pool/libraw
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Updated to version 0.19.1

Browse Source 
* Finally: got Sinar 4shot sample, works fine now
  * OpenMP critical sections for malloc/free; extra #ifdefs
    removed; bin/dcraw_dist could be built again using Makefile.devel
  * additional checks in parse_phase_one()
  * more checks on file offsets/tag len in parse_minolta
  * more checks in parse_ciff
  * Mempool check reworked
  * Old Leaf (16bit/3color/TIFF) support
  * Fix cameraWB->autoWB fallback
  * Polaroid x530 channel swap; get metadata pointer for Foveon files
  * Fixed Secunia Advisory SA86384
    - possible infinite loop in unpacked_load_raw()
    - possible infinite loop in parse_rollei()
    - possible infinite loop in parse_sinar_ia()

OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=121
This commit is contained in:
Petr Gajdos 2018-12-11 08:56:25 +00:00 committed by Git OBS Bridge
parent 61ceba12d2
commit c2cd305880
5 changed files with 24 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
LibRaw-0.19.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e83f51e83b19f9ba6b8bd144475fc12edf2d7b3b930d8d280bdebd8a8f3ed259
size 1300662

3
LibRaw-0.19.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a21019db16d87accbb8660056365ab09a204475c77c97b86c922bb972ce15ef6
size 1302921

42
libraw-CVE-2018-5813.patch
View File

@ -1,42 +0,0 @@
Index: LibRaw-0.19.0/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.19.0.orig/internal/dcraw_common.cpp 2018-08-01 12:52:18.288642432 +0200
+++ LibRaw-0.19.0/internal/dcraw_common.cpp 2018-08-01 13:13:55.263263676 +0200
@@ -14413,8 +14413,13 @@ void CLASS apply_tiff()
void CLASS parse_minolta(int base)
{
- int save, tag, len, offset, high = 0, wide = 0, i, c;
+ int tag, len, offset, high = 0, wide = 0, i, c;
short sorder = order;
+#ifdef LIBRAW_LIBRARY_BUILD
+ INT64 save;
+#else
+ int save;
+#endif
fseek(ifp, base, SEEK_SET);
if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R')
@@ -14422,8 +14427,9 @@ void CLASS parse_minolta(int base)
order = fgetc(ifp) * 0x101;
offset = base + get4() + 8;
#ifdef LIBRAW_LIBRARY_BUILD
- if(offset>ifp->size()-8) // At least 8 bytes for tag/len
- offset = ifp->size()-8;
+ INT64 fsize = ifp->size();
+ if(offset>fsize-8) // At least 8 bytes for tag/len
+ offset = fsize-8;
#endif
while ((save = ftell(ifp)) < offset)
@@ -14433,6 +14439,10 @@ void CLASS parse_minolta(int base)
len = get4();
if(len < 0)
return; // just ignore wrong len?? or raise bad file exception?
+#ifdef LIBRAW_LIBRARY_BUILD
+ if((INT64)len + save + 8ULL > save)
+ return; // just ignore out of file metadata, stop parse
+#endif
switch (tag)
{
case 0x505244: /* PRD */

19
libraw.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Tue Dec 11 08:48:02 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
- Updated to version 0.19.1
* Finally: got Sinar 4shot sample, works fine now
* OpenMP critical sections for malloc/free; extra #ifdefs
removed; bin/dcraw_dist could be built again using Makefile.devel
* additional checks in parse_phase_one()
* more checks on file offsets/tag len in parse_minolta
* more checks in parse_ciff
* Mempool check reworked
* Old Leaf (16bit/3color/TIFF) support
* Fix cameraWB->autoWB fallback
* Polaroid x530 channel swap; get metadata pointer for Foveon files
* Fixed Secunia Advisory SA86384
- possible infinite loop in unpacked_load_raw()
- possible infinite loop in parse_rollei()
- possible infinite loop in parse_sinar_ia()
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 2 08:33:57 UTC 2018 - asn@cryptomilk.org Thu Aug 2 08:33:57 UTC 2018 - asn@cryptomilk.org

6
libraw.spec
View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -20,7 +20,7 @@
%define lver 19 %define lver 19
%define lname libraw%{lver} %define lname libraw%{lver}
Name: libraw Name: libraw
Version: 0.19.0 Version: 0.19.1
Release: 0 Release: 0
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
License: CDDL-1.0 OR LGPL-2.1-only License: CDDL-1.0 OR LGPL-2.1-only
@ -28,7 +28,6 @@ Group: Development/Libraries/C and C++
Url: https://www.libraw.org/ Url: https://www.libraw.org/
#Git-Clone: git://github.com/LibRaw/LibRaw #Git-Clone: git://github.com/LibRaw/LibRaw
Source: https://www.libraw.org/data/%tar_name-%version.tar.gz Source: https://www.libraw.org/data/%tar_name-%version.tar.gz
Patch0: libraw-CVE-2018-5813.patch
Patch1: libraw-Add-Sony-ILCE-7M3.patch Patch1: libraw-Add-Sony-ILCE-7M3.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -97,7 +96,6 @@ against LibRaw. LibRaw does not provide dynamic libraries.
%prep %prep
%setup -q -n %{tar_name}-%{version} %setup -q -n %{tar_name}-%{version}
%patch0 -p1
%patch1 -p1 %patch1 -p1
%build %build