commit: 8bfc77ff0d80c08df6ca2401ef3c77faecd1680f Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> AuthorDate: Sun Oct 15 10:27:22 2023 +0000 Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> CommitDate: Sun Oct 15 10:27:56 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bfc77ff
media-libs/libraw: fix CVE-2023-1729 Bug: https://bugs.gentoo.org/908041 Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> .../libraw/files/libraw-0.21.1-CVE-2023-1729.patch | 22 ++++++++ media-libs/libraw/libraw-0.21.1-r1.ebuild | 62 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) diff --git a/media-libs/libraw/files/libraw-0.21.1-CVE-2023-1729.patch b/media-libs/libraw/files/libraw-0.21.1-CVE-2023-1729.patch new file mode 100644 index 000000000000..427b3c852c16 --- /dev/null +++ b/media-libs/libraw/files/libraw-0.21.1-CVE-2023-1729.patch @@ -0,0 +1,22 @@ +From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin <l...@lexa.ru> +Date: Sat, 14 Jan 2023 18:32:59 +0300 +Subject: [PATCH] do not set shrink flag for 3/4 component images + +--- + src/preprocessing/raw2image.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp +index e65e2ad7..702cf290 100644 +--- a/src/preprocessing/raw2image.cpp ++++ b/src/preprocessing/raw2image.cpp +@@ -43,6 +43,8 @@ void LibRaw::raw2image_start() + + // adjust for half mode! + IO.shrink = ++ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && ++ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && + P1.filters && + (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); + diff --git a/media-libs/libraw/libraw-0.21.1-r1.ebuild b/media-libs/libraw/libraw-0.21.1-r1.ebuild new file mode 100644 index 000000000000..98313a578726 --- /dev/null +++ b/media-libs/libraw/libraw-0.21.1-r1.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit multilib-minimal toolchain-funcs + +MY_PN=LibRaw +MY_PV="${PV/_b/-B}" +MY_P="${MY_PN}-${MY_PV}" + +DESCRIPTION="LibRaw is a library for reading RAW files obtained from digital photo cameras" +HOMEPAGE="https://www.libraw.org/ https://github.com/LibRaw/LibRaw"; +SRC_URI="https://www.libraw.org/data/${MY_P}.tar.gz"; + +LICENSE="LGPL-2.1 CDDL" +# SONAME isn't exactly the same as PV but it does correspond and +# libraw has unstable ABI across releases. +SLOT="0/$(ver_cut 1-2)" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="examples jpeg +lcms openmp zlib" + +RDEPEND=" + jpeg? ( media-libs/libjpeg-turbo:=[${MULTILIB_USEDEP}] ) + lcms? ( >=media-libs/lcms-2.5:2[${MULTILIB_USEDEP}] ) + zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +S="${WORKDIR}/${MY_P}" + +DOCS=( Changelog.txt README.md ) + +PATCHES=( "${FILESDIR}/${P}-CVE-2023-1729.patch" ) + +pkg_pretend() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +multilib_src_configure() { + local myeconfargs=( + --disable-jasper + $(multilib_native_use_enable examples) + $(use_enable jpeg) + $(use_enable lcms) + $(use_enable openmp) + $(use_enable zlib) + ) + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_install_all() { + einstalldocs + + # package installs .pc files + find "${D}" -name '*.la' -delete || die +}
