head	1.3;
access;
symbols
	pkgsrc-2026Q1:1.2.0.2;
locks; strict;
comment	@ * @;


1.3
date	2026.05.07.21.01.30;	author gutteridge;	state Exp;
branches;
next	1.2;
commitid	JOvYSrfevXNBsVEG;

1.2
date	2026.04.30.21.47.25;	author gutteridge;	state Exp;
branches
	1.2.2.1;
next	1.1;
commitid	AL03i2xn9GmUV1EG;

1.1
date	2026.04.30.18.51.23;	author gutteridge;	state Exp;
branches;
next	;
commitid	yKrZQOCM2JcYX0EG;

1.2.2.1
date	2026.04.30.21.47.25;	author bsiegert;	state dead;
branches;
next	1.2.2.2;
commitid	idHf729mVYiq6hEG;

1.2.2.2
date	2026.05.02.19.26.59;	author bsiegert;	state Exp;
branches;
next	;
commitid	idHf729mVYiq6hEG;


desc
@@


1.3
log
@firefox140: address CVS keyword substitution glitch
@
text
@$NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.2 2026/04/30 21:47:25 gutteridge Exp $

Fix build failure due to incompatible pointer types.
https://github.com/mozilla-firefox/firefox/commit/930757b47bf1ce3522468f384570634032f0500b

--- media/ffvpx/libavcodec/parser_list.c.orig	2026-04-27 16:08:57.000000000 +0000
+++ media/ffvpx/libavcodec/parser_list.c
@@@@ -1,6 +1,6 @@@@
 #include "config_components.h"
 
-static const AVCodecParser * const parser_list[] = {
+static const FFCodecParser * const parser_list[] = {
 #if CONFIG_VP8_PARSER
     &ff_vp8_parser,
 #endif
@


1.2
log
@firefox140: note new patch added was already fixed upstream
@
text
@d1 1
a1 1
$NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.1 2026/04/30 18:51:23 gutteridge Exp $
@


1.2.2.1
log
@file patch-media_ffvpx_libavcodec_parser__list.c was added on branch pkgsrc-2026Q1 on 2026-05-02 19:26:59 +0000
@
text
@d1 15
@


1.2.2.2
log
@Pullup ticket #7087 - requested by gutteridge
www/firefox140: security fix
www/firefox140-l10n: dependent update

Revisions pulled up:
- www/firefox140-l10n/Makefile                                  1.10
- www/firefox140-l10n/distinfo                                  1.10
- www/firefox140/Makefile                                       1.15
- www/firefox140/distinfo                                       1.14-1.15
- www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c 1.1-1.2

---
   Module Name:    pkgsrc
   Committed By:   gutteridge
   Date:           Thu Apr 30 18:51:23 UTC 2026

   Modified Files:
           pkgsrc/www/firefox140: Makefile distinfo
   Added Files:
           pkgsrc/www/firefox140/patches:
               patch-media_ffvpx_libavcodec_parser__list.c

   Log Message:
   firefox140: update to 140.10.1

   Mozilla Foundation Security Advisory 2026-36
   Security Vulnerabilities fixed in Firefox ESR 140.10.1

   Announced
       April 28, 2026
   Impact
       high
   Products
       Firefox ESR
   Fixed in

           Firefox ESR 140.10.1

   #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component

   Reporter
       Xuehao Guo
   Impact
       high

   References

       Bug 2027433

   #CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

   Reporter
       The Mozilla Fuzzing Team
   Impact
       moderate

   References

       Bug 2029461

   #CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1

   Reporter
       C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team
   Impact
       critical

   Description

   Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of
   these could have been exploited to run arbitrary code.
   References

       Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1

   #CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

   Reporter
       Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team
   Impact
       high

   Description

   Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been
   exploited to run arbitrary code.
   References

       Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

---
   Module Name:    pkgsrc
   Committed By:   gutteridge
   Date:           Thu Apr 30 18:53:28 UTC 2026

   Modified Files:
           pkgsrc/www/firefox140-l10n: Makefile distinfo

   Log Message:
   firefox140-l10n: update to 140.10.1

---
   Module Name:    pkgsrc
   Committed By:   gutteridge
   Date:           Thu Apr 30 21:47:25 UTC 2026

   Modified Files:
           pkgsrc/www/firefox140: distinfo
           pkgsrc/www/firefox140/patches:
               patch-media_ffvpx_libavcodec_parser__list.c

   Log Message:
   firefox140: note new patch added was already fixed upstream
@
text
@a0 15
$NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.1 2026/04/30 18:51:23 gutteridge Exp $

Fix build failure due to incompatible pointer types.
https://github.com/mozilla-firefox/firefox/commit/930757b47bf1ce3522468f384570634032f0500b

--- media/ffvpx/libavcodec/parser_list.c.orig	2026-04-27 16:08:57.000000000 +0000
+++ media/ffvpx/libavcodec/parser_list.c
@@@@ -1,6 +1,6 @@@@
 #include "config_components.h"
 
-static const AVCodecParser * const parser_list[] = {
+static const FFCodecParser * const parser_list[] = {
 #if CONFIG_VP8_PARSER
     &ff_vp8_parser,
 #endif
@


1.1
log
@firefox140: update to 140.10.1

Mozilla Foundation Security Advisory 2026-36
Security Vulnerabilities fixed in Firefox ESR 140.10.1

Announced
    April 28, 2026
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 140.10.1

#CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component

Reporter
    Xuehao Guo
Impact
    high

References

    Bug 2027433

#CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

Reporter
    The Mozilla Fuzzing Team
Impact
    moderate

References

    Bug 2029461

#CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1

Reporter
    C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team
Impact
    critical

Description

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1

#CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

Reporter
    Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1
@
text
@d1 1
a1 1
$NetBSD$
d4 1
a4 1
error: initialization of 'const AVCodecParser *' from incompatible pointer type 'const FFCodecParser *'
@