commit libraw for openSUSE:Factory

Fri, 02 Jun 2017 01:30:04 -0700 

Hello community,

here is the log from the commit of package libraw for openSUSE:Factory checked 
in at 2017-06-02 10:29:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libraw (Old)
 and      /work/SRC/openSUSE:Factory/.libraw.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libraw"

Fri Jun  2 10:29:29 2017 rev:41 rq:497438 version:0.18.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/libraw/libraw.changes    2017-02-04 
18:00:57.524324509 +0100
+++ /work/SRC/openSUSE:Factory/.libraw.new/libraw.changes       2017-06-02 
10:29:34.387774875 +0200
@@ -1,0 +2,18 @@
+Tue May 23 06:54:04 UTC 2017 - [email protected]
+
+- updated to 0.18.2:
+    Fixed several errors (Secunia advisory SA75000)
+    ACES colorspace output option included in dcraw_emu help page
+    Avoided possible 32-bit overflows in Sony metadata parser
+    Phase One flat field code called even for half-size output  
+    Camera Support: Sigma Quattro H
+    Fixed bug in FujiExpoMidPointShift parser
+    Fixed wrong black level in Sony A350
+    Added standard integer types for VisualStudio 2008 and earlier
+- added missing parts of the fix for CVE-2017-6887 
+  and CVE-2017-6886
+    + libraw-CVE-2017-6887,6886.patch
+- added missing fix for CVE-2017-6890 and CVE-2017-6899
+  + libraw-CVE-2017-6890,6899.patch
+
+-------------------------------------------------------------------

Old:
----
  LibRaw-0.18.0.tar.gz

New:
----
  LibRaw-0.18.2.tar.gz
  libraw-CVE-2017-6887,6886.patch
  libraw-CVE-2017-6890,6899.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libraw.spec ++++++
--- /var/tmp/diff_new_pack.rNsd7l/_old  2017-06-02 10:29:34.955694629 +0200
+++ /var/tmp/diff_new_pack.rNsd7l/_new  2017-06-02 10:29:34.955694629 +0200
@@ -21,7 +21,7 @@
 Name:           libraw
 %define lver    16
 %define lname  libraw%{lver}
-Version:        0.18.0
+Version:        0.18.2
 Release:        0
 Summary:        Library for reading RAW files obtained from digital photo 
cameras
 License:        CDDL-1.0 or LGPL-2.1
@@ -30,6 +30,8 @@
 
 #Git-Clone:    git://github.com/LibRaw/LibRaw
 Source:         http://www.libraw.org/data/%tar_name-%version.tar.gz
+Patch0:         libraw-CVE-2017-6890,6899.patch
+Patch1:         libraw-CVE-2017-6887,6886.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libjasper-devel
@@ -98,6 +100,8 @@
 
 %prep
 %setup -qn %tar_name-%version
+%patch0 -p1
+%patch1 -p1
 
 %build
 export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB"

++++++ LibRaw-0.18.0.tar.gz -> LibRaw-0.18.2.tar.gz ++++++
++++ 2766 lines of diff (skipped)

++++++ libraw-CVE-2017-6887,6886.patch ++++++
>From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <[email protected]>
Date: Sat, 4 Mar 2017 21:27:39 +0300
Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns

---
 dcraw/dcraw.c             | 12 ++++++++++--
 internal/dcraw_common.cpp | 12 ++++++++++--
 2 files changed, 20 insertions(+), 4 deletions(-)

Index: LibRaw-0.18.2/dcraw/dcraw.c
===================================================================
--- LibRaw-0.18.2.orig/dcraw/dcraw.c    2017-05-23 10:30:39.264790336 +0200
+++ LibRaw-0.18.2/dcraw/dcraw.c 2017-05-23 11:15:45.574900958 +0200
@@ -5841,7 +5841,12 @@ int CLASS parse_tiff_ifd (int base)
        if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) {
          load_raw = &CLASS sony_arw_load_raw;
          data_offset = get4()+base;
-         ifd++;  break;
+         ifd++;  
+#ifdef LIBRAW_LIBRARY_BUILD
+          if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
+            throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif  
+          break; 
        }
        while (len--) {
          i = ftell(ifp);
@@ -6005,6 +6010,8 @@ int CLASS parse_tiff_ifd (int base)
        break;
       case 50454:                      /* Sinar tag */
       case 50455:
+        if (len < 1 || len > 2560000)
+          break;
        if (!(cbuf = (char *) malloc(len))) break;
        fread (cbuf, 1, len, ifp);
        for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n'))
++++++ libraw-CVE-2017-6890,6899.patch ++++++
--- a/dcraw/dcraw.c
+++ b/dcraw/dcraw.c
@@ -319,7 +319,7 @@ void CLASS foveon_huff (ushort *huff)
 void CLASS foveon_dp_load_raw()
 {
   unsigned c, roff[4], row, col, diff;
-  ushort huff[512], vpred[2][2], hpred[2];
+  ushort huff[1024], vpred[2][2], hpred[2];
 
   fseek (ifp, 8, SEEK_CUR);
   foveon_huff (huff);
@@ -346,12 +346,16 @@ void CLASS foveon_dp_load_raw()
 void CLASS foveon_load_camf()
 {
   unsigned type, wide, high, i, j, row, col, diff;
-  ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
+  ushort huff[1024], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
 
   fseek (ifp, meta_offset, SEEK_SET);
   type = get4();  get4();  get4();
   wide = get4();
   high = get4();
+#ifdef LIBRAW_LIBRARY_BUILD
+  if(wide>32767 || high > 32767 || wide*high > 20000000)
+     throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
   if (type == 2) {
     fread (meta_data, 1, meta_length, ifp);
     for (i=0; i < meta_length; i++) {

Reply via email to