rpm/htmldoc
SHA256
1
0
Fork 0
forked from pool/htmldoc
Code Pull Requests Activity
factory
htmldoc/htmldoc.changes
Martin Pluskal 1dcbb9b3e2 - security update 
- added patches
  fix CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
  + htmldoc-CVE-2024-45508.patch

OBS-URL: https://build.opensuse.org/package/show/Publishing/htmldoc?expand=0&rev=42
2024-09-03 06:27:49 +00:00

452 lines
18 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Mon Sep 2 12:48:22 UTC 2024 - pgajdos@suse.com
- security update
- added patches
fix CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
+ htmldoc-CVE-2024-45508.patch
-------------------------------------------------------------------
Thu Feb 15 08:06:02 UTC 2024 - pgajdos@suse.com
- version update to 1.9.18
* Fixed table rendering when there are missing `</tr>` (Issue #494)
* Fixed support for links of the form "filename.html#anchor" in PDF output
(Issue #514)
* Fixed `--header1` support for web page output (Issue #515)
* Fixed markdown emphasized, strong, and struck-through text (Issue 517)
-------------------------------------------------------------------
Mon Oct 2 09:06:11 UTC 2023 - pgajdos@suse.com
- version update to 1.9.17
* Added new `--pre-indent` option to control indentation of pre-formatted text
(Issue #505)
* Now link to CUPS library instead of embedding its HTTP code.
* Updated PostScript and PDF date/time information to use UTC (Issue #490)
* Fixed multiple conversions of UTF-8 HTML files from the GUI (Issue #496)
* Fixed a compile bug on Solaris (Issue #498)
* Fixed a markdown parsing bug (Issue #503)
* Fixed a relative URL handling bug (Issue #507)
* Fixed a crash bug with bad title images (Issue #510)
* Fixed some minor CodeQL warnings.
-------------------------------------------------------------------
Mon Jul 11 08:00:48 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.9.16:
* Added support for $DATE(format) and $TIME(format) header/footer strings
* (Issue #472)
* Fixed a potential image overflow bug with JPEG and PNG images (htmldoc-CVE-2022-27114.patch)
* Fixed potential heap overflow bugs with pages (CVE-2022-28085)
* Fixed potential use-after-free in blocks (Issue #484)
* Updated the GNU TLS HTTPS support code to use a faster connection shutdown
* mode (Issue #487)
* Fixed some minor Coverity warnings.
- drop htmldoc-CVE-2022-27114.patch, htmldoc-CVE-2022-28085.patch (upstream)
-------------------------------------------------------------------
Wed May 11 07:35:17 UTC 2022 - pgajdos@suse.com
- security update
- added patches
fix CVE-2022-27114 [bsc#1199370], image_load_jpeg can cause integer overflow
+ htmldoc-CVE-2022-27114.patch
-------------------------------------------------------------------
Fri Apr 29 06:02:30 UTC 2022 - pgajdos@suse.com
- security update
- added patches
fix CVE-2022-28085 [bsc#1198933], Heap buffer overflow in function pdf_write_names in ps-pdf.cxx
+ htmldoc-CVE-2022-28085.patch
-------------------------------------------------------------------
Thu Feb 10 11:49:32 UTC 2022 - pgajdos@suse.com
- version update to 1.9.15
* Fixed a potential heap overflow bug with GIF images (Issue #461)
* Fixed a potential double-free bug with PNG images (Issue #462)
* Fixed a potential stack overflow bug with GIF images (Issue #463)
* Fixed a potential heap underflow bug with empty attributes (Issue #464)
* Fixed a potential stack overflow bug with BMP images (Issue #466)
* Fixed a potential heap overflow bug with the table-of-contents (Issue #467)
* Fixed a potential heap overflow bug with headings (Issue #468)
* Fixed a potential stack overflow bug with GIF images (Issue #470)
-------------------------------------------------------------------
Wed Jan 12 09:35:58 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Update to version 1.9.14:
* BMP image support is now deprecated and will be removed in a future
release of HTMLDOC.
* Fixed a potential stack overflow bug with GIF images.
* Fixed the PDF creation date (Issue #455)
* Fixed a potential stack overflow bug with BMP images (Issue #456)
* Fixed a compile issue when libpng was not available (Issue #458)
- Update to version 1.9.13:
* Now install a 32x32 icon for Linux (Issue #432)
* Fixed an issue with large values for roman numerals and letters in headings (Issue #433)
* Fixed a crash bug when a HTML comment contains an invalid nul character (Issue #439)
* Fixed a crash bug with bogus BMP images (Issue #444)
* Fixed a potential heap overflow bug with bogus GIF images (Issue #451)
* Fixed a potential stack overflow bug with bogus BMP images (Issue #453)
- Fix CVE-2021-43579 stack-based buffer overflow in image_load_bmp() results in remote code
execution if the victim converts an HTML document linking to a crafted BMP file.
(CVE-2021-43579, bsc#1194487)
- Remove upstreamed patch htmldoc-CVE-2021-40985.patch
-------------------------------------------------------------------
Fri Nov 5 08:29:27 UTC 2021 - pgajdos@suse.com
- security update
- added patches
fix CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image
+ htmldoc-CVE-2021-40985.patch
-------------------------------------------------------------------
Tue Jun 1 01:37:51 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 1.9.12
* Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 )
* Fixed a crash bug with "data:" URIs and EPUB output
* Fixed several other crash bugs
* Fixed JPEG error handling
* Fixed some minor issues
* Removed the bundled libjpeg, libpng, and zlib.
-------------------------------------------------------------------
Fri Jan 29 23:58:53 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.9.11:
- Added high-resolution desktop icons for Linux.
- Updated the internal HTTP library to fix truncation of redirection URLs
- Fixed a regression in the handling of character entities for UTF-8 input
- The `--numbered` option did not work when the table-of-contents was disabled
- Updated local zlib to v1.2.11.
- Updated local libpng to v1.6.37.
- Fixed packaging issues on macOS and Windows
- Now ignore sRGB profile errors in PNG files
- The GUI would crash when saving
- Page comments are now allowed in `pre` text
-------------------------------------------------------------------
Tue Aug 18 18:57:22 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 1.9.9:
- Added support for a `HTMLDOC.filename` META keyword that controls the filename
reported in CGI mode; the default remains "htmldoc.pdf" (Issue #367)
- Fixed a paragraph formatting issue with large inline images (Issue #369)
- Fixed a buffer underflow issue (Issue #370)
- Fixed PDF page numbers (Issue #371)
- Added support for a new `L` header/footer format (`$LETTERHEAD`), which
inserts a letterhead image at its full size (Issue #372, Issue #373,
Issue #375)
- Updated the build documentation (Issue #374)
- Refactored the PRE rendering code to work around compiler optimization bugs
- Added support for links with targets (Issue #351)
- Fixed a table rowspan + valign bug (Issue #360)
- Added support for data URIs (Issue #340)
- HTMLDOC no longer includes a PDF table of contents when converting a single
web page (Issue #344)
- Updated the markdown support with external links, additional inline markup,
and hard line breaks.
- Links in markdown text no longer render with a leading space as part of the
link (Issue #346)
- Fixed a buffer underflow bug discovered by AddressSanitizer.
- Fixed a bug in UTF-8 support (Issue #348)
- PDF output now includes the base language of the input document(s)
- Optimized the loading of font widths (Issue #354)
- Optimized PDF page resources (Issue #356)
- Optimized the base memory used for font widths (Issue #357)
- Added proper `&shy;` support (Issue #361)
- Title files can now be markdown.
- The GUI did not support EPUB output.
- Empty markdown table cells were not rendered in PDF or PostScript output.
- The automatically-generated title page now supports both "docnumber" and
"version" metadata.
- Added support for dc:subject and dc:language metadata in EPUB output from the
HTML keywords and lang values.
- Added support for the subject and language metadata in markdown input.
- Fixed a buffer underflow bug (Issue #338)
- `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339)
- Fixed an issue with HTML title pages and EPUB output.
- Inline fixed-width text is no longer reduced in size automatically
- Optimized initialization of font width data (Issue #334)
- Fixed formatting bugs with aligned images (Issue #322, Issue #324)
- Fixed support for three digit "#RGB" color values (Issue #323)
- Fixed character set support for markdown metadata.
- Updated libpng to v1.6.34 (Issue #326)
- The makefiles did not use the CPPFLAGS value (Issue #328)
- Added Markdown table support.
- Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files.
-------------------------------------------------------------------
Mon Dec 4 08:06:31 UTC 2017 - mpluskal@suse.com
- Update to new version 1.9.1:
* Fixed monospace font size issue
* Added support for reproducible builds
* Added limited support for the HTML 4.0 SPAN element
* Added (extremely limited) UTF-8 support for input files
* Fixed buffer underflow for (invalid) short HTML comments
* Now indent PRE text, by popular request.
* EPUB output now makes sure that <element property> is written
as <element property="property">.
* Now support both NAME and ID for table-of-contents targets.
* Added support for repeating a single header row for tables that
span multiple pages
* Added support for embedding the current filename/URL in the
header or footer
* Added EPUB support
* Added Markdown support
* Fixed a regression in header/footer image scaling
* Documentation updates
* Compiler fixes
* Fixed a bug when running HTMLDOC as a macOS application.
* Updated the bundled libpng to v1.6.29.
* And many more
- Drop upstreamed htmldoc-cups_rand.patch and no longer needed
htmldoc-docpath.diff
- Lots of spec file cleaning
- Use gnutls/gcrypt for crypto support as openssl support is gone
-------------------------------------------------------------------
Sat Mar 11 01:18:13 UTC 2017 - sfalken@opensuse.org
- Edited %files to clear unpackaged files builderror in
openSUSE:Factory
-------------------------------------------------------------------
Mon May 2 17:46:20 UTC 2016 - mpluskal@suse.com
- Cleanup spec file with spec-cleaner
- Use macro for configure
-------------------------------------------------------------------
Wed Feb 25 19:49:30 UTC 2015 - benoit.monin@gmx.fr
- update to version 1.8.28:
* Updated default PDF version to 1.4.
* SECURITY: Fixed three buffer overflow issues when reading AFM
files and parsing page sizes.
* Fixed incompatibility with Fortify's version of strcpy, which
does not work properly with variable-length arrays (STR #235)
* Fixed compilation against PNG library 1.5 or later (STR #243)
* Fixed documentation errors (PR #6593, PR #6595)
* Marked Zapf-Dingbats as a standard font (STR #198)
* Fixed GPL license text in GUI (STR #222)
* Fixed a table formatting problem when a column has multiple
colspan values (PR #6709)
* Fixed parsing of HTML comments (STR #181)
* Fixed potential out-of-bounds read in table-of-contents
rendering code (STR #183)
* Fixed handling of image URLs with ampersands in them (STR #186)
* Fixed top/bottom margins for logo and header/footer images
(STR #174)
* Fixed image alignment bug (Bug #231)
* Fixed X11 build problem (Bug #243)
- add source url
- drop the following patches after upstream fix:
* htmldoc_CVE-2009-3050_535943.diff
* htmldoc-fortify.diff
* htmldoc-libpng15.diff
* htmldoc-link-x11.patch
- refresh patch htmldoc-docpath.diff
- add patch htmldoc-cups_rand.patch to work around a build error
(upstream bug #510)
- remove now unused --with-fltk configure options
- set datadir for make install
- do not package doc/ source directory: documentation is already
provided by htmldoc.pdf
- remove COMPILE.txt from doc: useless in a rpm
- add -q to %setup to avoid spamming the build log
-------------------------------------------------------------------
Fri Apr 19 22:57:21 UTC 2013 - dimstar@opensuse.org
- Add htmldoc-link-x11.patch: link the GUI app against libX11.
-------------------------------------------------------------------
Tue Sep 4 14:51:24 UTC 2012 - pgajdos@suse.com
- builds also against libpng15
* libpng15.patch
-------------------------------------------------------------------
Tue Dec 20 20:49:25 UTC 2011 - coolo@suse.com
- add autoconf as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Tue Dec 20 20:34:26 UTC 2011 - coolo@suse.com
- remove call to suse_update_config (very old work around)
-------------------------------------------------------------------
Mon Feb 15 11:18:57 CET 2010 - rguenther@suse.de
- Fix stricter fortification fallout with GCC 4.5.
-------------------------------------------------------------------
Fri Dec 11 15:27:38 CET 2009 - lmuelle@suse.de
- Fix buffer overflow in the set_page_size function; CVE-2009-3050;
(bnc#535943).
-------------------------------------------------------------------
Thu Aug 3 12:57:27 CEST 2006 - lmuelle@suse.de
- Update to version 1.8.27.
+ Fixed a crash bug that appeared when more than 10 blank
pages were present in a document (PR #6223)
+ Color changes were not reflected in PRE text (STR #129)
+ Remote URLs did not always work on older operating
systems (PR #6179)
+ Image filenames using % escapes were not decoded
properly.
+ Rows using BGCOLOR that spanned across multiple pages
did not render properly (PR #6149)
+ Rows no longer start on a new page due to a cell with
both HEIGHT and ROWSPAN specified (PR #6086)
+ CMYK JPEG images caused HTMLDOC to crash (PR #6106)
+ Table cell width calculations didn't always account for
the proper minimum width (STR #121)
+ Images were not copied when generating indexed HTML
output to a directory (STR #117)
+ Changing the bottom margin resulted in text that was
formatted below the bottom margin.
+ The Monospace-Oblique font was not embedded properly in
PDF files.
+ Outline and keyword strings in PDF files are now stored
as Unicode (STR #113)
+ The Flate compression code could get in an infinite
loop if it ran out of memory (STR #101)
+ Book files saved from the GUI did not handle filenames
with spaces (STR #105)
+ Fixed and re-enabled the ASCII85Device filter support
in PostScript Level 2/3 output (STR #116)
+ Character entities in the first word of a file were not
rendered properly (STR #111)
+ Fixed-size table columns were incorrectly resized when
a table width was also specified and there was extra
space to distribute (PR #6062)
+ Text could "walk" up or down when in-line images were
used (PR #6034)
+ Row backgrounds incorrectly replaced cell backgrounds
when the first cell in a row used ROWSPAN (PR #6033, PR
#6036)
+ HTMLDOC did not correctly parse FONT FACE attributes
(PR #6006)
+ Images in Level 2/3 PostScript output did not work on
some printers (PR #6000)
+ The GUI did not use the first page header (PR #5978)
-------------------------------------------------------------------
Wed Jan 25 21:36:30 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Nov 22 14:29:31 CET 2005 - lmuelle@suse.de
- Update to version 1.8.25.
-------------------------------------------------------------------
Wed Dec 8 16:55:18 CET 2004 - lmuelle@suse.de
- Update to version 1.8.24; [#43261].
-------------------------------------------------------------------
Mon May 17 15:49:27 CEST 2004 - lmuelle@suse.de
- Add -fno-strict-aliasing to CFLAGS.
-------------------------------------------------------------------
Mon Mar 22 00:49:15 CET 2004 - ro@suse.de
- removed .orig file
-------------------------------------------------------------------
Sat Jan 10 15:41:17 CET 2004 - adrian@suse.de
- add %defattr
-------------------------------------------------------------------
Mon Feb 24 17:10:51 CET 2003 - gd@suse.de
- update to version 1.8.23
-------------------------------------------------------------------
Fri Aug 16 15:05:06 CEST 2002 - ro@suse.de
- removed empty post/postun scripts (#17875) (again)
-------------------------------------------------------------------
Fri Aug 16 15:00:27 CEST 2002 - gd@suse.de
- update to version 1.8.21
-------------------------------------------------------------------
Tue Aug 13 00:37:08 CEST 2002 - ro@suse.de
- fix compilation with new fltk
-------------------------------------------------------------------
Thu Jul 4 15:14:41 CEST 2002 - gd@suse.de
- update to version 1.8.20
- added diff to correct DOCDIR-path and missing fonts
- cleanups (%files, %{_mandir})
-------------------------------------------------------------------
Tue Feb 5 06:54:21 CET 2002 - gd@suse.de
- added libpng to neededforbuild
-------------------------------------------------------------------
Mon Feb 4 21:50:35 CET 2002 - gd@suse.de
- update to version 1.8.18
- the gui finally compiles with fltk-1.1.0b10
- added libjpeg to neededforbuild
-------------------------------------------------------------------
Thu Dec 6 22:31:08 CET 2001 - schwab@suse.de
- Fix fltk configuration.
-------------------------------------------------------------------
Wed Dec 6 15:51:00 CET 2001 - gd@suse.de
- fixed buildroot again
-------------------------------------------------------------------
Thu Dec 6 01:11:07 CET 2001 - ro@suse.de
- fixed format of changes file (again)
-------------------------------------------------------------------
Wed Dec 4 12:00:00 CET 2001 - gd@suse.de
- added FLTKCONFIG-path
- fixed neededforbuild
- fixed buildroot
-------------------------------------------------------------------
Mon Dec 3 01:08:46 CET 2001 - gd@suse.de
- fixed needeforbuild
-----------------------------------------------------------
Mon Nov 26 12:00:00 CET 2001 - gd@suse.de
- update to 1.8.16
-----------------------------------------------------------
Sat Oct 6 12:00:00 CET 2001 - gd@suse.de
- start
View Git Blame Copy Permalink