pool/htmldoc
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 945819 from editors

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/945819
OBS-URL: https://build.opensuse.org/package/show/Publishing/htmldoc?expand=0&rev=30
This commit is contained in:
Martin Pluskal 2022-01-12 12:44:55 +00:00 committed by Git OBS Bridge
parent 5ba7530688
commit 52509d7d54
5 changed files with 29 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htmldoc-1.9.12-source.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0906ec61cdac8d7349b13922f6566aebfe737b1695422a59d6c11ee7e6eaf99f
size 3393013

3
htmldoc-1.9.14-source.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d144d56d1326c052b1c7a7d4e17dc1526b84b73647956762968b52db47850cb2
size 3392075

33
htmldoc-CVE-2021-40985.patch
View File

@ -1,33 +0,0 @@
diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
index 337c0cc5..d44d1ba3 100644
--- a/htmldoc/image.cxx
+++ b/htmldoc/image.cxx
@@ -915,6 +915,9 @@ image_load_bmp(image_t *img, /* I - Image to load into */
colors_used = (int)read_dword(fp);
read_dword(fp);
+ if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192)
+ return (-1);
+
if (info_size > 40)
for (info_size -= 40; info_size > 0; info_size --)
getc(fp);
@@ -926,7 +929,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */
fread(colormap, (size_t)colors_used, 4, fp);
// Setup image and buffers...
- img->depth = gray ? 1 : 3;
+ img->depth = gray ? 1 : 3;
// If this image is indexed and we are writing an encrypted PDF file, bump the use count so
// we create an image object (Acrobat 6 bug workaround)
@@ -1076,7 +1079,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */
if (bit == 0xf0)
{
if (color < 0)
- temp = getc(fp);
+ temp = getc(fp) & 255;
else
temp = color;

23
htmldoc.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Jan 12 09:35:58 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Update to version 1.9.14:
* BMP image support is now deprecated and will be removed in a future
release of HTMLDOC.
* Fixed a potential stack overflow bug with GIF images.
* Fixed the PDF creation date (Issue #455)
* Fixed a potential stack overflow bug with BMP images (Issue #456)
* Fixed a compile issue when libpng was not available (Issue #458)
- Update to version 1.9.13:
* Now install a 32x32 icon for Linux (Issue #432)
* Fixed an issue with large values for roman numerals and letters in headings (Issue #433)
* Fixed a crash bug when a HTML comment contains an invalid nul character (Issue #439)
* Fixed a crash bug with bogus BMP images (Issue #444)
* Fixed a potential heap overflow bug with bogus GIF images (Issue #451)
* Fixed a potential stack overflow bug with bogus BMP images (Issue #453)
- Fix CVE-2021-43579 stack-based buffer overflow in image_load_bmp() results in remote code
execution if the victim converts an HTML document linking to a crafted BMP file.
(CVE-2021-43579, bsc#1194487)
- Remove upstreamed patch htmldoc-CVE-2021-40985.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 5 08:29:27 UTC 2021 - pgajdos@suse.com Fri Nov 5 08:29:27 UTC 2021 - pgajdos@suse.com

10
htmldoc.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package htmldoc # spec file for package htmldoc
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,15 +17,13 @@
Name: htmldoc Name: htmldoc
Version: 1.9.12 Version: 1.9.14
Release: 0 Release: 0
Summary: HTML Processor that Generates HTML, PostScript, and PDF Files Summary: HTML Processor that Generates HTML, PostScript, and PDF Files
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
Group: Productivity/Publishing/HTML/Tools Group: Productivity/Publishing/HTML/Tools
URL: https://michaelrsweet.github.io/htmldoc/index.html URL: https://michaelrsweet.github.io/htmldoc/index.html
Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
# CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image
Patch0: htmldoc-CVE-2021-40985.patch
BuildRequires: fltk-devel BuildRequires: fltk-devel
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: hicolor-icon-theme BuildRequires: hicolor-icon-theme
@ -42,8 +40,7 @@ HTMLDOC converts HTML source files into indexed HTML, PostScript, or
Portable Document Format (PDF) files that can be viewed online or printed. Portable Document Format (PDF) files that can be viewed online or printed.
%prep %prep
%setup -q %autosetup
%patch0 -p1
%build %build
%configure \ %configure \
@ -66,7 +63,6 @@ rm -rf %{buildroot}/home %{buildroot}%{_datadir}/doc/%{name}
%doc CHANGES.md README.md %doc CHANGES.md README.md
%{_bindir}/htmldoc %{_bindir}/htmldoc
%{_datadir}/htmldoc %{_datadir}/htmldoc
%{_datadir}/pixmaps/htmldoc.xpm
%{_datadir}/icons/hicolor/*x*/apps/htmldoc.png %{_datadir}/icons/hicolor/*x*/apps/htmldoc.png
%{_datadir}/mime/packages/htmldoc.xml %{_datadir}/mime/packages/htmldoc.xml
%{_datadir}/applications/htmldoc.desktop %{_datadir}/applications/htmldoc.desktop