Patch for CVE-2020-15365
This commit is contained in:
parent
5b3b91134a
commit
3a24defb0f
54
55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
Normal file
54
55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From 55f0a0c08974b8b79ebfa7762b555a1704b25fb2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Tutubalin <lexa@lexa.ru>
|
||||||
|
Date: Tue, 16 Jun 2020 13:17:00 +0300
|
||||||
|
Subject: [PATCH] possible buffer underrun in exif parser
|
||||||
|
|
||||||
|
---
|
||||||
|
src/metadata/cr3_parser.cpp | 2 +-
|
||||||
|
src/metadata/exif_gps.cpp | 13 +++++++++----
|
||||||
|
2 files changed, 10 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/metadata/cr3_parser.cpp b/src/metadata/cr3_parser.cpp
|
||||||
|
index 33983e62..ee209bf3 100644
|
||||||
|
--- a/src/metadata/cr3_parser.cpp
|
||||||
|
+++ b/src/metadata/cr3_parser.cpp
|
||||||
|
@@ -83,7 +83,7 @@ void LibRaw::selectCRXTrack(short maxTrack)
|
||||||
|
|
||||||
|
int tiff_idx = -1;
|
||||||
|
INT64 tpixels = 0;
|
||||||
|
- for (int i = 0; i < tiff_nifds; i++)
|
||||||
|
+ for (int i = 0; i < tiff_nifds && i < LIBRAW_IFD_MAXCOUNT; i++)
|
||||||
|
if (INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height) > tpixels)
|
||||||
|
{
|
||||||
|
tpixels = INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height);
|
||||||
|
diff --git a/src/metadata/exif_gps.cpp b/src/metadata/exif_gps.cpp
|
||||||
|
index 6fbe1f32..98327969 100644
|
||||||
|
--- a/src/metadata/exif_gps.cpp
|
||||||
|
+++ b/src/metadata/exif_gps.cpp
|
||||||
|
@@ -164,7 +164,9 @@ void LibRaw::parse_exif(int base)
|
||||||
|
imgdata.lens.EXIF_MaxAp = libraw_powf64l(2.0f, (getreal(type) / 2.0f));
|
||||||
|
break;
|
||||||
|
case 0x829a: // 33434
|
||||||
|
- tiff_ifd[tiff_nifds - 1].t_shutter = shutter = getreal(type);
|
||||||
|
+ shutter = getreal(type);
|
||||||
|
+ if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
|
||||||
|
+ tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
|
||||||
|
break;
|
||||||
|
case 0x829d: // 33437, FNumber
|
||||||
|
aperture = getreal(type);
|
||||||
|
@@ -186,9 +188,12 @@ void LibRaw::parse_exif(int base)
|
||||||
|
get_timestamp(0);
|
||||||
|
break;
|
||||||
|
case 0x9201: // 37377
|
||||||
|
- if ((expo = -getreal(type)) < 128 && shutter == 0.)
|
||||||
|
- tiff_ifd[tiff_nifds - 1].t_shutter = shutter =
|
||||||
|
- libraw_powf64l(2.0, expo);
|
||||||
|
+ if ((expo = -getreal(type)) < 128 && shutter == 0.)
|
||||||
|
+ {
|
||||||
|
+ shutter = libraw_powf64l(2.0, expo);
|
||||||
|
+ if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
|
||||||
|
+ tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case 0x9202: // 37378 ApertureValue
|
||||||
|
if ((fabs(ape = getreal(type)) < 256.0) && (!aperture))
|
@ -7,7 +7,7 @@
|
|||||||
Summary: Library for reading RAW files obtained from digital photo cameras
|
Summary: Library for reading RAW files obtained from digital photo cameras
|
||||||
Name: LibRaw
|
Name: LibRaw
|
||||||
Version: 0.20
|
Version: 0.20
|
||||||
Release: 0.beta1%{?dist}.1
|
Release: 0.beta1%{?dist}.2
|
||||||
License: BSD and (CDDL or LGPLv2)
|
License: BSD and (CDDL or LGPLv2)
|
||||||
URL: http://www.libraw.org
|
URL: http://www.libraw.org
|
||||||
|
|
||||||
@ -20,6 +20,7 @@ BuildRequires: autoconf automake libtool
|
|||||||
#Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
|
#Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
|
||||||
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}-Beta1.tar.gz
|
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}-Beta1.tar.gz
|
||||||
Patch0: LibRaw-pkgconfig.patch
|
Patch0: LibRaw-pkgconfig.patch
|
||||||
|
Patch1: 55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
|
||||||
Provides: bundled(dcraw) = 9.25
|
Provides: bundled(dcraw) = 9.25
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -116,6 +117,9 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 29 2020 Gwyn Ciesla <gwync@protonmail.com>- 0.20-.beta1.2
|
||||||
|
- Patch for CVE-2020-15365
|
||||||
|
|
||||||
* Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1
|
* Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1
|
||||||
- Add back pkgconfig patch lost in the previous commit
|
- Add back pkgconfig patch lost in the previous commit
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user