Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package htmldoc for openSUSE:Factory checked in at 2021-11-06 18:15:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/htmldoc (Old) and /work/SRC/openSUSE:Factory/.htmldoc.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "htmldoc" Sat Nov 6 18:15:37 2021 rev:27 rq:929621 version:1.9.12 Changes: -------- --- /work/SRC/openSUSE:Factory/htmldoc/htmldoc.changes 2021-06-05 23:31:06.624393970 +0200 +++ /work/SRC/openSUSE:Factory/.htmldoc.new.1890/htmldoc.changes 2021-11-06 18:17:58.476882804 +0100 @@ -1,0 +2,8 @@ +Fri Nov 5 08:29:27 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image + + htmldoc-CVE-2021-40985.patch + +------------------------------------------------------------------- New: ---- htmldoc-CVE-2021-40985.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ htmldoc.spec ++++++ --- /var/tmp/diff_new_pack.IjdXEn/_old 2021-11-06 18:17:58.972883060 +0100 +++ /var/tmp/diff_new_pack.IjdXEn/_new 2021-11-06 18:17:58.972883060 +0100 @@ -24,6 +24,8 @@ Group: Productivity/Publishing/HTML/Tools URL: https://michaelrsweet.github.io/htmldoc/index.html Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz +# CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image +Patch0: htmldoc-CVE-2021-40985.patch BuildRequires: fltk-devel BuildRequires: gcc-c++ BuildRequires: hicolor-icon-theme @@ -41,6 +43,7 @@ %prep %setup -q +%patch0 -p1 %build %configure \ ++++++ htmldoc-CVE-2021-40985.patch ++++++ diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx index 337c0cc5..d44d1ba3 100644 --- a/htmldoc/image.cxx +++ b/htmldoc/image.cxx @@ -915,6 +915,9 @@ image_load_bmp(image_t *img, /* I - Image to load into */ colors_used = (int)read_dword(fp); read_dword(fp); + if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192) + return (-1); + if (info_size > 40) for (info_size -= 40; info_size > 0; info_size --) getc(fp); @@ -926,7 +929,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */ fread(colormap, (size_t)colors_used, 4, fp); // Setup image and buffers... - img->depth = gray ? 1 : 3; + img->depth = gray ? 1 : 3; // If this image is indexed and we are writing an encrypted PDF file, bump the use count so // we create an image object (Acrobat 6 bug workaround) @@ -1076,7 +1079,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */ if (bit == 0xf0) { if (color < 0) - temp = getc(fp); + temp = getc(fp) & 255; else temp = color;
