From faf24ddccbea458b2c473f20591035c13717402b Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Mon, 13 Jul 2026 00:19:24 -0400 Subject: [PATCH] import CS git gegl-0.2.0-40.el8_10 --- SOURCES/gegl-0.2.0-CVE-2026-2050.patch | 34 ++++++++++++++++++++++++++ SPECS/gegl.spec | 8 +++++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 SOURCES/gegl-0.2.0-CVE-2026-2050.patch diff --git a/SOURCES/gegl-0.2.0-CVE-2026-2050.patch b/SOURCES/gegl-0.2.0-CVE-2026-2050.patch new file mode 100644 index 0000000..23b1244 --- /dev/null +++ b/SOURCES/gegl-0.2.0-CVE-2026-2050.patch @@ -0,0 +1,34 @@ +From 3e8d3382937e0c2891478f3a58bd225de3a53ba5 Mon Sep 17 00:00:00 2001 +From: Gabriele Barbero +Date: Fri, 5 Dec 2025 00:20:22 +0100 +Subject: [PATCH] ZDI-CAN-28266: guard against buffer overflow + +In rgbe_read_new_rle we check whether there is still space in the buffer, +but we do not verify that the run length fits within the remaining capacity. +This can lead to a buffer overflow. This patch adds a check to ensure that +the run length does not exceed the available space. +--- + libs/rgbe/rgbe.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/libs/rgbe/rgbe.c b/libs/rgbe/rgbe.c +index 890eb64..8f29778 100644 +--- a/libs/rgbe/rgbe.c ++++ b/libs/rgbe/rgbe.c +@@ -650,6 +650,13 @@ rgbe_read_new_rle (const rgbe_file *file, + + data++; + ++ /* Check if there's enought space in the buffer to avoid OOB */ ++ if (length > (pixels + RGBE_NUM_RGBE * linesize - pixoffset[component]) / RGBE_NUM_RGBE) ++ { ++ g_warning ("Buffer overflow detected."); ++ return FALSE; ++ } ++ + /* A compressed run */ + if (rle) + { +-- +2.52.0 + diff --git a/SPECS/gegl.spec b/SPECS/gegl.spec index 979a18c..7ca5705 100644 --- a/SPECS/gegl.spec +++ b/SPECS/gegl.spec @@ -16,7 +16,7 @@ Summary: A graph based image processing framework Name: gegl Version: 0.2.0 -Release: 39%{?dist} +Release: 40%{?dist} # Compute some version related macros # Ugly hack, you need to get your quoting backslashes/percent signs straight @@ -37,6 +37,8 @@ Patch4: gegl-0.2.0-linker-flags.patch Patch5: gegl-0.2.0-libopenraw.patch Patch6: gegl-0.2.0-ppc64-rand-fix.patch Patch7: gegl-build-without-exiv2.patch +# https://github.com/GNOME/gegl/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed +Patch8: gegl-0.2.0-CVE-2026-2050.patch BuildRequires: asciidoc BuildRequires: babl-devel >= 0.1.10 BuildRequires: cairo-devel @@ -220,6 +222,10 @@ make check %{_libdir}/pkgconfig/%{name}-%{apiver}.pc %changelog +* Thu Jun 25 2026 RHEL Packaging Agent - 0.2.0-40 +- Fix buffer overflow in rgbe_read_new_rle() (CVE-2026-2050) + Resolves: RHEL-188260 + * Mon Nov 04 2019 Jan Grulich - 0.2.0-39 - Build without exiv2 Resolves: bz#1767748