275873 – graphics/libheif: Update to 1.17.6

Bug 275873 - graphics/libheif: Update to 1.17.6

Summary: graphics/libheif: Update to 1.17.6

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Daniel Engberg

URL:	https://github.com/strukturag/libheif...
Keywords:

Depends on:
Blocks:

Reported:	2023-12-21 21:02 UTC by Daniel Engberg
Modified:	2023-12-25 19:39 UTC (History)
CC List:	0 users

See Also:

Flags:	makc: maintainer-feedback+

Attachments
Patch for libheif (1.36 KB, patch) 2023-12-21 21:02 UTC, Daniel Engberg	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Engberg freebsd_committer

2023-12-21 21:02:21 UTC

Created attachment 247188 [details]
Patch for libheif

Fixes following CVEs:
CVE-2023-49462
CVE-2023-49463

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49462
https://nvd.nist.gov/vuln/detail/CVE-2023-49463

Compile and runtime tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist, make test)

Poudriere testport OK 13.2-RELEASE (amd64)
Poudriere testport OK 12.4-RELEASE (amd64)

Tested with following consumers in Poudriere, 13.2-RELEASE:
astro/siril
graphics/ImageMagick6
graphics/ImageMagick7
graphics/cimg
graphics/darktable
graphics/digikam
graphics/geeqie
graphics/gimp-app
graphics/imv
graphics/kf5-kimageformats
graphics/krita
graphics/openimageio
graphics/py-openimageio
graphics/py-pillow-heif
graphics/vips
x11/swayimg
x11/wallutils

Comment 1 Max Brazhnikov freebsd_committer

2023-12-25 08:06:58 UTC

Thanks, Daniel!

Comment 2 commit-hook freebsd_committer

2023-12-25 19:17:36 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=68e951bfddd94d7aab72226214a513032b8f903a

commit 68e951bfddd94d7aab72226214a513032b8f903a
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-12-25 19:14:20 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-12-25 19:14:28 +0000

    graphics/libheif: Update to 1.17.6

    Fixes following CVEs:
    CVE-2023-49462
    CVE-2023-49463

    Changelog: https://github.com/strukturag/libheif/releases/tag/v1.17.6

    References:
    https://nvd.nist.gov/vuln/detail/CVE-2023-49462
    https://nvd.nist.gov/vuln/detail/CVE-2023-49463

    PR:             275873
    Reviewed by:    makc (maintainer)
    Sponsored by:   Blinkinblox

 graphics/libheif/Makefile                                | 3 +--
 graphics/libheif/distinfo                                | 6 +++---
 graphics/libheif/files/patch-gnome_CMakeLists.txt (gone) | 7 -------
 3 files changed, 4 insertions(+), 12 deletions(-)

Comment 3 Daniel Engberg freebsd_committer

2023-12-25 19:39:40 UTC

Committed, thanks!