Path to this page:
Subject: CVS commit: [pkgsrc-2013Q2] pkgsrc/devel/xulrunner17
From: Matthias Scheler
Date: 2013-08-24 21:45:15
Message id: 20130824194515.D8AFD96@cvs.netbsd.org
Log Message:
Pullup ticket #4218 - requested by ryoon
devel/xulrunner17: security update
Revisions pulled up:
- devel/xulrunner17/Makefile 1.12-1.15
- devel/xulrunner17/PLIST 1.5
- devel/xulrunner17/buildlink3.mk 1.10
- devel/xulrunner17/dist.mk 1.7-1.8
- devel/xulrunner17/distinfo 1.10-1.12
- devel/xulrunner17/patches/patch-dist_stl__wrappers_ios 1.1
- devel/xulrunner17/patches/patch-dist_stl__wrappers_ostream 1.1
- devel/xulrunner17/patches/patch-ipc_chromium_src_base_file__util.cc 1.1
- devel/xulrunner17/patches/patch-ipc_chromium_src_base_file__util__posix.cc 1.2
- devel/xulrunner17/patches/patch-ipc_chromium_src_base_pickle.cc 1.1
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Jul 9 10:53:14 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile dist.mk distinfo
Log Message:
Update to 17.0.7
Changelog:
FIXED
Security fixes can be found here
Fixed in Firefox ESR 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a \
privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Jul 16 22:27:45 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: distinfo
pkgsrc/devel/xulrunner17/patches:
patch-ipc_chromium_src_base_file__util__posix.cc
Added Files:
pkgsrc/devel/xulrunner17/patches: patch-dist_stl__wrappers_ios
patch-dist_stl__wrappers_ostream
patch-ipc_chromium_src_base_file__util.cc
patch-ipc_chromium_src_base_pickle.cc
Log Message:
Add visibility wrapper around ios and ostream. Don't use false as null
pointer.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Aug 2 12:17:57 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile PLIST buildlink3.mk
Log Message:
Remove pkg-config *.pc files from standard place.
* Avoid potential conflicts between xulrunners.
* Fix buildlink3.mk to handle pc files properly.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Aug 2 12:18:41 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile
Log Message:
Bump PKGREVISION for previous.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Aug 8 13:01:38 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile dist.mk distinfo
Log Message:
Update to 17.0.8
Changelog:
Fixed in Firefox ESR 17.0.8
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript \
components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Files: