rpms
/
djvulibre
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rebase to 3.5.28

Browse Source
epel9
Marek Kasik 3 years ago
parent 5c66b52fb6
commit 06c4620a03
9 changed files with 7 additions and 291 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -3,3 +3,4 @@ djvulibre-3.5.22.tar.gz
/djvulibre-3.5.25.3.tar.gz
/djvulibre-3.5.27.tar.gz
/djvulibre-3.5.28.tar.gz

21
djvulibre-3.5.27-buffer-overflow.patch
Unescape View File

@ -1,21 +0,0 @@
--- djvulibre-3.5.27/libdjvu/DjVmDir.cpp
+++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp
@@ -300,6 +300,9 @@ DjVmDir::decode(const GP<ByteStream> &gs
memcpy((char*) strings+strings_size, buffer, length);
}
DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
+ int strings_size=strings.size();
+ strings.resize(strings_size+3);
+ memset((char*) strings+strings_size, 0, 4);
// Copy names into the files
const char * ptr=strings;
@@ -307,6 +310,8 @@ DjVmDir::decode(const GP<ByteStream> &gs
{
GP<File> file=files_list[pos];
+ if (ptr >= (const char*)strings + strings_size)
+ G_THROW( "DjVu document is corrupted (DjVmDir)" );
file->id=ptr;
ptr+=file->id.length()+1;
if (file->flags & File::HAS_NAME)

46
djvulibre-3.5.27-infinite-loop.patch
Unescape View File

@ -1,46 +0,0 @@
From b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Tue, 26 Mar 2019 20:45:46 -0400
Subject: [PATCH] fix for bug #297
---
libdjvu/DjVmDir.cpp | 2 +-
libdjvu/GBitmap.cpp | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
index 0a0fac6..5a49015 100644
--- a/libdjvu/DjVmDir.cpp
+++ b/libdjvu/DjVmDir.cpp
@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
GP<File> file=files_list[pos];
if (ptr >= (const char*)strings + strings_size)
- G_THROW( "DjVu document is corrupted (DjVmDir)" );
+ G_THROW( ByteStream::EndOfFile );
file->id=ptr;
ptr+=file->id.length()+1;
if (file->flags & File::HAS_NAME)
diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
index 0e487f0..c2fdbe4 100644
--- a/libdjvu/GBitmap.cpp
+++ b/libdjvu/GBitmap.cpp
@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs)
int c = 0;
while (n >= 0)
{
- bs.read(&h, 1);
+ if (bs.read(&h, 1) <= 0)
+ G_THROW( ByteStream::EndOfFile );
int x = h;
if (x >= (int)RUNOVERFLOWVALUE)
{
- bs.read(&h, 1);
+ if (bs.read(&h, 1) <= 0)
+ G_THROW( ByteStream::EndOfFile );
x = h + ((x - (int)RUNOVERFLOWVALUE) << 8);
}
if (c+x > ncolumns)
--
2.23.0

39
djvulibre-3.5.27-null-dereference.patch
Unescape View File

@ -1,39 +0,0 @@
From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Thu, 17 Oct 2019 22:20:31 -0400
Subject: [PATCH 1/2] Fixed bug 309
---
libdjvu/IW44EncodeCodec.cpp | 2 +-
tools/ddjvu.cpp | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp
index 00752a0..f81eaeb 100644
--- a/libdjvu/IW44EncodeCodec.cpp
+++ b/libdjvu/IW44EncodeCodec.cpp
@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
int y = 0;
int s = scale*rowsize;
int s3 = s+s+s;
- h = ((h-1)/scale)+1;
+ h = (h>0) ? ((h-1)/scale)+1 : 0;
y += 1;
p += s;
while (y-3 < h)
diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
index 6d0df3b..7109952 100644
--- a/tools/ddjvu.cpp
+++ b/tools/ddjvu.cpp
@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
prect.h = (ih * 100) / dpi;
}
/* Process aspect ratio */
- if (flag_aspect <= 0)
+ if (flag_aspect <= 0 && iw>0 && ih>0)
{
double dw = (double)iw / prect.w;
double dh = (double)ih / prect.h;
--
2.23.0

31
djvulibre-3.5.27-out-of-bound-write.patch
Unescape View File

@ -1,31 +0,0 @@
From 7b0ef20690e08f1fe124aebbf42f6310e2f40f81 Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Thu, 27 Jun 2019 18:38:03 -0400
Subject: [PATCH] Lizards!
---
libdjvu/GString.cpp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libdjvu/GString.cpp b/libdjvu/GString.cpp
index bf98bfe..b17ed2a 100644
--- a/libdjvu/GString.cpp
+++ b/libdjvu/GString.cpp
@@ -1216,11 +1216,11 @@ GP<GStringRep>
GStringRep::getbuf(int n) const
{
GP<GStringRep> retval;
- if(n< 0)
+ if(n < 0)
n=strlen(data);
- if(n>0)
+ if(n >= 0)
{
- retval=blank(n);
+ retval=blank((n>0) ? n : 1);
char *ndata=retval->data;
strncpy(ndata,data,n);
ndata[n]=0;
--
2.31.1

111
djvulibre-3.5.27-stack-overflow.patch
Unescape View File

@ -1,111 +0,0 @@
From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Mon, 8 Apr 2019 22:25:55 -0400
Subject: bug 299 fixed
diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h
index 96b067c..0140211 100644
--- a/libdjvu/GContainer.h
+++ b/libdjvu/GContainer.h
@@ -550,52 +550,61 @@ public:
template <class TYPE> void
GArrayTemplate<TYPE>::sort(int lo, int hi)
{
- if (hi <= lo)
- return;
- if (hi > hibound || lo<lobound)
- G_THROW( ERR_MSG("GContainer.illegal_subscript") );
TYPE *data = (TYPE*)(*this);
- // Test for insertion sort
- if (hi <= lo + 50)
+ while(true)
{
- for (int i=lo+1; i<=hi; i++)
+ if (hi <= lo)
+ return;
+ if (hi > hibound || lo<lobound)
+ G_THROW( ERR_MSG("GContainer.illegal_subscript") );
+ // Test for insertion sort
+ if (hi <= lo + 50)
{
- int j = i;
- TYPE tmp = data[i];
- while ((--j>=lo) && !(data[j]<=tmp))
- data[j+1] = data[j];
- data[j+1] = tmp;
+ for (int i=lo+1; i<=hi; i++)
+ {
+ int j = i;
+ TYPE tmp = data[i];
+ while ((--j>=lo) && !(data[j]<=tmp))
+ data[j+1] = data[j];
+ data[j+1] = tmp;
+ }
+ return;
}
- return;
- }
- // -- determine suitable quick-sort pivot
- TYPE tmp = data[lo];
- TYPE pivot = data[(lo+hi)/2];
- if (pivot <= tmp)
- { tmp = pivot; pivot=data[lo]; }
- if (data[hi] <= tmp)
- { pivot = tmp; }
- else if (data[hi] <= pivot)
- { pivot = data[hi]; }
- // -- partition set
- int h = hi;
- int l = lo;
- while (l < h)
- {
- while (! (pivot <= data[l])) l++;
- while (! (data[h] <= pivot)) h--;
- if (l < h)
+ // -- determine median-of-three pivot
+ TYPE tmp = data[lo];
+ TYPE pivot = data[(lo+hi)/2];
+ if (pivot <= tmp)
+ { tmp = pivot; pivot=data[lo]; }
+ if (data[hi] <= tmp)
+ { pivot = tmp; }
+ else if (data[hi] <= pivot)
+ { pivot = data[hi]; }
+ // -- partition set
+ int h = hi;
+ int l = lo;
+ while (l < h)
{
- tmp = data[l];
- data[l] = data[h];
- data[h] = tmp;
- l = l+1;
- h = h-1;
+ while (! (pivot <= data[l])) l++;
+ while (! (data[h] <= pivot)) h--;
+ if (l < h)
+ {
+ tmp = data[l];
+ data[l] = data[h];
+ data[h] = tmp;
+ l = l+1;
+ h = h-1;
+ }
+ }
+ // -- recurse, small partition first
+ // tail-recursion elimination
+ if (h - lo <= hi - l) {
+ sort(lo,h);
+ lo = l; // sort(l,hi)
+ } else {
+ sort(l,hi);
+ hi = h; // sort(lo,h)
}
}
- // -- recursively restart
- sort(lo, h);
- sort(l, hi);
}
template<class TYPE> inline TYPE&

28
djvulibre-3.5.27-zero-bytes-check.patch
Unescape View File

@ -1,28 +0,0 @@
From 9658b01431cd7ff6344d7787f855179e73fe81a7 Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Mon, 8 Apr 2019 22:55:38 -0400
Subject: fix bug #298
diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h
index e8e0c9b..ca89a19 100644
--- a/libdjvu/GBitmap.h
+++ b/libdjvu/GBitmap.h
@@ -566,7 +566,7 @@ GBitmap::operator[](int row)
{
if (!bytes)
uncompress();
- if (row<0 || row>=nrows) {
+ if (row<0 || row>=nrows || !bytes) {
#ifndef NDEBUG
if (zerosize < bytes_per_row + border)
G_THROW( ERR_MSG("GBitmap.zero_small") );
@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const
{
if (!bytes)
((GBitmap*)this)->uncompress();
- if (row<0 || row>=nrows) {
+ if (row<0 || row>=nrows || !bytes) {
#ifndef NDEBUG
if (zerosize < bytes_per_row + border)
G_THROW( ERR_MSG("GBitmap.zero_small") );

19
djvulibre.spec
Unescape View File

@ -2,25 +2,19 @@
Summary: DjVu viewers, encoders, and utilities
Name: djvulibre
Version: 3.5.27
Release: 31%{?dist}
Version: 3.5.28
Release: 1%{?dist}
License: GPLv2+
URL: http://djvu.sourceforge.net/
Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
Patch0: djvulibre-3.5.22-cdefs.patch
#Patch1: djvulibre-3.5.25.3-cflags.patch
Patch2: djvulibre-3.5.27-buffer-overflow.patch
Patch3: djvulibre-3.5.27-infinite-loop.patch
Patch4: djvulibre-3.5.27-stack-overflow.patch
Patch5: djvulibre-3.5.27-zero-bytes-check.patch
Patch6: djvulibre-3.5.27-export-file.patch
Patch7: djvulibre-3.5.27-null-dereference.patch
Patch8: djvulibre-3.5.27-check-image-size.patch
Patch9: djvulibre-3.5.27-integer-overflow.patch
Patch10: djvulibre-3.5.27-check-input-pool.patch
Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch
Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch
Patch13: djvulibre-3.5.27-out-of-bound-write.patch
Patch14: djvulibre-3.5.27-out-of-bound-write-2.patch
Requires(post): xdg-utils
@ -75,18 +69,12 @@ Development files for DjVuLibre.
%setup -q
%patch0 -p1 -b .cdefs
#%patch1 -p1 -b .cflags
%patch2 -p1 -b .buffer-overflow
%patch3 -p1 -b .infinite-loop
%patch4 -p1 -b .stack-overflow
%patch5 -p1 -b .zero-bytes-check
%patch6 -p1 -b .export-file
%patch7 -p1 -b .null-dereference
%patch8 -p1 -b .check-image-size
%patch9 -p1 -b .integer-overflow
%patch10 -p1 -b .check-input-pool
%patch11 -p1 -b .djvuport-stack-overflow
%patch12 -p1 -b .unsigned-short-overflow
%patch13 -p1 -b .out-of-bound-write
%patch14 -p1 -b .out-of-bound-write-2
@ -195,6 +183,9 @@ fi
%changelog
* Wed Jan 19 2022 Marek Kasik <mkasik@redhat.com> - 3.5.28-1
- Rebase to 3.5.28
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.27-31
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

2
sources
Unescape View File

@ -1 +1 @@
aa4ed331f669f5a72e3c0d7f9196c4e6 djvulibre-3.5.27.tar.gz
SHA512 (djvulibre-3.5.28.tar.gz) = db3b8a5b56d700e911be32057f721a2a597e6f52e6fade203ad75ad76ab2d8facff2e474fd18beea703ccd5fa6425352e619a8fda40e69add1724dbee26050c6

Write Preview
Loading…
Cancel
Save