Patch for CVE-2017-13735.
This commit is contained in:
parent
44a8bcd8e8
commit
9ea86db11d
@ -1,7 +1,7 @@
|
||||
Summary: Library for reading RAW files obtained from digital photo cameras
|
||||
Name: LibRaw
|
||||
Version: 0.18.2
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: GPLv3+
|
||||
Group: Development/Libraries
|
||||
URL: http://www.libraw.org
|
||||
@ -15,6 +15,7 @@ Source2: http://www.libraw.org/data/%{name}-demosaic-pack-GPL3-%{version}.tar.gz
|
||||
Patch0: LibRaw-0.6.0-pkgconfig.patch
|
||||
Patch1: LibRaw-0.17.1-CVE-2015-8366-8367.patch
|
||||
#Patch2: dcraw_narrowing.patch
|
||||
Patch3: radc_divbyzero.patch
|
||||
|
||||
Provides: bundled(dcraw) = 9.25
|
||||
|
||||
@ -57,6 +58,7 @@ LibRaw sample programs
|
||||
%patch0 -p0 -b .pkgconfig
|
||||
%patch1 -p1 -b .CVE-2015-8366
|
||||
#patch2 -p0
|
||||
%patch3 -p1 -b .CVE-2017-13735
|
||||
|
||||
%build
|
||||
%configure --enable-examples=yes --enable-jasper --enable-lcms \
|
||||
@ -105,6 +107,9 @@ make install DESTDIR=%{buildroot}
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Wed Sep 06 2017 Gwyn Ciesla <limburgher@gmail.com> - 0.18.2-5
|
||||
- Patch for CVE-2017-13735.
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.2-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
|
26
radc_divbyzero.patch
Normal file
26
radc_divbyzero.patch
Normal file
@ -0,0 +1,26 @@
|
||||
--- a/internal/dcraw_common.cpp~ 2017-03-04 12:35:59.000000000 -0600
|
||||
+++ b/internal/dcraw_common.cpp 2017-09-06 10:47:04.613293577 -0500
|
||||
@@ -2716,6 +2716,10 @@
|
||||
checkCancel();
|
||||
#endif
|
||||
FORC3 mul[c] = getbits(6);
|
||||
+#ifdef LIBRAW_LIBRARY_BUILD
|
||||
+ if(!mul[0] || !mul[1] || !mul[2])
|
||||
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
|
||||
+#endif
|
||||
FORC3 {
|
||||
val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
|
||||
s = val > 65564 ? 10:12;
|
||||
--- a/dcraw/dcraw.c~ 2017-09-06 10:48:15.000000000 -0500
|
||||
+++ b/dcraw/dcraw.c 2017-09-06 10:49:23.103787467 -0500
|
||||
@@ -2228,6 +2228,10 @@
|
||||
((short *)buf)[i] = 2048;
|
||||
for (row=0; row < height; row+=4) {
|
||||
FORC3 mul[c] = getbits(6);
|
||||
+#ifdef LIBRAW_LIBRARY_BUILD
|
||||
+ if(!mul[0] || !mul[1] || !mul[2])
|
||||
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
|
||||
+#endif
|
||||
FORC3 {
|
||||
val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
|
||||
s = val > 65564 ? 10:12;
|
Loading…
Reference in New Issue
Block a user