2006 +0000
+++ b/www/firefox/distinfo Sun Jun 04 00:54:05 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.45.2.2 2006/05/02 20:59:47 salo Exp $
+$NetBSD: distinfo,v 1.45.2.3 2006/06/04 00:54:05 salo Exp $
-SHA1 (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = 21f5497a4cdd4b142bdcb9c3fbdfea43cae1455f
-RMD160 (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = a3128798930d069a175d278b5522cdc8e43dc352
-Size (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = 35234245 bytes
+SHA1 (firefox-1.5.0.4/firefox-1.5.0.4-source.tar.bz2) = 3659272e3de17cd263fbe5e328635ed7a18f70c5
+RMD160 (firefox-1.5.0.4/firefox-1.5.0.4-source.tar.bz2) = e119bbd4a65205f92341cb664222a9d6f1299991
+Size (firefox-1.5.0.4/firefox-1.5.0.4-source.tar.bz2) = 35337540 bytes
SHA1 (patch-aa) = 5095449d4e979085fc5791b9d0251076b9c969c3
SHA1 (patch-ab) = eda86e19dbf45be392b6be4a40dbb25936c91439
SHA1 (patch-ac) = c0cfa9805d883e0761b5bc63b4015cbf1e951eec
@@ -59,5 +59,3 @@
SHA1 (patch-dv) = a380d261d4c2771a672d2b0f4f1f23821e3e5266
SHA1 (patch-ea) = 14e31d17c2493e468cd01f99abfc996853a11032
SHA1 (patch-eb) = dc9232b10075d17f7ed742e7be8ea036db2f0241
-SHA1 (patch-fa) = 64f09a71d4d3c36a42e8ccf28b2d3e43dbf8f202
-SHA1 (patch-fb) = fb32614d012565c4cb97e489ef05f3f76d75c841
diff -r cf1626b17e2a -r 708880609c83 www/firefox/patches/patch-fa
--- a/www/firefox/patches/patch-fa Fri Jun 02 15:50:44 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-fa,v 1.1.2.2 2006/05/02 20:59:47 salo Exp $
-
---- embedding/components/commandhandler/src/nsBaseCommandController.h.orig 2006-04-28 12:43:57.000000000 +0200
-+++ embedding/components/commandhandler/src/nsBaseCommandController.h
-@@ -49,6 +49,8 @@
- #include "nsIControllerContext.h"
- #include "nsIControllerCommandTable.h"
- #include "nsIInterfaceRequestor.h"
-+#include "nsIWeakReference.h"
-+#include "nsIWeakReferenceUtils.h"
-
- // The base editor controller is used for both text widgets,
- // and all other text and html editing
-@@ -79,7 +81,7 @@ public:
-
- private:
-
-- nsISupports *mCommandContext;
-+ nsWeakPtr mCommandContext;
-
- // Our reference to the command manager
- nsCOMPtr<nsIControllerCommandTable> mCommandTable;
diff -r cf1626b17e2a -r 708880609c83 www/firefox/patches/patch-fb
--- a/www/firefox/patches/patch-fb Fri Jun 02 15:50:44 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,70 +0,0 @@
-$NetBSD: patch-fb,v 1.1.2.2 2006/05/02 20:59:47 salo Exp $
-
---- embedding/components/commandhandler/src/nsBaseCommandController.cpp.orig 2006-04-28 12:43:57.000000000 +0200
-+++ embedding/components/commandhandler/src/nsBaseCommandController.cpp
-@@ -55,7 +55,6 @@ NS_INTERFACE_MAP_BEGIN(nsBaseCommandCont
- NS_INTERFACE_MAP_END
-
- nsBaseCommandController::nsBaseCommandController()
--: mCommandContext(nsnull)
- {
- }
-
-@@ -79,7 +78,7 @@ nsBaseCommandController::Init(nsIControl
- NS_IMETHODIMP
- nsBaseCommandController::SetCommandContext(nsISupports *aCommandContext)
- {
-- mCommandContext = aCommandContext; // no addref
-+ mCommandContext = do_GetWeakReference(aCommandContext);
- return NS_OK;
- }
-
-@@ -113,7 +112,8 @@ nsBaseCommandController::IsCommandEnable
- {
- NS_ENSURE_ARG_POINTER(aCommand);
- NS_ENSURE_ARG_POINTER(aResult);
-- return mCommandTable->IsCommandEnabled(aCommand, mCommandContext, aResult);
-+ nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
-+ return mCommandTable->IsCommandEnabled(aCommand, context, aResult);
- }
-
- NS_IMETHODIMP
-@@ -121,14 +121,16 @@ nsBaseCommandController::SupportsCommand
- {
- NS_ENSURE_ARG_POINTER(aCommand);
- NS_ENSURE_ARG_POINTER(aResult);
-- return mCommandTable->SupportsCommand(aCommand, mCommandContext, aResult);
-+ nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
-+ return mCommandTable->SupportsCommand(aCommand, context, aResult);
- }
-
- NS_IMETHODIMP
- nsBaseCommandController::DoCommand(const char *aCommand)
- {
- NS_ENSURE_ARG_POINTER(aCommand);
-- return mCommandTable->DoCommand(aCommand, mCommandContext);
-+ nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
-+ return mCommandTable->DoCommand(aCommand, context);
- }
-
- NS_IMETHODIMP
-@@ -136,7 +138,8 @@ nsBaseCommandController::DoCommandWithPa
- nsICommandParams *aParams)
- {
- NS_ENSURE_ARG_POINTER(aCommand);
-- return mCommandTable->DoCommandParams(aCommand, aParams, mCommandContext);
-+ nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
-+ return mCommandTable->DoCommandParams(aCommand, aParams, context);
- }
-
- NS_IMETHODIMP
-@@ -144,7 +147,8 @@ nsBaseCommandController::GetCommandState
- nsICommandParams *aParams)
- {
- NS_ENSURE_ARG_POINTER(aCommand);
-- return mCommandTable->GetCommandState(aCommand, aParams, mCommandContext);
-+ nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
-+ return mCommandTable->GetCommandState(aCommand, aParams, context);
- }
-
- NS_IMETHODIMP
Home |
Main Index |
Thread Index |
Old Index