From 3ab159d14d434036f6af3aa69147030bb02f64b5 Mon Sep 17 00:00:00 2001
From: ryoon <ryoon@pkgsrc.org>
Date: Tue, 24 Jan 2017 13:31:37 +0000
Subject: [PATCH] Fix an insecure connection error with nss 3.28 or later. Bump
 PKGREVISION

---
 www/seamonkey/Makefile                         |  4 ++--
 www/seamonkey/distinfo                         |  3 ++-
 ...illa_netwerk_protocol_http_Http2Session.cpp | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)
 create mode 100644 www/seamonkey/patches/patch-mozilla_netwerk_protocol_http_Http2Session.cpp

diff --git a/www/seamonkey/Makefile b/www/seamonkey/Makefile
index 1391699442ff..a65238ae1ef5 100644
--- a/www/seamonkey/Makefile
+++ b/www/seamonkey/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.153 2017/01/21 20:06:53 ryoon Exp $
+# $NetBSD: Makefile,v 1.154 2017/01/24 13:31:37 ryoon Exp $
 
 DISTNAME=	seamonkey-${SM_VER}.source
 PKGNAME=	seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION=	2
+PKGREVISION=	3
 SM_VER=		2.46
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}
diff --git a/www/seamonkey/distinfo b/www/seamonkey/distinfo
index f8337c289309..021cd50b6682 100644
--- a/www/seamonkey/distinfo
+++ b/www/seamonkey/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.142 2017/01/01 16:14:07 ryoon Exp $
+$NetBSD: distinfo,v 1.143 2017/01/24 13:31:37 ryoon Exp $
 
 SHA1 (seamonkey-2.46.source.tar.xz) = 5322723a0c7757f29db5636fc60f4c9f3f6734c5
 RMD160 (seamonkey-2.46.source.tar.xz) = ba09b9606457371c46524fdda3b73f3b37571f30
@@ -82,6 +82,7 @@ SHA1 (patch-mozilla_modules_libjar_nsZipArchive.cpp) = a399e0bd0e83c47938bbee077
 SHA1 (patch-mozilla_modules_libpref_init_all.js) = f366d7acf841117bf8c896d355f04e9549ebf17f
 SHA1 (patch-mozilla_mozglue_build_arm.cpp) = 592ae5ce1a404227cc2ab6a06418cc813c5743c9
 SHA1 (patch-mozilla_mozglue_build_arm.h) = 94e2b1a1a9ebf20bfa8a542066aa0dad475db320
+SHA1 (patch-mozilla_netwerk_protocol_http_Http2Session.cpp) = 7d7556575028ef4ee5fccbcb712d5c9f2827f7e6
 SHA1 (patch-mozilla_old-configure.in) = 865300929353ffbd31ae01793dd496352e2ccb70
 SHA1 (patch-mozilla_python_mozbuild_mozbuild_configure_options.py) = c95e9ffa8bae63b6e68c8363903dadef93ce7d75
 SHA1 (patch-mozilla_toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h) = 0b5cad33bc9a90f4ae2d6346065707b642aba3a9
diff --git a/www/seamonkey/patches/patch-mozilla_netwerk_protocol_http_Http2Session.cpp b/www/seamonkey/patches/patch-mozilla_netwerk_protocol_http_Http2Session.cpp
new file mode 100644
index 000000000000..e0f1f8c61f76
--- /dev/null
+++ b/www/seamonkey/patches/patch-mozilla_netwerk_protocol_http_Http2Session.cpp
@@ -0,0 +1,18 @@
+$NetBSD: patch-mozilla_netwerk_protocol_http_Http2Session.cpp,v 1.4 2017/01/24 13:31:37 ryoon Exp $
+
+Fix an insecure connection error with NSS 3.28 or later in HTTP2 case
+https://hg.mozilla.org/mozilla-central/rev/361ac226da2a
+
+--- mozilla/netwerk/protocol/http/Http2Session.cpp.orig	2016-12-14 02:10:00.000000000 +0000
++++ mozilla/netwerk/protocol/http/Http2Session.cpp
+@@ -3542,8 +3542,8 @@ Http2Session::ConfirmTLSProfile()
+     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
+-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
++  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
++    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }