On 19.03.2016 17:57, Julien Cristau wrote: > Yes please. Here is the current debdiff.
Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de
diff -Nru php-dompdf-0.6.1+dfsg/debian/changelog php-dompdf-0.6.1+dfsg/debian/changelog --- php-dompdf-0.6.1+dfsg/debian/changelog 2014-04-23 21:24:29.000000000 +0200 +++ php-dompdf-0.6.1+dfsg/debian/changelog 2016-03-19 18:42:01.000000000 +0100 @@ -1,3 +1,17 @@ +php-dompdf (0.6.1+dfsg-2+deb8u1) stable-proposed-updates; urgency=medium + + * Non-maintainer upload. + * [22610bd] Add 0.6.2 hotfix patch (Closes: #813849) + + Fixes CVE: + * CVE-2014-5011 + * CVE-2014-5012 + * CVE-2014-5013 + + This update bundles CVE hotfixes from 0.6.2 upstream release. + + -- Markus Frosch <lazyfro...@debian.org> Sat, 19 Mar 2016 18:40:34 +0100 + php-dompdf (0.6.1+dfsg-2) unstable; urgency=medium * Document security issue fixed in last upstream version, and upload to diff -Nru php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch --- php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch 1970-01-01 01:00:00.000000000 +0100 +++ php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch 2016-03-19 18:36:53.000000000 +0100 @@ -0,0 +1,713 @@ +Description: Hotfix based on 0.6.2 + This patch fixes: + * CVE-2014-2383 + * CVE-2014-5011 + * CVE-2014-5012 + * CVE-2014-5013 + . + The patch bundles code changes from 0.6.2 +Author: Brian Sweeney <bswee...@eclecticgeek.com> +Origin: upstream +Applied-Upstream: 0.6.2 +Reviewed-by: Markus Frosch <lazyfro...@debian.org> +Last-Update: 2016-02-27 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/dompdf.php ++++ b/dompdf.php +@@ -130,6 +130,8 @@ + $sapi = php_sapi_name(); + $options = array(); + ++$dompdf = new DOMPDF(); ++ + switch ( $sapi ) { + + case "cli": +@@ -169,7 +171,7 @@ + if ( $file === "-" ) + $outfile = "dompdf_out.pdf"; + else +- $outfile = str_ireplace(array(".html", ".htm", ".php"), "", $file) . ".pdf"; ++ $outfile = str_ireplace(array(".html", ".htm"), "", $file) . ".pdf"; + } + + if ( isset($opts["v"]) ) +@@ -194,6 +196,8 @@ + + default: + ++ $dompdf->set_option('enable_php', false); ++ + if ( isset($_GET["input_file"]) ) + $file = rawurldecode($_GET["input_file"]); + else +@@ -220,26 +224,12 @@ + + $file_parts = explode_url($file); + +- /* Check to see if the input file is local and, if so, that the base path falls within that specified by DOMDPF_CHROOT */ +- if(($file_parts['protocol'] == '' || $file_parts['protocol'] === 'file://')) { +- $file = realpath($file); +- if ( strpos($file, DOMPDF_CHROOT) !== 0 ) { +- throw new DOMPDF_Exception("Permission denied on $file. The file could not be found under the directory specified by DOMPDF_CHROOT."); +- } +- } +- +- if($file_parts['protocol'] === 'php://') { +- throw new DOMPDF_Exception("Permission denied on $file. This script does not allow PHP streams."); +- } +- + $outfile = "dompdf_out.pdf"; # Don't allow them to set the output file + $save_file = false; # Don't save the file + + break; + } + +-$dompdf = new DOMPDF(); +- + if ( $file === "-" ) { + $str = ""; + while ( !feof(STDIN) ) +--- a/dompdf_config.custom.inc.php ++++ b/dompdf_config.custom.inc.php +@@ -1,6 +1,7 @@ +-<?php ++<?php ++// Please refer to dompdf_config.inc.php for details on each configuration option. ++ + //define("DOMPDF_TEMP_DIR", "/tmp"); +-//define("DOMPDF_CHROOT", DOMPDF_DIR); + //define("DOMPDF_FONT_DIR", DOMPDF_DIR."/lib/fonts/"); + //define("DOMPDF_FONT_CACHE", DOMPDF_DIR."/lib/fonts/"); + //define("DOMPDF_UNICODE_ENABLED", true); +@@ -9,8 +10,6 @@ + //define("DOMPDF_DEFAULT_PAPER_SIZE", "letter"); + //define("DOMPDF_DEFAULT_FONT", "serif"); + //define("DOMPDF_DPI", 72); +-//define("DOMPDF_ENABLE_PHP", true); +-//define("DOMPDF_ENABLE_REMOTE", true); + //define("DOMPDF_ENABLE_CSS_FLOAT", true); + //define("DOMPDF_ENABLE_JAVASCRIPT", false); + //define("DEBUGPNG", true); +@@ -26,6 +25,17 @@ + //define("DOMPDF_ENABLE_HTML5PARSER", true); + //define("DOMPDF_ENABLE_FONTSUBSETTING", true); + +-// DOMPDF authentication ++// Authentication for the dompdf/www + //define("DOMPDF_ADMIN_USERNAME", "user"); +-//define("DOMPDF_ADMIN_PASSWORD", "password"); +\ No newline at end of file ++//define("DOMPDF_ADMIN_PASSWORD", "password"); ++ ++/** ++ * Attention! ++ * The following settings may increase the risk of system exploit. ++ * Do not change these settings without understanding the consequences. ++ * Additional documentation is available on the dompdf wiki at: ++ * https://github.com/dompdf/dompdf/wiki ++ */ ++//define("DOMPDF_CHROOT", DOMPDF_DIR); ++//define("DOMPDF_ENABLE_PHP", false); ++//define("DOMPDF_ENABLE_REMOTE", false); +--- a/include/abstract_renderer.cls.php ++++ b/include/abstract_renderer.cls.php +@@ -100,7 +100,7 @@ + //Therefore read dimension directly from file, instead of creating gd object first. + //$img_w = imagesx($src); $img_h = imagesy($src); + +- list($img_w, $img_h) = dompdf_getimagesize($img); ++ list($img_w, $img_h) = dompdf_getimagesize($img, $this->_dompdf->get_http_context()); + if (!isset($img_w) || $img_w == 0 || !isset($img_h) || $img_h == 0) { + return; + } +--- a/include/cpdf_adapter.cls.php ++++ b/include/cpdf_adapter.cls.php +@@ -604,7 +604,7 @@ + } + + function image($img, $x, $y, $w, $h, $resolution = "normal") { +- list($width, $height, $type) = dompdf_getimagesize($img); ++ list($width, $height, $type) = dompdf_getimagesize($img, $this->_dompdf->get_http_context()); + + $debug_png = $this->_dompdf->get_option("debug_png"); + +--- a/include/dompdf.cls.php ++++ b/include/dompdf.cls.php +@@ -184,6 +184,25 @@ + * @var bool + */ + private $_quirksmode = false; ++ ++ /** ++ * Protocol whitelist ++ * ++ * Protocols and PHP wrappers allowed in URLs. Full support is not ++ * guarantee for the protocols/wrappers contained in this array. ++ * ++ * @var array ++ */ ++ private $_allowed_protocols = array(null, "", "file://", "http://";, "https://";); ++ ++ /** ++ * Local file extension whitelist ++ * ++ * File extensions supported by dompdf for local files. ++ * ++ * @var array ++ */ ++ private $_allowed_local_file_extensions = array("htm", "html"); + + /** + * The list of built-in fonts +@@ -474,6 +493,10 @@ + list($this->_protocol, $this->_base_host, $this->_base_path) = explode_url($file); + } + ++ if ( !in_array($this->_protocol, $this->_allowed_protocols) ) { ++ throw new DOMPDF_Exception("Permission denied on $file. The communication protocol is not supported."); ++ } ++ + if ( !$this->get_option("enable_remote") && ($this->_protocol != "" && $this->_protocol !== "file://" ) ) { + throw new DOMPDF_Exception("Remote file requested, but DOMPDF_ENABLE_REMOTE is false."); + } +@@ -482,23 +505,24 @@ + + // Get the full path to $file, returns false if the file doesn't exist + $realfile = realpath($file); +- if ( !$realfile ) { +- throw new DOMPDF_Exception("File '$file' not found."); +- } + + $chroot = $this->get_option("chroot"); + if ( strpos($realfile, $chroot) !== 0 ) { + throw new DOMPDF_Exception("Permission denied on $file. The file could not be found under the directory specified by DOMPDF_CHROOT."); + } +- +- // Exclude dot files (e.g. .htaccess) +- if ( substr(basename($realfile), 0, 1) === "." ) { ++ ++ $ext = pathinfo($realfile, PATHINFO_EXTENSION); ++ if (!in_array($ext, $this->_allowed_local_file_extensions)) { + throw new DOMPDF_Exception("Permission denied on $file."); + } +- ++ ++ if ( !$realfile ) { ++ throw new DOMPDF_Exception("File '$file' not found."); ++ } ++ + $file = $realfile; + } +- ++ + $contents = file_get_contents($file, null, $this->_http_context); + $encoding = null; + +--- a/include/font_metrics.cls.php ++++ b/include/font_metrics.cls.php +@@ -217,10 +217,18 @@ + */ + static function save_font_families() { + // replace the path to the DOMPDF font directories with the corresponding constants (allows for more portability) +- $cache_data = var_export(self::$_font_lookup, true); +- $cache_data = str_replace('\''.DOMPDF_FONT_DIR , 'DOMPDF_FONT_DIR . \'' , $cache_data); +- $cache_data = str_replace('\''.DOMPDF_DIR , 'DOMPDF_DIR . \'' , $cache_data); +- $cache_data = "<"."?php return $cache_data ?".">"; ++ $cache_data = sprintf("<?php return array (%s", PHP_EOL); ++ foreach (self::$_font_lookup as $family => $variants) { ++ $cache_data .= sprintf(" '%s' => array(%s", addslashes($family), PHP_EOL); ++ foreach ($variants as $variant => $path) { ++ $path = sprintf("'%s'", $path); ++ $path = str_replace('\'' . DOMPDF_FONT_DIR , 'DOMPDF_FONT_DIR . \'' , $path); ++ $path = str_replace('\'' . DOMPDF_DIR , 'DOMPDF_DIR . \'' , $path); ++ $cache_data .= sprintf(" '%s' => %s,%s", $variant, $path, PHP_EOL); ++ } ++ $cache_data .= sprintf(" ),%s", PHP_EOL); ++ } ++ $cache_data .= ") ?>"; + file_put_contents(self::CACHE_FILE, $cache_data); + } + +@@ -249,13 +257,18 @@ + return; + } + +- self::$_font_lookup = require_once self::CACHE_FILE; ++ $cache_data = require_once self::CACHE_FILE; + + // If the font family cache is still in the old format + if ( self::$_font_lookup === 1 ) { + $cache_data = file_get_contents(self::CACHE_FILE); + file_put_contents(self::CACHE_FILE, "<"."?php return $cache_data ?".">"); +- self::$_font_lookup = require_once self::CACHE_FILE; ++ $cache_data = require_once self::CACHE_FILE; ++ } ++ ++ self::$_font_lookup = array(); ++ foreach ($cache_data as $key => $value) { ++ self::$_font_lookup[stripslashes($key)] = $value; + } + + // Merge provided fonts +@@ -318,7 +331,7 @@ + self::$_font_lookup[mb_strtolower($fontname)] = $entry; + } + +- static function register_font($style, $remote_file) { ++ static function register_font($style, $remote_file, $context = null) { + $fontname = mb_strtolower($style["family"]); + $families = Font_Metrics::get_font_families(); + +@@ -328,6 +341,7 @@ + } + + $local_file = DOMPDF_FONT_DIR . md5($remote_file); ++ $local_temp_file = DOMPDF_TEMP_DIR . "/" . md5($remote_file); + $cache_entry = $local_file; + $local_file .= ".ttf"; + +@@ -336,23 +350,28 @@ + if ( !isset($entry[$style_string]) ) { + $entry[$style_string] = $cache_entry; + +- Font_Metrics::set_font_family($fontname, $entry); +- + // Download the remote file +- if ( !is_file($local_file) ) { +- file_put_contents($local_file, file_get_contents($remote_file)); +- } ++ file_put_contents($local_temp_file, file_get_contents($remote_file, null, $context)); + +- $font = Font::load($local_file); ++ $font = Font::load($local_temp_file); + + if (!$font) { ++ unlink($local_temp_file); + return false; + } + + $font->parse(); + $font->saveAdobeFontMetrics("$cache_entry.ufm"); + ++ unlink($local_temp_file); ++ ++ if ( !file_exists("$cache_entry.ufm") ) { ++ return false; ++ } ++ + // Save the changes ++ file_put_contents($local_file, file_get_contents($remote_file, null, $context)); ++ Font_Metrics::set_font_family($fontname, $entry); + Font_Metrics::save_font_families(); + } + +--- a/include/functions.inc.php ++++ b/include/functions.inc.php +@@ -128,47 +128,45 @@ + * is appended (o.k. also for Windows) + */ + function build_url($protocol, $host, $base_path, $url) { +- if ( strlen($url) == 0 ) { ++ $protocol = mb_strtolower($protocol); ++ if (strlen($url) == 0) { + //return $protocol . $host . rtrim($base_path, "/\\") . "/"; + return $protocol . $host . $base_path; + } +- + // Is the url already fully qualified or a Data URI? +- if ( mb_strpos($url, "://") !== false || mb_strpos($url, "data:") === 0 ) { ++ if (mb_strpos($url, "://") !== false || mb_strpos($url, "data:") === 0) { + return $url; + } +- + $ret = $protocol; +- +- if ( !in_array(mb_strtolower($protocol), array("http://";, "https://";, "ftp://";, "ftps://")) ) { ++ if (!in_array(mb_strtolower($protocol), array("http://";, "https://";, "ftp://";, "ftps://"))) { + //On Windows local file, an abs path can begin also with a '\' or a drive letter and colon + //drive: followed by a relative path would be a drive specific default folder. + //not known in php app code, treat as abs path + //($url[1] !== ':' || ($url[2]!=='\\' && $url[2]!=='/')) +- if ( $url[0] !== '/' && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN' || ($url[0] !== '\\' && $url[1] !== ':')) ) { ++ if ($url[0] !== '/' && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN' || ($url[0] !== '\\' && $url[1] !== ':'))) { + // For rel path and local acess we ignore the host, and run the path through realpath() +- $ret .= realpath($base_path).'/'; ++ $ret .= realpath($base_path) . '/'; + } + $ret .= $url; + $ret = preg_replace('/\?(.*)$/', "", $ret); + return $ret; + } +- +- //remote urls with backslash in html/css are not really correct, but lets be genereous +- if ( $url[0] === '/' || $url[0] === '\\' ) { ++ // Protocol relative urls (e.g. "//example.org/style.css") ++ if (strpos($url, '//') === 0) { ++ $ret .= substr($url, 2); ++ //remote urls with backslash in html/css are not really correct, but lets be genereous ++ } elseif ($url[0] === '/' || $url[0] === '\\') { + // Absolute path + $ret .= $host . $url; +- } +- else { ++ } else { + // Relative path + //$base_path = $base_path !== "" ? rtrim($base_path, "/\\") . "/" : ""; + $ret .= $host . $base_path . $url; + } +- + return $ret; +- + } + ++ + /** + * parse a full url or pathname and return an array(protocol, host, path, + * file + query + fragment) +@@ -183,7 +181,10 @@ + $file = ""; + + $arr = parse_url($url); +- ++ if ( isset($arr["scheme"])) { ++ $arr["scheme"] == mb_strtolower($arr["scheme"]); ++ } ++ + // Exclude windows drive letters... + if ( isset($arr["scheme"]) && $arr["scheme"] !== "file" && strlen($arr["scheme"]) > 1 ) { + $protocol = $arr["scheme"] . "://"; +@@ -229,7 +230,7 @@ + } + else { + +- $i = mb_strpos($url, "file://"); ++ $i = mb_stripos($url, "file://"); + if ( $i !== false ) { + $url = mb_substr($url, $i + 7); + } +@@ -400,6 +401,12 @@ + } + } + ++ if (!function_exists('mb_stripos')) { ++ function mb_stripos($haystack, $needle, $offset = 0) { ++ return stripos($haystack, $needle, $offset); ++ } ++ } ++ + if (!function_exists('mb_strrpos')) { + function mb_strrpos($haystack, $needle, $offset = 0) { + return strrpos($haystack, $needle, $offset); +@@ -748,7 +755,7 @@ + * @param string $filename + * @return array The same format as getimagesize($filename) + */ +-function dompdf_getimagesize($filename) { ++function dompdf_getimagesize($filename, $context = null) { + static $cache = array(); + + if ( isset($cache[$filename]) ) { +@@ -758,7 +765,7 @@ + list($width, $height, $type) = getimagesize($filename); + + if ( $width == null || $height == null ) { +- $data = file_get_contents($filename, null, null, 0, 26); ++ $data = file_get_contents($filename, null, $context, 0, 26); + + if ( substr($data, 0, 2) === "BM" ) { + $meta = unpack('vtype/Vfilesize/Vreserved/Voffset/Vheadersize/Vwidth/Vheight', $data); +@@ -1005,31 +1012,6 @@ + } + } + +-if ( function_exists("curl_init") ) { +- function DOMPDF_fetch_url($url, &$headers = null) { +- $ch = curl_init($url); +- curl_setopt($ch, CURLOPT_TIMEOUT, 10); +- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); +- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); +- curl_setopt($ch, CURLOPT_HEADER, true); +- +- $data = curl_exec($ch); +- $raw_headers = substr($data, 0, curl_getinfo($ch, CURLINFO_HEADER_SIZE)); +- $headers = preg_split("/[\n\r]+/", trim($raw_headers)); +- $data = substr($data, curl_getinfo($ch, CURLINFO_HEADER_SIZE)); +- curl_close($ch); +- +- return $data; +- } +-} +-else { +- function DOMPDF_fetch_url($url, &$headers = null) { +- $data = file_get_contents($url); +- $headers = $http_response_header; +- +- return $data; +- } +-} + + /** + * Affect null to the unused objects +--- a/include/gd_adapter.cls.php ++++ b/include/gd_adapter.cls.php +@@ -553,7 +553,7 @@ + * @internal param string $img_type the type (e.g. extension) of the image + */ + function image($img_url, $x, $y, $w, $h, $resolution = "normal") { +- $img_type = Image_Cache::detect_type($img_url); ++ $img_type = Image_Cache::detect_type($img_url, $this->_dompdf->get_http_context()); + $img_ext = Image_Cache::type_to_ext($img_type); + + if ( !$img_ext ) { +--- a/include/image_cache.cls.php ++++ b/include/image_cache.cls.php +@@ -45,6 +45,7 @@ + * @return array An array with two elements: The local path to the image and the image extension + */ + static function resolve_url($url, $protocol, $host, $base_path, DOMPDF $dompdf) { ++ $protocol = mb_strtolower($protocol); + $parsed_url = explode_url($url); + $message = null; + +@@ -84,7 +85,7 @@ + } + else { + set_error_handler("record_warnings"); +- $image = file_get_contents($full_url); ++ $image = file_get_contents($full_url, null, $dompdf->get_http_context()); + restore_error_handler(); + } + +@@ -118,7 +119,7 @@ + + // Check is the file is an image + else { +- list($width, $height, $type) = dompdf_getimagesize($resolved_url); ++ list($width, $height, $type) = dompdf_getimagesize($resolved_url, $dompdf->get_http_context()); + + // Known image type + if ( $width && $height && in_array($type, array(IMAGETYPE_GIF, IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_BMP)) ) { +@@ -138,7 +139,8 @@ + catch(DOMPDF_Image_Exception $e) { + $resolved_url = self::$broken_image; + $type = IMAGETYPE_PNG; +- $message = $e->getMessage()." \n $url"; ++ $message = "Image not found or type unknown"; ++ $_dompdf_warnings[] = $e->getMessage()." :: $url"; + } + + return array($resolved_url, $type, $message); +@@ -159,8 +161,8 @@ + self::$_cache = array(); + } + +- static function detect_type($file) { +- list(, , $type) = dompdf_getimagesize($file); ++ static function detect_type($file, $context = null) { ++ list(, , $type) = dompdf_getimagesize($file, $context); + return $type; + } + +--- a/include/image_frame_reflower.cls.php ++++ b/include/image_frame_reflower.cls.php +@@ -41,7 +41,7 @@ + function get_min_max_width() { + if (DEBUGPNG) { + // Determine the image's size. Time consuming. Only when really needed? +- list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url()); ++ list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url(), $this->get_dompdf()->get_http_context()); + print "get_min_max_width() ". + $this->_frame->get_style()->width.' '. + $this->_frame->get_style()->height.';'. +@@ -104,7 +104,7 @@ + + if ($width == 0 || $height == 0) { + // Determine the image's size. Time consuming. Only when really needed! +- list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url()); ++ list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url(), $this->get_dompdf()->get_http_context()); + + // don't treat 0 as error. Can be downscaled or can be catched elsewhere if image not readable. + // Resample according to px per inch +--- a/include/list_bullet_image_frame_decorator.cls.php ++++ b/include/list_bullet_image_frame_decorator.cls.php +@@ -48,7 +48,7 @@ + $frame->get_node()->setAttribute("src", $url); + $this->_img = new Image_Frame_Decorator($frame, $dompdf); + parent::__construct($this->_img, $dompdf); +- list($width, $height) = dompdf_getimagesize($this->_img->get_image_url()); ++ list($width, $height) = dompdf_getimagesize($this->_img->get_image_url(), $dompdf->get_http_context()); + + // Resample the bullet image to be consistent with 'auto' sized images + // See also Image_Frame_Reflower::get_min_max_width +--- a/include/list_bullet_renderer.cls.php ++++ b/include/list_bullet_renderer.cls.php +@@ -141,7 +141,7 @@ + // Tested php ver: value measured in px, suffix "px" not in value: rtrim unnecessary. + //$w = $frame->get_width(); + //$h = $frame->get_height(); +- list($width, $height) = dompdf_getimagesize($img); ++ list($width, $height) = dompdf_getimagesize($img, $this->_dompdf->get_http_context()); + $dpi = $this->_dompdf->get_option("dpi"); + $w = ((float)rtrim($width, "px") * 72) / $dpi; + $h = ((float)rtrim($height, "px") * 72) / $dpi; +--- a/include/pdflib_adapter.cls.php ++++ b/include/pdflib_adapter.cls.php +@@ -770,7 +770,7 @@ + $w = (int)$w; + $h = (int)$h; + +- $img_type = Image_Cache::detect_type($img_url); ++ $img_type = Image_Cache::detect_type($img_url, $this->_dompdf->get_http_context()); + $img_ext = Image_Cache::type_to_ext($img_type); + + if ( !isset($this->_imgs[$img_url]) ) { +--- a/include/stylesheet.cls.php ++++ b/include/stylesheet.cls.php +@@ -1250,7 +1250,7 @@ + "path" => build_url($this->_protocol, $this->_base_host, $this->_base_path, $src[2][$i]), + ); + +- if ( !$source["local"] && in_array($source["format"], array("", "woff", "opentype", "truetype")) ) { ++ if ( !$source["local"] && in_array($source["format"], array("", "truetype")) ) { + $valid_sources[] = $source; + } + +@@ -1268,7 +1268,7 @@ + "style" => $descriptors->font_style, + ); + +- Font_Metrics::register_font($style, $valid_sources[0]["path"]); ++ Font_Metrics::register_font($style, $valid_sources[0]["path"], $this->_dompdf->get_http_context()); + } + + /** +--- a/lib/class.pdf.php ++++ b/lib/class.pdf.php +@@ -749,7 +749,7 @@ + EOT; + + $res = "<</Length " . mb_strlen($stream, '8bit') . " >>\n"; +- $res .= "stream\n" . $stream . "endstream"; ++ $res .= "stream\n" . $stream . "\nendstream"; + + $this->objects[$toUnicodeId]['c'] = $res; + +@@ -1875,7 +1875,7 @@ + $tmp = 'o_'.$v['t']; + $cont = $this->$tmp($k, 'out'); + $content.= $cont; +- $xref[] = $pos; ++ $xref[] = $pos+1; //+1 to account for \n at the start of each object + $pos+= mb_strlen($cont, '8bit'); + } + +@@ -2426,7 +2426,7 @@ + $flags+= pow(2, 5); // assume non-sybolic + $list = array( + 'Ascent' => 'Ascender', +- 'CapHeight' => 'CapHeight', ++ 'CapHeight' => 'Ascender', //FIXME: php-font-lib is not grabbing this value, so we'll fake it and use the Ascender value // 'CapHeight' + 'MissingWidth' => 'MissingWidth', + 'Descent' => 'Descender', + 'FontBBox' => 'FontBBox', +--- a/www/debugger.php ++++ b/www/debugger.php +@@ -1,4 +1,12 @@ +-<?php ++<?php ++require_once "functions.inc.php"; ++ ++$allowed_hosts = array("::1", "127.0.0.1"); ++if( !auth_ok() || !in_array($_SERVER['REMOTE_ADDR'], $allowed_hosts) ) { ++ die("Access denied to host at " . $_SERVER['REMOTE_ADDR']); ++} ++ ++ + $files = glob("test/*.{html,htm,php}", GLOB_BRACE); + ?> + +@@ -6,6 +14,7 @@ + <html lang="en"> + <head> + <title>dompdf debugger</title> ++ <meta name="robots" content="noindex"> + <script type="text/javascript" src="jquery-1.4.2.js"></script> + + <script type="text/javascript"> +--- a/www/demo.php ++++ b/www/demo.php +@@ -6,7 +6,7 @@ + $local = array("::1", "127.0.0.1"); + $is_local = in_array($_SERVER['REMOTE_ADDR'], $local); + +-if ( isset( $_POST["html"] ) && $is_local ) { ++if ( auth_ok() && $is_local && isset( $_POST["html"] ) ) { + + if ( get_magic_quotes_gpc() ) + $_POST["html"] = stripslashes($_POST["html"]); +@@ -27,7 +27,7 @@ + <a name="demo"> </a> + <h2>Demo</h2> + +-<?php if ($is_local) { ?> ++<?php if (auth_ok() && $is_local) { ?> + + <p>Enter your html snippet in the text box below to see it rendered as a + PDF: (Note by default, remote stylesheets, images & inline PHP are disabled.)</p> +@@ -79,6 +79,8 @@ + User input has been disabled for remote connections. + </p> + ++ <?php echo auth_get_link(); ?> ++ + <?php } ?> + + <?php include("foot.inc"); ?> +\ No newline at end of file +--- a/www/head.inc ++++ b/www/head.inc +@@ -1,4 +1,8 @@ + <?php ++$allowed_hosts = array("::1", "127.0.0.1"); ++if( !in_array($_SERVER['REMOTE_ADDR'], $allowed_hosts) ) { ++ die("Access denied to host at " . $_SERVER['REMOTE_ADDR']); ++} + + session_start(); + +@@ -21,6 +25,7 @@ + <head> + <title>dompdf - The PHP 5 HTML to PDF Converter</title> + <link rel="stylesheet" href="style.css" type="text/css"/> ++ <meta name="robots" content="noindex"> + <link rel="SHORTCUT ICON" href="images/favicon.ico"/> + <script type="text/javascript" src="jquery-1.4.2.js"></script> + +--- a/www/setup.php ++++ b/www/setup.php +@@ -1,5 +1,9 @@ + <?php include("head.inc"); ?> + ++<?php ++if (auth_ok()) { ++?> ++ + <a name="setup"> </a> + <h2>Setup</h2> + +@@ -296,5 +300,12 @@ + + </table> + ++<?php ++} else { ++ echo auth_get_link(); ++} ++?> ++ ++ + + <?php include("foot.inc"); ?> +\ No newline at end of file diff -Nru php-dompdf-0.6.1+dfsg/debian/patches/series php-dompdf-0.6.1+dfsg/debian/patches/series --- php-dompdf-0.6.1+dfsg/debian/patches/series 2014-04-12 21:52:49.000000000 +0200 +++ php-dompdf-0.6.1+dfsg/debian/patches/series 2016-03-19 18:36:53.000000000 +0100 @@ -4,3 +4,4 @@ 0004-Adapt-php-font-lib-path.patch 0005-Adapt-tcpdf-path.patch 0006-Do-not-fetch-external-CSS-in-example.patch +0100-0.6.2-hotfix.patch
signature.asc
Description: OpenPGP digital signature
