Sync from SUSE:SLFO:Main jbigkit revision 9baa9cae6b76f3eab4d87645cef0ffaf
This commit is contained in:
parent
c0690b27ab
commit
187b656635
36
jbigkit-CVE-2022-1210.patch
Normal file
36
jbigkit-CVE-2022-1210.patch
Normal file
@ -0,0 +1,36 @@
|
||||
Index: jbigkit-2.1/libjbig/jbig.c
|
||||
===================================================================
|
||||
--- jbigkit-2.1.orig/libjbig/jbig.c
|
||||
+++ jbigkit-2.1/libjbig/jbig.c
|
||||
@@ -2051,6 +2051,7 @@ void jbg_dec_init(struct jbg_dec_state *
|
||||
s->xmax = 4294967295UL;
|
||||
s->ymax = 4294967295UL;
|
||||
s->dmax = 256;
|
||||
+ s->maxmem = 2000000000; /* no final image larger than 2 GB by default */
|
||||
s->s = NULL;
|
||||
|
||||
return;
|
||||
@@ -2640,6 +2641,10 @@ int jbg_dec_in(struct jbg_dec_state *s,
|
||||
return JBG_EIMPL | 5;
|
||||
s->options = s->buffer[19];
|
||||
|
||||
+ /* will the final image require more bytes than permitted by s->maxmem? */
|
||||
+ if (s->maxmem / s->planes / s->yd / jbg_ceil_half(s->xd, 3) == 0)
|
||||
+ return JBG_ENOMEM; /* increase s->maxmem if needed */
|
||||
+
|
||||
/* calculate number of stripes that will be required */
|
||||
s->stripes = jbg_stripes(s->l0, s->yd, s->d);
|
||||
|
||||
Index: jbigkit-2.1/libjbig/jbig.h
|
||||
===================================================================
|
||||
--- jbigkit-2.1.orig/libjbig/jbig.h
|
||||
+++ jbigkit-2.1/libjbig/jbig.h
|
||||
@@ -181,6 +181,8 @@ struct jbg_dec_state {
|
||||
unsigned long xmax, ymax; /* if possible abort before image gets *
|
||||
* larger than this size */
|
||||
int dmax; /* abort after this layer */
|
||||
+ size_t maxmem; /* return JBG_ENOMEM if final image layer D
|
||||
+ would require more than maxmem bytes */
|
||||
};
|
||||
|
||||
|
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 19 12:07:52 UTC 2023 - pgajdos@suse.com
|
||||
|
||||
- security update
|
||||
- added patches
|
||||
fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler
|
||||
+ jbigkit-CVE-2022-1210.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 24 10:46:45 UTC 2022 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package jbigkit
|
||||
#
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -28,6 +28,8 @@ URL: http://www.cl.cam.ac.uk/~mgk25/jbigkit/
|
||||
Source0: http://www.cl.cam.ac.uk/~mgk25/download/%{name}-%{version}.tar.gz
|
||||
Source42: baselibs.conf
|
||||
Patch0: %{name}-%{version}-shlib.patch
|
||||
# CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler
|
||||
Patch1: jbigkit-CVE-2022-1210.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%define libname libjbig
|
||||
@ -69,8 +71,7 @@ The jbigkit package contains tools for converting between PBM and JBIG1
|
||||
formats.
|
||||
|
||||
%prep
|
||||
%setup
|
||||
%patch0 -p1
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
export CFLAGS="%optflags -I../libjbig" CXXFLAGS="%optflags"
|
||||
|
Loading…
Reference in New Issue
Block a user