packages/djvulibre
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:d407c789f6d84c18a52ee24262af2554449f6f14
Branches Tags
packages:main
...
compare: packages:cb0c0aad43aa0c055b77306da25af5f4722e7bee
Branches Tags
packages:main

10 Commits
d407c789f6 ... cb0c0aad43

Author SHA1 Message Date
openeuler-ci-bot
cb0c0aad43
!48 Update to 3.5.28 
From: @wu-leilei 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2023-10-18 07:33:52 +00:00
wu-leilei
1ea9fa04ce Update to 3.5.28 2023-10-16 15:42:13 +08:00
openeuler-ci-bot
90fb1b2da6
!41 Fix CVE-2021-46310,CVE-2021-46312 
From: @wk333 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2023-09-13 08:01:58 +00:00
wk333
a782ccd218 Fix CVE-2021-46310,CVE-2021-46312 2023-09-13 10:43:27 +08:00
openeuler-ci-bot
fa5807badb !31 Fix CVE-2021-3630 
From: @wang_yue111
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2021-07-07 06:14:42 +00:00
wang_yue111
6be891ae9b Fix CVE-2021-3630 2021-07-07 11:53:33 +08:00
openeuler-ci-bot
f199e28412 !24 fix CVE-2021-32493 CVE-2021-3500 
From: @programmer12
Reviewed-by: @jackie_wu123,@small_leek
Signed-off-by: @small_leek
 2021-07-01 03:19:07 +00:00
programmer12
a52e8e3eff fix CVE-2021-32493 CVE-2021-3500 2021-07-01 10:03:22 +08:00
openeuler-ci-bot
5bd240bff5 !23 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 
From: @programmer12
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2021-06-30 09:28:05 +00:00
programmer12
424b0606dd fix CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 2021-06-30 16:04:56 +08:00
14 changed files with 115 additions and 316 deletions
Show Stats Expand all files Collapse all files

35
CVE-2019-15142.patch
View File

@ -1,35 +0,0 @@
From 970fb11a296b5bbdc5e8425851253d2c5913c45e Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Tue, 26 Mar 2019 20:36:31 -0400
Subject: [PATCH] Fix bug#296
---
libdjvu/DjVmDir.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
index 153e3c7..5834da6 100644
--- a/libdjvu/DjVmDir.cpp
+++ b/libdjvu/DjVmDir.cpp
@@ -300,6 +300,9 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
memcpy((char*) strings+strings_size, buffer, length);
}
DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
+ int strings_size=strings.size();
+ strings.resize(strings_size+3);
+ memset((char*) strings+strings_size, 0, 4);
// Copy names into the files
const char * ptr=strings;
@@ -307,6 +310,8 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
{
GP<File> file=files_list[pos];
+ if (ptr >= (const char*)strings + strings_size)
+ G_THROW( "DjVu document is corrupted (DjVmDir)" );
file->id=ptr;
ptr+=file->id.length()+1;
if (file->flags & File::HAS_NAME)
--
2.23.0

46
CVE-2019-15143.patch
View File

@ -1,46 +0,0 @@
From b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Tue, 26 Mar 2019 20:45:46 -0400
Subject: [PATCH] fix for bug #297
---
libdjvu/DjVmDir.cpp | 2 +-
libdjvu/GBitmap.cpp | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
index 0a0fac6..5a49015 100644
--- a/libdjvu/DjVmDir.cpp
+++ b/libdjvu/DjVmDir.cpp
@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
GP<File> file=files_list[pos];
if (ptr >= (const char*)strings + strings_size)
- G_THROW( "DjVu document is corrupted (DjVmDir)" );
+ G_THROW( ByteStream::EndOfFile );
file->id=ptr;
ptr+=file->id.length()+1;
if (file->flags & File::HAS_NAME)
diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
index 0e487f0..c2fdbe4 100644
--- a/libdjvu/GBitmap.cpp
+++ b/libdjvu/GBitmap.cpp
@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs)
int c = 0;
while (n >= 0)
{
- bs.read(&h, 1);
+ if (bs.read(&h, 1) <= 0)
+ G_THROW( ByteStream::EndOfFile );
int x = h;
if (x >= (int)RUNOVERFLOWVALUE)
{
- bs.read(&h, 1);
+ if (bs.read(&h, 1) <= 0)
+ G_THROW( ByteStream::EndOfFile );
x = h + ((x - (int)RUNOVERFLOWVALUE) << 8);
}
if (c+x > ncolumns)
--
2.23.0

111
CVE-2019-15144.patch
View File

@ -1,111 +0,0 @@
From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Mon, 8 Apr 2019 22:25:55 -0400
Subject: bug 299 fixed
diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h
index 96b067c..0140211 100644
--- a/libdjvu/GContainer.h
+++ b/libdjvu/GContainer.h
@@ -550,52 +550,61 @@ public:
template <class TYPE> void
GArrayTemplate<TYPE>::sort(int lo, int hi)
{
- if (hi <= lo)
- return;
- if (hi > hibound || lo<lobound)
- G_THROW( ERR_MSG("GContainer.illegal_subscript") );
TYPE *data = (TYPE*)(*this);
- // Test for insertion sort
- if (hi <= lo + 50)
+ while(true)
{
- for (int i=lo+1; i<=hi; i++)
+ if (hi <= lo)
+ return;
+ if (hi > hibound || lo<lobound)
+ G_THROW( ERR_MSG("GContainer.illegal_subscript") );
+ // Test for insertion sort
+ if (hi <= lo + 50)
{
- int j = i;
- TYPE tmp = data[i];
- while ((--j>=lo) && !(data[j]<=tmp))
- data[j+1] = data[j];
- data[j+1] = tmp;
+ for (int i=lo+1; i<=hi; i++)
+ {
+ int j = i;
+ TYPE tmp = data[i];
+ while ((--j>=lo) && !(data[j]<=tmp))
+ data[j+1] = data[j];
+ data[j+1] = tmp;
+ }
+ return;
}
- return;
- }
- // -- determine suitable quick-sort pivot
- TYPE tmp = data[lo];
- TYPE pivot = data[(lo+hi)/2];
- if (pivot <= tmp)
- { tmp = pivot; pivot=data[lo]; }
- if (data[hi] <= tmp)
- { pivot = tmp; }
- else if (data[hi] <= pivot)
- { pivot = data[hi]; }
- // -- partition set
- int h = hi;
- int l = lo;
- while (l < h)
- {
- while (! (pivot <= data[l])) l++;
- while (! (data[h] <= pivot)) h--;
- if (l < h)
+ // -- determine median-of-three pivot
+ TYPE tmp = data[lo];
+ TYPE pivot = data[(lo+hi)/2];
+ if (pivot <= tmp)
+ { tmp = pivot; pivot=data[lo]; }
+ if (data[hi] <= tmp)
+ { pivot = tmp; }
+ else if (data[hi] <= pivot)
+ { pivot = data[hi]; }
+ // -- partition set
+ int h = hi;
+ int l = lo;
+ while (l < h)
{
- tmp = data[l];
- data[l] = data[h];
- data[h] = tmp;
- l = l+1;
- h = h-1;
+ while (! (pivot <= data[l])) l++;
+ while (! (data[h] <= pivot)) h--;
+ if (l < h)
+ {
+ tmp = data[l];
+ data[l] = data[h];
+ data[h] = tmp;
+ l = l+1;
+ h = h-1;
+ }
+ }
+ // -- recurse, small partition first
+ // tail-recursion elimination
+ if (h - lo <= hi - l) {
+ sort(lo,h);
+ lo = l; // sort(l,hi)
+ } else {
+ sort(l,hi);
+ hi = h; // sort(lo,h)
}
}
- // -- recursively restart
- sort(lo, h);
- sort(l, hi);
}
template<class TYPE> inline TYPE&

27
CVE-2019-15145.patch
View File

@ -1,27 +0,0 @@
From 9658b01431cd7ff6344d7787f855179e73fe81a7 Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Mon, 8 Apr 2019 22:55:38 -0400
Subject: fix bug #298
diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h
index e8e0c9b..ca89a19 100644
--- a/libdjvu/GBitmap.h
+++ b/libdjvu/GBitmap.h
@@ -566,7 +566,7 @@ GBitmap::operator[](int row)
{
if (!bytes)
uncompress();
- if (row<0 || row>=nrows) {
+ if (row<0 || row>=nrows || !bytes) {
#ifndef NDEBUG
if (zerosize < bytes_per_row + border)
G_THROW( ERR_MSG("GBitmap.zero_small") );
@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const
{
if (!bytes)
((GBitmap*)this)->uncompress();
- if (row<0 || row>=nrows) {
+ if (row<0 || row>=nrows || !bytes) {
#ifndef NDEBUG
if (zerosize < bytes_per_row + border)
G_THROW( ERR_MSG("GBitmap.zero_small") );

36
CVE-2019-18804.patch
View File

@ -1,36 +0,0 @@
From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Thu, 17 Oct 2019 22:20:31 -0400
Subject: [PATCH 1/2] Fixed bug 309
---
libdjvu/IW44EncodeCodec.cpp | 2 +-
tools/ddjvu.cpp| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp
index 00752a0..f81eaeb 100644
--- a/libdjvu/IW44EncodeCodec.cpp
+++ b/libdjvu/IW44EncodeCodec.cpp
@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
int y = 0;
int s = scale*rowsize;
int s3 = s+s+s;
- h = ((h-1)/scale)+1;
+ h = (h>0) ? ((h-1)/scale)+1 : 0;
y += 1;
p += s;
while (y-3 < h)
diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
index 6d0df3b..7109952 100644
--- a/tools/ddjvu.cpp
+++ b/tools/ddjvu.cpp
@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
prect.h = (ih * 100) / dpi;
}
/* Process aspect ratio */
- if (flag_aspect <= 0)
+ if (flag_aspect <= 0 && iw>0 && ih>0)
{
double dw = (double)iw / prect.w;
double dh = (double)ih / prect.h;

16
CVE-2021-32490.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp
index e8d4b44..aa3d554 100644
--- a/libdjvu/IW44Image.cpp
+++ b/libdjvu/IW44Image.cpp
@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast)
size_t sz = bw * bh;
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
+ if (sz == 0)
+ G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
+ if (data16 == NULL)
+ G_THROW("IW44Image: unable to allocate image data");
// Copy coefficients
int i;
short *p = data16;

23
CVE-2021-32491.patch Normal file
View File

@ -0,0 +1,23 @@
diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
index 7109952..b41f7d2 100644
--- a/tools/ddjvu.cpp
+++ b/tools/ddjvu.cpp
@@ -70,6 +70,7 @@
#include <locale.h>
#include <fcntl.h>
#include <errno.h>
+#include <cstdint>
#ifdef UNIX
# include <sys/time.h>
@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno)
rowsize = rrect.w;
else
rowsize = rrect.w * 3;
- if (! (image = (char*)malloc(rowsize * rrect.h)))
+ if ((size_t) rowsize > SIZE_MAX / rrect.h)
+ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno);
+ if (! (image = (char*)malloc((size_t) rowsize * rrect.h)))
die(i18n("Cannot allocate image buffer for page %d"), pageno);
/* Render */

13
CVE-2021-32492.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/libdjvu/DataPool.cpp b/libdjvu/DataPool.cpp
index 5fcbedf..4c2eaf0 100644
--- a/libdjvu/DataPool.cpp
+++ b/libdjvu/DataPool.cpp
@@ -791,6 +791,8 @@ DataPool::create(const GP<DataPool> & pool, int start, int length)
DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n");
DEBUG_MAKE_INDENT(3);
+ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") );
+
DataPool *xpool=new DataPool();
GP<DataPool> retval=xpool;
xpool->init();

19
CVE-2021-46310.patch Normal file
View File

@ -0,0 +1,19 @@
Origin: https://sourceforge.net/p/djvu/bugs/345/
Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp
@@ -676,10 +676,10 @@ IW44Image::Map::image(signed char *img8,
// Allocate reconstruction buffer
short *data16;
size_t sz = bw * bh;
+ if (sz == 0) // bw or bh is zero
+ G_THROW("IW44Image: zero size image (corrupted file?)");
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
- if (sz == 0)
- G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
if (data16 == NULL)
G_THROW("IW44Image: unable to allocate image data");

20
CVE-2021-46312.patch Normal file
View File

@ -0,0 +1,20 @@
Origin: https://sourceforge.net/p/djvu/bugs/344/
Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp
+++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm
int h = bm.rows();
int g = bm.get_grays()-1;
signed char *buffer;
- GPBuffer<signed char> gbuffer(buffer,w*h);
+ size_t sz = w * h;
+ if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+ G_THROW("IWBitmap: zero size image (corrupted file?)");
+ if (sz / (size_t)w != (size_t)h) // multiplication overflow
+ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+ GPBuffer<signed char> gbuffer(buffer,sz);
// Prepare gray level conversion table
signed char bconv[256];
for (i=0; i<256; i++)

BIN
djvulibre-3.5.27.tar.gz
View File

Binary file not shown.

BIN
djvulibre-3.5.28.tar.gz Normal file
View File

Binary file not shown.

36
djvulibre.spec
View File

@ -1,19 +1,19 @@
Name: djvulibre Name: djvulibre
Summary: An open source (GPL'ed) implementation of DjVu Summary: An open source (GPL'ed) implementation of DjVu
Version: 3.5.27 Version: 3.5.28
Release: 16 Release: 1
License: GPLv2+ License: GPLv2+
URL: http://djvu.sourceforge.net/ URL: http://djvu.sourceforge.net/
Source0: http://downloads.sourceforge.net/djvu/djvulibre-%{version}.tar.gz Source0: http://downloads.sourceforge.net/djvu/djvulibre-%{version}.tar.gz
Patch0: djvulibre-3.5.22-cdefs.patch Patch0: djvulibre-3.5.22-cdefs.patch
Patch1: CVE-2019-15142.patch Patch1: CVE-2021-32490.patch
Patch2: CVE-2019-15143.patch Patch2: CVE-2021-32491.patch
Patch3: CVE-2019-15144.patch Patch3: CVE-2021-32492.patch
Patch4: CVE-2019-15145.patch Patch4: CVE-2021-32493.patch
Patch5: CVE-2019-18804.patch Patch5: CVE-2021-3500.patch
Patch6: update-any2djvu-server-hostname.patch Patch6: CVE-2021-46310.patch
Patch7: CVE-2021-32493.patch Patch7: CVE-2021-46312.patch
Patch8: CVE-2021-3500.patch
Requires(post): xdg-utils Requires(post): xdg-utils
Requires(preun): xdg-utils Requires(preun): xdg-utils
BuildRequires: libjpeg-turbo-devel libtiff-devel xdg-utils chrpath hicolor-icon-theme gcc-c++ BuildRequires: libjpeg-turbo-devel libtiff-devel xdg-utils chrpath hicolor-icon-theme gcc-c++
@ -96,8 +96,20 @@ rm -f %{_datadir}/icons/hicolor/32x32/apps/djvulibre-djview3.png || :
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Wen Jun 30 2021 houyingchao <houyingchao@huawei.com> - 3.5.27-16 * Mon Oct 16 2023 chenyaqiang <chenyaqiang@huawei.com> - 3.5.28-1
- Fix CVE-2021-32493 CVE-2021-3500 - Update to 3.5.28
* Wed Sep 13 2023 wangkai <13474090681@163.com> - 3.5.27-19
- Fix CVE-2021-46310,CVE-2021-46312
* Wed Jul 07 2021 wangyue<wangyue92@huawei.com> - 3.5.27-18
- Fix CVE-2021-3630
* Wed Jun 30 2021 liwu<liwu13@huawei.com> - 3.5.27-17
* Fix CVE-2021-32493 CVE-2021-3500
* Wed Jun 30 2021 liwu<liwu13@huawei.com> - 3.5.27-16
* Fix CVE-2021-32490, CVE-2021-32491, CVE-2021-32492
* Thu Jan 28 2021 lingsheng <lingsheng@huawei.com> - 3.5.27-15 * Thu Jan 28 2021 lingsheng <lingsheng@huawei.com> - 3.5.27-15
- update any2djvu server hostname - update any2djvu server hostname

49
update-any2djvu-server-hostname.patch
View File

@ -1,49 +0,0 @@
From 24380c9940078e2eab4e73c859885a015bfcd93a Mon Sep 17 00:00:00 2001
From: "Barak A. Pearlmutter" <barak+git@pearlmutter.net>
Date: Thu, 3 Nov 2016 10:52:47 +0000
Subject: [PATCH] update any2djvu server hostname
Thanks to Dylan Thurston <dpt@bostoncoop.net> for the report,
see https://bugs.debian.org/843009
Also update example URL.
---
tools/any2djvu | 4 ++--
tools/any2djvu.1 | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/any2djvu b/tools/any2djvu
index 1ad64c8..581766a 100755
--- a/tools/any2djvu
+++ b/tools/any2djvu
@@ -28,7 +28,7 @@ function disclaimer()
# TO DO:
# - error handling
-rurl="http://any2djvu.djvuzone.org"
+rurl="http://any2djvu.djvu.org"
rcgi="any2djvu.php"
res=400
ocr=1
@@ -83,7 +83,7 @@ function usage()
echo "Examples:"
echo " cd ~bap/public_html/foo"
echo " # uploads from web-accessible directory"
- echo " any2djvu http://www.bcl.hamilton.ie/~barak/papers mesh-preprint.ps.gz"
+ echo " any2djvu http://barak.pearlmutter.net/papers mesh-preprint.ps.gz"
echo " any2djvu http://www.inference.phy.cam.ac.uk/mackay *.ps.gz bar.pdf"
echo " # uploads from current directory"
echo " any2djvu b*.pdf"
diff --git a/tools/any2djvu.1 b/tools/any2djvu.1
index 5ab8422..ccfe03f 100644
--- a/tools/any2djvu.1
+++ b/tools/any2djvu.1
@@ -14,7 +14,7 @@ Invoke with \-h switch for usage information.
Non-empty value of DJVU_ONLINE_ACK acknowledges transmission of the
documents to the server (so that no warning dialog is displayed).
.SH EXAMPLES
-any2djvu http://www.bcl.hamilton.ie/~barak/papers mesh-preprint.ps.gz
+any2djvu http://barak.pearlmutter.net/papers mesh-preprint.ps.gz
.PP
any2djvu localfile.pdf
.SH AUTHORS