Accepting request 1134414 from home:AndreasStieger:branches:multimedia:libs

libavif 1.0.3 CVE-2023-6704boo#1218303 OBS-URL: https://build.opensuse.org/request/show/1134414 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libavif?expand=0&rev=56
2023-12-23 10:37:44 +00:00 · 2023-12-23 10:37:44 +00:00 · 90ed2f1655
commit 90ed2f1655
parent d13927bee7
4 changed files with 12 additions and 4 deletions
--- a/libavif-1.0.2.tar.gz
+++ b/libavif-1.0.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de8bf79488c5b523b77358df8b85ae69c3078e6b3f1636fc1f313f952269ad20
-size 10576546
--- a/libavif-1.0.3.tar.gz
+++ b/libavif-1.0.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35e3cb3cd7158209dcc31d3bf222036de5b9597e368a90e18449ecc89bb86a19
+size 10573846
--- a/libavif.changes
+++ b/libavif.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Dec 21 09:27:03 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 1.0.3:
+  * Rewrite the fix for memory errors fixed in 1.0.2
+  * CVE-2023-6704: Fix use-after-free errors (boo#1218303)
+  * src/reformat.c: Allocate the threadData array directly
+
 -------------------------------------------------------------------
 Tue Nov 28 20:40:32 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/libavif.spec
+++ b/libavif.spec
@ -27,7 +27,7 @@
 %bcond_with yuv
 %endif
 Name:           libavif
-Version:        1.0.2
+Version:        1.0.3
 Release:        0
 Summary:        Library for encoding and decoding .avif files
 License:        BSD-2-Clause