From a897cdb9d0f865bb92be6f904984c43bfc006e86 Mon Sep 17 00:00:00 2001 From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> Date: Wed, 2 Jul 2025 08:43:56 +0800 Subject: [PATCH] [CVE] CVE-2023-46361 to #20312 add patch to fix CVE-2023-46361 Project: TC2024080204 Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> --- 1-bugfix-for-CVE-2023-46361.patch | 26 ++++++++++++++++++++++++++ jbig2dec.spec | 7 ++++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 1-bugfix-for-CVE-2023-46361.patch diff --git a/1-bugfix-for-CVE-2023-46361.patch b/1-bugfix-for-CVE-2023-46361.patch new file mode 100644 index 0000000..fd7aa05 --- /dev/null +++ b/1-bugfix-for-CVE-2023-46361.patch @@ -0,0 +1,26 @@ +From ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 Mon Sep 17 00:00:00 2001 +From: Sebastian Rasmussen +Date: Sun, 5 Nov 2023 12:21:52 +0100 +Subject: [PATCH] Bug 705041: jbig2dec: Avoid uninitialized allocator in + command-line tool. + +Reference:https://github.com/ArtifexSoftware/jbig2dec/commit/ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 +Conflict:NA + +--- + jbig2dec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/jbig2dec.c b/jbig2dec.c +index 15d204d..1e1dad8 100644 +--- a/jbig2dec.c ++++ b/jbig2dec.c +@@ -567,7 +567,7 @@ main(int argc, char **argv) + { + jbig2dec_params_t params; + jbig2dec_error_callback_state_t error_callback_state; +- jbig2dec_allocator_t allocator_; ++ jbig2dec_allocator_t allocator_ = { 0 }; + jbig2dec_allocator_t *allocator = &allocator_; + Jbig2Ctx *ctx = NULL; + FILE *f = NULL, *f_page = NULL; diff --git a/jbig2dec.spec b/jbig2dec.spec index 3d04f3c..06e1a61 100644 --- a/jbig2dec.spec +++ b/jbig2dec.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 Name: jbig2dec Version: 0.20 Release: %{anolis_release}%{?dist} @@ -6,6 +6,8 @@ Summary: A decoder implementation of the JBIG2 image compression format License: AGPLv3+ URL: http://jbig2dec.sourceforge.net/ Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9530/%{name}-%{version}.tar.gz + +Patch1: 1-bugfix-for-CVE-2023-46361.patch Requires: %{name}-libs = %{version}-%{release} BuildRequires: libpng-devel BuildRequires: zlib-devel @@ -90,6 +92,9 @@ The %{name}-doc package contains documentation files for %{name} %doc CHANGES README %changelog +* Wed Jul 02 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 0.20-2 +- Fix CVE-2023-46361 + * Fri Feb 21 2025 Xiaoping Liu - 0.20-1 - update to 0.20 from 0.19 -- Gitee