- Fixes MFSA-2012-01..11
- remove patch-gfx_qcms_qcmstypes_h & patch-toolkit_xre_glxtest_cpp,
were commited upstream (bugs #651444 & #687320)
- remove patch-js_src_xpconnect_src_Makefile_in, dom_quickstubs.cpp hack
was apparently only needed with gcc3
- remove patch-xpcom_base_nsStackWalk_cpp, codepath not reached/solaris
only.
- add https://bug691898.bugzilla.mozilla.org/attachment.cgi?id=588391 to
use yarr interpreter on ppc, bug #691898 still being worked on
- backport https://hg.mozilla.org/mozilla-central/rev/9cfdb612a026, fixes
endianess detection on BSDs using machine/endian.h (bug #714312)
That's the first release following the new fast scheme of one major
release every 6 weeks..
Check out http://www.mozilla.com/en-US/firefox/5.0/releasenotes/ for
release notes. Note that it's still badly broken on sparc64, and
unlikely to be fixed soon... you still have www/firefox36.
Tested by (at least, probably forgetting some..) rpointel@, pea@,
ckuethe@ and myself on amd64, bluhm@ on i386 and ajacoutot@ on macppc
(thanks!)
ok rpointel@
release will be out within 24h. Doh!
So here comes 3.6.8, fixing MFSA-2010-48/critical bug 575836
Reminded by naddy@/dhill@/Patrick Keshishian
Proactive ok naddy@
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
The new plugin sandboxing code is disabled because :
- it only supports binary blobs plugins we don't have
- it is an horrible maze of #ifdef linux-apple-win32 coming straight
from an old version of chromium. Future versions should have better BSD
support..
tested by several on ports@, thanks!
www/firefox36 mostly by martynas@ and naddy@.
Note that the java plugin from devel/jdk currently doesn't work with this
version of firefox, in the meantime users really needed it will have to
use www/firefox35.
ok naddy@
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
MFSA 2010-16 Crashes with evidence of memory corruption
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption
Also fix some corrupted $OpenBSD keywords, pointed out by sthen@
ok sthen@
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption
been tested good enough, and i've fixed all the issues i'm aware
of. furthermore 2.0 branch has basically reached eol, since there
will be only one minor update (2.0.0.19)
discussed with kurt@, naddy@ and porters
pkgname change handling help naddy@
ok naddy@
Fixes multiple vulnerabilities:
CVE-2008-0412
CVE-2008-0413
CVE-2008-0414
CVE-2008-0415
CVE-2008-0419
CVE-2008-0591
CVE-2008-0593
More infos:
http://secunia.com/advisories/28758/
Tested by some people on ports@. Thanks!
ok martynas@, laurent@, steven@
