import djvulibre-3.5.28-4.el9

Remove duplicate changelog message
Merge and update
14 changed files with 56 additions and 11 deletions
--- a/.djvulibre.metadata
+++ b/.djvulibre.metadata
@ -0,0 +1 @@
+e74c23e5480535898a6549aec11e5cfa1228e1ea  SOURCES/djvulibre-3.5.28.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1 @@
-djvulibre-3.5.22.tar.gz
-/djvulibre-3.5.24.tar.gz
-
-/djvulibre-3.5.25.3.tar.gz
-/djvulibre-3.5.27.tar.gz
-/djvulibre-3.5.28.tar.gz
+SOURCES/djvulibre-3.5.28.tar.gz
--- a/SOURCES/0001-Check-for-zero-width-and-height.patch
+++ b/SOURCES/0001-Check-for-zero-width-and-height.patch
@ -0,0 +1,35 @@
+From 3e7facdbcdab27143327b216cddb42a6dd1a50a7 Mon Sep 17 00:00:00 2001
+From: Petr Gajdos <pgajdos@suse.cz>
+Date: Mon, 6 May 2024 11:26:12 +0200
+Subject: [PATCH] Check for zero width and height
+
+Also check for positive number of gray levels.
+
+The patch was created by Petr Gajdos for
+https://sourceforge.net/p/djvu/bugs/345/ and pushed
+by Marek Kasik to Fedora/EPEL repositories.
+---
+ libdjvu/IW44EncodeCodec.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp
+index f81eaeb..7a402f7 100644
+--- a/libdjvu/IW44EncodeCodec.cpp
+++ b/libdjvu/IW44EncodeCodec.cpp
+@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm, const GP<GBitmap> gmask)
+   int h = bm.rows();
+   int g = bm.get_grays()-1;
+   signed char *buffer;
+-  GPBuffer<signed char> gbuffer(buffer,w*h);
+  size_t sz = w * h;
+  if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+    G_THROW("IWBitmap: zero size image (corrupted file?)");
+  if (sz / (size_t)w != (size_t)h) // multiplication overflow
+    G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+  GPBuffer<signed char> gbuffer(buffer,sz);
+   // Prepare gray level conversion table
+   signed char  bconv[256];
+   for (i=0; i<256; i++)
+-- 
+2.44.0
+
--- a/SOURCES/djvulibre-3.5.22-cdefs.patch
+++ b/SOURCES/djvulibre-3.5.22-cdefs.patch
--- a/SOURCES/djvulibre-3.5.25.3-cflags.patch
+++ b/SOURCES/djvulibre-3.5.25.3-cflags.patch
--- a/SOURCES/djvulibre-3.5.27-check-image-size.patch
+++ b/SOURCES/djvulibre-3.5.27-check-image-size.patch
@ -2,12 +2,14 @@ diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp
 index e8d4b44..aa3d554 100644
 --- a/libdjvu/IW44Image.cpp
 +++ b/libdjvu/IW44Image.cpp
-@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast)
+@@ -678,9 +678,13 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast)
+   // Allocate reconstruction buffer
+   short *data16;
   size_t sz = bw * bh;
-   if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
-     G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
 +  if (sz == 0)
 +    G_THROW("IW44Image: zero size image (corrupted file?)");
+   if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
+     G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
   GPBuffer<short> gdata16(data16,sz);
 +  if (data16 == NULL)
 +    G_THROW("IW44Image: unable to allocate image data");
--- a/SOURCES/djvulibre-3.5.27-check-input-pool.patch
+++ b/SOURCES/djvulibre-3.5.27-check-input-pool.patch
--- a/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch
+++ b/SOURCES/djvulibre-3.5.27-djvuport-stack-overflow.patch
--- a/SOURCES/djvulibre-3.5.27-export-file.patch
+++ b/SOURCES/djvulibre-3.5.27-export-file.patch
--- a/SOURCES/djvulibre-3.5.27-integer-overflow.patch
+++ b/SOURCES/djvulibre-3.5.27-integer-overflow.patch
--- a/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch
+++ b/SOURCES/djvulibre-3.5.27-out-of-bound-write-2.patch
--- a/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch
+++ b/SOURCES/djvulibre-3.5.27-unsigned-short-overflow.patch
--- a/SPECS/djvulibre.spec
+++ b/SPECS/djvulibre.spec
@ -3,7 +3,7 @@
 Summary: DjVu viewers, encoders, and utilities
 Name: djvulibre
 Version: 3.5.28
-Release: 2%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://djvu.sourceforge.net/
 Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
@ -16,6 +16,7 @@ Patch10: djvulibre-3.5.27-check-input-pool.patch
 Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch
 Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch
 Patch14: djvulibre-3.5.27-out-of-bound-write-2.patch
+Patch15: 0001-Check-for-zero-width-and-height.patch

 Requires(post): xdg-utils
 Requires(preun): xdg-utils
@ -76,6 +77,7 @@ Development files for DjVuLibre.
 %patch11 -p1 -b .djvuport-stack-overflow
 %patch12 -p1 -b .unsigned-short-overflow
 %patch14 -p1 -b .out-of-bound-write-2
+%patch15 -p1 -b .zero-size-image


 %build 
@ -183,6 +185,17 @@ fi


 %changelog
+* Tue May 07 2024 Marek Kasik <mkasik@redhat.com> - 3.5.28-4
+- Check for zero-size image when allocating GBuffer
+- Resolves: #2234737
+
+* Tue May 07 2024 Marek Kasik <mkasik@redhat.com> - 3.5.28-3
+- Improve image size fix
+- Resolves: #2234740
+
+* Fri Sep 08 2023 Arkady L. Shane <ashejn@msvsphere.ru> - 3.5.28-2
+- Rebuilt for MSVSphere 9.2
+
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.28-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

--- a/1
+++ b/1
@ -1 +0,0 @@
-SHA512 (djvulibre-3.5.28.tar.gz) = db3b8a5b56d700e911be32057f721a2a597e6f52e6fade203ad75ad76ab2d8facff2e474fd18beea703ccd5fa6425352e619a8fda40e69add1724dbee26050c6
Author	SHA1	Message	Date
MSVSphere Packaging Team	6b4c646346	import djvulibre-3.5.28-4.el9	9 months ago
Aleksandr Kravchenko	1af8079324	Remove duplicate changelog message	1 year ago
MSVSphere Packaging Team	8f1b67bb7b	Merge and update	1 year ago
MSVSphere Packaging Team	7fe27a7460	Remove unnecessary files	1 year ago
Arkady L. Shane	a1e82dccd1	import djvulibre-3.5.28-2.el9	1 year ago
				`@ -0,0 +1 @@`
				`e74c23e5480535898a6549aec11e5cfa1228e1ea SOURCES/djvulibre-3.5.28.tar.gz`
				`@ -1 +0,0 @@`
				`SHA512 (djvulibre-3.5.28.tar.gz) = db3b8a5b56d700e911be32057f721a2a597e6f52e6fade203ad75ad76ab2d8facff2e474fd18beea703ccd5fa6425352e619a8fda40e69add1724dbee26050c6`