[Bug 288375] multimedia/openh264: security update to v2.6.0, includes multimedia/gmp: update to Firefox135

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 288375] multimedia/openh264: security update to v2.6.0, includes multimedia/gmp: update to Firefox135"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 21 Jul 2025 23:23:33 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288375

--- Comment #1 from Matthias Andree <mandree@FreeBSD.org> ---
Created attachment 262326
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=262326&action=edit
multimedia/openh264: security update to v2.6.0

I am proposing these two patches, which would diligently require an exp-run due
to the vast amount of chromium-derived ports.

Author: Matthias Andree <mandree@FreeBSD.org>
Date:   Tue Jul 22 01:13:53 2025 +0200

    multimedia/gmp-api: update to Firefox135 release

    This was released on 2023-04-17 and is a requisite for updating
    OpenH264.

    Changelog: "Updates to enable features in OpenH264 for improved decoding
    performance." <https://github.com/mozilla/gmp-api/releases/tag/Firefox135>

Author: Matthias Andree <mandree@FreeBSD.org>
Date:   Tue Jul 22 01:15:02 2025 +0200

    multimedia/openh264: security update to v2.6.0

    This includes a security fix:
    "- Fix potential bug in the codebase (Commit: 63db555e, PR: #3818)"
    which the 2.5.1 release described as
    "Fix decoder heap overflow vulnerability".
    <https://github.com/cisco/openh264/releases>

    But due to the other fixes, let's move to 2.6.0 right away.
    Requires gmp-api (GeckoMediaPlayer) API update to Firefox 135 to build.

    ChangeLog:      https://github.com/cisco/openh264/blob/master/RELEASES#L4
    Security:       03ba1cdd-4faf-11f0-af06-00a098b42aeb
    Security:       CVE-2025-27091
    MFH:            2025Q3 (needs gmp-api update)

-- 
You are receiving this mail because:
You are the assignee for the bug.