diff options
| author |   Mikle Kolyada <zlogene@gentoo.org> | 2019-11-11 22:57:51 +0300 |
|---|---|---|
| committer | Mikle Kolyada <zlogene@gentoo.org> | 2019-11-11 23:07:08 +0300 |
| commit | 00faf7222c973e9d4d48256a492f5853ac97b147 (patch) | |
| tree | 68852c927a4ce92dbfae4c77df73d98b334a3ef0 /app-text/djvu | |
| parent | app-arch/unzip: stable 6.0_p25 for sparc, bug #691566 (diff) | |
| download | gentoo-00faf7222c973e9d4d48256a492f5853ac97b147.tar.gz gentoo-00faf7222c973e9d4d48256a492f5853ac97b147.tar.bz2 gentoo-00faf7222c973e9d4d48256a492f5853ac97b147.zip | |
app-text/djvu: fix CVE-2019-18804
Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Diffstat (limited to 'app-text/djvu')
| -rw-r--r-- | app-text/djvu/djvu-3.5.27-r1.ebuild | 66 | ||||
| -rw-r--r-- | app-text/djvu/files/fix-CVE-2019-18804.patch | 39 |
2 files changed, 105 insertions, 0 deletions
diff --git a/app-text/djvu/djvu-3.5.27-r1.ebuild b/app-text/djvu/djvu-3.5.27-r1.ebuild new file mode 100644 index 000000000000..0701849a7301 --- /dev/null +++ b/app-text/djvu/djvu-3.5.27-r1.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit desktop flag-o-matic xdg-utils + +MY_P="${PN}libre-${PV#*_p}" + +DESCRIPTION="DjVu viewers, encoders and utilities" +HOMEPAGE="http://djvu.sourceforge.net/" +SRC_URI="http://downloads.sourceforge.net/djvu/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-solaris" +IUSE="debug doc jpeg tiff xml" + +PATCHES=( "${FILESDIR}"/fix-CVE-2019-18804.patch ) + +RDEPEND="jpeg? ( virtual/jpeg:0 ) + tiff? ( media-libs/tiff:0= )" +DEPEND="${RDEPEND} + || ( gnome-base/librsvg media-gfx/inkscape )" + +S=${WORKDIR}/${MY_P%%.3} + +src_configure() { + use debug && append-cppflags "-DRUNTIME_DEBUG_ONLY" + + # We install all desktop files by hand. + econf \ + $(use_enable xml xmltools) \ + $(use_with jpeg) \ + $(use_with tiff) \ + --disable-desktopfiles +} + +DOCS=( NEWS README ) + +src_install() { + default + + find "${ED}" -name '*.la' -delete || die + + use doc && dodoc -r doc + + # Install desktop files. + cd desktopfiles + for i in {22,32,48,64}; do + insinto /usr/share/icons/hicolor/${i}x${i}/mimetypes + newins prebuilt-hi${i}-djvu.png image-vnd.djvu.png + done + insinto /usr/share/mime/packages + doins djvulibre-mime.xml +} + +pkg_postinst() { + xdg_mimeinfo_database_update + has_version app-text/djview || \ + optfeature "For djviewer or browser plugin" app-text/djview +} + +pkg_postrm() { + xdg_mimeinfo_database_update +} diff --git a/app-text/djvu/files/fix-CVE-2019-18804.patch b/app-text/djvu/files/fix-CVE-2019-18804.patch new file mode 100644 index 000000000000..b5d790ba1b1c --- /dev/null +++ b/app-text/djvu/files/fix-CVE-2019-18804.patch @@ -0,0 +1,39 @@ +From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001 +From: Leon Bottou <leon@bottou.org> +Date: Thu, 17 Oct 2019 22:20:31 -0400 +Subject: [PATCH] Fixed bug 309 + +--- + libdjvu/IW44EncodeCodec.cpp | 2 +- + tools/ddjvu.cpp | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp +index 00752a0..f81eaeb 100644 +--- a/libdjvu/IW44EncodeCodec.cpp ++++ b/libdjvu/IW44EncodeCodec.cpp +@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale) + int y = 0; + int s = scale*rowsize; + int s3 = s+s+s; +- h = ((h-1)/scale)+1; ++ h = (h>0) ? ((h-1)/scale)+1 : 0; + y += 1; + p += s; + while (y-3 < h) +diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp +index 6d0df3b..7109952 100644 +--- a/tools/ddjvu.cpp ++++ b/tools/ddjvu.cpp +@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno) + prect.h = (ih * 100) / dpi; + } + /* Process aspect ratio */ +- if (flag_aspect <= 0) ++ if (flag_aspect <= 0 && iw>0 && ih>0) + { + double dw = (double)iw / prect.w; + double dh = (double)ih / prect.h; +-- +2.23.0 + |