Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libraw for openSUSE:Factory checked in at 2023-05-03 12:56:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libraw (Old) and /work/SRC/openSUSE:Factory/.libraw.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libraw" Wed May 3 12:56:29 2023 rev:63 rq:1084055 version:0.21.1 Changes: -------- --- /work/SRC/openSUSE:Factory/libraw/libraw.changes 2023-01-24 20:25:28.586216779 +0100 +++ /work/SRC/openSUSE:Factory/.libraw.new.1533/libraw.changes 2023-05-03 12:56:37.135600401 +0200 @@ -1,0 +2,8 @@ +Tue May 2 13:49:55 UTC 2023 - [email protected] + +- security update +- added patches + fix CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex() + + libraw-CVE-2023-1729.patch + +------------------------------------------------------------------- New: ---- libraw-CVE-2023-1729.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libraw.spec ++++++ --- /var/tmp/diff_new_pack.wHvto5/_old 2023-05-03 12:56:37.739603950 +0200 +++ /var/tmp/diff_new_pack.wHvto5/_new 2023-05-03 12:56:37.743603973 +0200 @@ -32,6 +32,8 @@ #Git-Clone: git://github.com/LibRaw/LibRaw Source0: https://www.libraw.org/data/%tar_name-%version.tar.gz Source1: baselibs.conf +# CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex() +Patch0: libraw-CVE-2023-1729.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -100,7 +102,7 @@ against LibRaw. LibRaw does not provide dynamic libraries. %prep -%setup -q -n %{tar_name}-%{version} +%autosetup -p1 -n %{tar_name}-%{version} %build %global _lto_cflags %{_lto_cflags} -ffat-lto-objects ++++++ libraw-CVE-2023-1729.patch ++++++ diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp index e65e2ad7..702cf290 100644 --- a/src/preprocessing/raw2image.cpp +++ b/src/preprocessing/raw2image.cpp @@ -43,6 +43,8 @@ void LibRaw::raw2image_start() // adjust for half mode! IO.shrink = + !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && + !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && P1.filters && (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
