pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q2]: pkgsrc/mail pullup ticket #2506 - requested by ghen

details:   https://anonhg.NetBSD.org/pkgsrc/rev/52ecc1f186f6
branches:  pkgsrc-2008Q2
changeset: 544287:52ecc1f186f6
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Sun Aug 24 11:10:26 2008 +0000

description:
pullup ticket #2506 - requested by ghen
thunderbird, thunderbird-gtk1: update package for security fixes

revisions pulled up:
pkgsrc/mail/thunderbird/Makefile-thunderbird.common     1.36
pkgsrc/mail/thunderbird/PLIST                           1.24
pkgsrc/mail/thunderbird/distinfo                        1.46
pkgsrc/mail/thunderbird-gtk1/PLIST                      1.14
pkgsrc/mail/thunderbird/patches/patch-af                1.5
pkgsrc/mail/thunderbird/patches/patch-ap                1.5
pkgsrc/mail/thunderbird/patches/patch-dw                1.2

Module Name:    pkgsrc
Committed By:   ghen
Date:           Fri Aug 22 09:42:15 UTC 2008

Modified Files:
        pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
        pkgsrc/mail/thunderbird-gtk1: PLIST
        pkgsrc/mail/thunderbird/patches: patch-af patch-ap patch-dw

Log Message:
Update thunderbird and thunderbird-gtk1 to 2.0.0.16.

Security fixes in this version:

MFSA 2008-34 Remote code execution by overflowing CSS reference counter
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-26 Buffer length checks in MIME processing
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-21 Crashes with evidence of memory corruption

For more info, see
+http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/

diffstat:

 mail/thunderbird-gtk1/PLIST                  |   3 ++-
 mail/thunderbird/Makefile-thunderbird.common |   4 ++--
 mail/thunderbird/PLIST                       |   3 ++-
 mail/thunderbird/distinfo                    |  14 +++++++-------
 mail/thunderbird/patches/patch-af            |  17 ++---------------
 mail/thunderbird/patches/patch-ap            |   6 +++---
 mail/thunderbird/patches/patch-dw            |  10 +++++-----
 7 files changed, 23 insertions(+), 34 deletions(-)

diffs (158 lines):

diff -r 29097e14ab7e -r 52ecc1f186f6 mail/thunderbird-gtk1/PLIST
--- a/mail/thunderbird-gtk1/PLIST       Sat Aug 23 10:47:24 2008 +0000
+++ b/mail/thunderbird-gtk1/PLIST       Sun Aug 24 11:10:26 2008 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.13 2007/07/26 12:29:37 ghen Exp $
+@comment $NetBSD: PLIST,v 1.13.10.1 2008/08/24 11:10:27 rtr Exp $
 bin/${MOZILLA}
 @comment begin PROGRAMS
 lib/${MOZILLA}/${MOZILLA_BIN}
@@ -2102,6 +2102,7 @@
 include/${MOZILLA}/pipnss/nsITokenPasswordDialogs.h
 include/${MOZILLA}/pipnss/nsIUserCertPicker.h
 include/${MOZILLA}/pipnss/nsIX509Cert.h
+include/${MOZILLA}/pipnss/nsIX509Cert18Branch.h
 include/${MOZILLA}/pipnss/nsIX509Cert3.h
 include/${MOZILLA}/pipnss/nsIX509CertDB.h
 include/${MOZILLA}/pipnss/nsIX509CertDB2.h
diff -r 29097e14ab7e -r 52ecc1f186f6 mail/thunderbird/Makefile-thunderbird.common
--- a/mail/thunderbird/Makefile-thunderbird.common      Sat Aug 23 10:47:24 2008 +0000
+++ b/mail/thunderbird/Makefile-thunderbird.common      Sun Aug 24 11:10:26 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile-thunderbird.common,v 1.35 2008/05/20 11:51:55 ghen Exp $
+# $NetBSD: Makefile-thunderbird.common,v 1.35.4.1 2008/08/24 11:10:26 rtr Exp $
 # used by mail/thunderbird/Makefile
 # used by mail/thunderbird-gtk1/Makefile
 
 MOZILLA_BIN=           thunderbird-bin
-MOZ_VER=               2.0.0.14
+MOZ_VER=               2.0.0.16
 EXTRACT_SUFX=          .tar.bz2
 DISTNAME=              thunderbird-${MOZ_VER}-source
 CATEGORIES=            mail
diff -r 29097e14ab7e -r 52ecc1f186f6 mail/thunderbird/PLIST
--- a/mail/thunderbird/PLIST    Sat Aug 23 10:47:24 2008 +0000
+++ b/mail/thunderbird/PLIST    Sun Aug 24 11:10:26 2008 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.23 2007/07/26 12:29:34 ghen Exp $
+@comment $NetBSD: PLIST,v 1.23.10.1 2008/08/24 11:10:26 rtr Exp $
 bin/${MOZILLA}
 @comment begin PROGRAMS
 lib/${MOZILLA}/${MOZILLA_BIN}
@@ -2111,6 +2111,7 @@
 include/${MOZILLA}/pipnss/nsITokenPasswordDialogs.h
 include/${MOZILLA}/pipnss/nsIUserCertPicker.h
 include/${MOZILLA}/pipnss/nsIX509Cert.h
+include/${MOZILLA}/pipnss/nsIX509Cert18Branch.h
 include/${MOZILLA}/pipnss/nsIX509Cert3.h
 include/${MOZILLA}/pipnss/nsIX509CertDB.h
 include/${MOZILLA}/pipnss/nsIX509CertDB2.h
diff -r 29097e14ab7e -r 52ecc1f186f6 mail/thunderbird/distinfo
--- a/mail/thunderbird/distinfo Sat Aug 23 10:47:24 2008 +0000
+++ b/mail/thunderbird/distinfo Sun Aug 24 11:10:26 2008 +0000
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.45 2008/05/20 11:51:55 ghen Exp $
+$NetBSD: distinfo,v 1.45.4.1 2008/08/24 11:10:27 rtr Exp $
 
-SHA1 (thunderbird-2.0.0.14-source.tar.bz2) = 5f30f6e54895e67d96304cdbce15e69aee4d3230
-RMD160 (thunderbird-2.0.0.14-source.tar.bz2) = b7a61bfe9b3b06fc26051e97e7ca4da0b7ab64a4
-Size (thunderbird-2.0.0.14-source.tar.bz2) = 37473129 bytes
+SHA1 (thunderbird-2.0.0.16-source.tar.bz2) = 30092e38d621c30af02653d3bf246d98d2533853
+RMD160 (thunderbird-2.0.0.16-source.tar.bz2) = 6100058cca8d75e108a11b09d03b85d705ca48c2
+Size (thunderbird-2.0.0.16-source.tar.bz2) = 40418085 bytes
 SHA1 (patch-aa) = ff3586c00ff8d3fa6a1bda639116778169ad4466
 SHA1 (patch-ab) = 1dda9cc5822761da53133e987e30c133894baad7
 SHA1 (patch-ac) = 24da4ecce48d22a3752276cae132845b4b474c2a
 SHA1 (patch-ad) = 19afc8dfaf9f14439d747e42ee2f64a9c1a9dc3d
 SHA1 (patch-ae) = 364b91f0bf51e49bb140e13dfb775a89ea38bb28
-SHA1 (patch-af) = 1306065f359a4acc2c2c4a0865d8401baacb7a15
+SHA1 (patch-af) = 2500e35f74eab9ec16df7303fe8d1c2bff0a655b
 SHA1 (patch-ag) = bc08dcb0f7acc4eace112c28241a31b0b6a492e3
 SHA1 (patch-ah) = 4cd8e37475af19bcfe4530f910990f86c89ed916
 SHA1 (patch-ai) = 189aa46f116e424c23368e1c7fbc6c56dd389954
@@ -17,7 +17,7 @@
 SHA1 (patch-al) = 46e7986f0c803701ce9eec38620cf22a2a96ba86
 SHA1 (patch-an) = 47bb24afbb0def95d30d466700c1983f18a14641
 SHA1 (patch-ao) = 4162763cc7af61deb1795f85fdbd96e3ef930d4d
-SHA1 (patch-ap) = 791b30d5b2468a94b356205b22f1dcef0e51fc68
+SHA1 (patch-ap) = 9ca3715eaef7d86933621665f81cc19a79059ed0
 SHA1 (patch-aq) = e8389d53e0d490b3cc1078f646749abfe54225ff
 SHA1 (patch-ar) = ce81dd6b747ba882434cb23343c5e89aac70ea81
 SHA1 (patch-as) = 56effdf9aa488fa2b3c8abcb4b7273841a4b59c1
@@ -51,5 +51,5 @@
 SHA1 (patch-do) = bdb018e157dcb5ef706b69184d8b739cfd32d8c3
 SHA1 (patch-ds) = 1e2e371b9ff7ab9049a947d8e0a63483a1fd244e
 SHA1 (patch-dt) = 9eef43663de12721ecc38124d5bd4a90a825eefc
-SHA1 (patch-dw) = eb4acb8c6c59ef3c73a7ba7e6d6956e325de9d85
+SHA1 (patch-dw) = 6ef560d688b3b67450b9582c95d9239ab4749f61
 SHA1 (patch-dx) = ab7606171564b6879effc3b37d9eadc6565cb74b
diff -r 29097e14ab7e -r 52ecc1f186f6 mail/thunderbird/patches/patch-af
--- a/mail/thunderbird/patches/patch-af Sat Aug 23 10:47:24 2008 +0000
+++ b/mail/thunderbird/patches/patch-af Sun Aug 24 11:10:26 2008 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-af,v 1.4 2006/02/05 14:49:05 ghen Exp $
+$NetBSD: patch-af,v 1.4.22.1 2008/08/24 11:10:27 rtr Exp $
 
---- security/nss/lib/freebl/unix_rand.c.orig   2006-02-02 13:19:58.000000000 +0100
+--- security/nss/lib/freebl/unix_rand.c.orig   2007-07-26 01:18:55.000000000 +0200
 +++ security/nss/lib/freebl/unix_rand.c
 @@ -35,6 +35,7 @@
   * ***** END LICENSE BLOCK ***** */
@@ -10,16 +10,3 @@
  #include <string.h>
  #include <signal.h>
  #include <unistd.h>
-@@ -694,7 +695,11 @@ safe_popen(char *cmd)
-       /* dup write-side of pipe to stderr and stdout */
-       if (p[1] != 1) dup2(p[1], 1);
-       if (p[1] != 2) dup2(p[1], 2);
--      close(0);
-+      fd = open("/dev/null", O_RDONLY);
-+      if (fd != 0) {
-+          dup2(fd, 0);
-+          close(fd);
-+      }
-         {
-             int ndesc = getdtablesize();
-             for (fd = PR_MIN(65536, ndesc); --fd > 2; close(fd));
diff -r 29097e14ab7e -r 52ecc1f186f6 mail/thunderbird/patches/patch-ap
--- a/mail/thunderbird/patches/patch-ap Sat Aug 23 10:47:24 2008 +0000
+++ b/mail/thunderbird/patches/patch-ap Sun Aug 24 11:10:26 2008 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ap,v 1.4 2007/03/02 14:12:25 ghen Exp $
+$NetBSD: patch-ap,v 1.4.14.1 2008/08/24 11:10:27 rtr Exp $
 
---- security/coreconf/command.mk.orig  2005-10-11 01:46:12.000000000 +0200
+--- security/coreconf/command.mk.orig  2007-05-09 03:38:16.000000000 +0200
 +++ security/coreconf/command.mk
 @@ -45,7 +45,7 @@ ASFLAGS      += $(CFLAGS)
  CCF           = $(CC) $(CFLAGS)
@@ -9,5 +9,5 @@
 -CFLAGS        = $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
 +CFLAGS        = $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
                $(XCFLAGS)
+ PERL          = perl
  RANLIB        = echo
- TAR           = /bin/tar
diff -r 29097e14ab7e -r 52ecc1f186f6 mail/thunderbird/patches/patch-dw
--- a/mail/thunderbird/patches/patch-dw Sat Aug 23 10:47:24 2008 +0000
+++ b/mail/thunderbird/patches/patch-dw Sun Aug 24 11:10:26 2008 +0000
@@ -1,13 +1,13 @@
-$NetBSD: patch-dw,v 1.1 2007/03/07 22:02:26 joerg Exp $
+$NetBSD: patch-dw,v 1.1.16.1 2008/08/24 11:10:27 rtr Exp $
 
---- security/nss/lib/freebl/Makefile.orig      2007-03-07 20:19:17.000000000 +0000
+--- security/nss/lib/freebl/Makefile.orig      2007-11-14 23:47:33.000000000 +0100
 +++ security/nss/lib/freebl/Makefile
-@@ -192,7 +192,7 @@ endif
+@@ -194,7 +194,7 @@ endif
  # to bind the blapi function references in FREEBLVector vector
  # (ldvector.c) to the blapi functions defined in the freebl
  # shared libraries.
--ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD, $(OS_TARGET)))
-+ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD DragonFly, $(OS_TARGET)))
+-ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
++ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
      MKSHLIB += -Wl,-Bsymbolic
  endif
Home | Main Index | Thread Index | Old Index