From 51b63b9c2ae870e4badb95ba0dca7a087239b54a Mon Sep 17 00:00:00 2001 From: zhaozhouqiao66 <8074059+zhaozhouqiao66@user.noreply.gitee.com> Date: Wed, 19 Jul 2023 23:02:16 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2022-1729=20=E8=AF=A5?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E6=BA=90=E4=BA=8E=E4=BD=BF=E7=94=A8=E5=87=BD?= =?UTF-8?q?=E6=95=B0raw2image=5Fex(int)=20=E6=97=B6=E5=AD=98=E5=9C=A8?= =?UTF-8?q?=E5=A0=86=E7=BC=93=E5=86=B2=E5=8C=BA=E6=BA=A2=E5=87=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/libraw_cxx.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libraw_cxx.cpp b/src/libraw_cxx.cpp index ab18085..1880886 100644 --- a/src/libraw_cxx.cpp +++ b/src/libraw_cxx.cpp @@ -3145,7 +3145,9 @@ void LibRaw::raw2image_start() } // adjust for half mode! - IO.shrink = P1.filters && (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); + IO.shrink = !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && + !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && + P1.filters && (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); S.iheight = (S.height + IO.shrink) >> IO.shrink; S.iwidth = (S.width + IO.shrink) >> IO.shrink; -- Gitee From 093d6120d7db9d7d802ed3c51537a325e3a57df4 Mon Sep 17 00:00:00 2001 From: zhaozhouqiao66 <8074059+zhaozhouqiao66@user.noreply.gitee.com> Date: Wed, 19 Jul 2023 23:06:46 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2022-1729=20=E8=AF=A5?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E6=BA=90=E4=BA=8E=E4=BD=BF=E7=94=A8=E5=87=BD?= =?UTF-8?q?=E6=95=B0raw2image=5Fex(int)=20=E6=97=B6=E5=AD=98=E5=9C=A8?= =?UTF-8?q?=E5=A0=86=E7=BC=93=E5=86=B2=E5=8C=BA=E6=BA=A2=E5=87=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 4a16c5f..023afe9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libraw (0.19.5-ok8) zhaozhouqiao66; urgency=medium + + * CVE-2022-1729 文件类型autocmd可能导致访问已释放内存,主要修补方式为在填充缓冲区时,设置quickfix-busy的flag,并在填充完成后取消该flag + + -- zhaozhouqiao66 Wed, 19 Jul 2023 23:05:33 +0800 + + libraw (0.19.5-ok7) yangtze; urgency=medium * jessg CVE-2020-35533 安全更新 -- Gitee From 2677281556aae3a9b0a88388f6a57f503b72e333 Mon Sep 17 00:00:00 2001 From: zhaozhouqiao66 <8074059+zhaozhouqiao66@user.noreply.gitee.com> Date: Wed, 19 Jul 2023 23:09:42 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2022-1729=20=E8=AF=A5?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E6=BA=90=E4=BA=8E=E4=BD=BF=E7=94=A8=E5=87=BD?= =?UTF-8?q?=E6=95=B0raw2image=5Fex(int)=20=E6=97=B6=E5=AD=98=E5=9C=A8?= =?UTF-8?q?=E5=A0=86=E7=BC=93=E5=86=B2=E5=8C=BA=E6=BA=A2=E5=87=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 023afe9..536b050 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ libraw (0.19.5-ok8) zhaozhouqiao66; urgency=medium - * CVE-2022-1729 文件类型autocmd可能导致访问已释放内存,主要修补方式为在填充缓冲区时,设置quickfix-busy的flag,并在填充完成后取消该flag + * CVE-2022-1729 LibRaw 存在安全漏洞,该漏洞源于使用函数raw2image_ex(int) 时存在堆缓冲区溢出 -- zhaozhouqiao66 Wed, 19 Jul 2023 23:05:33 +0800 -- Gitee From a8f2d9b448050e93dc3a899268438cd96bb5c472 Mon Sep 17 00:00:00 2001 From: zhaozhouqiao66 <8074059+zhaozhouqiao66@user.noreply.gitee.com> Date: Mon, 24 Jul 2023 15:50:32 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2022-1729=20=E8=AF=A5?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E6=BA=90=E4=BA=8E=E4=BD=BF=E7=94=A8=E5=87=BD?= =?UTF-8?q?=E6=95=B0raw2image=5Fex(int)=20=E6=97=B6=E5=AD=98=E5=9C=A8?= =?UTF-8?q?=E5=A0=86=E7=BC=93=E5=86=B2=E5=8C=BA=E6=BA=A2=E5=87=BA=20--?= =?UTF-8?q?=E5=88=A0=E9=99=A4changelog=E7=9A=84=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/changelog | 7 ------- 1 file changed, 7 deletions(-) diff --git a/debian/changelog b/debian/changelog index 536b050..4a16c5f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,3 @@ -libraw (0.19.5-ok8) zhaozhouqiao66; urgency=medium - - * CVE-2022-1729 LibRaw 存在安全漏洞,该漏洞源于使用函数raw2image_ex(int) 时存在堆缓冲区溢出 - - -- zhaozhouqiao66 Wed, 19 Jul 2023 23:05:33 +0800 - - libraw (0.19.5-ok7) yangtze; urgency=medium * jessg CVE-2020-35533 安全更新 -- Gitee