diff --git a/CVE-2023-1729.patch b/CVE-2023-1729.patch new file mode 100644 index 0000000000000000000000000000000000000000..427b3c852c168112af58b62c48532d610435e532 --- /dev/null +++ b/CVE-2023-1729.patch @@ -0,0 +1,22 @@ +From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin +Date: Sat, 14 Jan 2023 18:32:59 +0300 +Subject: [PATCH] do not set shrink flag for 3/4 component images + +--- + src/preprocessing/raw2image.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp +index e65e2ad7..702cf290 100644 +--- a/src/preprocessing/raw2image.cpp ++++ b/src/preprocessing/raw2image.cpp +@@ -43,6 +43,8 @@ void LibRaw::raw2image_start() + + // adjust for half mode! + IO.shrink = ++ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && ++ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && + P1.filters && + (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); + diff --git a/LibRaw.spec b/LibRaw.spec index 3e2466097bb0d6a44e24882afa2d508b352f0a5d..0c0829ade362e6e41b991d5ec5bccb366e92dc47 100644 --- a/LibRaw.spec +++ b/LibRaw.spec @@ -1,11 +1,12 @@ Name: LibRaw Version: 0.21.1 -Release: 1 +Release: 2 Summary: Library for reading RAW files obtained from digital photo cameras License: BSD-3-Clause and (CDDL-1.0 or LGPL-2.1-only) URL: http://www.libraw.org Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz Patch0: LibRaw-pkgconfig.patch +Patch1: CVE-2023-1729.patch BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) BuildRequires: autoconf automake libtool make @@ -64,6 +65,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o %exclude %{_docdir}/libraw/* %changelog +* Mon May 15 2023 yaoxin - 0.21.1-2 +- Fix CVE-2023-1729 + * Thu Mar 02 2023 Li Long - 0.21.1-1 - Upgrade to 0.21.1