diff --git a/djvulibre-3.5.27-buffer-overflow.patch b/djvulibre-3.5.27-buffer-overflow.patch new file mode 100644 index 0000000..d8fe28d --- /dev/null +++ b/djvulibre-3.5.27-buffer-overflow.patch @@ -0,0 +1,21 @@ +--- djvulibre-3.5.27/libdjvu/DjVmDir.cpp ++++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp +@@ -300,6 +300,9 @@ DjVmDir::decode(const GP &gs + memcpy((char*) strings+strings_size, buffer, length); + } + DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n"); ++ int strings_size=strings.size(); ++ strings.resize(strings_size+3); ++ memset((char*) strings+strings_size, 0, 4); + + // Copy names into the files + const char * ptr=strings; +@@ -307,6 +310,8 @@ DjVmDir::decode(const GP &gs + { + GP file=files_list[pos]; + ++ if (ptr >= (const char*)strings + strings_size) ++ G_THROW( "DjVu document is corrupted (DjVmDir)" ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) diff --git a/djvulibre.spec b/djvulibre.spec index c1a7bd3..cd1ea6b 100644 --- a/djvulibre.spec +++ b/djvulibre.spec @@ -3,12 +3,13 @@ Summary: DjVu viewers, encoders, and utilities Name: djvulibre Version: 3.5.27 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2+ URL: http://djvu.sourceforge.net/ Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz Patch0: djvulibre-3.5.22-cdefs.patch #Patch1: djvulibre-3.5.25.3-cflags.patch +Patch2: djvulibre-3.5.27-buffer-overflow.patch Requires(post): xdg-utils Requires(preun): xdg-utils @@ -61,6 +62,7 @@ Development files for DjVuLibre. %setup -q %patch0 -p1 -b .cdefs #%patch1 -p1 -b .cflags +%patch2 -p1 -b .buffer-overflow %build @@ -168,6 +170,10 @@ fi %changelog +* Wed Nov 6 2019 Marek Kasik - 3.5.27-13 +- Fix a buffer overflow +- Resolves: #1767842 + * Wed Jul 24 2019 Fedora Release Engineering - 3.5.27-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild