From owner-freebsd-gnome  Sat May  4  5:24:32 2002
Delivered-To: freebsd-gnome@freebsd.org
Received: from nic-naa.net (216-220-241-232.midmaine.com [216.220.241.232])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3696737B405; Sat,  4 May 2002 05:24:26 -0700 (PDT)
Received: from nic-naa.net (localhost.nic-naa.net [127.0.0.1])
	by nic-naa.net (8.12.3/8.11.6) with ESMTP id g44CIbkx007470;
	Sat, 4 May 2002 08:18:37 -0400 (EDT)
	(envelope-from brunner@nic-naa.net)
Message-Id: <200205041218.g44CIbkx007470@nic-naa.net>
To: Joe Marcus Clarke <marcus@FreeBSD.ORG>
Cc: darin@netscape.com, harishd@netscape.com,
	Martin Blapp <mbr@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG,
	security-officer@FreeBSD.ORG, gnome@FreeBSD.ORG
Subject: Re: cvs commit: ports/www/mozilla Makefile
Date: Sat, 04 May 2002 08:18:37 -0400
From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Sender: owner-freebsd-gnome@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-gnome.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-gnome>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-gnome>
X-Loop: FreeBSD.ORG

[cvs-all un-cc'd, darin@netscape.com, harishd@netscape.com cc'd.]

> Speak of the devil ;-).  I think this patch corrects not only the
> security hole, but also the resulting seg fault from the initial patch. 
> Please test if you can, and let me know.  It worked for me.
> 
> Joe

Bonsai shows that:
	the change to uriloader/base/nsDocLoader.cpp == 3.252.
	(Apr 30, fixes bug 141061
	 XMLHttpRequest allows reading of local files)
	the change to netwerk/protocol/http/src/Makefile == 1.57
	(also 141061)
	the change to netwerk/protocol/http/src/nsHttpChannel.cpp == 1.115
	(also 141061)

but
	the change to htmlparser/src/CNavDTD.cpp == 3.384
	(Apr 16, fixes bug 137644
	 crash when XMLHttpRequest tries to load HTML)

Now I wouldn't have noticed either yesterday, as I work off of cvs from
cvs.mozilla.org, not the tarball in the ports collection. Besides, I live
in Maine and have fewer neurons than a lobster.

Why was a delta made more than two weeks ago (CNavDTD.cpp, the possible
culprit in one reported crash), to the seamonkey cvs tree, made out-of-band
(from the ports/www/mozilla tarball fetch) in mail today?

Why are we (freebsd) marking ports/www/mozilla/Makefile FORBIDDEN on 3 May,
not to mention tracking by the greymagic URL, not a mozilla bugid, when a
fix for the bug was committed (verified fixed) on 30 April?

I probably need a cup of coffee, but I'm surprised by the disconnect(s),
both of them.

Well, off to the races, -STABLE, w/SMP, cvsup'd yesterday, mozilla cvs'd
this morning ...
# uname -a
FreeBSD nic-naa.net 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #1: Sat May  4 06:42:26 EDT 2002     brunner@nic-naa.net:/usr/obj/config/ABENAKI-SMP  i386

Eric

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-gnome" in the body of the message