Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
MFSA 2007-28 Code execution via QuickTime Media-link files
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.5/
cairo versions that conflict with Mozilla's included version.
Reported via PR#37006 and fixed with input from Vincent on tech-pkg@netbsd.org.
Bump PKGREVISION.
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-12 Crashes with evidence of memory corruption
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.2/changelog.html
the exact names of the freebl libraries depends on the platform and they
have a habit of changing even on minor releases. This causes these mozilla
packages to be broken quite a lot on platforms other than NetBSD/i386.
Hopefully this fix will last longer than previous ones. pkgrevision bumps
all around.
two issues. The PLIST was incorrect and since the PLIST is used by
the "moz-install" script, anything missing from the PLIST is never
installed even when building from source. When libfreebl* were not
installed it caused the clients to fail to load the security component
and fail with "The browser failed to load its security component".
The second issue is that many installations of solaris-2.9 include
various glib/gtk/gnome libraries in /usr/lib. This causes failures
because the pkgsrc ones were used at link time and the /usr/lib ones
at run time. Work around this by setting a LD_LIBRARY_PATH that includes
the pkgsrc lib directory first.
pkgrevision bumps all around.
talking to ipv4 addresses using ipv6 addresses isn't allowed, which is
the default on NetBSD. Patch to use a v4 socket when talking to an ipv4
ldap server. Fixes my PR 33511.
seamonkey/firefox/sunbird have the same code so make the same patch.
OKed ghen. Bump PKGREVISION.
Makefile-seamonkey.common, modelled after firefox and thunderbird.
www/seamonkey and www/seamonkey-gtk1 test-built by me on i386.
www/seamonkey, www/seamonkey-gtk1, mail/thunderbird, mail/thunderbird-gtk1
and time/sunbird by <oster> on amd64, thanks!
Fixes PR pkg/34622
Changes:
* Improved stability
* Several security fixes (see below)
* A bug was introduced in SeaMonkey 1.0.2 that sometimes caused the URL bar to
stop working properly when switching tabs. This has been fixed. (Bug 332874)
* If you have more bookmarks on your personal toolbar than there is space for,
the ">>" overflow icon will now display more reliably (Bug 338803)
* If you choose to update SeaMonkey when it notifies you that an update is
available, the update page will load in a more useful browser window (with
navigation buttons and toolbars) (Bug 334903)
Security fixes:
MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-49 Heap buffer overwrite on malformed VCard
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference
For a detailed ChangeLog, see:
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.3/changelog.html
mail/thunderbird-gtk1 to 1.5.0.4, and www/seamonkey, www/seamonkey-gtk1
and www/seamonkey-bin to 1.0.2 (salo has already updated www/firefox-bin).
Note that thunderbird skipped one release number (again) to stay on par
with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in SeaMonkey 1.0.2:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
