head	1.2;
access;
symbols
	pkgsrc-2014Q1:1.1.0.6
	pkgsrc-2014Q1-base:1.1
	pkgsrc-2013Q4:1.1.0.4
	pkgsrc-2013Q4-base:1.1
	pkgsrc-2013Q3:1.1.0.2
	pkgsrc-2013Q3-base:1.1;
locks; strict;
comment	@// @;


1.2
date	2014.06.22.08.54.39;	author ryoon;	state dead;
branches;
next	1.1;
commitid	PZNghMi9oWIHQuFx;

1.1
date	2013.09.28.14.37.05;	author ryoon;	state Exp;
branches;
next	;
commitid	RJpfztu2N6Kgkd7x;


desc
@@


1.2
log
@Update to 2.26.1

Changelog:
SeaMonkey-specific changes

    The delimiter for forwarded messages can now be configured.
    An option to not strip signatures on reply has been added to prevent top signatures from deleting the body.
    Add to Searchbar (search-engine autodiscovery) was implemented.
    The location bar tooltip now shows the complete current URL in case it is displayed only partially.
    See the changes page for a more complete overview.

Mozilla platform changes

    The Gamepad API has been finalized and enabled (learn more).
    navigator.plugins is no longer enumerable, for user privacy.
    ECMAScript Internationalization API has been enabled.
    'box-sizing' (dropping the -moz- prefix) has been implemented.
    SharedWorker is now enabled by default.
    CSS3 variables have been implemented.
    Console object is now available in Web Workers.
    Promises have been enabled by default.
    <input type="number"> has been implemented and enabled.
    <input type="color"> has been implemented and enabled.
    Fixed several stability issues.

Fixed in SeaMonkey 2.26.1
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Fixed in SeaMonkey 2.26
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
@
text
@$NetBSD: patch-mozilla_security_manager_ssl_src_JARSignatureVerification.cpp,v 1.1 2013/09/28 14:37:05 ryoon Exp $

--- mozilla/security/manager/ssl/src/JARSignatureVerification.cpp.orig	2013-09-16 18:26:55.000000000 +0000
+++ mozilla/security/manager/ssl/src/JARSignatureVerification.cpp
@@@@ -596,9 +596,9 @@@@ OpenSignedJARFile(nsIFile * aJarFile,
   }
 
   // Verify that the signature file is a valid signature of the SF file
-  if (!SEC_PKCS7VerifyDetachedSignatureAtTime(p7_info, certUsageObjectSigner,
-                                              &sfCalculatedDigest.get(),
-                                              HASH_AlgSHA1, false, PR_Now())) {
+  if (!SEC_PKCS7VerifyDetachedSignature(p7_info, certUsageObjectSigner,
+                                        &sfCalculatedDigest.get(), HASH_AlgSHA1,
+                                        false)) {
     PRErrorCode error = PR_GetError();
     const char * errorName = PR_ErrorToName(error);
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Failed to verify detached signature: %s",
@


1.1
log
@Update to 2.21

Changelog:
SeaMonkey-specific changes

    Implemented an option to thread messages received by date.
    Allowed deletion of news posts by default.
    Implemented optional taskbar preview-per-tab.
    Added support (permission prompt) for desktop notifications.
    Added Isn't operator for searching by Priority.
    See the changes page for a more complete overview.

Mozilla platform changes

    Support for new scrollbar style on Mac OS X 10.7 and newer.
    Accessibility related improvements on using pinned tabs (bug 577727).
    Major SVG rendering improvements around Image tiling and scaling (bug 600207).
    Removed support for sherlock files that are loaded from application or profile directory.
    Support for W3C touch events disabled (bug 888304).
    Fixed several stability issues.

Fixed in SeaMonkey 2.21
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
@
text
@d1 1
a1 1
$NetBSD$
@