[pkgsrc/trunk]: pkgsrc Update 45.7.0

[ryoon <ryoon%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/101f2fa1413b
branches:  trunk
changeset: 357749:101f2fa1413b
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Fri Jan 27 13:43:41 2017 +0000

description:
Update 45.7.0

Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

diffstat:

 devel/xulrunner45/Makefile                                         |   4 +-
 www/firefox45/Makefile                                             |   5 +--
 www/firefox45/distinfo                                             |  11 +++----
 www/firefox45/patches/patch-netwerk_protocol_http_Http2Session.cpp |  15 ----------
 4 files changed, 9 insertions(+), 26 deletions(-)

diffs (76 lines):

diff -r 7ce973ee8ad8 -r 101f2fa1413b devel/xulrunner45/Makefile
--- a/devel/xulrunner45/Makefile        Fri Jan 27 13:38:38 2017 +0000
+++ b/devel/xulrunner45/Makefile        Fri Jan 27 13:43:41 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.8 2017/01/02 17:47:55 ryoon Exp $
+# $NetBSD: Makefile,v 1.9 2017/01/27 13:43:41 ryoon Exp $
 
-MOZ_BRANCH=            45.6
+MOZ_BRANCH=            45.7
 MOZ_BRANCH_MINOR=      .0esr
 MOZ_VER=               ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
 DISTNAME=              firefox-${MOZ_VER}.source
diff -r 7ce973ee8ad8 -r 101f2fa1413b www/firefox45/Makefile
--- a/www/firefox45/Makefile    Fri Jan 27 13:38:38 2017 +0000
+++ b/www/firefox45/Makefile    Fri Jan 27 13:43:41 2017 +0000
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.17 2017/01/21 20:06:53 ryoon Exp $
+# $NetBSD: Makefile,v 1.18 2017/01/27 13:43:41 ryoon Exp $
 
 MOZILLA_PKG_NAME=      firefox45
 FIREFOX_VER=   ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=    45.6
+MOZ_BRANCH=    45.7
 MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${MOZILLA_PKG_NAME}-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
-PKGREVISION=   3
 CATEGORIES=    www
 MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
diff -r 7ce973ee8ad8 -r 101f2fa1413b www/firefox45/distinfo
--- a/www/firefox45/distinfo    Fri Jan 27 13:38:38 2017 +0000
+++ b/www/firefox45/distinfo    Fri Jan 27 13:43:41 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.10 2017/01/20 15:03:37 ryoon Exp $
+$NetBSD: distinfo,v 1.11 2017/01/27 13:43:41 ryoon Exp $
 
-SHA1 (firefox-45.6.0esr.source.tar.xz) = 4dda3d1965aabf0963de43180e6cadfc4ce6f650
-RMD160 (firefox-45.6.0esr.source.tar.xz) = 2308f3c27264c3da29fe08e952138996b4575980
-SHA512 (firefox-45.6.0esr.source.tar.xz) = b96c71aeed8a1185a085512f33d454a1735237cd9ddf37c8caa9cc91892eafab0615fc0ca6035f282ca8101489fa84c0de1087d1963c05b64df32b0c86446610
-Size (firefox-45.6.0esr.source.tar.xz) = 183076768 bytes
+SHA1 (firefox-45.7.0esr.source.tar.xz) = d995e19d45fe7fbb404f2bbba87f0eb1d6da3b2b
+RMD160 (firefox-45.7.0esr.source.tar.xz) = 2731601efc07ad538e292d9bfb0de3532fc052dd
+SHA512 (firefox-45.7.0esr.source.tar.xz) = 6424101b6958191ce654d0619950dfbf98d4aa6bdd979306a2df8d6d30d3fecf1ab44638061a2b4fb1af85fe972f5ff49400e8eeda30cdcb9087c4b110b97a7d
+Size (firefox-45.7.0esr.source.tar.xz) = 184131284 bytes
 SHA1 (patch-aa) = c97ef4b107ea917c2a10d1a1fdaf524d794612a0
 SHA1 (patch-ao) = f4244b8e3d89743cb97395913e8916f7121c172e
 SHA1 (patch-as) = d5d7f8250a9cd462f25d529c2a79c59a1bba9db2
@@ -114,7 +114,6 @@
 SHA1 (patch-mozglue_build_arm.cpp) = e89e9ff5a26fb11b55df29a0b29d1cd6f35e46e6
 SHA1 (patch-mozglue_build_arm.h) = e303e53d1931b28aab68346c7f6caac4402d16f1
 SHA1 (patch-netwerk_dns_moz.build) = 6bf4691cf81d5f6fc1b392a4fac4368615e18faa
-SHA1 (patch-netwerk_protocol_http_Http2Session.cpp) = 7322fbf185aaf00c6caf9d6c5ceaa2600d188d47
 SHA1 (patch-pb) = 97c9b2e4cefd524dc6ba825f71c3da2a761aa1f4
 SHA1 (patch-pc) = 8b2baa88f0983a2fef4f801cf6b1ae425f6c813a
 SHA1 (patch-rc) = 3bc75b2005bb1a371231846ea605bcf55251db57
diff -r 7ce973ee8ad8 -r 101f2fa1413b www/firefox45/patches/patch-netwerk_protocol_http_Http2Session.cpp
--- a/www/firefox45/patches/patch-netwerk_protocol_http_Http2Session.cpp        Fri Jan 27 13:38:38 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-netwerk_protocol_http_Http2Session.cpp,v 1.1 2017/01/20 15:03:37 ryoon Exp $
-
---- netwerk/protocol/http/Http2Session.cpp.orig        2016-07-25 12:12:07.000000000 +0000
-+++ netwerk/protocol/http/Http2Session.cpp
-@@ -3521,8 +3521,8 @@ Http2Session::ConfirmTLSProfile()
-     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
-           this, keybits));
-     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
--  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
--    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
-+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
-+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
-           this, keybits));
-     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-   }