diff --git a/LibRaw-0.19.0.tar.gz b/LibRaw-0.19.0.tar.gz deleted file mode 100644 index 4216777..0000000 --- a/LibRaw-0.19.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e83f51e83b19f9ba6b8bd144475fc12edf2d7b3b930d8d280bdebd8a8f3ed259 -size 1300662 diff --git a/LibRaw-0.19.1.tar.gz b/LibRaw-0.19.1.tar.gz new file mode 100644 index 0000000..83a0a96 --- /dev/null +++ b/LibRaw-0.19.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a21019db16d87accbb8660056365ab09a204475c77c97b86c922bb972ce15ef6 +size 1302921 diff --git a/libraw-CVE-2018-5813.patch b/libraw-CVE-2018-5813.patch deleted file mode 100644 index 9ed8475..0000000 --- a/libraw-CVE-2018-5813.patch +++ /dev/null @@ -1,42 +0,0 @@ -Index: LibRaw-0.19.0/internal/dcraw_common.cpp -=================================================================== ---- LibRaw-0.19.0.orig/internal/dcraw_common.cpp 2018-08-01 12:52:18.288642432 +0200 -+++ LibRaw-0.19.0/internal/dcraw_common.cpp 2018-08-01 13:13:55.263263676 +0200 -@@ -14413,8 +14413,13 @@ void CLASS apply_tiff() - - void CLASS parse_minolta(int base) - { -- int save, tag, len, offset, high = 0, wide = 0, i, c; -+ int tag, len, offset, high = 0, wide = 0, i, c; - short sorder = order; -+#ifdef LIBRAW_LIBRARY_BUILD -+ INT64 save; -+#else -+ int save; -+#endif - - fseek(ifp, base, SEEK_SET); - if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R') -@@ -14422,8 +14427,9 @@ void CLASS parse_minolta(int base) - order = fgetc(ifp) * 0x101; - offset = base + get4() + 8; - #ifdef LIBRAW_LIBRARY_BUILD -- if(offset>ifp->size()-8) // At least 8 bytes for tag/len -- offset = ifp->size()-8; -+ INT64 fsize = ifp->size(); -+ if(offset>fsize-8) // At least 8 bytes for tag/len -+ offset = fsize-8; - #endif - - while ((save = ftell(ifp)) < offset) -@@ -14433,6 +14439,10 @@ void CLASS parse_minolta(int base) - len = get4(); - if(len < 0) - return; // just ignore wrong len?? or raise bad file exception? -+#ifdef LIBRAW_LIBRARY_BUILD -+ if((INT64)len + save + 8ULL > save) -+ return; // just ignore out of file metadata, stop parse -+#endif - switch (tag) - { - case 0x505244: /* PRD */ diff --git a/libraw.changes b/libraw.changes index 55efe4a..2f6ec7d 100644 --- a/libraw.changes +++ b/libraw.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Dec 11 08:48:02 UTC 2018 - Petr Gajdos + +- Updated to version 0.19.1 + * Finally: got Sinar 4shot sample, works fine now + * OpenMP critical sections for malloc/free; extra #ifdefs + removed; bin/dcraw_dist could be built again using Makefile.devel + * additional checks in parse_phase_one() + * more checks on file offsets/tag len in parse_minolta + * more checks in parse_ciff + * Mempool check reworked + * Old Leaf (16bit/3color/TIFF) support + * Fix cameraWB->autoWB fallback + * Polaroid x530 channel swap; get metadata pointer for Foveon files + * Fixed Secunia Advisory SA86384 + - possible infinite loop in unpacked_load_raw() + - possible infinite loop in parse_rollei() + - possible infinite loop in parse_sinar_ia() + ------------------------------------------------------------------- Thu Aug 2 08:33:57 UTC 2018 - asn@cryptomilk.org diff --git a/libraw.spec b/libraw.spec index 94a8080..f7f6c1d 100644 --- a/libraw.spec +++ b/libraw.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,7 +20,7 @@ %define lver 19 %define lname libraw%{lver} Name: libraw -Version: 0.19.0 +Version: 0.19.1 Release: 0 Summary: Library for reading RAW files obtained from digital photo cameras License: CDDL-1.0 OR LGPL-2.1-only @@ -28,7 +28,6 @@ Group: Development/Libraries/C and C++ Url: https://www.libraw.org/ #Git-Clone: git://github.com/LibRaw/LibRaw Source: https://www.libraw.org/data/%tar_name-%version.tar.gz -Patch0: libraw-CVE-2018-5813.patch Patch1: libraw-Add-Sony-ILCE-7M3.patch BuildRequires: fdupes BuildRequires: gcc-c++ @@ -97,7 +96,6 @@ against LibRaw. LibRaw does not provide dynamic libraries. %prep %setup -q -n %{tar_name}-%{version} -%patch0 -p1 %patch1 -p1 %build