Patch for CVE-2017-13735.

This commit is contained in:
Gwyn Ciesla 2017-09-06 10:55:34 -05:00
parent 44a8bcd8e8
commit 9ea86db11d
2 changed files with 32 additions and 1 deletions

View File

@ -1,7 +1,7 @@
Summary: Library for reading RAW files obtained from digital photo cameras
Name: LibRaw
Version: 0.18.2
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv3+
Group: Development/Libraries
URL: http://www.libraw.org
@ -15,6 +15,7 @@ Source2: http://www.libraw.org/data/%{name}-demosaic-pack-GPL3-%{version}.tar.gz
Patch0: LibRaw-0.6.0-pkgconfig.patch
Patch1: LibRaw-0.17.1-CVE-2015-8366-8367.patch
#Patch2: dcraw_narrowing.patch
Patch3: radc_divbyzero.patch
Provides: bundled(dcraw) = 9.25
@ -57,6 +58,7 @@ LibRaw sample programs
%patch0 -p0 -b .pkgconfig
%patch1 -p1 -b .CVE-2015-8366
#patch2 -p0
%patch3 -p1 -b .CVE-2017-13735
%build
%configure --enable-examples=yes --enable-jasper --enable-lcms \
@ -105,6 +107,9 @@ make install DESTDIR=%{buildroot}
%postun -p /sbin/ldconfig
%changelog
* Wed Sep 06 2017 Gwyn Ciesla <limburgher@gmail.com> - 0.18.2-5
- Patch for CVE-2017-13735.
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

26
radc_divbyzero.patch Normal file
View File

@ -0,0 +1,26 @@
--- a/internal/dcraw_common.cpp~ 2017-03-04 12:35:59.000000000 -0600
+++ b/internal/dcraw_common.cpp 2017-09-06 10:47:04.613293577 -0500
@@ -2716,6 +2716,10 @@
checkCancel();
#endif
FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!mul[0] || !mul[1] || !mul[2])
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
FORC3 {
val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
s = val > 65564 ? 10:12;
--- a/dcraw/dcraw.c~ 2017-09-06 10:48:15.000000000 -0500
+++ b/dcraw/dcraw.c 2017-09-06 10:49:23.103787467 -0500
@@ -2228,6 +2228,10 @@
((short *)buf)[i] = 2048;
for (row=0; row < height; row+=4) {
FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!mul[0] || !mul[1] || !mul[2])
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
FORC3 {
val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
s = val > 65564 ? 10:12;