Hello community,
here is the log from the commit of package transfig for openSUSE:Factory
checked in at 2020-01-30 09:38:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/transfig (Old)
and /work/SRC/openSUSE:Factory/.transfig.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transfig"
Thu Jan 30 09:38:23 2020 rev:43 rq:768027 version:3.2.7b
Changes:
--------
--- /work/SRC/openSUSE:Factory/transfig/transfig.changes 2019-12-11
12:01:36.968828915 +0100
+++ /work/SRC/openSUSE:Factory/.transfig.new.26092/transfig.changes
2020-01-30 09:39:01.913414041 +0100
@@ -1,0 +2,13 @@
+Tue Jan 21 13:08:49 UTC 2020 - Dr. Werner Fink <wer...@suse.de>
+
+- Avoid auto(re)config
+
+-------------------------------------------------------------------
+Tue Jan 21 12:15:46 UTC 2020 - Dr. Werner Fink <wer...@suse.de>
+
+- Add security patches
+ * CVE-2019-19746.patch -- bsc#1159130
+ * c379fe.patch ... currently without CVE and bugzilla entry
+ * CVE-2019-19797.patch -- bsc#1159293
+
+-------------------------------------------------------------------
New:
----
CVE-2019-19746.patch
CVE-2019-19797.patch
c379fe.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ transfig.spec ++++++
--- /var/tmp/diff_new_pack.ULIjeu/_old 2020-01-30 09:39:03.697414995 +0100
+++ /var/tmp/diff_new_pack.ULIjeu/_new 2020-01-30 09:39:03.701414998 +0100
@@ -1,7 +1,7 @@
#
# spec file for package transfig
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -57,6 +57,9 @@
Patch2: transfig.3.2.5-binderman.dif
Patch3: transfig.3.2.5d-mediaboxrealnb.dif
Patch4: transfig-fix-afl.patch
+Patch5: CVE-2019-19746.patch
+Patch6: c379fe.patch
+Patch7: CVE-2019-19797.patch
Patch43: fig2dev-3.2.6-fig2mpdf.patch
Patch44: fig2dev-3.2.6-fig2mpdf-doc.patch
Patch45: fig2dev-3.2.6a-RGBFILE.patch
@@ -101,6 +104,9 @@
%patch2 -p0 -b .bm
%patch3 -p0 -b .mbox
%patch4 -p1 -b .afl
+%patch5 -p0 -b .sec2
+%patch6 -p0 -b .sec3
+%patch7 -p0 -b .sec4
%patch43 -p2 -b .mpdf
%patch44 -p1 -b .mpdfdoc
%patch45 -p1 -b .p45
++++++ CVE-2019-19746.patch ++++++
Based on 3065abc7b4f740ed6532322843531317de782a26 Mon Sep 17 00:00:00 2001
From: Thomas Loimer <thomas.loi...@tuwien.ac.at>
Date: Tue, 10 Dec 2019 13:17:36 +0100
Subject: [PATCH] Reject huge arrow types, ticket #57
An arrow type being large enough would pass the test for
a valid type by integer overflow.
---
fig2dev/arrow.c | 13 ++++++++-----
fig2dev/tests/read.at | 12 ++++++++++++
2 files changed, 20 insertions(+), 5 deletions(-)
--- fig2dev/arrow.c
+++ fig2dev/arrow.c 2020-01-21 11:02:33.457498151 +0000
@@ -1,9 +1,10 @@
/*
* Fig2dev: Translate Fig code to various Devices
- * Copyright (c) 1985 by Supoj Sutantavibul
* Copyright (c) 1991 by Micah Beck
- * Parts Copyright (c) 1989-2002 by Brian V. Smith
- * Parts Copyright (c) 2015-2018 by Thomas Loimer
+ * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+ * Parts Copyright (c) 1989-2015 by Brian V. Smith
+ * Parts Copyright (c) 2015-2019 by Thomas Loimer
+ *
*
* Any party obtaining a copy of these files is granted, free of charge, a
* full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -78,7 +79,9 @@ make_arrow(int type, int style, double t
{
F_arrow *a;
- if (style < 0 || style > 1 || type < 0 || (type + 1) * 2 > NUMARROWS)
+ if (style < 0 || style > 1 || type < 0 ||
+ /* beware of int overflow */
+ type > NUMARROWS || (type + 1) * 2 > NUMARROWS)
return NULL;
if (NULL == (Arrow_malloc(a))) {
put_msg(Err_mem);
@@ -90,7 +93,7 @@ make_arrow(int type, int style, double t
a->type = type;
a->style = style;
- a->thickness = thickness*THICK_SCALE;
+ a->thickness = thickness * THICK_SCALE;
a->wid = wid;
a->ht = ht;
return a;
--- fig2dev/tests/read.at
+++ fig2dev/tests/read.at 2020-01-21 11:02:33.457498151 +0000
@@ -135,6 +135,18 @@ A single point with a backward arrow - r
])
AT_CLEANUP
+AT_SETUP([reject huge arrow-type, ticket #57])
+AT_KEYWORDS(arrow.c arrow)
+AT_CHECK([fig2dev -L box <<EOF
+FIG_FILE_TOP
+2 1 0 1 -1 -1 50 -1 -1 0. 0 0 0 1 0 2
+ 10000000000000 0 1 60 120
+0 0 600 0
+EOF
+], 1, ignore, [Invalid forward arrow at line 11.
+])
+AT_CLEANUP
+
AT_SETUP([reject negative font type])
AT_KEYWORDS(read.c font)
AT_CHECK([fig2dev -L box <<EOF
++++++ CVE-2019-19797.patch ++++++
++++ 1867 lines (skipped)
++++++ c379fe.patch ++++++
Based on c379fe50574e5b5dd6e17f15d8473c5713d1b823 Mon Sep 17 00:00:00 2001
From: Thomas Loimer <thomas.loi...@tuwien.ac.at>
Date: Wed, 11 Dec 2019 21:36:46 +0100
Subject: [PATCH] Convert polygons with too few points to polylines
As a side effect, this also fixes ticket #56.
---
fig2dev/read.c | 16 ++++++++++++++++
fig2dev/tests/read.at | 11 +++++++++++
2 files changed, 27 insertions(+)
--- fig2dev/read.c
+++ fig2dev/read.c 2020-01-21 11:29:27.367140319 +0000
@@ -793,8 +793,10 @@ read_ellipseobject(void)
/*
* Sanitize line objects. Return 0 on success, -1 otherwise.
* On error, call free_linestorage(l) after sanitize_lineobject().
+ *
* polylines: remove fill, if less than 3 points
* remove arrows, if only one point
+ * polygons: convert to polyline if less than 3 unique points
* rectangles, polygons: last point must coincide with first point
* rectangle: convert to polygon, if not 5 points
* rectangle with rounded corners: error, if not 5 points
@@ -854,6 +856,20 @@ sanitize_lineobject(
q->y = l->points->y;
}
+ if (l->type == T_POLYGON) {
+ int npts;
+
+ q = l->points;
+ for (npts = 1; q->next && npts < 4; q = q->next)
+ ++npts;
+ if (npts < 4 ) {
+ put_msg("A polygon with %d points at line %d - convert
to a polyline.",
+ npts, line_no);
+ l->type = T_POLYLINE;
+ return 0;
+ }
+ }
+
if (l->type == T_BOX || l->type == T_ARC_BOX || l->type == T_PIC_BOX) {
int npts = 1;
for (q = l->points; q->next; q = q->next)
--- fig2dev/tests/read.at
+++ fig2dev/tests/read.at 2020-01-21 11:29:27.367140319 +0000
@@ -147,6 +147,17 @@ EOF
])
AT_CLEANUP
+AT_SETUP([convert short polygon to polyline, ticket #56])
+AT_KEYWORDS(read.c polygon)
+AT_CHECK([fig2dev -L ptk <<EOF
+FIG_FILE_TOP
+2 3 0 1 -1 -1 50 -1 -1 0.0 0 0 -1 0 0 1
+ 0 0
+EOF
+], 0, ignore, [A polygon with 1 points at line 11 - convert to a polyline.
+])
+AT_CLEANUP
+
AT_SETUP([reject negative font type])
AT_KEYWORDS(read.c font)
AT_CHECK([fig2dev -L box <<EOF
