diff --git a/README b/README index 686da6b..a50b707 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -http://www.cybercom.net/~dcoffin/dcraw/: +https://www.dechifro.org/dcraw/: [1]Back to Dave Coffin's Home Page @@ -71,7 +71,7 @@ http://www.cybercom.net/~dcoffin/dcraw/: execute permission. * [17]dcraw.c -- decodes raw photos, extracts thumbnails, and displays metadata - Supports 688 cameras at last count. Compile with "gcc -o dcraw -O4 + Supports 731 cameras at last count. Compile with "gcc -o dcraw -O4 dcraw.c -lm -ljasper -ljpeg -llcms2" or "gcc -o dcraw -O4 dcraw.c -lm -DNODEPS". Run with no arguments to see a usage message. Don't complain that 16-bit output is too dark -- read the [18]FAQ! @@ -465,6 +465,7 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Canon EOS 50D * Canon EOS 60D * Canon EOS 70D + * Canon EOS 77D / 9000D * Canon EOS 80D * Canon EOS 300D / Digital Rebel / Kiss Digital * Canon EOS 350D / Digital Rebel XT / Kiss Digital N @@ -477,11 +478,14 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Canon EOS 700D / Digital Rebel T5i / Kiss Digital X7i * Canon EOS 750D / Digital Rebel T6i / Kiss Digital X8i * Canon EOS 760D / Digital Rebel T6s / Kiss Digital X9 + * Canon EOS 800D / Digital Rebel T7i / Kiss Digital X9i * Canon EOS 100D / Digital Rebel SL1 / Kiss Digital X7 * Canon EOS 1000D / Digital Rebel XS / Kiss Digital F * Canon EOS 1100D / Digital Rebel T3 / Kiss Digital X50 * Canon EOS 1200D / Digital Rebel T5 / Kiss Digital X70 * Canon EOS 1300D / Digital Rebel T6 / Kiss Digital X80 + * Canon EOS 1500D / Digital Rebel T7 / Kiss Digital X90 / EOS 2000D + * Canon EOS 3000D / Digital Rebel T100 / EOS 4000D * Canon EOS C500 * Canon EOS D2000C * Canon EOS M @@ -564,15 +568,19 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Fuji X-E1 * Fuji X-E2 * Fuji X-E2S + * Fuji X-H1 * Fuji X-M1 * Fuji X-S1 * Fuji X-T1 + * Fuji X-T2 * Fuji X-T10 + * Fuji X-T20 * Fuji XF1 * Fuji XQ1 * Fuji XQ2 * Fuji X100 - * Fuji X100s + * Fuji X100F + * Fuji X100S * Fuji X100T * Fuji X10 * Fuji X20 @@ -584,6 +592,7 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Hasselblad H3D * Hasselblad H4D * Hasselblad V96C + * Hasselblad X1D * Imacon Ixpress 16-megapixel * Imacon Ixpress 22-megapixel * Imacon Ixpress 39-megapixel @@ -649,6 +658,7 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Leaf Valeo 22 * Leaf Volare * Leica C (Typ 112) + * Leica CL * Leica Digilux 2 * Leica Digilux 3 * Leica D-LUX2 @@ -662,11 +672,14 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Leica M Monochrom (Typ 246) * Leica M8 * Leica M9 + * Leica M10 * Leica Q (Typ 116) * Leica R8 * Leica S (Typ 007) * Leica SL (Typ 601) * Leica T (Typ 701) + * Leica TL + * Leica TL2 * Leica V-LUX1 * Leica V-LUX2 * Leica V-LUX3 @@ -733,10 +746,12 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Nikon D800 * Nikon D800E * Nikon D810 + * Nikon D850 * Nikon D3000 * Nikon D3100 * Nikon D3200 * Nikon D3300 + * Nikon D3400 * Nikon D5000 * Nikon D5100 * Nikon D5200 @@ -745,6 +760,7 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Nikon D7000 * Nikon D7100 * Nikon D7200 + * Nikon D7500 * Nikon 1 AW1 * Nikon 1 J1 * Nikon 1 J2 @@ -814,10 +830,12 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Olympus E-520 * Olympus E-620 * Olympus E-M1 + * Olympus E-M1 Mark II * Olympus E-M5 - * Olympus E-M5MarkII + * Olympus E-M5 Mark II * Olympus E-M10 - * Olympus E-M10MarkII + * Olympus E-M10 Mark II + * Olympus E-M10 Mark III * Olympus E-P1 * Olympus E-P2 * Olympus E-P3 @@ -828,6 +846,8 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Olympus E-PL3 * Olympus E-PL5 * Olympus E-PL7 + * Olympus E-PL8 + * Olympus E-PL9 * Olympus E-PM1 * Olympus E-PM2 * Olympus PEN-F @@ -842,6 +862,7 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Olympus SP570UZ * Olympus STYLUS1 * Olympus TG-4 + * Olympus TG-5 * Olympus XZ-1 * Olympus XZ-2 * Olympus XZ-10 @@ -855,12 +876,14 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Panasonic DMC-FZ40 * Panasonic DMC-FZ50 * Panasonic DMC-FZ70 + * Panasonic DC-FZ80 * Panasonic DMC-FZ100 * Panasonic DMC-FZ150 * Panasonic DMC-FZ200 * Panasonic DMC-FZ300 * Panasonic DMC-FZ330 * Panasonic DMC-FZ1000 + * Panasonic DMC-FZ2000 * Panasonic DMC-FX150 * Panasonic DMC-G1 * Panasonic DMC-G2 @@ -868,6 +891,8 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Panasonic DMC-G5 * Panasonic DMC-G6 * Panasonic DMC-G7 + * Panasonic DC-G9 + * Panasonic DMC-G80 * Panasonic DMC-GF1 * Panasonic DMC-GF2 * Panasonic DMC-GF3 @@ -878,12 +903,15 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Panasonic DMC-GH2 * Panasonic DMC-GH3 * Panasonic DMC-GH4 + * Panasonic DC-GH5 * Panasonic DMC-GM1 * Panasonic DMC-GM5 * Panasonic DMC-GX1 * Panasonic DMC-GX7 * Panasonic DMC-GX8 + * Panasonic DC-GX9 * Panasonic DMC-GX80 + * Panasonic DC-GX800 * Panasonic DMC-L1 * Panasonic DMC-L10 * Panasonic DMC-LC1 @@ -893,10 +921,13 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Panasonic DMC-LX3 * Panasonic DMC-LX5 * Panasonic DMC-LX7 + * Panasonic DMC-LX15 * Panasonic DMC-LX100 * Panasonic DMC-TZ61 * Panasonic DMC-TZ80 + * Panasonic DC-TZ90 * Panasonic DMC-TZ100 + * Panasonic DC-TZ200 * Panasonic DMC-ZS40 * Pentax *ist D * Pentax *ist DL @@ -918,10 +949,12 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Pentax K-5 II * Pentax K-5 II s * Pentax K-50 + * Pentax K-70 * Pentax K-500 * Pentax K-7 * Pentax K-S1 * Pentax K-S2 + * Pentax KP * Pentax Optio S * Pentax Optio S4 * Pentax Optio 33WR @@ -1000,15 +1033,19 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * SMaL Ultra-Pocket 5 * Sony DSC-F828 * Sony DSC-R1 + * Sony DSC-RX0 * Sony DSC-RX1 * Sony DSC-RX1R * Sony DSC-RX1RM2 * Sony DSC-RX10 * Sony DSC-RX10M2 + * Sony DSC-RX10M3 + * Sony DSC-RX10M4 * Sony DSC-RX100 * Sony DSC-RX100M2 * Sony DSC-RX100M3 * Sony DSC-RX100M4 + * Sony DSC-RX100M5 * Sony DSC-V3 * Sony DSLR-A100 * Sony DSLR-A200 @@ -1027,17 +1064,22 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Sony DSLR-A900 * Sony ILCA-68 * Sony ILCA-77M2 - * Sony ILCE-7M2 + * Sony ILCA-99M2 * Sony ILCE-7 + * Sony ILCE-7M2 + * Sony ILCE-7M3 * Sony ILCE-7R * Sony ILCE-7RM2 + * Sony ILCE-7RM3 * Sony ILCE-7S * Sony ILCE-7SM2 + * Sony ILCE-9 * Sony ILCE-3000 * Sony ILCE-5000 * Sony ILCE-5100 * Sony ILCE-6000 * Sony ILCE-6300 + * Sony ILCE-6500 * Sony ILCE-QX1 * Sony NEX-3 * Sony NEX-3N @@ -1060,63 +1102,65 @@ dcraw -c crw_0001.crw | cjpeg > crw_0001.jpeg * Sony SLT-A99V * Sony XCD-SX910CR * STV680 VGA + * Xiro Xplorer V + * YI M1 __________________________________________________________________ References - 1. http://www.cybercom.net/~dcoffin/ - 2. http://www.cybercom.net/~dcoffin/dcraw/plate_large.jpg - 3. http://www.cybercom.net/~dcoffin/dcraw/index_eo.html - 4. http://www.cybercom.net/~dcoffin/dcraw/index_pt.html - 5. http://www.cybercom.net/~dcoffin/dcraw/index_de.html - 6. http://www.cybercom.net/~dcoffin/dcraw/index_ru.html + 1. https://www.dechifro.org/ + 2. https://www.dechifro.org/dcraw/plate_large.jpg + 3. https://www.dechifro.org/dcraw/index_eo.html + 4. https://www.dechifro.org/dcraw/index_pt.html + 5. https://www.dechifro.org/dcraw/index_de.html + 6. https://www.dechifro.org/dcraw/index_ru.html 7. http://science-all.com/dcraw.html 8. http://gphoto.sourceforge.net/ - 9. http://www.cybercom.net/~dcoffin/dcraw/dcraw.c - 10. http://www.cybercom.net/~dcoffin/resume.html + 9. https://www.dechifro.org/dcraw/dcraw.c + 10. https://www.dechifro.org/resume.html 11. http://www.outbackphoto.com/artofraw/raw_07/essay.html 12. http://news.cnet.com/Nikons-photo-encryption-reported-broken/2100-1030_3-5679848.html 13. http://www.dpreview.com/news/0504/05042701davecoffininterview.asp 14. http://www.editorsguild.com/v2/magazine/archives/0705/cover_story.htm 15. http://archive.is/0FyJw 16. https://web.archive.org/web/20121015035554/http://www.ladinamo.org/english/raw-format-the-captive-photo.php - 17. http://www.cybercom.net/~dcoffin/dcraw/dcraw.c - 18. http://www.cybercom.net/~dcoffin/dcraw/#faq - 19. http://www.cybercom.net/~dcoffin/dcraw/dcraw.1.html - 20. http://www.cybercom.net/~dcoffin/dcraw/rawphoto.c + 17. https://www.dechifro.org/dcraw/dcraw.c + 18. https://www.dechifro.org/dcraw/#faq + 19. https://www.dechifro.org/dcraw/dcraw.1.html + 20. https://www.dechifro.org/dcraw/rawphoto.c 21. http://ufraw.sourceforge.net/ 22. http://homepages.ihug.co.nz/~peps/ - 23. http://www.cybercom.net/~dcoffin/dcraw/.badpixels - 24. http://www.cybercom.net/~dcoffin/dcraw/RCS/dcraw.c,v + 23. https://www.dechifro.org/dcraw/.badpixels + 24. https://www.dechifro.org/dcraw/RCS/dcraw.c,v 25. http://www.cs.purdue.edu/homes/trinkle/RCS/ - 26. http://www.cybercom.net/~dcoffin/dcraw/parse.c - 27. http://www.cybercom.net/~dcoffin/dcraw/clean_crw.c - 28. http://www.cybercom.net/~dcoffin/dcraw/fujiturn.c - 29. http://www.cybercom.net/~dcoffin/dcraw/fuji_green.c - 30. http://www.cybercom.net/~dcoffin/dcraw/decompress.c - 31. http://www.cybercom.net/~dcoffin/dcraw/sony_clear.c - 32. http://www.cybercom.net/~dcoffin/dcraw/archive/ - 33. http://www.cybercom.net/~dcoffin/dcraw/dcraw_eo.1.html - 34. http://www.cybercom.net/~dcoffin/dcraw/dcraw_ru.1.html - 35. http://www.cybercom.net/~dcoffin/dcraw/dcraw_fr.1.html - 36. http://www.cybercom.net/~dcoffin/dcraw/dcraw_it.1.html - 37. http://www.cybercom.net/~dcoffin/dcraw/dcraw_de.1.html - 38. http://www.cybercom.net/~dcoffin/dcraw/dcraw_pt.1.html - 39. http://www.cybercom.net/~dcoffin/dcraw/dcraw_es.1.html - 40. http://www.cybercom.net/~dcoffin/dcraw/dcraw_nl.1.html - 41. http://www.cybercom.net/~dcoffin/dcraw/dcraw_pl.1.html - 42. http://www.cybercom.net/~dcoffin/dcraw/dcraw_hu.1.html - 43. http://www.cybercom.net/~dcoffin/dcraw/dcraw_cs.1.html - 44. http://www.cybercom.net/~dcoffin/dcraw/dcraw_sv.1.html - 45. http://www.cybercom.net/~dcoffin/dcraw/dcraw_ca.1.html - 46. http://www.cybercom.net/~dcoffin/dcraw/dcraw_da.1.html - 47. http://www.cybercom.net/~dcoffin/dcraw/dcraw_ro.1.html - 48. http://www.cybercom.net/~dcoffin/dcraw/dcraw_ja.1.html - 49. http://www.cybercom.net/~dcoffin/dcraw/dcraw_zh_TW.1.html - 50. http://www.cybercom.net/~dcoffin/dcraw/dcraw_zh_CN.1.html - 51. http://www.cybercom.net/~dcoffin/dcraw/msdos/ - 52. http://www.cybercom.net/~dcoffin/dcraw/dcraw.1 - 53. http://www.cybercom.net/~dcoffin/dcraw/dcraw_eo.po + 26. https://www.dechifro.org/dcraw/parse.c + 27. https://www.dechifro.org/dcraw/clean_crw.c + 28. https://www.dechifro.org/dcraw/fujiturn.c + 29. https://www.dechifro.org/dcraw/fuji_green.c + 30. https://www.dechifro.org/dcraw/decompress.c + 31. https://www.dechifro.org/dcraw/sony_clear.c + 32. https://www.dechifro.org/dcraw/archive/ + 33. https://www.dechifro.org/dcraw/dcraw_eo.1.html + 34. https://www.dechifro.org/dcraw/dcraw_ru.1.html + 35. https://www.dechifro.org/dcraw/dcraw_fr.1.html + 36. https://www.dechifro.org/dcraw/dcraw_it.1.html + 37. https://www.dechifro.org/dcraw/dcraw_de.1.html + 38. https://www.dechifro.org/dcraw/dcraw_pt.1.html + 39. https://www.dechifro.org/dcraw/dcraw_es.1.html + 40. https://www.dechifro.org/dcraw/dcraw_nl.1.html + 41. https://www.dechifro.org/dcraw/dcraw_pl.1.html + 42. https://www.dechifro.org/dcraw/dcraw_hu.1.html + 43. https://www.dechifro.org/dcraw/dcraw_cs.1.html + 44. https://www.dechifro.org/dcraw/dcraw_sv.1.html + 45. https://www.dechifro.org/dcraw/dcraw_ca.1.html + 46. https://www.dechifro.org/dcraw/dcraw_da.1.html + 47. https://www.dechifro.org/dcraw/dcraw_ro.1.html + 48. https://www.dechifro.org/dcraw/dcraw_ja.1.html + 49. https://www.dechifro.org/dcraw/dcraw_zh_TW.1.html + 50. https://www.dechifro.org/dcraw/dcraw_zh_CN.1.html + 51. https://www.dechifro.org/dcraw/msdos/ + 52. https://www.dechifro.org/dcraw/dcraw.1 + 53. https://www.dechifro.org/dcraw/dcraw_eo.po 54. http://www.acdsystems.com/ 55. http://www.adobe.com/products/photoshop/cameraraw.html 56. http://www.br-software.com/ @@ -1178,10 +1222,10 @@ References 112. http://www.delorie.com/djgpp/ 113. http://www.trnicely.net/misc/vista.html 114. http://www.sno.phy.queensu.ca/~phil/exiftool/ - 115. http://www.cybercom.net/~dcoffin/dcraw/scan.c - 116. http://www.cybercom.net/~dcoffin/dcraw/read_ndf.c + 115. https://www.dechifro.org/dcraw/scan.c + 116. https://www.dechifro.org/dcraw/read_ndf.c 117. http://partners.adobe.com/asn/developer/PDFS/TN/TIFF6.pdf - 118. http://www.cybercom.net/~dcoffin/N4378.pdf + 118. https://www.dechifro.org/N4378.pdf 119. http://www.adobe.com/products/dng/pdfs/dng_spec.pdf 120. http://xyrion.org/ciff/ 121. http://web.archive.org/web/20070317042320/http://www.x3f.info/technotes/FileDocs/X3F_Format.pdf @@ -1189,13 +1233,13 @@ References 123. http://www.imaging-resource.com/MFR1.HTM 124. http://www.rawsamples.ch/ 125. http://dl.maptools.org/dl/libtiff/tiff-3.8.2.tar.gz - 126. http://www.cybercom.net/~dcoffin/dcraw/libtiff.patch - 127. http://www.cybercom.net/~dcoffin/dcraw/elphel_dng.c + 126. https://www.dechifro.org/dcraw/libtiff.patch + 127. https://www.dechifro.org/dcraw/elphel_dng.c 128. http://www.adobe.com/products/dng/main.html 129. http://www.adobe.com/products/photoshop/main.html 130. http://cinepaint.sourceforge.net/ - 131. http://www.cybercom.net/~dcoffin/dcraw/ahd_maze.png - 132. http://www.cybercom.net/~dcoffin/dcraw/vng_grid.png + 131. https://www.dechifro.org/dcraw/ahd_maze.png + 132. https://www.dechifro.org/dcraw/vng_grid.png 133. http://netpbm.sourceforge.net/ 134. http://www.imagemagick.org/ 135. http://www.faqs.org/docs/artu/multiprogramchapter.html diff --git a/dcraw-9.27.0.tar.gz b/dcraw-9.27.0.tar.gz deleted file mode 100644 index 88219cd..0000000 --- a/dcraw-9.27.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c1d8cc4f19752a3d3aaab1fceb712ea85b912aa25f1f33f68c69cd42ef987099 -size 191803 diff --git a/dcraw-9.28.0.tar.gz b/dcraw-9.28.0.tar.gz new file mode 100644 index 0000000..c37a94f --- /dev/null +++ b/dcraw-9.28.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2890c3da2642cd44c5f3bfed2c9b2c1db83da5cec09cc17e0fa72e17541fb4b9 +size 194193 diff --git a/dcraw-CVE-2017-13735.patch b/dcraw-CVE-2017-13735.patch new file mode 100644 index 0000000..94a4a92 --- /dev/null +++ b/dcraw-CVE-2017-13735.patch @@ -0,0 +1,14 @@ +diff -urNp old/dcraw.c new/dcraw.c +--- old/dcraw.c 2018-07-11 10:33:06.280425391 +0200 ++++ new/dcraw.c 2018-07-11 10:45:52.722922118 +0200 +@@ -2250,6 +2250,10 @@ void CLASS kodak_radc_load_raw() + ((short *)buf)[i] = 2048; + for (row=0; row < height; row+=4) { + FORC3 mul[c] = getbits(6); ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!mul[0] || !mul[1] || !mul[2]) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + FORC3 { + val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c]; + s = val > 65564 ? 10:12; diff --git a/dcraw-CVE-2017-14608.patch b/dcraw-CVE-2017-14608.patch new file mode 100644 index 0000000..efebd30 --- /dev/null +++ b/dcraw-CVE-2017-14608.patch @@ -0,0 +1,21 @@ +diff -urNp old/dcraw.c new/dcraw.c +--- old/dcraw.c 2018-07-11 10:53:51.141803505 +0200 ++++ new/dcraw.c 2018-07-11 11:30:08.850528389 +0200 +@@ -2627,8 +2627,15 @@ void CLASS kodak_65000_load_raw() + len = MIN (256, width-col); + ret = kodak_65000_decode (buf, len); + for (i=0; i < len; i++) +- if ((RAW(row,col+i) = curve[ret ? buf[i] : +- (pred[i & 1] += buf[i])]) >> 12) derror(); ++ { ++ int idx = ret ? buf[i] : (pred[i & 1] += buf[i]); ++ if(idx >=0 && idx <= 0xffff) ++ { ++ if ((RAW(row,col+i) = curve[idx]) >> 12) derror(); ++ } ++ else ++ derror(); ++ } + } + } + diff --git a/dcraw-CVE-2018-19655.patch b/dcraw-CVE-2018-19655.patch new file mode 100644 index 0000000..4f0a8b4 --- /dev/null +++ b/dcraw-CVE-2018-19655.patch @@ -0,0 +1,39 @@ +Author: Filip Hroch +Description: stack-based buffer overflow bug +--- a/dcraw.c ++++ b/dcraw.c +@@ -8345,9 +8345,15 @@ + { + UINT64 bitbuf=0; + int vbits, col, i, c; +- ushort img[2][2064]; ++ ushort *img; + double sum[]={0,0}; + ++#define IMG2D(row,col) \ ++ img[(row)*width+(col)] ++ ++ img = (ushort *) malloc(2*width*sizeof(ushort)); ++ merror (img, "find_green()"); ++ + FORC(2) { + fseek (ifp, c ? off1:off0, SEEK_SET); + for (vbits=col=0; col < width; col++) { +@@ -8356,13 +8362,14 @@ + for (i=0; i < bite; i+=8) + bitbuf |= (unsigned) (fgetc(ifp) << i); + } +- img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps); ++ IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps); + } + } + FORC(width-1) { +- sum[ c & 1] += ABS(img[0][c]-img[1][c+1]); +- sum[~c & 1] += ABS(img[1][c]-img[0][c+1]); ++ sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1)); ++ sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1)); + } ++ free(img); + return 100 * log(sum[0]/sum[1]); + } + diff --git a/dcraw-CVE-2018-5801.patch b/dcraw-CVE-2018-5801.patch new file mode 100644 index 0000000..72a92fd --- /dev/null +++ b/dcraw-CVE-2018-5801.patch @@ -0,0 +1,125 @@ +diff -urNp old/dcraw.c new/dcraw.c +--- old/dcraw.c 2018-06-14 12:38:10.519964843 +0200 ++++ new/dcraw.c 2018-06-14 13:31:46.304679761 +0200 +@@ -1248,6 +1248,10 @@ void CLASS nikon_load_raw() + + void CLASS nikon_yuv_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + int row, col, yuv[4], rgb[3], b, c; + UINT64 bitbuf=0; + +@@ -1889,6 +1893,10 @@ void CLASS sinar_4shot_load_raw() + unpacked_load_raw(); + return; + } ++#ifdef LIBRAW_LIBRARY_BUILD ++ else if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + pixel = (ushort *) calloc (raw_width, sizeof *pixel); + merror (pixel, "sinar_4shot_load_raw()"); + for (shot=0; shot < 4; shot++) { +@@ -2188,6 +2196,11 @@ void CLASS quicktake_100_load_raw() + + void CLASS kodak_radc_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ // All kodak radc images are 768x512 ++ if(width>768 || raw_width>768 || height > 512 || raw_height>512 ) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + static const char src[] = { + 1,1, 2,3, 3,4, 4,2, 5,7, 6,5, 7,6, 7,8, + 1,0, 2,1, 3,3, 4,4, 5,2, 6,7, 7,6, 8,5, 8,8, +@@ -2348,6 +2361,10 @@ void CLASS gamma_curve (double pwr, doub + + void CLASS lossy_dng_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + struct jpeg_decompress_struct cinfo; + struct jpeg_error_mgr jerr; + JSAMPARRAY buf; +@@ -2444,6 +2461,10 @@ void CLASS eight_bit_load_raw() + + void CLASS kodak_c330_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + uchar *pixel; + int row, col, y, cb, cr, rgb[3], c; + +@@ -2469,6 +2490,10 @@ void CLASS kodak_c330_load_raw() + + void CLASS kodak_c603_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + uchar *pixel; + int row, col, y, cb, cr, rgb[3], c; + +@@ -2596,6 +2621,10 @@ void CLASS kodak_65000_load_raw() + + void CLASS kodak_ycbcr_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + short buf[384], *bp; + int row, col, len, c, i, j, k, y[2][2], cb, cr, rgb[3]; + ushort *ip; +@@ -2624,6 +2653,10 @@ void CLASS kodak_ycbcr_load_raw() + + void CLASS kodak_rgb_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + short buf[768], *bp; + int row, col, len, c, i, rgb[3]; + ushort *ip=image[0]; +@@ -2640,6 +2673,10 @@ void CLASS kodak_rgb_load_raw() + + void CLASS kodak_thumb_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + int row, col; + colors = thumb_misc >> 5; + for (row=0; row < height; row++) +@@ -3109,6 +3146,10 @@ void CLASS foveon_thumb() + + void CLASS foveon_sd_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + struct decode *dindex; + short diff[1024]; + unsigned bitbuf=0; +@@ -3156,6 +3197,10 @@ void CLASS foveon_huff (ushort *huff) + + void CLASS foveon_dp_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + unsigned c, roff[4], row, col, diff; + ushort huff[512], vpred[2][2], hpred[2]; + diff --git a/dcraw.changes b/dcraw.changes index ae371f2..a59548a 100644 --- a/dcraw.changes +++ b/dcraw.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Sun Aug 16 22:39:47 UTC 2020 - Matthias Eliasson + +- Update to version 9.28.0: + dcraw - revision 1.478 + * Caught up on two years' worth of new cameras. +- Update upstream URL to new address +- Add patches for CVEs: + * dcraw-CVE-2017-13735.patch (CVE-2017-13735) + * dcraw-CVE-2017-14608.patch (CVE-2017-14608) + * dcraw-CVE-2018-19655.patch (CVE-2018-19655) + * dcraw-CVE-2018-5801.patch (CVE-2018-5801) +- Run spec-cleaner + * Remove package groups + ------------------------------------------------------------------- Mon Jul 22 08:18:01 UTC 2019 - mvetter@suse.com diff --git a/dcraw.spec b/dcraw.spec index 099055b..d82482f 100644 --- a/dcraw.spec +++ b/dcraw.spec @@ -1,7 +1,7 @@ # # spec file for package dcraw # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,37 +12,43 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: dcraw -Version: 9.27.0 +Version: 9.28.0 Release: 0 Summary: Raw Digital Photo Decoding License: GPL-2.0-or-later -Group: Productivity/Graphics/Convertors -Url: http://www.cybercom.net/~dcoffin/dcraw/ +URL: https://www.dechifro.org/dcraw/ #*** NOTE: run "sh update_dcraw" to update to latest version of the following sources ("wget", "rcs" and "lynx" packages are required for the update). -Source0: http://www.cybercom.net/~dcoffin/dcraw/archive/%{name}-%{version}.tar.gz +Source0: https://www.dechifro.org/dcraw/archive/dcraw-%{version}.tar.gz Source1: README # http://www.cybercom.net/~dcoffin/dcraw/.badpixels Source2: badpixels -Source3: http://www.cybercom.net/~dcoffin/dcraw/clean_crw.c -Source4: http://www.cybercom.net/~dcoffin/dcraw/fuji_green.c -Source5: http://www.cybercom.net/~dcoffin/dcraw/fujiturn.c -Source6: http://www.cybercom.net/~dcoffin/dcraw/parse.c -Source7: http://www.cybercom.net/~dcoffin/dcraw/rawphoto.c +Source3: https://www.dechifro.org/dcraw/clean_crw.c +Source4: https://www.dechifro.org/dcraw/fuji_green.c +Source5: https://www.dechifro.org/dcraw/fujiturn.c +Source6: https://www.dechifro.org/dcraw/parse.c +Source7: https://www.dechifro.org/dcraw/rawphoto.c #*** Source100: README.openSUSE Source101: update_dcraw # PATCH-FIX-OPENSUSE fuji_green.c_fix_gcc_warnings.patch asterios.dramis@gmail.com -- Fix gcc implicit declaration warning Patch0: fuji_green.c_fix_gcc_warnings.patch +# PATCH-FIX-UPSTREAM dcraw-CVE-2017-13735.patch +Patch1: dcraw-CVE-2017-13735.patch +# PATCH-FIX-UPSTREAM dcraw-CVE-2017-14608.patch +Patch2: dcraw-CVE-2017-14608.patch +# PATCH-FIX-UPSTREAM dcraw-CVE-2018-19655.patch +Patch3: dcraw-CVE-2018-19655.patch +# PATCH-FIX-UPSTREAM dcraw-CVE-2018-5801.patch +Patch4: dcraw-CVE-2018-5801.patch BuildRequires: gettext-runtime BuildRequires: libjpeg-devel BuildRequires: liblcms2-devel Recommends: %{name}-lang = %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Command line tools for raw digital photo decoding and processing. @@ -53,6 +59,10 @@ Command line tools for raw digital photo decoding and processing. %setup -q -n %{name} cp -a %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} . %patch0 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %build export CFLAGS="%{optflags} -fno-strict-aliasing -fstack-protector-all" @@ -114,7 +124,6 @@ mv badpixels .badpixels %find_lang %{name} --with-man %files -%defattr(-,root,root,-) %doc .badpixels README README.openSUSE rawphoto.c %{_bindir}/clean_crw %{_bindir}/dcparse @@ -122,10 +131,9 @@ mv badpixels .badpixels %{_bindir}/fuji_green %{_bindir}/fujiturn %{_bindir}/fujiturn16 -%{_mandir}/man1/dcraw.1%{ext_man} +%{_mandir}/man1/dcraw.1%{?ext_man} %files lang -f %{name}.lang -%defattr(-,root,root,-) %dir %{_mandir}/ca %dir %{_mandir}/ca/man1 %dir %{_mandir}/cs diff --git a/parse.c b/parse.c index c3225c6..005c3b3 100644 --- a/parse.c +++ b/parse.c @@ -5,8 +5,8 @@ This program displays raw metadata for all raw photo formats. It is free for all uses. - $Revision: 1.77 $ - $Date: 2015/02/14 00:17:36 $ + $Revision: 1.78 $ + $Date: 2018/06/01 21:26:34 $ */ #include @@ -1110,6 +1110,47 @@ void parse_redcine (off_t base, int level) } while (len); } +void parse_crx (int level, int end) +{ + int i, uuid[4], size, save; + char tag[4], buf[400]; + + while ((save = ftell(ifp)) < end) { + order = 0x4d4d; + size = get4(); + if (size < 8 || save+size > end) { + fseek (ifp, -4, SEEK_CUR); + fread (buf, 1, 400, ifp); + printf (" ="); + for (i=0; i < 400 && i < end-save; i++) + printf ("%s%02x",i & 3 ? "":" ",buf[i] & 255); + fseek (ifp, end, SEEK_SET); + return; + } + fread (tag, 4, 1, ifp); + printf ("\n%*.4s size %d", level*2+4, tag, size); + memset (uuid, 0, 16); + if (!memcmp(tag,"uuid",4)) { + for (i=0; i < 4; i++) uuid[i] = get4(); + fseek (ifp, -16, SEEK_CUR); + printf(" = "); + for (i=0; i < 16; i++) + printf ("%s%02x",(0x550 >> i) & 1 ? "-":"", fgetc(ifp)); + } + if (!memcmp(tag,"stsd",4)) + fseek (ifp, 8, SEEK_CUR); + if (!memcmp(tag,"CMT",3)) { + putchar ('\n'); + parse_tiff (ftell(ifp),level+1); + } else parse_crx (level+1, save+size); + fseek (ifp, save+size, SEEK_SET); + } + if (!level) { + printf ("Finished parsing at offset 0x%lx, ",ftell(ifp)); + printf ("mdat %sfound\n", get4() == 0x6d646174 ? "":"not "); + } +} + void parse_qt (int level, int end) { unsigned i, lcase, size, save; @@ -1198,6 +1239,9 @@ void identify() } else if (!memcmp (head,"RIFF",4)) { fseek (ifp, 0, SEEK_SET); parse_riff(0); + } else if (!memcmp (head+4,"ftypcrx ",8)) { + fseek (ifp, 0, SEEK_SET); + parse_crx (0, fsize); } else if (!memcmp (head+4,"ftypqt ",9)) { fseek (ifp, 0, SEEK_SET); parse_qt (0, fsize); diff --git a/update_dcraw b/update_dcraw index c1abb49..5ecdedf 100644 --- a/update_dcraw +++ b/update_dcraw @@ -3,25 +3,25 @@ # Call this script to update dcraw files to latest version. # "wget", "rcs" and "lynx" packages are required for the update -wget -N http://www.cybercom.net/~dcoffin/dcraw/parse.c -wget -N http://www.cybercom.net/~dcoffin/dcraw/fujiturn.c -wget -N http://www.cybercom.net/~dcoffin/dcraw/rawphoto.c -wget -N http://www.cybercom.net/~dcoffin/dcraw/clean_crw.c -wget -N http://www.cybercom.net/~dcoffin/dcraw/fuji_green.c +wget -N https://www.dechifro.org/dcraw/parse.c +wget -N https://www.dechifro.org/dcraw/fujiturn.c +wget -N https://www.dechifro.org/dcraw/rawphoto.c +wget -N https://www.dechifro.org/dcraw/clean_crw.c +wget -N https://www.dechifro.org/dcraw/fuji_green.c mv badpixels .badpixels -wget -N http://www.cybercom.net/~dcoffin/dcraw/.badpixels +wget -N https://www.dechifro.org/dcraw/.badpixels mv .badpixels badpixels -( URL="http://www.cybercom.net/~dcoffin/dcraw/" ; echo -e "$URL:\n" ; LC_ALL=C lynx -display_charset=utf-8 -dump "$URL" | sed '1d;3,4d' ) >README +( URL="https://www.dechifro.org/dcraw/" ; echo -e "$URL:\n" ; LC_ALL=C lynx -display_charset=utf-8 -dump "$URL" | sed '1d;3,4d' ) >README OLDVERSION=`sed -ne 's/^Version:[[:space:]]*\([0-9.]\+\)[[:space:]]*$/\1/p' dcraw.spec` -NEWVERSION=`lynx -dump http://www.cybercom.net/~dcoffin/dcraw/archive/ | sed -n -e 's/^.*dcraw-\([0-9.]\+\)\.tar\.gz.*$/\1/p' |sort -nr |head -1` -wget -N http://www.cybercom.net/~dcoffin/dcraw/archive/dcraw-${NEWVERSION}.tar.gz +NEWVERSION=`lynx -dump https://www.dechifro.org/dcraw/archive/ | sed -n -e 's/^.*dcraw-\([0-9.]\+\)\.tar\.gz.*$/\1/p' |sort -nr |head -1` +wget -N https://www.dechifro.org/dcraw/archive/dcraw-${NEWVERSION}.tar.gz sed -i -e "s/^\(Version:[[:space:]]*\)[0-9.]\+[[:space:]]*$/\1${NEWVERSION}/" dcraw.spec tar --strip-components=1 -xf dcraw-${OLDVERSION}.tar.gz dcraw/dcraw.c rm dcraw-${OLDVERSION}.tar.gz -wget -N http://www.cybercom.net/~dcoffin/dcraw/RCS/dcraw.c,v +wget -N https://www.dechifro.org/dcraw/RCS/dcraw.c,v rlog dcraw.c >dcraw.log rm -f dcraw.c dcraw.c,v -wget -N http://www.cybercom.net/~dcoffin/dcraw/RCS/parse.c,v +wget -N https://www.dechifro.org/dcraw/RCS/parse.c,v rlog parse.c >parse.log rm parse.c,v echo