PatchesAndForks/FossifyGalleryVisibilityPatch
1
0
Fork 0
forked from Mirrors/FossifyGallery
Code Pull requests Activity

Merge pull request #2995 from naveensingh/fix_webp_vuln

Browse source 
Update webp decoder library (fix CVE-2023-4863)
This commit is contained in:
Tibor Kaputa 2023-10-03 20:28:50 +02:00 committed by GitHub
commit f193758ac5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/src/main/kotlin/com/simplemobiletools/gallery/pro/extensions/Context.kt
View file

@ -15,6 +15,8 @@ import android.provider.MediaStore.Images
import android.widget.ImageView import android.widget.ImageView
import com.bumptech.glide.Glide import com.bumptech.glide.Glide
import com.bumptech.glide.Priority import com.bumptech.glide.Priority
import com.bumptech.glide.integration.webp.WebpBitmapFactory
import com.bumptech.glide.integration.webp.decoder.WebpDownsampler
import com.bumptech.glide.integration.webp.decoder.WebpDrawable import com.bumptech.glide.integration.webp.decoder.WebpDrawable
import com.bumptech.glide.integration.webp.decoder.WebpDrawableTransformation import com.bumptech.glide.integration.webp.decoder.WebpDrawableTransformation
import com.bumptech.glide.load.DataSource import com.bumptech.glide.load.DataSource
@ -539,9 +541,11 @@ fun Context.loadImageBase(
options.optionalTransform(WebpDrawable::class.java, MultiTransformation(WebpDrawableTransformation(CenterCrop()), WebpDrawableTransformation(roundedCornersTransform))) options.optionalTransform(WebpDrawable::class.java, MultiTransformation(WebpDrawableTransformation(CenterCrop()), WebpDrawableTransformation(roundedCornersTransform)))
} }
WebpBitmapFactory.sUseSystemDecoder = false // CVE-2023-4863
var builder = Glide.with(applicationContext) var builder = Glide.with(applicationContext)
.load(path) .load(path)
.apply(options) .apply(options)
.set(WebpDownsampler.USE_SYSTEM_DECODER, false) // CVE-2023-4863
.transition(DrawableTransitionOptions.withCrossFade(crossFadeDuration)) .transition(DrawableTransitionOptions.withCrossFade(crossFadeDuration))
if (tryLoadingWithPicasso) { if (tryLoadingWithPicasso) {

8
gradle/libs.versions.toml
View file

@ -19,10 +19,10 @@ gradlePlugins-agp = "7.4.0"
#Other #Other
androidGifDrawable = "1.2.25" androidGifDrawable = "1.2.25"
androidImageCropper = "4.5.0" androidImageCropper = "4.5.0"
apng = "2.25.0" apng = "2.28.0"
awebp = "2.25.0" awebp = "2.28.0"
glideCompiler = "4.15.1" glideCompiler = "4.16.0"
zjupureWebpdecoder = "2.3.4.15.1" zjupureWebpdecoder = "2.6.4.16.0"
gestureviews = "a8e8fa8d27" gestureviews = "a8e8fa8d27"
androidsvgAar = "1.4" androidsvgAar = "1.4"
imagefilters = "1.0.7" imagefilters = "1.0.7"