!32 [sync] PR-27: fix CVE-2023-46361

From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2023-46361.patch

@@ -0,0 +1,26 @@
+From ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 5 Nov 2023 12:21:52 +0100
+Subject: [PATCH] Bug 705041: jbig2dec: Avoid uninitialized allocator in
+ command-line tool.
+
+Reference:https://github.com/ArtifexSoftware/jbig2dec/commit/ee53a7e4bc7819d32e8c0b2057885bcc97586bf3
+Conflict:NA
+
+---
+ jbig2dec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jbig2dec.c b/jbig2dec.c
+index 15d204d..1e1dad8 100644
+--- a/jbig2dec.c
++++ b/jbig2dec.c
+@@ -567,7 +567,7 @@ main(int argc, char **argv)
+ {
+     jbig2dec_params_t params;
+     jbig2dec_error_callback_state_t error_callback_state;
+-    jbig2dec_allocator_t allocator_;
++    jbig2dec_allocator_t allocator_ = { 0 };
+     jbig2dec_allocator_t *allocator = &allocator_;
+     Jbig2Ctx *ctx = NULL;
+     FILE *f = NULL, *f_page = NULL;

backprot-add-casts-to-silence-a-compiler-warning.patch

@@ -0,0 +1,26 @@
+From d8294b25104e9033408c18b68567281ae8e9d5e0 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sat, 7 Nov 2020 00:33:46 +0800
+Subject: [PATCH] jbig2dec: Add casts to silence a compiler warning.
+
+---
+ jbig2_image.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 2cb1e14..19eef22 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -347,8 +347,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+     if (src == NULL)
+         return 0;
+ 
+-    if ((UINT32_MAX - src->width  < (x > 0 ? x : -x)) ||
+-        (UINT32_MAX - src->height < (y > 0 ? y : -y)))
++    if ((UINT32_MAX - src->width  < (uint32_t) (x > 0 ? x : -x)) ||
++        (UINT32_MAX - src->height < (uint32_t) (y > 0 ? y : -y)))
+     {
+ #ifdef JBIG2_DEBUG
+         jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, JBIG2_UNKNOWN_SEGMENT_NUMBER, "overflow in compose_image");
+--
+2.27.0

backprot-searching-for-a-marker-in-a-stream.patch

@@ -0,0 +1,82 @@
+From f93f613aa9873026ccf7b0d625eb86c27b6b42b9 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 1 Oct 2020 15:58:25 +0100
+Subject: [PATCH] Searching for a marker in a stream, honor alignment
+
+When searching for markers in a stream buffer, we were "seeking" to the point
+in the buffer, and casting to either a byte, ushort or a uint to make the
+value comparison. But we cannot do that on SPARC because of the strict
+alignment on that hardware.
+
+So, we have to "unpack" the individual bytes from the stream to do the value
+comparison.
+
+Note: there are slightly confusing comments in the code that mention being
+"on a 16 bit boundary" and "on a 32 bit boundary" - that's referring to the
+offset into the buffer, *not* the actual memory address alignment.
+
+Found in testing on Solaris/SPARC
+---
+ jbig2_mmr.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/jbig2_mmr.c b/jbig2_mmr.c
+index 578754c..5c39903 100644
+--- a/jbig2_mmr.c
++++ b/jbig2_mmr.c
+@@ -744,6 +744,16 @@ const mmr_table_node jbig2_mmr_black_decode[] = {
+ 
+ #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
+ 
++/* On platforms that enforce aligned memory accesses, we can't just
++ * cast the byte * to the type of object we are accessing, we have
++ * unpack the requisite number of bytes, and deal with it that way.
++ * Note that the comments below about being 16/32 bit boundaries
++ * is referring to offsets into the byte stream, *not* memory
++ * addresses.
++ */
++#define getword16(b)  ((uint16_t)(b[0] | (b[1] << 8)))
++#define getword32(b)  ((uint32_t)(getword16(b) | (getword16((b + 2)) << 16)))
++
+ static uint32_t
+ jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
+ {
+@@ -817,7 +827,7 @@ jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
+         if (w - x < 16) {
+             goto check8;
+         }
+-        if ( ((uint16_t*) line)[ x / 16] != all16) {
++        if ( getword16((line + (x / 8))) != all16) {
+             goto check8_no_eof;
+         }
+         x += 16; /* This will make x a multiple of 32. */
+@@ -835,7 +845,7 @@ jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
+             look at the next uint16, then uint8, then last 8 bits. */
+             goto check16;
+         }
+-        if (((uint32_t*) line)[x/32] != all32) {
++        if ( getword32((line + (x / 8))) != all32) {
+             goto check16_no_eof;
+         }
+         x += 32;
+@@ -849,7 +859,7 @@ jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
+     }
+ check16_no_eof:
+     assert(w - x >= 16);
+-    if ( ((uint16_t*) line)[x/16] != all16) {
++    if ( getword16((line + (x / 8))) != all16) {
+         goto check8_no_eof;
+     }
+     x += 16;
+@@ -890,6 +900,9 @@ jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
+     return x;
+ }
+ 
++#undef getword16
++#undef getword32
++
+ static uint32_t
+ jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
+ {
+--
+2.27.0

jbig2dec.spec

@@ -1,12 +1,16 @@
 Name:           jbig2dec
-Version:        0.18
-Release:        2
+Version:        0.19
+Release:        5
 Summary:        A decoder implementation of the JBIG2 image compression format.
 
-License:        GPLv2
+License:        AGPLv3+
 URL:            https://jbig2dec.com/
 Source0:        https://github.com/ArtifexSoftware/jbig2dec/archive/%{version}.tar.gz
 
+Patch0:         backprot-add-casts-to-silence-a-compiler-warning.patch
+Patch1:         backprot-searching-for-a-marker-in-a-stream.patch
+Patch6000:      backport-CVE-2023-46361.patch
+
 BuildRequires:  gcc libtool chrpath
 Provides:       %{name}-libs = %{version}-%{release}
 Obsoletes:      %{name}-libs < %{version}-%{release}
@@ -31,6 +35,10 @@ Files for jbig2dec development.
 %configure
 %make_build
 
+%check
+sed -i '1s/python/python3/' test_jbig2dec.py
+make check
+
 %install
 %make_install
 %delete_la_and_a
@@ -39,7 +47,11 @@ Files for jbig2dec development.
 chrpath -d %{buildroot}%{_bindir}/jbig2dec
 
 mkdir -p %{buildroot}/etc/ld.so.conf.d
+%ifarch sw_64
+echo "/usr/lib" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+%else
 echo "/usr/lib64" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+%endif
 
 %ldconfig_scriptlets
 
@@ -62,6 +74,27 @@ echo "/usr/lib64" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %{_mandir}/man1/%{name}.1*
 
 %changelog
+* Thu Aug 29 2024 zhangpan <zhangpan103@h-partners.com> - 0.19-5
+- fix CVE-2023-46361
+
+* Thu Oct 27 2022 wuzx<wuzx1226@qq.com> - 0.19-4
+- Type:feature
+- CVE:NA
+- SUG:NA
+- DESC:Add sw64 architecture
+
+* Thu Mar 31 2022 liuyumeng <liuyumeng5@h-partners.com> - 0.19-3
+- enable tests
+
+* Sat Mar 27 2021 dowzyx  <zhaoyuxing2@huawei.com> - 0.19-2
+- Type:bufix
+- ID:NA
+- SUG:NA
+- DESC:fix fuzz test from open source community
+
+* Thu Jan 28 2021 zhanzhimin <zhanzhimin@huawei.com> - 0.19-1
+- update to 0.19
+
 * Tue Sep 8 2020 hanhui <hanhui15@huawei.com> - 0.18-2
 - Type:bugfix
 - ID:NA