summaryrefslogtreecommitdiff
path: root/repo/djvulibre
diff options
context:
space:
mode:
Diffstat (limited to 'repo/djvulibre')
-rw-r--r--repo/djvulibre/djvulibre-3.5.27-check-image-size.patch16
-rw-r--r--repo/djvulibre/djvulibre-3.5.27-check-input-pool.patch13
-rw-r--r--repo/djvulibre/djvulibre-3.5.27-djvuport-stack-overflow.patch36
-rw-r--r--repo/djvulibre/djvulibre-3.5.27-export-file.patch28
-rw-r--r--repo/djvulibre/djvulibre-3.5.27-integer-overflow.patch23
-rw-r--r--repo/djvulibre/djvulibre-3.5.27-out-of-bound-write-2.patch14
-rw-r--r--repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch21
-rw-r--r--repo/djvulibre/djvulibre.xibuild43
8 files changed, 194 insertions, 0 deletions
diff --git a/repo/djvulibre/djvulibre-3.5.27-check-image-size.patch b/repo/djvulibre/djvulibre-3.5.27-check-image-size.patch
new file mode 100644
index 0000000..9d0d5b8
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-check-image-size.patch
@@ -0,0 +1,16 @@
+diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp
+index e8d4b44..aa3d554 100644
+--- a/libdjvu/IW44Image.cpp
++++ b/libdjvu/IW44Image.cpp
+@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast)
+ size_t sz = bw * bh;
+ if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
+ G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
++ if (sz == 0)
++ G_THROW("IW44Image: zero size image (corrupted file?)");
+ GPBuffer<short> gdata16(data16,sz);
++ if (data16 == NULL)
++ G_THROW("IW44Image: unable to allocate image data");
+ // Copy coefficients
+ int i;
+ short *p = data16;
diff --git a/repo/djvulibre/djvulibre-3.5.27-check-input-pool.patch b/repo/djvulibre/djvulibre-3.5.27-check-input-pool.patch
new file mode 100644
index 0000000..26e08e9
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-check-input-pool.patch
@@ -0,0 +1,13 @@
+diff --git a/libdjvu/DataPool.cpp b/libdjvu/DataPool.cpp
+index 5fcbedf..4c2eaf0 100644
+--- a/libdjvu/DataPool.cpp
++++ b/libdjvu/DataPool.cpp
+@@ -791,6 +791,8 @@ DataPool::create(const GP<DataPool> & pool, int start, int length)
+ DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n");
+ DEBUG_MAKE_INDENT(3);
+
++ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") );
++
+ DataPool *xpool=new DataPool();
+ GP<DataPool> retval=xpool;
+ xpool->init();
diff --git a/repo/djvulibre/djvulibre-3.5.27-djvuport-stack-overflow.patch b/repo/djvulibre/djvulibre-3.5.27-djvuport-stack-overflow.patch
new file mode 100644
index 0000000..e7bc643
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-djvuport-stack-overflow.patch
@@ -0,0 +1,36 @@
+diff --git a/libdjvu/DjVuPort.cpp b/libdjvu/DjVuPort.cpp
+index 2b3e0d2..ede7f6b 100644
+--- a/libdjvu/DjVuPort.cpp
++++ b/libdjvu/DjVuPort.cpp
+@@ -507,10 +507,19 @@ GP<DjVuFile>
+ DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id)
+ {
+ GPList<DjVuPort> list;
++
++ if (!!opening_id && opening_id == id)
++ G_THROW("DjVuPortcaster: recursive opening of the same file (corrupted file?)");
++ else
++ opening_id = id;
++
+ compute_closure(source, list, true);
+ GP<DjVuFile> file;
+ for(GPosition pos=list;pos;++pos)
+ if ((file=list[pos]->id_to_file(source, id))) break;
++
++ opening_id = GUTF8String();
++
+ return file;
+ }
+
+diff --git a/libdjvu/DjVuPort.h b/libdjvu/DjVuPort.h
+index e2b3125..313dc2b 100644
+--- a/libdjvu/DjVuPort.h
++++ b/libdjvu/DjVuPort.h
+@@ -484,6 +484,7 @@ private:
+ const DjVuPort *dst, int distance);
+ void compute_closure(const DjVuPort *src, GPList<DjVuPort> &list,
+ bool sorted=false);
++ GUTF8String opening_id;
+ };
+
+
diff --git a/repo/djvulibre/djvulibre-3.5.27-export-file.patch b/repo/djvulibre/djvulibre-3.5.27-export-file.patch
new file mode 100644
index 0000000..02a1c44
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-export-file.patch
@@ -0,0 +1,28 @@
+--- djvulibre-3.5.27/desktopfiles/Makefile.am
++++ djvulibre-3.5.27/desktopfiles/Makefile.am
+@@ -32,10 +32,9 @@ if HAVE_CONVERSION_INKSCAPE
+ convert_icons_process = \
+ s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \
+ ${INKSCAPE} \
+---without-gui \
+ --export-width=$${s} \
+ --export-height=$${s} \
+---export-png=$@ $<
++--export-filename=$@ $<
+ endif
+
+ if HAVE_CONVERSION_CONVERT
+--- djvulibre-3.5.27/desktopfiles/Makefile.in
++++ djvulibre-3.5.27/desktopfiles/Makefile.in
+@@ -306,10 +306,9 @@ PNGICONS = \
+ @HAVE_CONVERSION_INKSCAPE_TRUE@convert_icons_process = \
+ @HAVE_CONVERSION_INKSCAPE_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \
+ @HAVE_CONVERSION_INKSCAPE_TRUE@${INKSCAPE} \
+-@HAVE_CONVERSION_INKSCAPE_TRUE@--without-gui \
+ @HAVE_CONVERSION_INKSCAPE_TRUE@--export-width=$${s} \
+ @HAVE_CONVERSION_INKSCAPE_TRUE@--export-height=$${s} \
+-@HAVE_CONVERSION_INKSCAPE_TRUE@--export-png=$@ $<
++@HAVE_CONVERSION_INKSCAPE_TRUE@--export-filename=$@ $<
+
+ @HAVE_CONVERSION_RSVG_TRUE@convert_icons_process = \
+ @HAVE_CONVERSION_RSVG_TRUE@s=`echo $@ | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \
diff --git a/repo/djvulibre/djvulibre-3.5.27-integer-overflow.patch b/repo/djvulibre/djvulibre-3.5.27-integer-overflow.patch
new file mode 100644
index 0000000..279a038
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-integer-overflow.patch
@@ -0,0 +1,23 @@
+diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
+index 7109952..b41f7d2 100644
+--- a/tools/ddjvu.cpp
++++ b/tools/ddjvu.cpp
+@@ -70,6 +70,7 @@
+ #include <locale.h>
+ #include <fcntl.h>
+ #include <errno.h>
++#include <stdint.h>
+
+ #ifdef UNIX
+ # include <sys/time.h>
+@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno)
+ rowsize = rrect.w;
+ else
+ rowsize = rrect.w * 3;
+- if (! (image = (char*)malloc(rowsize * rrect.h)))
++ if ((size_t)rowsize > SIZE_MAX / rrect.h)
++ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno);
++ if (! (image = (char*)malloc((size_t)rowsize * rrect.h)))
+ die(i18n("Cannot allocate image buffer for page %d"), pageno);
+
+ /* Render */
diff --git a/repo/djvulibre/djvulibre-3.5.27-out-of-bound-write-2.patch b/repo/djvulibre/djvulibre-3.5.27-out-of-bound-write-2.patch
new file mode 100644
index 0000000..f2fae47
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-out-of-bound-write-2.patch
@@ -0,0 +1,14 @@
+diff --git a/libdjvu/DjVuText.cpp b/libdjvu/DjVuText.cpp
+index 60a4f39..b11df7b 100644
+--- a/libdjvu/DjVuText.cpp
++++ b/libdjvu/DjVuText.cpp
+@@ -345,7 +345,8 @@ DjVuTXT::decode(const GP<ByteStream> &gbs)
+ int textsize = bs.read24();
+ char *buffer = textUTF8.getbuf(textsize);
+ int readsize = bs.read(buffer,textsize);
+- buffer[readsize] = 0;
++ if (buffer)
++ buffer[readsize] = 0;
+ if (readsize < textsize)
+ G_THROW( ERR_MSG("DjVuText.corrupt_chunk") );
+ // Try reading zones
diff --git a/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch b/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch
new file mode 100644
index 0000000..c7a6f3a
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch
@@ -0,0 +1,21 @@
+diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
+index c2fdbe4..e271a1d 100644
+--- a/libdjvu/GBitmap.cpp
++++ b/libdjvu/GBitmap.cpp
+@@ -69,6 +69,7 @@
+ #include <stddef.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+
+ // - Author: Leon Bottou, 05/1997
+
+@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs)
+ // initialize pixel array
+ if (nrows==0 || ncolumns==0)
+ G_THROW( ERR_MSG("GBitmap.not_init") );
++ if (ncolumns > USHRT_MAX - border)
++ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)");
+ bytes_per_row = ncolumns + border;
+ if (runs==0)
+ G_THROW( ERR_MSG("GBitmap.null_arg") );
diff --git a/repo/djvulibre/djvulibre.xibuild b/repo/djvulibre/djvulibre.xibuild
new file mode 100644
index 0000000..d275bd2
--- /dev/null
+++ b/repo/djvulibre/djvulibre.xibuild
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+NAME="djvulibre"
+DESC="Utilities and Libraries for the DjVu image format"
+
+MAKEDEPS=" libjpeg-turbo tiff automake autoconf libtool"
+
+PKG_VER=3.5.28
+SOURCE="https://downloads.sourceforge.net/djvu/djvulibre-$PKG_VER.tar.gz"
+
+ADDITIONAL="
+djvulibre-3.5.27-check-image-size.patch
+djvulibre-3.5.27-check-input-pool.patch
+djvulibre-3.5.27-djvuport-stack-overflow.patch
+djvulibre-3.5.27-export-file.patch
+djvulibre-3.5.27-integer-overflow.patch
+djvulibre-3.5.27-out-of-bound-write-2.patch
+djvulibre-3.5.27-unsigned-short-overflow.patch
+"
+
+prepare() {
+ apply_patches
+ autoreconf -fi
+}
+
+build() {
+ ./configure \
+ --prefix=/usr \
+ --mandir=/usr/share/man
+ make
+}
+
+package() {
+ make DESTDIR="$PKG_DEST" install
+}
+
+libs() {
+ pkgdesc="Runtime support for the DjVu image format"
+ mkdir -p "$PKG_DEST"/usr/lib
+ mv "$PKG_DEST"/usr/lib/*.so.* \
+ "$PKG_DEST"/usr/lib/
+}
+