!32 [sync] PR-27: fix CVE-2023-46361

From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2023-46361.patch

@@ -0,0 +1,26 @@
+From ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 5 Nov 2023 12:21:52 +0100
+Subject: [PATCH] Bug 705041: jbig2dec: Avoid uninitialized allocator in
+ command-line tool.
+
+Reference:https://github.com/ArtifexSoftware/jbig2dec/commit/ee53a7e4bc7819d32e8c0b2057885bcc97586bf3
+Conflict:NA
+
+---
+ jbig2dec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jbig2dec.c b/jbig2dec.c
+index 15d204d..1e1dad8 100644
+--- a/jbig2dec.c
++++ b/jbig2dec.c
+@@ -567,7 +567,7 @@ main(int argc, char **argv)
+ {
+     jbig2dec_params_t params;
+     jbig2dec_error_callback_state_t error_callback_state;
+-    jbig2dec_allocator_t allocator_;
++    jbig2dec_allocator_t allocator_ = { 0 };
+     jbig2dec_allocator_t *allocator = &allocator_;
+     Jbig2Ctx *ctx = NULL;
+     FILE *f = NULL, *f_page = NULL;

jbig2dec.spec

@@ -1,6 +1,6 @@
 Name:           jbig2dec
 Version:        0.19
-Release:        4
+Release:        5
 Summary:        A decoder implementation of the JBIG2 image compression format.
 
 License:        AGPLv3+
@@ -9,6 +9,7 @@ Source0:        https://github.com/ArtifexSoftware/jbig2dec/archive/%{version}.t
 
 Patch0:         backprot-add-casts-to-silence-a-compiler-warning.patch
 Patch1:         backprot-searching-for-a-marker-in-a-stream.patch
+Patch6000:      backport-CVE-2023-46361.patch
 
 BuildRequires:  gcc libtool chrpath
 Provides:       %{name}-libs = %{version}-%{release}
@@ -73,6 +74,9 @@ echo "/usr/lib64" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %{_mandir}/man1/%{name}.1*
 
 %changelog
+* Thu Aug 29 2024 zhangpan <zhangpan103@h-partners.com> - 0.19-5
+- fix CVE-2023-46361
+
 * Thu Oct 27 2022 wuzx<wuzx1226@qq.com> - 0.19-4
 - Type:feature
 - CVE:NA