commit a8b389a40887134ea20c8678d7e5b0a211f6bab0 Author: Adrian Schröter Date: Thu Sep 14 09:34:46 2023 +0200 Sync from SUSE:ALP:Source:Standard:1.0 djvulibre revision 79fc0547f6366f68b1b3cbf5180289aa diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/djvulibre-3.5.28.tar.gz b/djvulibre-3.5.28.tar.gz new file mode 100644 index 0000000..8b4c779 --- /dev/null +++ b/djvulibre-3.5.28.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fcd009ea7654fde5a83600eb80757bd3a76998e47d13c66b54c8db849f8f2edc +size 3701161 diff --git a/djvulibre-CVE-2021-32490.patch b/djvulibre-CVE-2021-32490.patch new file mode 100644 index 0000000..610cab8 --- /dev/null +++ b/djvulibre-CVE-2021-32490.patch @@ -0,0 +1,16 @@ +Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp +=================================================================== +--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp 2020-11-20 17:57:32.000000000 +0100 ++++ djvulibre-3.5.28/libdjvu/IW44Image.cpp 2021-05-11 15:14:54.034421423 +0200 +@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, + size_t sz = bw * bh; + if (sz / (size_t)bw != (size_t)bh) // multiplication overflow + G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); ++ if (sz == 0) ++ G_THROW("IW44Image: zero size image (corrupted file?)"); + GPBuffer gdata16(data16,sz); ++ if (data16 == NULL) ++ G_THROW("IW44Image: unable to allocate image data"); + // Copy coefficients + int i; + short *p = data16; diff --git a/djvulibre-CVE-2021-32491.patch b/djvulibre-CVE-2021-32491.patch new file mode 100644 index 0000000..b51e8ff --- /dev/null +++ b/djvulibre-CVE-2021-32491.patch @@ -0,0 +1,23 @@ +Index: djvulibre-3.5.28/tools/ddjvu.cpp +=================================================================== +--- djvulibre-3.5.28.orig/tools/ddjvu.cpp 2020-11-20 17:57:32.000000000 +0100 ++++ djvulibre-3.5.28/tools/ddjvu.cpp 2021-05-11 15:14:54.038421444 +0200 +@@ -70,6 +70,7 @@ + #include + #include + #include ++#include + + #ifdef UNIX + # include +@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno) + rowsize = rrect.w; + else + rowsize = rrect.w * 3; +- if (! (image = (char*)malloc(rowsize * rrect.h))) ++ if ((size_t) rowsize > SIZE_MAX / rrect.h) ++ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno); ++ if (! (image = (char*)malloc((size_t) rowsize * rrect.h))) + die(i18n("Cannot allocate image buffer for page %d"), pageno); + + /* Render */ diff --git a/djvulibre-CVE-2021-32492.patch b/djvulibre-CVE-2021-32492.patch new file mode 100644 index 0000000..7cf59c8 --- /dev/null +++ b/djvulibre-CVE-2021-32492.patch @@ -0,0 +1,12 @@ +--- a/libdjvu/DataPool.cpp ++++ a/libdjvu/DataPool.cpp +@@ -791,6 +791,8 @@ DataPool::create(const GP & pool, int start, int length) + DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n"); + DEBUG_MAKE_INDENT(3); + ++ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") ); ++ + DataPool *xpool=new DataPool(); + GP retval=xpool; + xpool->init(); + diff --git a/djvulibre-CVE-2021-32493.patch b/djvulibre-CVE-2021-32493.patch new file mode 100644 index 0000000..75d7b3e --- /dev/null +++ b/djvulibre-CVE-2021-32493.patch @@ -0,0 +1,20 @@ +--- a/libdjvu/GBitmap.cpp ++++ a/libdjvu/GBitmap.cpp +@@ -69,6 +69,7 @@ + #include + #include + #include ++#include + + // - Author: Leon Bottou, 05/1997 + +@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs) + // initialize pixel array + if (nrows==0 || ncolumns==0) + G_THROW( ERR_MSG("GBitmap.not_init") ); ++ if (ncolumns > USHRT_MAX - border) ++ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)"); + bytes_per_row = ncolumns + border; + if (runs==0) + G_THROW( ERR_MSG("GBitmap.null_arg") ); + diff --git a/djvulibre-CVE-2021-3500.patch b/djvulibre-CVE-2021-3500.patch new file mode 100644 index 0000000..1f0bc14 --- /dev/null +++ b/djvulibre-CVE-2021-3500.patch @@ -0,0 +1,33 @@ +--- a/libdjvu/DjVuPort.cpp ++++ a/libdjvu/DjVuPort.cpp +@@ -507,10 +507,19 @@ GP + DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id) + { + GPList list; ++ ++ if (!!opening_id && opening_id == id) ++ G_THROW( ERR_MSG("DjVuPortcaster.recursive_open") ); ++ else ++ opening_id = id; ++ + compute_closure(source, list, true); + GP file; + for(GPosition pos=list;pos;++pos) + if ((file=list[pos]->id_to_file(source, id))) break; ++ ++ opening_id = GUTF8String(); ++ + return file; + } + +--- a/libdjvu/DjVuPort.h ++++ a/libdjvu/DjVuPort.h +@@ -484,6 +484,7 @@ private: + const DjVuPort *dst, int distance); + void compute_closure(const DjVuPort *src, GPList &list, + bool sorted=false); ++ GUTF8String opening_id; + }; + + + diff --git a/djvulibre-CVE-2021-46310.patch b/djvulibre-CVE-2021-46310.patch new file mode 100644 index 0000000..04c4810 --- /dev/null +++ b/djvulibre-CVE-2021-46310.patch @@ -0,0 +1,17 @@ +Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp +=================================================================== +--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp ++++ djvulibre-3.5.28/libdjvu/IW44Image.cpp +@@ -676,10 +676,10 @@ IW44Image::Map::image(signed char *img8, + // Allocate reconstruction buffer + short *data16; + size_t sz = bw * bh; ++ if (sz == 0) // bw or bh is zero ++ G_THROW("IW44Image: zero size image (corrupted file?)"); + if (sz / (size_t)bw != (size_t)bh) // multiplication overflow + G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); +- if (sz == 0) +- G_THROW("IW44Image: zero size image (corrupted file?)"); + GPBuffer gdata16(data16,sz); + if (data16 == NULL) + G_THROW("IW44Image: unable to allocate image data"); diff --git a/djvulibre-CVE-2021-46312.patch b/djvulibre-CVE-2021-46312.patch new file mode 100644 index 0000000..d53f014 --- /dev/null +++ b/djvulibre-CVE-2021-46312.patch @@ -0,0 +1,18 @@ +Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp +=================================================================== +--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp ++++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp +@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm + int h = bm.rows(); + int g = bm.get_grays()-1; + signed char *buffer; +- GPBuffer gbuffer(buffer,w*h); ++ size_t sz = w * h; ++ if (sz == 0 || g <= 0) // w or h is zero or g is not positive ++ G_THROW("IWBitmap: zero size image (corrupted file?)"); ++ if (sz / (size_t)w != (size_t)h) // multiplication overflow ++ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)"); ++ GPBuffer gbuffer(buffer,sz); + // Prepare gray level conversion table + signed char bconv[256]; + for (i=0; i<256; i++) diff --git a/djvulibre.changes b/djvulibre.changes new file mode 100644 index 0000000..5cf930a --- /dev/null +++ b/djvulibre.changes @@ -0,0 +1,484 @@ +------------------------------------------------------------------- +Tue Aug 29 10:48:49 UTC 2023 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2021-46310 [bsc#1214670], divide by zero in IW44Image.cpp + + djvulibre-CVE-2021-46310.patch + fix CVE-2021-46312 [bsc#1214672], divide by zero in IW44EncodeCodec.cpp + + djvulibre-CVE-2021-46312.patch + +------------------------------------------------------------------- +Wed May 4 09:30:24 UTC 2022 - Marcus Meissner + +- switch to use https source url + +------------------------------------------------------------------- +Mon May 24 08:55:21 UTC 2021 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2021-3500 [bsc#1186253], Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file + + djvulibre-CVE-2021-3500.patch + +------------------------------------------------------------------- +Wed May 12 10:09:21 UTC 2021 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file + + djvulibre-CVE-2021-32490.patch + fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file + + djvulibre-CVE-2021-32491.patch + fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file + + djvulibre-CVE-2021-32492.patch + fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file + + djvulibre-CVE-2021-32493.patch + +------------------------------------------------------------------- +Mon Dec 21 16:26:45 UTC 2020 - Atri Bhattacharya + +- Update to version 3.5.28 + * ddjvu: tiff generation improvements + * djvumake: security checks on INCL chunks + * all: updated for modern compilers + * bugs: fixed several crashes on invalid inputs + * miniexp: fixed escape printout and macrochars + * djvudigital: can use poppler to find text + * csepdjvu: handle T comments for page titles + * bytestream: fixed 2GB limit + * gexception, gthread: cleanup obsolete code +- Drop patches incorporated or otherwise fixed upstream: + * djvulibre-invalid-tiff.patch + * djvulibre-CVE-2019-15144.patch + * djvulibre-CVE-2019-15145.patch + * djvulibre-CVE-2019-18804.patch + * djvulibre-CVE-2019-15143.patch + * djvulibre-always-assume-that-cpuid-works-on-x86_64.patch + * djvulibre-CVE-2019-15142.patch + * reproducible.patch +- Only run post(un) scriptlets for desktop database update for + openSUSE < 1550, these are void otherwise. +- Regenerate configure script as it is no longer supplied with + tarball; add BuildRequires: libtool. +- Adapt file list for mime file no longer being installed (this is + intentional from upstream); accordingly drop shared-mime-info + BuildRequires and post(un) scripts. +- fixes CVE-2021-3630 [bsc#1187869] + +------------------------------------------------------------------- +Fri Nov 8 11:15:02 UTC 2019 - pgajdos@suse.com + +- security update +- added patches + CVE-2019-18804 [bsc#1156188] + + djvulibre-CVE-2019-18804.patch + +------------------------------------------------------------------- +Fri Oct 18 08:33:20 UTC 2019 - pgajdos@suse.com + +- do not segfault when mmx enabled [bsc#1154401] +- added patches + https://sourceforge.net/p/djvu/bugs/293/ + + djvulibre-always-assume-that-cpuid-works-on-x86_64.patch + +------------------------------------------------------------------- +Tue Sep 3 06:21:13 UTC 2019 - Jan Engelhardt + +- Trim conjecture, bias, and metadata repetitions from description. +- Trim descriptions in subpackages for length. (Main package keeps + the bigger one.) +- Use some more macros and limit fdupes to the /usr volume. + +------------------------------------------------------------------- +Mon Sep 2 12:13:57 UTC 2019 - pgajdos@suse.com + +- security update +- added patches + CVE-2019-15142 [bsc#1146702] + + djvulibre-CVE-2019-15142.patch + CVE-2019-15143 [bsc#1146569] + + djvulibre-CVE-2019-15143.patch + CVE-2019-15144 [bsc#1146571] + + djvulibre-CVE-2019-15144.patch + CVE-2019-15145 [bsc#1146572] + + djvulibre-CVE-2019-15145.patch + do not segfault when libtiff encounters corrupted TIFF (upstream issue #295) + + djvulibre-invalid-tiff.patch + +------------------------------------------------------------------- +Tue Jan 8 23:17:00 UTC 2019 - Stefan Brüns + +- Remove rsvg-convert BuildRequires, just use the prebuilt pngs + from the source package. + +------------------------------------------------------------------- +Mon May 15 13:59:36 UTC 2017 - bwiedemann@suse.com + +- Add reproducible.patch to make build fully reproducible + +------------------------------------------------------------------- +Fri Feb 27 21:35:01 UTC 2015 - mpluskal@suse.com + +- Remove obsolete patches + * djvulibre-filepath.patch + * djvulibre-not-existing-icons.patch +- Update to 3.5.27 + * simplified configuration scripts + * deadlock fixes + * miniexp under win32 uses tlsalloc instead of _thread vars (pb under xp) +- New in 3.5.26 + * Thread safe miniexp + * Now using the standard autotools approach (thanks to Vincent Torri). + * New windows installer (thanks to Konstantin Kravtsov). + * Fixed Russian code page issues in windows. + * General speedup thanks to lock-free smart pointers. + * ddjvu can produce one file per page. + * djvused can now set the default page orientation. + * Bug fixes all around. + +------------------------------------------------------------------- +Wed Mar 27 06:33:47 UTC 2013 - pgajdos@suse.com + +- updated to 3.5.25.3: + * minor fixes + * call autoreconf + * do not cp not existing prebuilt icons + * not-existing-icons.patch + +------------------------------------------------------------------- +Sun Mar 25 16:44:11 UTC 2012 - dimstar@opensuse.org + +- Add pkg-config BuildRequires. + +------------------------------------------------------------------- +Fri Mar 16 15:31:13 UTC 2012 - pgajdos@suse.com + +- updated to 3.5.25: + * Removed the deprecated djview3 code. + * Removed the deprecated cothreads code. + * Removed the unmaintained japanese man pages. + * Added ddjvu option to skip corrupted pages. + * Miniexp API is now reentrant. + * Bug fixes all around. + +------------------------------------------------------------------- +Thu Mar 15 19:59:47 UTC 2012 - dimstar@opensuse.org + +- Add djvulibre-gcc47.patch: Fix build with gcc 4.7. + +------------------------------------------------------------------- +Tue Mar 13 15:21:34 UTC 2012 - pgajdos@suse.com + +- fix build for factory (define $QTDIR) + +------------------------------------------------------------------- +Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + (cf. packaging guidelines) +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Thu Jun 9 10:22:43 UTC 2011 - pgajdos@novell.com + +- Fix MMX code when using gcc-4.6 [bnc#696824] + * adjusted gcc46.patch + +------------------------------------------------------------------- +Mon May 2 14:45:43 UTC 2011 - idoenmez@novell.com + +- Add djvulibre-3.5.23-gcc46.patch to fix compilation with gcc 4.6 + +------------------------------------------------------------------- +Mon Mar 7 09:43:42 CET 2011 - pgajdos@suse.cz + +- updated to version 3.5.24: + * Set ddjvuapi_version to 20. + * Added ddjvuapi support for changing the white point. + * Added option "-u" in djvused. + * Added option "-o djvufile" in djvuxmlparser. + * Added support for tag in djvuxmlparser. + * Added print-xmp, set-xmp, remove-smp in djvused. + +------------------------------------------------------------------- +Tue Nov 16 16:26:44 CET 2010 - pgajdos@suse.cz + +- updated to version 3.5.23: + * Added ddjvu_document_create_by_filename_utf8 + * Generate icons with rsvg rather than imagemagick. + * djvused: correctly outputs escape characters. + * djvumake: added options to generate foreground colors. + * Various bug fixes. + +------------------------------------------------------------------- +Mon Jun 8 14:33:31 CEST 2009 - mseben@suse.cz + +- updated to version 3.5.22 + * backported djview4 version of nsdejavu.so + * various bug fixes +- splitted to doc package + +------------------------------------------------------------------- +Mon Aug 25 15:57:25 CEST 2008 - lmichnovic@suse.cz + +- update to version 3.5.21 + * Speed improvement on multicore platforms + * Ddjvu now can produce pdf output. +- renamed lib to libdjvulibre21 according to Shared Library + Packaging Policy + +------------------------------------------------------------------- +Mon Dec 10 16:51:49 CET 2007 - lmichnovic@suse.cz + +- update to version 3.5.20 + obsoletes semicolon.patch, strip.patch + * Csepdjvu handle gsdjvu hyperlink comments. + * Djvudigital therefore handles hyperlinks. + +------------------------------------------------------------------- +Mon Sep 10 16:03:35 CEST 2007 - lmichnovic@suse.cz + +- moved desktop file to djview3 subpackage [#307485] + +------------------------------------------------------------------- +Fri Jul 13 17:27:13 CEST 2007 - lmichnovic@suse.cz + +- added trailing semicolon in desktop file (semicolon.patch) +- splitted off djview3 (Qt3) to make possible have alternative + djview4 (Qt4) package + +------------------------------------------------------------------- +Mon Jun 11 17:45:08 CEST 2007 - lmichnovic@suse.cz + +- fixed djvulibre-devel's Requires with %{version}; [#282833] + +------------------------------------------------------------------- +Wed Jun 6 17:05:31 CEST 2007 - lmichnovic@suse.cz + +- renamed lib to libdjvulibre15 according to Shared Library + Packaging Policy +- splitted of devel package +- fixed calling ldconfig in post scripts + +------------------------------------------------------------------- +Fri Apr 20 21:16:22 CEST 2007 - lmichnovic@suse.cz + +- moved libs into new libdjvulibre package [#264978] +- excluding *.la + +------------------------------------------------------------------- +Tue Apr 3 18:52:51 CEST 2007 - lmichnovic@suse.cz + +- installing icons and desktop file in %install section + +------------------------------------------------------------------- +Tue Mar 27 17:04:03 CEST 2007 - lmichnovic@suse.cz + +- update to version 3.5.19 + * DjVuLibre is distributed under either version 2 of the GPL or + (at your option) any later version. + since 3.5.18 + * Renamed djview as djview3. + * Various enhancement of DDJVUAPI. + * Partial support for page titles instead of page numbers. + * Clarification of metadata information. + * Fixed djvumake mask separation feature. + * Complain when given a so-called "secure" djvu file. + * Fixed handling of urls with cgi arguments. + * Fixed bug related to caching and ddjvuapi. + * Reorganized ${datadir}/djvu. + * Provide scripts in ${datadir}/djvu/*/desktop to register + the djvu mime types and the djview menu entries. + - obsoletes utf8.patch + +------------------------------------------------------------------- +Sat Aug 5 16:53:50 CEST 2006 - lmichnovic@suse.cz + +- specifying --x-libraries and --x-include due to new paths in new + X.org 7.x. +- added qt3-devel-tools and libtiff-devel into BuildRequires which + enhance functionality + +------------------------------------------------------------------- +Wed Jul 12 12:40:38 CEST 2006 - lmichnovic@suse.cz + +- update to version 3.5.17 + - Various enhancement of DDJVUAPI. + - Compiles with the GCC-4.1. + - using MSVC using the provided project files. + - Minor bug fixes in csepdjvu text extraction. + - Fixed leak in csepdjvu, cpaldjvu and cjb2. + +------------------------------------------------------------------- +Wed Jan 25 21:35:31 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 20 18:10:47 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Wed Nov 23 14:16:23 CET 2005 - lmichnovic@suse.cz + +- added -fno-strict-aliasing into CXXFLAGS + +------------------------------------------------------------------- +Tue Nov 1 16:07:35 CET 2005 - lmichnovic@suse.cz + +- upgrade to version 3.5.16 + upgrade fixes missing binary any2djvu (#131761) + +------------------------------------------------------------------- +Wed Oct 19 19:40:40 CEST 2005 - lmichnovic@suse.cz + +- fixed invalid extra qualification for build with new gcc 4.1 + +------------------------------------------------------------------- +Wed Sep 28 23:41:07 CEST 2005 - dmueller@suse.de + +- add norootforbuild + +------------------------------------------------------------------- +Wed May 25 10:43:01 CEST 2005 - ltinkl@suse.cz + +- fix build with gcc41 + +------------------------------------------------------------------- +Tue Feb 22 16:47:29 CET 2005 - meissner@suse.de + +- fixed XtVa* lists calls 0 -> NULL. + +------------------------------------------------------------------- +Tue Feb 1 09:44:02 CET 2005 - meissner@suse.de + +- fixed one execl call 0->NULL. + +------------------------------------------------------------------- +Wed Sep 29 09:30:03 CEST 2004 - ke@suse.de + +- Recode README in UTF-8 encoding [#46179]. + +------------------------------------------------------------------- +Mon Aug 9 17:32:29 CEST 2004 - ro@suse.de + +- added directory to filelist + +------------------------------------------------------------------- +Fri Aug 06 12:35:09 CEST 2004 - ltinkl@suse.cz + +- update to 3.5.14 + +------------------------------------------------------------------- +Mon May 17 16:24:14 CEST 2004 - ltinkl@suse.cz + +- updated to latest version 3.5.13 +- redone the patch +- simplified and updated list of packaged files + +------------------------------------------------------------------- +Tue Sep 30 13:27:25 CEST 2003 - ltinkl@suse.cz + +- updated to 3.5.12 +- ported the patch + +------------------------------------------------------------------- +Mon Aug 25 17:18:14 CEST 2003 - ro@suse.de + +- fix compile with current gcc + +------------------------------------------------------------------- +Wed Jun 04 19:09:36 CEST 2003 - mjancar@suse.cz + +- update to 3.5.11 + * added support for mouse wheel + * added support for LT toolbar control args + * improved csepdjvu option -bgwhite + * Djview and djvups now can print booklets + * Djview main dialogs have a help button + * Djview key space does continuous reading now + * annotation strings now recognize C escape sequences + * and some fixes +- add URL +- use buildroot +- use $RPM_OPT_FLAGS + +------------------------------------------------------------------- +Mon Feb 24 15:33:41 CET 2003 - ro@suse.de + +- move to libdir/browser-plugins + +------------------------------------------------------------------- +Sat Dec 28 21:27:36 CET 2002 - prehak@suse.cz + +- fixed to build with gcc-3.3 +- added %clean section + +------------------------------------------------------------------- +Thu Oct 31 14:30:53 CET 2002 - uli@suse.de + +- update -> 3.5.9 (gcc-3.2, fix for broken command ddjvu, modified + IW44 for ARM processors) +- going down to -O1 on x86-64 to avoid segfault in djview +- cutting optimization on Alpha as well + +------------------------------------------------------------------- +Wed Aug 7 16:50:38 CEST 2002 - uli@suse.de + +- update -> 3.5.8 (fixed printing of b&w documents,fixes for + gcc-3.1) + +------------------------------------------------------------------- +Tue Jul 23 13:00:30 CEST 2002 - uli@suse.de + +- update -> 3.5.7 (minor fixes) + +------------------------------------------------------------------- +Fri Jun 28 10:40:18 CEST 2002 - uli@suse.de + +- build with -O2 on x86-64 to avoid miscompilation + +------------------------------------------------------------------- +Fri Jun 7 15:29:16 CEST 2002 - uli@suse.de + +- update -> 3.5.6: + Added option -bgwhite in cpaldjvu + Removed annoying flicker with djview/Qt3. + Fixed show stopper in djvused. + Fixed bug in djview print dialog. + Added CGI program djvuserve. + +------------------------------------------------------------------- +Tue May 14 10:56:23 CEST 2002 - uli@suse.de + +- find Qt3 in lib64 if applicable +- still doesn't build on x86-64, maybe bin2cpp gets miscompiled + +------------------------------------------------------------------- +Thu Apr 18 13:28:17 CEST 2002 - uli@suse.de + +- fixed to build with gcc 3.1 + +------------------------------------------------------------------- +Fri Feb 1 11:19:51 CET 2002 - uli@suse.de + +- use %_libdir + +------------------------------------------------------------------- +Thu Jan 31 17:52:07 CET 2002 - uli@suse.de + +- added plugin to mozilla plugin dir + +------------------------------------------------------------------- +Fri Jan 18 13:44:24 CET 2002 - uli@suse.de + +- update -> 3.5.3 (builds with Qt3, adds djvups tool) + +------------------------------------------------------------------- +Wed Dec 12 13:48:18 CET 2001 - uli@suse.de + +- initial package + + diff --git a/djvulibre.spec b/djvulibre.spec new file mode 100644 index 0000000..05bc190 --- /dev/null +++ b/djvulibre.spec @@ -0,0 +1,157 @@ +# +# spec file for package djvulibre +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define asan_build 0 + +%define libname lib%{name}21 +Name: djvulibre +Version: 3.5.28 +Release: 0 +Summary: An Implementation of DjVu +License: GPL-2.0-or-later +Group: Productivity/Graphics/Other +URL: http://djvu.sourceforge.net +Source: https://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz +# CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file +Patch0: djvulibre-CVE-2021-32490.patch +# CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file +Patch1: djvulibre-CVE-2021-32491.patch +# CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file +Patch2: djvulibre-CVE-2021-32492.patch +# CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file +Patch3: djvulibre-CVE-2021-32493.patch +# CVE-2021-3500 [bsc#1186253], Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file +Patch4: djvulibre-CVE-2021-3500.patch +# CVE-2021-46310 [bsc#1214670], divide by zero in IW44Image.cpp +Patch5: djvulibre-CVE-2021-46310.patch +# CVE-2021-46312 [bsc#1214672], divide by zero in IW44EncodeCodec.cpp +Patch6: djvulibre-CVE-2021-46312.patch +BuildRequires: fdupes +BuildRequires: gcc-c++ +BuildRequires: hicolor-icon-theme +BuildRequires: libjpeg-devel +# libtool needed to regenerate missing configure script (v 3.5.28) +BuildRequires: libtool +BuildRequires: pkg-config +BuildRequires: pkgconfig(libtiff-4) + +%description +DjVu is a Web-centric format and software platform for distributing +documents and images. DjVuLibre is an implementation of DjVu, +including viewers, browser plug-ins, decoders, encoders, and +utilities. DjVu can replace PDF, PS, TIFF, JPEG, and GIF for +distributing scanned documents, digital documents, or high-resolution +pictures. DjVu content is often smaller and consumes less client +resources than competing formats. + +%package -n %{libname} +Summary: DjVu rendering library +Group: Productivity/Graphics/Other + +%description -n %{libname} +DjVuLibre is an implementation of DjVu, a Web-centric format and +software platform for distributing documents and images. + +This package contains the shared libraries. + +%package -n libdjvulibre-devel +Summary: Headers for djvulibre libraries +Group: Development/Libraries/Other +Requires: %{libname} = %{version} + +%description -n libdjvulibre-devel +DjVuLibre is an implementation of DjVu, a Web-centric format and +software platform for distributing documents and images. + +This package contains the development files. + +%package doc +Summary: Documentation for djvulibre +Group: Productivity/Graphics/Other +BuildArch: noarch + +%description doc +DjVuLibre is an implementation of DjVu, a Web-centric format and +software platform for distributing documents and images. + +This package contains the documentation. + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 + +%build +# configure script missing; generate using autogen.sh +NOCONFIGURE=1 ./autogen.sh +%configure \ + --disable-silent-rules +%if %{asan_build} +sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \ + -e 's/\(^CXXFLAGS.*\)/\1 -fsanitize=address/' \ + -e 's/\(^LIBS =.*\)/\1 -lasan/' \ + Makefile */Makefile +%endif +make %{?_smp_mflags} + +%install +%make_install + +# do not ship these +rm %{buildroot}%{_libdir}/libdjvulibre.la + +%fdupes %{buildroot}/%{_prefix} + +%if 0%{?suse_version} < 1550 +%post +%icon_theme_cache_post + +%postun +%icon_theme_cache_postun +%endif + +%post -n %{libname} -p /sbin/ldconfig + +%postun -n %{libname} -p /sbin/ldconfig + +%files +%license COPYING COPYRIGHT +%doc NEWS README +%doc %{_mandir}/man1/* +%{_datadir}/djvu +%{_bindir}/* +%{_datadir}/icons/hicolor/* + +%files -n %{libname} +%{_libdir}/libdjvulibre.so.* + +%files -n libdjvulibre-devel +%{_libdir}/libdjvulibre.so +%dir %{_includedir}/libdjvu +%{_includedir}/libdjvu/*.h +%{_libdir}/pkgconfig/ddjvuapi.pc + +%files doc +%doc doc/* + +%changelog