From 52509d7d54ec26cfb3c3a0e7e9279af11be9472a705f1a5c8f0a2cb180b25548 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Wed, 12 Jan 2022 12:44:55 +0000 Subject: [PATCH] Accepting request 945819 from editors OBS-URL: https://build.opensuse.org/request/show/945819 OBS-URL: https://build.opensuse.org/package/show/Publishing/htmldoc?expand=0&rev=30 --- htmldoc-1.9.12-source.tar.gz | 3 --- htmldoc-1.9.14-source.tar.gz | 3 +++ htmldoc-CVE-2021-40985.patch | 33 --------------------------------- htmldoc.changes | 23 +++++++++++++++++++++++ htmldoc.spec | 10 +++------- 5 files changed, 29 insertions(+), 43 deletions(-) delete mode 100644 htmldoc-1.9.12-source.tar.gz create mode 100644 htmldoc-1.9.14-source.tar.gz delete mode 100644 htmldoc-CVE-2021-40985.patch diff --git a/htmldoc-1.9.12-source.tar.gz b/htmldoc-1.9.12-source.tar.gz deleted file mode 100644 index d22fe61..0000000 --- a/htmldoc-1.9.12-source.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0906ec61cdac8d7349b13922f6566aebfe737b1695422a59d6c11ee7e6eaf99f -size 3393013 diff --git a/htmldoc-1.9.14-source.tar.gz b/htmldoc-1.9.14-source.tar.gz new file mode 100644 index 0000000..743d657 --- /dev/null +++ b/htmldoc-1.9.14-source.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d144d56d1326c052b1c7a7d4e17dc1526b84b73647956762968b52db47850cb2 +size 3392075 diff --git a/htmldoc-CVE-2021-40985.patch b/htmldoc-CVE-2021-40985.patch deleted file mode 100644 index f5ef0c4..0000000 --- a/htmldoc-CVE-2021-40985.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx -index 337c0cc5..d44d1ba3 100644 ---- a/htmldoc/image.cxx -+++ b/htmldoc/image.cxx -@@ -915,6 +915,9 @@ image_load_bmp(image_t *img, /* I - Image to load into */ - colors_used = (int)read_dword(fp); - read_dword(fp); - -+ if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192) -+ return (-1); -+ - if (info_size > 40) - for (info_size -= 40; info_size > 0; info_size --) - getc(fp); -@@ -926,7 +929,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */ - fread(colormap, (size_t)colors_used, 4, fp); - - // Setup image and buffers... -- img->depth = gray ? 1 : 3; -+ img->depth = gray ? 1 : 3; - - // If this image is indexed and we are writing an encrypted PDF file, bump the use count so - // we create an image object (Acrobat 6 bug workaround) -@@ -1076,7 +1079,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */ - if (bit == 0xf0) - { - if (color < 0) -- temp = getc(fp); -+ temp = getc(fp) & 255; - else - temp = color; - - diff --git a/htmldoc.changes b/htmldoc.changes index ec24a39..9d0c31e 100644 --- a/htmldoc.changes +++ b/htmldoc.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Wed Jan 12 09:35:58 UTC 2022 - Danilo Spinella + +- Update to version 1.9.14: + * BMP image support is now deprecated and will be removed in a future + release of HTMLDOC. + * Fixed a potential stack overflow bug with GIF images. + * Fixed the PDF creation date (Issue #455) + * Fixed a potential stack overflow bug with BMP images (Issue #456) + * Fixed a compile issue when libpng was not available (Issue #458) +- Update to version 1.9.13: + * Now install a 32x32 icon for Linux (Issue #432) + * Fixed an issue with large values for roman numerals and letters in headings (Issue #433) + * Fixed a crash bug when a HTML comment contains an invalid nul character (Issue #439) + * Fixed a crash bug with bogus BMP images (Issue #444) + * Fixed a potential heap overflow bug with bogus GIF images (Issue #451) + * Fixed a potential stack overflow bug with bogus BMP images (Issue #453) +- Fix CVE-2021-43579 stack-based buffer overflow in image_load_bmp() results in remote code + execution if the victim converts an HTML document linking to a crafted BMP file. + (CVE-2021-43579, bsc#1194487) +- Remove upstreamed patch htmldoc-CVE-2021-40985.patch + + ------------------------------------------------------------------- Fri Nov 5 08:29:27 UTC 2021 - pgajdos@suse.com diff --git a/htmldoc.spec b/htmldoc.spec index ebd89ec..101d12e 100644 --- a/htmldoc.spec +++ b/htmldoc.spec @@ -1,7 +1,7 @@ # # spec file for package htmldoc # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,15 +17,13 @@ Name: htmldoc -Version: 1.9.12 +Version: 1.9.14 Release: 0 Summary: HTML Processor that Generates HTML, PostScript, and PDF Files License: LGPL-2.1-or-later Group: Productivity/Publishing/HTML/Tools URL: https://michaelrsweet.github.io/htmldoc/index.html Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz -# CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image -Patch0: htmldoc-CVE-2021-40985.patch BuildRequires: fltk-devel BuildRequires: gcc-c++ BuildRequires: hicolor-icon-theme @@ -42,8 +40,7 @@ HTMLDOC converts HTML source files into indexed HTML, PostScript, or Portable Document Format (PDF) files that can be viewed online or printed. %prep -%setup -q -%patch0 -p1 +%autosetup %build %configure \ @@ -66,7 +63,6 @@ rm -rf %{buildroot}/home %{buildroot}%{_datadir}/doc/%{name} %doc CHANGES.md README.md %{_bindir}/htmldoc %{_datadir}/htmldoc -%{_datadir}/pixmaps/htmldoc.xpm %{_datadir}/icons/hicolor/*x*/apps/htmldoc.png %{_datadir}/mime/packages/htmldoc.xml %{_datadir}/applications/htmldoc.desktop