Hello community, here is the log from the commit of package ufraw for openSUSE:Factory checked in at 2019-02-13 10:06:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ufraw (Old) and /work/SRC/openSUSE:Factory/.ufraw.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ufraw" Wed Feb 13 10:06:02 2019 rev:47 rq:673630 version:0.22 Changes: -------- --- /work/SRC/openSUSE:Factory/ufraw/ufraw.changes 2017-06-13 16:08:46.261048296 +0200 +++ /work/SRC/openSUSE:Factory/.ufraw.new.28833/ufraw.changes 2019-02-13 10:06:13.873548436 +0100 @@ -1,0 +2,12 @@ +Sun Feb 10 21:19:09 UTC 2019 - mun...@googlemail.com + +- added some gentoo/debian patches: + * ufraw-0.22-jpeg9.patch + * ufraw-0.22-exiv2-0.27.patch + * 01_no-gimp-remote.patch + * 02_CVE-2015-8366.patch (bsc#1006704) + * 04_fix-abs-gcc-7.patch + * 05_CVE-2018-19655.patch (bsc#1117896) + * 06_lensfun_destroy_cleanup.patch + +------------------------------------------------------------------- New: ---- 01_no-gimp-remote.patch 02_CVE-2015-8366.patch 04_fix-abs-gcc-7.patch 05_CVE-2018-19655.patch 06_lensfun_destroy_cleanup.patch ufraw-0.22-exiv2-0.27.patch ufraw-0.22-jpeg9.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ufraw.spec ++++++ --- /var/tmp/diff_new_pack.riWc4p/_old 2019-02-13 10:06:15.749547963 +0100 +++ /var/tmp/diff_new_pack.riWc4p/_new 2019-02-13 10:06:15.749547963 +0100 @@ -1,7 +1,7 @@ # # spec file for package ufraw # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -46,7 +46,13 @@ Patch2: %{name}-glibc210.patch Patch3: narrowing-conversion.patch Patch4: ufraw-gcc7.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch10: ufraw-0.22-jpeg9.patch +Patch11: ufraw-0.22-exiv2-0.27.patch +Patch12: 01_no-gimp-remote.patch +Patch13: 02_CVE-2015-8366.patch +Patch14: 04_fix-abs-gcc-7.patch +Patch15: 05_CVE-2018-19655.patch +Patch16: 06_lensfun_destroy_cleanup.patch Recommends: %{name}-lang %description @@ -98,6 +104,13 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build %ifarch ppc64 ++++++ 01_no-gimp-remote.patch ++++++ Don't use gimp-remote since gimp 2.4 already includes gimp-remote functionality --- a/ufraw_conf.c +++ b/ufraw_conf.c @@ -137,7 +137,7 @@ #elif HAVE_GIMP_2_4 "gimp", /* remoteGimpCommand */ #else - "gimp-remote", /* remoteGimpCommand */ + "gimp", /* remoteGimpCommand */ #endif /* EXIF data */ ++++++ 02_CVE-2015-8366.patch ++++++ Fix a buffer overflow bug. See https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2 --- a/dcraw.cc +++ b/dcraw.cc @@ -3013,7 +3013,10 @@ diff = diff ? -diff : 0x80; if (ftell(ifp) + 12 >= (int) seg[1][1]) diff = 0; - raw_image[pix] = pred[pix & 1] += diff; + if(pix>=raw_width*raw_height) + derror(); + else + raw_image[pix] = pred[pix & 1] += diff; if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2; } maximum = 0xff; ++++++ 04_fix-abs-gcc-7.patch ++++++ Description: fix compilation in GCC 7 change some variables to int instead of unsigned so that calls to abs are no longer ambiguous under GCC7 Author: Ken Moffat Origin: https://sourceforge.net/p/ufraw/mailman/message/35843737/ Bug-Debian: https://bugs.debian.org/853692 --- ufraw-0.22.orig/dcraw.cc +++ ufraw-0.22/dcraw.cc @@ -8769,8 +8769,8 @@ void CLASS identify() "Nikon", "Nokia", "Olympus", "Pentax", "Phase One", "Ricoh", "Samsung", "Sigma", "Sinar", "Sony" }; char head[32], *cp; - unsigned fsize, i, c; - int hlen, flen, zero_fsize=1; + unsigned fsize; + int hlen, flen, zero_fsize=1, i, c; struct jhead jh; tiff_flip = flip = filters = UINT_MAX; /* unknown */ ++++++ 05_CVE-2018-19655.patch ++++++ Description: stack-based buffer overflow bug Bug-Debian: https://bugs.debian.org/890086 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-19655 Author: Filip Hroch <hr...@physics.muni.cz> Reviewed-by: Salvatore Bonaccorso <car...@debian.org> Last-Update: 2018-12-02 --- a/dcraw.cc +++ b/dcraw.cc @@ -8505,9 +8505,15 @@ float CLASS find_green (int bps, int bit { UINT64 bitbuf=0; int vbits, col, i, c; - ushort img[2][2064]; + ushort *img; double sum[]={0,0}; +#define IMG2D(row,col) \ + img[(row)*width+(col)] + + img = (ushort *) malloc(2*width*sizeof(ushort)); + merror (img, "find_green()"); + FORC(2) { fseek (ifp, c ? off1:off0, SEEK_SET); for (vbits=col=0; col < width; col++) { @@ -8516,13 +8522,14 @@ float CLASS find_green (int bps, int bit for (i=0; i < bite; i+=8) bitbuf |= (unsigned) (fgetc(ifp) << i); } - img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps); + IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps); } } FORC(width-1) { - sum[ c & 1] += ABS(img[0][c]-img[1][c+1]); - sum[~c & 1] += ABS(img[1][c]-img[0][c+1]); + sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1)); + sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1)); } + free(img); return 100 * log(sum[0]/sum[1]); } ++++++ 06_lensfun_destroy_cleanup.patch ++++++ Description: Fix cleanup of lensfun Bug-Debian: https://bugs.debian.org/898297 Author: Helmut Grohne <hel...@subdivi.de>, Lauro Moura <lauromo...@gmail.com> Reviewed-by: Hubert Chathi <uho...@debian.org> Last-Update: 2018-12-02 --- ufraw-0.22.orig/ufraw_ufraw.c +++ ufraw-0.22/ufraw_ufraw.c @@ -767,8 +767,10 @@ void ufraw_close(ufraw_data *uf) g_free(uf->displayProfile); g_free(uf->RawHistogram); #ifdef HAVE_LENSFUN - lf_modifier_destroy(uf->TCAmodifier); - lf_modifier_destroy(uf->modifier); + if (uf->TCAmodifier != NULL) + lf_modifier_destroy(uf->TCAmodifier); + if (uf->modifier != NULL) + lf_modifier_destroy(uf->modifier); #endif ufobject_delete(uf->conf->ufobject); g_free(uf->conf); ++++++ ufraw-0.22-exiv2-0.27.patch ++++++ --- a/ufraw_exiv2.cc 2015-06-16 05:58:38.000000000 +0200 +++ b/ufraw_exiv2.cc 2018-12-29 22:51:23.291894430 +0100 @@ -15,9 +15,7 @@ #include "ufraw.h" #ifdef HAVE_EXIV2 -#include <exiv2/image.hpp> -#include <exiv2/easyaccess.hpp> -#include <exiv2/exif.hpp> +#include <exiv2/exiv2.hpp> #include <sstream> #include <cassert> @@ -67,7 +65,11 @@ if (exifData.empty()) { std::string error(uf->filename); error += ": No Exif data found in the file"; +#if EXIV2_TEST_VERSION(0,27,0) + throw Exiv2::Error(Exiv2::kerErrorMessage, error); +#else throw Exiv2::Error(1, error); +#endif } /* List of tag names taken from exiv2's printSummary() in actions.cpp */ ++++++ ufraw-0.22-jpeg9.patch ++++++ Fix build with >=jpeg-9 Thanks-to: Moran Z. <o542018...@gmail.com> --- a/dcraw.cc 2014-09-02 07:50:38.000000000 +0300 +++ b/dcraw.cc 2015-02-21 04:54:13.957561352 +0200 @@ -2330,7 +2330,7 @@ #endif cinfo->src->next_input_byte = jpeg_buffer; cinfo->src->bytes_in_buffer = nbytes; - return TRUE; + return boolean(TRUE); } void CLASS kodak_jpeg_load_raw() @@ -2346,7 +2346,7 @@ jpeg_create_decompress (&cinfo); jpeg_stdio_src (&cinfo, ifp); cinfo.src->fill_input_buffer = fill_input_buffer; - jpeg_read_header (&cinfo, TRUE); + jpeg_read_header (&cinfo, boolean(TRUE)); jpeg_start_decompress (&cinfo); if ((cinfo.output_width != width ) || (cinfo.output_height*2 != height ) || @@ -2419,7 +2419,7 @@ if (tile_length < INT_MAX) fseek (ifp, get4(), SEEK_SET); jpeg_stdio_src (&cinfo, ifp); - jpeg_read_header (&cinfo, TRUE); + jpeg_read_header (&cinfo, boolean(TRUE)); jpeg_start_decompress (&cinfo); buf = (*cinfo.mem->alloc_sarray) ((j_common_ptr) &cinfo, JPOOL_IMAGE, cinfo.output_width*3, 1);