From f6c3cc8708e13c6699a93df02520911a30ef7be4 Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Tue, 16 Jun 2020 11:49:10 +0200
Subject: [PATCH] Fix CVE-2020-13790

https://bugzilla.redhat.com/show_bug.cgi?id=1847160
---
 libjpeg-turbo-CVE-2020-13790.patch | 32 ++++++++++++++++++++++++++++++
 mingw-libjpeg-turbo.spec           |  6 +++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 libjpeg-turbo-CVE-2020-13790.patch

diff --git a/libjpeg-turbo-CVE-2020-13790.patch b/libjpeg-turbo-CVE-2020-13790.patch
new file mode 100644
index 0000000..7b5487d
--- /dev/null
+++ b/libjpeg-turbo-CVE-2020-13790.patch
@@ -0,0 +1,32 @@
+From a224e4dfd34823a4d993dcb97819bdcee8471676 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+---
+ rdppm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rdppm.c b/rdppm.c
+index 87bc330..71dd146 100644
+--- a/rdppm.c
++++ b/rdppm.c
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
+     /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+     source->rescale = (JSAMPLE *)
+       (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+-                                  (size_t)(((long)maxval + 1L) *
++                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
+                                            sizeof(JSAMPLE)));
+     half_maxval = maxval / 2;
+     for (val = 0; val <= (long)maxval; val++) {
+-- 
+2.26.2
+
diff --git a/mingw-libjpeg-turbo.spec b/mingw-libjpeg-turbo.spec
index a9c153c..b8e8658 100644
--- a/mingw-libjpeg-turbo.spec
+++ b/mingw-libjpeg-turbo.spec
@@ -6,7 +6,7 @@
 
 Name:           mingw-libjpeg-turbo
 Version:        2.0.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        MinGW Windows Libjpeg-turbo library
 
 License:        wxWidgets
@@ -16,6 +16,7 @@ Source0:        http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-%{v
 # Make jconfig.h more autoconf friendly
 # https://bugzilla.redhat.com/show_bug.cgi?id=843193
 Patch0:         libjpeg-turbo-match-autoconf-behavior.patch
+Patch2:         libjpeg-turbo-CVE-2020-13790.patch
 
 BuildArch:      noarch
 
@@ -156,6 +157,9 @@ chmod -x README.md
 
 
 %changelog
+* Tue Jun 16 2020 Kalev Lember <klember@redhat.com> - 2.0.4-3
+- Fix CVE-2020-13790 (#1847160)
+
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild