pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/firefox140
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Apr 30 18:51:23 UTC 2026
Modified Files:
pkgsrc/www/firefox140: Makefile distinfo
Added Files:
pkgsrc/www/firefox140/patches:
patch-media_ffvpx_libavcodec_parser__list.c
Log Message:
firefox140: update to 140.10.1
Mozilla Foundation Security Advisory 2026-36
Security Vulnerabilities fixed in Firefox ESR 140.10.1
Announced
April 28, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.10.1
#CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component
Reporter
Xuehao Guo
Impact
high
References
Bug 2027433
#CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component
Reporter
The Mozilla Fuzzing Team
Impact
moderate
References
Bug 2029461
#CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1
Reporter
C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team
Impact
critical
Description
Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of
these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1
#CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1
Reporter
Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox140/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/firefox140/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/firefox140/Makefile
diff -u pkgsrc/www/firefox140/Makefile:1.14 pkgsrc/www/firefox140/Makefile:1.15
--- pkgsrc/www/firefox140/Makefile:1.14 Tue Apr 21 13:40:08 2026
+++ pkgsrc/www/firefox140/Makefile Thu Apr 30 18:51:22 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.14 2026/04/21 13:40:08 gutteridge Exp $
+# $NetBSD: Makefile,v 1.15 2026/04/30 18:51:22 gutteridge Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
MOZ_BRANCH= 140.10
-MOZ_BRANCH_MINOR= .0esr
+MOZ_BRANCH_MINOR= .1esr
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox140-/}
Index: pkgsrc/www/firefox140/distinfo
diff -u pkgsrc/www/firefox140/distinfo:1.13 pkgsrc/www/firefox140/distinfo:1.14
--- pkgsrc/www/firefox140/distinfo:1.13 Tue Apr 21 13:40:08 2026
+++ pkgsrc/www/firefox140/distinfo Thu Apr 30 18:51:22 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.13 2026/04/21 13:40:08 gutteridge Exp $
+$NetBSD: distinfo,v 1.14 2026/04/30 18:51:22 gutteridge Exp $
-BLAKE2s (firefox-140.10.0esr.source.tar.xz) = 94fea47829730dbdb974dfdd694d214a86de37f21bf6a6aa98437f34e410c5ee
-SHA512 (firefox-140.10.0esr.source.tar.xz) = 56b274df21d0a908e826af6dda89a42b77fb0f597b75542b0330d448ae22be07a3636a3187ff1b488e466cc8c5264a8a75f79901354a49e35a3e99dcb0852514
-Size (firefox-140.10.0esr.source.tar.xz) = 636605480 bytes
+BLAKE2s (firefox-140.10.1esr.source.tar.xz) = c1ff3f87a5fe9357dafc87c008d6b2ada6dab049808e9be258f6dda37d44222a
+SHA512 (firefox-140.10.1esr.source.tar.xz) = aa3481dbdda0a302acefff52007ba2e6927962523408b942a7df673e80618fc381faf1ca70ebaac3760645bf7cb382b85658af49beca705cd636ce9de58349a5
+Size (firefox-140.10.1esr.source.tar.xz) = 638929340 bytes
BLAKE2s (nodejs-output-140.0.4.tgz) = 7ebb5993c8c9d7d5492afdb9fa7fef74fec7753fb0b14673817f24faf4a7fca4
SHA512 (nodejs-output-140.0.4.tgz) = e421b0b6be8b5b8dfda705eefcf4573a1270df9012dca5eac9ba0ac2af2bcc47dd66b1057106f8c2336a10bdcc39b9f852041dd33da9e7a8929d981dbb4e1fb4
Size (nodejs-output-140.0.4.tgz) = 245385 bytes
@@ -26,6 +26,7 @@ SHA1 (patch-js_public_Utility.h) = bb546
SHA1 (patch-js_src_jit_FlushICache.cpp) = f5d1fcb391c36a29fb71a78dbf731ee6a1cb17b6
SHA1 (patch-js_src_util_NativeStack.cpp) = a0a16d8d8d78d3cc3f4d2a508586f1a7821f7dba
SHA1 (patch-js_src_vm_TypedArrayObject-inl.h) = e7913c8d4b2b05b67040baa64dae62d6ba40390e
+SHA1 (patch-media_ffvpx_libavcodec_parser__list.c) = c739791026d9ea3ef2ccc1c37db9edc37635e8d4
SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = ae89120862442275d6b14446c5a63b0ef570124f
SHA1 (patch-media_libpng_pngpriv.h) = 8320a1f7534ed5c4914b597bb3d6117d0060318f
SHA1 (patch-modules_fdlibm_src_math__private.h) = e20b6c23011d7123cbbd64a500eb8ce8c426620e
Added files:
Index: pkgsrc/www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c
diff -u /dev/null pkgsrc/www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c:1.1
--- /dev/null Thu Apr 30 18:51:23 2026
+++ pkgsrc/www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c Thu Apr 30 18:51:23 2026
@@ -0,0 +1,15 @@
+$NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.1 2026/04/30 18:51:23 gutteridge Exp $
+
+Fix build failure due to incompatible pointer types.
+error: initialization of 'const AVCodecParser *' from incompatible pointer type 'const FFCodecParser *'
+
+--- media/ffvpx/libavcodec/parser_list.c.orig 2026-04-27 16:08:57.000000000 +0000
++++ media/ffvpx/libavcodec/parser_list.c
+@@ -1,6 +1,6 @@
+ #include "config_components.h"
+
+-static const AVCodecParser * const parser_list[] = {
++static const FFCodecParser * const parser_list[] = {
+ #if CONFIG_VP8_PARSER
+ &ff_vp8_parser,
+ #endif
Home |
Main Index |
Thread Index |
Old Index