From a738165fc91fbfa4fcf8a9e263281c2c5839dcd2 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Mon, 27 Mar 2023 15:26:07 +0800
Subject: [PATCH] Fix CVE-2023-27781

---
 CVE-2023-27781.patch | 12 ++++++++++++
 jpegoptim.spec       |  8 ++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2023-27781.patch

diff --git a/CVE-2023-27781.patch b/CVE-2023-27781.patch
new file mode 100644
index 0000000..793d3bf
--- /dev/null
+++ b/CVE-2023-27781.patch
@@ -0,0 +1,12 @@
+diff -Naur a/jpegoptim.c b/jpegoptim.c
+--- a/jpegoptim.c	2023-03-27 15:19:15.047509310 +0800
++++ b/jpegoptim.c	2023-03-27 15:20:14.408374405 +0800
+@@ -1028,7 +1028,7 @@
+ 				fprintf(LOG_FH,csv ? "skipped\n" : "skipped.\n");
+ 			if (stdout_mode) {
+ 				set_filemode_binary(stdout);
+-				if (fwrite(inbuffer,insize,1,stdout) != 1)
++				if (fwrite(inbuffer, inbufferused, 1, stdout) != 1)
+ 					fatal("%s, write failed to stdout",(stdin_mode?"stdin":argv[i]));
+ 			}
+ 		}
diff --git a/jpegoptim.spec b/jpegoptim.spec
index be2c63a..f668108 100644
--- a/jpegoptim.spec
+++ b/jpegoptim.spec
@@ -1,10 +1,11 @@
 Name:          jpegoptim
 Version:       1.4.7
-Release:       1
+Release:       2
 Summary:       Utility to optimize JPEG files
 License:       GPLv2+
 URL:           http://www.kokkonen.net/tjko/projects.html
 Source0:       https://github.com/tjko/jpegoptim/archive/refs/tags/jpegoptim-1.4.7.tar.gz
+Patch0:        CVE-2023-27781.patch
 BuildRequires: coreutils gcc libjpeg-devel make
 
 %description
@@ -13,7 +14,7 @@ Jpegoptim is an utility to optimize JPEG files. Provides lossless optimization
 setting maximum quality factor.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure
@@ -31,6 +32,9 @@ install -Dpm 0644 jpegoptim.1 %{buildroot}/%{_mandir}/man1/jpegoptim.1
 %{_mandir}/man1/*.1*
 
 %changelog
+* Mon Mar 27 2023 yaoxin <yaoxin30@h-partners.com> - 1.4.7-2
+- Fix CVE-2023-27781
+
 * Sun Aug 21 2022 tianlijing <tianlijing@kylinos.cn> - 1.4.7-1
 - upgrade to 1.4.7