Hello community, here is the log from the commit of package libraw for openSUSE:Factory checked in at 2017-06-02 10:29:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libraw (Old) and /work/SRC/openSUSE:Factory/.libraw.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libraw" Fri Jun 2 10:29:29 2017 rev:41 rq:497438 version:0.18.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libraw/libraw.changes 2017-02-04 18:00:57.524324509 +0100 +++ /work/SRC/openSUSE:Factory/.libraw.new/libraw.changes 2017-06-02 10:29:34.387774875 +0200 @@ -1,0 +2,18 @@ +Tue May 23 06:54:04 UTC 2017 - pgajdos@suse.com + +- updated to 0.18.2: + Fixed several errors (Secunia advisory SA75000) + ACES colorspace output option included in dcraw_emu help page + Avoided possible 32-bit overflows in Sony metadata parser + Phase One flat field code called even for half-size output + Camera Support: Sigma Quattro H + Fixed bug in FujiExpoMidPointShift parser + Fixed wrong black level in Sony A350 + Added standard integer types for VisualStudio 2008 and earlier +- added missing parts of the fix for CVE-2017-6887 + and CVE-2017-6886 + + libraw-CVE-2017-6887,6886.patch +- added missing fix for CVE-2017-6890 and CVE-2017-6899 + + libraw-CVE-2017-6890,6899.patch + +------------------------------------------------------------------- Old: ---- LibRaw-0.18.0.tar.gz New: ---- LibRaw-0.18.2.tar.gz libraw-CVE-2017-6887,6886.patch libraw-CVE-2017-6890,6899.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libraw.spec ++++++ --- /var/tmp/diff_new_pack.rNsd7l/_old 2017-06-02 10:29:34.955694629 +0200 +++ /var/tmp/diff_new_pack.rNsd7l/_new 2017-06-02 10:29:34.955694629 +0200 @@ -21,7 +21,7 @@ Name: libraw %define lver 16 %define lname libraw%{lver} -Version: 0.18.0 +Version: 0.18.2 Release: 0 Summary: Library for reading RAW files obtained from digital photo cameras License: CDDL-1.0 or LGPL-2.1 @@ -30,6 +30,8 @@ #Git-Clone: git://github.com/LibRaw/LibRaw Source: http://www.libraw.org/data/%tar_name-%version.tar.gz +Patch0: libraw-CVE-2017-6890,6899.patch +Patch1: libraw-CVE-2017-6887,6886.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libjasper-devel @@ -98,6 +100,8 @@ %prep %setup -qn %tar_name-%version +%patch0 -p1 +%patch1 -p1 %build export CXXFLAGS="%optflags -fPIC -DUSE_ZLIB" ++++++ LibRaw-0.18.0.tar.gz -> LibRaw-0.18.2.tar.gz ++++++ ++++ 2766 lines of diff (skipped) ++++++ libraw-CVE-2017-6887,6886.patch ++++++
From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001 From: Alex Tutubalin
Date: Sat, 4 Mar 2017 21:27:39 +0300 Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns
--- dcraw/dcraw.c | 12 ++++++++++-- internal/dcraw_common.cpp | 12 ++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) Index: LibRaw-0.18.2/dcraw/dcraw.c =================================================================== --- LibRaw-0.18.2.orig/dcraw/dcraw.c 2017-05-23 10:30:39.264790336 +0200 +++ LibRaw-0.18.2/dcraw/dcraw.c 2017-05-23 11:15:45.574900958 +0200 @@ -5841,7 +5841,12 @@ int CLASS parse_tiff_ifd (int base) if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) { load_raw = &CLASS sony_arw_load_raw; data_offset = get4()+base; - ifd++; break; + ifd++; +#ifdef LIBRAW_LIBRARY_BUILD + if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0]) + throw LIBRAW_EXCEPTION_IO_CORRUPT; +#endif + break; } while (len--) { i = ftell(ifp); @@ -6005,6 +6010,8 @@ int CLASS parse_tiff_ifd (int base) break; case 50454: /* Sinar tag */ case 50455: + if (len < 1 || len > 2560000) + break; if (!(cbuf = (char *) malloc(len))) break; fread (cbuf, 1, len, ifp); for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n')) ++++++ libraw-CVE-2017-6890,6899.patch ++++++ --- a/dcraw/dcraw.c +++ b/dcraw/dcraw.c @@ -319,7 +319,7 @@ void CLASS foveon_huff (ushort *huff) void CLASS foveon_dp_load_raw() { unsigned c, roff[4], row, col, diff; - ushort huff[512], vpred[2][2], hpred[2]; + ushort huff[1024], vpred[2][2], hpred[2]; fseek (ifp, 8, SEEK_CUR); foveon_huff (huff); @@ -346,12 +346,16 @@ void CLASS foveon_dp_load_raw() void CLASS foveon_load_camf() { unsigned type, wide, high, i, j, row, col, diff; - ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2]; + ushort huff[1024], vpred[2][2] = {{512,512},{512,512}}, hpred[2]; fseek (ifp, meta_offset, SEEK_SET); type = get4(); get4(); get4(); wide = get4(); high = get4(); +#ifdef LIBRAW_LIBRARY_BUILD + if(wide>32767 || high > 32767 || wide*high > 20000000) + throw LIBRAW_EXCEPTION_IO_CORRUPT; +#endif if (type == 2) { fread (meta_data, 1, meta_length, ifp); for (i=0; i < meta_length; i++) {