aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2017-09-05 10:28:48 +0000
committerTimo Teräs <timo.teras@iki.fi>2017-09-05 10:47:02 +0000
commit8b4b58dd7e4fd4fad6f16536acd72466ec47f118 (patch)
treec2b7e9459f2b470dc8431d8ff07e8244df2cadcc
parent12908b9a2a081df15aacd71d15cf191d9ef31742 (diff)
downloadaports-8b4b58dd7e4fd4fad6f16536acd72466ec47f118.tar.bz2
aports-8b4b58dd7e4fd4fad6f16536acd72466ec47f118.tar.xz
main/libraw: security fixes from debian
-rw-r--r--main/libraw/APKBUILD16
-rw-r--r--main/libraw/CVE-2017-6886_6887.patch85
2 files changed, 94 insertions, 7 deletions
diff --git a/main/libraw/APKBUILD b/main/libraw/APKBUILD
index 88659c139d..45c97ba62d 100644
--- a/main/libraw/APKBUILD
+++ b/main/libraw/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libraw
pkgver=0.17.2
-pkgrel=0
+pkgrel=1
pkgdesc="Library for reading RAW files obtained from digital photo cameras"
url="http://www.libraw.org/"
arch="all"
@@ -10,7 +10,9 @@ depends=""
makedepends=""
subpackages="$pkgname-dev $pkgname-doc"
source="http://www.libraw.org/data/LibRaw-$pkgver.tar.gz
- dcraw_narrowing-gcc6.patch"
+ dcraw_narrowing-gcc6.patch
+ CVE-2017-6886_6887.patch
+ "
_builddir="$srcdir"/LibRaw-$pkgver
@@ -18,6 +20,9 @@ _builddir="$srcdir"/LibRaw-$pkgver
# 0.17.1-r0:
# - CVE-2015-8366
# - CVE-2015-8367
+# 0.17.2-r1:
+# - CVE-2017-6886
+# - CVE-2017-6887
prepare() {
cd "$_builddir"
@@ -46,9 +51,6 @@ package() {
}
-md5sums="456626300777209def1ea784910f326a LibRaw-0.17.2.tar.gz
-91f27dcb79b66d8d70f89ee684cb2f3d dcraw_narrowing-gcc6.patch"
-sha256sums="92b0c42c7666eca9307e5e1f97d6fefc196cf0b7ee089e22880259a76fafd15c LibRaw-0.17.2.tar.gz
-486be38dc5115d885edbd6f61c81a78e9b30e2eb754b16d8066a09aaf3537795 dcraw_narrowing-gcc6.patch"
sha512sums="e27227850b09e291802c089c826778579420a4af3f4b94dddf488bfc7eb84335d7a944445287d5993c5a574c192df5117c022d1b3d0372b3539a4553612988f4 LibRaw-0.17.2.tar.gz
-e6a61ee1ac8bfbc2aa87064a621ea549c61896f4095c5a2987317ceaa4231773baccc13429d603d1a891d941e9956beaa8bb115e166cd73aa3cdb486caaa6b01 dcraw_narrowing-gcc6.patch"
+e6a61ee1ac8bfbc2aa87064a621ea549c61896f4095c5a2987317ceaa4231773baccc13429d603d1a891d941e9956beaa8bb115e166cd73aa3cdb486caaa6b01 dcraw_narrowing-gcc6.patch
+e866d6a9c1f86eb1843ac37ab733cad6d26f98247f5da7f7276ea0e7b7bc8dd8d5c8b51c73431255fb25558dea78d422833730fc00885be91a33150a8da52003 CVE-2017-6886_6887.patch"
diff --git a/main/libraw/CVE-2017-6886_6887.patch b/main/libraw/CVE-2017-6886_6887.patch
new file mode 100644
index 0000000000..a191fd14ed
--- /dev/null
+++ b/main/libraw/CVE-2017-6886_6887.patch
@@ -0,0 +1,85 @@
+From: Luciano Bello <luciano@debian.org>
+Date: Mon, 21 Aug 2017 12:45:31 -0400
+Subject: Fix for CVE-2017-6886 and CVE-2017-6887
+Origin: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251
+CVE: CVE-2017-6886, CVE-2017-6887
+
+---
+diff -rup LibRaw-0.17.2.orig/dcraw/dcraw.c LibRaw-0.17.2/dcraw/dcraw.c
+--- LibRaw-0.17.2.orig/dcraw/dcraw.c 2016-05-10 21:40:17.000000000 +0000
++++ LibRaw-0.17.2/dcraw/dcraw.c 2017-09-05 10:23:42.100698094 +0000
+@@ -5837,7 +5837,12 @@ int CLASS parse_tiff_ifd (int base)
+ if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) {
+ load_raw = &CLASS sony_arw_load_raw;
+ data_offset = get4()+base;
+- ifd++; break;
++ ifd++;
++#ifdef LIBRAW_LIBRARY_BUILD
++ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
++ throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
++ break;
+ }
+ while (len--) {
+ i = ftell(ifp);
+@@ -6001,7 +6006,7 @@ int CLASS parse_tiff_ifd (int base)
+ break;
+ case 50454: /* Sinar tag */
+ case 50455:
+- if (!(cbuf = (char *) malloc(len))) break;
++ if (len < 1 || len > 2560000 || !(cbuf = (char *) malloc(len))) break;
+ fread (cbuf, 1, len, ifp);
+ for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n'))
+ if (!strncmp (++cp,"Neutral ",8))
+@@ -6760,7 +6765,11 @@ int CLASS parse_jpeg (int offset)
+ }
+ order = get2();
+ hlen = get4();
+- if (get4() == 0x48454150) /* "HEAP" */
++ if (get4() == 0x48454150
++#ifdef LIBRAW_LIBRARY_BUILD
++ && (save+hlen) >= 0 && (save+hlen)<=ifp->size()
++#endif
++ ) /* "HEAP" */
+ parse_ciff (save+hlen, len-hlen, 0);
+ if (parse_tiff (save+6)) apply_tiff();
+ fseek (ifp, save+len, SEEK_SET);
+diff -rup LibRaw-0.17.2.orig/internal/dcraw_common.cpp LibRaw-0.17.2/internal/dcraw_common.cpp
+--- LibRaw-0.17.2.orig/internal/dcraw_common.cpp 2016-05-14 06:55:03.000000000 +0000
++++ LibRaw-0.17.2/internal/dcraw_common.cpp 2017-09-05 10:23:42.104031489 +0000
+@@ -9060,7 +9060,12 @@ int CLASS parse_tiff_ifd (int base)
+ if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].t_width == 3872) {
+ load_raw = &CLASS sony_arw_load_raw;
+ data_offset = get4()+base;
+- ifd++; break;
++ ifd++;
++#ifdef LIBRAW_LIBRARY_BUILD
++ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
++ throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
++ break;
+ }
+ #ifdef LIBRAW_LIBRARY_BUILD
+ if (!strncmp(make,"Hasselblad",10) && libraw_internal_data.unpacker_data.hasselblad_parser_flag) {
+@@ -9312,7 +9317,7 @@ int CLASS parse_tiff_ifd (int base)
+ break;
+ case 50454: /* Sinar tag */
+ case 50455:
+- if (!(cbuf = (char *) malloc(len))) break;
++ if (len < 1 || len > 2560000 || !(cbuf = (char *) malloc(len))) break;
+ #ifndef LIBRAW_LIBRARY_BUILD
+ fread (cbuf, 1, len, ifp);
+ #else
+@@ -10379,7 +10384,11 @@ int CLASS parse_jpeg (int offset)
+ }
+ order = get2();
+ hlen = get4();
+- if (get4() == 0x48454150) /* "HEAP" */
++ if (get4() == 0x48454150
++#ifdef LIBRAW_LIBRARY_BUILD
++ && (save+hlen) >= 0 && (save+hlen)<=ifp->size()
++#endif
++ ) /* "HEAP" */
+ {
+ #ifdef LIBRAW_LIBRARY_BUILD
+ imgdata.lens.makernotes.CameraMount = LIBRAW_MOUNT_FixedLens;