packages/djvulibre
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-32493 CVE-2021-3500

Browse Source
This commit is contained in:
houyingchao 2021-06-30 11:59:17 +08:00
parent f082f72abd
commit 3ec4a35371
3 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CVE-2021-32493.patch Normal file
View File

@ -0,0 +1,21 @@
diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
index c2fdbe4..e271a1d 100644
--- a/libdjvu/GBitmap.cpp
+++ b/libdjvu/GBitmap.cpp
@@ -69,6 +69,7 @@
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
+#include <climits>
// - Author: Leon Bottou, 05/1997
@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs)
// initialize pixel array
if (nrows==0 || ncolumns==0)
G_THROW( ERR_MSG("GBitmap.not_init") );
+ if (ncolumns > USHRT_MAX - border)
+ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)");
bytes_per_row = ncolumns + border;
if (runs==0)
G_THROW( ERR_MSG("GBitmap.null_arg") );

36
CVE-2021-3500.patch Normal file
View File

@ -0,0 +1,36 @@
diff --git a/libdjvu/DjVuPort.cpp b/libdjvu/DjVuPort.cpp
index 2b3e0d2..ede7f6b 100644
--- a/libdjvu/DjVuPort.cpp
+++ b/libdjvu/DjVuPort.cpp
@@ -507,10 +507,19 @@ GP<DjVuFile>
DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id)
{
GPList<DjVuPort> list;
+
+ if (!!opening_id && opening_id == id)
+ G_THROW( ERR_MSG("DjVuPortcaster.recursive_open") );
+ else
+ opening_id = id;
+
compute_closure(source, list, true);
GP<DjVuFile> file;
for(GPosition pos=list;pos;++pos)
if ((file=list[pos]->id_to_file(source, id))) break;
+
+ opening_id = GUTF8String();
+
return file;
}
diff --git a/libdjvu/DjVuPort.h b/libdjvu/DjVuPort.h
index e2b3125..313dc2b 100644
--- a/libdjvu/DjVuPort.h
+++ b/libdjvu/DjVuPort.h
@@ -484,6 +484,7 @@ private:
const DjVuPort *dst, int distance);
void compute_closure(const DjVuPort *src, GPList<DjVuPort> &list,
bool sorted=false);
+ GUTF8String opening_id;
};

7
djvulibre.spec
View File

@ -1,7 +1,7 @@
Name: djvulibre Name: djvulibre
Summary: An open source (GPL'ed) implementation of DjVu Summary: An open source (GPL'ed) implementation of DjVu
Version: 3.5.27 Version: 3.5.27
Release: 15 Release: 16
License: GPLv2+ License: GPLv2+
URL: http://djvu.sourceforge.net/ URL: http://djvu.sourceforge.net/
Source0: http://downloads.sourceforge.net/djvu/djvulibre-%{version}.tar.gz Source0: http://downloads.sourceforge.net/djvu/djvulibre-%{version}.tar.gz
@ -12,6 +12,8 @@ Patch3: CVE-2019-15144.patch
Patch4: CVE-2019-15145.patch Patch4: CVE-2019-15145.patch
Patch5: CVE-2019-18804.patch Patch5: CVE-2019-18804.patch
Patch6: update-any2djvu-server-hostname.patch Patch6: update-any2djvu-server-hostname.patch
Patch7: CVE-2021-32493.patch
Patch8: CVE-2021-3500.patch
Requires(post): xdg-utils Requires(post): xdg-utils
Requires(preun): xdg-utils Requires(preun): xdg-utils
BuildRequires: libjpeg-turbo-devel libtiff-devel xdg-utils chrpath hicolor-icon-theme gcc-c++ BuildRequires: libjpeg-turbo-devel libtiff-devel xdg-utils chrpath hicolor-icon-theme gcc-c++
@ -94,6 +96,9 @@ rm -f %{_datadir}/icons/hicolor/32x32/apps/djvulibre-djview3.png || :
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Wen Jun 30 2021 houyingchao <houyingchao@huawei.com> - 3.5.27-16
- Fix CVE-2021-32493 CVE-2021-3500
* Thu Jan 28 2021 lingsheng <lingsheng@huawei.com> - 3.5.27-15 * Thu Jan 28 2021 lingsheng <lingsheng@huawei.com> - 3.5.27-15
- update any2djvu server hostname - update any2djvu server hostname