import libgxps-0.3.0-5.el8

.gitignore

@@ -0,0 +1 @@
+SOURCES/libgxps-0.3.0.tar.xz

.libgxps.metadata

@@ -0,0 +1 @@
+3e30b03543bdc4529815eb97261041d152f7785a SOURCES/libgxps-0.3.0.tar.xz

SOURCES/libgxps-0.3.0-archive-fill-error.patch

@@ -0,0 +1,114 @@
+From b458226e162fe1ffe7acb4230c114a52ada5131b Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <carlosgc@gnome.org>
+Date: Sat, 5 May 2018 12:01:24 +0200
+Subject: [PATCH 1/2] gxps-archive: Ensure gxps_archive_read_entry() fills the
+ GError in case of failure
+
+And fix the callers to not overwrite the GError.
+---
+ libgxps/gxps-archive.c | 15 +++++++++++----
+ libgxps/gxps-fonts.c   | 17 +++++------------
+ libgxps/gxps-images.c  | 17 ++++++-----------
+ 3 files changed, 22 insertions(+), 27 deletions(-)
+
+diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
+index e763773..346ba73 100644
+--- a/libgxps/gxps-archive.c
++++ b/libgxps/gxps-archive.c
+@@ -406,9 +406,13 @@ gxps_archive_read_entry (GXPSArchive *archive,
+ 	gboolean      retval;
+ 
+ 	stream = gxps_archive_open (archive, path);
+-	if (!stream)
+-		/* TODO: Error */
++	if (!stream) {
++                g_set_error (error,
++                             G_IO_ERROR,
++                             G_IO_ERROR_NOT_FOUND,
++                             "The entry '%s' was not found in archive", path);
+ 		return FALSE;
++        }
+ 
+ 	entry_size = archive_entry_size (GXPS_ARCHIVE_INPUT_STREAM (stream)->entry);
+ 	if (entry_size <= 0) {
+@@ -423,7 +427,7 @@ gxps_archive_read_entry (GXPSArchive *archive,
+ 		*buffer = g_malloc (buffer_size);
+ 		do {
+ 			bytes = g_input_stream_read (stream, &buf, BUFFER_SIZE, NULL, error);
+-			if (*error != NULL) {
++			if (bytes < 0) {
+ 				g_free (*buffer);
+ 				g_object_unref (stream);
+ 
+@@ -441,7 +445,10 @@ gxps_archive_read_entry (GXPSArchive *archive,
+ 		g_object_unref (stream);
+ 
+ 		if (*bytes_read == 0) {
+-			/* TODO: Error */
++                        g_set_error (error,
++                                     G_IO_ERROR,
++                                     G_IO_ERROR_INVALID_DATA,
++                                     "The entry '%s' is empty in archive", path);
+ 			g_free (*buffer);
+ 			return FALSE;
+ 		}
+diff --git a/libgxps/gxps-fonts.c b/libgxps/gxps-fonts.c
+index 882157d..8d02ffc 100644
+--- a/libgxps/gxps-fonts.c
++++ b/libgxps/gxps-fonts.c
+@@ -220,19 +220,12 @@ gxps_fonts_new_font_face (GXPSArchive *zip,
+ 	cairo_font_face_t *font_face;
+ 	guchar            *font_data;
+ 	gsize              font_data_len;
+-	gboolean           res;
+ 
+-	res = gxps_archive_read_entry (zip, font_uri,
+-				       &font_data, &font_data_len,
+-				       error);
+-	if (!res) {
+-		g_set_error (error,
+-			     GXPS_ERROR,
+-			     GXPS_ERROR_SOURCE_NOT_FOUND,
+-			     "Font source %s not found in archive",
+-			     font_uri);
+-		return NULL;
+-	}
++        if (!gxps_archive_read_entry (zip, font_uri,
++                                      &font_data, &font_data_len,
++                                      error)) {
++                return NULL;
++        }
+ 
+ 	ft_face.font_data = font_data;
+ 	ft_face.font_data_len = (gssize)font_data_len;
+diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
+index 4dcf9e2..50f899f 100644
+--- a/libgxps/gxps-images.c
++++ b/libgxps/gxps-images.c
+@@ -742,17 +742,12 @@ gxps_images_create_from_tiff (GXPSArchive *zip,
+ 	guchar     *data;
+ 	guchar     *p;
+ 
+-	if (!gxps_archive_read_entry (zip, image_uri,
+-				      &buffer.buffer,
+-				      &buffer.buffer_len,
+-				      error)) {
+-		g_set_error (error,
+-			     GXPS_ERROR,
+-			     GXPS_ERROR_SOURCE_NOT_FOUND,
+-			     "Image source %s not found in archive",
+-			     image_uri);
+-		return NULL;
+-	}
++        if (!gxps_archive_read_entry (zip, image_uri,
++                                      &buffer.buffer,
++                                      &buffer.buffer_len,
++                                      error)) {
++                return NULL;
++        }
+ 
+ 	buffer.pos = 0;
+ 
+-- 
+2.17.1
+

SOURCES/libgxps-0.3.0-archive-handle-error.patch

@@ -0,0 +1,30 @@
+From 133fe2a96e020d4ca65c6f64fb28a404050ebbfd Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <carlosgc@gnome.org>
+Date: Sat, 5 May 2018 12:02:36 +0200
+Subject: [PATCH 2/2] gxps-archive: Handle errors returned by archive_read_data
+
+---
+ libgxps/gxps-archive.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
+index 346ba73..1bae729 100644
+--- a/libgxps/gxps-archive.c
++++ b/libgxps/gxps-archive.c
+@@ -520,6 +520,13 @@ gxps_archive_input_stream_read (GInputStream  *stream,
+ 		return -1;
+ 
+         bytes_read = archive_read_data (istream->zip->archive, buffer, count);
++        if (bytes_read < 0) {
++                g_set_error_literal (error,
++                                     G_IO_ERROR,
++                                     g_io_error_from_errno (archive_errno (istream->zip->archive)),
++                                     archive_error_string (istream->zip->archive));
++                return -1;
++        }
+         if (bytes_read == 0 && istream->is_interleaved && !gxps_archive_input_stream_is_last_piece (istream)) {
+                 /* Read next piece */
+                 gxps_archive_input_stream_next_piece (istream);
+-- 
+2.17.1
+

SOURCES/libgxps-0.3.0-clear-error.patch

@@ -0,0 +1,30 @@
+From 672c65ea8cbd2bcfd82a6b6498a4f1eb9daf5ec5 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <carlosgc@gnome.org>
+Date: Fri, 8 Dec 2017 11:20:25 +0100
+Subject: [PATCH 2/2] gxps-images: clear the error before trying to load an
+ image again
+
+In gxps_images_get_image() we first try with the image file extension,
+and if that fails then we try guessing the content type. If the image
+load failed the first time, the GError might be filled already, so we
+need to clear it before passing it to create functions again.
+---
+ libgxps/gxps-images.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
+index 19cb1c0..4dcf9e2 100644
+--- a/libgxps/gxps-images.c
++++ b/libgxps/gxps-images.c
+@@ -925,6 +925,8 @@ gxps_images_get_image (GXPSArchive *zip,
+ 	if (!image) {
+ 		gchar *mime_type;
+ 
++                g_clear_error(error);
++
+ 		mime_type = gxps_images_guess_content_type (zip, image_uri);
+ 		if (g_strcmp0 (mime_type, "image/png") == 0) {
+ 			image = gxps_images_create_from_png (zip, image_uri, error);
+-- 
+2.17.1
+

SOURCES/libgxps-0.3.0-integer-overflow.patch

@@ -0,0 +1,25 @@
+From 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <carlosgc@gnome.org>
+Date: Fri, 8 Dec 2017 11:11:38 +0100
+Subject: [PATCH 1/2] gxps-images: fix integer overflow in png decoder
+
+---
+ libgxps/gxps-images.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
+index 98c7052..19cb1c0 100644
+--- a/libgxps/gxps-images.c
++++ b/libgxps/gxps-images.c
+@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip,
+ 	}
+ 
+ 	stride = cairo_format_stride_for_width (format, png_width);
+-	if (stride < 0) {
++	if (stride < 0 || png_height >= INT_MAX / stride) {
+ 		fill_png_error (error, image_uri, NULL);
+ 		g_object_unref (stream);
+ 		png_destroy_read_struct (&png, &info, NULL);
+-- 
+2.17.1
+

SPECS/libgxps.spec

@@ -0,0 +1,192 @@
+Name:           libgxps
+Version:        0.3.0
+Release:        5%{?dist}
+Summary:        GObject based library for handling and rendering XPS documents
+
+License:        LGPLv2+
+URL:            https://wiki.gnome.org/Projects/libgxps
+Source0:        https://ftp.gnome.org/pub/gnome/sources/%{name}/0.3/%{name}-%{version}.tar.xz
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1576113
+Patch0:         libgxps-0.3.0-archive-fill-error.patch
+Patch1:         libgxps-0.3.0-archive-handle-error.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1524378
+Patch2:         libgxps-0.3.0-integer-overflow.patch
+Patch3:         libgxps-0.3.0-clear-error.patch
+
+BuildRequires:  meson
+BuildRequires:  gcc
+BuildRequires:  gtk3-devel
+BuildRequires:  glib2-devel
+BuildRequires:  gobject-introspection-devel
+BuildRequires:  gtk-doc
+BuildRequires:  cairo-devel
+BuildRequires:  libarchive-devel
+BuildRequires:  freetype-devel
+BuildRequires:  libjpeg-devel
+BuildRequires:  libtiff-devel
+BuildRequires:  lcms2-devel
+
+%description
+libgxps is a GObject based library for handling and rendering XPS
+documents.
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%package        tools
+Summary:        Command-line utility programs for manipulating XPS files
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description    tools
+The %{name}-tools contains command-line programs for manipulating XPS format
+documents using the %{name} library.
+
+
+%prep
+%autosetup -p1
+
+
+%build
+%meson -Denable-gtk-doc=true -Denable-man=true
+%meson_build
+
+
+%install
+%meson_install
+
+
+%files
+%doc AUTHORS MAINTAINERS NEWS README TODO
+%license COPYING
+%{_libdir}/*.so.*
+%{_libdir}/girepository-1.0/*.typelib
+
+
+%files devel
+%{_includedir}/*
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_datadir}/gir-1.0/*.gir
+%{_datadir}/gtk-doc/html/libgxps
+
+
+%files tools
+%{_bindir}/xpsto*
+%{_mandir}/man1/xpsto*.1.gz
+
+
+%changelog
+* Thu Jun 21 2018 Marek Kasik <mkasik@redhat.com> - 0.3.0-5
+- Fix integer overflow in png decoder
+- Clear the error before trying to load an image again
+- Resolves: #1524378
+
+* Wed Jun 20 2018 Marek Kasik <mkasik@redhat.com> - 0.3.0-4
+- Ensure gxps_archive_read_entry() fills the GError in case of failure
+- Handle errors returned by archive_read_data()
+- Fixes CVE-2018-10733
+- Resolves: #1576113
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Tue Jan 30 2018 Tom Hughes <tom@compton.nu> - 0.3.0-2
+- Drop ldconfig scriptlets
+
+* Thu Aug 10 2017 Tom Hughes <tom@compton.nu> - 0.3.0-1
+- Update to 0.3.0 upstream release
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 25 2017 Tom Hughes <tom@compton.nu> - 0.2.5-1
+- Update to 0.2.5 upstream release
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Jun 21 2016 Tom Hughes <tom@compton.nu> - 0.2.4-1
+- Update to 0.2.4 upstream release
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Sep  4 2015 Tom Hughes <tom@compton.nu> - 0.2.3.2-1
+- Update to 0.2.3.2 upstream release
+
+* Sat Aug 15 2015 Tom Hughes <tom@compton.nu> - 0.2.3.1-1
+- Update to 0.2.3.1 upstream release
+
+* Thu Aug 13 2015 Tom Hughes <tom@compton.nu> - 0.2.3-1
+- Update to 0.2.3 upstream release
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Tue Jul 22 2014 Kalev Lember <kalevlember@gmail.com> - 0.2.2-10
+- Rebuilt for gobject-introspection 1.41.4
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 0.2.2-6
+- rebuild due to "jpeg8-ABI" feature drop
+
+* Thu Jan 17 2013 Tomas Bzatek <tbzatek@redhat.com> - 0.2.2-5
+- Rebuilt for new libarchive
+
+* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 0.2.2-4
+- rebuild against new libjpeg
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sun May  6 2012 Tom Hughes <tom@compton.nu> - 0.2.2-2
+- Rebuilt for new libtiff.
+
+* Mon Mar 19 2012 Tom Hughes <tom@compton.nu> - 0.2.2-1
+- Update to 0.2.2 upstream release.
+
+* Thu Jan 26 2012 Tomas Bzatek <tbzatek@redhat.com> - 0.2.1-4
+- Rebuilt for new libarchive
+
+* Thu Jan 26 2012 Tom Hughes <tom@compton.nu> - 0.2.1-3
+- Correct summary and description for tools package.
+
+* Thu Jan 26 2012 Tom Hughes <tom@compton.nu> - 0.2.1-2
+- Rebuild for libarchive soname bump.
+
+* Sat Jan 21 2012 Tom Hughes <tom@compton.nu> - 0.2.1-1
+- Update to 0.2.1 upstream release.
+
+* Wed Jan  4 2012 Tom Hughes <tom@compton.nu> - 0.2.0-2
+- Rebuilt for gcc 4.7 mass rebuild.
+- Run autoreconf to update libtool.
+
+* Thu Dec  1 2011 Tom Hughes <tom@compton.nu> - 0.2.0-1
+- Update to 0.2.0 upstream release.
+
+* Sat Nov  5 2011 Tom Hughes <tom@compton.nu> - 0.1.0-2
+- Fix base package dependency in devel package.
+
+* Fri Nov  4 2011 Tom Hughes <tom@compton.nu> - 0.1.0-1
+- Initial build.