Patch for CVE-2017-13735.

2017-09-06 10:55:34 -05:00 · 2017-09-06 10:55:34 -05:00 · 9ea86db11d
commit 9ea86db11d
parent 44a8bcd8e8
2 changed files with 32 additions and 1 deletions
--- a/LibRaw.spec
+++ b/LibRaw.spec
@ -1,7 +1,7 @@
 Summary: Library for reading RAW files obtained from digital photo cameras
 Name: LibRaw
 Version: 0.18.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv3+
 Group: Development/Libraries
 URL: http://www.libraw.org
@ -15,6 +15,7 @@ Source2: http://www.libraw.org/data/%{name}-demosaic-pack-GPL3-%{version}.tar.gz
 Patch0:  LibRaw-0.6.0-pkgconfig.patch
 Patch1:  LibRaw-0.17.1-CVE-2015-8366-8367.patch
 #Patch2:  dcraw_narrowing.patch
+Patch3:  radc_divbyzero.patch

 Provides: bundled(dcraw) = 9.25

@ -57,6 +58,7 @@ LibRaw sample programs
 %patch0 -p0 -b .pkgconfig
 %patch1 -p1 -b .CVE-2015-8366
 #patch2 -p0
+%patch3 -p1 -b .CVE-2017-13735

 %build
 %configure --enable-examples=yes --enable-jasper --enable-lcms \
@ -105,6 +107,9 @@ make install DESTDIR=%{buildroot}
 %postun -p /sbin/ldconfig

 %changelog
+* Wed Sep 06 2017 Gwyn Ciesla <limburgher@gmail.com> - 0.18.2-5
+- Patch for CVE-2017-13735.
+
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

--- a/radc_divbyzero.patch
+++ b/radc_divbyzero.patch
@ -0,0 +1,26 @@
+--- a/internal/dcraw_common.cpp~	2017-03-04 12:35:59.000000000 -0600
+++ b/internal/dcraw_common.cpp	2017-09-06 10:47:04.613293577 -0500
+@@ -2716,6 +2716,10 @@
+     checkCancel();
+ #endif
+     FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+    if(!mul[0] || !mul[1] || !mul[2])
+      throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
+     FORC3 {
+       val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
+       s = val > 65564 ? 10:12;
+--- a/dcraw/dcraw.c~	2017-09-06 10:48:15.000000000 -0500
+++ b/dcraw/dcraw.c	2017-09-06 10:49:23.103787467 -0500
+@@ -2228,6 +2228,10 @@
+     ((short *)buf)[i] = 2048;
+   for (row=0; row < height; row+=4) {
+     FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+    if(!mul[0] || !mul[1] || !mul[2])
+      throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
+     FORC3 {
+       val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
+       s = val > 65564 ? 10:12;