import jbig2dec-0.14-4.el8_2

2020-07-13 06:42:45 -04:00 · 2020-07-13 06:42:45 -04:00 · 26aeb372a9
commit 26aeb372a9
parent f63514bd9f
2 changed files with 61 additions and 1 deletions
--- a/SOURCES/CVE-2020-12268.patch
+++ b/SOURCES/CVE-2020-12268.patch
@ -0,0 +1,48 @@
+From df29c989c7578476921d4f5ec277ee3cc9e87350 Mon Sep 17 00:00:00 2001
+From: Robin Watts <Robin.Watts@artifex.com>
+Date: Mon, 27 Jan 2020 10:12:24 -0800
+Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in
+ jbig2_image_compose.
+
+With extreme values of x/y/w/h we can get overflow. Test for this
+and exit safely.
+
+Thanks for OSS-Fuzz for reporting.
+---
+ jbig2_image.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 23e12ae..74050b9 100644
+--- a/jbig2_image.c
+++ b/jbig2_image.c
+@@ -30,6 +30,10 @@
+ #include "jbig2_priv.h"
+ #include "jbig2_image.h"
+ 
+#if !defined (UINT32_MAX)
+#define UINT32_MAX  0xffffffffu
+#endif
+
+ /* allocate a Jbig2Image structure and its associated bitmap */
+ Jbig2Image *
+ jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
+@@ -229,6 +233,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+     uint8_t *d, *dd;
+     uint8_t mask, rightmask;
+ 
+    if ((UINT32_MAX - src->width  < (x > 0 ? x : -x)) ||
+        (UINT32_MAX - src->height < (y > 0 ? y : -y)))
+    {
+#ifdef JBIG2_DEBUG
+        jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image");
+#endif
+        return 0;
+    }
+
+     if (op != JBIG2_COMPOSE_OR) {
+         /* hand off the the general routine */
+         return jbig2_image_compose_unopt(ctx, dst, src, x, y, op);
+-- 
+2.26.2
+
--- a/SPECS/jbig2dec.spec
+++ b/SPECS/jbig2dec.spec
@ -1,6 +1,6 @@
 Name:           jbig2dec
 Version:        0.14
-Release:        2%{?dist}
+Release:        4%{?dist}
 Summary:        A decoder implementation of the JBIG2 image compression format 

 Group:          System Environment/Libraries
@ -8,6 +8,9 @@ License:        GPLv2
 URL:            http://jbig2dec.sourceforge.net/
 Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/%{name}-%{version}.tar.gz
 BuildRequires:  libtool
+Requires:       %{name}-libs = %{version}-%{release}
+
+Patch0:         CVE-2020-12268.patch

 %description
 jbig2dec is a decoder implementation of the JBIG2 image compression format.
@ -47,6 +50,7 @@ which requires the jbig2dec library.

 %prep
 %setup -q
+%patch0 -p1


 %build
@ -83,6 +87,14 @@ rm -f %{buildroot}%{_libdir}/*.la


 %changelog
+* Sun Jun 28 2020 Nikola Forró <nforro@redhat.com> - 0.14-4
+- Add explicit package version requirement on jbig2dec-libs to jbig2dec
+  related: #1851057
+
+* Fri Jun 26 2020 Nikola Forró <nforro@redhat.com> - 0.14-3
+- Fix CVE-2020-12268
+  resolves: #1851057
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild