From 46d1c6abb6d5b62dadb023e9db40c8fc2e119130 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 10 Oct 2023 08:08:17 +0200 Subject: import from CentOS 9 Stream --- ...-for-input-buffer-size-on-datastream-gets.patch | 40 +++ LibRaw-pkgconfig.patch | 26 ++ LibRaw.spec | 274 ++++++++++++++++++--- 3 files changed, 301 insertions(+), 39 deletions(-) create mode 100644 LibRaw-check-for-input-buffer-size-on-datastream-gets.patch create mode 100644 LibRaw-pkgconfig.patch diff --git a/LibRaw-check-for-input-buffer-size-on-datastream-gets.patch b/LibRaw-check-for-input-buffer-size-on-datastream-gets.patch new file mode 100644 index 0000000..50659e5 --- /dev/null +++ b/LibRaw-check-for-input-buffer-size-on-datastream-gets.patch @@ -0,0 +1,40 @@ +From fa329f37dca4a2c938f8abb50ee4a7ef93e64fbb Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin +Date: Mon, 12 Apr 2021 13:21:52 +0300 +Subject: [PATCH] check for input buffer size on datastream::gets + +--- + src/libraw_datastream.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp +index 606e5de73618..7e95bc749688 100644 +--- a/src/libraw_datastream.cpp ++++ b/src/libraw_datastream.cpp +@@ -286,6 +286,7 @@ INT64 LibRaw_file_datastream::tell() + + char *LibRaw_file_datastream::gets(char *str, int sz) + { ++ if(sz<1) return NULL; + LR_STREAM_CHK(); + std::istream is(f.get()); + is.getline(str, sz); +@@ -417,6 +418,7 @@ INT64 LibRaw_buffer_datastream::tell() + + char *LibRaw_buffer_datastream::gets(char *s, int sz) + { ++ if(sz<1) return NULL; + unsigned char *psrc, *pdest, *str; + str = (unsigned char *)s; + psrc = buf + streampos; +@@ -609,6 +611,7 @@ INT64 LibRaw_bigfile_datastream::tell() + + char *LibRaw_bigfile_datastream::gets(char *str, int sz) + { ++ if(sz<1) return NULL; + LR_BF_CHK(); + return fgets(str, sz, f); + } +-- +2.39.2 + diff --git a/LibRaw-pkgconfig.patch b/LibRaw-pkgconfig.patch new file mode 100644 index 0000000..5b60b03 --- /dev/null +++ b/LibRaw-pkgconfig.patch @@ -0,0 +1,26 @@ +--- LibRaw-0.20-Beta1/libraw.pc.in~ 2020-05-13 14:22:12.656424311 +0200 ++++ LibRaw-0.20-Beta1/libraw.pc.in 2020-05-13 14:22:27.481441569 +0200 +@@ -5,7 +5,8 @@ + + Name: libraw + Description: Raw image decoder library (non-thread-safe) +-Requires: @PACKAGE_REQUIRES@ ++Requires.private: @PACKAGE_REQUIRES@ + Version: @PACKAGE_VERSION@ +-Libs: -L${libdir} -lraw -lstdc++@PC_OPENMP@ ++Libs: -L${libdir} -lraw@PC_OPENMP@ ++Libs.private: -lstdc++ + Cflags: -I${includedir}/libraw -I${includedir} +--- LibRaw-0.20-Beta1/libraw_r.pc.in~ 2020-05-13 14:22:18.034430572 +0200 ++++ LibRaw-0.20-Beta1/libraw_r.pc.in 2020-05-13 14:22:27.481441569 +0200 +@@ -5,7 +5,8 @@ + + Name: libraw + Description: Raw image decoder library (thread-safe) +-Requires: @PACKAGE_REQUIRES@ ++Requires.private: @PACKAGE_REQUIRES@ + Version: @PACKAGE_VERSION@ +-Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@ ++Libs: -L${libdir} -lraw_r@PC_OPENMP@ ++Libs.private: -lstdc++ + Cflags: -I${includedir}/libraw -I${includedir} diff --git a/LibRaw.spec b/LibRaw.spec index 989d824..f8b6cd1 100644 --- a/LibRaw.spec +++ b/LibRaw.spec @@ -1,8 +1,14 @@ + +# feature macro to enable samples (or not) +%if 0%{?rhel} != 7 +%global samples 1 +%endif + Summary: Library for reading RAW files obtained from digital photo cameras Name: LibRaw -Version: 0.19.2 -Release: 0%{?dist} -License: BSD and (CDDL or LGPLv2) +Version: 0.20.2 +Release: 6%{?dist} +License: BSD and LGPLv2 URL: http://www.libraw.org BuildRequires: gcc-c++ @@ -10,9 +16,15 @@ BuildRequires: pkgconfig(lcms2) BuildRequires: pkgconfig(jasper) BuildRequires: pkgconfig(libjpeg) BuildRequires: autoconf automake libtool +BuildRequires: make + +Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz + +Patch0: LibRaw-pkgconfig.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=2172140 +Patch1: LibRaw-check-for-input-buffer-size-on-datastream-gets.patch -Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz -Patch0: LibRaw-0.6.0-pkgconfig.patch Provides: bundled(dcraw) = 9.25 %description @@ -39,28 +51,20 @@ Requires: %{name}-devel%{?_isa} = %{version}-%{release} %description static LibRaw static development libraries. -%if 0%{?rhel} != 7 %package samples Summary: LibRaw sample programs Requires: %{name} = %{version}-%{release} %description samples LibRaw sample programs -%endif %prep -%setup -q - -%patch0 -p0 -b .pkgconfig +%autosetup -p1 -n %{name}-%{version} %build autoreconf -if %configure \ -%if 0%{?rhel} == 7 - --enable-examples=no \ -%else - --enable-examples=yes \ -%endif + --enable-examples=%{?samples:yes}%{!?samples:no} \ --enable-jasper \ --enable-jpeg \ --enable-lcms \ @@ -86,14 +90,13 @@ rm -fv samples/*.o rm -fv %{buildroot}%{_libdir}/lib*.la -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%ldconfig_scriptlets %files %doc Changelog.txt %license LICENSE.CDDL LICENSE.LGPL COPYRIGHT -%{_libdir}/libraw.so.19* -%{_libdir}/libraw_r.so.19* +%{_libdir}/libraw.so.20* +%{_libdir}/libraw_r.so.20* %files static %{_libdir}/libraw.a @@ -109,39 +112,232 @@ rm -fv %{buildroot}%{_libdir}/lib*.la %{_libdir}/pkgconfig/libraw_r.pc %exclude %{_docdir}/libraw/* -%if 0%{?rhel} != 7 +%if 0%{?samples} %files samples %{_bindir}/* %endif %changelog -* Thu Aug 8 2019 Remi Collet - 0.19.2-0 -- rebuild from RHEL-7.7 sources - temporary workaround waiting for CentOS 7.7 -- lower release to ensure official package will be preferred +* Tue Apr 04 2023 Debarshi Ray - 0.20.2-6 +- Fix CVE-2021-32142 +Resolves: #2172140 + +* Mon Dec 13 2021 Debarshi Ray - 0.20.2-5 +- CDDL is not an approved license +Resolves: #2031918 + +* Mon Aug 09 2021 Mohan Boddu - 0.20.2-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 0.20.2-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Jan 25 2021 Fedora Release Engineering - 0.20.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Oct 15 2020 Gwyn Ciesla - 0.20.2-1 +- 0.20.2 + +* Wed Oct 14 2020 Gwyn Ciesla - 0.20.1-1 +- 0.20.1 + +* Thu Sep 24 2020 Gwyn Ciesla - 0.20.0-3 +- Patch for CVE-2020-24890. -* Wed Jan 2 2019 Debarshi Ray - 0.19.2-1 -- Update to 0.19.2 -- Resolves: #1543597 +* Mon Jul 27 2020 Fedora Release Engineering - 0.20.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -* Wed Jan 2 2019 Debarshi Ray - 0.19.1-2 +* Thu Jul 23 2020 Gwyn Ciesla - 0.20.0-1 +- 0.20.0 final. + +* Thu Jul 02 2020 Gwyn Ciesla - 0.20-0.rc1.3 +- RC1 + +* Mon Jun 29 2020 Gwyn Ciesla - 0.20-0.beta1.2 +- Patch for CVE-2020-15365 + +* Wed May 13 2020 Kalev Lember - 0.20-0.beta1.1 +- Add back pkgconfig patch lost in the previous commit + +* Thu May 07 2020 Gwyn Ciesla - 0.20-0.beta1 +- 0.20 Beta 1 + +* Tue Jan 28 2020 Fedora Release Engineering - 0.19.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Aug 20 2019 Gwyn Ciesla - 0.19.5-1 +- 0.19.5 + +* Mon Aug 05 2019 Gwyn Ciesla - 0.19.4-1 +- 0.19.4 + +* Wed Jul 24 2019 Fedora Release Engineering - 0.19.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Jul 03 2019 Gwyn Ciesla - 0.19.3-1 +- 0.19.3 + +* Thu Jan 31 2019 Fedora Release Engineering - 0.19.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jan 02 2019 Debarshi Ray - 0.19.2-2 - Remove the samples subpackage from RHEL 7 -- Resolves: #1543597 -* Mon Dec 17 2018 Debarshi Ray - 0.19.1-1 -- Update to 0.19.1 -- Resolves: #1543597 +* Wed Dec 26 2018 Gwyn Ciesla - 0.19.2-1 +- 0.19.2 + +* Thu Nov 22 2018 Debarshi Ray - 0.19.1-1 +- 0.19.1 + +* Mon Oct 08 2018 Debarshi Ray - 0.19.0-6 +- Remove the build artifacts for the samples + +* Mon Oct 08 2018 Debarshi Ray - 0.19.0-5 +- Bind the samples sub-package more tightly to the main package + +* Tue Jul 31 2018 Debarshi Ray - 0.19.0-4 +- Fix License +- Explicitly enable JPEG and OpenMP support to avoid surprises + +* Thu Jul 19 2018 Rex Dieter - 0.19.0-3 +- tighten %%files, mostly so api/soname changes will no longer be a surpise +- use %%make_build %%ldconfig_scriptlets + +* Thu Jul 12 2018 Fedora Release Engineering - 0.19.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jun 29 2018 Gwyn Ciesla - 0.19.0-1 +- 0.19.0. + +* Mon Jun 11 2018 Gwyn Ciesla - 0.18.12-1 +- 0.18.12. + +* Thu May 10 2018 Gwyn Ciesla - 0.18.11-1 +- 0.18.11. + +* Thu May 03 2018 Gwyn Ciesla - 0.18.10-1 +- 0.18.10. + +* Wed Apr 25 2018 Gwyn Ciesla - 0.18.9-1 +- 0.18.9. + +* Sat Feb 24 2018 Gwyn Ciesla - 0.18.8-1 +- 0.18.8. + +* Wed Feb 07 2018 Fedora Release Engineering - 0.18.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 02 2018 Gwyn Ciesla - 0.18.7-2 +- Patch for updated glibc. + +* Fri Jan 19 2018 Gwyn Ciesla - 0.18.7-1 +- 0.18.7 +- Patch for ambiguous function call. + +* Wed Dec 06 2017 Gwyn Ciesla - 0.18.6-1 +- 0.18.6 + +* Fri Sep 22 2017 Gwyn Ciesla - 0.18.5-1 +- 0.18.5 + +* Fri Sep 15 2017 Gwyn Ciesla - 0.18.4-2 +- Patch for CVE-2017-14348. + +* Tue Sep 12 2017 Gwyn Ciesla - 0.18.4-1 +- 0.18.4 + +* Mon Sep 11 2017 Gwyn Ciesla - 0.18.3-1 +- 0.18.3 + +* Wed Sep 06 2017 Gwyn Ciesla - 0.18.2-5 +- Patch for CVE-2017-13735. + +* Wed Aug 02 2017 Fedora Release Engineering - 0.18.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.18.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Apr 14 2017 Rex Dieter - 0.18.2-2 +- fix rpath, tighten subpkg dependencies, use %%license + +* Thu Mar 09 2017 Jon Ciesla - 0.18.2-1 +- 0.18.2. + +* Mon Feb 13 2017 Jon Ciesla - 0.18.1-1 +- 0.18.1. + +* Fri Feb 10 2017 Fedora Release Engineering - 0.18.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Dec 27 2016 Jon Ciesla - 0.18.0-1 +- 0.18.0. + +* Thu Dec 1 2016 Tom Callaway - 0.17.2-2 +- rebuild for deps + +* Sun May 15 2016 Jon Ciesla - 0.17.2-1 +- 0.17.2. + +* Mon Feb 22 2016 Jon Ciesla - 0.17.1-4 +- Patch to fix FTBFS, BZ 1307280. + +* Wed Feb 03 2016 Fedora Release Engineering - 0.17.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Dec 01 2015 Jon Ciesla - 0.17.1-2 +- Patch for CVE-2015-8366 and CVE-2015-8367, BZ 1287057. + +* Sun Nov 29 2015 Jon Ciesla - 0.17.1-1 +- 0.17.1. + +* Mon Aug 17 2015 Jon Ciesla - 0.17.0-1 +- 0.17.0. + +* Tue Jun 16 2015 Fedora Release Engineering - 0.16.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat May 16 2015 Jon Ciesla - 0.16.2-1 +- 0.16.2, BZ 1222258. + +* Thu May 14 2015 Jon Ciesla - 0.16.1-7 +- Add provides for bundled dcraw, https://fedorahosted.org/fpc/ticket/530 +- Fix EVR in changelog. + +* Mon May 11 2015 Jon Ciesla - 0.16.1-6 +- 0.16.1, BZ 1220382. + +* Sat May 02 2015 Kalev Lember - 0.16.0-5 +- Rebuilt for GCC 5 C++11 ABI change + +* Fri Aug 15 2014 Fedora Release Engineering - 0.16.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jun 06 2014 Fedora Release Engineering - 0.16.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Feb 20 2014 Jon Ciesla - 0.16.0-2 +- Fix pkg-config flags, BZ 837248. + +* Tue Jan 21 2014 Jon Ciesla - 0.16.0-1 +- 0.16.0, BZ 1055281. + +* Fri Aug 30 2013 Jon Ciesla - 0.15.4-1 +- 0.15.4, CVE-2013-1439, BZ 1002717. + +* Wed Aug 07 2013 Jon Ciesla - 0.15.3-3 +- Enable samples, BZ 991514, -* Fri Jan 24 2014 Daniel Mach - 0.14.8-5.20120830git98d925 -- Mass rebuild 2014-01-24 +* Fri Aug 02 2013 Fedora Release Engineering - 0.15.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -* Wed Jan 8 2014 Debarshi Ray - 0.14.8-4.20120830git98d925 -- Fix CVE-2013-1438 and CVE-2013-1439 -- Resolves: #1002718 +* Tue Jul 09 2013 Jon Ciesla - 0.15.3-1 +- 0.15.3. -* Fri Dec 27 2013 Daniel Mach - 0.14.8-3 -- Mass rebuild 2013-12-27 +* Wed May 29 2013 Jon Ciesla - 0.15.2-1 +- Latest upstream, two security fixes. * Wed May 29 2013 Jon Ciesla - 0.14.8-2 - Patch for double free, CVE-2013-2126, BZ 968387. -- cgit