!2 pack init

Merge pull request !2 from compile_success/master

LibRaw-0.17.1-CVE-2015-8366-8367.patch

@@ -0,0 +1,14 @@
+diff -r -U3 LibRaw-0.17.1.orig/dcraw/dcraw.c LibRaw-0.17.1/dcraw/dcraw.c
+--- LibRaw-0.17.1.orig/dcraw/dcraw.c	2015-05-24 21:30:26.000000000 -0500
++++ LibRaw-0.17.1/dcraw/dcraw.c	2015-12-01 07:47:00.086513959 -0600
+@@ -2901,6 +2901,10 @@
+       diff = diff ? -diff : 0x80;
+     if (ftell(ifp) + 12 >= seg[1][1])
+       diff = 0;
++#ifdef LIBRAW_LIBRARY_BUILD
++    if(pix>=raw_width*raw_height)
++      throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+     raw_image[pix] = pred[pix & 1] += diff;
+     if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2;
+   }

LibRaw-0.19.2-CVE-2018-5817,5818,5819.patch

@@ -0,0 +1,74 @@
+From e67a9862d10ebaa97712f532eca1eb5e2e410a22 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Thu, 22 Nov 2018 16:24:54 +0300
+Subject: [PATCH]  Fixed Secunia Advisory SA86384    - possible infinite loop
+ in unpacked_load_raw()    - possible infinite loop in parse_rollei()    -
+ possible infinite loop in parse_sinar_ia()
+
+ Credits: Laurent Delosieres, Secunia Research at Flexera
+---
+ dcraw/dcraw.c             | 4 +++-
+ internal/dcraw_common.cpp | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/dcraw/dcraw.c b/dcraw/dcraw.c
+index c71874c..a78e67a 100644
+--- a/dcraw/dcraw.c
++++ b/dcraw/dcraw.c
+@@ -6592,7 +6592,7 @@ void CLASS parse_rollei()
+   fseek (ifp, 0, SEEK_SET);
+   memset (&t, 0, sizeof t);
+   do {
+-    fgets (line, 128, ifp);
++    if(!fgets(line, 128, ifp)) break;
+     if ((val = strchr(line,'=')))
+       *val++ = 0;
+     else
+@@ -6630,6 +6630,7 @@ void CLASS parse_sinar_ia()
+   order = 0x4949;
+   fseek (ifp, 4, SEEK_SET);
+   entries = get4();
++  if(entries < 1 || entries > 8192) return;
+   fseek (ifp, get4(), SEEK_SET);
+   while (entries--) {
+     off = get4(); get4();
+@@ -9621,6 +9622,7 @@ dng_skip:
+   }
+   if (!tiff_bps) tiff_bps = 12;
+   if (!maximum) maximum = (1 << tiff_bps) - 1;
++  if(maximum > 0xffff) maximum = 0xffff;
+   if (!load_raw || height < 22 || width < 22 ||
+ 	tiff_bps > 16 || tiff_samples > 6 || colors > 4)
+     is_raw = 0;
+diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
+index 29cc72f..a8a8e0f 100644
+--- a/internal/dcraw_common.cpp
++++ b/internal/dcraw_common.cpp
+@@ -14851,7 +14851,7 @@ void CLASS parse_rollei()
+   memset(&t, 0, sizeof t);
+   do
+   {
+-    fgets(line, 128, ifp);
++    if(!fgets(line, 128, ifp)) break;
+     if ((val = strchr(line, '=')))
+       *val++ = 0;
+     else
+@@ -14889,6 +14889,7 @@ void CLASS parse_sinar_ia()
+   order = 0x4949;
+   fseek(ifp, 4, SEEK_SET);
+   entries = get4();
++  if(entries < 1 || entries > 8192) return;
+   fseek(ifp, get4(), SEEK_SET);
+   while (entries--)
+   {
+@@ -19732,6 +19733,7 @@ dng_skip:
+     if (maximum < 0x10000 && curve[maximum] > 0 && load_raw == &CLASS sony_arw2_load_raw)
+       maximum = curve[maximum];
+   }
++  if(maximum > 0xffff) maximum = 0xffff;
+   if (!load_raw || height < 22 || width < 22 ||
+ #ifdef LIBRAW_LIBRARY_BUILD
+       (tiff_bps > 16 && load_raw != &LibRaw::deflate_dng_load_raw)
+-- 
+1.8.3.1
+

LibRaw.spec

@@ -0,0 +1,70 @@
+Name:          LibRaw
+Version:       0.19.0
+Release:       8
+Summary:       Library for reading RAW files obtained from digital photo cameras
+License:       BSD and (CDDL or LGPLv2)
+URL:           http://www.libraw.org
+Source0:       http://www.libraw.org/data/%{name}-%{version}.tar.gz
+Patch0002:     LibRaw-0.17.1-CVE-2015-8366-8367.patch
+Patch6000:     LibRaw-0.19.2-CVE-2018-5817,5818,5819.patch
+
+BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(jasper) pkgconfig(libjpeg)
+Provides:      bundled(dcraw) = 9.25
+%description
+LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF,
+RAF, etc, virtually all RAW formats are supported).It pays special attention to
+correct retrieval of data required for subsequent RAW conversion.The library is
+intended for embedding in RAW converters, data analyzers, and other programs using
+RAW files as the initial data.
+
+%package devel
+Summary:      LibRaw development libraries
+Requires:     %{name} = %{version}-%{release}
+
+Provides:      LibRaw-static = %{version}-%{release} LibRaw-samples = %{version}-%{release}
+Obsoletes:     LibRaw-static < %{version}-%{release} LibRaw-samples < %{version}-%{release}
+
+%description devel
+The LibRaw-devel package contains development and header files.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+%build
+%configure --enable-examples=yes --enable-jasper --enable-jpeg \
+           --enable-lcms --enable-openmp
+
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+%make_build
+
+%install
+cp -pr doc manual
+chmod 644 LICENSE.CDDL LICENSE.LGPL COPYRIGHT Changelog.txt manual/*.html
+%make_install
+
+rm -rfv samples/.deps samples/.dirstamp samples/*.o
+%delete_la
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%doc Changelog.txt
+%license LICENSE.CDDL LICENSE.LGPL COPYRIGHT
+%{_libdir}/{libraw,libraw_r}.so.19*
+
+%files devel
+%doc manual samples
+%{_bindir}/*
+%{_includedir}/libraw/
+%{_libdir}/{libraw,libraw_r}.a
+%{_libdir}/{libraw,libraw_r}.so
+%{_libdir}/pkgconfig/{libraw,libraw_r}.pc
+%exclude %{_docdir}/libraw/*
+
+%changelog
+* Fri Oct 25 2019 yanzhihua<yanzhihua4@huawei.com> - 0.19.0-7
+- Package init