From 3a24defb0f0b46d7f4003fe8e6c91d99159f99d1 Mon Sep 17 00:00:00 2001
From: Gwyn Ciesla <gwync@protonmail.com>
Date: Jun 29 2020 18:27:05 +0000
Subject: Patch for CVE-2020-15365


---

diff --git a/55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch b/55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
new file mode 100644
index 0000000..816ce48
--- /dev/null
+++ b/55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
@@ -0,0 +1,54 @@
+From 55f0a0c08974b8b79ebfa7762b555a1704b25fb2 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Tue, 16 Jun 2020 13:17:00 +0300
+Subject: [PATCH] possible buffer underrun in exif parser
+
+---
+ src/metadata/cr3_parser.cpp |  2 +-
+ src/metadata/exif_gps.cpp   | 13 +++++++++----
+ 2 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/src/metadata/cr3_parser.cpp b/src/metadata/cr3_parser.cpp
+index 33983e62..ee209bf3 100644
+--- a/src/metadata/cr3_parser.cpp
++++ b/src/metadata/cr3_parser.cpp
+@@ -83,7 +83,7 @@ void LibRaw::selectCRXTrack(short maxTrack)
+ 
+     int tiff_idx = -1;
+     INT64 tpixels = 0;
+-    for (int i = 0; i < tiff_nifds; i++)
++    for (int i = 0; i < tiff_nifds && i < LIBRAW_IFD_MAXCOUNT; i++)
+       if (INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height) > tpixels)
+       {
+         tpixels = INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height);
+diff --git a/src/metadata/exif_gps.cpp b/src/metadata/exif_gps.cpp
+index 6fbe1f32..98327969 100644
+--- a/src/metadata/exif_gps.cpp
++++ b/src/metadata/exif_gps.cpp
+@@ -164,7 +164,9 @@ void LibRaw::parse_exif(int base)
+       imgdata.lens.EXIF_MaxAp = libraw_powf64l(2.0f, (getreal(type) / 2.0f));
+       break;
+     case 0x829a: // 33434
+-      tiff_ifd[tiff_nifds - 1].t_shutter = shutter = getreal(type);
++      shutter = getreal(type);
++      if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
++          tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
+       break;
+     case 0x829d: // 33437, FNumber
+       aperture = getreal(type);
+@@ -186,9 +188,12 @@ void LibRaw::parse_exif(int base)
+       get_timestamp(0);
+       break;
+     case 0x9201: // 37377
+-      if ((expo = -getreal(type)) < 128 && shutter == 0.)
+-        tiff_ifd[tiff_nifds - 1].t_shutter = shutter =
+-            libraw_powf64l(2.0, expo);
++       if ((expo = -getreal(type)) < 128 && shutter == 0.)
++       {
++            shutter = libraw_powf64l(2.0, expo);
++            if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
++              tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
++       }
+       break;
+     case 0x9202: // 37378 ApertureValue
+       if ((fabs(ape = getreal(type)) < 256.0) && (!aperture))
diff --git a/LibRaw.spec b/LibRaw.spec
index 42e56d8..653a5a1 100644
--- a/LibRaw.spec
+++ b/LibRaw.spec
@@ -7,7 +7,7 @@
 Summary: Library for reading RAW files obtained from digital photo cameras
 Name: LibRaw
 Version: 0.20
-Release: 0.beta1%{?dist}.1
+Release: 0.beta1%{?dist}.2
 License: BSD and (CDDL or LGPLv2)
 URL: http://www.libraw.org
 
@@ -20,6 +20,7 @@ BuildRequires: autoconf automake libtool
 #Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
 Source0: http://github.com/LibRaw/LibRaw/archive/%{version}-Beta1.tar.gz
 Patch0: LibRaw-pkgconfig.patch
+Patch1: 55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
 Provides: bundled(dcraw) = 9.25
 
 %description
@@ -116,6 +117,9 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
 
 
 %changelog
+* Mon Jun 29 2020 Gwyn Ciesla <gwync@protonmail.com>- 0.20-.beta1.2
+- Patch for CVE-2020-15365
+
 * Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1
 - Add back pkgconfig patch lost in the previous commit