diff --git a/.djvulibre.metadata b/.djvulibre.metadata index 98a1c27..7e94092 100644 --- a/.djvulibre.metadata +++ b/.djvulibre.metadata @@ -1 +1 @@ -99c4f2c621c063bf8c8a1626030539fe5a8675f9 SOURCES/djvulibre-3.5.27.tar.gz +e74c23e5480535898a6549aec11e5cfa1228e1ea SOURCES/djvulibre-3.5.28.tar.gz diff --git a/SOURCES/0001-Check-for-zero-width-and-height.patch b/SOURCES/0001-Check-for-zero-width-and-height.patch new file mode 100644 index 0000000..f6800ca --- /dev/null +++ b/SOURCES/0001-Check-for-zero-width-and-height.patch @@ -0,0 +1,35 @@ +From 3e7facdbcdab27143327b216cddb42a6dd1a50a7 Mon Sep 17 00:00:00 2001 +From: Petr Gajdos +Date: Mon, 6 May 2024 11:26:12 +0200 +Subject: [PATCH] Check for zero width and height + +Also check for positive number of gray levels. + +The patch was created by Petr Gajdos for +https://sourceforge.net/p/djvu/bugs/345/ and pushed +by Marek Kasik to Fedora/EPEL repositories. +--- + libdjvu/IW44EncodeCodec.cpp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp +index f81eaeb..7a402f7 100644 +--- a/libdjvu/IW44EncodeCodec.cpp ++++ b/libdjvu/IW44EncodeCodec.cpp +@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm, const GP gmask) + int h = bm.rows(); + int g = bm.get_grays()-1; + signed char *buffer; +- GPBuffer gbuffer(buffer,w*h); ++ size_t sz = w * h; ++ if (sz == 0 || g <= 0) // w or h is zero or g is not positive ++ G_THROW("IWBitmap: zero size image (corrupted file?)"); ++ if (sz / (size_t)w != (size_t)h) // multiplication overflow ++ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)"); ++ GPBuffer gbuffer(buffer,sz); + // Prepare gray level conversion table + signed char bconv[256]; + for (i=0; i<256; i++) +-- +2.44.0 + diff --git a/SOURCES/djvulibre-3.5.27-check-image-size.patch b/SOURCES/djvulibre-3.5.27-check-image-size.patch new file mode 100644 index 0000000..8730c25 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-check-image-size.patch @@ -0,0 +1,18 @@ +diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp +index e8d4b44..aa3d554 100644 +--- a/libdjvu/IW44Image.cpp ++++ b/libdjvu/IW44Image.cpp +@@ -678,9 +678,13 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast) + // Allocate reconstruction buffer + short *data16; + size_t sz = bw * bh; ++ if (sz == 0) ++ G_THROW("IW44Image: zero size image (corrupted file?)"); + if (sz / (size_t)bw != (size_t)bh) // multiplication overflow + G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); + GPBuffer gdata16(data16,sz); ++ if (data16 == NULL) ++ G_THROW("IW44Image: unable to allocate image data"); + // Copy coefficients + int i; + short *p = data16; diff --git a/SOURCES/djvulibre-3.5.27-check-input-pool.patch b/SOURCES/djvulibre-3.5.27-check-input-pool.patch new file mode 100644 index 0000000..26e08e9 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-check-input-pool.patch @@ -0,0 +1,13 @@ +diff --git a/libdjvu/DataPool.cpp b/libdjvu/DataPool.cpp +index 5fcbedf..4c2eaf0 100644 +--- a/libdjvu/DataPool.cpp ++++ b/libdjvu/DataPool.cpp +@@ -791,6 +791,8 @@ DataPool::create(const GP & pool, int start, int length) + DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n"); + DEBUG_MAKE_INDENT(3); + ++ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") ); ++ + DataPool *xpool=new DataPool(); + GP retval=xpool; + xpool->init(); diff --git a/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch b/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch new file mode 100644 index 0000000..e7bc643 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch @@ -0,0 +1,36 @@ +diff --git a/libdjvu/DjVuPort.cpp b/libdjvu/DjVuPort.cpp +index 2b3e0d2..ede7f6b 100644 +--- a/libdjvu/DjVuPort.cpp ++++ b/libdjvu/DjVuPort.cpp +@@ -507,10 +507,19 @@ GP + DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id) + { + GPList list; ++ ++ if (!!opening_id && opening_id == id) ++ G_THROW("DjVuPortcaster: recursive opening of the same file (corrupted file?)"); ++ else ++ opening_id = id; ++ + compute_closure(source, list, true); + GP file; + for(GPosition pos=list;pos;++pos) + if ((file=list[pos]->id_to_file(source, id))) break; ++ ++ opening_id = GUTF8String(); ++ + return file; + } + +diff --git a/libdjvu/DjVuPort.h b/libdjvu/DjVuPort.h +index e2b3125..313dc2b 100644 +--- a/libdjvu/DjVuPort.h ++++ b/libdjvu/DjVuPort.h +@@ -484,6 +484,7 @@ private: + const DjVuPort *dst, int distance); + void compute_closure(const DjVuPort *src, GPList &list, + bool sorted=false); ++ GUTF8String opening_id; + }; + + diff --git a/SOURCES/djvulibre-3.5.27-export-file.patch b/SOURCES/djvulibre-3.5.27-export-file.patch new file mode 100644 index 0000000..02a1c44 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-export-file.patch @@ -0,0 +1,28 @@ +--- djvulibre-3.5.27/desktopfiles/Makefile.am ++++ djvulibre-3.5.27/desktopfiles/Makefile.am +@@ -32,10 +32,9 @@ if HAVE_CONVERSION_INKSCAPE + convert_icons_process = \ + s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ + ${INKSCAPE} \ +---without-gui \ + --export-width=$${s} \ + --export-height=$${s} \ +---export-png=$@ $< ++--export-filename=$@ $< + endif + + if HAVE_CONVERSION_CONVERT +--- djvulibre-3.5.27/desktopfiles/Makefile.in ++++ djvulibre-3.5.27/desktopfiles/Makefile.in +@@ -306,10 +306,9 @@ PNGICONS = \ + @HAVE_CONVERSION_INKSCAPE_TRUE@convert_icons_process = \ + @HAVE_CONVERSION_INKSCAPE_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ + @HAVE_CONVERSION_INKSCAPE_TRUE@${INKSCAPE} \ +-@HAVE_CONVERSION_INKSCAPE_TRUE@--without-gui \ + @HAVE_CONVERSION_INKSCAPE_TRUE@--export-width=$${s} \ + @HAVE_CONVERSION_INKSCAPE_TRUE@--export-height=$${s} \ +-@HAVE_CONVERSION_INKSCAPE_TRUE@--export-png=$@ $< ++@HAVE_CONVERSION_INKSCAPE_TRUE@--export-filename=$@ $< + + @HAVE_CONVERSION_RSVG_TRUE@convert_icons_process = \ + @HAVE_CONVERSION_RSVG_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ diff --git a/SOURCES/djvulibre-3.5.27-integer-overflow.patch b/SOURCES/djvulibre-3.5.27-integer-overflow.patch new file mode 100644 index 0000000..279a038 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-integer-overflow.patch @@ -0,0 +1,23 @@ +diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp +index 7109952..b41f7d2 100644 +--- a/tools/ddjvu.cpp ++++ b/tools/ddjvu.cpp +@@ -70,6 +70,7 @@ + #include + #include + #include ++#include + + #ifdef UNIX + # include +@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno) + rowsize = rrect.w; + else + rowsize = rrect.w * 3; +- if (! (image = (char*)malloc(rowsize * rrect.h))) ++ if ((size_t)rowsize > SIZE_MAX / rrect.h) ++ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno); ++ if (! (image = (char*)malloc((size_t)rowsize * rrect.h))) + die(i18n("Cannot allocate image buffer for page %d"), pageno); + + /* Render */ diff --git a/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch b/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch new file mode 100644 index 0000000..f2fae47 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch @@ -0,0 +1,14 @@ +diff --git a/libdjvu/DjVuText.cpp b/libdjvu/DjVuText.cpp +index 60a4f39..b11df7b 100644 +--- a/libdjvu/DjVuText.cpp ++++ b/libdjvu/DjVuText.cpp +@@ -345,7 +345,8 @@ DjVuTXT::decode(const GP &gbs) + int textsize = bs.read24(); + char *buffer = textUTF8.getbuf(textsize); + int readsize = bs.read(buffer,textsize); +- buffer[readsize] = 0; ++ if (buffer) ++ buffer[readsize] = 0; + if (readsize < textsize) + G_THROW( ERR_MSG("DjVuText.corrupt_chunk") ); + // Try reading zones diff --git a/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch b/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch new file mode 100644 index 0000000..c7a6f3a --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch @@ -0,0 +1,21 @@ +diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp +index c2fdbe4..e271a1d 100644 +--- a/libdjvu/GBitmap.cpp ++++ b/libdjvu/GBitmap.cpp +@@ -69,6 +69,7 @@ + #include + #include + #include ++#include + + // - Author: Leon Bottou, 05/1997 + +@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs) + // initialize pixel array + if (nrows==0 || ncolumns==0) + G_THROW( ERR_MSG("GBitmap.not_init") ); ++ if (ncolumns > USHRT_MAX - border) ++ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)"); + bytes_per_row = ncolumns + border; + if (runs==0) + G_THROW( ERR_MSG("GBitmap.null_arg") ); diff --git a/SPECS/djvulibre.spec b/SPECS/djvulibre.spec index ff22834..3a90267 100644 --- a/SPECS/djvulibre.spec +++ b/SPECS/djvulibre.spec @@ -1,26 +1,42 @@ %define _hardened_build 1 +%if 0%{?el10} +%bcond_with inkscape +%else +%bcond_without inkscape +%endif + Summary: DjVu viewers, encoders, and utilities Name: djvulibre -Version: 3.5.27 -Release: 10%{?dist} -License: GPLv2+ -Group: Applications/Publishing +Version: 3.5.28 +Release: 13%{?dist} +# Automatically converted from old format: GPLv2+ - review is highly recommended. +License: GPL-2.0-or-later URL: http://djvu.sourceforge.net/ Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz Patch0: djvulibre-3.5.22-cdefs.patch #Patch1: djvulibre-3.5.25.3-cflags.patch +Patch6: djvulibre-3.5.27-export-file.patch +Patch8: djvulibre-3.5.27-check-image-size.patch +Patch9: djvulibre-3.5.27-integer-overflow.patch +Patch10: djvulibre-3.5.27-check-input-pool.patch +Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch +Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch +Patch14: djvulibre-3.5.27-out-of-bound-write-2.patch +Patch15: 0001-Check-for-zero-width-and-height.patch Requires(post): xdg-utils Requires(preun): xdg-utils -%if (0%{?fedora} > 15 || 0%{?rhel} > 6) -BuildRequires: libjpeg-turbo-devel -%else -BuildRequires: libjpeg-devel +BuildRequires: chrpath +BuildRequires: gcc-c++ +BuildRequires: hicolor-icon-theme +%if %{with inkscape} +BuildRequires: inkscape %endif +BuildRequires: libjpeg-turbo-devel BuildRequires: libtiff-devel -BuildRequires: xdg-utils chrpath -BuildRequires: hicolor-icon-theme +BuildRequires: make +BuildRequires: xdg-utils Provides: %{name}-mozplugin = %{version} Obsoletes: %{name}-mozplugin < 3.5.24 @@ -41,7 +57,6 @@ separate sub-package. %package libs Summary: Library files for DjVuLibre -Group: System Environment/Libraries %description libs Library files for DjVuLibre. @@ -49,7 +64,6 @@ Library files for DjVuLibre. %package devel Summary: Development files for DjVuLibre -Group: Development/Libraries Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig @@ -58,21 +72,30 @@ Development files for DjVuLibre. %prep -%setup -q -%patch0 -p1 -b .cdefs +%setup -q +%patch -P0 -p1 -b .cdefs #%patch1 -p1 -b .cflags +%patch -P6 -p1 -b .export-file +%patch -P8 -p1 -b .check-image-size +%patch -P9 -p1 -b .integer-overflow +%patch -P10 -p1 -b .check-input-pool +%patch -P11 -p1 -b .djvuport-stack-overflow +%patch -P12 -p1 -b .unsigned-short-overflow +%patch -P14 -p1 -b .out-of-bound-write-2 +%patch -P15 -p1 -b .zero-size-image + -%build +%build %configure --with-qt=%{_libdir}/qt-3.3 --enable-threads # Disable rpath on 64bit - NOT! It makes the build fail (still as of 3.5.20-2) #sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool #sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -make %{?_smp_mflags} V=1 +%make_build %install -make install DESTDIR=%{buildroot} +%make_install # Fix for the libs to get stripped correctly (still required in 3.5.20-2) find %{buildroot}%{_libdir} -name '*.so*' | xargs %{__chmod} +x @@ -136,7 +159,6 @@ fi %files -%defattr(-,root,root,-) %{_bindir}/* %{_mandir}/man1/* %{_datadir}/djvu/ @@ -155,28 +177,148 @@ fi %files libs -%defattr(-,root,root,-) -%doc README COPYRIGHT COPYING NEWS -%{_libdir}/*.so.* +%license COPYING +%doc README COPYRIGHT NEWS +%{_libdir}/libdjvulibre.so.21* %files devel -%defattr(-,root,root,-) -%doc doc/*.* +%doc doc/ %{_includedir}/libdjvu/ %{_libdir}/pkgconfig/ddjvuapi.pc -%exclude %{_libdir}/*.la -%{_libdir}/*.so +%{_libdir}/libdjvulibre.so %changelog -* Tue Aug 7 2018 Marek Kasik - 3.5.27-10 +* Mon Oct 07 2024 Marek Kasik - 3.5.28-13 +- Initial EPEL 10 release +- Resolves: #2311539 + +* Fri Oct 04 2024 Xavier Bachelot - 3.5.28-12 +- Do not BuildRequires: inkscape on EL10 +- Sort BuildRequires: +- Use %%make_build, %%make_install and %%license macros +- Improve %%files section + +* Thu Jul 25 2024 Miroslav Suchý - 3.5.28-11 +- convert license to SPDX + +* Wed Jul 17 2024 Fedora Release Engineering - 3.5.28-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Tue May 07 2024 Marek Kasik - 3.5.28-9 +- Check for zero-size image when allocating GBuffer +- Resolves: #2234738 + +* Tue May 07 2024 Marek Kasik - 3.5.28-8 +- Improve image size fix +- Resolves: #2234741 + +* Wed Jan 24 2024 Fedora Release Engineering - 3.5.28-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 3.5.28-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 3.5.28-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 3.5.28-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 3.5.28-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 3.5.28-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jan 19 2022 Marek Kasik - 3.5.28-1 +- Rebase to 3.5.28 + +* Wed Jul 21 2021 Fedora Release Engineering - 3.5.27-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jul 02 2021 Marek Kasik - 3.5.27-30 - Improve previous commit -- Resolves: #1609976 +- Resolves: #1977428 + +* Fri Jul 02 2021 Marek Kasik - 3.5.27-29 +- Fix out-of-bounds write in djvutext +- Resolves: #1977428 + +* Mon May 03 2021 Marek Kasik - 3.5.27-28 +- Avoid unsigned short overflow in GBitmap when allocating row buffer +- Resolves: #1943424 + +* Mon May 03 2021 Marek Kasik - 3.5.27-27 +- Avoid stack overflow in DjVuPort by remembering which file we are opening +- Resolves: #1943411, #1943685 + +* Mon May 03 2021 Marek Kasik - 3.5.27-26 +- Check input pool for NULL +- Resolves: #1943410 + +* Mon May 03 2021 Marek Kasik - 3.5.27-25 +- Avoid integer overflow when allocating bitmap +- Resolves: #1943409 + +* Mon May 03 2021 Marek Kasik - 3.5.27-24 +- Check image size for 0 +- Resolves: #1943408 + +* Tue Jan 26 2021 Fedora Release Engineering - 3.5.27-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Aug 04 2020 Marek Kasik - 3.5.27-22 +- Fix exporting of djvu icons with Inkscape +- Resolves: #1863428 + +* Sat Aug 01 2020 Fedora Release Engineering - 3.5.27-21 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 3.5.27-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 3.5.27-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Nov 22 2019 Marek Kasik - 3.5.27-18 +- Fix a NULL pointer dereference in DJVU::filter_fv() +- Resolves: #1771267 + +* Fri Nov 8 2019 Marek Kasik - 3.5.27-17 +- Use Inkscape's "--export-file" option replacing "--export-png" +- Related: #1767921 + +* Thu Nov 7 2019 Marek Kasik - 3.5.27-16 +- Fix a crash due to missing zero-bytes check +- Resolves: #1767921 + +* Thu Nov 7 2019 Marek Kasik - 3.5.27-15 +- Fix a stack overflow +- Resolves: #1767868 + +* Wed Nov 6 2019 Marek Kasik - 3.5.27-14 +- Break an infinite loop +- Resolves: #1767857 + +* Wed Nov 6 2019 Marek Kasik - 3.5.27-13 +- Fix a buffer overflow +- Resolves: #1767842 + +* Wed Jul 24 2019 Fedora Release Engineering - 3.5.27-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 3.5.27-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jul 23 2018 Marek Kasik - 3.5.27-10 +- Add BuildRequires of gcc-c++ +- Resolves: #1603796 -* Tue Aug 7 2018 Marek Kasik - 3.5.27-9 -- Build without inkscape -- Resolves: #1609976 +* Thu Jul 12 2018 Fedora Release Engineering - 3.5.27-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 14 2018 Marek Kasik - 3.5.27-8 - Remove XML file defining DjVu MIME type because it does not differentiate