Re: git: b38e8d5e38dc - main - www/firefox: update to 118.0.1

Reply: Jan Beich : "Re: git: b38e8d5e38dc - main - www/firefox: update to 118.0.1"
In reply to: Christoph Moench-Tegeder : "git: b38e8d5e38dc - main - www/firefox: update to 118.0.1"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Tĳl Coosemans <tijl_at_FreeBSD.org>
Date: Fri, 29 Sep 2023 19:50:22 UTC

On Thu, 28 Sep 2023 17:29:49 GMT Christoph Moench-Tegeder <cmt@FreeBSD.org> wrote:
> The branch main has been updated by cmt:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=b38e8d5e38dcffdbe66ba023a0933ad322a23cd6
> 
> commit b38e8d5e38dcffdbe66ba023a0933ad322a23cd6
> Author:     Christoph Moench-Tegeder <cmt@FreeBSD.org>
> AuthorDate: 2023-09-28 17:29:00 +0000
> Commit:     Christoph Moench-Tegeder <cmt@FreeBSD.org>
> CommitDate: 2023-09-28 17:29:00 +0000
> 
>     www/firefox: update to 118.0.1
>     
>     Release Notes:
>       https://www.mozilla.org/en-US/firefox/118.0.1/releasenotes/

This fixes a critical vulnerability in the bundled libvpx, but this
isn't used on FreeBSD.  multimedia/libvpx needs to be patched.

Following the bread crumbs from the release notes:

This mentions bug 1855550:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

Which leads to the following commit:
https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2

Which mentions this libvpx commit:
https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590

Can you add that to multimedia/libvpx?  The change to
vp8/encoder/onyx_if.c is the relevant bit.