From 05a2c7fed4b39ed1ac0540d9b7722c30103448ea Mon Sep 17 00:00:00 2001
From: lzq11122 <lzq02303433@alibaba-inc.com>
Date: Fri, 17 Apr 2026 15:40:32 +0800
Subject: [PATCH] Add patch to fix CVE-2026-20889

---
 0001-add-patch-to-fix-CVE-2026-20889.patch | 31 ++++++++++++++++++++++
 LibRaw.spec                                |  8 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 0001-add-patch-to-fix-CVE-2026-20889.patch

diff --git a/0001-add-patch-to-fix-CVE-2026-20889.patch b/0001-add-patch-to-fix-CVE-2026-20889.patch
new file mode 100644
index 0000000..7d17d14
--- /dev/null
+++ b/0001-add-patch-to-fix-CVE-2026-20889.patch
@@ -0,0 +1,31 @@
+From 657b68d20456eaeb9639976f328827195ff41383 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sun, 1 Mar 2026 19:54:16 +0300
+Subject: [PATCH] Fix for TALOS-2026-2358
+---
+ src/x3f/x3f_utils_patched.cpp | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/x3f/x3f_utils_patched.cpp b/src/x3f/x3f_utils_patched.cpp
+index 68b0f0c..84c7d35 100644
+--- a/src/x3f/x3f_utils_patched.cpp
++++ b/src/x3f/x3f_utils_patched.cpp
+@@ -1259,8 +1259,14 @@ static uint32_t read_data_block(void **data, x3f_info_t *I,
+   if (fpos + size > I->input.file->size())
+     throw LIBRAW_EXCEPTION_IO_CORRUPT;
+  
+-  *data = (void *)x3f_limited_malloc(size);
++   // All known files from real cameras are many times smaller than 1 GB, so the hard limit is OK here.
++
++  if(size > 1024*1024*1024)
++    throw LIBRAW_EXCEPTION_ALLOC;
+ 
++  *data = (void *)x3f_limited_malloc(size);
++  if (!*data)
++	  throw LIBRAW_EXCEPTION_ALLOC;
+   GETN(*data, size);
+ 
+   return size;
+-- 
+2.43.7
+
diff --git a/LibRaw.spec b/LibRaw.spec
index 719a194..5f08dff 100644
--- a/LibRaw.spec
+++ b/LibRaw.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 %global somajor 25
 # feature macro to enable samples (or not)
@@ -10,6 +10,8 @@ Version: 0.22.1
 Release: %{anolis_release}%{dist}
 License: BSD and (CDDL-1.0 or LGPLv2)
 URL: http://www.libraw.org
+# https://github.com/LibRaw/LibRaw/commit/657b68d20456eaeb9639976f328827195ff41383
+Patch0001:     0001-add-patch-to-fix-CVE-2026-20889.patch 
 
 BuildRequires: gcc-c++
 BuildRequires: pkgconfig(lcms2)
@@ -125,6 +127,10 @@ rm -fv samples/*.o
 %{_docdir}/libraw/*
 
 %changelog
+* Fri Apr 17 2026 lzq11122 <lzq02303433@alibaba-inc.com> - 0.22.1-2
+- Add patch to fix CVE-2026-20889
+- Additional patches need to be added after upgrading
+
 * Mon Apr 13 2026 lzq11122 <lzq02303433@alibaba-inc.com> - 0.22.1-1
 - Update to 0.22.1 to fix CVE-2026-5342,CVE-2026-5318,CVE-2026-20889
 - Remove patch for new version fixed
-- 
Gitee