diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f9178ef --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/jbig2dec-0.14.tar.gz diff --git a/.jbig2dec.metadata b/.jbig2dec.metadata new file mode 100644 index 0000000..7e673c2 --- /dev/null +++ b/.jbig2dec.metadata @@ -0,0 +1 @@ +c4c834962d1357f9aaacecd7fca8236326e45975 SOURCES/jbig2dec-0.14.tar.gz diff --git a/SOURCES/CVE-2020-12268.patch b/SOURCES/CVE-2020-12268.patch new file mode 100644 index 0000000..cd7c58a --- /dev/null +++ b/SOURCES/CVE-2020-12268.patch @@ -0,0 +1,48 @@ +From df29c989c7578476921d4f5ec277ee3cc9e87350 Mon Sep 17 00:00:00 2001 +From: Robin Watts +Date: Mon, 27 Jan 2020 10:12:24 -0800 +Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in + jbig2_image_compose. + +With extreme values of x/y/w/h we can get overflow. Test for this +and exit safely. + +Thanks for OSS-Fuzz for reporting. +--- + jbig2_image.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/jbig2_image.c b/jbig2_image.c +index 23e12ae..74050b9 100644 +--- a/jbig2_image.c ++++ b/jbig2_image.c +@@ -30,6 +30,10 @@ + #include "jbig2_priv.h" + #include "jbig2_image.h" + ++#if !defined (UINT32_MAX) ++#define UINT32_MAX 0xffffffffu ++#endif ++ + /* allocate a Jbig2Image structure and its associated bitmap */ + Jbig2Image * + jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height) +@@ -229,6 +233,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int + uint8_t *d, *dd; + uint8_t mask, rightmask; + ++ if ((UINT32_MAX - src->width < (x > 0 ? x : -x)) || ++ (UINT32_MAX - src->height < (y > 0 ? y : -y))) ++ { ++#ifdef JBIG2_DEBUG ++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image"); ++#endif ++ return 0; ++ } ++ + if (op != JBIG2_COMPOSE_OR) { + /* hand off the the general routine */ + return jbig2_image_compose_unopt(ctx, dst, src, x, y, op); +-- +2.26.2 + diff --git a/SPECS/jbig2dec.spec b/SPECS/jbig2dec.spec new file mode 100644 index 0000000..3d7fdea --- /dev/null +++ b/SPECS/jbig2dec.spec @@ -0,0 +1,160 @@ +Name: jbig2dec +Version: 0.14 +Release: 4%{?dist} +Summary: A decoder implementation of the JBIG2 image compression format + +Group: System Environment/Libraries +License: GPLv2 +URL: http://jbig2dec.sourceforge.net/ +Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/%{name}-%{version}.tar.gz +BuildRequires: libtool +Requires: %{name}-libs = %{version}-%{release} + +Patch0: CVE-2020-12268.patch + +%description +jbig2dec is a decoder implementation of the JBIG2 image compression format. +JBIG2 is designed for lossy or lossless encoding of 'bilevel' (1-bit +monochrome) images at moderately high resolution, and in particular scanned +paper documents. In this domain it is very efficient, offering compression +ratios on the order of 100:1. + +%package libs +Summary: A decoder implementation of the JBIG2 image compression format +Group: System Environment/Libraries + +%description libs +jbig2dec is a decoder implementation of the JBIG2 image compression format. +JBIG2 is designed for lossy or lossless encoding of 'bilevel' (1-bit +monochrome) images at moderately high resolution, and in particular scanned +paper documents. In this domain it is very efficient, offering compression +ratios on the order of 100:1. + +This package provides the shared jbig2dec library. + +%package devel +Summary: Static library and header files for development with jbig2dec +Group: Development/Libraries +Requires: %{name}-libs = %{version}-%{release} + +%description devel +jbig2dec is a decoder implementation of the JBIG2 image compression format. +JBIG2 is designed for lossy or lossless encoding of 'bilevel' (1-bit +monochrome) images at moderately high resolution, and in particular scanned +paper documents. In this domain it is very efficient, offering compression +ratios on the order of 100:1. + +This package is only needed if you plan to develop or compile applications +which requires the jbig2dec library. + + +%prep +%setup -q +%patch0 -p1 + + +%build +autoreconf -i +%configure +make %{?_smp_mflags} + + +%install +make DESTDIR=%{buildroot} install +rm -f %{buildroot}%{_libdir}/*.a +rm -f %{buildroot}%{_libdir}/*.la + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + + +%files +%doc CHANGES COPYING LICENSE README +%{_bindir}/jbig2dec +%{_mandir}/man?/jbig2dec.1.gz + +%files devel +%doc CHANGES COPYING LICENSE README +%{_includedir}/jbig2.h +%{_libdir}/libjbig2dec.so + +%files libs +%doc CHANGES COPYING LICENSE README +%{_libdir}/libjbig2dec.so.0 +%{_libdir}/libjbig2dec.so.0.0.0 + + + +%changelog +* Sun Jun 28 2020 Nikola Forró - 0.14-4 +- Add explicit package version requirement on jbig2dec-libs to jbig2dec + related: #1851057 + +* Fri Jun 26 2020 Nikola Forró - 0.14-3 +- Fix CVE-2020-12268 + resolves: #1851057 + +* Wed Feb 07 2018 Fedora Release Engineering - 0.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Nov 11 2017 Michael J Gruber - 0.14-1 +- update to 0.14 (bugfix release) + +* Wed Aug 02 2017 Fedora Release Engineering - 0.13-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu May 11 2017 Pavel Zhukov - 0.13.4 +- Add fix for CVE-2017-7976 (#1443898) + +* Wed May 3 2017 Pavel Zhukov - 0.13-3 +- Prevent segserv due to int overflow (#1443898) + +* Tue Mar 07 2017 Pavel Zhukov - 0.13-1 +- New release 0.13 + +* Fri Feb 10 2017 Fedora Release Engineering - 0.12-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 0.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Nov 27 2015 Pavel Zhukov - 0.12-2 +- New release (#1208076) +- Require autotools + +* Wed Jun 17 2015 Fedora Release Engineering - 0.11-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 0.11-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.11-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 0.11-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sat Mar 23 2013 Pavel Zhukov - 0.11-7 +- Add ARM64 patch + +* Thu Feb 14 2013 Fedora Release Engineering - 0.11-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jul 19 2012 Fedora Release Engineering - 0.11-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 0.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 0.11-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Pavel Zhukov - 0.11-2.fc14 +- Fixed some spec errors + +* Tue Jan 11 2011 Pavel Zhukov - 0.11-1.fc14 +- Initial package