Hello community, here is the log from the commit of package transfig for openSUSE:Factory checked in at 2020-01-30 09:38:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/transfig (Old) and /work/SRC/openSUSE:Factory/.transfig.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transfig" Thu Jan 30 09:38:23 2020 rev:43 rq:768027 version:3.2.7b Changes: -------- --- /work/SRC/openSUSE:Factory/transfig/transfig.changes 2019-12-11 12:01:36.968828915 +0100 +++ /work/SRC/openSUSE:Factory/.transfig.new.26092/transfig.changes 2020-01-30 09:39:01.913414041 +0100 @@ -1,0 +2,13 @@ +Tue Jan 21 13:08:49 UTC 2020 - Dr. Werner Fink <wer...@suse.de> + +- Avoid auto(re)config + +------------------------------------------------------------------- +Tue Jan 21 12:15:46 UTC 2020 - Dr. Werner Fink <wer...@suse.de> + +- Add security patches + * CVE-2019-19746.patch -- bsc#1159130 + * c379fe.patch ... currently without CVE and bugzilla entry + * CVE-2019-19797.patch -- bsc#1159293 + +------------------------------------------------------------------- New: ---- CVE-2019-19746.patch CVE-2019-19797.patch c379fe.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transfig.spec ++++++ --- /var/tmp/diff_new_pack.ULIjeu/_old 2020-01-30 09:39:03.697414995 +0100 +++ /var/tmp/diff_new_pack.ULIjeu/_new 2020-01-30 09:39:03.701414998 +0100 @@ -1,7 +1,7 @@ # # spec file for package transfig # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -57,6 +57,9 @@ Patch2: transfig.3.2.5-binderman.dif Patch3: transfig.3.2.5d-mediaboxrealnb.dif Patch4: transfig-fix-afl.patch +Patch5: CVE-2019-19746.patch +Patch6: c379fe.patch +Patch7: CVE-2019-19797.patch Patch43: fig2dev-3.2.6-fig2mpdf.patch Patch44: fig2dev-3.2.6-fig2mpdf-doc.patch Patch45: fig2dev-3.2.6a-RGBFILE.patch @@ -101,6 +104,9 @@ %patch2 -p0 -b .bm %patch3 -p0 -b .mbox %patch4 -p1 -b .afl +%patch5 -p0 -b .sec2 +%patch6 -p0 -b .sec3 +%patch7 -p0 -b .sec4 %patch43 -p2 -b .mpdf %patch44 -p1 -b .mpdfdoc %patch45 -p1 -b .p45 ++++++ CVE-2019-19746.patch ++++++ Based on 3065abc7b4f740ed6532322843531317de782a26 Mon Sep 17 00:00:00 2001 From: Thomas Loimer <thomas.loi...@tuwien.ac.at> Date: Tue, 10 Dec 2019 13:17:36 +0100 Subject: [PATCH] Reject huge arrow types, ticket #57 An arrow type being large enough would pass the test for a valid type by integer overflow. --- fig2dev/arrow.c | 13 ++++++++----- fig2dev/tests/read.at | 12 ++++++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) --- fig2dev/arrow.c +++ fig2dev/arrow.c 2020-01-21 11:02:33.457498151 +0000 @@ -1,9 +1,10 @@ /* * Fig2dev: Translate Fig code to various Devices - * Copyright (c) 1985 by Supoj Sutantavibul * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1989-2002 by Brian V. Smith - * Parts Copyright (c) 2015-2018 by Thomas Loimer + * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul + * Parts Copyright (c) 1989-2015 by Brian V. Smith + * Parts Copyright (c) 2015-2019 by Thomas Loimer + * * * Any party obtaining a copy of these files is granted, free of charge, a * full and unrestricted irrevocable, world-wide, paid up, royalty-free, @@ -78,7 +79,9 @@ make_arrow(int type, int style, double t { F_arrow *a; - if (style < 0 || style > 1 || type < 0 || (type + 1) * 2 > NUMARROWS) + if (style < 0 || style > 1 || type < 0 || + /* beware of int overflow */ + type > NUMARROWS || (type + 1) * 2 > NUMARROWS) return NULL; if (NULL == (Arrow_malloc(a))) { put_msg(Err_mem); @@ -90,7 +93,7 @@ make_arrow(int type, int style, double t a->type = type; a->style = style; - a->thickness = thickness*THICK_SCALE; + a->thickness = thickness * THICK_SCALE; a->wid = wid; a->ht = ht; return a; --- fig2dev/tests/read.at +++ fig2dev/tests/read.at 2020-01-21 11:02:33.457498151 +0000 @@ -135,6 +135,18 @@ A single point with a backward arrow - r ]) AT_CLEANUP +AT_SETUP([reject huge arrow-type, ticket #57]) +AT_KEYWORDS(arrow.c arrow) +AT_CHECK([fig2dev -L box <<EOF +FIG_FILE_TOP +2 1 0 1 -1 -1 50 -1 -1 0. 0 0 0 1 0 2 + 10000000000000 0 1 60 120 +0 0 600 0 +EOF +], 1, ignore, [Invalid forward arrow at line 11. +]) +AT_CLEANUP + AT_SETUP([reject negative font type]) AT_KEYWORDS(read.c font) AT_CHECK([fig2dev -L box <<EOF ++++++ CVE-2019-19797.patch ++++++ ++++ 1867 lines (skipped) ++++++ c379fe.patch ++++++ Based on c379fe50574e5b5dd6e17f15d8473c5713d1b823 Mon Sep 17 00:00:00 2001 From: Thomas Loimer <thomas.loi...@tuwien.ac.at> Date: Wed, 11 Dec 2019 21:36:46 +0100 Subject: [PATCH] Convert polygons with too few points to polylines As a side effect, this also fixes ticket #56. --- fig2dev/read.c | 16 ++++++++++++++++ fig2dev/tests/read.at | 11 +++++++++++ 2 files changed, 27 insertions(+) --- fig2dev/read.c +++ fig2dev/read.c 2020-01-21 11:29:27.367140319 +0000 @@ -793,8 +793,10 @@ read_ellipseobject(void) /* * Sanitize line objects. Return 0 on success, -1 otherwise. * On error, call free_linestorage(l) after sanitize_lineobject(). + * * polylines: remove fill, if less than 3 points * remove arrows, if only one point + * polygons: convert to polyline if less than 3 unique points * rectangles, polygons: last point must coincide with first point * rectangle: convert to polygon, if not 5 points * rectangle with rounded corners: error, if not 5 points @@ -854,6 +856,20 @@ sanitize_lineobject( q->y = l->points->y; } + if (l->type == T_POLYGON) { + int npts; + + q = l->points; + for (npts = 1; q->next && npts < 4; q = q->next) + ++npts; + if (npts < 4 ) { + put_msg("A polygon with %d points at line %d - convert to a polyline.", + npts, line_no); + l->type = T_POLYLINE; + return 0; + } + } + if (l->type == T_BOX || l->type == T_ARC_BOX || l->type == T_PIC_BOX) { int npts = 1; for (q = l->points; q->next; q = q->next) --- fig2dev/tests/read.at +++ fig2dev/tests/read.at 2020-01-21 11:29:27.367140319 +0000 @@ -147,6 +147,17 @@ EOF ]) AT_CLEANUP +AT_SETUP([convert short polygon to polyline, ticket #56]) +AT_KEYWORDS(read.c polygon) +AT_CHECK([fig2dev -L ptk <<EOF +FIG_FILE_TOP +2 3 0 1 -1 -1 50 -1 -1 0.0 0 0 -1 0 0 1 + 0 0 +EOF +], 0, ignore, [A polygon with 1 points at line 11 - convert to a polyline. +]) +AT_CLEANUP + AT_SETUP([reject negative font type]) AT_KEYWORDS(read.c font) AT_CHECK([fig2dev -L box <<EOF