forked from pool/dcraw
This commit is contained in:
Fridrich Strba
Git OBS Bridge
parent
03d5eb364f
commit
1d2b5bc64c
17
dcraw-CVE-2021-3624.patch
Normal file
17
dcraw-CVE-2021-3624.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
--- dcraw/dcraw.c 2022-04-12 14:29:23.791896447 +0200
|
||||||
|
+++ dcraw/dcraw.c 2022-04-12 14:59:50.767180929 +0200
|
||||||
|
@@ -3289,7 +3289,13 @@
|
||||||
|
}
|
||||||
|
} else if (type == 4) {
|
||||||
|
free (meta_data);
|
||||||
|
- meta_data = (char *) malloc (meta_length = wide*high*3/2);
|
||||||
|
+ meta_data = NULL;
|
||||||
|
+ meta_length = wide*high*3/2;
|
||||||
|
+ if (meta_length/wide != high*3/2) {
|
||||||
|
+ fprintf(stderr, "Potential buffer overflow (meta_length %u, wide %u, high %u). Bailing out...\n", meta_length, wide, high);
|
||||||
|
+ longjmp(failure, 2);
|
||||||
|
+ }
|
||||||
|
+ meta_data = (char *) malloc (meta_length);
|
||||||
|
merror (meta_data, "foveon_load_camf()");
|
||||||
|
foveon_huff (huff);
|
||||||
|
get4();
|
||||||
@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 12 11:30:56 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
||||||
|
|
||||||
|
- Added patches:
|
||||||
|
* iowrappers.patch
|
||||||
|
+ Written wrappers of fread(),fwrite(),fseek() library functions
|
||||||
|
which check their return values. If an input/output failure is
|
||||||
|
detected, dcraw immediately exits with non-zero status and
|
||||||
|
prints a descriptive message (bsc#1097973, CVE-2018-5805;
|
||||||
|
bsc#1097974, CVE-2018-5806; bsc#1117622, CVE-2018-19565;
|
||||||
|
bsc#1117517, CVE-2018-19566; bsc#1117512, CVE-2018-19567;
|
||||||
|
bsc#1117436, CVE-2018-19568)
|
||||||
|
* dcraw-CVE-2021-3624.patch
|
||||||
|
+ Bail out if integer overflow happened and the allocated buffer
|
||||||
|
would be too small (bsc#1189642, CVE-2021-3624)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Aug 16 22:39:47 UTC 2020 - Matthias Eliasson <elimat@opensuse.org>
|
Sun Aug 16 22:39:47 UTC 2020 - Matthias Eliasson <elimat@opensuse.org>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package dcraw
|
# spec file for package dcraw
|
||||||
#
|
#
|
||||||
# Copyright (c) 2020 SUSE LLC
|
# Copyright (c) 2022 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -45,6 +45,8 @@ Patch2: dcraw-CVE-2017-14608.patch
|
|||||||
Patch3: dcraw-CVE-2018-19655.patch
|
Patch3: dcraw-CVE-2018-19655.patch
|
||||||
# PATCH-FIX-UPSTREAM dcraw-CVE-2018-5801.patch
|
# PATCH-FIX-UPSTREAM dcraw-CVE-2018-5801.patch
|
||||||
Patch4: dcraw-CVE-2018-5801.patch
|
Patch4: dcraw-CVE-2018-5801.patch
|
||||||
|
Patch5: iowrappers.patch
|
||||||
|
Patch6: dcraw-CVE-2021-3624.patch
|
||||||
BuildRequires: gettext-runtime
|
BuildRequires: gettext-runtime
|
||||||
BuildRequires: libjpeg-devel
|
BuildRequires: libjpeg-devel
|
||||||
BuildRequires: liblcms2-devel
|
BuildRequires: liblcms2-devel
|
||||||
@ -63,6 +65,8 @@ cp -a %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} .
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="%{optflags} -fno-strict-aliasing -fstack-protector-all"
|
export CFLAGS="%{optflags} -fno-strict-aliasing -fstack-protector-all"
|
||||||
|
|||||||
2636
iowrappers.patch
Normal file
2636
iowrappers.patch
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user