forked from pool/htmldoc
Accepting request 945819 from editors
OBS-URL: https://build.opensuse.org/request/show/945819 OBS-URL: https://build.opensuse.org/package/show/Publishing/htmldoc?expand=0&rev=30
This commit is contained in:
Martin Pluskal
Git OBS Bridge
parent
5ba7530688
commit
52509d7d54
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0906ec61cdac8d7349b13922f6566aebfe737b1695422a59d6c11ee7e6eaf99f
|
||||
size 3393013
|
||||
3
htmldoc-1.9.14-source.tar.gz
Normal file
3
htmldoc-1.9.14-source.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d144d56d1326c052b1c7a7d4e17dc1526b84b73647956762968b52db47850cb2
|
||||
size 3392075
|
||||
@ -1,33 +0,0 @@
|
||||
diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
|
||||
index 337c0cc5..d44d1ba3 100644
|
||||
--- a/htmldoc/image.cxx
|
||||
+++ b/htmldoc/image.cxx
|
||||
@@ -915,6 +915,9 @@ image_load_bmp(image_t *img, /* I - Image to load into */
|
||||
colors_used = (int)read_dword(fp);
|
||||
read_dword(fp);
|
||||
|
||||
+ if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192)
|
||||
+ return (-1);
|
||||
+
|
||||
if (info_size > 40)
|
||||
for (info_size -= 40; info_size > 0; info_size --)
|
||||
getc(fp);
|
||||
@@ -926,7 +929,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */
|
||||
fread(colormap, (size_t)colors_used, 4, fp);
|
||||
|
||||
// Setup image and buffers...
|
||||
- img->depth = gray ? 1 : 3;
|
||||
+ img->depth = gray ? 1 : 3;
|
||||
|
||||
// If this image is indexed and we are writing an encrypted PDF file, bump the use count so
|
||||
// we create an image object (Acrobat 6 bug workaround)
|
||||
@@ -1076,7 +1079,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */
|
||||
if (bit == 0xf0)
|
||||
{
|
||||
if (color < 0)
|
||||
- temp = getc(fp);
|
||||
+ temp = getc(fp) & 255;
|
||||
else
|
||||
temp = color;
|
||||
|
||||
|
||||
@ -1,3 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 12 09:35:58 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
||||
|
||||
- Update to version 1.9.14:
|
||||
* BMP image support is now deprecated and will be removed in a future
|
||||
release of HTMLDOC.
|
||||
* Fixed a potential stack overflow bug with GIF images.
|
||||
* Fixed the PDF creation date (Issue #455)
|
||||
* Fixed a potential stack overflow bug with BMP images (Issue #456)
|
||||
* Fixed a compile issue when libpng was not available (Issue #458)
|
||||
- Update to version 1.9.13:
|
||||
* Now install a 32x32 icon for Linux (Issue #432)
|
||||
* Fixed an issue with large values for roman numerals and letters in headings (Issue #433)
|
||||
* Fixed a crash bug when a HTML comment contains an invalid nul character (Issue #439)
|
||||
* Fixed a crash bug with bogus BMP images (Issue #444)
|
||||
* Fixed a potential heap overflow bug with bogus GIF images (Issue #451)
|
||||
* Fixed a potential stack overflow bug with bogus BMP images (Issue #453)
|
||||
- Fix CVE-2021-43579 stack-based buffer overflow in image_load_bmp() results in remote code
|
||||
execution if the victim converts an HTML document linking to a crafted BMP file.
|
||||
(CVE-2021-43579, bsc#1194487)
|
||||
- Remove upstreamed patch htmldoc-CVE-2021-40985.patch
|
||||
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 5 08:29:27 UTC 2021 - pgajdos@suse.com
|
||||
|
||||
|
||||
10
htmldoc.spec
10
htmldoc.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package htmldoc
|
||||
#
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,15 +17,13 @@
|
||||
|
||||
|
||||
Name: htmldoc
|
||||
Version: 1.9.12
|
||||
Version: 1.9.14
|
||||
Release: 0
|
||||
Summary: HTML Processor that Generates HTML, PostScript, and PDF Files
|
||||
License: LGPL-2.1-or-later
|
||||
Group: Productivity/Publishing/HTML/Tools
|
||||
URL: https://michaelrsweet.github.io/htmldoc/index.html
|
||||
Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
|
||||
# CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image
|
||||
Patch0: htmldoc-CVE-2021-40985.patch
|
||||
BuildRequires: fltk-devel
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: hicolor-icon-theme
|
||||
@ -42,8 +40,7 @@ HTMLDOC converts HTML source files into indexed HTML, PostScript, or
|
||||
Portable Document Format (PDF) files that can be viewed online or printed.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -66,7 +63,6 @@ rm -rf %{buildroot}/home %{buildroot}%{_datadir}/doc/%{name}
|
||||
%doc CHANGES.md README.md
|
||||
%{_bindir}/htmldoc
|
||||
%{_datadir}/htmldoc
|
||||
%{_datadir}/pixmaps/htmldoc.xpm
|
||||
%{_datadir}/icons/hicolor/*x*/apps/htmldoc.png
|
||||
%{_datadir}/mime/packages/htmldoc.xml
|
||||
%{_datadir}/applications/htmldoc.desktop
|
||||
|
||||
Loading…
Reference in New Issue
Block a user