Fix CVE-2023-27781

CVE-2023-27781.patch

@@ -0,0 +1,12 @@
+diff -Naur a/jpegoptim.c b/jpegoptim.c
+--- a/jpegoptim.c	2023-03-27 15:19:15.047509310 +0800
++++ b/jpegoptim.c	2023-03-27 15:20:14.408374405 +0800
+@@ -1028,7 +1028,7 @@
+ 				fprintf(LOG_FH,csv ? "skipped\n" : "skipped.\n");
+ 			if (stdout_mode) {
+ 				set_filemode_binary(stdout);
+-				if (fwrite(inbuffer,insize,1,stdout) != 1)
++				if (fwrite(inbuffer, inbufferused, 1, stdout) != 1)
+ 					fatal("%s, write failed to stdout",(stdin_mode?"stdin":argv[i]));
+ 			}
+ 		}

jpegoptim.spec

@@ -1,10 +1,11 @@
 Name:          jpegoptim
 Version:       1.4.7
-Release:       1
+Release:       2
 Summary:       Utility to optimize JPEG files
 License:       GPLv2+
 URL:           http://www.kokkonen.net/tjko/projects.html
 Source0:       https://github.com/tjko/jpegoptim/archive/refs/tags/jpegoptim-1.4.7.tar.gz
+Patch0:        CVE-2023-27781.patch
 BuildRequires: coreutils gcc libjpeg-devel make
 
 %description
@@ -13,7 +14,7 @@ Jpegoptim is an utility to optimize JPEG files. Provides lossless optimization
 setting maximum quality factor.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure
@@ -31,6 +32,9 @@ install -Dpm 0644 jpegoptim.1 %{buildroot}/%{_mandir}/man1/jpegoptim.1
 %{_mandir}/man1/*.1*
 
 %changelog
+* Mon Mar 27 2023 yaoxin <yaoxin30@h-partners.com> - 1.4.7-2
+- Fix CVE-2023-27781
+
 * Sun Aug 21 2022 tianlijing <tianlijing@kylinos.cn> - 1.4.7-1
 - upgrade to 1.4.7