- security update

* CVE-2018-5813 [bsc#1103200]
    + libraw-CVE-2018-5813.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=116

libraw-CVE-2018-5813.patch

@@ -0,0 +1,81 @@
+Index: LibRaw-0.19.0/dcraw/dcraw.c
+===================================================================
+--- LibRaw-0.19.0.orig/dcraw/dcraw.c	2018-08-01 12:52:18.284642412 +0200
++++ LibRaw-0.19.0/dcraw/dcraw.c	2018-08-01 13:14:20.831394866 +0200
+@@ -6364,17 +6364,33 @@ void CLASS apply_tiff()
+ 
+ void CLASS parse_minolta (int base)
+ {
+-  int save, tag, len, offset, high=0, wide=0, i, c;
++  int tag, len, offset, high=0, wide=0, i, c;
+   short sorder=order;
++#ifdef LIBRAW_LIBRARY_BUILD
++  INT64 save;
++#else
++  int save;
++#endif
+ 
+   fseek (ifp, base, SEEK_SET);
+   if (fgetc(ifp) || fgetc(ifp)-'M' || fgetc(ifp)-'R') return;
+   order = fgetc(ifp) * 0x101;
+   offset = base + get4() + 8;
++#ifdef LIBRAW_LIBRARY_BUILD
++  INT64 fsize = ifp->size();
++  if(offset>fsize-8) // At least 8 bytes for tag/len
++    offset = fsize-8;
++#endif
+   while ((save=ftell(ifp)) < offset) {
+     for (tag=i=0; i < 4; i++)
+       tag = tag << 8 | fgetc(ifp);
+     len = get4();
++    if(len < 0)
++      return; // just ignore wrong len?? or raise bad file exception?
++#ifdef LIBRAW_LIBRARY_BUILD
++    if((INT64)len + save + 8ULL > save)
++      return; // just ignore out of file metadata, stop parse
++#endif
+     switch (tag) {
+       case 0x505244:				/* PRD */
+ 	fseek (ifp, 8, SEEK_CUR);
+Index: LibRaw-0.19.0/internal/dcraw_common.cpp
+===================================================================
+--- LibRaw-0.19.0.orig/internal/dcraw_common.cpp	2018-08-01 12:52:18.288642432 +0200
++++ LibRaw-0.19.0/internal/dcraw_common.cpp	2018-08-01 13:13:55.263263676 +0200
+@@ -14413,8 +14413,13 @@ void CLASS apply_tiff()
+ 
+ void CLASS parse_minolta(int base)
+ {
+-  int save, tag, len, offset, high = 0, wide = 0, i, c;
++  int tag, len, offset, high = 0, wide = 0, i, c;
+   short sorder = order;
++#ifdef LIBRAW_LIBRARY_BUILD
++  INT64 save;
++#else
++  int save;
++#endif
+ 
+   fseek(ifp, base, SEEK_SET);
+   if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R')
+@@ -14422,8 +14427,9 @@ void CLASS parse_minolta(int base)
+   order = fgetc(ifp) * 0x101;
+   offset = base + get4() + 8;
+ #ifdef LIBRAW_LIBRARY_BUILD
+-  if(offset>ifp->size()-8) // At least 8 bytes for tag/len
+-    offset = ifp->size()-8;
++  INT64 fsize = ifp->size();
++  if(offset>fsize-8) // At least 8 bytes for tag/len
++    offset = fsize-8;
+ #endif
+ 
+   while ((save = ftell(ifp)) < offset)
+@@ -14433,6 +14439,10 @@ void CLASS parse_minolta(int base)
+     len = get4();
+     if(len < 0)
+       return; // just ignore wrong len?? or raise bad file exception?
++#ifdef LIBRAW_LIBRARY_BUILD
++    if((INT64)len + save + 8ULL > save)
++      return; // just ignore out of file metadata, stop parse
++#endif
+     switch (tag)
+     {
+     case 0x505244: /* PRD */

libraw.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Aug  1 11:07:43 UTC 2018 - pgajdos@suse.com
+
+- security update
+  * CVE-2018-5813 [bsc#1103200]
+    + libraw-CVE-2018-5813.patch
+
 -------------------------------------------------------------------
 Wed Aug  1 10:13:46 UTC 2018 - pgajdos@suse.com
 

libraw.spec

@@ -28,6 +28,7 @@ Group:          Development/Libraries/C and C++
 Url:            https://www.libraw.org/
 #Git-Clone:	git://github.com/LibRaw/LibRaw
 Source:         https://www.libraw.org/data/%tar_name-%version.tar.gz
+Patch0:         libraw-CVE-2018-5813.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libjasper-devel
@@ -95,6 +96,7 @@ against LibRaw. LibRaw does not provide dynamic libraries.
 
 %prep
 %setup -qn %tar_name-%version
+%patch0 -p1
 
 %build
 export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"