import CS LibRaw-0.19.5-4.el8
This commit is contained in:
parent
17763a443d
commit
095688223e
41
SOURCES/LibRaw-CVE-2021-32142.patch
Normal file
41
SOURCES/LibRaw-CVE-2021-32142.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From 85e018cbca5eb3743eddca91d3d40c3123fa9777 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <debarshir@gnome.org>
|
||||
Date: Tue, 19 Sep 2023 19:52:40 +0200
|
||||
Subject: [PATCH] check for input buffer size on datastream::gets
|
||||
|
||||
(backported from commit fa329f37dca4a2c938f8abb50ee4a7ef93e64fbb)
|
||||
---
|
||||
src/libraw_datastream.cpp | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
|
||||
index bd9cf5ee55d7..aecd3997a707 100644
|
||||
--- a/src/libraw_datastream.cpp
|
||||
+++ b/src/libraw_datastream.cpp
|
||||
@@ -175,6 +175,7 @@ INT64 LibRaw_file_datastream::tell()
|
||||
|
||||
char *LibRaw_file_datastream::gets(char *str, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
if (substream)
|
||||
return substream->gets(str, sz);
|
||||
LR_STREAM_CHK();
|
||||
@@ -398,6 +399,7 @@ INT64 LibRaw_buffer_datastream::tell()
|
||||
|
||||
char *LibRaw_buffer_datastream::gets(char *s, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
if (substream)
|
||||
return substream->gets(s, sz);
|
||||
unsigned char *psrc, *pdest, *str;
|
||||
@@ -594,6 +596,7 @@ INT64 LibRaw_bigfile_datastream::tell()
|
||||
|
||||
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
LR_BF_CHK();
|
||||
return substream ? substream->gets(str, sz) : fgets(str, sz, f);
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Library for reading RAW files obtained from digital photo cameras
|
||||
Name: LibRaw
|
||||
Version: 0.19.5
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: BSD and (CDDL or LGPLv2)
|
||||
URL: http://www.libraw.org
|
||||
|
||||
@ -15,6 +15,7 @@ Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
|
||||
Patch0: LibRaw-0.6.0-pkgconfig.patch
|
||||
Patch1: LibRaw-CVE-2020-15503.patch
|
||||
Patch2: LibRaw-CVE-2020-24870.patch
|
||||
Patch3: LibRaw-CVE-2021-32142.patch
|
||||
Provides: bundled(dcraw) = 9.25
|
||||
|
||||
%description
|
||||
@ -56,6 +57,7 @@ LibRaw sample programs
|
||||
%patch0 -p0 -b .pkgconfig
|
||||
%patch1 -p1 -b .cve-2020-15503
|
||||
%patch2 -p1 -b .cve-2020-24870
|
||||
%patch3 -p1 -b .cve-2021-32142
|
||||
|
||||
%build
|
||||
autoreconf -if
|
||||
@ -119,6 +121,10 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Oct 23 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-4
|
||||
- Backport fix for CVE-2021-32142 from upstream
|
||||
Resolves: RHEL-9523
|
||||
|
||||
* Tue Apr 27 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-3
|
||||
- Backport fix for CVE-2020-24870 from upstream
|
||||
Resolves: #1931841
|
||||
|
||||
Loading…
Reference in New Issue
Block a user