Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package djvulibre for openSUSE:Factory
checked in at 2023-08-30 10:18:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/djvulibre (Old)
and /work/SRC/openSUSE:Factory/.djvulibre.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "djvulibre"
Wed Aug 30 10:18:30 2023 rev:45 rq:1107914 version:3.5.28
Changes:
--------
--- /work/SRC/openSUSE:Factory/djvulibre/djvulibre.changes 2023-05-21
19:08:24.386331683 +0200
+++ /work/SRC/openSUSE:Factory/.djvulibre.new.1766/djvulibre.changes
2023-08-30 10:20:20.739853116 +0200
@@ -1,0 +2,10 @@
+Tue Aug 29 10:48:49 UTC 2023 - pgaj...@suse.com
+
+- security update
+- added patches
+ fix CVE-2021-46310 [bsc#1214670], divide by zero in IW44Image.cpp
+ + djvulibre-CVE-2021-46310.patch
+ fix CVE-2021-46312 [bsc#1214672], divide by zero in IW44EncodeCodec.cpp
+ + djvulibre-CVE-2021-46312.patch
+
+-------------------------------------------------------------------
New:
----
djvulibre-CVE-2021-46310.patch
djvulibre-CVE-2021-46312.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ djvulibre.spec ++++++
--- /var/tmp/diff_new_pack.cgpqlp/_old 2023-08-30 10:20:22.131902803 +0200
+++ /var/tmp/diff_new_pack.cgpqlp/_new 2023-08-30 10:20:22.135902947 +0200
@@ -37,6 +37,10 @@
Patch3: djvulibre-CVE-2021-32493.patch
# CVE-2021-3500 [bsc#1186253], Stack overflow in function
DJVU:DjVuDocument:get_djvu_file() via crafted djvu file
Patch4: djvulibre-CVE-2021-3500.patch
+# CVE-2021-46310 [bsc#1214670], divide by zero in IW44Image.cpp
+Patch5: djvulibre-CVE-2021-46310.patch
+# CVE-2021-46312 [bsc#1214672], divide by zero in IW44EncodeCodec.cpp
+Patch6: djvulibre-CVE-2021-46312.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: hicolor-icon-theme
@@ -94,6 +98,8 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
+%patch6 -p1
%build
# configure script missing; generate using autogen.sh
++++++ djvulibre-CVE-2021-46310.patch ++++++
Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp
@@ -676,10 +676,10 @@ IW44Image::Map::image(signed char *img8,
// Allocate reconstruction buffer
short *data16;
size_t sz = bw * bh;
+ if (sz == 0) // bw or bh is zero
+ G_THROW("IW44Image: zero size image (corrupted file?)");
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
- if (sz == 0)
- G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
if (data16 == NULL)
G_THROW("IW44Image: unable to allocate image data");
++++++ djvulibre-CVE-2021-46312.patch ++++++
Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp
+++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm
int h = bm.rows();
int g = bm.get_grays()-1;
signed char *buffer;
- GPBuffer<signed char> gbuffer(buffer,w*h);
+ size_t sz = w * h;
+ if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+ G_THROW("IWBitmap: zero size image (corrupted file?)");
+ if (sz / (size_t)w != (size_t)h) // multiplication overflow
+ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+ GPBuffer<signed char> gbuffer(buffer,sz);
// Prepare gray level conversion table
signed char bconv[256];
for (i=0; i<256; i++)
