import LibRaw-0.19.5-3.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
af785f636f
commit
e9cb040e25
42
SOURCES/LibRaw-CVE-2020-24870.patch
Normal file
42
SOURCES/LibRaw-CVE-2020-24870.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 4d463048b9f27a3dc86b7010c198b32d995cd941 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <debarshir@gnome.org>
|
||||
Date: Tue, 27 Apr 2021 17:44:09 +0200
|
||||
Subject: [PATCH] Limit loops to MIN(colors,4)
|
||||
|
||||
This is a backport of commit 4feaed4dea636cee for CVE-2020-24870.
|
||||
|
||||
https://github.com/LibRaw/LibRaw/issues/330
|
||||
---
|
||||
internal/dcraw_common.cpp | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
|
||||
index a36553208194..3e8c009eb08e 100644
|
||||
--- a/internal/dcraw_common.cpp
|
||||
+++ b/internal/dcraw_common.cpp
|
||||
@@ -19598,17 +19598,18 @@ dng_skip:
|
||||
|
||||
if(calidx[colidx] == sidx)
|
||||
{
|
||||
- for (int i = 0; i < colors; i++)
|
||||
+ for (int i = 0; i < colors && i < 4; i++)
|
||||
FORCC
|
||||
cc[i][c] = tiff_ifd[sidx].dng_color[colidx].calibration[i][c];
|
||||
}
|
||||
|
||||
if(abidx == sidx)
|
||||
- for (int i = 0; i < colors; i++)
|
||||
+ for (int i = 0; i < colors && i < 4; i++)
|
||||
FORCC cc[i][c] *= tiff_ifd[sidx].dng_levels.analogbalance[i];
|
||||
int j;
|
||||
- FORCC for (int i = 0; i < 3; i++) for (cam_xyz[c][i] = j = 0; j < colors; j++) cam_xyz[c][i] +=
|
||||
- cc[c][j] * cm[j][i];// add AsShotXY later * xyz[i];
|
||||
+ FORCC for (int i = 0; i < 3; i++)
|
||||
+ for (cam_xyz[c][i] = j = 0; j < colors && j < 4; j++)
|
||||
+ cam_xyz[c][i] += cc[c][j] * cm[j][i];// add AsShotXY later * xyz[i];
|
||||
cam_xyz_coeff(cmatrix, cam_xyz);
|
||||
}
|
||||
}
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Library for reading RAW files obtained from digital photo cameras
|
||||
Name: LibRaw
|
||||
Version: 0.19.5
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: BSD and (CDDL or LGPLv2)
|
||||
URL: http://www.libraw.org
|
||||
|
||||
@ -14,6 +14,7 @@ BuildRequires: autoconf automake libtool
|
||||
Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
|
||||
Patch0: LibRaw-0.6.0-pkgconfig.patch
|
||||
Patch1: LibRaw-CVE-2020-15503.patch
|
||||
Patch2: LibRaw-CVE-2020-24870.patch
|
||||
Provides: bundled(dcraw) = 9.25
|
||||
|
||||
%description
|
||||
@ -54,6 +55,7 @@ LibRaw sample programs
|
||||
|
||||
%patch0 -p0 -b .pkgconfig
|
||||
%patch1 -p1 -b .cve-2020-15503
|
||||
%patch2 -p1 -b .cve-2020-24870
|
||||
|
||||
%build
|
||||
autoreconf -if
|
||||
@ -117,6 +119,10 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Apr 27 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-3
|
||||
- Backport fix for CVE-2020-24870 from upstream
|
||||
Resolves: #1931841
|
||||
|
||||
* Mon Aug 10 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.19.5-2
|
||||
- Backport fix for CVE-2020-15503 from Fedora
|
||||
Resolves: #1853529
|
||||
|
||||
Loading…
Reference in New Issue
Block a user