Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bb1063b5443a0def920ccbb0e48671bd987ba1b
rpi-buildroot/package/libavif/libavif.mk
Thomas Perale 92acdeea7e package/libavif: security bump to v1.3.0 
Fixes the following security issues:

- CVE-2025-48174: makeRoom in stream.c has an integer overflow and
    resultant buffer overflow in stream->offset+size.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-48174
  - https://github.com/AOMediaCodec/libavif/pull/2768/commits

- CVE-2025-48175: avifImageRGBToYUV in reformat.c has integer overflows
    in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and
    vRowBytes.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-48175
  - 64d956ed5a

For more details on the version bump, see:
  - https://github.com/AOMediaCodec/libavif/releases/tag/v1.3.0
  - https://github.com/AOMediaCodec/libavif/releases/tag/v1.2.1
  - https://github.com/AOMediaCodec/libavif/releases/tag/v1.2.0

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0c1fa0bce1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
2025-07-10 11:14:37 +02:00

37 lines
989 B
Makefile
Raw Blame History

################################################################################
#
# libavif
#
################################################################################
LIBAVIF_VERSION = 1.3.0
LIBAVIF_SITE = $(call github,AOMediaCodec,libavif,v$(LIBAVIF_VERSION))
LIBAVIF_LICENSE = BSD-2-Clause, IJG, Apache-2.0
LIBAVIF_LICENSE_FILES = LICENSE
LIBAVIF_CPE_ID_VENDOR = aomedia
LIBAVIF_INSTALL_STAGING = YES
# Only the dav1d decoder is packaged at the moment.
LIBAVIF_DEPENDENCIES = dav1d
LIBAVIF_CONF_OPTS = \
-DAVIF_BUILD_APPS=OFF \
-DAVIF_BUILD_EXAMPLES=OFF \
-DAVIF_BUILD_MAN_PAGES=OFF \
-DAVIF_BUILD_TESTS=OFF \
-DAVIF_CODEC_AOM=OFF \
-DAVIF_CODEC_DAV1D=SYSTEM \
-DAVIF_CODEC_LIBGAV1=OFF \
-DAVIF_CODEC_RAV1E=OFF \
-DAVIF_CODEC_SVT=OFF \
-DAVIF_CODEC_AVM=OFF \
-DAVIF_ENABLE_GTEST=OFF
ifeq ($(BR2_PACKAGE_LIBYUV),y)
LIBAVIF_DEPENDENCIES += libyuv
LIBAVIF_CONF_OPTS += -DAVIF_LIBYUV=SYSTEM
else
LIBAVIF_CONF_OPTS += -DAVIF_LIBYUV=OFF
endif
$(eval $(cmake-package))
Reference in New Issue View Git Blame Copy Permalink