Accepting request 1000473 from GNOME:Factory

OBS-URL: https://build.opensuse.org/request/show/1000473 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gdk-pixbuf?expand=0&rev=91
2022-09-01 20:09:42 +00:00 · 2022-09-01 20:09:42 +00:00 · 75ef2414e0
commit 75ef2414e0
parent 91dc540a4b dd79ee2137
3 changed files with 43 additions and 1 deletions
--- a/0001-jpeg-Increase-memory-limit-for-loading-image-data.patch
+++ b/0001-jpeg-Increase-memory-limit-for-loading-image-data.patch
@ -0,0 +1,32 @@
+From 17a924a2275b3e7721dc05e0670cae638371a98f Mon Sep 17 00:00:00 2001
+From: Jake Dane <3689-jakedane@users.noreply.gitlab.gnome.org>
+Date: Fri, 19 Aug 2022 06:12:25 +0000
+Subject: [PATCH] jpeg: Increase memory limit for loading image data
+
+As fix for security issue #205 when loading image data the memory size
+was limited to 100 MB. That seemed like a good threshold. For larger
+images, from around 18 megapixels (MP) and up though not for all such
+images, this threshold was too low. Increasing the threshold too 300 MB
+seems to work better and lets larger images load.
+
+Fixes #216.
+---
+ gdk-pixbuf/io-jpeg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 22f4174fe..6317e20d3 100644
+--- a/gdk-pixbuf/io-jpeg.c
+++ b/gdk-pixbuf/io-jpeg.c
+@@ -1091,7 +1091,7 @@ gdk_pixbuf__jpeg_image_load_increment (gpointer data,
+ 			rc = jpeg_read_header (cinfo, TRUE);
+ 			context->src_initialized = TRUE;
+ 
+-                        cinfo->mem->max_memory_to_use = 100 * 1024 * 1024;
+                        cinfo->mem->max_memory_to_use = 300 * 1024 * 1024;
+ 			
+ 			if (rc == JPEG_SUSPENDED)
+ 				continue;
+-- 
+2.37.2
+
--- a/gdk-pixbuf.changes
+++ b/gdk-pixbuf.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Aug 30 16:49:32 UTC 2022 - Michael Gorse <mgorse@suse.com>
+
+- Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch:
+  fix loading of larger images (glgo#GNOME/gdk-pixbuf#216).
+
 -------------------------------------------------------------------
 Mon Aug 15 19:13:13 UTC 2022 - Dirk Müller <dmueller@suse.com>

@ -7,7 +13,8 @@ Mon Aug 15 19:13:13 UTC 2022 - Dirk Müller <dmueller@suse.com>
 Tue Aug  9 16:35:03 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

 - Update to version 2.42.9:
-  + Fix the check for maximum value of LZW initial code size.
+  + Fix the check for maximum value of LZW initial code size
+    (boo#1194633 CVE-2021-44648).
  + Use CMake for dependencies on Windows/MSVC.
  + Add option for building tests.
  + Move man pages to reStructuredText.
--- a/gdk-pixbuf.spec
+++ b/gdk-pixbuf.spec
@ -36,6 +36,8 @@ Source1:        macros.gdk-pixbuf
 Source2:        README.SUSE
 Source3:        gdk-pixbuf-rpmlintrc
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch mgorse@suse.com -- fix loading of larger images.
+Patch0:         0001-jpeg-Increase-memory-limit-for-loading-image-data.patch

 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  docutils
@ -136,6 +138,7 @@ unzip -P gecko %{SOURCE0}
 %if "%{_lib}" == "lib64"
 cp -a %{SOURCE2} .
 %endif
+%autopatch -p1

 %build
 %meson \