Bug 1543597 - Rebase to 0.19.2 [NEEDINFO]
Summary: Rebase to 0.19.2
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: LibRaw
Version: 7.7
Hardware: All
OS: Unspecified
unspecified
urgent
Target Milestone: rc
: ---
Assignee: Debarshi Ray
QA Contact: Desktop QE
URL:
Whiteboard:
Keywords:
: 1557172 1557186 1557203 1575861 1575863 1610705 1611636 1613945 1663163 (view as bug list)
Depends On:
Blocks: CVE-2018-10528 CVE-2018-10529 CVE-2018-5813 CVE-2018-5810 1652700 CVE-2018-5819 CVE-2018-5818 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5805
TreeView+ depends on / blocked
 
Reported: 2018-02-08 19:22 UTC by James Boyle
Modified: 2019-05-06 10:50 UTC (History)
9 users (show)

(edit)
Clone Of:
(edit)
Last Closed:
thoger: needinfo? (debarshir)


Attachments (Terms of Use)

Description James Boyle 2018-02-08 19:22:24 UTC
The version of LibRaw included with RHEL 7 (0.14.8-5) is out of date.  It contains multiple critical vulnerabilities:
CVE-2017-14608
CVE-2017-14265
CVE-2017-13735
CVE-2017-6887
CVE-2017-6886
CVE-2017-6889

Refer to the NIST NVD for more information about the flaws.

Upstream source from libraw.org is available, but it appears neither has the newer source been built nor patches backported.

Here is the last entry from the LibRaw package from RHEL 7:
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.14.8-5.20120830git98d925
- Mass rebuild 2014-01-24

Comment 2 Kalev Lember 2018-05-15 19:28:31 UTC
Should we maybe rebase LibRaw to 0.18.11 as part of the 7.6 desktop rebase?

Comment 3 Debarshi Ray 2018-05-16 14:49:51 UTC
I'd like to, but it involves an ABI break. So we need to check how this might affect EPEL.

Comment 4 Debarshi Ray 2018-11-22 15:57:54 UTC
Let's go ahead. My understanding is that EPEL packages can be expected to be rebuilt against the new soname. I think I recently saw an email fly by to that effect, but I can't find it at the moment. If there are issues with customers relying on the earlier soname, then I am happy to provide a compatibility package.

Comment 5 Debarshi Ray 2018-11-22 16:03:24 UTC
(In reply to Kalev Lember from comment #2)
> Should we maybe rebase LibRaw to 0.18.11 as part of the 7.6 desktop rebase?

The current supported series is 0.19.x, so we should rebase to that now. That's also what we have in RHEL 8.

Comment 7 Debarshi Ray 2018-11-22 16:44:20 UTC
... and will enable support for a whole host of new cameras.

Comment 8 Debarshi Ray 2018-12-17 12:03:53 UTC
Built LibRaw-0.19.1-1.el7:
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=19536039

Comment 9 Debarshi Ray 2018-12-17 12:05:49 UTC
*** Bug 1575861 has been marked as a duplicate of this bug. ***

Comment 10 Debarshi Ray 2018-12-17 12:06:19 UTC
*** Bug 1610705 has been marked as a duplicate of this bug. ***

Comment 11 Debarshi Ray 2018-12-17 12:06:43 UTC
*** Bug 1613945 has been marked as a duplicate of this bug. ***

Comment 12 Debarshi Ray 2018-12-17 12:07:03 UTC
*** Bug 1557172 has been marked as a duplicate of this bug. ***

Comment 13 Debarshi Ray 2018-12-17 12:07:42 UTC
*** Bug 1557186 has been marked as a duplicate of this bug. ***

Comment 14 Debarshi Ray 2018-12-17 12:08:04 UTC
*** Bug 1557203 has been marked as a duplicate of this bug. ***

Comment 15 Debarshi Ray 2018-12-17 12:08:34 UTC
*** Bug 1575863 has been marked as a duplicate of this bug. ***

Comment 16 Debarshi Ray 2018-12-17 12:09:46 UTC
*** Bug 1611636 has been marked as a duplicate of this bug. ***

Comment 19 Debarshi Ray 2019-02-01 13:57:22 UTC
*** Bug 1663163 has been marked as a duplicate of this bug. ***

Comment 20 Debarshi Ray 2019-02-01 14:03:25 UTC
*** Bug 1663170 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.