.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1,2 @@
-SOURCES/jbigkit-2.1.tar.gz
+/jbigkit-2.0.tar.gz
+/jbigkit-2.1.tar.gz

.jbigkit.metadata

@@ -1 +0,0 @@
-4864646df004e8331d19f2fa103ed731fdb6c099 SOURCES/jbigkit-2.1.tar.gz

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.rpmdeplint.functional}

jbigkit-2.1-shlib.patch

@@ -20,7 +20,7 @@ diff -Naur jbigkit-2.1.old/libjbig/Makefile jbigkit-2.1/libjbig/Makefile
 -tstcodec85: tstcodec85.o jbig85.o jbig_ar.o
 -	$(CC) $(CFLAGS) -o tstcodec85 tstcodec85.o jbig85.o jbig_ar.o
 +tstcodec85: tstcodec85.o libjbig85.so
-+	$(CC) $(CFLAGS) -o tstcodec85 $^ -L. -ljbig
++	$(CC) $(CFLAGS) -o tstcodec85 $< -L. -ljbig85
  
 -libjbig.a: jbig.o jbig_ar.o
 -	rm -f libjbig.a

jbigkit-CVE-2013-6369.patch

@@ -0,0 +1,113 @@
+From 377085a7fd41e01c0c1ad5d1c1f90b59e8257593
+From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
+Subject: [PATCH] Fix two DPPRIV buffer overflows and a bug
+
+* jbig.c:jbg_dec_in(): when a BIE with option DPPRIV=1 was received,
+  the included private DP table (1728 bytes) was loaded into
+  20-byte array s->buffer, creating a buffer overflow vulnerability.
+  It is now loaded instead into a malloc'ed temporary buffer.
+
+* jbig.c:jbg_dec_in(): buffer allocated for internal representation
+  of private DP table was 1728 bytes long, but must be 6912 bytes long,
+  creating another buffer overflow vulnerability.
+
+* jbig.c: a loop in the routines for converting between the internal and
+  external representations of a DP table terminated earlier than intended.
+  As a result, a private DP table provided to the decoder was not
+  interpreted correctly. Likewise, if a user asked the encoder to output
+  its standard DP table (which is only useful for testing), the result
+  would have been incorrect.
+
+* tstcodec.c: test case for DPPRIV=1 added.
+
+The buffer overflow vulnerability was reported by Florian Weimer (Red Hat)
+and has been assigned CVE-2013-6369.
+
+None of these fixes should affect ABI compatibility; jbig.h remains unchanged.
+
+All past releases of jbig.c are believed to be affected.
+The jbig85.c lightwight implementation was not affected.
+---
+ libjbig/jbig.c     |   16 ++++++++++------
+ libjbig/tstcodec.c |   11 ++++++++---
+ 2 files changed, 18 insertions(+), 9 deletions(-)
+
+diff --git a/libjbig/jbig.c b/libjbig/jbig.c
+index f3c35cc..48fc128 100644
+--- a/libjbig/jbig.c
++++ b/libjbig/jbig.c
+@@ -1738,7 +1738,7 @@ void jbg_int2dppriv(unsigned char *dptable, const char *internal)
+ #define FILL_TABLE1(offset, len, trans) \
+   for (i = 0; i < len; i++) { \
+     k = 0; \
+-    for (j = 0; j < 8; j++) \
++    for (j = 0; i >> j; j++) \
+       k |= ((i >> j) & 1) << trans[j]; \
+     dptable[(i + offset) >> 2] |= \
+       (internal[k + offset] & 3) << ((3 - (i&3)) << 1); \
+@@ -1769,7 +1769,7 @@ void jbg_dppriv2int(char *internal, const unsigned char *dptable)
+ #define FILL_TABLE2(offset, len, trans) \
+   for (i = 0; i < len; i++) { \
+     k = 0; \
+-    for (j = 0; j < 8; j++) \
++    for (j = 0; i >> j; j++) \
+       k |= ((i >> j) & 1) << trans[j]; \
+     internal[k + offset] = \
+       (dptable[(i + offset) >> 2] >> ((3 - (i & 3)) << 1)) & 3; \
+@@ -2574,6 +2574,7 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len,
+   unsigned long x, y;
+   unsigned long is[3], ie[3];
+   size_t dummy_cnt;
++  unsigned char *dppriv;
+ 
+   if (!cnt) cnt = &dummy_cnt;
+   *cnt = 0;
+@@ -2711,13 +2712,16 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len,
+       (s->options & (JBG_DPON | JBG_DPPRIV | JBG_DPLAST)) ==
+       (JBG_DPON | JBG_DPPRIV)) {
+     assert(s->bie_len >= 20);
++    if (!s->dppriv || s->dppriv == jbg_dptable)
++      s->dppriv = (char *) checked_malloc(1728, sizeof(char));
+     while (s->bie_len < 20 + 1728 && *cnt < len)
+-      s->buffer[s->bie_len++ - 20] = data[(*cnt)++];
++      s->dppriv[s->bie_len++ - 20] = data[(*cnt)++];
+     if (s->bie_len < 20 + 1728) 
+       return JBG_EAGAIN;
+-    if (!s->dppriv || s->dppriv == jbg_dptable)
+-      s->dppriv = (char *) checked_malloc(1728, sizeof(char));
+-    jbg_dppriv2int(s->dppriv, s->buffer);
++    dppriv = s->dppriv;
++    s->dppriv = (char *) checked_malloc(6912, sizeof(char));
++    jbg_dppriv2int(s->dppriv, dppriv);
++    checked_free(dppriv);
+   }
+ 
+   /*
+diff --git a/libjbig/tstcodec.c b/libjbig/tstcodec.c
+index 44bae57..6289748 100644
+--- a/libjbig/tstcodec.c
++++ b/libjbig/tstcodec.c
+@@ -483,11 +483,16 @@ int main(int argc, char **argv)
+   problems += test_cycle(&pp, 1960, 1951,
+ 			 JBG_DELAY_AT | JBG_TPBON | JBG_TPDON | JBG_DPON,
+ 			 0, 6, 1, 2, 8, 279314L, "3.4");
+-#if 0
+-  puts("Test 3.5: as Test 3.4 but with order bit SEQ set");
++  puts("Test 3.5: as Test 3.4 but with DPPRIV=1");
++  problems += test_cycle(&pp, 1960, 1951,
++			 JBG_DELAY_AT | JBG_TPBON | JBG_TPDON | JBG_DPON |
++			 JBG_DPPRIV,
++			 0, 6, 1, 2, 8, 279314L + 1728, "3.5");
++#if 0 /* Note: option SEQ is currently not supported by the decoder */
++  puts("Test 3.6: as Test 3.4 but with order bit SEQ set");
+   problems += test_cycle(&pp, 1960, 1951,
+ 			 JBG_DELAY_AT | JBG_TPBON | JBG_TPDON | JBG_DPON,
+-			 JBG_SEQ, 6, 1, 2, 8, 279314L, "3.5");
++			 JBG_SEQ, 6, 1, 2, 8, 279314L, "3.6");
+ #endif
+ #endif
+ 
+-- 
+1.7.9.5
+
+

jbigkit-ldflags.patch

@@ -9,8 +9,8 @@ diff -up jbigkit-2.1/libjbig/Makefile.ldflags jbigkit-2.1/libjbig/Makefile
 +	$(CC) $(CFLAGS) -o tstcodec $< -L. -ljbig $(LDFLAGS)
  
  tstcodec85: tstcodec85.o libjbig85.so
--	$(CC) $(CFLAGS) -o tstcodec85 $^ -L. -ljbig
+-	$(CC) $(CFLAGS) -o tstcodec85 $< -L. -ljbig85
-+	$(CC) $(CFLAGS) -o tstcodec85 $^ -L. -ljbig $(LDFLAGS)
++	$(CC) $(CFLAGS) -o tstcodec85 $< -L. -ljbig85 $(LDFLAGS)
  
  %.so: %.so.$(VERSION)
  	ln -sf $< $@

jbigkit.spec

@@ -1,19 +1,25 @@
 Name:           jbigkit
 Version:        2.1
-Release:        14%{?dist}
+Release:        31%{?dist}
 Summary:        JBIG1 lossless image compression tools
 
-License:        GPLv2+
+License:        GPL-2.0-or-later
 URL:            http://www.cl.cam.ac.uk/~mgk25/jbigkit/
 Source0:        http://www.cl.cam.ac.uk/~mgk25/download/jbigkit-%{version}.tar.gz
 Patch0:         jbigkit-2.1-shlib.patch
 Patch1:         jbigkit-2.0-warnings.patch
+# jbigkit: Partial Fedora build flags injection (bug #1548546)
 Patch2:         jbigkit-ldflags.patch
+# patch for coverity issues - backported from upstream
 Patch3:         jbigkit-covscan.patch
 
 # gcc is no longer in buildroot by default
 # gcc needed for libjbig library and several filters - jbigtopbm, pbmtojbig e.g.
 BuildRequires: gcc
+# uses make
+BuildRequires: make
+# uses autosetup
+BuildRequires: git-core
 
 Requires:       jbigkit-libs%{?_isa} = %{version}-%{release}
 
@@ -48,13 +54,8 @@ formats.
 
 
 %prep
-%setup -q -n jbigkit-2.1
+%autosetup -n jbigkit-2.1 -S git
-%patch0 -p1 -b .shlib
+
-%patch1 -p1 -b .warnings
-# jbigkit: Partial Fedora build flags injection (bug #1548546)
-%patch2 -p1 -b .ldflags
-# 1602563 - covscan review - patch taken from upstream
-%patch3 -p1 -b .covscan
 
 %build
 # get the correct redhat build flags
@@ -83,27 +84,83 @@ install -p -m0644 pbmtools/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
 %check
 make test
 
-%post libs -p /sbin/ldconfig
+%ldconfig_scriptlets libs
-
-%postun libs -p /sbin/ldconfig
 
 %files
-%{_bindir}/???to*
+%{_bindir}/jbgtopbm
-%{_mandir}/man1/*
+%{_bindir}/jbgtopbm85
+%{_bindir}/pbmtojbg
+%{_bindir}/pbmtojbg85
+%{_mandir}/man1/jbgtopbm.1.gz
+%{_mandir}/man1/pbmtojbg.1.gz
 %license COPYING
 
 %files libs
-%{_libdir}/libjbig*.so.%{version}
+%{_libdir}/libjbig.so.2.1
+%{_libdir}/libjbig85.so.2.1
 %doc ANNOUNCE TODO CHANGES
 %license COPYING
 
 %files devel
-%{_libdir}/libjbig*.so
+%{_libdir}/libjbig.so
+%{_libdir}/libjbig85.so
 %{_includedir}/jbig*.h
 
 %changelog
-* Thu Oct 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 2.1-14
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.1-31
-- 1602563 - Please review important issues found by covscan in "jbigkit-2.1-12.el8+7" package
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.1-30
+- Bump release for June 2024 mass rebuild
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-28
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Nov 23 2023 Zdenek Dohnal <zdohnal@redhat.com> - 2.1-27
+- SPDX migration, spec update
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Nov 05 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2.1-20
+- make is no longer in buildroot by default
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Oct 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 2.1-15
+- fixed typo found by coverity
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Wed Jul 11 2018 Zdenek Dohnal <zdohnal@redhat.com> - 2.1-13
 - ship license in correct tag

plans/tier1.fmf

@@ -0,0 +1,16 @@
+---
+
+summary: Tier1 plan for jbigkit
+
+discover:
+  how: fmf
+  url: https://pkgs.devel.redhat.com/git/tests/jbigkit
+  ref: master
+  filter: tier:1
+
+execute:
+  how: tmt
+
+adjust:
+    enabled: false
+    when: distro == centos-stream or distro == fedora

sources

@@ -0,0 +1 @@
+ebcf09bed9f14d7fa188d3bd57349522  jbigkit-2.1.tar.gz