From bee95637bec468431c1d0314257d50201ffc5951 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Wed, 20 May 2015 17:16:22 +0200
Subject: [PATCH] remove unnecessary check from CVE-2013-1438 patch

---
 ....patch => dcraw-9.25.0-CVE-2013-1438.patch | 39 ++++++++-----------
 dcraw.spec                                    |  3 +-
 2 files changed, 18 insertions(+), 24 deletions(-)
 rename dcraw-9.19-CVE-2013-1438.patch => dcraw-9.25.0-CVE-2013-1438.patch (78%)

diff --git a/dcraw-9.19-CVE-2013-1438.patch b/dcraw-9.25.0-CVE-2013-1438.patch
similarity index 78%
rename from dcraw-9.19-CVE-2013-1438.patch
rename to dcraw-9.25.0-CVE-2013-1438.patch
index 96fa150..53188b6 100644
--- a/dcraw-9.19-CVE-2013-1438.patch
+++ b/dcraw-9.25.0-CVE-2013-1438.patch
@@ -1,30 +1,23 @@
-From 24f099951c3a86f04a29adc7b0dda474a3c44722 Mon Sep 17 00:00:00 2001
+From 16a638f66b5a6d5c6e83e817db58a92cfe9f62b6 Mon Sep 17 00:00:00 2001
 From: Nils Philippsen <nils@redhat.com>
-Date: Wed, 25 Sep 2013 15:04:43 +0200
+Date: Tue, 19 May 2015 14:58:47 +0200
 Subject: [PATCH] CVE-2013-1438: fix various security issues
 
 This fixes division by zero, infinite loop, and null pointer dereference
 bugs. Ported from Alex Tutubalin's fix in LibRaw (commit
 9ae25d8c3a6bfb40c582538193264f74c9b93bc0).
+
+Don't check 'huff' at the beginning of ljpeg_diff() because it can never
+be NULL the way it is called elsewhere in the program.
 ---
- dcraw.c | 33 ++++++++++++++++++++++++---------
- 1 file changed, 24 insertions(+), 9 deletions(-)
+ dcraw.c | 30 +++++++++++++++++++++---------
+ 1 file changed, 21 insertions(+), 9 deletions(-)
 
 diff --git a/dcraw.c b/dcraw.c
-index 96e3d1f..dcf284c 100644
+index cc7f764..22e0bb5 100644
 --- a/dcraw.c
 +++ b/dcraw.c
-@@ -828,6 +828,9 @@ int CLASS ljpeg_diff (ushort *huff)
- {
-   int len, diff;
- 
-+  if (!huff)
-+    longjmp(failure, 2);
-+
-   len = gethuff(huff);
-   if (len == 16 && (!dng_version || dng_version >= 0x1010000))
-     return -32768;
-@@ -883,6 +886,8 @@ void CLASS lossless_jpeg_load_raw()
+@@ -939,6 +939,8 @@ void CLASS lossless_jpeg_load_raw()
    ushort *rp;
  
    if (!ljpeg_start (&jh, 0)) return;
@@ -33,7 +26,7 @@ index 96e3d1f..dcf284c 100644
    jwide = jh.wide * jh.clrs;
  
    for (jrow=0; jrow < jh.high; jrow++) {
-@@ -902,6 +907,8 @@ void CLASS lossless_jpeg_load_raw()
+@@ -958,6 +960,8 @@ void CLASS lossless_jpeg_load_raw()
        }
        if (raw_width == 3984 && (col -= 2) < 0)
  	col += (row--,raw_width);
@@ -42,7 +35,7 @@ index 96e3d1f..dcf284c 100644
        if ((unsigned) row < raw_height) RAW(row,col) = val;
        if (++col >= raw_width)
  	col = (row++,0);
-@@ -5444,6 +5451,7 @@ int CLASS parse_tiff_ifd (int base)
+@@ -5783,6 +5787,7 @@ int CLASS parse_tiff_ifd (int base)
  	  data_offset = get4()+base;
  	  ifd++;  break;
  	}
@@ -50,7 +43,7 @@ index 96e3d1f..dcf284c 100644
  	while (len--) {
  	  i = ftell(ifp);
  	  fseek (ifp, get4()+base, SEEK_SET);
-@@ -5662,7 +5670,7 @@ guess_cfa_pc:
+@@ -6010,7 +6015,7 @@ guess_cfa_pc:
  	break;
        case 50715:			/* BlackLevelDeltaH */
        case 50716:			/* BlackLevelDeltaV */
@@ -59,7 +52,7 @@ index 96e3d1f..dcf284c 100644
  	  num += getreal(type);
  	black += num/len + 0.5;
  	break;
-@@ -5787,9 +5795,13 @@ void CLASS apply_tiff()
+@@ -6135,9 +6140,13 @@ void CLASS apply_tiff()
    if (thumb_offset) {
      fseek (ifp, thumb_offset, SEEK_SET);
      if (ljpeg_start (&jh, 1)) {
@@ -76,7 +69,7 @@ index 96e3d1f..dcf284c 100644
      }
    }
    for (i=0; i < tiff_nifds; i++) {
-@@ -5797,8 +5809,9 @@ void CLASS apply_tiff()
+@@ -6145,8 +6154,9 @@ void CLASS apply_tiff()
  	max_samp = tiff_ifd[i].samples;
      if (max_samp > 3) max_samp = 3;
      if ((tiff_ifd[i].comp != 6 || tiff_ifd[i].samples != 3) &&
@@ -88,7 +81,7 @@ index 96e3d1f..dcf284c 100644
        raw_width     = tiff_ifd[i].width;
        raw_height    = tiff_ifd[i].height;
        tiff_bps      = tiff_ifd[i].bps;
-@@ -5884,9 +5897,11 @@ void CLASS apply_tiff()
+@@ -6240,9 +6250,11 @@ void CLASS apply_tiff()
        is_raw = 0;
    for (i=0; i < tiff_nifds; i++)
      if (i != raw && tiff_ifd[i].samples == max_samp &&
@@ -104,5 +97,5 @@ index 96e3d1f..dcf284c 100644
        thumb_height = tiff_ifd[i].height;
        thumb_offset = tiff_ifd[i].offset;
 -- 
-1.8.4.2
+2.4.1
 
diff --git a/dcraw.spec b/dcraw.spec
index 785f585..e5180f8 100644
--- a/dcraw.spec
+++ b/dcraw.spec
@@ -6,7 +6,7 @@ Group: Applications/Multimedia
 License: GPLv2+
 URL: http://cybercom.net/~dcoffin/dcraw
 Source0: http://cybercom.net/~dcoffin/dcraw/archive/dcraw-%{version}.tar.gz
-Patch0: dcraw-9.19-CVE-2013-1438.patch
+Patch0: dcraw-9.25.0-CVE-2013-1438.patch
 Patch1: dcraw-9.21-lcms2-error-reporting.patch
 BuildRequires: gettext
 BuildRequires: libjpeg-devel
@@ -74,6 +74,7 @@ rm -rf %buildroot
 %changelog
 * Wed May 20 2015 Nils Philippsen <nils@redhat.com> - 9.25.0-1
 - version 9.25.0
+- remove unnecessary check from CVE-2013-1438 patch
 
 * Wed Apr 08 2015 Nils Philippsen <nils@redhat.com> - 9.24.4-1
 - version 9.24.4