pool/libraw
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- added missing parts of the fix for CVE-2017-6887

Browse Source 
and CVE-2017-6886
    + libraw-CVE-2017-6887,6886.patch
- added missing fix for CVE-2017-6890 and CVE-2017-6899
  + libraw-CVE-2017-6890,6899.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=92
This commit is contained in:
Petr Gajdos 2017-05-23 07:48:34 +00:00 committed by Git OBS Bridge
parent 6ca3ea7ce2
commit 42297d1b65
4 changed files with 73 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
libraw-CVE-2017-6887,6886.patch Normal file
View File

@ -0,0 +1,34 @@
From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Sat, 4 Mar 2017 21:27:39 +0300
Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns
---
dcraw/dcraw.c | 12 ++++++++++--
internal/dcraw_common.cpp | 12 ++++++++++--
2 files changed, 20 insertions(+), 4 deletions(-)
Index: LibRaw-0.18.2/dcraw/dcraw.c
===================================================================
--- LibRaw-0.18.2.orig/dcraw/dcraw.c 2017-05-23 09:32:51.733561941 +0200
+++ LibRaw-0.18.2/dcraw/dcraw.c 2017-05-23 09:38:40.867531376 +0200
@@ -5842,6 +5842,10 @@ int CLASS parse_tiff_ifd (int base)
load_raw = &CLASS sony_arw_load_raw;
data_offset = get4()+base;
ifd++; break;
+#ifdef LIBRAW_LIBRARY_BUILD
+ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
}
while (len--) {
i = ftell(ifp);
@@ -6005,6 +6009,8 @@ int CLASS parse_tiff_ifd (int base)
break;
case 50454: /* Sinar tag */
case 50455:
+ if (len < 1 || len > 2560000)
+ break;
if (!(cbuf = (char *) malloc(len))) break;
fread (cbuf, 1, len, ifp);
for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n'))

30
libraw-CVE-2017-6890,6899.patch Normal file
View File

@ -0,0 +1,30 @@
--- a/dcraw/dcraw.c
+++ b/dcraw/dcraw.c
@@ -319,7 +319,7 @@ void CLASS foveon_huff (ushort *huff)
void CLASS foveon_dp_load_raw()
{
unsigned c, roff[4], row, col, diff;
- ushort huff[512], vpred[2][2], hpred[2];
+ ushort huff[1024], vpred[2][2], hpred[2];
fseek (ifp, 8, SEEK_CUR);
foveon_huff (huff);
@@ -346,12 +346,16 @@ void CLASS foveon_dp_load_raw()
void CLASS foveon_load_camf()
{
unsigned type, wide, high, i, j, row, col, diff;
- ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
+ ushort huff[1024], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
fseek (ifp, meta_offset, SEEK_SET);
type = get4(); get4(); get4();
wide = get4();
high = get4();
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(wide>32767 || high > 32767 || wide*high > 20000000)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
if (type == 2) {
fread (meta_data, 1, meta_length, ifp);
for (i=0; i < meta_length; i++) {

5
libraw.changes
View File

@ -10,6 +10,11 @@ Tue May 23 06:54:04 UTC 2017 - pgajdos@suse.com
Fixed bug in FujiExpoMidPointShift parser
Fixed wrong black level in Sony A350
Added standard integer types for VisualStudio 2008 and earlier
- added missing parts of the fix for CVE-2017-6887
and CVE-2017-6886
+ libraw-CVE-2017-6887,6886.patch
- added missing fix for CVE-2017-6890 and CVE-2017-6899
+ libraw-CVE-2017-6890,6899.patch
-------------------------------------------------------------------
Mon Jan 30 14:58:42 UTC 2017 - pgajdos@suse.com

4
libraw.spec
View File

@ -30,6 +30,8 @@ Url: http://www.libraw.org/
#Git-Clone: git://github.com/LibRaw/LibRaw
Source: http://www.libraw.org/data/%tar_name-%version.tar.gz
Patch0: libraw-CVE-2017-6890,6899.patch
Patch1: libraw-CVE-2017-6887,6886.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: libjasper-devel
@ -98,6 +100,8 @@ against LibRaw. LibRaw does not provide dynamic libraries.
%prep
%setup -qn %tar_name-%version
%patch0 -p1
%patch1 -p1
%build
export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"