Compare commits
10 Commits
393560751f
...
de71090628
| Author | SHA1 | Date | |
|---|---|---|---|
|
de71090628 | ||
|
|
85a52d32dc | ||
|
|
4429def392 | ||
|
|
ba0edce260 | ||
|
|
a0d1f668e1 | ||
|
|
77a3c50fd9 | ||
|
|
1293afdc3b | ||
|
|
6875f82035 | ||
|
|
dfb839e819 | ||
|
|
6c4ad10a9a |
54
backport-CVE-2017-9937.patch
Normal file
54
backport-CVE-2017-9937.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 535df935911c401d345cb004a2fa00eb7a727259 Mon Sep 17 00:00:00 2001
|
||||
From: wiz <wiz@pkgsrc.org>
|
||||
Date: Mon, 3 Aug 2020 21:34:06 +0000
|
||||
Subject: [PATCH] jbigkit: fix CVE-2017-9937 using upstream commit
|
||||
|
||||
See e.g.
|
||||
https://gitlab.com/libtiff/libtiff/-/issues/97
|
||||
|
||||
Bump PKGREVISION.
|
||||
|
||||
---
|
||||
libjbig/jbig.c | 5 +++++
|
||||
libjbig/jbig.h | 2 ++
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/libjbig/jbig.c b/libjbig/jbig.c
|
||||
index 751ceff..7b5b99e 100644
|
||||
--- a/libjbig/jbig.c
|
||||
+++ b/libjbig/jbig.c
|
||||
@@ -2051,6 +2051,7 @@ void jbg_dec_init(struct jbg_dec_state *s)
|
||||
s->xmax = 4294967295UL;
|
||||
s->ymax = 4294967295UL;
|
||||
s->dmax = 256;
|
||||
+ s->maxmem = 2000000000; /* no final image larger than 2 GB by default */
|
||||
s->s = NULL;
|
||||
|
||||
return;
|
||||
@@ -2640,6 +2641,10 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len,
|
||||
return JBG_EIMPL | 5;
|
||||
s->options = s->buffer[19];
|
||||
|
||||
+ /* will the final image require more bytes than permitted by s->maxmem? */
|
||||
+ if (s->maxmem / s->planes / s->yd / jbg_ceil_half(s->xd, 3) == 0)
|
||||
+ return JBG_ENOMEM; /* increase s->maxmem if needed */
|
||||
+
|
||||
/* calculate number of stripes that will be required */
|
||||
s->stripes = jbg_stripes(s->l0, s->yd, s->d);
|
||||
|
||||
diff --git a/libjbig/jbig.h b/libjbig/jbig.h
|
||||
index 6799410..7a9cdf9 100644
|
||||
--- a/libjbig/jbig.h
|
||||
+++ b/libjbig/jbig.h
|
||||
@@ -181,6 +181,8 @@ struct jbg_dec_state {
|
||||
unsigned long xmax, ymax; /* if possible abort before image gets *
|
||||
* larger than this size */
|
||||
int dmax; /* abort after this layer */
|
||||
+ size_t maxmem; /* return JBG_ENOMEM if final image layer D
|
||||
+ would require more than maxmem bytes */
|
||||
};
|
||||
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
||||
28
jbigkit.spec
28
jbigkit.spec
@ -1,6 +1,6 @@
|
||||
Name: jbigkit
|
||||
Version: 2.1
|
||||
Release: 17
|
||||
Release: 22
|
||||
Summary: Lossless image compression library
|
||||
|
||||
License: GPLv2+
|
||||
@ -12,6 +12,9 @@ Patch0: jbigkit-2.1-shlib.patch
|
||||
Patch1: jbigkit-2.0-warnings.patch
|
||||
Patch2: jbigkit-ldflags.patch
|
||||
|
||||
Patch6000: backport-CVE-2017-9937.patch
|
||||
Patch6001: support-specify-cc.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
|
||||
@ -41,7 +44,10 @@ files for %{name} development.
|
||||
%autosetup -n %{name}-%{version} -p1
|
||||
|
||||
%build
|
||||
%make_build
|
||||
export CFLAGS="${CFLAGS:-%optflags}"
|
||||
export CXXFLAGS="${CXXFLAGS:-%optflags}"
|
||||
export FFLAGS="${FFLAGS:-%optflags}"
|
||||
make
|
||||
|
||||
%install
|
||||
pushd libjbig
|
||||
@ -79,6 +85,24 @@ make test
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Sun Apr 16 2023 jammyjellyfish <jammyjellyfish255@outlook.com> - 2.1-22
|
||||
- Support specify CC
|
||||
|
||||
* Fri Jan 13 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.1-21
|
||||
- fix build fail
|
||||
|
||||
* Tue Oct 25 2022 wangkerong <wangkerong@h-partners.com> - 2.1-20
|
||||
- rebuild for next release
|
||||
|
||||
* Sun Apr 24 2022 yangcheng <yangcheng87@h-partners.com> - 2.1-19
|
||||
- add CFLAGS in build
|
||||
|
||||
* Mon Apr 11 2022 xingxing <xingxing9@h-partners.com> - 2.1-18
|
||||
- Type:CVE
|
||||
- CVE:CVE-2017-9937
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2017-9937
|
||||
|
||||
* Mon Feb 17 2020 hexiujun <hexiujun1@huawei.com> - 2.1-17
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
36
support-specify-cc.patch
Normal file
36
support-specify-cc.patch
Normal file
@ -0,0 +1,36 @@
|
||||
diff -up jbigkit-2.1/libjbig/Makefile.orig2 jbigkit-2.1/libjbig/Makefile
|
||||
--- jbigkit-2.1/libjbig/Makefile.orig2 2023-04-16 16:44:13.690431844 +0800
|
||||
+++ jbigkit-2.1/libjbig/Makefile 2023-04-16 16:44:42.118544267 +0800
|
||||
@@ -1,7 +1,7 @@
|
||||
# Unix makefile for the JBIG-KIT library
|
||||
|
||||
# Select an ANSI/ISO C compiler here, GNU gcc is recommended
|
||||
-CC = gcc
|
||||
+CC ?= gcc
|
||||
|
||||
# Options for the compiler: A high optimization level is suggested
|
||||
CFLAGS = $(RPM_OPT_FLAGS) -W -Wall -ansi -pedantic # --coverage
|
||||
diff -up jbigkit-2.1/Makefile.orig2 jbigkit-2.1/Makefile
|
||||
--- jbigkit-2.1/Makefile.orig2 2023-04-16 16:43:38.182291412 +0800
|
||||
+++ jbigkit-2.1/Makefile 2023-04-16 16:45:00.230615896 +0800
|
||||
@@ -1,7 +1,7 @@
|
||||
# Unix makefile for JBIG-KIT
|
||||
|
||||
# Select an ANSI/ISO C compiler here, GNU gcc is recommended
|
||||
-CC = gcc
|
||||
+CC ?= gcc
|
||||
|
||||
# Options for the compiler: A high optimization level is suggested
|
||||
CFLAGS = $(RPM_OPT_FLAGS) -W -Wno-unused-result
|
||||
diff -up jbigkit-2.1/pbmtools/Makefile.orig2 jbigkit-2.1/pbmtools/Makefile
|
||||
--- jbigkit-2.1/pbmtools/Makefile.orig2 2023-04-16 16:44:32.126504750 +0800
|
||||
+++ jbigkit-2.1/pbmtools/Makefile 2023-04-16 16:44:48.254568533 +0800
|
||||
@@ -1,7 +1,7 @@
|
||||
# Unix makefile for the JBIG-KIT PBM tools
|
||||
|
||||
# Select an ANSI/ISO C compiler here, e.g. GNU gcc is recommended
|
||||
-CC = gcc
|
||||
+CC ?= gcc
|
||||
|
||||
# Options for the compiler
|
||||
CFLAGS = $(RPM_OPT_FLAGS) -W -Wall -Wno-unused-result -ansi -pedantic # --coverage
|
||||
Loading…
x
Reference in New Issue
Block a user