rpms/LibRaw
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS LibRaw-0.19.5-4.el8

Browse Source
This commit is contained in:
eabdullin 2024-03-27 19:23:09 +00:00
parent 17763a443d
commit 095688223e
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
SOURCES/LibRaw-CVE-2021-32142.patch Normal file
View File

@ -0,0 +1,41 @@
From 85e018cbca5eb3743eddca91d3d40c3123fa9777 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <debarshir@gnome.org>
Date: Tue, 19 Sep 2023 19:52:40 +0200
Subject: [PATCH] check for input buffer size on datastream::gets
(backported from commit fa329f37dca4a2c938f8abb50ee4a7ef93e64fbb)
---
src/libraw_datastream.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
index bd9cf5ee55d7..aecd3997a707 100644
--- a/src/libraw_datastream.cpp
+++ b/src/libraw_datastream.cpp
@@ -175,6 +175,7 @@ INT64 LibRaw_file_datastream::tell()
char *LibRaw_file_datastream::gets(char *str, int sz)
{
+ if(sz<1) return NULL;
if (substream)
return substream->gets(str, sz);
LR_STREAM_CHK();
@@ -398,6 +399,7 @@ INT64 LibRaw_buffer_datastream::tell()
char *LibRaw_buffer_datastream::gets(char *s, int sz)
{
+ if(sz<1) return NULL;
if (substream)
return substream->gets(s, sz);
unsigned char *psrc, *pdest, *str;
@@ -594,6 +596,7 @@ INT64 LibRaw_bigfile_datastream::tell()
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
{
+ if(sz<1) return NULL;
LR_BF_CHK();
return substream ? substream->gets(str, sz) : fgets(str, sz, f);
}
--
2.41.0

8
SPECS/LibRaw.spec
View File

@ -1,7 +1,7 @@
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
Name: LibRaw Name: LibRaw
Version: 0.19.5 Version: 0.19.5
Release: 3%{?dist} Release: 4%{?dist}
License: BSD and (CDDL or LGPLv2) License: BSD and (CDDL or LGPLv2)
URL: http://www.libraw.org URL: http://www.libraw.org
@ -15,6 +15,7 @@ Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
Patch0: LibRaw-0.6.0-pkgconfig.patch Patch0: LibRaw-0.6.0-pkgconfig.patch
Patch1: LibRaw-CVE-2020-15503.patch Patch1: LibRaw-CVE-2020-15503.patch
Patch2: LibRaw-CVE-2020-24870.patch Patch2: LibRaw-CVE-2020-24870.patch
Patch3: LibRaw-CVE-2021-32142.patch
Provides: bundled(dcraw) = 9.25 Provides: bundled(dcraw) = 9.25
%description %description
@ -56,6 +57,7 @@ LibRaw sample programs
%patch0 -p0 -b .pkgconfig %patch0 -p0 -b .pkgconfig
%patch1 -p1 -b .cve-2020-15503 %patch1 -p1 -b .cve-2020-15503
%patch2 -p1 -b .cve-2020-24870 %patch2 -p1 -b .cve-2020-24870
%patch3 -p1 -b .cve-2021-32142
%build %build
autoreconf -if autoreconf -if
@ -119,6 +121,10 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
%changelog %changelog
* Mon Oct 23 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-4
- Backport fix for CVE-2021-32142 from upstream
Resolves: RHEL-9523
* Tue Apr 27 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-3 * Tue Apr 27 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-3
- Backport fix for CVE-2020-24870 from upstream - Backport fix for CVE-2020-24870 from upstream
Resolves: #1931841 Resolves: #1931841