From 06c4620a03f8213bfe2039d0b174dc58461d947f Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Wed, 19 Jan 2022 12:09:28 +0100
Subject: [PATCH] Rebase to 3.5.28

---
 .gitignore                                |   1 +
 djvulibre-3.5.27-buffer-overflow.patch    |  21 ----
 djvulibre-3.5.27-infinite-loop.patch      |  46 ---------
 djvulibre-3.5.27-null-dereference.patch   |  39 --------
 djvulibre-3.5.27-out-of-bound-write.patch |  31 ------
 djvulibre-3.5.27-stack-overflow.patch     | 111 ----------------------
 djvulibre-3.5.27-zero-bytes-check.patch   |  28 ------
 djvulibre.spec                            |  19 +---
 sources                                   |   2 +-
 9 files changed, 7 insertions(+), 291 deletions(-)
 delete mode 100644 djvulibre-3.5.27-buffer-overflow.patch
 delete mode 100644 djvulibre-3.5.27-infinite-loop.patch
 delete mode 100644 djvulibre-3.5.27-null-dereference.patch
 delete mode 100644 djvulibre-3.5.27-out-of-bound-write.patch
 delete mode 100644 djvulibre-3.5.27-stack-overflow.patch
 delete mode 100644 djvulibre-3.5.27-zero-bytes-check.patch

diff --git a/.gitignore b/.gitignore
index c335e44..027ea81 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ djvulibre-3.5.22.tar.gz
 
 /djvulibre-3.5.25.3.tar.gz
 /djvulibre-3.5.27.tar.gz
+/djvulibre-3.5.28.tar.gz
diff --git a/djvulibre-3.5.27-buffer-overflow.patch b/djvulibre-3.5.27-buffer-overflow.patch
deleted file mode 100644
index d8fe28d..0000000
--- a/djvulibre-3.5.27-buffer-overflow.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- djvulibre-3.5.27/libdjvu/DjVmDir.cpp
-+++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp
-@@ -300,6 +300,9 @@ DjVmDir::decode(const GP<ByteStream> &gs
-          memcpy((char*) strings+strings_size, buffer, length);
-       }
-       DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
-+      int strings_size=strings.size();
-+      strings.resize(strings_size+3);
-+      memset((char*) strings+strings_size, 0, 4);
-    
-          // Copy names into the files
-       const char * ptr=strings;
-@@ -307,6 +310,8 @@ DjVmDir::decode(const GP<ByteStream> &gs
-       {
-          GP<File> file=files_list[pos];
- 
-+         if (ptr >= (const char*)strings + strings_size)
-+           G_THROW( "DjVu document is corrupted (DjVmDir)" );
-          file->id=ptr;
-          ptr+=file->id.length()+1;
-          if (file->flags & File::HAS_NAME)
diff --git a/djvulibre-3.5.27-infinite-loop.patch b/djvulibre-3.5.27-infinite-loop.patch
deleted file mode 100644
index 015dd8f..0000000
--- a/djvulibre-3.5.27-infinite-loop.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f Mon Sep 17 00:00:00 2001
-From: Leon Bottou <leon@bottou.org>
-Date: Tue, 26 Mar 2019 20:45:46 -0400
-Subject: [PATCH] fix for bug #297
-
----
- libdjvu/DjVmDir.cpp | 2 +-
- libdjvu/GBitmap.cpp | 6 ++++--
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
-index 0a0fac6..5a49015 100644
---- a/libdjvu/DjVmDir.cpp
-+++ b/libdjvu/DjVmDir.cpp
-@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
-          GP<File> file=files_list[pos];
- 
-          if (ptr >= (const char*)strings + strings_size)
--           G_THROW( "DjVu document is corrupted (DjVmDir)" );
-+           G_THROW( ByteStream::EndOfFile );
-          file->id=ptr;
-          ptr+=file->id.length()+1;
-          if (file->flags & File::HAS_NAME)
-diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
-index 0e487f0..c2fdbe4 100644
---- a/libdjvu/GBitmap.cpp
-+++ b/libdjvu/GBitmap.cpp
-@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs)
-   int c = 0;
-   while (n >= 0)
-     {
--      bs.read(&h, 1);
-+      if (bs.read(&h, 1) <= 0)
-+        G_THROW( ByteStream::EndOfFile );
-       int x = h;
-       if (x >= (int)RUNOVERFLOWVALUE)
-         {
--          bs.read(&h, 1);
-+          if (bs.read(&h, 1) <= 0)
-+            G_THROW( ByteStream::EndOfFile );
-           x = h + ((x - (int)RUNOVERFLOWVALUE) << 8);
-         }
-       if (c+x > ncolumns)
--- 
-2.23.0
-
diff --git a/djvulibre-3.5.27-null-dereference.patch b/djvulibre-3.5.27-null-dereference.patch
deleted file mode 100644
index 5e80f32..0000000
--- a/djvulibre-3.5.27-null-dereference.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001
-From: Leon Bottou <leon@bottou.org>
-Date: Thu, 17 Oct 2019 22:20:31 -0400
-Subject: [PATCH 1/2] Fixed bug 309
-
----
- libdjvu/IW44EncodeCodec.cpp | 2 +-
- tools/ddjvu.cpp             | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp
-index 00752a0..f81eaeb 100644
---- a/libdjvu/IW44EncodeCodec.cpp
-+++ b/libdjvu/IW44EncodeCodec.cpp
-@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
-   int y = 0;
-   int s = scale*rowsize;
-   int s3 = s+s+s;
--  h = ((h-1)/scale)+1;
-+  h = (h>0) ? ((h-1)/scale)+1 : 0;
-   y += 1;
-   p += s;
-   while (y-3 < h)
-diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
-index 6d0df3b..7109952 100644
---- a/tools/ddjvu.cpp
-+++ b/tools/ddjvu.cpp
-@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
-       prect.h = (ih * 100) / dpi;
-     }
-   /* Process aspect ratio */
--  if (flag_aspect <= 0)
-+  if (flag_aspect <= 0 && iw>0 && ih>0)
-     {
-       double dw = (double)iw / prect.w;
-       double dh = (double)ih / prect.h;
--- 
-2.23.0
-
diff --git a/djvulibre-3.5.27-out-of-bound-write.patch b/djvulibre-3.5.27-out-of-bound-write.patch
deleted file mode 100644
index 59071f0..0000000
--- a/djvulibre-3.5.27-out-of-bound-write.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7b0ef20690e08f1fe124aebbf42f6310e2f40f81 Mon Sep 17 00:00:00 2001
-From: Leon Bottou <leon@bottou.org>
-Date: Thu, 27 Jun 2019 18:38:03 -0400
-Subject: [PATCH] Lizards!
-
----
- libdjvu/GString.cpp | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/libdjvu/GString.cpp b/libdjvu/GString.cpp
-index bf98bfe..b17ed2a 100644
---- a/libdjvu/GString.cpp
-+++ b/libdjvu/GString.cpp
-@@ -1216,11 +1216,11 @@ GP<GStringRep>
- GStringRep::getbuf(int n) const
- {
-   GP<GStringRep> retval;
--  if(n< 0)
-+  if(n < 0)
-     n=strlen(data);
--  if(n>0)
-+  if(n >= 0)
-   {
--    retval=blank(n);
-+    retval=blank((n>0) ? n : 1);
-     char *ndata=retval->data;
-     strncpy(ndata,data,n);
-     ndata[n]=0;
--- 
-2.31.1
-
diff --git a/djvulibre-3.5.27-stack-overflow.patch b/djvulibre-3.5.27-stack-overflow.patch
deleted file mode 100644
index 6798076..0000000
--- a/djvulibre-3.5.27-stack-overflow.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001
-From: Leon Bottou <leon@bottou.org>
-Date: Mon, 8 Apr 2019 22:25:55 -0400
-Subject: bug 299 fixed
-
-
-diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h
-index 96b067c..0140211 100644
---- a/libdjvu/GContainer.h
-+++ b/libdjvu/GContainer.h
-@@ -550,52 +550,61 @@ public:
- template <class TYPE> void
- GArrayTemplate<TYPE>::sort(int lo, int hi)
- {
--  if (hi <= lo)
--    return;
--  if (hi > hibound || lo<lobound)
--    G_THROW( ERR_MSG("GContainer.illegal_subscript") );
-   TYPE *data = (TYPE*)(*this);
--  // Test for insertion sort
--  if (hi <= lo + 50)
-+  while(true)
-     {
--      for (int i=lo+1; i<=hi; i++)
-+      if (hi <= lo)
-+        return;
-+      if (hi > hibound || lo<lobound)
-+        G_THROW( ERR_MSG("GContainer.illegal_subscript") );
-+      // Test for insertion sort
-+      if (hi <= lo + 50)
-         {
--          int j = i;
--          TYPE tmp = data[i];
--          while ((--j>=lo) && !(data[j]<=tmp))
--            data[j+1] = data[j];
--          data[j+1] = tmp;
-+          for (int i=lo+1; i<=hi; i++)
-+            {
-+              int j = i;
-+              TYPE tmp = data[i];
-+              while ((--j>=lo) && !(data[j]<=tmp))
-+                data[j+1] = data[j];
-+              data[j+1] = tmp;
-+            }
-+          return;
-         }
--      return;
--    }
--  // -- determine suitable quick-sort pivot
--  TYPE tmp = data[lo];
--  TYPE pivot = data[(lo+hi)/2];
--  if (pivot <= tmp)
--    { tmp = pivot; pivot=data[lo]; }
--  if (data[hi] <= tmp)
--    { pivot = tmp; }
--  else if (data[hi] <= pivot)
--    { pivot = data[hi]; }
--  // -- partition set
--  int h = hi;
--  int l = lo;
--  while (l < h)
--    {
--      while (! (pivot <= data[l])) l++;
--      while (! (data[h] <= pivot)) h--;
--      if (l < h)
-+      // -- determine median-of-three pivot
-+      TYPE tmp = data[lo];
-+      TYPE pivot = data[(lo+hi)/2];
-+      if (pivot <= tmp)
-+        { tmp = pivot; pivot=data[lo]; }
-+      if (data[hi] <= tmp)
-+        { pivot = tmp; }
-+      else if (data[hi] <= pivot)
-+        { pivot = data[hi]; }
-+      // -- partition set
-+      int h = hi;
-+      int l = lo;
-+      while (l < h)
-         {
--          tmp = data[l];
--          data[l] = data[h];
--          data[h] = tmp;
--          l = l+1;
--          h = h-1;
-+          while (! (pivot <= data[l])) l++;
-+          while (! (data[h] <= pivot)) h--;
-+          if (l < h)
-+            {
-+              tmp = data[l];
-+              data[l] = data[h];
-+              data[h] = tmp;
-+              l = l+1;
-+              h = h-1;
-+            }
-+        }
-+      // -- recurse, small partition first
-+      //    tail-recursion elimination
-+      if (h - lo <= hi - l) {
-+        sort(lo,h);
-+        lo = l; // sort(l,hi)
-+      } else {
-+        sort(l,hi);
-+        hi = h; // sort(lo,h)
-       }
-     }
--  // -- recursively restart
--  sort(lo, h);
--  sort(l, hi);
- }
- 
- template<class TYPE> inline TYPE&
diff --git a/djvulibre-3.5.27-zero-bytes-check.patch b/djvulibre-3.5.27-zero-bytes-check.patch
deleted file mode 100644
index 958c3f8..0000000
--- a/djvulibre-3.5.27-zero-bytes-check.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 9658b01431cd7ff6344d7787f855179e73fe81a7 Mon Sep 17 00:00:00 2001
-From: Leon Bottou <leon@bottou.org>
-Date: Mon, 8 Apr 2019 22:55:38 -0400
-Subject: fix bug #298
-
-
-diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h
-index e8e0c9b..ca89a19 100644
---- a/libdjvu/GBitmap.h
-+++ b/libdjvu/GBitmap.h
-@@ -566,7 +566,7 @@ GBitmap::operator[](int row)
- {
-   if (!bytes) 
-     uncompress();
--  if (row<0 || row>=nrows) {
-+  if (row<0 || row>=nrows || !bytes) {
- #ifndef NDEBUG
-     if (zerosize < bytes_per_row + border)
-       G_THROW( ERR_MSG("GBitmap.zero_small") );
-@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const
- {
-   if (!bytes) 
-     ((GBitmap*)this)->uncompress();
--  if (row<0 || row>=nrows) {
-+  if (row<0 || row>=nrows || !bytes) {
- #ifndef NDEBUG
-     if (zerosize < bytes_per_row + border)
-       G_THROW( ERR_MSG("GBitmap.zero_small") );
diff --git a/djvulibre.spec b/djvulibre.spec
index 91e5bad..a95fd00 100644
--- a/djvulibre.spec
+++ b/djvulibre.spec
@@ -2,25 +2,19 @@
 
 Summary: DjVu viewers, encoders, and utilities
 Name: djvulibre
-Version: 3.5.27
-Release: 31%{?dist}
+Version: 3.5.28
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://djvu.sourceforge.net/
 Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
 Patch0: djvulibre-3.5.22-cdefs.patch
 #Patch1: djvulibre-3.5.25.3-cflags.patch
-Patch2: djvulibre-3.5.27-buffer-overflow.patch
-Patch3: djvulibre-3.5.27-infinite-loop.patch
-Patch4: djvulibre-3.5.27-stack-overflow.patch
-Patch5: djvulibre-3.5.27-zero-bytes-check.patch
 Patch6: djvulibre-3.5.27-export-file.patch
-Patch7: djvulibre-3.5.27-null-dereference.patch
 Patch8: djvulibre-3.5.27-check-image-size.patch
 Patch9: djvulibre-3.5.27-integer-overflow.patch
 Patch10: djvulibre-3.5.27-check-input-pool.patch
 Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch
 Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch
-Patch13: djvulibre-3.5.27-out-of-bound-write.patch
 Patch14: djvulibre-3.5.27-out-of-bound-write-2.patch
 
 Requires(post): xdg-utils
@@ -75,18 +69,12 @@ Development files for DjVuLibre.
 %setup -q 
 %patch0 -p1 -b .cdefs
 #%patch1 -p1 -b .cflags
-%patch2 -p1 -b .buffer-overflow
-%patch3 -p1 -b .infinite-loop
-%patch4 -p1 -b .stack-overflow
-%patch5 -p1 -b .zero-bytes-check
 %patch6 -p1 -b .export-file
-%patch7 -p1 -b .null-dereference
 %patch8 -p1 -b .check-image-size
 %patch9 -p1 -b .integer-overflow
 %patch10 -p1 -b .check-input-pool
 %patch11 -p1 -b .djvuport-stack-overflow
 %patch12 -p1 -b .unsigned-short-overflow
-%patch13 -p1 -b .out-of-bound-write
 %patch14 -p1 -b .out-of-bound-write-2
 
 
@@ -195,6 +183,9 @@ fi
 
 
 %changelog
+* Wed Jan 19 2022 Marek Kasik <mkasik@redhat.com> - 3.5.28-1
+- Rebase to 3.5.28
+
 * Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.27-31
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 
diff --git a/sources b/sources
index e3c3e9d..a488d62 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-aa4ed331f669f5a72e3c0d7f9196c4e6  djvulibre-3.5.27.tar.gz
+SHA512 (djvulibre-3.5.28.tar.gz) = db3b8a5b56d700e911be32057f721a2a597e6f52e6fade203ad75ad76ab2d8facff2e474fd18beea703ccd5fa6425352e619a8fda40e69add1724dbee26050c6