!13 fix CVE-2017-13735, CVE-2017-14608, CVE-2018-19655
From: @fundawang Reviewed-by: @wk333 Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot
Gitee
commit
91eb411128
14
dcraw-CVE-2017-13735.patch
Normal file
14
dcraw-CVE-2017-13735.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
diff -urNp old/dcraw.c new/dcraw.c
|
||||||
|
--- old/dcraw.c 2018-07-11 10:33:06.280425391 +0200
|
||||||
|
+++ new/dcraw.c 2018-07-11 10:45:52.722922118 +0200
|
||||||
|
@@ -2250,6 +2250,10 @@ void CLASS kodak_radc_load_raw()
|
||||||
|
((short *)buf)[i] = 2048;
|
||||||
|
for (row=0; row < height; row+=4) {
|
||||||
|
FORC3 mul[c] = getbits(6);
|
||||||
|
+#ifdef LIBRAW_LIBRARY_BUILD
|
||||||
|
+ if(!mul[0] || !mul[1] || !mul[2])
|
||||||
|
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
|
||||||
|
+#endif
|
||||||
|
FORC3 {
|
||||||
|
val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
|
||||||
|
s = val > 65564 ? 10:12;
|
||||||
21
dcraw-CVE-2017-14608.patch
Normal file
21
dcraw-CVE-2017-14608.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
diff -urNp old/dcraw.c new/dcraw.c
|
||||||
|
--- old/dcraw.c 2018-07-11 10:53:51.141803505 +0200
|
||||||
|
+++ new/dcraw.c 2018-07-11 11:30:08.850528389 +0200
|
||||||
|
@@ -2627,8 +2627,15 @@ void CLASS kodak_65000_load_raw()
|
||||||
|
len = MIN (256, width-col);
|
||||||
|
ret = kodak_65000_decode (buf, len);
|
||||||
|
for (i=0; i < len; i++)
|
||||||
|
- if ((RAW(row,col+i) = curve[ret ? buf[i] :
|
||||||
|
- (pred[i & 1] += buf[i])]) >> 12) derror();
|
||||||
|
+ {
|
||||||
|
+ int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
|
||||||
|
+ if(idx >=0 && idx <= 0xffff)
|
||||||
|
+ {
|
||||||
|
+ if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ derror();
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
39
dcraw-CVE-2018-19655.patch
Normal file
39
dcraw-CVE-2018-19655.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
Author: Filip Hroch <hroch@physics.muni.cz>
|
||||||
|
Description: stack-based buffer overflow bug
|
||||||
|
--- a/dcraw.c
|
||||||
|
+++ b/dcraw.c
|
||||||
|
@@ -8345,9 +8345,15 @@
|
||||||
|
{
|
||||||
|
UINT64 bitbuf=0;
|
||||||
|
int vbits, col, i, c;
|
||||||
|
- ushort img[2][2064];
|
||||||
|
+ ushort *img;
|
||||||
|
double sum[]={0,0};
|
||||||
|
|
||||||
|
+#define IMG2D(row,col) \
|
||||||
|
+ img[(row)*width+(col)]
|
||||||
|
+
|
||||||
|
+ img = (ushort *) malloc(2*width*sizeof(ushort));
|
||||||
|
+ merror (img, "find_green()");
|
||||||
|
+
|
||||||
|
FORC(2) {
|
||||||
|
fseek (ifp, c ? off1:off0, SEEK_SET);
|
||||||
|
for (vbits=col=0; col < width; col++) {
|
||||||
|
@@ -8356,13 +8362,14 @@
|
||||||
|
for (i=0; i < bite; i+=8)
|
||||||
|
bitbuf |= (unsigned) (fgetc(ifp) << i);
|
||||||
|
}
|
||||||
|
- img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps);
|
||||||
|
+ IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
FORC(width-1) {
|
||||||
|
- sum[ c & 1] += ABS(img[0][c]-img[1][c+1]);
|
||||||
|
- sum[~c & 1] += ABS(img[1][c]-img[0][c+1]);
|
||||||
|
+ sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1));
|
||||||
|
+ sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1));
|
||||||
|
}
|
||||||
|
+ free(img);
|
||||||
|
return 100 * log(sum[0]/sum[1]);
|
||||||
|
}
|
||||||
|
|
||||||
30
dcraw.spec
30
dcraw.spec
@ -1,12 +1,15 @@
|
|||||||
Summary: Tool for decoding raw image data from digital cameras
|
Summary: Tool for decoding raw image data from digital cameras
|
||||||
Name: dcraw
|
Name: dcraw
|
||||||
Version: 9.28.0
|
Version: 9.28.0
|
||||||
Release: 6
|
Release: 7
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://cybercom.net/~dcoffin/dcraw
|
URL: https://www.dechifro.org/dcraw/
|
||||||
Source0: https://sources.voidlinux.org/dcraw-%{version}/dcraw-%{version}.tar.gz
|
Source0: https://www.dechifro.org/dcraw/archive/dcraw-%{version}.tar.gz
|
||||||
Patch0: dcraw-CVE-2018-5801.patch
|
Patch0: dcraw-9.21-lcms2-error-reporting.patch
|
||||||
Patch1: dcraw-9.21-lcms2-error-reporting.patch
|
Patch1: dcraw-CVE-2018-5801.patch
|
||||||
|
Patch2: dcraw-CVE-2017-13735.patch
|
||||||
|
Patch3: dcraw-CVE-2017-14608.patch
|
||||||
|
Patch4: dcraw-CVE-2018-19655.patch
|
||||||
BuildRequires: gcc gettext libjpeg-devel lcms2-devel
|
BuildRequires: gcc gettext libjpeg-devel lcms2-devel
|
||||||
Provides: bundled(dcraw)
|
Provides: bundled(dcraw)
|
||||||
%description
|
%description
|
||||||
@ -16,15 +19,14 @@ downloaded from digital cameras.
|
|||||||
%prep
|
%prep
|
||||||
%autosetup -n dcraw -p1
|
%autosetup -n dcraw -p1
|
||||||
|
|
||||||
%package help
|
%package_help
|
||||||
Summary: Documentation for user of dcraw
|
|
||||||
Requires: dcraw = %{version}-%{release}
|
|
||||||
|
|
||||||
%description help
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
gcc %optflags $RPM_LD_FLAGS -lm -ljpeg -llcms2 -DNO_JASPER \
|
%{__cc} %{build_cflags} %{build_ldflags} -DNO_JASPER \
|
||||||
-DLOCALEDIR="\"%{_datadir}/locale\"" -o dcraw dcraw.c
|
-o dcraw dcraw.c \
|
||||||
|
-ljpeg -llcms2 -lm \
|
||||||
|
-DLOCALEDIR="\"%{_datadir}/locale\""
|
||||||
|
|
||||||
for catsrc in dcraw_*.po; do
|
for catsrc in dcraw_*.po; do
|
||||||
lang="${catsrc%.po}"
|
lang="${catsrc%.po}"
|
||||||
lang="${lang#dcraw_}"
|
lang="${lang#dcraw_}"
|
||||||
@ -59,6 +61,10 @@ done
|
|||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Nov 02 2024 Funda Wang <fundawang@yeah.net> - 9.28.0-7
|
||||||
|
- fix CVE-2017-13735, CVE-2017-14608, CVE-2018-19655
|
||||||
|
patches from fedora
|
||||||
|
|
||||||
* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 9.28.0-6
|
* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 9.28.0-6
|
||||||
- DESC: delete -S git from %autosetup, and delete BuildRequires git
|
- DESC: delete -S git from %autosetup, and delete BuildRequires git
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user