-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-666aaa6a0d 2025-02-15 02:22:06.812110+00:00 -------------------------------------------------------------------------------- Name : libheif Product : Fedora 40 Version : 1.19.5 Release : 3.fc40 URL : https://github.com/strukturag/libheif Summary : HEIF and AVIF file format decoder and encoder Description : libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF (AV1 Image File Format) file format decoder and encoder. -------------------------------------------------------------------------------- Update Information: Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test: Download and unzip sample images from mastodon issue #31570. Try opening them with e.g. loupe or gimp. They fail to open with libheif-1.17.6, but should open successfully with libheif-1.19.5. Fixes CVE-2024-41311 . -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2025 Robert-André Mauchin <zebob.m@xxxxxxxxx> - 1.19.5-3 - Rebuilt for aom 3.11.0 * Fri Jan 17 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.19.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Nov 24 2024 Packit <hello@xxxxxxxxxx> - 1.19.5-1 - Update to version 1.19.5 - Resolves: rhbz#2327307 * Sun Nov 17 2024 Dominik Mierzejewski <dominik@xxxxxxxxxxxxxx> - 1.19.3-3 - disable OpenJPH encoder support to work-around crashes * Sat Nov 16 2024 Sérgio Basto <sergio@xxxxxxxxxx> - 1.19.3-2 - Add support to multilib in devel sub-package - Resolves: rhbz#2279891 * Tue Nov 12 2024 Dominik Mierzejewski <dominik@xxxxxxxxxxxxxx> - 1.19.3-1 - update to 1.19.3 (resolves rhbz#2295525) - drop obsolete patches - enable OpenH264, OpenJPH (64-bit only) and Brotli decoders - run tests unconditionally, they no longer require special build options - drop conditional hevc subpackage - use fewer wildcards in the file lists - stop building rav1e and svt AV1 encoders as plugins * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.17.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2319289 - CVE-2024-41311 libheif: OOB read and write via ImageOverlay::parse() [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2319289 [ 2 ] Bug #2332519 - Update libheif https://bugzilla.redhat.com/show_bug.cgi?id=2332519 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-666aaa6a0d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
