!31 [sync] PR-26: fix CVE-2023-46361

From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2023-46361.patch

@@ -0,0 +1,26 @@
+From ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 5 Nov 2023 12:21:52 +0100
+Subject: [PATCH] Bug 705041: jbig2dec: Avoid uninitialized allocator in
+ command-line tool.
+
+Reference:https://github.com/ArtifexSoftware/jbig2dec/commit/ee53a7e4bc7819d32e8c0b2057885bcc97586bf3
+Conflict:NA
+
+---
+ jbig2dec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jbig2dec.c b/jbig2dec.c
+index 15d204d..1e1dad8 100644
+--- a/jbig2dec.c
++++ b/jbig2dec.c
+@@ -567,7 +567,7 @@ main(int argc, char **argv)
+ {
+     jbig2dec_params_t params;
+     jbig2dec_error_callback_state_t error_callback_state;
+-    jbig2dec_allocator_t allocator_;
++    jbig2dec_allocator_t allocator_ = { 0 };
+     jbig2dec_allocator_t *allocator = &allocator_;
+     Jbig2Ctx *ctx = NULL;
+     FILE *f = NULL, *f_page = NULL;

jbig2dec.spec

@@ -1,12 +1,14 @@
 Name:           jbig2dec
 Version:        0.20
-Release:        1
+Release:        2
 Summary:        A decoder implementation of the JBIG2 image compression format.
 
 License:        AGPLv3+
 URL:            https://jbig2dec.com/
 Source0:        https://github.com/ArtifexSoftware/jbig2dec/archive/%{version}.tar.gz
 
+Patch6000:      backport-CVE-2023-46361.patch
+
 BuildRequires:  gcc libtool chrpath
 Provides:       %{name}-libs = %{version}-%{release}
 Obsoletes:      %{name}-libs < %{version}-%{release}
@@ -70,6 +72,9 @@ echo "/usr/lib64" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %{_mandir}/man1/%{name}.1*
 
 %changelog
+* Thu Aug 29 2024 zhangpan <zhangpan103@h-partners.com> - 0.20-2
+- fix CVE-2023-46361
+
 * Wed Dec 13 2023 wangqia <wangqia@uniontech.com> - 0.20-1
 - Update to 0.20