[packages/htmldoc] - rel 12; fixes from fc that prevent crashing
arekm
arekm at pld-linux.org
Thu Nov 7 22:42:58 CET 2013
commit 2db4bc04030b731b70223414cf4885cef9065e5a
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Nov 7 22:42:56 2013 +0100
- rel 12; fixes from fc that prevent crashing
htmldoc-1.8.27-fortify-fail.patch | 21 ++++++++++++++++++++
htmldoc-1.8.27-scanf-overflows.patch | 38 ++++++++++++++++++++++++++++++++++++
htmldoc.spec | 6 +++++-
3 files changed, 64 insertions(+), 1 deletion(-)
---
diff --git a/htmldoc.spec b/htmldoc.spec
index fc133b5..fc6a428 100644
--- a/htmldoc.spec
+++ b/htmldoc.spec
@@ -6,12 +6,14 @@ Summary: HTML processing program
Summary(pl.UTF-8): Program przetwarzający HTML
Name: htmldoc
Version: 1.8.27
-Release: 11
+Release: 12
License: GPL v2 with OpenSSL exception
Group: Applications/Publishing
Source0: ftp://ftp.easysw.com/pub/htmldoc/%{version}/%{name}-%{version}-source.tar.bz2
# Source0-md5: 35589e7b8fe9c54e11be87cd5aec4dcc
Patch0: %{name}-libpng15.patch
+Patch1: htmldoc-1.8.27-fortify-fail.patch
+Patch2: htmldoc-1.8.27-scanf-overflows.patch
URL: http://www.htmldoc.org/
%{?with_gui:BuildRequires: xorg-lib-libXpm-devel}
BuildRequires: autoconf
@@ -34,6 +36,8 @@ PDF ze spisem treści.
%prep
%setup -q
%patch0 -p0
+%patch1 -p1
+%patch2 -p1
%build
%configure \
diff --git a/htmldoc-1.8.27-fortify-fail.patch b/htmldoc-1.8.27-fortify-fail.patch
new file mode 100644
index 0000000..32ec887
--- /dev/null
+++ b/htmldoc-1.8.27-fortify-fail.patch
@@ -0,0 +1,21 @@
+diff -ur htmldoc-1.8.27~/htmldoc/ps-pdf.cxx htmldoc-1.8.27/htmldoc/ps-pdf.cxx
+--- htmldoc-1.8.27~/htmldoc/ps-pdf.cxx 2009-08-13 19:32:21.846860508 -0400
++++ htmldoc-1.8.27/htmldoc/ps-pdf.cxx 2009-08-13 19:40:29.185857503 -0400
+@@ -8619,7 +8619,7 @@
+ return (NULL);
+ }
+ // Safe because buffer is allocated...
+- strcpy((char *)r->data.text.buffer, (char *)data);
++ memcpy((char *)r->data.text.buffer, (char *)data, strlen((char *)data));
+ get_color(_htmlTextColor, r->data.text.rgb);
+ break;
+ case RENDER_IMAGE :
+@@ -8640,7 +8640,7 @@
+ return (NULL);
+ }
+ // Safe because buffer is allocated...
+- strcpy((char *)r->data.link, (char *)data);
++ memcpy((char *)r->data.link, (char *)data, strlen((char *)data));
+ break;
+ }
+
diff --git a/htmldoc-1.8.27-scanf-overflows.patch b/htmldoc-1.8.27-scanf-overflows.patch
new file mode 100644
index 0000000..f4b6591
--- /dev/null
+++ b/htmldoc-1.8.27-scanf-overflows.patch
@@ -0,0 +1,38 @@
+diff -ur htmldoc-1.8.27~/htmldoc/htmllib.cxx htmldoc-1.8.27/htmldoc/htmllib.cxx
+--- htmldoc-1.8.27~/htmldoc/htmllib.cxx 2009-08-13 19:25:30.066734472 -0400
++++ htmldoc-1.8.27/htmldoc/htmllib.cxx 2009-08-13 19:25:38.997733603 -0400
+@@ -2154,7 +2154,7 @@
+ * assigned charset...
+ */
+
+- if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%s", &width, glyph) != 2)
++ if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%63s", &width, glyph) != 2)
+ continue;
+
+ for (ch = 0; ch < 256; ch ++)
+Only in htmldoc-1.8.27/htmldoc: htmllib.cxx.orig
+diff -ur htmldoc-1.8.27~/htmldoc/ps-pdf.cxx htmldoc-1.8.27/htmldoc/ps-pdf.cxx
+--- htmldoc-1.8.27~/htmldoc/ps-pdf.cxx 2009-08-13 19:25:30.076736152 -0400
++++ htmldoc-1.8.27/htmldoc/ps-pdf.cxx 2009-08-13 19:25:39.010735889 -0400
+@@ -12515,7 +12515,7 @@
+ * assigned charset...
+ */
+
+- if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%s", &width, glyph) != 2)
++ if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%63s", &width, glyph) != 2)
+ continue;
+
+ for (ch = 0; ch < 256; ch ++)
+Only in htmldoc-1.8.27/htmldoc: ps-pdf.cxx.orig
+diff -ur htmldoc-1.8.27~/htmldoc/util.cxx htmldoc-1.8.27/htmldoc/util.cxx
+--- htmldoc-1.8.27~/htmldoc/util.cxx 2005-04-24 15:20:32.000000000 -0400
++++ htmldoc-1.8.27/htmldoc/util.cxx 2009-08-13 19:25:39.014737749 -0400
+@@ -484,7 +484,7 @@
+ PageWidth = 595;
+ PageLength = 792;
+ }
+- else if (sscanf(size, "%fx%f%s", &width, &length, units) >= 2)
++ else if (sscanf(size, "%fx%f%254s", &width, &length, units) >= 2)
+ {
+ /*
+ * Custom size...
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/htmldoc.git/commitdiff/2db4bc04030b731b70223414cf4885cef9065e5a
More information about the pld-cvs-commit
mailing list