diff options
| author |   Hans de Graaff <graaff@gentoo.org> | 2023-10-15 12:27:22 +0200 |
|---|---|---|
| committer | Hans de Graaff <graaff@gentoo.org> | 2023-10-15 12:27:56 +0200 |
| commit | 8bfc77ff0d80c08df6ca2401ef3c77faecd1680f (patch) | |
| tree | 7a4201f431b7d650722d946e3356c5bd77d26b04 /media-libs | |
| parent | kde-misc/kdiff3: drop 1.10.5 (diff) | |
| download | gentoo-8bfc77ff0d80c08df6ca2401ef3c77faecd1680f.tar.gz gentoo-8bfc77ff0d80c08df6ca2401ef3c77faecd1680f.tar.bz2 gentoo-8bfc77ff0d80c08df6ca2401ef3c77faecd1680f.zip | |
media-libs/libraw: fix CVE-2023-1729
Bug: https://bugs.gentoo.org/908041
Signed-off-by: Hans de Graaff <graaff@gentoo.org>
Diffstat (limited to 'media-libs')
| -rw-r--r-- | media-libs/libraw/files/libraw-0.21.1-CVE-2023-1729.patch | 22 | ||||
| -rw-r--r-- | media-libs/libraw/libraw-0.21.1-r1.ebuild | 62 |
2 files changed, 84 insertions, 0 deletions
diff --git a/media-libs/libraw/files/libraw-0.21.1-CVE-2023-1729.patch b/media-libs/libraw/files/libraw-0.21.1-CVE-2023-1729.patch new file mode 100644 index 000000000000..427b3c852c16 --- /dev/null +++ b/media-libs/libraw/files/libraw-0.21.1-CVE-2023-1729.patch @@ -0,0 +1,22 @@ +From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin <lexa@lexa.ru> +Date: Sat, 14 Jan 2023 18:32:59 +0300 +Subject: [PATCH] do not set shrink flag for 3/4 component images + +--- + src/preprocessing/raw2image.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp +index e65e2ad7..702cf290 100644 +--- a/src/preprocessing/raw2image.cpp ++++ b/src/preprocessing/raw2image.cpp +@@ -43,6 +43,8 @@ void LibRaw::raw2image_start() + + // adjust for half mode! + IO.shrink = ++ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && ++ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && + P1.filters && + (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); + diff --git a/media-libs/libraw/libraw-0.21.1-r1.ebuild b/media-libs/libraw/libraw-0.21.1-r1.ebuild new file mode 100644 index 000000000000..98313a578726 --- /dev/null +++ b/media-libs/libraw/libraw-0.21.1-r1.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit multilib-minimal toolchain-funcs + +MY_PN=LibRaw +MY_PV="${PV/_b/-B}" +MY_P="${MY_PN}-${MY_PV}" + +DESCRIPTION="LibRaw is a library for reading RAW files obtained from digital photo cameras" +HOMEPAGE="https://www.libraw.org/ https://github.com/LibRaw/LibRaw" +SRC_URI="https://www.libraw.org/data/${MY_P}.tar.gz" + +LICENSE="LGPL-2.1 CDDL" +# SONAME isn't exactly the same as PV but it does correspond and +# libraw has unstable ABI across releases. +SLOT="0/$(ver_cut 1-2)" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="examples jpeg +lcms openmp zlib" + +RDEPEND=" + jpeg? ( media-libs/libjpeg-turbo:=[${MULTILIB_USEDEP}] ) + lcms? ( >=media-libs/lcms-2.5:2[${MULTILIB_USEDEP}] ) + zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +S="${WORKDIR}/${MY_P}" + +DOCS=( Changelog.txt README.md ) + +PATCHES=( "${FILESDIR}/${P}-CVE-2023-1729.patch" ) + +pkg_pretend() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +multilib_src_configure() { + local myeconfargs=( + --disable-jasper + $(multilib_native_use_enable examples) + $(use_enable jpeg) + $(use_enable lcms) + $(use_enable openmp) + $(use_enable zlib) + ) + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_install_all() { + einstalldocs + + # package installs .pc files + find "${D}" -name '*.la' -delete || die +} |