MFH: r428566

gecko: improve NSS 3.28 compatibility

https://bugzilla.mozilla.org/show_bug.cgi?id=1323209

Approved by:	ports-secteam (junovitch)

10 files changed, 150 insertions, 4 deletions

diff --git a/mail/thunderbird/Makefile b/mail/thunderbird/Makefile
index 5c16435ca4b6..1b8679347ef9 100644
--- a/mail/thunderbird/Makefile
+++ b/mail/thunderbird/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	thunderbird
 DISTVERSION=	45.5.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	mail news net-im ipv6
 MASTER_SITES=	MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
 		MOZILLA/${PORTNAME}/candidates/${DISTVERSION}-candidates/build1/source
diff --git a/mail/thunderbird/files/patch-bug1290037 b/mail/thunderbird/files/patch-bug1290037
new file mode 100644
index 000000000000..94d9cd381bfb
--- /dev/null
+++ b/mail/thunderbird/files/patch-bug1290037
@@ -0,0 +1,29 @@
+commit 7943c27406fb
+Author: Franziskus Kiefer <franziskuskiefer@gmail.com>
+Date:   Thu Jul 28 16:48:00 2016 +0200
+
+    Bug 1290037 - Update keybits in H2, r=mt
+    
+    MozReview-Commit-ID: 35oWoDMqe1Y
+    
+    --HG--
+    extra : rebase_source : 020fbd93c190131eb04eed2d583787d6e5954a5a
+---
+ netwerk/protocol/http/Http2Session.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git netwerk/protocol/http/Http2Session.cpp netwerk/protocol/http/Http2Session.cpp
+index dbcc1115cbd3..f3cd57304f73 100644
+--- mozilla/netwerk/protocol/http/Http2Session.cpp
++++ mozilla/netwerk/protocol/http/Http2Session.cpp
+@@ -3549,8 +3549,8 @@ Http2Session::ConfirmTLSProfile()
+     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
+-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
++  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
++    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }
diff --git a/www/firefox-esr/Makefile b/www/firefox-esr/Makefile
index 09dcad52de8e..ed56c117e34d 100644
--- a/www/firefox-esr/Makefile
+++ b/www/firefox-esr/Makefile
@@ -4,7 +4,7 @@
 PORTNAME=	firefox
 DISTVERSION=	45.6.0
 DISTVERSIONSUFFIX=esr.source
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	MOZILLA/${PORTNAME}/releases/${DISTVERSION}esr/source \
diff --git a/www/firefox-esr/files/patch-bug1290037 b/www/firefox-esr/files/patch-bug1290037
new file mode 100644
index 000000000000..033137a94f50
--- /dev/null
+++ b/www/firefox-esr/files/patch-bug1290037
@@ -0,0 +1,29 @@
+commit 7943c27406fb
+Author: Franziskus Kiefer <franziskuskiefer@gmail.com>
+Date:   Thu Jul 28 16:48:00 2016 +0200
+
+    Bug 1290037 - Update keybits in H2, r=mt
+    
+    MozReview-Commit-ID: 35oWoDMqe1Y
+    
+    --HG--
+    extra : rebase_source : 020fbd93c190131eb04eed2d583787d6e5954a5a
+---
+ netwerk/protocol/http/Http2Session.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git netwerk/protocol/http/Http2Session.cpp netwerk/protocol/http/Http2Session.cpp
+index dbcc1115cbd3..f3cd57304f73 100644
+--- netwerk/protocol/http/Http2Session.cpp
++++ netwerk/protocol/http/Http2Session.cpp
+@@ -3549,8 +3549,8 @@ Http2Session::ConfirmTLSProfile()
+     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
+-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
++  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
++    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }
diff --git a/www/firefox/Makefile b/www/firefox/Makefile
index f2d9231408f4..a70f0f43740c 100644
--- a/www/firefox/Makefile
+++ b/www/firefox/Makefile
@@ -4,7 +4,7 @@
 PORTNAME=	firefox
 DISTVERSION=	50.1.0
 DISTVERSIONSUFFIX=.source
-PORTREVISION=	2
+PORTREVISION=	3
 PORTEPOCH=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
diff --git a/www/firefox/files/patch-bug1290037 b/www/firefox/files/patch-bug1290037
new file mode 100644
index 000000000000..033137a94f50
--- /dev/null
+++ b/www/firefox/files/patch-bug1290037
@@ -0,0 +1,29 @@
+commit 7943c27406fb
+Author: Franziskus Kiefer <franziskuskiefer@gmail.com>
+Date:   Thu Jul 28 16:48:00 2016 +0200
+
+    Bug 1290037 - Update keybits in H2, r=mt
+    
+    MozReview-Commit-ID: 35oWoDMqe1Y
+    
+    --HG--
+    extra : rebase_source : 020fbd93c190131eb04eed2d583787d6e5954a5a
+---
+ netwerk/protocol/http/Http2Session.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git netwerk/protocol/http/Http2Session.cpp netwerk/protocol/http/Http2Session.cpp
+index dbcc1115cbd3..f3cd57304f73 100644
+--- netwerk/protocol/http/Http2Session.cpp
++++ netwerk/protocol/http/Http2Session.cpp
+@@ -3549,8 +3549,8 @@ Http2Session::ConfirmTLSProfile()
+     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
+-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
++  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
++    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }
diff --git a/www/libxul/Makefile b/www/libxul/Makefile
index a47ff309e9f8..a039123e6a8c 100644
--- a/www/libxul/Makefile
+++ b/www/libxul/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	libxul
 DISTVERSION=	45.6.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES?=	www devel
 MASTER_SITES=	MOZILLA/firefox/releases/${DISTVERSION}esr/source \
 		MOZILLA/firefox/candidates/${DISTVERSION}esr-candidates/build1/source
diff --git a/www/libxul/files/patch-bug1290037 b/www/libxul/files/patch-bug1290037
new file mode 100644
index 000000000000..033137a94f50
--- /dev/null
+++ b/www/libxul/files/patch-bug1290037
@@ -0,0 +1,29 @@
+commit 7943c27406fb
+Author: Franziskus Kiefer <franziskuskiefer@gmail.com>
+Date:   Thu Jul 28 16:48:00 2016 +0200
+
+    Bug 1290037 - Update keybits in H2, r=mt
+    
+    MozReview-Commit-ID: 35oWoDMqe1Y
+    
+    --HG--
+    extra : rebase_source : 020fbd93c190131eb04eed2d583787d6e5954a5a
+---
+ netwerk/protocol/http/Http2Session.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git netwerk/protocol/http/Http2Session.cpp netwerk/protocol/http/Http2Session.cpp
+index dbcc1115cbd3..f3cd57304f73 100644
+--- netwerk/protocol/http/Http2Session.cpp
++++ netwerk/protocol/http/Http2Session.cpp
+@@ -3549,8 +3549,8 @@ Http2Session::ConfirmTLSProfile()
+     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
+-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
++  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
++    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }
diff --git a/www/seamonkey/Makefile b/www/seamonkey/Makefile
index 3c96c6c8701e..c2f26949c1b4 100644
--- a/www/seamonkey/Makefile
+++ b/www/seamonkey/Makefile
@@ -4,6 +4,7 @@
 PORTNAME=	seamonkey
 DISTVERSION=	2.46
 MOZILLA_VER=	49 # above + 3
+PORTREVISION=	1
 CATEGORIES?=	www mail news editors irc ipv6
 MASTER_SITES=	MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
 		MOZILLA/${PORTNAME}/candidates/${DISTVERSION}-candidates/build9/source
diff --git a/www/seamonkey/files/patch-bug1290037 b/www/seamonkey/files/patch-bug1290037
new file mode 100644
index 000000000000..94d9cd381bfb
--- /dev/null
+++ b/www/seamonkey/files/patch-bug1290037
@@ -0,0 +1,29 @@
+commit 7943c27406fb
+Author: Franziskus Kiefer <franziskuskiefer@gmail.com>
+Date:   Thu Jul 28 16:48:00 2016 +0200
+
+    Bug 1290037 - Update keybits in H2, r=mt
+    
+    MozReview-Commit-ID: 35oWoDMqe1Y
+    
+    --HG--
+    extra : rebase_source : 020fbd93c190131eb04eed2d583787d6e5954a5a
+---
+ netwerk/protocol/http/Http2Session.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git netwerk/protocol/http/Http2Session.cpp netwerk/protocol/http/Http2Session.cpp
+index dbcc1115cbd3..f3cd57304f73 100644
+--- mozilla/netwerk/protocol/http/Http2Session.cpp
++++ mozilla/netwerk/protocol/http/Http2Session.cpp
+@@ -3549,8 +3549,8 @@ Http2Session::ConfirmTLSProfile()
+     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
+-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
++  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
++    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }