From 674369106561e618ed5747901c3d878ccfda60ab Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 07 2019 06:10:03 +0000 Subject: import dcraw-9.27.0-9.el8 --- diff --git a/.dcraw.metadata b/.dcraw.metadata new file mode 100644 index 0000000..471a870 --- /dev/null +++ b/.dcraw.metadata @@ -0,0 +1 @@ +d9fd2ee5596a02d3dff792dd377a32b768752a4d SOURCES/dcraw-9.27.0.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f0fae2a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/dcraw-9.27.0.tar.gz diff --git a/SOURCES/dcraw-9.21-lcms2-error-reporting.patch b/SOURCES/dcraw-9.21-lcms2-error-reporting.patch new file mode 100644 index 0000000..7b37d12 --- /dev/null +++ b/SOURCES/dcraw-9.21-lcms2-error-reporting.patch @@ -0,0 +1,38 @@ +From affda75b7d868350d7ef9e7a67367826fb3e950d Mon Sep 17 00:00:00 2001 +From: Nils Philippsen +Date: Wed, 4 Sep 2013 17:13:49 +0200 +Subject: [PATCH] Report errors with LCMS version 2.x. + +--- + dcraw.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/dcraw.c b/dcraw.c +index 6f8dbbe..d80db64 100644 +--- a/dcraw.c ++++ b/dcraw.c +@@ -8902,6 +8902,13 @@ notraw: + } + + #ifndef NO_LCMS ++static void lcms2_error_show_handler (cmsContext ContextID, ++ cmsUInt32Number ErrorCode, ++ const char *Text) ++{ ++ fprintf (stderr, "lcms2: Error #%d; %s\n", ErrorCode, Text); ++} ++ + void CLASS apply_profile (const char *input, const char *output) + { + char *prof; +@@ -8910,6 +8917,7 @@ void CLASS apply_profile (const char *input, const char *output) + FILE *fp; + unsigned size; + ++ cmsSetLogErrorHandler (lcms2_error_show_handler); + if (strcmp (input, "embed")) + hInProfile = cmsOpenProfileFromFile (input, "r"); + else if (profile_length) { +-- +1.9.0 + diff --git a/SOURCES/dcraw-CVE-2018-5801.patch b/SOURCES/dcraw-CVE-2018-5801.patch new file mode 100644 index 0000000..2f742a1 --- /dev/null +++ b/SOURCES/dcraw-CVE-2018-5801.patch @@ -0,0 +1,125 @@ +diff -urNp old/dcraw.c new/dcraw.c +--- old/dcraw.c 2018-06-14 12:38:10.519964843 +0200 ++++ new/dcraw.c 2018-06-14 13:31:46.304679761 +0200 +@@ -1248,6 +1248,10 @@ void CLASS nikon_load_raw() + + void CLASS nikon_yuv_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + int row, col, yuv[4], rgb[3], b, c; + UINT64 bitbuf=0; + +@@ -1889,6 +1893,10 @@ void CLASS sinar_4shot_load_raw() + unpacked_load_raw(); + return; + } ++#ifdef LIBRAW_LIBRARY_BUILD ++ else if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + pixel = (ushort *) calloc (raw_width, sizeof *pixel); + merror (pixel, "sinar_4shot_load_raw()"); + for (shot=0; shot < 4; shot++) { +@@ -2188,6 +2196,11 @@ void CLASS quicktake_100_load_raw() + + void CLASS kodak_radc_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ // All kodak radc images are 768x512 ++ if(width>768 || raw_width>768 || height > 512 || raw_height>512 ) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + static const char src[] = { + 1,1, 2,3, 3,4, 4,2, 5,7, 6,5, 7,6, 7,8, + 1,0, 2,1, 3,3, 4,4, 5,2, 6,7, 7,6, 8,5, 8,8, +@@ -2348,6 +2361,10 @@ void CLASS gamma_curve (double pwr, doub + + void CLASS lossy_dng_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + struct jpeg_decompress_struct cinfo; + struct jpeg_error_mgr jerr; + JSAMPARRAY buf; +@@ -2444,6 +2461,10 @@ void CLASS eight_bit_load_raw() + + void CLASS kodak_c330_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + uchar *pixel; + int row, col, y, cb, cr, rgb[3], c; + +@@ -2469,6 +2490,10 @@ void CLASS kodak_c330_load_raw() + + void CLASS kodak_c603_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + uchar *pixel; + int row, col, y, cb, cr, rgb[3], c; + +@@ -2596,6 +2621,10 @@ void CLASS kodak_65000_load_raw() + + void CLASS kodak_ycbcr_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + short buf[384], *bp; + int row, col, len, c, i, j, k, y[2][2], cb, cr, rgb[3]; + ushort *ip; +@@ -2624,6 +2653,10 @@ void CLASS kodak_ycbcr_load_raw() + + void CLASS kodak_rgb_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + short buf[768], *bp; + int row, col, len, c, i, rgb[3]; + ushort *ip=image[0]; +@@ -2640,6 +2673,10 @@ void CLASS kodak_rgb_load_raw() + + void CLASS kodak_thumb_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + int row, col; + colors = thumb_misc >> 5; + for (row=0; row < height; row++) +@@ -3109,6 +3146,10 @@ void CLASS foveon_thumb() + + void CLASS foveon_sd_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + struct decode *dindex; + short diff[1024]; + unsigned bitbuf=0; +@@ -3156,6 +3197,10 @@ void CLASS foveon_huff (ushort *huff) + + void CLASS foveon_dp_load_raw() + { ++#ifdef LIBRAW_LIBRARY_BUILD ++ if(!image) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; ++#endif + unsigned c, roff[4], row, col, diff; + ushort huff[512], vpred[2][2], hpred[2]; + diff --git a/SPECS/dcraw.spec b/SPECS/dcraw.spec new file mode 100644 index 0000000..5fd0aaa --- /dev/null +++ b/SPECS/dcraw.spec @@ -0,0 +1,287 @@ +Summary: Tool for decoding raw image data from digital cameras +Name: dcraw +Version: 9.27.0 +Release: 9%{?dist} +License: GPLv2+ +URL: http://cybercom.net/~dcoffin/dcraw +Source0: http://cybercom.net/~dcoffin/dcraw/archive/dcraw-%{version}.tar.gz +Patch0: dcraw-9.21-lcms2-error-reporting.patch +Patch1: dcraw-CVE-2018-5801.patch +BuildRequires: gcc +BuildRequires: gettext +BuildRequires: libjpeg-devel +BuildRequires: lcms2-devel +BuildRequires: jasper-devel +Provides: bundled(dcraw) + +%description +This package contains dcraw, a command line tool to decode raw image data +downloaded from digital cameras. + +%prep +%autosetup -n dcraw + +%build +gcc %optflags $RPM_LD_FLAGS \ + -lm -ljpeg -llcms2 -ljasper \ + -DLOCALEDIR="\"%{_datadir}/locale\"" \ + -o dcraw dcraw.c +# build language catalogs +for catsrc in dcraw_*.po; do + lang="${catsrc%.po}" + lang="${lang#dcraw_}" + msgfmt -o "dcraw_${lang}.mo" "$catsrc" +done + +%install +install -d -m 0755 %{buildroot}%{_bindir} +install -m 0755 dcraw %{buildroot}%{_bindir} + +# install language catalogs +for catalog in dcraw_*.mo; do + lang="${catalog%.mo}" + lang="${lang#dcraw_}" + install -d -m 0755 "%{buildroot}%{_datadir}/locale/${lang}/LC_MESSAGES" + install -m 0644 "$catalog" "%{buildroot}%{_datadir}/locale/${lang}/LC_MESSAGES/dcraw.mo" +done + +install -d -m 0755 %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man1 +install -m 0644 dcraw.1 %{buildroot}%{_mandir}/man1/dcraw.1 +# localized manpages +rm -f %{name}-man-files +touch %{name}-man-files +for manpage in dcraw_*.1; do + lang="${manpage%.1}" + lang="${lang#dcraw_}" + install -d -m 0755 "%{buildroot}%{_mandir}/${lang}/man1" + install -m 0644 "${manpage}" "%{buildroot}%{_mandir}/${lang}/man1/dcraw.1" + echo "%%lang($lang) %%{_mandir}/${lang}/man1/*" >> %{name}-man-files +done + +%find_lang %{name} + +%files -f %{name}.lang -f %{name}-man-files +%{_bindir}/dcraw +%{_mandir}/man1/* + +%changelog +* Thu Jul 14 2018 Josef Ridky - 9.27.0-9 +- Fix CVE-2018-5801 (#1557165) and CVE-2018-5802 (#1557184) + +* Fri Feb 23 2018 Florian Weimer - 9.27.0-8 +- Use LDFLAGS from redhat-rpm-config + +* Tue Feb 20 2018 Nils Philippsen - 9.27.0-7 +- require gcc for building + +* Wed Feb 07 2018 Fedora Release Engineering - 9.27.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 9.27.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 9.27.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 9.27.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Dec 05 2016 Than Ngo - 9.27.0-2 +- rebuild against new jasper-2.0.0 + +* Thu Jun 09 2016 Nils Philippsen - 9.27.0 +- version 9.27.0 +- use %%autosetup +- remove packaging cruft + +* Wed Feb 03 2016 Fedora Release Engineering - 9.25.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 9.25.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed May 20 2015 Nils Philippsen - 9.25.0-2 +- add Provides: bundled(dcraw) +- don't manually specify, clean buildroot + +* Wed May 20 2015 Nils Philippsen - 9.25.0-1 +- version 9.25.0 +- remove unnecessary check from CVE-2013-1438 patch +- avoid writing past array boundaries when reading certain raw formats + (CVE-2015-3885) + +* Wed Apr 08 2015 Nils Philippsen - 9.24.4-1 +- version 9.24.4 + +* Sat Feb 14 2015 Nils Philippsen - 9.23.0-1 +- version 9.23.0 + +* Sat Aug 16 2014 Fedora Release Engineering - 9.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Jun 30 2014 Nils Philippsen - 9.22-1 +- version 9.22 + +* Sat Jun 07 2014 Fedora Release Engineering - 9.21-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 06 2014 Nils Philippsen - 9.21-1 +- report lcms2 errors + +* Mon May 05 2014 Nils Philippsen - 9.21-1 +- version 9.21 + +* Sat Apr 26 2014 Nils Philippsen - 9.20-2 +- new upstream tarball with unchanged version number (RCS id 1.461 instead of + 1.458), obsoletes lcms2 patch + +* Wed Jan 15 2014 Nils Philippsen - 9.20-1 +- version 9.20 + +* Fri Dec 06 2013 Nils Philippsen - 9.19-4 +- harden against corrupt input files (CVE-2013-1438) + +* Fri Sep 13 2013 Nils Philippsen - 9.19-3 +- build against the currently maintained version of lcms (2.x) + +* Sat Aug 03 2013 Fedora Release Engineering - 9.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jun 20 2013 Nils Philippsen - 9.19-1 +- version 9.19 + +* Mon Jun 03 2013 Nils Philippsen - 9.18-1 +- version 9.18 + +* Wed Feb 13 2013 Fedora Release Engineering - 9.17-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jan 18 2013 Adam Tkac - 9.17-2 +- rebuild due to "jpeg8-ABI" feature drop + +* Mon Jan 14 2013 Nils Philippsen - 9.17-1 +- version 9.17 + +* Fri Dec 21 2012 Adam Tkac - 9.16-4 +- rebuild against new libjpeg + +* Thu Oct 18 2012 Nils Philippsen - 9.16-3 +- upstream changed 9.16 tarball, adds support for Samsung NX1000, Sony + DSC-RX100 models + +* Wed Jul 18 2012 Fedora Release Engineering - 9.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 04 2012 Nils Philippsen - 9.16-1 +- version 9.16 + +* Tue Jun 19 2012 Nils Philippsen - 9.15-1 +- version 9.15 + +* Tue Jan 10 2012 Nils Philippsen - 9.12-2 +- rebuild for gcc 4.7 + +* Thu Dec 22 2011 Nils Philippsen - 9.12-1 +- version 9.12 + +* Wed Oct 12 2011 Nils Philippsen - 9.11-1 +- version 9.11 + +* Mon Aug 01 2011 Nils Philippsen - 9.10-1 +- version 9.10 +- add BR: jasper-devel, link with jasper library + +* Mon May 23 2011 Nils Philippsen - 9.08-1 +- version 9.08 + +* Thu Apr 14 2011 Nils Philippsen - 9.07-1 +- version 9.07 + +* Fri Mar 04 2011 Nils Philippsen - 9.06-1 +- version 9.06 + +* Tue Feb 08 2011 Fedora Release Engineering - 9.04-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Aug 03 2010 Nils Philippsen - 9.04-1 +- version 9.04 + +* Wed Jun 02 2010 Nils Philippsen - 9.01-1 +- version 9.01 +- color man page files with %%lang() + +* Fri Feb 12 2010 Nils Philippsen - 8.99-1 +- version 8.99 + +* Tue Aug 18 2009 Nils Philippsen - 8.96-1 +- version 8.96 + +* Fri Jul 24 2009 Fedora Release Engineering - 8.91-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Mar 02 2009 Nils Philippsen - 8.91-1 +- version 8.91 + +* Tue Feb 24 2009 Fedora Release Engineering - 8.89-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Nov 27 2008 Nils Philippsen - 8.89-1 +- version 8.89 +- remove obsolete gps patch + +* Mon Feb 25 2008 Nils Philippsen - 8.82-1 +- version 8.82 + +* Tue Feb 19 2008 Fedora Release Engineering - 8.81-2 +- Autorebuild for GCC 4.3 + +* Mon Jan 14 2008 Nils Philippsen - 8.81-1 +- version 8.81 +- add support for GPS data (#428600, patch by Ulrich Drepper) + +* Fri Nov 30 2007 Nils Philippsen - 8.80-1 +- version 8.80 +- change license tag to GPLv2+ + +* Mon Feb 05 2007 Nils Philippsen - 8.77-2 +- rebuild with pristine source tarball + +* Mon Feb 05 2007 Nils Philippsen - 8.77-1 +- version 8.77 + +* Mon Feb 05 2007 Nils Philippsen - 8.53-2 +- fix summary, use %%find_lang (#225678) + +* Thu Feb 01 2007 Nils Philippsen - 8.53-1 +- upstream finally has a tarball, use that and its version (#209016) +- use dist tag + +* Wed Jul 12 2006 Jesse Keating - 0.0.20060521-1.1 +- rebuild + +* Tue May 23 2006 Nils Philippsen - 0.0.20060521-1 +- program and manpage version of 2006-05-21 +- use %%optflags +- change license tag to GPL +- use lcms + +* Fri Feb 10 2006 Jesse Keating - 0.0.20051211-1.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.0.20051211-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Wed Dec 14 2005 Nils Philippsen +- version of 2005-12-11 +- manpage of 2005-09-29 + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Mar 02 2005 Nils Philippsen +- version of 2005-02-27 +- manpage of 2005-01-19 + +* Wed Dec 01 2004 Nils Philippsen +- version of 2004-11-28 +- initial build