Accepting request 497438 from graphics

- updated to 0.18.2: Fixed several errors (Secunia advisory SA75000) ACES colorspace output option included in dcraw_emu help page Avoided possible 32-bit overflows in Sony metadata parser Phase One flat field code called even for half-size output Camera Support: Sigma Quattro H Fixed bug in FujiExpoMidPointShift parser Fixed wrong black level in Sony A350 Added standard integer types for VisualStudio 2008 and earlier - added missing parts of the fix for CVE-2017-6887 and CVE-2017-6886 + libraw-CVE-2017-6887,6886.patch - added missing fix for CVE-2017-6890 and CVE-2017-6899 + libraw-CVE-2017-6890,6899.patch OBS-URL: https://build.opensuse.org/request/show/497438 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libraw?expand=0&rev=41
2017-06-02 08:29:29 +00:00 · 2017-06-02 08:29:29 +00:00 · 5f1247f28d
commit 5f1247f28d
parent 0ed1b0f149 b99517535d
6 changed files with 93 additions and 4 deletions
--- a/LibRaw-0.18.0.tar.gz
+++ b/LibRaw-0.18.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d56a0c9a0e6d1b8c8c5585346acf2cfb0554eee0f0948da66f580cd65c8c5c9b
-size 1278737
--- a/LibRaw-0.18.2.tar.gz
+++ b/LibRaw-0.18.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce366bb38c1144130737eb16e919038937b4dc1ab165179a225d5e847af2abc6
+size 1281674
--- a/libraw-CVE-2017-6887,6886.patch
+++ b/libraw-CVE-2017-6887,6886.patch
@ -0,0 +1,37 @@
+From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sat, 4 Mar 2017 21:27:39 +0300
+Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns
+
+---
+ dcraw/dcraw.c             | 12 ++++++++++--
+ internal/dcraw_common.cpp | 12 ++++++++++--
+ 2 files changed, 20 insertions(+), 4 deletions(-)
+
+Index: LibRaw-0.18.2/dcraw/dcraw.c
+===================================================================
+--- LibRaw-0.18.2.orig/dcraw/dcraw.c	2017-05-23 10:30:39.264790336 +0200
+++ LibRaw-0.18.2/dcraw/dcraw.c	2017-05-23 11:15:45.574900958 +0200
+@@ -5841,7 +5841,12 @@ int CLASS parse_tiff_ifd (int base)
+ 	if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) {
+ 	  load_raw = &CLASS sony_arw_load_raw;
+ 	  data_offset = get4()+base;
+-	  ifd++;  break;
+	  ifd++;  
+#ifdef LIBRAW_LIBRARY_BUILD
+          if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
+            throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif  
+          break; 
+ 	}
+ 	while (len--) {
+ 	  i = ftell(ifp);
+@@ -6005,6 +6010,8 @@ int CLASS parse_tiff_ifd (int base)
+ 	break;
+       case 50454:			/* Sinar tag */
+       case 50455:
+        if (len < 1 || len > 2560000)
+          break;
+ 	if (!(cbuf = (char *) malloc(len))) break;
+ 	fread (cbuf, 1, len, ifp);
+ 	for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n'))
--- a/libraw-CVE-2017-6890,6899.patch
+++ b/libraw-CVE-2017-6890,6899.patch
@ -0,0 +1,30 @@
+--- a/dcraw/dcraw.c
+++ b/dcraw/dcraw.c
+@@ -319,7 +319,7 @@ void CLASS foveon_huff (ushort *huff)
+ void CLASS foveon_dp_load_raw()
+ {
+   unsigned c, roff[4], row, col, diff;
+-  ushort huff[512], vpred[2][2], hpred[2];
+  ushort huff[1024], vpred[2][2], hpred[2];
+ 
+   fseek (ifp, 8, SEEK_CUR);
+   foveon_huff (huff);
+@@ -346,12 +346,16 @@ void CLASS foveon_dp_load_raw()
+ void CLASS foveon_load_camf()
+ {
+   unsigned type, wide, high, i, j, row, col, diff;
+-  ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
+  ushort huff[1024], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
+ 
+   fseek (ifp, meta_offset, SEEK_SET);
+   type = get4();  get4();  get4();
+   wide = get4();
+   high = get4();
+#ifdef LIBRAW_LIBRARY_BUILD
+  if(wide>32767 || high > 32767 || wide*high > 20000000)
+     throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
+   if (type == 2) {
+     fread (meta_data, 1, meta_length, ifp);
+     for (i=0; i < meta_length; i++) {
+
--- a/libraw.changes
+++ b/libraw.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue May 23 06:54:04 UTC 2017 - pgajdos@suse.com
+
+- updated to 0.18.2:
+    Fixed several errors (Secunia advisory SA75000)
+    ACES colorspace output option included in dcraw_emu help page
+    Avoided possible 32-bit overflows in Sony metadata parser
+    Phase One flat field code called even for half-size output  
+    Camera Support: Sigma Quattro H
+    Fixed bug in FujiExpoMidPointShift parser
+    Fixed wrong black level in Sony A350
+    Added standard integer types for VisualStudio 2008 and earlier
+- added missing parts of the fix for CVE-2017-6887 
+  and CVE-2017-6886
+    + libraw-CVE-2017-6887,6886.patch
+- added missing fix for CVE-2017-6890 and CVE-2017-6899
+  + libraw-CVE-2017-6890,6899.patch
+
 -------------------------------------------------------------------
 Mon Jan 30 14:58:42 UTC 2017 - pgajdos@suse.com

--- a/libraw.spec
+++ b/libraw.spec
@ -21,7 +21,7 @@
 Name:           libraw
 %define lver    16
 %define lname	libraw%{lver}
-Version:        0.18.0
+Version:        0.18.2
 Release:        0
 Summary:        Library for reading RAW files obtained from digital photo cameras
 License:        CDDL-1.0 or LGPL-2.1
@ -30,6 +30,8 @@ Url:            http://www.libraw.org/

 #Git-Clone:	git://github.com/LibRaw/LibRaw
 Source:         http://www.libraw.org/data/%tar_name-%version.tar.gz
+Patch0:         libraw-CVE-2017-6890,6899.patch
+Patch1:         libraw-CVE-2017-6887,6886.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libjasper-devel
@ -98,6 +100,8 @@ against LibRaw. LibRaw does not provide dynamic libraries.

 %prep
 %setup -qn %tar_name-%version
+%patch0 -p1
+%patch1 -p1

 %build
 export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"