Fix CVE-2021-3630

CVE-2021-3630.patch

@@ -0,0 +1,30 @@
+From a613ff8a73585b55359e9b7128b4a30665b1f191 Mon Sep 17 00:00:00 2001
+Author: Leon Bottou <leon@bottou.org> 
+Date:   Thu Jun 27 18:38:03 2019 -0400
+
+---
+ libdjvu/GString.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libdjvu/GString.cpp b/libdjvu/GString.cpp
+index 181c0b2..f71e6b3 100644
+--- a/libdjvu/GString.cpp
++++ b/libdjvu/GString.cpp
+@@ -1212,11 +1212,11 @@ GP<GStringRep>
+ GStringRep::getbuf(int n) const
+ {
+   GP<GStringRep> retval;
+-  if(n< 0)
++  if(n < 0)
+     n=strlen(data);
+-  if(n>0)
++  if(n >= 0)
+   {
+-    retval=blank(n);
++    retval=blank((n>0) ? n : 1);
+     char *ndata=retval->data;
+     strncpy(ndata,data,n);
+     ndata[n]=0;
+-- 
+2.23.0
+

djvulibre.spec

@@ -1,7 +1,7 @@
 Name:             djvulibre
 Summary:          An open source (GPL'ed) implementation of DjVu
 Version:          3.5.27
-Release:          17
+Release:          18
 License:          GPLv2+
 URL:              http://djvu.sourceforge.net/
 Source0:          http://downloads.sourceforge.net/djvu/djvulibre-%{version}.tar.gz
@@ -17,6 +17,8 @@ Patch8:           CVE-2021-32491.patch
 Patch9:           CVE-2021-32492.patch
 Patch10:          CVE-2021-32493.patch
 Patch11:          CVE-2021-3500.patch
+Patch12:          CVE-2021-3630.patch
+
 Requires(post):   xdg-utils
 Requires(preun):  xdg-utils
 BuildRequires:    libjpeg-turbo-devel libtiff-devel xdg-utils chrpath hicolor-icon-theme gcc-c++
@@ -99,6 +101,9 @@ rm -f %{_datadir}/icons/hicolor/32x32/apps/djvulibre-djview3.png || :
 %{_mandir}/man1/*
 
 %changelog
+* Wed Jul 07 2021 wangyue<wangyue92@huawei.com> - 3.5.27-18
+- Fix CVE-2021-3630
+
 * Wed Jun 30 2021 liwu<liwu13@huawei.com> - 3.5.27-17
 * Fix CVE-2021-32493 CVE-2021-3500