[Frugalware-git] frugalware-1.9: djvulibre-3.5.25.2-2arcturus1-x86_64

[kikadf]

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=44b34a7266743111fe782d0cbd5550aa2df8d7b3

commit 44b34a7266743111fe782d0cbd5550aa2df8d7b3
Author: kikadf <kikadf...@gmail.com>
Date:   Thu Jan 16 10:32:04 2014 +0100

djvulibre-3.5.25.2-2arcturus1-x86_64

* Fix CVE-2012-6535

diff --git a/source/xlib/djvulibre/CVE-2012-6535.patch 
b/source/xlib/djvulibre/CVE-2012-6535.patch
new file mode 100644
index 0000000..4b47b1b
--- /dev/null
+++ b/source/xlib/djvulibre/CVE-2012-6535.patch
@@ -0,0 +1,50 @@
+diff -Naur djvulibre-3.5.23/libdjvu/GString.cpp 
djvulibre-3.5.23.new/libdjvu/GString.cpp
+--- djvulibre-3.5.23/libdjvu/GString.cpp       2014-01-15 11:36:40.581803800 
+0100
++++ djvulibre-3.5.23.new/libdjvu/GString.cpp   2014-01-15 11:37:01.813018200 
+0100
+@@ -1864,23 +1864,32 @@
+     mbstate_t ps;
+     memset(&ps,0,sizeof(mbstate_t));
+     for(const unsigned char *s=(const unsigned char *)data;(s<eptr)&& *s;)
+-    {
+-      const uint32_t w0=UTF8toUCS4(s,eptr);
+-      const unsigned char * const r0=r;
+-      r=UCS4toNative(w0,r,&ps);
+-      if(r == r0)
+       {
+-        if(escape == IS_ESCAPED)
+-        {
+-          sprintf((char *)r,"&#%lu;",(unsigned long)w0);
+-          r+=strlen((char *)r);
+-        }
++        const unsigned char * const s0 = s;
++        const uint32_t w0=UTF8toUCS4(s,eptr);
++        if (s == s0)
++          {
++            s += 1;
++            *r++ = '?';
++          }
+         else
+-        {
+-          *r++ = '?';
+-        }
++          {
++            const unsigned char * const r0 = r;
++            r=UCS4toNative(w0,r,&ps);
++            if(r == r0)
++              {
++                if (escape == IS_ESCAPED)
++                  {
++                    sprintf((char *)r,"&#%lu;",(unsigned long)w0);
++                    r += strlen((char *)r);
++                  }
++                else
++                  {
++                    *r++ = '?';
++                  }
++              }
++          }
+       }
+-    }
+     r[0]=0;
+     retval = NATIVE_CREATE( (const char *)buf );
+   } else
diff --git a/source/xlib/djvulibre/FrugalBuild 
b/source/xlib/djvulibre/FrugalBuild
index e4e8d4f..36caedb 100644
--- a/source/xlib/djvulibre/FrugalBuild
+++ b/source/xlib/djvulibre/FrugalBuild
@@ -1,9 +1,11 @@
# Compiling Time: 0.20 SBU
# Maintainer: Elentir <elen...@frugalware.org>

+options+=('asneeded')
+
pkgname=djvulibre
pkgver=3.5.25.2
-pkgrel=1
+pkgrel=2arcturus1
pkgdesc="DjVu is a web-centric format for distributing documents and images."
depends=('libtiff' 'libjpeg>=8a')
rodepends=('xdg-utils')
@@ -14,12 +16,18 @@ Finclude sourceforge
url="http://djvulibre.djvuzone.org/";
sha1sums=('27df54e897ab37328b2ae553608cf1409af6a7d1')

+# FSA fix ***
+source=(${source[@]} CVE-2012-6535.patch)
+sha1sums=(${sha1sums[@]} 'b0d14c662b6d3ec5902c54e1ed5a78595b3ac23c')
+# ***********
+
build()
{
Fcd $pkgname-3.5.25
unset MAKEFLAGS
export CFLAGS="$CFLAGS"
export CXXFLAGS="$CXXFLAGS"
+       Fpatchall
Fconf \
--enable-threads \
--enable-desktopfiles \
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git