diff --git a/00cded.patch b/00cded.patch new file mode 100644 index 0000000..adf0034 --- /dev/null +++ b/00cded.patch @@ -0,0 +1,79 @@ +From 00cdedac7a0b029846dee891769a1e77df83a01b Mon Sep 17 00:00:00 2001 +From: Thomas Loimer +Date: Sat, 25 Jan 2020 15:04:59 +0100 +Subject: [PATCH] Accept -1 as default TeX font, fixes ticket #81 + +The default for PostScript fonts is -1, for TeX fonts 0. Accepting -1 for TeX +fonts lead to out-of-bound read. Now, -1 for TeX fonts is converted to 0. +--- + fig2dev/dev/genpict2e.c | 9 +++++---- + fig2dev/dev/gentikz.c | 9 +++++---- + fig2dev/tests/read.at | 10 ++++++++++ + 3 files changed, 20 insertions(+), 8 deletions(-) + +diff --git fig2dev/dev/genpict2e.c fig2dev/dev/genpict2e.c +index 6ab442e..dd6fd95 100644 +--- fig2dev/dev/genpict2e.c ++++ fig2dev/dev/genpict2e.c +@@ -2223,11 +2223,12 @@ put_font(F_text *t) + } + + if (psfont_text(t)) +- fprintf(tfp, "\\usefont%s", +- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]); ++ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ? ++ t->font + 1 : 0]); + else +- fprintf(tfp, "\\normalfont%s ", +- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]); ++ /* Default psfont is -1, default texfont 0, also accept -1. */ ++ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ? ++ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]); + } + + void +diff --git fig2dev/dev/gentikz.c fig2dev/dev/gentikz.c +index 797ca1c..b374e10 100644 +--- fig2dev/dev/gentikz.c ++++ fig2dev/dev/gentikz.c +@@ -1772,11 +1772,12 @@ put_font(F_text *t) + } + + if (psfont_text(t)) +- fprintf(tfp, "\\usefont%s", +- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]); ++ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ? ++ t->font + 1 : 0]); + else +- fprintf(tfp, "\\normalfont%s ", +- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]); ++ /* Default psfont is -1, default texfont 0, also accept -1. */ ++ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ? ++ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]); + } + + /* +diff --git fig2dev/tests/read.at fig2dev/tests/read.at +index 9b34bfb..331afb5 100644 +--- fig2dev/tests/read.at ++++ fig2dev/tests/read.at +@@ -406,6 +406,16 @@ EOF + ]) + AT_CLEANUP + ++AT_SETUP([allow tex font -1, ticket #81]) ++AT_DATA([text.fig], [FIG_FILE_TOP ++4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 ++]) ++AT_CHECK([fig2dev -L pict2e text.fig ++], 0, ignore) ++AT_CHECK([fig2dev -L tikz text.fig ++], 0, ignore) ++AT_CLEANUP ++ + AT_BANNER([Dynamically allocate picture file name.]) + + AT_SETUP([prepend fig file path to picture file name]) +-- +2.16.4 + diff --git a/2f8d1a.patch b/2f8d1a.patch new file mode 100644 index 0000000..63a4690 --- /dev/null +++ b/2f8d1a.patch @@ -0,0 +1,63 @@ +From 2f8d1ae9763dcdc99b88a2b14849fe37174bcd69 Mon Sep 17 00:00:00 2001 +From: Thomas Loimer +Date: Wed, 29 Jan 2020 22:53:32 +0100 +Subject: [PATCH] Reject out-of-range pattern, ticket #63 + +--- + fig2dev/object.h | 2 +- + fig2dev/tests/read.at | 19 +++++++++++++++++-- + 2 files changed, 18 insertions(+), 3 deletions(-) + +diff --git fig2dev/object.h fig2dev/object.h +index 8464010..6830b13 100644 +--- fig2dev/object.h ++++ fig2dev/object.h +@@ -61,7 +61,7 @@ typedef struct f_comment { + o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE || \ + o->thickness < 0 || o->depth < 0 || o->depth > 999 || \ + o->fill_style < UNFILLED || \ +- o->fill_style > NUMSHADES + NUMTINTS + NUMPATTERNS || \ ++ o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS || \ + o->style_val < 0.0 + + typedef struct f_ellipse { +|diff --git fig2dev/tests/read.at fig2dev/tests/read.at +|index 2d066e4..bf117ee 100644 +|--- fig2dev/tests/read.at +|+++ fig2dev/tests/read.at +|@@ -421,15 +421,30 @@ AT_CLEANUP +| +| AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) +| AT_KEYWORDS([read.c svg]) +|-AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) +|+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], +|+1, ignore, [ASCII NUL ('\0') in line 11. +|+]) +| AT_CLEANUP +| +| AT_SETUP([reject out of range text angle, ticket #76]) +|+AT_KEYWORDS([read.c pstricks]) +| AT_CHECK([fig2dev -L pstricks < +Date: Tue, 4 Feb 2020 20:58:27 +0100 +Subject: [PATCH] Allow arrows with zero length on arcs, ticket #74 + +--- + fig2dev/bound.c | 9 +++++---- + fig2dev/tests/output.at | 10 +++++++++- + 2 files changed, 14 insertions(+), 5 deletions(-) + +diff --git fig2dev/bound.c fig2dev/bound.c +index ce7f4d1..d305ab9 100644 +--- fig2dev/bound.c ++++ fig2dev/bound.c +@@ -3,7 +3,7 @@ + * Copyright (c) 1985 Supoj Sutanthavibul + * Copyright (c) 1991 Micah Beck + * Parts Copyright (c) 1989-2015 by Brian V. Smith +- * Parts Copyright (c) 2015-2019 Thomas Loimer ++ * Parts Copyright (c) 2015-2020 Thomas Loimer + * + * Any party obtaining a copy of these files is granted, free of charge, a + * full and unrestricted irrevocable, world-wide, paid up, royalty-free, +@@ -1095,9 +1095,8 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, + r=sqrt(dx*dx+dy*dy); + h = (double) arrow->ht; + /* lines are made a little thinner in set_linewidth */ +- thick = (arrow->thickness <= THICK_SCALE) ? +- 0.5* arrow->thickness : +- arrow->thickness - THICK_SCALE; ++ thick = arrow->thickness <= THICK_SCALE ? ++ 0.5 * arrow->thickness : arrow->thickness - THICK_SCALE; + /* lpt is the amount the arrowhead extends beyond the end of the line */ + lpt = thick/2.0/(arrow->wid/h/2.0); + /* add this to the length */ +@@ -1107,6 +1106,8 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, + if (h > 2.0*r) { + arc_tangent_int(x1,y1,x2,y2,direction,x,y); + return; ++ } else if (h < thick) { ++ h = thick; + } + + beta=atan2(dy,dx); +diff --git fig2dev/tests/output.at fig2dev/tests/output.at +index fd06727..e0d088c 100644 +--- fig2dev/tests/output.at ++++ fig2dev/tests/output.at +@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to various Devices + dnl Copyright (c) 1991 by Micah Beck + dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul + dnl Parts Copyright (c) 1989-2015 by Brian V. Smith +-dnl Parts Copyright (c) 2015-2019 by Thomas Loimer ++dnl Parts Copyright (c) 2015-2020 by Thomas Loimer + dnl + dnl Any party obtaining a copy of these files is granted, free of charge, a + dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free, +@@ -175,6 +175,14 @@ AT_CHECK([fig2dev -L pict2e -P big1.fig big1.tex && \ + ], 0, ignore) + AT_CLEANUP + ++AT_SETUP([accept arc arrows with zero height, ticket #74]) ++AT_KEYWORDS(pict2e) ++AT_CHECK([fig2dev -L pict2e < +Date: Mon, 27 Jan 2020 23:01:11 +0100 +Subject: [PATCH] Accept -1 TeX font in more places, fixes #71, #75 + +Continue the work started in commit [00cded]. Fix the fundamental issue of +tickets #71 and #75, which was hidden by commit [d70e4b]. +--- + fig2dev/dev/texfonts.h | 14 +++++++++----- + fig2dev/tests/read.at | 4 +++- + 2 files changed, 12 insertions(+), 6 deletions(-) + +diff --git fig2dev/dev/texfonts.h fig2dev/dev/texfonts.h +index 89097f2..e5254b6 100644 +--- fig2dev/dev/texfonts.h ++++ fig2dev/dev/texfonts.h +@@ -35,17 +35,21 @@ extern char texfontsizes[]; + #define MAXFONTSIZE 42 + + #ifdef NFSS +-#define TEXFAMILY(F) (texfontfamily[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) +-#define TEXSERIES(F) (texfontseries[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) +-#define TEXSHAPE(F) (texfontshape[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) ++#define TEXFAMILY(F) texfontfamily[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ ++ : MAX_FONT-1] ++#define TEXSERIES(F) texfontseries[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ ++ : MAX_FONT-1] ++#define TEXSHAPE(F) texfontshape[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ ++ : MAX_FONT-1] + #endif +-#define TEXFONT(F) (texfontnames[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) ++#define TEXFONT(F) texfontnames[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ ++ : MAX_FONT-1] + + /* + #define TEXFONTSIZE(S) (texfontsizes[((S) <= MAXFONTSIZE) ? (int)(round(S))\ + : (MAXFONTSIZE-1)]) + */ +-#define TEXFONTSIZE(S) (((S) <= MAXFONTSIZE) ? texfontsizes[(int)(round(S))] : (S)) ++#define TEXFONTSIZE(S) ((S) <= MAXFONTSIZE ? texfontsizes[(int)round(S)] : (S)) + #define TEXFONTMAG(T) TEXFONTSIZE(T->size*(rigid_text(T) ? 1.0 : fontmag)) + + void setfigfont(F_text *text); /* genepic.c */ +|diff --git fig2dev/tests/read.at fig2dev/tests/read.at +|index 60982b0..726e6da 100644 +|--- fig2dev/tests/read.at +|+++ fig2dev/tests/read.at +|@@ -406,7 +406,7 @@ EOF +| ]) +| AT_CLEANUP +| +|-AT_SETUP([allow tex font -1, ticket #81]) +|+AT_SETUP([allow tex font -1, tickets #71, #75, #81]) +| AT_KEYWORDS([pict2e tikz]) +| AT_DATA([text.fig], [FIG_FILE_TOP +| 4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 +|@@ -415,6 +415,8 @@ AT_CHECK([fig2dev -L pict2e text.fig +| ], 0, ignore) +| AT_CHECK([fig2dev -L tikz text.fig +| ], 0, ignore) +|+AT_CHECK([fig2dev -L mp text.fig +|+], 0, ignore) +| AT_CLEANUP +| +| AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) +-- +2.16.4 + diff --git a/4d4e1f.patch b/4d4e1f.patch new file mode 100644 index 0000000..1ac8d84 --- /dev/null +++ b/4d4e1f.patch @@ -0,0 +1,114 @@ +From 4d4e1fdac467c386cba8706aa0067d5ab8da02d7 Mon Sep 17 00:00:00 2001 +From: Thomas Loimer +Date: Mon, 3 Feb 2020 23:39:32 +0100 +Subject: [PATCH] Allow DEFAULT color in cgm and ge output, #72, #73 + +Also, fix a memory leak in gencgm.c. +--- + fig2dev/dev/gencgm.c | 8 +++++++- + fig2dev/dev/genge.c | 7 ++++--- + fig2dev/tests/data/line.fig | 2 +- + fig2dev/tests/output.at | 12 ++++++++++++ + 4 files changed, 24 insertions(+), 5 deletions(-) + +diff --git fig2dev/dev/gencgm.c fig2dev/dev/gencgm.c +index 0f472a8..e12940f 100644 +--- fig2dev/dev/gencgm.c ++++ fig2dev/dev/gencgm.c +@@ -151,9 +151,11 @@ gencgm_start(F_compound *objects) + { + int i; + char *p, *figname; ++ char *figname_buf = NULL; + + if (from) { +- figname = strdup(from); ++ figname_buf = strdup(from); ++ figname = figname_buf; + p = strrchr(figname, '/'); + if (p) + figname = p+1; /* remove path from name for comment in file */ +@@ -255,6 +257,8 @@ gencgm_start(F_compound *objects) + print_comments("% ",objects->comments, " %"); + fprintf(tfp,"%% %%\n"); + } ++ if (figname_buf) ++ free(figname_buf); + } + + int +@@ -552,6 +556,8 @@ hatchindex(index) + static void + getrgb(int color, int *r, int *g, int *b) + { ++ if (color < 0) /* DEFAULT color is black */ ++ color = 0; + if (color < NUM_STD_COLS) { + *r = stdcols[color].r * 255.; + *g = stdcols[color].g * 255.; +diff --git fig2dev/dev/genge.c fig2dev/dev/genge.c +index b171f39..5697bb6 100644 +--- fig2dev/dev/genge.c ++++ fig2dev/dev/genge.c +@@ -56,7 +56,8 @@ static void genge_ctl_spline(F_spline *s); + /* color mapping */ + /* xfig ge */ + +-static int GE_COLORS[] = { 1, /* black black */ ++static int GE_COLORS[] = { 1, /* DEFAULT == black */ ++ 1, /* black black */ + 8, /* blue blue */ + 7, /* green green */ + 6, /* cyan cyan */ +@@ -438,7 +439,7 @@ back_arrow(F_line *l) + static void + set_color(int col) + { +- fprintf(tfp,"c%02d ",GE_COLORS[col]); ++ fprintf(tfp,"c%02d ",GE_COLORS[col + 1]); + } + + /* set fill if there is a fill style */ +@@ -447,7 +448,7 @@ static void + set_fill(int style, int color) + { + if (style != UNFILLED) +- fprintf(tfp,"C%02d ",GE_COLORS[color]); ++ fprintf(tfp,"C%02d ",GE_COLORS[color + 1]); + } + + /* +diff --git fig2dev/tests/data/line.fig fig2dev/tests/data/line.fig +index e033b12..bfc4976 100644 +--- fig2dev/tests/data/line.fig ++++ fig2dev/tests/data/line.fig +@@ -7,5 +7,5 @@ A9 + Single + -2 + 1200 2 +-2 1 0 3 0 7 50 -1 -1 0.0 0 0 -1 0 0 3 ++2 1 0 3 -1 7 50 -1 -1 0.0 0 0 -1 0 0 3 + 50 50 500 50 500 200 +diff --git fig2dev/tests/output.at fig2dev/tests/output.at +index 9a1bc45..fd06727 100644 +--- fig2dev/tests/output.at ++++ fig2dev/tests/output.at +@@ -261,3 +261,15 @@ AT_CHECK([fig2dev -L tikz -P big1.fig big1.tex && \ + latex -halt-on-error big1.tex && latex -halt-on-error big2.tex + ], 0, ignore) + AT_CLEANUP ++ ++ ++AT_BANNER([Test other output languages.]) ++ ++AT_SETUP([allow default color in ge, cgm output, #72, #73]) ++AT_KEYWORDS(cgm ge) ++AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig ++], 0, ignore) ++AT_CHECK([fig2dev -L ge $srcdir/data/line.fig ++], 0, ignore) ++AT_CLEANUP ++ +-- +2.16.4 + diff --git a/639c36.patch b/639c36.patch new file mode 100644 index 0000000..beda148 --- /dev/null +++ b/639c36.patch @@ -0,0 +1,38 @@ +From 639c36010a120e97a6e82e7cd57cbf9dbf4b64f1 Mon Sep 17 00:00:00 2001 +From: Thomas Loimer +Date: Tue, 4 Feb 2020 21:52:25 +0100 +Subject: [PATCH] Fix pstricks fill with non-solid default color, #77 + +In the pstricks output, filling an area with the shaded or tinted default color +is now equivalent to filling with shaded or tinted black color. +--- + fig2dev/dev/genpstricks.c | 3 ++- + fig2dev/tests/output.at | 1 - + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git fig2dev/dev/genpstricks.c fig2dev/dev/genpstricks.c +index 07c4d09..5acc1f6 100644 +--- fig2dev/dev/genpstricks.c ++++ fig2dev/dev/genpstricks.c +@@ -1856,7 +1856,8 @@ format_options(char *options, char *prefix, char *postfix, char *sqrb_init, + else if (fill_style <= 40) + /* shade or tint fill */ + sprintf(tmps, "fillstyle=solid,fillcolor=%s", +- shade_or_tint_name_after_declare_color(tmpc, fill_style, fill_color)); ++ shade_or_tint_name_after_declare_color(tmpc, fill_style, ++ fill_color == DEFAULT ? CT_BLACK : fill_color)); + else { + char *type = 0, *ps; + int angle = 0; +diff --git fig2dev/tests/output.at fig2dev/tests/output.at +index e0d088c..e1e5ca4 100644 +--- fig2dev/tests/output.at ++++ fig2dev/tests/output.at +@@ -280,4 +280,3 @@ AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig + AT_CHECK([fig2dev -L ge $srcdir/data/line.fig + ], 0, ignore) + AT_CLEANUP +- +-- +2.16.4 + diff --git a/acccc8.patch b/acccc8.patch new file mode 100644 index 0000000..87d4c5e --- /dev/null +++ b/acccc8.patch @@ -0,0 +1,84 @@ +From acccc89c20206a5db1f463438ba444e35bcb400e Mon Sep 17 00:00:00 2001 +From: Thomas Loimer +Date: Tue, 28 Jan 2020 22:56:40 +0100 +Subject: [PATCH] Reject text or ellipse angles beyond -2pi to 2pi, #76 + +In fact, generously extend the allowed range to -7 to 7. +Sane applications, e.g., xfig, certainly keep the angles within one revolution. +--- + CHANGES | 6 +++--- + fig2dev/object.h | 7 ++++--- + fig2dev/tests/read.at | 8 ++++++++ + 3 files changed, 15 insertions(+), 6 deletions(-) + +|diff --git CHANGES CHANGES +|index 4834e50..52daead 100644 +|--- CHANGES +|+++ CHANGES +|@@ -6,9 +6,9 @@ Patchlevel Xx (Xxx 20xx) +| +| BUGS FIXED: +| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. +|- o Fix ticket #81. +|- o Do not allow ASCII NUL anywhere in input. +|- Fixes tickets #65, #68, #71, #73, #75, #80. +|+ o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76. +|+ o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81. +|+ o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80. +| o Use getline() to improve input scanning. +| Fixes tickets #58, #59, #61, #62, #67, #78, #79. +| o Correctly scan embedded pdfs for /MediaBox value. +diff --git fig2dev/object.h fig2dev/object.h +index fe56bbb..8464010 100644 +--- fig2dev/object.h ++++ fig2dev/object.h +@@ -3,7 +3,7 @@ + * Copyright (c) 1991 by Micah Beck + * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul + * Parts Copyright (c) 1989-2015 by Brian V. Smith +- * Parts Copyright (c) 2015-2019 by Thomas Loimer ++ * Parts Copyright (c) 2015-2020 by Thomas Loimer + * + * Any party obtaining a copy of these files is granted, free of charge, a + * full and unrestricted irrevocable, world-wide, paid up, royalty-free, +@@ -94,7 +94,8 @@ typedef struct f_ellipse { + #define INVALID_ELLIPSE(e) \ + e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA || \ + COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \ +- e->radiuses.x == 0 || e->radiuses.y == 0 ++ e->radiuses.x == 0 || e->radiuses.y == 0 || \ ++ e->angle < -7. || e->angle > 7. + + typedef struct f_arc { + int type; +@@ -243,7 +244,7 @@ typedef struct f_text { + t->type < T_LEFT_JUSTIFIED || t->type > T_RIGHT_JUSTIFIED || \ + t->font < DEFAULT || t->font > MAX_PSFONT || \ + t->flags < DEFAULT || t->flags >= 2 * HIDDEN_TEXT || \ +- t->height < 0 || t->length < 0 ++ t->height < 0 || t->length < 0 || t->angle < -7. || t->angle > 7. + + typedef struct f_control { + double lx, ly, rx, ry; /* used by older versions*/ +|diff --git fig2dev/tests/read.at fig2dev/tests/read.at +|index 726e6da..2d066e4 100644 +|--- fig2dev/tests/read.at +|+++ fig2dev/tests/read.at +|@@ -424,6 +424,14 @@ AT_KEYWORDS([read.c svg]) +| AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) +| AT_CLEANUP +| +|+AT_SETUP([reject out of range text angle, ticket #76]) +|+AT_CHECK([fig2dev -L pstricks < +Date: Sun, 26 Jan 2020 22:13:26 +0100 +Subject: [PATCH] Fix ticket #60. The previous commit fixed also #65, #68, #71, + #73, #75 + +--- + CHANGES | 3 ++- + fig2dev/read.c | 1 + + 2 files changed, 3 insertions(+), 1 deletion(-) + +|diff --git CHANGES CHANGES +|index f1bbbc3..4834e50 100644 +|--- CHANGES +|+++ CHANGES +|@@ -7,7 +7,8 @@ Patchlevel Xx (Xxx 20xx) +| BUGS FIXED: +| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. +| o Fix ticket #81. +|- o Do not allow ASCII NUL anywhere in input. Fixes ticket #80. +|+ o Do not allow ASCII NUL anywhere in input. +|+ Fixes tickets #65, #68, #71, #73, #75, #80. +| o Use getline() to improve input scanning. +| Fixes tickets #58, #59, #61, #62, #67, #78, #79. +| o Correctly scan embedded pdfs for /MediaBox value. +diff --git fig2dev/read.c fig2dev/read.c +index 86cee71..797030c 100644 +--- fig2dev/read.c ++++ fig2dev/read.c +@@ -1322,6 +1322,7 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, + } + q->x = x; + q->y = y; ++ q->next = NULL; + p->next = q; + p = q; + ++c; +-- +2.16.4 + diff --git a/d70e4b.patch b/d70e4b.patch new file mode 100644 index 0000000..4afd3c6 --- /dev/null +++ b/d70e4b.patch @@ -0,0 +1,129 @@ +From d70e4ba6308046f71cb51f67db8412155af52411 Mon Sep 17 00:00:00 2001 +From: Thomas Loimer +Date: Sun, 26 Jan 2020 13:16:52 +0100 +Subject: [PATCH] Reject ASCII NUL anywhere in the input + +The input is read in line by line, stored in a buffer and processed further +with sscanf(). Embedded NUL characters ('\0') would already disturb sscanf(), +and nowhere does the code expect NUL characters. Therefore, detect NUL while +reading the input, and exit with an error message when NUL is found anywere. +Fixes ticket #80. +--- + CHANGES | 4 ++++ + fig2dev/read.c | 21 +++++++++++++++++++-- + fig2dev/tests/data/text_w_ascii0.fig | Bin 0 -> 321 bytes + fig2dev/tests/read.at | 6 ++++++ + 4 files changed, 29 insertions(+), 2 deletions(-) + create mode 100644 fig2dev/tests/data/text_w_ascii0.fig + +|diff --git CHANGES CHANGES +|index 4a414fa..f1bbbc3 100644 +|--- CHANGES +|+++ CHANGES +|@@ -6,6 +6,10 @@ Patchlevel Xx (Xxx 20xx) +| +| BUGS FIXED: +| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. +|+ o Fix ticket #81. +|+ o Do not allow ASCII NUL anywhere in input. Fixes ticket #80. +|+ o Use getline() to improve input scanning. +|+ Fixes tickets #58, #59, #61, #62, #67, #78, #79. +| o Correctly scan embedded pdfs for /MediaBox value. +| o Convert polygons having too few points to polylines. Ticket #56. +| o Reject huge arrow types causing integer overflow. Ticket #57. +diff --git fig2dev/read.c fig2dev/read.c +index e85ee10..86cee71 100644 +--- fig2dev/read.c ++++ fig2dev/read.c +@@ -178,8 +178,14 @@ read_objects(FILE *fp, F_compound *obj) + put_msg("Could not read input file."); + return -1; + } +- /* seek to the end of the first line */ +- if (strchr(buf, '\n') == NULL) { ++ ++ /* check for embedded '\0' */ ++ if (strlen(buf) < sizeof buf - 1 && buf[strlen(buf) - 1] != '\n') { ++ put_msg("ASCII NUL ('\\0') character within the first line."); ++ exit(EXIT_FAILURE); ++ /* seek to the end of the first line ++ (the only place, where '\0's are tolerated) */ ++ } else if (buf[strlen(buf) - 1] != '\n') { + int c; + do + c = fgetc(fp); +@@ -1398,6 +1404,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, + return s; + } + ++static void ++exit_on_ascii_NUL(const char *restrict line, size_t chars, int line_no) ++{ ++ if (strlen(line) < (size_t)chars) { ++ put_msg("ASCII NUL ('\\0') in line %d.", line_no); ++ exit(EXIT_FAILURE); ++ } ++} ++ + static char * + find_end(const char *str, int v30flag) + { +@@ -1469,6 +1484,7 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) + + while ((chars = getline(line, line_len, fp)) != -1) { + ++(*line_no); ++ exit_on_ascii_NUL(*line, chars, *line_no); + end = find_end(*line, v30_flag); + if (end) { + *end = '\0'; +@@ -1640,6 +1656,7 @@ get_line(FILE *fp, char **restrict line, size_t *line_len, int *line_no) + if (**line == '\n' || (**line == '\r' && + chars == 2 && (*line)[1] == '\n')) + continue; ++ exit_on_ascii_NUL(*line, chars, *line_no); + /* remove newline and possibly a carriage return */ + if ((*line)[chars-1] == '\n') { + chars -= (*line)[chars - 2] == '\r' ? 2 : 1; +|diff --git fig2dev/tests/data/text_w_ascii0.fig fig2dev/tests/data/text_w_ascii0.fig +|new file mode 100644 +|index 0000000000000000000000000000000000000000..fb15b306b26a42446b809d0caf77efcfc73c588a +|GIT binary patch +|literal 321 +|zcmV-H0lxktMoC8?GcGa;Okr+hb7Ns}WeP)OZggdG3Q2BbXk~K>Ol5R*WpWBJFfcAK +|zFbY#?Zf9&|3N11UF)}bPATkOxATS^>ATl5@ATl)|F*Y+GGch1HATS^xFd!{4ATb~? +|zATkOdFeV^0ATcs9AT=O)Tp%DYATS^>US3{aUP@kGUS3`R!hplS!@pi$US3{aUS3{a +|zUS3{aUS3{aUS3{aG&LYaTrf#7d0a3sF$yCzATS^>AT=-`EioW1F(5HAATTa4ATS^? +|zH83DFFf|}BATS_7ZXjWEV`*t1dS!BNASYa0Fee~rWpZU8Ej|D)E-qniWFT{IZDk;B +|zZ*pZIbY*ySAZBlDY;SjIZf7hYcWHEJAYmY5WpZ?3X>K54ZEtmMbRchLAZ=-GX>E0F +|TAY*7@a$#e1WpZ;|FfcI+7J*tc +| +|literal 0 +|KcmV+b0RR6000031 +| +|diff --git fig2dev/tests/read.at fig2dev/tests/read.at +|index 331afb5..60982b0 100644 +|--- fig2dev/tests/read.at +|+++ fig2dev/tests/read.at +|@@ -407,6 +407,7 @@ EOF +| AT_CLEANUP +| +| AT_SETUP([allow tex font -1, ticket #81]) +|+AT_KEYWORDS([pict2e tikz]) +| AT_DATA([text.fig], [FIG_FILE_TOP +| 4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 +| ]) +|@@ -416,6 +417,11 @@ AT_CHECK([fig2dev -L tikz text.fig +| ], 0, ignore) +| AT_CLEANUP +| +|+AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) +|+AT_KEYWORDS([read.c svg]) +|+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) +|+AT_CLEANUP +|+ +| AT_BANNER([Dynamically allocate picture file name.]) +| +| AT_SETUP([prepend fig file path to picture file name]) +-- +2.16.4 + diff --git a/e3cee2.patch b/e3cee2.patch new file mode 100644 index 0000000..c3f8a25 --- /dev/null +++ b/e3cee2.patch @@ -0,0 +1,33 @@ +From e3cee2576438f47a3b8678c6960472e625f8f7d7 Mon Sep 17 00:00:00 2001 +From: Thomas Loimer +Date: Mon, 27 Jan 2020 22:14:29 +0100 +Subject: [PATCH] Keep coordinates of spline controls within sane range + +This fixes the fundamental issue of ticket #65. +--- + fig2dev/read.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git fig2dev/read.c fig2dev/read.c +index 797030c..255586a 100644 +--- fig2dev/read.c ++++ fig2dev/read.c +@@ -1393,6 +1393,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, + free_splinestorage(s); + return NULL; + } ++ if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN || ly > INT_MAX || ++ rx < INT_MIN || rx > INT_MAX || ry < INT_MIN || ry > INT_MAX) { ++ /* do not care to clean up, we exit anyway ++ cp->next = NULL; ++ free_splinestorage(s); */ ++ put_msg("Spline control points out of range at line %d.", ++ *line_no); ++ exit(EXIT_FAILURE); ++ } + cq->lx = lx; cq->ly = ly; + cq->rx = rx; cq->ry = ry; + cp->next = cq; +-- +2.16.4 + diff --git a/transfig-3.2.6.dif b/transfig-3.2.6.dif index bde9ca3..5fdce95 100644 --- a/transfig-3.2.6.dif +++ b/transfig-3.2.6.dif @@ -137,3 +137,35 @@ #include "transfig.h" extern void sysmv(char *file); /* sys.c */ +--- configure ++++ configure 2020-01-24 13:08:02.103408590 +0000 +@@ -4122,7 +4122,7 @@ main () + + int dynamic_array[ni.number]; + dynamic_array[ni.number - 1] = 543; +- ++ free(ia); + // work around unused variable warnings + return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' + || dynamic_array[ni.number - 1] != 543); +@@ -6377,8 +6377,8 @@ char *malloc (); + int + main () + { +-return ! malloc (0); +- ; ++void *tmp = malloc (0); ++if (tmp) free (tmp); return !tmp; + return 0; + } + _ACEOF +@@ -6444,7 +6444,8 @@ char *realloc (); + int + main () + { +-return ! realloc (0, 0); ++void *tmp = realloc (0, 0); ++if (tmp) free (tmp); return !tmp; + ; + return 0; + } diff --git a/transfig.changes b/transfig.changes index 2b6d3db..16c3c23 100644 --- a/transfig.changes +++ b/transfig.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Feb 11 11:38:01 UTC 2020 - Dr. Werner Fink + +- Add upstream security patches/commits + * 00cded.patch + * 2f8d1a.patch + * 3165d8.patch + * 421afa.patch + * 4d4e1f.patch + * 639c36.patch + * acccc8.patch + * d6a10d.patch + * d70e4b.patch + * e3cee2.patch + ------------------------------------------------------------------- Tue Jan 21 13:08:49 UTC 2020 - Dr. Werner Fink diff --git a/transfig.spec b/transfig.spec index 29b7809..bb3427e 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,7 +1,7 @@ # # spec file for package transfig # -# Copyright (c) 2020 SUSE LLC. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -60,6 +60,16 @@ Patch4: transfig-fix-afl.patch Patch5: CVE-2019-19746.patch Patch6: c379fe.patch Patch7: CVE-2019-19797.patch +Patch8: 00cded.patch +Patch9: d70e4b.patch +Patch10: d6a10d.patch +Patch11: acccc8.patch +Patch12: e3cee2.patch +Patch13: 421afa.patch +Patch14: 2f8d1a.patch +Patch15: 4d4e1f.patch +Patch16: 3165d8.patch +Patch17: 639c36.patch Patch43: fig2dev-3.2.6-fig2mpdf.patch Patch44: fig2dev-3.2.6-fig2mpdf-doc.patch Patch45: fig2dev-3.2.6a-RGBFILE.patch @@ -107,15 +117,25 @@ find -type f | xargs -r chmod a-x,go-w %patch5 -p0 -b .sec2 %patch6 -p0 -b .sec3 %patch7 -p0 -b .sec4 +%patch8 -p0 -b .sec5 +%patch9 -p0 -b .sec6 +%patch10 -p0 -b .sec7 +%patch11 -p0 -b .sec8 +%patch12 -p0 -b .sec9 +%patch13 -p0 -b .sec10 +%patch14 -p0 -b .sec11 +%patch15 -p0 -b .sec12 +%patch16 -p0 -b .sec13 +%patch17 -p0 -b .sec14 %patch43 -p2 -b .mpdf %patch44 -p1 -b .mpdfdoc %patch45 -p1 -b .p45 %build +ulimit -v unlimited || : CC=gcc -CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -w -D_GNU_SOURCE -std=gnu99" -CFLAGS="$CFLAGS -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" -export CC CFLAGS +CFLAGS="%{optflags} -fno-strict-aliasing -w -D_GNU_SOURCE -std=gnu99 $(getconf LFS_CFLAGS)" +export CC CFLAGS LDFLAGS chmod 755 configure %configure \ --docdir=%{_defaultdocdir}/%{name} \