Upgrade to release 1.23.1. New features: - FFmpeg decoder plugin gains AV1, VVC, JPEG, and JPEG 2000/HTJ2K decoding - SVT-AV1 encoder: new tune=iq and ms-ssim tune parameters - C++ API: added getters/setters for the CLLI and MDCV HDR metadata boxes - Sequence decoder now scales the alpha auxiliary track to the main image size
Bug fixes: - Fixed pixi box writing for multi-channel images - Corrected the placement of the TAI clock_type field into the top 2 bits - Empty/unset plugin directory is no longer scanned Security fixes: - CVE-TBD (GHSA-jc8f-p23p-5hjg) Integer underflow in Fraction constructor via double clap transform application - CVE-TBD (GHSA-73p7-m7gg-w2jv) Out-of-bounds read in uncompressed unci tile range slicing = CVE-TBD (GHSA-xpw3-9rhw-482x) Heap out of bounds write in libheif uncompressed encoder when writing images with mismatched auxiliary alpha dimensions - CVE-TBD (GHSA-9ww4-9v47-m7pj) Reachable assertion in HeifContext::get_track() aborts on a valid-but-empty HEIF sequence file - (GHSA-46rp-pcq2-rpmr) Heap out-of-bounds write in the uncompressed encoder for RRGGBB images with interleaved bit-depth lower or equal to 8 Remove CVE-2026-3949.patch because the fix has been included in the source code for this release of libheif. This work was sponsored by GOVCERT.LU. Signed-off-by: Leon Anavi <[email protected]> --- .../libheif/libheif/CVE-2026-3949.patch | 50 ------------------- .../{libheif_1.21.2.bb => libheif_1.23.1.bb} | 6 +-- 2 files changed, 2 insertions(+), 54 deletions(-) delete mode 100644 meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2026-3949.patch rename meta-multimedia/recipes-multimedia/libheif/{libheif_1.21.2.bb => libheif_1.23.1.bb} (90%) diff --git a/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2026-3949.patch b/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2026-3949.patch deleted file mode 100644 index ef5d9c1ee4..0000000000 --- a/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2026-3949.patch +++ /dev/null @@ -1,50 +0,0 @@ -From cba59e7671a36a78e31c0490efe74ec226918580 Mon Sep 17 00:00:00 2001 -From: Dirk Farin <[email protected]> -Date: Tue, 24 Feb 2026 00:32:48 +0100 -Subject: [PATCH] vvdec: check that NAL size does not exceed data size (#1712) - -CVE: CVE-2026-3949 -Upstream-Status: Backport [https://github.com/strukturag/libheif/commit/b97c8b5f198b27f375127cd597a35f2113544d03] -Signed-off-by: Gyorgy Sarvari <[email protected]> ---- - libheif/plugins/decoder_vvdec.cc | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/libheif/plugins/decoder_vvdec.cc b/libheif/plugins/decoder_vvdec.cc -index 09515720..14b3e9fd 100644 ---- a/libheif/plugins/decoder_vvdec.cc -+++ b/libheif/plugins/decoder_vvdec.cc -@@ -55,6 +55,7 @@ struct vvdec_decoder - std::string error_message; - }; - -+static const char kEmptyString[] = ""; - static const char kSuccess[] = "Success"; - - static const int VVDEC_PLUGIN_PRIORITY = 100; -@@ -179,9 +180,25 @@ heif_error vvdec_push_data2(void* decoder_raw, const void* frame_data, size_t fr - - const auto* data = (const uint8_t*) frame_data; - -+ if (frame_size < 4) { -+ return { -+ heif_error_Decoder_plugin_error, -+ heif_suberror_End_of_data, -+ kEmptyString -+ }; -+ } -+ - for (;;) { - uint32_t size = four_bytes_to_uint32(data[0], data[1], data[2], data[3]); - -+ if (frame_size < 4 + size) { -+ return { -+ heif_error_Decoder_plugin_error, -+ heif_suberror_End_of_data, -+ kEmptyString -+ }; -+ } -+ - data += 4; - - std::vector<uint8_t> nalu; diff --git a/meta-multimedia/recipes-multimedia/libheif/libheif_1.21.2.bb b/meta-multimedia/recipes-multimedia/libheif/libheif_1.23.1.bb similarity index 90% rename from meta-multimedia/recipes-multimedia/libheif/libheif_1.21.2.bb rename to meta-multimedia/recipes-multimedia/libheif/libheif_1.23.1.bb index ab29fa3b02..ee86fd3bc5 100644 --- a/meta-multimedia/recipes-multimedia/libheif/libheif_1.21.2.bb +++ b/meta-multimedia/recipes-multimedia/libheif/libheif_1.23.1.bb @@ -6,11 +6,9 @@ LICENSE_FLAGS = "commercial" COMPATIBLE_MACHINE:powerpc64le = "null" -SRC_URI = "git://github.com/strukturag/libheif.git;protocol=https;branch=master;tag=v${PV} \ - file://CVE-2026-3949.patch \ - " +SRC_URI = "git://github.com/strukturag/libheif.git;protocol=https;branch=master;tag=v${PV}" -SRCREV = "62f1b8c76ed4d8305071fdacbe74ef9717bacac5" +SRCREV = "2c4bbb54c2738d4a5efbbe3e5fa1d5d76bb88eb0" inherit cmake pkgconfig -- 2.47.3
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#128068): https://lists.openembedded.org/g/openembedded-devel/message/128068 Mute This Topic: https://lists.openembedded.org/mt/120157430/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
