- updated to 0.18.5:

Fix for possible buffer overrun in kodak_65000 decoder Fix for possible heap overrun in Canon makernotes parser Fix for CVE-2017-13735 CVE-2017-14265: Additional check for X-Trans CFA pattern data - remove upstreamed libraw-out-of-bounds-kodak.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=101
2017-09-25 12:52:49 +00:00 · 2017-09-25 12:52:49 +00:00 · 190b1818b5
commit 190b1818b5
parent 09a466b1ac
5 changed files with 14 additions and 29 deletions
--- a/LibRaw-0.18.4.tar.gz
+++ b/LibRaw-0.18.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eaf4931b46e65861e88bbe704ccf370381e94d63e9a898b889ded4e0cb3b0c97
-size 1281104
--- a/LibRaw-0.18.5.tar.gz
+++ b/LibRaw-0.18.5.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fa2a7d14d9dfaf6b368f958a76d79266b3f58c2bc367bebab56e11baa94da178
+size 1280046
--- a/libraw-out-of-bounds-kodak.patch
+++ b/libraw-out-of-bounds-kodak.patch
@ -1,23 +0,0 @@
-https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
-diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
-index 18bcdbcb..8fb2b073 100644
--- a/internal/dcraw_common.cpp
-+++ b/internal/dcraw_common.cpp
-@@ -3240,8 +3240,15 @@ void CLASS kodak_65000_load_raw()
-       len = MIN (256, width-col);
-       ret = kodak_65000_decode (buf, len);
-       for (i=0; i < len; i++)
-	if ((RAW(row,col+i) =	curve[ret ? buf[i] :
-		(pred[i & 1] += buf[i])]) >> 12) derror();
-+      {
-+	int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
-+	if(idx >=0 && idx <= 0xffff)
-+	 {
-+	   if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
-+         }
-+	 else
-+	   derror();
-+      }
-     }
-   }
- }
--- a/libraw.changes
+++ b/libraw.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Sep 25 12:42:43 UTC 2017 - pgajdos@suse.com
+
+- updated to 0.18.5:
+    Fix for possible buffer overrun in kodak_65000 decoder
+    Fix for possible heap overrun in Canon makernotes parser
+    Fix for CVE-2017-13735
+    CVE-2017-14265: Additional check for X-Trans CFA pattern data 
+- remove upstreamed libraw-out-of-bounds-kodak.patch
+
 -------------------------------------------------------------------
 Wed Sep 13 10:25:35 UTC 2017 - pgajdos@suse.com

--- a/libraw.spec
+++ b/libraw.spec
@ -21,7 +21,7 @@
 Name:           libraw
 %define lver    16
 %define lname	libraw%{lver}
-Version:        0.18.4
+Version:        0.18.5
 Release:        0
 Summary:        Library for reading RAW files obtained from digital photo cameras
 License:        CDDL-1.0 or LGPL-2.1
@ -30,7 +30,6 @@ Url:            http://www.libraw.org/

 #Git-Clone:	git://github.com/LibRaw/LibRaw
 Source:         http://www.libraw.org/data/%tar_name-%version.tar.gz
-Patch0:         libraw-out-of-bounds-kodak.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libjasper-devel
@ -99,7 +98,6 @@ against LibRaw. LibRaw does not provide dynamic libraries.

 %prep
 %setup -qn %tar_name-%version
-%patch0 -p1

 %build
 export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"