parent
d939a514a6
commit
a12d747fb9
109
0009-CVE-2020-21681.patch
Normal file
109
0009-CVE-2020-21681.patch
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
Subject: [PATCH] Allow DEFAULT color in cgm and ge output and fix memory leak
|
||||||
|
in gencgm.c
|
||||||
|
|
||||||
|
---
|
||||||
|
fig2dev/dev/gencgm.c | 8 +++++++-
|
||||||
|
fig2dev/dev/genge.c | 7 ++++---
|
||||||
|
fig2dev/tests/data/line.fig | 2 +-
|
||||||
|
fig2dev/tests/output.at | 10 ++++++++++
|
||||||
|
4 files changed, 22 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fig2dev/dev/gencgm.c b/fig2dev/dev/gencgm.c
|
||||||
|
index 6d9d9cb..0033c36 100644
|
||||||
|
--- a/fig2dev/dev/gencgm.c
|
||||||
|
+++ b/fig2dev/dev/gencgm.c
|
||||||
|
@@ -148,9 +148,11 @@ gencgm_start(F_compound *objects)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
char *p, *figname;
|
||||||
|
+ char *figname_buf = NULL;
|
||||||
|
|
||||||
|
if (from) {
|
||||||
|
- figname = strdup(from);
|
||||||
|
+ figname_buf = strdup(from);
|
||||||
|
+ figname = figname_buf;
|
||||||
|
p = strrchr(figname, '/');
|
||||||
|
if (p)
|
||||||
|
figname = p+1; /* remove path from name for comment in file */
|
||||||
|
@@ -252,6 +254,8 @@ gencgm_start(F_compound *objects)
|
||||||
|
print_comments("% ",objects->comments, " %");
|
||||||
|
fprintf(tfp,"%% %%\n");
|
||||||
|
}
|
||||||
|
+ if (figname_buf)
|
||||||
|
+ free(figname_buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
@@ -549,6 +553,8 @@ hatchindex(index)
|
||||||
|
static void
|
||||||
|
getrgb(int color, int *r, int *g, int *b)
|
||||||
|
{
|
||||||
|
+ if (color < 0) /* DEFAULT color is black */
|
||||||
|
+ color = 0;
|
||||||
|
if (color < NUM_STD_COLS) {
|
||||||
|
*r = stdcols[color].r * 255.;
|
||||||
|
*g = stdcols[color].g * 255.;
|
||||||
|
diff --git a/fig2dev/dev/genge.c b/fig2dev/dev/genge.c
|
||||||
|
index 8caabf1..c2ab712 100644
|
||||||
|
--- a/fig2dev/dev/genge.c
|
||||||
|
+++ b/fig2dev/dev/genge.c
|
||||||
|
@@ -52,7 +52,8 @@ static void genge_ctl_spline(F_spline *s);
|
||||||
|
/* color mapping */
|
||||||
|
/* xfig ge */
|
||||||
|
|
||||||
|
-static int GE_COLORS[] = { 1, /* black black */
|
||||||
|
+static int GE_COLORS[] = { 1, /* DEFAULT == black */
|
||||||
|
+ 1, /* black black */
|
||||||
|
8, /* blue blue */
|
||||||
|
7, /* green green */
|
||||||
|
6, /* cyan cyan */
|
||||||
|
@@ -434,7 +435,7 @@ back_arrow(F_line *l)
|
||||||
|
static void
|
||||||
|
set_color(int col)
|
||||||
|
{
|
||||||
|
- fprintf(tfp,"c%02d ",GE_COLORS[col]);
|
||||||
|
+ fprintf(tfp,"c%02d ",GE_COLORS[col + 1]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* set fill if there is a fill style */
|
||||||
|
@@ -443,7 +444,7 @@ static void
|
||||||
|
set_fill(int style, int color)
|
||||||
|
{
|
||||||
|
if (style != UNFILLED)
|
||||||
|
- fprintf(tfp,"C%02d ",GE_COLORS[color]);
|
||||||
|
+ fprintf(tfp,"C%02d ",GE_COLORS[color + 1]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff --git a/fig2dev/tests/data/line.fig b/fig2dev/tests/data/line.fig
|
||||||
|
index e033b12..bfc4976 100644
|
||||||
|
--- a/fig2dev/tests/data/line.fig
|
||||||
|
+++ b/fig2dev/tests/data/line.fig
|
||||||
|
@@ -7,5 +7,5 @@ A9
|
||||||
|
Single
|
||||||
|
-2
|
||||||
|
1200 2
|
||||||
|
-2 1 0 3 0 7 50 -1 -1 0.0 0 0 -1 0 0 3
|
||||||
|
+2 1 0 3 -1 7 50 -1 -1 0.0 0 0 -1 0 0 3
|
||||||
|
50 50 500 50 500 200
|
||||||
|
diff --git a/fig2dev/tests/output.at b/fig2dev/tests/output.at
|
||||||
|
index 9a1bc45..79788cc 100644
|
||||||
|
--- a/fig2dev/tests/output.at
|
||||||
|
+++ b/fig2dev/tests/output.at
|
||||||
|
@@ -261,3 +261,13 @@ AT_CHECK([fig2dev -L tikz -P big1.fig big1.tex && \
|
||||||
|
latex -halt-on-error big1.tex && latex -halt-on-error big2.tex
|
||||||
|
], 0, ignore)
|
||||||
|
AT_CLEANUP
|
||||||
|
+
|
||||||
|
+AT_BANNER([Test other output languages.])
|
||||||
|
+
|
||||||
|
+AT_SETUP([allow default color in ge, cgm output, #72, #73])
|
||||||
|
+AT_KEYWORDS(cgm ge)
|
||||||
|
+AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig
|
||||||
|
+], 0, ignore)
|
||||||
|
+AT_CHECK([fig2dev -L ge $srcdir/data/line.fig
|
||||||
|
+], 0, ignore)
|
||||||
|
+AT_CLEANUP
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: transfig
|
Name: transfig
|
||||||
Version: 3.2.7b
|
Version: 3.2.7b
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: Utility for converting FIG files (made by xfig) to other formats
|
Summary: Utility for converting FIG files (made by xfig) to other formats
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -15,6 +15,7 @@ Patch5: 0005-Correctly-scan-embedded-pdfs-for-MediaBox-value.patch
|
|||||||
Patch6: 0006-fig2dev-version-prints-version-information.patch
|
Patch6: 0006-fig2dev-version-prints-version-information.patch
|
||||||
Patch7: 0007-Use-getopt-from-standard-libraries-if-available.patch
|
Patch7: 0007-Use-getopt-from-standard-libraries-if-available.patch
|
||||||
Patch8: 0008-Replace-most-calls-to-fgets-by-getline-in-read.c.patch
|
Patch8: 0008-Replace-most-calls-to-fgets-by-getline-in-read.c.patch
|
||||||
|
Patch9: 0009-CVE-2020-21681.patch
|
||||||
|
|
||||||
Requires: ghostscript
|
Requires: ghostscript
|
||||||
Requires: bc
|
Requires: bc
|
||||||
@ -67,6 +68,9 @@ mv fig2dev.1.in.new man/fig2dev.1.in
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 30 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-7
|
||||||
|
- Fixed CVE-2020-21681 (#1998350)
|
||||||
|
|
||||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.2.7b-6
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.2.7b-6
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
Loading…
Reference in New Issue
Block a user