From fcc5b674e333f0227036f7762be5cba997fb1287 Mon Sep 17 00:00:00 2001 From: tnn Date: Thu, 24 Jun 2010 12:20:38 +0000 Subject: [PATCH] Security update of firefox & xulrunner to 3.6.4 (1.9.1.2). MFSA 2010-33 User tracking across sites using Math.random() MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes MFSA 2010-30 Integer Overflow in XSLT Node Sorting MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal MFSA 2010-28 Freed object reuse across plugin instances MFSA 2010-26 Crashes with evidence of memory corruption --- devel/xulrunner/PLIST | 5 ++++- devel/xulrunner/dist.mk | 4 ++-- devel/xulrunner/distinfo | 10 +++++----- devel/xulrunner/mozilla-common.mk | 3 ++- devel/xulrunner/patches/patch-aj | 10 +++++----- www/firefox/Makefile | 3 +-- 6 files changed, 19 insertions(+), 16 deletions(-) diff --git a/devel/xulrunner/PLIST b/devel/xulrunner/PLIST index cac52ec4bbfa..db7da9a89aa8 100644 --- a/devel/xulrunner/PLIST +++ b/devel/xulrunner/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.21 2010/04/26 12:47:08 tnn Exp $ +@comment $NetBSD: PLIST,v 1.22 2010/06/24 12:20:38 tnn Exp $ bin/xulrunner ${PLIST.jit}include/xulrunner/Allocator.h ${PLIST.jit}include/xulrunner/Assembler.h @@ -229,6 +229,8 @@ include/xulrunner/mozilla/CondVar.h include/xulrunner/mozilla/DeadlockDetector.h include/xulrunner/mozilla/Monitor.h include/xulrunner/mozilla/Mutex.h +include/xulrunner/mozilla/PluginLibrary.h +include/xulrunner/mozilla/PluginPRLibrary.h include/xulrunner/mozilla/TimeStamp.h include/xulrunner/mozilla/XPCOM.h include/xulrunner/mozilla/storage.h @@ -2245,6 +2247,7 @@ lib/xulrunner/components/nsFilePicker.js lib/xulrunner/components/nsFormAutoComplete.js lib/xulrunner/components/nsHandlerService.js lib/xulrunner/components/nsHelperAppDlg.js +lib/xulrunner/components/nsINIProcessor.js lib/xulrunner/components/nsLivemarkService.js lib/xulrunner/components/nsLoginInfo.js lib/xulrunner/components/nsLoginManager.js diff --git a/devel/xulrunner/dist.mk b/devel/xulrunner/dist.mk index 524172486c1c..8d15a66cf011 100644 --- a/devel/xulrunner/dist.mk +++ b/devel/xulrunner/dist.mk @@ -1,4 +1,4 @@ -# $NetBSD: dist.mk,v 1.10 2010/04/02 20:28:24 tnn Exp $ +# $NetBSD: dist.mk,v 1.11 2010/06/24 12:20:38 tnn Exp $ # # used by devel/nspr/Makefile # used by devel/nss/Makefile @@ -8,7 +8,7 @@ DISTNAME= firefox-${FIREFOX_VER}.source FIREFOX_VER= 3.6${MOZ_BRANCH_MINOR} MOZ_BRANCH= 1.9.2 -MOZ_BRANCH_MINOR= .3 +MOZ_BRANCH_MINOR= .4 MASTER_SITES= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} EXTRACT_SUFX= .tar.bz2 diff --git a/devel/xulrunner/distinfo b/devel/xulrunner/distinfo index 75511b464cb1..fb75e61d2377 100644 --- a/devel/xulrunner/distinfo +++ b/devel/xulrunner/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.32 2010/04/26 13:41:06 tnn Exp $ +$NetBSD: distinfo,v 1.33 2010/06/24 12:20:38 tnn Exp $ -SHA1 (firefox-3.6.3.source.tar.bz2) = f3bcd808356d16bdb26bfcf1a64a251488c4fd02 -RMD160 (firefox-3.6.3.source.tar.bz2) = de556e8606bbc61cb7d20fe6f308f0c5e8b9dd77 -Size (firefox-3.6.3.source.tar.bz2) = 48633061 bytes +SHA1 (firefox-3.6.4.source.tar.bz2) = c73e4cf4a8e55b5a192fe59d38bef1d06f43e842 +RMD160 (firefox-3.6.4.source.tar.bz2) = b36d31d35f2fc0d6f793b4d4e3f3069e55d9e1ad +Size (firefox-3.6.4.source.tar.bz2) = 51082341 bytes SHA1 (patch-aa) = d719f801f340688102e3b1c07b53655f4053180a SHA1 (patch-ab) = a9a9db3f53ecac231007de9ed163bd99f2184462 SHA1 (patch-ac) = e50356963fd235ea11fa45baae356fcf21c6669d @@ -12,7 +12,7 @@ SHA1 (patch-af) = 13a9617cd2894cf342487d2a9cfe8cf3066ba0df SHA1 (patch-ag) = 62e55040130d5e6cfb10b839fce6abd40a902f08 SHA1 (patch-ah) = 5f8bf19d5ac5ea7e263366a56d10d2eeeee61bac SHA1 (patch-ai) = 3444882b0f7f4b63273d8888af88be35ae60933a -SHA1 (patch-aj) = 0e357b477aef423e7688dfb0be93cc8abc35e6e0 +SHA1 (patch-aj) = 423e8915f6e6a166bf3bcbc00c22d590821d6e97 SHA1 (patch-ak) = d9aca1f9e143d600d8bc841984a2244a50b0ac8c SHA1 (patch-al) = ca1a1fb5f875ab9c84c0afea5d913172a6f7ab57 SHA1 (patch-am) = 75eb92d1941309ffc13f01d7f1946a2f09170220 diff --git a/devel/xulrunner/mozilla-common.mk b/devel/xulrunner/mozilla-common.mk index f1a08b8be0f6..8e10bc4a3411 100644 --- a/devel/xulrunner/mozilla-common.mk +++ b/devel/xulrunner/mozilla-common.mk @@ -1,4 +1,4 @@ -# $NetBSD: mozilla-common.mk,v 1.14 2010/04/28 09:37:28 tnn Exp $ +# $NetBSD: mozilla-common.mk,v 1.15 2010/06/24 12:20:38 tnn Exp $ # # common Makefile fragment for mozilla packages based on gecko 1.9.1. # @@ -33,6 +33,7 @@ CONFIGURE_ARGS+= --disable-crashreporter CONFIGURE_ARGS+= --disable-installer CONFIGURE_ARGS+= --disable-libnotify CONFIGURE_ARGS+= --disable-necko-wifi +CONFIGURE_ARGS+= --disable-ipc # no chromium platform support on BSD SUBST_CLASSES+= fix-paths SUBST_STAGE.fix-paths= pre-configure diff --git a/devel/xulrunner/patches/patch-aj b/devel/xulrunner/patches/patch-aj index b14f6812aeed..fbd163339051 100644 --- a/devel/xulrunner/patches/patch-aj +++ b/devel/xulrunner/patches/patch-aj @@ -1,16 +1,16 @@ -$NetBSD: patch-aj,v 1.1.1.1 2009/08/05 02:59:48 tnn Exp $ +$NetBSD: patch-aj,v 1.2 2010/06/24 12:20:38 tnn Exp $ ---- profile/dirserviceprovider/src/nsProfileLock.cpp.orig 2009-06-29 18:15:11.000000000 +0200 +--- profile/dirserviceprovider/src/nsProfileLock.cpp.orig 2010-04-13 22:22:54.000000000 +0000 +++ profile/dirserviceprovider/src/nsProfileLock.cpp -@@ -391,6 +391,7 @@ nsresult nsProfileLock::LockWithSymlink( - act.sa_flags = 0; +@@ -396,6 +396,7 @@ nsresult nsProfileLock::LockWithSymlink( + act.sa_flags = SA_SIGINFO; sigfillset(&act.sa_mask); +#ifndef DEBUG #define CATCH_SIGNAL(signame) \ PR_BEGIN_MACRO \ if (sigaction(signame, NULL, &oldact) == 0 && \ -@@ -409,6 +410,7 @@ PR_BEGIN_MACRO +@@ -414,6 +415,7 @@ PR_BEGIN_MACRO CATCH_SIGNAL(SIGTERM); #undef CATCH_SIGNAL diff --git a/www/firefox/Makefile b/www/firefox/Makefile index d499e461fb75..fe4a40b5c381 100644 --- a/www/firefox/Makefile +++ b/www/firefox/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.74 2010/06/13 22:45:33 wiz Exp $ +# $NetBSD: Makefile,v 1.75 2010/06/24 12:20:38 tnn Exp $ .include "../../devel/xulrunner/dist.mk" PKGNAME= firefox-${FIREFOX_VER} -PKGREVISION= 1 CATEGORIES= www MAINTAINER= tnn@NetBSD.org