head	1.13;
access;
symbols
	pkgsrc-2015Q3:1.12.0.12
	pkgsrc-2015Q3-base:1.12
	pkgsrc-2015Q2:1.12.0.10
	pkgsrc-2015Q2-base:1.12
	pkgsrc-2015Q1:1.12.0.8
	pkgsrc-2015Q1-base:1.12
	pkgsrc-2014Q4:1.12.0.6
	pkgsrc-2014Q4-base:1.12
	pkgsrc-2014Q3:1.12.0.4
	pkgsrc-2014Q3-base:1.12
	pkgsrc-2014Q2:1.12.0.2
	pkgsrc-2014Q2-base:1.12
	pkgsrc-2014Q1:1.11.0.10
	pkgsrc-2014Q1-base:1.11
	pkgsrc-2013Q4:1.11.0.8
	pkgsrc-2013Q4-base:1.11
	pkgsrc-2013Q3:1.11.0.6
	pkgsrc-2013Q3-base:1.11
	pkgsrc-2013Q2:1.11.0.4
	pkgsrc-2013Q2-base:1.11
	pkgsrc-2013Q1:1.11.0.2
	pkgsrc-2013Q1-base:1.11
	pkgsrc-2012Q4:1.10.0.2
	pkgsrc-2012Q4-base:1.10
	pkgsrc-2012Q3:1.9.0.2
	pkgsrc-2012Q3-base:1.9
	pkgsrc-2012Q2:1.8.0.2
	pkgsrc-2012Q2-base:1.8
	pkgsrc-2012Q1:1.7.0.2
	pkgsrc-2012Q1-base:1.7
	pkgsrc-2011Q4:1.5.0.4
	pkgsrc-2011Q4-base:1.5
	pkgsrc-2011Q3:1.5.0.2
	pkgsrc-2011Q3-base:1.5
	pkgsrc-2011Q2:1.4.0.2
	pkgsrc-2011Q2-base:1.4
	pkgsrc-2010Q3:1.3.0.6
	pkgsrc-2010Q3-base:1.3
	pkgsrc-2010Q2:1.3.0.4
	pkgsrc-2010Q2-base:1.3
	pkgsrc-2010Q1:1.3.0.2
	pkgsrc-2010Q1-base:1.3
	pkgsrc-2009Q4:1.2.0.2
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.1.1.1.0.32
	pkgsrc-2009Q3-base:1.1.1.1
	pkgsrc-2009Q2:1.1.1.1.0.30
	pkgsrc-2009Q2-base:1.1.1.1
	pkgsrc-2009Q1:1.1.1.1.0.28
	pkgsrc-2009Q1-base:1.1.1.1
	pkgsrc-2008Q4:1.1.1.1.0.26
	pkgsrc-2008Q4-base:1.1.1.1
	pkgsrc-2008Q3:1.1.1.1.0.24
	pkgsrc-2008Q3-base:1.1.1.1
	cube-native-xorg:1.1.1.1.0.22
	cube-native-xorg-base:1.1.1.1
	pkgsrc-2008Q2:1.1.1.1.0.20
	pkgsrc-2008Q2-base:1.1.1.1
	cwrapper:1.1.1.1.0.18
	pkgsrc-2008Q1:1.1.1.1.0.16
	pkgsrc-2008Q1-base:1.1.1.1
	pkgsrc-2007Q4:1.1.1.1.0.14
	pkgsrc-2007Q4-base:1.1.1.1
	pkgsrc-2007Q3:1.1.1.1.0.12
	pkgsrc-2007Q3-base:1.1.1.1
	pkgsrc-2007Q2:1.1.1.1.0.10
	pkgsrc-2007Q2-base:1.1.1.1
	pkgsrc-2007Q1:1.1.1.1.0.8
	pkgsrc-2007Q1-base:1.1.1.1
	pkgsrc-2006Q4:1.1.1.1.0.6
	pkgsrc-2006Q4-base:1.1.1.1
	pkgsrc-2006Q3:1.1.1.1.0.4
	pkgsrc-2006Q3-base:1.1.1.1
	pkgsrc-2006Q2:1.1.1.1.0.2
	pkgsrc-2006Q2-base:1.1.1.1
	pkgsrc-base:1.1.1.1
	TNF:1.1.1;
locks; strict;
comment	@# @;


1.13
date	2015.10.02.22.49.36;	author ryoon;	state dead;
branches;
next	1.12;
commitid	4NPwQdOyvYkssADy;

1.12
date	2014.06.22.08.54.39;	author ryoon;	state Exp;
branches;
next	1.11;
commitid	PZNghMi9oWIHQuFx;

1.11
date	2013.01.07.21.55.30;	author ryoon;	state Exp;
branches;
next	1.10;

1.10
date	2012.11.23.17.28.49;	author ryoon;	state Exp;
branches;
next	1.9;

1.9
date	2012.09.06.12.08.51;	author ryoon;	state Exp;
branches;
next	1.8;

1.8
date	2012.04.28.22.48.06;	author ryoon;	state Exp;
branches;
next	1.7;

1.7
date	2012.03.19.10.35.58;	author ryoon;	state Exp;
branches;
next	1.6;

1.6
date	2012.03.10.03.26.05;	author ryoon;	state Exp;
branches;
next	1.5;

1.5
date	2011.07.11.20.46.36;	author tnn;	state Exp;
branches;
next	1.4;

1.4
date	2010.10.22.10.08.14;	author tnn;	state dead;
branches;
next	1.3;

1.3
date	2010.03.16.10.59.10;	author tnn;	state Exp;
branches
	1.3.6.1;
next	1.2;

1.2
date	2009.11.29.00.40.44;	author tnn;	state dead;
branches;
next	1.1;

1.1
date	2006.03.30.19.15.48;	author ghen;	state Exp;
branches
	1.1.1.1;
next	;

1.3.6.1
date	2010.10.25.16.30.56;	author tron;	state dead;
branches;
next	;

1.1.1.1
date	2006.03.30.19.15.48;	author ghen;	state Exp;
branches;
next	;


desc
@@


1.13
log
@Update to 2.38

Changelog:
Based on xulrunner 41.0

Security fixes:
    2015-114 Information disclosure via the High Resolution Time API
    2015-113 Memory safety errors in libGLES in the ANGLE graphics library
    2015-112 Vulnerabilities found through code inspection
    2015-111 Errors in the handling of CORS preflight request headers
    2015-110 Dragging and dropping images exposes final URL after redirects
    2015-109 JavaScript immutable property enforcement can be bypassed
    2015-108 Scripted proxies can access inner window
    2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
    2015-106 Use-after-free while manipulating HTML media content
    2015-105 Buffer overflow while decoding WebM video
    2015-104 Use-after-free with shared workers and IndexedDB
    2015-103 URL spoofing in reader mode
    2015-102 Crash when using debugger with SavedStacks in JavaScript
    2015-101 Buffer overflow in libvpx while parsing vp9 format video
    2015-100 Arbitrary file manipulation by local user through Mozilla updater
    2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
    2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
    2015-97 Memory leak in mozTCPSocket to servers
    2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
@
text
@$NetBSD: patch-al,v 1.12 2014/06/22 08:54:39 ryoon Exp $

--- mozilla/storage/src/mozStorageConnection.cpp.orig	2014-06-13 00:45:50.000000000 +0000
+++ mozilla/storage/src/mozStorageConnection.cpp
@@@@ -584,6 +584,11 @@@@ Connection::initialize(nsIFile *aDatabas
 
   mDatabaseFile = aDatabaseFile;
 
+  // XXX tnn: the configure script demands that sqlite3 is compiled with
+  // SECURE_DELETE on by default. sqlite3 in pkgsrc does not have that,
+  // so instead we enable secure_delete manually here.
+  (void)ExecuteSimpleSQL(NS_LITERAL_CSTRING("PRAGMA secure_delete = 1;"));
+
   return NS_OK;
 }
 
@


1.12
log
@Update to 2.26.1

Changelog:
SeaMonkey-specific changes

    The delimiter for forwarded messages can now be configured.
    An option to not strip signatures on reply has been added to prevent top signatures from deleting the body.
    Add to Searchbar (search-engine autodiscovery) was implemented.
    The location bar tooltip now shows the complete current URL in case it is displayed only partially.
    See the changes page for a more complete overview.

Mozilla platform changes

    The Gamepad API has been finalized and enabled (learn more).
    navigator.plugins is no longer enumerable, for user privacy.
    ECMAScript Internationalization API has been enabled.
    'box-sizing' (dropping the -moz- prefix) has been implemented.
    SharedWorker is now enabled by default.
    CSS3 variables have been implemented.
    Console object is now available in Web Workers.
    Promises have been enabled by default.
    <input type="number"> has been implemented and enabled.
    <input type="color"> has been implemented and enabled.
    Fixed several stability issues.

Fixed in SeaMonkey 2.26.1
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Fixed in SeaMonkey 2.26
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.11 2013/01/07 21:55:30 ryoon Exp $
@


1.11
log
@* Regen patches...
* Fix build on recent NetBSD (kproc_info vs kproc_info2)
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.9 2012/09/06 12:08:51 ryoon Exp $
d3 1
a3 1
--- mozilla/storage/src/mozStorageConnection.cpp.orig	2012-11-18 10:19:51.000000000 +0000
d5 3
a7 3
@@@@ -571,6 +571,11 @@@@ Connection::initialize(nsIFile *aDatabas
       break;
   }
@


1.10
log
@Update to 2.14

* Patches are synced with xulrunner-17.0, and regen patches
* Update Mozilla Lightning to 1.9

Changelog:
SeaMonkey-specific changes
    None (see changes page for minor changes).

Mozilla platform changes
    OS X 10.6 is now the minimum supported Mac version.
    JavaScript Maps and Sets are now iterable.
    SVG FillPaint and StrokePaint have been implemented.
    The sandbox attribute has been implemented for iframes, enabling increased security.
    Fixed several stability issues.

Security fixes
Fixed in SeaMonkey 2.14
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
@
text
@@


1.9
log
@Update to 2.12

* Update Mozilla Lightning to 1.7
* Update Enigmail to 1.4.4 (functionality is not tested yet; should
  be updated)
* Regen patches

Changelog:
SeaMonkey-specific changes
    None.

Mozilla platform changes
    Added support for SPDY networking protocol v3.
    Implemented WebGL enhancements, including compressed textures for better performance.
    Optimized memory usage for add-ons.
    Implemented the CSS word-break property.
    Implemented high precision event timer.
    HTML5: Added native support for the Opus audio codec.
    HTML5: Added support for the source element media attribute.
    HTML5: Added support for the audio element and video element played attribute.
    Fixed several stability issues.

Fixed in SeaMonkey 2.12
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.8 2012/04/28 22:48:06 ryoon Exp $
d3 1
a3 1
--- mozilla/storage/src/mozStorageConnection.cpp.orig	2012-08-27 04:49:30.000000000 +0000
d5 1
a5 1
@@@@ -680,6 +680,11 @@@@ Connection::initialize(nsIFile *aDatabas
@


1.8
log
@Update to 2.9

* Remove unused option.
* Restore jemalloc option.

Changelog:
* The File and Move Bookmarks dialogs are resizable now.
* HTML5 videos that do not start automatically show a large play button now.
* Add-ons Sync can now be configured without the Add-ons Sync Prefs add-on.
* Pasting a URL from the clipboard into the Download Manager window will
  download it.
* Plugins can be disabled for the whole suite now in addition to
  Mail & Newsgroups only.

* View Source now has line numbers.
* Line breaks are now supported in the title attribute.
* Find in Page search results are scrolled into view now.
* The column-fill CSS property has been implemented.
* Support for the text-align-last CSS property has been added.
* Experimental support for ECMAScript 6 Map and Set objects has been
  implemented.
* Fixed several stability issues.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.7 2012/03/19 10:35:58 ryoon Exp $
d3 1
a3 1
--- mozilla/storage/src/mozStorageConnection.cpp.orig	2012-04-23 06:28:20.000000000 +0000
d5 1
a5 1
@@@@ -718,6 +718,11 @@@@ Connection::initialize(nsIFile *aDatabas
@


1.7
log
@Update to 2.8

* Based on xulrunner-11.0
* Patches are almost as same as mail/thunderbird

Changelog:
See http://www.seamonkey-project.org/releases/seamonkey2.8/ etc.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.6 2012/03/10 03:26:05 ryoon Exp $
d3 1
a3 1
--- mozilla/storage/src/mozStorageConnection.cpp.orig	2012-03-13 05:33:11.000000000 +0000
d5 2
a6 2
@@@@ -681,6 +681,11 @@@@ Connection::initialize(nsIFile *aDatabas
     (void)::NS_RegisterMemoryReporter(mMemoryReporters[i]);
@


1.6
log
@Update to 2.7.2

* Many new features.
* Security bugfixes.
* See http://www.seamonkey-project.org/releases/seamonkey2.7/
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.5 2011/07/11 20:46:36 tnn Exp $
d3 1
a3 1
--- mozilla/storage/src/mozStorageConnection.cpp.orig	2012-02-16 14:09:33.000000000 +0000
d5 1
a5 1
@@@@ -632,6 +632,11 @@@@ Connection::initialize(nsIFile *aDatabas
@


1.5
log
@Update to seamonkey-2.2.

Based on the mozilla-5.0 branch.

SeaMonkey 2.2 contains the following major changes relative to SeaMonkey 2.1:
  Windows: Bundled extensions/add-ons are no longer optional in SeaMonkey's
  installer.
  Archive options can now be changed from the Copies & Folders Account Settings pane.

Mozilla platform changes
  CSS Animations are now supported.
  Improved canvas, JavaScript, memory, and networking performance.
  Improved standards support for HTML5, XHR, MathML, SMIL, and canvas.
  Improved spell checking for some locales.
  WebGL content can no longer load cross-domain textures.
  Background tabs have setTimeout and setInterval clamped to 1000ms to improve
  performance.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.4 2011/07/11 12:46:14 tnn Exp $
d3 1
a3 1
--- mozilla/storage/src/mozStorageConnection.cpp.orig	2011-06-15 21:57:54.000000000 +0000
d5 1
a5 1
@@@@ -595,6 +595,11 @@@@ Connection::initialize(nsIFile *aDatabas
@


1.4
log
@Security and stability update of seamonkey to 2.0.9.

MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.3 2010/03/16 10:59:10 tnn Exp $
d3 5
a7 7
# Reported upstream as https://bugzilla.mozilla.org/show_bug.cgi?id=471179

--- mozilla/nsprpub/pr/src/misc/prsystem.c.orig	2009-06-29 18:15:07.000000000 +0200
+++ mozilla/nsprpub/pr/src/misc/prsystem.c
@@@@ -284,6 +284,20 @@@@ PR_IMPLEMENT(PRUint64) PR_GetPhysicalMem
     long pageCount = sysconf(_SC_PHYS_PAGES);
     bytes = (PRUint64) pageSize * pageCount;
d9 4
a12 13
+#elif defined(NETBSD)
+
+    int mib[2];
+    int rc;
+    uint64_t memSize;
+    size_t len = sizeof(memSize);
+
+    mib[0] = CTL_HW;
+    mib[1] = HW_PHYSMEM64;
+    rc = sysctl( mib, 2, &memSize, &len, NULL, 0 );
+    if ( -1 != rc )  {
+        bytes = memSize;
+    }
d14 2
a15 1
 #elif defined(HPUX)
a16 1
     struct pst_static info;
@


1.3
log
@clone comm-1.9.1 patch set from devel/xulrunner into mail/thunderbird and
www/seamonkey so devel/xulrunner can move forward to 1.9.2.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.1.1.1 2009/08/05 02:59:48 tnn Exp $
@


1.3.6.1
log
@Pullup ticket #3258 - requested by tnn
www/seamonkey: security update

Revisions pulled up:
- www/seamonkey/Makefile			1.41
- www/seamonkey/distinfo			1.56
- www/seamonkey/patches/patch-ag		1.4
- www/seamonkey/patches/patch-al		delete
- www/seamonkey/patches/patch-mn		1.2
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Fri Oct 22 10:08:15 UTC 2010

Modified Files:
	pkgsrc/www/seamonkey: Makefile distinfo
	pkgsrc/www/seamonkey/patches: patch-ag patch-mn
Removed Files:
	pkgsrc/www/seamonkey/patches: patch-al

Log Message:
Security and stability update of seamonkey to 2.0.9.

MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.3 2010/03/16 10:59:10 tnn Exp $
@


1.2
log
@Update to seamonkey-2.0, from pkgsrc-wip. Hijack maintainership.
Many, many changes; the biggest being that it's based on firefox 3.5.
For an exhaustive list of changes, see:
http://www.seamonkey-project.org/releases/seamonkey2.0/changes
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.1 2006/03/30 19:15:48 ghen Exp $
d3 23
a25 10
--- gfx/src/ps/nsFontMetricsPS.h.orig	2005-06-28 20:29:10.000000000 +0200
+++ gfx/src/ps/nsFontMetricsPS.h
@@@@ -424,7 +424,7 @@@@ protected:
   nsCOMPtr<nsITrueTypeFontCatalogEntry> mFaceID;
   nsCOMPtr<nsIFreeType2> mFt2;
   PRUint16        mPixelSize;
-  FTC_Image_Desc  mImageDesc;
+  FTC_ImageType   mImageDesc;
   nsCString       mFontNameBase;   // the base name of type 1 (sub) fonts
   nscoord         mHeight; 
d27 1
a27 9
@@@@ -493,7 +493,7 @@@@ public:
 protected:
   nsCOMPtr<nsITrueTypeFontCatalogEntry> mEntry;
   nsCOMPtr<nsIFreeType2> mFt2;
-  FTC_Image_Desc  mImageDesc;
+  FTC_ImageType   mImageDesc;
 };
 #endif   // MOZ_ENABLE_FREETYPE2
 #endif   // MOZ_ENABLE_XFT
@


1.1
log
@Initial revision
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.1.1
log
@Import Mozilla Seamonkey 1.0 from pkgsrc-wip (gtk2 version).  Seamonkey is
the community-driven continuation of the Mozilla Suite, which is no longer
maintained by Mozilla.  
@
text
@@