Accepting request 768027 from Publishing

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/768027 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/transfig?expand=0&rev=43
2020-01-30 08:38:23 +00:00 · 2020-01-30 08:38:23 +00:00 · a9f96ae574
commit a9f96ae574
parent f904d3e4a9 fab0225ae6
5 changed files with 2021 additions and 1 deletions
--- a/CVE-2019-19746.patch
+++ b/CVE-2019-19746.patch
@ -0,0 +1,69 @@
 Based on 3065abc7b4f740ed6532322843531317de782a26 Mon Sep 17 00:00:00 2001
 From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
 Date: Tue, 10 Dec 2019 13:17:36 +0100
 Subject: [PATCH] Reject huge arrow types, ticket #57
 An arrow type being large enough would pass the test for
 a valid type by integer overflow.
 ---
 fig2dev/arrow.c       |   13 ++++++++-----
 fig2dev/tests/read.at |   12 ++++++++++++
 2 files changed, 20 insertions(+), 5 deletions(-)
 --- fig2dev/arrow.c
 +++ fig2dev/arrow.c	2020-01-21 11:02:33.457498151 +0000
@@ -1,9 +1,10 @@
 /*
  * Fig2dev: Translate Fig code to various Devices
 - * Copyright (c) 1985 by Supoj Sutantavibul
  * Copyright (c) 1991 by Micah Beck
 - * Parts Copyright (c) 1989-2002 by Brian V. Smith
 - * Parts Copyright (c) 2015-2018 by Thomas Loimer
 + * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
 + * Parts Copyright (c) 1989-2015 by Brian V. Smith
 + * Parts Copyright (c) 2015-2019 by Thomas Loimer
 + *
  *
  * Any party obtaining a copy of these files is granted, free of charge, a
  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -78,7 +79,9 @@ make_arrow(int type, int style, double t
 {
 	F_arrow		*a;
 -	if (style < 0 || style > 1 || type < 0 || (type + 1) * 2 > NUMARROWS)
 +	if (style < 0 || style > 1 || type < 0 ||
 +			/* beware of int overflow */
 +			type > NUMARROWS || (type + 1) * 2 > NUMARROWS)
 		return NULL;
 	if (NULL == (Arrow_malloc(a))) {
 		put_msg(Err_mem);
@@ -90,7 +93,7 @@ make_arrow(int type, int style, double t
 	a->type = type;
 	a->style = style;
 -	a->thickness = thickness*THICK_SCALE;
 +	a->thickness = thickness * THICK_SCALE;
 	a->wid = wid;
 	a->ht = ht;
 	return a;
 --- fig2dev/tests/read.at
 +++ fig2dev/tests/read.at	2020-01-21 11:02:33.457498151 +0000
@@ -135,6 +135,18 @@ A single point with a backward arrow - r
 ])
 AT_CLEANUP
 +AT_SETUP([reject huge arrow-type, ticket #57])
 +AT_KEYWORDS(arrow.c arrow)
 +AT_CHECK([fig2dev -L box <<EOF
 +FIG_FILE_TOP
 +2 1 0 1 -1 -1 50 -1 -1 0. 0 0 0 1 0 2
 +	10000000000000 0 1 60 120
 +0 0 600 0
 +EOF
 +], 1, ignore, [Invalid forward arrow at line 11.
 +])
 +AT_CLEANUP
 +
 AT_SETUP([reject negative font type])
 AT_KEYWORDS(read.c font)
 AT_CHECK([fig2dev -L box <<EOF
--- a/CVE-2019-19797.patch
+++ b/CVE-2019-19797.patch
--- a/c379fe.patch
+++ b/c379fe.patch
@ -0,0 +1,65 @@
 Based on c379fe50574e5b5dd6e17f15d8473c5713d1b823 Mon Sep 17 00:00:00 2001
 From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
 Date: Wed, 11 Dec 2019 21:36:46 +0100
 Subject: [PATCH] Convert polygons with too few points to polylines
 As a side effect, this also fixes ticket #56.
 ---
 fig2dev/read.c        |   16 ++++++++++++++++
 fig2dev/tests/read.at |   11 +++++++++++
 2 files changed, 27 insertions(+)
 --- fig2dev/read.c
 +++ fig2dev/read.c	2020-01-21 11:29:27.367140319 +0000
@@ -793,8 +793,10 @@ read_ellipseobject(void)
 /*
  * Sanitize line objects. Return 0 on success, -1 otherwise.
  * On error, call free_linestorage(l) after sanitize_lineobject().
 + *
  * polylines: remove fill, if less than 3 points
  *		remove arrows, if only one point
 + * polygons: convert to polyline if less than 3 unique points
  * rectangles, polygons: last point must coincide with first point
  * rectangle: convert to polygon, if not 5 points
  * rectangle with rounded corners: error, if not 5 points
@@ -854,6 +856,20 @@ sanitize_lineobject(
 	    q->y = l->points->y;
 	}
 +	if (l->type == T_POLYGON) {
 +		int	npts;
 +
 +		q = l->points;
 +		for (npts = 1; q->next && npts < 4; q = q->next)
 +			++npts;
 +		if (npts < 4 ) {
 +			put_msg("A polygon with %d points at line %d - convert to a polyline.",
 +			npts, line_no);
 +			l->type = T_POLYLINE;
 +			return 0;
 +		}
 +	}
 +
 	if (l->type == T_BOX || l->type == T_ARC_BOX || l->type == T_PIC_BOX) {
 	    int	npts = 1;
 	    for (q = l->points; q->next; q = q->next)
 --- fig2dev/tests/read.at
 +++ fig2dev/tests/read.at	2020-01-21 11:29:27.367140319 +0000
@@ -147,6 +147,17 @@ EOF
 ])
 AT_CLEANUP
 +AT_SETUP([convert short polygon to polyline, ticket #56])
 +AT_KEYWORDS(read.c polygon)
 +AT_CHECK([fig2dev -L ptk <<EOF
 +FIG_FILE_TOP
 +2 3 0 1 -1 -1 50 -1 -1 0.0 0 0 -1 0 0 1
 +	0 0
 +EOF
 +], 0, ignore, [A polygon with 1 points at line 11 - convert to a polyline.
 +])
 +AT_CLEANUP
 +
 AT_SETUP([reject negative font type])
 AT_KEYWORDS(read.c font)
 AT_CHECK([fig2dev -L box <<EOF
--- a/transfig.changes
+++ b/transfig.changes
@ -1,3 +1,16 @@
 -------------------------------------------------------------------
 Tue Jan 21 13:08:49 UTC 2020 - Dr. Werner Fink <werner@suse.de>
 - Avoid auto(re)config 
 -------------------------------------------------------------------
 Tue Jan 21 12:15:46 UTC 2020 - Dr. Werner Fink <werner@suse.de>
 - Add security patches
  * CVE-2019-19746.patch -- bsc#1159130
  * c379fe.patch ... currently without CVE and bugzilla entry
  * CVE-2019-19797.patch -- bsc#1159293
 -------------------------------------------------------------------
 Thu Dec  5 08:49:13 UTC 2019 - Dr. Werner Fink <werner@suse.de>
--- a/transfig.spec
+++ b/transfig.spec
@ -1,7 +1,7 @@
 #
 # spec file for package transfig
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -57,6 +57,9 @@ Patch1:         CVE-2019-19555.patch
 Patch2:         transfig.3.2.5-binderman.dif
 Patch3:         transfig.3.2.5d-mediaboxrealnb.dif
 Patch4:         transfig-fix-afl.patch
 Patch5:         CVE-2019-19746.patch
 Patch6:         c379fe.patch
 Patch7:         CVE-2019-19797.patch
 Patch43:        fig2dev-3.2.6-fig2mpdf.patch
 Patch44:        fig2dev-3.2.6-fig2mpdf-doc.patch
 Patch45:        fig2dev-3.2.6a-RGBFILE.patch
@ -101,6 +104,9 @@ find -type f | xargs -r chmod a-x,go-w
 %patch2 -p0 -b .bm
 %patch3 -p0 -b .mbox
 %patch4 -p1 -b .afl
 %patch5 -p0 -b .sec2
 %patch6 -p0 -b .sec3
 %patch7 -p0 -b .sec4
 %patch43 -p2 -b .mpdf
 %patch44 -p1 -b .mpdfdoc
 %patch45 -p1 -b .p45