Subject: Re: netscape - disable pre-4.74
To: Jun-ichiro itojun Hagino <itojun@iijlab.net>
From: David Brownlee <abs@netbsd.org>
List: tech-pkg
Date: 08/16/2000 09:50:29
I'd prefer to have a large warning - as is this means NetBSD/sparc
has no Netscape.
Hmm - someone should probably switch NetBSD/sparc to using
the Solaris rather than the SunOS binary, but until then...
David/absolute
-- www.netbsd.org: A pmap for every occasion --
On Wed, 16 Aug 2000, Jun-ichiro itojun Hagino wrote:
> as netscape navigator prior to 4.74 has security issue in JPEG
> decoding, i think of adding the following IGNORE statements.
> does the patch look sane?
>
> itojun
>
>
> Index: navigator/Makefile.common
> ===================================================================
> RCS file: /cvsroot/pkgsrc/www/navigator/Makefile.common,v
> retrieving revision 1.15
> diff -u -r1.15 Makefile.common
> --- navigator/Makefile.common 2000/07/28 13:53:44 1.15
> +++ navigator/Makefile.common 2000/08/15 22:54:54
> @@ -53,6 +53,8 @@
> .if !exists(/emul/sunos/usr/lib/ld.so)
> IGNORE= "requires SunOS libraries - see compat_sunos(8)"
> .endif
> +# pre-4.74 has JPEG overrun hole
> +IGNORE= "has security hole"
> NS_VERS= 4.61
> NS_ENCRYPTION= export
> LDAP_VERS= 30
> Index: navigator3/Makefile
> ===================================================================
> RCS file: /cvsroot/pkgsrc/www/navigator3/Makefile,v
> retrieving revision 1.2
> diff -u -r1.2 Makefile
> --- navigator3/Makefile 1999/10/05 01:02:52 1.2
> +++ navigator3/Makefile 2000/08/15 22:54:54
> @@ -8,6 +8,9 @@
> MAINTAINER= root@garbled.net
> HOMEPAGE= http://www.netscape.com
>
> +# pre-4.74 has JPEG overrun hole
> +IGNORE= "has security hole"
> +
> ONLY_FOR_PLATFORM= *-*-i386
>
> MIRROR_DISTFILE= no
>