sqlite database. Allows us to build against system sqlite3 again, and
get rid of the infamous symbol size mismatch warning reported several
times on ports@.
See https://bugzilla.mozilla.org/show_bug.cgi?id=445164 for why mozilla
now hard-requires secure_delete, and
https://bugzilla.mozilla.org/show_bug.cgi?id=546162 for the reasons they
don't want to make that an option and forces us to do such hacks.
ok jasper@
like the systemwide cairo since 1.10.x update (crashes,gifs not displaying
properly), and there's few hope it will be fixed in 1.9.2.x branch.
Fix WANTLIB while here and bump REVISIONs.
Reported by dcoppa@, also found in upstream bz #597174 and various linux
vendors bugzillas (red hat #628331, mdv #60738, gentoo #337813).
devel/xulrunner will follow in a few..
release will be out within 24h. Doh!
So here comes 3.6.8, fixing MFSA-2010-48/critical bug 575836
Reminded by naddy@/dhill@/Patrick Keshishian
Proactive ok naddy@
that when they are dlopen()'ed they can tell ld.so where to go hunt for
the other mozilla libs they depend on.
Similar fix as done in xulrunner 1.8 patch-config_rules_mk 2 years ago
by martynas@, needed to convert py-gnome-extras to xulrunner 1.9.
No fallout on firefox.
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
The new plugin sandboxing code is disabled because :
- it only supports binary blobs plugins we don't have
- it is an horrible maze of #ifdef linux-apple-win32 coming straight
from an old version of chromium. Future versions should have better BSD
support..
tested by several on ports@, thanks!
corresponding libs from SHARED_LIBS/PLIST. Bump minor and PKGNAME.
Bring in a pair of patches from xulrunner, and add a DIRECTORY variable
as done in xulrunner that is subst'ed in config/autoconf.mk.in.
sthen@ likes.
- use SUBST_CMD instead of perl -pi -e
- use ${LOCALBASE}/${TRUEPREFIX}/${X11BASE} instead of the handpatched
_XXX_ ones
- harmonize default systemwide plugins/extensions search path to
lib/mozilla/{plugins,extensions} as done in other mozilla ports
it breaks loading png icons through gdk_pixbuf_new_from_file as gtk is
linked with systemwide png. This went unnoticed so far as firefox always
shipped a fallback xpm icon, but this is not the case anymore, so now
gtk_window_set_icon_list() is not called anymore, and the window manager
shows the default icon for firefox windows in taskbar/tasklists..
So add graphics/netpbm as a build dependency, do the necessary netpbm
magic in do-install to create the default.xpm from mozicon128.png, and
patch widget/src/gtk2/nsWindow.cpp to not try to load png icons.
While here fix icon path in desktop file, and add a comment about why we
don't use systemwide png.
www/firefox36 mostly by martynas@ and naddy@.
Note that the java plugin from devel/jdk currently doesn't work with this
version of firefox, in the meantime users really needed it will have to
use www/firefox35.
ok naddy@
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
MFSA 2010-16 Crashes with evidence of memory corruption
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption
Also fix some corrupted $OpenBSD keywords, pointed out by sthen@
ok sthen@
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption
