Hello community, here is the log from the commit of package libraw for openSUSE:Factory checked in at 2018-09-04 22:46:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libraw (Old) and /work/SRC/openSUSE:Factory/.libraw.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libraw" Tue Sep 4 22:46:55 2018 rev:49 rq:627331 version:0.19.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libraw/libraw.changes 2018-05-06 14:56:16.852448164 +0200 +++ /work/SRC/openSUSE:Factory/.libraw.new/libraw.changes 2018-09-04 22:46:58.195107360 +0200 @@ -1,0 +2,26 @@ +Thu Aug 2 08:33:57 UTC 2018 - [email protected] + +- Add patch libraw-Add-Sony-ILCE-7M3.patch + * See https://github.com/LibRaw/LibRaw/pull/145 + * The patch has been cut, the tarball from the download section + doesn't match the git tag. dcraw/dcraw.c is totall different. +- Use %license tag + +------------------------------------------------------------------- +Wed Aug 1 11:07:43 UTC 2018 - [email protected] + +- security update + * CVE-2018-5813 [bsc#1103200] + + libraw-CVE-2018-5813.patch + +------------------------------------------------------------------- +Wed Aug 1 10:13:46 UTC 2018 - [email protected] + +- new upstream branch, version 0.19.x + * fixes CVE-2018-10529 and CVE-2018-10528, hence removing + . libraw-CVE-2018-10528.patch + . libraw-CVE-2018-10529.patch + * the rest of changes at + https://www.libraw.org/download#stable + +------------------------------------------------------------------- Old: ---- LibRaw-0.18.9.tar.gz libraw-CVE-2018-10528.patch libraw-CVE-2018-10529.patch New: ---- LibRaw-0.19.0.tar.gz libraw-Add-Sony-ILCE-7M3.patch libraw-CVE-2018-5813.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libraw.spec ++++++ --- /var/tmp/diff_new_pack.72VhjV/_old 2018-09-04 22:46:58.627108849 +0200 +++ /var/tmp/diff_new_pack.72VhjV/_new 2018-09-04 22:46:58.631108863 +0200 @@ -17,10 +17,10 @@ %define tar_name LibRaw -%define lver 16 +%define lver 19 %define lname libraw%{lver} Name: libraw -Version: 0.18.9 +Version: 0.19.0 Release: 0 Summary: Library for reading RAW files obtained from digital photo cameras License: CDDL-1.0 OR LGPL-2.1-only @@ -28,8 +28,8 @@ Url: https://www.libraw.org/ #Git-Clone: git://github.com/LibRaw/LibRaw Source: https://www.libraw.org/data/%tar_name-%version.tar.gz -Patch0: libraw-CVE-2018-10528.patch -Patch1: libraw-CVE-2018-10529.patch +Patch0: libraw-CVE-2018-5813.patch +Patch1: libraw-Add-Sony-ILCE-7M3.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libjasper-devel @@ -96,7 +96,7 @@ against LibRaw. LibRaw does not provide dynamic libraries. %prep -%setup -qn %tar_name-%version +%setup -q -n %{tar_name}-%{version} %patch0 -p1 %patch1 -p1 @@ -126,7 +126,8 @@ %_bindir/* %files devel -%doc Changelog.txt COPYRIGHT LICENSE.CDDL LICENSE.LGPL +%doc Changelog.txt +%license COPYRIGHT LICENSE.CDDL LICENSE.LGPL %doc manual %_includedir/%name/ %_libdir/pkgconfig/*.pc ++++++ LibRaw-0.18.9.tar.gz -> LibRaw-0.19.0.tar.gz ++++++ ++++ 61504 lines of diff (skipped) ++++++ libraw-Add-Sony-ILCE-7M3.patch ++++++ >From a340f3d299f73b2ae25678f7b59fc2167d7c6fc1 Mon Sep 17 00:00:00 2001 From: Andreas Schneider <[email protected]> Date: Fri, 4 May 2018 10:50:10 +0200 Subject: [PATCH] Add Sony ILCE-7M3 Signed-off-by: Andreas Schneider <[email protected]> --- dcraw/dcraw.c | 11 +++++++---- internal/dcraw_common.cpp | 11 +++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp index 0a9afa2..80b91c4 100644 --- a/internal/dcraw_common.cpp +++ b/internal/dcraw_common.cpp @@ -8331,7 +8331,7 @@ void CLASS setSonyBodyFeatures(unsigned id) {360, LIBRAW_FORMAT_APSC, LIBRAW_MOUNT_Sony_E, LIBRAW_SONY_ILCE, 0, 8, 0x0346, 0x01cd}, {361, 0, 0, 0, 0, 0, 0xffff, 0xffff}, {362, LIBRAW_FORMAT_FF, LIBRAW_MOUNT_Sony_E, LIBRAW_SONY_ILCE, 0, 9, 0x0320, 0x019f}, - {363, 0, 0, 0, 0, 0, 0xffff, 0xffff}, + {363, LIBRAW_FORMAT_FF, LIBRAW_MOUNT_Sony_E, LIBRAW_SONY_ILCE, 0, 0, 0x0320, 0x019f}, {364, LIBRAW_FORMAT_1INCH, LIBRAW_MOUNT_FixedLens, LIBRAW_SONY_DSC, LIBRAW_MOUNT_FixedLens, 8, 0x0346, 0xffff}, {365, LIBRAW_FORMAT_1INCH, LIBRAW_MOUNT_FixedLens, LIBRAW_SONY_DSC, LIBRAW_MOUNT_FixedLens, 9, 0x0320, 0xffff}, }; @@ -8623,7 +8623,7 @@ void CLASS process_Sony_0x9050(uchar *buf, ushort len, unsigned id) parseSonyLensFeatures(SonySubstitution[buf[0x116]], SonySubstitution[buf[0x117]]); } - if ((id == 347) || (id == 350) || (id == 354) || (id == 357) || (id == 358) || (id == 360) || (id == 362)) + if ((id == 347) || (id == 350) || (id == 354) || (id == 357) || (id == 358) || (id == 360) || (id == 362) || (id == 363)) { if (len <= 0x8d) return; @@ -8687,7 +8687,7 @@ void CLASS process_Sony_0x9400(uchar *buf, ushort len, unsigned id) if (((bufx == 0x23) || (bufx == 0x24) || (bufx == 0x26)) && (len >= 0x1f)) { // 0x9400 'c' version - if ((id == 358) || (id == 362) || (id == 365)) + if ((id == 358) || (id == 362) || (id == 363) || (id == 365)) { imgdata.makernotes.sony.ShotNumberSincePowerUp = SonySubstitution[buf[0x0a]]; } @@ -17094,6 +17094,8 @@ void CLASS adobe_coeff(const char *t_make, const char *t_model { 6389,-1703,-378,-4562,12265,2587,-670,1489,6550 } }, { "Sony ILCE-7M2", 0, 0, { 5271,-712,-347,-6153,13653,2763,-1601,2366,7242 } }, + { "Sony ILCE-7M3", 0, 0, + { 7374,-2389,-551,-5435,13162,2519,-1006,1795,6552 } }, { "Sony ILCE-7SM2", 0, 0, { 5838,-1430,-246,-3497,11477,2297,-748,1885,5778 } }, { "Sony ILCE-7S", 0, 0, @@ -17472,7 +17474,8 @@ void CLASS identify() {0x155, "DSC-RX100M4"}, {0x156, "DSC-RX10M2"}, {0x158, "DSC-RX1RM2"}, {0x15a, "ILCE-QX1"}, {0x15b, "ILCE-7RM2"}, {0x15e, "ILCE-7SM2"}, {0x161, "ILCA-68"}, {0x162, "ILCA-99M2"}, {0x163, "DSC-RX10M3"}, {0x164, "DSC-RX100M5"}, {0x165, "ILCE-6300"}, {0x166, "ILCE-9"}, - {0x168, "ILCE-6500"}, {0x16a, "ILCE-7RM3"}, {0x16c, "DSC-RX0"}, {0x16d, "DSC-RX10M4"}, + {0x168, "ILCE-6500"}, {0x16a, "ILCE-7RM3"}, {0x16b, "ILCE-7M3"}, {0x16c, "DSC-RX0"}, + {0x16d, "DSC-RX10M4"}, }; #ifdef LIBRAW_LIBRARY_BUILD -- 2.16.3 ++++++ libraw-CVE-2018-10528.patch -> libraw-CVE-2018-5813.patch ++++++ --- /work/SRC/openSUSE:Factory/libraw/libraw-CVE-2018-10528.patch 2018-05-06 14:56:16.784450659 +0200 +++ /work/SRC/openSUSE:Factory/.libraw.new/libraw-CVE-2018-5813.patch 2018-09-04 22:46:58.175107292 +0200 @@ -1,37 +1,42 @@ -Index: LibRaw-0.18.9/src/libraw_cxx.cpp +Index: LibRaw-0.19.0/internal/dcraw_common.cpp =================================================================== ---- LibRaw-0.18.9.orig/src/libraw_cxx.cpp 2018-04-30 11:13:15.126021499 +0200 -+++ LibRaw-0.18.9/src/libraw_cxx.cpp 2018-04-30 11:16:43.677077398 +0200 -@@ -5484,17 +5484,18 @@ void x3f_clear(void *p) - x3f_delete((x3f_t*)p); - } +--- LibRaw-0.19.0.orig/internal/dcraw_common.cpp 2018-08-01 12:52:18.288642432 +0200 ++++ LibRaw-0.19.0/internal/dcraw_common.cpp 2018-08-01 13:13:55.263263676 +0200 +@@ -14413,8 +14413,13 @@ void CLASS apply_tiff() --static char *utf2char(utf16_t *str, char *buffer) -+void utf2char(utf16_t *str, char *buffer, unsigned bufsz) + void CLASS parse_minolta(int base) { -+ if(bufsz<1) return; -+ buffer[bufsz-1] = 0; - char *b = buffer; +- int save, tag, len, offset, high = 0, wide = 0, i, c; ++ int tag, len, offset, high = 0, wide = 0, i, c; + short sorder = order; ++#ifdef LIBRAW_LIBRARY_BUILD ++ INT64 save; ++#else ++ int save; ++#endif -- while (*str != 0x00) { -+ while (*str != 0x00 && --bufsz>0) { - char *chr = (char *)str; - *b++ = *chr; - str++; - } - *b = 0; -- return buffer; - } + fseek(ifp, base, SEEK_SET); + if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R') +@@ -14422,8 +14427,9 @@ void CLASS parse_minolta(int base) + order = fgetc(ifp) * 0x101; + offset = base + get4() + 8; + #ifdef LIBRAW_LIBRARY_BUILD +- if(offset>ifp->size()-8) // At least 8 bytes for tag/len +- offset = ifp->size()-8; ++ INT64 fsize = ifp->size(); ++ if(offset>fsize-8) // At least 8 bytes for tag/len ++ offset = fsize-8; + #endif - static void *lr_memmem(const void *l, size_t l_len, const void *s, size_t s_len) -@@ -5555,8 +5556,8 @@ void LibRaw::parse_x3f() - x3f_property_t *P = PL->property_table.element; - for (i=0; i<PL->num_properties; i++) { - char name[100], value[100]; -- utf2char(P[i].name,name); -- utf2char(P[i].value,value); -+ utf2char(P[i].name,name,sizeof(name)); -+ utf2char(P[i].value,value,sizeof(value)); - if (!strcmp (name, "ISO")) - imgdata.other.iso_speed = atoi(value); - if (!strcmp (name, "CAMMANUF")) + while ((save = ftell(ifp)) < offset) +@@ -14433,6 +14439,10 @@ void CLASS parse_minolta(int base) + len = get4(); + if(len < 0) + return; // just ignore wrong len?? or raise bad file exception? ++#ifdef LIBRAW_LIBRARY_BUILD ++ if((INT64)len + save + 8ULL > save) ++ return; // just ignore out of file metadata, stop parse ++#endif + switch (tag) + { + case 0x505244: /* PRD */
