pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Security and bugfix update of firefox (to 3.5.4) and x...
details: https://anonhg.NetBSD.org/pkgsrc/rev/6f48c30b52fd
branches: trunk
changeset: 400836:6f48c30b52fd
user: tnn <tnn%pkgsrc.org@localhost>
date: Wed Oct 28 11:36:36 2009 +0000
description:
Security and bugfix update of firefox (to 3.5.4) and xulrunner (to 1.9.1.4)
Also fix broken DESTDIR support.
Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
diffstat:
devel/xulrunner/Makefile | 6 ++----
devel/xulrunner/PLIST | 4 ++--
devel/xulrunner/distinfo | 18 ++++++++----------
devel/xulrunner/mozilla-common.mk | 4 +++-
devel/xulrunner/patches/patch-aq | 15 +++++++++------
devel/xulrunner/patches/patch-mf | 10 +++++-----
devel/xulrunner/patches/patch-mn | 8 ++++----
devel/xulrunner/patches/patch-nb | 35 -----------------------------------
devel/xulrunner/patches/patch-nc | 20 --------------------
devel/xulrunner/patches/patch-pd | 8 ++++----
www/firefox/Makefile | 8 +++-----
www/firefox/PLIST | 3 ++-
12 files changed, 42 insertions(+), 97 deletions(-)
diffs (truncated from 326 to 300 lines):
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/Makefile
--- a/devel/xulrunner/Makefile Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/Makefile Wed Oct 28 11:36:36 2009 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.24 2009/10/11 10:49:56 tnn Exp $
+# $NetBSD: Makefile,v 1.25 2009/10/28 11:36:36 tnn Exp $
#
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= ${DISTNAME:S/firefox/xulrunner/:S/3.5/1.9.1/:S/.source//}
-FIREFOX_VER= 3.5.3
-PKGREVISION= 6
+FIREFOX_VER= 3.5.4
CATEGORIES= devel www
MASTER_SITES= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
EXTRACT_SUFX= .tar.bz2
@@ -32,7 +31,6 @@
ALL_ENV+= MOZILLA_PKG_NAME=xulrunner
-.include "../../mk/bsd.prefs.mk"
.include "mozilla-common.mk"
.include "options.mk"
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/PLIST
--- a/devel/xulrunner/PLIST Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/PLIST Wed Oct 28 11:36:36 2009 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.17 2009/10/11 10:49:56 tnn Exp $
+@comment $NetBSD: PLIST,v 1.18 2009/10/28 11:36:36 tnn Exp $
bin/xulrunner
include/xulrunner/stable/base64.h
include/xulrunner/stable/blapit.h
@@ -2287,7 +2287,6 @@
lib/xulrunner-sdk/sdk/lib/libplc4.so
lib/xulrunner-sdk/sdk/lib/libplds4.so
lib/xulrunner-sdk/sdk/lib/libsmime.a
-lib/xulrunner-sdk/sdk/lib/libsoftokn.a
lib/xulrunner-sdk/sdk/lib/libssl.a
lib/xulrunner-sdk/sdk/lib/libunicharutil_external_s.a
lib/xulrunner-sdk/sdk/lib/libxpcom.so
@@ -2504,6 +2503,7 @@
lib/xulrunner/libnspr4.so
lib/xulrunner/libnss3.so
lib/xulrunner/libnssckbi.so
+lib/xulrunner/libnssdbm3.chk
lib/xulrunner/libnssdbm3.so
lib/xulrunner/libnssutil3.so
lib/xulrunner/libplc4.so
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/distinfo
--- a/devel/xulrunner/distinfo Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/distinfo Wed Oct 28 11:36:36 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.13 2009/10/11 10:49:56 tnn Exp $
+$NetBSD: distinfo,v 1.14 2009/10/28 11:36:36 tnn Exp $
-SHA1 (firefox-3.5.3.source.tar.bz2) = 83b2625eb74e81b473ac40ac52505e5fc9a497eb
-RMD160 (firefox-3.5.3.source.tar.bz2) = c2487c90b4a9490840817c7b00dcccd68a0c4422
-Size (firefox-3.5.3.source.tar.bz2) = 46766383 bytes
+SHA1 (firefox-3.5.4.source.tar.bz2) = ce250208371326d03e72a02d223bc136cd376e5d
+RMD160 (firefox-3.5.4.source.tar.bz2) = e89ff54fef6d036538c9779176f5086a8eaa721e
+Size (firefox-3.5.4.source.tar.bz2) = 46905557 bytes
SHA1 (patch-aa) = 1a103647b3ce602e1bf2d22f6486a6649a68878b
SHA1 (patch-ab) = 5331bae45501013d3ca13d161226e311bc10aafe
SHA1 (patch-ac) = e50356963fd235ea11fa45baae356fcf21c6669d
@@ -19,7 +19,7 @@
SHA1 (patch-an) = e975941955b578f1d3336d546e99f0c464cdd9d7
SHA1 (patch-ao) = af027520b0277838a5a5f4ad33e14174e6e8bc0c
SHA1 (patch-ap) = dbcf27b23fec35ea838d281a97c7aed94739c8b5
-SHA1 (patch-aq) = f4e9198885b0327e10bebff64bd6801919123b5f
+SHA1 (patch-aq) = ffb927e222f98c7288e37ddadf1b08a8126c6a55
SHA1 (patch-ar) = bfeaa055b7192e5874427615424496b41410f24b
SHA1 (patch-as) = aa83f9b834d796982a2b580ed908e188a28c6a41
SHA1 (patch-at) = 2d09714ba426632a5d67b1b100c2ac4d1e673536
@@ -32,23 +32,21 @@
SHA1 (patch-mb) = 05298c1ec02363ff0bada87337cf0ccb5b42c55b
SHA1 (patch-md) = 6bf5242245b17fbd868a6a978eb5849726f81393
SHA1 (patch-me) = f5a8e29fc004ef7696b67d260384ab23fd1658c2
-SHA1 (patch-mf) = 10e0d9d665324a1a4aa713e6c2447ddda1d7c605
+SHA1 (patch-mf) = 33e30004d1b94668935274c05f4548d4804ac67a
SHA1 (patch-mg) = 75ddcceaffae0bdb6ecb4efd1b5ffca68a8ae8a8
SHA1 (patch-mi) = 787cb043bb7e687936afaf8f0c67b6b3a7b03e5b
SHA1 (patch-mj) = 197fab0e00256dedc8a5f181ee0d0d6e42d8177f
SHA1 (patch-mk) = 793dfa16e19e213d78995c893a28bc0d514135d9
SHA1 (patch-ml) = 9003af056e5b671b2345d0a75e99836746369c00
SHA1 (patch-mm) = faabab8816522bd9a74c2e6e65b2ae3d791affe0
-SHA1 (patch-mn) = 17641f46ecf1019f3cc02583a22baa9f9a327d1f
+SHA1 (patch-mn) = 7d162a96959315a143c68b3ca2ca4dea6060f1f2
SHA1 (patch-mp) = 948786b0b9f781e820dff768f0892897ec42372b
SHA1 (patch-na) = 10a09ddb5de67c3cc2f605c75de7ac2e30a92ae7
-SHA1 (patch-nb) = 6b1719219df7cdd7bf5335fcf7f48567a37ffa87
-SHA1 (patch-nc) = f2a3cc803a114702e856947c25fd79baa85b0e26
SHA1 (patch-nd) = f5156ca4d1e61dd1b355bbaa5ebd9cc490d8d865
SHA1 (patch-pa) = d03ef72ea7efceef5e2f12a245950b9a587ace82
SHA1 (patch-pb) = 33c70e16d489c6e6e660096e49b5f12b7a265328
SHA1 (patch-pc) = baa2c72df21c6ddda65bdb435561323f4ee008ff
-SHA1 (patch-pd) = b87adef8cfb53d4a1926f4bab5481dd1b9cf14ab
+SHA1 (patch-pd) = a8899862e36c05d43ee81265fa3a13bb5e3e4d10
SHA1 (patch-pe) = 3e4db1032a1e1f26f3a4e86653804b435aaf3ee8
SHA1 (patch-pf) = 95b3f07dfd0e3de9961181ec6e42f7174180942d
SHA1 (patch-pg) = 33f0664512c94b1f1b7b65f43accc1dae457a2d0
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/mozilla-common.mk
--- a/devel/xulrunner/mozilla-common.mk Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/mozilla-common.mk Wed Oct 28 11:36:36 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mozilla-common.mk,v 1.1 2009/10/10 20:01:31 tnn Exp $
+# $NetBSD: mozilla-common.mk,v 1.2 2009/10/28 11:36:36 tnn Exp $
#
# common Makefile fragment for mozilla packages based on gecko 1.9.1.
@@ -54,6 +54,8 @@
${WRAPPER_DIR}/bin/rm
chmod +x ${WRAPPER_DIR}/bin/rm
+.include "../../mk/bsd.prefs.mk"
+
.if ${OPSYS} == "Linux"
.include "../../audio/alsa-lib/buildlink3.mk"
.endif
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/patches/patch-aq
--- a/devel/xulrunner/patches/patch-aq Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/patches/patch-aq Wed Oct 28 11:36:36 2009 +0000
@@ -1,13 +1,16 @@
-$NetBSD: patch-aq,v 1.2 2009/09/20 15:30:54 sno Exp $
+$NetBSD: patch-aq,v 1.3 2009/10/28 11:36:36 tnn Exp $
---- media/liboggplay/src/liboggplay/std_semaphore.h.orig 2009-06-29 18:15:03.000000000 +0200
+--- media/liboggplay/src/liboggplay/std_semaphore.h.orig 2009-10-16 17:14:09.000000000 +0200
+++ media/liboggplay/src/liboggplay/std_semaphore.h
-@@ -74,7 +74,7 @@
+@@ -74,9 +74,9 @@
* @retval non-zero on error
*/
--#if defined(linux) || defined(SOLARIS)
-+#if defined(linux) || defined(SOLARIS) || defined(__NetBSD__) || defined(__DragonFly__) || defined(__FreeBSD__)
+-#if defined(linux) || defined(SOLARIS) || defined(AIX) || defined(__FreeBSD__)
++#if defined(linux) || defined(SOLARIS) || defined(AIX) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(__NetBSD__)
#include <semaphore.h>
+-#if defined(__FreeBSD__)
++#if defined(__FreeBSD__) || defined(__NetBSD__)
+ #define SEM_CREATE(p,s) sem_init(&(p), 0, s)
+ #else
#define SEM_CREATE(p,s) sem_init(&(p), 1, s)
- #define SEM_SIGNAL(p) sem_post(&(p))
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/patches/patch-mf
--- a/devel/xulrunner/patches/patch-mf Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/patches/patch-mf Wed Oct 28 11:36:36 2009 +0000
@@ -1,20 +1,20 @@
-$NetBSD: patch-mf,v 1.1.1.1 2009/08/05 02:59:48 tnn Exp $
+$NetBSD: patch-mf,v 1.2 2009/10/28 11:36:36 tnn Exp $
Add DragonFly support.
Make sure nss libraries have a run path defined.
---- security/coreconf/config.mk.orig 2009-06-29 18:15:11.000000000 +0200
+--- security/coreconf/config.mk.orig 2009-10-16 17:14:17.000000000 +0200
+++ security/coreconf/config.mk
@@ -63,7 +63,7 @@ endif
#######################################################################
TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
-- OpenVMS AIX RISCOS WINNT WIN95 WINCE
-+ OpenVMS AIX RISCOS DragonFly WINNT WIN95 WINCE
+- AIX RISCOS WINNT WIN95 WINCE
++ AIX RISCOS WINNT WIN95 WINCE DragonFly
ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
-@@ -207,3 +207,4 @@ endif
+@@ -212,3 +212,4 @@ endif
DEFINES += -DUSE_UTIL_DIRECTLY
USE_UTIL_DIRECTLY = 1
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/patches/patch-mn
--- a/devel/xulrunner/patches/patch-mn Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/patches/patch-mn Wed Oct 28 11:36:36 2009 +0000
@@ -1,12 +1,12 @@
-$NetBSD: patch-mn,v 1.1.1.1 2009/08/05 02:59:48 tnn Exp $
+$NetBSD: patch-mn,v 1.2 2009/10/28 11:36:36 tnn Exp $
Make sure we link correctly with sqlite3 from pkgsrc.
---- security/nss/lib/softoken/config.mk.orig 2009-06-29 18:15:14.000000000 +0200
+--- security/nss/lib/softoken/config.mk.orig 2009-10-16 17:14:19.000000000 +0200
+++ security/nss/lib/softoken/config.mk
-@@ -86,7 +86,7 @@ else
- EXTRA_SHARED_LIBS += \
+@@ -83,7 +83,7 @@ EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \
+ -L$(NSSUTIL_LIB_DIR) \
-lnssutil3 \
- -lsqlite3 \
+ `pkg-config --libs sqlite3` \
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/patches/patch-nb
--- a/devel/xulrunner/patches/patch-nb Wed Oct 28 11:09:53 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-$NetBSD: patch-nb,v 1.1 2009/09/09 17:01:07 tnn Exp $
-
-# reported upstream as:
-# https://bugzilla.mozilla.org/show_bug.cgi?id=512792
-
---- media/liboggz/src/liboggz/oggz_byteorder.h.orig 2009-08-26 22:28:18.000000000 +0200
-+++ media/liboggz/src/liboggz/oggz_byteorder.h 2009-08-26 22:41:39.000000000 +0200
-@@ -123,4 +123,27 @@ int32_be_at (unsigned char *c)
- return (c [0] << 24) + (c [1] << 16) + (c [2] << 8) + c [3] ;
- }
-
-+static ogg_uint32_t
-+_le_32_at (unsigned char *c)
-+{
-+ return (c [3] << 24) + (c [2] << 16) + (c [1] << 8) + c [0] ;
-+}
-+
-+#ifdef HAVE_STDINT_H
-+#include <stdint.h>
-+#endif
-+static uint64_t
-+_le_64_at (unsigned char *c)
-+{
-+ return (uint64_t)((uint64_t)c[7] << 56) + ((uint64_t)c[6] << 48)
-+ + ((uint64_t)c[5] << 40) + ((uint64_t)c[4] << 32)
-+ + (c [3] << 24) + (c [2] << 16) + (c [1] << 8) + c [0] ;
-+}
-+
-+static ogg_uint16_t
-+_be_16_at (unsigned char *c)
-+{
-+ return (c [0] << 8) + c [1] ;
-+}
-+
- #endif /* __OGGZ_BYTEORDER_H__ */
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/patches/patch-nc
--- a/devel/xulrunner/patches/patch-nc Wed Oct 28 11:09:53 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-nc,v 1.1 2009/09/09 17:01:07 tnn Exp $
-
-# reported upstream as:
-# https://bugzilla.mozilla.org/show_bug.cgi?id=512792
-
---- media/liboggz/src/liboggz/oggz_auto.c.orig 2009-08-26 22:20:35.000000000 +0200
-+++ media/liboggz/src/liboggz/oggz_auto.c 2009-08-26 22:40:51.000000000 +0200
-@@ -62,9 +62,9 @@ int oggz_set_metric_linear (OGGZ * oggz,
- ogg_int64_t granule_rate_numerator,
- ogg_int64_t granule_rate_denominator);
-
--#define INT16_BE_AT(x) _be_16((*(ogg_int32_t *)(x)))
--#define INT32_LE_AT(x) _le_32((*(ogg_int32_t *)(x)))
--#define INT64_LE_AT(x) _le_64((*(ogg_int64_t *)(x)))
-+#define INT16_BE_AT(x) _be_16_at(x)
-+#define INT32_LE_AT(x) _le_32_at(x)
-+#define INT64_LE_AT(x) _le_64_at(x)
-
- static int
- oggz_stream_set_numheaders (OGGZ * oggz, long serialno, int numheaders)
diff -r 434f4c54beaa -r 6f48c30b52fd devel/xulrunner/patches/patch-pd
--- a/devel/xulrunner/patches/patch-pd Wed Oct 28 11:09:53 2009 +0000
+++ b/devel/xulrunner/patches/patch-pd Wed Oct 28 11:36:36 2009 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-pd,v 1.1.1.1 2009/08/05 02:59:48 tnn Exp $
+$NetBSD: patch-pd,v 1.2 2009/10/28 11:36:36 tnn Exp $
---- xulrunner/installer/mozilla-nss.pc.in.orig 2009-06-29 18:15:36.000000000 +0200
+--- xulrunner/installer/mozilla-nss.pc.in.orig 2009-10-16 17:14:30.000000000 +0200
+++ xulrunner/installer/mozilla-nss.pc.in
@@ -6,5 +6,5 @@ Name: NSS
Description: Mozilla Network Security Services
Version: %MOZILLA_VERSION%
Requires: %NSPR_NAME% >= %NSPR_VERSION%
--Libs: -L${sdkdir}/lib -lnss3 -lnssutil3 -lsmime3 -lssl3 -lsoftokn3
-+Libs: -Wl,-R${prefix}/lib/xulrunner -L${prefix}/lib/xulrunner -lnss3 -lnssutil3 -lsmime3 -lssl3 -lsoftokn3
+-Libs: -L${sdkdir}/lib -lsmime3 -lssl3 -lnss3 -lnssutil3
++Libs: -Wl,-R${prefix}/lib/xulrunner -L${prefix}/lib/xulrunner -lsmime3 -lssl3 -lnss3 -lnssutil3
Cflags: -I${includedir}/stable
diff -r 434f4c54beaa -r 6f48c30b52fd www/firefox/Makefile
--- a/www/firefox/Makefile Wed Oct 28 11:09:53 2009 +0000
+++ b/www/firefox/Makefile Wed Oct 28 11:36:36 2009 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.60 2009/10/11 10:49:56 tnn Exp $
+# $NetBSD: Makefile,v 1.61 2009/10/28 11:36:36 tnn Exp $
#
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= firefox-${FIREFOX_VER}
-FIREFOX_VER= 3.5.3
-PKGREVISION= 3
+FIREFOX_VER= 3.5.4
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
EXTRACT_SUFX= .tar.bz2
@@ -25,7 +24,6 @@
DISTINFO_FILE= ${.CURDIR}/../../devel/xulrunner/distinfo
PATCHDIR= ${.CURDIR}/../../devel/xulrunner/patches
-.include "../../mk/bsd.prefs.mk"
.include "../../devel/xulrunner/mozilla-common.mk"
.include "options.mk"
Home |
Main Index |
Thread Index |
Old Index