import jbig2dec-0.16-1.el8

.gitignore

@@ -1 +1 @@
-SOURCES/jbig2dec-0.14.tar.gz
+SOURCES/jbig2dec-0.16.tar.gz

.jbig2dec.metadata

@@ -1 +1 @@
-c4c834962d1357f9aaacecd7fca8236326e45975 SOURCES/jbig2dec-0.14.tar.gz
+38c62210d92102952b18400b15eb4e727a755bfd SOURCES/jbig2dec-0.16.tar.gz

SOURCES/CVE-2020-12268.patch

@@ -0,0 +1,48 @@
+From 24ddcfc7e37c0ce3b0f1852042ee431a53fd774c Mon Sep 17 00:00:00 2001
+From: Robin Watts <Robin.Watts@artifex.com>
+Date: Mon, 27 Jan 2020 10:12:24 -0800
+Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in
+ jbig2_image_compose.
+
+With extreme values of x/y/w/h we can get overflow. Test for this
+and exit safely.
+
+Thanks for OSS-Fuzz for reporting.
+---
+ jbig2_image.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 22e21ef..f036cef 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -34,6 +34,10 @@
+ #define INT32_MAX  0x7fffffff
+ #endif
+ 
++#if !defined (UINT32_MAX)
++#define UINT32_MAX  0xffffffffu
++#endif
++
+ /* allocate a Jbig2Image structure and its associated bitmap */
+ Jbig2Image *
+ jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
+@@ -255,6 +259,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+     uint8_t *d, *dd;
+     uint8_t mask, rightmask;
+ 
++    if ((UINT32_MAX - src->width  < (x > 0 ? x : -x)) ||
++        (UINT32_MAX - src->height < (y > 0 ? y : -y)))
++    {
++#ifdef JBIG2_DEBUG
++        jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image");
++#endif
++        return 0;
++    }
++
+     if (src == NULL)
+         return 0;
+ 
+-- 
+2.26.2
+

SPECS/jbig2dec.spec

@@ -1,13 +1,16 @@
 Name:           jbig2dec
-Version:        0.14
+Version:        0.16
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        A decoder implementation of the JBIG2 image compression format 
 
 Group:          System Environment/Libraries
 License:        GPLv2
 URL:            http://jbig2dec.sourceforge.net/
-Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/%{name}-%{version}.tar.gz
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/%{name}-%{version}.tar.gz
 BuildRequires:  libtool
+Requires:       %{name}-libs = %{version}-%{release}
+
+Patch0:         CVE-2020-12268.patch
 
 %description
 jbig2dec is a decoder implementation of the JBIG2 image compression format.
@@ -47,6 +50,7 @@ which requires the jbig2dec library.
 
 %prep
 %setup -q
+%patch0 -p1
 
 
 %build
@@ -83,6 +87,18 @@ rm -f %{buildroot}%{_libdir}/*.la
 
 
 %changelog
+* Thu Oct 08 2020 Nikola Forró <nforro@redhat.com> - 0.16-1
+- Update to 0.16
+  resolves: #1886011
+
+* Sun Jun 28 2020 Nikola Forró <nforro@redhat.com> - 0.14-4
+- Add explicit package version requirement on jbig2dec-libs to jbig2dec
+  related: #1851058
+
+* Fri Jun 26 2020 Nikola Forró <nforro@redhat.com> - 0.14-3
+- Fix CVE-2020-12268
+  resolves: #1851058
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild