Hello community, here is the log from the commit of package djvulibre for openSUSE:Factory checked in at 2019-09-07 12:34:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/djvulibre (Old) and /work/SRC/openSUSE:Factory/.djvulibre.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "djvulibre" Sat Sep 7 12:34:40 2019 rev:37 rq:727906 version:3.5.27 Changes: -------- --- /work/SRC/openSUSE:Factory/djvulibre/djvulibre.changes 2019-02-04 21:17:20.659738051 +0100 +++ /work/SRC/openSUSE:Factory/.djvulibre.new.7948/djvulibre.changes 2019-09-07 12:34:40.969663848 +0200 @@ -1,0 +2,24 @@ +Tue Sep 3 06:21:13 UTC 2019 - Jan Engelhardt <[email protected]> + +- Trim conjecture, bias, and metadata repetitions from description. +- Trim descriptions in subpackages for length. (Main package keeps + the bigger one.) +- Use some more macros and limit fdupes to the /usr volume. + +------------------------------------------------------------------- +Mon Sep 2 12:13:57 UTC 2019 - [email protected] + +- security update +- added patches + CVE-2019-15142 [bsc#1146702] + + djvulibre-CVE-2019-15142.patch + CVE-2019-15143 [bsc#1146569] + + djvulibre-CVE-2019-15143.patch + CVE-2019-15144 [bsc#1146571] + + djvulibre-CVE-2019-15144.patch + CVE-2019-15145 [bsc#1146572] + + djvulibre-CVE-2019-15145.patch + do not segfault when libtiff encounters corrupted TIFF (upstream issue #295) + + djvulibre-invalid-tiff.patch + +------------------------------------------------------------------- New: ---- djvulibre-CVE-2019-15142.patch djvulibre-CVE-2019-15143.patch djvulibre-CVE-2019-15144.patch djvulibre-CVE-2019-15145.patch djvulibre-invalid-tiff.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ djvulibre.spec ++++++ --- /var/tmp/diff_new_pack.duvHN1/_old 2019-09-07 12:34:41.525663780 +0200 +++ /var/tmp/diff_new_pack.duvHN1/_new 2019-09-07 12:34:41.525663780 +0200 @@ -1,7 +1,7 @@ # # spec file for package djvulibre # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,21 +12,33 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%define asan_build 0 + %define libname lib%{name}21 Name: djvulibre Version: 3.5.27 Release: 0 -Summary: An Open Source Implementation of DjVu -License: GPL-2.0+ +Summary: An Implementation of DjVu +License: GPL-2.0-or-later Group: Productivity/Graphics/Other Url: http://djvu.sourceforge.net Source: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz # PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/djvu/djvulibre-git/ci/ff8e5b68f856a7fe17c9aa33d0f2220f4ba6b40c/ Patch0: reproducible.patch +# CVE-2019-15143 [bsc#1146569] +Patch1: djvulibre-CVE-2019-15143.patch +# CVE-2019-15144 [bsc#1146571] +Patch2: djvulibre-CVE-2019-15144.patch +# CVE-2019-15145 [bsc#1146572] +Patch3: djvulibre-CVE-2019-15145.patch +# CVE-2019-15142 [bsc#1146702] +Patch4: djvulibre-CVE-2019-15142.patch +# do not segfault when libtiff encounters corrupted TIFF (upstream issue #295) +Patch5: djvulibre-invalid-tiff.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: hicolor-icon-theme @@ -39,91 +51,66 @@ %description DjVu is a Web-centric format and software platform for distributing -documents and images. DjVuLibre is an open source (GPL) implementation -of DjVu, including viewers, browser plug-ins, decoders, simple -encoders, and utilities. DjVu can advantageously replace PDF, PS, TIFF, -JPEG, and GIF for distributing scanned documents, digital documents, or -high-resolution pictures. DjVu content downloads faster, displays and -renders faster, looks nicer on a screen, and consumes less client -resources than competing formats. DjVu images display instantly and can -be smoothly zoomed and panned with no lengthy rerendering. DjVu is used -by hundreds of academic, commercial, governmental, and noncommercial -Web sites around the world. +documents and images. DjVuLibre is an implementation of DjVu, +including viewers, browser plug-ins, decoders, encoders, and +utilities. DjVu can replace PDF, PS, TIFF, JPEG, and GIF for +distributing scanned documents, digital documents, or high-resolution +pictures. DjVu content is often smaller and consumes less client +resources than competing formats. %package -n %{libname} -Summary: Libraries of Open Source Implementation of DjVu - djvulibre +Summary: DjVu rendering library Group: Productivity/Graphics/Other %description -n %{libname} -DjVu is a Web-centric format and software platform for distributing -documents and images. DjVuLibre is an open source (GPL) implementation -of DjVu, including viewers, browser plug-ins, decoders, simple -encoders, and utilities. DjVu can advantageously replace PDF, PS, TIFF, -JPEG, and GIF for distributing scanned documents, digital documents, or -high-resolution pictures. DjVu content downloads faster, displays and -renders faster, looks nicer on a screen, and consumes less client -resources than competing formats. DjVu images display instantly and can -be smoothly zoomed and panned with no lengthy rerendering. DjVu is used -by hundreds of academic, commercial, governmental, and noncommercial -Web sites around the world. +DjVuLibre is an implementation of DjVu, a Web-centric format and +software platform for distributing documents and images. -This package contains shared libraries +This package contains the shared libraries. %package -n libdjvulibre-devel -Summary: Libraries of Open Source Implementation of DjVu - djvulibre +Summary: Headers for djvulibre libraries Group: Development/Libraries/Other Requires: %{libname} = %{version} %description -n libdjvulibre-devel -DjVu is a Web-centric format and software platform for distributing -documents and images. DjVuLibre is an open source (GPL) implementation -of DjVu, including viewers, browser plug-ins, decoders, simple -encoders, and utilities. DjVu can advantageously replace PDF, PS, TIFF, -JPEG, and GIF for distributing scanned documents, digital documents, or -high-resolution pictures. DjVu content downloads faster, displays and -renders faster, looks nicer on a screen, and consumes less client -resources than competing formats. DjVu images display instantly and can -be smoothly zoomed and panned with no lengthy rerendering. DjVu is used -by hundreds of academic, commercial, governmental, and noncommercial -Web sites around the world. +DjVuLibre is an implementation of DjVu, a Web-centric format and +software platform for distributing documents and images. -This package contains development files +This package contains the development files. %package doc -Summary: Documentation for the the DjVu - djvulibre +Summary: Documentation for djvulibre Group: Productivity/Graphics/Other +BuildArch: noarch %description doc -DjVu is a Web-centric format and software platform for distributing -documents and images. DjVuLibre is an open source (GPL) implementation -of DjVu, including viewers, browser plug-ins, decoders, simple -encoders, and utilities. DjVu can advantageously replace PDF, PS, TIFF, -JPEG, and GIF for distributing scanned documents, digital documents, or -high-resolution pictures. DjVu content downloads faster, displays and -renders faster, looks nicer on a screen, and consumes less client -resources than competing formats. DjVu images display instantly and can -be smoothly zoomed and panned with no lengthy rerendering. DjVu is used -by hundreds of academic, commercial, governmental, and noncommercial -Web sites around the world. +DjVuLibre is an implementation of DjVu, a Web-centric format and +software platform for distributing documents and images. -This package contains documentation +This package contains the documentation. %prep -%setup -q -%patch0 -p1 +%autosetup -p1 %build -%configure - +%configure \ + --disable-silent-rules +%if %{asan_build} +sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \ + -e 's/\(^CXXFLAGS.*\)/\1 -fsanitize=address/' \ + -e 's/\(^LIBS =.*\)/\1 -lasan/' \ + Makefile */Makefile +%endif make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install # do not ship these rm %{buildroot}%{_libdir}/libdjvulibre.la -%fdupes %{buildroot} +%fdupes %{buildroot}/%{_prefix} %post %mime_database_post ++++++ djvulibre-CVE-2019-15142.patch ++++++ Index: djvulibre-3.5.27/libdjvu/DjVmDir.cpp =================================================================== --- djvulibre-3.5.27.orig/libdjvu/DjVmDir.cpp 2014-07-08 23:15:07.000000000 +0200 +++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp 2019-09-02 13:46:28.076374501 +0200 @@ -300,36 +300,44 @@ DjVmDir::decode(const GP<ByteStream> &gs memcpy((char*) strings+strings_size, buffer, length); } DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n"); - - // Copy names into the files + int strings_size=strings.size(); + strings.resize(strings_size+3); + memset((char*) strings+strings_size, 0, 4); + + // Copy names into the files const char * ptr=strings; for(pos=files_list;pos;++pos) { GP<File> file=files_list[pos]; - + if (ptr >= (const char*)strings + strings_size) + G_THROW( "DjVu document is corrupted (DjVmDir)" ); file->id=ptr; ptr+=file->id.length()+1; if (file->flags & File::HAS_NAME) { - file->name=ptr; - ptr+=file->name.length()+1; - } else + file->name=ptr; + ptr+=file->name.length()+1; + } + else { file->name=file->id; } if (file->flags & File::HAS_TITLE) { - file->title=ptr; - ptr+=file->title.length()+1; - } else - file->title=file->id; - /* msr debug: multipage file, file->title is null. + file->title=ptr; + ptr+=file->title.length()+1; + } + else + { + file->title=file->id; + } + /* msr debug: multipage file, file->title is null. DEBUG_MSG(file->name << ", " << file->id << ", " << file->title << ", " << file->offset << ", " << file->size << ", " << file->is_page() << "\n"); */ } - // Check that there is only one file with SHARED_ANNO flag on + // Check that there is only one file with SHARED_ANNO flag on int shared_anno_cnt=0; for(pos=files_list;pos;++pos) { Index: djvulibre-3.5.27/libdjvu/miniexp.cpp =================================================================== --- djvulibre-3.5.27.orig/libdjvu/miniexp.cpp 2015-02-11 05:35:37.000000000 +0100 +++ djvulibre-3.5.27/libdjvu/miniexp.cpp 2019-09-02 13:46:28.072374476 +0200 @@ -1028,7 +1028,7 @@ print_c_string(const char *s, char *d, i { if (char_quoted(c, flags)) { - char buffer[10]; + char buffer[16]; /* 10+1 */ static const char *tr1 = "\"\\tnrbf"; static const char *tr2 = "\"\\\t\n\r\b\f"; buffer[0] = buffer[1] = 0; Index: djvulibre-3.5.27/tools/csepdjvu.cpp =================================================================== --- djvulibre-3.5.27.orig/tools/csepdjvu.cpp 2014-07-24 23:12:05.000000000 +0200 +++ djvulibre-3.5.27/tools/csepdjvu.cpp 2019-09-02 13:46:28.072374476 +0200 @@ -1814,7 +1814,7 @@ main(int argc, const char **argv) ByteStream::create(GURL::Filename::UTF8(arg),"rb"); BufferByteStream ibs(*fbs); do { - char pagename[16]; + char pagename[20]; sprintf(pagename, "p%04d.djvu", ++pageno); if (opts.verbose > 1) DjVuPrintErrorUTF8("%s","--------------------\n"); ++++++ djvulibre-CVE-2019-15143.patch ++++++ diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp index 0e487f0..c2fdbe4 100644 --- a/libdjvu/GBitmap.cpp +++ b/libdjvu/GBitmap.cpp @@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs) int c = 0; while (n >= 0) { - bs.read(&h, 1); + if (bs.read(&h, 1) <= 0) + G_THROW( ByteStream::EndOfFile ); int x = h; if (x >= (int)RUNOVERFLOWVALUE) { - bs.read(&h, 1); + if (bs.read(&h, 1) <= 0) + G_THROW( ByteStream::EndOfFile ); x = h + ((x - (int)RUNOVERFLOWVALUE) << 8); } if (c+x > ncolumns) ++++++ djvulibre-CVE-2019-15144.patch ++++++ diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h index 96b067c..0140211 100644 --- a/libdjvu/GContainer.h +++ b/libdjvu/GContainer.h @@ -550,52 +550,61 @@ public: template <class TYPE> void GArrayTemplate<TYPE>::sort(int lo, int hi) { - if (hi <= lo) - return; - if (hi > hibound || lo<lobound) - G_THROW( ERR_MSG("GContainer.illegal_subscript") ); TYPE *data = (TYPE*)(*this); - // Test for insertion sort - if (hi <= lo + 50) + while(true) { - for (int i=lo+1; i<=hi; i++) + if (hi <= lo) + return; + if (hi > hibound || lo<lobound) + G_THROW( ERR_MSG("GContainer.illegal_subscript") ); + // Test for insertion sort + if (hi <= lo + 50) { - int j = i; - TYPE tmp = data[i]; - while ((--j>=lo) && !(data[j]<=tmp)) - data[j+1] = data[j]; - data[j+1] = tmp; + for (int i=lo+1; i<=hi; i++) + { + int j = i; + TYPE tmp = data[i]; + while ((--j>=lo) && !(data[j]<=tmp)) + data[j+1] = data[j]; + data[j+1] = tmp; + } + return; } - return; - } - // -- determine suitable quick-sort pivot - TYPE tmp = data[lo]; - TYPE pivot = data[(lo+hi)/2]; - if (pivot <= tmp) - { tmp = pivot; pivot=data[lo]; } - if (data[hi] <= tmp) - { pivot = tmp; } - else if (data[hi] <= pivot) - { pivot = data[hi]; } - // -- partition set - int h = hi; - int l = lo; - while (l < h) - { - while (! (pivot <= data[l])) l++; - while (! (data[h] <= pivot)) h--; - if (l < h) + // -- determine median-of-three pivot + TYPE tmp = data[lo]; + TYPE pivot = data[(lo+hi)/2]; + if (pivot <= tmp) + { tmp = pivot; pivot=data[lo]; } + if (data[hi] <= tmp) + { pivot = tmp; } + else if (data[hi] <= pivot) + { pivot = data[hi]; } + // -- partition set + int h = hi; + int l = lo; + while (l < h) { - tmp = data[l]; - data[l] = data[h]; - data[h] = tmp; - l = l+1; - h = h-1; + while (! (pivot <= data[l])) l++; + while (! (data[h] <= pivot)) h--; + if (l < h) + { + tmp = data[l]; + data[l] = data[h]; + data[h] = tmp; + l = l+1; + h = h-1; + } + } + // -- recurse, small partition first + // tail-recursion elimination + if (h - lo <= hi - l) { + sort(lo,h); + lo = l; // sort(l,hi) + } else { + sort(l,hi); + hi = h; // sort(lo,h) } } - // -- recursively restart - sort(lo, h); - sort(l, hi); } template<class TYPE> inline TYPE& ++++++ djvulibre-CVE-2019-15145.patch ++++++ diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h index e8e0c9b..ca89a19 100644 --- a/libdjvu/GBitmap.h +++ b/libdjvu/GBitmap.h @@ -566,7 +566,7 @@ GBitmap::operator[](int row) { if (!bytes) uncompress(); - if (row<0 || row>=nrows) { + if (row<0 || row>=nrows || !bytes) { #ifndef NDEBUG if (zerosize < bytes_per_row + border) G_THROW( ERR_MSG("GBitmap.zero_small") ); @@ -581,7 +581,7 @@ GBitmap::operator[](int row) const { if (!bytes) ((GBitmap*)this)->uncompress(); - if (row<0 || row>=nrows) { + if (row<0 || row>=nrows || !bytes) { #ifndef NDEBUG if (zerosize < bytes_per_row + border) G_THROW( ERR_MSG("GBitmap.zero_small") ); ++++++ djvulibre-invalid-tiff.patch ++++++ diff --git a/tools/cjb2.cpp b/tools/cjb2.cpp index 3da3ea8..701238d 100644 --- a/tools/cjb2.cpp +++ b/tools/cjb2.cpp @@ -744,6 +744,8 @@ read_tiff(CCImage &rimg, ByteStream *bs, cjb2opts &opts) readproc, writeproc, seekproc, closeproc, sizeproc, mapproc, unmapproc ); + if (! tiff) + G_THROW("Tiff image is corrupted (cannot open)"); // bitonal uint16 bps = 0, spp = 0; TIFFGetFieldDefaulted(tiff, TIFFTAG_BITSPERSAMPLE, &bps);
