From nobody Fri Sep 29 19:50:22 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ry1D31vdBz4vbBD; Fri, 29 Sep 2023 19:50:27 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ry1D315xbz3LKn; Fri, 29 Sep 2023 19:50:27 +0000 (UTC) (envelope-from tijl@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696017027; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e7smHBNd3hcOvaZLZTcP2aASAQ3qrjJoVoqaCMFfrbI=; b=k15qTF2BfZn7MqjxN07oUstzoGNYUZdF17dzXRcyBA2dOTP5CNXJsXnYOT2bCf4Wt7h8+B ZQOS4aVAVM65nJGvkc4zht6tLR7X0em0WcYxSl9iXujaGKdJsCsm49uQmTb358KgAvqtz8 1wvxXzPP/BWb8Zpa+rRvpBrtaE9VYqhe9oTN8dtm47fouCxoY45Z+GOItbcEvv+19gUUzw CiqKHusYahw804jFujKgEuFbasBJeh4CYruBgjIljxakbnNVIhKQdTLWjBJQShi3DZLrnP KHhawtUzIViU3Ikjq0F49rwjYmO9zZ0K+o53YreRXRJI3Ibrxrq5ItShhNzewA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696017027; a=rsa-sha256; cv=none; b=ZeX1H5bsc45HDIuFXrm6UejCb+tuITrV0NuW4Xiw7ju9HhGuUtIi5lqy0GTOib6XzhxfAK FLkYPkrgazZx+FD7pE+QqNwajV5oDlob8k0a6Yid8w7HhRvxAlbjrMdVeNvXydxEObq7As 5PkAeHPf91EbiDwcxE5P3/5jN0O9B8yZsFLIaBXEkzd5psaRdlYgGZ4/GgjPwDWACFvnxn aW58WGHXE88FmhEvxCb9QkudRzgZ1EGpIYLHHV6liQPZXL12tKtGB1UWbBfoS2Ib4rPvRD TxURlZjFRoyBK6/FnMp+rhIpJhu3pHirFNv70fBBcz2roY0O09hs7m8RG4mL0g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696017027; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e7smHBNd3hcOvaZLZTcP2aASAQ3qrjJoVoqaCMFfrbI=; b=ekAxujktZp9bd+o4G+efVM4by3BnMPxtJ9Ak+JeUIf+yevSSDuzBciexGkK/t+CaAfyihn rfpkudsN8AIHfSdxgSxi4O2RvrD/PUdobVO9i32gJBjT4/PShEz6iOoR8xokpYGRZYUu5H rD4Qi8mtZhudYNBoO0bNzHN5Gxj5Q2BbJsOhpbdRy10WTMuYyXkl0J1h10U4qCYYL8/g0y rCYMT/P/f6n0Ewhrc69Ge71POGiWNcrXU74aP0INFSIqI6bnWB7QCk7cgzafvjhVPz7qDF iMcVICALcPQ+f+rqR15dYjc41gLG1mxGUsmIHY19c4L8jrG2meVD3Y1zEgQVvg== Received: from hal.tijl.coosemans.org (unknown [IPv6:2a02:a03f:894b:4700:fc1a:620f:c25c:5442]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: tijl) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Ry1D21vNcz1CmP; Fri, 29 Sep 2023 19:50:26 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Date: Fri, 29 Sep 2023 21:50:22 +0200 From: =?UTF-8?B?VMSzbA==?= Coosemans To: Christoph Moench-Tegeder , jbeich@FreeBSD.org, ports-secteam@FreeBSD.org Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: b38e8d5e38dc - main - www/firefox: update to 118.0.1 Message-ID: <20230929215022.521f66bb@hal.tijl.coosemans.org> In-Reply-To: <202309281729.38SHTn9M072773@gitrepo.freebsd.org> References: <202309281729.38SHTn9M072773@gitrepo.freebsd.org> List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 28 Sep 2023 17:29:49 GMT Christoph Moench-Tegeder wrote: > The branch main has been updated by cmt: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=b38e8d5e38dcffdbe66ba023a0933ad322a23cd6 > > commit b38e8d5e38dcffdbe66ba023a0933ad322a23cd6 > Author: Christoph Moench-Tegeder > AuthorDate: 2023-09-28 17:29:00 +0000 > Commit: Christoph Moench-Tegeder > CommitDate: 2023-09-28 17:29:00 +0000 > > www/firefox: update to 118.0.1 > > Release Notes: > https://www.mozilla.org/en-US/firefox/118.0.1/releasenotes/ This fixes a critical vulnerability in the bundled libvpx, but this isn't used on FreeBSD. multimedia/libvpx needs to be patched. Following the bread crumbs from the release notes: This mentions bug 1855550: https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/ Which leads to the following commit: https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2 Which mentions this libvpx commit: https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590 Can you add that to multimedia/libvpx? The change to vp8/encoder/onyx_if.c is the relevant bit.