Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1729
Pick the patch that is mentioned to solve the issue in the issue linked from the nvd report. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../libraw/libraw/CVE-2023-1729.patch | 25 +++++++++++++++++++ .../recipes-support/libraw/libraw_0.20.2.bb | 4 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch diff --git a/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch b/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch new file mode 100644 index 0000000000..db6f2a2d9a --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch @@ -0,0 +1,25 @@ +From f7a1082a65b444d606d82ae71e1279789601f78d Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin <[email protected]> +Date: Sat, 14 Jan 2023 18:32:59 +0300 +Subject: [PATCH] do not set shrink flag for 3/4 component images + +CVE: CVE-2023-1729 +Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/preprocessing/raw2image.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp +index 18f897eb..64722efd 100644 +--- a/src/preprocessing/raw2image.cpp ++++ b/src/preprocessing/raw2image.cpp +@@ -43,6 +43,8 @@ void LibRaw::raw2image_start() + + // adjust for half mode! + IO.shrink = ++ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && ++ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && + P1.filters && + (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); + diff --git a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb index 51057f97b7..b331d77e8d 100644 --- a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb +++ b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb @@ -2,7 +2,9 @@ SUMMARY = "raw image decoder" LICENSE = "LGPL-2.1-only | CDDL-1.0" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=74c9dffdc42805f9c0de2f97df6031fc" -SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https" +SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https \ + file://CVE-2023-1729.patch \ + " SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92" S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122143): https://lists.openembedded.org/g/openembedded-devel/message/122143 Mute This Topic: https://lists.openembedded.org/mt/116518441/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
