rpms/transfig
7
0
Fork 0
Code Issues Pull Requests Releases Activity

New upstream release 3.2.6a

Browse Source 
Add patch fixing CVE-2017-16899 (rhbz#1515695)
This commit is contained in:
Hans de Goede 2017-11-21 15:40:53 +01:00
parent 93fb60ab8a
commit 1206db636e
13 changed files with 49 additions and 311 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
transfig.3.2.5c.tar.gz
/transfig.3.2.5d.tar.gz
/fig2dev-3.2.6.tar.xz
/fig2dev-3.2.6a.tar.xz

38
fig2dev-3.2.6a-CVE-2017-16899.patch Normal file
View File

@ -0,0 +1,38 @@
diff -up fig2dev-3.2.6a/fig2dev/read.c.orig fig2dev-3.2.6a/fig2dev/read.c
--- fig2dev-3.2.6a/fig2dev/read.c.orig 2017-01-07 23:01:19.000000000 +0100
+++ fig2dev-3.2.6a/fig2dev/read.c 2017-11-21 15:17:31.195643198 +0100
@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp)
| PSFONT_TEXT;
/* keep the font number reasonable */
- if (t->font > MAXFONT(t))
+ if (t->font > MAXFONT(t)) {
t->font = MAXFONT(t);
+ } else if (t->font < 0 ) {
+ if (psfont_text(t) && t->font < -1)
+ t->font = -1;
+ else
+ t->font = 0;
+ }
fix_and_note_color(&t->color);
t->comments = attach_comments(); /* attach any comments */
return t;
diff -up fig2dev-3.2.6a/fig2dev/read1_3.c.orig fig2dev-3.2.6a/fig2dev/read1_3.c
--- fig2dev-3.2.6a/fig2dev/read1_3.c.orig 2016-08-19 21:34:38.000000000 +0200
+++ fig2dev-3.2.6a/fig2dev/read1_3.c 2017-11-21 15:17:31.196643206 +0100
@@ -470,6 +470,15 @@ read_textobject(FILE *fp)
free((char*) t);
return(NULL);
}
+ /* keep the font number within valid range */
+ if (t->font > MAXFONT(t)) {
+ t->font = MAXFONT(t);
+ } else if (t->font < 0 ) {
+ if (psfont_text(t) && t->font < -1)
+ t->font = -1;
+ else
+ t->font = 0;
+ }
(void)strcpy(t->cstring, buf);
if (t->size == 0) t->size = 18;
return(t);

2
sources
View File

@ -1 +1 @@
a6b21df380087d32a0d126db64c02b24 fig2dev-3.2.6.tar.xz
SHA512 (fig2dev-3.2.6a.tar.xz) = 082c4d75c66187dc2bd7f3a50b6e117f03f495030fa89d6f70270e15b8f00647a94365e10797c5b1889b4ed1400d3fa6f4a3821e744c79b4483403a930e7d77f

13
transfig-3.2.5-bitmap.patch
View File

@ -1,13 +0,0 @@
diff --git a/fig2dev/Imakefile b/fig2dev/Imakefile
index 2f76e0b..7e07c39 100755
--- a/fig2dev/Imakefile
+++ b/fig2dev/Imakefile
@@ -229,7 +229,7 @@ install::
else (set -x; $(MKDIRHIER) $(DESTDIR)$(XFIGLIBDIR)/bitmaps ); fi ; \
echo Copying bitmap files for tk to $(DESTDIR)$(XFIGLIBDIR)/bitmaps ; \
for f in * ; do \
- $(INSTALL) -c $$f $(DESTDIR)$(XFIGLIBDIR)/bitmaps ; \
+ $(INSTALL) -c $(INSTDATFLAGS) $$f $(DESTDIR)$(XFIGLIBDIR)/bitmaps ; \
done) ;
install.all::

57
transfig-3.2.5-dsc3.0.patch
View File

@ -1,57 +0,0 @@
diff --git a/fig2dev/dev/genps.c b/fig2dev/dev/genps.c
index c7c9e62..00065f2 100644
--- a/fig2dev/dev/genps.c
+++ b/fig2dev/dev/genps.c
@@ -594,9 +594,9 @@ F_compound *objects;
}
if (epsflag)
- fprintf(tfp, "%%!PS-Adobe-2.0 EPSF-2.0\n"); /* Encapsulated PostScript */
+ fprintf(tfp, "%%!PS-Adobe-3.0 EPSF-3.0\n"); /* Encapsulated PostScript */
else
- fprintf(tfp, "%%!PS-Adobe-2.0\n"); /* PostScript magic strings */
+ fprintf(tfp, "%%!PS-Adobe-3.0\n"); /* PostScript magic strings */
if (gethostname(host, sizeof(host)) == -1)
(void)strcpy(host, "unknown-host!?!?");
@@ -674,6 +674,22 @@ F_compound *objects;
for (i=strlen(psize)-1; i>=0; i--)
psize[i] = tolower(psize[i]);
fprintf(tfp, "%%%%DocumentPaperSizes: %s\n",psize);
+ } else if (pdfflag) {
+ /* set the page size for PDF to the figure size */
+ fprintf(tfp, "<< /PageSize [%d %d] >> setpagedevice\n",
+ clipux-cliplx,clipuy-cliply);
+ }
+
+ /* put in the magnification for information purposes */
+ fprintf(tfp, "%%Magnification: %.4f\n",metric? mag*76.2/80.0 : mag);
+ fprintf(tfp, "%%%%EndComments\n");
+
+ /* This %%BeginSetup .. %%EndSetup has to occur after
+ * %%EndComments even though it includes comments, they are
+ * not header comments. The header comment block must be
+ * contiguous, with no non-comment lines in it.
+ */
+ if (!epsflag && !pdfflag) {
fprintf(tfp, "%%%%BeginSetup\n");
fprintf(tfp, "[{\n");
fprintf(tfp, "%%%%BeginFeature: *PageRegion %s\n", papersize);
@@ -684,17 +700,8 @@ F_compound *objects;
fprintf(tfp, "%%%%EndFeature\n");
fprintf(tfp, "} stopped cleartomark\n");
fprintf(tfp, "%%%%EndSetup\n");
- } else if (pdfflag) {
- /* set the page size for PDF to the figure size */
- fprintf(tfp, "<< /PageSize [%d %d] >> setpagedevice\n",
- clipux-cliplx,clipuy-cliply);
}
-
- /* put in the magnification for information purposes */
- fprintf(tfp, "%%Magnification: %.4f\n",metric? mag*76.2/80.0 : mag);
- fprintf(tfp, "%%%%EndComments\n");
-
/* if the user wants an ASCII preview, route the rest of the eps to a temp file */
if (asciipreview) {
saveofile = tfp;

37
transfig-3.2.5-libpng.patch
View File

@ -1,37 +0,0 @@
Index: transfig.3.2.5d/fig2dev/dev/readpng.c
===================================================================
--- transfig.3.2.5d.orig/fig2dev/dev/readpng.c
+++ transfig.3.2.5d/fig2dev/dev/readpng.c
@@ -62,7 +62,7 @@ read_png(file,filetype,pic,llx,lly)
}
/* set long jump here */
- if (setjmp(png_ptr->jmpbuf)) {
+ if (setjmp(png_jmpbuf(png_ptr))) {
/* if we get here there was a problem reading the file */
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return 0;
@@ -78,15 +78,17 @@ read_png(file,filetype,pic,llx,lly)
png_get_IHDR(png_ptr, info_ptr, &w, &h, &bit_depth, &color_type,
&interlace_type, &compression_type, &filter_type);
- if (info_ptr->valid & PNG_INFO_gAMA)
- png_set_gamma(png_ptr, 2.2, info_ptr->gamma);
- else
- png_set_gamma(png_ptr, 2.2, 0.45);
+ png_fixed_point gamma = 0.45;
+ png_get_gAMA_fixed(png_ptr,info_ptr,&gamma);
+ png_set_gamma(png_ptr, 2.2, gamma);
- if (info_ptr->valid & PNG_INFO_bKGD)
+ if (png_get_valid(png_ptr,info_ptr,PNG_INFO_bKGD)) {
/* set the background to the one supplied */
- png_set_background(png_ptr, &info_ptr->background,
+ png_color_16p background;
+ png_get_bKGD(png_ptr,info_ptr,&background);
+ png_set_background(png_ptr, background,
PNG_BACKGROUND_GAMMA_FILE, 1, 1.0);
+ }
else {
/* blend the canvas background using the alpha channel */
if (bgspec) {

31
transfig-3.2.5-modularX.patch
View File

@ -1,31 +0,0 @@
diff --git a/fig2dev/Imakefile b/fig2dev/Imakefile
index 90d67ca..2f76e0b 100755
--- a/fig2dev/Imakefile
+++ b/fig2dev/Imakefile
@@ -34,7 +34,7 @@ XCOMM ******
XCOMM You should point XFIGLIBDIR to the same directory you did when you compiled
XCOMM and installed xfig.
-XFIGLIBDIR = /usr/local/lib/X11/xfig
+XFIGLIBDIR = $(PROJECTROOT)/share/xfig
XCOMM ******
XCOMM If your system doesn't have the strerror() function (has sys_errlist) then
@@ -62,7 +62,7 @@ XCOMM Note that this changed slightly from the previous versions - you need
XCOMM the full name (rgb.txt) now.
XCOMM
-RGB = $(LIBDIR)/rgb.txt
+RGB = $(PROJECTROOT)/share/X11/rgb.txt
XCOMM Comment out the following #define USEPNG if you don't want PNG support
XCOMM Uncomment the #define for USEPNG if you want to be able to import
@@ -141,7 +141,7 @@ XCOMM Comment out the next line if you have any problems with locale not being f
#ifdef I18N
I18N_DEFS = -DI18N
-FIG2DEV_LIBDIR = /usr/local/lib/fig2dev
+FIG2DEV_LIBDIR = $(PROJECTROOT)/share/fig2dev
I18N_DEV_DEFS = $(I18N_DEFS) -DFIG2DEV_LIBDIR=$(FIG2DEV_LIBDIR) -DFIG2DEV_LIBDIR_STR=\\\"$(FIG2DEV_LIBDIR)\\\"
#endif /* I18N */

13
transfig-3.2.5-optflags.patch
View File

@ -1,13 +0,0 @@
diff --git a/Imakefile b/Imakefile
index 5e44c8a..2f7fc4d 100755
--- a/Imakefile
+++ b/Imakefile
@@ -22,7 +22,7 @@ XCOMM to make transfig and fig2dev:
XCOMM type "xmkmf", "make Makefiles", "make" then "make install"
#define IHaveSubdirs
-#define PassCDebugFlags 'CDEBUGFLAGS=$(CDEBUGFLAGS)'
+#define PassCDebugFlags 'CDEBUGFLAGS=$(CDEBUGFLAGS) $(RPM_OPT_FLAGS)'
DEPLIBS =
SUBDIRS = fig2dev transfig

25
transfig-3.2.5d-CVE-2009-4227.patch
View File

@ -1,25 +0,0 @@
From 824eff7e2ce2b1a64ec1406a04aeedf10456e9da Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 9 Aug 2012 16:46:34 +0200
Subject: [PATCH] read_textobject: limit the input when reading to a fixed-size buffer
---
fig2dev/read1_3.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fig2dev/read1_3.c b/fig2dev/read1_3.c
index 28951e8..5b9d770 100644
--- a/fig2dev/read1_3.c
+++ b/fig2dev/read1_3.c
@@ -451,7 +451,7 @@ FILE *fp;
t->pen = 0;
t->angle = 0.0;
t->next = NULL;
- n = fscanf(fp," %d %lf %d %lf %lf %d %d %[^\n]", &t->font,
+ n = fscanf(fp," %d %lf %d %lf %lf %d %d %127[^\n]", &t->font,
&t->size, &t->flags, &t->height, &t->length,
&t->base_x, &t->base_y, buf);
if (n != 8) {
--
1.7.1

71
transfig-3.2.5d-bz1037365.patch
View File

@ -1,71 +0,0 @@
From f9a1476538bcd46d38e0d8656c037f49bf4b042f Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 3 Dec 2013 16:27:20 +0100
Subject: [PATCH] Resolves: #1037365 - make it compile with -Werror=format-security
---
fig2dev/dev/gencgm.c | 2 +-
fig2dev/dev/genmp.c | 4 ++--
fig2dev/trans_spline.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/fig2dev/dev/gencgm.c b/fig2dev/dev/gencgm.c
index cdb28f9..83494de 100644
--- a/fig2dev/dev/gencgm.c
+++ b/fig2dev/dev/gencgm.c
@@ -139,7 +139,7 @@ gencgm_start(objects)
if (from) {
figname = malloc(strlen(from)+1);
- sprintf(figname, from);
+ sprintf(figname, "%s", from);
p = strrchr(figname, '/');
if (p)
figname = p+1; /* remove path from name for comment in file */
diff --git a/fig2dev/dev/genmp.c b/fig2dev/dev/genmp.c
index 7697ce4..83c3b7f 100644
--- a/fig2dev/dev/genmp.c
+++ b/fig2dev/dev/genmp.c
@@ -1150,7 +1150,7 @@ F_text *t;
}
} else {
/* special text in latex mode: just write the text. */
- fprintf(tfp, t->cstring);
+ fprintf(tfp, "%s", t->cstring);
}
fprintf(tfp," etex;\n");
@@ -1164,7 +1164,7 @@ F_text *t;
fprintf(tfp," picture q;\n");
fprintf(tfp," q=thelabel.urt(\"");
- fprintf(tfp, t->cstring);
+ fprintf(tfp, "%s", t->cstring);
fprintf(tfp, "\" infont ");
if (t->font<0) {
fprintf(tfp, "defaultfont");
diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c
index 7c0da8f..c347fc1 100644
--- a/fig2dev/trans_spline.c
+++ b/fig2dev/trans_spline.c
@@ -648,7 +648,7 @@ create_cpoint()
F_control *cp;
if ((cp = (F_control *) malloc(CONTROL_SIZE)) == NULL)
- fprintf(stderr,Err_mem);
+ put_msg(Err_mem);
return cp;
}
@@ -659,7 +659,7 @@ create_line()
F_line *l;
if ((l = (F_line *) malloc(LINOBJ_SIZE)) == NULL)
- fprintf(stderr,Err_mem);
+ put_msg(Err_mem);
l->pic = NULL;
l->next = NULL;
l->for_arrow = NULL;
--
1.7.1

15
transfig-3.2.5d-bz1282615.patch
View File

@ -1,15 +0,0 @@
--- transfig.3.2.5d/fig2dev/dev/readpng.orig.c 2015-11-14 02:57:30.689827624 +0100
+++ transfig.3.2.5d/fig2dev/dev/readpng.c 2015-11-14 03:48:01.893942375 +0100
@@ -78,8 +78,10 @@
png_get_IHDR(png_ptr, info_ptr, &w, &h, &bit_depth, &color_type,
&interlace_type, &compression_type, &filter_type);
- png_fixed_point gamma = 0.45;
- png_get_gAMA_fixed(png_ptr,info_ptr,&gamma);
+ double gamma;
+ if (!png_get_gAMA(png_ptr, info_ptr, &gamma)) {
+ gamma = 0.45455;
+ }
png_set_gamma(png_ptr, 2.2, gamma);
if (png_get_valid(png_ptr,info_ptr,PNG_INFO_bKGD)) {

41
transfig-3.2.5d-bz728825.patch
View File

@ -1,41 +0,0 @@
From 422f2a135d904556a441210f16d22e1ee82baa1b Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 8 Aug 2011 11:43:29 +0200
Subject: [PATCH] transfig - rhbz #728825
---
fig2dev/dev/genpdf.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/fig2dev/dev/genpdf.c b/fig2dev/dev/genpdf.c
index 37f4fe4..fe949ce 100644
--- a/fig2dev/dev/genpdf.c
+++ b/fig2dev/dev/genpdf.c
@@ -67,18 +67,21 @@ F_compound *objects;
int
genpdf_end()
{
+ int status;
+
/* wrap up the postscript output */
if (genps_end() != 0)
return -1; /* error, return now */
- if (pclose(tfp) != 0) {
+ status = pclose(tfp);
+ /* we've already closed the original output file */
+ tfp = 0;
+ if (status != 0) {
fprintf(stderr,"Error in ghostcript command\n");
fprintf(stderr,"command was: %s\n", gscom);
return -1;
}
(void) signal(SIGPIPE, SIG_DFL);
- /* we've already closed the original output file */
- tfp = 0;
/* all ok so far */
--
1.7.4.4

16
transfig.spec
View File

@ -1,13 +1,12 @@
Name: transfig
Version: 3.2.6
Release: 6%{?dist}
Version: 3.2.6a
Release: 1%{?dist}
Epoch: 1
Summary: Utility for converting FIG files (made by xfig) to other formats
License: MIT
URL: https://sourceforge.net/projects/mcj/
Group: Applications/Multimedia
# https://sourceforge.net/projects/mcj/files/fig2dev-3.2.6.tar.xz
Source0: http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz
Patch1: fig2dev-3.2.6a-CVE-2017-16899.patch
Requires: ghostscript
Requires: bc
@ -28,11 +27,9 @@ Install transfig if you need a utility for translating FIG or PIC
figures into certain graphics languages.
%prep
%setup -q -n fig2dev-%{version}
%autosetup -p1 -n fig2dev-%{version}
%build
#xmkmf
#make Makefiles
%configure --enable-transfig
make %{?_smp_mflags}
@ -40,6 +37,7 @@ make %{?_smp_mflags}
%make_install
%files
%doc transfig/doc/manual.pdf
%{_bindir}/transfig
%{_bindir}/fig2dev
%{_bindir}/fig2ps2tex
@ -50,6 +48,10 @@ make %{?_smp_mflags}
%{_mandir}/man1/*.1.gz
%changelog
* Tue Nov 21 2017 Hans de Goede <hdegoede@redhat.com> - 3.2.6a-1
- New upstream release 3.2.6a
- Add patch fixing CVE-2017-16899 (rhbz#1515695)
* Tue Nov 07 2017 Adam Jackson <ajax@redhat.com> - 3.2.6-6
- Remove unnecessary BuildRequires: imake