diff --git a/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2026-3949.patch b/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2026-3949.patch deleted file mode 100644 index ef5d9c1ee4..0000000000 --- a/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2026-3949.patch +++ /dev/null @@ -1,50 +0,0 @@ -From cba59e7671a36a78e31c0490efe74ec226918580 Mon Sep 17 00:00:00 2001 -From: Dirk Farin -Date: Tue, 24 Feb 2026 00:32:48 +0100 -Subject: [PATCH] vvdec: check that NAL size does not exceed data size (#1712) - -CVE: CVE-2026-3949 -Upstream-Status: Backport [https://github.com/strukturag/libheif/commit/b97c8b5f198b27f375127cd597a35f2113544d03] -Signed-off-by: Gyorgy Sarvari ---- - libheif/plugins/decoder_vvdec.cc | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/libheif/plugins/decoder_vvdec.cc b/libheif/plugins/decoder_vvdec.cc -index 09515720..14b3e9fd 100644 ---- a/libheif/plugins/decoder_vvdec.cc -+++ b/libheif/plugins/decoder_vvdec.cc -@@ -55,6 +55,7 @@ struct vvdec_decoder - std::string error_message; - }; - -+static const char kEmptyString[] = ""; - static const char kSuccess[] = "Success"; - - static const int VVDEC_PLUGIN_PRIORITY = 100; -@@ -179,9 +180,25 @@ heif_error vvdec_push_data2(void* decoder_raw, const void* frame_data, size_t fr - - const auto* data = (const uint8_t*) frame_data; - -+ if (frame_size < 4) { -+ return { -+ heif_error_Decoder_plugin_error, -+ heif_suberror_End_of_data, -+ kEmptyString -+ }; -+ } -+ - for (;;) { - uint32_t size = four_bytes_to_uint32(data[0], data[1], data[2], data[3]); - -+ if (frame_size < 4 + size) { -+ return { -+ heif_error_Decoder_plugin_error, -+ heif_suberror_End_of_data, -+ kEmptyString -+ }; -+ } -+ - data += 4; - - std::vector nalu; diff --git a/meta-multimedia/recipes-multimedia/libheif/libheif_1.21.2.bb b/meta-multimedia/recipes-multimedia/libheif/libheif_1.23.1.bb similarity index 90% rename from meta-multimedia/recipes-multimedia/libheif/libheif_1.21.2.bb rename to meta-multimedia/recipes-multimedia/libheif/libheif_1.23.1.bb index ab29fa3b02..ee86fd3bc5 100644 --- a/meta-multimedia/recipes-multimedia/libheif/libheif_1.21.2.bb +++ b/meta-multimedia/recipes-multimedia/libheif/libheif_1.23.1.bb @@ -6,11 +6,9 @@ LICENSE_FLAGS = "commercial" COMPATIBLE_MACHINE:powerpc64le = "null" -SRC_URI = "git://github.com/strukturag/libheif.git;protocol=https;branch=master;tag=v${PV} \ - file://CVE-2026-3949.patch \ - " +SRC_URI = "git://github.com/strukturag/libheif.git;protocol=https;branch=master;tag=v${PV}" -SRCREV = "62f1b8c76ed4d8305071fdacbe74ef9717bacac5" +SRCREV = "2c4bbb54c2738d4a5efbbe3e5fa1d5d76bb88eb0" inherit cmake pkgconfig