pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/graphics/libraw



Module Name:    pkgsrc
Committed By:   nia
Date:           Sun Sep 19 18:46:50 UTC 2021

Modified Files:
        pkgsrc/graphics/libraw: Makefile distinfo
        pkgsrc/graphics/libraw/patches: patch-src_libraw__cxx.cpp
Added Files:
        pkgsrc/graphics/libraw/patches: patch-libraw_libraw__const.h

Log Message:
libraw: apply patch for CVE-2020-15503


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/graphics/libraw/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/graphics/libraw/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/graphics/libraw/patches/patch-libraw_libraw__const.h
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/graphics/libraw/patches/patch-src_libraw__cxx.cpp

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/libraw/Makefile
diff -u pkgsrc/graphics/libraw/Makefile:1.34 pkgsrc/graphics/libraw/Makefile:1.35
--- pkgsrc/graphics/libraw/Makefile:1.34        Wed May 20 06:09:06 2020
+++ pkgsrc/graphics/libraw/Makefile     Sun Sep 19 18:46:50 2021
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2020/05/20 06:09:06 rillig Exp $
+# $NetBSD: Makefile,v 1.35 2021/09/19 18:46:50 nia Exp $
 
 DISTNAME=      LibRaw-0.19.5
 PKGNAME=       ${DISTNAME:tl}
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  https://www.libraw.org/data/
 

Index: pkgsrc/graphics/libraw/distinfo
diff -u pkgsrc/graphics/libraw/distinfo:1.26 pkgsrc/graphics/libraw/distinfo:1.27
--- pkgsrc/graphics/libraw/distinfo:1.26        Sat Aug 31 14:20:05 2019
+++ pkgsrc/graphics/libraw/distinfo     Sun Sep 19 18:46:50 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26 2019/08/31 14:20:05 nia Exp $
+$NetBSD: distinfo,v 1.27 2021/09/19 18:46:50 nia Exp $
 
 SHA1 (LibRaw-0.19.5.tar.gz) = c151995b6f17a0ccef7fbc1dcb982f0ccb04d934
 RMD160 (LibRaw-0.19.5.tar.gz) = 051642cfdf713e1d981a1790f4d872d89ff6f02a
@@ -6,4 +6,5 @@ SHA512 (LibRaw-0.19.5.tar.gz) = 4560045f
 Size (LibRaw-0.19.5.tar.gz) = 1303806 bytes
 SHA1 (patch-internal_libraw__x3f.cpp) = ec5d479a45d7fc25c884cc7259ad513857fa2711
 SHA1 (patch-libraw__r.pc.in) = e691f79c69c5530c93262c270fe7e2f5b1c959d9
-SHA1 (patch-src_libraw__cxx.cpp) = cfbb3afbd0b44ce1bbc24e5af212ad5c53d251b7
+SHA1 (patch-libraw_libraw__const.h) = 91836dca7f9ba820417381bad53fe292b3e5f0ce
+SHA1 (patch-src_libraw__cxx.cpp) = fb2f16cb7a0798f499383bc06768ac0543049f66

Index: pkgsrc/graphics/libraw/patches/patch-src_libraw__cxx.cpp
diff -u pkgsrc/graphics/libraw/patches/patch-src_libraw__cxx.cpp:1.1 pkgsrc/graphics/libraw/patches/patch-src_libraw__cxx.cpp:1.2
--- pkgsrc/graphics/libraw/patches/patch-src_libraw__cxx.cpp:1.1        Mon Oct  5 04:37:39 2015
+++ pkgsrc/graphics/libraw/patches/patch-src_libraw__cxx.cpp    Sun Sep 19 18:46:50 2021
@@ -1,10 +1,124 @@
-$NetBSD: patch-src_libraw__cxx.cpp,v 1.1 2015/10/05 04:37:39 richard Exp $
-  
-undefine DS if sys/regset.h is pulled in on SunOS                               
+$NetBSD: patch-src_libraw__cxx.cpp,v 1.2 2021/09/19 18:46:50 nia Exp $
 
---- src/libraw_cxx.cpp.orig    2015-05-16 12:32:15.000000000 +0000
+- Thumbnail size range check (CVE-2020-15503)
+- undefine DS if sys/regset.h is pulled in on SunOS                               
+
+--- src/libraw_cxx.cpp.orig    2019-08-20 17:34:30.000000000 +0000
 +++ src/libraw_cxx.cpp
-@@ -3623,6 +3623,9 @@ void LibRaw::parse_x3f()
+@@ -3712,6 +3712,20 @@ libraw_processed_image_t *LibRaw::dcraw_
+     return NULL;
+   }
+ 
++  if (T.tlength < 64u)
++  {
++      if (errcode)
++          *errcode = EINVAL;
++      return NULL;
++  }
++
++  if (INT64(T.tlength) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB)
++  {
++      if (errcode)
++          *errcode = LIBRAW_TOO_BIG;
++      return NULL;
++  }
++
+   if (T.tformat == LIBRAW_THUMBNAIL_BITMAP)
+   {
+     libraw_processed_image_t *ret = (libraw_processed_image_t *)::malloc(sizeof(libraw_processed_image_t) + T.tlength);
+@@ -3976,6 +3990,12 @@ void LibRaw::kodak_thumb_loader()
+   if (ID.toffset + est_datasize > ID.input->size() + THUMB_READ_BEYOND)
+     throw LIBRAW_EXCEPTION_IO_EOF;
+ 
++  if(INT64(T.theight) * INT64(T.twidth) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB)
++      throw LIBRAW_EXCEPTION_IO_CORRUPT;
++
++  if (INT64(T.theight) * INT64(T.twidth) < 64ULL)
++      throw LIBRAW_EXCEPTION_IO_CORRUPT;
++
+   // some kodak cameras
+   ushort s_height = S.height, s_width = S.width, s_iwidth = S.iwidth, s_iheight = S.iheight;
+   ushort s_flags = libraw_internal_data.unpacker_data.load_flags;
+@@ -4237,6 +4257,25 @@ int LibRaw::unpack_thumb(void)
+   CHECK_ORDER_LOW(LIBRAW_PROGRESS_IDENTIFY);
+   CHECK_ORDER_BIT(LIBRAW_PROGRESS_THUMB_LOAD);
+ 
++#define THUMB_SIZE_CHECKT(A) \
++  do { \
++    if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
++    if (INT64(A) > 0 &&  INT64(A) < 64ULL)        throw LIBRAW_EXCEPTION_IO_CORRUPT; \
++  } while (0)
++
++#define THUMB_SIZE_CHECKTNZ(A) \
++  do { \
++    if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
++    if (INT64(A) < 64ULL)        throw LIBRAW_EXCEPTION_IO_CORRUPT; \
++  } while (0)
++
++
++#define THUMB_SIZE_CHECKWH(W,H) \
++  do { \
++    if (INT64(W)*INT64(H) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
++    if (INT64(W)*INT64(H) < 64ULL)        throw LIBRAW_EXCEPTION_IO_CORRUPT; \
++  } while (0)
++
+   try
+   {
+     if (!libraw_internal_data.internal_data.input)
+@@ -4267,6 +4306,7 @@ int LibRaw::unpack_thumb(void)
+ 
+         if (INT64(ID.toffset) + tsize > ID.input->size() + THUMB_READ_BEYOND)
+           throw LIBRAW_EXCEPTION_IO_EOF;
++        THUMB_SIZE_CHECKT(tsize);
+       }
+       else
+       {
+@@ -4280,6 +4320,8 @@ int LibRaw::unpack_thumb(void)
+       ID.input->seek(ID.toffset, SEEK_SET);
+       if (write_thumb == &LibRaw::jpeg_thumb)
+       {
++        THUMB_SIZE_CHECKTNZ(T.tlength);
++
+         if (T.thumb)
+           free(T.thumb);
+         T.thumb = (char *)malloc(T.tlength);
+@@ -4326,6 +4368,7 @@ int LibRaw::unpack_thumb(void)
+       {
+         if (t_bytesps > 1)
+           throw LIBRAW_EXCEPTION_IO_CORRUPT; // 8-bit thumb, but parsed for more bits
++      THUMB_SIZE_CHECKWH(T.twidth, T.theight);
+         int t_length = T.twidth * T.theight * t_colors;
+ 
+         if (T.tlength && T.tlength < t_length) // try to find tiff ifd with needed offset
+@@ -4351,6 +4394,7 @@ int LibRaw::unpack_thumb(void)
+                 T.tcolors = 1;
+             }
+             T.tlength = total_size;
++            THUMB_SIZE_CHECKTNZ(T.tlength);
+             if (T.thumb)
+               free(T.thumb);
+             T.thumb = (char *)malloc(T.tlength);
+@@ -4384,6 +4428,8 @@ int LibRaw::unpack_thumb(void)
+         if (T.thumb)
+           free(T.thumb);
+ 
++        THUMB_SIZE_CHECKTNZ(T.tlength);
++
+         T.thumb = (char *)malloc(T.tlength);
+         if (!T.tcolors)
+           T.tcolors = t_colors;
+@@ -4404,6 +4450,10 @@ int LibRaw::unpack_thumb(void)
+         int i_length = T.twidth * T.theight * t_colors * 2;
+         if (!T.tlength)
+           T.tlength = o_length;
++        THUMB_SIZE_CHECKTNZ(o_length);
++        THUMB_SIZE_CHECKTNZ(i_length);
++        THUMB_SIZE_CHECKTNZ(T.tlength);
++
+         ushort *t_thumb = (ushort *)calloc(i_length, 1);
+         ID.input->read(t_thumb, 1, i_length);
+         if ((libraw_internal_data.unpacker_data.order == 0x4949) == (ntohs(0x1234) == 0x1234))
+@@ -6183,6 +6233,9 @@ void LibRaw::parse_x3f()
    _x3f_data = x3f;
  
    x3f_header_t *H = NULL;

Added files:

Index: pkgsrc/graphics/libraw/patches/patch-libraw_libraw__const.h
diff -u /dev/null pkgsrc/graphics/libraw/patches/patch-libraw_libraw__const.h:1.1
--- /dev/null   Sun Sep 19 18:46:50 2021
+++ pkgsrc/graphics/libraw/patches/patch-libraw_libraw__const.h Sun Sep 19 18:46:50 2021
@@ -0,0 +1,18 @@
+$NetBSD: patch-libraw_libraw__const.h,v 1.1 2021/09/19 18:46:50 nia Exp $
+
+Thumbnail size range check (CVE-2020-15503)
+
+--- libraw/libraw_const.h.orig 2019-08-20 17:34:30.000000000 +0000
++++ libraw/libraw_const.h
+@@ -24,6 +24,11 @@ it under the terms of the one of two lic
+ #define LIBRAW_MAX_ALLOC_MB 2048L
+ #endif
+ 
++/* limit thumbnail size, default is 512Mb*/
++#ifndef LIBRAW_MAX_THUMBNAIL_MB
++#define LIBRAW_MAX_THUMBNAIL_MB 512L
++#endif
++
+ /* Change to non-zero to allow (broken) CRW (and other) files metadata 
+    loop prevention */
+ #ifndef LIBRAW_METADATA_LOOP_PREVENTION



Home | Main Index | Thread Index | Old Index