commit transfig for openSUSE:Factory

Sun, 23 May 2021 14:31:04 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package transfig for openSUSE:Factory 
checked in at 2021-05-23 23:30:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/transfig (Old)
 and      /work/SRC/openSUSE:Factory/.transfig.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "transfig"

Sun May 23 23:30:39 2021 rev:48 rq:894796 version:3.2.8a

Changes:
--------
--- /work/SRC/openSUSE:Factory/transfig/transfig.changes        2021-04-10 
15:26:05.366287556 +0200
+++ /work/SRC/openSUSE:Factory/.transfig.new.2988/transfig.changes      
2021-05-23 23:30:46.004696947 +0200
@@ -1,0 +2,7 @@
+Fri May 21 11:50:39 UTC 2021 - Dr. Werner Fink <[email protected]>
+
+- Add upstream commit as patch 6827c09d.patch
+  Global buffer overflow in fig2dev/read.c in function read_colordef() 
+  (boo#1186329, CVE-2021-3561) 
+
+-------------------------------------------------------------------

New:
----
  6827c09d.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ transfig.spec ++++++
--- /var/tmp/diff_new_pack.g0SsUp/_old  2021-05-23 23:30:46.532694757 +0200
+++ /var/tmp/diff_new_pack.g0SsUp/_new  2021-05-23 23:30:46.536694740 +0200
@@ -53,6 +53,7 @@
 Group:          Productivity/Graphics/Convertors
 Source:         fig2dev-%{version}.tar.xz
 Patch0:         transfig-3.2.8.dif
+Patch1:         6827c09d.patch
 Patch4:         transfig-fix-afl.patch
 Patch43:        fig2dev-3.2.6-fig2mpdf.patch
 Patch44:        fig2dev-3.2.6-fig2mpdf-doc.patch
@@ -94,6 +95,7 @@
 %setup -q -n fig2dev-%{version}
 find -type f | xargs -r chmod a-x,go-w
 %patch0 -p0 -b .0
+%patch1 -p0 -b .1
 %patch4 -p1 -b .afl
 %patch43 -p1 -b .mpdf
 %patch44 -p1 -b .mpdfdoc

++++++ 6827c09d.patch ++++++
>From 6827c09d2d6491cb2ae3ac7196439ff3aa791fd9 Mon Sep 17 00:00:00 2001
From: Thomas Loimer <[email protected]>
Date: Sun, 25 Apr 2021 00:49:15 +0200
Subject: [PATCH] Sanitize color definitions, ticket #116

---
 fig2dev/read.c | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git fig2dev/read.c fig2dev/read.c
index 7e18fda..4c6bacc 100644
--- fig2dev/read.c
+++ fig2dev/read.c
@@ -520,30 +520,37 @@ read_colordef(char *line, int line_no)
 
        if (num_usr_cols >= MAX_USR_COLS) {
                if (num_usr_cols == MAX_USR_COLS) {
-                       put_msg("Maximum number of color definitions (%d) 
exceeded at line %d.",
+                       put_msg("Maximum number of color definitions (%d) "
+                                       "exceeded at line %d.",
                                        MAX_USR_COLS, line_no);
                        ++num_usr_cols;
                }
                /* ignore additional colors */
                return;
        }
-       if (sscanf(line, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) != 4) {
-               if (c >= NUM_STD_COLS && c < NUM_STD_COLS + MAX_USR_COLS) {
-                       put_msg("Invalid color definition at line %d: %s, 
setting to black (#00000).",
-                                       line_no, line);
-                       r = g = b = 0;
-               } else {
-                       put_msg("User color number at line %d out of range 
(%d), should be between %d and %d.",
+       if (sscanf(line, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) == 4) {
+               if (c >= NUM_STD_COLS && c < NUM_STD_COLS + MAX_USR_COLS &&
+                               r >=0 && r < 256 && g >=0 && g < 256 &&
+                               b >= 0 && b < 256 ) {
+                       user_col_indx[num_usr_cols] = c;
+                       user_colors[num_usr_cols].r = r;
+                       user_colors[num_usr_cols].g = g;
+                       user_colors[num_usr_cols].b = b;
+                       ++num_usr_cols;
+               } else if (c < NUM_STD_COLS || c >= NUM_STD_COLS+MAX_USR_COLS) {
+                       put_msg("User color number at line %d out of range (%d)"
+                                       ", should be between %d and %d.",
                                        line_no, c, NUM_STD_COLS,
                                        NUM_STD_COLS + MAX_USR_COLS - 1);
-                       return;
+               } else {
+                       put_msg("Invalid color definition at line %d: %s, color"
+                                      " values must be between 0 through 255.",
+                                                               line_no, line);
                }
+       } else {
+               put_msg("Invalid color definition at line %d: %s.",
+                                                       line_no, line);
        }
-       user_col_indx[num_usr_cols] = c;
-       user_colors[num_usr_cols].r = r;
-       user_colors[num_usr_cols].g = g;
-       user_colors[num_usr_cols].b = b;
-       ++num_usr_cols;
 }
 
 static void
-- 
2.26.2

Reply via email to