Hello community,
here is the log from the commit of package libraw for openSUSE:Factory checked in at 2018-09-04 22:46:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libraw (Old)
and /work/SRC/openSUSE:Factory/.libraw.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libraw"
Tue Sep 4 22:46:55 2018 rev:49 rq:627331 version:0.19.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/libraw/libraw.changes 2018-05-06 14:56:16.852448164 +0200
+++ /work/SRC/openSUSE:Factory/.libraw.new/libraw.changes 2018-09-04 22:46:58.195107360 +0200
@@ -1,0 +2,26 @@
+Thu Aug 2 08:33:57 UTC 2018 - asn@cryptomilk.org
+
+- Add patch libraw-Add-Sony-ILCE-7M3.patch
+ * See https://github.com/LibRaw/LibRaw/pull/145
+ * The patch has been cut, the tarball from the download section
+ doesn't match the git tag. dcraw/dcraw.c is totall different.
+- Use %license tag
+
+-------------------------------------------------------------------
+Wed Aug 1 11:07:43 UTC 2018 - pgajdos@suse.com
+
+- security update
+ * CVE-2018-5813 [bsc#1103200]
+ + libraw-CVE-2018-5813.patch
+
+-------------------------------------------------------------------
+Wed Aug 1 10:13:46 UTC 2018 - pgajdos@suse.com
+
+- new upstream branch, version 0.19.x
+ * fixes CVE-2018-10529 and CVE-2018-10528, hence removing
+ . libraw-CVE-2018-10528.patch
+ . libraw-CVE-2018-10529.patch
+ * the rest of changes at
+ https://www.libraw.org/download#stable
+
+-------------------------------------------------------------------
Old:
----
LibRaw-0.18.9.tar.gz
libraw-CVE-2018-10528.patch
libraw-CVE-2018-10529.patch
New:
----
LibRaw-0.19.0.tar.gz
libraw-Add-Sony-ILCE-7M3.patch
libraw-CVE-2018-5813.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libraw.spec ++++++
--- /var/tmp/diff_new_pack.72VhjV/_old 2018-09-04 22:46:58.627108849 +0200
+++ /var/tmp/diff_new_pack.72VhjV/_new 2018-09-04 22:46:58.631108863 +0200
@@ -17,10 +17,10 @@
%define tar_name LibRaw
-%define lver 16
+%define lver 19
%define lname libraw%{lver}
Name: libraw
-Version: 0.18.9
+Version: 0.19.0
Release: 0
Summary: Library for reading RAW files obtained from digital photo cameras
License: CDDL-1.0 OR LGPL-2.1-only
@@ -28,8 +28,8 @@
Url: https://www.libraw.org/
#Git-Clone: git://github.com/LibRaw/LibRaw
Source: https://www.libraw.org/data/%tar_name-%version.tar.gz
-Patch0: libraw-CVE-2018-10528.patch
-Patch1: libraw-CVE-2018-10529.patch
+Patch0: libraw-CVE-2018-5813.patch
+Patch1: libraw-Add-Sony-ILCE-7M3.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: libjasper-devel
@@ -96,7 +96,7 @@
against LibRaw. LibRaw does not provide dynamic libraries.
%prep
-%setup -qn %tar_name-%version
+%setup -q -n %{tar_name}-%{version}
%patch0 -p1
%patch1 -p1
@@ -126,7 +126,8 @@
%_bindir/*
%files devel
-%doc Changelog.txt COPYRIGHT LICENSE.CDDL LICENSE.LGPL
+%doc Changelog.txt
+%license COPYRIGHT LICENSE.CDDL LICENSE.LGPL
%doc manual
%_includedir/%name/
%_libdir/pkgconfig/*.pc
++++++ LibRaw-0.18.9.tar.gz -> LibRaw-0.19.0.tar.gz ++++++
++++ 61504 lines of diff (skipped)
++++++ libraw-Add-Sony-ILCE-7M3.patch ++++++
From a340f3d299f73b2ae25678f7b59fc2167d7c6fc1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider
Date: Fri, 4 May 2018 10:50:10 +0200
Subject: [PATCH] Add Sony ILCE-7M3
Signed-off-by: Andreas Schneider
---
dcraw/dcraw.c | 11 +++++++----
internal/dcraw_common.cpp | 11 +++++++----
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index 0a9afa2..80b91c4 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -8331,7 +8331,7 @@ void CLASS setSonyBodyFeatures(unsigned id)
{360, LIBRAW_FORMAT_APSC, LIBRAW_MOUNT_Sony_E, LIBRAW_SONY_ILCE, 0, 8, 0x0346, 0x01cd},
{361, 0, 0, 0, 0, 0, 0xffff, 0xffff},
{362, LIBRAW_FORMAT_FF, LIBRAW_MOUNT_Sony_E, LIBRAW_SONY_ILCE, 0, 9, 0x0320, 0x019f},
- {363, 0, 0, 0, 0, 0, 0xffff, 0xffff},
+ {363, LIBRAW_FORMAT_FF, LIBRAW_MOUNT_Sony_E, LIBRAW_SONY_ILCE, 0, 0, 0x0320, 0x019f},
{364, LIBRAW_FORMAT_1INCH, LIBRAW_MOUNT_FixedLens, LIBRAW_SONY_DSC, LIBRAW_MOUNT_FixedLens, 8, 0x0346, 0xffff},
{365, LIBRAW_FORMAT_1INCH, LIBRAW_MOUNT_FixedLens, LIBRAW_SONY_DSC, LIBRAW_MOUNT_FixedLens, 9, 0x0320, 0xffff},
};
@@ -8623,7 +8623,7 @@ void CLASS process_Sony_0x9050(uchar *buf, ushort len, unsigned id)
parseSonyLensFeatures(SonySubstitution[buf[0x116]], SonySubstitution[buf[0x117]]);
}
- if ((id == 347) || (id == 350) || (id == 354) || (id == 357) || (id == 358) || (id == 360) || (id == 362))
+ if ((id == 347) || (id == 350) || (id == 354) || (id == 357) || (id == 358) || (id == 360) || (id == 362) || (id == 363))
{
if (len <= 0x8d)
return;
@@ -8687,7 +8687,7 @@ void CLASS process_Sony_0x9400(uchar *buf, ushort len, unsigned id)
if (((bufx == 0x23) || (bufx == 0x24) || (bufx == 0x26)) && (len >= 0x1f))
{ // 0x9400 'c' version
- if ((id == 358) || (id == 362) || (id == 365))
+ if ((id == 358) || (id == 362) || (id == 363) || (id == 365))
{
imgdata.makernotes.sony.ShotNumberSincePowerUp = SonySubstitution[buf[0x0a]];
}
@@ -17094,6 +17094,8 @@ void CLASS adobe_coeff(const char *t_make, const char *t_model
{ 6389,-1703,-378,-4562,12265,2587,-670,1489,6550 } },
{ "Sony ILCE-7M2", 0, 0,
{ 5271,-712,-347,-6153,13653,2763,-1601,2366,7242 } },
+ { "Sony ILCE-7M3", 0, 0,
+ { 7374,-2389,-551,-5435,13162,2519,-1006,1795,6552 } },
{ "Sony ILCE-7SM2", 0, 0,
{ 5838,-1430,-246,-3497,11477,2297,-748,1885,5778 } },
{ "Sony ILCE-7S", 0, 0,
@@ -17472,7 +17474,8 @@ void CLASS identify()
{0x155, "DSC-RX100M4"}, {0x156, "DSC-RX10M2"}, {0x158, "DSC-RX1RM2"}, {0x15a, "ILCE-QX1"},
{0x15b, "ILCE-7RM2"}, {0x15e, "ILCE-7SM2"}, {0x161, "ILCA-68"}, {0x162, "ILCA-99M2"},
{0x163, "DSC-RX10M3"}, {0x164, "DSC-RX100M5"}, {0x165, "ILCE-6300"}, {0x166, "ILCE-9"},
- {0x168, "ILCE-6500"}, {0x16a, "ILCE-7RM3"}, {0x16c, "DSC-RX0"}, {0x16d, "DSC-RX10M4"},
+ {0x168, "ILCE-6500"}, {0x16a, "ILCE-7RM3"}, {0x16b, "ILCE-7M3"}, {0x16c, "DSC-RX0"},
+ {0x16d, "DSC-RX10M4"},
};
#ifdef LIBRAW_LIBRARY_BUILD
--
2.16.3
++++++ libraw-CVE-2018-10528.patch -> libraw-CVE-2018-5813.patch ++++++
--- /work/SRC/openSUSE:Factory/libraw/libraw-CVE-2018-10528.patch 2018-05-06 14:56:16.784450659 +0200
+++ /work/SRC/openSUSE:Factory/.libraw.new/libraw-CVE-2018-5813.patch 2018-09-04 22:46:58.175107292 +0200
@@ -1,37 +1,42 @@
-Index: LibRaw-0.18.9/src/libraw_cxx.cpp
+Index: LibRaw-0.19.0/internal/dcraw_common.cpp
===================================================================
---- LibRaw-0.18.9.orig/src/libraw_cxx.cpp 2018-04-30 11:13:15.126021499 +0200
-+++ LibRaw-0.18.9/src/libraw_cxx.cpp 2018-04-30 11:16:43.677077398 +0200
-@@ -5484,17 +5484,18 @@ void x3f_clear(void *p)
- x3f_delete((x3f_t*)p);
- }
+--- LibRaw-0.19.0.orig/internal/dcraw_common.cpp 2018-08-01 12:52:18.288642432 +0200
++++ LibRaw-0.19.0/internal/dcraw_common.cpp 2018-08-01 13:13:55.263263676 +0200
+@@ -14413,8 +14413,13 @@ void CLASS apply_tiff()
--static char *utf2char(utf16_t *str, char *buffer)
-+void utf2char(utf16_t *str, char *buffer, unsigned bufsz)
+ void CLASS parse_minolta(int base)
{
-+ if(bufsz<1) return;
-+ buffer[bufsz-1] = 0;
- char *b = buffer;
+- int save, tag, len, offset, high = 0, wide = 0, i, c;
++ int tag, len, offset, high = 0, wide = 0, i, c;
+ short sorder = order;
++#ifdef LIBRAW_LIBRARY_BUILD
++ INT64 save;
++#else
++ int save;
++#endif
-- while (*str != 0x00) {
-+ while (*str != 0x00 && --bufsz>0) {
- char *chr = (char *)str;
- *b++ = *chr;
- str++;
- }
- *b = 0;
-- return buffer;
- }
+ fseek(ifp, base, SEEK_SET);
+ if (fgetc(ifp) || fgetc(ifp) - 'M' || fgetc(ifp) - 'R')
+@@ -14422,8 +14427,9 @@ void CLASS parse_minolta(int base)
+ order = fgetc(ifp) * 0x101;
+ offset = base + get4() + 8;
+ #ifdef LIBRAW_LIBRARY_BUILD
+- if(offset>ifp->size()-8) // At least 8 bytes for tag/len
+- offset = ifp->size()-8;
++ INT64 fsize = ifp->size();
++ if(offset>fsize-8) // At least 8 bytes for tag/len
++ offset = fsize-8;
+ #endif
- static void *lr_memmem(const void *l, size_t l_len, const void *s, size_t s_len)
-@@ -5555,8 +5556,8 @@ void LibRaw::parse_x3f()
- x3f_property_t *P = PL->property_table.element;
- for (i=0; i<PL->num_properties; i++) {
- char name[100], value[100];
-- utf2char(P[i].name,name);
-- utf2char(P[i].value,value);
-+ utf2char(P[i].name,name,sizeof(name));
-+ utf2char(P[i].value,value,sizeof(value));
- if (!strcmp (name, "ISO"))
- imgdata.other.iso_speed = atoi(value);
- if (!strcmp (name, "CAMMANUF"))
+ while ((save = ftell(ifp)) < offset)
+@@ -14433,6 +14439,10 @@ void CLASS parse_minolta(int base)
+ len = get4();
+ if(len < 0)
+ return; // just ignore wrong len?? or raise bad file exception?
++#ifdef LIBRAW_LIBRARY_BUILD
++ if((INT64)len + save + 8ULL > save)
++ return; // just ignore out of file metadata, stop parse
++#endif
+ switch (tag)
+ {
+ case 0x505244: /* PRD */