From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/ufraw/files/, media-gfx/ufraw/
Date: Sun, 15 Sep 2019 23:47:24 +0000 (UTC) [thread overview]
Message-ID: <1568591186.35c276a51e96fd25c976d70a762e76dd2e048331.asturm@gentoo> (raw)
commit: 35c276a51e96fd25c976d70a762e76dd2e048331
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 23:34:26 2019 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 23:46:26 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35c276a5
media-gfx/ufraw: Fix CVE-2015-8366 and CVE-2018-19655
Thanks to openSUSE for the patches.
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../ufraw/files/ufraw-0.22-CVE-2015-8366.patch | 17 +++++++++
.../ufraw/files/ufraw-0.22-CVE-2018-19655.patch | 44 ++++++++++++++++++++++
media-gfx/ufraw/ufraw-0.22-r3.ebuild | 2 +
3 files changed, 63 insertions(+)
diff --git a/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch b/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch
new file mode 100644
index 00000000000..9d59ca413fb
--- /dev/null
+++ b/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch
@@ -0,0 +1,17 @@
+Fix a buffer overflow bug. See
+https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
+
+--- a/dcraw.cc
++++ b/dcraw.cc
+@@ -3013,7 +3013,10 @@
+ diff = diff ? -diff : 0x80;
+ if (ftell(ifp) + 12 >= (int) seg[1][1])
+ diff = 0;
+- raw_image[pix] = pred[pix & 1] += diff;
++ if(pix>=raw_width*raw_height)
++ derror();
++ else
++ raw_image[pix] = pred[pix & 1] += diff;
+ if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2;
+ }
+ maximum = 0xff;
diff --git a/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch b/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch
new file mode 100644
index 00000000000..78b46b4452e
--- /dev/null
+++ b/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch
@@ -0,0 +1,44 @@
+Description: stack-based buffer overflow bug
+Bug-Debian: https://bugs.debian.org/890086
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-19655
+Author: Filip Hroch <hroch@physics.muni.cz>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2018-12-02
+
+--- a/dcraw.cc
++++ b/dcraw.cc
+@@ -8505,9 +8505,15 @@ float CLASS find_green (int bps, int bit
+ {
+ UINT64 bitbuf=0;
+ int vbits, col, i, c;
+- ushort img[2][2064];
++ ushort *img;
+ double sum[]={0,0};
+
++#define IMG2D(row,col) \
++ img[(row)*width+(col)]
++
++ img = (ushort *) malloc(2*width*sizeof(ushort));
++ merror (img, "find_green()");
++
+ FORC(2) {
+ fseek (ifp, c ? off1:off0, SEEK_SET);
+ for (vbits=col=0; col < width; col++) {
+@@ -8516,13 +8522,14 @@ float CLASS find_green (int bps, int bit
+ for (i=0; i < bite; i+=8)
+ bitbuf |= (unsigned) (fgetc(ifp) << i);
+ }
+- img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps);
++ IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps);
+ }
+ }
+ FORC(width-1) {
+- sum[ c & 1] += ABS(img[0][c]-img[1][c+1]);
+- sum[~c & 1] += ABS(img[1][c]-img[0][c+1]);
++ sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1));
++ sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1));
+ }
++ free(img);
+ return 100 * log(sum[0]/sum[1]);
+ }
+
diff --git a/media-gfx/ufraw/ufraw-0.22-r3.ebuild b/media-gfx/ufraw/ufraw-0.22-r3.ebuild
index b43d97d6022..f3126840467 100644
--- a/media-gfx/ufraw/ufraw-0.22-r3.ebuild
+++ b/media-gfx/ufraw/ufraw-0.22-r3.ebuild
@@ -44,6 +44,8 @@ PATCHES=(
"${FILESDIR}"/${P}-jpeg9.patch
"${FILESDIR}"/${P}-exiv2-0.27.patch
"${FILESDIR}"/${P}-gcc9.patch
+ "${FILESDIR}"/${P}-CVE-2015-8366.patch
+ "${FILESDIR}"/${P}-CVE-2018-19655.patch
)
src_prepare() {
next reply other threads:[~2019-09-15 23:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-15 23:47 Andreas Sturmlechner [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-07-26 2:38 [gentoo-commits] repo/gentoo:master commit in: media-gfx/ufraw/files/, media-gfx/ufraw/ Sam James
2021-04-19 3:16 Matt Turner
2019-09-15 23:47 Andreas Sturmlechner
2018-12-29 22:02 Andreas Sturmlechner
2017-06-18 9:51 Alexis Ballier
2017-04-04 15:42 Andreas Sturmlechner
2017-04-04 15:42 Andreas Sturmlechner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1568591186.35c276a51e96fd25c976d70a762e76dd2e048331.asturm@gentoo \
--to=asturm@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox