diff --git a/0017-CVE-2021-32280.patch b/0017-CVE-2021-32280.patch new file mode 100644 index 0000000..e20f31f --- /dev/null +++ b/0017-CVE-2021-32280.patch @@ -0,0 +1,29 @@ +From fa5a2dced5cad973c3a9c9e83f21165942f1cd6d Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Thu, 23 Sep 2021 09:49:37 +0200 +Subject: [PATCH] Do not crash on incomplete, closed splines + +--- + fig2dev/trans_spline.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c +index 0905c79..60c54ad 100644 +--- a/fig2dev/trans_spline.c ++++ b/fig2dev/trans_spline.c +@@ -226,6 +226,12 @@ compute_closed_spline(F_spline *spline, float precision) + if (!init_point_array(300, 200)) + return NULL; + ++ if (!(spline->points /* p0 */ && spline->controls /* s0 */ && ++ spline->points->next /* p1 */ && spline->controls->next /* s1 */ && ++ spline->points->next->next && spline->controls->next->next/* p2, s2 */&& ++ spline->points->next->next->next && spline->controls->next->next->next)) ++ return NULL; ++ + INIT_CONTROL_POINTS(spline, p0, s0, p1, s1, p2, s2, p3, s3); + COPY_CONTROL_POINT(first, s_first, p0, s0); + +-- +2.31.1 + diff --git a/transfig.spec b/transfig.spec index f145ca6..e83be77 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,6 +1,6 @@ Name: transfig Version: 3.2.7b -Release: 8%{?dist} +Release: 9%{?dist} Epoch: 1 Summary: Utility for converting FIG files (made by xfig) to other formats License: MIT @@ -23,6 +23,7 @@ Patch13: 0013-CVE-2020-21676.patch Patch14: 0014-CVE-2020-21529.patch Patch15: 0015-CVE-2020-21532.patch Patch16: 0016-CVE-2020-21531.patch +Patch17: 0017-CVE-2021-32280.patch Requires: ghostscript Requires: bc @@ -75,6 +76,9 @@ mv fig2dev.1.in.new man/fig2dev.1.in %changelog +* Thu Sep 23 2021 Ondrej Dubaj - 1:3.2.7b-9 +- Fixed CVE-2021-32280 (#2006830) + * Mon Sep 20 2021 Ondrej Dubaj - 1:3.2.7b-8 - Fixed CVE-2020-21529 (#2005518) - Fixed CVE-2020-21532 (#2006007)