[gnome-photos/gnome-3-26] flatpak: Libraw CVE-2017-13735
- From: Debarshi Ray <debarshir src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-photos/gnome-3-26] flatpak: Libraw CVE-2017-13735
- Date: Fri, 8 Sep 2017 14:27:35 +0000 (UTC)
commit a7c75297916c9fd31ba2eb083aa9d7235a970b6b
Author: Debarshi Ray <debarshir gnome org>
Date: Fri Sep 8 14:35:44 2017 +0200
flatpak: Libraw CVE-2017-13735
flatpak/libraw-CVE-2017-13735-radc_divbyzero.patch | 44 ++++++++++++++++++++
flatpak/org.gnome.Photos.json | 4 ++
2 files changed, 48 insertions(+), 0 deletions(-)
---
diff --git a/flatpak/libraw-CVE-2017-13735-radc_divbyzero.patch
b/flatpak/libraw-CVE-2017-13735-radc_divbyzero.patch
new file mode 100644
index 0000000..43bc679
--- /dev/null
+++ b/flatpak/libraw-CVE-2017-13735-radc_divbyzero.patch
@@ -0,0 +1,44 @@
+From 7249187f1c6530d4ba55d2e042815854d55d37d9 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa lexa ru>
+Date: Fri, 8 Sep 2017 14:56:32 +0200
+Subject: [PATCH] Fix CVE-2017-13735
+
+https://github.com/LibRaw/LibRaw/issues/96
+---
+ dcraw/dcraw.c | 4 ++++
+ internal/dcraw_common.cpp | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/dcraw/dcraw.c b/dcraw/dcraw.c
+index 77f3e54c0784..3eb4b039dbce 100644
+--- a/dcraw/dcraw.c
++++ b/dcraw/dcraw.c
+@@ -3436,6 +3436,10 @@ void CLASS kodak_radc_load_raw()
+ checkCancel();
+ #endif
+ FORC3 mul[c] = getbits(6);
++#ifdef LIBRAW_LIBRARY_BUILD
++ if(!mul[0] || !mul[1] || !mul[2])
++ throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+ FORC3
+ {
+ val = ((0x1000000 / last[c] + 0x7ff) >> 12) * mul[c];
+diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
+index 608641a123fd..83a1fbaa9976 100644
+--- a/internal/dcraw_common.cpp
++++ b/internal/dcraw_common.cpp
+@@ -3140,6 +3140,10 @@ void CLASS kodak_radc_load_raw()
+ checkCancel();
+ #endif
+ FORC3 mul[c] = getbits(6);
++#ifdef LIBRAW_LIBRARY_BUILD
++ if(!mul[0] || !mul[1] || !mul[2])
++ throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+ FORC3
+ {
+ val = ((0x1000000 / last[c] + 0x7ff) >> 12) * mul[c];
+--
+2.9.5
+
diff --git a/flatpak/org.gnome.Photos.json b/flatpak/org.gnome.Photos.json
index a102910..edea85a 100644
--- a/flatpak/org.gnome.Photos.json
+++ b/flatpak/org.gnome.Photos.json
@@ -137,6 +137,10 @@
{
"type": "patch",
"path": "libraw-pkgconfig.patch"
+ },
+ {
+ "type": "patch",
+ "path": "libraw-CVE-2017-13735-radc_divbyzero.patch"
}
]
},
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]