pool/htmldoc
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 988298 from home:dirkmueller:Factory

Browse Source 
- update to 1.9.16:
  * Added support for $DATE(format) and $TIME(format) header/footer strings
  * (Issue #472)
  * Fixed a potential image overflow bug with JPEG and PNG images (htmldoc-CVE-2022-27114.patch)
  * Fixed potential heap overflow bugs with pages (CVE-2022-28085)
  * Fixed potential use-after-free in blocks (Issue #484)
  * Updated the GNU TLS HTTPS support code to use a faster connection shutdown
  * mode (Issue #487)
  * Fixed some minor Coverity warnings.
- drop htmldoc-CVE-2022-27114.patch, htmldoc-CVE-2022-28085.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/988298
OBS-URL: https://build.opensuse.org/package/show/Publishing/htmldoc?expand=0&rev=36
This commit is contained in:
Martin Pluskal 2022-07-12 15:54:21 +00:00 committed by Git OBS Bridge
parent fd465e8f75
commit 5b98c5a69e
6 changed files with 18 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htmldoc-1.9.15-source.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c283318b28123c99bba5e9b6f51c3e6da161509e5b79cf32dda39f1c2a754c70
size 3388557

3
htmldoc-1.9.16-source.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1086385c4c16cdabe428ab1aa041266baebee39f222cf6a3947b41027b7dae3
size 3389563

72
htmldoc-CVE-2022-27114.patch
View File

@ -1,72 +0,0 @@
diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
index 8aeccced..9b4d11de 100644
--- a/htmldoc/image.cxx
+++ b/htmldoc/image.cxx
@@ -26,6 +26,13 @@ extern "C" { /* Workaround for JPEG header problems... */
#endif // HAVE_LIBPNG
+/*
+ * Limits...
+ */
+
+#define IMAGE_MAX_DIM 37837 // Maximum dimension - sqrt(4GiB / 3)
+
+
/*
* GIF definitions...
*/
@@ -926,7 +933,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */
colors_used = (int)read_dword(fp);
read_dword(fp);
- if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192 || info_size < 0)
+ if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM || info_size < 0)
return (-1);
if (info_size > 40)
@@ -1278,7 +1285,7 @@ image_load_gif(image_t *img, /* I - Image pointer */
img->height = (buf[9] << 8) | buf[8];
ncolors = 2 << (buf[10] & 0x07);
- if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767)
+ if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
return (-1);
// If we are writing an encrypted PDF file, bump the use count so we create
@@ -1326,7 +1333,7 @@ image_load_gif(image_t *img, /* I - Image pointer */
img->height = (buf[7] << 8) | buf[6];
img->depth = gray ? 1 : 3;
- if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767)
+ if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
return (-1);
if (transparent >= 0)
@@ -1443,6 +1450,12 @@ JSAMPROW row; /* Sample row pointer */
img->height = (int)cinfo.output_height;
img->depth = (int)cinfo.output_components;
+ if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
+ {
+ jpeg_destroy_decompress(&cinfo);
+ return (-1);
+ }
+
if (!load_data)
{
jpeg_destroy_decompress(&cinfo);
@@ -1598,6 +1611,12 @@ image_load_png(image_t *img, /* I - Image pointer */
img->width = (int)png_get_image_width(pp, info);
img->height = (int)png_get_image_height(pp, info);
+ if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
+ {
+ png_destroy_read_struct(&pp, &info, NULL);
+ return (-1);
+ }
+
if (color_type & PNG_COLOR_MASK_ALPHA)
{
if ((PSLevel == 0 && PDFVersion >= 14) || PSLevel == 3)

13
htmldoc-CVE-2022-28085.patch
View File

@ -1,13 +0,0 @@
Index: htmldoc-1.9.15/htmldoc/ps-pdf.cxx
===================================================================
--- htmldoc-1.9.15.orig/htmldoc/ps-pdf.cxx
+++ htmldoc-1.9.15/htmldoc/ps-pdf.cxx
@@ -3583,6 +3583,8 @@ pdf_write_names(FILE *out) /* I - Outpu
pdf_start_object(out);
float x, y;
+ check_pages(link->page);
+
x = 0.0f;
y = link->top + pages[link->page].bottom;
pspdf_transform_coords(pages + link->page, x, y);

14
htmldoc.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Jul 11 08:00:48 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.9.16:
* Added support for $DATE(format) and $TIME(format) header/footer strings
* (Issue #472)
* Fixed a potential image overflow bug with JPEG and PNG images (htmldoc-CVE-2022-27114.patch)
* Fixed potential heap overflow bugs with pages (CVE-2022-28085)
* Fixed potential use-after-free in blocks (Issue #484)
* Updated the GNU TLS HTTPS support code to use a faster connection shutdown
* mode (Issue #487)
* Fixed some minor Coverity warnings.
- drop htmldoc-CVE-2022-27114.patch, htmldoc-CVE-2022-28085.patch (upstream)
-------------------------------------------------------------------
Wed May 11 07:35:17 UTC 2022 - pgajdos@suse.com

6
htmldoc.spec
View File

@ -17,17 +17,13 @@
Name: htmldoc
Version: 1.9.15
Version: 1.9.16
Release: 0
Summary: HTML Processor that Generates HTML, PostScript, and PDF Files
License: LGPL-2.1-or-later
Group: Productivity/Publishing/HTML/Tools
URL: https://michaelrsweet.github.io/htmldoc/index.html
Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
# CVE-2022-28085 [bsc#1198933], Heap buffer overflow in function pdf_write_names in ps-pdf.cxx
Patch0: htmldoc-CVE-2022-28085.patch
# CVE-2022-27114 [bsc#1199370], image_load_jpeg can cause integer overflow
Patch1: htmldoc-CVE-2022-27114.patch
BuildRequires: fltk-devel
BuildRequires: gcc-c++
BuildRequires: hicolor-icon-theme