From f95226c91188b32c2d976f8080fa85008a657ed8a4a60576da7a4da6c4bee747 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 18 Jul 2023 09:42:13 +0000
Subject: [PATCH] Accepting request 1099223 from home:dimstar:Factory

- Update to version 1.3.1:
  * security fixes for lossless encoder (CVE-2023-1999)
  * improve error reporting through WebPPicture error codes
  * fix upsampling for RGB565 and RGBA4444 in NEON builds
  * img2webp: add -sharp_yuv & -near_lossless
  * fix webp_js with emcc >= 3.1.27 (stack size change)
  * CMake fixes
  * further updates to the container and lossless bitstream docs
- Drop libwebp-double-free.patch: fixed upstream.

OBS-URL: https://build.opensuse.org/request/show/1099223
OBS-URL: https://build.opensuse.org/package/show/graphics/libwebp?expand=0&rev=33
---
 libwebp-1.3.0.tar.gz      |  3 ---
 libwebp-1.3.0.tar.gz.asc  | 16 ------------
 libwebp-1.3.1.tar.gz      |  3 +++
 libwebp-1.3.1.tar.gz.asc  | 16 ++++++++++++
 libwebp-double-free.patch | 52 ---------------------------------------
 libwebp.changes           | 13 ++++++++++
 libwebp.spec              |  5 +---
 7 files changed, 33 insertions(+), 75 deletions(-)
 delete mode 100644 libwebp-1.3.0.tar.gz
 delete mode 100644 libwebp-1.3.0.tar.gz.asc
 create mode 100644 libwebp-1.3.1.tar.gz
 create mode 100644 libwebp-1.3.1.tar.gz.asc
 delete mode 100644 libwebp-double-free.patch

diff --git a/libwebp-1.3.0.tar.gz b/libwebp-1.3.0.tar.gz
deleted file mode 100644
index 430b3b2..0000000
--- a/libwebp-1.3.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:64ac4614db292ae8c5aa26de0295bf1623dbb3985054cb656c55e67431def17c
-size 4148444
diff --git a/libwebp-1.3.0.tar.gz.asc b/libwebp-1.3.0.tar.gz.asc
deleted file mode 100644
index 864677d..0000000
--- a/libwebp-1.3.0.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEaw5rcJdt4wPt8vYB+cPWvbgjK10FAmPAuMcACgkQ+cPWvbgj
-K10z8hAAljCoDyB3s8espzXKEdDMl+u/qDcVZtRednMae2ThYUgTd0lMi9DyNWew
-OHnYH8uIjJ6dY4/m+DeqQhpjMSZjmgl0bw/Mduu567ayZ3tGrS7itDwzAiWTffqk
-rPPQny9gons0yjBNaQN75Mk4YbEA5o/oJfekBrhC5hlgjPfVekb0BiAGTMQnNkZK
-83x+pOtrwYqNMC7W+YGfiDZZXJ20JxxLIkdhPX0PqDcYDzhLo/GgMnpad9M8e05s
-GlCjM9xPrWoIEat9FBvCV60QMhII+Uc9VH4OuW9b0FSAvprNRMc0SjKiXedjZw7Z
-+0WitwFItsisbWl6ebazy9ChyyBcpHftqyARZpsg8op/PRYoZw9kZVk4AdEoC/T9
-iirg6Q+NhxuUmz6YFherbVXy0XCOMoBQOginCkkFEYlxxh4aEMK5IkZZnxZSinQk
-MrqZN+b7Su4TYA4nA5930FvkgstsO5yMCajVXaM6idVrqzy2ktzduMzGVxpSIWLy
-U/WPsHbCFIgP3CFbNTUmB3r/zloVrIP2o+e6mUQhvT1D2ShDScTGKVuIMopXcw6m
-e92M+g1s3nruCSMf0Ayl6rY8AjbC1Ma5qixqpdQ79lS5cXBx6YkalgY78PXZxQz0
-BBU1Nwkl7uPoQHpbn+QKQ6y6ClBiVrybk2zfDr7Em+ayW72xqG0=
-=jc1+
------END PGP SIGNATURE-----
diff --git a/libwebp-1.3.1.tar.gz b/libwebp-1.3.1.tar.gz
new file mode 100644
index 0000000..98dbb40
--- /dev/null
+++ b/libwebp-1.3.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66
+size 4161782
diff --git a/libwebp-1.3.1.tar.gz.asc b/libwebp-1.3.1.tar.gz.asc
new file mode 100644
index 0000000..8a5559c
--- /dev/null
+++ b/libwebp-1.3.1.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEaw5rcJdt4wPt8vYB+cPWvbgjK10FAmSc5osACgkQ+cPWvbgj
+K12FbxAAgfRFe8KevbVD+5x+uQPYRg0kvXBwRohRymiab64pM3fAZShlTaX8bHOu
+YD84PkXCWrSJ9Z6RYWdgCOfrmw68OL0OuFtprD2KqMI1lQTUvKFvuGuLtpZ6yzZl
+MCrDHnt5wbOFI0zVDn/LP6JGFX7OwSv09z8Nm4Nc4U55y/lzyNqmb7nkoYpZ9QtA
+B4fXgp/nlrjEwdOOemggk9QGNNe/ivuePmdMRw2Vz0g+CKVOAbvq34KQN4eDr3V7
+oygGclGURJ9RgAx847B3EgE/NSIRZS1XntksqpgSIo6EYDH6TUSXJZ2+bNTAdAdi
+hRX/mfc3k5AhS4RIxl00DC0TOSOiUGsvq2YsO7As5Eu93BVCGd7knYDivciJ0HDE
+rS55R3ReM/YD9sn6Ix886e8n9kSeJYMXQcpgpRYvomWvLgppWtukpEwjMKhsJlR1
+/11rQNh5DsJcSk4x2nhPF7CTB7Ls7IcR9VdhUZhAaZ4MfxZylHQBOArgAbDZ+tA5
+gYedMnFe+bfVEKZa5C9KCQ9nDn/DPz6wFWNq5fr7/isng1lppW5V8r2YlLhzXoL/
+bpY7zAN0bbfVvZH3PYl+Syg5kDbSJE/5mADHBO8e7VKVJITl6zCW6evAyZGTiX+k
+1ea+Twq1RroVtinbcoJZA/m8V/de5dRp8Qs4yuV7RZTe6XD/w5w=
+=HjVJ
+-----END PGP SIGNATURE-----
diff --git a/libwebp-double-free.patch b/libwebp-double-free.patch
deleted file mode 100644
index 49d2647..0000000
--- a/libwebp-double-free.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001
-From: James Zern <jzern@google.com>
-Date: Wed, 22 Feb 2023 22:15:47 -0800
-Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error
-
-This avoids a double free should the function fail prior to
-VP8BitWriterInit() and a previous trial result's buffer carried over.
-Previously in ApplyFiltersAndEncode() trial.bw (with a previous
-iteration's buffer) would be freed, followed by best.bw pointing to the
-same buffer.
-
-Since:
-187d379d add a fallback to ALPHA_NO_COMPRESSION
-
-In addition, check the return value of VP8BitWriterInit() in this
-function.
-
-Bug: webp:603
-Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
----
- src/enc/alpha_enc.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
-index f7c02690e3..7d205586fe 100644
---- a/src/enc/alpha_enc.c
-+++ b/src/enc/alpha_enc.c
-@@ -13,6 +13,7 @@
- 
- #include <assert.h>
- #include <stdlib.h>
-+#include <string.h>
- 
- #include "src/enc/vp8i_enc.h"
- #include "src/dsp/dsp.h"
-@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
-       }
-     } else {
-       VP8LBitWriterWipeOut(&tmp_bw);
-+      memset(&result->bw, 0, sizeof(result->bw));
-       return 0;
-     }
-   }
-@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
-   header = method | (filter << 2);
-   if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
- 
--  VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size);
-+  if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
-   ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN);
-   ok = ok && VP8BitWriterAppend(&result->bw, output, output_size);
- 
diff --git a/libwebp.changes b/libwebp.changes
index 38c7283..a33b990 100644
--- a/libwebp.changes
+++ b/libwebp.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Jul 18 09:22:41 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 1.3.1:
+  * security fixes for lossless encoder (CVE-2023-1999)
+  * improve error reporting through WebPPicture error codes
+  * fix upsampling for RGB565 and RGBA4444 in NEON builds
+  * img2webp: add -sharp_yuv & -near_lossless
+  * fix webp_js with emcc >= 3.1.27 (stack size change)
+  * CMake fixes
+  * further updates to the container and lossless bitstream docs
+- Drop libwebp-double-free.patch: fixed upstream.
+
 -------------------------------------------------------------------
 Tue May 30 01:20:57 UTC 2023 - Xiaoguang Wang <xiaoguang.wang@suse.com>
 
diff --git a/libwebp.spec b/libwebp.spec
index 57efd9d..e769aa1 100644
--- a/libwebp.spec
+++ b/libwebp.spec
@@ -17,7 +17,7 @@
 
 
 Name:           libwebp
-Version:        1.3.0
+Version:        1.3.1
 Release:        0
 Summary:        Library and tools for the WebP graphics format
 License:        BSD-3-Clause
@@ -29,9 +29,6 @@ Source2:        https://storage.googleapis.com/downloads.webmproject.org/release
 Source3:        %name.keyring
 Source4:        baselibs.conf
 
-# PATCH-FIX-UPSTREAM libwebp-double-free.patch bsc#1210212 CVE-2023-1999 xwang@suse.com -- Avoid a double free
-Patch0:         libwebp-double-free.patch
-
 BuildRequires:  giflib-devel
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(glut)