packages/libwebp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 1.3.1

Browse Source
This commit is contained in:
zppzhangpan 2023-07-21 10:58:01 +08:00
parent 6d5333d6ec
commit 4c9d6f49c9
3 changed files with 5 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
backport-CVE-2023-1999.patch
View File

@ -1,55 +0,0 @@
From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Wed, 22 Feb 2023 22:15:47 -0800
Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error
This avoids a double free should the function fail prior to
VP8BitWriterInit() and a previous trial result's buffer carried over.
Previously in ApplyFiltersAndEncode() trial.bw (with a previous
iteration's buffer) would be freed, followed by best.bw pointing to the
same buffer.
Since:
187d379d add a fallback to ALPHA_NO_COMPRESSION
In addition, check the return value of VP8BitWriterInit() in this
function.
Bug: webp:603
Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
Reference:https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129
Conflict:NA
---
src/enc/alpha_enc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
index f7c02690e3..7d205586fe 100644
--- a/src/enc/alpha_enc.c
+++ b/src/enc/alpha_enc.c
@@ -13,6 +13,7 @@
#include <assert.h>
#include <stdlib.h>
+#include <string.h>
#include "src/enc/vp8i_enc.h"
#include "src/dsp/dsp.h"
@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
}
} else {
VP8LBitWriterWipeOut(&tmp_bw);
+ memset(&result->bw, 0, sizeof(result->bw));
return 0;
}
}
@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
header = method | (filter << 2);
if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
- VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size);
+ if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN);
ok = ok && VP8BitWriterAppend(&result->bw, output, output_size);

BIN
libwebp-1.3.0.tar.gz → libwebp-1.3.1.tar.gz
View File

Binary file not shown.

8
libwebp.spec
View File

@ -1,13 +1,12 @@
Name: libwebp Name: libwebp
Version: 1.3.0 Version: 1.3.1
Release: 2 Release: 1
URL: http://www.linuxfromscratch.org/blfs/view/svn/general/libwebp.html URL: http://www.linuxfromscratch.org/blfs/view/svn/general/libwebp.html
Summary: Library and tools for the WebP graphics format Summary: Library and tools for the WebP graphics format
License: BSD License: BSD
Source0: http://downloads.webmproject.org/releases/webp/%{name}-%{version}.tar.gz Source0: http://downloads.webmproject.org/releases/webp/%{name}-%{version}.tar.gz
Patch6000: libwebp-freeglut.patch Patch6000: libwebp-freeglut.patch
Patch6001: backport-CVE-2023-1999.patch
BuildRequires: libjpeg-devel libpng-devel giflib-devel libtiff-devel BuildRequires: libjpeg-devel libpng-devel giflib-devel libtiff-devel
BuildRequires: java-devel jpackage-utils swig freeglut-devel BuildRequires: java-devel jpackage-utils swig freeglut-devel
@ -113,6 +112,9 @@ cp swig/*.jar swig/*.so %{buildroot}/%{_libdir}/%{name}-java/
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Fri Jul 21 2023 zhangpan <zhangpan103@h-partners.com> - 1.3.1-1
- update to 1.3.1
* Fri May 26 2023 zhangpan <zhangpan103@h-partners.com> - 1.3.0-2 * Fri May 26 2023 zhangpan <zhangpan103@h-partners.com> - 1.3.0-2
- fix CVE-2023-1999 - fix CVE-2023-1999