Bug 275873 - graphics/libheif: Update to 1.17.6
Summary: graphics/libheif: Update to 1.17.6
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Daniel Engberg
URL: https://github.com/strukturag/libheif...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-21 21:02 UTC by Daniel Engberg
Modified: 2023-12-25 19:39 UTC (History)
0 users

See Also:
makc: maintainer-feedback+


Attachments
Patch for libheif (1.36 KB, patch)
2023-12-21 21:02 UTC, Daniel Engberg
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer freebsd_triage 2023-12-21 21:02:21 UTC
Created attachment 247188 [details]
Patch for libheif

Fixes following CVEs:
CVE-2023-49462
CVE-2023-49463

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49462
https://nvd.nist.gov/vuln/detail/CVE-2023-49463

Compile and runtime tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist, make test)

Poudriere testport OK 13.2-RELEASE (amd64)
Poudriere testport OK 12.4-RELEASE (amd64)

Tested with following consumers in Poudriere, 13.2-RELEASE:
astro/siril
graphics/ImageMagick6
graphics/ImageMagick7
graphics/cimg
graphics/darktable
graphics/digikam
graphics/geeqie
graphics/gimp-app
graphics/imv
graphics/kf5-kimageformats
graphics/krita
graphics/openimageio
graphics/py-openimageio
graphics/py-pillow-heif
graphics/vips
x11/swayimg
x11/wallutils
Comment 1 Max Brazhnikov freebsd_committer freebsd_triage 2023-12-25 08:06:58 UTC
Thanks, Daniel!
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-12-25 19:17:36 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=68e951bfddd94d7aab72226214a513032b8f903a

commit 68e951bfddd94d7aab72226214a513032b8f903a
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-12-25 19:14:20 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-12-25 19:14:28 +0000

    graphics/libheif: Update to 1.17.6

    Fixes following CVEs:
    CVE-2023-49462
    CVE-2023-49463

    Changelog: https://github.com/strukturag/libheif/releases/tag/v1.17.6

    References:
    https://nvd.nist.gov/vuln/detail/CVE-2023-49462
    https://nvd.nist.gov/vuln/detail/CVE-2023-49463

    PR:             275873
    Reviewed by:    makc (maintainer)
    Sponsored by:   Blinkinblox

 graphics/libheif/Makefile                                | 3 +--
 graphics/libheif/distinfo                                | 6 +++---
 graphics/libheif/files/patch-gnome_CMakeLists.txt (gone) | 7 -------
 3 files changed, 4 insertions(+), 12 deletions(-)
Comment 3 Daniel Engberg freebsd_committer freebsd_triage 2023-12-25 19:39:40 UTC
Committed, thanks!