From nobody Sat Sep 16 06:30:22 2023 X-Original-To: gecko@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rnh4v709Yz4tM2b for ; Sat, 16 Sep 2023 06:30:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rnh4v3tqgz3TRx for ; Sat, 16 Sep 2023 06:30:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694845823; a=rsa-sha256; cv=none; b=VcXxvDDUcNQwP10Lo/UWcCPmn4LFj+OrvRWmSA96pC48upb8hthqlnOP+GwPsQri4sO2jL SfGD0l6yT15eFyzsU79hiHrmGQpgO9CSKFPTt+oh8Un8BJ+mkw3zhNb72ZcsMAMOgLOD+U J8F2gDbhqtp8cjgeauFXxx68uRZpNqRge7N+9XV6FW+PqINWV9HPf8jH37JjhMMnxjcjsw pblPPuLl/9pVgwT4mqr4Aw6fEt6p0jG/iBoHfv2xvH3hWE4XKoVkk4MfmptXiBzsxqZm1O GsRqF9Ppp0TYBlV/LxV0WcKDaXpk6ZCO1PSq6K1R5Ea/yLAlcPQQa9OVUPCJPA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694845823; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=N/hiT/J7DPz3STzdOKCAY4TgcU78XZELR+89B9bfRM8=; b=G8TtMHooCiGVEgHLWR/vnd2CarPHjqnP54h6EH/+WbjoBpopErQwFYpoS6SUBw/ArQTkOd 5G6jM3wmilEfs7F06q+c7R+2QfUQNo41Sjwmtk02fKEkoYa99Ty+t6HY09QOJpygiQWC43 UsGEHebrOF0Dlfrfw5RgT8i7jyYuiSF0YhwC4xRRhKp2FS7YOVoJuIlRTB4bn1qb0vEO2a qD9dVRO8GMO4ddyDZnyA+qJj/JRA+MH5AzmAXtMf3e5qHXpZnEt70aVNGwFnZAjDgo89pU g3BuDnAOGN6p35/NaArqf11ocqNYD1wHvjewqQfD1P6DZaRRH9pRMZPvdBLYnQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rnh4v2s20zwF2 for ; Sat, 16 Sep 2023 06:30:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38G6UNSS066569 for ; Sat, 16 Sep 2023 06:30:23 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38G6UNaj066568 for gecko@FreeBSD.org; Sat, 16 Sep 2023 06:30:23 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: gecko@FreeBSD.org Subject: [Bug 273766] graphics/webp: critical vulnerability (affects browsers) Date: Sat, 16 Sep 2023 06:30:22 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: diizzy@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: sunpoet@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: cc attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Gecko Rendering Engine issues List-Archive: https://lists.freebsd.org/archives/freebsd-gecko List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-gecko@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273766 Daniel Engberg changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |diizzy@FreeBSD.org --- Comment #5 from Daniel Engberg --- Created attachment 244919 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D244919&action= =3Dedit Patch for webp Update (lib)webp to 1.3.2 and switch to CMake for faster builds and .cmake files for other projects Import following patches from Fedora: https://src.fedoraproject.org/rpms/libwebp/blob/rawhide/f/libwebp-cmakedir.= patch https://src.fedoraproject.org/rpms/libwebp/blob/rawhide/f/libwebp-freeglut.= patch https://src.fedoraproject.org/rpms/libwebp/blob/rawhide/f/libwebp-rpath.pat= ch Compile tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist) Poudriere testport OK 12.4-RELEASE (amd64) Poudriere testport OK 13.2-RELEASE (amd64) Tested with following consumers in 13.2-RELEASE (amd64) using Poudriere: comms/xastir devel/allegro5 devel/cvsgraph devel/efl devel/electron22 devel/electron23 devel/electron24 devel/electron25 devel/smooth editors/emacs editors/emacs-devel editors/libreoffice editors/vscode games/naev games/netradiant games/taisei graphics/GraphicsMagick graphics/ImageMagick6 graphics/ImageMagick7 graphics/aseprite graphics/blender graphics/chafa graphics/darktable graphics/elementary-photos graphics/gd graphics/gdal graphics/geeqie graphics/gegl graphics/gimp-app graphics/graphviz graphics/gstreamer1-plugins-webp graphics/gthumb graphics/imageworsener graphics/imlib2 graphics/imlib2-webp (fails, conflicts with imlib2) - Unrelated graphics/krita graphics/leptonica graphics/libheif graphics/librasterlite2 graphics/maim graphics/mapnik graphics/mscgen graphics/mtpaint graphics/nsxiv graphics/opencv graphics/openimageio graphics/osgearth graphics/py-openimageio graphics/py-pillow graphics/qt5-imageformats graphics/qt6-imageformats graphics/realesrgan-ncnn-vulkan graphics/realsr-ncnn-vulkan graphics/sdl2_image graphics/sdl_image graphics/simple-scan graphics/simpleviewer graphics/vips graphics/waifu2x-ncnn-vulkan graphics/webp-pixbuf-loader japanese/gd mail/thunderbird math/gnuplot math/sage (configure: error: You do not have a suitable version of Python installed) - Unrelated multimedia/emby-server multimedia/emby-server-devel multimedia/ffmpeg multimedia/ffmpeg4 multimedia/gstreamer1-plugins-rust multimedia/motion (fails to compile with current version of webp in tree) - Unrelated to this change net/guacamole-server net-im/ejabberd net-im/signal-desktop net-im/telegram-purple net-mgmt/driftnet russian/gd science/octopus textproc/obsidian ukrainian/gd www/chromium www/firefox www/firefox-esr www/gohugo www/iridium www/lagrange www/librewolf www/links www/netsurf www/qt5-webengine www/qt5-webkit www/qt6-webengine www/tor-browser www/ungoogled-chromium www/webkit2-gtk3 www/webkit2-gtk4 x11/eaglemode x11/swayimg x11/xpra (fails, requires pandoc with lua support) - Unrelated x11-toolkits/fox17 x11-toolkits/p5-Prima x11-wm/libwraster x11-wm/windowmaker --=20 You are receiving this mail because: You are on the CC list for the bug.=