diff options
author | Timo Teräs <timo.teras@iki.fi> | 2017-09-05 10:28:48 +0000 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2017-09-05 10:40:25 +0000 |
commit | 8ee017bc9e06c22479f4c311c1cf02bc4aeb3324 (patch) | |
tree | e87a859000c9a5f8477f7b6420468a9dc6671de3 | |
parent | 5a4f74c8e1dedb8867958be29cfded9d8c4cf00c (diff) | |
download | aports-8ee017bc9e06c22479f4c311c1cf02bc4aeb3324.tar.bz2 aports-8ee017bc9e06c22479f4c311c1cf02bc4aeb3324.tar.xz |
main/libraw: security fixes from debian
-rw-r--r-- | main/libraw/APKBUILD | 18 | ||||
-rw-r--r-- | main/libraw/CVE-2017-6886_6887.patch | 85 |
2 files changed, 96 insertions, 7 deletions
diff --git a/main/libraw/APKBUILD b/main/libraw/APKBUILD index 561275f72c..d6272e721d 100644 --- a/main/libraw/APKBUILD +++ b/main/libraw/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libraw pkgver=0.17.2 -pkgrel=0 +pkgrel=1 pkgdesc="Library for reading RAW files obtained from digital photo cameras" url="http://www.libraw.org/" arch="all" @@ -10,10 +10,17 @@ depends="" makedepends="" subpackages="$pkgname-dev $pkgname-doc" source="http://www.libraw.org/data/LibRaw-$pkgver.tar.gz - dcraw_narrowing-gcc6.patch" + dcraw_narrowing-gcc6.patch + CVE-2017-6886_6887.patch + " builddir="$srcdir"/LibRaw-$pkgver +# secfixes: +# 0.17.2-r1: +# - CVE-2017-6886 +# - CVE-2017-6887 + build() { cd "$builddir" #export CXXFLAGS="$CXXFLAGS -std=gnu++98" @@ -32,9 +39,6 @@ package() { } -md5sums="456626300777209def1ea784910f326a LibRaw-0.17.2.tar.gz -91f27dcb79b66d8d70f89ee684cb2f3d dcraw_narrowing-gcc6.patch" -sha256sums="92b0c42c7666eca9307e5e1f97d6fefc196cf0b7ee089e22880259a76fafd15c LibRaw-0.17.2.tar.gz -486be38dc5115d885edbd6f61c81a78e9b30e2eb754b16d8066a09aaf3537795 dcraw_narrowing-gcc6.patch" sha512sums="e27227850b09e291802c089c826778579420a4af3f4b94dddf488bfc7eb84335d7a944445287d5993c5a574c192df5117c022d1b3d0372b3539a4553612988f4 LibRaw-0.17.2.tar.gz -e6a61ee1ac8bfbc2aa87064a621ea549c61896f4095c5a2987317ceaa4231773baccc13429d603d1a891d941e9956beaa8bb115e166cd73aa3cdb486caaa6b01 dcraw_narrowing-gcc6.patch" +e6a61ee1ac8bfbc2aa87064a621ea549c61896f4095c5a2987317ceaa4231773baccc13429d603d1a891d941e9956beaa8bb115e166cd73aa3cdb486caaa6b01 dcraw_narrowing-gcc6.patch +e866d6a9c1f86eb1843ac37ab733cad6d26f98247f5da7f7276ea0e7b7bc8dd8d5c8b51c73431255fb25558dea78d422833730fc00885be91a33150a8da52003 CVE-2017-6886_6887.patch" diff --git a/main/libraw/CVE-2017-6886_6887.patch b/main/libraw/CVE-2017-6886_6887.patch new file mode 100644 index 0000000000..a191fd14ed --- /dev/null +++ b/main/libraw/CVE-2017-6886_6887.patch @@ -0,0 +1,85 @@ +From: Luciano Bello <luciano@debian.org> +Date: Mon, 21 Aug 2017 12:45:31 -0400 +Subject: Fix for CVE-2017-6886 and CVE-2017-6887 +Origin: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251 +CVE: CVE-2017-6886, CVE-2017-6887 + +--- +diff -rup LibRaw-0.17.2.orig/dcraw/dcraw.c LibRaw-0.17.2/dcraw/dcraw.c +--- LibRaw-0.17.2.orig/dcraw/dcraw.c 2016-05-10 21:40:17.000000000 +0000 ++++ LibRaw-0.17.2/dcraw/dcraw.c 2017-09-05 10:23:42.100698094 +0000 +@@ -5837,7 +5837,12 @@ int CLASS parse_tiff_ifd (int base) + if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) { + load_raw = &CLASS sony_arw_load_raw; + data_offset = get4()+base; +- ifd++; break; ++ ifd++; ++#ifdef LIBRAW_LIBRARY_BUILD ++ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0]) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif ++ break; + } + while (len--) { + i = ftell(ifp); +@@ -6001,7 +6006,7 @@ int CLASS parse_tiff_ifd (int base) + break; + case 50454: /* Sinar tag */ + case 50455: +- if (!(cbuf = (char *) malloc(len))) break; ++ if (len < 1 || len > 2560000 || !(cbuf = (char *) malloc(len))) break; + fread (cbuf, 1, len, ifp); + for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n')) + if (!strncmp (++cp,"Neutral ",8)) +@@ -6760,7 +6765,11 @@ int CLASS parse_jpeg (int offset) + } + order = get2(); + hlen = get4(); +- if (get4() == 0x48454150) /* "HEAP" */ ++ if (get4() == 0x48454150 ++#ifdef LIBRAW_LIBRARY_BUILD ++ && (save+hlen) >= 0 && (save+hlen)<=ifp->size() ++#endif ++ ) /* "HEAP" */ + parse_ciff (save+hlen, len-hlen, 0); + if (parse_tiff (save+6)) apply_tiff(); + fseek (ifp, save+len, SEEK_SET); +diff -rup LibRaw-0.17.2.orig/internal/dcraw_common.cpp LibRaw-0.17.2/internal/dcraw_common.cpp +--- LibRaw-0.17.2.orig/internal/dcraw_common.cpp 2016-05-14 06:55:03.000000000 +0000 ++++ LibRaw-0.17.2/internal/dcraw_common.cpp 2017-09-05 10:23:42.104031489 +0000 +@@ -9060,7 +9060,12 @@ int CLASS parse_tiff_ifd (int base) + if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].t_width == 3872) { + load_raw = &CLASS sony_arw_load_raw; + data_offset = get4()+base; +- ifd++; break; ++ ifd++; ++#ifdef LIBRAW_LIBRARY_BUILD ++ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0]) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif ++ break; + } + #ifdef LIBRAW_LIBRARY_BUILD + if (!strncmp(make,"Hasselblad",10) && libraw_internal_data.unpacker_data.hasselblad_parser_flag) { +@@ -9312,7 +9317,7 @@ int CLASS parse_tiff_ifd (int base) + break; + case 50454: /* Sinar tag */ + case 50455: +- if (!(cbuf = (char *) malloc(len))) break; ++ if (len < 1 || len > 2560000 || !(cbuf = (char *) malloc(len))) break; + #ifndef LIBRAW_LIBRARY_BUILD + fread (cbuf, 1, len, ifp); + #else +@@ -10379,7 +10384,11 @@ int CLASS parse_jpeg (int offset) + } + order = get2(); + hlen = get4(); +- if (get4() == 0x48454150) /* "HEAP" */ ++ if (get4() == 0x48454150 ++#ifdef LIBRAW_LIBRARY_BUILD ++ && (save+hlen) >= 0 && (save+hlen)<=ifp->size() ++#endif ++ ) /* "HEAP" */ + { + #ifdef LIBRAW_LIBRARY_BUILD + imgdata.lens.makernotes.CameraMount = LIBRAW_MOUNT_FixedLens; |