Bug 275873

Summary: graphics/libheif: Update to 1.17.6
Product: Ports & Packages Reporter: Daniel Engberg <diizzy>
Component: Individual Port(s)Assignee: Daniel Engberg <diizzy>
Status: Closed FIXED    
Severity: Affects Only Me Flags: makc: maintainer-feedback+
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/strukturag/libheif/releases/tag/v1.17.6
Attachments:
Description Flags
Patch for libheif none

Description Daniel Engberg freebsd_committer freebsd_triage 2023-12-21 21:02:21 UTC 
Created attachment 247188 [details]
Patch for libheif

Fixes following CVEs:
CVE-2023-49462
CVE-2023-49463

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49462
https://nvd.nist.gov/vuln/detail/CVE-2023-49463

Compile and runtime tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist, make test)

Poudriere testport OK 13.2-RELEASE (amd64)
Poudriere testport OK 12.4-RELEASE (amd64)

Tested with following consumers in Poudriere, 13.2-RELEASE:
astro/siril
graphics/ImageMagick6
graphics/ImageMagick7
graphics/cimg
graphics/darktable
graphics/digikam
graphics/geeqie
graphics/gimp-app
graphics/imv
graphics/kf5-kimageformats
graphics/krita
graphics/openimageio
graphics/py-openimageio
graphics/py-pillow-heif
graphics/vips
x11/swayimg
x11/wallutils
Comment 1 Max Brazhnikov freebsd_committer freebsd_triage 2023-12-25 08:06:58 UTC 
Thanks, Daniel!
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-12-25 19:17:36 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=68e951bfddd94d7aab72226214a513032b8f903a

commit 68e951bfddd94d7aab72226214a513032b8f903a
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-12-25 19:14:20 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-12-25 19:14:28 +0000

    graphics/libheif: Update to 1.17.6

    Fixes following CVEs:
    CVE-2023-49462
    CVE-2023-49463

    Changelog: https://github.com/strukturag/libheif/releases/tag/v1.17.6

    References:
    https://nvd.nist.gov/vuln/detail/CVE-2023-49462
    https://nvd.nist.gov/vuln/detail/CVE-2023-49463

    PR:             275873
    Reviewed by:    makc (maintainer)
    Sponsored by:   Blinkinblox

 graphics/libheif/Makefile                                | 3 +--
 graphics/libheif/distinfo                                | 6 +++---
 graphics/libheif/files/patch-gnome_CMakeLists.txt (gone) | 7 -------
 3 files changed, 4 insertions(+), 12 deletions(-)
Comment 3 Daniel Engberg freebsd_committer freebsd_triage 2023-12-25 19:39:40 UTC 
Committed, thanks!