Compare commits

..

No commits in common. 'c8' and 'c9' have entirely different histories.
c8 ... c9

@ -1 +1 @@
c151995b6f17a0ccef7fbc1dcb982f0ccb04d934 SOURCES/LibRaw-0.19.5.tar.gz
0b425d9a5ed873adeeb68ea1b4945745f3ec1507 SOURCES/0.20.2.tar.gz

2
.gitignore vendored

@ -1 +1 @@
SOURCES/LibRaw-0.19.5.tar.gz
SOURCES/0.20.2.tar.gz

@ -1,42 +0,0 @@
--- libraw.pc.in~ 2014-01-17 07:38:31.000000000 -0600
+++ libraw.pc.in 2014-02-20 14:18:20.559279964 -0600
@@ -7,5 +7,6 @@
Description: Raw image decoder library (non-thread-safe)
Requires: @PACKAGE_REQUIRES@
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -lraw -lstdc++@PC_OPENMP@
+Libs: -L${libdir} -lraw@PC_OPENMP@
+Libs.private: -lstdc++
Cflags: -I${includedir}/libraw
--- libraw_r.pc.in~ 2014-01-17 07:38:31.000000000 -0600
+++ libraw_r.pc.in 2014-02-20 14:20:35.740276947 -0600
@@ -7,5 +7,6 @@
Description: Raw image decoder library (thread-safe)
Requires: @PACKAGE_REQUIRES@
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@
+Libs: -L${libdir} -lraw_r@PC_OPENMP@
+Libs.private: -lstdc++
Cflags: -I${includedir}/libraw
--- libraw_r.pc.in~ 2014-02-20 14:22:36.000000000 -0600
+++ libraw_r.pc.in 2014-02-20 14:27:24.454267828 -0600
@@ -5,7 +5,7 @@
Name: libraw
Description: Raw image decoder library (thread-safe)
-Requires: @PACKAGE_REQUIRES@
+Requires.private: @PACKAGE_REQUIRES@
Version: @PACKAGE_VERSION@
Libs: -L${libdir} -lraw_r@PC_OPENMP@
Libs.private: -lstdc++
--- libraw.pc.in~ 2014-02-20 14:22:36.000000000 -0600
+++ libraw.pc.in 2014-02-20 14:27:18.368267964 -0600
@@ -5,7 +5,7 @@
Name: libraw
Description: Raw image decoder library (non-thread-safe)
-Requires: @PACKAGE_REQUIRES@
+Requires.private: @PACKAGE_REQUIRES@
Version: @PACKAGE_VERSION@
Libs: -L${libdir} -lraw@PC_OPENMP@
Libs.private: -lstdc++

@ -1,133 +0,0 @@
diff -urNp LibRaw-0.19.5.orig/libraw/libraw_const.h LibRaw-0.19.5/libraw/libraw_const.h
--- LibRaw-0.19.5.orig/libraw/libraw_const.h 2020-08-10 18:32:18.669459968 +0200
+++ LibRaw-0.19.5/libraw/libraw_const.h 2020-08-10 18:48:10.462282067 +0200
@@ -24,6 +24,12 @@ it under the terms of the one of two lic
#define LIBRAW_MAX_ALLOC_MB 2048L
#endif
+/* limit thumbnail size, default is 512Mb*/
+#ifndef LIBRAW_MAX_THUMBNAIL_MB
+#define LIBRAW_MAX_THUMBNAIL_MB 512L
+#endif
+
+
/* Change to non-zero to allow (broken) CRW (and other) files metadata
loop prevention */
#ifndef LIBRAW_METADATA_LOOP_PREVENTION
diff -urNp LibRaw-0.19.5.orig/src/libraw_cxx.cpp LibRaw-0.19.5/src/libraw_cxx.cpp
--- LibRaw-0.19.5.orig/src/libraw_cxx.cpp 2020-08-10 18:32:18.672459987 +0200
+++ LibRaw-0.19.5/src/libraw_cxx.cpp 2020-08-10 18:49:18.616688826 +0200
@@ -3712,6 +3712,21 @@ libraw_processed_image_t *LibRaw::dcraw_
return NULL;
}
+ if (T.tlength < 64u)
+ {
+ if (errcode)
+ *errcode = EINVAL;
+ return NULL;
+ }
+
+ if (INT64(T.tlength) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB)
+ {
+ if (errcode)
+ *errcode = LIBRAW_TOO_BIG;
+ return NULL;
+ }
+
+
if (T.tformat == LIBRAW_THUMBNAIL_BITMAP)
{
libraw_processed_image_t *ret = (libraw_processed_image_t *)::malloc(sizeof(libraw_processed_image_t) + T.tlength);
@@ -3976,6 +3991,12 @@ void LibRaw::kodak_thumb_loader()
if (ID.toffset + est_datasize > ID.input->size() + THUMB_READ_BEYOND)
throw LIBRAW_EXCEPTION_IO_EOF;
+ if(INT64(T.theight) * INT64(T.twidth) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+
+ if (INT64(T.theight) * INT64(T.twidth) < 64ULL)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+
// some kodak cameras
ushort s_height = S.height, s_width = S.width, s_iwidth = S.iwidth, s_iheight = S.iheight;
ushort s_flags = libraw_internal_data.unpacker_data.load_flags;
@@ -4237,6 +4258,25 @@ int LibRaw::unpack_thumb(void)
CHECK_ORDER_LOW(LIBRAW_PROGRESS_IDENTIFY);
CHECK_ORDER_BIT(LIBRAW_PROGRESS_THUMB_LOAD);
+#define THUMB_SIZE_CHECKT(A) \
+ do { \
+ if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
+ if (INT64(A) > 0 && INT64(A) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
+ } while (0)
+
+#define THUMB_SIZE_CHECKTNZ(A) \
+ do { \
+ if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
+ if (INT64(A) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
+ } while (0)
+
+
+#define THUMB_SIZE_CHECKWH(W,H) \
+ do { \
+ if (INT64(W)*INT64(H) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
+ if (INT64(W)*INT64(H) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
+ } while (0)
+
try
{
if (!libraw_internal_data.internal_data.input)
@@ -4267,6 +4307,7 @@ int LibRaw::unpack_thumb(void)
if (INT64(ID.toffset) + tsize > ID.input->size() + THUMB_READ_BEYOND)
throw LIBRAW_EXCEPTION_IO_EOF;
+ THUMB_SIZE_CHECKT(tsize);
}
else
{
@@ -4280,6 +4321,7 @@ int LibRaw::unpack_thumb(void)
ID.input->seek(ID.toffset, SEEK_SET);
if (write_thumb == &LibRaw::jpeg_thumb)
{
+ THUMB_SIZE_CHECKTNZ(T.tlength);
if (T.thumb)
free(T.thumb);
T.thumb = (char *)malloc(T.tlength);
@@ -4326,6 +4368,7 @@ int LibRaw::unpack_thumb(void)
{
if (t_bytesps > 1)
throw LIBRAW_EXCEPTION_IO_CORRUPT; // 8-bit thumb, but parsed for more bits
+ THUMB_SIZE_CHECKWH(T.twidth, T.theight);
int t_length = T.twidth * T.theight * t_colors;
if (T.tlength && T.tlength < t_length) // try to find tiff ifd with needed offset
@@ -4351,8 +4394,12 @@ int LibRaw::unpack_thumb(void)
T.tcolors = 1;
}
T.tlength = total_size;
+ THUMB_SIZE_CHECKTNZ(T.tlength);
if (T.thumb)
free(T.thumb);
+
+ THUMB_SIZE_CHECKTNZ(T.tlength);
+
T.thumb = (char *)malloc(T.tlength);
merror(T.thumb, "ppm_thumb()");
@@ -4400,10 +4447,15 @@ int LibRaw::unpack_thumb(void)
if (t_bytesps > 2)
throw LIBRAW_EXCEPTION_IO_CORRUPT; // 16-bit thumb, but parsed for more bits
int o_bps = (imgdata.params.raw_processing_options & LIBRAW_PROCESSING_USE_PPM16_THUMBS) ? 2 : 1;
+ THUMB_SIZE_CHECKWH(T.twidth, T.theight);
int o_length = T.twidth * T.theight * t_colors * o_bps;
int i_length = T.twidth * T.theight * t_colors * 2;
if (!T.tlength)
T.tlength = o_length;
+ THUMB_SIZE_CHECKTNZ(o_length);
+ THUMB_SIZE_CHECKTNZ(i_length);
+ THUMB_SIZE_CHECKTNZ(T.tlength);
+
ushort *t_thumb = (ushort *)calloc(i_length, 1);
ID.input->read(t_thumb, 1, i_length);
if ((libraw_internal_data.unpacker_data.order == 0x4949) == (ntohs(0x1234) == 0x1234))

@ -1,42 +0,0 @@
From 4d463048b9f27a3dc86b7010c198b32d995cd941 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <debarshir@gnome.org>
Date: Tue, 27 Apr 2021 17:44:09 +0200
Subject: [PATCH] Limit loops to MIN(colors,4)
This is a backport of commit 4feaed4dea636cee for CVE-2020-24870.
https://github.com/LibRaw/LibRaw/issues/330
---
internal/dcraw_common.cpp | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index a36553208194..3e8c009eb08e 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -19598,17 +19598,18 @@ dng_skip:
if(calidx[colidx] == sidx)
{
- for (int i = 0; i < colors; i++)
+ for (int i = 0; i < colors && i < 4; i++)
FORCC
cc[i][c] = tiff_ifd[sidx].dng_color[colidx].calibration[i][c];
}
if(abidx == sidx)
- for (int i = 0; i < colors; i++)
+ for (int i = 0; i < colors && i < 4; i++)
FORCC cc[i][c] *= tiff_ifd[sidx].dng_levels.analogbalance[i];
int j;
- FORCC for (int i = 0; i < 3; i++) for (cam_xyz[c][i] = j = 0; j < colors; j++) cam_xyz[c][i] +=
- cc[c][j] * cm[j][i];// add AsShotXY later * xyz[i];
+ FORCC for (int i = 0; i < 3; i++)
+ for (cam_xyz[c][i] = j = 0; j < colors && j < 4; j++)
+ cam_xyz[c][i] += cc[c][j] * cm[j][i];// add AsShotXY later * xyz[i];
cam_xyz_coeff(cmatrix, cam_xyz);
}
}
--
2.30.2

@ -0,0 +1,40 @@
From fa329f37dca4a2c938f8abb50ee4a7ef93e64fbb Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Mon, 12 Apr 2021 13:21:52 +0300
Subject: [PATCH] check for input buffer size on datastream::gets
---
src/libraw_datastream.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
index 606e5de73618..7e95bc749688 100644
--- a/src/libraw_datastream.cpp
+++ b/src/libraw_datastream.cpp
@@ -286,6 +286,7 @@ INT64 LibRaw_file_datastream::tell()
char *LibRaw_file_datastream::gets(char *str, int sz)
{
+ if(sz<1) return NULL;
LR_STREAM_CHK();
std::istream is(f.get());
is.getline(str, sz);
@@ -417,6 +418,7 @@ INT64 LibRaw_buffer_datastream::tell()
char *LibRaw_buffer_datastream::gets(char *s, int sz)
{
+ if(sz<1) return NULL;
unsigned char *psrc, *pdest, *str;
str = (unsigned char *)s;
psrc = buf + streampos;
@@ -609,6 +611,7 @@ INT64 LibRaw_bigfile_datastream::tell()
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
{
+ if(sz<1) return NULL;
LR_BF_CHK();
return fgets(str, sz, f);
}
--
2.39.2

@ -0,0 +1,26 @@
--- LibRaw-0.20-Beta1/libraw.pc.in~ 2020-05-13 14:22:12.656424311 +0200
+++ LibRaw-0.20-Beta1/libraw.pc.in 2020-05-13 14:22:27.481441569 +0200
@@ -5,7 +5,8 @@
Name: libraw
Description: Raw image decoder library (non-thread-safe)
-Requires: @PACKAGE_REQUIRES@
+Requires.private: @PACKAGE_REQUIRES@
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -lraw -lstdc++@PC_OPENMP@
+Libs: -L${libdir} -lraw@PC_OPENMP@
+Libs.private: -lstdc++
Cflags: -I${includedir}/libraw -I${includedir}
--- LibRaw-0.20-Beta1/libraw_r.pc.in~ 2020-05-13 14:22:18.034430572 +0200
+++ LibRaw-0.20-Beta1/libraw_r.pc.in 2020-05-13 14:22:27.481441569 +0200
@@ -5,7 +5,8 @@
Name: libraw
Description: Raw image decoder library (thread-safe)
-Requires: @PACKAGE_REQUIRES@
+Requires.private: @PACKAGE_REQUIRES@
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@
+Libs: -L${libdir} -lraw_r@PC_OPENMP@
+Libs.private: -lstdc++
Cflags: -I${includedir}/libraw -I${includedir}

@ -1,8 +1,14 @@
# feature macro to enable samples (or not)
%if 0%{?rhel} != 7
%global samples 1
%endif
Summary: Library for reading RAW files obtained from digital photo cameras
Name: LibRaw
Version: 0.19.5
Release: 3%{?dist}
License: BSD and (CDDL or LGPLv2)
Version: 0.20.2
Release: 6%{?dist}
License: BSD and LGPLv2
URL: http://www.libraw.org
BuildRequires: gcc-c++
@ -10,11 +16,15 @@ BuildRequires: pkgconfig(lcms2)
BuildRequires: pkgconfig(jasper)
BuildRequires: pkgconfig(libjpeg)
BuildRequires: autoconf automake libtool
BuildRequires: make
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
Patch0: LibRaw-pkgconfig.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2172140
Patch1: LibRaw-check-for-input-buffer-size-on-datastream-gets.patch
Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
Patch0: LibRaw-0.6.0-pkgconfig.patch
Patch1: LibRaw-CVE-2020-15503.patch
Patch2: LibRaw-CVE-2020-24870.patch
Provides: bundled(dcraw) = 9.25
%description
@ -41,30 +51,20 @@ Requires: %{name}-devel%{?_isa} = %{version}-%{release}
%description static
LibRaw static development libraries.
%if 0%{?rhel} != 7
%package samples
Summary: LibRaw sample programs
Requires: %{name} = %{version}-%{release}
%description samples
LibRaw sample programs
%endif
%prep
%setup -q
%patch0 -p0 -b .pkgconfig
%patch1 -p1 -b .cve-2020-15503
%patch2 -p1 -b .cve-2020-24870
%autosetup -p1 -n %{name}-%{version}
%build
autoreconf -if
%configure \
%if 0%{?rhel} == 7
--enable-examples=no \
%else
--enable-examples=yes \
%endif
--enable-examples=%{?samples:yes}%{!?samples:no} \
--enable-jasper \
--enable-jpeg \
--enable-lcms \
@ -95,8 +95,8 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
%files
%doc Changelog.txt
%license LICENSE.CDDL LICENSE.LGPL COPYRIGHT
%{_libdir}/libraw.so.19*
%{_libdir}/libraw_r.so.19*
%{_libdir}/libraw.so.20*
%{_libdir}/libraw_r.so.20*
%files static
%{_libdir}/libraw.a
@ -112,47 +112,113 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
%{_libdir}/pkgconfig/libraw_r.pc
%exclude %{_docdir}/libraw/*
%if 0%{?rhel} != 7
%if 0%{?samples}
%files samples
%{_bindir}/*
%endif
%changelog
* Tue Apr 27 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-3
- Backport fix for CVE-2020-24870 from upstream
Resolves: #1931841
* Tue Apr 04 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.20.2-6
- Fix CVE-2021-32142
Resolves: #2172140
* Mon Dec 13 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.20.2-5
- CDDL is not an approved license
Resolves: #2031918
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.20.2-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.20.2-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.20.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Oct 15 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20.2-1
- 0.20.2
* Wed Oct 14 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20.1-1
- 0.20.1
* Mon Aug 10 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-2
- Backport fix for CVE-2020-15503 from Fedora
Resolves: #1853529
* Thu Sep 24 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20.0-3
- Patch for CVE-2020-24890.
* Wed Oct 30 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-1
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.20.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 23 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20.0-1
- 0.20.0 final.
* Thu Jul 02 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20-0.rc1.3
- RC1
* Mon Jun 29 2020 Gwyn Ciesla <gwync@protonmail.com>- 0.20-0.beta1.2
- Patch for CVE-2020-15365
* Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1
- Add back pkgconfig patch lost in the previous commit
* Thu May 07 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20-0.beta1
- 0.20 Beta 1
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.19.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Aug 20 2019 Gwyn Ciesla <gwync@protonmail.com> - 0.19.5-1
- 0.19.5
Resolves: #1671744
* Fri Dec 14 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.1-1
* Mon Aug 05 2019 Gwyn Ciesla <gwync@protonmail.com> - 0.19.4-1
- 0.19.4
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.19.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jul 03 2019 Gwyn Ciesla <gwync@protonmail.com> - 0.19.3-1
- 0.19.3
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.19.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 02 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.19.2-2
- Remove the samples subpackage from RHEL 7
* Wed Dec 26 2018 Gwyn Ciesla <limburgher@gmail.com> - 0.19.2-1
- 0.19.2
* Thu Nov 22 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.1-1
- 0.19.1
Resolves: #1654688
* Mon Oct 08 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.0-3
* Mon Oct 08 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.0-6
- Remove the build artifacts for the samples
Resolves: #1633708
* Mon Oct 08 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.0-2
* Mon Oct 08 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.0-5
- Bind the samples sub-package more tightly to the main package
Resolves: #1633708
* Thu Sep 27 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.0-1
- 0.19.0
* Tue Jul 31 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.19.0-4
- Fix License
- Explicitly enable JPEG and OpenMP support to avoid surprises
- Tighten %%files, mostly so api/soname changes will no longer be a surpise
- Use %%make_build %%ldconfig_scriptlets
Resolves: #1633708
* Thu Jul 19 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.18.13-1
- 0.18.13.
* Thu Jul 19 2018 Rex Dieter <rdieter@fedoraproject.org> - 0.19.0-3
- tighten %%files, mostly so api/soname changes will no longer be a surpise
- use %%make_build %%ldconfig_scriptlets
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.19.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Gwyn Ciesla <limburgher@gmail.com> - 0.19.0-1
- 0.19.0.
* Mon Jun 11 2018 Gwyn Ciesla <limburgher@gmail.com> - 0.18.12-1
- 0.18.12.
* Thu May 10 2018 Gwyn Ciesla <limburgher@gmail.com> - 0.18.11-1
- 0.18.11.
* Thu May 03 2018 Gwyn Ciesla <limburgher@gmail.com> - 0.18.10-1
- 0.18.10.
* Wed Apr 25 2018 Gwyn Ciesla <limburgher@gmail.com> - 0.18.9-1
- 0.18.9.

Loading…
Cancel
Save