[SCM] libkdcraw packaging branch, kde4.12, updated. debian/4.12.3-1
Maximiliano Curia
maxy at moszumanska.debian.org
Wed Mar 5 06:56:15 UTC 2014
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/libkdcraw.git;a=commitdiff;h=eaf9480
The following commit has been merged in the kde4.12 branch:
commit eaf9480b00272f75d9392c91d832f18c6c89d54e
Author: Maximiliano Curia <maxy at debian.org>
Date: Sat Mar 1 22:21:55 2014 +0100
Remove patch: libkdcraw_CVE-2013-143x.diff, upstream removed embedded libraw code.
---
debian/changelog | 2 +
debian/patches/libkdcraw_CVE-2013-143x.diff | 210 ----------------------------
debian/patches/series | 1 -
3 files changed, 2 insertions(+), 211 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index b38eed4..d6d3d01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ libkdcraw (4:4.12.3-1~) UNRELEASED; urgency=medium
* New upstream release.
* New upstream release.
+ * Remove patch: libkdcraw_CVE-2013-143x.diff, upstream removed
+ embedded libraw code.
-- Maximiliano Curia <maxy at debian.org> Fri, 28 Feb 2014 23:27:39 +0100
diff --git a/debian/patches/libkdcraw_CVE-2013-143x.diff b/debian/patches/libkdcraw_CVE-2013-143x.diff
deleted file mode 100644
index 2d461db..0000000
--- a/debian/patches/libkdcraw_CVE-2013-143x.diff
+++ /dev/null
@@ -1,210 +0,0 @@
-Description: fix denial of service via crafted photo files
-Origin: backport, https://github.com/LibRaw/LibRaw/commit/c4e374ea6c979a7d1d968f5082b7d0ea8cd27202
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721338
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721239
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721340
-
-Index: libkdcraw/libraw/internal/dcraw_common.cpp
-===================================================================
---- libkdcraw.orig/libraw/internal/dcraw_common.cpp 2013-10-01 20:08:24.478682563 +0200
-+++ libkdcraw/libraw/internal/dcraw_common.cpp 2013-10-01 20:08:24.474682721 +0200
-@@ -606,7 +606,10 @@
- int CLASS ljpeg_diff (ushort *huff)
- {
- int len, diff;
--
-+#ifdef LIBRAW_LIBRARY_BUILD
-+ if(!huff)
-+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
-+#endif
- len = gethuff(huff);
- if (len == 16 && (!dng_version || dng_version >= 0x1010000))
- return -32768;
-@@ -620,6 +623,8 @@
- int CLASS ljpeg_diff_new (LibRaw_bit_buffer& bits, LibRaw_byte_buffer* buf,ushort *huff)
- {
- int len, diff;
-+ if(!huff || !buf)
-+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
-
- len = bits._gethuff_lj(buf,*huff,huff+1);
- if (len == 16 && (!dng_version || dng_version >= 0x1010000))
-@@ -742,6 +747,10 @@
-
-
- if (!ljpeg_start (&jh, 0)) return;
-+#ifdef LIBRAW_LIBRARY_BUILD
-+ if(jh.wide<1 || jh.high<1 || jh.clrs<1 || jh.bits <1)
-+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
-+#endif
- jwide = jh.wide * jh.clrs;
-
- #ifdef LIBRAW_LIBRARY_BUILD
-@@ -755,18 +764,25 @@
- {
- // not sliced
- slicesW[slicesWcnt++] = raw_width; // safe fallback
-+
-+
- }
--
-- slices = slicesWcnt * jh.high;
-- offset = (unsigned*)calloc(slices+1,sizeof(offset[0]));
-
-- for(slice=0;slice<slices;slice++)
-- {
-- offset[slice] = (t_x + t_y * raw_width)| (t_s<<28);
-- if((offset[slice] & 0x0fffffff) >= raw_width * raw_height)
-- throw LIBRAW_EXCEPTION_IO_BADFILE;
-- t_y++;
-- if(t_y == jh.high)
-+ slices = slicesWcnt * jh.high;
-+ if(!slices)
-+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
-+ offset = (unsigned*)calloc(slices+1,sizeof(offset[0]));
-+
-+ for(slice=0;slice<slices;slice++)
-+ {
-+ offset[slice] = (t_x + t_y * raw_width)| (t_s<<28);
-+ if((offset[slice] & 0x0fffffff) >= raw_width * raw_height)
-+ {
-+ free(offset);
-+ throw LIBRAW_EXCEPTION_IO_BADFILE;
-+ }
-+ t_y++;
-+ if(t_y == jh.high)
- {
- t_y = 0;
- t_x += slicesW[t_s++];
-@@ -817,12 +833,28 @@
- pixno++;
- if (0 == --pixelsInSlice)
- {
-+ if(slice > slices)
-+ {
-+ free(offset);
-+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
-+ }
- unsigned o = offset[slice++];
- pixno = o & 0x0fffffff;
- pixelsInSlice = slicesW[o>>28];
- }
- }
- #endif
-+
-+ if(row>raw_height)
-+#ifdef LIBRAW_LIBRARY_BUILD
-+ {
-+ free(offset);
-+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
-+ }
-+#else
-+ longjmp (failure, 3);
-+#endif
-+
- if (raw_width == 3984 && (col -= 2) < 0)
- col += (row--,raw_width);
- if (row >= 0) RAW(row,col) = val;
-@@ -5135,6 +5167,7 @@
- data_offset = get4()+base;
- ifd++; break;
- }
-+ if(len > 1000) len=1000; /* 1000 SubIFDs is enough */
- while (len--) {
- i = ftell(ifp);
- fseek (ifp, get4()+base, SEEK_SET);
-@@ -5353,7 +5386,7 @@
- break;
- case 50715: /* BlackLevelDeltaH */
- case 50716: /* BlackLevelDeltaV */
-- for (num=i=0; i < len; i++)
-+ for (num=i=0; i < len && i < 65536; i++)
- num += getreal(type);
- black += num/len + 0.5;
- break;
-@@ -5486,9 +5519,12 @@
- if (thumb_offset) {
- fseek (ifp, thumb_offset, SEEK_SET);
- if (ljpeg_start (&jh, 1)) {
-- thumb_misc = jh.bits;
-- thumb_width = jh.wide;
-- thumb_height = jh.high;
-+ if((unsigned)jh.bits<17 && (unsigned)jh.wide < 0x10000 && (unsigned)jh.high < 0x10000)
-+ {
-+ thumb_misc = jh.bits;
-+ thumb_width = jh.wide;
-+ thumb_height = jh.high;
-+ }
- }
- }
- for (i=0; i < tiff_nifds; i++) {
-@@ -5496,7 +5532,8 @@
- max_samp = tiff_ifd[i].samples;
- if (max_samp > 3) max_samp = 3;
- if ((tiff_ifd[i].comp != 6 || tiff_ifd[i].samples != 3) &&
-- (tiff_ifd[i].t_width | tiff_ifd[i].t_height) < 0x10000 &&
-+ unsigned(tiff_ifd[i].t_width | tiff_ifd[i].t_height) < 0x10000 &&
-+ (unsigned)tiff_ifd[i].bps < 33 && (unsigned)tiff_ifd[i].samples < 13 &&
- tiff_ifd[i].t_width*tiff_ifd[i].t_height > raw_width*raw_height) {
- raw_width = tiff_ifd[i].t_width;
- raw_height = tiff_ifd[i].t_height;
-@@ -5582,17 +5619,19 @@
- !strstr(model2,"DEBUG RAW")))
- is_raw = 0;
- for (i=0; i < tiff_nifds; i++)
-- if (i != raw && tiff_ifd[i].samples == max_samp &&
-- tiff_ifd[i].t_width * tiff_ifd[i].t_height / SQR(tiff_ifd[i].bps+1) >
-- thumb_width * thumb_height / SQR(thumb_misc+1)
-- && tiff_ifd[i].comp != 34892) {
-- thumb_width = tiff_ifd[i].t_width;
-- thumb_height = tiff_ifd[i].t_height;
-- thumb_offset = tiff_ifd[i].offset;
-- thumb_length = tiff_ifd[i].bytes;
-- thumb_misc = tiff_ifd[i].bps;
-- thm = i;
-- }
-+ if (i != raw && tiff_ifd[i].samples == max_samp &&
-+ tiff_ifd[i].bps>0 && tiff_ifd[i].bps < 33 &&
-+ unsigned(tiff_ifd[i].t_width | tiff_ifd[i].t_height) < 0x10000 &&
-+ tiff_ifd[i].t_width * tiff_ifd[i].t_height / SQR(tiff_ifd[i].bps+1) >
-+ thumb_width * thumb_height / SQR(thumb_misc+1)
-+ && tiff_ifd[i].comp != 34892) {
-+ thumb_width = tiff_ifd[i].t_width;
-+ thumb_height = tiff_ifd[i].t_height;
-+ thumb_offset = tiff_ifd[i].offset;
-+ thumb_length = tiff_ifd[i].bytes;
-+ thumb_misc = tiff_ifd[i].bps;
-+ thm = i;
-+ }
- if (thm >= 0) {
- thumb_misc |= tiff_ifd[thm].samples << 5;
- switch (tiff_ifd[thm].comp) {
-Index: libkdcraw/libraw/src/libraw_datastream.cpp
-===================================================================
---- libkdcraw.orig/libraw/src/libraw_datastream.cpp 2013-10-01 20:08:24.478682563 +0200
-+++ libkdcraw/libraw/src/libraw_datastream.cpp 2013-10-01 20:08:24.474682721 +0200
-@@ -64,7 +64,12 @@
-
- LibRaw_byte_buffer *LibRaw_abstract_datastream::make_byte_buffer(unsigned int sz)
- {
-+ if(sz> 2u * 1024u * 1024u * 1024u) // 2GB is enough
-+ throw LIBRAW_EXCEPTION_ALLOC;
-+
- LibRaw_byte_buffer *ret = new LibRaw_byte_buffer(sz);
-+ if(!ret) // failed new should throw std::exception
-+ throw LIBRAW_EXCEPTION_ALLOC;
- read(ret->get_buffer(),sz,1);
- return ret;
- }
-@@ -441,7 +446,10 @@
-
- LibRaw_byte_buffer *LibRaw_buffer_datastream::make_byte_buffer(unsigned int sz)
- {
-+
- LibRaw_byte_buffer *ret = new LibRaw_byte_buffer(0);
-+ if(!ret) // failed new should throw std::exception
-+ throw LIBRAW_EXCEPTION_ALLOC;
- if(streampos + sz > streamsize)
- sz = streamsize - streampos;
- ret->set_buffer(buf+streampos,sz);
diff --git a/debian/patches/series b/debian/patches/series
deleted file mode 100644
index 02a7ee8..0000000
--- a/debian/patches/series
+++ /dev/null
@@ -1 +0,0 @@
-libkdcraw_CVE-2013-143x.diff
--
libkdcraw packaging
More information about the pkg-kde-commits
mailing list