git: b495a3116a24 - 2025Q3 - multimedia/openh264: security update to v2.6.0

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Sun, 27 Jul 2025 20:35:17 UTC
The branch 2025Q3 has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b495a3116a24c78ec9a4a57b927bb7d6e6f50f13

commit b495a3116a24c78ec9a4a57b927bb7d6e6f50f13
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2025-07-21 23:15:02 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-07-27 20:24:03 +0000

    multimedia/openh264: security update to v2.6.0
    
    This includes a security fix:
    "- Fix potential bug in the codebase (Commit: 63db555e, PR: #3818)"
    which the 2.5.1 release described as
    "Fix decoder heap overflow vulnerability".
    <https://github.com/cisco/openh264/releases>
    
    But due to the other fixes, let's move to 2.6.0 right away.
    Requires gmp-api (GeckoMediaPlayer) API update to Firefox 135 to build.
    
    Changelog:      https://github.com/cisco/openh264/blob/openh264v2.6.0/RELEASES#L4
    Security:       03ba1cdd-4faf-11f0-af06-00a098b42aeb
    Security:       CVE-2025-27091
    PR:             288375
    Approved by:    ports-secteam@ (fernape@)
    MFH:            2025Q3 (needs gmp-api update)
    
    (cherry picked from commit dc94e017da770b37aeb0463f81dcdcbb64098223)
---
 multimedia/openh264/Makefile  | 3 ++-
 multimedia/openh264/distinfo  | 6 +++---
 multimedia/openh264/pkg-plist | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/multimedia/openh264/Makefile b/multimedia/openh264/Makefile
index 4d74de3308f0..19c292bcdbad 100644
--- a/multimedia/openh264/Makefile
+++ b/multimedia/openh264/Makefile
@@ -1,6 +1,7 @@
 PORTNAME=	openh264
 DISTVERSIONPREFIX=v
-DISTVERSION=	2.3.0
+DISTVERSION=	2.6.0
+PORTREVISION=	0
 PORTEPOCH=	2
 CATEGORIES=	multimedia
 
diff --git a/multimedia/openh264/distinfo b/multimedia/openh264/distinfo
index 5545164a26a9..5cf1e38543b4 100644
--- a/multimedia/openh264/distinfo
+++ b/multimedia/openh264/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1654825906
-SHA256 (cisco-openh264-v2.3.0_GH0.tar.gz) = 99b0695272bee73a3b3a5fcb1afef462c11a142d1dc35a2c61fef5a4b7d60bc0
-SIZE (cisco-openh264-v2.3.0_GH0.tar.gz) = 60290792
+TIMESTAMP = 1753131003
+SHA256 (cisco-openh264-v2.6.0_GH0.tar.gz) = 558544ad358283a7ab2930d69a9ceddf913f4a51ee9bf1bfb9e377322af81a69
+SIZE (cisco-openh264-v2.6.0_GH0.tar.gz) = 60302243
diff --git a/multimedia/openh264/pkg-plist b/multimedia/openh264/pkg-plist
index 0310e83c0078..d7b2b6152de3 100644
--- a/multimedia/openh264/pkg-plist
+++ b/multimedia/openh264/pkg-plist
@@ -18,5 +18,5 @@ include/wels/codec_ver.h
 lib/libopenh264.a
 lib/libopenh264.so
 lib/libopenh264.so.%%PORTVERSION%%
-lib/libopenh264.so.6
+lib/libopenh264.so.8
 libdata/pkgconfig/openh264.pc