From 905f2935dff088314a956b6decde908f07aa2f23 Mon Sep 17 00:00:00 2001
From: Sandro Mani <manisandro@gmail.com>
Date: Nov 13 2019 17:10:43 +0000
Subject: Backport fix for CVE-2018-18443


---

diff --git a/CVE-2018-18443.patch b/CVE-2018-18443.patch
new file mode 100644
index 0000000..befa1ce
--- /dev/null
+++ b/CVE-2018-18443.patch
@@ -0,0 +1,15 @@
+diff -rupN --no-dereference ilmbase-2.3.0/IlmThread/IlmThreadPool.cpp ilmbase-2.3.0-new/IlmThread/IlmThreadPool.cpp
+--- ilmbase-2.3.0/IlmThread/IlmThreadPool.cpp	2018-08-10 03:34:57.000000000 +0200
++++ ilmbase-2.3.0-new/IlmThread/IlmThreadPool.cpp	2019-11-13 18:10:23.540501575 +0100
+@@ -566,9 +566,11 @@ ThreadPool::Data::~Data()
+ {
+ #ifdef ILMBASE_FORCE_CXX03
+     provider->finish();
++    delete provider;
+ #else
+     ThreadPoolProvider *p = provider.load( std::memory_order_relaxed );
+     p->finish();
++    delete p;
+ #endif
+ }
+ 
diff --git a/mingw-ilmbase.spec b/mingw-ilmbase.spec
index f66cf70..7288b85 100644
--- a/mingw-ilmbase.spec
+++ b/mingw-ilmbase.spec
@@ -16,6 +16,9 @@ Source0:       https://github.com/openexr/openexr/releases/download/v%{version}/
 Patch0:        ilmbase-2.2.0_win32-threads.patch
 # replace obsolete configure.ac macros
 Patch1:        ilmbase-2.2.0_obsolete-macros.patch
+# Backport fix for CVE-2018-18443
+# https://github.com/openexr/openexr/commit/adbc1900cb9d25fcc4df008d4008b781cf2fa4f8
+Patch2:        CVE-2018-18443.patch
 
 BuildRequires: autoconf automake libtool
 BuildRequires: gcc-c++
@@ -138,6 +141,9 @@ find %{buildroot} -name '*.la' -delete
 
 
 %changelog
+* Wed Nov 13 2019 Sandro Mani <manisandro@gmail.com> - 2.3.0-3
+- Backport fix for CVE-2018-18443
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild