From dd79ee2137e0368cc9ff7c314d0ddad2dc1ad3fb13e35e2d3ccbffaf74cba97c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Wed, 31 Aug 2022 14:31:40 +0000 Subject: [PATCH] Accepting request 1000422 from GNOME:Next Resub OBS-URL: https://build.opensuse.org/request/show/1000422 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdk-pixbuf?expand=0&rev=194 --- ...-memory-limit-for-loading-image-data.patch | 32 +++++++++++++++++++ gdk-pixbuf.changes | 9 +++++- gdk-pixbuf.spec | 3 ++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch diff --git a/0001-jpeg-Increase-memory-limit-for-loading-image-data.patch b/0001-jpeg-Increase-memory-limit-for-loading-image-data.patch new file mode 100644 index 0000000..82bca05 --- /dev/null +++ b/0001-jpeg-Increase-memory-limit-for-loading-image-data.patch @@ -0,0 +1,32 @@ +From 17a924a2275b3e7721dc05e0670cae638371a98f Mon Sep 17 00:00:00 2001 +From: Jake Dane <3689-jakedane@users.noreply.gitlab.gnome.org> +Date: Fri, 19 Aug 2022 06:12:25 +0000 +Subject: [PATCH] jpeg: Increase memory limit for loading image data + +As fix for security issue #205 when loading image data the memory size +was limited to 100 MB. That seemed like a good threshold. For larger +images, from around 18 megapixels (MP) and up though not for all such +images, this threshold was too low. Increasing the threshold too 300 MB +seems to work better and lets larger images load. + +Fixes #216. +--- + gdk-pixbuf/io-jpeg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c +index 22f4174fe..6317e20d3 100644 +--- a/gdk-pixbuf/io-jpeg.c ++++ b/gdk-pixbuf/io-jpeg.c +@@ -1091,7 +1091,7 @@ gdk_pixbuf__jpeg_image_load_increment (gpointer data, + rc = jpeg_read_header (cinfo, TRUE); + context->src_initialized = TRUE; + +- cinfo->mem->max_memory_to_use = 100 * 1024 * 1024; ++ cinfo->mem->max_memory_to_use = 300 * 1024 * 1024; + + if (rc == JPEG_SUSPENDED) + continue; +-- +2.37.2 + diff --git a/gdk-pixbuf.changes b/gdk-pixbuf.changes index c175359..8f2e4cb 100644 --- a/gdk-pixbuf.changes +++ b/gdk-pixbuf.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Aug 30 16:49:32 UTC 2022 - Michael Gorse + +- Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch: + fix loading of larger images (glgo#GNOME/gdk-pixbuf#216). + ------------------------------------------------------------------- Mon Aug 15 19:13:13 UTC 2022 - Dirk Müller @@ -7,7 +13,8 @@ Mon Aug 15 19:13:13 UTC 2022 - Dirk Müller Tue Aug 9 16:35:03 UTC 2022 - Bjørn Lie - Update to version 2.42.9: - + Fix the check for maximum value of LZW initial code size. + + Fix the check for maximum value of LZW initial code size + (boo#1194633 CVE-2021-44648). + Use CMake for dependencies on Windows/MSVC. + Add option for building tests. + Move man pages to reStructuredText. diff --git a/gdk-pixbuf.spec b/gdk-pixbuf.spec index fcf607d..46a54ca 100644 --- a/gdk-pixbuf.spec +++ b/gdk-pixbuf.spec @@ -36,6 +36,8 @@ Source1: macros.gdk-pixbuf Source2: README.SUSE Source3: gdk-pixbuf-rpmlintrc Source99: baselibs.conf +# PATCH-FIX-UPSTREAM 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch mgorse@suse.com -- fix loading of larger images. +Patch0: 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: docutils @@ -136,6 +138,7 @@ unzip -P gecko %{SOURCE0} %if "%{_lib}" == "lib64" cp -a %{SOURCE2} . %endif +%autopatch -p1 %build %meson \