!7 [sync] PR-5: Upgrade to 1.5.5 for fix CVE-2022-32325

From: @openeuler-sync-bot Reviewed-by: @starlet-dx Signed-off-by: @starlet-dx
2024-04-01 07:03:53 +00:00 · 2024-04-01 07:03:53 +00:00 · 90c4526127
commit 90c4526127
parent 37a49481d7 78279bc3d2
4 changed files with 6 additions and 16 deletions
--- a/CVE-2023-27781.patch
+++ b/CVE-2023-27781.patch
@ -1,12 +0,0 @@
 diff -Naur a/jpegoptim.c b/jpegoptim.c
 --- a/jpegoptim.c	2023-03-27 15:19:15.047509310 +0800
 +++ b/jpegoptim.c	2023-03-27 15:20:14.408374405 +0800
@@ -1028,7 +1028,7 @@
 				fprintf(LOG_FH,csv ? "skipped\n" : "skipped.\n");
 			if (stdout_mode) {
 				set_filemode_binary(stdout);
 -				if (fwrite(inbuffer,insize,1,stdout) != 1)
 +				if (fwrite(inbuffer, inbufferused, 1, stdout) != 1)
 					fatal("%s, write failed to stdout",(stdin_mode?"stdin":argv[i]));
 			}
 		}
--- a/jpegoptim-1.4.7.tar.gz
+++ b/jpegoptim-1.4.7.tar.gz
--- a/jpegoptim-1.5.5.tar.gz
+++ b/jpegoptim-1.5.5.tar.gz
--- a/jpegoptim.spec
+++ b/jpegoptim.spec
@ -1,11 +1,10 @@
 Name:          jpegoptim
-Version:       1.4.7
+Version:       1.5.5
-Release:       2
+Release:       1
 Summary:       Utility to optimize JPEG files
 License:       GPLv2+
 URL:           http://www.kokkonen.net/tjko/projects.html
-Source0:       https://github.com/tjko/jpegoptim/archive/refs/tags/jpegoptim-1.4.7.tar.gz
+Source0:       https://github.com/tjko/jpegoptim/archive/v%{version}/%{name}-%{version}.tar.gz
 Patch0:        CVE-2023-27781.patch
 BuildRequires: coreutils gcc libjpeg-devel make
 %description
@ -32,6 +31,9 @@ install -Dpm 0644 jpegoptim.1 %{buildroot}/%{_mandir}/man1/jpegoptim.1
 %{_mandir}/man1/*.1*
 %changelog
 * Mon Apr 01 2024 yaoxin <yao_xin001@hoperun.com> - 1.5.5-1
 - Upgrade to 1.5.5 for fix CVE-2022-32325
 * Mon Mar 27 2023 yaoxin <yaoxin30@h-partners.com> - 1.4.7-2
 - Fix CVE-2023-27781