- security update

- added patches fix CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp + libraw-CVE-2020-22628.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=154
2023-09-14 14:58:10 +00:00 · 2023-09-14 14:58:10 +00:00 · e50c2429eb
commit e50c2429eb
parent 6fbdde71f7
3 changed files with 23 additions and 0 deletions
--- a/libraw-CVE-2020-22628.patch
+++ b/libraw-CVE-2020-22628.patch
@ -0,0 +1,13 @@
+Index: LibRaw-0.21.1/src/metadata/identify.cpp
+===================================================================
+--- LibRaw-0.21.1.orig/src/metadata/identify.cpp
+++ LibRaw-0.21.1/src/metadata/identify.cpp
+@@ -1243,7 +1243,7 @@ dng_skip:
+ 
+   if (raw_width < 22 || raw_width > 64000 || raw_height < 22 ||
+       pixel_aspect < 0.1 || pixel_aspect > 10. ||
+-      raw_height > 64000)
+      raw_height > 64000 || pixel_aspect < 0.1 || pixel_aspect > 10)
+     is_raw = 0;
+    if(raw_width <= left_margin || raw_height <= top_margin)
+        is_raw = 0;
--- a/libraw.changes
+++ b/libraw.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Sep 14 14:57:19 UTC 2023 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
+  + libraw-CVE-2020-22628.patch
+
 -------------------------------------------------------------------
 Tue May  2 13:49:55 UTC 2023 - pgajdos@suse.com

--- a/libraw.spec
+++ b/libraw.spec
@ -34,6 +34,8 @@ Source0:        https://www.libraw.org/data/%tar_name-%version.tar.gz
 Source1:        baselibs.conf
 # CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
 Patch0:         libraw-CVE-2023-1729.patch
+# CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
+Patch1:         libraw-CVE-2020-22628.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes