From f954be61ecee062ae803b7af72cb04f71f6c8464 Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Thu, 29 Aug 2024 08:32:06 +0000
Subject: [PATCH] fix CVE-2023-46361

(cherry picked from commit f16f1b4a15649c24a0725ad4ec0aaab24d7b5412)
---
 backport-CVE-2023-46361.patch | 26 ++++++++++++++++++++++++++
 jbig2dec.spec                 |  6 +++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-46361.patch

diff --git a/backport-CVE-2023-46361.patch b/backport-CVE-2023-46361.patch
new file mode 100644
index 0000000..fd7aa05
--- /dev/null
+++ b/backport-CVE-2023-46361.patch
@@ -0,0 +1,26 @@
+From ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 5 Nov 2023 12:21:52 +0100
+Subject: [PATCH] Bug 705041: jbig2dec: Avoid uninitialized allocator in
+ command-line tool.
+
+Reference:https://github.com/ArtifexSoftware/jbig2dec/commit/ee53a7e4bc7819d32e8c0b2057885bcc97586bf3
+Conflict:NA
+
+---
+ jbig2dec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jbig2dec.c b/jbig2dec.c
+index 15d204d..1e1dad8 100644
+--- a/jbig2dec.c
++++ b/jbig2dec.c
+@@ -567,7 +567,7 @@ main(int argc, char **argv)
+ {
+     jbig2dec_params_t params;
+     jbig2dec_error_callback_state_t error_callback_state;
+-    jbig2dec_allocator_t allocator_;
++    jbig2dec_allocator_t allocator_ = { 0 };
+     jbig2dec_allocator_t *allocator = &allocator_;
+     Jbig2Ctx *ctx = NULL;
+     FILE *f = NULL, *f_page = NULL;
diff --git a/jbig2dec.spec b/jbig2dec.spec
index e9b6744..70e2ec8 100644
--- a/jbig2dec.spec
+++ b/jbig2dec.spec
@@ -1,6 +1,6 @@
 Name:           jbig2dec
 Version:        0.19
-Release:        4
+Release:        5
 Summary:        A decoder implementation of the JBIG2 image compression format.
 
 License:        AGPLv3+
@@ -9,6 +9,7 @@ Source0:        https://github.com/ArtifexSoftware/jbig2dec/archive/%{version}.t
 
 Patch0:         backprot-add-casts-to-silence-a-compiler-warning.patch
 Patch1:         backprot-searching-for-a-marker-in-a-stream.patch
+Patch6000:      backport-CVE-2023-46361.patch
 
 BuildRequires:  gcc libtool chrpath
 Provides:       %{name}-libs = %{version}-%{release}
@@ -73,6 +74,9 @@ echo "/usr/lib64" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %{_mandir}/man1/%{name}.1*
 
 %changelog
+* Thu Aug 29 2024 zhangpan <zhangpan103@h-partners.com> - 0.19-5
+- fix CVE-2023-46361
+
 * Thu Oct 27 2022 wuzx<wuzx1226@qq.com> - 0.19-4
 - Type:feature
 - CVE:NA