From 2fa77eb7d3a0e42420667fe9ce5587e0a6c11d24 Mon Sep 17 00:00:00 2001
From: Edouard Bourguignon <madko@linuxed.net>
Date: Jun 10 2013 12:25:58 +0000
Subject: Prevent CVE-2013-2126 and try to disable squish


---

diff --git a/0001-import-rawspeed-r513-fedora-19-libjpeg-workaround.patch b/0001-import-rawspeed-r513-fedora-19-libjpeg-workaround.patch
deleted file mode 100644
index 1ed8b25..0000000
--- a/0001-import-rawspeed-r513-fedora-19-libjpeg-workaround.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 644868606e6a1615cfc2d33c53729c9162ad9e56 Mon Sep 17 00:00:00 2001
-From: Pascal de Bruijn <pmjdebruijn@pcode.nl>
-Date: Wed, 6 Feb 2013 21:08:32 +0100
-Subject: [PATCH] import rawspeed r513 (fedora 19 libjpeg workaround)
-
----
- src/external/rawspeed/RawSpeed/DngDecoderSlices.cpp | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/external/rawspeed/RawSpeed/DngDecoderSlices.cpp b/src/external/rawspeed/RawSpeed/DngDecoderSlices.cpp
-index d1de821..fed1d53 100644
---- a/src/external/rawspeed/RawSpeed/DngDecoderSlices.cpp
-+++ b/src/external/rawspeed/RawSpeed/DngDecoderSlices.cpp
-@@ -89,6 +89,8 @@ void DngDecoderSlices::startDecoding() {
- }
- 
- #if JPEG_LIB_VERSION < 80
-+
-+#define JPEG_MEMSRC(A,B,C) jpeg_mem_src_int(A,B,C)
- /* Read JPEG image from a memory segment */
- 
- static void init_source (j_decompress_ptr cinfo) {}
-@@ -109,7 +111,7 @@ static void skip_input_data (j_decompress_ptr cinfo, long num_bytes)
-   }
- }
- static void term_source (j_decompress_ptr cinfo) {}
--static void jpeg_mem_src (j_decompress_ptr cinfo, unsigned char* buffer, long nbytes)
-+static void jpeg_mem_src_int (j_decompress_ptr cinfo, unsigned char* buffer, long nbytes)
- {
-   struct jpeg_source_mgr* src;
- 
-@@ -128,6 +130,8 @@ static void jpeg_mem_src (j_decompress_ptr cinfo, unsigned char* buffer, long nb
-   src->bytes_in_buffer = nbytes;
-   src->next_input_byte = (JOCTET*)buffer;
- }
-+#else
-+#define JPEG_MEMSRC(A,B,C) jpeg_mem_src(A,B,C)
- #endif
- 
- METHODDEF(void)
-@@ -171,7 +175,7 @@ void DngDecoderSlices::decodeSlice(DngDecoderThread* t) {
-         jerr.error_exit = my_error_throw;
-         CHECKSIZE(e.byteOffset);
-         CHECKSIZE(e.byteOffset+e.byteCount);
--        jpeg_mem_src(&dinfo, (unsigned char*)mFile->getData(e.byteOffset), e.byteCount);
-+        JPEG_MEMSRC(&dinfo, (unsigned char*)mFile->getData(e.byteOffset), e.byteCount);
- 
-         if (JPEG_HEADER_OK != jpeg_read_header(&dinfo, TRUE))
-           ThrowRDE("DngDecoderSlices: Unable to read JPEG header");
--- 
-1.7.11.7
-
diff --git a/darktable-broken_full_color_images.patch b/darktable-broken_full_color_images.patch
new file mode 100644
index 0000000..d9fd4d1
--- /dev/null
+++ b/darktable-broken_full_color_images.patch
@@ -0,0 +1,25 @@
+diff -Naur darktable-1.2.1.ori/src/external/LibRaw/src/libraw_cxx.cpp darktable-1.2.1/src/external/LibRaw/src/libraw_cxx.cpp
+--- darktable-1.2.1.ori/src/external/LibRaw/src/libraw_cxx.cpp	2013-05-26 10:50:54.000000000 +0200
++++ darktable-1.2.1/src/external/LibRaw/src/libraw_cxx.cpp	2013-06-10 14:04:37.897000000 +0200
+@@ -796,8 +796,8 @@
+                 S.iheight= S.height;
+                 IO.shrink = 0;
+                 // allocate image as temporary buffer, size 
+-                imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+-                imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
++		imgdata.rawdata.raw_alloc = 0; 
++		imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+             }
+ 
+ 
+@@ -807,8 +807,8 @@
+         // recover saved
+         if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
+             {
+-                imgdata.image = 0; 
+-                imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
++		imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image;
++		imgdata.image = 0;
+             }
+ 
+         // calculate channel maximum
diff --git a/darktable.spec b/darktable.spec
index 3a25d83..6315285 100644
--- a/darktable.spec
+++ b/darktable.spec
@@ -3,13 +3,14 @@
 
 Name:		darktable
 Version:	1.2.1
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Utility to organize and develop raw images
 
 Group:		Applications/Multimedia
 License:	GPLv3+
 URL:		http://darktable.sourceforge.net/
 Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
+Patch0:		darktable-broken_full_color_images.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  cmake
@@ -37,6 +38,8 @@ BuildRequires:	json-glib-devel
 %if 0%{?with_gegl}
 BuildRequires:	gegl-devel
 %endif
+BuildRequires:	LibRaw-devel
+BuildRequires:	colord-devel
 
 Requires:	gtk2-engines
 
@@ -53,6 +56,7 @@ It also enables you to develop raw images and enhance them.
 
 %prep
 %setup -q -n %{name}-%{version}
+%patch0 -p1 -b broken_full_color_images.rej
 
 %build
 mkdir buildFedora
@@ -61,6 +65,7 @@ pushd buildFedora
         -DCMAKE_LIBRARY_PATH:PATH=%{_libdir} \
         -DDONT_INSTALL_GCONF_SCHEMAS:BOOLEAN=ON \
         -DUSE_GEO:BOOLEAN=ON \
+	-DUSE_SQUISH=OFF \
         -DCMAKE_BUILD_TYPE:STRING=Release \
 	-DBINARY_PACKAGE_BUILD=1 \
 	-DPROJECT_VERSION:STRING="%{name}-%{version}-%{release}" \
@@ -120,6 +125,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 
 %changelog
+* Mon Jun 10 2013 Edouard Bourguignon <madko@linuxed.net> - 1.2.1-2
+- fix for CVE-2013-2126 (Thanks to Alex Tutubalin's patch)
+- Do not use squish (bug #972604)
+
 * Sun May 26 2013 Edouard Bourguignon <madko@linuxed.net> - 1.2.1-1
 - Upgrade to 1.2.1