Resolves: RHEL-58045, update doxygen to 1.12.0

2024-09-09 15:03:39 +02:00 · 2024-09-09 15:03:39 +02:00 · aff00ce63c
commit aff00ce63c
parent 3df9481601
4 changed files with 7 additions and 42 deletions
--- a/.gitignore
+++ b/.gitignore
@ -63,3 +63,4 @@ doxygen-1.7.1.src.tar.gz
 /doxygen-1.9.8.src.tar.gz
 /doxygen-1.10.0.src.tar.gz
 /doxygen-1.11.0.src.tar.gz
+/doxygen-1.12.0.src.tar.gz
--- a/doxygen-1.11.0-buffer-overflow.patch
+++ b/doxygen-1.11.0-buffer-overflow.patch
@ -1,38 +0,0 @@
-commit 28b51a7f199d003b309e9dab52457759d5fd7691
-Author: Jakub Klinkovský <1289205+lahwaacz@users.noreply.github.com>
-Date:   Thu May 23 21:05:56 2024 +0200
-
-    Fix buffer overflow in Markdown parser
-    
-    This fixes a buffer overflow that happened when parsing a bad Markdown
-    file with an unclosed emphasis nested in other elements, such as
-    
-    ```markdown
-    > __af_err af_flip(af_array *out, const af_array in, const unsigned dim)__
-    ```
-    
-    This snippet comes from the ArrayFire repository [1]. The problem was
-    found after the refactoring [2] that introduced std::string_view in the
-    code. The `std::string_view::operator[]` has bounds checking enabled
-    when the macro `_GLIBCXX_ASSERTIONS` is defined, which is the case of
-    Arch Linux build system.
-    
-    [1] https://github.com/arrayfire/arrayfire/blob/0a25d36238aa1eee3b775d3584937ca65b0a1807/docs/pages/matrix_manipulation.md
-    [2] https://github.com/doxygen/doxygen/commit/f4e37514325abe4aa6aeecbc96e9e3e027885aef
-
-diff --git a/src/markdown.cpp b/src/markdown.cpp
-index 10429edd5..df00900b0 100644
--- a/src/markdown.cpp
-+++ b/src/markdown.cpp
-@@ -661,6 +661,11 @@ size_t Markdown::Private::findEmphasisChar(std::string_view data, char c, size_t
-                      data[i]!='\\' && data[i]!='@' &&
-                      !(data[i]=='/' && data[i-1]=='<') && // html end tag also ends emphasis
-                      data[i]!='\n') i++;
-+    // avoid overflow (unclosed emph token)
-+    if (i==size)
-+    {
-+      return 0;
-+    }
-     //printf("findEmphasisChar: data=[%s] i=%d c=%c\n",data,i,data[i]);
- 
-     // not counting escaped chars or characters that are unlikely
--- a/doxygen.spec
+++ b/doxygen.spec
@ -11,8 +11,8 @@
 Summary: A documentation system for C/C++
 Name:    doxygen
 Epoch:   2
-Version: 1.11.0
-Release: 2%{?dist}
+Version: 1.12.0
+Release: 1%{?dist}
 # No version is specified.
 License: GPL-1.0-or-later
 Url: https://github.com/doxygen
@ -23,7 +23,6 @@ Source1: doxywizard.desktop
 Source2: doxywizard-icons.tar.xz

 # upstream patches
-Patch100: doxygen-1.11.0-buffer-overflow.patch

 BuildRequires: %{_bindir}/python3
 BuildRequires: perl-interpreter, perl-open
@ -298,6 +297,9 @@ rm -rf %{buildroot}/%{_docdir}/packages
 %endif

 %changelog
+* Mon Sep 09 2024 Than Ngo <than@redhat.com> - 2:1.12.0-1
+- Resolves: RHEL-58045, update doxygen to 1.12.0
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2:1.11.0-2
 - Bump release for June 2024 mass rebuild

--- a/2
+++ b/2
@ -1,2 +1,2 @@
 SHA512 (doxywizard-icons.tar.xz) = 865a86d7535e64ad92e36ba1f901d51cd6b603e762e5c68761a45bc1f965a36e6a6c8d29468ecb2ec799f0add2347537723832aff6660c76af453f80a0a370ad
-SHA512 (doxygen-1.11.0.src.tar.gz) = 54f4a15e459d1d9cc3b4f021b5264191146bd8e0e780b57c4c31f4f9dcbfc7fe7a9db58e8cda4c6df1b4b354dd432dac0b3089fd547afe7cbe313771b2c6aaa4
+SHA512 (doxygen-1.12.0.src.tar.gz) = e407e29c5e232e1f8dca291dd2d00b1dd400be709400225339408fad2cd758563b69f290cbd7c0efeb76b1335c4672fb1d6d580b9e6ed570708cf9b7d78951b1