rpms/transfig
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import transfig-3.2.7b-10.el9

Browse Source
This commit is contained in:
CentOS Sources 2021-12-07 14:31:07 -05:00 committed by Stepan Oksanichenko
parent bb6636b5d1
commit 8b6a9bcc0c
11 changed files with 734 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
SOURCES/0009-CVE-2020-21681-CVE-2020-21682.patch Normal file
View File

@ -0,0 +1,109 @@
Subject: [PATCH] Allow DEFAULT color in cgm and ge output and fix memory leak
in gencgm.c
---
fig2dev/dev/gencgm.c | 8 +++++++-
fig2dev/dev/genge.c | 7 ++++---
fig2dev/tests/data/line.fig | 2 +-
fig2dev/tests/output.at | 10 ++++++++++
4 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/fig2dev/dev/gencgm.c b/fig2dev/dev/gencgm.c
index 6d9d9cb..0033c36 100644
--- a/fig2dev/dev/gencgm.c
+++ b/fig2dev/dev/gencgm.c
@@ -148,9 +148,11 @@ gencgm_start(F_compound *objects)
{
int i;
char *p, *figname;
+ char *figname_buf = NULL;
if (from) {
- figname = strdup(from);
+ figname_buf = strdup(from);
+ figname = figname_buf;
p = strrchr(figname, '/');
if (p)
figname = p+1; /* remove path from name for comment in file */
@@ -252,6 +254,8 @@ gencgm_start(F_compound *objects)
print_comments("% ",objects->comments, " %");
fprintf(tfp,"%% %%\n");
}
+ if (figname_buf)
+ free(figname_buf);
}
int
@@ -549,6 +553,8 @@ hatchindex(index)
static void
getrgb(int color, int *r, int *g, int *b)
{
+ if (color < 0) /* DEFAULT color is black */
+ color = 0;
if (color < NUM_STD_COLS) {
*r = stdcols[color].r * 255.;
*g = stdcols[color].g * 255.;
diff --git a/fig2dev/dev/genge.c b/fig2dev/dev/genge.c
index 8caabf1..c2ab712 100644
--- a/fig2dev/dev/genge.c
+++ b/fig2dev/dev/genge.c
@@ -52,7 +52,8 @@ static void genge_ctl_spline(F_spline *s);
/* color mapping */
/* xfig ge */
-static int GE_COLORS[] = { 1, /* black black */
+static int GE_COLORS[] = { 1, /* DEFAULT == black */
+ 1, /* black black */
8, /* blue blue */
7, /* green green */
6, /* cyan cyan */
@@ -434,7 +435,7 @@ back_arrow(F_line *l)
static void
set_color(int col)
{
- fprintf(tfp,"c%02d ",GE_COLORS[col]);
+ fprintf(tfp,"c%02d ",GE_COLORS[col + 1]);
}
/* set fill if there is a fill style */
@@ -443,7 +444,7 @@ static void
set_fill(int style, int color)
{
if (style != UNFILLED)
- fprintf(tfp,"C%02d ",GE_COLORS[color]);
+ fprintf(tfp,"C%02d ",GE_COLORS[color + 1]);
}
/*
diff --git a/fig2dev/tests/data/line.fig b/fig2dev/tests/data/line.fig
index e033b12..bfc4976 100644
--- a/fig2dev/tests/data/line.fig
+++ b/fig2dev/tests/data/line.fig
@@ -7,5 +7,5 @@ A9
Single
-2
1200 2
-2 1 0 3 0 7 50 -1 -1 0.0 0 0 -1 0 0 3
+2 1 0 3 -1 7 50 -1 -1 0.0 0 0 -1 0 0 3
50 50 500 50 500 200
diff --git a/fig2dev/tests/output.at b/fig2dev/tests/output.at
index 9a1bc45..79788cc 100644
--- a/fig2dev/tests/output.at
+++ b/fig2dev/tests/output.at
@@ -261,3 +261,13 @@ AT_CHECK([fig2dev -L tikz -P big1.fig big1.tex && \
latex -halt-on-error big1.tex && latex -halt-on-error big2.tex
], 0, ignore)
AT_CLEANUP
+
+AT_BANNER([Test other output languages.])
+
+AT_SETUP([allow default color in ge, cgm output, #72, #73])
+AT_KEYWORDS(cgm ge)
+AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig
+], 0, ignore)
+AT_CHECK([fig2dev -L ge $srcdir/data/line.fig
+], 0, ignore)
+AT_CLEANUP
--
2.31.1

25
SOURCES/0010-CVE-2020-21683.patch Normal file
View File

@ -0,0 +1,25 @@
Subject: [PATCH] Fix pstricks fill with non-solid default color
In the pstricks output, filling an area with the shaded or tinted default color
is now equivalent to filling with shaded or tinted black color.
---
fig2dev/dev/genpstricks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fig2dev/dev/genpstricks.c b/fig2dev/dev/genpstricks.c
index cf49207..40ea577 100644
--- a/fig2dev/dev/genpstricks.c
+++ b/fig2dev/dev/genpstricks.c
@@ -1856,7 +1856,8 @@ format_options(char *options, char *prefix, char *postfix, char *sqrb_init,
else if (fill_style <= 40)
/* shade or tint fill */
sprintf(tmps, "fillstyle=solid,fillcolor=%s",
- shade_or_tint_name_after_declare_color(tmpc, fill_style, fill_color));
+ shade_or_tint_name_after_declare_color(tmpc, fill_style,
+ fill_color == DEFAULT ? CT_BLACK : fill_color));
else {
char *type = 0, *ps;
int angle = 0;
--
2.31.1

55
SOURCES/0011-CVE-2020-21680.patch Normal file
View File

@ -0,0 +1,55 @@
Subject: [PATCH] Allow arrows with zero length on arcs
Use the tangent, not a secant, for short arrows on arcs.
---
fig2dev/bound.c | 9 ++++-----
fig2dev/tests/output.at | 8 ++++++++
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/fig2dev/bound.c b/fig2dev/bound.c
index ce7f4d1..9e997b7 100644
--- a/fig2dev/bound.c
+++ b/fig2dev/bound.c
@@ -1095,16 +1095,15 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2,
r=sqrt(dx*dx+dy*dy);
h = (double) arrow->ht;
/* lines are made a little thinner in set_linewidth */
- thick = (arrow->thickness <= THICK_SCALE) ?
- 0.5* arrow->thickness :
- arrow->thickness - THICK_SCALE;
+ thick = arrow->thickness <= THICK_SCALE ?
+ 0.5 * arrow->thickness : arrow->thickness - THICK_SCALE;
/* lpt is the amount the arrowhead extends beyond the end of the line */
lpt = thick/2.0/(arrow->wid/h/2.0);
/* add this to the length */
h += lpt;
- /* radius too small for this method, use normal method */
- if (h > 2.0*r) {
+ /* secant would be too large or too small */
+ if (h > 2.0*r || h < 0.01*r) {
arc_tangent_int(x1,y1,x2,y2,direction,x,y);
return;
}
diff --git a/fig2dev/tests/output.at b/fig2dev/tests/output.at
index 79788cc..9150dbe 100644
--- a/fig2dev/tests/output.at
+++ b/fig2dev/tests/output.at
@@ -175,6 +175,14 @@ AT_CHECK([fig2dev -L pict2e -P big1.fig big1.tex && \
], 0, ignore)
AT_CLEANUP
+AT_SETUP([accept arc arrows with zero height, ticket #74])
+AT_KEYWORDS(pict2e)
+AT_CHECK([fig2dev -L pict2e <<EOF
+FIG_FILE_TOP
+5 1 0 1 0 7 50 -1 -1 0.0 0 0 1 0 0.0 0.0 600 0 0 600 -600 0
+ 1 1 1.0 60.0 0.0
+EOF], 0, ignore)
+AT_CLEANUP
AT_BANNER([Test svg output language.])
AT_SETUP([compare patterns with template])
--
2.31.1

134
SOURCES/0012-CVE-2020-21678-CVE-2020-21684.patch Normal file
View File

@ -0,0 +1,134 @@
From 8e7bcd6952535163a919e1f6891b44521ba86a8d Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Fri, 3 Sep 2021 08:15:34 +0200
Subject: [PATCH] Reject ASCII NUL anywhere in the input
The input is read in line by line, stored in a buffer and processed further
with sscanf(). Embedded NUL characters ('\0') would already disturb sscanf(),
and nowhere does the code expect NUL characters. Therefore, detect NUL while
reading the input, and exit with an error message when NUL is found anywere.
Fixes ticket #80.
---
CHANGES | 4 ++++
fig2dev/read.c | 21 +++++++++++++++++++--
fig2dev/tests/data/text_w_ascii0.fig | 12 ++++++++++++
fig2dev/tests/read.at | 16 ++++++++++++++++
4 files changed, 51 insertions(+), 2 deletions(-)
create mode 100644 fig2dev/tests/data/text_w_ascii0.fig
diff --git a/CHANGES b/CHANGES
index 4a414fa..f1bbbc3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@ Patchlevel Xx (Xxx 20xx)
BUGS FIXED:
Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
+ o Fix ticket #81.
+ o Do not allow ASCII NUL anywhere in input. Fixes ticket #80.
+ o Use getline() to improve input scanning.
+ Fixes tickets #58, #59, #61, #62, #67, #78, #79.
o Correctly scan embedded pdfs for /MediaBox value.
o Convert polygons having too few points to polylines. Ticket #56.
o Reject huge arrow types causing integer overflow. Ticket #57.
diff --git a/fig2dev/read.c b/fig2dev/read.c
index aea9537..6e47f2d 100644
--- a/fig2dev/read.c
+++ b/fig2dev/read.c
@@ -200,8 +200,14 @@ read_objects(FILE *fp, F_compound *obj)
put_msg("Could not read input file.");
return -1;
}
- /* seek to the end of the first line */
- if (strchr(buf, '\n') == NULL) {
+
+ /* check for embedded '\0' */
+ if (strlen(buf) < sizeof buf - 1 && buf[strlen(buf) - 1] != '\n') {
+ put_msg("ASCII NUL ('\\0') character within the first line.");
+ exit(EXIT_FAILURE);
+ /* seek to the end of the first line
+ (the only place, where '\0's are tolerated) */
+ } else if (buf[strlen(buf) - 1] != '\n') {
int c;
do
c = fgetc(fp);
@@ -1399,6 +1405,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len,
return s;
}
+static void
+exit_on_ascii_NUL(const char *restrict line, size_t chars, int line_no)
+{
+ if (strlen(line) < (size_t)chars) {
+ put_msg("ASCII NUL ('\\0') in line %d.", line_no);
+ exit(EXIT_FAILURE);
+ }
+}
+
static char *
find_end(const char *str, int v30flag)
{
@@ -1470,6 +1485,7 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no)
while ((chars = getline(line, line_len, fp)) != -1) {
++(*line_no);
+ exit_on_ascii_NUL(*line, chars, *line_no);
end = find_end(*line, v30_flag);
if (end) {
*end = '\0';
@@ -1641,6 +1657,7 @@ get_line(FILE *fp, char **restrict line, size_t *line_len, int *line_no)
if (**line == '\n' || (**line == '\r' &&
chars == 2 && (*line)[1] == '\n'))
continue;
+ exit_on_ascii_NUL(*line, chars, *line_no);
/* remove newline and possibly a carriage return */
if ((*line)[chars-1] == '\n') {
chars -= (*line)[chars - 2] == '\r' ? 2 : 1;
diff --git a/fig2dev/tests/data/text_w_ascii0.fig b/fig2dev/tests/data/text_w_ascii0.fig
new file mode 100644
index 0000000..c0aa754
--- /dev/null
+++ b/fig2dev/tests/data/text_w_ascii0.fig
@@ -0,0 +1,12 @@
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter
+100.00
+Single
+-2
+1200 2
+4 0 0 2 0 25 163 31 7 0 0 -1 1 0 2
+ 0& 4 120 5 y\ 0 0 0^^^^^J^^^^^<U+0080>ÿÿ^^^^^^^^^^^^^^^^^^^^^^45 E\0I1y\001
+#4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 An ascii zero '\\0' here ->...and some more text following, with a certain amount of minimum characters\001
diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
index 9b34bfb..60982b0 100644
--- a/fig2dev/tests/read.at
+++ b/fig2dev/tests/read.at
@@ -406,6 +406,22 @@ EOF
])
AT_CLEANUP
+AT_SETUP([allow tex font -1, ticket #81])
+AT_KEYWORDS([pict2e tikz])
+AT_DATA([text.fig], [FIG_FILE_TOP
+4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001
+])
+AT_CHECK([fig2dev -L pict2e text.fig
+], 0, ignore)
+AT_CHECK([fig2dev -L tikz text.fig
+], 0, ignore)
+AT_CLEANUP
+
+AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80])
+AT_KEYWORDS([read.c svg])
+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
+AT_CLEANUP
+
AT_BANNER([Dynamically allocate picture file name.])
AT_SETUP([prepend fig file path to picture file name])
--
2.31.1

83
SOURCES/0013-CVE-2020-21676.patch Normal file
View File

@ -0,0 +1,83 @@
From 180cf468f8999cfb7245bac5b3be447aefa6c852 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Fri, 3 Sep 2021 08:24:19 +0200
Subject: [PATCH] Reject text or ellipse angles beyond -2pi to 2pi, #76
In fact, generously extend the allowed range to -7 to 7.
Sane applications, e.g., xfig, certainly keep the angles within one revolution.
---
CHANGES | 5 +++--
fig2dev/object.h | 7 ++++---
fig2dev/tests/read.at | 8 ++++++++
3 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/CHANGES b/CHANGES
index f1bbbc3..52daead 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,8 +6,9 @@ Patchlevel Xx (Xxx 20xx)
BUGS FIXED:
Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
- o Fix ticket #81.
- o Do not allow ASCII NUL anywhere in input. Fixes ticket #80.
+ o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76.
+ o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81.
+ o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80.
o Use getline() to improve input scanning.
Fixes tickets #58, #59, #61, #62, #67, #78, #79.
o Correctly scan embedded pdfs for /MediaBox value.
diff --git a/fig2dev/object.h b/fig2dev/object.h
index fe56bbb..8464010 100644
--- a/fig2dev/object.h
+++ b/fig2dev/object.h
@@ -3,7 +3,7 @@
* Copyright (c) 1991 by Micah Beck
* Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
* Parts Copyright (c) 1989-2015 by Brian V. Smith
- * Parts Copyright (c) 2015-2019 by Thomas Loimer
+ * Parts Copyright (c) 2015-2020 by Thomas Loimer
*
* Any party obtaining a copy of these files is granted, free of charge, a
* full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -94,7 +94,8 @@ typedef struct f_ellipse {
#define INVALID_ELLIPSE(e) \
e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA || \
COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \
- e->radiuses.x == 0 || e->radiuses.y == 0
+ e->radiuses.x == 0 || e->radiuses.y == 0 || \
+ e->angle < -7. || e->angle > 7.
typedef struct f_arc {
int type;
@@ -243,7 +244,7 @@ typedef struct f_text {
t->type < T_LEFT_JUSTIFIED || t->type > T_RIGHT_JUSTIFIED || \
t->font < DEFAULT || t->font > MAX_PSFONT || \
t->flags < DEFAULT || t->flags >= 2 * HIDDEN_TEXT || \
- t->height < 0 || t->length < 0
+ t->height < 0 || t->length < 0 || t->angle < -7. || t->angle > 7.
typedef struct f_control {
double lx, ly, rx, ry; /* used by older versions*/
diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
index 60982b0..c53fbb9 100644
--- a/fig2dev/tests/read.at
+++ b/fig2dev/tests/read.at
@@ -422,6 +422,14 @@ AT_KEYWORDS([read.c svg])
AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
AT_CLEANUP
+AT_SETUP([reject out of range text angle, ticket #76])
+AT_CHECK([fig2dev -L pstricks <<EOF
+FIG_FILE_TOP
+4 0 0 50 -1 -1 12 9e26 0 150 405 0 0 Very slanted text\001
+EOF
+], 1, ignore, ignore)
+AT_CLEANUP
+
AT_BANNER([Dynamically allocate picture file name.])
AT_SETUP([prepend fig file path to picture file name])
--
2.31.1

32
SOURCES/0014-CVE-2020-21529.patch Normal file
View File

@ -0,0 +1,32 @@
From 2397ae3bb903f59a017c8ec9db87164048b86827 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 20 Sep 2021 08:31:22 +0200
Subject: [PATCH] Keep coordinates of spline controls within sane range
---
fig2dev/read.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fig2dev/read.c b/fig2dev/read.c
index 6e47f2d..349a685 100644
--- a/fig2dev/read.c
+++ b/fig2dev/read.c
@@ -1392,6 +1392,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len,
cp->next = NULL;
free_splinestorage(s);
return NULL;
+ }
+ if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN || ly > INT_MAX ||
+ rx < INT_MIN || rx > INT_MAX || ry < INT_MIN || ry > INT_MAX) {
+ /* do not care to clean up, we exit anyway
+ cp->next = NULL;
+ free_splinestorage(s); */
+ put_msg("Spline control points out of range at line %d.",
+ *line_no);
+ exit(EXIT_FAILURE);
}
cq->lx = lx; cq->ly = ly;
cq->rx = rx; cq->ry = ry;
--
2.31.1

134
SOURCES/0015-CVE-2020-21532.patch Normal file
View File

@ -0,0 +1,134 @@
From ae23821f5959ee7c6d10cf0219fad013d3469a6f Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Tue, 21 Sep 2021 10:35:53 +0200
Subject: [PATCH] Accept -1 as default TeX font, fixes ticket #81
The default for PostScript fonts is -1, for TeX fonts 0. Accepting -1 for TeX
fonts lead to out-of-bound read. Now, -1 for TeX fonts is converted to 0.
Accept -1 TeX font in more places, fixes #71, #75
Continue the work started in commit [00cded]. Fix the fundamental issue of
tickets #71 and #75, which was hidden by commit [d70e4b].
---
fig2dev/dev/genpict2e.c | 9 +++++----
fig2dev/dev/gentikz.c | 9 +++++----
fig2dev/dev/texfonts.h | 14 +++++++++-----
fig2dev/tests/read.at | 14 +++++++++++++-
4 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/fig2dev/dev/genpict2e.c b/fig2dev/dev/genpict2e.c
index 9f828f0..22daedd 100644
--- a/fig2dev/dev/genpict2e.c
+++ b/fig2dev/dev/genpict2e.c
@@ -2222,11 +2222,12 @@ put_font(F_text *t)
}
if (psfont_text(t))
- fprintf(tfp, "\\usefont%s",
- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]);
+ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ?
+ t->font + 1 : 0]);
else
- fprintf(tfp, "\\normalfont%s ",
- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]);
+ /* Default psfont is -1, default texfont 0, also accept -1. */
+ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ?
+ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]);
}
void
diff --git a/fig2dev/dev/gentikz.c b/fig2dev/dev/gentikz.c
index 96ee41c..6d8aff4 100644
--- a/fig2dev/dev/gentikz.c
+++ b/fig2dev/dev/gentikz.c
@@ -1771,11 +1771,12 @@ put_font(F_text *t)
}
if (psfont_text(t))
- fprintf(tfp, "\\usefont%s",
- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]);
+ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ?
+ t->font + 1 : 0]);
else
- fprintf(tfp, "\\normalfont%s ",
- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]);
+ /* Default psfont is -1, default texfont 0, also accept -1. */
+ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ?
+ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]);
}
/*
diff --git a/fig2dev/dev/texfonts.h b/fig2dev/dev/texfonts.h
index 89097f2..e5254b6 100644
--- a/fig2dev/dev/texfonts.h
+++ b/fig2dev/dev/texfonts.h
@@ -35,17 +35,21 @@ extern char texfontsizes[];
#define MAXFONTSIZE 42
#ifdef NFSS
-#define TEXFAMILY(F) (texfontfamily[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)])
-#define TEXSERIES(F) (texfontseries[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)])
-#define TEXSHAPE(F) (texfontshape[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)])
+#define TEXFAMILY(F) texfontfamily[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \
+ : MAX_FONT-1]
+#define TEXSERIES(F) texfontseries[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \
+ : MAX_FONT-1]
+#define TEXSHAPE(F) texfontshape[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \
+ : MAX_FONT-1]
#endif
-#define TEXFONT(F) (texfontnames[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)])
+#define TEXFONT(F) texfontnames[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \
+ : MAX_FONT-1]
/*
#define TEXFONTSIZE(S) (texfontsizes[((S) <= MAXFONTSIZE) ? (int)(round(S))\
: (MAXFONTSIZE-1)])
*/
-#define TEXFONTSIZE(S) (((S) <= MAXFONTSIZE) ? texfontsizes[(int)(round(S))] : (S))
+#define TEXFONTSIZE(S) ((S) <= MAXFONTSIZE ? texfontsizes[(int)round(S)] : (S))
#define TEXFONTMAG(T) TEXFONTSIZE(T->size*(rigid_text(T) ? 1.0 : fontmag))
void setfigfont(F_text *text); /* genepic.c */
diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
index c53fbb9..d85356b 100644
--- a/fig2dev/tests/read.at
+++ b/fig2dev/tests/read.at
@@ -406,7 +406,7 @@ EOF
])
AT_CLEANUP
-AT_SETUP([allow tex font -1, ticket #81])
+AT_SETUP([allow tex font -1, tickets #71, #75, #81])
AT_KEYWORDS([pict2e tikz])
AT_DATA([text.fig], [FIG_FILE_TOP
4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001
@@ -415,6 +415,8 @@ AT_CHECK([fig2dev -L pict2e text.fig
], 0, ignore)
AT_CHECK([fig2dev -L tikz text.fig
], 0, ignore)
+AT_CHECK([fig2dev -L mp text.fig
+], 0, ignore)
AT_CLEANUP
AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80])
@@ -430,6 +432,16 @@ EOF
], 1, ignore, ignore)
AT_CLEANUP
+AT_SETUP([allow tex font -1, ticket #81])
+AT_DATA([text.fig], [FIG_FILE_TOP
+4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001
+])
+AT_CHECK([fig2dev -L pict2e text.fig
+], 0, ignore)
+AT_CHECK([fig2dev -L tikz text.fig
+], 0, ignore)
+AT_CLEANUP
+
AT_BANNER([Dynamically allocate picture file name.])
AT_SETUP([prepend fig file path to picture file name])
--
2.31.1

63
SOURCES/0016-CVE-2020-21531.patch Normal file
View File

@ -0,0 +1,63 @@
From d50ae523fcee5c2d4357bbd8ce5baeeb18d15a2c Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Tue, 21 Sep 2021 10:42:50 +0200
Subject: [PATCH] Reject out-of-range pattern
---
fig2dev/object.h | 2 +-
fig2dev/tests/read.at | 19 +++++++++++++++++--
2 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/fig2dev/object.h b/fig2dev/object.h
index 8464010..6830b13 100644
--- a/fig2dev/object.h
+++ b/fig2dev/object.h
@@ -61,7 +61,7 @@ typedef struct f_comment {
o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE || \
o->thickness < 0 || o->depth < 0 || o->depth > 999 || \
o->fill_style < UNFILLED || \
- o->fill_style > NUMSHADES + NUMTINTS + NUMPATTERNS || \
+ o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS || \
o->style_val < 0.0
typedef struct f_ellipse {
diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
index d85356b..7765805 100644
--- a/fig2dev/tests/read.at
+++ b/fig2dev/tests/read.at
@@ -421,15 +421,30 @@ AT_CLEANUP
AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80])
AT_KEYWORDS([read.c svg])
-AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig],
+1, ignore, [ASCII NUL ('\0') in line 11.
+])
AT_CLEANUP
AT_SETUP([reject out of range text angle, ticket #76])
+AT_KEYWORDS([read.c pstricks])
AT_CHECK([fig2dev -L pstricks <<EOF
FIG_FILE_TOP
4 0 0 50 -1 -1 12 9e26 0 150 405 0 0 Very slanted text\001
EOF
-], 1, ignore, ignore)
+], 1, ignore, [Invalid text object at line 10.
+])
+AT_CLEANUP
+
+AT_SETUP([reject out-of-range pattern fills, ticket #63])
+AT_KEYWORDS([read.c cgm])
+AT_CHECK([fig2dev -L cgm <<EOF
+FIG_FILE_TOP
+2 3 0 0 0 7 50 -1 63 0.000 0 0 -1 0 0 4
+ 0 0 1200 0 600 800 0 0
+EOF
+], 1, ignore, [Invalid line object at line 10.
+])
AT_CLEANUP
AT_SETUP([allow tex font -1, ticket #81])
--
2.31.1

29
SOURCES/0017-CVE-2021-32280.patch Normal file
View File

@ -0,0 +1,29 @@
From fa5a2dced5cad973c3a9c9e83f21165942f1cd6d Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 23 Sep 2021 09:49:37 +0200
Subject: [PATCH] Do not crash on incomplete, closed splines
---
fig2dev/trans_spline.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c
index 0905c79..60c54ad 100644
--- a/fig2dev/trans_spline.c
+++ b/fig2dev/trans_spline.c
@@ -226,6 +226,12 @@ compute_closed_spline(F_spline *spline, float precision)
if (!init_point_array(300, 200))
return NULL;
+ if (!(spline->points /* p0 */ && spline->controls /* s0 */ &&
+ spline->points->next /* p1 */ && spline->controls->next /* s1 */ &&
+ spline->points->next->next && spline->controls->next->next/* p2, s2 */&&
+ spline->points->next->next->next && spline->controls->next->next->next))
+ return NULL;
+
INIT_CONTROL_POINTS(spline, p0, s0, p1, s1, p2, s2, p3, s3);
COPY_CONTROL_POINT(first, s_first, p0, s0);
--
2.31.1

39
SOURCES/0018-exit-no-args.patch Normal file
View File

@ -0,0 +1,39 @@
Subject: [PATCH] Exit correctly when invoked without arguments
https://sourceforge.net/p/mcj/fig2dev/ci/11fba42e388ff7d92f81518406429bdea0a6a3b3
---
fig2dev/fig2dev.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fig2dev/fig2dev.c b/fig2dev/fig2dev.c
index 62ec099..949671e 100644
--- a/fig2dev/fig2dev.c
+++ b/fig2dev/fig2dev.c
@@ -161,9 +161,9 @@ static struct depth_opts {
static char Usage[] =
#ifdef I18N
-"Usage:\n %s -hV\n %s -L language [-s size] [-m scale] [-j] [input [output]]\n";
+"Usage:\n %1$s -hV\n %1$s -L language [-s size] [-m scale] [-j] [input [output]]\n";
#else
- "Usage:\n %s -hV\n %s -L language [-s size] [-m scale] [input [output]]\n";
+ "Usage:\n %1$s -hV\n %1$s -L language [-s size] [-m scale] [input [output]]\n";
#endif
static int parse_gridspec(char *string, float *numer, float *denom,
@@ -218,8 +218,10 @@ get_args(int argc, char *argv[])
char *grid, *p;
float numer, denom;
- if (argc == 1)
- fprintf(stderr, Usage, prog, prog);
+ if (argc == 1) {
+ fprintf(stderr, Usage, prog);
+ exit(EXIT_SUCCESS);
+ }
/* print the version, for the comfort of the autotest tests */
if (!strcmp(argv[1], "--version")) {
--
2.31.1

32
SPECS/transfig.spec
View File

@ -1,6 +1,6 @@
Name: transfig
Version: 3.2.7b
Release: 6%{?dist}
Release: 10%{?dist}
Epoch: 1
Summary: Utility for converting FIG files (made by xfig) to other formats
License: MIT
@ -15,6 +15,16 @@ Patch5: 0005-Correctly-scan-embedded-pdfs-for-MediaBox-value.patch
Patch6: 0006-fig2dev-version-prints-version-information.patch
Patch7: 0007-Use-getopt-from-standard-libraries-if-available.patch
Patch8: 0008-Replace-most-calls-to-fgets-by-getline-in-read.c.patch
Patch9: 0009-CVE-2020-21681-CVE-2020-21682.patch
Patch10: 0010-CVE-2020-21683.patch
Patch11: 0011-CVE-2020-21680.patch
Patch12: 0012-CVE-2020-21678-CVE-2020-21684.patch
Patch13: 0013-CVE-2020-21676.patch
Patch14: 0014-CVE-2020-21529.patch
Patch15: 0015-CVE-2020-21532.patch
Patch16: 0016-CVE-2020-21531.patch
Patch17: 0017-CVE-2021-32280.patch
Patch18: 0018-exit-no-args.patch
Requires: ghostscript
Requires: bc
@ -67,6 +77,26 @@ mv fig2dev.1.in.new man/fig2dev.1.in
%changelog
* Mon Oct 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-10
- Exit correctly when invoked without arguments (#2015001)
* Thu Sep 23 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-9
- Fixed CVE-2021-32280 (#2006830)
* Mon Sep 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-8
- Fixed CVE-2020-21529 (#2005518)
- Fixed CVE-2020-21532 (#2006007)
- Fixed CVE-2020-21531 (#2006002)
* Mon Aug 30 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-7
- Fixed CVE-2020-21681 (#1998350)
- Fixed CVE-2020-21683 (#1998594)
- Fixed CVE-2020-21680 (#1998306)
- Fixed CVE-2020-21684 (#2000747)
- Fixed CVE-2020-21678 (#2000741)
- Fixed CVE-2020-21676 (#2000751)
- Fixed CVE-2020-21682 (#2000738)
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.2.7b-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688