packages/LibRaw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!57 [sync] PR-52: Fix CVE-2021-32142

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @randy1568, @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2024-03-26 09:06:53 +00:00 committed by Gitee
commit 1630b9927f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
CVE-2021-32142.patch Normal file
View File

@ -0,0 +1,37 @@
From bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Mon, 12 Apr 2021 13:21:52 +0300
Subject: [PATCH] check for input buffer size on datastream::gets
---
src/libraw_datastream.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
index a5c1a84a..a31ae9dd 100644
--- a/src/libraw_datastream.cpp
+++ b/src/libraw_datastream.cpp
@@ -287,6 +287,7 @@ INT64 LibRaw_file_datastream::tell()
char *LibRaw_file_datastream::gets(char *str, int sz)
{
+ if(sz<1) return NULL;
LR_STREAM_CHK();
std::istream is(f.get());
is.getline(str, sz);
@@ -421,6 +422,7 @@ INT64 LibRaw_buffer_datastream::tell()
char *LibRaw_buffer_datastream::gets(char *s, int sz)
{
+ if(sz<1) return NULL;
unsigned char *psrc, *pdest, *str;
str = (unsigned char *)s;
psrc = buf + streampos;
@@ -618,6 +620,7 @@ INT64 LibRaw_bigfile_datastream::tell()
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
{
+ if(sz<1) return NULL;
LR_BF_CHK();
return fgets(str, sz, f);
}

7
LibRaw.spec
View File

@ -1,6 +1,6 @@
Name: LibRaw Name: LibRaw
Version: 0.20.2 Version: 0.20.2
Release: 6 Release: 7
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
License: BSD and (CDDL-1.0 or LGPLv2) License: BSD and (CDDL-1.0 or LGPLv2)
URL: http://www.libraw.org URL: http://www.libraw.org
@ -11,6 +11,8 @@ Patch0002: fix-use-of-uninitialized-value.patch
Patch0003: fix-use-of-uninitialized-value-in-makernotes.patch Patch0003: fix-use-of-uninitialized-value-in-makernotes.patch
Patch0004: fix-use-of-uninitialized-value-in-misc_parsers.patch Patch0004: fix-use-of-uninitialized-value-in-misc_parsers.patch
Patch0005: CVE-2023-1729.patch Patch0005: CVE-2023-1729.patch
# https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
Patch0006: CVE-2021-32142.patch
BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
Provides: bundled(dcraw) = 9.25 Provides: bundled(dcraw) = 9.25
@ -71,6 +73,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
%exclude %{_docdir}/libraw/* %exclude %{_docdir}/libraw/*
%changelog %changelog
* Tue Mar 26 2024 yaoxin <yao_xin001@hoperun.com> - 0.20.2-7
- Fix CVE-2021-32142
* Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.20.2-6 * Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.20.2-6
- Fix CVE-2023-1729 - Fix CVE-2023-1729