Add patch for integer overflow

libgxps-overflow.patch

@@ -0,0 +1,19 @@
+commit 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51
+Author: Carlos Garcia Campos <carlosgc@gnome.org>
+Date:   Fri Dec 8 11:11:38 2017 +0100
+
+    gxps-images: fix integer overflow in png decoder
+
+diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
+index 98c7052..19cb1c0 100644
+--- a/libgxps/gxps-images.c
++++ b/libgxps/gxps-images.c
+@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip,
+ 	}
+ 
+ 	stride = cairo_format_stride_for_width (format, png_width);
+-	if (stride < 0) {
++	if (stride < 0 || png_height >= INT_MAX / stride) {
+ 		fill_png_error (error, image_uri, NULL);
+ 		g_object_unref (stream);
+ 		png_destroy_read_struct (&png, &info, NULL);

libgxps.spec

@@ -1,14 +1,16 @@
 Name:           libgxps
 Version:        0.3.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        GObject based library for handling and rendering XPS documents
 
 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Projects/libgxps
 Source0:        https://ftp.gnome.org/pub/gnome/sources/%{name}/0.3/%{name}-%{version}.tar.xz
+# https://bugzilla.redhat.com/show_bug.cgi?id=1591132
+Patch0:         libgxps-overflow.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1574844
-Patch0:         libgxps-readerror1.patch
-Patch1:         libgxps-readerror2.patch
+Patch1:         libgxps-readerror1.patch
+Patch2:         libgxps-readerror2.patch
 
 BuildRequires:  meson
 BuildRequires:  gcc
@@ -78,6 +80,9 @@ documents using the %{name} library.
 
 
 %changelog
+* Thu Jun 14 2018 Tom Hughes <tom@compton.nu> - 0.3.0-5
+- Add patch for integer overflow
+
 * Tue May  8 2018 Tom Hughes <tom@compton.nu> - 0.3.0-4
 - Add patch for CVE-2018-10733