* update djvulibre to 3.5.28-6

2024-05-11 00:05:47 +02:00 · 2024-05-11 00:05:47 +02:00 · e8e1e0023c
commit e8e1e0023c
parent 707bbfe78a
3 changed files with 56 additions and 10 deletions
--- a/djvulibre/PKGBUILD
+++ b/djvulibre/PKGBUILD
@ -6,33 +6,42 @@

 pkgname=djvulibre
 pkgver=3.5.28
-pkgrel=5
+pkgrel=6
 pkgdesc='Library and utilities to create, manipulate and view DjVu (déjà vu) documents'
 arch=(x86_64 powerpc64le powerpc64 powerpc riscv64)
 url='https://djvu.sourceforge.net/'
-license=('GPL2')
+license=('GPL-2.0-or-later')
 depends=('bash' 'gcc-libs' 'glibc' 'hicolor-icon-theme' 'libjpeg-turbo' 'libtiff')
 source=("https://downloads.sourceforge.net/djvu/$pkgname-$pkgver.tar.gz"
        'djvulibre-check-image-size.patch'
+        'djvulibre-integer-overflow.patch'
        'djvulibre-check-input-pool.patch'
        'djvulibre-djvuport-stack-overflow.patch'
-        'djvulibre-integer-overflow.patch'
+        'djvulibre-unsigned-short-overflow.patch'
        'djvulibre-out-of-bound-write-2.patch'
-        'djvulibre-unsigned-short-overflow.patch')
+        'djvulibre-CVE-2021-46310.patch'
+        'djvulibre-CVE-2021-46312.patch')
 sha256sums=('fcd009ea7654fde5a83600eb80757bd3a76998e47d13c66b54c8db849f8f2edc'
            '5cd3bdedc9ba82af541e1fc0bb6fabdc77c7fc43ee6bd15f9c7cca9d39d53c82'
+            '9e6d8b94d922ba382702ec4f878c06293eb546827e40a7de5221cb21c52d3d23'
            'd938cb05ac37b2f3f9602de6d148307e4164ee8a6f89fb6d81d5ed100fbc368b'
            '73e476cdb8af46bf94b208b9170679aaba165d54247d435e6a58e874ae85109c'
-            '9e6d8b94d922ba382702ec4f878c06293eb546827e40a7de5221cb21c52d3d23'
+            '7ea0926757adaaff61b5622b2ee88d4af55fec5235183828337005852118f97f'
            'bfc2c89b86d1ab60b4fc8f48270c178269b619fee20dfeeee37ab08a1fda7432'
-            '7ea0926757adaaff61b5622b2ee88d4af55fec5235183828337005852118f97f')
+            '94ec83abf505a24edeabdbeac20338e880bde3b9828ab969b41acd540a2689c8'
+            '2391cb6c65c2bc0f71188b05431cda4918deb9adf32a902f0fff6c2c9e3093dd')

 prepare() {
  cd $pkgname-$pkgver
-  # Security fixes from Fedora
-  for _patch in ../djvulibre-*.patch; do
-    patch -Np1 -i $_patch
-  done
+  # Security fixes from Fedora and openSUSE
+  patch -Np1 -i ../djvulibre-check-image-size.patch
+  patch -Np1 -i ../djvulibre-integer-overflow.patch
+  patch -Np1 -i ../djvulibre-check-input-pool.patch
+  patch -Np1 -i ../djvulibre-djvuport-stack-overflow.patch
+  patch -Np1 -i ../djvulibre-unsigned-short-overflow.patch
+  patch -Np1 -i ../djvulibre-out-of-bound-write-2.patch
+  patch -Np1 -i ../djvulibre-CVE-2021-46310.patch
+  patch -Np1 -i ../djvulibre-CVE-2021-46312.patch
 }

 build() {
--- a/djvulibre/djvulibre-CVE-2021-46310.patch
+++ b/djvulibre/djvulibre-CVE-2021-46310.patch
@ -0,0 +1,18 @@
+Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
+===================================================================
+--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp
+@@ -676,10 +676,10 @@ IW44Image::Map::image(signed char *img8,
+   // Allocate reconstruction buffer
+   short *data16;
+   size_t sz = bw * bh;
+  if (sz == 0) // bw or bh is zero
+    G_THROW("IW44Image: zero size image (corrupted file?)");
+   if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
+     G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
+-  if (sz == 0)
+-    G_THROW("IW44Image: zero size image (corrupted file?)");
+   GPBuffer<short> gdata16(data16,sz);
+   if (data16 == NULL)
+     G_THROW("IW44Image: unable to allocate image data");
+
--- a/djvulibre/djvulibre-CVE-2021-46312.patch
+++ b/djvulibre/djvulibre-CVE-2021-46312.patch
@ -0,0 +1,19 @@
+Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
+===================================================================
+--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp
+++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
+@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm
+   int h = bm.rows();
+   int g = bm.get_grays()-1;
+   signed char *buffer;
+-  GPBuffer<signed char> gbuffer(buffer,w*h);
+  size_t sz = w * h;
+  if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+    G_THROW("IWBitmap: zero size image (corrupted file?)");
+  if (sz / (size_t)w != (size_t)h) // multiplication overflow
+    G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+  GPBuffer<signed char> gbuffer(buffer,sz);
+   // Prepare gray level conversion table
+   signed char  bconv[256];
+   for (i=0; i<256; i++)
+