update to 0.14

bugfix release
2017-11-11 14:15:15 +01:00 · 2017-11-11 14:15:15 +01:00 · 2f44d36eff
commit 2f44d36eff
parent 35c3d32d89
4 changed files with 8 additions and 78 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 /jbig2dec-0.11.tar.gz
 /jbig2dec-0.12.tar.gz
 /jbig2dec-0.13.tar.gz
 /jbig2dec-0.14.tar.gz
--- a/jbig2dec-int_overflows.patch
+++ b/jbig2dec-int_overflows.patch
@ -1,70 +0,0 @@
 From f8992b8fe65c170c8624226f127c5c4bfed42c66 Mon Sep 17 00:00:00 2001
 From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
 Date: Wed, 26 Apr 2017 22:12:14 +0100
 Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
 While building a Huffman table, the start and end points were susceptible
 to integer overflow.
 Thank you to Jiaqi for finding this issue and suggesting a patch.
 ---
 jbig2_huffman.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/jbig2_huffman.c b/jbig2_huffman.c
 index 511e461..b4189a1 100644
 --- a/jbig2_huffman.c
 +++ b/jbig2_huffman.c
@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
             if (PREFLEN == CURLEN) {
                 int RANGELEN = lines[CURTEMP].RANGELEN;
 -                int start_j = CURCODE << shift;
 -                int end_j = (CURCODE + 1) << shift;
 +                uint32_t start_j = CURCODE << shift;
 +                uint32_t end_j = (CURCODE + 1) << shift;
                 byte eflags = 0;
                 if (end_j > max_j) {
 -- 
 2.9.3
 commit 258290340bb657c9efb44457f717b0d8b49f4aa3
 Author: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
 Date:   Wed May 3 22:06:01 2017 +0100
    Bug 697703: Prevent integer overflow vulnerability.
    Add extra check for the offset being greater than the size
    of the image and hence reading off the end of the buffer.
    Thank you to Dai Ge for finding this issue and suggesting a patch.
 diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
 index 4acaba9..36225cb 100644
 --- a/jbig2_symbol_dict.c
 +++ b/jbig2_symbol_dict.c
@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
                 byte *dst = image->data;
                 /* SumatraPDF: prevent read access violation */
 -                if (size - jbig2_huffman_offset(hs) < image->height * stride) {
 +                if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) {
                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
                                 size - jbig2_huffman_offset(hs));
                     jbig2_image_release(ctx, image);
 diff --git a/jbig2_image.c b/jbig2_image.c
 index 1ae614e..bddb3cd 100644
 --- a/jbig2_image.c
 +++ b/jbig2_image.c
@@ -256,7 +256,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
     /* general OR case */
     s = ss;
     d = dd = dst->data + y * dst->stride + leftbyte;
 -    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
 +    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
 +      s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
     }
     if (leftbyte == rightbyte) {
--- a/jbig2dec.spec
+++ b/jbig2dec.spec
@ -1,15 +1,12 @@
 Name:           jbig2dec
-Version:        0.13
+Version:        0.14
-Release:        6%{?dist}
+Release:        1%{?dist}
 Summary:        A decoder implementation of the JBIG2 image compression format 
 Group:          System Environment/Libraries
 License:        GPLv2
 URL:            http://jbig2dec.sourceforge.net/
-Source0:        http://ghostscript.com/~giles/jbig2/jbig2dec/%{name}-%{version}.tar.gz
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/%{name}-%{version}.tar.gz
 ## ghbz#697703
 ## ghbz#697693
 Patch1:         jbig2dec-int_overflows.patch
 BuildRequires:  libtool
 %description
@ -50,7 +47,6 @@ which requires the jbig2dec library.
 %prep
 %setup -q
 %patch1 -p1 
 %build
@ -87,6 +83,9 @@ rm -f %{buildroot}%{_libdir}/*.la
 %changelog
 * Sat Nov 11 2017 Michael J Gruber <mjg@fedoraproject.org> - 0.14-1
 - update to 0.14 (bugfix release)
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.13-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (jbig2dec-0.13.tar.gz) = ef64a65c54bec65f61602de7130dc9594aae58aaea7958f7cc987f25d0794511e15a423e86501ace4f40c0364796fb97ceab72edb0b69232926767ba16c1b05d
+SHA512 (jbig2dec-0.14.tar.gz) = 066bd880ac0665fc1e42b0ae0e481008b125aab6e173b7f82d61a2a30e72c90085cbded9b2a68c6836f92dea3d8d8d5c2228dba76e0d99c79c922197d215705b
`@ -1 +1 @@`
	`SHA512 (jbig2dec-0.13.tar.gz) = ef64a65c54bec65f61602de7130dc9594aae58aaea7958f7cc987f25d0794511e15a423e86501ace4f40c0364796fb97ceab72edb0b69232926767ba16c1b05d`	`SHA512 (jbig2dec-0.14.tar.gz) = 066bd880ac0665fc1e42b0ae0e481008b125aab6e173b7f82d61a2a30e72c90085cbded9b2a68c6836f92dea3d8d8d5c2228dba76e0d99c79c922197d215705b`