SHA256
1
0
forked from pool/htmldoc

Accepting request 1198406 from Publishing

OBS-URL: https://build.opensuse.org/request/show/1198406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/htmldoc?expand=0&rev=35
This commit is contained in:
Dominique Leuenberger 2024-09-04 11:22:10 +00:00 committed by Git OBS Bridge
commit db696f6a95
3 changed files with 23 additions and 0 deletions

View File

@ -0,0 +1,13 @@
Index: htmldoc-1.9.18/htmldoc/ps-pdf.cxx
===================================================================
--- htmldoc-1.9.18.orig/htmldoc/ps-pdf.cxx
+++ htmldoc-1.9.18/htmldoc/ps-pdf.cxx
@@ -5234,7 +5234,7 @@ parse_paragraph(tree_t *t, /* I - Tree t
if (temp->markup != MARKUP_A)
break;
- if (temp != NULL && temp->markup == MARKUP_NONE && temp->data[0] == ' ')
+ if (temp != NULL && temp->markup == MARKUP_NONE && temp->data[0] == ' ' && temp->data[1])
{
// Drop leading space...
for (dataptr = temp->data; *dataptr; dataptr ++)

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Sep 2 12:48:22 UTC 2024 - pgajdos@suse.com
- security update
- added patches
fix CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
+ htmldoc-CVE-2024-45508.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 15 08:06:02 UTC 2024 - pgajdos@suse.com Thu Feb 15 08:06:02 UTC 2024 - pgajdos@suse.com

View File

@ -24,6 +24,8 @@ License: LGPL-2.1-or-later
Group: Productivity/Publishing/HTML/Tools Group: Productivity/Publishing/HTML/Tools
URL: https://michaelrsweet.github.io/htmldoc/index.html URL: https://michaelrsweet.github.io/htmldoc/index.html
Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
# CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
Patch0: htmldoc-CVE-2024-45508.patch
BuildRequires: cups-devel BuildRequires: cups-devel
BuildRequires: fltk-devel BuildRequires: fltk-devel
BuildRequires: gcc-c++ BuildRequires: gcc-c++