pool/libraw
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 1084055 from graphics

Browse Source 
- security update
- added patches
  fix CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
  + libraw-CVE-2023-1729.patch

OBS-URL: https://build.opensuse.org/request/show/1084055
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libraw?expand=0&rev=63
This commit is contained in:
Dominique Leuenberger 2023-05-03 10:56:29 +00:00 committed by Git OBS Bridge
commit 5c0f7799bd
3 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libraw-CVE-2023-1729.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
index e65e2ad7..702cf290 100644
--- a/src/preprocessing/raw2image.cpp
+++ b/src/preprocessing/raw2image.cpp
@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
// adjust for half mode!
IO.shrink =
+ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
+ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
P1.filters &&
(O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));

8
libraw.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue May 2 13:49:55 UTC 2023 - pgajdos@suse.com
- security update
- added patches
fix CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
+ libraw-CVE-2023-1729.patch
-------------------------------------------------------------------
Wed Jan 18 09:52:26 UTC 2023 - Dirk Müller <dmueller@suse.com>

4
libraw.spec
View File

@ -32,6 +32,8 @@ URL: https://www.libraw.org/
#Git-Clone: git://github.com/LibRaw/LibRaw
Source0: https://www.libraw.org/data/%tar_name-%version.tar.gz
Source1: baselibs.conf
# CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
Patch0: libraw-CVE-2023-1729.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@ -100,7 +102,7 @@ This package contains static libraries that applications can use to build
against LibRaw. LibRaw does not provide dynamic libraries.
%prep
%setup -q -n %{tar_name}-%{version}
%autosetup -p1 -n %{tar_name}-%{version}
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects