Subject: CVS commit: [pkgsrc-2006Q1] pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 06/04/2006 00:54:06
Module Name: pkgsrc
Committed By: salo
Date: Sun Jun 4 00:54:06 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird [pkgsrc-2006Q1]: Makefile-thunderbird.common
PLIST distinfo
pkgsrc/mail/thunderbird-gtk1 [pkgsrc-2006Q1]: PLIST
pkgsrc/www/firefox [pkgsrc-2006Q1]: Makefile Makefile-firefox.common
distinfo
pkgsrc/www/firefox-gtk1 [pkgsrc-2006Q1]: Makefile
Removed Files:
pkgsrc/www/firefox/patches [pkgsrc-2006Q1]: patch-fa patch-fb
Log Message:
Pullup ticket 1682 - requested by ghen
security update for firefox and thunderbird
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.35
- pkgsrc/www/firefox/Makefile-firefox.common 1.30, 1.33
- pkgsrc/www/firefox/distinfo 1.49, 1.50
- pkgsrc/www/firefox-gtk1/Makefile 1.13
- pkgsrc/www/firefox/patches/patch-fa removed
- pkgsrc/www/firefox/patches/patch-fb removed
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.15
- pkgsrc/mail/thunderbird/PLIST 1.14
- pkgsrc/mail/thunderbird/distinfo 1.23
- pkgsrc/mail/thunderbird-gtk1/PLIST 1.5
Module Name: pkgsrc
Committed By: ghen
Date: Thu May 4 05:16:13 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo
pkgsrc/www/firefox-gtk1: Makefile
Removed Files:
pkgsrc/www/firefox/patches: patch-fa patch-fb
Log Message:
Update Firefox to 1.5.0.3, which is identical to our 1.5.0.2nb2 (except
for the advertized version), so there's no reason to upgrade. :-)
Fixes a denial of service vulnerability (MFSA 2006-30).
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Jun 3 08:04:36 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
pkgsrc/www/firefox: Makefile-firefox.common distinfo
Log Message:
Update www/firefox and www/firefox-gtk to 1.5.0.4, mail/thunderbird and
mail/thunderbird-gtk1 to 1.5.0.4 (salo has already updated
www/firefox-bin). Note that thunderbird skipped one release number
(again) to stay on par with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
To generate a diff of this commit:
cvs rdiff -r1.11.2.1 -r1.11.2.2 \
pkgsrc/mail/thunderbird/Makefile-thunderbird.common
cvs rdiff -r1.13 -r1.13.2.1 pkgsrc/mail/thunderbird/PLIST
cvs rdiff -r1.21.2.1 -r1.21.2.2 pkgsrc/mail/thunderbird/distinfo
cvs rdiff -r1.4 -r1.4.2.1 pkgsrc/mail/thunderbird-gtk1/PLIST
cvs rdiff -r1.31.2.2 -r1.31.2.3 pkgsrc/www/firefox/Makefile
cvs rdiff -r1.28.2.1 -r1.28.2.2 pkgsrc/www/firefox/Makefile-firefox.common
cvs rdiff -r1.45.2.2 -r1.45.2.3 pkgsrc/www/firefox/distinfo
cvs rdiff -r1.9.2.2 -r1.9.2.3 pkgsrc/www/firefox-gtk1/Makefile
cvs rdiff -r1.1.2.1 -r0 pkgsrc/www/firefox/patches/patch-fa \
pkgsrc/www/firefox/patches/patch-fb
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.