Accepting request 1136090 from graphics

OBS-URL: https://build.opensuse.org/request/show/1136090 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libraw?expand=0&rev=66
2024-01-04 14:54:38 +00:00 · 2024-01-04 14:54:38 +00:00 · e79996d037
commit e79996d037
parent b6f269e9ab 6f8c5e2902
5 changed files with 68 additions and 66 deletions
--- a/LibRaw-0.21.1.tar.gz
+++ b/LibRaw-0.21.1.tar.gz
--- a/LibRaw-0.21.2.tar.gz
+++ b/LibRaw-0.21.2.tar.gz
--- a/libraw-CVE-2023-1729.patch
+++ b/libraw-CVE-2023-1729.patch
@ -1,14 +0,0 @@
-diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
-index e65e2ad7..702cf290 100644
--- a/src/preprocessing/raw2image.cpp
-+++ b/src/preprocessing/raw2image.cpp
-@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
- 
-   // adjust for half mode!
-   IO.shrink =
-+	  !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
-+	  !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
-       P1.filters &&
-       (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
- 
-
--- a/libraw.changes
+++ b/libraw.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Dec 28 18:09:52 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.21.2:
+  * New compile-defined limit LIBRAW_MAX_PROFILE_SIZE_MB:
+    limits allocation/read size for embedded color profile
+    Embedded color profile allocation/read size: limited by input
+    file size.
+  * Multiple fixes (mostly inspired by oss-fuzz) to improve
+    library stability and/or input checks.
+  * raw-identify: use fallback if PATH_MAX not available
+  * Disabled color conversion for Canon 16-bit thumbnails
+  * docs/changelog: explained the case when no thumbnail is found
+    in specific file
+  * swapXX renamed to libraw_swapXX to avoid name conflict
+  * better striped thumbnails handling
+- drop libraw-CVE-2023-1729.patch (upstream)
+
 -------------------------------------------------------------------
 Thu Sep 14 14:57:19 UTC 2023 - pgajdos@suse.com

--- a/libraw.spec
+++ b/libraw.spec
@ -23,7 +23,7 @@
 %define lver    23
 %define lname	libraw%{lver}
 Name:           libraw
-Version:        0.21.1
+Version:        0.21.2
 Release:        0
 Summary:        Library for reading RAW files obtained from digital photo cameras
 License:        CDDL-1.0 OR LGPL-2.1-only
@ -32,10 +32,8 @@ URL:            https://www.libraw.org/
 #Git-Clone:	git://github.com/LibRaw/LibRaw
 Source0:        https://www.libraw.org/data/%tar_name-%version.tar.gz
 Source1:        baselibs.conf
-# CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
-Patch0:         libraw-CVE-2023-1729.patch
-# CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
-Patch1:         libraw-CVE-2020-22628.patch
+# CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessing
+Patch0:         libraw-CVE-2020-22628.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes