Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/ufraw/files/, media-gfx/ufraw/
Date: Sun, 15 Sep 2019 23:47:29
Message-Id: 1568591186.35c276a51e96fd25c976d70a762e76dd2e048331.asturm@gentoo
1 commit: 35c276a51e96fd25c976d70a762e76dd2e048331
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Sun Sep 15 23:34:26 2019 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Sun Sep 15 23:46:26 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35c276a5
7
8 media-gfx/ufraw: Fix CVE-2015-8366 and CVE-2018-19655
9
10 Thanks to openSUSE for the patches.
11
12 Package-Manager: Portage-2.3.76, Repoman-2.3.17
13 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
14
15 .../ufraw/files/ufraw-0.22-CVE-2015-8366.patch | 17 +++++++++
16 .../ufraw/files/ufraw-0.22-CVE-2018-19655.patch | 44 ++++++++++++++++++++++
17 media-gfx/ufraw/ufraw-0.22-r3.ebuild | 2 +
18 3 files changed, 63 insertions(+)
19
20 diff --git a/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch b/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch
21 new file mode 100644
22 index 00000000000..9d59ca413fb
23 --- /dev/null
24 +++ b/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch
25 @@ -0,0 +1,17 @@
26 +Fix a buffer overflow bug. See
27 +https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
28 +
29 +--- a/dcraw.cc
30 ++++ b/dcraw.cc
31 +@@ -3013,7 +3013,10 @@
32 + diff = diff ? -diff : 0x80;
33 + if (ftell(ifp) + 12 >= (int) seg[1][1])
34 + diff = 0;
35 +- raw_image[pix] = pred[pix & 1] += diff;
36 ++ if(pix>=raw_width*raw_height)
37 ++ derror();
38 ++ else
39 ++ raw_image[pix] = pred[pix & 1] += diff;
40 + if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2;
41 + }
42 + maximum = 0xff;
43
44 diff --git a/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch b/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch
45 new file mode 100644
46 index 00000000000..78b46b4452e
47 --- /dev/null
48 +++ b/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch
49 @@ -0,0 +1,44 @@
50 +Description: stack-based buffer overflow bug
51 +Bug-Debian: https://bugs.debian.org/890086
52 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-19655
53 +Author: Filip Hroch <hroch@××××××××××××.cz>
54 +Reviewed-by: Salvatore Bonaccorso <carnil@××××××.org>
55 +Last-Update: 2018-12-02
56 +
57 +--- a/dcraw.cc
58 ++++ b/dcraw.cc
59 +@@ -8505,9 +8505,15 @@ float CLASS find_green (int bps, int bit
60 + {
61 + UINT64 bitbuf=0;
62 + int vbits, col, i, c;
63 +- ushort img[2][2064];
64 ++ ushort *img;
65 + double sum[]={0,0};
66 +
67 ++#define IMG2D(row,col) \
68 ++ img[(row)*width+(col)]
69 ++
70 ++ img = (ushort *) malloc(2*width*sizeof(ushort));
71 ++ merror (img, "find_green()");
72 ++
73 + FORC(2) {
74 + fseek (ifp, c ? off1:off0, SEEK_SET);
75 + for (vbits=col=0; col < width; col++) {
76 +@@ -8516,13 +8522,14 @@ float CLASS find_green (int bps, int bit
77 + for (i=0; i < bite; i+=8)
78 + bitbuf |= (unsigned) (fgetc(ifp) << i);
79 + }
80 +- img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps);
81 ++ IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps);
82 + }
83 + }
84 + FORC(width-1) {
85 +- sum[ c & 1] += ABS(img[0][c]-img[1][c+1]);
86 +- sum[~c & 1] += ABS(img[1][c]-img[0][c+1]);
87 ++ sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1));
88 ++ sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1));
89 + }
90 ++ free(img);
91 + return 100 * log(sum[0]/sum[1]);
92 + }
93 +
94
95 diff --git a/media-gfx/ufraw/ufraw-0.22-r3.ebuild b/media-gfx/ufraw/ufraw-0.22-r3.ebuild
96 index b43d97d6022..f3126840467 100644
97 --- a/media-gfx/ufraw/ufraw-0.22-r3.ebuild
98 +++ b/media-gfx/ufraw/ufraw-0.22-r3.ebuild
99 @@ -44,6 +44,8 @@ PATCHES=(
100 "${FILESDIR}"/${P}-jpeg9.patch
101 "${FILESDIR}"/${P}-exiv2-0.27.patch
102 "${FILESDIR}"/${P}-gcc9.patch
103 + "${FILESDIR}"/${P}-CVE-2015-8366.patch
104 + "${FILESDIR}"/${P}-CVE-2018-19655.patch
105 )
106
107 src_prepare() {