!57 [sync] PR-52: Fix CVE-2021-32142

From: @openeuler-sync-bot 
Reviewed-by: @randy1568, @caodongxia 
Signed-off-by: @caodongxia

CVE-2021-32142.patch

@@ -0,0 +1,37 @@
+From bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Mon, 12 Apr 2021 13:21:52 +0300
+Subject: [PATCH] check for input buffer size on datastream::gets
+
+---
+ src/libraw_datastream.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
+index a5c1a84a..a31ae9dd 100644
+--- a/src/libraw_datastream.cpp
++++ b/src/libraw_datastream.cpp
+@@ -287,6 +287,7 @@ INT64 LibRaw_file_datastream::tell()
+ 
+ char *LibRaw_file_datastream::gets(char *str, int sz)
+ {
++  if(sz<1) return NULL;
+   LR_STREAM_CHK();
+   std::istream is(f.get());
+   is.getline(str, sz);
+@@ -421,6 +422,7 @@ INT64 LibRaw_buffer_datastream::tell()
+ 
+ char *LibRaw_buffer_datastream::gets(char *s, int sz)
+ {
++  if(sz<1) return NULL;
+   unsigned char *psrc, *pdest, *str;
+   str = (unsigned char *)s;
+   psrc = buf + streampos;
+@@ -618,6 +620,7 @@ INT64 LibRaw_bigfile_datastream::tell()
+ 
+ char *LibRaw_bigfile_datastream::gets(char *str, int sz)
+ {
++  if(sz<1) return NULL;
+   LR_BF_CHK();
+   return fgets(str, sz, f);
+ }

CVE-2023-1729.patch

@@ -0,0 +1,22 @@
+From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sat, 14 Jan 2023 18:32:59 +0300
+Subject: [PATCH] do not set shrink flag for 3/4 component images
+
+---
+ src/preprocessing/raw2image.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
+index e65e2ad7..702cf290 100644
+--- a/src/preprocessing/raw2image.cpp
++++ b/src/preprocessing/raw2image.cpp
+@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
+ 
+   // adjust for half mode!
+   IO.shrink =
++	  !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
++	  !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
+       P1.filters &&
+       (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
+ 

LibRaw.spec

@@ -1,12 +1,18 @@
 Name:          LibRaw
 Version:       0.20.2
-Release:       2
+Release:       7
 Summary:       Library for reading RAW files obtained from digital photo cameras
-License:       BSD and (CDDL or LGPLv2)
+License:       BSD and (CDDL-1.0 or LGPLv2)
 URL:           http://www.libraw.org
 Source0:       http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
 Patch0000:     prevent-buffer-overrun-in-parse_rollei.patch
-Patch0001:     fix-stack-buffer-overflow-in-LibRaw_buffer_datastream::gets.patch
+Patch0001:     fix-stack-buffer-overflow-in-LibRaw_buffer_datastream_gets.patch
+Patch0002:     fix-use-of-uninitialized-value.patch
+Patch0003:     fix-use-of-uninitialized-value-in-makernotes.patch
+Patch0004:     fix-use-of-uninitialized-value-in-misc_parsers.patch
+Patch0005:     CVE-2023-1729.patch
+# https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
+Patch0006:     CVE-2021-32142.patch
 BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
 BuildRequires: autoconf automake libtool
 Provides:      bundled(dcraw) = 9.25
@@ -67,6 +73,21 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
 %exclude %{_docdir}/libraw/*
 
 %changelog
+* Tue Mar 26 2024 yaoxin <yao_xin001@hoperun.com> - 0.20.2-7
+- Fix CVE-2021-32142
+
+* Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.20.2-6
+- Fix CVE-2023-1729
+
+* Fri Feb 25 2022 xu_ping <xuping33@huawei.com> - 0.20.2-5
+- fix use of uninitialized value of makernotes.cpp and misc_parsers.cpp
+
+* Thu Jun 3 2021 zhangjiapeng <zhangjiapeng9@huawei.com> - 0.20.2-4
+- fix use of uninitialized value
+
+* Sat Dec 5 2020 leiju <leiju4@huawei.com> - 0.20.2-3
+- modify Patch0001 name to fix patch parse error
+
 * Fri Dec 4 2020 zhanghua <zhanghua40@huawei.com> - 0.20.2-2
 - fix stack buffer overflow in LibRaw_buffer_datastream::gets()
 

fix-use-of-uninitialized-value-in-makernotes.patch

@@ -0,0 +1,12 @@
+diff --git a/src/metadata/makernotes.cpp b/src/metadata/makernotes.cpp
+index 9433abd..7ae80f5 100644
+--- a/src/metadata/makernotes.cpp
++++ b/src/metadata/makernotes.cpp
+@@ -396,6 +396,7 @@ void LibRaw::parse_makernote(int base, int uptag)
+     is_Sony = 1;
+   }
+ 
++  memset(buf, '0', 10);
+   fread(buf, 1, 10, ifp);
+ 
+   if (!strncmp(buf, "KDK", 3)  || /* these aren't TIFF tables */

fix-use-of-uninitialized-value-in-misc_parsers.patch

@@ -0,0 +1,13 @@
+diff --git a/src/metadata/misc_parsers.cpp b/src/metadata/misc_parsers.cpp
+index 7a74c9f..9a2d83d 100644
+--- a/src/metadata/misc_parsers.cpp
++++ b/src/metadata/misc_parsers.cpp
+@@ -299,6 +299,8 @@ void LibRaw::parse_rollei()
+ 
+   fseek(ifp, 0, SEEK_SET);
+   memset(&t, 0, sizeof t);
++  memset(line, '0', 128);
++  val = line;
+   do
+   {
+     line[0] = 0;

fix-use-of-uninitialized-value.patch

@@ -0,0 +1,20 @@
+diff --git a/src/metadata/sony.cpp b/src/metadata/sony.cpp
+index 120340b..2e8dd49 100644
+--- a/src/metadata/sony.cpp
++++ b/src/metadata/sony.cpp
+@@ -1071,6 +1071,7 @@ void LibRaw::parseSonyMakernotes(
+            (len >= 196))
+   {
+     table_buf = (uchar *)malloc(len);
++    memset(table_buf,0,len);
+     fread(table_buf, len, 1, ifp);
+ 
+     lid = 0x01 << 2;
+@@ -1106,6 +1107,7 @@ void LibRaw::parseSonyMakernotes(
+            (len >= 227))
+   {
+     table_buf = (uchar *)malloc(len);
++    memset(table_buf,0,len);
+     fread(table_buf, len, 1, ifp);
+ 
+     lid = 0x0;