diff options
Diffstat (limited to 'repo/djvulibre')
8 files changed, 194 insertions, 0 deletions
diff --git a/repo/djvulibre/djvulibre-3.5.27-check-image-size.patch b/repo/djvulibre/djvulibre-3.5.27-check-image-size.patch new file mode 100644 index 0000000..9d0d5b8 --- /dev/null +++ b/repo/djvulibre/djvulibre-3.5.27-check-image-size.patch @@ -0,0 +1,16 @@ +diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp +index e8d4b44..aa3d554 100644 +--- a/libdjvu/IW44Image.cpp ++++ b/libdjvu/IW44Image.cpp +@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast) + size_t sz = bw * bh; + if (sz / (size_t)bw != (size_t)bh) // multiplication overflow + G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); ++ if (sz == 0) ++ G_THROW("IW44Image: zero size image (corrupted file?)"); + GPBuffer<short> gdata16(data16,sz); ++ if (data16 == NULL) ++ G_THROW("IW44Image: unable to allocate image data"); + // Copy coefficients + int i; + short *p = data16; diff --git a/repo/djvulibre/djvulibre-3.5.27-check-input-pool.patch b/repo/djvulibre/djvulibre-3.5.27-check-input-pool.patch new file mode 100644 index 0000000..26e08e9 --- /dev/null +++ b/repo/djvulibre/djvulibre-3.5.27-check-input-pool.patch @@ -0,0 +1,13 @@ +diff --git a/libdjvu/DataPool.cpp b/libdjvu/DataPool.cpp +index 5fcbedf..4c2eaf0 100644 +--- a/libdjvu/DataPool.cpp ++++ b/libdjvu/DataPool.cpp +@@ -791,6 +791,8 @@ DataPool::create(const GP<DataPool> & pool, int start, int length) + DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n"); + DEBUG_MAKE_INDENT(3); + ++ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") ); ++ + DataPool *xpool=new DataPool(); + GP<DataPool> retval=xpool; + xpool->init(); diff --git a/repo/djvulibre/djvulibre-3.5.27-djvuport-stack-overflow.patch b/repo/djvulibre/djvulibre-3.5.27-djvuport-stack-overflow.patch new file mode 100644 index 0000000..e7bc643 --- /dev/null +++ b/repo/djvulibre/djvulibre-3.5.27-djvuport-stack-overflow.patch @@ -0,0 +1,36 @@ +diff --git a/libdjvu/DjVuPort.cpp b/libdjvu/DjVuPort.cpp +index 2b3e0d2..ede7f6b 100644 +--- a/libdjvu/DjVuPort.cpp ++++ b/libdjvu/DjVuPort.cpp +@@ -507,10 +507,19 @@ GP<DjVuFile> + DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id) + { + GPList<DjVuPort> list; ++ ++ if (!!opening_id && opening_id == id) ++ G_THROW("DjVuPortcaster: recursive opening of the same file (corrupted file?)"); ++ else ++ opening_id = id; ++ + compute_closure(source, list, true); + GP<DjVuFile> file; + for(GPosition pos=list;pos;++pos) + if ((file=list[pos]->id_to_file(source, id))) break; ++ ++ opening_id = GUTF8String(); ++ + return file; + } + +diff --git a/libdjvu/DjVuPort.h b/libdjvu/DjVuPort.h +index e2b3125..313dc2b 100644 +--- a/libdjvu/DjVuPort.h ++++ b/libdjvu/DjVuPort.h +@@ -484,6 +484,7 @@ private: + const DjVuPort *dst, int distance); + void compute_closure(const DjVuPort *src, GPList<DjVuPort> &list, + bool sorted=false); ++ GUTF8String opening_id; + }; + + diff --git a/repo/djvulibre/djvulibre-3.5.27-export-file.patch b/repo/djvulibre/djvulibre-3.5.27-export-file.patch new file mode 100644 index 0000000..02a1c44 --- /dev/null +++ b/repo/djvulibre/djvulibre-3.5.27-export-file.patch @@ -0,0 +1,28 @@ +--- djvulibre-3.5.27/desktopfiles/Makefile.am ++++ djvulibre-3.5.27/desktopfiles/Makefile.am +@@ -32,10 +32,9 @@ if HAVE_CONVERSION_INKSCAPE + convert_icons_process = \ + s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ + ${INKSCAPE} \ +---without-gui \ + --export-width=$${s} \ + --export-height=$${s} \ +---export-png=$@ $< ++--export-filename=$@ $< + endif + + if HAVE_CONVERSION_CONVERT +--- djvulibre-3.5.27/desktopfiles/Makefile.in ++++ djvulibre-3.5.27/desktopfiles/Makefile.in +@@ -306,10 +306,9 @@ PNGICONS = \ + @HAVE_CONVERSION_INKSCAPE_TRUE@convert_icons_process = \ + @HAVE_CONVERSION_INKSCAPE_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ + @HAVE_CONVERSION_INKSCAPE_TRUE@${INKSCAPE} \ +-@HAVE_CONVERSION_INKSCAPE_TRUE@--without-gui \ + @HAVE_CONVERSION_INKSCAPE_TRUE@--export-width=$${s} \ + @HAVE_CONVERSION_INKSCAPE_TRUE@--export-height=$${s} \ +-@HAVE_CONVERSION_INKSCAPE_TRUE@--export-png=$@ $< ++@HAVE_CONVERSION_INKSCAPE_TRUE@--export-filename=$@ $< + + @HAVE_CONVERSION_RSVG_TRUE@convert_icons_process = \ + @HAVE_CONVERSION_RSVG_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ diff --git a/repo/djvulibre/djvulibre-3.5.27-integer-overflow.patch b/repo/djvulibre/djvulibre-3.5.27-integer-overflow.patch new file mode 100644 index 0000000..279a038 --- /dev/null +++ b/repo/djvulibre/djvulibre-3.5.27-integer-overflow.patch @@ -0,0 +1,23 @@ +diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp +index 7109952..b41f7d2 100644 +--- a/tools/ddjvu.cpp ++++ b/tools/ddjvu.cpp +@@ -70,6 +70,7 @@ + #include <locale.h> + #include <fcntl.h> + #include <errno.h> ++#include <stdint.h> + + #ifdef UNIX + # include <sys/time.h> +@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno) + rowsize = rrect.w; + else + rowsize = rrect.w * 3; +- if (! (image = (char*)malloc(rowsize * rrect.h))) ++ if ((size_t)rowsize > SIZE_MAX / rrect.h) ++ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno); ++ if (! (image = (char*)malloc((size_t)rowsize * rrect.h))) + die(i18n("Cannot allocate image buffer for page %d"), pageno); + + /* Render */ diff --git a/repo/djvulibre/djvulibre-3.5.27-out-of-bound-write-2.patch b/repo/djvulibre/djvulibre-3.5.27-out-of-bound-write-2.patch new file mode 100644 index 0000000..f2fae47 --- /dev/null +++ b/repo/djvulibre/djvulibre-3.5.27-out-of-bound-write-2.patch @@ -0,0 +1,14 @@ +diff --git a/libdjvu/DjVuText.cpp b/libdjvu/DjVuText.cpp +index 60a4f39..b11df7b 100644 +--- a/libdjvu/DjVuText.cpp ++++ b/libdjvu/DjVuText.cpp +@@ -345,7 +345,8 @@ DjVuTXT::decode(const GP<ByteStream> &gbs) + int textsize = bs.read24(); + char *buffer = textUTF8.getbuf(textsize); + int readsize = bs.read(buffer,textsize); +- buffer[readsize] = 0; ++ if (buffer) ++ buffer[readsize] = 0; + if (readsize < textsize) + G_THROW( ERR_MSG("DjVuText.corrupt_chunk") ); + // Try reading zones diff --git a/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch b/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch new file mode 100644 index 0000000..c7a6f3a --- /dev/null +++ b/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch @@ -0,0 +1,21 @@ +diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp +index c2fdbe4..e271a1d 100644 +--- a/libdjvu/GBitmap.cpp ++++ b/libdjvu/GBitmap.cpp +@@ -69,6 +69,7 @@ + #include <stddef.h> + #include <stdlib.h> + #include <string.h> ++#include <limits.h> + + // - Author: Leon Bottou, 05/1997 + +@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs) + // initialize pixel array + if (nrows==0 || ncolumns==0) + G_THROW( ERR_MSG("GBitmap.not_init") ); ++ if (ncolumns > USHRT_MAX - border) ++ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)"); + bytes_per_row = ncolumns + border; + if (runs==0) + G_THROW( ERR_MSG("GBitmap.null_arg") ); diff --git a/repo/djvulibre/djvulibre.xibuild b/repo/djvulibre/djvulibre.xibuild new file mode 100644 index 0000000..d275bd2 --- /dev/null +++ b/repo/djvulibre/djvulibre.xibuild @@ -0,0 +1,43 @@ +#!/bin/sh + +NAME="djvulibre" +DESC="Utilities and Libraries for the DjVu image format" + +MAKEDEPS=" libjpeg-turbo tiff automake autoconf libtool" + +PKG_VER=3.5.28 +SOURCE="https://downloads.sourceforge.net/djvu/djvulibre-$PKG_VER.tar.gz" + +ADDITIONAL=" +djvulibre-3.5.27-check-image-size.patch +djvulibre-3.5.27-check-input-pool.patch +djvulibre-3.5.27-djvuport-stack-overflow.patch +djvulibre-3.5.27-export-file.patch +djvulibre-3.5.27-integer-overflow.patch +djvulibre-3.5.27-out-of-bound-write-2.patch +djvulibre-3.5.27-unsigned-short-overflow.patch +" + +prepare() { + apply_patches + autoreconf -fi +} + +build() { + ./configure \ + --prefix=/usr \ + --mandir=/usr/share/man + make +} + +package() { + make DESTDIR="$PKG_DEST" install +} + +libs() { + pkgdesc="Runtime support for the DjVu image format" + mkdir -p "$PKG_DEST"/usr/lib + mv "$PKG_DEST"/usr/lib/*.so.* \ + "$PKG_DEST"/usr/lib/ +} + |