Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_149050041423550"
MIME-Version: 1.0
Date: Sun, 26 Mar 2017 03:53:34 +0000
From: "Ryo ONODERA" <ryoon@netbsd.org>
Subject: CVS commit: pkgsrc/www/firefox45
To: pkgsrc-changes@NetBSD.org
Reply-To: ryoon@netbsd.org
Message-Id: <20170326035334.DD7DAFBE4@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_149050041423550
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	ryoon
Date:		Sun Mar 26 03:53:34 UTC 2017

Modified Files:
	pkgsrc/www/firefox45: Makefile distinfo mozilla-common.mk
	pkgsrc/www/firefox45/patches:
	    patch-ipc_chromium_src_base_message__pump__libevent.cc

Log Message:
Update to 45.8.0

Changelog:
 #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 #CVE-2017-5401: Memory Corruption when handling ErrorResult
 #CVE-2017-5402: Use-after-free working with events in FontFace objects
 #CVE-2017-5404: Use-after-free working with ranges in selections
 #CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
 #CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
 #CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
 #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
 #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
 #CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox45/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox45/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/firefox45/mozilla-common.mk
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/www/firefox45/patches/patch-ipc_chromium_src_base_message__pump__libevent.cc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_149050041423550
Content-Disposition: inline
Content-Length: 5287
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/firefox45/Makefile
diff -u pkgsrc/www/firefox45/Makefile:1.21 pkgsrc/www/firefox45/Makefile:1.22
--- pkgsrc/www/firefox45/Makefile:1.21	Sun Feb 12 06:26:08 2017
+++ pkgsrc/www/firefox45/Makefile	Sun Mar 26 03:53:34 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2017/02/12 06:26:08 ryoon Exp $
+# $NetBSD: Makefile,v 1.22 2017/03/26 03:53:34 ryoon Exp $
 
 MOZILLA_PKG_NAME=	firefox45
 FIREFOX_VER=	${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=	45.7
+MOZ_BRANCH=	45.8
 MOZ_BRANCH_MINOR=	.0esr
 
 DISTNAME=	firefox-${FIREFOX_VER}.source

Index: pkgsrc/www/firefox45/distinfo
diff -u pkgsrc/www/firefox45/distinfo:1.12 pkgsrc/www/firefox45/distinfo:1.13
--- pkgsrc/www/firefox45/distinfo:1.12	Wed Feb  8 07:32:01 2017
+++ pkgsrc/www/firefox45/distinfo	Sun Mar 26 03:53:34 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.12 2017/02/08 07:32:01 maya Exp $
+$NetBSD: distinfo,v 1.13 2017/03/26 03:53:34 ryoon Exp $
 
-SHA1 (firefox-45.7.0esr.source.tar.xz) = d995e19d45fe7fbb404f2bbba87f0eb1d6da3b2b
-RMD160 (firefox-45.7.0esr.source.tar.xz) = 2731601efc07ad538e292d9bfb0de3532fc052dd
-SHA512 (firefox-45.7.0esr.source.tar.xz) = 6424101b6958191ce654d0619950dfbf98d4aa6bdd979306a2df8d6d30d3fecf1ab44638061a2b4fb1af85fe972f5ff49400e8eeda30cdcb9087c4b110b97a7d
-Size (firefox-45.7.0esr.source.tar.xz) = 184131284 bytes
+SHA1 (firefox-45.8.0esr.source.tar.xz) = 7b1eb51634f9127ecf5855b487948851b9cc3323
+RMD160 (firefox-45.8.0esr.source.tar.xz) = 5040a829dd9f83e7c120249a8b8ebecb8bc8ed54
+SHA512 (firefox-45.8.0esr.source.tar.xz) = f7b5e0c659b2e824cee7f3784e2d72c562915af91c7e316ec1519305755d2126d91b74c47f96c8b4fc7377710f295545c58b2f989c65c268fc23677ef8cf5c85
+Size (firefox-45.8.0esr.source.tar.xz) = 185229628 bytes
 SHA1 (patch-aa) = c97ef4b107ea917c2a10d1a1fdaf524d794612a0
 SHA1 (patch-ao) = f4244b8e3d89743cb97395913e8916f7121c172e
 SHA1 (patch-as) = d5d7f8250a9cd462f25d529c2a79c59a1bba9db2
@@ -47,7 +47,7 @@ SHA1 (patch-intl_hyphenation_glue_hnjall
 SHA1 (patch-ipc_chromium_src_base_atomicops.h) = 24b63a6e51d9ab27f2788ee02f2ffa7e1c36f29a
 SHA1 (patch-ipc_chromium_src_base_file__util__posix.cc) = 70772ab2a474b7d3d15cf401c636ca843cfe2034
 SHA1 (patch-ipc_chromium_src_base_message__loop.cc) = 16158489773bbcba35e224d30bebace0c93599ae
-SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 2c5ce6290760e0435365dac788d283f9bb78acd9
+SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 8c3d2604df0e05d259e3c2b5d39fb2855ffdf449
 SHA1 (patch-ipc_chromium_src_base_platform__thread.h) = e6d7ac39a8b2a1b232638f7671e8530acfed0b97
 SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 6c98bbecde21b8571c71477f351488d9a3da45f3
 SHA1 (patch-ipc_chromium_src_base_process__util.h) = 4b24c3467866a601d68bb83f44e5fd38fb27188d

Index: pkgsrc/www/firefox45/mozilla-common.mk
diff -u pkgsrc/www/firefox45/mozilla-common.mk:1.5 pkgsrc/www/firefox45/mozilla-common.mk:1.6
--- pkgsrc/www/firefox45/mozilla-common.mk:1.5	Sun Jan  1 14:44:03 2017
+++ pkgsrc/www/firefox45/mozilla-common.mk	Sun Mar 26 03:53:34 2017
@@ -1,4 +1,4 @@
-# $NetBSD: mozilla-common.mk,v 1.5 2017/01/01 14:44:03 wiz Exp $
+# $NetBSD: mozilla-common.mk,v 1.6 2017/03/26 03:53:34 ryoon Exp $
 #
 # common Makefile fragment for mozilla packages based on gecko 2.0.
 #
@@ -180,7 +180,7 @@ CONFIGURE_ARGS+=	--enable-macos-target=1
 # problem is stealthy in a networked environment, and obvious in an
 # offline environment.
 #
-BUILD_DEPENDS+=	${PYPKGPREFIX}-sqlite2-[0-9]*:../../databases/py-sqlite2
+#BUILD_DEPENDS+=	${PYPKGPREFIX}-sqlite2-[0-9]*:../../databases/py-sqlite2
 
 # Makefiles sometimes call "rm -f" without more arguments. Kludge around ...
 .PHONY: create-rm-wrapper

Index: pkgsrc/www/firefox45/patches/patch-ipc_chromium_src_base_message__pump__libevent.cc
diff -u pkgsrc/www/firefox45/patches/patch-ipc_chromium_src_base_message__pump__libevent.cc:1.1 pkgsrc/www/firefox45/patches/patch-ipc_chromium_src_base_message__pump__libevent.cc:1.2
--- pkgsrc/www/firefox45/patches/patch-ipc_chromium_src_base_message__pump__libevent.cc:1.1	Wed Apr 27 16:36:50 2016
+++ pkgsrc/www/firefox45/patches/patch-ipc_chromium_src_base_message__pump__libevent.cc	Sun Mar 26 03:53:34 2017
@@ -1,18 +1,16 @@
-$NetBSD: patch-ipc_chromium_src_base_message__pump__libevent.cc,v 1.1 2016/04/27 16:36:50 ryoon Exp $
+$NetBSD: patch-ipc_chromium_src_base_message__pump__libevent.cc,v 1.2 2017/03/26 03:53:34 ryoon Exp $
 
-Allow older libevent
-
---- ipc/chromium/src/base/message_pump_libevent.cc.orig	2016-01-23 23:23:38.000000000 +0000
+--- ipc/chromium/src/base/message_pump_libevent.cc.orig	2017-02-24 16:14:48.000000000 +0000
 +++ ipc/chromium/src/base/message_pump_libevent.cc
 @@ -20,6 +20,7 @@
  
  // This macro checks that the _EVENT_SIZEOF_* constants defined in
  // ipc/chromiume/src/third_party/<platform>/event2/event-config.h are correct.
 +#if 0
+ #if defined(_EVENT_SIZEOF_SHORT)
  #define CHECK_EVENT_SIZEOF(TYPE, type) \
      static_assert(_EVENT_SIZEOF_##TYPE == sizeof(type), \
-     "bad _EVENT_SIZEOF_"#TYPE);
-@@ -30,6 +31,7 @@ CHECK_EVENT_SIZEOF(PTHREAD_T, pthread_t)
+@@ -38,6 +39,7 @@ CHECK_EVENT_SIZEOF(PTHREAD_T, pthread_t)
  CHECK_EVENT_SIZEOF(SHORT,     short);
  CHECK_EVENT_SIZEOF(SIZE_T,    size_t);
  CHECK_EVENT_SIZEOF(VOID_P,    void*);


--_----------=_149050041423550--