rpm/htmldoc
SHA256
1
0
Fork 0
forked from pool/htmldoc
Code Pull Requests Activity

Accepting request 1221331 from Publishing

Browse Source 
- security update
- added patches
  fix CVE-2024-46478 [bsc#1232380], buffer overflow when handling tabs through the parse_pre function (ps-pdf.cxx)
  + htmldoc-CVE-2024-46478.patch (forwarded request 1221327 from pgajdos)

OBS-URL: https://build.opensuse.org/request/show/1221331
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/htmldoc?expand=0&rev=36
This commit is contained in:
Ana Guerrero 2024-11-05 14:39:41 +00:00 committed by Git OBS Bridge
commit a08ad20d3a
3 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
htmldoc-CVE-2024-46478.patch Normal file
View File

@ -0,0 +1,27 @@
Index: htmldoc-1.9.18/htmldoc/ps-pdf.cxx
===================================================================
--- htmldoc-1.9.18.orig/htmldoc/ps-pdf.cxx
+++ htmldoc-1.9.18/htmldoc/ps-pdf.cxx
@@ -5702,10 +5702,13 @@ parse_pre(tree_t *t, /* I - Tree to par
case MARKUP_NONE :
for (lineptr = line, dataptr = start->data;
- *dataptr != '\0' && lineptr < (line + sizeof(line) - 1);
+ *dataptr != '\0' && lineptr < (line + sizeof(line) - 9);
dataptr ++)
+ {
if (*dataptr == '\n')
+ {
break;
+ }
else if (*dataptr == '\t')
{
/* This code changed after 15 years to work around new compiler optimization bugs (Issue #349) */
@@ -5720,6 +5723,7 @@ parse_pre(tree_t *t, /* I - Tree to par
*lineptr++ = *dataptr;
col ++;
}
+ }
*lineptr = '\0';

8
htmldoc.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Nov 5 07:31:53 UTC 2024 - pgajdos@suse.com
- security update
- added patches
fix CVE-2024-46478 [bsc#1232380], buffer overflow when handling tabs through the parse_pre function (ps-pdf.cxx)
+ htmldoc-CVE-2024-46478.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 2 12:48:22 UTC 2024 - pgajdos@suse.com Mon Sep 2 12:48:22 UTC 2024 - pgajdos@suse.com

2
htmldoc.spec
View File

@ -26,6 +26,8 @@ URL: https://michaelrsweet.github.io/htmldoc/index.html
Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
# CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. # CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
Patch0: htmldoc-CVE-2024-45508.patch Patch0: htmldoc-CVE-2024-45508.patch
# CVE-2024-46478 [bsc#1232380], buffer overflow when handling tabs through the parse_pre function (ps-pdf.cxx)
Patch1: htmldoc-CVE-2024-46478.patch
BuildRequires: cups-devel BuildRequires: cups-devel
BuildRequires: fltk-devel BuildRequires: fltk-devel
BuildRequires: gcc-c++ BuildRequires: gcc-c++