[pkgsrc/trunk]: pkgsrc/devel/xulrunner firefox-3.6.7 / xulrunner-1.9.2.7 secu...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/devel/xulrunner firefox-3.6.7 / xulrunner-1.9.2.7 secu...
From: tnn <tnn%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 09:39:12 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/044a66094082
branches:  trunk
changeset: 577831:044a66094082
user:      tnn <tnn%pkgsrc.org@localhost>
date:      Wed Jul 21 16:55:33 2010 +0000

description:
firefox-3.6.7 / xulrunner-1.9.2.7 security update.

MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent
             character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution
MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

diffstat:

 devel/xulrunner/PLIST            |   4 +++-
 devel/xulrunner/dist.mk          |   4 ++--
 devel/xulrunner/distinfo         |  11 +++++------
 devel/xulrunner/patches/patch-bc |  20 --------------------
 devel/xulrunner/patches/patch-mp |  10 +++++-----
 5 files changed, 15 insertions(+), 34 deletions(-)

diffs (126 lines):

diff -r 828286d2bb49 -r 044a66094082 devel/xulrunner/PLIST
--- a/devel/xulrunner/PLIST     Wed Jul 21 16:53:58 2010 +0000
+++ b/devel/xulrunner/PLIST     Wed Jul 21 16:55:33 2010 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.22 2010/06/24 12:20:38 tnn Exp $
+@comment $NetBSD: PLIST,v 1.23 2010/07/21 16:55:33 tnn Exp $
 bin/xulrunner
 ${PLIST.jit}include/xulrunner/Allocator.h
 ${PLIST.jit}include/xulrunner/Assembler.h
@@ -1341,6 +1341,7 @@
 include/xulrunner/nsIProxyAutoConfig.h
 include/xulrunner/nsIProxyInfo.h
 include/xulrunner/nsIProxyObjectManager.h
+include/xulrunner/nsIQueryContentEventResult.h
 include/xulrunner/nsIRDFCompositeDataSource.h
 include/xulrunner/nsIRDFContainer.h
 include/xulrunner/nsIRDFContainerUtils.h
@@ -3231,6 +3232,7 @@
 share/idl/xulrunner/nsIProxyAutoConfig.idl
 share/idl/xulrunner/nsIProxyInfo.idl
 share/idl/xulrunner/nsIProxyObjectManager.idl
+share/idl/xulrunner/nsIQueryContentEventResult.idl
 share/idl/xulrunner/nsIRDFCompositeDataSource.idl
 share/idl/xulrunner/nsIRDFContainer.idl
 share/idl/xulrunner/nsIRDFContainerUtils.idl
diff -r 828286d2bb49 -r 044a66094082 devel/xulrunner/dist.mk
--- a/devel/xulrunner/dist.mk   Wed Jul 21 16:53:58 2010 +0000
+++ b/devel/xulrunner/dist.mk   Wed Jul 21 16:55:33 2010 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: dist.mk,v 1.11 2010/06/24 12:20:38 tnn Exp $
+# $NetBSD: dist.mk,v 1.12 2010/07/21 16:55:33 tnn Exp $
 #
 # used by devel/nspr/Makefile
 # used by devel/nss/Makefile
@@ -8,7 +8,7 @@
 DISTNAME=      firefox-${FIREFOX_VER}.source
 FIREFOX_VER=   3.6${MOZ_BRANCH_MINOR}
 MOZ_BRANCH=    1.9.2
-MOZ_BRANCH_MINOR=      .4
+MOZ_BRANCH_MINOR=      .7
 MASTER_SITES=  ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 EXTRACT_SUFX=  .tar.bz2
 
diff -r 828286d2bb49 -r 044a66094082 devel/xulrunner/distinfo
--- a/devel/xulrunner/distinfo  Wed Jul 21 16:53:58 2010 +0000
+++ b/devel/xulrunner/distinfo  Wed Jul 21 16:55:33 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.33 2010/06/24 12:20:38 tnn Exp $
+$NetBSD: distinfo,v 1.34 2010/07/21 16:55:33 tnn Exp $
 
-SHA1 (firefox-3.6.4.source.tar.bz2) = c73e4cf4a8e55b5a192fe59d38bef1d06f43e842
-RMD160 (firefox-3.6.4.source.tar.bz2) = b36d31d35f2fc0d6f793b4d4e3f3069e55d9e1ad
-Size (firefox-3.6.4.source.tar.bz2) = 51082341 bytes
+SHA1 (firefox-3.6.7.source.tar.bz2) = 12c584a63ea6ddbb9253094ad500bc6b046903a6
+RMD160 (firefox-3.6.7.source.tar.bz2) = 6d6eca57a24641725dce571dea5be3750d0bb7e1
+Size (firefox-3.6.7.source.tar.bz2) = 51233147 bytes
 SHA1 (patch-aa) = d719f801f340688102e3b1c07b53655f4053180a
 SHA1 (patch-ab) = a9a9db3f53ecac231007de9ed163bd99f2184462
 SHA1 (patch-ac) = e50356963fd235ea11fa45baae356fcf21c6669d
@@ -31,7 +31,6 @@
 SHA1 (patch-az) = 5a09ccfa14fab962c4e2916f00669a1fa4a8ade4
 SHA1 (patch-ba) = 9d4058f2a3a290429b26cb8335dd5b188bccc96d
 SHA1 (patch-bb) = a764014f7aee2ecb75584ee652fd4a35ab647527
-SHA1 (patch-bc) = 6ea633380f427a24098129afa68fcd0112e68ca1
 SHA1 (patch-be) = cad5bc4ac3e83b6e098edfbf0aadc845d97a6032
 SHA1 (patch-bf) = 6295d27762eb91162c00362306acbd47eeda61ac
 SHA1 (patch-bg) = ab79e04b5ac1453157cfb57754613210c74c3b90
@@ -49,7 +48,7 @@
 SHA1 (patch-ml) = 9003af056e5b671b2345d0a75e99836746369c00
 SHA1 (patch-mm) = 51d84cacbfa0430dad21f86f66979b6222299b31
 SHA1 (patch-mn) = 7d162a96959315a143c68b3ca2ca4dea6060f1f2
-SHA1 (patch-mp) = 5edb7dbdde20f7aaf5c1bfa035f471ec6d871f95
+SHA1 (patch-mp) = 34bf95224cdecedd93566f9405f725b0c9b5ee0f
 SHA1 (patch-nd) = f5156ca4d1e61dd1b355bbaa5ebd9cc490d8d865
 SHA1 (patch-pa) = 7dffaba78ee254a545c3f7669a3eb2a92196becc
 SHA1 (patch-pb) = 9450fe31653c225d529a6ec4d551d0cda464965d
diff -r 828286d2bb49 -r 044a66094082 devel/xulrunner/patches/patch-bc
--- a/devel/xulrunner/patches/patch-bc  Wed Jul 21 16:53:58 2010 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-bc,v 1.1 2010/03/16 15:57:02 tnn Exp $
-
-# ensure at least pointer compatible alignement of memory arena for
-# RuleProcessorData::operator new
-# Reported upstream as https://bugzilla.mozilla.org/show_bug.cgi?id=550842
-
---- content/base/src/nsGenericElement.cpp.orig 2010-02-27 02:32:31.000000000 +0000
-+++ content/base/src/nsGenericElement.cpp
-@@ -5132,9 +5132,9 @@ TryMatchingElementsInSubtree(nsINode* aR
-    * cheaper than heap-allocating all the datas and keeping track of them all,
-    * and helps a good bit in the common cases.  We also keep track of the whole
-    * parent data chain, since we have those Around anyway */
--  char databuf[2 * sizeof(RuleProcessorData)];
-+  union { char c[2 * sizeof(RuleProcessorData)]; void *p; } databuf;
-   RuleProcessorData* prevSibling = nsnull;
--  RuleProcessorData* data = reinterpret_cast<RuleProcessorData*>(databuf);
-+  RuleProcessorData* data = reinterpret_cast<RuleProcessorData*>(&databuf);
- 
-   PRBool continueIteration = PR_TRUE;
-   for (nsINode::ChildIterator iter(aRoot); !iter.IsDone(); iter.Next()) {
diff -r 828286d2bb49 -r 044a66094082 devel/xulrunner/patches/patch-mp
--- a/devel/xulrunner/patches/patch-mp  Wed Jul 21 16:53:58 2010 +0000
+++ b/devel/xulrunner/patches/patch-mp  Wed Jul 21 16:55:33 2010 +0000
@@ -1,9 +1,9 @@
-$NetBSD: patch-mp,v 1.3 2009/12/16 08:18:33 tnn Exp $
+$NetBSD: patch-mp,v 1.4 2010/07/21 16:55:34 tnn Exp $
 
---- media/libsydneyaudio/src/Makefile.in.orig  2009-12-02 05:28:49.000000000 +0100
+--- media/libsydneyaudio/src/Makefile.in.orig  2010-07-13 19:10:28.000000000 +0000
 +++ media/libsydneyaudio/src/Makefile.in
-@@ -77,6 +77,24 @@ CSRCS               = \
-               $(NULL)
+@@ -83,6 +83,24 @@ CSRCS         = \
+               $(NULL)
  endif
  
 +ifeq ($(OS_ARCH),DragonFly)
@@ -23,7 +23,7 @@
 +              sydney_audio_oss.c \
 +              $(NULL)
 +endif
-+              
++
  ifeq ($(OS_ARCH),WINNT)
  OS_LIBS += winmm.lib
  endif
Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/py-expect Fix build with modern libtool by using...
Next by Date: [pkgsrc/trunk]: pkgsrc/editors/lyx update to 1.6.7
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/py-expect Fix build with modern libtool by using...
Next by Thread: [pkgsrc/trunk]: pkgsrc/editors/lyx update to 1.6.7
Indexes:
Home | Main Index | Thread Index | Old Index