7 changed files with 51 additions and 226 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/libgxps-0.3.0.tar.xz
+SOURCES/libgxps-0.3.2.tar.xz
--- a/.libgxps.metadata
+++ b/.libgxps.metadata
@ -1 +1 @@
-3e30b03543bdc4529815eb97261041d152f7785a SOURCES/libgxps-0.3.0.tar.xz
+cdd5f56fdd2275e955d3055f7814b759d2cf5b5d SOURCES/libgxps-0.3.2.tar.xz
--- a/SOURCES/libgxps-0.3.0-archive-fill-error.patch
+++ b/SOURCES/libgxps-0.3.0-archive-fill-error.patch
@ -1,114 +0,0 @@
 From b458226e162fe1ffe7acb4230c114a52ada5131b Mon Sep 17 00:00:00 2001
 From: Carlos Garcia Campos <carlosgc@gnome.org>
 Date: Sat, 5 May 2018 12:01:24 +0200
 Subject: [PATCH 1/2] gxps-archive: Ensure gxps_archive_read_entry() fills the
 GError in case of failure
 And fix the callers to not overwrite the GError.
 ---
 libgxps/gxps-archive.c | 15 +++++++++++----
 libgxps/gxps-fonts.c   | 17 +++++------------
 libgxps/gxps-images.c  | 17 ++++++-----------
 3 files changed, 22 insertions(+), 27 deletions(-)
 diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
 index e763773..346ba73 100644
 --- a/libgxps/gxps-archive.c
 +++ b/libgxps/gxps-archive.c
@@ -406,9 +406,13 @@ gxps_archive_read_entry (GXPSArchive *archive,
 	gboolean      retval;
 	stream = gxps_archive_open (archive, path);
 -	if (!stream)
 -		/* TODO: Error */
 +	if (!stream) {
 +                g_set_error (error,
 +                             G_IO_ERROR,
 +                             G_IO_ERROR_NOT_FOUND,
 +                             "The entry '%s' was not found in archive", path);
 		return FALSE;
 +        }
 	entry_size = archive_entry_size (GXPS_ARCHIVE_INPUT_STREAM (stream)->entry);
 	if (entry_size <= 0) {
@@ -423,7 +427,7 @@ gxps_archive_read_entry (GXPSArchive *archive,
 		*buffer = g_malloc (buffer_size);
 		do {
 			bytes = g_input_stream_read (stream, &buf, BUFFER_SIZE, NULL, error);
 -			if (*error != NULL) {
 +			if (bytes < 0) {
 				g_free (*buffer);
 				g_object_unref (stream);
@@ -441,7 +445,10 @@ gxps_archive_read_entry (GXPSArchive *archive,
 		g_object_unref (stream);
 		if (*bytes_read == 0) {
 -			/* TODO: Error */
 +                        g_set_error (error,
 +                                     G_IO_ERROR,
 +                                     G_IO_ERROR_INVALID_DATA,
 +                                     "The entry '%s' is empty in archive", path);
 			g_free (*buffer);
 			return FALSE;
 		}
 diff --git a/libgxps/gxps-fonts.c b/libgxps/gxps-fonts.c
 index 882157d..8d02ffc 100644
 --- a/libgxps/gxps-fonts.c
 +++ b/libgxps/gxps-fonts.c
@@ -220,19 +220,12 @@ gxps_fonts_new_font_face (GXPSArchive *zip,
 	cairo_font_face_t *font_face;
 	guchar            *font_data;
 	gsize              font_data_len;
 -	gboolean           res;
 -	res = gxps_archive_read_entry (zip, font_uri,
 -				       &font_data, &font_data_len,
 -				       error);
 -	if (!res) {
 -		g_set_error (error,
 -			     GXPS_ERROR,
 -			     GXPS_ERROR_SOURCE_NOT_FOUND,
 -			     "Font source %s not found in archive",
 -			     font_uri);
 -		return NULL;
 -	}
 +        if (!gxps_archive_read_entry (zip, font_uri,
 +                                      &font_data, &font_data_len,
 +                                      error)) {
 +                return NULL;
 +        }
 	ft_face.font_data = font_data;
 	ft_face.font_data_len = (gssize)font_data_len;
 diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
 index 4dcf9e2..50f899f 100644
 --- a/libgxps/gxps-images.c
 +++ b/libgxps/gxps-images.c
@@ -742,17 +742,12 @@ gxps_images_create_from_tiff (GXPSArchive *zip,
 	guchar     *data;
 	guchar     *p;
 -	if (!gxps_archive_read_entry (zip, image_uri,
 -				      &buffer.buffer,
 -				      &buffer.buffer_len,
 -				      error)) {
 -		g_set_error (error,
 -			     GXPS_ERROR,
 -			     GXPS_ERROR_SOURCE_NOT_FOUND,
 -			     "Image source %s not found in archive",
 -			     image_uri);
 -		return NULL;
 -	}
 +        if (!gxps_archive_read_entry (zip, image_uri,
 +                                      &buffer.buffer,
 +                                      &buffer.buffer_len,
 +                                      error)) {
 +                return NULL;
 +        }
 	buffer.pos = 0;
 -- 
 2.17.1
--- a/SOURCES/libgxps-0.3.0-archive-handle-error.patch
+++ b/SOURCES/libgxps-0.3.0-archive-handle-error.patch
@ -1,30 +0,0 @@
 From 133fe2a96e020d4ca65c6f64fb28a404050ebbfd Mon Sep 17 00:00:00 2001
 From: Carlos Garcia Campos <carlosgc@gnome.org>
 Date: Sat, 5 May 2018 12:02:36 +0200
 Subject: [PATCH 2/2] gxps-archive: Handle errors returned by archive_read_data
 ---
 libgxps/gxps-archive.c | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
 index 346ba73..1bae729 100644
 --- a/libgxps/gxps-archive.c
 +++ b/libgxps/gxps-archive.c
@@ -520,6 +520,13 @@ gxps_archive_input_stream_read (GInputStream  *stream,
 		return -1;
         bytes_read = archive_read_data (istream->zip->archive, buffer, count);
 +        if (bytes_read < 0) {
 +                g_set_error_literal (error,
 +                                     G_IO_ERROR,
 +                                     g_io_error_from_errno (archive_errno (istream->zip->archive)),
 +                                     archive_error_string (istream->zip->archive));
 +                return -1;
 +        }
         if (bytes_read == 0 && istream->is_interleaved && !gxps_archive_input_stream_is_last_piece (istream)) {
                 /* Read next piece */
                 gxps_archive_input_stream_next_piece (istream);
 -- 
 2.17.1
--- a/SOURCES/libgxps-0.3.0-clear-error.patch
+++ b/SOURCES/libgxps-0.3.0-clear-error.patch
@ -1,30 +0,0 @@
 From 672c65ea8cbd2bcfd82a6b6498a4f1eb9daf5ec5 Mon Sep 17 00:00:00 2001
 From: Carlos Garcia Campos <carlosgc@gnome.org>
 Date: Fri, 8 Dec 2017 11:20:25 +0100
 Subject: [PATCH 2/2] gxps-images: clear the error before trying to load an
 image again
 In gxps_images_get_image() we first try with the image file extension,
 and if that fails then we try guessing the content type. If the image
 load failed the first time, the GError might be filled already, so we
 need to clear it before passing it to create functions again.
 ---
 libgxps/gxps-images.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
 index 19cb1c0..4dcf9e2 100644
 --- a/libgxps/gxps-images.c
 +++ b/libgxps/gxps-images.c
@@ -925,6 +925,8 @@ gxps_images_get_image (GXPSArchive *zip,
 	if (!image) {
 		gchar *mime_type;
 +                g_clear_error(error);
 +
 		mime_type = gxps_images_guess_content_type (zip, image_uri);
 		if (g_strcmp0 (mime_type, "image/png") == 0) {
 			image = gxps_images_create_from_png (zip, image_uri, error);
 -- 
 2.17.1
--- a/SOURCES/libgxps-0.3.0-integer-overflow.patch
+++ b/SOURCES/libgxps-0.3.0-integer-overflow.patch
@ -1,25 +0,0 @@
 From 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 Mon Sep 17 00:00:00 2001
 From: Carlos Garcia Campos <carlosgc@gnome.org>
 Date: Fri, 8 Dec 2017 11:11:38 +0100
 Subject: [PATCH 1/2] gxps-images: fix integer overflow in png decoder
 ---
 libgxps/gxps-images.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
 index 98c7052..19cb1c0 100644
 --- a/libgxps/gxps-images.c
 +++ b/libgxps/gxps-images.c
@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip,
 	}
 	stride = cairo_format_stride_for_width (format, png_width);
 -	if (stride < 0) {
 +	if (stride < 0 || png_height >= INT_MAX / stride) {
 		fill_png_error (error, image_uri, NULL);
 		g_object_unref (stream);
 		png_destroy_read_struct (&png, &info, NULL);
 -- 
 2.17.1
--- a/SPECS/libgxps.spec
+++ b/SPECS/libgxps.spec
@ -1,20 +1,12 @@
 Name:           libgxps
-Version:        0.3.0
+Version:        0.3.2
-Release:        5%{?dist}
+Release:        3%{?dist}
 Summary:        GObject based library for handling and rendering XPS documents
 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Projects/libgxps
 Source0:        https://ftp.gnome.org/pub/gnome/sources/%{name}/0.3/%{name}-%{version}.tar.xz
 # https://bugzilla.redhat.com/show_bug.cgi?id=1576113
 Patch0:         libgxps-0.3.0-archive-fill-error.patch
 Patch1:         libgxps-0.3.0-archive-handle-error.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1524378
 Patch2:         libgxps-0.3.0-integer-overflow.patch
 Patch3:         libgxps-0.3.0-clear-error.patch
 BuildRequires:  meson
 BuildRequires:  gcc
 BuildRequires:  gtk3-devel
@ -65,7 +57,9 @@ documents using the %{name} library.
 %files
 %doc AUTHORS MAINTAINERS NEWS README TODO
 %license COPYING
-%{_libdir}/*.so.*
+%{_libdir}/*.so.2
 %{_libdir}/*.so.2.*
 %dir %{_libdir}/girepository-1.0
 %{_libdir}/girepository-1.0/*.typelib
@ -73,29 +67,59 @@ documents using the %{name} library.
 %{_includedir}/*
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/*.pc
 %dir %{_datadir}/gir-1.0
 %{_datadir}/gir-1.0/*.gir
 %dir %{_datadir}/gtk-doc
 %dir %{_datadir}/gtk-doc/html
 %{_datadir}/gtk-doc/html/libgxps
 %files tools
 %{_bindir}/xpsto*
-%{_mandir}/man1/xpsto*.1.gz
+%{_mandir}/man1/xpsto*.1*
 %changelog
-* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.3.0-5
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.2-3
- Rebuilt for MSVSphere 8.8
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-
+  Related: rhbz#1991688
-* Thu Jun 21 2018 Marek Kasik <mkasik@redhat.com> - 0.3.0-5
+
- Fix integer overflow in png decoder
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.2-2
- Clear the error before trying to load an image again
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- Resolves: #1524378
+
-
+* Fri Feb 26 2021 Tom Hughes <tom@compton.nu> - 0.3.2-1
-* Wed Jun 20 2018 Marek Kasik <mkasik@redhat.com> - 0.3.0-4
+- Update to 0.3.2 upstream release
- Ensure gxps_archive_read_entry() fills the GError in case of failure
+
- Handle errors returned by archive_read_data()
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-7
- Fixes CVE-2018-10733
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
- Resolves: #1576113
+
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Tue Apr 16 2019 Kalev Lember <klember@redhat.com> - 0.3.1-3
 - Rebuild with Meson fix for #1699099
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Sat Jan 05 2019 Kalev Lember <klember@redhat.com> - 0.3.1-1
 - Update to 0.3.1
 - Fix gtk-doc and gir directory ownership
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Thu Jun 14 2018 Tom Hughes <tom@compton.nu> - 0.3.0-5
 - Add patch for integer overflow
 * Tue May  8 2018 Tom Hughes <tom@compton.nu> - 0.3.0-4
 - Add patch for CVE-2018-10733
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
`@ -1 +1 @@`
	`SOURCES/libgxps-0.3.0.tar.xz`	`SOURCES/libgxps-0.3.2.tar.xz`
`@ -1 +1 @@`
	`3e30b03543bdc4529815eb97261041d152f7785a SOURCES/libgxps-0.3.0.tar.xz`	`cdd5f56fdd2275e955d3055f7814b759d2cf5b5d SOURCES/libgxps-0.3.2.tar.xz`