4:09 a.m.
commit 254c68df576729af285d82e427d6e3215d604766
Author: Robert-André Mauchin <zebob.m(a)gmail.com>
Date: Sun May 26 19:57:21 2024 +0200
Update to 1.17.6
Fix CVE-2024-25269
26ec3953d46bb5756b97955661565bcbc6647abf.patch | 25 ---
50aa08176e44178eeffcb7a66f37d7cad074f51b.patch | 23 +++
56ef61d8daa55b56d782e5d8ab6f0ed31b98b494.patch | 24 ---
730a9d80bea3434f75c79e721878cc67f3889969.patch | 208 -------------------------
877de6b398198bca387df791b9232922c5721c80.patch | 42 +++++
90955e3118d687fa8c36747a7b349caebc82707d.patch | 21 +++
9598ddeb3dff4e51a9989067e912baf502410cee.patch | 141 +++++++++++++++++
a911b26a902c5f89fee2dc20ac4dfaafcb8144ec.patch | 22 +++
bef5f0f49f9024957189b5b465cd4d07078cd06f.patch | 36 +++++
dfd88deb1d80b4195ef16cddad256f33b46fbe29.patch | 22 +++
fd5b02aca3e29088bf0a1fc400bd661be4a6ed76.patch | 28 ----
libheif-freeworld.spec | 26 ++--
sources | 2 +-
13 files changed, 324 insertions(+), 296 deletions(-)
---
diff --git a/50aa08176e44178eeffcb7a66f37d7cad074f51b.patch
b/50aa08176e44178eeffcb7a66f37d7cad074f51b.patch
new file mode 100644
index 0000000..e3ef6b9
--- /dev/null
+++ b/50aa08176e44178eeffcb7a66f37d7cad074f51b.patch
@@ -0,0 +1,23 @@
+From 50aa08176e44178eeffcb7a66f37d7cad074f51b Mon Sep 17 00:00:00 2001
+From: zhubo <zhubo.z(a)bytedance.com>
+Date: Fri, 29 Dec 2023 23:16:57 +0800
+Subject: [PATCH] Add kvazaar to REQUIRES_PRIVATE
+
+---
+ CMakeLists.txt | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index d996845e39..3a3f51d86f 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -234,6 +234,9 @@ endif()
+ if (X265_FOUND AND NOT (PLUGIN_LOADING_SUPPORTED_AND_ENABLED AND WITH_X265_PLUGIN))
+ list(APPEND REQUIRES_PRIVATE "x265")
+ endif()
++if (KVAZAAR_FOUND AND NOT (PLUGIN_LOADING_SUPPORTED_AND_ENABLED AND
WITH_KVAZAAR_PLUGIN))
++ list(APPEND REQUIRES_PRIVATE "kvazaar")
++endif()
+ if ((AOM_DECODER_FOUND AND NOT (PLUGIN_LOADING_SUPPORTED_AND_ENABLED AND
WITH_AOM_DECODER_PLUGIN))
+ OR (AOM_ENCODER_FOUND AND NOT (PLUGIN_LOADING_SUPPORTED_AND_ENABLED AND
WITH_AOM_ENCODER_PLUGIN)))
+ list(APPEND REQUIRES_PRIVATE "aom")
diff --git a/877de6b398198bca387df791b9232922c5721c80.patch
b/877de6b398198bca387df791b9232922c5721c80.patch
new file mode 100644
index 0000000..852ca50
--- /dev/null
+++ b/877de6b398198bca387df791b9232922c5721c80.patch
@@ -0,0 +1,42 @@
+From 877de6b398198bca387df791b9232922c5721c80 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang(a)loongson.cn>
+Date: Thu, 21 Dec 2023 15:45:29 +0800
+Subject: [PATCH] fix memory leaks in function JpegEncoder::Encode
+
+---
+ examples/encoder_jpeg.cc | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/examples/encoder_jpeg.cc b/examples/encoder_jpeg.cc
+index 6a8bae163a..b82f8aa39b 100644
+--- a/examples/encoder_jpeg.cc
++++ b/examples/encoder_jpeg.cc
+@@ -179,6 +179,9 @@ bool JpegEncoder::Encode(const struct heif_image_handle* handle,
+ uint32_t skip = (exifdata[0]<<24) | (exifdata[1]<<16) |
(exifdata[2]<<8) | exifdata[3];
+ if (skip > (exifsize - 4)) {
+ fprintf(stderr, "Invalid EXIF data (offset too large)\n");
++ free(exifdata);
++ jpeg_destroy_compress(&cinfo);
++ fclose(fp);
+ return false;
+ }
+ skip += 4;
+@@ -188,6 +191,9 @@ bool JpegEncoder::Encode(const struct heif_image_handle* handle,
+
+ if (size > std::numeric_limits<uint32_t>::max()) {
+ fprintf(stderr, "EXIF larger than 4GB is not supported");
++ free(exifdata);
++ jpeg_destroy_compress(&cinfo);
++ fclose(fp);
+ return false;
+ }
+
+@@ -258,6 +264,8 @@ bool JpegEncoder::Encode(const struct heif_image_handle* handle,
+
+ if (heif_image_get_bits_per_pixel(image, heif_channel_Y) != 8) {
+ fprintf(stderr, "JPEG writer cannot handle image with >8 bpp.\n");
++ jpeg_destroy_compress(&cinfo);
++ fclose(fp);
+ return false;
+ }
+
diff --git a/90955e3118d687fa8c36747a7b349caebc82707d.patch
b/90955e3118d687fa8c36747a7b349caebc82707d.patch
new file mode 100644
index 0000000..b967bd2
--- /dev/null
+++ b/90955e3118d687fa8c36747a7b349caebc82707d.patch
@@ -0,0 +1,21 @@
+From 90955e3118d687fa8c36747a7b349caebc82707d Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang(a)loongson.cn>
+Date: Thu, 11 Jan 2024 17:48:52 +0800
+Subject: [PATCH] Fix potential memory leak in file heif_convert.cc
+
+---
+ examples/heif_convert.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/examples/heif_convert.cc b/examples/heif_convert.cc
+index 0e3cb4d2de..e57573235c 100644
+--- a/examples/heif_convert.cc
++++ b/examples/heif_convert.cc
+@@ -609,6 +609,7 @@ int main(int argc, char** argv)
+ const char* auxTypeC = nullptr;
+ err = heif_image_handle_get_auxiliary_type(aux_handle, &auxTypeC);
+ if (err.code) {
++ heif_image_release(aux_image);
+ heif_image_handle_release(aux_handle);
+ heif_image_handle_release(handle);
+ std::cerr << "Could not get type of auxiliary image: "
<< err.message << "\n";
diff --git a/9598ddeb3dff4e51a9989067e912baf502410cee.patch
b/9598ddeb3dff4e51a9989067e912baf502410cee.patch
new file mode 100644
index 0000000..7674268
--- /dev/null
+++ b/9598ddeb3dff4e51a9989067e912baf502410cee.patch
@@ -0,0 +1,141 @@
+From 9598ddeb3dff4e51a9989067e912baf502410cee Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <hlewin(a)worldiety.de>
+Date: Sun, 10 Mar 2024 13:32:18 +0100
+Subject: [PATCH] encoder_kvazaar.cc: Fix some memory leaks
+
+---
+ libheif/plugins/encoder_kvazaar.cc | 50 +++++++++++++-----------------
+ 1 file changed, 22 insertions(+), 28 deletions(-)
+
+diff --git a/libheif/plugins/encoder_kvazaar.cc b/libheif/plugins/encoder_kvazaar.cc
+index eada77f9fe..158f174b04 100644
+--- a/libheif/plugins/encoder_kvazaar.cc
++++ b/libheif/plugins/encoder_kvazaar.cc
+@@ -361,6 +361,11 @@ static void copy_plane(kvz_pixel* out_p,
+ }
+
+
++template<typename T, typename D>
++std::unique_ptr<T, D> make_guard(T* ptr, D&& deleter) {
++ return std::unique_ptr<T, D>(ptr, deleter);
++}
++
+ static struct heif_error kvazaar_encode_image(void* encoder_raw, const struct
heif_image* image,
+ heif_image_input_class input_class)
+ {
+@@ -380,7 +385,8 @@ static struct heif_error kvazaar_encode_
+ return err;
+ }
+
+- kvz_config* config = api->config_alloc();
++ auto uconfig = make_guard(api->config_alloc(), [api](kvz_config* cfg) {
api->config_destroy(cfg); });
++ kvz_config* config = uconfig.get();
+ api->config_init(config); // param, encoder->preset.c_str(),
encoder->tune.c_str());
+ #if HAVE_KVAZAAR_ENABLE_LOGGING
+ config->enable_logging_output = 0;
+@@ -541,9 +547,9 @@ static struct heif_error kvazaar_encode_
+ }
+ */
+
+- kvz_picture* pic = api->picture_alloc_csp(kvzChroma, encoded_width,
encoded_height);
++ auto upic = make_guard(api->picture_alloc_csp(kvzChroma, encoded_width,
encoded_height), [api](kvz_picture* pic) { api->picture_free(pic); });
++ kvz_picture* pic = upic.get();
+ if (!pic) {
+- api->config_destroy(config);
+ return heif_error{
+ heif_error_Encoder_plugin_error,
+ heif_suberror_Encoder_encoding,
+@@ -573,11 +579,9 @@ static struct heif_error kvazaar_encode_
+ encoded_width >> chroma_stride_shift, encoded_height >>
chroma_height_shift);
+ }
+
+- kvz_encoder* kvzencoder = api->encoder_open(config);
++ auto uencoder = make_guard(api->encoder_open(config), [api](kvz_encoder* e) {
api->encoder_close(e); });
++ kvz_encoder* kvzencoder = uencoder.get();
+ if (!kvzencoder) {
+- api->picture_free(pic);
+- api->config_destroy(config);
+-
+ return heif_error{
+ heif_error_Encoder_plugin_error,
+ heif_suberror_Encoder_encoding,
+@@ -586,14 +590,18 @@ static struct heif_error kvazaar_encode_
+ }
+
+ kvz_data_chunk* data = nullptr;
++ auto free_data = [api](kvz_data_chunk** data){
++ if(*data) {
++ api->chunk_free(*data);
++ *data = nullptr;
++ }
++ };
++ auto data_deleter = std::unique_ptr<kvz_data_chunk*,
decltype(free_data)>(&data, free_data);
++
+ uint32_t data_len;
+ int success;
+ success = api->encoder_headers(kvzencoder, &data, &data_len);
+ if (!success) {
+- api->picture_free(pic);
+- api->config_destroy(config);
+- api->encoder_close(kvzencoder);
+-
+ return heif_error{
+ heif_error_Encoder_plugin_error,
+ heif_suberror_Encoder_encoding,
+@@ -602,17 +610,13 @@ static struct heif_error kvazaar_encode_
+ }
+
+ append_chunk_data(data, encoder->output_data);
++ free_data(&data);
+
+ success = api->encoder_encode(kvzencoder,
+ pic,
+ &data, &data_len,
+ nullptr, nullptr, nullptr);
+ if (!success) {
+- api->chunk_free(data);
+- api->picture_free(pic);
+- api->config_destroy(config);
+- api->encoder_close(kvzencoder);
+-
+ return heif_error{
+ heif_error_Encoder_plugin_error,
+ heif_suberror_Encoder_encoding,
+@@ -621,6 +625,7 @@ static struct heif_error kvazaar_encode_
+ }
+
+ append_chunk_data(data, encoder->output_data);
++ free_data(&data);
+
+ for (;;) {
+ success = api->encoder_encode(kvzencoder,
+@@ -628,11 +633,6 @@ static struct heif_error kvazaar_encode_
+ &data, &data_len,
+ nullptr, nullptr, nullptr);
+ if (!success) {
+- api->chunk_free(data);
+- api->picture_free(pic);
+- api->config_destroy(config);
+- api->encoder_close(kvzencoder);
+-
+ return heif_error{
+ heif_error_Encoder_plugin_error,
+ heif_suberror_Encoder_encoding,
+@@ -645,16 +645,10 @@ static struct heif_error kvazaar_encode_
+ }
+
+ append_chunk_data(data, encoder->output_data);
++ free_data(&data);
+ }
+
+ (void) success;
+-
+- api->chunk_free(data);
+-
+- api->encoder_close(kvzencoder);
+- api->picture_free(pic);
+- api->config_destroy(config);
+-
+ return heif_error_ok;
+ }
+
diff --git a/a911b26a902c5f89fee2dc20ac4dfaafcb8144ec.patch
b/a911b26a902c5f89fee2dc20ac4dfaafcb8144ec.patch
new file mode 100644
index 0000000..e3f3374
--- /dev/null
+++ b/a911b26a902c5f89fee2dc20ac4dfaafcb8144ec.patch
@@ -0,0 +1,22 @@
+From a911b26a902c5f89fee2dc20ac4dfaafcb8144ec Mon Sep 17 00:00:00 2001
+From: Andrey Semashev <Lastique(a)users.noreply.github.com>
+Date: Fri, 15 Mar 2024 17:46:48 +0300
+Subject: [PATCH] Fix compilation with libsvtav1 2.0.0.
+
+---
+ libheif/plugins/encoder_svt.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libheif/plugins/encoder_svt.cc b/libheif/plugins/encoder_svt.cc
+index 4597d7b8fc..1ff3bce2d5 100644
+--- a/libheif/plugins/encoder_svt.cc
++++ b/libheif/plugins/encoder_svt.cc
+@@ -646,7 +646,7 @@ struct heif_error svt_encode_image(void* encoder_raw, const struct
heif_image* i
+
+ if (nclx) {
+ svt_config.color_description_present_flag = true;
+-#if SVT_AV1_VERSION_MAJOR == 1
++#if SVT_AV1_VERSION_MAJOR >= 1
+ svt_config.color_primaries =
static_cast<EbColorPrimaries>(nclx->color_primaries);
+ svt_config.transfer_characteristics =
static_cast<EbTransferCharacteristics>(nclx->transfer_characteristics);
+ svt_config.matrix_coefficients =
static_cast<EbMatrixCoefficients>(nclx->matrix_coefficients);
diff --git a/bef5f0f49f9024957189b5b465cd4d07078cd06f.patch
b/bef5f0f49f9024957189b5b465cd4d07078cd06f.patch
new file mode 100644
index 0000000..256c6e4
--- /dev/null
+++ b/bef5f0f49f9024957189b5b465cd4d07078cd06f.patch
@@ -0,0 +1,36 @@
+From bef5f0f49f9024957189b5b465cd4d07078cd06f Mon Sep 17 00:00:00 2001
+From: Brad Hards <bradh(a)frogmouth.net>
+Date: Sat, 6 Jan 2024 13:59:21 +1100
+Subject: [PATCH] kvazaar: protect against unexpected chroma values
+
+Resolves #1089
+---
+ libheif/plugins/encoder_kvazaar.cc | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/libheif/plugins/encoder_kvazaar.cc b/libheif/plugins/encoder_kvazaar.cc
+index 408f1bf84d..eada77f9fe 100644
+--- a/libheif/plugins/encoder_kvazaar.cc
++++ b/libheif/plugins/encoder_kvazaar.cc
+@@ -35,6 +35,7 @@ extern "C" {
+
+ static const char* kError_unspecified_error = "Unspecified encoder error";
+ static const char* kError_unsupported_bit_depth = "Bit depth not supported by
kvazaar";
++static const char* kError_unsupported_chroma = "Unsupported chroma type";
+ //static const char* kError_unsupported_image_size = "Images smaller than 16 pixels
are not supported";
+
+
+@@ -492,6 +493,13 @@ static struct heif_error kvazaar_encode_image(void* encoder_raw,
const struct he
+ input_chroma_width = input_width;
+ input_chroma_height = input_height;
+ }
++ else {
++ return heif_error{
++ heif_error_Encoder_plugin_error,
++ heif_suberror_Unsupported_image_type,
++ kError_unsupported_chroma
++ };
++ }
+
+ if (chroma != heif_chroma_monochrome) {
+ int w = heif_image_get_width(image, heif_channel_Y);
diff --git a/dfd88deb1d80b4195ef16cddad256f33b46fbe29.patch
b/dfd88deb1d80b4195ef16cddad256f33b46fbe29.patch
new file mode 100644
index 0000000..12fcb45
--- /dev/null
+++ b/dfd88deb1d80b4195ef16cddad256f33b46fbe29.patch
@@ -0,0 +1,22 @@
+From dfd88deb1d80b4195ef16cddad256f33b46fbe29 Mon Sep 17 00:00:00 2001
+From: Brad Hards <bradh(a)frogmouth.net>
+Date: Wed, 17 Jan 2024 11:47:15 +1100
+Subject: [PATCH] examples: fix leak in PNG decoder
+
+This shows up with heif-enc (e.g. with --avif) under valgrind
+---
+ examples/decoder_png.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/examples/decoder_png.cc b/examples/decoder_png.cc
+index 5742f02653..c3eeed88a8 100644
+--- a/examples/decoder_png.cc
++++ b/examples/decoder_png.cc
+@@ -419,6 +419,7 @@ InputImage loadPNG(const char* filename, int output_bit_depth)
+ } // for
+
+ delete[] row_pointers;
++ fclose(fh);
+
+ input_image.image = std::shared_ptr<heif_image>(image,
+ [](heif_image* img) {
heif_image_release(img); });
diff --git a/libheif-freeworld.spec b/libheif-freeworld.spec
index ccf0cfd..6e124fe 100644
--- a/libheif-freeworld.spec
+++ b/libheif-freeworld.spec
@@ -1,21 +1,23 @@
%bcond_with check
Name: libheif-freeworld
-Version: 1.17.5
-Release: 3%{?dist}
+Version: 1.17.6
+Release: 1%{?dist}
Summary: HEVC support for HEIF and AVIF file format decoder and encoder
License: LGPL-3.0-or-later and MIT
URL: https://github.com/strukturag/libheif
Source0: %{url}/archive/v%{version}/libheif-%{version}.tar.gz
-# fix for CVE-2023-49460 (https://github.com/strukturag/libheif/issues/1046)
-Patch10:
https://github.com/strukturag/libheif/commit/fd5b02aca3e29088bf0a1fc400bd...
-# fix for CVE-2023-49462 (https://github.com/strukturag/libheif/issues/1043)
-Patch11:
https://github.com/strukturag/libheif/commit/730a9d80bea3434f75c79e721878...
-# fix for CVE-2023-49463 (https://github.com/strukturag/libheif/issues/1042)
-Patch12:
https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b9795566156...
-# fix for CVE-2023-49464 (https://github.com/strukturag/libheif/issues/1044)
-Patch13:
https://github.com/strukturag/libheif/commit/56ef61d8daa55b56d782e5d8ab6f...
+# Fix for CVE-2024-25269 (https://github.com/strukturag/libheif/issues/1073)
+Patch1: 877de6b398198bca387df791b9232922c5721c80.patch
+# Fix compilation with libsvtav1 2.0.0.
+Patch2: a911b26a902c5f89fee2dc20ac4dfaafcb8144ec.patch
+# Backport memory leaks fix from master
+Patch3: 9598ddeb3dff4e51a9989067e912baf502410cee.patch
+Patch4: dfd88deb1d80b4195ef16cddad256f33b46fbe29.patch
+Patch5: 90955e3118d687fa8c36747a7b349caebc82707d.patch
+Patch6: bef5f0f49f9024957189b5b465cd4d07078cd06f.patch
+Patch7: 50aa08176e44178eeffcb7a66f37d7cad074f51b.patch
BuildRequires: cmake
BuildRequires: gcc-c++
@@ -84,6 +86,10 @@ popd
%{_libdir}/libheif/libheif-x265.so
%changelog
+* Sun May 26 2024 Robert-André Mauchin <zebob.m(a)gmail.com> - 1.17.6-1
+- Update to 1.17.6
+- Fix CVE-2024-25269
+
* Sat Apr 06 2024 Leigh Scott <leigh123linux(a)gmail.com> - 1.17.5-3
- Rebuild for new x265 version
diff --git a/sources b/sources
index 7a5642d..f75b96a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libheif-1.17.5.tar.gz) =
e17f990fcb4b3ebfec19cbf304ae8f9b00a3d33aaf46802eff8b3c21c614ccd02cb0a92960324b4c579e579021615c88d16efe6df84a171ddbc05313d2c73931
+SHA512 (libheif-1.17.6.tar.gz) =
e8f7a9d8d7af1947e9ca43e8387fc082551c884bb66fef7484c82748f3b81524efa7a2988f31d059a85a10539ff42bd3125b0f066f7b8b652bd9450737b2bc89
175
days inactive
175
days old
rpmfusion-commits@lists.rpmfusion.org
0 comments
1 participants
participants (1)
-
Robert-André Mauchin