diff --git a/.djvulibre.metadata b/.djvulibre.metadata index 98a1c27..959e811 100644 --- a/.djvulibre.metadata +++ b/.djvulibre.metadata @@ -1 +1 @@ -99c4f2c621c063bf8c8a1626030539fe5a8675f9 SOURCES/djvulibre-3.5.27.tar.gz +99c4f2c621c063bf8c8a1626030539fe5a8675f9 SOURCES/djvulibre-3.5.27.tar.gz diff --git a/SOURCES/djvulibre-3.5.25.3-cflags.patch b/SOURCES/djvulibre-3.5.25.3-cflags.patch new file mode 100644 index 0000000..e2b7c5f --- /dev/null +++ b/SOURCES/djvulibre-3.5.25.3-cflags.patch @@ -0,0 +1,51 @@ +diff -up djvulibre-3.5.25/configure~ djvulibre-3.5.25/configure +--- djvulibre-3.5.25/configure~ 2012-05-08 05:56:53.000000000 +0300 ++++ djvulibre-3.5.25/configure 2012-10-10 00:01:36.000000000 +0300 +@@ -14733,6 +14733,7 @@ fi + + OPTS= + ++if false; then + saved_CXXFLAGS="$CXXFLAGS" + saved_CFLAGS="$CFLAGS" + CXXFLAGS= +@@ -14750,6 +14751,7 @@ fi + *) CFLAGS="$CFLAGS $opt" ;; + esac + done ++fi + if test x$ac_debug = xno ; then + OPTS=-DNDEBUG + +@@ -14770,6 +14772,7 @@ $as_echo "no" >&6; } + fi + + ++if false; then + opt="-O3" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CXX accepts $opt" >&5 + $as_echo_n "checking if $CXX accepts $opt... " >&6; } +@@ -14801,6 +14804,7 @@ $as_echo "no" >&6; } + fi + + fi ++fi + + + opt="-Wno-non-virtual-dtor" +@@ -14819,6 +14823,7 @@ $as_echo "no" >&6; } + + fi + ++if false; then + cpu=`uname -m 2>/dev/null` + test -z "$cpu" && cpu=${host_cpu} + case "${host_cpu}" in +@@ -14860,6 +14865,7 @@ $as_echo "no" >&6; } + + ;; + esac ++fi + else + + opt="-Wall" diff --git a/SOURCES/djvulibre-3.5.27-buffer-overflow.patch b/SOURCES/djvulibre-3.5.27-buffer-overflow.patch new file mode 100644 index 0000000..d8fe28d --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-buffer-overflow.patch @@ -0,0 +1,21 @@ +--- djvulibre-3.5.27/libdjvu/DjVmDir.cpp ++++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp +@@ -300,6 +300,9 @@ DjVmDir::decode(const GP &gs + memcpy((char*) strings+strings_size, buffer, length); + } + DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n"); ++ int strings_size=strings.size(); ++ strings.resize(strings_size+3); ++ memset((char*) strings+strings_size, 0, 4); + + // Copy names into the files + const char * ptr=strings; +@@ -307,6 +310,8 @@ DjVmDir::decode(const GP &gs + { + GP file=files_list[pos]; + ++ if (ptr >= (const char*)strings + strings_size) ++ G_THROW( "DjVu document is corrupted (DjVmDir)" ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) diff --git a/SOURCES/djvulibre-3.5.27-check-image-size.patch b/SOURCES/djvulibre-3.5.27-check-image-size.patch new file mode 100644 index 0000000..9d0d5b8 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-check-image-size.patch @@ -0,0 +1,16 @@ +diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp +index e8d4b44..aa3d554 100644 +--- a/libdjvu/IW44Image.cpp ++++ b/libdjvu/IW44Image.cpp +@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast) + size_t sz = bw * bh; + if (sz / (size_t)bw != (size_t)bh) // multiplication overflow + G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); ++ if (sz == 0) ++ G_THROW("IW44Image: zero size image (corrupted file?)"); + GPBuffer gdata16(data16,sz); ++ if (data16 == NULL) ++ G_THROW("IW44Image: unable to allocate image data"); + // Copy coefficients + int i; + short *p = data16; diff --git a/SOURCES/djvulibre-3.5.27-check-input-pool.patch b/SOURCES/djvulibre-3.5.27-check-input-pool.patch new file mode 100644 index 0000000..26e08e9 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-check-input-pool.patch @@ -0,0 +1,13 @@ +diff --git a/libdjvu/DataPool.cpp b/libdjvu/DataPool.cpp +index 5fcbedf..4c2eaf0 100644 +--- a/libdjvu/DataPool.cpp ++++ b/libdjvu/DataPool.cpp +@@ -791,6 +791,8 @@ DataPool::create(const GP & pool, int start, int length) + DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n"); + DEBUG_MAKE_INDENT(3); + ++ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") ); ++ + DataPool *xpool=new DataPool(); + GP retval=xpool; + xpool->init(); diff --git a/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch b/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch new file mode 100644 index 0000000..e7bc643 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch @@ -0,0 +1,36 @@ +diff --git a/libdjvu/DjVuPort.cpp b/libdjvu/DjVuPort.cpp +index 2b3e0d2..ede7f6b 100644 +--- a/libdjvu/DjVuPort.cpp ++++ b/libdjvu/DjVuPort.cpp +@@ -507,10 +507,19 @@ GP + DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id) + { + GPList list; ++ ++ if (!!opening_id && opening_id == id) ++ G_THROW("DjVuPortcaster: recursive opening of the same file (corrupted file?)"); ++ else ++ opening_id = id; ++ + compute_closure(source, list, true); + GP file; + for(GPosition pos=list;pos;++pos) + if ((file=list[pos]->id_to_file(source, id))) break; ++ ++ opening_id = GUTF8String(); ++ + return file; + } + +diff --git a/libdjvu/DjVuPort.h b/libdjvu/DjVuPort.h +index e2b3125..313dc2b 100644 +--- a/libdjvu/DjVuPort.h ++++ b/libdjvu/DjVuPort.h +@@ -484,6 +484,7 @@ private: + const DjVuPort *dst, int distance); + void compute_closure(const DjVuPort *src, GPList &list, + bool sorted=false); ++ GUTF8String opening_id; + }; + + diff --git a/SOURCES/djvulibre-3.5.27-export-file.patch b/SOURCES/djvulibre-3.5.27-export-file.patch new file mode 100644 index 0000000..02a1c44 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-export-file.patch @@ -0,0 +1,28 @@ +--- djvulibre-3.5.27/desktopfiles/Makefile.am ++++ djvulibre-3.5.27/desktopfiles/Makefile.am +@@ -32,10 +32,9 @@ if HAVE_CONVERSION_INKSCAPE + convert_icons_process = \ + s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ + ${INKSCAPE} \ +---without-gui \ + --export-width=$${s} \ + --export-height=$${s} \ +---export-png=$@ $< ++--export-filename=$@ $< + endif + + if HAVE_CONVERSION_CONVERT +--- djvulibre-3.5.27/desktopfiles/Makefile.in ++++ djvulibre-3.5.27/desktopfiles/Makefile.in +@@ -306,10 +306,9 @@ PNGICONS = \ + @HAVE_CONVERSION_INKSCAPE_TRUE@convert_icons_process = \ + @HAVE_CONVERSION_INKSCAPE_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ + @HAVE_CONVERSION_INKSCAPE_TRUE@${INKSCAPE} \ +-@HAVE_CONVERSION_INKSCAPE_TRUE@--without-gui \ + @HAVE_CONVERSION_INKSCAPE_TRUE@--export-width=$${s} \ + @HAVE_CONVERSION_INKSCAPE_TRUE@--export-height=$${s} \ +-@HAVE_CONVERSION_INKSCAPE_TRUE@--export-png=$@ $< ++@HAVE_CONVERSION_INKSCAPE_TRUE@--export-filename=$@ $< + + @HAVE_CONVERSION_RSVG_TRUE@convert_icons_process = \ + @HAVE_CONVERSION_RSVG_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ diff --git a/SOURCES/djvulibre-3.5.27-infinite-loop.patch b/SOURCES/djvulibre-3.5.27-infinite-loop.patch new file mode 100644 index 0000000..015dd8f --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-infinite-loop.patch @@ -0,0 +1,46 @@ +From b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Tue, 26 Mar 2019 20:45:46 -0400 +Subject: [PATCH] fix for bug #297 + +--- + libdjvu/DjVmDir.cpp | 2 +- + libdjvu/GBitmap.cpp | 6 ++++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp +index 0a0fac6..5a49015 100644 +--- a/libdjvu/DjVmDir.cpp ++++ b/libdjvu/DjVmDir.cpp +@@ -309,7 +309,7 @@ DjVmDir::decode(const GP &gstr) + GP file=files_list[pos]; + + if (ptr >= (const char*)strings + strings_size) +- G_THROW( "DjVu document is corrupted (DjVmDir)" ); ++ G_THROW( ByteStream::EndOfFile ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) +diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp +index 0e487f0..c2fdbe4 100644 +--- a/libdjvu/GBitmap.cpp ++++ b/libdjvu/GBitmap.cpp +@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs) + int c = 0; + while (n >= 0) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + int x = h; + if (x >= (int)RUNOVERFLOWVALUE) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + x = h + ((x - (int)RUNOVERFLOWVALUE) << 8); + } + if (c+x > ncolumns) +-- +2.23.0 + diff --git a/SOURCES/djvulibre-3.5.27-integer-overflow.patch b/SOURCES/djvulibre-3.5.27-integer-overflow.patch new file mode 100644 index 0000000..279a038 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-integer-overflow.patch @@ -0,0 +1,23 @@ +diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp +index 7109952..b41f7d2 100644 +--- a/tools/ddjvu.cpp ++++ b/tools/ddjvu.cpp +@@ -70,6 +70,7 @@ + #include + #include + #include ++#include + + #ifdef UNIX + # include +@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno) + rowsize = rrect.w; + else + rowsize = rrect.w * 3; +- if (! (image = (char*)malloc(rowsize * rrect.h))) ++ if ((size_t)rowsize > SIZE_MAX / rrect.h) ++ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno); ++ if (! (image = (char*)malloc((size_t)rowsize * rrect.h))) + die(i18n("Cannot allocate image buffer for page %d"), pageno); + + /* Render */ diff --git a/SOURCES/djvulibre-3.5.27-null-dereference.patch b/SOURCES/djvulibre-3.5.27-null-dereference.patch new file mode 100644 index 0000000..5e80f32 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-null-dereference.patch @@ -0,0 +1,39 @@ +From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Thu, 17 Oct 2019 22:20:31 -0400 +Subject: [PATCH 1/2] Fixed bug 309 + +--- + libdjvu/IW44EncodeCodec.cpp | 2 +- + tools/ddjvu.cpp | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp +index 00752a0..f81eaeb 100644 +--- a/libdjvu/IW44EncodeCodec.cpp ++++ b/libdjvu/IW44EncodeCodec.cpp +@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale) + int y = 0; + int s = scale*rowsize; + int s3 = s+s+s; +- h = ((h-1)/scale)+1; ++ h = (h>0) ? ((h-1)/scale)+1 : 0; + y += 1; + p += s; + while (y-3 < h) +diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp +index 6d0df3b..7109952 100644 +--- a/tools/ddjvu.cpp ++++ b/tools/ddjvu.cpp +@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno) + prect.h = (ih * 100) / dpi; + } + /* Process aspect ratio */ +- if (flag_aspect <= 0) ++ if (flag_aspect <= 0 && iw>0 && ih>0) + { + double dw = (double)iw / prect.w; + double dh = (double)ih / prect.h; +-- +2.23.0 + diff --git a/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch b/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch new file mode 100644 index 0000000..f2fae47 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch @@ -0,0 +1,14 @@ +diff --git a/libdjvu/DjVuText.cpp b/libdjvu/DjVuText.cpp +index 60a4f39..b11df7b 100644 +--- a/libdjvu/DjVuText.cpp ++++ b/libdjvu/DjVuText.cpp +@@ -345,7 +345,8 @@ DjVuTXT::decode(const GP &gbs) + int textsize = bs.read24(); + char *buffer = textUTF8.getbuf(textsize); + int readsize = bs.read(buffer,textsize); +- buffer[readsize] = 0; ++ if (buffer) ++ buffer[readsize] = 0; + if (readsize < textsize) + G_THROW( ERR_MSG("DjVuText.corrupt_chunk") ); + // Try reading zones diff --git a/SOURCES/djvulibre-3.5.27-out-of-bound-write.patch b/SOURCES/djvulibre-3.5.27-out-of-bound-write.patch new file mode 100644 index 0000000..59071f0 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-out-of-bound-write.patch @@ -0,0 +1,31 @@ +From 7b0ef20690e08f1fe124aebbf42f6310e2f40f81 Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Thu, 27 Jun 2019 18:38:03 -0400 +Subject: [PATCH] Lizards! + +--- + libdjvu/GString.cpp | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libdjvu/GString.cpp b/libdjvu/GString.cpp +index bf98bfe..b17ed2a 100644 +--- a/libdjvu/GString.cpp ++++ b/libdjvu/GString.cpp +@@ -1216,11 +1216,11 @@ GP + GStringRep::getbuf(int n) const + { + GP retval; +- if(n< 0) ++ if(n < 0) + n=strlen(data); +- if(n>0) ++ if(n >= 0) + { +- retval=blank(n); ++ retval=blank((n>0) ? n : 1); + char *ndata=retval->data; + strncpy(ndata,data,n); + ndata[n]=0; +-- +2.31.1 + diff --git a/SOURCES/djvulibre-3.5.27-stack-overflow.patch b/SOURCES/djvulibre-3.5.27-stack-overflow.patch new file mode 100644 index 0000000..6798076 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-stack-overflow.patch @@ -0,0 +1,111 @@ +From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Mon, 8 Apr 2019 22:25:55 -0400 +Subject: bug 299 fixed + + +diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h +index 96b067c..0140211 100644 +--- a/libdjvu/GContainer.h ++++ b/libdjvu/GContainer.h +@@ -550,52 +550,61 @@ public: + template void + GArrayTemplate::sort(int lo, int hi) + { +- if (hi <= lo) +- return; +- if (hi > hibound || lo hibound || lo=lo) && !(data[j]<=tmp)) +- data[j+1] = data[j]; +- data[j+1] = tmp; ++ for (int i=lo+1; i<=hi; i++) ++ { ++ int j = i; ++ TYPE tmp = data[i]; ++ while ((--j>=lo) && !(data[j]<=tmp)) ++ data[j+1] = data[j]; ++ data[j+1] = tmp; ++ } ++ return; + } +- return; +- } +- // -- determine suitable quick-sort pivot +- TYPE tmp = data[lo]; +- TYPE pivot = data[(lo+hi)/2]; +- if (pivot <= tmp) +- { tmp = pivot; pivot=data[lo]; } +- if (data[hi] <= tmp) +- { pivot = tmp; } +- else if (data[hi] <= pivot) +- { pivot = data[hi]; } +- // -- partition set +- int h = hi; +- int l = lo; +- while (l < h) +- { +- while (! (pivot <= data[l])) l++; +- while (! (data[h] <= pivot)) h--; +- if (l < h) ++ // -- determine median-of-three pivot ++ TYPE tmp = data[lo]; ++ TYPE pivot = data[(lo+hi)/2]; ++ if (pivot <= tmp) ++ { tmp = pivot; pivot=data[lo]; } ++ if (data[hi] <= tmp) ++ { pivot = tmp; } ++ else if (data[hi] <= pivot) ++ { pivot = data[hi]; } ++ // -- partition set ++ int h = hi; ++ int l = lo; ++ while (l < h) + { +- tmp = data[l]; +- data[l] = data[h]; +- data[h] = tmp; +- l = l+1; +- h = h-1; ++ while (! (pivot <= data[l])) l++; ++ while (! (data[h] <= pivot)) h--; ++ if (l < h) ++ { ++ tmp = data[l]; ++ data[l] = data[h]; ++ data[h] = tmp; ++ l = l+1; ++ h = h-1; ++ } ++ } ++ // -- recurse, small partition first ++ // tail-recursion elimination ++ if (h - lo <= hi - l) { ++ sort(lo,h); ++ lo = l; // sort(l,hi) ++ } else { ++ sort(l,hi); ++ hi = h; // sort(lo,h) + } + } +- // -- recursively restart +- sort(lo, h); +- sort(l, hi); + } + + template inline TYPE& diff --git a/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch b/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch new file mode 100644 index 0000000..c7a6f3a --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch @@ -0,0 +1,21 @@ +diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp +index c2fdbe4..e271a1d 100644 +--- a/libdjvu/GBitmap.cpp ++++ b/libdjvu/GBitmap.cpp +@@ -69,6 +69,7 @@ + #include + #include + #include ++#include + + // - Author: Leon Bottou, 05/1997 + +@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs) + // initialize pixel array + if (nrows==0 || ncolumns==0) + G_THROW( ERR_MSG("GBitmap.not_init") ); ++ if (ncolumns > USHRT_MAX - border) ++ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)"); + bytes_per_row = ncolumns + border; + if (runs==0) + G_THROW( ERR_MSG("GBitmap.null_arg") ); diff --git a/SOURCES/djvulibre-3.5.27-zero-bytes-check.patch b/SOURCES/djvulibre-3.5.27-zero-bytes-check.patch new file mode 100644 index 0000000..958c3f8 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-zero-bytes-check.patch @@ -0,0 +1,28 @@ +From 9658b01431cd7ff6344d7787f855179e73fe81a7 Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Mon, 8 Apr 2019 22:55:38 -0400 +Subject: fix bug #298 + + +diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h +index e8e0c9b..ca89a19 100644 +--- a/libdjvu/GBitmap.h ++++ b/libdjvu/GBitmap.h +@@ -566,7 +566,7 @@ GBitmap::operator[](int row) + { + if (!bytes) + uncompress(); +- if (row<0 || row>=nrows) { ++ if (row<0 || row>=nrows || !bytes) { + #ifndef NDEBUG + if (zerosize < bytes_per_row + border) + G_THROW( ERR_MSG("GBitmap.zero_small") ); +@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const + { + if (!bytes) + ((GBitmap*)this)->uncompress(); +- if (row<0 || row>=nrows) { ++ if (row<0 || row>=nrows || !bytes) { + #ifndef NDEBUG + if (zerosize < bytes_per_row + border) + G_THROW( ERR_MSG("GBitmap.zero_small") ); diff --git a/SPECS/djvulibre.spec b/SPECS/djvulibre.spec index ff22834..91e5bad 100644 --- a/SPECS/djvulibre.spec +++ b/SPECS/djvulibre.spec @@ -3,17 +3,30 @@ Summary: DjVu viewers, encoders, and utilities Name: djvulibre Version: 3.5.27 -Release: 10%{?dist} +Release: 31%{?dist} License: GPLv2+ -Group: Applications/Publishing URL: http://djvu.sourceforge.net/ Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz Patch0: djvulibre-3.5.22-cdefs.patch #Patch1: djvulibre-3.5.25.3-cflags.patch +Patch2: djvulibre-3.5.27-buffer-overflow.patch +Patch3: djvulibre-3.5.27-infinite-loop.patch +Patch4: djvulibre-3.5.27-stack-overflow.patch +Patch5: djvulibre-3.5.27-zero-bytes-check.patch +Patch6: djvulibre-3.5.27-export-file.patch +Patch7: djvulibre-3.5.27-null-dereference.patch +Patch8: djvulibre-3.5.27-check-image-size.patch +Patch9: djvulibre-3.5.27-integer-overflow.patch +Patch10: djvulibre-3.5.27-check-input-pool.patch +Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch +Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch +Patch13: djvulibre-3.5.27-out-of-bound-write.patch +Patch14: djvulibre-3.5.27-out-of-bound-write-2.patch Requires(post): xdg-utils Requires(preun): xdg-utils %if (0%{?fedora} > 15 || 0%{?rhel} > 6) +BuildRequires: gcc BuildRequires: libjpeg-turbo-devel %else BuildRequires: libjpeg-devel @@ -21,6 +34,9 @@ BuildRequires: libjpeg-devel BuildRequires: libtiff-devel BuildRequires: xdg-utils chrpath BuildRequires: hicolor-icon-theme +BuildRequires: inkscape +BuildRequires: gcc-c++ +BuildRequires: make Provides: %{name}-mozplugin = %{version} Obsoletes: %{name}-mozplugin < 3.5.24 @@ -41,7 +57,6 @@ separate sub-package. %package libs Summary: Library files for DjVuLibre -Group: System Environment/Libraries %description libs Library files for DjVuLibre. @@ -49,7 +64,6 @@ Library files for DjVuLibre. %package devel Summary: Development files for DjVuLibre -Group: Development/Libraries Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig @@ -58,11 +72,25 @@ Development files for DjVuLibre. %prep -%setup -q +%setup -q %patch0 -p1 -b .cdefs #%patch1 -p1 -b .cflags - -%build +%patch2 -p1 -b .buffer-overflow +%patch3 -p1 -b .infinite-loop +%patch4 -p1 -b .stack-overflow +%patch5 -p1 -b .zero-bytes-check +%patch6 -p1 -b .export-file +%patch7 -p1 -b .null-dereference +%patch8 -p1 -b .check-image-size +%patch9 -p1 -b .integer-overflow +%patch10 -p1 -b .check-input-pool +%patch11 -p1 -b .djvuport-stack-overflow +%patch12 -p1 -b .unsigned-short-overflow +%patch13 -p1 -b .out-of-bound-write +%patch14 -p1 -b .out-of-bound-write-2 + + +%build %configure --with-qt=%{_libdir}/qt-3.3 --enable-threads # Disable rpath on 64bit - NOT! It makes the build fail (still as of 3.5.20-2) #sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool @@ -136,7 +164,6 @@ fi %files -%defattr(-,root,root,-) %{_bindir}/* %{_mandir}/man1/* %{_datadir}/djvu/ @@ -155,13 +182,11 @@ fi %files libs -%defattr(-,root,root,-) %doc README COPYRIGHT COPYING NEWS %{_libdir}/*.so.* %files devel -%defattr(-,root,root,-) %doc doc/*.* %{_includedir}/libdjvu/ %{_libdir}/pkgconfig/ddjvuapi.pc @@ -170,13 +195,90 @@ fi %changelog -* Tue Aug 7 2018 Marek Kasik - 3.5.27-10 +* Wed Jul 21 2021 Fedora Release Engineering - 3.5.27-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jul 02 2021 Marek Kasik - 3.5.27-30 - Improve previous commit -- Resolves: #1609976 +- Resolves: #1977428 + +* Fri Jul 02 2021 Marek Kasik - 3.5.27-29 +- Fix out-of-bounds write in djvutext +- Resolves: #1977428 + +* Mon May 03 2021 Marek Kasik - 3.5.27-28 +- Avoid unsigned short overflow in GBitmap when allocating row buffer +- Resolves: #1943424 + +* Mon May 03 2021 Marek Kasik - 3.5.27-27 +- Avoid stack overflow in DjVuPort by remembering which file we are opening +- Resolves: #1943411, #1943685 + +* Mon May 03 2021 Marek Kasik - 3.5.27-26 +- Check input pool for NULL +- Resolves: #1943410 + +* Mon May 03 2021 Marek Kasik - 3.5.27-25 +- Avoid integer overflow when allocating bitmap +- Resolves: #1943409 + +* Mon May 03 2021 Marek Kasik - 3.5.27-24 +- Check image size for 0 +- Resolves: #1943408 + +* Tue Jan 26 2021 Fedora Release Engineering - 3.5.27-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Aug 04 2020 Marek Kasik - 3.5.27-22 +- Fix exporting of djvu icons with Inkscape +- Resolves: #1863428 + +* Sat Aug 01 2020 Fedora Release Engineering - 3.5.27-21 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 3.5.27-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 3.5.27-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Nov 22 2019 Marek Kasik - 3.5.27-18 +- Fix a NULL pointer dereference in DJVU::filter_fv() +- Resolves: #1771267 + +* Fri Nov 8 2019 Marek Kasik - 3.5.27-17 +- Use Inkscape's "--export-file" option replacing "--export-png" +- Related: #1767921 + +* Thu Nov 7 2019 Marek Kasik - 3.5.27-16 +- Fix a crash due to missing zero-bytes check +- Resolves: #1767921 + +* Thu Nov 7 2019 Marek Kasik - 3.5.27-15 +- Fix a stack overflow +- Resolves: #1767868 + +* Wed Nov 6 2019 Marek Kasik - 3.5.27-14 +- Break an infinite loop +- Resolves: #1767857 + +* Wed Nov 6 2019 Marek Kasik - 3.5.27-13 +- Fix a buffer overflow +- Resolves: #1767842 + +* Wed Jul 24 2019 Fedora Release Engineering - 3.5.27-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 3.5.27-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jul 23 2018 Marek Kasik - 3.5.27-10 +- Add BuildRequires of gcc-c++ +- Resolves: #1603796 -* Tue Aug 7 2018 Marek Kasik - 3.5.27-9 -- Build without inkscape -- Resolves: #1609976 +* Thu Jul 12 2018 Fedora Release Engineering - 3.5.27-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 14 2018 Marek Kasik - 3.5.27-8 - Remove XML file defining DjVu MIME type because it does not differentiate