diff --git a/.gitignore b/.gitignore index 6bc59c7..e3cca27 100644 --- a/.gitignore +++ b/.gitignore @@ -63,3 +63,4 @@ doxygen-1.7.1.src.tar.gz /doxygen-1.9.8.src.tar.gz /doxygen-1.10.0.src.tar.gz /doxygen-1.11.0.src.tar.gz +/doxygen-1.12.0.src.tar.gz diff --git a/doxygen-1.11.0-buffer-overflow.patch b/doxygen-1.11.0-buffer-overflow.patch deleted file mode 100644 index ab2546c..0000000 --- a/doxygen-1.11.0-buffer-overflow.patch +++ /dev/null @@ -1,38 +0,0 @@ -commit 28b51a7f199d003b309e9dab52457759d5fd7691 -Author: Jakub Klinkovský <1289205+lahwaacz@users.noreply.github.com> -Date: Thu May 23 21:05:56 2024 +0200 - - Fix buffer overflow in Markdown parser - - This fixes a buffer overflow that happened when parsing a bad Markdown - file with an unclosed emphasis nested in other elements, such as - - ```markdown - > __af_err af_flip(af_array *out, const af_array in, const unsigned dim)__ - ``` - - This snippet comes from the ArrayFire repository [1]. The problem was - found after the refactoring [2] that introduced std::string_view in the - code. The `std::string_view::operator[]` has bounds checking enabled - when the macro `_GLIBCXX_ASSERTIONS` is defined, which is the case of - Arch Linux build system. - - [1] https://github.com/arrayfire/arrayfire/blob/0a25d36238aa1eee3b775d3584937ca65b0a1807/docs/pages/matrix_manipulation.md - [2] https://github.com/doxygen/doxygen/commit/f4e37514325abe4aa6aeecbc96e9e3e027885aef - -diff --git a/src/markdown.cpp b/src/markdown.cpp -index 10429edd5..df00900b0 100644 ---- a/src/markdown.cpp -+++ b/src/markdown.cpp -@@ -661,6 +661,11 @@ size_t Markdown::Private::findEmphasisChar(std::string_view data, char c, size_t - data[i]!='\\' && data[i]!='@' && - !(data[i]=='/' && data[i-1]=='<') && // html end tag also ends emphasis - data[i]!='\n') i++; -+ // avoid overflow (unclosed emph token) -+ if (i==size) -+ { -+ return 0; -+ } - //printf("findEmphasisChar: data=[%s] i=%d c=%c\n",data,i,data[i]); - - // not counting escaped chars or characters that are unlikely diff --git a/doxygen.spec b/doxygen.spec index 713cf54..9abd40b 100644 --- a/doxygen.spec +++ b/doxygen.spec @@ -11,8 +11,8 @@ Summary: A documentation system for C/C++ Name: doxygen Epoch: 2 -Version: 1.11.0 -Release: 2%{?dist} +Version: 1.12.0 +Release: 1%{?dist} # No version is specified. License: GPL-1.0-or-later Url: https://github.com/doxygen @@ -23,7 +23,6 @@ Source1: doxywizard.desktop Source2: doxywizard-icons.tar.xz # upstream patches -Patch100: doxygen-1.11.0-buffer-overflow.patch BuildRequires: %{_bindir}/python3 BuildRequires: perl-interpreter, perl-open @@ -298,6 +297,9 @@ rm -rf %{buildroot}/%{_docdir}/packages %endif %changelog +* Mon Sep 09 2024 Than Ngo - 2:1.12.0-1 +- Resolves: RHEL-58045, update doxygen to 1.12.0 + * Mon Jun 24 2024 Troy Dawson - 2:1.11.0-2 - Bump release for June 2024 mass rebuild diff --git a/sources b/sources index fdb9fb4..b656c32 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (doxywizard-icons.tar.xz) = 865a86d7535e64ad92e36ba1f901d51cd6b603e762e5c68761a45bc1f965a36e6a6c8d29468ecb2ec799f0add2347537723832aff6660c76af453f80a0a370ad -SHA512 (doxygen-1.11.0.src.tar.gz) = 54f4a15e459d1d9cc3b4f021b5264191146bd8e0e780b57c4c31f4f9dcbfc7fe7a9db58e8cda4c6df1b4b354dd432dac0b3089fd547afe7cbe313771b2c6aaa4 +SHA512 (doxygen-1.12.0.src.tar.gz) = e407e29c5e232e1f8dca291dd2d00b1dd400be709400225339408fad2cd758563b69f290cbd7c0efeb76b1335c4672fb1d6d580b9e6ed570708cf9b7d78951b1