rpms/htmldoc/devel htmldoc-1.8.27-scanf-overflows.patch, NONE, 1.1 htmldoc.spec, 1.15, 1.16

Thu Aug 13 23:31:19 UTC 2009

Author: agoode

Update of /cvs/extras/rpms/htmldoc/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13043

Modified Files:
	htmldoc.spec 
Added Files:
	htmldoc-1.8.27-scanf-overflows.patch 
Log Message:
Add scanf overflows patch

htmldoc-1.8.27-scanf-overflows.patch:
 htmllib.cxx      |    2 +-
 htmllib.cxx.orig |only
 ps-pdf.cxx       |    2 +-
 ps-pdf.cxx.orig  |only
 util.cxx         |    2 +-
 5 files changed, 3 insertions(+), 3 deletions(-)

--- NEW FILE htmldoc-1.8.27-scanf-overflows.patch ---
diff -ur htmldoc-1.8.27~/htmldoc/htmllib.cxx htmldoc-1.8.27/htmldoc/htmllib.cxx
--- htmldoc-1.8.27~/htmldoc/htmllib.cxx	2009-08-13 19:25:30.066734472 -0400
+++ htmldoc-1.8.27/htmldoc/htmllib.cxx	2009-08-13 19:25:38.997733603 -0400
@@ -2154,7 +2154,7 @@
 	  * assigned charset...
 	  */
 
-          if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%s", &width, glyph) != 2)
+          if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%63s", &width, glyph) != 2)
 	    continue;
 
           for (ch = 0; ch < 256; ch ++)
Only in htmldoc-1.8.27/htmldoc: htmllib.cxx.orig
diff -ur htmldoc-1.8.27~/htmldoc/ps-pdf.cxx htmldoc-1.8.27/htmldoc/ps-pdf.cxx
--- htmldoc-1.8.27~/htmldoc/ps-pdf.cxx	2009-08-13 19:25:30.076736152 -0400
+++ htmldoc-1.8.27/htmldoc/ps-pdf.cxx	2009-08-13 19:25:39.010735889 -0400
@@ -12515,7 +12515,7 @@
 	  * assigned charset...
 	  */
 
-	  if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%s", &width, glyph) != 2)
+	  if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%63s", &width, glyph) != 2)
 	    continue;
 
 	  for (ch = 0; ch < 256; ch ++)
Only in htmldoc-1.8.27/htmldoc: ps-pdf.cxx.orig
diff -ur htmldoc-1.8.27~/htmldoc/util.cxx htmldoc-1.8.27/htmldoc/util.cxx
--- htmldoc-1.8.27~/htmldoc/util.cxx	2005-04-24 15:20:32.000000000 -0400
+++ htmldoc-1.8.27/htmldoc/util.cxx	2009-08-13 19:25:39.014737749 -0400
@@ -484,7 +484,7 @@
     PageWidth  = 595;
     PageLength = 792;
   }
-  else if (sscanf(size, "%fx%f%s", &width, &length, units) >= 2)
+  else if (sscanf(size, "%fx%f%254s", &width, &length, units) >= 2)
   {
    /*
     * Custom size...


Index: htmldoc.spec
===================================================================
RCS file: /cvs/extras/rpms/htmldoc/devel/htmldoc.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -p -r1.15 -r1.16
--- htmldoc.spec	25 Jul 2009 02:15:45 -0000	1.15
+++ htmldoc.spec	13 Aug 2009 23:31:18 -0000	1.16
@@ -1,6 +1,6 @@
 Name:		htmldoc
 Version:	1.8.27
-Release:	11%{?dist}
+Release:	12%{?dist}
 Summary:	Converter from HTML into indexed HTML, PostScript, or PDF
 
 Group:		Applications/Publishing
@@ -15,6 +15,7 @@ Source:		http://ftp.easysw.com/pub/%{nam
 Patch0:		htmldoc-1.8.27-desktop-icon.patch
 Patch1:		htmldoc-1.8.27-dingbats-standard.patch
 Patch2:		htmldoc-1.8.27-system-fonts.patch
+Patch3:		htmldoc-1.8.27-scanf-overflows.patch
 
 BuildRequires:	openssl-devel libjpeg-devel libpng-devel zlib-devel
 BuildRequires:	fltk-devel libXpm-devel desktop-file-utils
@@ -95,6 +96,10 @@ ln -s %{_fontbasedir}/dejavu/DejaVuSerif
 ln -s %{_fontbasedir}/dejavu/DejaVuSerif-Bold.ttf
 ln -s %{_fontbasedir}/dejavu/DejaVuSerif-Italic.ttf
 ln -s %{_fontbasedir}/dejavu/DejaVuSerif.ttf
+cd ..
+
+# fix some scanf overflows (http://www.htmldoc.org/str.php?L214)
+%patch3 -p1 -b .scanf-overflows
 
 
 %build
@@ -173,6 +178,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Tue Aug  4 2009 Adam Goode <adam at spicenitz.org> - 1.8.27-12
+- Fix scanf overflows (#512513)
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.27-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 


