diff --git a/.gitignore b/.gitignore index 6b01955..e631c69 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libgxps-0.2.5.tar.xz +SOURCES/libgxps-0.3.0.tar.xz diff --git a/.libgxps.metadata b/.libgxps.metadata index 8102c3f..0ac1c04 100644 --- a/.libgxps.metadata +++ b/.libgxps.metadata @@ -1 +1 @@ -2530c89bb8764cb9d39948aa565c1f43dcc7a286 SOURCES/libgxps-0.2.5.tar.xz +3e30b03543bdc4529815eb97261041d152f7785a SOURCES/libgxps-0.3.0.tar.xz diff --git a/SOURCES/libgxps-0.2.4-GXPSImage.patch b/SOURCES/libgxps-0.2.4-GXPSImage.patch index bfab44a..77de9a4 100644 --- a/SOURCES/libgxps-0.2.4-GXPSImage.patch +++ b/SOURCES/libgxps-0.2.4-GXPSImage.patch @@ -1,5 +1,5 @@ ---- libgxps-0.2.5/libgxps/gxps-brush.c -+++ libgxps-0.2.5/libgxps/gxps-brush.c +--- libgxps-0.3.0/libgxps/gxps-brush.c ++++ libgxps-0.3.0/libgxps/gxps-brush.c @@ -965,7 +965,7 @@ brush_end_element (GMarkupParseContext g_markup_parse_context_pop (context); } else if (strcmp (element_name, "ImageBrush") == 0) { @@ -36,8 +36,8 @@ brush_image->viewbox.x, brush_image->viewbox.y, brush_image->viewbox.width, ---- libgxps-0.2.5/libgxps/gxps-images.c -+++ libgxps-0.2.5/libgxps/gxps-images.c +--- libgxps-0.3.0/libgxps/gxps-images.c ++++ libgxps-0.3.0/libgxps/gxps-images.c @@ -88,6 +88,45 @@ multiply_alpha (int alpha, int color) return ((temp + (temp >> 8)) >> 8); } @@ -118,7 +118,7 @@ g_free (row_pointers); g_free (data); return NULL; -@@ -295,13 +335,13 @@ gxps_images_create_from_png (GXPSArchive +@@ -295,13 +335,12 @@ gxps_images_create_from_png (GXPSArchive return NULL; } @@ -135,11 +135,10 @@ + res_y = png_get_y_pixels_per_meter (png, info) * METERS_PER_INCH; + if (res_y == 0) + res_y = 96; -+ image_set_res (image, res_x, res_y); data = g_malloc (png_height * stride); row_pointers = g_new (png_byte *, png_height); -@@ -315,23 +355,23 @@ gxps_images_create_from_png (GXPSArchive +@@ -315,23 +354,25 @@ gxps_images_create_from_png (GXPSArchive g_object_unref (stream); g_free (row_pointers); @@ -159,6 +158,8 @@ } - status = cairo_surface_set_user_data (image->surface, ++ image_set_res (image, res_x, res_y); ++ + status = cairo_surface_set_user_data (image, &image_data_cairo_key, data, @@ -398,8 +399,8 @@ - - g_slice_free (GXPSImage, image); -} ---- libgxps-0.2.5/libgxps/gxps-images.h -+++ libgxps-0.2.5/libgxps/gxps-images.h +--- libgxps-0.3.0/libgxps/gxps-images.h ++++ libgxps-0.3.0/libgxps/gxps-images.h @@ -25,18 +25,9 @@ G_BEGIN_DECLS @@ -422,8 +423,8 @@ G_END_DECLS ---- libgxps-0.2.5/libgxps/gxps-page.c -+++ libgxps-0.2.5/libgxps/gxps-page.c +--- libgxps-0.3.0/libgxps/gxps-page.c ++++ libgxps-0.3.0/libgxps/gxps-page.c @@ -77,12 +77,12 @@ gxps_page_error_quark (void) } @@ -454,8 +455,8 @@ return image; } ---- libgxps-0.2.5/libgxps/gxps-page-private.h -+++ libgxps-0.2.5/libgxps/gxps-page-private.h +--- libgxps-0.3.0/libgxps/gxps-page-private.h ++++ libgxps-0.3.0/libgxps/gxps-page-private.h @@ -58,9 +58,9 @@ struct _GXPSRenderContext { GXPSBrushVisual *visual; }; diff --git a/SOURCES/libgxps-0.2.5-private-methods.patch b/SOURCES/libgxps-0.2.5-private-methods.patch index edee64e..202fda4 100644 --- a/SOURCES/libgxps-0.2.5-private-methods.patch +++ b/SOURCES/libgxps-0.2.5-private-methods.patch @@ -1,6 +1,6 @@ ---- libgxps-0.2.5/libgxps/gxps-archive.h -+++ libgxps-0.2.5/libgxps/gxps-archive.h -@@ -37,13 +37,18 @@ G_BEGIN_DECLS +--- libgxps-0.3.0/libgxps/gxps-archive.h ++++ libgxps-0.3.0/libgxps/gxps-archive.h +@@ -38,14 +38,20 @@ G_BEGIN_DECLS typedef struct _GXPSArchive GXPSArchive; typedef struct _GXPSArchiveClass GXPSArchiveClass; @@ -13,6 +13,8 @@ gboolean gxps_archive_has_entry (GXPSArchive *archive, const gchar *path); +GXPS_AVAILABLE_IN_ALL + GXPSResources *gxps_archive_get_resources (GXPSArchive *archive); ++GXPS_AVAILABLE_IN_ALL GInputStream *gxps_archive_open (GXPSArchive *archive, const gchar *path); +GXPS_AVAILABLE_IN_ALL diff --git a/SOURCES/libgxps-0.3.0-archive-fill-error.patch b/SOURCES/libgxps-0.3.0-archive-fill-error.patch new file mode 100644 index 0000000..202b423 --- /dev/null +++ b/SOURCES/libgxps-0.3.0-archive-fill-error.patch @@ -0,0 +1,106 @@ +From b458226e162fe1ffe7acb4230c114a52ada5131b Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Sat, 5 May 2018 12:01:24 +0200 +Subject: gxps-archive: Ensure gxps_archive_read_entry() fills the GError in + case of failure + +And fix the callers to not overwrite the GError. + +diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c +index e763773..346ba73 100644 +--- a/libgxps/gxps-archive.c ++++ b/libgxps/gxps-archive.c +@@ -406,9 +406,13 @@ gxps_archive_read_entry (GXPSArchive *archive, + gboolean retval; + + stream = gxps_archive_open (archive, path); +- if (!stream) +- /* TODO: Error */ ++ if (!stream) { ++ g_set_error (error, ++ G_IO_ERROR, ++ G_IO_ERROR_NOT_FOUND, ++ "The entry '%s' was not found in archive", path); + return FALSE; ++ } + + entry_size = archive_entry_size (GXPS_ARCHIVE_INPUT_STREAM (stream)->entry); + if (entry_size <= 0) { +@@ -423,7 +427,7 @@ gxps_archive_read_entry (GXPSArchive *archive, + *buffer = g_malloc (buffer_size); + do { + bytes = g_input_stream_read (stream, &buf, BUFFER_SIZE, NULL, error); +- if (*error != NULL) { ++ if (bytes < 0) { + g_free (*buffer); + g_object_unref (stream); + +@@ -441,7 +445,10 @@ gxps_archive_read_entry (GXPSArchive *archive, + g_object_unref (stream); + + if (*bytes_read == 0) { +- /* TODO: Error */ ++ g_set_error (error, ++ G_IO_ERROR, ++ G_IO_ERROR_INVALID_DATA, ++ "The entry '%s' is empty in archive", path); + g_free (*buffer); + return FALSE; + } +diff --git a/libgxps/gxps-fonts.c b/libgxps/gxps-fonts.c +index 882157d..8d02ffc 100644 +--- a/libgxps/gxps-fonts.c ++++ b/libgxps/gxps-fonts.c +@@ -220,19 +220,12 @@ gxps_fonts_new_font_face (GXPSArchive *zip, + cairo_font_face_t *font_face; + guchar *font_data; + gsize font_data_len; +- gboolean res; + +- res = gxps_archive_read_entry (zip, font_uri, +- &font_data, &font_data_len, +- error); +- if (!res) { +- g_set_error (error, +- GXPS_ERROR, +- GXPS_ERROR_SOURCE_NOT_FOUND, +- "Font source %s not found in archive", +- font_uri); +- return NULL; +- } ++ if (!gxps_archive_read_entry (zip, font_uri, ++ &font_data, &font_data_len, ++ error)) { ++ return NULL; ++ } + + ft_face.font_data = font_data; + ft_face.font_data_len = (gssize)font_data_len; +diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c +index 4dcf9e2..50f899f 100644 +--- a/libgxps/gxps-images.c ++++ b/libgxps/gxps-images.c +@@ -742,17 +742,12 @@ gxps_images_create_from_tiff (GXPSArchive *zip, + guchar *data; + guchar *p; + +- if (!gxps_archive_read_entry (zip, image_uri, +- &buffer.buffer, +- &buffer.buffer_len, +- error)) { +- g_set_error (error, +- GXPS_ERROR, +- GXPS_ERROR_SOURCE_NOT_FOUND, +- "Image source %s not found in archive", +- image_uri); +- return NULL; +- } ++ if (!gxps_archive_read_entry (zip, image_uri, ++ &buffer.buffer, ++ &buffer.buffer_len, ++ error)) { ++ return NULL; ++ } + + buffer.pos = 0; + diff --git a/SOURCES/libgxps-0.3.0-archive-handle-error.patch b/SOURCES/libgxps-0.3.0-archive-handle-error.patch new file mode 100644 index 0000000..f563d4b --- /dev/null +++ b/SOURCES/libgxps-0.3.0-archive-handle-error.patch @@ -0,0 +1,24 @@ +From 133fe2a96e020d4ca65c6f64fb28a404050ebbfd Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Sat, 5 May 2018 12:02:36 +0200 +Subject: gxps-archive: Handle errors returned by archive_read_data + + +diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c +index 346ba73..1bae729 100644 +--- a/libgxps/gxps-archive.c ++++ b/libgxps/gxps-archive.c +@@ -520,6 +520,13 @@ gxps_archive_input_stream_read (GInputStream *stream, + return -1; + + bytes_read = archive_read_data (istream->zip->archive, buffer, count); ++ if (bytes_read < 0) { ++ g_set_error_literal (error, ++ G_IO_ERROR, ++ g_io_error_from_errno (archive_errno (istream->zip->archive)), ++ archive_error_string (istream->zip->archive)); ++ return -1; ++ } + if (bytes_read == 0 && istream->is_interleaved && !gxps_archive_input_stream_is_last_piece (istream)) { + /* Read next piece */ + gxps_archive_input_stream_next_piece (istream); diff --git a/SOURCES/libgxps-0.3.0-clear-error.patch b/SOURCES/libgxps-0.3.0-clear-error.patch new file mode 100644 index 0000000..89123c6 --- /dev/null +++ b/SOURCES/libgxps-0.3.0-clear-error.patch @@ -0,0 +1,30 @@ +From 672c65ea8cbd2bcfd82a6b6498a4f1eb9daf5ec5 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Fri, 8 Dec 2017 11:20:25 +0100 +Subject: [PATCH 2/2] gxps-images: clear the error before trying to load an + image again + +In gxps_images_get_image() we first try with the image file extension, +and if that fails then we try guessing the content type. If the image +load failed the first time, the GError might be filled already, so we +need to clear it before passing it to create functions again. +--- + libgxps/gxps-images.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c +index 19cb1c0..4dcf9e2 100644 +--- a/libgxps/gxps-images.c ++++ b/libgxps/gxps-images.c +@@ -925,6 +925,8 @@ gxps_images_get_image (GXPSArchive *zip, + if (!image) { + gchar *mime_type; + ++ g_clear_error(error); ++ + mime_type = gxps_images_guess_content_type (zip, image_uri); + if (g_strcmp0 (mime_type, "image/png") == 0) { + image = gxps_images_create_from_png (zip, image_uri, error); +-- +2.17.1 + diff --git a/SOURCES/libgxps-0.3.0-integer-overflow.patch b/SOURCES/libgxps-0.3.0-integer-overflow.patch new file mode 100644 index 0000000..bbb6485 --- /dev/null +++ b/SOURCES/libgxps-0.3.0-integer-overflow.patch @@ -0,0 +1,25 @@ +From 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Fri, 8 Dec 2017 11:11:38 +0100 +Subject: [PATCH 1/2] gxps-images: fix integer overflow in png decoder + +--- + libgxps/gxps-images.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c +index 98c7052..19cb1c0 100644 +--- a/libgxps/gxps-images.c ++++ b/libgxps/gxps-images.c +@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip, + } + + stride = cairo_format_stride_for_width (format, png_width); +- if (stride < 0) { ++ if (stride < 0 || png_height >= INT_MAX / stride) { + fill_png_error (error, image_uri, NULL); + g_object_unref (stream); + png_destroy_read_struct (&png, &info, NULL); +-- +2.17.1 + diff --git a/SPECS/libgxps.spec b/SPECS/libgxps.spec index b0eead7..fbb8f88 100644 --- a/SPECS/libgxps.spec +++ b/SPECS/libgxps.spec @@ -1,16 +1,26 @@ Name: libgxps -Version: 0.2.5 -Release: 1%{?dist} +Version: 0.3.0 +Release: 4%{?dist} Summary: GObject based library for handling and rendering XPS documents Group: System Environment/Libraries License: LGPLv2+ -URL: http://live.gnome.org/libgxps -Source0: http://ftp.gnome.org/pub/gnome/sources/%{name}/0.2/%{name}-%{version}.tar.xz +URL: https://wiki.gnome.org/Projects/libgxps +Source0: https://ftp.gnome.org/pub/gnome/sources/%{name}/0.3/%{name}-%{version}.tar.xz Patch0: libgxps-0.2.4-GXPSImage.patch Patch1: libgxps-0.2.5-private-methods.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1574844 +Patch2: libgxps-0.3.0-archive-fill-error.patch +Patch3: libgxps-0.3.0-archive-handle-error.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1591133 +Patch4: libgxps-0.3.0-integer-overflow.patch +Patch5: libgxps-0.3.0-clear-error.patch + +BuildRequires: meson +BuildRequires: gcc BuildRequires: gtk3-devel BuildRequires: glib2-devel BuildRequires: gobject-introspection-devel @@ -21,7 +31,6 @@ BuildRequires: freetype-devel BuildRequires: libjpeg-devel BuildRequires: libtiff-devel BuildRequires: lcms2-devel -BuildRequires: chrpath %description libgxps is a GObject based library for handling and rendering XPS @@ -47,35 +56,31 @@ documents using the %{name} library. %prep -%setup -q -%patch0 -p1 -b .GXPSImage -%patch1 -p1 -b .private-methods +%autosetup -p1 %build -autoreconf -ivf -%configure --disable-static --enable-man -make %{?_smp_mflags} +%meson -Denable-gtk-doc=true -Denable-man=true +%meson_build %install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' -chrpath --delete $RPM_BUILD_ROOT%{_bindir}/xpsto* +%meson_install %post -p /sbin/ldconfig + %postun -p /sbin/ldconfig %files -%doc AUTHORS ChangeLog NEWS README TODO +%doc AUTHORS MAINTAINERS NEWS README TODO %license COPYING %{_libdir}/*.so.* %{_libdir}/girepository-1.0/*.typelib + %files devel %{_includedir}/* %{_libdir}/*.so @@ -83,12 +88,30 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/xpsto* %{_datadir}/gir-1.0/*.gir %{_datadir}/gtk-doc/html/libgxps + %files tools %{_bindir}/xpsto* %{_mandir}/man1/xpsto*.1.gz %changelog +* Thu Jun 21 2018 Marek Kasik - 0.3.0-4 +- Fix integer overflow in png decoder +- Resolves: #1591133 + +* Fri Jun 01 2018 Marek Kasik - 0.3.0-3 +- Fix crash in loading of png image +- Resolves: #1575188 + +* Fri Jun 01 2018 Marek Kasik - 0.3.0-2 +- Ensure gxps_archive_read_entry() fills the GError in case of failure +- Handle errors returned by archive_read_data() +- Resolves: #1574844 + +* Thu May 31 2018 Marek Kasik - 0.3.0-1 +- Update to 0.3.0 +- Resolves: #1569731 + * Tue Feb 28 2017 Marek Kasik - 0.2.5-1 - Update to newly released 0.2.5 - Preserve ABI by exporting the same set of methods as before