diff --git a/.gitignore b/.gitignore index f9178ef..01a77dd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/jbig2dec-0.14.tar.gz +SOURCES/jbig2dec-0.16.tar.gz diff --git a/.jbig2dec.metadata b/.jbig2dec.metadata index 7e673c2..5532383 100644 --- a/.jbig2dec.metadata +++ b/.jbig2dec.metadata @@ -1 +1 @@ -c4c834962d1357f9aaacecd7fca8236326e45975 SOURCES/jbig2dec-0.14.tar.gz +38c62210d92102952b18400b15eb4e727a755bfd SOURCES/jbig2dec-0.16.tar.gz diff --git a/SOURCES/CVE-2020-12268.patch b/SOURCES/CVE-2020-12268.patch new file mode 100644 index 0000000..a77ffa4 --- /dev/null +++ b/SOURCES/CVE-2020-12268.patch @@ -0,0 +1,48 @@ +From 24ddcfc7e37c0ce3b0f1852042ee431a53fd774c Mon Sep 17 00:00:00 2001 +From: Robin Watts +Date: Mon, 27 Jan 2020 10:12:24 -0800 +Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in + jbig2_image_compose. + +With extreme values of x/y/w/h we can get overflow. Test for this +and exit safely. + +Thanks for OSS-Fuzz for reporting. +--- + jbig2_image.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/jbig2_image.c b/jbig2_image.c +index 22e21ef..f036cef 100644 +--- a/jbig2_image.c ++++ b/jbig2_image.c +@@ -34,6 +34,10 @@ + #define INT32_MAX 0x7fffffff + #endif + ++#if !defined (UINT32_MAX) ++#define UINT32_MAX 0xffffffffu ++#endif ++ + /* allocate a Jbig2Image structure and its associated bitmap */ + Jbig2Image * + jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height) +@@ -255,6 +259,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int + uint8_t *d, *dd; + uint8_t mask, rightmask; + ++ if ((UINT32_MAX - src->width < (x > 0 ? x : -x)) || ++ (UINT32_MAX - src->height < (y > 0 ? y : -y))) ++ { ++#ifdef JBIG2_DEBUG ++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image"); ++#endif ++ return 0; ++ } ++ + if (src == NULL) + return 0; + +-- +2.26.2 + diff --git a/SPECS/jbig2dec.spec b/SPECS/jbig2dec.spec index d8ede1e..e80e992 100644 --- a/SPECS/jbig2dec.spec +++ b/SPECS/jbig2dec.spec @@ -1,13 +1,16 @@ Name: jbig2dec -Version: 0.14 -Release: 2%{?dist} +Version: 0.16 +Release: 1%{?dist} Summary: A decoder implementation of the JBIG2 image compression format Group: System Environment/Libraries License: GPLv2 URL: http://jbig2dec.sourceforge.net/ -Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/%{name}-%{version}.tar.gz +Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/%{name}-%{version}.tar.gz BuildRequires: libtool +Requires: %{name}-libs = %{version}-%{release} + +Patch0: CVE-2020-12268.patch %description jbig2dec is a decoder implementation of the JBIG2 image compression format. @@ -47,6 +50,7 @@ which requires the jbig2dec library. %prep %setup -q +%patch0 -p1 %build @@ -83,6 +87,18 @@ rm -f %{buildroot}%{_libdir}/*.la %changelog +* Thu Oct 08 2020 Nikola Forró - 0.16-1 +- Update to 0.16 + resolves: #1886011 + +* Sun Jun 28 2020 Nikola Forró - 0.14-4 +- Add explicit package version requirement on jbig2dec-libs to jbig2dec + related: #1851058 + +* Fri Jun 26 2020 Nikola Forró - 0.14-3 +- Fix CVE-2020-12268 + resolves: #1851058 + * Wed Feb 07 2018 Fedora Release Engineering - 0.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild