Hello community,
here is the log from the commit of package ufraw for openSUSE:Factory checked
in at 2019-02-13 10:06:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ufraw (Old)
and /work/SRC/openSUSE:Factory/.ufraw.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ufraw"
Wed Feb 13 10:06:02 2019 rev:47 rq:673630 version:0.22
Changes:
--------
--- /work/SRC/openSUSE:Factory/ufraw/ufraw.changes 2017-06-13
16:08:46.261048296 +0200
+++ /work/SRC/openSUSE:Factory/.ufraw.new.28833/ufraw.changes 2019-02-13
10:06:13.873548436 +0100
@@ -1,0 +2,12 @@
+Sun Feb 10 21:19:09 UTC 2019 - mun...@googlemail.com
+
+- added some gentoo/debian patches:
+ * ufraw-0.22-jpeg9.patch
+ * ufraw-0.22-exiv2-0.27.patch
+ * 01_no-gimp-remote.patch
+ * 02_CVE-2015-8366.patch (bsc#1006704)
+ * 04_fix-abs-gcc-7.patch
+ * 05_CVE-2018-19655.patch (bsc#1117896)
+ * 06_lensfun_destroy_cleanup.patch
+
+-------------------------------------------------------------------
New:
----
01_no-gimp-remote.patch
02_CVE-2015-8366.patch
04_fix-abs-gcc-7.patch
05_CVE-2018-19655.patch
06_lensfun_destroy_cleanup.patch
ufraw-0.22-exiv2-0.27.patch
ufraw-0.22-jpeg9.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ufraw.spec ++++++
--- /var/tmp/diff_new_pack.riWc4p/_old 2019-02-13 10:06:15.749547963 +0100
+++ /var/tmp/diff_new_pack.riWc4p/_new 2019-02-13 10:06:15.749547963 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ufraw
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -46,7 +46,13 @@
Patch2: %{name}-glibc210.patch
Patch3: narrowing-conversion.patch
Patch4: ufraw-gcc7.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+Patch10: ufraw-0.22-jpeg9.patch
+Patch11: ufraw-0.22-exiv2-0.27.patch
+Patch12: 01_no-gimp-remote.patch
+Patch13: 02_CVE-2015-8366.patch
+Patch14: 04_fix-abs-gcc-7.patch
+Patch15: 05_CVE-2018-19655.patch
+Patch16: 06_lensfun_destroy_cleanup.patch
Recommends: %{name}-lang
%description
@@ -98,6 +104,13 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
%build
%ifarch ppc64
++++++ 01_no-gimp-remote.patch ++++++
Don't use gimp-remote since gimp 2.4 already includes gimp-remote functionality
--- a/ufraw_conf.c
+++ b/ufraw_conf.c
@@ -137,7 +137,7 @@
#elif HAVE_GIMP_2_4
"gimp", /* remoteGimpCommand */
#else
- "gimp-remote", /* remoteGimpCommand */
+ "gimp", /* remoteGimpCommand */
#endif
/* EXIF data */
++++++ 02_CVE-2015-8366.patch ++++++
Fix a buffer overflow bug. See
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
--- a/dcraw.cc
+++ b/dcraw.cc
@@ -3013,7 +3013,10 @@
diff = diff ? -diff : 0x80;
if (ftell(ifp) + 12 >= (int) seg[1][1])
diff = 0;
- raw_image[pix] = pred[pix & 1] += diff;
+ if(pix>=raw_width*raw_height)
+ derror();
+ else
+ raw_image[pix] = pred[pix & 1] += diff;
if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2;
}
maximum = 0xff;
++++++ 04_fix-abs-gcc-7.patch ++++++
Description: fix compilation in GCC 7
change some variables to int instead of unsigned so that calls to abs are no
longer ambiguous under GCC7
Author: Ken Moffat
Origin: https://sourceforge.net/p/ufraw/mailman/message/35843737/
Bug-Debian: https://bugs.debian.org/853692
--- ufraw-0.22.orig/dcraw.cc
+++ ufraw-0.22/dcraw.cc
@@ -8769,8 +8769,8 @@ void CLASS identify()
"Nikon", "Nokia", "Olympus", "Pentax", "Phase One", "Ricoh",
"Samsung", "Sigma", "Sinar", "Sony" };
char head[32], *cp;
- unsigned fsize, i, c;
- int hlen, flen, zero_fsize=1;
+ unsigned fsize;
+ int hlen, flen, zero_fsize=1, i, c;
struct jhead jh;
tiff_flip = flip = filters = UINT_MAX; /* unknown */
++++++ 05_CVE-2018-19655.patch ++++++
Description: stack-based buffer overflow bug
Bug-Debian: https://bugs.debian.org/890086
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-19655
Author: Filip Hroch <hr...@physics.muni.cz>
Reviewed-by: Salvatore Bonaccorso <car...@debian.org>
Last-Update: 2018-12-02
--- a/dcraw.cc
+++ b/dcraw.cc
@@ -8505,9 +8505,15 @@ float CLASS find_green (int bps, int bit
{
UINT64 bitbuf=0;
int vbits, col, i, c;
- ushort img[2][2064];
+ ushort *img;
double sum[]={0,0};
+#define IMG2D(row,col) \
+ img[(row)*width+(col)]
+
+ img = (ushort *) malloc(2*width*sizeof(ushort));
+ merror (img, "find_green()");
+
FORC(2) {
fseek (ifp, c ? off1:off0, SEEK_SET);
for (vbits=col=0; col < width; col++) {
@@ -8516,13 +8522,14 @@ float CLASS find_green (int bps, int bit
for (i=0; i < bite; i+=8)
bitbuf |= (unsigned) (fgetc(ifp) << i);
}
- img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps);
+ IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps);
}
}
FORC(width-1) {
- sum[ c & 1] += ABS(img[0][c]-img[1][c+1]);
- sum[~c & 1] += ABS(img[1][c]-img[0][c+1]);
+ sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1));
+ sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1));
}
+ free(img);
return 100 * log(sum[0]/sum[1]);
}
++++++ 06_lensfun_destroy_cleanup.patch ++++++
Description: Fix cleanup of lensfun
Bug-Debian: https://bugs.debian.org/898297
Author: Helmut Grohne <hel...@subdivi.de>, Lauro Moura <lauromo...@gmail.com>
Reviewed-by: Hubert Chathi <uho...@debian.org>
Last-Update: 2018-12-02
--- ufraw-0.22.orig/ufraw_ufraw.c
+++ ufraw-0.22/ufraw_ufraw.c
@@ -767,8 +767,10 @@ void ufraw_close(ufraw_data *uf)
g_free(uf->displayProfile);
g_free(uf->RawHistogram);
#ifdef HAVE_LENSFUN
- lf_modifier_destroy(uf->TCAmodifier);
- lf_modifier_destroy(uf->modifier);
+ if (uf->TCAmodifier != NULL)
+ lf_modifier_destroy(uf->TCAmodifier);
+ if (uf->modifier != NULL)
+ lf_modifier_destroy(uf->modifier);
#endif
ufobject_delete(uf->conf->ufobject);
g_free(uf->conf);
++++++ ufraw-0.22-exiv2-0.27.patch ++++++
--- a/ufraw_exiv2.cc 2015-06-16 05:58:38.000000000 +0200
+++ b/ufraw_exiv2.cc 2018-12-29 22:51:23.291894430 +0100
@@ -15,9 +15,7 @@
#include "ufraw.h"
#ifdef HAVE_EXIV2
-#include <exiv2/image.hpp>
-#include <exiv2/easyaccess.hpp>
-#include <exiv2/exif.hpp>
+#include <exiv2/exiv2.hpp>
#include <sstream>
#include <cassert>
@@ -67,7 +65,11 @@
if (exifData.empty()) {
std::string error(uf->filename);
error += ": No Exif data found in the file";
+#if EXIV2_TEST_VERSION(0,27,0)
+ throw Exiv2::Error(Exiv2::kerErrorMessage, error);
+#else
throw Exiv2::Error(1, error);
+#endif
}
/* List of tag names taken from exiv2's printSummary() in actions.cpp
*/
++++++ ufraw-0.22-jpeg9.patch ++++++
Fix build with >=jpeg-9
Thanks-to: Moran Z. <o542018...@gmail.com>
--- a/dcraw.cc 2014-09-02 07:50:38.000000000 +0300
+++ b/dcraw.cc 2015-02-21 04:54:13.957561352 +0200
@@ -2330,7 +2330,7 @@
#endif
cinfo->src->next_input_byte = jpeg_buffer;
cinfo->src->bytes_in_buffer = nbytes;
- return TRUE;
+ return boolean(TRUE);
}
void CLASS kodak_jpeg_load_raw()
@@ -2346,7 +2346,7 @@
jpeg_create_decompress (&cinfo);
jpeg_stdio_src (&cinfo, ifp);
cinfo.src->fill_input_buffer = fill_input_buffer;
- jpeg_read_header (&cinfo, TRUE);
+ jpeg_read_header (&cinfo, boolean(TRUE));
jpeg_start_decompress (&cinfo);
if ((cinfo.output_width != width ) ||
(cinfo.output_height*2 != height ) ||
@@ -2419,7 +2419,7 @@
if (tile_length < INT_MAX)
fseek (ifp, get4(), SEEK_SET);
jpeg_stdio_src (&cinfo, ifp);
- jpeg_read_header (&cinfo, TRUE);
+ jpeg_read_header (&cinfo, boolean(TRUE));
jpeg_start_decompress (&cinfo);
buf = (*cinfo.mem->alloc_sarray)
((j_common_ptr) &cinfo, JPOOL_IMAGE, cinfo.output_width*3, 1);
