import jbig2dec-0.16-1.el8

2021-05-18 02:51:38 -04:00 · 2021-05-18 02:51:38 -04:00 · 2ca1abc39f
commit 2ca1abc39f
parent 26aeb372a9
4 changed files with 20 additions and 16 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/jbig2dec-0.14.tar.gz
+SOURCES/jbig2dec-0.16.tar.gz
--- a/.jbig2dec.metadata
+++ b/.jbig2dec.metadata
@ -1 +1 @@
-c4c834962d1357f9aaacecd7fca8236326e45975 SOURCES/jbig2dec-0.14.tar.gz
+38c62210d92102952b18400b15eb4e727a755bfd SOURCES/jbig2dec-0.16.tar.gz
--- a/SOURCES/CVE-2020-12268.patch
+++ b/SOURCES/CVE-2020-12268.patch
@ -1,4 +1,4 @@
-From df29c989c7578476921d4f5ec277ee3cc9e87350 Mon Sep 17 00:00:00 2001
+From 24ddcfc7e37c0ce3b0f1852042ee431a53fd774c Mon Sep 17 00:00:00 2001
 From: Robin Watts <Robin.Watts@artifex.com>
 Date: Mon, 27 Jan 2020 10:12:24 -0800
 Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in
@ -13,12 +13,12 @@ Thanks for OSS-Fuzz for reporting.
 1 file changed, 13 insertions(+)

 diff --git a/jbig2_image.c b/jbig2_image.c
-index 23e12ae..74050b9 100644
+index 22e21ef..f036cef 100644
 --- a/jbig2_image.c
 +++ b/jbig2_image.c
-@@ -30,6 +30,10 @@
- #include "jbig2_priv.h"
- #include "jbig2_image.h"
+@@ -34,6 +34,10 @@
+ #define INT32_MAX  0x7fffffff
+ #endif
 
 +#if !defined (UINT32_MAX)
 +#define UINT32_MAX  0xffffffffu
@ -27,7 +27,7 @@ index 23e12ae..74050b9 100644
 /* allocate a Jbig2Image structure and its associated bitmap */
 Jbig2Image *
 jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
-@@ -229,6 +233,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+@@ -255,6 +259,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
     uint8_t *d, *dd;
     uint8_t mask, rightmask;
 
@ -40,9 +40,9 @@ index 23e12ae..74050b9 100644
 +        return 0;
 +    }
 +
-     if (op != JBIG2_COMPOSE_OR) {
-         /* hand off the the general routine */
-         return jbig2_image_compose_unopt(ctx, dst, src, x, y, op);
+     if (src == NULL)
+         return 0;
+ 
 -- 
 2.26.2

--- a/SPECS/jbig2dec.spec
+++ b/SPECS/jbig2dec.spec
@ -1,12 +1,12 @@
 Name:           jbig2dec
-Version:        0.14
-Release:        4%{?dist}
+Version:        0.16
+Release:        1%{?dist}
 Summary:        A decoder implementation of the JBIG2 image compression format 

 Group:          System Environment/Libraries
 License:        GPLv2
 URL:            http://jbig2dec.sourceforge.net/
-Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/%{name}-%{version}.tar.gz
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/%{name}-%{version}.tar.gz
 BuildRequires:  libtool
 Requires:       %{name}-libs = %{version}-%{release}

@ -87,13 +87,17 @@ rm -f %{buildroot}%{_libdir}/*.la


 %changelog
+* Thu Oct 08 2020 Nikola Forró <nforro@redhat.com> - 0.16-1
+- Update to 0.16
+  resolves: #1886011
+
 * Sun Jun 28 2020 Nikola Forró <nforro@redhat.com> - 0.14-4
 - Add explicit package version requirement on jbig2dec-libs to jbig2dec
-  related: #1851057
+  related: #1851058

 * Fri Jun 26 2020 Nikola Forró <nforro@redhat.com> - 0.14-3
 - Fix CVE-2020-12268
-  resolves: #1851057
+  resolves: #1851058

 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild