djvulibre: 3.5.28 -> 3.5.29

Changes: https://sourceforge.net/p/djvu/djvulibre-git/ci/master/tree/NEWS

+2 -136
-105
pkgs/by-name/dj/djvulibre/CVE-2021-3500+CVE-2021-32490+CVE-2021-32491+CVE-2021-32492+CVE-2021-32493.patch
··· 1 - From cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6 Mon Sep 17 00:00:00 2001 2 - From: Leon Bottou <leon@bottou.org> 3 - Date: Tue, 11 May 2021 14:44:09 -0400 4 - Subject: [PATCH] Reviewed Fedora patches and adopted some of them (or variants 5 - thereof) 6 - 7 - - Patch0: djvulibre-3.5.22-cdefs.patch (forward ported) 8 - Does not make imuch sense. GSmartPointer.h already includes "stddef.h" 9 - - Patch6: djvulibre-3.5.27-export-file.patch (forward ported) 10 - Incorrect: inkscape command is --export-png, not --export-filename. 11 - - Patch8: djvulibre-3.5.27-check-image-size.patch (forward ported) 12 - Correct: adopted a variant of this 13 - - Patch9: djvulibre-3.5.27-integer-overflow.patch (forward ported) 14 - Correct: adopted a variant of this 15 - - Patch10: djvulibre-3.5.27-check-input-pool.patch (forward ported) 16 - Adopted: input validation never hurts 17 - - Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch (forward ported) 18 - Dubious: Instead I changed djvufile to prevent a file from including itself 19 - which is the only way I can imagine to create an file creation loop. 20 - - Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch (forward ported) 21 - Adopted: but without including limits.h 22 - --- 23 - libdjvu/DataPool.cpp | 3 ++- 24 - libdjvu/DjVuFile.cpp | 2 ++ 25 - libdjvu/GBitmap.cpp | 2 ++ 26 - libdjvu/IW44Image.cpp | 4 ++++ 27 - tools/ddjvu.cpp | 7 +++++-- 28 - 5 files changed, 15 insertions(+), 3 deletions(-) 29 - 30 - diff --git a/libdjvu/DataPool.cpp b/libdjvu/DataPool.cpp 31 - index 5fcbedf..b58fc45 100644 32 - --- a/libdjvu/DataPool.cpp 33 - +++ b/libdjvu/DataPool.cpp 34 - @@ -790,7 +790,8 @@ DataPool::create(const GP<DataPool> & pool, int start, int length) 35 - { 36 - DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n"); 37 - DEBUG_MAKE_INDENT(3); 38 - - 39 - + if (!pool) 40 - + G_THROW( ERR_MSG("DataPool.zero_DataPool") ); 41 - DataPool *xpool=new DataPool(); 42 - GP<DataPool> retval=xpool; 43 - xpool->init(); 44 - diff --git a/libdjvu/DjVuFile.cpp b/libdjvu/DjVuFile.cpp 45 - index 143346b..2587491 100644 46 - --- a/libdjvu/DjVuFile.cpp 47 - +++ b/libdjvu/DjVuFile.cpp 48 - @@ -576,6 +576,8 @@ DjVuFile::process_incl_chunk(ByteStream & str, int file_num) 49 - GURL incl_url=pcaster->id_to_url(this, incl_str); 50 - if (incl_url.is_empty()) // Fallback. Should never be used. 51 - incl_url=GURL::UTF8(incl_str,url.base()); 52 - + if (incl_url == url) // Infinite loop avoidance 53 - + G_THROW( ERR_MSG("DjVuFile.malformed") ); 54 - 55 - // Now see if there is already a file with this *name* created 56 - { 57 - diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp 58 - index c2fdbe4..8ad64b2 100644 59 - --- a/libdjvu/GBitmap.cpp 60 - +++ b/libdjvu/GBitmap.cpp 61 - @@ -1284,6 +1284,8 @@ GBitmap::decode(unsigned char *runs) 62 - // initialize pixel array 63 - if (nrows==0 || ncolumns==0) 64 - G_THROW( ERR_MSG("GBitmap.not_init") ); 65 - + if (ncolumns + border != (unsigned short)(ncolumns+border)) 66 - + G_THROW("GBitmap: image size exceeds maximum (corrupted file?)"); 67 - bytes_per_row = ncolumns + border; 68 - if (runs==0) 69 - G_THROW( ERR_MSG("GBitmap.null_arg") ); 70 - diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp 71 - index e8d4b44..4a1797e 100644 72 - --- a/libdjvu/IW44Image.cpp 73 - +++ b/libdjvu/IW44Image.cpp 74 - @@ -676,9 +676,13 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast) 75 - // Allocate reconstruction buffer 76 - short *data16; 77 - size_t sz = bw * bh; 78 - + if (sz == 0) 79 - + G_THROW("IW44Image: image size is zero (corrupted file?)"); 80 - if (sz / (size_t)bw != (size_t)bh) // multiplication overflow 81 - G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); 82 - GPBuffer<short> gdata16(data16,sz); 83 - + if (data16 == 0) 84 - + G_THROW("IW44Image: unable to allocate image buffer"); 85 - // Copy coefficients 86 - int i; 87 - short *p = data16; 88 - diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp 89 - index 7109952..e7b489b 100644 90 - --- a/tools/ddjvu.cpp 91 - +++ b/tools/ddjvu.cpp 92 - @@ -393,8 +393,11 @@ render(ddjvu_page_t *page, int pageno) 93 - } else if (style == DDJVU_FORMAT_GREY8) 94 - rowsize = rrect.w; 95 - else 96 - - rowsize = rrect.w * 3; 97 - - if (! (image = (char*)malloc(rowsize * rrect.h))) 98 - + rowsize = rrect.w * 3; 99 - + size_t bufsize = (size_t)rowsize * rrect.h; 100 - + if (bufsize / rowsize != rrect.h) 101 - + die(i18n("Integer overflow when allocating image buffer for page %d"), pageno); 102 - + if (! (image = (char*)malloc(bufsize))) 103 - die(i18n("Cannot allocate image buffer for page %d"), pageno); 104 - 105 - /* Render */
-21
pkgs/by-name/dj/djvulibre/c++17-register-class.patch
··· 1 - diff -ur a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h 2 - --- a/libdjvu/GBitmap.h 2020-11-20 09:57:32.000000000 -0700 3 - +++ b/libdjvu/GBitmap.h 2023-07-07 07:07:45.519912414 -0600 4 - @@ -620,7 +620,7 @@ 5 - inline int 6 - GBitmap::read_run(unsigned char *&data) 7 - { 8 - - register int z=*data++; 9 - + int z=*data++; 10 - return (z>=RUNOVERFLOWVALUE)? 11 - ((z&~RUNOVERFLOWVALUE)<<8)|(*data++):z; 12 - } 13 - @@ -628,7 +628,7 @@ 14 - inline int 15 - GBitmap::read_run(const unsigned char *&data) 16 - { 17 - - register int z=*data++; 18 - + int z=*data++; 19 - return (z>=RUNOVERFLOWVALUE)? 20 - ((z&~RUNOVERFLOWVALUE)<<8)|(*data++):z; 21 - }
+2 -10
pkgs/by-name/dj/djvulibre/package.nix
··· 11 11 12 12 stdenv.mkDerivation rec { 13 13 pname = "djvulibre"; 14 - version = "3.5.28"; 14 + version = "3.5.29"; 15 15 16 16 src = fetchurl { 17 17 url = "mirror://sourceforge/djvu/${pname}-${version}.tar.gz"; 18 - sha256 = "1p1fiygq9ny8aimwc4vxwjc6k9ykgdsq1sq06slfbzalfvm0kl7w"; 18 + hash = "sha256-07SwOuK9yoUWo2726ye3d/BSjJ7aJnRdmWKCSj/f7M8="; 19 19 }; 20 20 21 21 outputs = [ ··· 39 39 ]; 40 40 41 41 enableParallelBuilding = true; 42 - 43 - patches = [ 44 - # Remove uses of the `register` storage class specifier, which was removed in C++17. 45 - # Fixes compilation with clang 16, which defaults to C++17. 46 - ./c++17-register-class.patch 47 - 48 - ./CVE-2021-3500+CVE-2021-32490+CVE-2021-32491+CVE-2021-32492+CVE-2021-32493.patch 49 - ]; 50 42 51 43 meta = with lib; { 52 44 description = "Big set of CLI tools to make/modify/optimize/show/export DJVU files";