pool/libraw
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=118

Browse Source
This commit is contained in:
Petr Gajdos 2018-08-01 12:20:41 +00:00 committed by Git OBS Bridge
parent 129f943f5f
commit dbea602fbb
4 changed files with 0 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
libraw-CVE-2018-5813.patch
View File

@ -1,42 +1,3 @@
Index: LibRaw-0.19.0/dcraw/dcraw.c
===================================================================
--- LibRaw-0.19.0.orig/dcraw/dcraw.c 2018-08-01 12:52:18.284642412 +0200
+++ LibRaw-0.19.0/dcraw/dcraw.c 2018-08-01 13:14:20.831394866 +0200
@@ -6364,17 +6364,33 @@ void CLASS apply_tiff()
void CLASS parse_minolta (int base)
{
- int save, tag, len, offset, high=0, wide=0, i, c;
+ int tag, len, offset, high=0, wide=0, i, c;
short sorder=order;
+#ifdef LIBRAW_LIBRARY_BUILD
+ INT64 save;
+#else
+ int save;
+#endif
fseek (ifp, base, SEEK_SET);
if (fgetc(ifp) || fgetc(ifp)-'M' || fgetc(ifp)-'R') return;
order = fgetc(ifp) * 0x101;
offset = base + get4() + 8;
+#ifdef LIBRAW_LIBRARY_BUILD
+ INT64 fsize = ifp->size();
+ if(offset>fsize-8) // At least 8 bytes for tag/len
+ offset = fsize-8;
+#endif
while ((save=ftell(ifp)) < offset) {
for (tag=i=0; i < 4; i++)
tag = tag << 8 | fgetc(ifp);
len = get4();
+ if(len < 0)
+ return; // just ignore wrong len?? or raise bad file exception?
+#ifdef LIBRAW_LIBRARY_BUILD
+ if((INT64)len + save + 8ULL > save)
+ return; // just ignore out of file metadata, stop parse
+#endif
switch (tag) {
case 0x505244: /* PRD */
fseek (ifp, 8, SEEK_CUR);
Index: LibRaw-0.19.0/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.19.0.orig/internal/dcraw_common.cpp 2018-08-01 12:52:18.288642432 +0200

13
libraw-CVE-2018-5815.patch
View File

@ -1,13 +0,0 @@
Index: LibRaw-0.19.0/dcraw/dcraw.c
===================================================================
--- LibRaw-0.19.0.orig/dcraw/dcraw.c 2018-08-01 13:33:31.125280841 +0200
+++ LibRaw-0.19.0/dcraw/dcraw.c 2018-08-01 13:34:22.757544606 +0200
@@ -6915,6 +6915,8 @@ void CLASS parse_qt (int end)
while (ftell(ifp)+7 < end) {
save = ftell(ifp);
if ((size = get4()) < 8) return;
+ if ((int)size < 0) return; // 2+GB is too much
+ if (save + size < save) return; // 32bit overflow
fread (tag, 4, 1, ifp);
if (!memcmp(tag,"moov",4) ||
!memcmp(tag,"udta",4) ||

2
libraw.changes
View File

@ -4,8 +4,6 @@ Wed Aug 1 11:07:43 UTC 2018 - pgajdos@suse.com
- security update
* CVE-2018-5813 [bsc#1103200]
+ libraw-CVE-2018-5813.patch
* CVE-2018-5815 [bsc#1103206]
+ libraw-CVE-2018-5815.patch
-------------------------------------------------------------------
Wed Aug 1 10:13:46 UTC 2018 - pgajdos@suse.com

2
libraw.spec
View File

@ -29,7 +29,6 @@ Url: https://www.libraw.org/
#Git-Clone: git://github.com/LibRaw/LibRaw
Source: https://www.libraw.org/data/%tar_name-%version.tar.gz
Patch0: libraw-CVE-2018-5813.patch
Patch1: libraw-CVE-2018-5815.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: libjasper-devel
@ -98,7 +97,6 @@ against LibRaw. LibRaw does not provide dynamic libraries.
%prep
%setup -qn %tar_name-%version
%patch0 -p1
%patch1 -p1
%build
export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"