Ondrej Dubaj
parent
2eaab1479d
commit
63e114ec80
63
0016-CVE-2020-21531.patch
Normal file
63
0016-CVE-2020-21531.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From d50ae523fcee5c2d4357bbd8ce5baeeb18d15a2c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||||
|
Date: Tue, 21 Sep 2021 10:42:50 +0200
|
||||||
|
Subject: [PATCH] Reject out-of-range pattern
|
||||||
|
|
||||||
|
---
|
||||||
|
fig2dev/object.h | 2 +-
|
||||||
|
fig2dev/tests/read.at | 19 +++++++++++++++++--
|
||||||
|
2 files changed, 18 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fig2dev/object.h b/fig2dev/object.h
|
||||||
|
index 8464010..6830b13 100644
|
||||||
|
--- a/fig2dev/object.h
|
||||||
|
+++ b/fig2dev/object.h
|
||||||
|
@@ -61,7 +61,7 @@ typedef struct f_comment {
|
||||||
|
o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE || \
|
||||||
|
o->thickness < 0 || o->depth < 0 || o->depth > 999 || \
|
||||||
|
o->fill_style < UNFILLED || \
|
||||||
|
- o->fill_style > NUMSHADES + NUMTINTS + NUMPATTERNS || \
|
||||||
|
+ o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS || \
|
||||||
|
o->style_val < 0.0
|
||||||
|
|
||||||
|
typedef struct f_ellipse {
|
||||||
|
diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
|
||||||
|
index d85356b..7765805 100644
|
||||||
|
--- a/fig2dev/tests/read.at
|
||||||
|
+++ b/fig2dev/tests/read.at
|
||||||
|
@@ -421,15 +421,30 @@ AT_CLEANUP
|
||||||
|
|
||||||
|
AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80])
|
||||||
|
AT_KEYWORDS([read.c svg])
|
||||||
|
-AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
|
||||||
|
+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig],
|
||||||
|
+1, ignore, [ASCII NUL ('\0') in line 11.
|
||||||
|
+])
|
||||||
|
AT_CLEANUP
|
||||||
|
|
||||||
|
AT_SETUP([reject out of range text angle, ticket #76])
|
||||||
|
+AT_KEYWORDS([read.c pstricks])
|
||||||
|
AT_CHECK([fig2dev -L pstricks <<EOF
|
||||||
|
FIG_FILE_TOP
|
||||||
|
4 0 0 50 -1 -1 12 9e26 0 150 405 0 0 Very slanted text\001
|
||||||
|
EOF
|
||||||
|
-], 1, ignore, ignore)
|
||||||
|
+], 1, ignore, [Invalid text object at line 10.
|
||||||
|
+])
|
||||||
|
+AT_CLEANUP
|
||||||
|
+
|
||||||
|
+AT_SETUP([reject out-of-range pattern fills, ticket #63])
|
||||||
|
+AT_KEYWORDS([read.c cgm])
|
||||||
|
+AT_CHECK([fig2dev -L cgm <<EOF
|
||||||
|
+FIG_FILE_TOP
|
||||||
|
+2 3 0 0 0 7 50 -1 63 0.000 0 0 -1 0 0 4
|
||||||
|
+ 0 0 1200 0 600 800 0 0
|
||||||
|
+EOF
|
||||||
|
+], 1, ignore, [Invalid line object at line 10.
|
||||||
|
+])
|
||||||
|
AT_CLEANUP
|
||||||
|
|
||||||
|
AT_SETUP([allow tex font -1, ticket #81])
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
@ -22,6 +22,7 @@ Patch12: 0012-CVE-2020-21678-CVE-2020-21684.patch
|
|||||||
Patch13: 0013-CVE-2020-21676.patch
|
Patch13: 0013-CVE-2020-21676.patch
|
||||||
Patch14: 0014-CVE-2020-21529.patch
|
Patch14: 0014-CVE-2020-21529.patch
|
||||||
Patch15: 0015-CVE-2020-21532.patch
|
Patch15: 0015-CVE-2020-21532.patch
|
||||||
|
Patch16: 0016-CVE-2020-21531.patch
|
||||||
|
|
||||||
Requires: ghostscript
|
Requires: ghostscript
|
||||||
Requires: bc
|
Requires: bc
|
||||||
@ -77,6 +78,7 @@ mv fig2dev.1.in.new man/fig2dev.1.in
|
|||||||
* Mon Sep 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-8
|
* Mon Sep 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-8
|
||||||
- Fixed CVE-2020-21529 (#2005518)
|
- Fixed CVE-2020-21529 (#2005518)
|
||||||
- Fixed CVE-2020-21532 (#2006007)
|
- Fixed CVE-2020-21532 (#2006007)
|
||||||
|
- Fixed CVE-2020-21531 (#2006002)
|
||||||
|
|
||||||
* Mon Aug 30 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-7
|
* Mon Aug 30 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-7
|
||||||
- Fixed CVE-2020-21681 (#1998350)
|
- Fixed CVE-2020-21681 (#1998350)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user