From cb174e895ef0535f215f5236ae9efcc93b2bc983655c3648b9809194ca3c409d Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Fri, 15 Sep 2017 09:35:46 +0000 Subject: [PATCH] - updated to 0.18.4: * Fix for possible heap overrun in Canon makernotes parser * Fix for CVE-2017-13735 * CVE-2017-14265: Additional check for X-Trans CFA pattern data - remove libraw-CVE-2017-6887,6886.patch and libraw-CVE-2017-6890,6899.patch: no need to patch dcraw.c, it is not used OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=96 --- LibRaw-0.18.2.tar.gz | 3 --- LibRaw-0.18.4.tar.gz | 3 +++ libraw-CVE-2017-6887,6886.patch | 37 --------------------------------- libraw-CVE-2017-6890,6899.patch | 30 -------------------------- libraw.changes | 11 ++++++++++ libraw.spec | 6 +----- 6 files changed, 15 insertions(+), 75 deletions(-) delete mode 100644 LibRaw-0.18.2.tar.gz create mode 100644 LibRaw-0.18.4.tar.gz delete mode 100644 libraw-CVE-2017-6887,6886.patch delete mode 100644 libraw-CVE-2017-6890,6899.patch diff --git a/LibRaw-0.18.2.tar.gz b/LibRaw-0.18.2.tar.gz deleted file mode 100644 index a1c6145..0000000 --- a/LibRaw-0.18.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ce366bb38c1144130737eb16e919038937b4dc1ab165179a225d5e847af2abc6 -size 1281674 diff --git a/LibRaw-0.18.4.tar.gz b/LibRaw-0.18.4.tar.gz new file mode 100644 index 0000000..9f84616 --- /dev/null +++ b/LibRaw-0.18.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eaf4931b46e65861e88bbe704ccf370381e94d63e9a898b889ded4e0cb3b0c97 +size 1281104 diff --git a/libraw-CVE-2017-6887,6886.patch b/libraw-CVE-2017-6887,6886.patch deleted file mode 100644 index 1670a17..0000000 --- a/libraw-CVE-2017-6887,6886.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001 -From: Alex Tutubalin -Date: Sat, 4 Mar 2017 21:27:39 +0300 -Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns - ---- - dcraw/dcraw.c | 12 ++++++++++-- - internal/dcraw_common.cpp | 12 ++++++++++-- - 2 files changed, 20 insertions(+), 4 deletions(-) - -Index: LibRaw-0.18.2/dcraw/dcraw.c -=================================================================== ---- LibRaw-0.18.2.orig/dcraw/dcraw.c 2017-05-23 10:30:39.264790336 +0200 -+++ LibRaw-0.18.2/dcraw/dcraw.c 2017-05-23 11:15:45.574900958 +0200 -@@ -5841,7 +5841,12 @@ int CLASS parse_tiff_ifd (int base) - if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) { - load_raw = &CLASS sony_arw_load_raw; - data_offset = get4()+base; -- ifd++; break; -+ ifd++; -+#ifdef LIBRAW_LIBRARY_BUILD -+ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0]) -+ throw LIBRAW_EXCEPTION_IO_CORRUPT; -+#endif -+ break; - } - while (len--) { - i = ftell(ifp); -@@ -6005,6 +6010,8 @@ int CLASS parse_tiff_ifd (int base) - break; - case 50454: /* Sinar tag */ - case 50455: -+ if (len < 1 || len > 2560000) -+ break; - if (!(cbuf = (char *) malloc(len))) break; - fread (cbuf, 1, len, ifp); - for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n')) diff --git a/libraw-CVE-2017-6890,6899.patch b/libraw-CVE-2017-6890,6899.patch deleted file mode 100644 index b9fcaaf..0000000 --- a/libraw-CVE-2017-6890,6899.patch +++ /dev/null @@ -1,30 +0,0 @@ ---- a/dcraw/dcraw.c -+++ b/dcraw/dcraw.c -@@ -319,7 +319,7 @@ void CLASS foveon_huff (ushort *huff) - void CLASS foveon_dp_load_raw() - { - unsigned c, roff[4], row, col, diff; -- ushort huff[512], vpred[2][2], hpred[2]; -+ ushort huff[1024], vpred[2][2], hpred[2]; - - fseek (ifp, 8, SEEK_CUR); - foveon_huff (huff); -@@ -346,12 +346,16 @@ void CLASS foveon_dp_load_raw() - void CLASS foveon_load_camf() - { - unsigned type, wide, high, i, j, row, col, diff; -- ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2]; -+ ushort huff[1024], vpred[2][2] = {{512,512},{512,512}}, hpred[2]; - - fseek (ifp, meta_offset, SEEK_SET); - type = get4(); get4(); get4(); - wide = get4(); - high = get4(); -+#ifdef LIBRAW_LIBRARY_BUILD -+ if(wide>32767 || high > 32767 || wide*high > 20000000) -+ throw LIBRAW_EXCEPTION_IO_CORRUPT; -+#endif - if (type == 2) { - fread (meta_data, 1, meta_length, ifp); - for (i=0; i < meta_length; i++) { - diff --git a/libraw.changes b/libraw.changes index 3068ca3..0630cf5 100644 --- a/libraw.changes +++ b/libraw.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Sep 13 10:25:35 UTC 2017 - pgajdos@suse.com + +- updated to 0.18.4: + * Fix for possible heap overrun in Canon makernotes parser + * Fix for CVE-2017-13735 + * CVE-2017-14265: Additional check for X-Trans CFA pattern data +- remove libraw-CVE-2017-6887,6886.patch and + libraw-CVE-2017-6890,6899.patch: + no need to patch dcraw.c, it is not used + ------------------------------------------------------------------- Tue May 23 06:54:04 UTC 2017 - pgajdos@suse.com diff --git a/libraw.spec b/libraw.spec index 5161001..2cdf580 100644 --- a/libraw.spec +++ b/libraw.spec @@ -21,7 +21,7 @@ Name: libraw %define lver 16 %define lname libraw%{lver} -Version: 0.18.2 +Version: 0.18.4 Release: 0 Summary: Library for reading RAW files obtained from digital photo cameras License: CDDL-1.0 or LGPL-2.1 @@ -30,8 +30,6 @@ Url: http://www.libraw.org/ #Git-Clone: git://github.com/LibRaw/LibRaw Source: http://www.libraw.org/data/%tar_name-%version.tar.gz -Patch0: libraw-CVE-2017-6890,6899.patch -Patch1: libraw-CVE-2017-6887,6886.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libjasper-devel @@ -100,8 +98,6 @@ against LibRaw. LibRaw does not provide dynamic libraries. %prep %setup -qn %tar_name-%version -%patch0 -p1 -%patch1 -p1 %build export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"