[arch-commits] Commit in djvulibre/repos/extra-x86_64 (7 files)
Antonio Rojas
arojas at archlinux.org
Sat May 15 11:21:07 UTC 2021
Date: Saturday, May 15, 2021 @ 11:21:06
Author: arojas
Revision: 415536
archrelease: copy trunk to extra-x86_64
Added:
djvulibre/repos/extra-x86_64/PKGBUILD
(from rev 415535, djvulibre/trunk/PKGBUILD)
djvulibre/repos/extra-x86_64/djvulibre-check-image-size.patch
(from rev 415535, djvulibre/trunk/djvulibre-check-image-size.patch)
djvulibre/repos/extra-x86_64/djvulibre-check-input-pool.patch
(from rev 415535, djvulibre/trunk/djvulibre-check-input-pool.patch)
djvulibre/repos/extra-x86_64/djvulibre-djvuport-stack-overflow.patch
(from rev 415535, djvulibre/trunk/djvulibre-djvuport-stack-overflow.patch)
djvulibre/repos/extra-x86_64/djvulibre-integer-overflow.patch
(from rev 415535, djvulibre/trunk/djvulibre-integer-overflow.patch)
djvulibre/repos/extra-x86_64/djvulibre-unsigned-short-overflow.patch
(from rev 415535, djvulibre/trunk/djvulibre-unsigned-short-overflow.patch)
Deleted:
djvulibre/repos/extra-x86_64/PKGBUILD
-----------------------------------------+
PKGBUILD | 79 +++++++++++++++++-------------
djvulibre-check-image-size.patch | 16 ++++++
djvulibre-check-input-pool.patch | 13 ++++
djvulibre-djvuport-stack-overflow.patch | 36 +++++++++++++
djvulibre-integer-overflow.patch | 23 ++++++++
djvulibre-unsigned-short-overflow.patch | 21 +++++++
6 files changed, 155 insertions(+), 33 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2021-05-15 11:20:49 UTC (rev 415535)
+++ PKGBUILD 2021-05-15 11:21:06 UTC (rev 415536)
@@ -1,33 +0,0 @@
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Maintainer: Jan de Groot <jgc at archlinux.org>
-# Contributor: mgushee
-
-pkgname=djvulibre
-pkgver=3.5.28
-pkgrel=2
-pkgdesc="Suite to create, manipulate and view DjVu ('déjà vu') documents"
-url='http://djvu.sourceforge.net/'
-arch=('x86_64')
-license=('GPL2')
-makedepends=('librsvg')
-depends=('libtiff' 'hicolor-icon-theme')
-source=("https://downloads.sourceforge.net/project/djvu/DjVuLibre/$pkgver/djvulibre-$pkgver.tar.gz")
-sha256sums=('fcd009ea7654fde5a83600eb80757bd3a76998e47d13c66b54c8db849f8f2edc')
-
-conflicts=('libdjvu')
-provides=("libdjvu=${pkgver}")
-replaces=('libdjvu')
-
-build() {
- cd ${pkgname}-${pkgver}
- ./configure --prefix=/usr --disable-desktopfiles
- make
-}
-
-package() {
- cd ${pkgname}-${pkgver}
- make DESTDIR="${pkgdir}" install
- for sz in 22 32 48 64; do
- install -Dm644 desktopfiles/prebuilt-hi${sz}-djvu.png "${pkgdir}/usr/share/icons/hicolor/${sz}x${sz}/mimetypes/image-vnd.djvu.mime.png"
- done
-}
Copied: djvulibre/repos/extra-x86_64/PKGBUILD (from rev 415535, djvulibre/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2021-05-15 11:21:06 UTC (rev 415536)
@@ -0,0 +1,46 @@
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+# Contributor: mgushee
+
+pkgname=djvulibre
+pkgver=3.5.28
+pkgrel=3
+pkgdesc="Suite to create, manipulate and view DjVu ('déjà vu') documents"
+url='http://djvu.sourceforge.net/'
+arch=('x86_64')
+license=('GPL2')
+makedepends=('librsvg')
+depends=('libtiff' 'hicolor-icon-theme')
+source=(https://downloads.sourceforge.net/project/djvu/DjVuLibre/$pkgver/djvulibre-$pkgver.tar.gz
+ djvulibre-check-image-size.patch
+ djvulibre-check-input-pool.patch
+ djvulibre-djvuport-stack-overflow.patch
+ djvulibre-integer-overflow.patch
+ djvulibre-unsigned-short-overflow.patch)
+sha256sums=('fcd009ea7654fde5a83600eb80757bd3a76998e47d13c66b54c8db849f8f2edc'
+ '5cd3bdedc9ba82af541e1fc0bb6fabdc77c7fc43ee6bd15f9c7cca9d39d53c82'
+ 'd938cb05ac37b2f3f9602de6d148307e4164ee8a6f89fb6d81d5ed100fbc368b'
+ '73e476cdb8af46bf94b208b9170679aaba165d54247d435e6a58e874ae85109c'
+ '9e6d8b94d922ba382702ec4f878c06293eb546827e40a7de5221cb21c52d3d23'
+ '7ea0926757adaaff61b5622b2ee88d4af55fec5235183828337005852118f97f')
+
+prepare() {
+# Security fixed from Fedora
+ for _patch in djvulibre*.patch; do
+ patch -d $pkgname-$pkgver -p1 < $_patch
+ done
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure --prefix=/usr --disable-desktopfiles
+ make
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ for sz in 22 32 48 64; do
+ install -Dm644 desktopfiles/prebuilt-hi${sz}-djvu.png "${pkgdir}/usr/share/icons/hicolor/${sz}x${sz}/mimetypes/image-vnd.djvu.mime.png"
+ done
+}
Copied: djvulibre/repos/extra-x86_64/djvulibre-check-image-size.patch (from rev 415535, djvulibre/trunk/djvulibre-check-image-size.patch)
===================================================================
--- djvulibre-check-image-size.patch (rev 0)
+++ djvulibre-check-image-size.patch 2021-05-15 11:21:06 UTC (rev 415536)
@@ -0,0 +1,16 @@
+diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp
+index e8d4b44..aa3d554 100644
+--- a/libdjvu/IW44Image.cpp
++++ b/libdjvu/IW44Image.cpp
+@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast)
+ size_t sz = bw * bh;
+ if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
+ G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
++ if (sz == 0)
++ G_THROW("IW44Image: zero size image (corrupted file?)");
+ GPBuffer<short> gdata16(data16,sz);
++ if (data16 == NULL)
++ G_THROW("IW44Image: unable to allocate image data");
+ // Copy coefficients
+ int i;
+ short *p = data16;
Copied: djvulibre/repos/extra-x86_64/djvulibre-check-input-pool.patch (from rev 415535, djvulibre/trunk/djvulibre-check-input-pool.patch)
===================================================================
--- djvulibre-check-input-pool.patch (rev 0)
+++ djvulibre-check-input-pool.patch 2021-05-15 11:21:06 UTC (rev 415536)
@@ -0,0 +1,13 @@
+diff --git a/libdjvu/DataPool.cpp b/libdjvu/DataPool.cpp
+index 5fcbedf..4c2eaf0 100644
+--- a/libdjvu/DataPool.cpp
++++ b/libdjvu/DataPool.cpp
+@@ -791,6 +791,8 @@ DataPool::create(const GP<DataPool> & pool, int start, int length)
+ DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n");
+ DEBUG_MAKE_INDENT(3);
+
++ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") );
++
+ DataPool *xpool=new DataPool();
+ GP<DataPool> retval=xpool;
+ xpool->init();
Copied: djvulibre/repos/extra-x86_64/djvulibre-djvuport-stack-overflow.patch (from rev 415535, djvulibre/trunk/djvulibre-djvuport-stack-overflow.patch)
===================================================================
--- djvulibre-djvuport-stack-overflow.patch (rev 0)
+++ djvulibre-djvuport-stack-overflow.patch 2021-05-15 11:21:06 UTC (rev 415536)
@@ -0,0 +1,36 @@
+diff --git a/libdjvu/DjVuPort.cpp b/libdjvu/DjVuPort.cpp
+index 2b3e0d2..ede7f6b 100644
+--- a/libdjvu/DjVuPort.cpp
++++ b/libdjvu/DjVuPort.cpp
+@@ -507,10 +507,19 @@ GP<DjVuFile>
+ DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id)
+ {
+ GPList<DjVuPort> list;
++
++ if (!!opening_id && opening_id == id)
++ G_THROW("DjVuPortcaster: recursive opening of the same file (corrupted file?)");
++ else
++ opening_id = id;
++
+ compute_closure(source, list, true);
+ GP<DjVuFile> file;
+ for(GPosition pos=list;pos;++pos)
+ if ((file=list[pos]->id_to_file(source, id))) break;
++
++ opening_id = GUTF8String();
++
+ return file;
+ }
+
+diff --git a/libdjvu/DjVuPort.h b/libdjvu/DjVuPort.h
+index e2b3125..313dc2b 100644
+--- a/libdjvu/DjVuPort.h
++++ b/libdjvu/DjVuPort.h
+@@ -484,6 +484,7 @@ private:
+ const DjVuPort *dst, int distance);
+ void compute_closure(const DjVuPort *src, GPList<DjVuPort> &list,
+ bool sorted=false);
++ GUTF8String opening_id;
+ };
+
+
Copied: djvulibre/repos/extra-x86_64/djvulibre-integer-overflow.patch (from rev 415535, djvulibre/trunk/djvulibre-integer-overflow.patch)
===================================================================
--- djvulibre-integer-overflow.patch (rev 0)
+++ djvulibre-integer-overflow.patch 2021-05-15 11:21:06 UTC (rev 415536)
@@ -0,0 +1,23 @@
+diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
+index 7109952..b41f7d2 100644
+--- a/tools/ddjvu.cpp
++++ b/tools/ddjvu.cpp
+@@ -70,6 +70,7 @@
+ #include <locale.h>
+ #include <fcntl.h>
+ #include <errno.h>
++#include <stdint.h>
+
+ #ifdef UNIX
+ # include <sys/time.h>
+@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno)
+ rowsize = rrect.w;
+ else
+ rowsize = rrect.w * 3;
+- if (! (image = (char*)malloc(rowsize * rrect.h)))
++ if ((size_t)rowsize > SIZE_MAX / rrect.h)
++ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno);
++ if (! (image = (char*)malloc((size_t)rowsize * rrect.h)))
+ die(i18n("Cannot allocate image buffer for page %d"), pageno);
+
+ /* Render */
Copied: djvulibre/repos/extra-x86_64/djvulibre-unsigned-short-overflow.patch (from rev 415535, djvulibre/trunk/djvulibre-unsigned-short-overflow.patch)
===================================================================
--- djvulibre-unsigned-short-overflow.patch (rev 0)
+++ djvulibre-unsigned-short-overflow.patch 2021-05-15 11:21:06 UTC (rev 415536)
@@ -0,0 +1,21 @@
+diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
+index c2fdbe4..e271a1d 100644
+--- a/libdjvu/GBitmap.cpp
++++ b/libdjvu/GBitmap.cpp
+@@ -69,6 +69,7 @@
+ #include <stddef.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+
+ // - Author: Leon Bottou, 05/1997
+
+@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs)
+ // initialize pixel array
+ if (nrows==0 || ncolumns==0)
+ G_THROW( ERR_MSG("GBitmap.not_init") );
++ if (ncolumns > USHRT_MAX - border)
++ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)");
+ bytes_per_row = ncolumns + border;
+ if (runs==0)
+ G_THROW( ERR_MSG("GBitmap.null_arg") );
More information about the arch-commits
mailing list