Accepting request 544416 from Publishing

- Added patches
  * fig2dev-3.2.6a-RGBFILE.patch to let rgb.txt be located via
    environment variable FIG2DEV_RGBFILE
  * fig2dev-3.2.6a-man-typo.patch to fix simple typo in manual page
  * fig2dev-3.2.6a-input-sanitizing.patch to do some input
    sanitizing when reading FIG files (bsc#1069257, CVE-2017-16899)
  * fig2dev-3.2.6a-style-overflow.patch

OBS-URL: https://build.opensuse.org/request/show/544416
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/transfig?expand=0&rev=36

fig2dev-3.2.6a-RGBFILE.patch

@@ -0,0 +1,32 @@
+From: Roland Rosenfeld <roland@debian.org>
+Subject: rgb.txt can not be located via FIG2DEV_RGBFILE environment variable.
+ This allows to run the test suite without the package being installed before.
+
+--- a/fig2dev/colors.c
++++ b/fig2dev/colors.c
+@@ -27,6 +27,7 @@
+ #include "pi.h"
+ 
+ #include "fig2dev.h"
++#include <stdlib.h>
+ 
+ struct color_db {
+ 	char		*name;
+@@ -108,10 +109,15 @@ read_colordb(void)
+     char		s[100], s1[100], *c1, *c2;
+     unsigned short	r,g,b;
+     struct color_db	*col;
++    char		*rgbfile;
+ 
+-    fp = fopen(RGB_FILE, "r");
++    rgbfile = getenv("FIG2DEV_RGBFILE");
++    if (rgbfile == NULL) {
++      rgbfile = RGB_FILE;
++    }
++    fp = fopen(rgbfile, "r");
+     if (fp == NULL) {
+-      fprintf(stderr,"Couldn't open the RGB database file '%s'\n", RGB_FILE);
++      fprintf(stderr,"Couldn't open the RGB database file '%s'\n", rgbfile);
+       return -1;
+     }
+     if ((Xcolors = (struct color_db*) malloc(maxcolors*sizeof(struct color_db)))

fig2dev-3.2.6a-input-sanitizing.patch

@@ -0,0 +1,41 @@
+Description: Some input sanitizing when reading FIG files.
+Bug-Debian: https://bugs.debian.org/881143
+Bug-Debian: https://bugs.debian.org/881144
+Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+
+--- a/fig2dev/read.c
++++ b/fig2dev/read.c
+@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp)
+ 				| PSFONT_TEXT;
+ 
+ 	/* keep the font number reasonable */
+-	if (t->font > MAXFONT(t))
++       if (t->font > MAXFONT(t)) {
+ 		t->font = MAXFONT(t);
++       } else if (t->font < 0 ) {
++               if (psfont_text(t) && t->font < -1)
++                       t->font = -1;
++               else
++                       t->font = 0;
++       }
+ 	fix_and_note_color(&t->color);
+ 	t->comments = attach_comments();	/* attach any comments */
+ 	return t;
+--- a/fig2dev/read1_3.c
++++ b/fig2dev/read1_3.c
+@@ -470,6 +470,15 @@ read_textobject(FILE *fp)
+ 	    free((char*) t);
+ 	    return(NULL);
+ 	    }
++       /* keep the font number within valid range */
++       if (t->font > MAXFONT(t)) {
++               t->font = MAXFONT(t);
++       } else if (t->font < 0 ) {
++               if (psfont_text(t) && t->font < -1)
++                       t->font = -1;
++               else
++                       t->font = 0;
++       }
+ 	(void)strcpy(t->cstring, buf);
+ 	if (t->size == 0) t->size = 18;
+ 	return(t);

fig2dev-3.2.6a-man-typo.patch

@@ -0,0 +1,14 @@
+From: Roland Rosenfeld <roland@debian.org>
+Subject: Fix typo in man page fig2ps2tex.
+
+--- a/man/fig2ps2tex.1
++++ b/man/fig2ps2tex.1
+@@ -22,7 +22,7 @@ for those systems with csh and dc.
+ Note that the
+ .I psfig
+ macro package provides a more sophisticated approach to including
+-Postscript files in LaTeX docuements.
++Postscript files in LaTeX documents.
+ .I Fig2ps2tex
+ works with plain TeX however.
+ 

fig2dev-3.2.6a-style-overflow.patch

@@ -0,0 +1,47 @@
+Description: Sanitize input of fill patterns.
+Bug-Debian: https://bugs.debian.org/881396
+Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+
+--- a/fig2dev/read.c
++++ b/fig2dev/read.c
+@@ -71,6 +71,8 @@ static int		 save_comment(void);
+ 
+ #define		FILL_CONVERT(f)	((v2_flag || (f) < WHITE_FILL) \
+ 					? (v30_flag? f: (f-1)) : 20 - ((f)-1)*5)
++#define		FILL_SANITIZE(f)	((f) < UNFILLED || (f) >= \
++			NUMSHADES + NUMTINTS + NUMPATTERNS) ? UNFILLED : f
+ 
+ /* input buffer size */
+ #define		BUF_SIZE	1024
+@@ -547,6 +549,7 @@ read_arcobject(FILE *fp)
+ 	}
+ 	a->thickness *= round(THICK_SCALE);
+ 	a->fill_style = FILL_CONVERT(a->fill_style);
++	a->fill_style = FILL_SANITIZE(a->fill_style);
+ 	NOTE_FILL(a);
+ 	fix_and_note_color(&a->pen_color);
+ 	if (fa) {
+@@ -730,6 +733,7 @@ read_ellipseobject(void)
+ 	fix_and_note_color(&e->pen_color);
+ 	e->thickness *= round(THICK_SCALE);
+ 	e->fill_style = FILL_CONVERT(e->fill_style);
++	e->fill_style = FILL_SANITIZE(e->fill_style);
+ 	NOTE_FILL(e);
+ 	e->comments = attach_comments();	/* attach any comments */
+ 	return e;
+@@ -895,6 +899,7 @@ read_lineobject(FILE *fp)
+ 	l->radius *= round(THICK_SCALE);
+ 	l->thickness *= round(THICK_SCALE);
+ 	l->fill_style = FILL_CONVERT(l->fill_style);
++	l->fill_style = FILL_SANITIZE(l->fill_style);
+ 	NOTE_FILL(l);
+ 	fix_and_note_color(&l->pen_color);
+ 	if (fa) {
+@@ -1051,6 +1056,7 @@ read_splineobject(FILE *fp)
+ 	    }
+ 	s->thickness *= round(THICK_SCALE);
+ 	s->fill_style = FILL_CONVERT(s->fill_style);
++	s->fill_style = FILL_SANITIZE(s->fill_style);
+ 	NOTE_FILL(s);
+ 	fix_and_note_color(&s->pen_color);
+ 	if (fa) {

transfig.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Nov 22 12:25:21 UTC 2017 - werner@suse.de
+
+- Added patches
+  * fig2dev-3.2.6a-RGBFILE.patch to let rgb.txt be located via
+    environment variable FIG2DEV_RGBFILE
+  * fig2dev-3.2.6a-man-typo.patch to fix simple typo in manual page
+  * fig2dev-3.2.6a-input-sanitizing.patch to do some input
+    sanitizing when reading FIG files (bsc#1069257, CVE-2017-16899)
+  * fig2dev-3.2.6a-style-overflow.patch
+
 -------------------------------------------------------------------
 Mon Feb  6 11:23:24 UTC 2017 - werner@suse.de
 

transfig.spec

@@ -54,9 +54,9 @@ Requires:       texlive-epstopdf
 Version:        3.2.6a
 Release:        0
 Summary:        Graphic Converter
+#Source:        http://sourceforge.net/projects/mcj/files/fig2dev-%{version}.tar.xz/download#/fig2dev-%{version}.tar.xz
 License:        MIT
 Group:          Productivity/Graphics/Convertors
-#Source:        http://sourceforge.net/projects/mcj/files/fig2dev-%{version}.tar.xz/download#/fig2dev-%{version}.tar.xz
 Source:         fig2dev-%{version}.tar.xz
 Patch0:         transfig-3.2.6.dif
 Patch2:         transfig.3.2.5-binderman.dif
@@ -65,6 +65,10 @@ Patch4:         transfig-fix-afl.patch
 Patch42:        fig2dev-3.2.6-genps_oldpatterns.patch
 Patch43:        fig2dev-3.2.6-fig2mpdf.patch
 Patch44:        fig2dev-3.2.6-fig2mpdf-doc.patch
+Patch45:        fig2dev-3.2.6a-RGBFILE.patch
+Patch46:        fig2dev-3.2.6a-man-typo.patch
+Patch47:        fig2dev-3.2.6a-input-sanitizing.patch
+Patch48:        fig2dev-3.2.6a-style-overflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)}
 %if "%_exec_prefix" == "/usr/X11R6"
@@ -108,6 +112,10 @@ find -type f | xargs -r chmod a-x,go-w
 %patch42 -p2 -b .oldp
 %patch43 -p2 -b .mpdf
 %patch44 -p1 -b .mpdfdoc
+%patch45 -p1 -b .p45
+%patch46 -p1 -b .p46
+%patch47 -p1 -b .p47
+%patch48 -p1 -b .p48
 
 %build
 CC=gcc