4 changed files with 97 additions and 95 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/jbig2dec-0.19.tar.gz
+SOURCES/jbig2dec-0.16.tar.gz
--- a/.jbig2dec.metadata
+++ b/.jbig2dec.metadata
@ -1 +1 @@
-290c2c15f672b8d6d73351bbd94925d7bd2a293c SOURCES/jbig2dec-0.19.tar.gz
+38c62210d92102952b18400b15eb4e727a755bfd SOURCES/jbig2dec-0.16.tar.gz
--- a/SOURCES/CVE-2020-12268.patch
+++ b/SOURCES/CVE-2020-12268.patch
@ -0,0 +1,48 @@
 From 24ddcfc7e37c0ce3b0f1852042ee431a53fd774c Mon Sep 17 00:00:00 2001
 From: Robin Watts <Robin.Watts@artifex.com>
 Date: Mon, 27 Jan 2020 10:12:24 -0800
 Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in
 jbig2_image_compose.
 With extreme values of x/y/w/h we can get overflow. Test for this
 and exit safely.
 Thanks for OSS-Fuzz for reporting.
 ---
 jbig2_image.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 diff --git a/jbig2_image.c b/jbig2_image.c
 index 22e21ef..f036cef 100644
 --- a/jbig2_image.c
 +++ b/jbig2_image.c
@@ -34,6 +34,10 @@
 #define INT32_MAX  0x7fffffff
 #endif
 +#if !defined (UINT32_MAX)
 +#define UINT32_MAX  0xffffffffu
 +#endif
 +
 /* allocate a Jbig2Image structure and its associated bitmap */
 Jbig2Image *
 jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
@@ -255,6 +259,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
     uint8_t *d, *dd;
     uint8_t mask, rightmask;
 +    if ((UINT32_MAX - src->width  < (x > 0 ? x : -x)) ||
 +        (UINT32_MAX - src->height < (y > 0 ? y : -y)))
 +    {
 +#ifdef JBIG2_DEBUG
 +        jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image");
 +#endif
 +        return 0;
 +    }
 +
     if (src == NULL)
         return 0;
 -- 
 2.26.2
--- a/SPECS/jbig2dec.spec
+++ b/SPECS/jbig2dec.spec
@ -1,14 +1,16 @@
-Name:		jbig2dec
+Name:           jbig2dec
-Version:	0.19
+Version:        0.16
-Release:	7%{?dist}
+Release:        1%{?dist}
-Summary:	A decoder implementation of the JBIG2 image compression format 
+Summary:        A decoder implementation of the JBIG2 image compression format 
-License:	AGPLv3+
+
-URL:		http://jbig2dec.sourceforge.net/
+Group:          System Environment/Libraries
-Source0:	https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/%{name}-%{version}.tar.gz
+License:        GPLv2
-Requires:	%{name}-libs = %{version}-%{release}
+URL:            http://jbig2dec.sourceforge.net/
-BuildRequires:	libtool
+Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/%{name}-%{version}.tar.gz
-BuildRequires:	libpng-devel
+BuildRequires:  libtool
-BuildRequires: make
+Requires:       %{name}-libs = %{version}-%{release}
 Patch0:         CVE-2020-12268.patch
 %description
 jbig2dec is a decoder implementation of the JBIG2 image compression format.
@ -17,10 +19,11 @@ monochrome) images at moderately high resolution, and in particular scanned
 paper documents. In this domain it is very efficient, offering compression
 ratios on the order of 100:1.
-%package libs 
+%package  libs 
-Summary:	A decoder implementation of the JBIG2 image compression format
+Summary:         A decoder implementation of the JBIG2 image compression format
 Group:           System Environment/Libraries
-%description libs 
+%description  libs 
 jbig2dec is a decoder implementation of the JBIG2 image compression format.
 JBIG2 is designed for lossy or lossless encoding of 'bilevel' (1-bit
 monochrome) images at moderately high resolution, and in particular scanned
@ -29,11 +32,12 @@ ratios on the order of 100:1.
 This package provides the shared jbig2dec library.
-%package devel
+%package  devel
-Summary:	Static library and header files for development with jbig2dec
+Summary:          Static library and header files for development with jbig2dec
-Requires:	%{name}-libs = %{version}-%{release}
+Group:            Development/Libraries
 Requires:         %{name}-libs = %{version}-%{release}
-%description devel
+%description  devel
 jbig2dec is a decoder implementation of the JBIG2 image compression format.
 JBIG2 is designed for lossy or lossless encoding of 'bilevel' (1-bit
 monochrome) images at moderately high resolution, and in particular scanned
@ -45,34 +49,37 @@ which requires the jbig2dec library.
 %prep
-%autosetup
+%setup -q
 %patch0 -p1
 %build
-autoreconf -fi
+autoreconf -i
-%configure --disable-static
+%configure
-%make_build
+make %{?_smp_mflags}
 %install
-%make_install
+make DESTDIR=%{buildroot} install
 rm -f %{buildroot}%{_libdir}/*.a
 rm -f %{buildroot}%{_libdir}/*.la
-%ldconfig_scriptlets libs
+%post libs -p /sbin/ldconfig
 %postun  libs -p /sbin/ldconfig
 %files
 %doc CHANGES COPYING LICENSE README
 %{_bindir}/jbig2dec
-%{_mandir}/man?/jbig2dec.1*
+%{_mandir}/man?/jbig2dec.1.gz
-%files devel
+%files  devel
 %doc CHANGES COPYING LICENSE README
 %{_includedir}/jbig2.h
 %{_libdir}/libjbig2dec.so
 %{_libdir}/pkgconfig/%{name}.pc
-%files libs
+%files  libs
 %doc CHANGES COPYING LICENSE README
 %{_libdir}/libjbig2dec.so.0
 %{_libdir}/libjbig2dec.so.0.0.0
@ -80,70 +87,17 @@ rm -f %{buildroot}%{_libdir}/*.la
 %changelog
-* Mon Jan 30 2023 Matej Mužila <mmuzila@redhat.com> - 0.19-7
+* Thu Oct 08 2020 Nikola Forró <nforro@redhat.com> - 0.16-1
- Rebuilt for RHEL-9.2.0
+- Update to 0.16
- Resolves: #2121499
+  resolves: #1886011
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.19-6
+* Sun Jun 28 2020 Nikola Forró <nforro@redhat.com> - 0.14-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Add explicit package version requirement on jbig2dec-libs to jbig2dec
-  Related: rhbz#1991688
+  related: #1851058
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.19-5
+* Fri Jun 26 2020 Nikola Forró <nforro@redhat.com> - 0.14-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Fix CVE-2020-12268
-
+  resolves: #1851058
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.19-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Sun Dec 13 2020 Orion Poplawski <orion@nwra.com> - 0.19-3
 - Use autoreconf -f to remove rpath
 - Use --disable-static to disable static builds
 - Use current make macros
 * Fri Sep 18 2020 Michael J Gruber <mjg@fedoraproject.org> - 0.19-2
 - remove ABI patch (and coordinate builds)
 * Thu Sep 17 2020 Anna Khaitovich <akhaitov@redhat.com> - 0.19-1
 - Rebase to 0.19
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.18-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jul 08 2020 Michael J Gruber <mjg@fedoraproject.org> - 0.18-3
 - build with libpng
 * Wed Jul 08 2020 Nikola Forró <nforro@redhat.com> - 0.18-2
 - fix License
 * Mon May 11 2020 Michael J Gruber <mjg@fedoraproject.org> - 0.18-1
 - rebase to 0.18 (bz #1818706)
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.17-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Sat Dec 14 2019 Michael J Gruber <mjg@fedoraproject.org> - 0.17-3
 - require exact libs version
 - clean up white space
 * Sat Nov 09 2019 Michael J Gruber <mjg@fedoraproject.org> - 0.17-2
 - restore ABI-compatibilty (#1770160)
 * Thu Nov 07 2019 Michael J Gruber <mjg@fedoraproject.org> - 0.17-1
 - bugfix release (bz #1761919)
 * Thu Aug 15 2019 Michael J Gruber <mjg@fedoraproject.org> - 0.16-1
 - rebase to 0.16 (bz #1741605)
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Tue Sep 18 2018 Owen Taylor <otaylor@redhat.com> - 0.14-4
 - Handle both compressed and uncompressed man pages
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@ -160,10 +114,10 @@ rm -f %{buildroot}%{_libdir}/*.la
 * Thu May 11 2017 Pavel Zhukov <landgraf@fedoraproject.org> - 0.13.4
 - Add fix for CVE-2017-7976 (#1443898)
-* Wed May 03 2017 Pavel Zhukov <pzhukov@redhat.com> - 0.13-3
+* Wed May  3 2017 Pavel Zhukov <pzhukov@redhat.com> - 0.13-3
 - Prevent segserv due to int overflow (#1443898)
-* Tue Mar 07 2017 Pavel Zhukov <landgraf@fedoraproject.org> - 0.13-1
+* Tue Mar 07 2017  Pavel Zhukov <landgraf@fedoraproject.org> - 0.13-1
 - New release 0.13
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-4
@ -203,7 +157,7 @@ rm -f %{buildroot}%{_libdir}/*.la
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-* Wed Jan 12 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.11-2.fc14
+* Wed Jan 12 2011 Pavel Zhukov <landgraf@fedoraproject.org>  - 0.11-2.fc14
 - Fixed some spec errors
 * Tue Jan 11 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.11-1.fc14
`@ -1 +1 @@`
	`SOURCES/jbig2dec-0.19.tar.gz`	`SOURCES/jbig2dec-0.16.tar.gz`
`@ -1 +1 @@`
	`290c2c15f672b8d6d73351bbd94925d7bd2a293c SOURCES/jbig2dec-0.19.tar.gz`	`38c62210d92102952b18400b15eb4e727a755bfd SOURCES/jbig2dec-0.16.tar.gz`