Commit graph

217 commits

Author SHA1 Message Date
ryoon
3fba1a52dd Recursive revbump from pango-1.36.0 2013-10-10 14:41:44 +00:00
wiz
6068eaecf6 recursive bump for libmng-2.0.2 shlib major bump and dependency change 2013-10-09 17:39:01 +00:00
ryoon
55ee9ad8eb Update to 17.0.9
Changelog:
The following security bug fixes should be applied to thunderbird-17.0.9.
But I cannot find any documents.

MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
2013-09-27 13:44:49 +00:00
adam
d2cb6dec32 Revbump after cairo update 2013-09-02 19:50:38 +00:00
khorben
a1e3d28526 Fixed building thunderbird with the "mozilla-enigmail" option enabled. 2013-08-10 23:26:31 +00:00
ryoon
2f18f47197 Update to 17.0.8
Changelog:
Security bugfixes.
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
2013-08-10 00:31:20 +00:00
joerg
0961fce373 Don't use false as pointer value. 2013-07-13 19:33:19 +00:00
wiz
0435357d6f restore enigmail checksums, again. 2013-07-09 21:25:24 +00:00
ryoon
9611bce614 Update to 17.0.7
Changelog:
    FIXED
    Security fixes can be found here

Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
2013-07-09 10:57:20 +00:00
wiz
e0b49a2fed Bump PKGREVISION for libXft changes for NetBSD native X support on
NetBSD 6, requested by tron.
2013-06-06 12:53:40 +00:00
tron
a36fb86593 Try to fix the fallout caused by the fix for PR pkg/47882. Part 3:
Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.
2013-06-04 22:15:37 +00:00
wiz
53745b22ea Bump freetype2 and fontconfig dependencies to current pkgsrc versions,
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.

While doing that, also bump freetype2 dependency to current pkgsrc
version.

Suggested by tron in PR 47882
2013-06-03 10:05:17 +00:00
wiz
1936d2377a restore enigmail checksums 2013-05-24 09:59:54 +00:00
ryoon
787cda7f9b Fix hack.mk include. 2013-05-23 13:14:28 +00:00
ryoon
5178f262b9 Fix PLIST. Fix build. 2013-05-23 13:13:30 +00:00
ryoon
1250bafc4e Update to 17.0.6
Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Thunderbird now supports the Twitter API version 1.1 ahead of Twitter closing the 1.0 version (Bug 857049)

Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
2013-05-20 11:55:50 +00:00
joerg
40fecf2d62 Add public wrappers for ios, ostream and unwind.h, otherwise linking may
fail due to hidden definitions of system functions.
2013-05-14 12:41:02 +00:00
sbd
35e0894df2 If MOZ_ALSA is to be used in Makefiles it must have a AC_SUBST and be defined
when needed.
2013-05-08 09:14:29 +00:00
sbd
d2419627d1 Use the vorbis and tremor PLIST_VARS, and update PLIST.Linux. 2013-05-08 09:12:53 +00:00
wiz
bf579caa11 Remove patch-ai, removed from distinfo during recent updated. 2013-04-18 07:18:00 +00:00
ryoon
d304cbf154 Update to 17.0.5
Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Adjusting font size when composing emails should be easier (Bug 824926)

Fixed in Thunderbird 17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
2013-04-09 20:23:05 +00:00
wiz
6378fee40a Restore enigmail checksums (hi tron) 2013-03-31 21:15:21 +00:00
tron
bf9e3876f9 Get this package closer to build under Solaris 10:
1.) Fix broken "yasm" version check which only accepts version numbers
    like "a.b.c.d" but not like "a.b.c" and therefore fails with
    Yasm 1.2.0. This probably affects other platforms (e.g. Linux
    as well).
2.) Use "-R" instead of non-portable "-rpath" linker option.

The build under Solaris 10 fails now during the build phase and not
already in the configuration phase.
2013-03-30 23:31:35 +00:00
ryoon
767b8f46fd Update to 17.0.4
Changelog:
Not available.
2013-03-10 13:06:28 +00:00
wiz
7fb932eed4 Readd enigmail checksums. 2013-02-25 16:10:53 +00:00
ryoon
f1b68d95e3 Update to 17.0.3
Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Attachments sometimes could not be removed from the composition window using the keyboard, this is now fixed (799451)

Fixed in Thunderbird 17.0.3
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
2013-02-24 14:13:55 +00:00
wiz
d1b820f37b Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
wiz
bd06e1cb46 Reset MAINTAINER/OWNER (became observers) 2013-02-01 22:21:05 +00:00
adam
f4c3b89da7 Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
wiz
51088a811a Restore engimail checksum 2013-01-19 13:19:53 +00:00
ryoon
c2f3514eab Update to 17.0.2
Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Pressing the 'x' button on Windows now closes only one window rather than the whole application (805185)
    FIXED
    An issue that caused occasional corruption in local folders after filtering is now fixed (815012)
    FIXED
    An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626)
For security fix, see http://www.mozilla.org/en-US/thunderbird/17.0.2/releasenotes/ .
2013-01-19 03:43:52 +00:00
ryoon
19da965141 Add missing jpeg header files to PLIST. 2013-01-19 03:43:51 +00:00
ryoon
4b02def176 Update to 17.0.2
Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Pressing the 'x' button on Windows now closes only one window rather than the whole application (805185)
    FIXED
    An issue that caused occasional corruption in local folders after filtering is now fixed (815012)
    FIXED
    An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626)
For security fix, see http://www.mozilla.org/en-US/thunderbird/17.0.2/releasenotes/ .
2013-01-19 03:43:51 +00:00
ryoon
5b8d050b46 * Fix build on NetBSD (_res issue)
* Fix build on recent NetBSD current (kinfo_proc issue)
2013-01-07 21:12:15 +00:00
ryoon
2a3beb6a43 Bump PKGREVISION.
Fix another _res multi-thread error.
Patch is provided by Dave Tyson on pkgsrc-users@.
2012-12-12 08:35:58 +00:00
ryoon
1fd40a4bdb Fix build
* Add missing include file to PLIST.lightning
* Fix xulrunner pathes
2012-11-23 11:08:05 +00:00
ryoon
bd1ca5cee6 Update to 17.0
Changelog:
    NEW
    A Menu Button is now shown to new users by default
    NEW
    Tabs are now drawn in the title bar on Windows
    FIXED
    An issue causing spell-checking only parts of words in Thunderbird 16 is now fixed (790475)
    FIXED
    An issue causing Thunderbird 16 to repeatedly download emails is now fixed (806760)
    FIXED
    RSS feeds can now be viewed in the Wide View Layout (531397)
    FIXED
    Various fixes and performance improvements
    FIXED
    Various security fixes
    CHANGED
    Mac OS X 10.5 is no longer supported

Security fixes:
Fixed in Thunderbird 17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
2012-11-23 07:17:53 +00:00
ryoon
1d797f60af Fix PR pkg/47160
Readd checksum for enigmail distfile.
2012-11-05 22:44:10 +00:00
ryoon
2dd57cc7d5 Update to 16.0.2
Changelog:
Fixed in Thunderbird 16.0.2
MFSA 2012-90 Fixes for Location object issues
MFSA 2012-67 Installer will launch incorrect executable following new installation
2012-11-03 22:51:53 +00:00
ryoon
b547bc93ea Add a forgotten patch 2012-10-12 18:29:39 +00:00
ryoon
6ef909421a Update to 16.0.1
Changelog:
    FIXED
    16.0.1: Vulnerability outlined here
	https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
    NEW
    We have now added box.com to the list of online storage services that are available for use with Thunderbird Filelink
    NEW
    Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
    FIXED
    Various fixes and performance improvements
    FIXED
    Various security fixes
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

Fixed in Thunderbird 16
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
2012-10-12 18:28:58 +00:00
adam
3f2cc57b2b Revbump after updating graphics/pango 2012-10-08 23:00:34 +00:00
asau
d70c8e374b Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days. 2012-10-08 12:19:01 +00:00
tron
14215633d2 Mass recursive bump after the dependence fix of the "cairo" package
requested by Thomas Klausner.
2012-10-02 17:10:28 +00:00
obache
c38c120ee5 recursive bump from libffi shlib major bump
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
2012-09-15 10:03:29 +00:00
adam
b15c922bcc Revbump after updating graphics/cairo 2012-09-07 19:16:05 +00:00
marino
a1f37d4f5f mail/thunderbird: Fix build for DragonFly
- kvm is still needed
- should fix FreeBSD as well
2012-09-03 15:47:49 +00:00
ryoon
27c269fcad Fix DragonFly build again. Thank you, marino@. 2012-09-03 15:27:31 +00:00
ryoon
e5400ccccd Fix broken patch-mozilla_ipc_chromium_src_base_dir__reader__bsd.h. 2012-09-02 12:27:50 +00:00