From 309e9688d5b3be4c4307b939b1b239c16e138e4b Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Fri, 28 Nov 2025 21:18:42 +0100 Subject: [PATCH] libraw: patch CVE-2023-1729 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1729 Pick the patch that is mentioned to solve the issue in the issue linked from the nvd report. Signed-off-by: Gyorgy Sarvari --- .../libraw/libraw/CVE-2023-1729.patch | 25 +++++++++++++++++++ .../recipes-support/libraw/libraw_0.20.2.bb | 4 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch diff --git a/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch b/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch new file mode 100644 index 0000000000..db6f2a2d9a --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw/CVE-2023-1729.patch @@ -0,0 +1,25 @@ +From f7a1082a65b444d606d82ae71e1279789601f78d Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin +Date: Sat, 14 Jan 2023 18:32:59 +0300 +Subject: [PATCH] do not set shrink flag for 3/4 component images + +CVE: CVE-2023-1729 +Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93] +Signed-off-by: Gyorgy Sarvari +--- + src/preprocessing/raw2image.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp +index 18f897eb..64722efd 100644 +--- a/src/preprocessing/raw2image.cpp ++++ b/src/preprocessing/raw2image.cpp +@@ -43,6 +43,8 @@ void LibRaw::raw2image_start() + + // adjust for half mode! + IO.shrink = ++ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && ++ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && + P1.filters && + (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); + diff --git a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb index 51057f97b7..b331d77e8d 100644 --- a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb +++ b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb @@ -2,7 +2,9 @@ SUMMARY = "raw image decoder" LICENSE = "LGPL-2.1-only | CDDL-1.0" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=74c9dffdc42805f9c0de2f97df6031fc" -SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https" +SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https \ + file://CVE-2023-1729.patch \ + " SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92" S = "${WORKDIR}/git"