diff --git a/0.21.1.tar.gz b/0.21.1.tar.gz deleted file mode 100644 index edd7943462c93166e52cb0c075b47cf6687d32e8..0000000000000000000000000000000000000000 Binary files a/0.21.1.tar.gz and /dev/null differ diff --git a/CVE-2023-1729.patch b/CVE-2023-1729.patch deleted file mode 100644 index 427b3c852c168112af58b62c48532d610435e532..0000000000000000000000000000000000000000 --- a/CVE-2023-1729.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001 -From: Alex Tutubalin -Date: Sat, 14 Jan 2023 18:32:59 +0300 -Subject: [PATCH] do not set shrink flag for 3/4 component images - ---- - src/preprocessing/raw2image.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp -index e65e2ad7..702cf290 100644 ---- a/src/preprocessing/raw2image.cpp -+++ b/src/preprocessing/raw2image.cpp -@@ -43,6 +43,8 @@ void LibRaw::raw2image_start() - - // adjust for half mode! - IO.shrink = -+ !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image && -+ !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image && - P1.filters && - (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1))); - diff --git a/LibRaw-0.21.2.tar.gz b/LibRaw-0.21.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..a3aedf815d6bb5cb94237573bcbfb2576c0a4726 Binary files /dev/null and b/LibRaw-0.21.2.tar.gz differ diff --git a/LibRaw-pkgconfig.patch b/LibRaw-pkgconfig.patch deleted file mode 100644 index 0c8ae94c1f97ea35b1c972b5e1852bf1e3c63c38..0000000000000000000000000000000000000000 --- a/LibRaw-pkgconfig.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- LibRaw-0.21.0/libraw.pc.in~ 2022-12-18 01:26:41.000000000 -0600 -+++ LibRaw-0.21.0/libraw.pc.in 2022-12-19 10:27:02.793929537 -0600 -@@ -6,7 +6,9 @@ - Name: libraw - Description: Raw image decoder library (non-thread-safe) - Requires: @PACKAGE_REQUIRES@ -+Requires.private: @PACKAGE_REQUIRES@ - Version: @PACKAGE_VERSION@ --Libs: -L${libdir} -lraw -lstdc++@PC_OPENMP@ -+Libs: -L${libdir} -lraw@PC_OPENMP@ -+Libs.private: -lstdc++ - Libs.private: @PACKAGE_LIBS_PRIVATE@ - Cflags: -I${includedir}/libraw -I${includedir} ---- LibRaw-0.21.0/libraw_r.pc.in~ 2022-12-18 01:26:41.000000000 -0600 -+++ LibRaw-0.21.0/libraw_r.pc.in 2022-12-19 10:28:30.620571338 -0600 -@@ -6,7 +6,8 @@ - Name: libraw - Description: Raw image decoder library (thread-safe) - Requires: @PACKAGE_REQUIRES@ -+Requires.private: @PACKAGE_REQUIRES@ - Version: @PACKAGE_VERSION@ --Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@ -+Libs: -L${libdir} -lraw_r@PC_OPENMP@ - Libs.private: @PACKAGE_LIBS_PRIVATE@ - Cflags: -I${includedir}/libraw -I${includedir} diff --git a/LibRaw.spec b/LibRaw.spec index 0c0829ade362e6e41b991d5ec5bccb366e92dc47..f4e20499bf0a16eed042aca59cb2fc5a5e229f91 100644 --- a/LibRaw.spec +++ b/LibRaw.spec @@ -1,12 +1,10 @@ Name: LibRaw -Version: 0.21.1 -Release: 2 +Version: 0.21.2 +Release: 1 Summary: Library for reading RAW files obtained from digital photo cameras License: BSD-3-Clause and (CDDL-1.0 or LGPL-2.1-only) URL: http://www.libraw.org -Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz -Patch0: LibRaw-pkgconfig.patch -Patch1: CVE-2023-1729.patch +Source0: http://github.com/LibRaw/LibRaw/archive/%{name}-%{version}.tar.gz BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) BuildRequires: autoconf automake libtool make @@ -65,6 +63,17 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o %exclude %{_docdir}/libraw/* %changelog +* Fri Mar 8 2024 songliyang - 0.21.2-1 +- Upgrade to 0.21.2 +- New compile-defined limit LIBRAW_MAX_PROFILE_SIZE_MB: limits allocation/read size for embedded color profile (default: 256Mb) +- Embedded color profile allocation/read size: limited by input file size. +- Multiple fixes (mostly inspired by oss-fuzz) to improve library stability and/or input checks. +- raw-identify: use fallback if PATH_MAX not available +- Disabled color conversion for Canon 16-bit thumbnails +- docs/changelog: explained the case when no thumbnail is found in specific file +- swapXX renamed to libraw_swapXX to avoid name conflict +- better striped thumbnails handling + * Mon May 15 2023 yaoxin - 0.21.1-2 - Fix CVE-2023-1729