From 6404a7c1722718c1e8258e42781f033f1bc1b190 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Thu, 28 Sep 2023 20:50:22 +0200 Subject: [PATCH] Backport upstream fix for CVE-2023-5129 --- ...5226c870449522240ccff26f0b006037c520.patch | 26 +++++++++++++++++++ libwebp-cmakedir.patch | 4 +-- libwebp-freeglut.patch | 4 +-- libwebp-mingw-libsuffix.patch | 4 +-- libwebp-rpath.patch | 4 +-- libwebp.spec | 7 ++++- 6 files changed, 40 insertions(+), 9 deletions(-) create mode 100644 95ea5226c870449522240ccff26f0b006037c520.patch diff --git a/95ea5226c870449522240ccff26f0b006037c520.patch b/95ea5226c870449522240ccff26f0b006037c520.patch new file mode 100644 index 0000000..01ca0dd --- /dev/null +++ b/95ea5226c870449522240ccff26f0b006037c520.patch @@ -0,0 +1,26 @@ +diff -rupN --no-dereference libwebp-1.3.2/src/dec/vp8l_dec.c libwebp-1.3.2-new/src/dec/vp8l_dec.c +--- libwebp-1.3.2/src/dec/vp8l_dec.c 2023-09-14 00:11:07.000000000 +0200 ++++ libwebp-1.3.2-new/src/dec/vp8l_dec.c 2023-09-28 20:47:39.648154201 +0200 +@@ -1241,9 +1241,20 @@ static int DecodeImageData(VP8LDecoder* + } + + br->eos_ = VP8LIsEndOfStream(br); +- if (dec->incremental_ && br->eos_ && src < src_end) { ++ // In incremental decoding: ++ // br->eos_ && src < src_last: if 'br' reached the end of the buffer and ++ // 'src_last' has not been reached yet, there is not enough data. 'dec' has to ++ // be reset until there is more data. ++ // !br->eos_ && src < src_last: this cannot happen as either the buffer is ++ // fully read, either enough has been read to reach 'src_last'. ++ // src >= src_last: 'src_last' is reached, all is fine. 'src' can actually go ++ // beyond 'src_last' in case the image is cropped and an LZ77 goes further. ++ // The buffer might have been enough or there is some left. 'br->eos_' does ++ // not matter. ++ assert(!dec->incremental_ || (br->eos_ && src < src_last) || src >= src_last); ++ if (dec->incremental_ && br->eos_ && src < src_last) { + RestoreState(dec); +- } else if (!br->eos_) { ++ } else if ((dec->incremental_ && src >= src_last) || !br->eos_) { + // Process the remaining rows corresponding to last row-block. + if (process_func != NULL) { + process_func(dec, row > last_row ? last_row : row); diff --git a/libwebp-cmakedir.patch b/libwebp-cmakedir.patch index 75305a8..556142e 100644 --- a/libwebp-cmakedir.patch +++ b/libwebp-cmakedir.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference libwebp-1.3.2/CMakeLists.txt libwebp-1.3.2-new/CMakeLists.txt ---- libwebp-1.3.2/CMakeLists.txt 2023-09-18 09:27:52.188176972 +0200 -+++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-18 09:27:52.193176946 +0200 +--- libwebp-1.3.2/CMakeLists.txt 2023-09-28 20:47:39.567153346 +0200 ++++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-28 20:47:39.573153410 +0200 @@ -738,7 +738,7 @@ install( ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} diff --git a/libwebp-freeglut.patch b/libwebp-freeglut.patch index 5aaa31f..6b02b9e 100644 --- a/libwebp-freeglut.patch +++ b/libwebp-freeglut.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference libwebp-1.3.2/CMakeLists.txt libwebp-1.3.2-new/CMakeLists.txt --- libwebp-1.3.2/CMakeLists.txt 2023-09-14 00:11:07.000000000 +0200 -+++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-18 09:27:52.107177379 +0200 ++++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-28 20:47:39.497152607 +0200 @@ -564,8 +564,8 @@ endif() if(WEBP_BUILD_VWEBP) @@ -23,7 +23,7 @@ diff -rupN --no-dereference libwebp-1.3.2/CMakeLists.txt libwebp-1.3.2-new/CMake webpdemux) diff -rupN --no-dereference libwebp-1.3.2/examples/vwebp.c libwebp-1.3.2-new/examples/vwebp.c --- libwebp-1.3.2/examples/vwebp.c 2023-09-14 00:11:07.000000000 +0200 -+++ libwebp-1.3.2-new/examples/vwebp.c 2023-09-18 09:27:52.107177379 +0200 ++++ libwebp-1.3.2-new/examples/vwebp.c 2023-09-28 20:47:39.498152618 +0200 @@ -27,7 +27,7 @@ #if defined(HAVE_GLUT_GLUT_H) #include diff --git a/libwebp-mingw-libsuffix.patch b/libwebp-mingw-libsuffix.patch index 17930da..6507b7e 100644 --- a/libwebp-mingw-libsuffix.patch +++ b/libwebp-mingw-libsuffix.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference libwebp-1.3.2/CMakeLists.txt libwebp-1.3.2-new/CMakeLists.txt ---- libwebp-1.3.2/CMakeLists.txt 2023-09-18 09:27:52.142177203 +0200 -+++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-18 09:27:52.149177168 +0200 +--- libwebp-1.3.2/CMakeLists.txt 2023-09-28 20:47:39.529152945 +0200 ++++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-28 20:47:39.535153009 +0200 @@ -286,6 +286,9 @@ macro(set_version FILE TARGET_NAME NAME_ MACHO_CURRENT_VERSION ${LIBWEBP_MACHO_COMPATIBILITY_VERSION}.${LT_REVISION}) diff --git a/libwebp-rpath.patch b/libwebp-rpath.patch index ef1c892..e5fdab6 100644 --- a/libwebp-rpath.patch +++ b/libwebp-rpath.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference libwebp-1.3.2/CMakeLists.txt libwebp-1.3.2-new/CMakeLists.txt ---- libwebp-1.3.2/CMakeLists.txt 2023-09-18 09:27:52.232176750 +0200 -+++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-18 09:27:52.236176730 +0200 +--- libwebp-1.3.2/CMakeLists.txt 2023-09-28 20:47:39.607153769 +0200 ++++ libwebp-1.3.2-new/CMakeLists.txt 2023-09-28 20:47:39.610153800 +0200 @@ -112,11 +112,11 @@ endif() include(cmake/deps.cmake) include(GNUInstallDirs) diff --git a/libwebp.spec b/libwebp.spec index f340444..87e52ee 100644 --- a/libwebp.spec +++ b/libwebp.spec @@ -14,7 +14,7 @@ Name: libwebp Version: 1.3.2 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://webmproject.org/ Summary: Library and tools for the WebP graphics format # Additional IPR is licensed as well. See PATENTS file for details @@ -29,6 +29,8 @@ Patch1: libwebp-mingw-libsuffix.patch Patch2: libwebp-cmakedir.patch # Kill rpath Patch3: libwebp-rpath.patch +# Backport upstream fix for CVE-2023-5129 +Patch5: https://github.com/webmproject/libwebp/commit/95ea5226c870449522240ccff26f0b006037c520.patch BuildRequires: cmake BuildRequires: freeglut-devel @@ -285,6 +287,9 @@ cp swig/*.jar swig/*.so %{buildroot}/%{_libdir}/%{name}-java/ %changelog +* Thu Sep 28 2023 Sandro Mani - 1.3.2-2 +- Backport upstream fix for CVE-2023-5129 + * Mon Sep 18 2023 Sandro Mani - 1.3.2-1 - Update to 1.3.2