Ana Guerrero 2023-07-19 17:09:49 +00:00 committed by Git OBS Bridge
commit 30aefa4476
7 changed files with 33 additions and 75 deletions

BIN
libwebp-1.3.0.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEaw5rcJdt4wPt8vYB+cPWvbgjK10FAmPAuMcACgkQ+cPWvbgj
K10z8hAAljCoDyB3s8espzXKEdDMl+u/qDcVZtRednMae2ThYUgTd0lMi9DyNWew
OHnYH8uIjJ6dY4/m+DeqQhpjMSZjmgl0bw/Mduu567ayZ3tGrS7itDwzAiWTffqk
rPPQny9gons0yjBNaQN75Mk4YbEA5o/oJfekBrhC5hlgjPfVekb0BiAGTMQnNkZK
83x+pOtrwYqNMC7W+YGfiDZZXJ20JxxLIkdhPX0PqDcYDzhLo/GgMnpad9M8e05s
GlCjM9xPrWoIEat9FBvCV60QMhII+Uc9VH4OuW9b0FSAvprNRMc0SjKiXedjZw7Z
+0WitwFItsisbWl6ebazy9ChyyBcpHftqyARZpsg8op/PRYoZw9kZVk4AdEoC/T9
iirg6Q+NhxuUmz6YFherbVXy0XCOMoBQOginCkkFEYlxxh4aEMK5IkZZnxZSinQk
MrqZN+b7Su4TYA4nA5930FvkgstsO5yMCajVXaM6idVrqzy2ktzduMzGVxpSIWLy
U/WPsHbCFIgP3CFbNTUmB3r/zloVrIP2o+e6mUQhvT1D2ShDScTGKVuIMopXcw6m
e92M+g1s3nruCSMf0Ayl6rY8AjbC1Ma5qixqpdQ79lS5cXBx6YkalgY78PXZxQz0
BBU1Nwkl7uPoQHpbn+QKQ6y6ClBiVrybk2zfDr7Em+ayW72xqG0=
=jc1+
-----END PGP SIGNATURE-----

3
libwebp-1.3.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66
size 4161782

16
libwebp-1.3.1.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEaw5rcJdt4wPt8vYB+cPWvbgjK10FAmSc5osACgkQ+cPWvbgj
K12FbxAAgfRFe8KevbVD+5x+uQPYRg0kvXBwRohRymiab64pM3fAZShlTaX8bHOu
YD84PkXCWrSJ9Z6RYWdgCOfrmw68OL0OuFtprD2KqMI1lQTUvKFvuGuLtpZ6yzZl
MCrDHnt5wbOFI0zVDn/LP6JGFX7OwSv09z8Nm4Nc4U55y/lzyNqmb7nkoYpZ9QtA
B4fXgp/nlrjEwdOOemggk9QGNNe/ivuePmdMRw2Vz0g+CKVOAbvq34KQN4eDr3V7
oygGclGURJ9RgAx847B3EgE/NSIRZS1XntksqpgSIo6EYDH6TUSXJZ2+bNTAdAdi
hRX/mfc3k5AhS4RIxl00DC0TOSOiUGsvq2YsO7As5Eu93BVCGd7knYDivciJ0HDE
rS55R3ReM/YD9sn6Ix886e8n9kSeJYMXQcpgpRYvomWvLgppWtukpEwjMKhsJlR1
/11rQNh5DsJcSk4x2nhPF7CTB7Ls7IcR9VdhUZhAaZ4MfxZylHQBOArgAbDZ+tA5
gYedMnFe+bfVEKZa5C9KCQ9nDn/DPz6wFWNq5fr7/isng1lppW5V8r2YlLhzXoL/
bpY7zAN0bbfVvZH3PYl+Syg5kDbSJE/5mADHBO8e7VKVJITl6zCW6evAyZGTiX+k
1ea+Twq1RroVtinbcoJZA/m8V/de5dRp8Qs4yuV7RZTe6XD/w5w=
=HjVJ
-----END PGP SIGNATURE-----

View File

@ -1,52 +0,0 @@
From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Wed, 22 Feb 2023 22:15:47 -0800
Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error
This avoids a double free should the function fail prior to
VP8BitWriterInit() and a previous trial result's buffer carried over.
Previously in ApplyFiltersAndEncode() trial.bw (with a previous
iteration's buffer) would be freed, followed by best.bw pointing to the
same buffer.
Since:
187d379d add a fallback to ALPHA_NO_COMPRESSION
In addition, check the return value of VP8BitWriterInit() in this
function.
Bug: webp:603
Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
---
src/enc/alpha_enc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
index f7c02690e3..7d205586fe 100644
--- a/src/enc/alpha_enc.c
+++ b/src/enc/alpha_enc.c
@@ -13,6 +13,7 @@
#include <assert.h>
#include <stdlib.h>
+#include <string.h>
#include "src/enc/vp8i_enc.h"
#include "src/dsp/dsp.h"
@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
}
} else {
VP8LBitWriterWipeOut(&tmp_bw);
+ memset(&result->bw, 0, sizeof(result->bw));
return 0;
}
}
@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
header = method | (filter << 2);
if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
- VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size);
+ if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN);
ok = ok && VP8BitWriterAppend(&result->bw, output, output_size);

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Tue Jul 18 09:22:41 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.3.1:
* security fixes for lossless encoder (CVE-2023-1999)
* improve error reporting through WebPPicture error codes
* fix upsampling for RGB565 and RGBA4444 in NEON builds
* img2webp: add -sharp_yuv & -near_lossless
* fix webp_js with emcc >= 3.1.27 (stack size change)
* CMake fixes
* further updates to the container and lossless bitstream docs
- Drop libwebp-double-free.patch: fixed upstream.
-------------------------------------------------------------------
Tue May 30 01:20:57 UTC 2023 - Xiaoguang Wang <xiaoguang.wang@suse.com>

View File

@ -17,7 +17,7 @@
Name: libwebp
Version: 1.3.0
Version: 1.3.1
Release: 0
Summary: Library and tools for the WebP graphics format
License: BSD-3-Clause
@ -29,9 +29,6 @@ Source2: https://storage.googleapis.com/downloads.webmproject.org/release
Source3: %name.keyring
Source4: baselibs.conf
# PATCH-FIX-UPSTREAM libwebp-double-free.patch bsc#1210212 CVE-2023-1999 xwang@suse.com -- Avoid a double free
Patch0: libwebp-double-free.patch
BuildRequires: giflib-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(glut)