--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
Hey release team,
I'd like to propose an update for jessie, that addresses 4 CVEs with
php-dompdf.
Related package bug is #813849
Though php-dompdf is technically a leaf package, I'd prefer to ship a
update over a RM of the package from stable.
Attached is a prepared debdiff of that update.
Please review and let me know if you need anything in addition.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru php-dompdf-0.6.1+dfsg/debian/changelog php-dompdf-0.6.1+dfsg/debian/changelog
--- php-dompdf-0.6.1+dfsg/debian/changelog 2014-04-23 21:24:29.000000000 +0200
+++ php-dompdf-0.6.1+dfsg/debian/changelog 2016-02-27 15:51:54.000000000 +0100
@@ -1,3 +1,18 @@
+php-dompdf (0.6.1+dfsg-2+deb8u1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * [22610bd] Add 0.6.2 hotfix patch (Closes: #813849)
+
+ Fixes CVE:
+ * CVE-2014-2383
+ * CVE-2014-5011
+ * CVE-2014-5012
+ * CVE-2014-5013
+
+ This update bundles CVE hotfixes from 0.6.2 upstream release.
+
+ -- Markus Frosch <lazyfro...@debian.org> Sat, 27 Feb 2016 15:48:10 +0100
+
php-dompdf (0.6.1+dfsg-2) unstable; urgency=medium
* Document security issue fixed in last upstream version, and upload to
diff -Nru php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch
--- php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch 1970-01-01 01:00:00.000000000 +0100
+++ php-dompdf-0.6.1+dfsg/debian/patches/0100-0.6.2-hotfix.patch 2016-02-27 15:47:52.000000000 +0100
@@ -0,0 +1,713 @@
+Description: Hotfix based on 0.6.2
+ This patch fixes:
+ * CVE-2014-2383
+ * CVE-2014-5011
+ * CVE-2014-5012
+ * CVE-2014-5013
+ .
+ The patch bundles code changes from 0.6.2
+Author: Brian Sweeney <bswee...@eclecticgeek.com>
+Origin: upstream
+Applied-Upstream: 0.6.2
+Reviewed-by: Markus Frosch <lazyfro...@debian.org>
+Last-Update: 2016-02-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/dompdf.php
++++ b/dompdf.php
+@@ -130,6 +130,8 @@
+ $sapi = php_sapi_name();
+ $options = array();
+
++$dompdf = new DOMPDF();
++
+ switch ( $sapi ) {
+
+ case "cli":
+@@ -169,7 +171,7 @@
+ if ( $file === "-" )
+ $outfile = "dompdf_out.pdf";
+ else
+- $outfile = str_ireplace(array(".html", ".htm", ".php"), "", $file) . ".pdf";
++ $outfile = str_ireplace(array(".html", ".htm"), "", $file) . ".pdf";
+ }
+
+ if ( isset($opts["v"]) )
+@@ -194,6 +196,8 @@
+
+ default:
+
++ $dompdf->set_option('enable_php', false);
++
+ if ( isset($_GET["input_file"]) )
+ $file = rawurldecode($_GET["input_file"]);
+ else
+@@ -220,26 +224,12 @@
+
+ $file_parts = explode_url($file);
+
+- /* Check to see if the input file is local and, if so, that the base path falls within that specified by DOMDPF_CHROOT */
+- if(($file_parts['protocol'] == '' || $file_parts['protocol'] === 'file://')) {
+- $file = realpath($file);
+- if ( strpos($file, DOMPDF_CHROOT) !== 0 ) {
+- throw new DOMPDF_Exception("Permission denied on $file. The file could not be found under the directory specified by DOMPDF_CHROOT.");
+- }
+- }
+-
+- if($file_parts['protocol'] === 'php://') {
+- throw new DOMPDF_Exception("Permission denied on $file. This script does not allow PHP streams.");
+- }
+-
+ $outfile = "dompdf_out.pdf"; # Don't allow them to set the output file
+ $save_file = false; # Don't save the file
+
+ break;
+ }
+
+-$dompdf = new DOMPDF();
+-
+ if ( $file === "-" ) {
+ $str = "";
+ while ( !feof(STDIN) )
+--- a/dompdf_config.custom.inc.php
++++ b/dompdf_config.custom.inc.php
+@@ -1,6 +1,7 @@
+-<?php
++<?php
++// Please refer to dompdf_config.inc.php for details on each configuration option.
++
+ //define("DOMPDF_TEMP_DIR", "/tmp");
+-//define("DOMPDF_CHROOT", DOMPDF_DIR);
+ //define("DOMPDF_FONT_DIR", DOMPDF_DIR."/lib/fonts/");
+ //define("DOMPDF_FONT_CACHE", DOMPDF_DIR."/lib/fonts/");
+ //define("DOMPDF_UNICODE_ENABLED", true);
+@@ -9,8 +10,6 @@
+ //define("DOMPDF_DEFAULT_PAPER_SIZE", "letter");
+ //define("DOMPDF_DEFAULT_FONT", "serif");
+ //define("DOMPDF_DPI", 72);
+-//define("DOMPDF_ENABLE_PHP", true);
+-//define("DOMPDF_ENABLE_REMOTE", true);
+ //define("DOMPDF_ENABLE_CSS_FLOAT", true);
+ //define("DOMPDF_ENABLE_JAVASCRIPT", false);
+ //define("DEBUGPNG", true);
+@@ -26,6 +25,17 @@
+ //define("DOMPDF_ENABLE_HTML5PARSER", true);
+ //define("DOMPDF_ENABLE_FONTSUBSETTING", true);
+
+-// DOMPDF authentication
++// Authentication for the dompdf/www
+ //define("DOMPDF_ADMIN_USERNAME", "user");
+-//define("DOMPDF_ADMIN_PASSWORD", "password");
+\ No newline at end of file
++//define("DOMPDF_ADMIN_PASSWORD", "password");
++
++/**
++ * Attention!
++ * The following settings may increase the risk of system exploit.
++ * Do not change these settings without understanding the consequences.
++ * Additional documentation is available on the dompdf wiki at:
++ * https://github.com/dompdf/dompdf/wiki
++ */
++//define("DOMPDF_CHROOT", DOMPDF_DIR);
++//define("DOMPDF_ENABLE_PHP", false);
++//define("DOMPDF_ENABLE_REMOTE", false);
+--- a/include/abstract_renderer.cls.php
++++ b/include/abstract_renderer.cls.php
+@@ -100,7 +100,7 @@
+ //Therefore read dimension directly from file, instead of creating gd object first.
+ //$img_w = imagesx($src); $img_h = imagesy($src);
+
+- list($img_w, $img_h) = dompdf_getimagesize($img);
++ list($img_w, $img_h) = dompdf_getimagesize($img, $this->_dompdf->get_http_context());
+ if (!isset($img_w) || $img_w == 0 || !isset($img_h) || $img_h == 0) {
+ return;
+ }
+--- a/include/cpdf_adapter.cls.php
++++ b/include/cpdf_adapter.cls.php
+@@ -604,7 +604,7 @@
+ }
+
+ function image($img, $x, $y, $w, $h, $resolution = "normal") {
+- list($width, $height, $type) = dompdf_getimagesize($img);
++ list($width, $height, $type) = dompdf_getimagesize($img, $this->_dompdf->get_http_context());
+
+ $debug_png = $this->_dompdf->get_option("debug_png");
+
+--- a/include/dompdf.cls.php
++++ b/include/dompdf.cls.php
+@@ -184,6 +184,25 @@
+ * @var bool
+ */
+ private $_quirksmode = false;
++
++ /**
++ * Protocol whitelist
++ *
++ * Protocols and PHP wrappers allowed in URLs. Full support is not
++ * guarantee for the protocols/wrappers contained in this array.
++ *
++ * @var array
++ */
++ private $_allowed_protocols = array(null, "", "file://", "http://";, "https://";);
++
++ /**
++ * Local file extension whitelist
++ *
++ * File extensions supported by dompdf for local files.
++ *
++ * @var array
++ */
++ private $_allowed_local_file_extensions = array("htm", "html");
+
+ /**
+ * The list of built-in fonts
+@@ -474,6 +493,10 @@
+ list($this->_protocol, $this->_base_host, $this->_base_path) = explode_url($file);
+ }
+
++ if ( !in_array($this->_protocol, $this->_allowed_protocols) ) {
++ throw new DOMPDF_Exception("Permission denied on $file. The communication protocol is not supported.");
++ }
++
+ if ( !$this->get_option("enable_remote") && ($this->_protocol != "" && $this->_protocol !== "file://" ) ) {
+ throw new DOMPDF_Exception("Remote file requested, but DOMPDF_ENABLE_REMOTE is false.");
+ }
+@@ -482,23 +505,24 @@
+
+ // Get the full path to $file, returns false if the file doesn't exist
+ $realfile = realpath($file);
+- if ( !$realfile ) {
+- throw new DOMPDF_Exception("File '$file' not found.");
+- }
+
+ $chroot = $this->get_option("chroot");
+ if ( strpos($realfile, $chroot) !== 0 ) {
+ throw new DOMPDF_Exception("Permission denied on $file. The file could not be found under the directory specified by DOMPDF_CHROOT.");
+ }
+-
+- // Exclude dot files (e.g. .htaccess)
+- if ( substr(basename($realfile), 0, 1) === "." ) {
++
++ $ext = pathinfo($realfile, PATHINFO_EXTENSION);
++ if (!in_array($ext, $this->_allowed_local_file_extensions)) {
+ throw new DOMPDF_Exception("Permission denied on $file.");
+ }
+-
++
++ if ( !$realfile ) {
++ throw new DOMPDF_Exception("File '$file' not found.");
++ }
++
+ $file = $realfile;
+ }
+-
++
+ $contents = file_get_contents($file, null, $this->_http_context);
+ $encoding = null;
+
+--- a/include/font_metrics.cls.php
++++ b/include/font_metrics.cls.php
+@@ -217,10 +217,18 @@
+ */
+ static function save_font_families() {
+ // replace the path to the DOMPDF font directories with the corresponding constants (allows for more portability)
+- $cache_data = var_export(self::$_font_lookup, true);
+- $cache_data = str_replace('\''.DOMPDF_FONT_DIR , 'DOMPDF_FONT_DIR . \'' , $cache_data);
+- $cache_data = str_replace('\''.DOMPDF_DIR , 'DOMPDF_DIR . \'' , $cache_data);
+- $cache_data = "<"."?php return $cache_data ?".">";
++ $cache_data = sprintf("<?php return array (%s", PHP_EOL);
++ foreach (self::$_font_lookup as $family => $variants) {
++ $cache_data .= sprintf(" '%s' => array(%s", addslashes($family), PHP_EOL);
++ foreach ($variants as $variant => $path) {
++ $path = sprintf("'%s'", $path);
++ $path = str_replace('\'' . DOMPDF_FONT_DIR , 'DOMPDF_FONT_DIR . \'' , $path);
++ $path = str_replace('\'' . DOMPDF_DIR , 'DOMPDF_DIR . \'' , $path);
++ $cache_data .= sprintf(" '%s' => %s,%s", $variant, $path, PHP_EOL);
++ }
++ $cache_data .= sprintf(" ),%s", PHP_EOL);
++ }
++ $cache_data .= ") ?>";
+ file_put_contents(self::CACHE_FILE, $cache_data);
+ }
+
+@@ -249,13 +257,18 @@
+ return;
+ }
+
+- self::$_font_lookup = require_once self::CACHE_FILE;
++ $cache_data = require_once self::CACHE_FILE;
+
+ // If the font family cache is still in the old format
+ if ( self::$_font_lookup === 1 ) {
+ $cache_data = file_get_contents(self::CACHE_FILE);
+ file_put_contents(self::CACHE_FILE, "<"."?php return $cache_data ?".">");
+- self::$_font_lookup = require_once self::CACHE_FILE;
++ $cache_data = require_once self::CACHE_FILE;
++ }
++
++ self::$_font_lookup = array();
++ foreach ($cache_data as $key => $value) {
++ self::$_font_lookup[stripslashes($key)] = $value;
+ }
+
+ // Merge provided fonts
+@@ -318,7 +331,7 @@
+ self::$_font_lookup[mb_strtolower($fontname)] = $entry;
+ }
+
+- static function register_font($style, $remote_file) {
++ static function register_font($style, $remote_file, $context = null) {
+ $fontname = mb_strtolower($style["family"]);
+ $families = Font_Metrics::get_font_families();
+
+@@ -328,6 +341,7 @@
+ }
+
+ $local_file = DOMPDF_FONT_DIR . md5($remote_file);
++ $local_temp_file = DOMPDF_TEMP_DIR . "/" . md5($remote_file);
+ $cache_entry = $local_file;
+ $local_file .= ".ttf";
+
+@@ -336,23 +350,28 @@
+ if ( !isset($entry[$style_string]) ) {
+ $entry[$style_string] = $cache_entry;
+
+- Font_Metrics::set_font_family($fontname, $entry);
+-
+ // Download the remote file
+- if ( !is_file($local_file) ) {
+- file_put_contents($local_file, file_get_contents($remote_file));
+- }
++ file_put_contents($local_temp_file, file_get_contents($remote_file, null, $context));
+
+- $font = Font::load($local_file);
++ $font = Font::load($local_temp_file);
+
+ if (!$font) {
++ unlink($local_temp_file);
+ return false;
+ }
+
+ $font->parse();
+ $font->saveAdobeFontMetrics("$cache_entry.ufm");
+
++ unlink($local_temp_file);
++
++ if ( !file_exists("$cache_entry.ufm") ) {
++ return false;
++ }
++
+ // Save the changes
++ file_put_contents($local_file, file_get_contents($remote_file, null, $context));
++ Font_Metrics::set_font_family($fontname, $entry);
+ Font_Metrics::save_font_families();
+ }
+
+--- a/include/functions.inc.php
++++ b/include/functions.inc.php
+@@ -128,47 +128,45 @@
+ * is appended (o.k. also for Windows)
+ */
+ function build_url($protocol, $host, $base_path, $url) {
+- if ( strlen($url) == 0 ) {
++ $protocol = mb_strtolower($protocol);
++ if (strlen($url) == 0) {
+ //return $protocol . $host . rtrim($base_path, "/\\") . "/";
+ return $protocol . $host . $base_path;
+ }
+-
+ // Is the url already fully qualified or a Data URI?
+- if ( mb_strpos($url, "://") !== false || mb_strpos($url, "data:") === 0 ) {
++ if (mb_strpos($url, "://") !== false || mb_strpos($url, "data:") === 0) {
+ return $url;
+ }
+-
+ $ret = $protocol;
+-
+- if ( !in_array(mb_strtolower($protocol), array("http://";, "https://";, "ftp://";, "ftps://")) ) {
++ if (!in_array(mb_strtolower($protocol), array("http://";, "https://";, "ftp://";, "ftps://"))) {
+ //On Windows local file, an abs path can begin also with a '\' or a drive letter and colon
+ //drive: followed by a relative path would be a drive specific default folder.
+ //not known in php app code, treat as abs path
+ //($url[1] !== ':' || ($url[2]!=='\\' && $url[2]!=='/'))
+- if ( $url[0] !== '/' && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN' || ($url[0] !== '\\' && $url[1] !== ':')) ) {
++ if ($url[0] !== '/' && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN' || ($url[0] !== '\\' && $url[1] !== ':'))) {
+ // For rel path and local acess we ignore the host, and run the path through realpath()
+- $ret .= realpath($base_path).'/';
++ $ret .= realpath($base_path) . '/';
+ }
+ $ret .= $url;
+ $ret = preg_replace('/\?(.*)$/', "", $ret);
+ return $ret;
+ }
+-
+- //remote urls with backslash in html/css are not really correct, but lets be genereous
+- if ( $url[0] === '/' || $url[0] === '\\' ) {
++ // Protocol relative urls (e.g. "//example.org/style.css")
++ if (strpos($url, '//') === 0) {
++ $ret .= substr($url, 2);
++ //remote urls with backslash in html/css are not really correct, but lets be genereous
++ } elseif ($url[0] === '/' || $url[0] === '\\') {
+ // Absolute path
+ $ret .= $host . $url;
+- }
+- else {
++ } else {
+ // Relative path
+ //$base_path = $base_path !== "" ? rtrim($base_path, "/\\") . "/" : "";
+ $ret .= $host . $base_path . $url;
+ }
+-
+ return $ret;
+-
+ }
+
++
+ /**
+ * parse a full url or pathname and return an array(protocol, host, path,
+ * file + query + fragment)
+@@ -183,7 +181,10 @@
+ $file = "";
+
+ $arr = parse_url($url);
+-
++ if ( isset($arr["scheme"])) {
++ $arr["scheme"] == mb_strtolower($arr["scheme"]);
++ }
++
+ // Exclude windows drive letters...
+ if ( isset($arr["scheme"]) && $arr["scheme"] !== "file" && strlen($arr["scheme"]) > 1 ) {
+ $protocol = $arr["scheme"] . "://";
+@@ -229,7 +230,7 @@
+ }
+ else {
+
+- $i = mb_strpos($url, "file://");
++ $i = mb_stripos($url, "file://");
+ if ( $i !== false ) {
+ $url = mb_substr($url, $i + 7);
+ }
+@@ -400,6 +401,12 @@
+ }
+ }
+
++ if (!function_exists('mb_stripos')) {
++ function mb_stripos($haystack, $needle, $offset = 0) {
++ return stripos($haystack, $needle, $offset);
++ }
++ }
++
+ if (!function_exists('mb_strrpos')) {
+ function mb_strrpos($haystack, $needle, $offset = 0) {
+ return strrpos($haystack, $needle, $offset);
+@@ -748,7 +755,7 @@
+ * @param string $filename
+ * @return array The same format as getimagesize($filename)
+ */
+-function dompdf_getimagesize($filename) {
++function dompdf_getimagesize($filename, $context = null) {
+ static $cache = array();
+
+ if ( isset($cache[$filename]) ) {
+@@ -758,7 +765,7 @@
+ list($width, $height, $type) = getimagesize($filename);
+
+ if ( $width == null || $height == null ) {
+- $data = file_get_contents($filename, null, null, 0, 26);
++ $data = file_get_contents($filename, null, $context, 0, 26);
+
+ if ( substr($data, 0, 2) === "BM" ) {
+ $meta = unpack('vtype/Vfilesize/Vreserved/Voffset/Vheadersize/Vwidth/Vheight', $data);
+@@ -1005,31 +1012,6 @@
+ }
+ }
+
+-if ( function_exists("curl_init") ) {
+- function DOMPDF_fetch_url($url, &$headers = null) {
+- $ch = curl_init($url);
+- curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
+- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+- curl_setopt($ch, CURLOPT_HEADER, true);
+-
+- $data = curl_exec($ch);
+- $raw_headers = substr($data, 0, curl_getinfo($ch, CURLINFO_HEADER_SIZE));
+- $headers = preg_split("/[\n\r]+/", trim($raw_headers));
+- $data = substr($data, curl_getinfo($ch, CURLINFO_HEADER_SIZE));
+- curl_close($ch);
+-
+- return $data;
+- }
+-}
+-else {
+- function DOMPDF_fetch_url($url, &$headers = null) {
+- $data = file_get_contents($url);
+- $headers = $http_response_header;
+-
+- return $data;
+- }
+-}
+
+ /**
+ * Affect null to the unused objects
+--- a/include/gd_adapter.cls.php
++++ b/include/gd_adapter.cls.php
+@@ -553,7 +553,7 @@
+ * @internal param string $img_type the type (e.g. extension) of the image
+ */
+ function image($img_url, $x, $y, $w, $h, $resolution = "normal") {
+- $img_type = Image_Cache::detect_type($img_url);
++ $img_type = Image_Cache::detect_type($img_url, $this->_dompdf->get_http_context());
+ $img_ext = Image_Cache::type_to_ext($img_type);
+
+ if ( !$img_ext ) {
+--- a/include/image_cache.cls.php
++++ b/include/image_cache.cls.php
+@@ -45,6 +45,7 @@
+ * @return array An array with two elements: The local path to the image and the image extension
+ */
+ static function resolve_url($url, $protocol, $host, $base_path, DOMPDF $dompdf) {
++ $protocol = mb_strtolower($protocol);
+ $parsed_url = explode_url($url);
+ $message = null;
+
+@@ -84,7 +85,7 @@
+ }
+ else {
+ set_error_handler("record_warnings");
+- $image = file_get_contents($full_url);
++ $image = file_get_contents($full_url, null, $dompdf->get_http_context());
+ restore_error_handler();
+ }
+
+@@ -118,7 +119,7 @@
+
+ // Check is the file is an image
+ else {
+- list($width, $height, $type) = dompdf_getimagesize($resolved_url);
++ list($width, $height, $type) = dompdf_getimagesize($resolved_url, $dompdf->get_http_context());
+
+ // Known image type
+ if ( $width && $height && in_array($type, array(IMAGETYPE_GIF, IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_BMP)) ) {
+@@ -138,7 +139,8 @@
+ catch(DOMPDF_Image_Exception $e) {
+ $resolved_url = self::$broken_image;
+ $type = IMAGETYPE_PNG;
+- $message = $e->getMessage()." \n $url";
++ $message = "Image not found or type unknown";
++ $_dompdf_warnings[] = $e->getMessage()." :: $url";
+ }
+
+ return array($resolved_url, $type, $message);
+@@ -159,8 +161,8 @@
+ self::$_cache = array();
+ }
+
+- static function detect_type($file) {
+- list(, , $type) = dompdf_getimagesize($file);
++ static function detect_type($file, $context = null) {
++ list(, , $type) = dompdf_getimagesize($file, $context);
+ return $type;
+ }
+
+--- a/include/image_frame_reflower.cls.php
++++ b/include/image_frame_reflower.cls.php
+@@ -41,7 +41,7 @@
+ function get_min_max_width() {
+ if (DEBUGPNG) {
+ // Determine the image's size. Time consuming. Only when really needed?
+- list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url());
++ list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url(), $this->get_dompdf()->get_http_context());
+ print "get_min_max_width() ".
+ $this->_frame->get_style()->width.' '.
+ $this->_frame->get_style()->height.';'.
+@@ -104,7 +104,7 @@
+
+ if ($width == 0 || $height == 0) {
+ // Determine the image's size. Time consuming. Only when really needed!
+- list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url());
++ list($img_width, $img_height) = dompdf_getimagesize($this->_frame->get_image_url(), $this->get_dompdf()->get_http_context());
+
+ // don't treat 0 as error. Can be downscaled or can be catched elsewhere if image not readable.
+ // Resample according to px per inch
+--- a/include/list_bullet_image_frame_decorator.cls.php
++++ b/include/list_bullet_image_frame_decorator.cls.php
+@@ -48,7 +48,7 @@
+ $frame->get_node()->setAttribute("src", $url);
+ $this->_img = new Image_Frame_Decorator($frame, $dompdf);
+ parent::__construct($this->_img, $dompdf);
+- list($width, $height) = dompdf_getimagesize($this->_img->get_image_url());
++ list($width, $height) = dompdf_getimagesize($this->_img->get_image_url(), $dompdf->get_http_context());
+
+ // Resample the bullet image to be consistent with 'auto' sized images
+ // See also Image_Frame_Reflower::get_min_max_width
+--- a/include/list_bullet_renderer.cls.php
++++ b/include/list_bullet_renderer.cls.php
+@@ -141,7 +141,7 @@
+ // Tested php ver: value measured in px, suffix "px" not in value: rtrim unnecessary.
+ //$w = $frame->get_width();
+ //$h = $frame->get_height();
+- list($width, $height) = dompdf_getimagesize($img);
++ list($width, $height) = dompdf_getimagesize($img, $this->_dompdf->get_http_context());
+ $dpi = $this->_dompdf->get_option("dpi");
+ $w = ((float)rtrim($width, "px") * 72) / $dpi;
+ $h = ((float)rtrim($height, "px") * 72) / $dpi;
+--- a/include/pdflib_adapter.cls.php
++++ b/include/pdflib_adapter.cls.php
+@@ -770,7 +770,7 @@
+ $w = (int)$w;
+ $h = (int)$h;
+
+- $img_type = Image_Cache::detect_type($img_url);
++ $img_type = Image_Cache::detect_type($img_url, $this->_dompdf->get_http_context());
+ $img_ext = Image_Cache::type_to_ext($img_type);
+
+ if ( !isset($this->_imgs[$img_url]) ) {
+--- a/include/stylesheet.cls.php
++++ b/include/stylesheet.cls.php
+@@ -1250,7 +1250,7 @@
+ "path" => build_url($this->_protocol, $this->_base_host, $this->_base_path, $src[2][$i]),
+ );
+
+- if ( !$source["local"] && in_array($source["format"], array("", "woff", "opentype", "truetype")) ) {
++ if ( !$source["local"] && in_array($source["format"], array("", "truetype")) ) {
+ $valid_sources[] = $source;
+ }
+
+@@ -1268,7 +1268,7 @@
+ "style" => $descriptors->font_style,
+ );
+
+- Font_Metrics::register_font($style, $valid_sources[0]["path"]);
++ Font_Metrics::register_font($style, $valid_sources[0]["path"], $this->_dompdf->get_http_context());
+ }
+
+ /**
+--- a/lib/class.pdf.php
++++ b/lib/class.pdf.php
+@@ -749,7 +749,7 @@
+ EOT;
+
+ $res = "<</Length " . mb_strlen($stream, '8bit') . " >>\n";
+- $res .= "stream\n" . $stream . "endstream";
++ $res .= "stream\n" . $stream . "\nendstream";
+
+ $this->objects[$toUnicodeId]['c'] = $res;
+
+@@ -1875,7 +1875,7 @@
+ $tmp = 'o_'.$v['t'];
+ $cont = $this->$tmp($k, 'out');
+ $content.= $cont;
+- $xref[] = $pos;
++ $xref[] = $pos+1; //+1 to account for \n at the start of each object
+ $pos+= mb_strlen($cont, '8bit');
+ }
+
+@@ -2426,7 +2426,7 @@
+ $flags+= pow(2, 5); // assume non-sybolic
+ $list = array(
+ 'Ascent' => 'Ascender',
+- 'CapHeight' => 'CapHeight',
++ 'CapHeight' => 'Ascender', //FIXME: php-font-lib is not grabbing this value, so we'll fake it and use the Ascender value // 'CapHeight'
+ 'MissingWidth' => 'MissingWidth',
+ 'Descent' => 'Descender',
+ 'FontBBox' => 'FontBBox',
+--- a/www/debugger.php
++++ b/www/debugger.php
+@@ -1,4 +1,12 @@
+-<?php
++<?php
++require_once "functions.inc.php";
++
++$allowed_hosts = array("::1", "127.0.0.1");
++if( !auth_ok() || !in_array($_SERVER['REMOTE_ADDR'], $allowed_hosts) ) {
++ die("Access denied to host at " . $_SERVER['REMOTE_ADDR']);
++}
++
++
+ $files = glob("test/*.{html,htm,php}", GLOB_BRACE);
+ ?>
+
+@@ -6,6 +14,7 @@
+ <html lang="en">
+ <head>
+ <title>dompdf debugger</title>
++ <meta name="robots" content="noindex">
+ <script type="text/javascript" src="jquery-1.4.2.js"></script>
+
+ <script type="text/javascript">
+--- a/www/demo.php
++++ b/www/demo.php
+@@ -6,7 +6,7 @@
+ $local = array("::1", "127.0.0.1");
+ $is_local = in_array($_SERVER['REMOTE_ADDR'], $local);
+
+-if ( isset( $_POST["html"] ) && $is_local ) {
++if ( auth_ok() && $is_local && isset( $_POST["html"] ) ) {
+
+ if ( get_magic_quotes_gpc() )
+ $_POST["html"] = stripslashes($_POST["html"]);
+@@ -27,7 +27,7 @@
+ <a name="demo"> </a>
+ <h2>Demo</h2>
+
+-<?php if ($is_local) { ?>
++<?php if (auth_ok() && $is_local) { ?>
+
+ <p>Enter your html snippet in the text box below to see it rendered as a
+ PDF: (Note by default, remote stylesheets, images & inline PHP are disabled.)</p>
+@@ -79,6 +79,8 @@
+ User input has been disabled for remote connections.
+ </p>
+
++ <?php echo auth_get_link(); ?>
++
+ <?php } ?>
+
+ <?php include("foot.inc"); ?>
+\ No newline at end of file
+--- a/www/head.inc
++++ b/www/head.inc
+@@ -1,4 +1,8 @@
+ <?php
++$allowed_hosts = array("::1", "127.0.0.1");
++if( !in_array($_SERVER['REMOTE_ADDR'], $allowed_hosts) ) {
++ die("Access denied to host at " . $_SERVER['REMOTE_ADDR']);
++}
+
+ session_start();
+
+@@ -21,6 +25,7 @@
+ <head>
+ <title>dompdf - The PHP 5 HTML to PDF Converter</title>
+ <link rel="stylesheet" href="style.css" type="text/css"/>
++ <meta name="robots" content="noindex">
+ <link rel="SHORTCUT ICON" href="images/favicon.ico"/>
+ <script type="text/javascript" src="jquery-1.4.2.js"></script>
+
+--- a/www/setup.php
++++ b/www/setup.php
+@@ -1,5 +1,9 @@
+ <?php include("head.inc"); ?>
+
++<?php
++if (auth_ok()) {
++?>
++
+ <a name="setup"> </a>
+ <h2>Setup</h2>
+
+@@ -296,5 +300,12 @@
+
+ </table>
+
++<?php
++} else {
++ echo auth_get_link();
++}
++?>
++
++
+
+ <?php include("foot.inc"); ?>
+\ No newline at end of file
diff -Nru php-dompdf-0.6.1+dfsg/debian/patches/series php-dompdf-0.6.1+dfsg/debian/patches/series
--- php-dompdf-0.6.1+dfsg/debian/patches/series 2014-04-12 21:52:49.000000000 +0200
+++ php-dompdf-0.6.1+dfsg/debian/patches/series 2016-02-27 15:47:52.000000000 +0100
@@ -4,3 +4,4 @@
0004-Adapt-php-font-lib-path.patch
0005-Adapt-tcpdf-path.patch
0006-Do-not-fetch-external-CSS-in-example.patch
+0100-0.6.2-hotfix.patch
--- End Message ---
