Patch for CVE-2023-1729

9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch

@@ -0,0 +1,22 @@
+From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sat, 14 Jan 2023 18:32:59 +0300
+Subject: [PATCH] do not set shrink flag for 3/4 component images
+
+---
+ src/preprocessing/raw2image.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
+index e65e2ad7..702cf290 100644
+--- a/src/preprocessing/raw2image.cpp
++++ b/src/preprocessing/raw2image.cpp
+@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
+ 
+   // adjust for half mode!
+   IO.shrink =
++	  !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
++	  !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
+       P1.filters &&
+       (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
+ 

LibRaw.spec

@@ -7,7 +7,7 @@
 Summary: Library for reading RAW files obtained from digital photo cameras
 Name: LibRaw
 Version: 0.21.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: BSD-3-Clause and (CDDL-1.0 or  LGPL-2.1-only)
 URL: http://www.libraw.org
 
@@ -20,6 +20,7 @@ BuildRequires: make
 
 Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
 Patch0: LibRaw-pkgconfig.patch
+Patch1: 9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch
 Provides: bundled(dcraw) = 9.25
 
 %description
@@ -114,6 +115,9 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
 
 
 %changelog
+* Mon May 08 2023 Gwyn Ciesla <gwync@protonmail.com> - 0.21.1-4
+- Patch for CVE-2023-1729
+
 * Mon Mar 13 2023 Gwyn Ciesla <gwync@protonmail.com> - 0.21.1-3
 - migrate to SPDX license