- security update

- added patches
  fix CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
  + libraw-CVE-2020-22628.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=154

libraw-CVE-2020-22628.patch

@@ -0,0 +1,13 @@
+Index: LibRaw-0.21.1/src/metadata/identify.cpp
+===================================================================
+--- LibRaw-0.21.1.orig/src/metadata/identify.cpp
++++ LibRaw-0.21.1/src/metadata/identify.cpp
+@@ -1243,7 +1243,7 @@ dng_skip:
+ 
+   if (raw_width < 22 || raw_width > 64000 || raw_height < 22 ||
+       pixel_aspect < 0.1 || pixel_aspect > 10. ||
+-      raw_height > 64000)
++      raw_height > 64000 || pixel_aspect < 0.1 || pixel_aspect > 10)
+     is_raw = 0;
+    if(raw_width <= left_margin || raw_height <= top_margin)
+        is_raw = 0;

libraw.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Sep 14 14:57:19 UTC 2023 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
+  + libraw-CVE-2020-22628.patch
+
 -------------------------------------------------------------------
 Tue May  2 13:49:55 UTC 2023 - pgajdos@suse.com
 

libraw.spec

@@ -34,6 +34,8 @@ Source0:        https://www.libraw.org/data/%tar_name-%version.tar.gz
 Source1:        baselibs.conf
 # CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
 Patch0:         libraw-CVE-2023-1729.patch
+# CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
+Patch1:         libraw-CVE-2020-22628.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes