Accepting request 1304738 from multimedia:libs

OBS-URL: https://build.opensuse.org/request/show/1304738
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libheif?expand=0&rev=48

libheif-1.20.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68ac9084243004e0ef3633f184eeae85d615fe7e4444373a0a21cebccae9d12a
+size 1787518

libheif-CVE-2025-68431.patch

@@ -1,23 +0,0 @@
-From b8c12a7b70f46c9516711a988483bed377b78d46 Mon Sep 17 00:00:00 2001
-From: Dirk Farin <dirk.farin@gmail.com>
-Date: Tue, 11 Nov 2025 19:47:50 +0100
-Subject: [PATCH] fix wrong copy width in overlay images (thanks to Aldo
- Ristori for reporting this)
-
----
- libheif/pixelimage.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: libheif-1.19.7/libheif/pixelimage.cc
-===================================================================
---- libheif-1.19.7.orig/libheif/pixelimage.cc
-+++ libheif-1.19.7/libheif/pixelimage.cc
-@@ -1295,7 +1295,7 @@ Error HeifPixelImage::overlay(std::share
-       if (!has_alpha) {
-         memcpy(out_p + out_x0 + (out_y0 + y - in_y0) * out_stride,
-                in_p + in_x0 + y * in_stride,
--               in_w - in_x0);
-+               in_w);
-       }
-       else {
-         for (uint32_t x = in_x0; x < in_w; x++) {

libheif.changes

@@ -1,10 +1,78 @@
 -------------------------------------------------------------------
-Tue Jan  6 10:11:07 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
+Thu Sep 11 12:34:56 UTC 2025 - olaf@aepfle.de
 
-- security update
-- added patches
-  CVE-2025-68431 [bsc#1255735], heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF that exercises the overlay image item
-  * libheif-CVE-2025-68431.patch
+- version 1.20 requires at least ffmpeg 4, so go with version 7+
+
+-------------------------------------------------------------------
+Fri Aug  8 00:55:54 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.20.2:
+  - When opening tiled images, do not check against maximum image
+    size immediately to allow for tile-based decoding of very large
+    images.
+  - Several smaller fixes in writing image sequences
+  - CMake option to disable building of heif-view, which pulls in
+    dependency on SDL
+  - Fixes reading/writing of GIMI content IDs
+  - Some build fixes
+
+-------------------------------------------------------------------
+Tue Jul 29 08:01:31 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Remove conditionals for openh264, we can build against noopenh264
+
+-------------------------------------------------------------------
+Sat Jul  5 15:51:19 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.20.1:
+  - Fixes a bug in decoder plugin loading.
+- Changes from 1.20.0:
+  - Sequences:
+    - API for reading and writing image sequences. You can read and
+      write sequences for all codecs (not just H.265 / AV1, but
+      also JPEG-2000, ISO-23001-17 uncompressed, ...). Currently
+      only intra-coded sequences are supported.
+    - API for reading and writing metadata sequences. The metadata
+      tracks can contain any raw timed data.
+    - Support for SAI (sample auxiliary information). Timed samples
+      (from image sequences or metadata) can have auxiliary data
+      attached. Currently we support TAI timestamps and GIMI
+      content description IDs.
+    - Support for track references.
+    - The API for sequences is described here:
+      https://github.com/strukturag/libheif/wiki/Reading-and-Writing-Sequences
+    - New command line tool heif-view to show HEIF sequences
+      (requires libSDL).
+  - Other new features:
+    - You can specify a security limit for the maximum total memory
+      libheif may use for decoding. This is easier to handle than
+      specifying limits on the maximum image size or single memory
+      allocations.
+    - Support for TAI timestamps (in images and sequences) has been
+      promoted from experimental to stable.
+    - FFMPEG plugin now supports HDR decoding
+    - Header files are now split into individual headers by topic.
+      However, it should still be backwards compatible with heif.h
+      being a catch-all covering the old content. For new
+      functionality (sequences, TAI), you will need to include the
+      specific headers.
+    - All struct names of the API are now also typedefs.
+- add build requires for brotli which it looks for since 1.18
+- prepare building heif-view
+
+-------------------------------------------------------------------
+Sun Apr 27 20:13:21 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 1.19.8:
+  * Set essential flag for transformative properties as required by
+    MIAF. This fixes the display of AVIF images with transformations
+    encoded by libheif in Chrome, which checks whether this flag is
+    set. This mainly affected images encoded by ImageMagick.
+  * If the environment variable LIBHEIF_SECURITY_LIMITS is set to OFF,
+    libheif will not check any security limits. This can be used if a
+    user works with large images and the application software does not
+    allow to adjust the libheif security limits.
+  * Resolved processing 16-bit JPEG-2000
 
 -------------------------------------------------------------------
 Mon Mar  3 18:28:54 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>

libheif.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libheif
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,7 +28,6 @@
 %define gdk_pixbuf_binary_version 2.10.0
 %bcond_with x265
 %bcond_with kvazaar
-%bcond_with openh264
 %bcond_with openjpeg
 %bcond_with openjph
 %bcond_with svtenc
@@ -43,8 +42,10 @@
 %global force_gcc_version 13
 %endif
 
+%bcond_with heif_view
+
 Name:           libheif%{?psuffix}
-Version:        1.19.7
+Version:        1.20.2
 Release:        0
 Summary:        HEIF/AVIF file format decoder and encoder
 License:        LGPL-3.0-only AND MIT
@@ -52,8 +53,6 @@ Group:          Productivity/Graphics/Other
 URL:            https://github.com/strukturag/libheif
 Source0:        %{url}/releases/download/v%{version}/libheif-%{version}.tar.gz
 Source99:       baselibs.conf
-# CVE-2025-68431 [bsc#1255735], heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF that exercises the overlay image item
-Patch0:        libheif-CVE-2025-68431.patch
 BuildRequires:  chrpath
 BuildRequires:  cmake >= 3.25
 BuildRequires:  fdupes
@@ -62,8 +61,13 @@ BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(aom)
 BuildRequires:  pkgconfig(dav1d)
 BuildRequires:  pkgconfig(gdk-pixbuf-2.0)
-BuildRequires:  pkgconfig(libavcodec)
+BuildRequires:  pkgconfig(libavcodec) >= 61
+BuildRequires:  pkgconfig(libbrotlienc)
 BuildRequires:  pkgconfig(libjpeg)
+BuildRequires:  pkgconfig(openh264)
+%if %{with heif_view}
+BuildRequires:  pkgconfig(sdl2)
+%endif
 %if %{with openjpeg}
 BuildRequires:  pkgconfig(libopenjp2)
 %endif
@@ -72,9 +76,6 @@ BuildRequires:  pkgconfig(libwebp)
 %if %{with kvazaar}
 BuildRequires:  pkgconfig(kvazaar)
 %endif
-%if %{with openh264}
-BuildRequires:  pkgconfig(openh264)
-%endif
 %if %{with openjph}
 BuildRequires:  pkgconfig(openjph)
 %endif
@@ -314,12 +315,8 @@ sed -i '/add_libheif_test(encode)/d' tests/CMakeLists.txt
 	-DWITH_OpenJPEG_DECODER_PLUGIN=ON \
 	-DWITH_OpenJPEG_ENCODER=ON \
 	-DWITH_OpenJPEG_ENCODER_PLUGIN=ON \
-%if %{with openh264}
 	-DWITH_OpenH264_DECODER=ON \
 	-DWITH_OpenH264_DECODER_PLUGIN=ON \
-%else
-	-DWITH_OpenH264_DECODER=OFF \
-%endif
 %if %{with openjph}
 	-DWITH_OPENJPH_ENCODER=ON \
 	-DWITH_OPENJPH_ENCODER_PLUGIN=ON \
@@ -413,10 +410,8 @@ rm -f %{buildroot}%{_datadir}/thumbnailers/heif.thumbnailer
 %{_libexecdir}/libheif/libheif-j2kenc.so
 %endif
 
-%if %{with openh264}
 %files openh264
 %{_libexecdir}/libheif/libheif-openh264dec.so
-%endif
 
 %if %{with openjph}
 %files openjph