summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch25
-rw-r--r--meta-oe/recipes-support/libraw/libraw_0.20.2.bb4
2 files changed, 28 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch b/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch
new file mode 100644
index 0000000000..db6f2a2d9a
--- /dev/null
+++ b/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch
@@ -0,0 +1,25 @@
1From f7a1082a65b444d606d82ae71e1279789601f78d Mon Sep 17 00:00:00 2001
2From: Alex Tutubalin <lexa@lexa.ru>
3Date: Sat, 14 Jan 2023 18:32:59 +0300
4Subject: [PATCH] do not set shrink flag for 3/4 component images
5
6CVE: CVE-2023-1729
7Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93]
8Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
9---
10 src/preprocessing/raw2image.cpp | 2 ++
11 1 file changed, 2 insertions(+)
12
13diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
14index 18f897eb..64722efd 100644
15--- a/src/preprocessing/raw2image.cpp
16+++ b/src/preprocessing/raw2image.cpp
17@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
18
19 // adjust for half mode!
20 IO.shrink =
21+ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
22+ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
23 P1.filters &&
24 (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
25
diff --git a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb
index 51057f97b7..b331d77e8d 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb
@@ -2,7 +2,9 @@ SUMMARY = "raw image decoder"
2LICENSE = "LGPL-2.1-only | CDDL-1.0" 2LICENSE = "LGPL-2.1-only | CDDL-1.0"
3LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=74c9dffdc42805f9c0de2f97df6031fc" 3LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=74c9dffdc42805f9c0de2f97df6031fc"
4 4
5SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https" 5SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https \
6 file://CVE-2023-1729.patch \
7 "
6SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92" 8SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92"
7S = "${WORKDIR}/git" 9S = "${WORKDIR}/git"
8 10