summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk4
-rw-r--r--gnu/packages/image.scm11
-rw-r--r--gnu/packages/patches/jbig2dec-CVE-2016-9601.patch906
-rw-r--r--gnu/packages/patches/jbig2dec-CVE-2017-7885.patch38
-rw-r--r--gnu/packages/patches/jbig2dec-CVE-2017-7975.patch40
-rw-r--r--gnu/packages/patches/jbig2dec-CVE-2017-7976.patch122
-rw-r--r--gnu/packages/patches/jbig2dec-ignore-testtest.patch6
7 files changed, 6 insertions, 1121 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index eb61fe8d07..d0516f2740 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -749,10 +749,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/jacal-fix-texinfo.patch			\
   %D%/packages/patches/java-powermock-fix-java-files.patch		\
   %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
-  %D%/packages/patches/jbig2dec-CVE-2016-9601.patch		\
-  %D%/packages/patches/jbig2dec-CVE-2017-7885.patch		\
-  %D%/packages/patches/jbig2dec-CVE-2017-7975.patch		\
-  %D%/packages/patches/jbig2dec-CVE-2017-7976.patch		\
   %D%/packages/patches/jq-CVE-2015-8863.patch			\
   %D%/packages/patches/kdbusaddons-kinit-file-name.patch	\
   %D%/packages/patches/khmer-use-libraries.patch                \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index d007aea6f1..bc1ad88c65 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -479,20 +479,15 @@ arithmetic ops.")
 (define-public jbig2dec
   (package
     (name "jbig2dec")
-    (version "0.13")
+    (version "0.14")
     (source
       (origin
         (method url-fetch)
         (uri (string-append "http://downloads.ghostscript.com/public/" name "/"
                             name "-" version ".tar.gz"))
         (sha256
-          (base32 "04akiwab8iy5iy34razcvh9mcja9wy737civ3sbjxk4j143s1b2s"))
-        (patches (search-patches "jbig2dec-ignore-testtest.patch"
-                                 "jbig2dec-CVE-2016-9601.patch"
-                                 "jbig2dec-CVE-2017-7885.patch"
-                                 "jbig2dec-CVE-2017-7975.patch"
-                                 "jbig2dec-CVE-2017-7976.patch"))))
-
+          (base32 "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11"))
+        (patches (search-patches "jbig2dec-ignore-testtest.patch"))))
     (build-system gnu-build-system)
     (synopsis "Decoder of the JBIG2 image compression format")
     (description
diff --git a/gnu/packages/patches/jbig2dec-CVE-2016-9601.patch b/gnu/packages/patches/jbig2dec-CVE-2016-9601.patch
deleted file mode 100644
index f45209068f..0000000000
--- a/gnu/packages/patches/jbig2dec-CVE-2016-9601.patch
+++ /dev/null
@@ -1,906 +0,0 @@
-Fix CVE-2016-9601:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9601
-https://bugs.ghostscript.com/show_bug.cgi?id=697457
-
-Patch copied from upstream source repository:
-
-http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
-
-From e698d5c11d27212aa1098bc5b1673a3378563092 Mon Sep 17 00:00:00 2001
-From: Robin Watts <robin.watts@artifex.com>
-Date: Mon, 12 Dec 2016 17:47:17 +0000
-Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build.
-
-Also rename "new" to "new_dict", because "new" is a bad
-variable name.
----
- jbig2.c             |  4 +--
- jbig2.h             |  8 +++---
- jbig2_generic.c     |  2 +-
- jbig2_halftone.c    | 24 ++++++++----------
- jbig2_huffman.c     | 10 ++++----
- jbig2_huffman.h     |  2 +-
- jbig2_image.c       | 32 +++++++++++------------
- jbig2_mmr.c         | 66 +++++++++++++++++++++++++-----------------------
- jbig2_page.c        |  6 ++---
- jbig2_priv.h        |  4 +--
- jbig2_segment.c     | 10 ++++----
- jbig2_symbol_dict.c | 73 +++++++++++++++++++++++++++--------------------------
- jbig2_symbol_dict.h |  6 ++---
- jbig2_text.c        | 16 ++++++------
- jbig2_text.h        |  2 +-
- 15 files changed, 134 insertions(+), 131 deletions(-)
-
-diff --git a/jbig2.c b/jbig2.c
-index f729e29..e51380f 100644
---- a/jbig2.c
-+++ b/jbig2.c
-@@ -379,7 +379,7 @@ typedef struct {
- } Jbig2WordStreamBuf;
- 
- static int
--jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word)
-+jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word)
- {
-     Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self;
-     const byte *data = z->data;
-@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t
-     else if (offset > z->size)
-         return -1;
-     else {
--        int i;
-+        size_t i;
- 
-         result = 0;
-         for (i = 0; i < z->size - offset; i++)
-diff --git a/jbig2.h b/jbig2.h
-index d5aa52f..624e0ed 100644
---- a/jbig2.h
-+++ b/jbig2.h
-@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary;
- */
- 
- struct _Jbig2Image {
--    int width, height, stride;
-+    uint32_t width;
-+    uint32_t height;
-+    uint32_t stride;
-     uint8_t *data;
-     int refcount;
- };
- 
--Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height);
-+Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height);
- Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image);
- void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image);
- void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image);
- void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value);
--Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height);
-+Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height);
- 
- /* errors are returned from the library via a callback. If no callback
-    is provided (a NULL argument is passed ot jbig2_ctx_new) a default
-diff --git a/jbig2_generic.c b/jbig2_generic.c
-index 02fdbfb..9656198 100644
---- a/jbig2_generic.c
-+++ b/jbig2_generic.c
-@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte
-     byte seg_flags;
-     int8_t gbat[8];
-     int offset;
--    int gbat_bytes = 0;
-+    uint32_t gbat_bytes = 0;
-     Jbig2GenericRegionParams params;
-     int code = 0;
-     Jbig2Image *image = NULL;
-diff --git a/jbig2_halftone.c b/jbig2_halftone.c
-index aeab576..acfbc56 100644
---- a/jbig2_halftone.c
-+++ b/jbig2_halftone.c
-@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
- {
-     uint8_t **GSVALS = NULL;
-     size_t consumed_bytes = 0;
--    int i, j, code, stride;
--    int x, y;
-+    uint32_t i, j, stride, x, y;
-+    int code;
-     Jbig2Image **GSPLANES;
-     Jbig2GenericRegionParams rparams;
-     Jbig2WordStream *ws = NULL;
-@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
-         if (GSPLANES[i] == NULL) {
-             jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH);
-             /* free already allocated */
--            for (j = i - 1; j >= 0; --j) {
--                jbig2_image_release(ctx, GSPLANES[j]);
--            }
-+            for (j = i; j > 0;)
-+                jbig2_image_release(ctx, GSPLANES[--j]);
-             jbig2_free(ctx->allocator, GSPLANES);
-             return NULL;
-         }
-@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
-     }
- 
-     /* C.5 step 2. Set j = GSBPP-2 */
--    j = GSBPP - 2;
-+    j = GSBPP - 1;
-     /* C.5 step 3. decode loop */
--    while (j >= 0) {
-+    while (j > 0) {
-+        j--;
-         /*  C.5 step 3. (a) */
-         if (GSMMR) {
-             code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes);
-@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
-             GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i];
- 
-         /*  C.5 step 3. (c) */
--        --j;
-     }
- 
-     /* allocate GSVALS */
-@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
-         if (GSVALS[i] == NULL) {
-             jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW);
-             /* free already allocated */
--            for (j = i - 1; j >= 0; --j) {
--                jbig2_free(ctx->allocator, GSVALS[j]);
--            }
-+            for (j = i; j > 0;)
-+                jbig2_free(ctx->allocator, GSVALS[--j]);
-             jbig2_free(ctx->allocator, GSVALS);
-             GSVALS = NULL;
-             goto cleanup;
-@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
-     uint8_t **GI;
-     Jbig2Image *HSKIP = NULL;
-     Jbig2PatternDict *HPATS;
--    int i;
-+    uint32_t i;
-     uint32_t mg, ng;
-     int32_t x, y;
-     uint8_t gray_val;
-@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
- 
-     /* calculate ceil(log2(HNUMPATS)) */
-     HBPP = 0;
--    while (HNUMPATS > (1 << ++HBPP));
-+    while (HNUMPATS > (1U << ++HBPP));
- 
-     /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */
-     GI = jbig2_decode_gray_scale_image(ctx, segment, data, size,
-diff --git a/jbig2_huffman.c b/jbig2_huffman.c
-index 4521b48..f77981b 100644
---- a/jbig2_huffman.c
-+++ b/jbig2_huffman.c
-@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState {
-        is (offset + 4) * 8. */
-     uint32_t this_word;
-     uint32_t next_word;
--    int offset_bits;
--    int offset;
--    int offset_limit;
-+    uint32_t offset_bits;
-+    uint32_t offset;
-+    uint32_t offset_limit;
- 
-     Jbig2WordStream *ws;
-     Jbig2Ctx *ctx;
- };
- 
- static uint32_t
--huff_get_next_word(Jbig2HuffmanState *hs, int offset)
-+huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset)
- {
-     uint32_t word = 0;
-     Jbig2WordStream *ws = hs->ws;
-@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset)
- /* return the offset of the huffman decode pointer (in bytes)
-  * from the beginning of the WordStream
-  */
--int
-+uint32_t
- jbig2_huffman_offset(Jbig2HuffmanState *hs)
- {
-     return hs->offset + (hs->offset_bits >> 3);
-diff --git a/jbig2_huffman.h b/jbig2_huffman.h
-index 5d1e6e0..cfda9e0 100644
---- a/jbig2_huffman.h
-+++ b/jbig2_huffman.h
-@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs);
- 
- void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset);
- 
--int jbig2_huffman_offset(Jbig2HuffmanState *hs);
-+uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs);
- 
- int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob);
- 
-diff --git a/jbig2_image.c b/jbig2_image.c
-index 1ae614e..94e5a4c 100644
---- a/jbig2_image.c
-+++ b/jbig2_image.c
-@@ -32,10 +32,10 @@
- 
- /* allocate a Jbig2Image structure and its associated bitmap */
- Jbig2Image *
--jbig2_image_new(Jbig2Ctx *ctx, int width, int height)
-+jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
- {
-     Jbig2Image *image;
--    int stride;
-+    uint32_t stride;
-     int64_t check;
- 
-     image = jbig2_new(ctx, Jbig2Image, 1);
-@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image)
- 
- /* resize a Jbig2Image */
- Jbig2Image *
--jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
-+jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height)
- {
-     if (width == image->width) {
-         /* check for integer multiplication overflow */
-@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
- static int
- jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
- {
--    int i, j;
--    int sw = src->width;
--    int sh = src->height;
--    int sx = 0;
--    int sy = 0;
-+    uint32_t i, j;
-+    uint32_t sw = src->width;
-+    uint32_t sh = src->height;
-+    uint32_t sx = 0;
-+    uint32_t sy = 0;
- 
-     /* clip to the dst image boundaries */
-     if (x < 0) {
-@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x
- int
- jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
- {
--    int i, j;
--    int w, h;
--    int leftbyte, rightbyte;
--    int shift;
-+    uint32_t i, j;
-+    uint32_t w, h;
-+    uint32_t leftbyte, rightbyte;
-+    uint32_t shift;
-     uint8_t *s, *ss;
-     uint8_t *d, *dd;
-     uint8_t mask, rightmask;
-@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
-         h += y;
-         y = 0;
-     }
--    w = (x + w < dst->width) ? w : dst->width - x;
--    h = (y + h < dst->height) ? h : dst->height - y;
-+    w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0);
-+    h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0);
- #ifdef JBIG2_DEBUG
-     jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y);
- #endif
-@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
-     }
- #endif
- 
--    leftbyte = x >> 3;
--    rightbyte = (x + w - 1) >> 3;
-+    leftbyte = (uint32_t)x >> 3;
-+    rightbyte = ((uint32_t)x + w - 1) >> 3;
-     shift = x & 7;
- 
-     /* general OR case */
-diff --git a/jbig2_mmr.c b/jbig2_mmr.c
-index d4cd3a2..390e27c 100644
---- a/jbig2_mmr.c
-+++ b/jbig2_mmr.c
-@@ -38,19 +38,21 @@
- #include "jbig2_mmr.h"
- 
- typedef struct {
--    int width;
--    int height;
-+    uint32_t width;
-+    uint32_t height;
-     const byte *data;
-     size_t size;
--    int data_index;
--    int bit_index;
-+    uint32_t data_index;
-+    uint32_t bit_index;
-     uint32_t word;
- } Jbig2MmrCtx;
- 
-+#define MINUS1 ((uint32_t)-1)
-+
- static void
- jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size)
- {
--    int i;
-+    size_t i;
-     uint32_t word = 0;
- 
-     mmr->width = width;
-@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = {
- #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
- 
- static int
--jbig2_find_changing_element(const byte *line, int x, int w)
-+jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
- {
-     int a, b;
- 
-     if (line == 0)
--        return w;
-+        return (int)w;
- 
--    if (x == -1) {
-+    if (x == MINUS1) {
-         a = 0;
-         x = 0;
-     } else {
-@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w)
- }
- 
- static int
--jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color)
-+jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
- {
-     if (line == 0)
-         return w;
-@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 };
- static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
- 
- static void
--jbig2_set_bits(byte *line, int x0, int x1)
-+jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1)
- {
--    int a0, a1, b0, b1, a;
-+    uint32_t a0, a1, b0, b1, a;
- 
-     a0 = x0 >> 3;
-     a1 = x1 >> 3;
-@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_
- static int
- jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- {
--    int a0 = -1;
--    int a1, a2, b1, b2;
-+    uint32_t a0 = MINUS1;
-+    uint32_t a1, a2, b1, b2;
-     int c = 0;                  /* 0 is white, black is 1 */
- 
-     while (1) {
-@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- 
-         /* printf ("%08x\n", word); */
- 
--        if (a0 >= mmr->width)
-+        if (a0 != MINUS1 && a0 >= mmr->width)
-             break;
- 
-         if ((word >> (32 - 3)) == 1) {
-@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- 
-             jbig2_decode_mmr_consume(mmr, 3);
- 
--            if (a0 == -1)
-+            if (a0 == MINUS1)
-                 a0 = 0;
- 
-             if (c == 0) {
-@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-                     a1 = mmr->width;
-                 if (a2 > mmr->width)
-                     a2 = mmr->width;
--                if (a2 < a1 || a1 < 0)
-+                if (a1 == MINUS1 || a2 < a1)
-                     return -1;
-                 jbig2_set_bits(dst, a1, a2);
-                 a0 = a2;
-@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-                     a1 = mmr->width;
-                 if (a2 > mmr->width)
-                     a2 = mmr->width;
--                if (a1 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || a1 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, a1);
-                 a0 = a2;
-@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
-             b2 = jbig2_find_changing_element(ref, b1, mmr->width);
-             if (c) {
--                if (b2 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b2 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b2);
-             }
-@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             jbig2_decode_mmr_consume(mmr, 1);
-             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
-             if (c) {
--                if (b1 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b1 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b1);
-             }
-@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             if (b1 + 1 > mmr->width)
-                 break;
-             if (c) {
--                if (b1 + 1 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b1 + 1 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b1 + 1);
-             }
-@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             if (b1 + 2 > mmr->width)
-                 break;
-             if (c) {
--                if (b1 + 2 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b1 + 2 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b1 + 2);
-             }
-@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             /* printf ("VR(3)\n"); */
-             jbig2_decode_mmr_consume(mmr, 7);
-             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
--            if (b1 + 3 > mmr->width)
-+            if (b1 + 3 > (int)mmr->width)
-                 break;
-             if (c) {
--                if (b1 + 3 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b1 + 3 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b1 + 3);
-             }
-@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             /* printf ("VL(1)\n"); */
-             jbig2_decode_mmr_consume(mmr, 3);
-             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
--            if (b1 - 1 < 0)
-+            if (b1 < 1)
-                 break;
-             if (c) {
--                if (b1 - 1 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b1 - 1 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b1 - 1);
-             }
-@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             /* printf ("VL(2)\n"); */
-             jbig2_decode_mmr_consume(mmr, 6);
-             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
--            if (b1 - 2 < 0)
-+            if (b1 < 2)
-                 break;
-             if (c) {
-                 if (b1 - 2 < a0 || a0 < 0)
-@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             /* printf ("VL(3)\n"); */
-             jbig2_decode_mmr_consume(mmr, 7);
-             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
--            if (b1 - 3 < 0)
-+            if (b1 < 3)
-                 break;
-             if (c) {
--                if (b1 - 3 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b1 - 3 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b1 - 3);
-             }
-@@ -1009,10 +1011,10 @@ int
- jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image)
- {
-     Jbig2MmrCtx mmr;
--    const int rowstride = image->stride;
-+    const uint32_t rowstride = image->stride;
-     byte *dst = image->data;
-     byte *ref = NULL;
--    int y;
-+    uint32_t y;
-     int code = 0;
- 
-     jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size);
-@@ -1047,10 +1049,10 @@ int
- jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes)
- {
-     Jbig2MmrCtx mmr;
--    const int rowstride = image->stride;
-+    const uint32_t rowstride = image->stride;
-     byte *dst = image->data;
-     byte *ref = NULL;
--    int y;
-+    uint32_t y;
-     int code = 0;
-     const uint32_t EOFB = 0x001001;
- 
-diff --git a/jbig2_page.c b/jbig2_page.c
-index 110ff7c..1ed1c8a 100644
---- a/jbig2_page.c
-+++ b/jbig2_page.c
-@@ -155,9 +155,9 @@ int
- jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data)
- {
-     Jbig2Page page = ctx->pages[ctx->current_page];
--    int end_row;
-+    uint32_t end_row;
- 
--    end_row = jbig2_get_int32(segment_data);
-+    end_row = jbig2_get_uint32(segment_data);
-     if (end_row < page.end_row) {
-         jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
-                     "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row);
-@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x,
- 
-     /* grow the page to accomodate a new stripe if necessary */
-     if (page->striped) {
--        int new_height = y + image->height + page->end_row;
-+        uint32_t new_height = y + image->height + page->end_row;
- 
-         if (page->image->height < new_height) {
-             jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height);
-diff --git a/jbig2_priv.h b/jbig2_priv.h
-index 42ba496..3d44b42 100644
---- a/jbig2_priv.h
-+++ b/jbig2_priv.h
-@@ -132,7 +132,7 @@ struct _Jbig2Page {
-     uint32_t x_resolution, y_resolution;        /* in pixels per meter */
-     uint16_t stripe_size;
-     bool striped;
--    int end_row;
-+    uint32_t end_row;
-     uint8_t flags;
-     Jbig2Image *image;
- };
-@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm
- typedef struct _Jbig2WordStream Jbig2WordStream;
- 
- struct _Jbig2WordStream {
--    int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word);
-+    int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word);
- };
- 
- Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size);
-diff --git a/jbig2_segment.c b/jbig2_segment.c
-index 2e0db67..5b63706 100644
---- a/jbig2_segment.c
-+++ b/jbig2_segment.c
-@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
-     uint8_t rtscarf;
-     uint32_t rtscarf_long;
-     uint32_t *referred_to_segments;
--    int referred_to_segment_count;
--    int referred_to_segment_size;
--    int pa_size;
--    int offset;
-+    uint32_t referred_to_segment_count;
-+    uint32_t referred_to_segment_size;
-+    uint32_t pa_size;
-+    uint32_t offset;
- 
-     /* minimum possible size of a jbig2 segment header */
-     if (buf_size < 11)
-@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
- 
-     /* 7.2.5 */
-     if (referred_to_segment_count) {
--        int i;
-+        uint32_t i;
- 
-         referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size);
-         if (referred_to_segments == NULL) {
-diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
-index 2c71a4c..11a2252 100644
---- a/jbig2_symbol_dict.c
-+++ b/jbig2_symbol_dict.c
-@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment)
- 
- /* return a new empty symbol dict */
- Jbig2SymbolDict *
--jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols)
-+jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
- {
--    Jbig2SymbolDict *new = NULL;
-+    Jbig2SymbolDict *new_dict = NULL;
- 
-     if (n_symbols < 0) {
-         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
-         return NULL;
-     }
- 
--    new = jbig2_new(ctx, Jbig2SymbolDict, 1);
--    if (new != NULL) {
--        new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
--        new->n_symbols = n_symbols;
-+    new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
-+    if (new_dict != NULL) {
-+        new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
-+        new_dict->n_symbols = n_symbols;
-     } else {
-         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict");
-         return NULL;
-     }
- 
--    if (new->glyphs != NULL) {
--        memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
-+    if (new_dict->glyphs != NULL) {
-+        memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
-     } else {
-         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict");
--        jbig2_free(ctx->allocator, new);
-+        jbig2_free(ctx->allocator, new_dict);
-         return NULL;
-     }
- 
--    return new;
-+    return new_dict;
- }
- 
- /* release the memory associated with a symbol dict */
- void
- jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict)
- {
--    int i;
-+    uint32_t i;
- 
-     if (dict == NULL)
-         return;
-@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id)
- }
- 
- /* count the number of dictionary segments referred to by the given segment */
--int
-+uint32_t
- jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
- {
-     int index;
-     Jbig2Segment *rsegment;
--    int n_dicts = 0;
-+    uint32_t n_dicts = 0;
- 
-     for (index = 0; index < segment->referred_to_segment_count; index++) {
-         rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]);
-@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
-     int index;
-     Jbig2Segment *rsegment;
-     Jbig2SymbolDict **dicts;
--    int n_dicts = jbig2_sd_count_referred(ctx, segment);
--    int dindex = 0;
-+    uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
-+    uint32_t dindex = 0;
- 
-     dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts);
-     if (dicts == NULL) {
-@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
- /* generate a new symbol dictionary by concatenating a list of
-    existing dictionaries */
- Jbig2SymbolDict *
--jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
-+jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts)
- {
--    int i, j, k, symbols;
--    Jbig2SymbolDict *new = NULL;
-+    uint32_t i, j, k, symbols;
-+    Jbig2SymbolDict *new_dict = NULL;
- 
-     /* count the imported symbols and allocate a new array */
-     symbols = 0;
-@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
-         symbols += dicts[i]->n_symbols;
- 
-     /* fill a new array with cloned glyph pointers */
--    new = jbig2_sd_new(ctx, symbols);
--    if (new != NULL) {
-+    new_dict = jbig2_sd_new(ctx, symbols);
-+    if (new_dict != NULL) {
-         k = 0;
-         for (i = 0; i < n_dicts; i++)
-             for (j = 0; j < dicts[i]->n_symbols; j++)
--                new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
-+                new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
-     } else {
-         jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary");
-     }
- 
--    return new;
-+    return new_dict;
- }
- 
- /* Decoding routines */
-@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
- 
-                     if (REFAGGNINST > 1) {
-                         Jbig2Image *image;
--                        int i;
-+                        uint32_t i;
- 
-                         if (tparams == NULL) {
-                             /* First time through, we need to initialise the */
-@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
-                         uint32_t ID;
-                         int32_t RDX, RDY;
-                         int BMSIZE = 0;
--                        int ninsyms = params->SDNUMINSYMS;
-+                        uint32_t ninsyms = params->SDNUMINSYMS;
-                         int code1 = 0;
-                         int code2 = 0;
-                         int code3 = 0;
-@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
-         if (params->SDHUFF && !params->SDREFAGG) {
-             /* 6.5.9 */
-             Jbig2Image *image;
--            int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
--            int j, x;
-+            uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
-+            uint32_t j;
-+            int x;
- 
-             if (code || (BMSIZE < 0)) {
-                 jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
-@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
-         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary");
-         goto cleanup4;
-     } else {
--        int i = 0;
--        int j = 0;
--        int k;
-+        uint32_t i = 0;
-+        uint32_t j = 0;
-+        uint32_t k;
-         int exflag = 0;
--        int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
--        int32_t exrunlength;
-+        uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
-+        uint32_t exrunlength;
-         int zerolength = 0;
- 
-         while (i < limit) {
-             if (params->SDHUFF)
-                 exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code);
-             else
--                code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
-+                code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
-             /* prevent infinite loop */
-             zerolength = exrunlength > 0 ? 0 : zerolength + 1;
--            if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) {
-+            if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
-                 if (code)
-                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
-                 else if (exrunlength <= 0)
-@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
- {
-     Jbig2SymbolDictParams params;
-     uint16_t flags;
--    int sdat_bytes;
--    int offset;
-+    uint32_t sdat_bytes;
-+    uint32_t offset;
-     Jbig2ArithCx *GB_stats = NULL;
-     Jbig2ArithCx *GR_stats = NULL;
-     int table_index = 0;
-@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
- 
-     /* 7.4.2.2 (2) */
-     {
--        int n_dicts = jbig2_sd_count_referred(ctx, segment);
-+        uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
-         Jbig2SymbolDict **dicts = NULL;
- 
-         if (n_dicts > 0) {
-diff --git a/jbig2_symbol_dict.h b/jbig2_symbol_dict.h
-index d56d62d..30211d4 100644
---- a/jbig2_symbol_dict.h
-+++ b/jbig2_symbol_dict.h
-@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se
- Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id);
- 
- /* return a new empty symbol dict */
--Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols);
-+Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols);
- 
- /* release the memory associated with a symbol dict */
- void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict);
- 
- /* generate a new symbol dictionary by concatenating a list of
-    existing dictionaries */
--Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts);
-+Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts);
- 
- /* count the number of dictionary segments referred
-    to by the given segment */
--int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
-+uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
- 
- /* return an array of pointers to symbol dictionaries referred
-    to by a segment */
-diff --git a/jbig2_text.c b/jbig2_text.c
-index 5c99640..e77460f 100644
---- a/jbig2_text.c
-+++ b/jbig2_text.c
-@@ -55,7 +55,7 @@
- int
- jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
-                          const Jbig2TextRegionParams *params,
--                         const Jbig2SymbolDict *const *dicts, const int n_dicts,
-+                         const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
-                          Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws)
- {
-     /* relevent bits of 6.4.4 */
-@@ -476,19 +476,19 @@ cleanup2:
- int
- jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data)
- {
--    int offset = 0;
-+    uint32_t offset = 0;
-     Jbig2RegionSegmentInfo region_info;
-     Jbig2TextRegionParams params;
-     Jbig2Image *image = NULL;
-     Jbig2SymbolDict **dicts = NULL;
--    int n_dicts = 0;
-+    uint32_t n_dicts = 0;
-     uint16_t flags = 0;
-     uint16_t huffman_flags = 0;
-     Jbig2ArithCx *GR_stats = NULL;
-     int code = 0;
-     Jbig2WordStream *ws = NULL;
-     Jbig2ArithState *as = NULL;
--    int table_index = 0;
-+    uint32_t table_index = 0;
-     const Jbig2HuffmanParams *huffman_params = NULL;
- 
-     /* 7.4.1 */
-@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
-         code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?");
-         goto cleanup1;
-     } else {
--        int index;
-+        uint32_t index;
- 
-         if (dicts[0] == NULL) {
-             code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!");
-@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
-     }
- 
-     if (!params.SBHUFF) {
--        int SBSYMCODELEN, index;
--        int SBNUMSYMS = 0;
-+        uint32_t SBSYMCODELEN, index;
-+        uint32_t SBNUMSYMS = 0;
- 
-         for (index = 0; index < n_dicts; index++) {
-             SBNUMSYMS += dicts[index]->n_symbols;
-@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
-         }
- 
-         /* Table 31 */
--        for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
-+        for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
-         }
-         params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN);
-         params.IARI = jbig2_arith_int_ctx_new(ctx);
-diff --git a/jbig2_text.h b/jbig2_text.h
-index aec2732..51d242e 100644
---- a/jbig2_text.h
-+++ b/jbig2_text.h
-@@ -70,5 +70,5 @@ typedef struct {
- int
- jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
-                          const Jbig2TextRegionParams *params,
--                         const Jbig2SymbolDict *const *dicts, const int n_dicts,
-+                         const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
-                          Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws);
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch
deleted file mode 100644
index a598392765..0000000000
--- a/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix CVE-2017-7885:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7885
-https://bugs.ghostscript.com/show_bug.cgi?id=697703
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=258290340bb657c9efb44457f717b0d8b49f4aa3
-
-From 258290340bb657c9efb44457f717b0d8b49f4aa3 Mon Sep 17 00:00:00 2001
-From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
-Date: Wed, 3 May 2017 22:06:01 +0100
-Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability.
-
-Add extra check for the offset being greater than the size
-of the image and hence reading off the end of the buffer.
-
-Thank you to Dai Ge for finding this issue and suggesting a patch.
----
- jbig2_symbol_dict.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
-index 4acaba9..36225cb 100644
---- a/jbig2_symbol_dict.c
-+++ b/jbig2_symbol_dict.c
-@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
-                 byte *dst = image->data;
- 
-                 /* SumatraPDF: prevent read access violation */
--                if (size - jbig2_huffman_offset(hs) < image->height * stride) {
-+                if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) {
-                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
-                                 size - jbig2_huffman_offset(hs));
-                     jbig2_image_release(ctx, image);
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch
deleted file mode 100644
index c83fe9d9f2..0000000000
--- a/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Fix CVE-2017-7975:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7975
-https://bugs.ghostscript.com/show_bug.cgi?id=697693
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=f8992b8fe65c170c8624226f127c5c4bfed42c66
-
-From f8992b8fe65c170c8624226f127c5c4bfed42c66 Mon Sep 17 00:00:00 2001
-From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
-Date: Wed, 26 Apr 2017 22:12:14 +0100
-Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
-
-While building a Huffman table, the start and end points were susceptible
-to integer overflow.
-
-Thank you to Jiaqi for finding this issue and suggesting a patch.
----
- jbig2_huffman.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/jbig2_huffman.c b/jbig2_huffman.c
-index 511e461..b4189a1 100644
---- a/jbig2_huffman.c
-+++ b/jbig2_huffman.c
-@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
- 
-             if (PREFLEN == CURLEN) {
-                 int RANGELEN = lines[CURTEMP].RANGELEN;
--                int start_j = CURCODE << shift;
--                int end_j = (CURCODE + 1) << shift;
-+                uint32_t start_j = CURCODE << shift;
-+                uint32_t end_j = (CURCODE + 1) << shift;
-                 byte eflags = 0;
- 
-                 if (end_j > max_j) {
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch
deleted file mode 100644
index 2fe02358b8..0000000000
--- a/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-Fix CVE-2017-7976:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7976
-https://bugs.ghostscript.com/show_bug.cgi?id=697683
-
-In order to make the bug-fix patch apply, we also include an earlier commit
-that it depends on.
-
-Patches copied from upstream source repository:
-
-Earlier commit, creating context for the CVE fix:
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544
-
-CVE-2017-7976 bug fix:
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=cfa054925de49675ac5445515ebf036fa9379ac6
-
-From 9d2c4f3bdb0bd003deae788e7187c0f86e624544 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Wed, 14 Dec 2016 15:56:31 +0100
-Subject: [PATCH] Fix warnings: remove unsigned < 0 tests that are always
- false.
-
----
- jbig2_image.c       | 2 +-
- jbig2_mmr.c         | 2 +-
- jbig2_symbol_dict.c | 9 ++-------
- 3 files changed, 4 insertions(+), 9 deletions(-)
-
-diff --git a/jbig2_image.c b/jbig2_image.c
-index 94e5a4c..00f966b 100644
---- a/jbig2_image.c
-+++ b/jbig2_image.c
-@@ -256,7 +256,7 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
-     /* general OR case */
-     s = ss;
-     d = dd = dst->data + y * dst->stride + leftbyte;
--    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
-+    if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
-         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
-     }
-     if (leftbyte == rightbyte) {
-diff --git a/jbig2_mmr.c b/jbig2_mmr.c
-index 390e27c..da54934 100644
---- a/jbig2_mmr.c
-+++ b/jbig2_mmr.c
-@@ -977,7 +977,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-             if (b1 < 2)
-                 break;
-             if (c) {
--                if (b1 - 2 < a0 || a0 < 0)
-+                if (a0 == MINUS1 || b1 - 2 < a0)
-                     return -1;
-                 jbig2_set_bits(dst, a0, b1 - 2);
-             }
-diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
-index 11a2252..4acaba9 100644
---- a/jbig2_symbol_dict.c
-+++ b/jbig2_symbol_dict.c
-@@ -92,11 +92,6 @@ jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
- {
-     Jbig2SymbolDict *new_dict = NULL;
- 
--    if (n_symbols < 0) {
--        jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
--        return NULL;
--    }
--
-     new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
-     if (new_dict != NULL) {
-         new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
-@@ -613,7 +608,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
-             uint32_t j;
-             int x;
- 
--            if (code || (BMSIZE < 0)) {
-+            if (code) {
-                 jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
-                 goto cleanup4;
-             }
-@@ -716,7 +711,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
-                 code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
-             /* prevent infinite loop */
-             zerolength = exrunlength > 0 ? 0 : zerolength + 1;
--            if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
-+            if (code || (exrunlength > limit - i) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
-                 if (code)
-                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
-                 else if (exrunlength <= 0)
--- 
-2.13.0
-
-From cfa054925de49675ac5445515ebf036fa9379ac6 Mon Sep 17 00:00:00 2001
-From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
-Date: Wed, 10 May 2017 17:50:39 +0100
-Subject: [PATCH] Bug 697683: Bounds check before reading from image source
- data.
-
-Add extra check to prevent reading off the end of the image source
-data buffer.
-
-Thank you to Dai Ge for finding this issue and suggesting a patch.
----
- jbig2_image.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/jbig2_image.c b/jbig2_image.c
-index 661d0a5..ae161b9 100644
---- a/jbig2_image.c
-+++ b/jbig2_image.c
-@@ -263,7 +263,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
-     /* general OR case */
-     s = ss;
-     d = dd = dst->data + y * dst->stride + leftbyte;
--    if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
-+    if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
-+        s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
-         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
-     }
-     if (leftbyte == rightbyte) {
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/jbig2dec-ignore-testtest.patch b/gnu/packages/patches/jbig2dec-ignore-testtest.patch
index 1efde8628c..7c80c545e9 100644
--- a/gnu/packages/patches/jbig2dec-ignore-testtest.patch
+++ b/gnu/packages/patches/jbig2dec-ignore-testtest.patch
@@ -1,8 +1,8 @@
-Do not run the "testtest script", it doesn't seem to do anything and reports
-failiute. TODO: Actually fix the test instead of ignoring it.
+Do not run the test 'test_jbig2dec.py'. It doesn't seem to do anything
+and reports failure. TODO: Actually fix the test instead of ignoring it.
 
 diff --git a/Makefile.in b/Makefile.in
-index 0573592..1a5de77 100644
+index 63982d4..8af1d61 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -93,7 +93,7 @@ host_triplet = @host@