From 1206db636e5324e038c949edd8a8af0ced5b2df0 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Tue, 21 Nov 2017 15:40:53 +0100 Subject: [PATCH] New upstream release 3.2.6a Add patch fixing CVE-2017-16899 (rhbz#1515695) --- .gitignore | 1 + fig2dev-3.2.6a-CVE-2017-16899.patch | 38 +++++++++++++++ sources | 2 +- transfig-3.2.5-bitmap.patch | 13 ------ transfig-3.2.5-dsc3.0.patch | 57 ----------------------- transfig-3.2.5-libpng.patch | 37 --------------- transfig-3.2.5-modularX.patch | 31 ------------- transfig-3.2.5-optflags.patch | 13 ------ transfig-3.2.5d-CVE-2009-4227.patch | 25 ---------- transfig-3.2.5d-bz1037365.patch | 71 ----------------------------- transfig-3.2.5d-bz1282615.patch | 15 ------ transfig-3.2.5d-bz728825.patch | 41 ----------------- transfig.spec | 16 ++++--- 13 files changed, 49 insertions(+), 311 deletions(-) create mode 100644 fig2dev-3.2.6a-CVE-2017-16899.patch delete mode 100644 transfig-3.2.5-bitmap.patch delete mode 100644 transfig-3.2.5-dsc3.0.patch delete mode 100644 transfig-3.2.5-libpng.patch delete mode 100644 transfig-3.2.5-modularX.patch delete mode 100644 transfig-3.2.5-optflags.patch delete mode 100644 transfig-3.2.5d-CVE-2009-4227.patch delete mode 100644 transfig-3.2.5d-bz1037365.patch delete mode 100644 transfig-3.2.5d-bz1282615.patch delete mode 100644 transfig-3.2.5d-bz728825.patch diff --git a/.gitignore b/.gitignore index d2ff6f9..be2b544 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ transfig.3.2.5c.tar.gz /transfig.3.2.5d.tar.gz /fig2dev-3.2.6.tar.xz +/fig2dev-3.2.6a.tar.xz diff --git a/fig2dev-3.2.6a-CVE-2017-16899.patch b/fig2dev-3.2.6a-CVE-2017-16899.patch new file mode 100644 index 0000000..7f3df37 --- /dev/null +++ b/fig2dev-3.2.6a-CVE-2017-16899.patch @@ -0,0 +1,38 @@ +diff -up fig2dev-3.2.6a/fig2dev/read.c.orig fig2dev-3.2.6a/fig2dev/read.c +--- fig2dev-3.2.6a/fig2dev/read.c.orig 2017-01-07 23:01:19.000000000 +0100 ++++ fig2dev-3.2.6a/fig2dev/read.c 2017-11-21 15:17:31.195643198 +0100 +@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp) + | PSFONT_TEXT; + + /* keep the font number reasonable */ +- if (t->font > MAXFONT(t)) ++ if (t->font > MAXFONT(t)) { + t->font = MAXFONT(t); ++ } else if (t->font < 0 ) { ++ if (psfont_text(t) && t->font < -1) ++ t->font = -1; ++ else ++ t->font = 0; ++ } + fix_and_note_color(&t->color); + t->comments = attach_comments(); /* attach any comments */ + return t; +diff -up fig2dev-3.2.6a/fig2dev/read1_3.c.orig fig2dev-3.2.6a/fig2dev/read1_3.c +--- fig2dev-3.2.6a/fig2dev/read1_3.c.orig 2016-08-19 21:34:38.000000000 +0200 ++++ fig2dev-3.2.6a/fig2dev/read1_3.c 2017-11-21 15:17:31.196643206 +0100 +@@ -470,6 +470,15 @@ read_textobject(FILE *fp) + free((char*) t); + return(NULL); + } ++ /* keep the font number within valid range */ ++ if (t->font > MAXFONT(t)) { ++ t->font = MAXFONT(t); ++ } else if (t->font < 0 ) { ++ if (psfont_text(t) && t->font < -1) ++ t->font = -1; ++ else ++ t->font = 0; ++ } + (void)strcpy(t->cstring, buf); + if (t->size == 0) t->size = 18; + return(t); diff --git a/sources b/sources index bc1bbfd..daa48f3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a6b21df380087d32a0d126db64c02b24 fig2dev-3.2.6.tar.xz +SHA512 (fig2dev-3.2.6a.tar.xz) = 082c4d75c66187dc2bd7f3a50b6e117f03f495030fa89d6f70270e15b8f00647a94365e10797c5b1889b4ed1400d3fa6f4a3821e744c79b4483403a930e7d77f diff --git a/transfig-3.2.5-bitmap.patch b/transfig-3.2.5-bitmap.patch deleted file mode 100644 index 2948abb..0000000 --- a/transfig-3.2.5-bitmap.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/fig2dev/Imakefile b/fig2dev/Imakefile -index 2f76e0b..7e07c39 100755 ---- a/fig2dev/Imakefile -+++ b/fig2dev/Imakefile -@@ -229,7 +229,7 @@ install:: - else (set -x; $(MKDIRHIER) $(DESTDIR)$(XFIGLIBDIR)/bitmaps ); fi ; \ - echo Copying bitmap files for tk to $(DESTDIR)$(XFIGLIBDIR)/bitmaps ; \ - for f in * ; do \ -- $(INSTALL) -c $$f $(DESTDIR)$(XFIGLIBDIR)/bitmaps ; \ -+ $(INSTALL) -c $(INSTDATFLAGS) $$f $(DESTDIR)$(XFIGLIBDIR)/bitmaps ; \ - done) ; - - install.all:: diff --git a/transfig-3.2.5-dsc3.0.patch b/transfig-3.2.5-dsc3.0.patch deleted file mode 100644 index 20a60a1..0000000 --- a/transfig-3.2.5-dsc3.0.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff --git a/fig2dev/dev/genps.c b/fig2dev/dev/genps.c -index c7c9e62..00065f2 100644 ---- a/fig2dev/dev/genps.c -+++ b/fig2dev/dev/genps.c -@@ -594,9 +594,9 @@ F_compound *objects; - } - - if (epsflag) -- fprintf(tfp, "%%!PS-Adobe-2.0 EPSF-2.0\n"); /* Encapsulated PostScript */ -+ fprintf(tfp, "%%!PS-Adobe-3.0 EPSF-3.0\n"); /* Encapsulated PostScript */ - else -- fprintf(tfp, "%%!PS-Adobe-2.0\n"); /* PostScript magic strings */ -+ fprintf(tfp, "%%!PS-Adobe-3.0\n"); /* PostScript magic strings */ - - if (gethostname(host, sizeof(host)) == -1) - (void)strcpy(host, "unknown-host!?!?"); -@@ -674,6 +674,22 @@ F_compound *objects; - for (i=strlen(psize)-1; i>=0; i--) - psize[i] = tolower(psize[i]); - fprintf(tfp, "%%%%DocumentPaperSizes: %s\n",psize); -+ } else if (pdfflag) { -+ /* set the page size for PDF to the figure size */ -+ fprintf(tfp, "<< /PageSize [%d %d] >> setpagedevice\n", -+ clipux-cliplx,clipuy-cliply); -+ } -+ -+ /* put in the magnification for information purposes */ -+ fprintf(tfp, "%%Magnification: %.4f\n",metric? mag*76.2/80.0 : mag); -+ fprintf(tfp, "%%%%EndComments\n"); -+ -+ /* This %%BeginSetup .. %%EndSetup has to occur after -+ * %%EndComments even though it includes comments, they are -+ * not header comments. The header comment block must be -+ * contiguous, with no non-comment lines in it. -+ */ -+ if (!epsflag && !pdfflag) { - fprintf(tfp, "%%%%BeginSetup\n"); - fprintf(tfp, "[{\n"); - fprintf(tfp, "%%%%BeginFeature: *PageRegion %s\n", papersize); -@@ -684,17 +700,8 @@ F_compound *objects; - fprintf(tfp, "%%%%EndFeature\n"); - fprintf(tfp, "} stopped cleartomark\n"); - fprintf(tfp, "%%%%EndSetup\n"); -- } else if (pdfflag) { -- /* set the page size for PDF to the figure size */ -- fprintf(tfp, "<< /PageSize [%d %d] >> setpagedevice\n", -- clipux-cliplx,clipuy-cliply); - } - -- -- /* put in the magnification for information purposes */ -- fprintf(tfp, "%%Magnification: %.4f\n",metric? mag*76.2/80.0 : mag); -- fprintf(tfp, "%%%%EndComments\n"); -- - /* if the user wants an ASCII preview, route the rest of the eps to a temp file */ - if (asciipreview) { - saveofile = tfp; diff --git a/transfig-3.2.5-libpng.patch b/transfig-3.2.5-libpng.patch deleted file mode 100644 index a9678dc..0000000 --- a/transfig-3.2.5-libpng.patch +++ /dev/null @@ -1,37 +0,0 @@ -Index: transfig.3.2.5d/fig2dev/dev/readpng.c -=================================================================== ---- transfig.3.2.5d.orig/fig2dev/dev/readpng.c -+++ transfig.3.2.5d/fig2dev/dev/readpng.c -@@ -62,7 +62,7 @@ read_png(file,filetype,pic,llx,lly) - } - - /* set long jump here */ -- if (setjmp(png_ptr->jmpbuf)) { -+ if (setjmp(png_jmpbuf(png_ptr))) { - /* if we get here there was a problem reading the file */ - png_destroy_read_struct(&png_ptr, &info_ptr, &end_info); - return 0; -@@ -78,15 +78,17 @@ read_png(file,filetype,pic,llx,lly) - png_get_IHDR(png_ptr, info_ptr, &w, &h, &bit_depth, &color_type, - &interlace_type, &compression_type, &filter_type); - -- if (info_ptr->valid & PNG_INFO_gAMA) -- png_set_gamma(png_ptr, 2.2, info_ptr->gamma); -- else -- png_set_gamma(png_ptr, 2.2, 0.45); -+ png_fixed_point gamma = 0.45; -+ png_get_gAMA_fixed(png_ptr,info_ptr,&gamma); -+ png_set_gamma(png_ptr, 2.2, gamma); - -- if (info_ptr->valid & PNG_INFO_bKGD) -+ if (png_get_valid(png_ptr,info_ptr,PNG_INFO_bKGD)) { - /* set the background to the one supplied */ -- png_set_background(png_ptr, &info_ptr->background, -+ png_color_16p background; -+ png_get_bKGD(png_ptr,info_ptr,&background); -+ png_set_background(png_ptr, background, - PNG_BACKGROUND_GAMMA_FILE, 1, 1.0); -+ } - else { - /* blend the canvas background using the alpha channel */ - if (bgspec) { diff --git a/transfig-3.2.5-modularX.patch b/transfig-3.2.5-modularX.patch deleted file mode 100644 index a9552fb..0000000 --- a/transfig-3.2.5-modularX.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --git a/fig2dev/Imakefile b/fig2dev/Imakefile -index 90d67ca..2f76e0b 100755 ---- a/fig2dev/Imakefile -+++ b/fig2dev/Imakefile -@@ -34,7 +34,7 @@ XCOMM ****** - XCOMM You should point XFIGLIBDIR to the same directory you did when you compiled - XCOMM and installed xfig. - --XFIGLIBDIR = /usr/local/lib/X11/xfig -+XFIGLIBDIR = $(PROJECTROOT)/share/xfig - - XCOMM ****** - XCOMM If your system doesn't have the strerror() function (has sys_errlist) then -@@ -62,7 +62,7 @@ XCOMM Note that this changed slightly from the previous versions - you need - XCOMM the full name (rgb.txt) now. - XCOMM - --RGB = $(LIBDIR)/rgb.txt -+RGB = $(PROJECTROOT)/share/X11/rgb.txt - - XCOMM Comment out the following #define USEPNG if you don't want PNG support - XCOMM Uncomment the #define for USEPNG if you want to be able to import -@@ -141,7 +141,7 @@ XCOMM Comment out the next line if you have any problems with locale not being f - - #ifdef I18N - I18N_DEFS = -DI18N --FIG2DEV_LIBDIR = /usr/local/lib/fig2dev -+FIG2DEV_LIBDIR = $(PROJECTROOT)/share/fig2dev - I18N_DEV_DEFS = $(I18N_DEFS) -DFIG2DEV_LIBDIR=$(FIG2DEV_LIBDIR) -DFIG2DEV_LIBDIR_STR=\\\"$(FIG2DEV_LIBDIR)\\\" - - #endif /* I18N */ diff --git a/transfig-3.2.5-optflags.patch b/transfig-3.2.5-optflags.patch deleted file mode 100644 index 8127f42..0000000 --- a/transfig-3.2.5-optflags.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Imakefile b/Imakefile -index 5e44c8a..2f7fc4d 100755 ---- a/Imakefile -+++ b/Imakefile -@@ -22,7 +22,7 @@ XCOMM to make transfig and fig2dev: - XCOMM type "xmkmf", "make Makefiles", "make" then "make install" - - #define IHaveSubdirs --#define PassCDebugFlags 'CDEBUGFLAGS=$(CDEBUGFLAGS)' -+#define PassCDebugFlags 'CDEBUGFLAGS=$(CDEBUGFLAGS) $(RPM_OPT_FLAGS)' - - DEPLIBS = - SUBDIRS = fig2dev transfig diff --git a/transfig-3.2.5d-CVE-2009-4227.patch b/transfig-3.2.5d-CVE-2009-4227.patch deleted file mode 100644 index 820b660..0000000 --- a/transfig-3.2.5d-CVE-2009-4227.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 824eff7e2ce2b1a64ec1406a04aeedf10456e9da Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Thu, 9 Aug 2012 16:46:34 +0200 -Subject: [PATCH] read_textobject: limit the input when reading to a fixed-size buffer - ---- - fig2dev/read1_3.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/fig2dev/read1_3.c b/fig2dev/read1_3.c -index 28951e8..5b9d770 100644 ---- a/fig2dev/read1_3.c -+++ b/fig2dev/read1_3.c -@@ -451,7 +451,7 @@ FILE *fp; - t->pen = 0; - t->angle = 0.0; - t->next = NULL; -- n = fscanf(fp," %d %lf %d %lf %lf %d %d %[^\n]", &t->font, -+ n = fscanf(fp," %d %lf %d %lf %lf %d %d %127[^\n]", &t->font, - &t->size, &t->flags, &t->height, &t->length, - &t->base_x, &t->base_y, buf); - if (n != 8) { --- -1.7.1 - diff --git a/transfig-3.2.5d-bz1037365.patch b/transfig-3.2.5d-bz1037365.patch deleted file mode 100644 index 32c0b4d..0000000 --- a/transfig-3.2.5d-bz1037365.patch +++ /dev/null @@ -1,71 +0,0 @@ -From f9a1476538bcd46d38e0d8656c037f49bf4b042f Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Tue, 3 Dec 2013 16:27:20 +0100 -Subject: [PATCH] Resolves: #1037365 - make it compile with -Werror=format-security - ---- - fig2dev/dev/gencgm.c | 2 +- - fig2dev/dev/genmp.c | 4 ++-- - fig2dev/trans_spline.c | 4 ++-- - 3 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/fig2dev/dev/gencgm.c b/fig2dev/dev/gencgm.c -index cdb28f9..83494de 100644 ---- a/fig2dev/dev/gencgm.c -+++ b/fig2dev/dev/gencgm.c -@@ -139,7 +139,7 @@ gencgm_start(objects) - - if (from) { - figname = malloc(strlen(from)+1); -- sprintf(figname, from); -+ sprintf(figname, "%s", from); - p = strrchr(figname, '/'); - if (p) - figname = p+1; /* remove path from name for comment in file */ -diff --git a/fig2dev/dev/genmp.c b/fig2dev/dev/genmp.c -index 7697ce4..83c3b7f 100644 ---- a/fig2dev/dev/genmp.c -+++ b/fig2dev/dev/genmp.c -@@ -1150,7 +1150,7 @@ F_text *t; - } - } else { - /* special text in latex mode: just write the text. */ -- fprintf(tfp, t->cstring); -+ fprintf(tfp, "%s", t->cstring); - } - fprintf(tfp," etex;\n"); - -@@ -1164,7 +1164,7 @@ F_text *t; - - fprintf(tfp," picture q;\n"); - fprintf(tfp," q=thelabel.urt(\""); -- fprintf(tfp, t->cstring); -+ fprintf(tfp, "%s", t->cstring); - fprintf(tfp, "\" infont "); - if (t->font<0) { - fprintf(tfp, "defaultfont"); -diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c -index 7c0da8f..c347fc1 100644 ---- a/fig2dev/trans_spline.c -+++ b/fig2dev/trans_spline.c -@@ -648,7 +648,7 @@ create_cpoint() - F_control *cp; - - if ((cp = (F_control *) malloc(CONTROL_SIZE)) == NULL) -- fprintf(stderr,Err_mem); -+ put_msg(Err_mem); - return cp; - } - -@@ -659,7 +659,7 @@ create_line() - F_line *l; - - if ((l = (F_line *) malloc(LINOBJ_SIZE)) == NULL) -- fprintf(stderr,Err_mem); -+ put_msg(Err_mem); - l->pic = NULL; - l->next = NULL; - l->for_arrow = NULL; --- -1.7.1 - diff --git a/transfig-3.2.5d-bz1282615.patch b/transfig-3.2.5d-bz1282615.patch deleted file mode 100644 index 30beff5..0000000 --- a/transfig-3.2.5d-bz1282615.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- transfig.3.2.5d/fig2dev/dev/readpng.orig.c 2015-11-14 02:57:30.689827624 +0100 -+++ transfig.3.2.5d/fig2dev/dev/readpng.c 2015-11-14 03:48:01.893942375 +0100 -@@ -78,8 +78,10 @@ - png_get_IHDR(png_ptr, info_ptr, &w, &h, &bit_depth, &color_type, - &interlace_type, &compression_type, &filter_type); - -- png_fixed_point gamma = 0.45; -- png_get_gAMA_fixed(png_ptr,info_ptr,&gamma); -+ double gamma; -+ if (!png_get_gAMA(png_ptr, info_ptr, &gamma)) { -+ gamma = 0.45455; -+ } - png_set_gamma(png_ptr, 2.2, gamma); - - if (png_get_valid(png_ptr,info_ptr,PNG_INFO_bKGD)) { diff --git a/transfig-3.2.5d-bz728825.patch b/transfig-3.2.5d-bz728825.patch deleted file mode 100644 index 34bae78..0000000 --- a/transfig-3.2.5d-bz728825.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 422f2a135d904556a441210f16d22e1ee82baa1b Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 8 Aug 2011 11:43:29 +0200 -Subject: [PATCH] transfig - rhbz #728825 - ---- - fig2dev/dev/genpdf.c | 9 ++++++--- - 1 files changed, 6 insertions(+), 3 deletions(-) - -diff --git a/fig2dev/dev/genpdf.c b/fig2dev/dev/genpdf.c -index 37f4fe4..fe949ce 100644 ---- a/fig2dev/dev/genpdf.c -+++ b/fig2dev/dev/genpdf.c -@@ -67,18 +67,21 @@ F_compound *objects; - int - genpdf_end() - { -+ int status; -+ - /* wrap up the postscript output */ - if (genps_end() != 0) - return -1; /* error, return now */ - -- if (pclose(tfp) != 0) { -+ status = pclose(tfp); -+ /* we've already closed the original output file */ -+ tfp = 0; -+ if (status != 0) { - fprintf(stderr,"Error in ghostcript command\n"); - fprintf(stderr,"command was: %s\n", gscom); - return -1; - } - (void) signal(SIGPIPE, SIG_DFL); -- /* we've already closed the original output file */ -- tfp = 0; - - /* all ok so far */ - --- -1.7.4.4 - diff --git a/transfig.spec b/transfig.spec index aa716c8..cad7dc8 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,13 +1,12 @@ Name: transfig -Version: 3.2.6 -Release: 6%{?dist} +Version: 3.2.6a +Release: 1%{?dist} Epoch: 1 Summary: Utility for converting FIG files (made by xfig) to other formats License: MIT URL: https://sourceforge.net/projects/mcj/ -Group: Applications/Multimedia -# https://sourceforge.net/projects/mcj/files/fig2dev-3.2.6.tar.xz Source0: http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz +Patch1: fig2dev-3.2.6a-CVE-2017-16899.patch Requires: ghostscript Requires: bc @@ -28,11 +27,9 @@ Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages. %prep -%setup -q -n fig2dev-%{version} +%autosetup -p1 -n fig2dev-%{version} %build -#xmkmf -#make Makefiles %configure --enable-transfig make %{?_smp_mflags} @@ -40,6 +37,7 @@ make %{?_smp_mflags} %make_install %files +%doc transfig/doc/manual.pdf %{_bindir}/transfig %{_bindir}/fig2dev %{_bindir}/fig2ps2tex @@ -50,6 +48,10 @@ make %{?_smp_mflags} %{_mandir}/man1/*.1.gz %changelog +* Tue Nov 21 2017 Hans de Goede - 3.2.6a-1 +- New upstream release 3.2.6a +- Add patch fixing CVE-2017-16899 (rhbz#1515695) + * Tue Nov 07 2017 Adam Jackson - 3.2.6-6 - Remove unnecessary BuildRequires: imake