From 4fc139368f0524d4383c8a8ccae4a1a396f121bddc822103a88a6318b4fb6994 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Mon, 24 May 2021 08:56:15 +0000
Subject: [PATCH] - security update - added patches   fix CVE-2021-3500
 [bsc#1186253], Stack overflow in function DJVU:DjVuDocument:get_djvu_file()
 via crafted djvu file   + djvulibre-CVE-2021-3500.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/djvulibre?expand=0&rev=41
---
 djvulibre-CVE-2021-3500.patch | 33 +++++++++++++++++++++++++++++++++
 djvulibre.changes             |  8 ++++++++
 djvulibre.spec                |  3 +++
 3 files changed, 44 insertions(+)
 create mode 100644 djvulibre-CVE-2021-3500.patch

diff --git a/djvulibre-CVE-2021-3500.patch b/djvulibre-CVE-2021-3500.patch
new file mode 100644
index 0000000..a740d15
--- /dev/null
+++ b/djvulibre-CVE-2021-3500.patch
@@ -0,0 +1,33 @@
+--- a/libdjvu/DjVuPort.cpp	
++++ a/libdjvu/DjVuPort.cpp	
+@@ -507,10 +507,19 @@ GP<DjVuFile>
+ DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id)
+ {
+    GPList<DjVuPort> list;
++
++   if (!!opening_id && opening_id == id)
++      G_THROW( ERR_MSG("DjVuPortcaster.recursive_open") );
++   else
++      opening_id = id;
++
+    compute_closure(source, list, true);
+    GP<DjVuFile> file;
+    for(GPosition pos=list;pos;++pos)
+       if ((file=list[pos]->id_to_file(source, id))) break;
++
++   opening_id = GUTF8String();
++
+    return file;
+ }
+ 
+--- a/libdjvu/DjVuPort.h	
++++ a/libdjvu/DjVuPort.h	
+@@ -484,6 +484,7 @@ private:
+                        const DjVuPort *dst, int distance);
+    void compute_closure(const DjVuPort *src, GPList<DjVuPort> &list,
+                         bool sorted=false);
++   GUTF8String opening_id;
+ };
+ 
+ 
+
diff --git a/djvulibre.changes b/djvulibre.changes
index b46908d..f764ebc 100644
--- a/djvulibre.changes
+++ b/djvulibre.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon May 24 08:55:21 UTC 2021 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2021-3500 [bsc#1186253], Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file
+  + djvulibre-CVE-2021-3500.patch
+
 -------------------------------------------------------------------
 Wed May 12 10:09:21 UTC 2021 - pgajdos@suse.com
 
diff --git a/djvulibre.spec b/djvulibre.spec
index ed067a3..b2eb5ac 100644
--- a/djvulibre.spec
+++ b/djvulibre.spec
@@ -35,6 +35,8 @@ Patch1:         djvulibre-CVE-2021-32491.patch
 Patch2:         djvulibre-CVE-2021-32492.patch
 # CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
 Patch3:         djvulibre-CVE-2021-32493.patch
+# CVE-2021-3500 [bsc#1186253], Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file
+Patch4:         djvulibre-CVE-2021-3500.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  hicolor-icon-theme
@@ -91,6 +93,7 @@ This package contains the documentation.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 # configure script missing; generate using autogen.sh