SLFO-pool/djvulibre
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main djvulibre revision 79fc0547f6366f68b1b3cbf5180289aa

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 12:05:37 +02:00
commit 748c1e8617
11 changed files with 806 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
djvulibre-3.5.28.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
djvulibre-CVE-2021-32490.patch Normal file
View File

@ -0,0 +1,16 @@
Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp 2020-11-20 17:57:32.000000000 +0100
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp 2021-05-11 15:14:54.034421423 +0200
@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8,
size_t sz = bw * bh;
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
+ if (sz == 0)
+ G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
+ if (data16 == NULL)
+ G_THROW("IW44Image: unable to allocate image data");
// Copy coefficients
int i;
short *p = data16;

23
djvulibre-CVE-2021-32491.patch Normal file
View File

@ -0,0 +1,23 @@
Index: djvulibre-3.5.28/tools/ddjvu.cpp
===================================================================
--- djvulibre-3.5.28.orig/tools/ddjvu.cpp 2020-11-20 17:57:32.000000000 +0100
+++ djvulibre-3.5.28/tools/ddjvu.cpp 2021-05-11 15:14:54.038421444 +0200
@@ -70,6 +70,7 @@
#include <locale.h>
#include <fcntl.h>
#include <errno.h>
+#include <stdint.h>
#ifdef UNIX
# include <sys/time.h>
@@ -394,7 +395,9 @@ render(ddjvu_page_t *page, int pageno)
rowsize = rrect.w;
else
rowsize = rrect.w * 3;
- if (! (image = (char*)malloc(rowsize * rrect.h)))
+ if ((size_t) rowsize > SIZE_MAX / rrect.h)
+ die(i18n("Integer overflow when allocating image buffer for page %d"), pageno);
+ if (! (image = (char*)malloc((size_t) rowsize * rrect.h)))
die(i18n("Cannot allocate image buffer for page %d"), pageno);
/* Render */

12
djvulibre-CVE-2021-32492.patch Normal file
View File

@ -0,0 +1,12 @@
--- a/libdjvu/DataPool.cpp
+++ a/libdjvu/DataPool.cpp
@@ -791,6 +791,8 @@ DataPool::create(const GP<DataPool> & pool, int start, int length)
DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n");
DEBUG_MAKE_INDENT(3);
+ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") );
+
DataPool *xpool=new DataPool();
GP<DataPool> retval=xpool;
xpool->init();

20
djvulibre-CVE-2021-32493.patch Normal file
View File

@ -0,0 +1,20 @@
--- a/libdjvu/GBitmap.cpp
+++ a/libdjvu/GBitmap.cpp
@@ -69,6 +69,7 @@
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
+#include <climits>
// - Author: Leon Bottou, 05/1997
@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs)
// initialize pixel array
if (nrows==0 || ncolumns==0)
G_THROW( ERR_MSG("GBitmap.not_init") );
+ if (ncolumns > USHRT_MAX - border)
+ G_THROW("GBitmap: row size exceeds maximum (corrupted file?)");
bytes_per_row = ncolumns + border;
if (runs==0)
G_THROW( ERR_MSG("GBitmap.null_arg") );

33
djvulibre-CVE-2021-3500.patch Normal file
View File

@ -0,0 +1,33 @@
--- a/libdjvu/DjVuPort.cpp
+++ a/libdjvu/DjVuPort.cpp
@@ -507,10 +507,19 @@ GP<DjVuFile>
DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id)
{
GPList<DjVuPort> list;
+
+ if (!!opening_id && opening_id == id)
+ G_THROW( ERR_MSG("DjVuPortcaster.recursive_open") );
+ else
+ opening_id = id;
+
compute_closure(source, list, true);
GP<DjVuFile> file;
for(GPosition pos=list;pos;++pos)
if ((file=list[pos]->id_to_file(source, id))) break;
+
+ opening_id = GUTF8String();
+
return file;
}
--- a/libdjvu/DjVuPort.h
+++ a/libdjvu/DjVuPort.h
@@ -484,6 +484,7 @@ private:
const DjVuPort *dst, int distance);
void compute_closure(const DjVuPort *src, GPList<DjVuPort> &list,
bool sorted=false);
+ GUTF8String opening_id;
};

17
djvulibre-CVE-2021-46310.patch Normal file
View File

@ -0,0 +1,17 @@
Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp
@@ -676,10 +676,10 @@ IW44Image::Map::image(signed char *img8,
// Allocate reconstruction buffer
short *data16;
size_t sz = bw * bh;
+ if (sz == 0) // bw or bh is zero
+ G_THROW("IW44Image: zero size image (corrupted file?)");
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
- if (sz == 0)
- G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
if (data16 == NULL)
G_THROW("IW44Image: unable to allocate image data");

18
djvulibre-CVE-2021-46312.patch Normal file
View File

@ -0,0 +1,18 @@
Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp
+++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm
int h = bm.rows();
int g = bm.get_grays()-1;
signed char *buffer;
- GPBuffer<signed char> gbuffer(buffer,w*h);
+ size_t sz = w * h;
+ if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+ G_THROW("IWBitmap: zero size image (corrupted file?)");
+ if (sz / (size_t)w != (size_t)h) // multiplication overflow
+ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+ GPBuffer<signed char> gbuffer(buffer,sz);
// Prepare gray level conversion table
signed char bconv[256];
for (i=0; i<256; i++)

484
djvulibre.changes Normal file
View File

@ -0,0 +1,484 @@
-------------------------------------------------------------------
Tue Aug 29 10:48:49 UTC 2023 - pgajdos@suse.com
- security update
- added patches
fix CVE-2021-46310 [bsc#1214670], divide by zero in IW44Image.cpp
+ djvulibre-CVE-2021-46310.patch
fix CVE-2021-46312 [bsc#1214672], divide by zero in IW44EncodeCodec.cpp
+ djvulibre-CVE-2021-46312.patch
-------------------------------------------------------------------
Wed May 4 09:30:24 UTC 2022 - Marcus Meissner <meissner@suse.com>
- switch to use https source url
-------------------------------------------------------------------
Mon May 24 08:55:21 UTC 2021 - pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3500 [bsc#1186253], Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file
+ djvulibre-CVE-2021-3500.patch
-------------------------------------------------------------------
Wed May 12 10:09:21 UTC 2021 - pgajdos@suse.com
- security update
- added patches
fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file
+ djvulibre-CVE-2021-32490.patch
fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file
+ djvulibre-CVE-2021-32491.patch
fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
+ djvulibre-CVE-2021-32492.patch
fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
+ djvulibre-CVE-2021-32493.patch
-------------------------------------------------------------------
Mon Dec 21 16:26:45 UTC 2020 - Atri Bhattacharya <badshah400@gmail.com>
- Update to version 3.5.28
* ddjvu: tiff generation improvements
* djvumake: security checks on INCL chunks
* all: updated for modern compilers
* bugs: fixed several crashes on invalid inputs
* miniexp: fixed escape printout and macrochars
* djvudigital: can use poppler to find text
* csepdjvu: handle T comments for page titles
* bytestream: fixed 2GB limit
* gexception, gthread: cleanup obsolete code
- Drop patches incorporated or otherwise fixed upstream:
* djvulibre-invalid-tiff.patch
* djvulibre-CVE-2019-15144.patch
* djvulibre-CVE-2019-15145.patch
* djvulibre-CVE-2019-18804.patch
* djvulibre-CVE-2019-15143.patch
* djvulibre-always-assume-that-cpuid-works-on-x86_64.patch
* djvulibre-CVE-2019-15142.patch
* reproducible.patch
- Only run post(un) scriptlets for desktop database update for
openSUSE < 1550, these are void otherwise.
- Regenerate configure script as it is no longer supplied with
tarball; add BuildRequires: libtool.
- Adapt file list for mime file no longer being installed (this is
intentional from upstream); accordingly drop shared-mime-info
BuildRequires and post(un) scripts.
- fixes CVE-2021-3630 [bsc#1187869]
-------------------------------------------------------------------
Fri Nov 8 11:15:02 UTC 2019 - pgajdos@suse.com
- security update
- added patches
CVE-2019-18804 [bsc#1156188]
+ djvulibre-CVE-2019-18804.patch
-------------------------------------------------------------------
Fri Oct 18 08:33:20 UTC 2019 - pgajdos@suse.com
- do not segfault when mmx enabled [bsc#1154401]
- added patches
https://sourceforge.net/p/djvu/bugs/293/
+ djvulibre-always-assume-that-cpuid-works-on-x86_64.patch
-------------------------------------------------------------------
Tue Sep 3 06:21:13 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Trim conjecture, bias, and metadata repetitions from description.
- Trim descriptions in subpackages for length. (Main package keeps
the bigger one.)
- Use some more macros and limit fdupes to the /usr volume.
-------------------------------------------------------------------
Mon Sep 2 12:13:57 UTC 2019 - pgajdos@suse.com
- security update
- added patches
CVE-2019-15142 [bsc#1146702]
+ djvulibre-CVE-2019-15142.patch
CVE-2019-15143 [bsc#1146569]
+ djvulibre-CVE-2019-15143.patch
CVE-2019-15144 [bsc#1146571]
+ djvulibre-CVE-2019-15144.patch
CVE-2019-15145 [bsc#1146572]
+ djvulibre-CVE-2019-15145.patch
do not segfault when libtiff encounters corrupted TIFF (upstream issue #295)
+ djvulibre-invalid-tiff.patch
-------------------------------------------------------------------
Tue Jan 8 23:17:00 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Remove rsvg-convert BuildRequires, just use the prebuilt pngs
from the source package.
-------------------------------------------------------------------
Mon May 15 13:59:36 UTC 2017 - bwiedemann@suse.com
- Add reproducible.patch to make build fully reproducible
-------------------------------------------------------------------
Fri Feb 27 21:35:01 UTC 2015 - mpluskal@suse.com
- Remove obsolete patches
* djvulibre-filepath.patch
* djvulibre-not-existing-icons.patch
- Update to 3.5.27
* simplified configuration scripts
* deadlock fixes
* miniexp under win32 uses tlsalloc instead of _thread vars (pb under xp)
- New in 3.5.26
* Thread safe miniexp
* Now using the standard autotools approach (thanks to Vincent Torri).
* New windows installer (thanks to Konstantin Kravtsov).
* Fixed Russian code page issues in windows.
* General speedup thanks to lock-free smart pointers.
* ddjvu can produce one file per page.
* djvused can now set the default page orientation.
* Bug fixes all around.
-------------------------------------------------------------------
Wed Mar 27 06:33:47 UTC 2013 - pgajdos@suse.com
- updated to 3.5.25.3:
* minor fixes
* call autoreconf
* do not cp not existing prebuilt icons
* not-existing-icons.patch
-------------------------------------------------------------------
Sun Mar 25 16:44:11 UTC 2012 - dimstar@opensuse.org
- Add pkg-config BuildRequires.
-------------------------------------------------------------------
Fri Mar 16 15:31:13 UTC 2012 - pgajdos@suse.com
- updated to 3.5.25:
* Removed the deprecated djview3 code.
* Removed the deprecated cothreads code.
* Removed the unmaintained japanese man pages.
* Added ddjvu option to skip corrupted pages.
* Miniexp API is now reentrant.
* Bug fixes all around.
-------------------------------------------------------------------
Thu Mar 15 19:59:47 UTC 2012 - dimstar@opensuse.org
- Add djvulibre-gcc47.patch: Fix build with gcc 4.7.
-------------------------------------------------------------------
Tue Mar 13 15:21:34 UTC 2012 - pgajdos@suse.com
- fix build for factory (define $QTDIR)
-------------------------------------------------------------------
Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
(cf. packaging guidelines)
- Use %_smp_mflags for parallel build
-------------------------------------------------------------------
Thu Jun 9 10:22:43 UTC 2011 - pgajdos@novell.com
- Fix MMX code when using gcc-4.6 [bnc#696824]
* adjusted gcc46.patch
-------------------------------------------------------------------
Mon May 2 14:45:43 UTC 2011 - idoenmez@novell.com
- Add djvulibre-3.5.23-gcc46.patch to fix compilation with gcc 4.6
-------------------------------------------------------------------
Mon Mar 7 09:43:42 CET 2011 - pgajdos@suse.cz
- updated to version 3.5.24:
* Set ddjvuapi_version to 20.
* Added ddjvuapi support for changing the white point.
* Added option "-u" in djvused.
* Added option "-o djvufile" in djvuxmlparser.
* Added support for <CHARACTER> tag in djvuxmlparser.
* Added print-xmp, set-xmp, remove-smp in djvused.
-------------------------------------------------------------------
Tue Nov 16 16:26:44 CET 2010 - pgajdos@suse.cz
- updated to version 3.5.23:
* Added ddjvu_document_create_by_filename_utf8
* Generate icons with rsvg rather than imagemagick.
* djvused: correctly outputs escape characters.
* djvumake: added options to generate foreground colors.
* Various bug fixes.
-------------------------------------------------------------------
Mon Jun 8 14:33:31 CEST 2009 - mseben@suse.cz
- updated to version 3.5.22
* backported djview4 version of nsdejavu.so
* various bug fixes
- splitted to doc package
-------------------------------------------------------------------
Mon Aug 25 15:57:25 CEST 2008 - lmichnovic@suse.cz
- update to version 3.5.21
* Speed improvement on multicore platforms
* Ddjvu now can produce pdf output.
- renamed lib to libdjvulibre21 according to Shared Library
Packaging Policy
-------------------------------------------------------------------
Mon Dec 10 16:51:49 CET 2007 - lmichnovic@suse.cz
- update to version 3.5.20
obsoletes semicolon.patch, strip.patch
* Csepdjvu handle gsdjvu hyperlink comments.
* Djvudigital therefore handles hyperlinks.
-------------------------------------------------------------------
Mon Sep 10 16:03:35 CEST 2007 - lmichnovic@suse.cz
- moved desktop file to djview3 subpackage [#307485]
-------------------------------------------------------------------
Fri Jul 13 17:27:13 CEST 2007 - lmichnovic@suse.cz
- added trailing semicolon in desktop file (semicolon.patch)
- splitted off djview3 (Qt3) to make possible have alternative
djview4 (Qt4) package
-------------------------------------------------------------------
Mon Jun 11 17:45:08 CEST 2007 - lmichnovic@suse.cz
- fixed djvulibre-devel's Requires with %{version}; [#282833]
-------------------------------------------------------------------
Wed Jun 6 17:05:31 CEST 2007 - lmichnovic@suse.cz
- renamed lib to libdjvulibre15 according to Shared Library
Packaging Policy
- splitted of devel package
- fixed calling ldconfig in post scripts
-------------------------------------------------------------------
Fri Apr 20 21:16:22 CEST 2007 - lmichnovic@suse.cz
- moved libs into new libdjvulibre package [#264978]
- excluding *.la
-------------------------------------------------------------------
Tue Apr 3 18:52:51 CEST 2007 - lmichnovic@suse.cz
- installing icons and desktop file in %install section
-------------------------------------------------------------------
Tue Mar 27 17:04:03 CEST 2007 - lmichnovic@suse.cz
- update to version 3.5.19
* DjVuLibre is distributed under either version 2 of the GPL or
(at your option) any later version.
since 3.5.18
* Renamed djview as djview3.
* Various enhancement of DDJVUAPI.
* Partial support for page titles instead of page numbers.
* Clarification of metadata information.
* Fixed djvumake mask separation feature.
* Complain when given a so-called "secure" djvu file.
* Fixed handling of urls with cgi arguments.
* Fixed bug related to caching and ddjvuapi.
* Reorganized ${datadir}/djvu.
* Provide scripts in ${datadir}/djvu/*/desktop to register
the djvu mime types and the djview menu entries.
- obsoletes utf8.patch
-------------------------------------------------------------------
Sat Aug 5 16:53:50 CEST 2006 - lmichnovic@suse.cz
- specifying --x-libraries and --x-include due to new paths in new
X.org 7.x.
- added qt3-devel-tools and libtiff-devel into BuildRequires which
enhance functionality
-------------------------------------------------------------------
Wed Jul 12 12:40:38 CEST 2006 - lmichnovic@suse.cz
- update to version 3.5.17
- Various enhancement of DDJVUAPI.
- Compiles with the GCC-4.1.
- using MSVC using the provided project files.
- Minor bug fixes in csepdjvu text extraction.
- Fixed leak in csepdjvu, cpaldjvu and cjb2.
-------------------------------------------------------------------
Wed Jan 25 21:35:31 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Jan 20 18:10:47 CET 2006 - schwab@suse.de
- Don't strip binaries.
-------------------------------------------------------------------
Wed Nov 23 14:16:23 CET 2005 - lmichnovic@suse.cz
- added -fno-strict-aliasing into CXXFLAGS
-------------------------------------------------------------------
Tue Nov 1 16:07:35 CET 2005 - lmichnovic@suse.cz
- upgrade to version 3.5.16
upgrade fixes missing binary any2djvu (#131761)
-------------------------------------------------------------------
Wed Oct 19 19:40:40 CEST 2005 - lmichnovic@suse.cz
- fixed invalid extra qualification for build with new gcc 4.1
-------------------------------------------------------------------
Wed Sep 28 23:41:07 CEST 2005 - dmueller@suse.de
- add norootforbuild
-------------------------------------------------------------------
Wed May 25 10:43:01 CEST 2005 - ltinkl@suse.cz
- fix build with gcc41
-------------------------------------------------------------------
Tue Feb 22 16:47:29 CET 2005 - meissner@suse.de
- fixed XtVa* lists calls 0 -> NULL.
-------------------------------------------------------------------
Tue Feb 1 09:44:02 CET 2005 - meissner@suse.de
- fixed one execl call 0->NULL.
-------------------------------------------------------------------
Wed Sep 29 09:30:03 CEST 2004 - ke@suse.de
- Recode README in UTF-8 encoding [#46179].
-------------------------------------------------------------------
Mon Aug 9 17:32:29 CEST 2004 - ro@suse.de
- added directory to filelist
-------------------------------------------------------------------
Fri Aug 06 12:35:09 CEST 2004 - ltinkl@suse.cz
- update to 3.5.14
-------------------------------------------------------------------
Mon May 17 16:24:14 CEST 2004 - ltinkl@suse.cz
- updated to latest version 3.5.13
- redone the patch
- simplified and updated list of packaged files
-------------------------------------------------------------------
Tue Sep 30 13:27:25 CEST 2003 - ltinkl@suse.cz
- updated to 3.5.12
- ported the patch
-------------------------------------------------------------------
Mon Aug 25 17:18:14 CEST 2003 - ro@suse.de
- fix compile with current gcc
-------------------------------------------------------------------
Wed Jun 04 19:09:36 CEST 2003 - mjancar@suse.cz
- update to 3.5.11
* added support for mouse wheel
* added support for LT toolbar control args
* improved csepdjvu option -bgwhite
* Djview and djvups now can print booklets
* Djview main dialogs have a help button
* Djview key space does continuous reading now
* annotation strings now recognize C escape sequences
* and some fixes
- add URL
- use buildroot
- use $RPM_OPT_FLAGS
-------------------------------------------------------------------
Mon Feb 24 15:33:41 CET 2003 - ro@suse.de
- move to libdir/browser-plugins
-------------------------------------------------------------------
Sat Dec 28 21:27:36 CET 2002 - prehak@suse.cz
- fixed to build with gcc-3.3
- added %clean section
-------------------------------------------------------------------
Thu Oct 31 14:30:53 CET 2002 - uli@suse.de
- update -> 3.5.9 (gcc-3.2, fix for broken command ddjvu, modified
IW44 for ARM processors)
- going down to -O1 on x86-64 to avoid segfault in djview
- cutting optimization on Alpha as well
-------------------------------------------------------------------
Wed Aug 7 16:50:38 CEST 2002 - uli@suse.de
- update -> 3.5.8 (fixed printing of b&w documents,fixes for
gcc-3.1)
-------------------------------------------------------------------
Tue Jul 23 13:00:30 CEST 2002 - uli@suse.de
- update -> 3.5.7 (minor fixes)
-------------------------------------------------------------------
Fri Jun 28 10:40:18 CEST 2002 - uli@suse.de
- build with -O2 on x86-64 to avoid miscompilation
-------------------------------------------------------------------
Fri Jun 7 15:29:16 CEST 2002 - uli@suse.de
- update -> 3.5.6:
Added option -bgwhite in cpaldjvu
Removed annoying flicker with djview/Qt3.
Fixed show stopper in djvused.
Fixed bug in djview print dialog.
Added CGI program djvuserve.
-------------------------------------------------------------------
Tue May 14 10:56:23 CEST 2002 - uli@suse.de
- find Qt3 in lib64 if applicable
- still doesn't build on x86-64, maybe bin2cpp gets miscompiled
-------------------------------------------------------------------
Thu Apr 18 13:28:17 CEST 2002 - uli@suse.de
- fixed to build with gcc 3.1
-------------------------------------------------------------------
Fri Feb 1 11:19:51 CET 2002 - uli@suse.de
- use %_libdir
-------------------------------------------------------------------
Thu Jan 31 17:52:07 CET 2002 - uli@suse.de
- added plugin to mozilla plugin dir
-------------------------------------------------------------------
Fri Jan 18 13:44:24 CET 2002 - uli@suse.de
- update -> 3.5.3 (builds with Qt3, adds djvups tool)
-------------------------------------------------------------------
Wed Dec 12 13:48:18 CET 2001 - uli@suse.de
- initial package

157
djvulibre.spec Normal file
View File

@ -0,0 +1,157 @@
#
# spec file for package djvulibre
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define asan_build 0
%define libname lib%{name}21
Name: djvulibre
Version: 3.5.28
Release: 0
Summary: An Implementation of DjVu
License: GPL-2.0-or-later
Group: Productivity/Graphics/Other
URL: http://djvu.sourceforge.net
Source: https://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
# CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file
Patch0: djvulibre-CVE-2021-32490.patch
# CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file
Patch1: djvulibre-CVE-2021-32491.patch
# CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
Patch2: djvulibre-CVE-2021-32492.patch
# CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
Patch3: djvulibre-CVE-2021-32493.patch
# CVE-2021-3500 [bsc#1186253], Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file
Patch4: djvulibre-CVE-2021-3500.patch
# CVE-2021-46310 [bsc#1214670], divide by zero in IW44Image.cpp
Patch5: djvulibre-CVE-2021-46310.patch
# CVE-2021-46312 [bsc#1214672], divide by zero in IW44EncodeCodec.cpp
Patch6: djvulibre-CVE-2021-46312.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: hicolor-icon-theme
BuildRequires: libjpeg-devel
# libtool needed to regenerate missing configure script (v 3.5.28)
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: pkgconfig(libtiff-4)
%description
DjVu is a Web-centric format and software platform for distributing
documents and images. DjVuLibre is an implementation of DjVu,
including viewers, browser plug-ins, decoders, encoders, and
utilities. DjVu can replace PDF, PS, TIFF, JPEG, and GIF for
distributing scanned documents, digital documents, or high-resolution
pictures. DjVu content is often smaller and consumes less client
resources than competing formats.
%package -n %{libname}
Summary: DjVu rendering library
Group: Productivity/Graphics/Other
%description -n %{libname}
DjVuLibre is an implementation of DjVu, a Web-centric format and
software platform for distributing documents and images.
This package contains the shared libraries.
%package -n libdjvulibre-devel
Summary: Headers for djvulibre libraries
Group: Development/Libraries/Other
Requires: %{libname} = %{version}
%description -n libdjvulibre-devel
DjVuLibre is an implementation of DjVu, a Web-centric format and
software platform for distributing documents and images.
This package contains the development files.
%package doc
Summary: Documentation for djvulibre
Group: Productivity/Graphics/Other
BuildArch: noarch
%description doc
DjVuLibre is an implementation of DjVu, a Web-centric format and
software platform for distributing documents and images.
This package contains the documentation.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%build
# configure script missing; generate using autogen.sh
NOCONFIGURE=1 ./autogen.sh
%configure \
--disable-silent-rules
%if %{asan_build}
sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \
-e 's/\(^CXXFLAGS.*\)/\1 -fsanitize=address/' \
-e 's/\(^LIBS =.*\)/\1 -lasan/' \
Makefile */Makefile
%endif
make %{?_smp_mflags}
%install
%make_install
# do not ship these
rm %{buildroot}%{_libdir}/libdjvulibre.la
%fdupes %{buildroot}/%{_prefix}
%if 0%{?suse_version} < 1550
%post
%icon_theme_cache_post
%postun
%icon_theme_cache_postun
%endif
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files
%license COPYING COPYRIGHT
%doc NEWS README
%doc %{_mandir}/man1/*
%{_datadir}/djvu
%{_bindir}/*
%{_datadir}/icons/hicolor/*
%files -n %{libname}
%{_libdir}/libdjvulibre.so.*
%files -n libdjvulibre-devel
%{_libdir}/libdjvulibre.so
%dir %{_includedir}/libdjvu
%{_includedir}/libdjvu/*.h
%{_libdir}/pkgconfig/ddjvuapi.pc
%files doc
%doc doc/*
%changelog