Subject: netscape - disable pre-4.74
To: None <tech-pkg@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: tech-pkg
Date: 08/16/2000 07:58:07
as netscape navigator prior to 4.74 has security issue in JPEG
decoding, i think of adding the following IGNORE statements.
does the patch look sane?
itojun
Index: navigator/Makefile.common
===================================================================
RCS file: /cvsroot/pkgsrc/www/navigator/Makefile.common,v
retrieving revision 1.15
diff -u -r1.15 Makefile.common
--- navigator/Makefile.common 2000/07/28 13:53:44 1.15
+++ navigator/Makefile.common 2000/08/15 22:54:54
@@ -53,6 +53,8 @@
.if !exists(/emul/sunos/usr/lib/ld.so)
IGNORE= "requires SunOS libraries - see compat_sunos(8)"
.endif
+# pre-4.74 has JPEG overrun hole
+IGNORE= "has security hole"
NS_VERS= 4.61
NS_ENCRYPTION= export
LDAP_VERS= 30
Index: navigator3/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/www/navigator3/Makefile,v
retrieving revision 1.2
diff -u -r1.2 Makefile
--- navigator3/Makefile 1999/10/05 01:02:52 1.2
+++ navigator3/Makefile 2000/08/15 22:54:54
@@ -8,6 +8,9 @@
MAINTAINER= root@garbled.net
HOMEPAGE= http://www.netscape.com
+# pre-4.74 has JPEG overrun hole
+IGNORE= "has security hole"
+
ONLY_FOR_PLATFORM= *-*-i386
MIRROR_DISTFILE= no