diff --git a/libraw-CVE-2018-5813.patch b/libraw-CVE-2018-5813.patch new file mode 100644 index 0000000..fbc7a5f --- /dev/null +++ b/libraw-CVE-2018-5813.patch @@ -0,0 +1,81 @@ +Index: LibRaw-0.19.0/dcraw/dcraw.c +=================================================================== +--- LibRaw-0.19.0.orig/dcraw/dcraw.c 2018-08-01 12:52:18.284642412 +0200 ++++ LibRaw-0.19.0/dcraw/dcraw.c 2018-08-01 13:14:20.831394866 +0200 +@@ -6364,17 +6364,33 @@ void CLASS apply_tiff() + + void CLASS parse_minolta (int base) + { +- int save, tag, len, offset, high=0, wide=0, i, c; ++ int tag, len, offset, high=0, wide=0, i, c; + short sorder=order; ++#ifdef LIBRAW_LIBRARY_BUILD ++ INT64 save; ++#else ++ int save; ++#endif + + fseek (ifp, base, SEEK_SET); + if (fgetc(ifp) || fgetc(ifp)-'M' || fgetc(ifp)-'R') return; + order = fgetc(ifp) * 0x101; + offset = base + get4() + 8; ++#ifdef LIBRAW_LIBRARY_BUILD ++ INT64 fsize = ifp->size(); ++ if(offset>fsize-8) // At least 8 bytes for tag/len ++ offset = fsize-8; ++#endif + while ((save=ftell(ifp)) < offset) { + for (tag=i=0; i < 4; i++) + tag = tag << 8 | fgetc(ifp); + len = get4(); ++ if(len < 0) ++ return; // just ignore wrong len?? or raise bad file exception? ++#ifdef LIBRAW_LIBRARY_BUILD ++ if((INT64)len + save + 8ULL > save) ++ return; // just ignore out of file metadata, stop parse ++#endif + switch (tag) { + case 0x505244: /* PRD */ + fseek (ifp, 8, SEEK_CUR); +Index: LibRaw-0.19.0/internal/dcraw_common.cpp +=================================================================== +--- LibRaw-0.19.0.orig/internal/dcraw_common.cpp 2018-08-01 12:52:18.288642432 +0200 ++++ LibRaw-0.19.0/internal/dcraw_common.cpp 2018-08-01 13:13:55.263263676 +0200 +@@ -14413,8 +14413,13 @@ void CLASS apply_tiff() + + void CLASS parse_minolta(int base) + { +- int save, tag, len, offset, high = 0, wide = 0, i, c; ++ int tag, len, offset, high = 0, wide = 0, i, c; + short sorder = order; ++#ifdef LIBRAW_LIBRARY_BUILD ++ INT64 save; ++#else ++ int save; ++#endif + + fseek(ifp, base, SEEK_SET); + if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R') +@@ -14422,8 +14427,9 @@ void CLASS parse_minolta(int base) + order = fgetc(ifp) * 0x101; + offset = base + get4() + 8; + #ifdef LIBRAW_LIBRARY_BUILD +- if(offset>ifp->size()-8) // At least 8 bytes for tag/len +- offset = ifp->size()-8; ++ INT64 fsize = ifp->size(); ++ if(offset>fsize-8) // At least 8 bytes for tag/len ++ offset = fsize-8; + #endif + + while ((save = ftell(ifp)) < offset) +@@ -14433,6 +14439,10 @@ void CLASS parse_minolta(int base) + len = get4(); + if(len < 0) + return; // just ignore wrong len?? or raise bad file exception? ++#ifdef LIBRAW_LIBRARY_BUILD ++ if((INT64)len + save + 8ULL > save) ++ return; // just ignore out of file metadata, stop parse ++#endif + switch (tag) + { + case 0x505244: /* PRD */ diff --git a/libraw.changes b/libraw.changes index 433b1fa..46b7201 100644 --- a/libraw.changes +++ b/libraw.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Aug 1 11:07:43 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2018-5813 [bsc#1103200] + + libraw-CVE-2018-5813.patch + ------------------------------------------------------------------- Wed Aug 1 10:13:46 UTC 2018 - pgajdos@suse.com diff --git a/libraw.spec b/libraw.spec index 2448db1..7863d50 100644 --- a/libraw.spec +++ b/libraw.spec @@ -28,6 +28,7 @@ Group: Development/Libraries/C and C++ Url: https://www.libraw.org/ #Git-Clone: git://github.com/LibRaw/LibRaw Source: https://www.libraw.org/data/%tar_name-%version.tar.gz +Patch0: libraw-CVE-2018-5813.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libjasper-devel @@ -95,6 +96,7 @@ against LibRaw. LibRaw does not provide dynamic libraries. %prep %setup -qn %tar_name-%version +%patch0 -p1 %build export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"