packages/LibRaw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2018-20363 CVE-2018-20364 CVE-2018-20365

Browse Source
This commit is contained in:
zhanghua1831 2020-09-16 12:24:00 +08:00
parent 5ccdf2b90e
commit b8bb0e550e
4 changed files with 112 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2018-20363.patch Normal file
View File

@ -0,0 +1,31 @@
From 7e29b9f29449fde30cc878fbb137d61c14bba3a4 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Wed, 19 Dec 2018 14:17:51 +0300
Subject: [PATCH] Possible write to NULL at raw2image
---
src/libraw_cxx.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libraw_cxx.cpp b/src/libraw_cxx.cpp
index 1a8a2f25..074d81a4 100644
--- a/src/libraw_cxx.cpp
+++ b/src/libraw_cxx.cpp
@@ -3346,7 +3346,7 @@ int LibRaw::raw2image(void)
{
raw2image_start();
- if (is_phaseone_compressed())
+ if (is_phaseone_compressed() && imgdata.rawdata.raw_image)
{
phase_one_allocate_tempbuffer();
int rc = phase_one_subtract_black((ushort *)imgdata.rawdata.raw_alloc, imgdata.rawdata.raw_image);
@@ -3374,7 +3374,7 @@ int LibRaw::raw2image(void)
get_decoder_info(&decoder_info);
// Move saved bitmap to imgdata.image
- if (imgdata.idata.filters || P1.colors == 1)
+ if ((imgdata.idata.filters || P1.colors == 1) && imgdata.rawdata.raw_image)
{
if (IO.fuji_width)
{

41
CVE-2018-20364.patch Normal file
View File

@ -0,0 +1,41 @@
From 7903346bfd5f8c24e5bfd4df48f0e5cd1e7b65cb Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Fri, 21 Dec 2018 09:37:05 +0300
Subject: [PATCH] check for raw_image presence in raw2image_ex
---
src/libraw_cxx.cpp | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/libraw_cxx.cpp b/src/libraw_cxx.cpp
index 074d81a4..43aed1cc 100644
--- a/src/libraw_cxx.cpp
+++ b/src/libraw_cxx.cpp
@@ -3374,7 +3374,8 @@ int LibRaw::raw2image(void)
get_decoder_info(&decoder_info);
// Move saved bitmap to imgdata.image
- if ((imgdata.idata.filters || P1.colors == 1) && imgdata.rawdata.raw_image)
+ if ((imgdata.idata.filters || P1.colors == 1)
+ && imgdata.rawdata.raw_image)
{
if (IO.fuji_width)
{
@@ -3638,7 +3639,7 @@ int LibRaw::raw2image_ex(int do_subtract_black)
raw2image_start();
// Compressed P1 files with bl data!
- if (is_phaseone_compressed())
+ if (is_phaseone_compressed() && imgdata.rawdata.raw_image)
{
phase_one_allocate_tempbuffer();
int rc = phase_one_subtract_black((ushort *)imgdata.rawdata.raw_alloc, imgdata.rawdata.raw_image);
@@ -3745,7 +3746,7 @@ int LibRaw::raw2image_ex(int do_subtract_black)
}
// Move saved bitmap to imgdata.image
- if (imgdata.idata.filters || P1.colors == 1)
+ if ((imgdata.idata.filters || P1.colors == 1) && imgdata.rawdata.raw_image)
{
if (IO.fuji_width)
{

33
CVE-2018-20365.patch Normal file
View File

@ -0,0 +1,33 @@
From 561ec9a7fb5ec694104a22b7b6cd820bfa449784 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Thu, 10 Jan 2019 09:22:39 +0300
Subject: [PATCH] Sinar 4shot: zero filters for multi-shot images
---
internal/dcraw_common.cpp | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index 29cc72f..1ca70cf 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -18969,10 +18969,15 @@ void CLASS identify()
{
if (!load_raw)
load_raw = &CLASS unpacked_load_raw;
- if (is_raw > 1 && !shot_select && !half_size)
+ if (is_raw > 1 && !shot_select)
filters = 0;
maximum = 0x3fff;
}
+ else if(load_raw == &LibRaw::sinar_4shot_load_raw)
+ {
+ if (is_raw > 1 && !shot_select)
+ filters = 0;
+ }
else if (!strncmp(make, "Leaf", 4))
{
maximum = 0x3fff;
--
2.23.0

9
LibRaw.spec
View File

@ -1,6 +1,6 @@
Name: LibRaw Name: LibRaw
Version: 0.19.0 Version: 0.19.0
Release: 9 Release: 10
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
License: BSD and (CDDL or LGPLv2) License: BSD and (CDDL or LGPLv2)
URL: http://www.libraw.org URL: http://www.libraw.org
@ -8,7 +8,9 @@ Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
Patch0002: LibRaw-0.17.1-CVE-2015-8366-8367.patch Patch0002: LibRaw-0.17.1-CVE-2015-8366-8367.patch
Patch6000: LibRaw-0.19.2-CVE-2018-5817,5818,5819.patch Patch6000: LibRaw-0.19.2-CVE-2018-5817,5818,5819.patch
Patch6001: CVE-2018-20337.patch Patch6001: CVE-2018-20337.patch
Patch6002: CVE-2018-20363.patch
Patch6003: CVE-2018-20364.patch
Patch6004: CVE-2018-20365.patch
BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
Provides: bundled(dcraw) = 9.25 Provides: bundled(dcraw) = 9.25
%description %description
@ -67,6 +69,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
%exclude %{_docdir}/libraw/* %exclude %{_docdir}/libraw/*
%changelog %changelog
* Wed Sep 16 2020 zhanghua <zhanghua40@huawei.com> - 0.19.0-10
- Fix CVE-2018-20363, CVE-2018-20364, CVE-2018-20365
* Mon Jul 13 2020 wangyue <wangyue92@huawei.com> - 0.19.0-9 * Mon Jul 13 2020 wangyue <wangyue92@huawei.com> - 0.19.0-9
- Fix CVE-2018-20337. - Fix CVE-2018-20337.