diff --git a/.LibRaw.metadata b/.LibRaw.metadata new file mode 100644 index 0000000..e969394 --- /dev/null +++ b/.LibRaw.metadata @@ -0,0 +1 @@ +0693a4ef073e277aec2b1f40f360e1dae2870fb1 0.21.1.tar.gz diff --git a/.gitignore b/.gitignore index bb094e4..3b67403 100644 --- a/.gitignore +++ b/.gitignore @@ -81,3 +81,5 @@ LibRaw-0.9.1.tar.gz /0.20.0.tar.gz /0.20.1.tar.gz /0.20.2.tar.gz +/LibRaw-0.21.1.tar.gz +/0.21.1.tar.gz diff --git a/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch b/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch new file mode 100644 index 0000000..427b3c8 --- /dev/null +++ b/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch @@ -0,0 +1,22 @@ +From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin +Date: Sat, 14 Jan 2023 18:32:59 +0300 +Subject: [PATCH] do not set shrink flag for 3/4 component images + +--- + src/preprocessing/raw2image.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp +index e65e2ad7..702cf290 100644 +--- a/src/preprocessing/raw2image.cpp ++++ b/src/preprocessing/raw2image.cpp +@@ -43,6 +43,8 @@ void LibRaw::raw2image_start() + + // adjust for half mode! + IO.shrink = ++ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && ++ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && + P1.filters && + (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); + diff --git a/LibRaw-check-for-input-buffer-size-on-datastream-gets.patch b/LibRaw-check-for-input-buffer-size-on-datastream-gets.patch deleted file mode 100644 index 50659e5..0000000 --- a/LibRaw-check-for-input-buffer-size-on-datastream-gets.patch +++ /dev/null @@ -1,40 +0,0 @@ -From fa329f37dca4a2c938f8abb50ee4a7ef93e64fbb Mon Sep 17 00:00:00 2001 -From: Alex Tutubalin -Date: Mon, 12 Apr 2021 13:21:52 +0300 -Subject: [PATCH] check for input buffer size on datastream::gets - ---- - src/libraw_datastream.cpp | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp -index 606e5de73618..7e95bc749688 100644 ---- a/src/libraw_datastream.cpp -+++ b/src/libraw_datastream.cpp -@@ -286,6 +286,7 @@ INT64 LibRaw_file_datastream::tell() - - char *LibRaw_file_datastream::gets(char *str, int sz) - { -+ if(sz<1) return NULL; - LR_STREAM_CHK(); - std::istream is(f.get()); - is.getline(str, sz); -@@ -417,6 +418,7 @@ INT64 LibRaw_buffer_datastream::tell() - - char *LibRaw_buffer_datastream::gets(char *s, int sz) - { -+ if(sz<1) return NULL; - unsigned char *psrc, *pdest, *str; - str = (unsigned char *)s; - psrc = buf + streampos; -@@ -609,6 +611,7 @@ INT64 LibRaw_bigfile_datastream::tell() - - char *LibRaw_bigfile_datastream::gets(char *str, int sz) - { -+ if(sz<1) return NULL; - LR_BF_CHK(); - return fgets(str, sz, f); - } --- -2.39.2 - diff --git a/LibRaw-pkgconfig.patch b/LibRaw-pkgconfig.patch index 5b60b03..0c8ae94 100644 --- a/LibRaw-pkgconfig.patch +++ b/LibRaw-pkgconfig.patch @@ -1,26 +1,25 @@ ---- LibRaw-0.20-Beta1/libraw.pc.in~ 2020-05-13 14:22:12.656424311 +0200 -+++ LibRaw-0.20-Beta1/libraw.pc.in 2020-05-13 14:22:27.481441569 +0200 -@@ -5,7 +5,8 @@ - +--- LibRaw-0.21.0/libraw.pc.in~ 2022-12-18 01:26:41.000000000 -0600 ++++ LibRaw-0.21.0/libraw.pc.in 2022-12-19 10:27:02.793929537 -0600 +@@ -6,7 +6,9 @@ Name: libraw Description: Raw image decoder library (non-thread-safe) --Requires: @PACKAGE_REQUIRES@ + Requires: @PACKAGE_REQUIRES@ +Requires.private: @PACKAGE_REQUIRES@ Version: @PACKAGE_VERSION@ -Libs: -L${libdir} -lraw -lstdc++@PC_OPENMP@ +Libs: -L${libdir} -lraw@PC_OPENMP@ +Libs.private: -lstdc++ + Libs.private: @PACKAGE_LIBS_PRIVATE@ Cflags: -I${includedir}/libraw -I${includedir} ---- LibRaw-0.20-Beta1/libraw_r.pc.in~ 2020-05-13 14:22:18.034430572 +0200 -+++ LibRaw-0.20-Beta1/libraw_r.pc.in 2020-05-13 14:22:27.481441569 +0200 -@@ -5,7 +5,8 @@ - +--- LibRaw-0.21.0/libraw_r.pc.in~ 2022-12-18 01:26:41.000000000 -0600 ++++ LibRaw-0.21.0/libraw_r.pc.in 2022-12-19 10:28:30.620571338 -0600 +@@ -6,7 +6,8 @@ Name: libraw Description: Raw image decoder library (thread-safe) --Requires: @PACKAGE_REQUIRES@ + Requires: @PACKAGE_REQUIRES@ +Requires.private: @PACKAGE_REQUIRES@ Version: @PACKAGE_VERSION@ -Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@ +Libs: -L${libdir} -lraw_r@PC_OPENMP@ -+Libs.private: -lstdc++ + Libs.private: @PACKAGE_LIBS_PRIVATE@ Cflags: -I${includedir}/libraw -I${includedir} diff --git a/LibRaw.spec b/LibRaw.spec index f8b6cd1..9a71bee 100644 --- a/LibRaw.spec +++ b/LibRaw.spec @@ -6,8 +6,8 @@ Summary: Library for reading RAW files obtained from digital photo cameras Name: LibRaw -Version: 0.20.2 -Release: 6%{?dist} +Version: 0.21.1 +Release: 1%{?dist} License: BSD and LGPLv2 URL: http://www.libraw.org @@ -22,8 +22,8 @@ Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz Patch0: LibRaw-pkgconfig.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2172140 -Patch1: LibRaw-check-for-input-buffer-size-on-datastream-gets.patch +# CVE-2023-1729 +Patch1: 9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch Provides: bundled(dcraw) = 9.25 @@ -95,8 +95,8 @@ rm -fv %{buildroot}%{_libdir}/lib*.la %files %doc Changelog.txt %license LICENSE.CDDL LICENSE.LGPL COPYRIGHT -%{_libdir}/libraw.so.20* -%{_libdir}/libraw_r.so.20* +%{_libdir}/libraw.so.23* +%{_libdir}/libraw_r.so.23* %files static %{_libdir}/libraw.a @@ -119,6 +119,11 @@ rm -fv %{buildroot}%{_libdir}/lib*.la %changelog +* Mon Oct 02 2023 Debarshi Ray - 0.21.1-1 +- 0.21.1 +- Include the fix for CVE-2023-1729 from Fedora +Resolves: RHEL-768 + * Tue Apr 04 2023 Debarshi Ray - 0.20.2-6 - Fix CVE-2021-32142 Resolves: #2172140 diff --git a/sources b/sources index 2e74333..3a19d29 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (0.20.2.tar.gz) = 09af68f95249da37357877c6013db5082edd9fd40d0526c42bba22f16a19f41d8c008cf16823f2ed9a90c2dee9c8cd2968c91a9550bf24b3b2c089918ae56250 +SHA512 (0.21.1.tar.gz) = 6cea6d859961d713382a9017107c730c7a8777be85d454bd05f1417a69fda902aa9591151eac5f4bd231ce2a86fc39da56e3a024104101f24d6069197fcabbc7