Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
MFSA 2008-20 Crash in JavaScript garbage collector
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.10/
"gtkmozembed" is deprecated and not shipped with firefox 3.0+
Some packages that need firefox (like www/epiphany?) can be configured
to use libxul instead.
For those packages that support it, it might be a good idea to add a
firefox3 option when we get closer to firefox 3 launch day.
Security fixes in this version:
MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.9/
Security fixes in this version:
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.8/
Security fixes in this version:
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.7/
be redistributed, and that seems over the Non-Free line. (This may be
revisited if we re-address exactly what free-enough-for-pkgsrc-default
means, but it removes a case of "RESTRICTED w/o LICENSE".
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
MFSA 2007-28 Code execution via QuickTime Media-link files
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.5/
cairo versions that conflict with Mozilla's included version.
Reported via PR#37006 and fixed with input from Vincent on tech-pkg@netbsd.org.
Bump PKGREVISION.
Security fixes in this version:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.3/
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-12 Crashes with evidence of memory corruption
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.2/changelog.html
the exact names of the freebl libraries depends on the platform and they
have a habit of changing even on minor releases. This causes these mozilla
packages to be broken quite a lot on platforms other than NetBSD/i386.
Hopefully this fix will last longer than previous ones. pkgrevision bumps
all around.
two issues. The PLIST was incorrect and since the PLIST is used by
the "moz-install" script, anything missing from the PLIST is never
installed even when building from source. When libfreebl* were not
installed it caused the clients to fail to load the security component
and fail with "The browser failed to load its security component".
The second issue is that many installations of solaris-2.9 include
various glib/gtk/gnome libraries in /usr/lib. This causes failures
because the pkgsrc ones were used at link time and the /usr/lib ones
at run time. Work around this by setting a LD_LIBRARY_PATH that includes
the pkgsrc lib directory first.
pkgrevision bumps all around.
release.
The calendar component has been removed from Seamonkey in favour of Sunbird
(time/sunbird) and Lightning, see http://www.mozilla.org/projects/calendar/
New features and fixes in this version:
General
* ChatZilla has been updated to a newer version (Bug 324439)
* When launching SeaMonkey, already-running instances are detected (Bug 122698)
Browser
* Spelling is checked when writing in textareas (Bug 302050 and bug 338318)
* A warning page is now shown before displaying about:config (Bug 339720)
* Tooltips from web pages can now be multiple lines, either due to automatic
text wrapping or explicit newlines added to the text value (Bug 356900)
* When you visit a secure site, the URL bar changes color to turns make
security status more visible (Bug 335113)
* When using keyword URLs, it is no longer necessary to type "keyword:" (typing
"keyword:" will no longer work). Just type the keyword name (Bug 337339)
* You can now drop URLs and bookmarks between existing tabs, which will result
in a new tab being created where you dropped the URL (Bug 324591)
* When hovering on a tab, the tooltip now displays a preview of the tab's
contents (Bug 315207)
* The search sidebar now behaves better (Bug 252802)
* The bookmarks menu and personal toolbar folder overflow menu now have context
menus (Bug 50504)
Mail & Newsgroups
* Message labelling has been superceded by tagging, which provides much more
than the original 5 labels and comes with new preferences (Bug 342560 and
others)
* The preferences for junk mail have been reorganized, and can now be set on a
per-account basis (Bug 335846)
* Improved phishing detection (Bug 326082 and others)
* New mail notification has been improved (Bug 327613, 305384, and others)
Address Book
* It is now possible to move or copy cards between address books. Cards can
only be copied to mailing lists, so you need to use ctrl key while dragging
to copy the card to the mailing list. When dragging cards between address
books, the default action is move, use ctrl to copy instead. (Bug 35837)
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1/changelog.html
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.7/README.html
packages with the modular Xorg equivalent. Those are falling back
to the old location by default, so this commmit doesn't change
dependencies.
graphics/xpm ==> x11/libXpm
fonts/Xft2 ==> x11/libXft
x11/Xfixes ==> x11/libXfixes
x11/xcursor ==> x11/libXcursor
x11/Xrender ==> x11/libXrender
x11/Xrandr ==> libXrandr
