+cfb7d3121f02a74bfb229217858a0d149b6589ef SOURCES/jbigkit-2.0.tar.gz
diff --git a/SOURCES/jbigkit-2.0-CVE-2013-6369.patch b/SOURCES/jbigkit-2.0-CVE-2013-6369.patch
new file mode 100644
index 0000000..031fe3f
--- /dev/null
+++ b/SOURCES/jbigkit-2.0-CVE-2013-6369.patch
@@ -0,0 +1,113 @@
+From 377085a7fd41e01c0c1ad5d1c1f90b59e8257593
+From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
+Subject: [PATCH] Fix two DPPRIV buffer overflows and a bug
+* jbig.c:jbg_dec_in(): when a BIE with option DPPRIV=1 was received,
+  the included private DP table (1728 bytes) was loaded into
+  20-byte array s->buffer, creating a buffer overflow vulnerability.
+  It is now loaded instead into a malloc'ed temporary buffer.
+* jbig.c:jbg_dec_in(): buffer allocated for internal representation
+  of private DP table was 1728 bytes long, but must be 6912 bytes long,
+  creating another buffer overflow vulnerability.
+* jbig.c: a loop in the routines for converting between the internal and
+  external representations of a DP table terminated earlier than intended.
+  As a result, a private DP table provided to the decoder was not
+  interpreted correctly. Likewise, if a user asked the encoder to output
+  its standard DP table (which is only useful for testing), the result
+  would have been incorrect.
+* tstcodec.c: test case for DPPRIV=1 added.
+The buffer overflow vulnerability was reported by Florian Weimer (Red Hat)
+and has been assigned CVE-2013-6369.
+None of these fixes should affect ABI compatibility; jbig.h remains unchanged.
+All past releases of jbig.c are believed to be affected.
+The jbig85.c lightwight implementation was not affected.
+ libjbig/jbig.c     |   16 ++++++++++------
+ libjbig/tstcodec.c |   11 ++++++++---
+ 2 files changed, 18 insertions(+), 9 deletions(-)
+diff --git a/libjbig/jbig.c b/libjbig/jbig.c
+index f3c35cc..48fc128 100644
+--- a/libjbig/jbig.c
++++ b/libjbig/jbig.c
+@@ -1738,7 +1738,7 @@ void jbg_int2dppriv(unsigned char *dptable, const char *internal)
+ #define FILL_TABLE1(offset, len, trans) \
+   for (i = 0; i < len; i++) { \
+     k = 0; \
+-    for (j = 0; j < 8; j++) \
++    for (j = 0; i >> j; j++) \
+       k |= ((i >> j) & 1) << trans[j]; \
+     dptable[(i + offset) >> 2] |= \
+       (internal[k + offset] & 3) << ((3 - (i&3)) << 1); \
+@@ -1769,7 +1769,7 @@ void jbg_dppriv2int(char *internal, const unsigned char *dptable)
+ #define FILL_TABLE2(offset, len, trans) \
+   for (i = 0; i < len; i++) { \
+     k = 0; \
+-    for (j = 0; j < 8; j++) \
++    for (j = 0; i >> j; j++) \
+       k |= ((i >> j) & 1) << trans[j]; \
+     internal[k + offset] = \
+       (dptable[(i + offset) >> 2] >> ((3 - (i & 3)) << 1)) & 3; \
+@@ -2574,6 +2574,7 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len,
+   unsigned long x, y;
+   unsigned long is[3], ie[3];
+   size_t dummy_cnt;
++  unsigned char *dppriv;
+   if (!cnt) cnt = &dummy_cnt;
+   *cnt = 0;
+@@ -2711,13 +2712,16 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len,
+       (s->options & (JBG_DPON | JBG_DPPRIV | JBG_DPLAST)) ==
+       (JBG_DPON | JBG_DPPRIV)) {
+     assert(s->bie_len >= 20);
++    if (!s->dppriv || s->dppriv == jbg_dptable)
++      s->dppriv = (char *) checked_malloc(1728, sizeof(char));
+     while (s->bie_len < 20 + 1728 && *cnt < len)
+-      s->buffer[s->bie_len++ - 20] = data[(*cnt)++];
++      s->dppriv[s->bie_len++ - 20] = data[(*cnt)++];
+     if (s->bie_len < 20 + 1728) 
+       return JBG_EAGAIN;
+-    if (!s->dppriv || s->dppriv == jbg_dptable)
+-      s->dppriv = (char *) checked_malloc(1728, sizeof(char));
+-    jbg_dppriv2int(s->dppriv, s->buffer);
++    dppriv = s->dppriv;
++    s->dppriv = (char *) checked_malloc(6912, sizeof(char));
++    jbg_dppriv2int(s->dppriv, dppriv);
++    checked_free(dppriv);
+   }
+   /*
+diff --git a/libjbig/tstcodec.c b/libjbig/tstcodec.c
+index 44bae57..6289748 100644
+--- a/libjbig/tstcodec.c
++++ b/libjbig/tstcodec.c
+@@ -483,11 +483,16 @@ int main(int argc, char **argv)
+   problems += test_cycle(&pp, 1960, 1951,
+ 			 0, 6, 1, 2, 8, 279314L, "3.4");
+-#if 0
+-  puts("Test 3.5: as Test 3.4 but with order bit SEQ set");
++  puts("Test 3.5: as Test 3.4 but with DPPRIV=1");
++  problems += test_cycle(&pp, 1960, 1951,
++			 0, 6, 1, 2, 8, 279314L + 1728, "3.5");
++#if 0 /* Note: option SEQ is currently not supported by the decoder */
++  puts("Test 3.6: as Test 3.4 but with order bit SEQ set");
+   problems += test_cycle(&pp, 1960, 1951,
+-			 JBG_SEQ, 6, 1, 2, 8, 279314L, "3.5");
++			 JBG_SEQ, 6, 1, 2, 8, 279314L, "3.6");
+ #endif
+ #endif
diff --git a/SOURCES/jbigkit-2.0-shlib.patch b/SOURCES/jbigkit-2.0-shlib.patch
new file mode 100644
index 0000000..8d1eaed
--- /dev/null
+++ b/SOURCES/jbigkit-2.0-shlib.patch
@@ -0,0 +1,145 @@
+--- jbigkit/pbmtools/Makefile.shlib	2008-08-25 23:26:39.000000000 +0100
++++ jbigkit/pbmtools/Makefile	2008-09-03 16:41:20.000000000 +0100
+@@ -5,23 +5,23 @@
+ CC = gcc
+ # Options for the compiler
+-CFLAGS = -g -Wall -ansi -pedantic -I../libjbig # --coverage
++CFLAGS ?= -g -Wall -ansi -pedantic -I../libjbig # --coverage
+ .SUFFIXES: .1 .5 .txt $(SUFFIXES)
+ all: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85 \
+-	pbmtojbg.txt jbgtopbm.txt pbm.txt pgm.txt
++#	pbmtojbg.txt jbgtopbm.txt pbm.txt pgm.txt
+-pbmtojbg: pbmtojbg.o ../libjbig/libjbig.a
++pbmtojbg: pbmtojbg.o ../libjbig/libjbig.so
+ 	$(CC) $(CFLAGS) -o pbmtojbg pbmtojbg.o -L../libjbig -ljbig
+-jbgtopbm: jbgtopbm.o ../libjbig/libjbig.a
++jbgtopbm: jbgtopbm.o ../libjbig/libjbig.so
+ 	$(CC) $(CFLAGS) -o jbgtopbm jbgtopbm.o -L../libjbig -ljbig
+-pbmtojbg85: pbmtojbg85.o ../libjbig/libjbig85.a
++pbmtojbg85: pbmtojbg85.o ../libjbig/libjbig85.so
+ 	$(CC) $(CFLAGS) -o pbmtojbg85 pbmtojbg85.o -L../libjbig -ljbig85
+-jbgtopbm85: jbgtopbm85.o ../libjbig/libjbig85.a
++jbgtopbm85: jbgtopbm85.o ../libjbig/libjbig85.so
+ 	$(CC) $(CFLAGS) -o jbgtopbm85 jbgtopbm85.o -L../libjbig -ljbig85
+ jbgtopbm.o: jbgtopbm.c ../libjbig/jbig.h
+@@ -29,13 +29,13 @@ pbmtojbg.o: pbmtojbg.c ../libjbig/jbig.h
+ jbgtopbm85.o: jbgtopbm85.c ../libjbig/jbig85.h
+ pbmtojbg85.o: pbmtojbg85.c ../libjbig/jbig85.h
+-../libjbig/libjbig.a: ../libjbig/jbig.c ../libjbig/jbig.h \
++../libjbig/libjbig.so: ../libjbig/jbig.c ../libjbig/jbig.h \
+ 	../libjbig/jbig_ar.c ../libjbig/jbig_ar.h
+-	make -C ../libjbig libjbig.a
++	make -C ../libjbig libjbig.so
+-../libjbig/libjbig85.a: ../libjbig/jbig85.c ../libjbig/jbig85.h \
++../libjbig/libjbig85.so: ../libjbig/jbig85.c ../libjbig/jbig85.h \
+ 	../libjbig/jbig_ar.c ../libjbig/jbig_ar.h
+-	make -C ../libjbig libjbig85.a
++	make -C ../libjbig libjbig85.so
+ test: test82 test85
+--- jbigkit/libjbig/Makefile.shlib	2008-08-30 18:20:52.000000000 +0100
++++ jbigkit/libjbig/Makefile	2008-09-03 16:40:43.000000000 +0100
+@@ -5,25 +5,27 @@
+ CC = gcc
+ # Options for the compiler: A high optimization level is suggested
+-CFLAGS = -g -O -Wall -ansi -pedantic # --coverage
++CFLAGS ?= -g -O -Wall -ansi -pedantic # --coverage
+-all: libjbig.a tstcodec tstcodec85
++all: libjbig.so.$(VERSION) tstcodec tstcodec85
+-tstcodec: tstcodec.o jbig.o jbig_ar.o
+-	$(CC) $(CFLAGS) -o tstcodec $+
++tstcodec: tstcodec.o libjbig.so
++	$(CC) $(CFLAGS) -o tstcodec $< -L. -ljbig
+-tstcodec85: tstcodec85.o jbig85.o jbig_ar.o
+-	$(CC) $(CFLAGS) -o tstcodec85 $+
++tstcodec85: tstcodec85.o libjbig85.so
++	$(CC) $(CFLAGS) -o tstcodec85 $^ -L. -ljbig
+-libjbig.a: jbig.o jbig_ar.o
+-	rm -f libjbig.a
+-	ar rc libjbig.a jbig.o jbig_ar.o
+-	-ranlib libjbig.a
++%.so: %.so.$(VERSION)
++	ln -sf $< $@
+-libjbig85.a: jbig85.o jbig_ar.o
+-	rm -f libjbig85.a
+-	ar rc libjbig85.a jbig85.o jbig_ar.o
+-	-ranlib libjbig85.a
++libjbig.so.$(VERSION): jbig.o jbig_ar.o
++	$(CC) $(CFLAGS) -shared -Wl,-soname,$@ -o $@ $^
++libjbig85.so.$(VERSION): jbig85.o jbig_ar.o
++	$(CC) $(CFLAGS) -shared -Wl,-soname,$@ -o $@ $^
++jbig.o jbig85.o jbig_ar.o: CFLAGS += $(PICFLAGS)
+ jbig.o: jbig.c jbig.h jbig_ar.h
+ jbig85.o: jbig85.c jbig85.h jbig_ar.h
+@@ -37,12 +39,12 @@ jbig.pot: jbig.c
+ 	  --msgid-bugs-address='http://www.cl.cam.ac.uk/~mgk25/jbigkit/' $+
+ test: tstcodec tstcodec85
+-	./tstcodec
+-	./tstcodec85
++	LD_LIBRARY_PATH=`pwd` ./tstcodec
++	LD_LIBRARY_PATH=`pwd` ./tstcodec85
+ t82test.pbm: tstcodec
+-	./tstcodec $@
++	LD_LIBRARY_PATH=`pwd` ./tstcodec $@
+ clean:
+ 	rm -f *.{o,gcda,gcno,gcov} *~ core gmon.out dbg_d\=??.pbm t82test.pbm
+-	rm -f tstcodec tstcodec85
++	rm -f tstcodec tstcodec85 *.so *.so.$(VERSION)
+--- jbigkit/Makefile.shlib	2008-08-30 21:40:22.000000000 +0100
++++ jbigkit/Makefile	2008-09-03 16:40:43.000000000 +0100
+@@ -11,24 +11,25 @@ CCFLAGS = -O2 -W
+ CFLAGS = $(CCFLAGS) -I../libjbig
+ all: lib pbm
+ 	@echo "Enter 'make test' in order to start some automatic tests."
+ lib:
+-	(cd libjbig;  make "CC=$(CC)" "CFLAGS=$(CFLAGS)")
++	make -C libjbig
+ pbm: lib
+-	(cd pbmtools; make "CC=$(CC)" "CFLAGS=$(CFLAGS)")
++	make -C pbmtools
+ test: lib pbm
+-	(cd libjbig;  make "CC=$(CC)" "CFLAGS=$(CFLAGS)" test)
+-	(cd pbmtools; make "CC=$(CC)" "CFLAGS=$(CFLAGS)" test)
++	LD_LIBRARY_PATH=`pwd`/libjbig make -C libjbig test
++	LD_LIBRARY_PATH=`pwd`/libjbig make -C pbmtools test
+ clean:
+ 	rm -f *~ core
+-	(cd libjbig; make clean)
+-	(cd pbmtools; make clean)
++	make -C libjbig clean
++	make -C pbmtools clean
+ distribution: clean
+ 	rm -f libjbig/libjbig*.a
diff --git a/SOURCES/jbigkit-2.0-warnings.patch b/SOURCES/jbigkit-2.0-warnings.patch
new file mode 100644
index 0000000..18c15d5
--- /dev/null
+++ b/SOURCES/jbigkit-2.0-warnings.patch
@@ -0,0 +1,256 @@
+diff -up jbigkit/libjbig/tstcodec85.c.warnings jbigkit/libjbig/tstcodec85.c
+--- jbigkit/libjbig/tstcodec85.c.warnings	2008-08-23 22:06:31.000000000 +0200
++++ jbigkit/libjbig/tstcodec85.c	2012-07-17 16:18:42.326419366 +0200
+@@ -334,7 +334,7 @@ int main(int argc, char **argv)
+   for (i = 0; i < 16 * 16 && !trouble; i++) {
+     pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1);
+     if (pix < 0) {
+-      printf("Problem at pixel %ld, byte %d.\n\n",
++      printf("Problem at pixel %ld, byte %td.\n\n",
+ 	     i+1, sd->pscd_ptr - sd->pscd_end);
+       trouble++;
+       break;
+@@ -346,7 +346,7 @@ int main(int argc, char **argv)
+     }
+   }
+   if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) {
+-    printf("%d bytes left after decoder finished.\n\n",
++    printf("%td bytes left after decoder finished.\n\n",
+ 	   sd->pscd_end - sd->pscd_ptr - 2);
+     trouble++;
+   }
+@@ -374,7 +374,7 @@ int main(int argc, char **argv)
+       pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1);
+     }
+     if (pix < 0) {
+-      printf("Problem at pixel %ld, byte %d.\n\n",
++      printf("Problem at pixel %ld, byte %td.\n\n",
+ 	     i+1, sd->pscd_ptr - sd->pscd_end);
+       trouble++;
+       break;
+@@ -386,7 +386,7 @@ int main(int argc, char **argv)
+     }
+   }
+   if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) {
+-    printf("%d bytes left after decoder finished.\n\n",
++    printf("%td bytes left after decoder finished.\n\n",
+ 	   sd->pscd_end - sd->pscd_ptr - 2);
+     trouble++;
+   }
+diff -up jbigkit/libjbig/tstcodec.c.warnings jbigkit/libjbig/tstcodec.c
+--- jbigkit/libjbig/tstcodec.c.warnings	2008-08-30 19:20:58.000000000 +0200
++++ jbigkit/libjbig/tstcodec.c	2012-07-17 16:17:28.649420322 +0200
+@@ -399,7 +399,7 @@ int main(int argc, char **argv)
+   for (i = 0; i < 16 * 16 && !trouble; i++) {
+     pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1);
+     if (pix < 0) {
+-      printf("Problem at pixel %ld, byte %d.\n\n",
++      printf("Problem at pixel %ld, byte %td.\n\n",
+ 	     i+1, sd->pscd_ptr - sd->pscd_end);
+       trouble++;
+       break;
+@@ -411,7 +411,7 @@ int main(int argc, char **argv)
+     }
+   }
+   if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) {
+-    printf("%d bytes left after decoder finished.\n\n",
++    printf("%td bytes left after decoder finished.\n\n",
+ 	   sd->pscd_end - sd->pscd_ptr - 2);
+     trouble++;
+   }
+@@ -439,7 +439,7 @@ int main(int argc, char **argv)
+       pix = arith_decode(sd, (t82cx[i >> 4] >> ((15 - i) & 15)) & 1);
+     }
+     if (pix < 0) {
+-      printf("Problem at pixel %ld, byte %d.\n\n",
++      printf("Problem at pixel %ld, byte %td.\n\n",
+ 	     i+1, sd->pscd_ptr - sd->pscd_end);
+       trouble++;
+       break;
+@@ -451,7 +451,7 @@ int main(int argc, char **argv)
+     }
+   }
+   if (!trouble && sd->pscd_ptr != sd->pscd_end - 2) {
+-    printf("%d bytes left after decoder finished.\n\n",
++    printf("%td bytes left after decoder finished.\n\n",
+ 	   sd->pscd_end - sd->pscd_ptr - 2);
+     trouble++;
+   }
+diff -up jbigkit/pbmtools/jbgtopbm.c.warnings jbigkit/pbmtools/jbgtopbm.c
+--- jbigkit/pbmtools/jbgtopbm.c.warnings	2008-08-27 23:37:45.000000000 +0200
++++ jbigkit/pbmtools/jbgtopbm.c	2012-07-17 16:21:19.501283868 +0200
+@@ -110,7 +110,7 @@ void fprint_bytes(FILE *f, unsigned char
+   for (i = 0; i < len && i < max; i++)
+     fprintf(f, "%02x ", p[i]);
+   if (len > i)
+-    fprintf(f, "... %d bytes total", len);
++    fprintf(f, "... %zd bytes total", len);
+   fprintf(f, "\n");
+ }
+@@ -134,7 +134,7 @@ void diagnose_bie(FILE *fin)
+   /* read BIH */
+   read_file(&bie, &buflen, &len, fin);
+   if (len < 20) {
+-    fprintf(f, "Error: Input file is %d < 20 bytes long and therefore "
++    fprintf(f, "Error: Input file is %zd < 20 bytes long and therefore "
+ 	    "does not contain an intact BIE header!\n", len);
+     return;
+   }
+@@ -188,18 +188,18 @@ void diagnose_bie(FILE *fin)
+       == (JBG_DPON | JBG_DPPRIV))
+     p += 1728;  /* skip DPTABLE */
+   if (p > bie + len) {
+-    fprintf(f, "Error: Input file is %d < 20+1728 bytes long and therefore "
++    fprintf(f, "Error: Input file is %zd < 20+1728 bytes long and therefore "
+ 	    "does not contain an intact BIE header with DPTABLE!\n", len);
+     return;
+   }
+   while (p != bie + len) {
+     if (p > bie + len - 2) {
+-      fprintf(f, "%06x: Error: single byte 0x%02x left\n", p - bie, *p);
++      fprintf(f, "%06tx: Error: single byte 0x%02x left\n", p - bie, *p);
+       return;
+     }
+     pnext = jbg_next_pscdms(p, len - (p - bie));
+     if (p[0] != MARKER_ESC || p[1] == MARKER_STUFF) {
+-      fprintf(f, "%06x: PSCD: ", p - bie);
++      fprintf(f, "%06tx: PSCD: ", p - bie);
+       fprint_bytes(f, p, pnext ? (size_t) (pnext - p) : len - (p - bie), 60);
+       if (!pnext) {
+ 	fprintf(f, "Error: PSCD not terminated by SDNORM or SDRST marker\n");
+@@ -209,7 +209,7 @@ void diagnose_bie(FILE *fin)
+       switch (p[1]) {
+       case MARKER_SDNORM:
+       case MARKER_SDRST:
+-	fprintf(f, "%06x: ESC %s, ending SDE #%lu", p - bie,
++	fprintf(f, "%06tx: ESC %s, ending SDE #%lu", p - bie,
+ 		(p[1] == MARKER_SDNORM) ? "SDNORM" : "SDRST", ++sde);
+ 	if (sde == sdes)
+ 	  fprintf(f, " (final SDE)");
+@@ -219,10 +219,10 @@ void diagnose_bie(FILE *fin)
+ 	fprintf(f, "\n");
+ 	break;
+       case MARKER_ABORT:
+-	fprintf(f, "%06x: ESC ABORT\n", p - bie);
++	fprintf(f, "%06tx: ESC ABORT\n", p - bie);
+ 	break;
+       case MARKER_NEWLEN:
+-	fprintf(f, "%06x: ESC NEWLEN ", p - bie);
++	fprintf(f, "%06tx: ESC NEWLEN ", p - bie);
+ 	if (p + 5 < bie + len) {
+ 	  fprintf(f, "YD = %lu\n",
+ 		  yd = (((long) p[2] << 24) | ((long) p[3] << 16) |
+@@ -242,7 +242,7 @@ void diagnose_bie(FILE *fin)
+ 	  fprintf(f, "unexpected EOF\n");
+ 	break;
+       case MARKER_ATMOVE:
+-	fprintf(f, "%06x: ESC ATMOVE ", p - bie);
++	fprintf(f, "%06tx: ESC ATMOVE ", p - bie);
+ 	if (p + 7 < bie + len)
+ 	  fprintf(f, "YAT = %lu, tX = %d, tY = %d\n",
+ 		  (((long) p[2] << 24) | ((long) p[3] << 16) |
+@@ -251,7 +251,7 @@ void diagnose_bie(FILE *fin)
+ 	  fprintf(f, "unexpected EOF\n");
+ 	break;
+       case MARKER_COMMENT:
+-	fprintf(f, "%06x: ESC COMMENT ", p - bie);
++	fprintf(f, "%06tx: ESC COMMENT ", p - bie);
+ 	if (p + 5 < bie + len)
+ 	  fprintf(f, "LC = %lu\n",
+ 		  (((long) p[2] << 24) | ((long) p[3] << 16) |
+@@ -260,7 +260,7 @@ void diagnose_bie(FILE *fin)
+ 	  fprintf(f, "unexpected EOF\n");
+ 	break;
+       default:
+-	fprintf(f, "%06x: ESC 0x%02x\n", p - bie, p[1]);
++	fprintf(f, "%06tx: ESC 0x%02x\n", p - bie, p[1]);
+       }
+     if (!pnext) {
+       fprintf(f, "Error encountered!\n");
+@@ -372,7 +372,7 @@ int main (int argc, char **argv)
+   /* read BIH first to check VLENGTH */
+   len = fread(buffer, 1, 20, fin);
+   if (len < 20) {
+-    fprintf(stderr, "Input file '%s' (%d bytes) must be at least "
++    fprintf(stderr, "Input file '%s' (%zd bytes) must be at least "
+ 	    "20 bytes long\n", fnin, len);
+     if (fout != stdout) {
+       fclose(fout);
+diff -up jbigkit/pbmtools/pbmtojbg85.c.warnings jbigkit/pbmtools/pbmtojbg85.c
+--- jbigkit/pbmtools/pbmtojbg85.c.warnings	2008-08-26 00:26:39.000000000 +0200
++++ jbigkit/pbmtools/pbmtojbg85.c	2012-07-17 16:24:56.741332942 +0200
+@@ -72,9 +72,12 @@ static unsigned long getint(FILE *f)
+       while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ;
+   if (c != EOF) {
+     ungetc(c, f);
+-    fscanf(f, "%lu", &i);
++    if (fscanf(f, "%lu", &i) != 1) {
++      /* should never fail, since c must be a digit */
++      fprintf(stderr, "Unexpected failure reading digit '%c'\n", c);
++      exit(1);
++    }
+   }
+   return i;
+ }
+@@ -239,7 +242,9 @@ int main (int argc, char **argv)
+       break;
+     case '4':
+       /* PBM raw binary format */
+-      fread(next_line, bpl, 1, fin);
++      if (fread(next_line, bpl, 1, fin) != 1) {
++	/* silence compiler warnings; ferror/feof checked below */
++      }
+       break;
+     default:
+       fprintf(stderr, "Unsupported PBM type P%c!\n", type);
+diff -up jbigkit/pbmtools/pbmtojbg.c.warnings jbigkit/pbmtools/pbmtojbg.c
+--- jbigkit/pbmtools/pbmtojbg.c.warnings	2008-07-16 22:59:41.000000000 +0200
++++ jbigkit/pbmtools/pbmtojbg.c	2012-07-17 16:23:46.584285686 +0200
+@@ -88,7 +88,11 @@ static unsigned long getint(FILE *f)
+       while ((c = getc(f)) != EOF && !(c == 13 || c == 10)) ;
+   if (c != EOF) {
+     ungetc(c, f);
+-    fscanf(f, "%lu", &i);
++    if (fscanf(f, "%lu", &i) != 1) {
++      /* should never fail, since c must be a digit */
++      fprintf(stderr, "Unexpected failure reading digit '%c'\n", c);
++      exit(1);
++    }
+   }
+   return i;
+@@ -302,7 +306,9 @@ int main (int argc, char **argv)
+     break;
+   case '4':
+     /* PBM raw binary format */
+-    fread(bitmap[0], bitmap_size, 1, fin);
++    if (fread(bitmap[0], bitmap_size, 1, fin) != 1) {
++      /* silence compiler warnings; ferror/feof checked below */
++    }
+     break;
+   case '2':
+   case '5':
+@@ -314,8 +320,18 @@ int main (int argc, char **argv)
+ 	for (j = 0; j < bpp; j++)
+ 	  image[x * bpp + (bpp - 1) - j] = v >> (j * 8);
+       }
+-    } else
+-      fread(image, width * height, bpp, fin);
++    } else {
++      if (fread(image, width * height, bpp, fin) != (size_t) bpp) {
++	if (ferror(fin)) {
++	  fprintf(stderr, "Problem while reading input file '%s", fnin);
++	  perror("'");
++	  exit(1);
++	} else {
++	  fprintf(stderr, "Unexpected end of input file '%s'!\n", fnin);
++	  exit(1);
++	}
++      }
++    }
+     jbg_split_planes(width, height, planes, encode_planes, image, bitmap,
+ 		     use_graycode);
+     free(image);
diff --git a/SPECS/jbigkit.spec b/SPECS/jbigkit.spec
new file mode 100644
index 0000000..ba90f98
--- /dev/null
+++ b/SPECS/jbigkit.spec
@@ -0,0 +1,137 @@
+Name:           jbigkit
+Version:        2.0
+Release:        11%{?dist}
+Summary:        JBIG1 lossless image compression tools
+Group:          Development/Libraries
+License:        GPLv2+
+URL:            http://www.cl.cam.ac.uk/~mgk25/jbigkit/
+Source0:        http://www.cl.cam.ac.uk/~mgk25/download/jbigkit-%{version}.tar.gz
+Patch0:         jbigkit-2.0-shlib.patch
+Patch1:         jbigkit-2.0-warnings.patch
+Patch2:         jbigkit-2.0-CVE-2013-6369.patch
+%package libs
+Summary:        JBIG1 lossless image compression library
+Group:          Development/Libraries
+%package devel
+Summary:        JBIG1 lossless image compression library -- development files
+Group:          Development/Libraries
+Requires:       jbigkit-libs%{?_isa} = %{version}-%{release}
+%description libs
+JBIG-KIT provides a portable library of compression and decompression
+functions with a documented interface that you can include very easily
+into your image or document processing software. In addition, JBIG-KIT
+provides ready-to-use compression and decompression programs with a
+simple command line interface (similar to the converters found in netpbm).
+JBIG-KIT implements the specification:
+    ISO/IEC 11544:1993 and ITU-T Recommendation T.82(1993):
+     Information technology — Coded representation of picture and audio
+     information — Progressive bi-level image compression 
+which is commonly referred to as the “JBIG1 standard”
+%description devel
+The jbigkit-devel package contains files needed for development using 
+the JBIG-KIT image compression library.
+The jbigkit package contains tools for converting between PBM and JBIG1
+%setup -q -n jbigkit
+%patch0 -p1 -b .shlib
+%patch1 -p1 -b .warnings
+%patch2 -p1 -b .CVE-2013-6369
+make %{?_smp_mflags} CCFLAGS="$RPM_OPT_FLAGS"
+mkdir -p $RPM_BUILD_ROOT%{_libdir}
+mkdir -p $RPM_BUILD_ROOT%{_includedir}
+mkdir -p $RPM_BUILD_ROOT%{_bindir}
+mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
+install -p -m0755 libjbig/libjbig.so.%{version} $RPM_BUILD_ROOT/%{_libdir}
+install -p -m0755 libjbig/libjbig85.so.%{version} $RPM_BUILD_ROOT/%{_libdir}
+ln -sf libjbig.so.%{version} $RPM_BUILD_ROOT/%{_libdir}/libjbig.so
+ln -sf libjbig85.so.%{version} $RPM_BUILD_ROOT/%{_libdir}/libjbig85.so
+install -p -m0644 libjbig/jbig.h $RPM_BUILD_ROOT%{_includedir}
+install -p -m0644 libjbig/jbig85.h $RPM_BUILD_ROOT%{_includedir}
+install -p -m0644 libjbig/jbig_ar.h $RPM_BUILD_ROOT%{_includedir}
+install -p -m0755 pbmtools/???to??? $RPM_BUILD_ROOT%{_bindir}
+install -p -m0755 pbmtools/???to???85 $RPM_BUILD_ROOT%{_bindir}
+install -p -m0644 pbmtools/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
+make test
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
+%files libs
+%files devel
+* Wed Apr 02 2014 Jiri Popelka <jpopelka@redhat.com> - 2.0-11
+- CVE-2013-6369 (#1083412)
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.0-10
+- Mass rebuild 2014-01-24
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.0-9
+- Mass rebuild 2013-12-27
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+* Tue Jul 17 2012 Jiri Popelka <jpopelka@redhat.com> - 2.0-7
+- Fix a number of compiler warnings per feedback from Ubuntu security team (#840608)
+* Mon Apr 16 2012 Jiri Popelka <jpopelka@redhat.com> - 2.0-6
+- Don't install up-to-date license file, use the upstream one. (#807760)
+* Wed Mar 28 2012 Jiri Popelka <jpopelka@redhat.com> - 2.0-5
+- Moving from rpmfusion-free to Fedora because it will be free of known patents
+  in all countries from 2012-04-04 onwards
+- Changed license from GPL to GPLv2+ and included up-to-date license file
+* Wed Feb 08 2012 Nicolas Chauvet <kwizart@gmail.com> - 2.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+* Sun Mar 29 2009 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> - 2.0-3
+- rebuild for new F11 features
+* Fri Sep 05 2008 David Woodhouse <dwmw2@infradead.org> 2.0-2
+- Add missing jbig_ar.h
+* Wed Sep 03 2008 David Woodhouse <dwmw2@infradead.org> 2.0-1
+- Update to 2.0
+* Sun Aug 03 2008 Thorsten Leemhuis <fedora@leemhuis.info> - 1.6-3
+- rebuild
+* Sun Oct  1 2006 David Woodhouse <dwmw2@infradead.org> 1.6-2
+- Review fixes
+* Tue Sep 12 2006 David Woodhouse <dwmw2@infradead.org> 1.6-1
+- Initial version