mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
libraw: patch CVE-2023-1729
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1729 Pick the patch that is mentioned to solve the issue in the issue linked from the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,25 @@
|
|||||||
|
From f7a1082a65b444d606d82ae71e1279789601f78d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Tutubalin <lexa@lexa.ru>
|
||||||
|
Date: Sat, 14 Jan 2023 18:32:59 +0300
|
||||||
|
Subject: [PATCH] do not set shrink flag for 3/4 component images
|
||||||
|
|
||||||
|
CVE: CVE-2023-1729
|
||||||
|
Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
src/preprocessing/raw2image.cpp | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
|
||||||
|
index 18f897eb..64722efd 100644
|
||||||
|
--- a/src/preprocessing/raw2image.cpp
|
||||||
|
+++ b/src/preprocessing/raw2image.cpp
|
||||||
|
@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
|
||||||
|
|
||||||
|
// adjust for half mode!
|
||||||
|
IO.shrink =
|
||||||
|
+ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
|
||||||
|
+ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
|
||||||
|
P1.filters &&
|
||||||
|
(O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
|
||||||
|
|
||||||
@@ -2,7 +2,9 @@ SUMMARY = "raw image decoder"
|
|||||||
LICENSE = "LGPL-2.1-only | CDDL-1.0"
|
LICENSE = "LGPL-2.1-only | CDDL-1.0"
|
||||||
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=74c9dffdc42805f9c0de2f97df6031fc"
|
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=74c9dffdc42805f9c0de2f97df6031fc"
|
||||||
|
|
||||||
SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https"
|
SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https \
|
||||||
|
file://CVE-2023-1729.patch \
|
||||||
|
"
|
||||||
SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92"
|
SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92"
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user