pool/htmldoc
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory
pool:devel
rpm:factory
rpm:devel
..
compare: rpm:factory
Branches Tags
rpm:factory
rpm:devel
pool:factory
pool:devel

No commits in common. "factory" and "factory" have entirely different histories.
factory ... factory

3 changed files with 1 additions and 38 deletions
Show Stats Expand all files Collapse all files

27
htmldoc-CVE-2024-46478.patch
View File

@ -1,27 +0,0 @@
Index: htmldoc-1.9.18/htmldoc/ps-pdf.cxx
===================================================================
--- htmldoc-1.9.18.orig/htmldoc/ps-pdf.cxx
+++ htmldoc-1.9.18/htmldoc/ps-pdf.cxx
@@ -5702,10 +5702,13 @@ parse_pre(tree_t *t, /* I - Tree to par
case MARKUP_NONE :
for (lineptr = line, dataptr = start->data;
- *dataptr != '\0' && lineptr < (line + sizeof(line) - 1);
+ *dataptr != '\0' && lineptr < (line + sizeof(line) - 9);
dataptr ++)
+ {
if (*dataptr == '\n')
+ {
break;
+ }
else if (*dataptr == '\t')
{
/* This code changed after 15 years to work around new compiler optimization bugs (Issue #349) */
@@ -5720,6 +5723,7 @@ parse_pre(tree_t *t, /* I - Tree to par
*lineptr++ = *dataptr;
col ++;
}
+ }
*lineptr = '\0';

8
htmldoc.changes
View File

@ -1,11 +1,3 @@
-------------------------------------------------------------------
Tue Nov 5 07:31:53 UTC 2024 - pgajdos@suse.com
- security update
- added patches
fix CVE-2024-46478 [bsc#1232380], buffer overflow when handling tabs through the parse_pre function (ps-pdf.cxx)
+ htmldoc-CVE-2024-46478.patch
-------------------------------------------------------------------
Mon Sep 2 12:48:22 UTC 2024 - pgajdos@suse.com

4
htmldoc.spec
View File

@ -25,9 +25,7 @@ Group: Productivity/Publishing/HTML/Tools
URL: https://michaelrsweet.github.io/htmldoc/index.html
Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
# CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
Patch0: htmldoc-CVE-2024-45508.patch
# CVE-2024-46478 [bsc#1232380], buffer overflow when handling tabs through the parse_pre function (ps-pdf.cxx)
Patch1: htmldoc-CVE-2024-46478.patch
Patch0: htmldoc-CVE-2024-45508.patch
BuildRequires: cups-devel
BuildRequires: fltk-devel
BuildRequires: gcc-c++