From: Vijay Anusuri <[email protected]> Pick patch according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-5201 [2] https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304 Signed-off-by: Vijay Anusuri <[email protected]> Signed-off-by: Fabien Thomas <[email protected]> --- .../gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch | 44 +++++++++++++++++++ .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch new file mode 100644 index 0000000000..97e0dddb62 --- /dev/null +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch @@ -0,0 +1,44 @@ +From 6cce9311e70b969cbcc6e3e1e74ae1756ed02d5b Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <[email protected]> +Date: Mon, 30 Mar 2026 12:21:56 -0400 +Subject: [PATCH] jpeg: Reject unsupported number of components + +This condition was already checked for incremental loading. +This commit adds the same check in the nonincremental +code path. + +Closes: #304 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6cce9311e70b969cbcc6e3e1e74ae1756ed02d5b] +CVE: CVE-2026-5201 +Signed-off-by: Vijay Anusuri <[email protected]> +--- + gdk-pixbuf/io-jpeg.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c +index 9ee1d21..d419812 100644 +--- a/gdk-pixbuf/io-jpeg.c ++++ b/gdk-pixbuf/io-jpeg.c +@@ -625,6 +625,18 @@ gdk_pixbuf__real_jpeg_image_load (FILE *f, struct jpeg_decompress_struct *cinfo, + cinfo->do_fancy_upsampling = FALSE; + cinfo->do_block_smoothing = FALSE; + ++ /* Reject unsupported component counts */ ++ if (cinfo->output_components != 3 && cinfo->output_components != 4 && ++ !(cinfo->output_components == 1 && ++ cinfo->out_color_space == JCS_GRAYSCALE)) { ++ g_set_error (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, ++ _("Unsupported number of color components (%d)"), ++ cinfo->output_components); ++ goto out; ++ } ++ + pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, + cinfo->out_color_components == 4 ? TRUE : FALSE, + 8, +-- +2.43.0 + diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb index 7c58fe1e1d..2f0de425b5 100644 --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \ file://CVE-2025-7345.patch \ file://CVE-2025-6199.patch \ + file://CVE-2026-5201.patch \ " SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236508): https://lists.openembedded.org/g/openembedded-core/message/236508 Mute This Topic: https://lists.openembedded.org/mt/119164901/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
