seamonkey: update to 2.49.3

remove patches for security fixes now upstream.


seamonkey is now based on firefox 52.7.3 ESR.
SeaMonkey 2.49.3 shares most parts of the mail and news code with Thunderbird.
Please read the Thunderbird 52.7.0 release notes for specific changes and
security fixes in this release.

SeaMonkey-specific changes
seamonkey official linux builds are based on GTK3 (no change for us)

5 files changed, 7 insertions, 136 deletions

diff --git a/www/seamonkey/Makefile b/www/seamonkey/Makefile
index 8931daa11be..590470f0404 100644
--- a/www/seamonkey/Makefile
+++ b/www/seamonkey/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.176 2018/04/16 14:35:19 wiz Exp $
+# $NetBSD: Makefile,v 1.177 2018/06/26 23:29:24 maya Exp $
 
 DISTNAME=	seamonkey-${SM_VER}.source
 PKGNAME=	seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION=	6
-SM_VER=		2.49.2
+SM_VER=		2.49.3
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}
 EXTRACT_SUFX=	.tar.xz
diff --git a/www/seamonkey/distinfo b/www/seamonkey/distinfo
index 24b4cc0e353..edc76f2d314 100644
--- a/www/seamonkey/distinfo
+++ b/www/seamonkey/distinfo
@@ -1,11 +1,9 @@
-$NetBSD: distinfo,v 1.151 2018/03/26 22:56:07 maya Exp $
+$NetBSD: distinfo,v 1.152 2018/06/26 23:29:24 maya Exp $
 
-SHA1 (seamonkey-2.49.2.source.tar.xz) = 843ff7e74e488d03bdbf72237a1973c50887494b
-RMD160 (seamonkey-2.49.2.source.tar.xz) = 9f79789a5d44985d96f8549f537ad01f23c1fc2c
-SHA512 (seamonkey-2.49.2.source.tar.xz) = 6f69f7fb0a2de8086231b615b62b350edf6c903d2fde90ee4c79e316cfcf5a413097df9afe1397dbfe680e264f6be14c2c147be7ba11c5dbd73a1e9e01b8857e
-Size (seamonkey-2.49.2.source.tar.xz) = 229980312 bytes
-SHA1 (patch-CVE-2018-5146) = 121d8511b4aef0a784ae12d12c35cd4282c9ab83
-SHA1 (patch-CVE-2018-5147) = 1c44a5e2f0a81b58ebc8343028019e4681ee246c
+SHA1 (seamonkey-2.49.3.source.tar.xz) = 9a6d681f96d87c12081c75cd7c018b93c68ea9ae
+RMD160 (seamonkey-2.49.3.source.tar.xz) = 75e4058b46d001253b34ba7039af30ce52092854
+SHA512 (seamonkey-2.49.3.source.tar.xz) = f38add67c7528809adda55d2ee165d953c34080b6b75aaebed6f904e82c6f6a1ec243d53b6f4f4b875123fd2c7831758909e1baccdf3d9e58ed4747625d8f59f
+Size (seamonkey-2.49.3.source.tar.xz) = 231547028 bytes
 SHA1 (patch-ao) = e466058ed1899a64a9ab5b57290ff2baad1ea03c
 SHA1 (patch-ldap_c-sdk_include_portable.h) = ce0b643fa031b74bf7d74eedc4f3729807aef799
 SHA1 (patch-mail_app_Makefile.in) = da6ac87ffdcff733f11218cb11f8ef316bb1bc18
@@ -37,8 +35,6 @@ SHA1 (patch-mozilla_gfx_cairo_libpixman_src_pixman-arm-neon-asm.S) = 818a1b1cb48
 SHA1 (patch-mozilla_gfx_gl_GLContextProviderGLX.cpp) = d4d0cdf25ae15f7cc07d1ad213ec7d2b015e4168
 SHA1 (patch-mozilla_gfx_graphite2_moz-gr-update.sh) = 22365f3d536b929a73e8e5d99a34f5857b5b2d35
 SHA1 (patch-mozilla_gfx_graphite2_src_Bidi.cpp) = fb97becdfeeea742e8c0bc51e10efc124a2a11f3
-SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp) = 296b7d67033aad8d3f914caa97574b44be9a0a47
-SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h) = 52ce2aa5557ff6dc74d4ae1e931f20be3c4dbe78
 SHA1 (patch-mozilla_gfx_moz.build) = c3bb9f947bb6cb19d890fba83bd9dd4ac29d2ebf
 SHA1 (patch-mozilla_gfx_skia_generate__mozbuild.py) = 9850cc0636728061cad1297716bdf43d6ef5d063
 SHA1 (patch-mozilla_gfx_skia_moz.build) = e7337cf958e2ab9f422573519eb4ee0666319964
diff --git a/www/seamonkey/patches/patch-CVE-2018-5146 b/www/seamonkey/patches/patch-CVE-2018-5146
deleted file mode 100644
index 8a6cf30061f..00000000000
--- a/www/seamonkey/patches/patch-CVE-2018-5146
+++ /dev/null
@@ -1,82 +0,0 @@
-$NetBSD: patch-CVE-2018-5146,v 1.1 2018/03/16 23:25:56 maya Exp $
-
-CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.
-
-Codebooks that are not an exact divisor of the partition size are now
-truncated to fit within the partition.
-
---- mozilla/media/libvorbis/lib/vorbis_codebook.c.orig	2018-02-05 11:49:22.000000000 +0000
-+++ mozilla/media/libvorbis/lib/vorbis_codebook.c
-@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *
-       t[i] = book->valuelist+entry[i]*book->dim;
-     }
-     for(i=0,o=0;i<book->dim;i++,o+=step)
--      for (j=0;j<step;j++)
-+      for (j=0;o+j<n && j<step;j++)
-         a[o+j]+=t[j][i];
-   }
-   return(0);
-@@ -399,41 +399,12 @@ long vorbis_book_decodev_add(codebook *b
-     int i,j,entry;
-     float *t;
- 
--    if(book->dim>8){
--      for(i=0;i<n;){
--        entry = decode_packed_entry_number(book,b);
--        if(entry==-1)return(-1);
--        t     = book->valuelist+entry*book->dim;
--        for (j=0;j<book->dim;)
--          a[i++]+=t[j++];
--      }
--    }else{
--      for(i=0;i<n;){
--        entry = decode_packed_entry_number(book,b);
--        if(entry==-1)return(-1);
--        t     = book->valuelist+entry*book->dim;
--        j=0;
--        switch((int)book->dim){
--        case 8:
--          a[i++]+=t[j++];
--        case 7:
--          a[i++]+=t[j++];
--        case 6:
--          a[i++]+=t[j++];
--        case 5:
--          a[i++]+=t[j++];
--        case 4:
--          a[i++]+=t[j++];
--        case 3:
--          a[i++]+=t[j++];
--        case 2:
--          a[i++]+=t[j++];
--        case 1:
--          a[i++]+=t[j++];
--        case 0:
--          break;
--        }
--      }
-+    for(i=0;i<n;){
-+      entry = decode_packed_entry_number(book,b);
-+      if(entry==-1)return(-1);
-+      t     = book->valuelist+entry*book->dim;
-+      for(j=0;i<n && j<book->dim;)
-+        a[i++]+=t[j++];
-     }
-   }
-   return(0);
-@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *
-   long i,j,entry;
-   int chptr=0;
-   if(book->used_entries>0){
--    for(i=offset/ch;i<(offset+n)/ch;){
-+    int m=(offset+n)/ch;
-+    for(i=offset/ch;i<m;){
-       entry = decode_packed_entry_number(book,b);
-       if(entry==-1)return(-1);
-       {
-         const float *t = book->valuelist+entry*book->dim;
--        for (j=0;j<book->dim;j++){
-+        for (j=0;i<m && j<book->dim;j++){
-           a[chptr++][i]+=t[j];
-           if(chptr==ch){
-             chptr=0;
diff --git a/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp b/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp
deleted file mode 100644
index 8dd7927428d..00000000000
--- a/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp,v 1.1 2018/03/26 22:56:07 maya Exp $
-
-CVE-2018-5148: Use-after-free in compositor
-
-A use-after-free vulnerability can occur in the compositor during
-certain graphics operations when a raw pointer is used instead of a
-reference counted one. This results in a potentially exploitable crash
-
-Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
-
---- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp.orig	2018-02-05 11:48:12.000000000 +0000
-+++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp
-@@ -60,7 +60,7 @@ CompositingRenderTargetOGL::BindRenderTa
-         msg.AppendPrintf("Framebuffer not complete -- CheckFramebufferStatus returned 0x%x, "
-                          "GLContext=%p, IsOffscreen()=%d, mFBO=%d, aFBOTextureTarget=0x%x, "
-                          "aRect.width=%d, aRect.height=%d",
--                         result, mGL, mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
-+                         result, mGL.get(), mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
-                          mInitParams.mSize.width, mInitParams.mSize.height);
-         NS_WARNING(msg.get());
-       }
diff --git a/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h b/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h
deleted file mode 100644
index 146e91c1d3a..00000000000
--- a/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h,v 1.1 2018/03/26 22:56:07 maya Exp $
-
-CVE-2018-5148: Use-after-free in compositor
-
-A use-after-free vulnerability can occur in the compositor during
-certain graphics operations when a raw pointer is used instead of a
-reference counted one. This results in a potentially exploitable crash
-
-Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
-
---- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h.orig	2018-02-05 11:48:08.000000000 +0000
-+++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h
-@@ -184,7 +184,7 @@ private:
-    * the target is always cleared at the end of a frame.
-    */
-   RefPtr<CompositorOGL> mCompositor;
--  GLContext* mGL;
-+  RefPtr<GLContext> mGL;
-   GLuint mTextureHandle;
-   GLuint mFBO;
- };