Subject: CVS commit: pkgsrc/www
From: Geert Hendrickx
Date: 2008-07-02 11:03:35
Message id: 20080702090335.51DF7175D0@cvs.netbsd.org

Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.15.

Part of patch-af has been fixed upstream.

Security fixes in this version:

MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/

Files:
RevisionActionfile
1.58modifypkgsrc/www/firefox/Makefile-firefox.common
1.29modifypkgsrc/www/firefox/PLIST
1.78modifypkgsrc/www/firefox/distinfo
1.43modifypkgsrc/www/firefox-bin/Makefile
1.43modifypkgsrc/www/firefox-bin/distinfo
1.6modifypkgsrc/www/firefox/patches/patch-af
1.9modifypkgsrc/www/firefox/patches/patch-ap
1.2modifypkgsrc/www/firefox/patches/patch-de