pkgsrc-changes: CVS commit: [pkgsrc-2004Q4] pkgsrc/www

Subject: CVS commit: [pkgsrc-2004Q4] pkgsrc/www
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 03/09/2005 19:16:39
Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Mar  9 19:16:39 UTC 2005

Modified Files:
	pkgsrc/www/firefox [pkgsrc-2004Q4]: Makefile-firefox.common PLIST
	    buildlink3.mk distinfo
	pkgsrc/www/firefox-gtk2 [pkgsrc-2004Q4]: PLIST buildlink3.mk

Log Message:
Pullup ticket 339 - requested by Shin'ichiro TAYA
security fix for firefox

Patch supplied by submitter, equals to:

   Module Name:		pkgsrc
   Committed By:	taya
   Date:		Sun Feb 27 13:20:43 UTC 2005

   Log Message:
   Update firefox to 1.0.1.

   Changes from release notes:

   * Improved stability
   * International Domain Names are now displayed as punycode.
     (To show International Domain Names in Unicode, set the
     "network.IDN_show_punycode" preference to false.)
   * Several security fixes.
   MFSA 2005-29  Internationalized Domain Name (IDN) homograph spoofing
   MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
   MFSA 2005-27 Plugins can be used to load privileged content
   MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
   MFSA 2005-25 Image drag and drop executable spoofing
   MFSA 2005-24 HTTP auth prompt tab spoofing
   MFSA 2005-23 Download dialog source spoofing
   MFSA 2005-22 Download dialog spoofing using Content-Disposition header
   MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
   MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
   MFSA 2005-19 Autocomplete data leak
   MFSA 2005-18 Memory overwrite in string library
   MFSA 2005-17 Install source spoofing with user:pass@host
   MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
   MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
   MFSA 2005-14 SSL "secure site" indicator spoofing
   MFSA 2005-13 Window Injection Spoofing


To generate a diff of this commit:
cvs rdiff -r1.10 -r1.10.2.1 pkgsrc/www/firefox/Makefile-firefox.common
cvs rdiff -r1.11 -r1.11.2.1 pkgsrc/www/firefox/PLIST
cvs rdiff -r1.1 -r1.1.2.1 pkgsrc/www/firefox/buildlink3.mk
cvs rdiff -r1.23 -r1.23.2.1 pkgsrc/www/firefox/distinfo
cvs rdiff -r1.11 -r1.11.2.1 pkgsrc/www/firefox-gtk2/PLIST
cvs rdiff -r1.1 -r1.1.2.1 pkgsrc/www/firefox-gtk2/buildlink3.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.