commit libraw for openSUSE:Factory

Fri, 22 Sep 2023 12:47:13 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libraw for openSUSE:Factory checked 
in at 2023-09-22 21:46:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libraw (Old)
 and      /work/SRC/openSUSE:Factory/.libraw.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libraw"

Fri Sep 22 21:46:45 2023 rev:64 rq:1111919 version:0.21.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/libraw/libraw.changes    2023-05-03 
12:56:37.135600401 +0200
+++ /work/SRC/openSUSE:Factory/.libraw.new.1770/libraw.changes  2023-09-22 
21:47:04.660127513 +0200
@@ -1,0 +2,8 @@
+Thu Sep 14 14:57:19 UTC 2023 - pgaj...@suse.com
+
+- security update
+- added patches
+  fix CVE-2020-22628 [bsc#1215308], stretch() function in 
libraw/src/postprocessing/aspect_ratio.cpp
+  + libraw-CVE-2020-22628.patch
+
+-------------------------------------------------------------------

New:
----
  libraw-CVE-2020-22628.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libraw.spec ++++++
--- /var/tmp/diff_new_pack.HfQLur/_old  2023-09-22 21:47:06.036177467 +0200
+++ /var/tmp/diff_new_pack.HfQLur/_new  2023-09-22 21:47:06.036177467 +0200
@@ -34,6 +34,8 @@
 Source1:        baselibs.conf
 # CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
 Patch0:         libraw-CVE-2023-1729.patch
+# CVE-2020-22628 [bsc#1215308], stretch() function in 
librawsrcpostprocessingspect_ratio.cpp
+Patch1:         libraw-CVE-2020-22628.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes

++++++ libraw-CVE-2020-22628.patch ++++++
Index: LibRaw-0.21.1/src/metadata/identify.cpp
===================================================================
--- LibRaw-0.21.1.orig/src/metadata/identify.cpp
+++ LibRaw-0.21.1/src/metadata/identify.cpp
@@ -1243,7 +1243,7 @@ dng_skip:
 
   if (raw_width < 22 || raw_width > 64000 || raw_height < 22 ||
       pixel_aspect < 0.1 || pixel_aspect > 10. ||
-      raw_height > 64000)
+      raw_height > 64000 || pixel_aspect < 0.1 || pixel_aspect > 10)
     is_raw = 0;
    if(raw_width <= left_margin || raw_height <= top_margin)
        is_raw = 0;

Reply via email to