This commit is contained in:
Gwyn Ciesla 2020-07-02 09:28:23 -05:00
parent 3a24defb0f
commit 3500628560
4 changed files with 9 additions and 60 deletions

1
.gitignore vendored
View File

@ -77,3 +77,4 @@ LibRaw-0.9.1.tar.gz
/LibRaw-0.19.4.tar.gz /LibRaw-0.19.4.tar.gz
/LibRaw-0.19.5.tar.gz /LibRaw-0.19.5.tar.gz
/0.20-Beta1.tar.gz /0.20-Beta1.tar.gz
/0.20-RC1.tar.gz

View File

@ -1,54 +0,0 @@
From 55f0a0c08974b8b79ebfa7762b555a1704b25fb2 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Tue, 16 Jun 2020 13:17:00 +0300
Subject: [PATCH] possible buffer underrun in exif parser
---
src/metadata/cr3_parser.cpp | 2 +-
src/metadata/exif_gps.cpp | 13 +++++++++----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/metadata/cr3_parser.cpp b/src/metadata/cr3_parser.cpp
index 33983e62..ee209bf3 100644
--- a/src/metadata/cr3_parser.cpp
+++ b/src/metadata/cr3_parser.cpp
@@ -83,7 +83,7 @@ void LibRaw::selectCRXTrack(short maxTrack)
int tiff_idx = -1;
INT64 tpixels = 0;
- for (int i = 0; i < tiff_nifds; i++)
+ for (int i = 0; i < tiff_nifds && i < LIBRAW_IFD_MAXCOUNT; i++)
if (INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height) > tpixels)
{
tpixels = INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height);
diff --git a/src/metadata/exif_gps.cpp b/src/metadata/exif_gps.cpp
index 6fbe1f32..98327969 100644
--- a/src/metadata/exif_gps.cpp
+++ b/src/metadata/exif_gps.cpp
@@ -164,7 +164,9 @@ void LibRaw::parse_exif(int base)
imgdata.lens.EXIF_MaxAp = libraw_powf64l(2.0f, (getreal(type) / 2.0f));
break;
case 0x829a: // 33434
- tiff_ifd[tiff_nifds - 1].t_shutter = shutter = getreal(type);
+ shutter = getreal(type);
+ if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
+ tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
break;
case 0x829d: // 33437, FNumber
aperture = getreal(type);
@@ -186,9 +188,12 @@ void LibRaw::parse_exif(int base)
get_timestamp(0);
break;
case 0x9201: // 37377
- if ((expo = -getreal(type)) < 128 && shutter == 0.)
- tiff_ifd[tiff_nifds - 1].t_shutter = shutter =
- libraw_powf64l(2.0, expo);
+ if ((expo = -getreal(type)) < 128 && shutter == 0.)
+ {
+ shutter = libraw_powf64l(2.0, expo);
+ if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
+ tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
+ }
break;
case 0x9202: // 37378 ApertureValue
if ((fabs(ape = getreal(type)) < 256.0) && (!aperture))

View File

@ -7,7 +7,7 @@
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
Name: LibRaw Name: LibRaw
Version: 0.20 Version: 0.20
Release: 0.beta1%{?dist}.2 Release: 0.rc1%{?dist}.3
License: BSD and (CDDL or LGPLv2) License: BSD and (CDDL or LGPLv2)
URL: http://www.libraw.org URL: http://www.libraw.org
@ -18,9 +18,8 @@ BuildRequires: pkgconfig(libjpeg)
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
#Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz #Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}-Beta1.tar.gz Source0: http://github.com/LibRaw/LibRaw/archive/%{version}-RC1.tar.gz
Patch0: LibRaw-pkgconfig.patch Patch0: LibRaw-pkgconfig.patch
Patch1: 55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
Provides: bundled(dcraw) = 9.25 Provides: bundled(dcraw) = 9.25
%description %description
@ -55,7 +54,7 @@ Requires: %{name} = %{version}-%{release}
LibRaw sample programs LibRaw sample programs
%prep %prep
%autosetup -p1 -n %{name}-%{version}-Beta1 %autosetup -p1 -n %{name}-%{version}-RC1
%build %build
autoreconf -if autoreconf -if
@ -117,7 +116,10 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
%changelog %changelog
* Mon Jun 29 2020 Gwyn Ciesla <gwync@protonmail.com>- 0.20-.beta1.2 * Thu Jul 02 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20-0.rc1.3
- RC1
* Mon Jun 29 2020 Gwyn Ciesla <gwync@protonmail.com>- 0.20-0.beta1.2
- Patch for CVE-2020-15365 - Patch for CVE-2020-15365
* Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1 * Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1

View File

@ -1 +1 @@
SHA512 (0.20-Beta1.tar.gz) = 8cb2972df734e7ce1ac553fe40a5fa6af14b76e90f3163e0f3fe29787ce6e424230f8cc9801cc5f7269d940d0b4bfa55ea574166a615c9703818d485da50b7e9 SHA512 (0.20-RC1.tar.gz) = 99504b3da9952ceba6348bc3c1cba4d28fbc658af483099185422dd5446d500d231aeae24616d20b2d93f742ad5886fe50e5ed3048bb6051b59a949b4fb02114