Log message:
Update to 45.5.1

Changelog:
45.5.1:
 #CVE-2016-9079: Use-after-free in SVG Animation

45.5.0:
 #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
 #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance \ 
Service using updater.log hardlink
 #CVE-2016-5294: Arbitrary target directory for result files of update process
 #CVE-2016-5297: Incorrect argument length checking in JavaScript
 #CVE-2016-9064: Add-ons update must verify IDs match between current and new \ 
versions
 #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
 #CVE-2016-5291: Same-origin policy violation using local HTML file and saved \ 
shortcut file
 #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
 #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

Log message:
Add a debug-only file to PLIST.

Log message:
Update to 45.4.0

Changelog:
Security vulnerabilities fixed in Firefox ESR 45.4

Announced
    September 13, 2016
Impact
    Critical
Products
    Firefox ESR
Fixed in

        Firefox ESR 45.4

Description

CVE-2016-5270 - Heap-buffer-overflow in \ 
nsCaseTransformTextRunFactory::TransformString [high]
Reporter: Atte Kettunen
Description: An out-of-bounds write of a boolean value during text conversion \ 
with some unicode characters. [1291016]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]
Reporter: Abhishek Arya
Description: A bad cast when processing layout with input elements can result in \ 
a potentially exploitable crash. [1297934]

CVE-2016-5276 - Heap-use-after-free in \ 
mozilla::a11y::DocAccessible::ProcessInvalidationList [high]
Reporter: Nils
Description: A use-after-free vulnerability triggered by setting a aria-owns \ 
attribute [1287721]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]
Reporter: Nils
Description: A use-after-free issue in web animations during restyling. [1282076]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]
Reporter: Nils
Description: A user-after-free vulnerability with web animations when destroying \ 
a timeline [1291665]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]
Reporter: Nils
Description: A potentially exploitable crash caused by a buffer overflow while \ 
encoding image frames to images [1294677]

CVE-2016-5280 - Use-after-free in \ 
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]
Reporter: Mei Wang
Description: Use-after-free vulnerability when changing text direction [1289970]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]
Reporter: Brian Carpenter
Description: Use-after-free vulnerability when manipulating SVG format content \ 
through script [1284690]

CVE-2016-5284 - Add-on update site certificate pin expiration [high]
Reporter: Multiple people
Description: Due to flaws in the process we used to update "Preloaded \ 
Public Key Pinning" in our releases, the pinning for add-on updates became \ 
ineffective in early September. An attacker who was able to get a mis-issued \ 
certificate for a Mozilla web site could send malicious add-on updates to users \ 
on networks controlled by the attacker. Users who have not installed any add-ons \ 
are not affected. [1303127]

CVE-2016-5250 - Resource Timing API is storing resources sent by the previous \ 
page [moderate]
Reporter: Catalin Dumitru
Description: URLs of resources loaded after a navigation started can leak to the \ 
following page through the Resource Timing API, leading to potential information \ 
disclosure. [1254688]

CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel [high]
Reporter: Samuel Groß
Description: An integer overflow error in WebSockets during data buffering on \ 
incoming packets resulting in attacker controlled data being written at a known \ 
offset in the allocated buffer. [1287266]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 \ 
[critical]
Reporter: Mozilla developers
Description: Mozilla developers and community members Christoph Diehl, Andrew \ 
McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, \ 
Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and \ 
Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we \ 
presume that with enough effort at least some of these could be exploited to run \ 
arbitrary code. [Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4]

Log message:
Another paxctl +m needed, lib/firefox45/firefox

Log message:
Recursive revbump from multimedia/libvpx uppdate

Log message:
Update to 45.3.0

Changelog:

Fixed Various stability fixes

Fixed in Firefox ESR 45.3
    2016-80 Same-origin policy violation using local HTML file and saved \ 
shortcut file
    2016-79 Use-after-free when applying SVG effects
    2016-78 Type confusion in display transformation
    2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during \ 
video playback
    2016-76 Scripts on marquee tag can execute in sandboxed iframes
    2016-73 Use-after-free in service workers with nested sync events
    2016-72 Use-after-free in DTLS during WebRTC session shutdown
    2016-70 Use-after-free when using alt key and toplevel menus
    2016-67 Stack underflow during 2D graphics rendering
    2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
    2016-64 Buffer overflow rendering SVG with bidirectional content
    2016-63 Favicon network connection can persist when page is closed
    2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)

Log message:
Recursive revbump from audio/pulseaudio

Log message:
Revbump after graphics/gd update

Log message:
Remove python33: adapt all packages that refer to it.

Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.