rpms/doxygen
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-58045, update doxygen to 1.12.0

Browse Source
This commit is contained in:
Than Ngo 2024-09-09 15:03:39 +02:00
parent 3df9481601
commit aff00ce63c
4 changed files with 7 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -63,3 +63,4 @@ doxygen-1.7.1.src.tar.gz
/doxygen-1.9.8.src.tar.gz /doxygen-1.9.8.src.tar.gz
/doxygen-1.10.0.src.tar.gz /doxygen-1.10.0.src.tar.gz
/doxygen-1.11.0.src.tar.gz /doxygen-1.11.0.src.tar.gz
/doxygen-1.12.0.src.tar.gz

38
doxygen-1.11.0-buffer-overflow.patch
View File

@ -1,38 +0,0 @@
commit 28b51a7f199d003b309e9dab52457759d5fd7691
Author: Jakub Klinkovský <1289205+lahwaacz@users.noreply.github.com>
Date: Thu May 23 21:05:56 2024 +0200
Fix buffer overflow in Markdown parser
This fixes a buffer overflow that happened when parsing a bad Markdown
file with an unclosed emphasis nested in other elements, such as
```markdown
> __af_err af_flip(af_array *out, const af_array in, const unsigned dim)__
```
This snippet comes from the ArrayFire repository [1]. The problem was
found after the refactoring [2] that introduced std::string_view in the
code. The `std::string_view::operator[]` has bounds checking enabled
when the macro `_GLIBCXX_ASSERTIONS` is defined, which is the case of
Arch Linux build system.
[1] https://github.com/arrayfire/arrayfire/blob/0a25d36238aa1eee3b775d3584937ca65b0a1807/docs/pages/matrix_manipulation.md
[2] https://github.com/doxygen/doxygen/commit/f4e37514325abe4aa6aeecbc96e9e3e027885aef
diff --git a/src/markdown.cpp b/src/markdown.cpp
index 10429edd5..df00900b0 100644
--- a/src/markdown.cpp
+++ b/src/markdown.cpp
@@ -661,6 +661,11 @@ size_t Markdown::Private::findEmphasisChar(std::string_view data, char c, size_t
data[i]!='\\' && data[i]!='@' &&
!(data[i]=='/' && data[i-1]=='<') && // html end tag also ends emphasis
data[i]!='\n') i++;
+ // avoid overflow (unclosed emph token)
+ if (i==size)
+ {
+ return 0;
+ }
//printf("findEmphasisChar: data=[%s] i=%d c=%c\n",data,i,data[i]);
// not counting escaped chars or characters that are unlikely

8
doxygen.spec
View File

@ -11,8 +11,8 @@
Summary: A documentation system for C/C++ Summary: A documentation system for C/C++
Name: doxygen Name: doxygen
Epoch: 2 Epoch: 2
Version: 1.11.0 Version: 1.12.0
Release: 2%{?dist} Release: 1%{?dist}
# No version is specified. # No version is specified.
License: GPL-1.0-or-later License: GPL-1.0-or-later
Url: https://github.com/doxygen Url: https://github.com/doxygen
@ -23,7 +23,6 @@ Source1: doxywizard.desktop
Source2: doxywizard-icons.tar.xz Source2: doxywizard-icons.tar.xz
# upstream patches # upstream patches
Patch100: doxygen-1.11.0-buffer-overflow.patch
BuildRequires: %{_bindir}/python3 BuildRequires: %{_bindir}/python3
BuildRequires: perl-interpreter, perl-open BuildRequires: perl-interpreter, perl-open
@ -298,6 +297,9 @@ rm -rf %{buildroot}/%{_docdir}/packages
%endif %endif
%changelog %changelog
* Mon Sep 09 2024 Than Ngo <than@redhat.com> - 2:1.12.0-1
- Resolves: RHEL-58045, update doxygen to 1.12.0
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2:1.11.0-2 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2:1.11.0-2
- Bump release for June 2024 mass rebuild - Bump release for June 2024 mass rebuild

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (doxywizard-icons.tar.xz) = 865a86d7535e64ad92e36ba1f901d51cd6b603e762e5c68761a45bc1f965a36e6a6c8d29468ecb2ec799f0add2347537723832aff6660c76af453f80a0a370ad SHA512 (doxywizard-icons.tar.xz) = 865a86d7535e64ad92e36ba1f901d51cd6b603e762e5c68761a45bc1f965a36e6a6c8d29468ecb2ec799f0add2347537723832aff6660c76af453f80a0a370ad
SHA512 (doxygen-1.11.0.src.tar.gz) = 54f4a15e459d1d9cc3b4f021b5264191146bd8e0e780b57c4c31f4f9dcbfc7fe7a9db58e8cda4c6df1b4b354dd432dac0b3089fd547afe7cbe313771b2c6aaa4 SHA512 (doxygen-1.12.0.src.tar.gz) = e407e29c5e232e1f8dca291dd2d00b1dd400be709400225339408fad2cd758563b69f290cbd7c0efeb76b1335c4672fb1d6d580b9e6ed570708cf9b7d78951b1