From 9ea86db11dea4e38f591fba28a6a8ee9c7fefaca Mon Sep 17 00:00:00 2001
From: Gwyn Ciesla <limburgher@gmail.com>
Date: Wed, 6 Sep 2017 10:55:34 -0500
Subject: [PATCH] Patch for CVE-2017-13735.

---
 LibRaw.spec          |  7 ++++++-
 radc_divbyzero.patch | 26 ++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 radc_divbyzero.patch

diff --git a/LibRaw.spec b/LibRaw.spec
index 4430af5..3e5dd7f 100644
--- a/LibRaw.spec
+++ b/LibRaw.spec
@@ -1,7 +1,7 @@
 Summary: Library for reading RAW files obtained from digital photo cameras
 Name: LibRaw
 Version: 0.18.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv3+
 Group: Development/Libraries
 URL: http://www.libraw.org
@@ -15,6 +15,7 @@ Source2: http://www.libraw.org/data/%{name}-demosaic-pack-GPL3-%{version}.tar.gz
 Patch0:  LibRaw-0.6.0-pkgconfig.patch
 Patch1:  LibRaw-0.17.1-CVE-2015-8366-8367.patch
 #Patch2:  dcraw_narrowing.patch
+Patch3:  radc_divbyzero.patch
 
 Provides: bundled(dcraw) = 9.25
 
@@ -57,6 +58,7 @@ LibRaw sample programs
 %patch0 -p0 -b .pkgconfig
 %patch1 -p1 -b .CVE-2015-8366
 #patch2 -p0
+%patch3 -p1 -b .CVE-2017-13735
 
 %build
 %configure --enable-examples=yes --enable-jasper --enable-lcms \
@@ -105,6 +107,9 @@ make install DESTDIR=%{buildroot}
 %postun -p /sbin/ldconfig
 
 %changelog
+* Wed Sep 06 2017 Gwyn Ciesla <limburgher@gmail.com> - 0.18.2-5
+- Patch for CVE-2017-13735.
+
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 
diff --git a/radc_divbyzero.patch b/radc_divbyzero.patch
new file mode 100644
index 0000000..1ee615c
--- /dev/null
+++ b/radc_divbyzero.patch
@@ -0,0 +1,26 @@
+--- a/internal/dcraw_common.cpp~	2017-03-04 12:35:59.000000000 -0600
++++ b/internal/dcraw_common.cpp	2017-09-06 10:47:04.613293577 -0500
+@@ -2716,6 +2716,10 @@
+     checkCancel();
+ #endif
+     FORC3 mul[c] = getbits(6);
++#ifdef LIBRAW_LIBRARY_BUILD
++    if(!mul[0] || !mul[1] || !mul[2])
++      throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+     FORC3 {
+       val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
+       s = val > 65564 ? 10:12;
+--- a/dcraw/dcraw.c~	2017-09-06 10:48:15.000000000 -0500
++++ b/dcraw/dcraw.c	2017-09-06 10:49:23.103787467 -0500
+@@ -2228,6 +2228,10 @@
+     ((short *)buf)[i] = 2048;
+   for (row=0; row < height; row+=4) {
+     FORC3 mul[c] = getbits(6);
++#ifdef LIBRAW_LIBRARY_BUILD
++    if(!mul[0] || !mul[1] || !mul[2])
++      throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+     FORC3 {
+       val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
+       s = val > 65564 ? 10:12;