From 6eb8fc38c17050c63b0d7663abec32fddf5e181183a6a85a3cfe17610ceca8bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Thu, 20 Feb 2025 09:39:48 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main libavif revision ed4bfbd51ea4a91ab5ab7b189855741c --- baselibs.conf | 2 +- libavif-0.11.1.tar.gz | 3 - libavif-1.1.1.tar.gz | 3 + libavif-CVE-2023-6704.patch | 30 ------ libavif.changes | 178 ++++++++++++++++++++++++++++++++++-- libavif.spec | 48 ++++------ 6 files changed, 194 insertions(+), 70 deletions(-) delete mode 100644 libavif-0.11.1.tar.gz create mode 100644 libavif-1.1.1.tar.gz delete mode 100644 libavif-CVE-2023-6704.patch diff --git a/baselibs.conf b/baselibs.conf index 346a881..8f7fafe 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1 +1 @@ -libavif15 +libavif16 diff --git a/libavif-0.11.1.tar.gz b/libavif-0.11.1.tar.gz deleted file mode 100644 index 1f124bc..0000000 --- a/libavif-0.11.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0eb49965562a0e5e5de58389650d434cff32af84c34185b6c9b7b2fccae06d4e -size 5826813 diff --git a/libavif-1.1.1.tar.gz b/libavif-1.1.1.tar.gz new file mode 100644 index 0000000..424c78c --- /dev/null +++ b/libavif-1.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:914662e16245e062ed73f90112fbb4548241300843a7772d8d441bb6859de45b +size 13644189 diff --git a/libavif-CVE-2023-6704.patch b/libavif-CVE-2023-6704.patch deleted file mode 100644 index cf3576b..0000000 --- a/libavif-CVE-2023-6704.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7845153645cfe245de5add94fb07c227c2d16402 Mon Sep 17 00:00:00 2001 -From: Vignesh Venkatasubramanian -Date: Mon, 27 Nov 2023 11:31:38 -0800 -Subject: [PATCH] Do not store colorproperties until alpha item is found - -colorProperties could be pointing to a dangling pointer if -findAlphaItem() resizes the meta.items array. ---- - -Index: libavif-0.11.1/src/read.c -=================================================================== ---- libavif-0.11.1.orig/src/read.c -+++ libavif-0.11.1/src/read.c -@@ -3487,7 +3487,6 @@ avifResult avifDecoderReset(avifDecoder - avifDiagnosticsPrintf(&decoder->diag, "Primary item not found"); - return AVIF_RESULT_NO_AV1_ITEMS_FOUND; - } -- colorProperties = &colorItem->properties; - - // Find the alphaOBU item, if any - for (uint32_t itemIndex = 0; itemIndex < data->meta->items.count; ++itemIndex) { -@@ -3529,6 +3528,8 @@ avifResult avifDecoderReset(avifDecoder - } - } - -+ colorProperties = &colorItem->properties; -+ - // Find Exif and/or XMP metadata, if any - avifResult findResult = avifDecoderFindMetadata(decoder, data->meta, decoder->image, colorItem->id); - if (findResult != AVIF_RESULT_OK) { diff --git a/libavif.changes b/libavif.changes index 85b2993..45406bb 100644 --- a/libavif.changes +++ b/libavif.changes @@ -1,8 +1,174 @@ ------------------------------------------------------------------- -Wed Jan 31 07:28:21 UTC 2024 - Xiaoguang Wang +Tue Sep 10 10:31:03 UTC 2024 - Carsten Ziepke -- Add libavif-CVE-2023-6704.patch: Do not store colorproperties - until alpha item is found (bsc#1218303 CVE-2023-6704). +- Enable building with aom and libyuv for Leap + +------------------------------------------------------------------- +Sat Aug 31 15:13:53 UTC 2024 - Dirk Müller + +- update to 1.1.1: + * In avif.h, change "AVIF_API AVIF_NODISCARD" back to + "AVIF_NODISCARD AVIF_API" to fix clang-cl and MSVC compilation + errors in the shared library build on Windows. + * Fix -DAVIF_GTEST=SYSTEM + * Fix infe_type and codec_config_type wrongly read as byte- + aligned fields in the + * experimental feature AVIF_ENABLE_EXPERIMENTAL_METAV1. + * When building aom as a local dependency, runtime CPU + detection (`CONFIG_RUNTIME_CPU_DETECT`) is now always `ON`; + * Fix CMake config shared library leaks + * Update gain map metadata to current ISO 21496-1 draft. + * cmake: Only search for ASM_NASM language on x86_64 platforms. + * Fix "No known features for CXX compiler" CMake error. + * Fix aom link flags so that transitive library link flags are + included when aom is a static library + * Fix out-of-order 'dimg' grid associations + * Report files with an item used in multiple 'dimg' boxes with + * AVIF_RESULT_NOT_IMPLEMENTED instead of + AVIF_RESULT_INVALID_IMAGE_GRID. + * Add experimental API for reading and writing gain maps in + AVIF files. + * If enabled at compile time, add `gainMap` field to + `avifImage`, + * add `qualityGainMap` field to `avifEncoder`, add + `gainMapPresent`, `enableDecodingGainMap`, + `enableParsingGainMapMetadata` and `ignoreColorAndAlpha` to + `avifDecoder`. + * Utility functions for working with gain maps are also added. + * Gain maps allow readers that support them to display HDR + images that look good on both HDR and SDR displays. + * Add experimental support for converting jpeg files with gain + maps to AVIF files with gain maps. Requires libxml2, and the + AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP compilation flag. + * Add a --qgain-map flag to control the gain map quality in + avifenc. + * Add the headerFormat member of new type avifHeaderFormat to + avifEncoder. + * Add experimental API for reading and writing "mif3"-branded + AVIF files behind the compilation flag + AVIF_ENABLE_EXPERIMENTAL_METAV1. + * Implement avifImageScale() fallback when libyuv is not + available. + * Partial import of libyuv to third_party/libyuv (new LICENSE). + * Add avifenc flag suffixes ":update" and ":u". Quality- + relative, tiling-relative and codec-specific flags can now be + positional, relative to input files. + * Add experimental support for layered AVIF encoding in + avifenc. + * Use the --layered flag to enable layered AVIF encoding. + * Layered AVIF has multiple layers, which works like frame of + animated AVIF, and layers can be rendered in progressive + manner on supported viewers + * Only aom supports layered AVIF encoding at the time of + writing. + * Add --scaling-mode flag to set scaling mode of each layer. + * This part of AV1 encoder is not as thoroughly tested, so + there are higher possibility encoder may crash when given certain + configuration or input. + * Add imageSequenceTrackPresent flag to the avifDecoder struct. + * avifImageScale() function was made part of the public ABI. + * Add avif_cxx.h as a C++ header with basic functionality. + * Add enum aliases AVIF_COLOR_PRIMARIES_SRGB, + AVIF_COLOR_PRIMARIES_BT2100, + * AVIF_COLOR_PRIMARIES_DCI_P3, + AVIF_TRANSFER_CHARACTERISTICS_PQ. + * Add avifResult enum entry AVIF_RESULT_INTERNAL_ERROR. + * Require libyuv by default (but it can still be disabled with + * -DAVIF_LIBYUV=OFF). + * Add avifdec --icc flag to override the output color profile. + * Add experimental API for reading and writing 16-bit AVIF + files behind the + * compilation flag AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM. + * Add AVIF_CHROMA_SAMPLE_POSITION_RESERVED to + avifChromaSamplePosition enum. + +------------------------------------------------------------------- +Sun Mar 17 09:23:56 UTC 2024 - Dirk Müller + +- update to 1.0.4: + * AVIF_ENABLE_WERROR is set to OFF by default. + * Fix wrong alpha plane deallocation when decoded tile pixel + format does not match reconstructed output image pixel format + * Fix identical chunk skipping optimization when writing + animation data + * Fix ID selection for artificial grid alpha item when decoding + a grid of tiles which each have an associated auxiliary alpha + image item (https://crbug.com/oss-fuzz/65657). + +------------------------------------------------------------------- +Thu Dec 21 09:27:03 UTC 2023 - Andreas Stieger + +- update to 1.0.3: + * Rewrite the fix for memory errors fixed in 1.0.2 + * CVE-2023-6704: Fix use-after-free errors (boo#1218303) + * src/reformat.c: Allocate the threadData array directly + +------------------------------------------------------------------- +Tue Nov 28 20:40:32 UTC 2023 - Andreas Stieger + +- update to 1.0.2: + * Update avifCropRectConvertCleanApertureBox() to the revised + requirements in ISO/IEC 23000-22:2019/Amd. 2:2021 Section + 7.3.6.7. + * CVE-2023-6350: Out of bounds memory to alphaItemIndices (boo#1217614) + * CVE-2023-6351: use-after-free in colorProperties (boo#1217615) +- drop fix-gdkpixbuf.patch + +------------------------------------------------------------------- +Tue Aug 29 05:18:59 UTC 2023 - Paolo Stivanin + +- Update to 1.0.0: + * Incompatible changes: + + The clli member was added to the avifImage struct. + + The repetitionCount member was added to the avifEncoder and avifDecoder + structs. + + The quality and qualityAlpha members were added to the avifEncoder struct. + + Check that functions returning pointers do not return NULL before accessing + those pointers. + + Check the return value of avifEncoderSetCodecSpecificOption(). + + The maxThreads member was added to the avifRGBImage struct. + + Check the return value of avifRGBImageAllocatePixels(), avifRWDataRealloc(), + avifRWDataSet(), avifImageSetProfileICC(), avifImageSetMetadataExif() and + avifImageSetMetadataXMP(). + + The meaning of the keyframeInterval member of avifEncoder struct has changed + slightly. When set to a value of "n", + Before: It forces a keyframe on every nth frame. + After: Any set of "n" consecutive frame will have at least one keyframe + (every nth frame may or may not be a keyframe). + * Added: + + Add clli metadata read and write support + + Add repetitionCount member to avifEncoder and avifDecoder structs to specify + the number of repetitions for animated image sequences. + + Add quality and qualityAlpha to avifEncoder. Note: minQuantizer, + maxQuantizer, minQuantizerAlpha, and maxQuantizerAlpha are deprecated. Code + should be updated to set quality (and qualityAlpha if applicable) and leave + minQuantizer, maxQuantizer, minQuantizerAlpha, and maxQuantizerAlpha + initialized to the default values. + + The --target-size flag in avifenc was added to adapt the quality so that the + output file size is as close to the given number of bytes as possible. + + Add the public API function avifImageIsOpaque() in avif.h. + + Add the public API functions avifImagePlane(), avifImagePlaneRowBytes(), + avifImagePlaneWidth(), and avifImagePlaneHeight() in avif.h. + + Add API for multi-threaded YUV to RGB color conversion. + + Allow lossless 4:0:0 on grayscale input. + + Add avifenc --no-overwrite flag to avoid overwriting output file. + + Add avifenc --clli flag to set clli. + + Add support for all transfer functions when using libsharpyuv. + * Changed: + + Exif and XMP metadata is exported to PNG and JPEG files by default, + except XMP payloads larger than 65502 bytes in JPEG. + + The --grid flag in avifenc can be used for images that are not evenly divided + into cells. + + Change the encoder to write the boxes within the "stbl" box in the order of + stsd, stts, stsc, stsz, stco, stss. + + avifImageRGBToYUV() and avifImageYUVToRGB() handle avifImage bit depths 8, 10, + 12 and now also 16. Files read by apps/shared/ can output 16-bit avifImage + instances. + + avifImageCreate(), avifImageCreateEmpty(), avifEncoderCreate() and other + internal functions now return NULL if a memory allocation failed. + + avifEncoderSetCodecSpecificOption() now returns avifResult instead of void to + report memory allocation failures. +- Add fix-gdkpixbuf.patch. ------------------------------------------------------------------- Sun May 7 14:52:35 UTC 2023 - Arjen de Korte @@ -22,10 +188,10 @@ Mon Nov 14 11:41:20 UTC 2022 - ecsos ------------------------------------------------------------------- Thu Oct 27 19:02:16 UTC 2022 - Cristian Rodríguez -- Remove unused BuildRequires on nasm +- Remove unused BuildRequires on nasm - Remove indirect/incorrect Buildrequires on zlib - add direct glib Buildrequires - + ------------------------------------------------------------------- Sat Oct 15 12:28:59 UTC 2022 - Bjørn Lie @@ -121,7 +287,7 @@ Sat Oct 15 12:28:59 UTC 2022 - Bjørn Lie - The avifCodecConfigurationBox struct becomes a private type for libavif internal use - Bump lib_soversion global (also in baselibs.conf) to 15 following - upstream change. + upstream change. - Use ldconfig_scriptlets for post(un) handling. ------------------------------------------------------------------- diff --git a/libavif.spec b/libavif.spec index 7760000..3393f9d 100644 --- a/libavif.spec +++ b/libavif.spec @@ -1,7 +1,7 @@ # # spec file for package libavif # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,47 +16,31 @@ # -%if 0%{?suse_version} >= 1550 -%bcond_without aom -%bcond_without yuv -%else -%bcond_with aom -%bcond_with yuv -%endif - # Also update baselibs.conf if you bump the version -%global lib_soversion 15 +%global lib_soversion 16 %global lib_name libavif%{lib_soversion} - Name: libavif -Version: 0.11.1 +Version: 1.1.1 Release: 0 Summary: Library for encoding and decoding .avif files License: BSD-2-Clause Group: Development/Libraries/C and C++ URL: https://github.com/AOMediaCodec/libavif -# Source: https://github.com/AOMediaCodec/libavif/archive/v%{version}/%{name}-%{version}.tar.gz Source99: baselibs.conf -# -# PATCH-FIX-UPSTREAM libavif-CVE-2023-6704.patch bsc#1218303 xwang@suse.com -- Do not store colorproperties until alpha item is found -Patch0: libavif-CVE-2023-6704.patch +BuildRequires: c++_compiler BuildRequires: cmake -BuildRequires: gcc-c++ BuildRequires: libjpeg8-devel +BuildRequires: pkgconfig +BuildRequires: pkgconfig(aom) >= 2.0.0 BuildRequires: pkgconfig(dav1d) BuildRequires: pkgconfig(gdk-pixbuf-2.0) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gobject-2.0) -BuildRequires: pkgconfig(libpng) +BuildRequires: pkgconfig(libpng) >= 1.6.32 BuildRequires: pkgconfig(libwebp) -BuildRequires: pkgconfig(rav1e) >= 0.5.0 -%if %{with aom} -BuildRequires: pkgconfig(aom) >= 2.0.0 -%endif -%if %{with yuv} BuildRequires: pkgconfig(libyuv) -%endif +BuildRequires: pkgconfig(rav1e) >= 0.5.0 %description This library aims to be a friendly, portable C implementation of the AV1 Image @@ -99,10 +83,10 @@ Group: Development/Libraries/C and C++ A pixbuf-loader plugin to load AVIF images in GTK+ applications. %package devel -Requires: %{lib_name} = %{version}-%{release} # Summary: Development files for libavif Group: Development/Libraries/C and C++ +Requires: %{lib_name} = %{version}-%{release} %description devel This library aims to be a friendly, portable C implementation of the AV1 Image @@ -117,11 +101,14 @@ This package holds the development files for libavif. %build %cmake \ - -DAVIF_CODEC_RAV1E:BOOL=ON \ - -DAVIF_CODEC_DAV1D:BOOL=ON \ - %if %{with aom} - -DAVIF_CODEC_AOM:BOOL=ON \ - %endif + -DAVIF_CODEC_AOM=SYSTEM \ + -DAVIF_CODEC_DAV1D=SYSTEM \ + -DAVIF_CODEC_RAV1E=SYSTEM \ + -DAVIF_GTEST=SYSTEM \ + -DAVIF_JPEG=SYSTEM \ + -DAVIF_LIBXML2=SYSTEM \ + -DAVIF_LIBYUV=SYSTEM \ + -DAVIF_ZLIBPNG=SYSTEM \ -DAVIF_BUILD_APPS:BOOL=ON \ -DAVIF_BUILD_EXAMPLES:BOOL=ON \ -DAVIF_BUILD_GDK_PIXBUF=ON @@ -150,6 +137,7 @@ This package holds the development files for libavif. %{_bindir}/avifenc %files -n gdk-pixbuf-loader-libavif +%license LICENSE %{_libdir}/gdk-pixbuf-2.0/*/loaders/libpixbufloader-avif.so %dir %{_datadir}/thumbnailers %{_datadir}/thumbnailers/avif.thumbnailer