Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package transfig for openSUSE:Factory checked in at 2021-02-22 14:39:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/transfig (Old) and /work/SRC/openSUSE:Factory/.transfig.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transfig" Mon Feb 22 14:39:30 2021 rev:46 rq:873730 version:3.2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/transfig/transfig.changes 2020-10-03 18:55:20.085471141 +0200 +++ /work/SRC/openSUSE:Factory/.transfig.new.2378/transfig.changes 2021-02-22 14:39:44.472576464 +0100 @@ -1,0 +2,58 @@ +Fri Feb 12 09:50:30 UTC 2021 - Dr. Werner Fink <wer...@suse.de> + +- Update to fig2dev version 3.2.8 (Patchlevel 8 (Dec 2020) + o Use deflate to embed image data into eps output, often substantially + reducing file size. + o Embed pdf files into ps output by converting the pdf to eps. + o Allow negative arrow widths. This might be useful for asymmetric arrow + tips, which can thus be mirrored around the corresponding line. + Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. + o Reject negative text font sizes. Fixes ticket #86. + o Allow fig files ending without previous eol character. Fixes #83, #84. + o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76. + o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81. + o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80. + o Use getline() to improve input scanning. + Fixes tickets #58, #59, #61, #62, #67, #78, #79, #82. + o Correctly scan embedded pdfs for /MediaBox value. + o Convert polygons having too few points to polylines. Ticket #56. + o Reject huge arrow types causing integer overflow. Ticket #57. + o Allow Fig v2 text strings ending with multiple ^A. Ticket #55. + o Embed images in pdfs with their original compression type, i.e., leave + the gs switch "-dAutoFilterColorImages" at its default value "true". +- This update includes the fixes for + bsc#1159293 - CVE-2019-19797: transfig,xfig: out-of-bounds write in + read_colordef in read.c + bsc#1161698 - CVE-2019-19555: transfig,xfig: stack-based buffer + overflow because of an incorrect sscanf + bsc#1159130 - CVE-2019-19746: transfig,xfig: segmentation fault and + out-of-bounds write because of an integer overflow via + a large arrow type + and many more +- Port and rename patch transfig-3.2.6.dif which is now transfig-3.2.8.dif +- Remove patches now obsolete + * 00cded.patch + * 100e27.patch + * 2f8d1a.patch + * 3065eb.patch + * 3165d8.patch + * 421afa.patch + * 4d4e1f.patch + * 639c36.patch + * CVE-2019-19555.patch + * CVE-2019-19746.patch + * CVE-2019-19797.patch + * acccc8.patch + * c379fe.patch + * ca48cc.patch + * d6a10d.patch + * d70e4b.patch + * e3cee2.patch + * transfig.3.2.5-binderman.dif + * transfig.3.2.5d-mediaboxrealnb.dif +- Port patches + * fig2dev-3.2.6-fig2mpdf.patch + * fig2dev-3.2.6a-RGBFILE.patch + + +------------------------------------------------------------------- Old: ---- 00cded.patch 100e27.patch 2f8d1a.patch 3065eb.patch 3165d8.patch 421afa.patch 4d4e1f.patch 639c36.patch CVE-2019-19555.patch CVE-2019-19746.patch CVE-2019-19797.patch acccc8.patch c379fe.patch ca48cc.patch d6a10d.patch d70e4b.patch e3cee2.patch fig2dev-3.2.7b.tar.xz transfig-3.2.6.dif transfig.3.2.5-binderman.dif transfig.3.2.5d-mediaboxrealnb.dif New: ---- fig2dev-3.2.8.tar.xz transfig-3.2.8.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transfig.spec ++++++ --- /var/tmp/diff_new_pack.WDTzPP/_old 2021-02-22 14:39:45.368577458 +0100 +++ /var/tmp/diff_new_pack.WDTzPP/_new 2021-02-22 14:39:45.372577462 +0100 @@ -1,7 +1,7 @@ # # spec file for package transfig # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -45,34 +45,15 @@ Requires: ghostscript-library Requires: netpbm Requires: texlive-epstopdf -Version: 3.2.7b +Version: 3.2.8 Release: 0 Summary: Graphic Converter #Source: http://sourceforge.net/projects/mcj/files/fig2dev-%{version}.tar.xz/download#/fig2dev-%{version}.tar.xz License: MIT Group: Productivity/Graphics/Convertors Source: fig2dev-%{version}.tar.xz -Patch0: transfig-3.2.6.dif -Patch1: CVE-2019-19555.patch -Patch2: transfig.3.2.5-binderman.dif -Patch3: transfig.3.2.5d-mediaboxrealnb.dif +Patch0: transfig-3.2.8.dif Patch4: transfig-fix-afl.patch -Patch5: CVE-2019-19746.patch -Patch6: c379fe.patch -Patch7: CVE-2019-19797.patch -Patch8: 00cded.patch -Patch9: d70e4b.patch -Patch10: d6a10d.patch -Patch11: acccc8.patch -Patch12: e3cee2.patch -Patch13: 421afa.patch -Patch14: 2f8d1a.patch -Patch15: 4d4e1f.patch -Patch16: 3165d8.patch -Patch17: 639c36.patch -Patch18: 100e27.patch -Patch19: 3065eb.patch -Patch20: ca48cc.patch Patch43: fig2dev-3.2.6-fig2mpdf.patch Patch44: fig2dev-3.2.6-fig2mpdf-doc.patch Patch45: fig2dev-3.2.6a-RGBFILE.patch @@ -113,27 +94,8 @@ %setup -q -n fig2dev-%{version} find -type f | xargs -r chmod a-x,go-w %patch0 -p0 -b .0 -%patch1 -p0 -b .sec -%patch2 -p0 -b .bm -%patch3 -p0 -b .mbox %patch4 -p1 -b .afl -%patch5 -p0 -b .sec2 -%patch6 -p0 -b .sec3 -%patch7 -p0 -b .sec4 -%patch8 -p0 -b .sec5 -%patch9 -p0 -b .sec6 -%patch10 -p0 -b .sec7 -%patch11 -p0 -b .sec8 -%patch12 -p0 -b .sec9 -%patch13 -p0 -b .sec10 -%patch14 -p0 -b .sec11 -%patch15 -p0 -b .sec12 -%patch16 -p0 -b .sec13 -%patch17 -p0 -b .sec14 -%patch18 -p0 -b .sec15 -%patch19 -p0 -b .sec16 -%patch20 -p0 -b .sec17 -%patch43 -p2 -b .mpdf +%patch43 -p1 -b .mpdf %patch44 -p1 -b .mpdfdoc %patch45 -p1 -b .p45 ++++++ fig2dev-3.2.6-fig2mpdf.patch ++++++ --- /var/tmp/diff_new_pack.WDTzPP/_old 2021-02-22 14:39:45.404577497 +0100 +++ /var/tmp/diff_new_pack.WDTzPP/_new 2021-02-22 14:39:45.408577502 +0100 @@ -1,8 +1,3 @@ -Author: Michael Pfeiffer <p3...@web.de> -Description: creating multilayered or singlelayer PDF or EPS figures for - including into LaTeX documents. -Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html - --- fig2dev/dev/genpstex.c | 331 ++++++++++++++++++++++++ fig2dev/drivers.h | 4 @@ -13,22 +8,23 @@ man/fig2dev.1.in | 69 +++++ 7 files changed, 1311 insertions(+), 2 deletions(-) ---- a/fig2dev-3.2.7b/fig2dev/dev/genpstex.c -+++ b/fig2dev-3.2.7b/fig2dev/dev/genpstex.c -@@ -48,9 +48,12 @@ +diff --git a/fig2dev/dev/genpstex.c b/fig2dev/dev/genpstex.c +--- a/fig2dev/dev/genpstex.c ++++ b/fig2dev/dev/genpstex.c +@@ -47,9 +47,12 @@ + #include <stdio.h> #include <string.h> - #include <ctype.h> #include <sys/stat.h> +#include <stdlib.h> #include "fig2dev.h" - #include "object.h" /* does #include <X11/xpm.h> */ + #include "object.h" +#include "texfonts.h" +#include "setfigfont.h" extern double rad2deg; -@@ -79,6 +82,308 @@ extern void genps_grid(float major, floa +@@ -78,6 +81,308 @@ extern void genps_grid(float major, floa static char pstex_file[1000] = ""; @@ -337,7 +333,7 @@ void genpstex_t_option(char opt, char *optarg) { -@@ -128,6 +433,32 @@ genpstex_option(char opt, char *optarg) +@@ -127,6 +432,32 @@ genpstex_option(char opt, char *optarg) genlatex_option(opt, optarg); } @@ -370,8 +366,9 @@ struct driver dev_pstex_t = { genpstex_t_option, genpstex_t_start, ---- a/fig2dev-3.2.7b/fig2dev/drivers.h -+++ b/fig2dev-3.2.7b/fig2dev/drivers.h +diff --git a/fig2dev/drivers.h b/fig2dev/drivers.h +--- a/fig2dev/drivers.h ++++ b/fig2dev/drivers.h @@ -36,8 +36,10 @@ extern struct driver dev_eps; extern struct driver dev_pdf; extern struct driver dev_pdftex; @@ -399,9 +396,10 @@ {"pstricks", &dev_pstricks}, {"ptk", &dev_ptk}, {"shape", &dev_shape}, ---- a/fig2dev-3.2.7b/fig2dev/fig2dev.c -+++ b/fig2dev-3.2.7b/fig2dev/fig2dev.c -@@ -821,6 +821,23 @@ help_msg(void) +diff --git a/fig2dev/fig2dev.c b/fig2dev/fig2dev.c +--- a/fig2dev/fig2dev.c ++++ b/fig2dev/fig2dev.c +@@ -826,6 +826,23 @@ help_msg(void) ); } @@ -425,7 +423,7 @@ if (dev == NULL || !strcmp(lang, "shape")) { puts( "SHAPE (ShapePar driver) Options:\n" -@@ -968,6 +985,12 @@ static int compound_dump(F_compound *com +@@ -973,6 +990,12 @@ static int compound_dump(F_compound *com static int rec_comp(struct obj_rec *r1, struct obj_rec *r2) { @@ -438,8 +436,9 @@ return (r2->depth - r1->depth); } ---- a/fig2dev-3.2.7b/fig2mpdf/copyright.txt -+++ b/fig2dev-3.2.7b/fig2mpdf/copyright.txt +diff --git a/fig2mpdf/copyright.txt b/fig2mpdf/copyright.txt +--- a/fig2mpdf/copyright.txt ++++ b/fig2mpdf/copyright.txt @@ -0,0 +1,25 @@ +The following files contain copyright and license info for +the code they contain: @@ -466,8 +465,9 @@ + + (Author's note: the license is in the file gpl.txt, which is included + in the archive.) ---- a/fig2dev-3.2.7b/fig2mpdf/fig2mpdf.1 -+++ b/fig2dev-3.2.7b/fig2mpdf/fig2mpdf.1 +diff --git a/fig2mpdf/fig2mpdf.1 b/fig2mpdf/fig2mpdf.1 +--- a/fig2mpdf/fig2mpdf.1 ++++ b/fig2mpdf/fig2mpdf.1 @@ -0,0 +1,208 @@ +.TH fig2mpdf 1 "Jun 2006" "" "Including xfig figures into LaTeX documents" +.SH NAME @@ -677,8 +677,9 @@ +.IR pdflatex(1) +.IR latex(1) +.IR dvips(1) ---- a/fig2dev-3.2.7b/fig2mpdf/fig2mpdf -+++ b/fig2dev-3.2.7b/fig2mpdf/fig2mpdf +diff --git a/fig2mpdf/fig2mpdf b/fig2mpdf/fig2mpdf +--- a/fig2mpdf/fig2mpdf ++++ b/fig2mpdf/fig2mpdf @@ -0,0 +1,653 @@ +#!/bin/sh + @@ -1333,8 +1334,9 @@ +} +' -- $* + ---- a/fig2dev-3.2.7b/man/fig2dev.1.in -+++ b/fig2dev-3.2.7b/man/fig2dev.1.in +diff --git a/man/fig2dev.1.in b/man/fig2dev.1.in +--- a/man/fig2dev.1.in ++++ b/man/fig2dev.1.in @@ -64,8 +64,8 @@ Set the output graphics language. Valid languages are \fBbox, cgm, dxf, epic, eepic, eepicemu, emf, eps, gbx (Gerber beta ++++++ fig2dev-3.2.6a-RGBFILE.patch ++++++ --- /var/tmp/diff_new_pack.WDTzPP/_old 2021-02-22 14:39:45.420577515 +0100 +++ /var/tmp/diff_new_pack.WDTzPP/_new 2021-02-22 14:39:45.424577520 +0100 @@ -9,7 +9,7 @@ --- a/fig2dev/colors.c +++ b/fig2dev/colors.c 2019-10-29 11:03:32.206632962 +0000 -@@ -731,8 +731,13 @@ read_colordb(void) +@@ -730,8 +730,13 @@ read_colordb(void) FILE *fp; #define MAX_LINE 100 char s[MAX_LINE], s1[MAX_LINE]; ++++++ fig2dev-3.2.7b.tar.xz -> fig2dev-3.2.8.tar.xz ++++++ ++++ 21439 lines of diff (skipped) ++++++ transfig-3.2.6.dif -> transfig-3.2.8.dif ++++++ --- /work/SRC/openSUSE:Factory/transfig/transfig-3.2.6.dif 2020-02-21 16:39:30.901692218 +0100 +++ /work/SRC/openSUSE:Factory/.transfig.new.2378/transfig-3.2.8.dif 2021-02-22 14:39:44.416576402 +0100 @@ -1,33 +1,48 @@ --- - fig2dev/dev/genps.c | 29 ++++++++++++++++++++++++----- + configure | 2 +- + fig2dev/dev/genps.c | 32 ++++++++++++++++++++++---------- fig2dev/dev/genpstex.c | 8 ++++++-- fig2dev/fig2ps2tex.csh | 2 +- - fig2dev/getopt.c | 9 +++++++++ + fig2dev/lib/getopt.c | 9 +++++++++ transfig/transfig.c | 2 ++ - 5 files changed, 42 insertions(+), 8 deletions(-) + 6 files changed, 41 insertions(+), 14 deletions(-) +--- configure ++++ configure 2021-02-12 08:54:37.958704809 +0000 +@@ -4015,7 +4015,7 @@ main () + + int dynamic_array[ni.number]; + dynamic_array[ni.number - 1] = 543; +- ++ free(ia); + // work around unused variable warnings + return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' + || dynamic_array[ni.number - 1] != 543); --- fig2dev/dev/genps.c -+++ fig2dev/dev/genps.c 2018-05-07 08:16:40.161130640 +0000 -@@ -59,6 +59,7 @@ ++++ fig2dev/dev/genps.c 2021-02-12 09:13:56.896176342 +0000 +@@ -56,6 +56,7 @@ #include <pwd.h> #endif #include <locale.h> +#include <langinfo.h> - #include "pi.h" - #include "fig2dev.h" /* includes "bool.h" */ -@@ -844,8 +845,9 @@ genps_start(F_compound *objects) + #include "fig2dev.h" /* includes bool.h and object.h */ + //#include "object.h" /* NUMSHADES, NUMTINTS */ +@@ -958,9 +959,10 @@ genps_start(F_compound *objects) fprintf(tfp, "%s\n", SPLINE_PS); #ifdef I18N if (support_i18n && iso_text_exist(objects)) { - char *libdir, *locale; +- char localefile_buf[128]; +- char *localefile = localefile_buf; + char *libdir, *locale, *codeset; - char localefile[512], str[512]; ++ char *localefile = NULL; + size_t llen; ++ int ret; FILE *fp; libdir = getenv("FIG2DEV_LIBDIR"); #ifdef I18N_DATADIR -@@ -853,18 +855,35 @@ genps_start(F_compound *objects) +@@ -968,19 +970,30 @@ genps_start(F_compound *objects) libdir = I18N_DATADIR; #endif locale = setlocale(LC_CTYPE, NULL); @@ -38,46 +53,55 @@ "fig2dev: LANG not defined; assuming C locale\n"); locale = "C"; } -- sprintf(localefile, "%s/%s.ps", libdir, locale); -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, locale); - /* get filename like ``/usr/local/lib/fig2dev/japanese.ps'' */ - fp = fopen(localefile, "rb"); - if (fp == NULL) { -- fprintf(stderr, "fig2dev: can not open file: %s\n", -- localefile); -- } else { -+ fprintf(stderr, "fig2dev: can not open file: %s\n", localefile); -+ } -+ if (fp == NULL && strlen(locale) != llen) { -+ locale[llen] = '\0'; -+ /* get filename like ``/usr/local/lib/fig2dev/de_DE.ps'' */ -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, locale); -+ fp = fopen(localefile, "rb"); -+ if (fp == NULL) -+ fprintf(stderr, "fig2dev: B can't open file: %s\n", localefile); +- if (strlen(libdir) + strlen(locale) + 5 > sizeof localefile_buf) +- localefile = malloc(strlen(libdir) + strlen(locale) + 5); +- if (localefile != NULL) { +- sprintf(localefile, "%s/%s.ps", libdir, locale); ++ retry: ++ ret = asprintf(&localefile, "%s/%s.ps", libdir, locale); ++ if (ret > 0) { + /* get filename like + ``/usr/local/lib/fig2dev/japanese.ps'' */ + fp = fopen(localefile, "rb"); + if (fp == NULL) { ++ if (strlen(locale) != llen) { ++ free(localefile); ++ locale[llen] = '\0'; ++ goto retry; ++ } ++ if (codeset && locale != codeset) { ++ free(localefile); ++ locale = codeset; ++ goto retry; ++ } + fprintf(stderr, "fig2dev: can not open file: %s\n", + localefile); + } else { +@@ -998,11 +1011,10 @@ genps_start(F_compound *objects) + "The output might be broken.\n", + localefile); + } +- fclose(fp); ++ fclose(fp); + } +- } +- if (localefile != localefile_buf) + free(localefile); + } -+ if (fp == NULL && codeset) { -+ /* get filename like ``/usr/local/lib/fig2dev/ISO-8859-9.ps'' */ -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, codeset); -+ fp = fopen(localefile, "rb"); -+ if (fp == NULL) -+ fprintf(stderr, "fig2dev: C can't open file: %s\n", localefile); -+ } -+ if (fp) { - while (fgets(str, sizeof(str), fp)) { - if (strstr(str, "CompositeRoman")) - enable_composite_font = true; + } + #endif /* I18N */ + --- fig2dev/dev/genpstex.c -+++ fig2dev/dev/genpstex.c 2018-05-07 08:10:27.872048970 +0000 -@@ -47,6 +47,7 @@ ++++ fig2dev/dev/genpstex.c 2021-02-12 09:17:16.360300734 +0000 +@@ -46,6 +46,7 @@ + #include <stdio.h> #include <string.h> - #include <ctype.h> +#include <sys/stat.h> #include "fig2dev.h" - #include "object.h" /* does #include <X11/xpm.h> */ -@@ -63,10 +64,13 @@ extern void + #include "object.h" +@@ -62,10 +63,13 @@ extern void genps_spline(F_spline *s), genlatex_option(char opt, char *optarg), genlatex_text(F_text *t), @@ -94,7 +118,7 @@ extern void genpdf_option(char opt, char *optarg); /* genpdf.c */ extern void genpdf_start(F_compound *objects); /* genpdf.c */ --- fig2dev/fig2ps2tex.csh -+++ fig2dev/fig2ps2tex.csh 2018-05-07 08:11:38.206742453 +0000 ++++ fig2dev/fig2ps2tex.csh 2021-02-12 08:54:37.954704887 +0000 @@ -22,7 +22,7 @@ # 2016-07-07 Thomas Loimer # * use here-document, instead of echo @@ -104,9 +128,9 @@ set bbox = `grep "^%%BoundingBox:" $1` set xsp = `echo "3k $bbox[4] $bbox[2] - 72 / p" | dc` ---- fig2dev/getopt.c -+++ fig2dev/getopt.c 2018-05-07 08:13:44.400397232 +0000 -@@ -48,6 +48,7 @@ static char sccsfid[] = "@(#) getopt.c 5 +--- fig2dev/lib/getopt.c ++++ fig2dev/lib/getopt.c 2021-02-12 08:54:37.954704887 +0000 +@@ -42,6 +42,7 @@ #define EMSG "" #define ENDARGS "--" @@ -114,7 +138,7 @@ /* * get option letter from argument vector */ -@@ -94,3 +95,11 @@ fig_getopt(int nargc, char **nargv, char +@@ -88,3 +89,11 @@ getopt(int nargc, char **nargv, const ch } return optc; /* dump back option letter */ } @@ -127,7 +151,7 @@ +} +#endif --- transfig/transfig.c -+++ transfig/transfig.c 2018-05-07 08:01:42.105796359 +0000 ++++ transfig/transfig.c 2021-02-12 08:54:37.954704887 +0000 @@ -26,6 +26,8 @@ #include <stdio.h> @@ -137,35 +161,3 @@ #include "transfig.h" extern void sysmv(char *file); /* sys.c */ ---- configure -+++ configure 2020-01-24 13:08:02.103408590 +0000 -@@ -4122,7 +4122,7 @@ main () - - int dynamic_array[ni.number]; - dynamic_array[ni.number - 1] = 543; -- -+ free(ia); - // work around unused variable warnings - return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' - || dynamic_array[ni.number - 1] != 543); -@@ -6377,8 +6377,8 @@ char *malloc (); - int - main () - { --return ! malloc (0); -- ; -+void *tmp = malloc (0); -+if (tmp) free (tmp); return !tmp; - return 0; - } - _ACEOF -@@ -6444,7 +6444,8 @@ char *realloc (); - int - main () - { --return ! realloc (0, 0); -+void *tmp = realloc (0, 0); -+if (tmp) free (tmp); return !tmp; - ; - return 0; - } ++++++ transfig-fix-afl.patch ++++++ --- /var/tmp/diff_new_pack.WDTzPP/_old 2021-02-22 14:39:45.656577777 +0100 +++ /var/tmp/diff_new_pack.WDTzPP/_new 2021-02-22 14:39:45.656577777 +0100 @@ -1,10 +1,10 @@ --- - fig2dev-3.2.7b/fig2dev/alloc.h | 20 ++++++++++---------- + fig2dev-3.2.8/fig2dev/alloc.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) ---- fig2dev-3.2.7b/fig2dev/alloc.h -+++ fig2dev-3.2.7b/fig2dev/alloc.h 2019-10-29 10:49:00.939061663 +0000 -@@ -19,16 +19,16 @@ +--- fig2dev-3.2.8/fig2dev/alloc.h ++++ fig2dev-3.2.8/fig2dev/alloc.h 2021-02-12 09:43:47.313357380 +0000 +@@ -19,15 +19,15 @@ #ifndef ALLOC_H #define ALLOC_H @@ -29,5 +29,4 @@ +#define Control_malloc(z) z = calloc(CONTROL_SIZE,1) +#define Arrow_malloc(z) z = calloc(ARROW_SIZE,1) - extern char Err_mem[]; - + #endif /* ALLOC_H */
