Commit graph

193 commits

Author SHA1 Message Date
tnn
311b7577db Update to firefox-3.5.6. Security and bugfix release.
While here, switch NetBSD build from sunaudio to OSS emulation.
This greatly improves HTML5 video playback.
(Yes, we ought to fix the busted sunaudio support or PKG_OPTIONalize this.
 Perhaps another day.)

Advisories relating to this release:
MFSA 2009-71 GeckoActiveXObject exception messages can be used to
             enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
2009-12-16 08:18:32 +00:00
tnn
5d2c1a0ff5 fix lint 2009-11-29 03:28:04 +00:00
tnn
2183523d9a bump the minimum required GTK+ to 2.18.3nb1 2009-11-27 16:59:18 +00:00
tnn
d8b31f82cc Update to firefox 3.5.5. This is a stability/bugfix update.
pkgsrc changes:
- assign devel/xulrunner maintainership to tnn@
- mozilla-common.mk: work around gcc __thread support misdetection on NetBSD
- separate distinfo related stuff into dist.mk for sharing with nss & nspr

"topcrash" bugs fixed:
468562 "ASSERTION: Inserting multiple children without flushing"
521750 Put a runtime NS_IsMainThread check in nsCycleCollector::Suspect2 ...
524462 startup crash [@ gfxWindowsFontGroup::WhichFontSupportsChar(nsTAr ...
525326 Crashes in gif decoder [@ xul.dll@0x348945][@ xul.dll@0x348864][@ ...
525276 crashes [@ nsDocument::RegisterNamedItems(nsIContent*)]
2009-11-06 15:44:34 +00:00
tnn
578a5e1d4a Security and bugfix update of firefox (to 3.5.4) and xulrunner (to 1.9.1.4)
Also fix broken DESTDIR support.

Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
2009-10-28 11:36:36 +00:00
tnn
4d1ae4854f - allow firefox and xulrunner to share some infrastructure
- install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin)
- bump revision for both packages
2009-10-11 10:49:56 +00:00
tnn
c2f8fe0872 s/Shiretoko/Browser/ 2009-10-09 19:41:46 +00:00
tnn
09141e293e - when official branding is not enabled, just call it "Browser".
- set the default start page to something more sensible.
- Bump PKGREVISION
2009-09-23 16:46:31 +00:00
tnn
71cfa34c2a Send firefox3 on it's way to the happy hunting ground. 2009-09-22 13:17:27 +00:00
ghen
2fa9aa0581 Fix typo. 2009-09-18 08:03:49 +00:00
tnn
ae34543431 fix potentially troublesome shell variable expansion in patch 2009-09-17 09:41:50 +00:00
tnn
2199d50b03 Build firefox against external runtime components from devel/xulrunner.
Bump PKGREVISION.
2009-09-16 19:06:18 +00:00
tnn
e776949a91 In qcmstypes.h, don't redefine standard types line uintptr_t, uint32_t
and friends. Include <stdint.h> instead. Might fix PR pkg/42033.
2009-09-10 07:53:45 +00:00
tnn
522d11e218 Update to firefox-3.5.3. Bugfix and security release.
MFSA 2009-51 Chrome privilege escalation with FeedWriter
MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters
MFSA 2009-49 TreeColumns dangling pointer vulnerability
MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)
2009-09-10 00:03:37 +00:00
martin
d4f39e637e Fix an alignement problem in qcms/iccread.c 2009-09-01 20:36:19 +00:00
dsainty
3d218ee838 Fix patch-nb on Linux by pulling in <stdint.h> before using uint64_t. This
only affects platforms that would not previously complete building, so no
PKGREVISION++ required.
2009-09-01 02:57:26 +00:00
markd
851b9080cb libgnome is also needed for the gnome option to do anything. 2009-08-30 01:14:49 +00:00
tnn
569505f41d Upon giving this some more thought, I think the gnome option is better
left disabled by default. Correct me if I'm wrong but it feels like
most pkgsrc users don't use gnome. If someone can comment on the
benefits of these dependencies in the GNOME environment, speak up.
2009-08-29 15:47:58 +00:00
tnn
480cfbcd75 PLIST fix for previous 2009-08-29 11:50:32 +00:00
tnn
15458d9ed0 Add a "gnome" option which toggles gnome-vfs (and dbus) support.
Enable this by default.
Bump revision.
2009-08-29 10:34:37 +00:00
martin
dfc4489ca3 New bugs reported upstream - add references 2009-08-26 21:42:25 +00:00
martin
ff953c9cf8 Fix very obvious alignment issue 2009-08-26 21:07:31 +00:00
sno
949cd3bc1f bump revision because of graphics/jpeg update 2009-08-26 19:56:37 +00:00
martin
8e82da2469 The aggregate allocator for JSScripts did not care about alignment at all -
make it deal properly at least on 64 bit archs (natural alignment seems
to fit for all substructures for 32bit archs)
2009-08-23 23:56:19 +00:00
tnn
39ca00d3b5 remove stale PLIST entry 2009-08-09 23:05:42 +00:00
tnn
ad0743d720 add mozilla-jit option 2009-08-09 21:13:39 +00:00
tnn
da568c505b needs ALSA libraries on Linux for ogg playback 2009-08-08 04:14:18 +00:00
tnn
bfb028feda guess we need a bl3.mk after all to build browser plugins 2009-08-06 13:09:28 +00:00
tnn
9d3e663016 fix comment 2009-08-05 02:49:19 +00:00
tnn
3a6ce6fd83 resurrect file still needed by www/firefox3 2009-08-05 02:48:55 +00:00
tnn
c0e619496a merge pkgsrc-20090805 2009-08-05 02:43:47 +00:00
tnn
3baa592e5d Import firefox-3.5.2 as www/firefox. from pkgsrc-wip.
Firefox 3.5  is based on the Gecko 1.9.1 rendering platform.
Firefox 3.5 offers many changes over the previous version, supporting new web
technologies, improving performance and ease of use.
Some of the notable features are:

* Support for the HTML5 <video> and <audio> elements
* Improved tools for controlling your private data
* Better web application performance using the new TraceMonkey JavaScript engine
* The ability to share your location with websites using Location Aware Browsing
* Support for native JSON, and web worker threads.
* Improvements to the Gecko layout engine, including speculative parsing for
  faster content rendering.
* Support for new web technologies such as: downloadable fonts, CSS media
  queries, new transformations and properties, JavaScript query selectors,
  HTML5 local storage and offline application storage, <canvas> text,
  ICC profiles, and SVG transforms.
2009-08-05 02:37:10 +00:00
tnn
ff67a16587 Remove firefox 2.x. Firefox 3.5 branch will be imported in this location.
(I opted for removing and re-importing instead of a plain update due to
 extensive patch rototil)

We may encounter minor turbulence as dependent packages are sorted out.
Thank you for flying pkgsrc-current.
2009-08-05 01:27:31 +00:00
joerg
30e9948198 Convert @exec/@unexec to @pkgdir or drop it. 2009-06-14 22:00:14 +00:00
hasso
42437a2c25 Don't try to link against libc_r on DragonFly. 2009-05-02 07:51:02 +00:00
hasso
2d1ac299a5 Make Mozilla products build on DragonFly master. 2009-04-07 08:01:01 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
abs
97df00a91a Unify all the mozilla projects into using a single Makefile.common and
INSTALL, and put it in seamonkey.
Ensure all build with USE_DESTDIR.
Bump PKGREVISIONs
2009-03-18 00:08:39 +00:00
abs
7a97e86e86 Strip out -fomit-frame-pointer if passed in cflags 2009-02-18 10:51:40 +00:00
ghen
8736b8bdbc Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.19.
Security fixes in this version:

MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-62 Additional XSS attack vectors in feed preview
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.19/releasenotes/
2008-12-17 17:05:52 +00:00
ghen
8145fb4d02 Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.18.
Security fixes in this version:

MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-47 Information stealing via local shortcut files

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.18/releasenotes/
2008-11-13 10:11:45 +00:00
ghen
65d097fa9a Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.17.
(ok during freeze agc@)

Security fixes in this version:

MFSA 2008-45 XBM image uninitialized memory reading
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag
MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/
2008-09-24 14:34:36 +00:00
martin
085901eb25 Add "unicode" processing alignment patch from mozilla's bugzilla to make
firefox work again on archs requiring strict alignement.
Bump pkgrevision.
2008-08-11 10:09:21 +00:00
ghen
1a3ae5f2bf Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.16.
Security fixes in this version:

MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
MFSA 2008-34 Remote code execution by overflowing CSS reference counter

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/
2008-07-16 09:52:56 +00:00
ghen
a98ce8e77d Fix build on DragonFly, from PR pkg/39096. 2008-07-06 06:45:30 +00:00
ghen
4f2e9d5b4c Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.15.
Part of patch-af has been fixed upstream.

Security fixes in this version:

MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
2008-07-02 09:03:35 +00:00
tnn
b366583394 tie down API dependency to firefox 2.x 2008-05-31 23:08:33 +00:00
tnn
c51a1f73a5 Fix assorted pkglint complaints and warns. 2008-05-19 10:43:02 +00:00
ghen
8756384c76 Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.14.
Security fixes in this version:

MFSA 2008-20 Crash in JavaScript garbage collector

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.14/releasenotes/
2008-04-17 07:39:20 +00:00
ghen
7b60799b23 Update firefox and firefox-gtk1 to 2.0.0.13.
Security fixes in this version:

MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.13/releasenotes/
2008-03-30 13:32:22 +00:00