parent
21b82fd93d
commit
1f819fb044
83
0013-CVE-2020-21676.patch
Normal file
83
0013-CVE-2020-21676.patch
Normal file
@ -0,0 +1,83 @@
|
||||
From 180cf468f8999cfb7245bac5b3be447aefa6c852 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Fri, 3 Sep 2021 08:24:19 +0200
|
||||
Subject: [PATCH] Reject text or ellipse angles beyond -2pi to 2pi, #76
|
||||
|
||||
In fact, generously extend the allowed range to -7 to 7.
|
||||
Sane applications, e.g., xfig, certainly keep the angles within one revolution.
|
||||
---
|
||||
CHANGES | 5 +++--
|
||||
fig2dev/object.h | 7 ++++---
|
||||
fig2dev/tests/read.at | 8 ++++++++
|
||||
3 files changed, 15 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/CHANGES b/CHANGES
|
||||
index f1bbbc3..52daead 100644
|
||||
--- a/CHANGES
|
||||
+++ b/CHANGES
|
||||
@@ -6,8 +6,9 @@ Patchlevel Xx (Xxx 20xx)
|
||||
|
||||
BUGS FIXED:
|
||||
Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
|
||||
- o Fix ticket #81.
|
||||
- o Do not allow ASCII NUL anywhere in input. Fixes ticket #80.
|
||||
+ o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76.
|
||||
+ o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81.
|
||||
+ o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80.
|
||||
o Use getline() to improve input scanning.
|
||||
Fixes tickets #58, #59, #61, #62, #67, #78, #79.
|
||||
o Correctly scan embedded pdfs for /MediaBox value.
|
||||
diff --git a/fig2dev/object.h b/fig2dev/object.h
|
||||
index fe56bbb..8464010 100644
|
||||
--- a/fig2dev/object.h
|
||||
+++ b/fig2dev/object.h
|
||||
@@ -3,7 +3,7 @@
|
||||
* Copyright (c) 1991 by Micah Beck
|
||||
* Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
|
||||
* Parts Copyright (c) 1989-2015 by Brian V. Smith
|
||||
- * Parts Copyright (c) 2015-2019 by Thomas Loimer
|
||||
+ * Parts Copyright (c) 2015-2020 by Thomas Loimer
|
||||
*
|
||||
* Any party obtaining a copy of these files is granted, free of charge, a
|
||||
* full and unrestricted irrevocable, world-wide, paid up, royalty-free,
|
||||
@@ -94,7 +94,8 @@ typedef struct f_ellipse {
|
||||
#define INVALID_ELLIPSE(e) \
|
||||
e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA || \
|
||||
COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \
|
||||
- e->radiuses.x == 0 || e->radiuses.y == 0
|
||||
+ e->radiuses.x == 0 || e->radiuses.y == 0 || \
|
||||
+ e->angle < -7. || e->angle > 7.
|
||||
|
||||
typedef struct f_arc {
|
||||
int type;
|
||||
@@ -243,7 +244,7 @@ typedef struct f_text {
|
||||
t->type < T_LEFT_JUSTIFIED || t->type > T_RIGHT_JUSTIFIED || \
|
||||
t->font < DEFAULT || t->font > MAX_PSFONT || \
|
||||
t->flags < DEFAULT || t->flags >= 2 * HIDDEN_TEXT || \
|
||||
- t->height < 0 || t->length < 0
|
||||
+ t->height < 0 || t->length < 0 || t->angle < -7. || t->angle > 7.
|
||||
|
||||
typedef struct f_control {
|
||||
double lx, ly, rx, ry; /* used by older versions*/
|
||||
diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
|
||||
index 60982b0..c53fbb9 100644
|
||||
--- a/fig2dev/tests/read.at
|
||||
+++ b/fig2dev/tests/read.at
|
||||
@@ -422,6 +422,14 @@ AT_KEYWORDS([read.c svg])
|
||||
AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
|
||||
AT_CLEANUP
|
||||
|
||||
+AT_SETUP([reject out of range text angle, ticket #76])
|
||||
+AT_CHECK([fig2dev -L pstricks <<EOF
|
||||
+FIG_FILE_TOP
|
||||
+4 0 0 50 -1 -1 12 9e26 0 150 405 0 0 Very slanted text\001
|
||||
+EOF
|
||||
+], 1, ignore, ignore)
|
||||
+AT_CLEANUP
|
||||
+
|
||||
AT_BANNER([Dynamically allocate picture file name.])
|
||||
|
||||
AT_SETUP([prepend fig file path to picture file name])
|
||||
--
|
||||
2.31.1
|
||||
|
@ -19,6 +19,7 @@ Patch9: 0009-CVE-2020-21681.patch
|
||||
Patch10: 0010-CVE-2020-21683.patch
|
||||
Patch11: 0011-CVE-2020-21680.patch
|
||||
Patch12: 0012-CVE-2020-21678-CVE-2020-21684.patch
|
||||
Patch13: 0013-CVE-2020-21676.patch
|
||||
|
||||
Requires: ghostscript
|
||||
Requires: bc
|
||||
@ -77,6 +78,7 @@ mv fig2dev.1.in.new man/fig2dev.1.in
|
||||
- Fixed CVE-2020-21680 (#1998306)
|
||||
- Fixed CVE-2020-21684 (#2000747)
|
||||
- Fixed CVE-2020-21678 (#2000741)
|
||||
- Fixed CVE-2020-21676 (#2000751)
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.2.7b-6
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
|
Loading…
Reference in New Issue
Block a user