Commit ec40a9a6 authored by Debarshi Ray's avatar Debarshi Ray

flatpak: Build LibRaw from the stable tarball

#98
parent a15f7003
From 7249187f1c6530d4ba55d2e042815854d55d37d9 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Fri, 8 Sep 2017 14:56:32 +0200
Subject: [PATCH] Fix CVE-2017-13735
https://github.com/LibRaw/LibRaw/issues/96
---
dcraw/dcraw.c | 4 ++++
internal/dcraw_common.cpp | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/dcraw/dcraw.c b/dcraw/dcraw.c
index 77f3e54c0784..3eb4b039dbce 100644
--- a/dcraw/dcraw.c
+++ b/dcraw/dcraw.c
@@ -3436,6 +3436,10 @@ void CLASS kodak_radc_load_raw()
checkCancel();
#endif
FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!mul[0] || !mul[1] || !mul[2])
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
FORC3
{
val = ((0x1000000 / last[c] + 0x7ff) >> 12) * mul[c];
diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index 608641a123fd..83a1fbaa9976 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -3140,6 +3140,10 @@ void CLASS kodak_radc_load_raw()
checkCancel();
#endif
FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!mul[0] || !mul[1] || !mul[2])
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
FORC3
{
val = ((0x1000000 / last[c] + 0x7ff) >> 12) * mul[c];
--
2.9.5
......@@ -147,23 +147,13 @@
"cleanup": [ "/share/doc" ],
"sources": [
{
"type": "git",
"url": "https://github.com/LibRaw/LibRaw.git"
},
{
"type": "shell",
"commands": [
"make -f Makefile.devel regenerate",
"autoreconf --force --install"
]
"type": "archive",
"url": "https://www.libraw.org/data/LibRaw-0.18.8.tar.gz",
"sha256": "56aca4fd97038923d57d2d17d90aa11d827f1f3d3f1d97e9f5a0d52ff87420e2"
},
{
"type": "patch",
"path": "libraw-pkgconfig.patch"
},
{
"type": "patch",
"path": "libraw-CVE-2017-13735-radc_divbyzero.patch"
}
]
},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment