packages/LibRaw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-1729

Browse Source 
(cherry picked from commit 6ce445a4a1e48c45fbfabd04c0c6fa9b087777db)
This commit is contained in:
starlet-dx 2023-05-15 14:35:47 +08:00 committed by openeuler-sync-bot
parent b3141e422b
commit 747a6a7ff7
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2023-1729.patch Normal file
View File

@ -0,0 +1,22 @@
From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Sat, 14 Jan 2023 18:32:59 +0300
Subject: [PATCH] do not set shrink flag for 3/4 component images
---
src/preprocessing/raw2image.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
index e65e2ad7..702cf290 100644
--- a/src/preprocessing/raw2image.cpp
+++ b/src/preprocessing/raw2image.cpp
@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
// adjust for half mode!
IO.shrink =
+ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
+ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
P1.filters &&
(O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));

8
LibRaw.spec
View File

@ -1,8 +1,8 @@
Name: LibRaw Name: LibRaw
Version: 0.20.2 Version: 0.20.2
Release: 5 Release: 6
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
License: BSD and (CDDL or LGPLv2) License: BSD and (CDDL-1.0 or LGPLv2)
URL: http://www.libraw.org URL: http://www.libraw.org
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
Patch0000: prevent-buffer-overrun-in-parse_rollei.patch Patch0000: prevent-buffer-overrun-in-parse_rollei.patch
@ -10,6 +10,7 @@ Patch0001: fix-stack-buffer-overflow-in-LibRaw_buffer_datastream_gets.patch
Patch0002: fix-use-of-uninitialized-value.patch Patch0002: fix-use-of-uninitialized-value.patch
Patch0003: fix-use-of-uninitialized-value-in-makernotes.patch Patch0003: fix-use-of-uninitialized-value-in-makernotes.patch
Patch0004: fix-use-of-uninitialized-value-in-misc_parsers.patch Patch0004: fix-use-of-uninitialized-value-in-misc_parsers.patch
Patch0005: CVE-2023-1729.patch
BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
Provides: bundled(dcraw) = 9.25 Provides: bundled(dcraw) = 9.25
@ -70,6 +71,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
%exclude %{_docdir}/libraw/* %exclude %{_docdir}/libraw/*
%changelog %changelog
* Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.20.2-6
- Fix CVE-2023-1729
* Fri Feb 25 2022 xu_ping <xuping33@huawei.com> - 0.20.2-5 * Fri Feb 25 2022 xu_ping <xuping33@huawei.com> - 0.20.2-5
- fix use of uninitialized value of makernotes.cpp and misc_parsers.cpp - fix use of uninitialized value of makernotes.cpp and misc_parsers.cpp