From aa6675647ffb81b987e1f77a9c75edd5da136facb48ffea651be62f4f1c576e8 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Fri, 12 Feb 2021 10:22:10 +0000 Subject: [PATCH] Update to fig2dev 3.2.8 OBS-URL: https://build.opensuse.org/package/show/Publishing/transfig?expand=0&rev=67 --- 00cded.patch | 79 -- 100e27.patch | 32 - 2f8d1a.patch | 63 - 3065eb.patch | 63 - 3165d8.patch | 75 -- 421afa.patch | 68 - 4d4e1f.patch | 114 -- 639c36.patch | 38 - CVE-2019-19555.patch | 50 - CVE-2019-19746.patch | 69 - CVE-2019-19797.patch | 1867 ---------------------------- acccc8.patch | 84 -- c379fe.patch | 65 - ca48cc.patch | 35 - d6a10d.patch | 40 - d70e4b.patch | 129 -- e3cee2.patch | 33 - fig2dev-3.2.6-fig2mpdf.patch | 54 +- fig2dev-3.2.6a-RGBFILE.patch | 2 +- fig2dev-3.2.7b.tar.xz | 3 - fig2dev-3.2.8.tar.xz | 3 + transfig-3.2.6.dif | 171 --- transfig-3.2.8.dif | 163 +++ transfig-fix-afl.patch | 11 +- transfig.3.2.5-binderman.dif | 14 - transfig.3.2.5d-mediaboxrealnb.dif | 32 - transfig.changes | 58 + transfig.spec | 46 +- 28 files changed, 262 insertions(+), 3199 deletions(-) delete mode 100644 00cded.patch delete mode 100644 100e27.patch delete mode 100644 2f8d1a.patch delete mode 100644 3065eb.patch delete mode 100644 3165d8.patch delete mode 100644 421afa.patch delete mode 100644 4d4e1f.patch delete mode 100644 639c36.patch delete mode 100644 CVE-2019-19555.patch delete mode 100644 CVE-2019-19746.patch delete mode 100644 CVE-2019-19797.patch delete mode 100644 acccc8.patch delete mode 100644 c379fe.patch delete mode 100644 ca48cc.patch delete mode 100644 d6a10d.patch delete mode 100644 d70e4b.patch delete mode 100644 e3cee2.patch delete mode 100644 fig2dev-3.2.7b.tar.xz create mode 100644 fig2dev-3.2.8.tar.xz delete mode 100644 transfig-3.2.6.dif create mode 100644 transfig-3.2.8.dif delete mode 100644 transfig.3.2.5-binderman.dif delete mode 100644 transfig.3.2.5d-mediaboxrealnb.dif diff --git a/00cded.patch b/00cded.patch deleted file mode 100644 index adf0034..0000000 --- a/00cded.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 00cdedac7a0b029846dee891769a1e77df83a01b Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sat, 25 Jan 2020 15:04:59 +0100 -Subject: [PATCH] Accept -1 as default TeX font, fixes ticket #81 - -The default for PostScript fonts is -1, for TeX fonts 0. Accepting -1 for TeX -fonts lead to out-of-bound read. Now, -1 for TeX fonts is converted to 0. ---- - fig2dev/dev/genpict2e.c | 9 +++++---- - fig2dev/dev/gentikz.c | 9 +++++---- - fig2dev/tests/read.at | 10 ++++++++++ - 3 files changed, 20 insertions(+), 8 deletions(-) - -diff --git fig2dev/dev/genpict2e.c fig2dev/dev/genpict2e.c -index 6ab442e..dd6fd95 100644 ---- fig2dev/dev/genpict2e.c -+++ fig2dev/dev/genpict2e.c -@@ -2223,11 +2223,12 @@ put_font(F_text *t) - } - - if (psfont_text(t)) -- fprintf(tfp, "\\usefont%s", -- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]); -+ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ? -+ t->font + 1 : 0]); - else -- fprintf(tfp, "\\normalfont%s ", -- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]); -+ /* Default psfont is -1, default texfont 0, also accept -1. */ -+ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ? -+ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]); - } - - void -diff --git fig2dev/dev/gentikz.c fig2dev/dev/gentikz.c -index 797ca1c..b374e10 100644 ---- fig2dev/dev/gentikz.c -+++ fig2dev/dev/gentikz.c -@@ -1772,11 +1772,12 @@ put_font(F_text *t) - } - - if (psfont_text(t)) -- fprintf(tfp, "\\usefont%s", -- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]); -+ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ? -+ t->font + 1 : 0]); - else -- fprintf(tfp, "\\normalfont%s ", -- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]); -+ /* Default psfont is -1, default texfont 0, also accept -1. */ -+ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ? -+ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]); - } - - /* -diff --git fig2dev/tests/read.at fig2dev/tests/read.at -index 9b34bfb..331afb5 100644 ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at -@@ -406,6 +406,16 @@ EOF - ]) - AT_CLEANUP - -+AT_SETUP([allow tex font -1, ticket #81]) -+AT_DATA([text.fig], [FIG_FILE_TOP -+4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 -+]) -+AT_CHECK([fig2dev -L pict2e text.fig -+], 0, ignore) -+AT_CHECK([fig2dev -L tikz text.fig -+], 0, ignore) -+AT_CLEANUP -+ - AT_BANNER([Dynamically allocate picture file name.]) - - AT_SETUP([prepend fig file path to picture file name]) --- -2.16.4 - diff --git a/100e27.patch b/100e27.patch deleted file mode 100644 index d63620b..0000000 --- a/100e27.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 100e2789f8106f9cc0f7e4319c4ee7bda076c3ac Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sun, 16 Feb 2020 13:25:03 +0100 -Subject: [PATCH] Modify commit [3165d8]: Use tangent, not secant - -Use the tangent, not a secant, for short arrows on arcs. ---- - fig2dev/bound.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git fig2dev/bound.c fig2dev/bound.c -index d305ab9..ea97461 100644 ---- fig2dev/bound.c -+++ fig2dev/bound.c -@@ -1102,12 +1102,10 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, - /* add this to the length */ - h += lpt; - -- /* radius too small for this method, use normal method */ -- if (h > 2.0*r) { -+ /* secant would be too large or too small */ -+ if (h > 2.0*r || h < 0.01*r) { - arc_tangent_int(x1,y1,x2,y2,direction,x,y); - return; -- } else if (h < thick) { -- h = thick; - } - - beta=atan2(dy,dx); --- -2.16.4 - diff --git a/2f8d1a.patch b/2f8d1a.patch deleted file mode 100644 index 63a4690..0000000 --- a/2f8d1a.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 2f8d1ae9763dcdc99b88a2b14849fe37174bcd69 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Wed, 29 Jan 2020 22:53:32 +0100 -Subject: [PATCH] Reject out-of-range pattern, ticket #63 - ---- - fig2dev/object.h | 2 +- - fig2dev/tests/read.at | 19 +++++++++++++++++-- - 2 files changed, 18 insertions(+), 3 deletions(-) - -diff --git fig2dev/object.h fig2dev/object.h -index 8464010..6830b13 100644 ---- fig2dev/object.h -+++ fig2dev/object.h -@@ -61,7 +61,7 @@ typedef struct f_comment { - o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE || \ - o->thickness < 0 || o->depth < 0 || o->depth > 999 || \ - o->fill_style < UNFILLED || \ -- o->fill_style > NUMSHADES + NUMTINTS + NUMPATTERNS || \ -+ o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS || \ - o->style_val < 0.0 - - typedef struct f_ellipse { -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 2d066e4..bf117ee 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -421,15 +421,30 @@ AT_CLEANUP -| -| AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) -| AT_KEYWORDS([read.c svg]) -|-AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) -|+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], -|+1, ignore, [ASCII NUL ('\0') in line 11. -|+]) -| AT_CLEANUP -| -| AT_SETUP([reject out of range text angle, ticket #76]) -|+AT_KEYWORDS([read.c pstricks]) -| AT_CHECK([fig2dev -L pstricks < -Date: Sun, 16 Feb 2020 18:54:01 +0100 -Subject: [PATCH] Allow last line of file lacking eol char, #83, #84 - -If the last line of a fig file does not end with a newline, the code parsing -the input could read beyond the allocated buffer. This commit fixes the parsing -at two locations in the code, one in string parsing, the second where sequences -of a backslash and octal digits are converted to characters. ---- - fig2dev/read.c | 6 ++++-- - fig2dev/tests/read.at | 11 +++++++++++ - 2 files changed, 15 insertions(+), 2 deletions(-) - ---- fig2dev/read.c -+++ fig2dev/read.c 2020-09-30 10:46:34.214234522 +0000 -@@ -1483,6 +1483,8 @@ read_textobject(FILE *fp, char **restric - - len = strlen(start); - start[len++] = '\n'; /* put back the newline */ -+ start[len] = '\0'; /* and terminate the string, -+ in case nothing else is found */ - - /* allocate plenty of space */ - next = malloc(len + BUFSIZ); -@@ -1491,7 +1493,7 @@ read_textobject(FILE *fp, char **restric - free(t); - return NULL; - } -- memcpy(next, start, len); -+ memcpy(next, start, len + 1); - - while ((chars = getline(line, line_len, fp)) != -1) { - ++(*line_no); -@@ -1525,7 +1527,7 @@ read_textobject(FILE *fp, char **restric - len = end - start; - l = len; - while (c[l] != '\0') { -- if (c[l] == '\\') { -+ if (c[l] == '\\' && c[l+1] != '\0') { - /* convert 3 digit octal value */ - if (isdigit(c[l+1]) && c[l+2] != '\0' && - c[l+3] != '\0') { ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-09-30 10:46:34.262233620 +0000 -@@ -416,6 +416,17 @@ AT_CHECK([fig2dev -L tikz text.fig - ], 0, ignore) - AT_CLEANUP - -+AT_SETUP([allow files end without eol, tickets #83, #84]) -+AT_KEYWORDS([read.c]) -+AT_CHECK([AS_ECHO_N(["FIG_FILE_TOP -+4 0 0 50 0 -1 12 0 0 150 405 0 0 No end-of-line here -->"]) | \ -+ fig2dev -L box], 0, ignore) -+AT_CHECK([AS_ECHO_N(["FIG_FILE_TOP -+4 0 0 50 0 -1 12 0 0 150 405 0 0 Start string -+No end-of-line after one backslash --> \\"]) | \ -+ fig2dev -L box], 0, ignore) -+AT_CLEANUP -+ - AT_BANNER([Dynamically allocate picture file name.]) - - AT_SETUP([prepend fig file path to picture file name]) diff --git a/3165d8.patch b/3165d8.patch deleted file mode 100644 index 6085d9b..0000000 --- a/3165d8.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 3165d86c31c6323913239fdc6460be6ababd3826 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Tue, 4 Feb 2020 20:58:27 +0100 -Subject: [PATCH] Allow arrows with zero length on arcs, ticket #74 - ---- - fig2dev/bound.c | 9 +++++---- - fig2dev/tests/output.at | 10 +++++++++- - 2 files changed, 14 insertions(+), 5 deletions(-) - -diff --git fig2dev/bound.c fig2dev/bound.c -index ce7f4d1..d305ab9 100644 ---- fig2dev/bound.c -+++ fig2dev/bound.c -@@ -3,7 +3,7 @@ - * Copyright (c) 1985 Supoj Sutanthavibul - * Copyright (c) 1991 Micah Beck - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 Thomas Loimer -+ * Parts Copyright (c) 2015-2020 Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -1095,9 +1095,8 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, - r=sqrt(dx*dx+dy*dy); - h = (double) arrow->ht; - /* lines are made a little thinner in set_linewidth */ -- thick = (arrow->thickness <= THICK_SCALE) ? -- 0.5* arrow->thickness : -- arrow->thickness - THICK_SCALE; -+ thick = arrow->thickness <= THICK_SCALE ? -+ 0.5 * arrow->thickness : arrow->thickness - THICK_SCALE; - /* lpt is the amount the arrowhead extends beyond the end of the line */ - lpt = thick/2.0/(arrow->wid/h/2.0); - /* add this to the length */ -@@ -1107,6 +1106,8 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, - if (h > 2.0*r) { - arc_tangent_int(x1,y1,x2,y2,direction,x,y); - return; -+ } else if (h < thick) { -+ h = thick; - } - - beta=atan2(dy,dx); -diff --git fig2dev/tests/output.at fig2dev/tests/output.at -index fd06727..e0d088c 100644 ---- fig2dev/tests/output.at -+++ fig2dev/tests/output.at -@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to various Devices - dnl Copyright (c) 1991 by Micah Beck - dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - dnl Parts Copyright (c) 1989-2015 by Brian V. Smith --dnl Parts Copyright (c) 2015-2019 by Thomas Loimer -+dnl Parts Copyright (c) 2015-2020 by Thomas Loimer - dnl - dnl Any party obtaining a copy of these files is granted, free of charge, a - dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -175,6 +175,14 @@ AT_CHECK([fig2dev -L pict2e -P big1.fig big1.tex && \ - ], 0, ignore) - AT_CLEANUP - -+AT_SETUP([accept arc arrows with zero height, ticket #74]) -+AT_KEYWORDS(pict2e) -+AT_CHECK([fig2dev -L pict2e < -Date: Mon, 27 Jan 2020 23:01:11 +0100 -Subject: [PATCH] Accept -1 TeX font in more places, fixes #71, #75 - -Continue the work started in commit [00cded]. Fix the fundamental issue of -tickets #71 and #75, which was hidden by commit [d70e4b]. ---- - fig2dev/dev/texfonts.h | 14 +++++++++----- - fig2dev/tests/read.at | 4 +++- - 2 files changed, 12 insertions(+), 6 deletions(-) - -diff --git fig2dev/dev/texfonts.h fig2dev/dev/texfonts.h -index 89097f2..e5254b6 100644 ---- fig2dev/dev/texfonts.h -+++ fig2dev/dev/texfonts.h -@@ -35,17 +35,21 @@ extern char texfontsizes[]; - #define MAXFONTSIZE 42 - - #ifdef NFSS --#define TEXFAMILY(F) (texfontfamily[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) --#define TEXSERIES(F) (texfontseries[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) --#define TEXSHAPE(F) (texfontshape[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) -+#define TEXFAMILY(F) texfontfamily[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] -+#define TEXSERIES(F) texfontseries[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] -+#define TEXSHAPE(F) texfontshape[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] - #endif --#define TEXFONT(F) (texfontnames[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) -+#define TEXFONT(F) texfontnames[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] - - /* - #define TEXFONTSIZE(S) (texfontsizes[((S) <= MAXFONTSIZE) ? (int)(round(S))\ - : (MAXFONTSIZE-1)]) - */ --#define TEXFONTSIZE(S) (((S) <= MAXFONTSIZE) ? texfontsizes[(int)(round(S))] : (S)) -+#define TEXFONTSIZE(S) ((S) <= MAXFONTSIZE ? texfontsizes[(int)round(S)] : (S)) - #define TEXFONTMAG(T) TEXFONTSIZE(T->size*(rigid_text(T) ? 1.0 : fontmag)) - - void setfigfont(F_text *text); /* genepic.c */ -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 60982b0..726e6da 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -406,7 +406,7 @@ EOF -| ]) -| AT_CLEANUP -| -|-AT_SETUP([allow tex font -1, ticket #81]) -|+AT_SETUP([allow tex font -1, tickets #71, #75, #81]) -| AT_KEYWORDS([pict2e tikz]) -| AT_DATA([text.fig], [FIG_FILE_TOP -| 4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 -|@@ -415,6 +415,8 @@ AT_CHECK([fig2dev -L pict2e text.fig -| ], 0, ignore) -| AT_CHECK([fig2dev -L tikz text.fig -| ], 0, ignore) -|+AT_CHECK([fig2dev -L mp text.fig -|+], 0, ignore) -| AT_CLEANUP -| -| AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) --- -2.16.4 - diff --git a/4d4e1f.patch b/4d4e1f.patch deleted file mode 100644 index 1ac8d84..0000000 --- a/4d4e1f.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 4d4e1fdac467c386cba8706aa0067d5ab8da02d7 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Mon, 3 Feb 2020 23:39:32 +0100 -Subject: [PATCH] Allow DEFAULT color in cgm and ge output, #72, #73 - -Also, fix a memory leak in gencgm.c. ---- - fig2dev/dev/gencgm.c | 8 +++++++- - fig2dev/dev/genge.c | 7 ++++--- - fig2dev/tests/data/line.fig | 2 +- - fig2dev/tests/output.at | 12 ++++++++++++ - 4 files changed, 24 insertions(+), 5 deletions(-) - -diff --git fig2dev/dev/gencgm.c fig2dev/dev/gencgm.c -index 0f472a8..e12940f 100644 ---- fig2dev/dev/gencgm.c -+++ fig2dev/dev/gencgm.c -@@ -151,9 +151,11 @@ gencgm_start(F_compound *objects) - { - int i; - char *p, *figname; -+ char *figname_buf = NULL; - - if (from) { -- figname = strdup(from); -+ figname_buf = strdup(from); -+ figname = figname_buf; - p = strrchr(figname, '/'); - if (p) - figname = p+1; /* remove path from name for comment in file */ -@@ -255,6 +257,8 @@ gencgm_start(F_compound *objects) - print_comments("% ",objects->comments, " %"); - fprintf(tfp,"%% %%\n"); - } -+ if (figname_buf) -+ free(figname_buf); - } - - int -@@ -552,6 +556,8 @@ hatchindex(index) - static void - getrgb(int color, int *r, int *g, int *b) - { -+ if (color < 0) /* DEFAULT color is black */ -+ color = 0; - if (color < NUM_STD_COLS) { - *r = stdcols[color].r * 255.; - *g = stdcols[color].g * 255.; -diff --git fig2dev/dev/genge.c fig2dev/dev/genge.c -index b171f39..5697bb6 100644 ---- fig2dev/dev/genge.c -+++ fig2dev/dev/genge.c -@@ -56,7 +56,8 @@ static void genge_ctl_spline(F_spline *s); - /* color mapping */ - /* xfig ge */ - --static int GE_COLORS[] = { 1, /* black black */ -+static int GE_COLORS[] = { 1, /* DEFAULT == black */ -+ 1, /* black black */ - 8, /* blue blue */ - 7, /* green green */ - 6, /* cyan cyan */ -@@ -438,7 +439,7 @@ back_arrow(F_line *l) - static void - set_color(int col) - { -- fprintf(tfp,"c%02d ",GE_COLORS[col]); -+ fprintf(tfp,"c%02d ",GE_COLORS[col + 1]); - } - - /* set fill if there is a fill style */ -@@ -447,7 +448,7 @@ static void - set_fill(int style, int color) - { - if (style != UNFILLED) -- fprintf(tfp,"C%02d ",GE_COLORS[color]); -+ fprintf(tfp,"C%02d ",GE_COLORS[color + 1]); - } - - /* -diff --git fig2dev/tests/data/line.fig fig2dev/tests/data/line.fig -index e033b12..bfc4976 100644 ---- fig2dev/tests/data/line.fig -+++ fig2dev/tests/data/line.fig -@@ -7,5 +7,5 @@ A9 - Single - -2 - 1200 2 --2 1 0 3 0 7 50 -1 -1 0.0 0 0 -1 0 0 3 -+2 1 0 3 -1 7 50 -1 -1 0.0 0 0 -1 0 0 3 - 50 50 500 50 500 200 -diff --git fig2dev/tests/output.at fig2dev/tests/output.at -index 9a1bc45..fd06727 100644 ---- fig2dev/tests/output.at -+++ fig2dev/tests/output.at -@@ -261,3 +261,15 @@ AT_CHECK([fig2dev -L tikz -P big1.fig big1.tex && \ - latex -halt-on-error big1.tex && latex -halt-on-error big2.tex - ], 0, ignore) - AT_CLEANUP -+ -+ -+AT_BANNER([Test other output languages.]) -+ -+AT_SETUP([allow default color in ge, cgm output, #72, #73]) -+AT_KEYWORDS(cgm ge) -+AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig -+], 0, ignore) -+AT_CHECK([fig2dev -L ge $srcdir/data/line.fig -+], 0, ignore) -+AT_CLEANUP -+ --- -2.16.4 - diff --git a/639c36.patch b/639c36.patch deleted file mode 100644 index beda148..0000000 --- a/639c36.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 639c36010a120e97a6e82e7cd57cbf9dbf4b64f1 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Tue, 4 Feb 2020 21:52:25 +0100 -Subject: [PATCH] Fix pstricks fill with non-solid default color, #77 - -In the pstricks output, filling an area with the shaded or tinted default color -is now equivalent to filling with shaded or tinted black color. ---- - fig2dev/dev/genpstricks.c | 3 ++- - fig2dev/tests/output.at | 1 - - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git fig2dev/dev/genpstricks.c fig2dev/dev/genpstricks.c -index 07c4d09..5acc1f6 100644 ---- fig2dev/dev/genpstricks.c -+++ fig2dev/dev/genpstricks.c -@@ -1856,7 +1856,8 @@ format_options(char *options, char *prefix, char *postfix, char *sqrb_init, - else if (fill_style <= 40) - /* shade or tint fill */ - sprintf(tmps, "fillstyle=solid,fillcolor=%s", -- shade_or_tint_name_after_declare_color(tmpc, fill_style, fill_color)); -+ shade_or_tint_name_after_declare_color(tmpc, fill_style, -+ fill_color == DEFAULT ? CT_BLACK : fill_color)); - else { - char *type = 0, *ps; - int angle = 0; -diff --git fig2dev/tests/output.at fig2dev/tests/output.at -index e0d088c..e1e5ca4 100644 ---- fig2dev/tests/output.at -+++ fig2dev/tests/output.at -@@ -280,4 +280,3 @@ AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig - AT_CHECK([fig2dev -L ge $srcdir/data/line.fig - ], 0, ignore) - AT_CLEANUP -- --- -2.16.4 - diff --git a/CVE-2019-19555.patch b/CVE-2019-19555.patch deleted file mode 100644 index 42e70a3..0000000 --- a/CVE-2019-19555.patch +++ /dev/null @@ -1,50 +0,0 @@ -Based on 19db5fe6f77ebad91af4b4ef0defd61bd0bb358f Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Wed, 4 Dec 2019 17:56:04 +0100 -Subject: [PATCH] Allow fig 2 text ending with multiple ^A, ticket #55 - ---- - fig2dev/read.c | 4 ++-- - fig2dev/tests/read.at | 11 +++++++++++ - 2 files changed, 13 insertions(+), 2 deletions(-) - ---- fig2dev/read.c -+++ fig2dev/read.c 2019-12-05 08:48:27.630190316 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2018 by Thomas Loimer -+ * Parts Copyright (c) 2015-2019 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -1328,7 +1328,7 @@ read_textobject(FILE *fp) - If we do not find the CONTROL-A on this line then this must - be a multi-line text object and we will have to read more. */ - -- n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%[\1]", -+ n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]", - &t->type, &t->font, &t->size, &t->pen, - &t->color, &t->depth, &t->angle, - &t->flags, &t->height, &t->length, ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2019-12-05 08:48:27.634190239 +0000 -@@ -359,6 +359,17 @@ EOF - ], 0, ignore) - AT_CLEANUP - -+AT_SETUP([allow text ending with multiple ^A, ticket #55]) -+AT_KEYWORDS([read.c]) -+AT_CHECK([fig2dev -L box < -Date: Tue, 10 Dec 2019 13:17:36 +0100 -Subject: [PATCH] Reject huge arrow types, ticket #57 - -An arrow type being large enough would pass the test for -a valid type by integer overflow. ---- - fig2dev/arrow.c | 13 ++++++++----- - fig2dev/tests/read.at | 12 ++++++++++++ - 2 files changed, 20 insertions(+), 5 deletions(-) - ---- fig2dev/arrow.c -+++ fig2dev/arrow.c 2020-01-21 11:02:33.457498151 +0000 -@@ -1,9 +1,10 @@ - /* - * Fig2dev: Translate Fig code to various Devices -- * Copyright (c) 1985 by Supoj Sutantavibul - * Copyright (c) 1991 by Micah Beck -- * Parts Copyright (c) 1989-2002 by Brian V. Smith -- * Parts Copyright (c) 2015-2018 by Thomas Loimer -+ * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul -+ * Parts Copyright (c) 1989-2015 by Brian V. Smith -+ * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -78,7 +79,9 @@ make_arrow(int type, int style, double t - { - F_arrow *a; - -- if (style < 0 || style > 1 || type < 0 || (type + 1) * 2 > NUMARROWS) -+ if (style < 0 || style > 1 || type < 0 || -+ /* beware of int overflow */ -+ type > NUMARROWS || (type + 1) * 2 > NUMARROWS) - return NULL; - if (NULL == (Arrow_malloc(a))) { - put_msg(Err_mem); -@@ -90,7 +93,7 @@ make_arrow(int type, int style, double t - - a->type = type; - a->style = style; -- a->thickness = thickness*THICK_SCALE; -+ a->thickness = thickness * THICK_SCALE; - a->wid = wid; - a->ht = ht; - return a; ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-01-21 11:02:33.457498151 +0000 -@@ -135,6 +135,18 @@ A single point with a backward arrow - r - ]) - AT_CLEANUP - -+AT_SETUP([reject huge arrow-type, ticket #57]) -+AT_KEYWORDS(arrow.c arrow) -+AT_CHECK([fig2dev -L box < -Date: Sun, 5 Jan 2020 19:22:12 +0100 -Subject: [PATCH] Replace most calls to fgets() by getline() in read.c - -Also, fig files version 1.4 must begin with `#FIG 1.4`. Previously, a `#` in the -first line was sufficient to detect at least a version 1.4 fig file. -Move some variables with file scope into functions. - -This commit fixes tickets #58, #59, #61, #62, #67, #78 and #79. - -In fig2dev/lib/, replacements are provided for some library functions used in -fig2dev, e.g., strncasecmp(), strrchr(), etc. The getline() function was -introduced more recently than any of the functions provided in fig2dev/lib. -Nevertheless, for getline() a replacement function is not provided. It seems, -that all the replacement functions do not work, but nobody noticed. Therefore, -only provide a replacement function for getline() if that turns out to -be useful. -The replacement functions do not work, because a header file providing the -necessary function declarations is missing. ---- - config.h.in | 3 - configure | 11 - configure.ac | 1 - fig2dev/fig2dev.c | 4 - fig2dev/fig2dev.h | 4 - fig2dev/read.c | 908 +++++++++++++++++++++++++++----------------------- - fig2dev/read1_3.c | 12 - fig2dev/tests/read.at | 29 + - 8 files changed, 548 insertions(+), 424 deletions(-) - -|--- configure.ac -|+++ configure.ac 2020-01-21 11:31:32.048794834 +0000 -|@@ -327,6 +327,7 @@ dnl Just provide our own pi -| # example. -| AC_HEADER_STDBOOL -| AC_TYPE_SIZE_T -|+AC_TYPE_SSIZE_T -| -| # -| # Checks for library functions. ---- config.h.in -+++ config.h.in 2020-01-21 14:01:55.145152807 +0100 -@@ -184,3 +184,6 @@ - - /* Define to `unsigned int' if does not define. */ - #undef size_t -+ -+/* Define to `int' if does not define. */ -+#undef ssize_t ---- configure -+++ configure 2020-01-21 14:01:54.953150514 +0100 -@@ -6341,6 +6341,17 @@ _ACEOF - - fi - -+ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" -+if test "x$ac_cv_type_ssize_t" = xyes; then : -+ -+else -+ -+cat >>confdefs.h <<_ACEOF -+#define ssize_t int -+_ACEOF -+ -+fi -+ - - # - # Checks for library functions. ---- fig2dev/fig2dev.c -+++ fig2dev/fig2dev.c 2020-01-21 11:31:32.048794834 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -81,7 +81,7 @@ bool bgspec = false; /* flag to say -g - bool support_i18n = false; - #endif - char gif_transparent[20]="\0"; /* GIF transp color hex name (e.g. #ff00dd) */ --char papersize[20]; /* paper size */ -+char papersize[]; /* paper size */ - char boundingbox[64]; /* boundingbox */ - char lang[40]; /* selected output language */ - RGB background; /* background (if specified by -g) */ ---- fig2dev/fig2dev.h -+++ fig2dev/fig2dev.h 2020-01-21 11:31:32.048794834 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -101,7 +101,7 @@ extern bool bgspec; /* flag to say -g w - extern bool support_i18n; - #endif - extern char gif_transparent[];/* GIF transp color hex name (e.g. #ff00dd) */ --extern char papersize[]; /* paper size */ -+extern char papersize[16]; /* paper size */ - extern char boundingbox[]; /* boundingbox */ - extern char lang[]; /* selected output language */ - extern const char *Fig_color_names[]; /* hex names for Fig colors */ ---- fig2dev/read.c -+++ fig2dev/read.c 2020-01-21 11:31:32.048794834 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -45,28 +45,34 @@ extern F_arrow *make_arrow(int type, int - User_color user_colors[MAX_USR_COLS]; /* fig2dev.h */ - int user_col_indx[MAX_USR_COLS]; /* fig2dev.h */ - int num_usr_cols; /* fig2dev.h */ --int num_object; /* read1_3.c */ - /* flags, psfonts.h, genps.c */ - int v2_flag; /* Protocol V2.0 or higher */ - int v21_flag; /* Protocol V2.1 or higher */ - int v30_flag; /* Protocol V3.0 or higher */ - int v32_flag; /* Protocol V3.2 or higher */ - --static void read_colordef(void); --static F_ellipse *read_ellipseobject(void); --static F_line *read_lineobject(FILE *fp); --static F_text *read_textobject(FILE *fp); --static F_spline *read_splineobject(FILE *fp); --static F_arc *read_arcobject(FILE *fp); --static F_compound *read_compoundobject(FILE *fp); -+static void read_colordef(char *line, int line_no); -+static F_ellipse *read_ellipseobject(char *line, int line_no); -+static F_line *read_lineobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_text *read_textobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_spline *read_splineobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_arc *read_arcobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_compound *read_compoundobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); - static F_comment *attach_comments(void); --static void count_lines_correctly(FILE *fp); --static void init_pats_used(void); --static int read_objects(FILE *fp, F_compound *obj); --static int get_line(FILE *fp); --static void skip_line(FILE *fp); --static int backslash_count(char cp[], int start); --static int save_comment(void); -+static void count_lines_correctly(FILE *fp, int *line_no); -+static void init_pats_used(void); -+static int read_objects(FILE *fp, F_compound *obj); -+static ssize_t get_line(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static void skip_line(FILE *fp); -+static ptrdiff_t backslash_count(const char *restrict cp, -+ ptrdiff_t start); -+ - static char Err_incomp[] = "Incomplete %s object at line %d."; - static char Err_invalid[] = "Invalid %s object at line %d."; - static char Err_arrow[] = "Invalid %s arrow at line %d."; -@@ -77,9 +83,6 @@ static char Err_arrow[] = "Invalid %s ar - /* max number of comments that can be stored with each object */ - #define MAXCOMMENTS 100 - --static int gif_colnum = 0; --static char buf[BUFSIZ]; --static int line_no = 0; - static char *comments[MAXCOMMENTS]; /* comments saved for current object */ - static int numcom; /* current comment index */ - static bool com_alloc = false; /* whether or not the comment array -@@ -148,7 +151,6 @@ readfp_fig(FILE *fp, F_compound *obj) - char c; - int i, status; - -- num_object = 0; - num_usr_cols = 0; - init_pats_used(); - -@@ -157,15 +159,14 @@ readfp_fig(FILE *fp, F_compound *obj) - /* initialize the comment array */ - if (!com_alloc) - for (i = 0; i < MAXCOMMENTS; ++i) -- comments[i] = (char *) NULL; -+ comments[i] = (char *)NULL; - com_alloc = true; -- memset((char*)obj, '\0', COMOBJ_SIZE); -+ memset((void *)obj, '\0', COMOBJ_SIZE); - - /* read first character to see if it is "#" (#FIG 1.4 and newer) */ - c = fgetc(fp); - if (feof(fp)) - return -2; -- memset((char*)obj, '\0', COMOBJ_SIZE); - /* put the character back */ - ungetc(c, fp); - if (c == '#') -@@ -185,25 +186,30 @@ read_objects(FILE *fp, F_compound *obj) - F_spline *s, *ls = NULL; - F_arc *a, *la = NULL; - F_compound *c, *lc = NULL; -- int object, coord_sys, len; -- -- memset((char*)obj, '\0', COMOBJ_SIZE); -- -- (void) fgets(buf, BUFSIZ, fp); /* get the version line */ -- if (strncmp(buf, "#FIG ", 5)) { -- put_msg("Incorrect format string in first line of input file."); -+ bool objects = false; -+ int object, coord_sys; -+ int line_no; -+ int gif_colnum = 0; -+ char *line; -+ char buf[16]; -+ size_t line_len = 256; -+ -+ /* Get the 15 chars of the first line. -+ Use fgets(), because get_line() would store the line as a comment */ -+ if (fgets(buf, sizeof buf, fp) == NULL) { -+ put_msg("Could not read input file."); - return -1; - } -+ /* seek to the end of the first line */ -+ if (strchr(buf, '\n') == NULL) { -+ int c; -+ do -+ c = fgetc(fp); -+ while (c != '\n' && c != EOF); -+ } - -- /* remove newline and any carriage return (from a PC, perhaps) */ -- len = strlen(buf); -- if (buf[len-1] == '\n') { -- if (buf[len-2] == '\r') -- buf[len-2] = '\0'; -- else -- buf[len-1] = '\0'; -- } else { /* fgets() only stops at newline and end-of-file */ -- put_msg("File is truncated at first line."); -+ if (strncmp(buf, "#FIG ", 5)) { -+ put_msg("Incorrect format string in first line of input file."); - return -1; - } - -@@ -211,49 +217,65 @@ read_objects(FILE *fp, F_compound *obj) - v2_flag = (!strncmp(buf, "#FIG 2", 6) || !strncmp(buf, "#FIG 3", 6)); - /* v21_flag is for version 2.1 or higher */ - v21_flag = (!strncmp(buf, "#FIG 2.1", 8) || !strncmp(buf, "#FIG 3", 6)); -- /* version 2.2 was only beta - 3.0 is the official release (they are identical) */ -+ /* version 2.2 was only beta - 3.0 is the official release -+ (they are identical) */ - v30_flag = (!strncmp(buf, "#FIG 3", 6) || !strncmp(buf, "#FIG 2.2", 8)); -- /* version 3.2 contains paper size, magnif, multiple page and transparent color -- in Fig file */ -+ /* version 3.2 contains paper size, magnif, multiple page -+ and transparent color in Fig file */ - v32_flag = (!strncmp(buf, "#FIG 3.2", 8)); - if (strncmp(&buf[5], PACKAGE_VERSION, 3) > 0) { -- put_msg("Fig file format (%s) newer than this version of fig2dev (%s), exiting", -- &buf[5], PACKAGE_VERSION); -- exit(1); -+ put_msg("Fig file format (%s) newer than this version of fig2dev (%s), exiting", -+ &buf[5], PACKAGE_VERSION); -+ exit(EXIT_FAILURE); -+ } -+ -+ if ((v2_flag | v21_flag | v30_flag | v32_flag) == 0 && -+ strncmp(buf, "#FIG 1.4", 8)) { -+ put_msg("Cannot determine fig file format from string '%s'.", -+ &buf[5]); -+ exit(EXIT_FAILURE); -+ } -+ -+ if ((line = malloc(line_len)) == NULL) { -+ put_msg(Err_mem); -+ return -1; - } - -+ line_no = 1; - if (v30_flag) { - /* read the orientation spec (landscape/portrait) */ -- line_no=1; -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at landscape/portrait specification."); -+ free(line); - return -1; - } - /* but set only if the user didn't specify the orientation - on the command line */ - if (!orientspec) -- landscape = !strncasecmp(buf,"land",4); -+ landscape = !strncasecmp(line, "land", 4); - - /* now read the metric/inches spec OR centering spec */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at metric/inches or centering specification."); -+ free(line); - return -1; - } - /* read justification spec */ -- if ((strncasecmp(buf,"center",6) == 0) || -- (strncasecmp(buf,"flush",5) == 0)) { -+ if ((strncasecmp(line, "center", 6) == 0) || -+ (strncasecmp(line, "flush", 5) == 0)) { - /* but set only if user didn't specify it */ - if (!centerspec) -- center = strncasecmp(buf,"flush",5); -+ center = strncasecmp(line, "flush", 5); - /* now read metric/inches spec */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at metric/inches specification."); -+ free(line); - return -1; - } - } - /* read metric/inches spec */ - /* if metric, scale magnification to correct for xfig display error */ -- if (strncasecmp(buf,"metric", 6) == 0) { -+ if (strncasecmp(line, "metric", 6) == 0) { - metric = 1; - } else { - metric = 0; -@@ -261,56 +283,67 @@ read_objects(FILE *fp, F_compound *obj) - - /* new stuff in 3.2 */ - if (v32_flag) { -- char *p; - /* read the paper size */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at paper size specification."); -+ free(line); - return -1; - } - if (!paperspec) { -- strcpy(papersize,buf); -- /* and truncate at first blank, if any */ -- if ((p=strchr(papersize,' '))) -+ char *p; -+ /* truncate at first blank, if any */ -+ if ((p = strchr(line, ' '))) - *p = '\0'; -+ if (strlen(line) + 1 > sizeof papersize) { -+ put_msg("Invalid paper size specification at line %d: %s", -+ line_no, line); -+ free(line); -+ return -1; -+ } -+ strcpy(papersize, line); - } - - /* read the magnification */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at magnification specification."); -+ free(line); - return -1; - } -- /* if the users hasn't specified a magnification on the command line, -- use the one in the file */ -+ /* if the users hasn't specified a magnification on -+ the command line, use the one in the file */ - if (!magspec) { -- mag = atof(buf)/100.0; -+ mag = atof(line)/100.0; - if (mag <= 0.) - mag = 1.; - fontmag = mag; - } - - /* read the multiple page flag */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at multiple page specification."); -+ free(line); - return -1; - } - if (!multispec) -- multi_page = (strncasecmp(buf,"multiple",8) == 0); -+ multi_page = (strncasecmp(line, "multiple", 8) == 0); - - /* Read the GIF transparent color. */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at transparent color specification."); -+ free(line); - return -1; - } - if (!transspec) { -- gif_colnum = atoi(buf); -+ gif_colnum = atoi(line); - if (gif_colnum < -3) { - put_msg("Invalid color number for transparent color."); -+ free(line); - return -1; - } - /* if standard color, get the name from the array */ - /* for user colors, wait till we've read in the file to get the value */ - if (gif_colnum < NUM_STD_COLS && gif_colnum >= 0) -- strcpy(gif_transparent,Fig_color_names[gif_colnum]); -+ strcpy(gif_transparent, Fig_color_names[gif_colnum]); - } - } - } else { -@@ -329,17 +362,20 @@ read_objects(FILE *fp, F_compound *obj) - } - - /* now read for resolution and coord_sys (coord_sys is not used) */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at resolution specification."); -+ free(line); - return -1; - } -- if (sscanf(buf,"%lf%d\n", &ppi, &coord_sys) != 2) { -+ if (sscanf(line, "%lf%d", &ppi, &coord_sys) != 2) { - put_msg("Incomplete resolution information at line %d.", line_no); -+ free(line); - return -1; - } - if (ppi <= 0.) { - put_msg("Invalid resolution information (%g) at line %d.", - ppi, line_no); -+ free(line); - return -1; - } - -@@ -349,24 +385,28 @@ read_objects(FILE *fp, F_compound *obj) - /* attach any comments found thus far to the whole figure */ - obj->comments = attach_comments(); - -- while (get_line(fp) > 0) { -- if (sscanf(buf, "%d", &object) != 1) { -+ while (get_line(fp, &line, &line_len, &line_no) > 0) { -+ if (sscanf(line, "%d", &object) != 1) { - put_msg("Incorrect format at line %d.", line_no); -+ free(line); - return -1; - } - switch (object) { - case OBJ_COLOR_DEF: -- read_colordef(); -- if (num_object) { -+ if (objects) { - put_msg("Color definitions must come before other objects (line %d).", - line_no); -- return (-1); -+ free(line); -+ return -1; - } -- ++num_usr_cols; -+ read_colordef(line, line_no); - break; - case OBJ_POLYLINE : -- if ((l = read_lineobject(fp)) == NULL) -+ if ((l = read_lineobject(fp, &line, &line_len, &line_no)) == -+ NULL) { -+ free(line); - return -1; -+ } - #ifdef V4_0 - if ((l->pic != NULL) && (l->pic->figure != NULL)) { - if (lc) -@@ -388,79 +428,97 @@ read_objects(FILE *fp, F_compound *obj) - ll = (ll->next = l); - else - ll = obj->lines = l; -- num_object++; -+ objects = true; - break; - #endif /* V4_0 */ - case OBJ_SPLINE : -- if ((s = read_splineobject(fp)) == NULL) { -+ if ((s = read_splineobject(fp, &line, &line_len, &line_no)) -+ == NULL) { -+ free(line); - return -1; -- } -+ } - if (v32_flag){ /* s is a line */ - if (ll) - ll = (ll->next = (F_line *) s); - else - ll = obj->lines = (F_line *) s; -- num_object++; -+ objects = true; - break; - } - if (ls) - ls = (ls->next = s); - else - ls = obj->splines = s; -- num_object++; -+ objects = true; - break; - case OBJ_ELLIPSE : -- if ((e = read_ellipseobject()) == NULL) -+ if ((e = read_ellipseobject(line, line_no)) == NULL) { -+ free(line); - return -1; -+ } - if (le) - le = (le->next = e); - else - le = obj->ellipses = e; -- num_object++; -+ objects = true; - break; - case OBJ_ARC : -- if ((a = read_arcobject(fp)) == NULL) -+ if ((a = read_arcobject(fp, &line, &line_len, &line_no)) == -+ NULL) { -+ free(line); - return -1; -+ } - if (la) - la = (la->next = a); - else - la = obj->arcs = a; -- num_object++; -+ objects = true; - break; - case OBJ_TEXT : -- if ((t = read_textobject(fp)) == NULL) -+ if ((t = read_textobject(fp, &line, &line_len, &line_no)) == -+ NULL) { -+ free(line); - return -1; -+ } - if (lt) - lt = (lt->next = t); - else - lt = obj->texts = t; -- num_object++; -+ objects = true; - break; - case OBJ_COMPOUND : -- if ((c = read_compoundobject(fp)) == NULL) -+ if ((c = read_compoundobject(fp, &line, &line_len,&line_no)) -+ == NULL) { -+ free(line); - return -1; -+ } - if (lc) - lc = (lc->next = c); - else - lc = obj->compounds = c; -- num_object++; -+ objects = true; - break; - default : - put_msg("Incorrect object code at line %d.", line_no); -+ free(line); - return -1; - } /* switch */ -- } /* while (get_line(fp)) */ -+ } /* while (get_line(...)) */ -+ free(line); - - /* if user color was requested for GIF transparent color, get the - rgb values from the user color array now that we've read them in */ - if (gif_colnum >= NUM_STD_COLS) { - int i; -- for (i=0; i MAX_USR_COLS) -+ num_usr_cols = MAX_USR_COLS; -+ for (i=0; i < num_usr_cols; ++i) - if (user_col_indx[i] == gif_colnum) - break; - if (i < num_usr_cols) -- sprintf(gif_transparent,"#%2x%2x%2x", -- user_colors[i].r,user_colors[i].g,user_colors[i].b); -+ sprintf(gif_transparent, "#%2x%2x%2x", -+ user_colors[i].r, user_colors[i].g, user_colors[i].b); - } - - if (feof(fp)) -@@ -474,55 +532,72 @@ read_objects(FILE *fp, F_compound *obj) - } /* read_objects */ - - static void --read_colordef(void) -+read_colordef(char *line, int line_no) - { -- int c; -- unsigned int r,g,b; -+ int c; -+ unsigned int r,g,b; - -- if ((sscanf(buf, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) != 4) || -- (c < NUM_STD_COLS)) { -- buf[strlen(buf)-1]='\0'; /* remove the newline */ -- put_msg("Invalid color definition: %s, setting to black (#00000).",buf); -- r=g=b=0; -- } -- user_col_indx[num_usr_cols] = c; -- user_colors[num_usr_cols].r = r; -- user_colors[num_usr_cols].g = g; -- user_colors[num_usr_cols].b = b; -+ if (num_usr_cols >= MAX_USR_COLS) { -+ if (num_usr_cols == MAX_USR_COLS) { -+ put_msg("Maximum number of color definitions (%d) exceeded at line %d.", -+ MAX_USR_COLS, line_no); -+ ++num_usr_cols; -+ } -+ /* ignore additional colors */ -+ return; -+ } -+ if (sscanf(line, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) != 4) { -+ if (c >= NUM_STD_COLS && c < NUM_STD_COLS + MAX_USR_COLS) { -+ put_msg("Invalid color definition at line %d: %s, setting to black (#00000).", -+ line_no, line); -+ r = g = b = 0; -+ } else { -+ put_msg("User color number at line %d out of range (%d), should be between %d and %d.", -+ line_no, c, NUM_STD_COLS, -+ NUM_STD_COLS + MAX_USR_COLS - 1); -+ return; -+ } -+ } -+ user_col_indx[num_usr_cols] = c; -+ user_colors[num_usr_cols].r = r; -+ user_colors[num_usr_cols].g = g; -+ user_colors[num_usr_cols].b = b; -+ ++num_usr_cols; - } - - static void --fix_and_note_color(int *color) -+fix_and_note_color(int *color, int line_no) - { -- int i; -- if (*color < DEFAULT) { -- put_msg("Invalid color number %d at line %d, using default color.", -- *color, line_no); -- *color = DEFAULT; -- return; -- } -- if (*color < NUM_STD_COLS) { -- if (*color >= BLACK_COLOR) { -- std_color_used[*color] = true; -+ int i; -+ -+ if (*color < DEFAULT) { -+ put_msg("Invalid color number %d at line %d, using default color.", -+ *color, line_no); -+ *color = DEFAULT; -+ return; - } -- return; -- } -- for (i=0; i= BLACK_COLOR) { -+ std_color_used[*color] = true; -+ } - return; - } -- put_msg("Cannot locate user color %d, using default color at line %d.", -- *color, line_no); -- *color = DEFAULT; -- return; -+ for (i = 0; i < MIN(num_usr_cols, MAX_USR_COLS); ++i) -+ if (*color == user_col_indx[i]) { -+ *color = i + NUM_STD_COLS; -+ return; -+ } -+ put_msg("Cannot locate user color %d, using default color at line %d.", -+ *color, line_no); -+ *color = DEFAULT; -+ return; - } - - static void --note_fill(int fill, int *color) -+note_fill(int fill, int *color, int line_no) - { - if (fill != UNFILLED) { -- fix_and_note_color(color); -+ fix_and_note_color(color, line_no); - if (fill >= NUMSHADES + NUMTINTS) { - pattern_used[fill - NUMSHADES - NUMTINTS] = true; - pats_used = true; -@@ -531,7 +606,7 @@ note_fill(int fill, int *color) - } - - static F_arc * --read_arcobject(FILE *fp) -+read_arcobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { - F_arc *a; - int n, fa, ba; -@@ -548,7 +623,7 @@ read_arcobject(FILE *fp) - a->back_arrow = NULL; - a->next = NULL; - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%lf%lf%d%d%d%d%d%d\n", -+ n = sscanf(*line,"%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%lf%lf%d%d%d%d%d%d", - &a->type, &a->style, &a->thickness, - &a->pen_color, &a->fill_color, &a->depth, &a->pen, &a->fill_style, - &a->style_val, &a->cap_style, -@@ -558,7 +633,7 @@ read_arcobject(FILE *fp) - &a->point[1].x, &a->point[1].y, - &a->point[2].x, &a->point[2].y); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d%d%lf%lf%d%d%d%d%d%d\n", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d%d%lf%lf%d%d%d%d%d%d", - &a->type, &a->style, &a->thickness, - &a->pen_color, &a->depth, &a->pen, &a->fill_style, - &a->style_val, &a->direction, &fa, &ba, -@@ -570,45 +645,45 @@ read_arcobject(FILE *fp) - a->cap_style = 0; /* butt line cap */ - } - if ((v30_flag && n != 21) || (!v30_flag && n != 19)) { -- put_msg(Err_incomp, "arc", line_no); -+ put_msg(Err_incomp, "arc", *line_no); - free(a); - return NULL; - } - a->thickness *= round(THICK_SCALE); - a->fill_style = FILL_CONVERT(a->fill_style); - if (INVALID_ARC(a)) { -- put_msg(Err_invalid, "arc", line_no); -+ put_msg(Err_invalid, "arc", *line_no); - free(a); - return NULL; - } -- fix_and_note_color(&a->pen_color); -- note_fill(a->fill_style, &a->fill_color); -+ fix_and_note_color(&a->pen_color, *line_no); -+ note_fill(a->fill_style, &a->fill_color, *line_no); - if (fa) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "arc", line_no); -+ put_msg(Err_incomp, "arc", *line_no); - free(a); - return NULL; - } - if ((a->for_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "forward", line_no); -+ put_msg(Err_arrow, "forward", *line_no); - free(a); - return NULL; - } - } - if (ba) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "arc", line_no); -+ put_msg(Err_incomp, "arc", *line_no); - free(a); - return NULL; - } - if ((a->back_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "backward", line_no); -+ put_msg(Err_arrow, "backward", *line_no); - free(a); - return NULL; - } -@@ -618,7 +693,8 @@ read_arcobject(FILE *fp) - } - - static F_compound * --read_compoundobject(FILE *fp) -+read_compoundobject(FILE *fp, char **restrict line, size_t *line_len, -+ int *line_no) - { - F_arc *a, *la = NULL; - F_ellipse *e, *le = NULL; -@@ -638,22 +714,23 @@ read_compoundobject(FILE *fp) - com->next = NULL; - com->comments = attach_comments(); /* attach any comments */ - -- n = sscanf(buf, "%*d%d%d%d%d\n", &com->nwcorner.x, &com->nwcorner.y, -+ n = sscanf(*line, "%*d%d%d%d%d", &com->nwcorner.x, &com->nwcorner.y, - &com->secorner.x, &com->secorner.y); - if (n != 4) { -- put_msg(Err_incomp, "compound", line_no); -+ put_msg(Err_incomp, "compound", *line_no); - free(com); - return NULL; - } -- while (get_line(fp) > 0) { -- if (sscanf(buf, "%d", &object) != 1) { -- put_msg(Err_incomp, "compound", line_no); -+ while (get_line(fp, line, line_len, line_no) > 0) { -+ if (sscanf(*line, "%d", &object) != 1) { -+ put_msg(Err_incomp, "compound", *line_no); - free_compound(&com); - return NULL; -- } -+ } - switch (object) { - case OBJ_POLYLINE : -- if ((l = read_lineobject(fp)) == NULL) { -+ if ((l = read_lineobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - #ifdef V4_0 -@@ -674,7 +751,8 @@ read_compoundobject(FILE *fp) - #endif /* V4_0 */ - break; - case OBJ_SPLINE : -- if ((s = read_splineobject(fp)) == NULL) { -+ if ((s = read_splineobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - if (v32_flag){ /* s is a line */ -@@ -690,7 +768,7 @@ read_compoundobject(FILE *fp) - ls = com->splines = s; - break; - case OBJ_ELLIPSE : -- if ((e = read_ellipseobject()) == NULL) { -+ if ((e = read_ellipseobject(*line, *line_no)) == NULL) { - return NULL; - } - if (le) -@@ -699,7 +777,8 @@ read_compoundobject(FILE *fp) - le = com->ellipses = e; - break; - case OBJ_ARC : -- if ((a = read_arcobject(fp)) == NULL) { -+ if ((a = read_arcobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - if (la) -@@ -708,7 +787,8 @@ read_compoundobject(FILE *fp) - la = com->arcs = a; - break; - case OBJ_TEXT : -- if ((t = read_textobject(fp)) == NULL) { -+ if ((t = read_textobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - if (lt) -@@ -717,7 +797,8 @@ read_compoundobject(FILE *fp) - lt = com->texts = t; - break; - case OBJ_COMPOUND : -- if ((c = read_compoundobject(fp)) == NULL) { -+ if ((c = read_compoundobject(fp, line, line_len, line_no)) -+ == NULL) { - return NULL; - } - if (lc) -@@ -728,7 +809,7 @@ read_compoundobject(FILE *fp) - case OBJ_END_COMPOUND : - return com; - default : -- put_msg("Wrong object code at line %d", line_no); -+ put_msg("Wrong object code at line %d", *line_no); - return NULL; - } /* switch */ - } -@@ -739,7 +820,7 @@ read_compoundobject(FILE *fp) - } - - static F_ellipse * --read_ellipseobject(void) -+read_ellipseobject(char *line, int line_no) - { - F_ellipse *e; - int n; -@@ -749,7 +830,7 @@ read_ellipseobject(void) - e->pen = 0; - e->next = NULL; - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d\n", -+ n = sscanf(line, "%*d%d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d", - &e->type, &e->style, &e->thickness, - &e->pen_color, &e->fill_color, &e->depth, &e->pen, &e->fill_style, - &e->style_val, &e->direction, &e->angle, -@@ -758,7 +839,7 @@ read_ellipseobject(void) - &e->start.x, &e->start.y, - &e->end.x, &e->end.y); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d\n", -+ n = sscanf(line, "%*d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d", - &e->type, &e->style, &e->thickness, - &e->pen_color, &e->depth, &e->pen, &e->fill_style, - &e->style_val, &e->direction, &e->angle, -@@ -773,7 +854,7 @@ read_ellipseobject(void) - free(e); - return NULL; - } -- fix_and_note_color(&e->pen_color); -+ fix_and_note_color(&e->pen_color, line_no); - e->thickness *= round(THICK_SCALE); - e->fill_style = FILL_CONVERT(e->fill_style); - if (e->radiuses.x < 0) -@@ -785,7 +866,7 @@ read_ellipseobject(void) - free(e); - return NULL; - } -- note_fill(e->fill_style, &e->fill_color); -+ note_fill(e->fill_style, &e->fill_color, line_no); - e->comments = attach_comments(); /* attach any comments */ - return e; - } -@@ -804,8 +885,9 @@ read_ellipseobject(void) - */ - static int - sanitize_lineobject( -- F_line *l, /* the line */ -- F_point *p /* the last point of the line */ -+ F_line *l, /* the line */ -+ F_point *p, /* the last point of the line */ -+ int line_no - ) - { - F_point *q; -@@ -912,7 +994,7 @@ sanitize_lineobject( - } - - static F_line * --read_lineobject(FILE *fp) -+read_lineobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { - F_line *l; - F_point *o = NULL, *p, *q; -@@ -933,40 +1015,38 @@ read_lineobject(FILE *fp) - l->pic = NULL; - l->comments = NULL; - -- sscanf(buf,"%*d%d",&l->type); /* get the line type */ -+ sscanf(*line, "%*d%d", &l->type); /* get the line type */ - - radius_flag = v30_flag || v21_flag || (v2_flag && l->type == T_ARC_BOX); - if (radius_flag) { - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%d%d", - &l->type,&l->style,&l->thickness,&l->pen_color,&l->fill_color, - &l->depth,&l->pen,&l->fill_style,&l->style_val, - &l->join_style,&l->cap_style, - &l->radius,&fa,&ba,&npts); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d%d", -- &l->type,&l->style,&l->thickness,&l->pen_color, -- &l->depth,&l->pen,&l->fill_style,&l->style_val,&l->radius,&fa, &ba); -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d%d", -+ &l->type,&l->style,&l->thickness,&l->pen_color,&l->depth, -+ &l->pen,&l->fill_style,&l->style_val,&l->radius,&fa, &ba); - l->fill_color = l->pen_color; - } - } - /* old format uses pen for radius of arc-box corners */ - else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d", - &l->type,&l->style,&l->thickness,&l->pen_color, - &l->depth,&l->pen,&l->fill_style,&l->style_val,&fa,&ba); - l->fill_color = l->pen_color; -- if (l->type == T_ARC_BOX) -- { -- l->radius = (int) l->pen; -+ if (l->type == T_ARC_BOX) { -+ l->radius = l->pen; - l->pen = 0; -- } -- else -+ } else - l->radius = 0; - } - if ((!radius_flag && n!=10) || - (radius_flag && ((!v30_flag && n!=11)||(v30_flag && n!=15)))) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free(l); - return NULL; - } -@@ -974,45 +1054,47 @@ read_lineobject(FILE *fp) - l->thickness *= round(THICK_SCALE); - l->fill_style = FILL_CONVERT(l->fill_style); - if (INVALID_LINE(l)) { -- put_msg(Err_invalid, "line", line_no); -+ put_msg(Err_invalid, "line", *line_no); - free(l); - return NULL; - } -- note_fill(l->fill_style, &l->fill_color); -- fix_and_note_color(&l->pen_color); -+ note_fill(l->fill_style, &l->fill_color, *line_no); -+ fix_and_note_color(&l->pen_color, *line_no); - if (fa) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free(l); - return NULL; - } - if ((l->for_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "forward", line_no); -+ put_msg(Err_arrow, "forward", *line_no); - free(l); - return NULL; - } - } - if (ba) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free_linestorage(l); - return NULL; - } - if ((l->back_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "backward", line_no); -+ put_msg(Err_arrow, "backward", *line_no); - free_linestorage(l); - return NULL; - } - } - if (l->type == T_PIC_BOX) { -- char file[BUFSIZ], *c; -+ char *file, *c; -+ int pos; - size_t len; -+ ssize_t chars; - - if ((Pic_malloc(l->pic)) == NULL) { - free(l); -@@ -1026,21 +1108,22 @@ read_lineobject(FILE *fp) - XpmCreateXpmImageFromBuffer("", &l->pic->xpmimage, NULL); - #endif - -- /* %[^\n]: really, read until first '\0' in buf */ -- if (get_line(fp) < 0 || sscanf(buf, "%d %[^\n]", -- &l->pic->flipped, file) != 2) { -- put_msg(Err_incomp, "picture", line_no); -- free(l); -- return NULL; -+ if ((chars = get_line(fp, line, line_len, line_no)) < 0 || -+ sscanf(*line, "%d %n", &l->pic->flipped, &pos) != 1) { -+ put_msg(Err_incomp, "picture", *line_no); -+ free(l); -+ return NULL; - } -+ file = *line + pos; -+ len = chars - pos; /* strlen(file) */ -+ - /* if there is a path in the .fig filename, and the path of the - * imported picture filename is NOT absolute, prepend the - * .fig file path to it - */ - if (from && (c = strrchr(from, '/')) && file[0] != '/') { -- if ((l->pic->file = malloc((size_t)(c - from + 2) + -- (len = strlen(file)))) == -- NULL) { -+ if ((l->pic->file = malloc((size_t)(c - from + 2) + len)) == -+ NULL) { - put_msg(Err_mem); - free(l); /* Points not read yet. */ - return NULL; -@@ -1049,8 +1132,8 @@ read_lineobject(FILE *fp) - memcpy(l->pic->file + (c - from + 1), file, len + 1); - } else { - /* either absolute picture path or no path in .fig filename */ -- l->pic->file = malloc(len = strlen(file) + 1); -- memcpy(l->pic->file, file, len); -+ l->pic->file = malloc(len + 1); -+ memcpy(l->pic->file, file, len + 1); - } - } - -@@ -1062,9 +1145,9 @@ read_lineobject(FILE *fp) - p->next = NULL; - - /* read first point of line */ -- ++line_no; -+ ++(*line_no); - if (fscanf(fp, "%d%d", &p->x, &p->y) != 2) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free_linestorage(l); - return NULL; - } -@@ -1072,9 +1155,9 @@ read_lineobject(FILE *fp) - if (!v30_flag) - npts = 1000000; - for (--npts; npts > 0; --npts) { -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if (fscanf(fp, "%d%d", &x, &y) != 2) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free_linestorage(l); - return NULL; - } -@@ -1103,7 +1186,7 @@ read_lineobject(FILE *fp) - l->last[1].y = o->y; - } - -- if (sanitize_lineobject(l, p)) { -+ if (sanitize_lineobject(l, p, *line_no)) { - free_linestorage(l); - return NULL; - } -@@ -1115,7 +1198,8 @@ read_lineobject(FILE *fp) - } - - static F_spline * --read_splineobject(FILE *fp) -+read_splineobject(FILE *fp, char **restrict line, size_t *line_len, -+ int *line_no) - { - F_spline *s; - F_line *l; -@@ -1137,58 +1221,58 @@ read_splineobject(FILE *fp) - s->next = NULL; - - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d", - &s->type, &s->style, &s->thickness, - &s->pen_color, &s->fill_color, - &s->depth, &s->pen, &s->fill_style, &s->style_val, - &s->cap_style, &fa, &ba, &npts); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d", - &s->type, &s->style, &s->thickness, &s->pen_color, - &s->depth, &s->pen, &s->fill_style, &s->style_val, &fa, &ba); - s->fill_color = s->pen_color; - s->cap_style = 0; /* butt line cap */ - } - if ((v30_flag && n != 13) || (!v30_flag && n != 10)) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free(s); - return NULL; - } - s->thickness *= round(THICK_SCALE); - s->fill_style = FILL_CONVERT(s->fill_style); - if (INVALID_SPLINE(s)) { -- put_msg(Err_invalid, "spline", line_no); -+ put_msg(Err_invalid, "spline", *line_no); - free(s); - return NULL; - } -- note_fill(s->fill_style, &s->fill_color); -- fix_and_note_color(&s->pen_color); -+ note_fill(s->fill_style, &s->fill_color, *line_no); -+ fix_and_note_color(&s->pen_color, *line_no); - if (fa) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free(s); - return NULL; - } - if ((s->for_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "forward", line_no); -+ put_msg(Err_arrow, "forward", *line_no); - free(s); - return NULL; - } - } - if (ba) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } - if ((s->back_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "backward", line_no); -+ put_msg(Err_arrow, "backward", *line_no); - free_splinestorage(s); - return NULL; - } -@@ -1196,9 +1280,9 @@ read_splineobject(FILE *fp) - - /* Read points */ - /* read first point of line */ -- ++line_no; -+ ++(*line_no); - if ((n = fscanf(fp, "%d%d", &x, &y)) != 2) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - }; -@@ -1212,15 +1296,15 @@ read_splineobject(FILE *fp) - if (!v30_flag) - npts = 1000000; - if (npts < 2) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } - for (--npts; npts > 0; --npts) { - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if (fscanf(fp, "%d%d", &x, &y) != 2) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - }; -@@ -1250,9 +1334,9 @@ read_splineobject(FILE *fp) - ptr = s->controls; - while (ptr) { /* read controls */ - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if ((n = fscanf(fp, "%lf", &control_s)) != 1) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } -@@ -1275,9 +1359,9 @@ read_splineobject(FILE *fp) - } - /* Read controls from older versions */ - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if ((n = fscanf(fp, "%lf%lf%lf%lf", &lx, &ly, &rx, &ry)) != 4) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } -@@ -1290,9 +1374,9 @@ read_splineobject(FILE *fp) - cp->rx = rx; cp->ry = ry; - while (--c) { - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if (fscanf(fp, "%lf%lf%lf%lf", &lx, &ly, &rx, &ry) != 4) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - cp->next = NULL; - free_splinestorage(s); - return NULL; -@@ -1315,13 +1399,37 @@ read_splineobject(FILE *fp) - return s; - } - -+static char * -+find_end(const char *str, int v30flag) -+{ -+ const char endmark[] = "\\001"; -+ char *end; -+ -+ if (v30flag) { -+ /* A string is terminated with the literal '\001', -+ and 8-bit characters may be represented as \xxx */ -+ end = strstr(str, endmark); -+ /* is this not '\\001', or '\\\\001', etc? */ -+ while (end && backslash_count(str, end - str) % 2 == 0) -+ end = strstr(end + 3, endmark); -+ } else { -+ /* The text object is terminated by a CONTROL-A. -+ If there is no CONTROL-A on this line, then this -+ must be a multi-line text object. */ -+ end = strchr(str, '\1'); -+ } -+ return end; -+} -+ -+ - static F_text * --read_textobject(FILE *fp) -+read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { - F_text *t; -- int n, ignore = 0; -- char s[BUFSIZ], s_temp[BUFSIZ], junk[2]; -- int more, len, l; -+ bool freestart = false; -+ int i, n; -+ char *end, *start; -+ size_t len; - - Text_malloc(t); - t->font = 0; -@@ -1329,32 +1437,101 @@ read_textobject(FILE *fp) - t->comments = NULL; - t->next = NULL; - -- if (v30_flag) { /* order of parms is more like other objects now, -- string is now terminated with the literal '\001', -- and 8-bit characters are represented as \xxx */ -- -- n = sscanf(buf, "%*d%d%d%d%d%d%lf%lf%d%lf%lf%d%d%[^\n]", -- &t->type, &t->color, &t->depth, &t->pen, -- &t->font, &t->size, &t->angle, -- &t->flags, &t->height, &t->length, -- &t->base_x, &t->base_y, s); -+ n = sscanf(*line, "%*d%d%d%d%d%d%lf%lf%d%lf%lf%d%d %n", -+ &t->type, &t->color, &t->depth, &t->pen, &t->font, -+ &t->size, &t->angle, &t->flags, &t->height, &t->length, -+ &t->base_x, &t->base_y, &i); -+ if (n != 12) { -+ put_msg(Err_incomp, "text", *line_no); -+ free(t); -+ return NULL; -+ } -+ start = *line + i; -+ end = find_end(start, v30_flag); -+ -+ if (end) { -+ *end = '\0'; -+ len = end - start; - } else { -- /* The text object is terminated by a CONTROL-A, so we read -- everything up to the CONTROL-A and then read that character. -- If we do not find the CONTROL-A on this line then this must -- be a multi-line text object and we will have to read more. */ -- -- n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]", -- &t->type, &t->font, &t->size, &t->pen, -- &t->color, &t->depth, &t->angle, -- &t->flags, &t->height, &t->length, -- &t->base_x, &t->base_y, s, junk); -- } -- if ((n != 14) && (n != 13)) { -- put_msg(Err_incomp, "text", line_no); -- free(t); -- return NULL; -+ ssize_t chars; -+ char *next; -+ -+ len = strlen(start); -+ start[len++] = '\n'; /* put back the newline */ -+ -+ /* allocate plenty of space */ -+ next = malloc(len + BUFSIZ); -+ if (next == NULL) { -+ put_msg(Err_mem); -+ free(t); -+ return NULL; -+ } -+ memcpy(next, start, len); -+ -+ while ((chars = getline(line, line_len, fp)) != -1) { -+ ++(*line_no); -+ end = find_end(*line, v30_flag); -+ if (end) { -+ *end = '\0'; -+ next = realloc(next, len + end - *line + 1); -+ memcpy(next + len, *line, end - *line + 1); -+ len += end - *line; -+ break; -+ } else { -+ if (**line + chars - 1 == '\n' && chars > 1 && -+ **line + chars - 2 == '\r') -+ (*line)[chars-- - 2] = '\n'; -+ next = realloc(next, len + chars + 1); -+ memcpy(next + len, *line, chars + 1); -+ len += chars; -+ } -+ } -+ start = next; -+ freestart = true; -+ } -+ -+ /* convert any \xxx to characters */ -+ if (v30_flag && (end = strchr(start, '\\'))) { -+ unsigned char num; -+ char *c = start; -+ size_t l; -+ -+ len = end - start; -+ l = len; -+ while (c[l] != '\0') { -+ if (c[l] == '\\') { -+ /* convert 3 digit octal value */ -+ if (isdigit(c[l+1]) && c[l+2] != '\0' && -+ c[l+3] != '\0') { -+ if (sscanf(c+l+1, "%3hho", &num) != 1) { -+ put_msg("Error in parsing text string on line %d", -+ *line_no); -+ return NULL; -+ } -+ /* no check of unsigned char overflow */ -+ c[len++] = num; -+ l += 3; -+ } else { -+ /* an escaped char is un-escaped */ -+ c[len++] = c[++l]; -+ } -+ } else { -+ c[len++] = c[l]; -+ } -+ ++l; -+ } -+ c[len] = '\0'; /* terminate */ -+ } -+ -+ t->cstring = malloc(len + 1); -+ if (t->cstring == NULL) { -+ put_msg(Err_mem); -+ free(t); -+ return NULL; - } -+ memcpy(t->cstring, start, len + 1); -+ if (freestart) -+ free(start); - - if (font_size != 0.0) { - /* scale length/height of text by ratio of requested font size to actual size */ -@@ -1364,89 +1541,6 @@ read_textobject(FILE *fp) - } - if (t->size <= 0.0) - t->size = (float) DEFAULT_FONT_SIZE; -- more = 0; -- if (!v30_flag && n == 13) -- more = 1; /* in older xfig there is more if ^A wasn't found yet */ -- else if (v30_flag) { /* in 3.0 there is more if \001 wasn't found */ -- len = strlen(s); -- if ((strcmp(&s[len-4],"\\001") == 0) && /* if we find '\000' */ -- !(backslash_count(s, len-5) % 2)) { /* and not '\\000' */ -- more = 0; /* then there are no more lines */ -- s[len-4]='\0'; /* and get rid of the '\001' */ -- } else { -- more = 1; -- s[len++]='\n'; /* put back the end of line char */ -- s[len] = '\0'; /* and terminate it */ -- } -- } -- if (more) { -- /* Read in the subsequent lines of the text if there are more */ -- do { -- ++line_no; /* As is done in get_line */ -- if (fgets(s_temp, BUFSIZ, fp) == NULL) -- break; -- len = strlen(s_temp)-1; /* ignore newline */ -- if (len > 0 && s_temp[len-1] == '\r') { /* strip any trailing CR */ -- s_temp[len-1] = '\0'; -- len--; -- } -- if (v30_flag) { -- if ((strncmp(&s_temp[len-4],"\\001",4) == 0) && -- !(backslash_count(s_temp, len-5) % 2)) { -- n=0; /* found the '\001', set n to stop */ -- s_temp[len-4]='\0'; /* and get rid of the '\001' */ -- } else { -- n=1; /* keep going (more lines) */ -- } -- } else { -- n = sscanf(buf, "%[^\1]%[\1]", s_temp, junk); -- } -- /* Safety check */ -- if (strlen(s)+1 + strlen(s_temp)+1 > BUFSIZ) { -- /* Too many characters. Ignore the rest. */ -- ignore = 1; -- } -- if (!ignore) -- strcat(s, s_temp); -- } while (n == 1); -- } -- -- if (v30_flag) { /* now convert any \xxx to ascii characters */ -- if (strchr(s,'\\')) { -- unsigned int num; -- len = strlen(s); -- for (l=0,n=0; l < len; ++l) { -- if (s[l]=='\\') { -- /* a backslash, see if a digit follows */ -- if (l < len && isdigit(s[l+1])) { -- /* yes, scan for 3 digit octal value */ -- if (sscanf(&s[l+1],"%3o",&num)!=1) { -- put_msg("Error in parsing text string on line %d", -- line_no); -- return NULL; -- } -- buf[n++]= (unsigned char) num; /* put char in */ -- l += 3; /* skip over digits */ -- } else { -- buf[n++] = s[++l]; /* some other escaped character */ -- } -- } else { -- buf[n++] = s[l]; /* ordinary character */ -- } -- } -- buf[n]='\0'; /* terminate */ -- strcpy(s,buf); /* copy back to s */ -- } -- } -- if (strlen(s) == 0) -- (void)strcpy(s, " "); -- t->cstring = calloc((unsigned)(strlen(s)), sizeof(char)); -- if (NULL == t->cstring) { -- put_msg(Err_mem); -- free(t); -- return NULL; -- } -- (void)strcpy(t->cstring, s+1); - - if (!v21_flag && (t->font == 0 || t->font == DEFAULT)) - t->flags = ((t->flags != DEFAULT) ? t->flags : 0) -@@ -1457,11 +1551,11 @@ read_textobject(FILE *fp) - | PSFONT_TEXT; - - if (INVALID_TEXT(t)) { -- put_msg(Err_invalid, "text", line_no); -+ put_msg(Err_invalid, "text", *line_no); - free_text(&t); - return NULL; - } -- fix_and_note_color(&t->color); -+ fix_and_note_color(&t->color, *line_no); - t->comments = attach_comments(); /* attach any comments */ - return t; - } -@@ -1469,18 +1563,19 @@ read_textobject(FILE *fp) - - /* count consecutive backslashes backwards */ - --static int --backslash_count(char cp[], int start) -+static ptrdiff_t -+backslash_count(const char *restrict cp, ptrdiff_t start) - { -- int i, count = 0; -+ ptrdiff_t i; -+ ptrdiff_t count = 0; - -- for(i=start; i>=0; i--) { -- if (cp[i] == '\\') -- count++; -- else -- break; -- } -- return count; -+ for(i = start; i >= 0; --i) { -+ if (cp[i] == '\\') -+ ++count; -+ else -+ break; -+ } -+ return count; - } - - /* attach comments in linked list */ -@@ -1509,55 +1604,64 @@ attach_comments(void) - return icomp; - } - -+/* save a comment line to be stored with the *subsequent* object */ -+ - static int --get_line(FILE *fp) -+save_comment(char *restrict line, size_t len) - { -- int len; -- while (1) { -- if (NULL == fgets(buf, BUFSIZ, fp)) { -- return -1; -- } -- ++line_no; -- if (*buf == '#') { /* save any comments */ -- if (save_comment() < 0) -- return -1; -- /* skip empty lines */ -- } else if (*buf != '\n' || !(*buf == '\r' && buf[1] == '\n')) { -- len = strlen(buf); -- /* remove newline and possibly a carriage return */ -- if (buf[len-1] == '\n') -- buf[len - (buf[len-2] == '\r' ? 2 : 1)] = '\0'; -- return 1; -- } -- } --} -+ int i; - --/* save a comment line to be stored with the *subsequent* object */ -+ /* skip too many comment lines */ -+ if (numcom == MAXCOMMENTS) -+ return 2; -+ -+ /* remove one leading blank from the comment, if there is one */ -+ i = 1; -+ if (line[i] == ' ') -+ i = 2; -+ -+ /* see if we've allocated space for this comment */ -+ if (comments[numcom]) -+ free(comments[numcom]); -+ if ((comments[numcom] = malloc(len + (1 - i))) == NULL) -+ return -1; - --static int --save_comment(void) -+ strcpy(comments[numcom++], &line[i]); -+ return 1; -+} -+ -+static ssize_t -+get_line(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { -- int i; -+ ssize_t chars; - -- /* skip too many comment lines */ -- if (numcom == MAXCOMMENTS) -- return 2; -- i=strlen(buf); -- /* see if we've allocated space for this comment */ -- if (comments[numcom]) -- free(comments[numcom]); -- if ((comments[numcom] = malloc(i+1)) == NULL) -- return -1; -- /* remove any newline */ -- if (buf[i-1] == '\n') -- buf[i-1] = '\0'; -- i=1; -- if (buf[1] == ' ') /* remove one leading blank from the comment, if there is one */ -- i=2; -- strcpy(comments[numcom++], &buf[i]); -- return 1; -+ while ((chars = getline(line, line_len, fp)) != -1) { -+ ++(*line_no); -+ /* skip empty lines */ -+ if (**line == '\n' || (**line == '\r' && -+ chars == 2 && (*line)[1] == '\n')) -+ continue; -+ /* remove newline and possibly a carriage return */ -+ if ((*line)[chars-1] == '\n') { -+ chars -= (*line)[chars - 2] == '\r' ? 2 : 1; -+ (*line)[chars] = '\0'; -+ } -+ /* save any comments */ -+ if (**line == '#') { -+ if (save_comment(*line, (size_t)chars) < 0) -+ return -1; -+ continue; -+ } -+ /* return the line */ -+ return chars; -+ } -+ /* chars == -1 */ -+ return chars; -+ /* getline() only fails with EINVAL, and probably ENOMEM from malloc(). -+ No use to check for errno. */ - } - -+ - /* skip to the end of the current line and any subsequent blank lines */ - - static void -@@ -1714,15 +1818,15 @@ static int pop() { - */ - - static void --count_lines_correctly(FILE *fp) -+count_lines_correctly(FILE *fp, int *line_no) - { - int cc; - do { -- cc = getc(fp); -- if (cc == '\n') { -- ++line_no; -- cc=getc(fp); -- } -+ cc = getc(fp); -+ if (cc == '\n') { -+ ++(*line_no); -+ cc=getc(fp); -+ } - } while (cc == ' ' || cc == '\t'); - ungetc(cc,fp); - } ---- fig2dev/read1_3.c -+++ fig2dev/read1_3.c 2020-01-21 11:31:32.048794834 +0000 -@@ -2,8 +2,8 @@ - * Fig2dev: Translate Fig code to various Devices - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul -- * Parts Copyright (c) 1989-2012 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 1989-2015 by Brian V. Smith -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -51,8 +51,6 @@ - - extern F_arrow *forward_arrow(void), *backward_arrow(void); - extern int figure_modified; --//extern int line_no; --extern int num_object; - - static F_ellipse *read_ellipseobject(FILE *fp); - static F_line *read_lineobject(FILE *fp); -@@ -103,7 +101,6 @@ read_1_3_objects(FILE *fp, F_compound *o - ll = (ll->next = l); - else - ll = obj->lines = l; -- num_object++; - break; - case OBJ_SPLINE : - if ((s = read_splineobject(fp)) == NULL) return(-1); -@@ -111,7 +108,6 @@ read_1_3_objects(FILE *fp, F_compound *o - ls = (ls->next = s); - else - ls = obj->splines = s; -- num_object++; - break; - case OBJ_ELLIPSE : - if ((e = read_ellipseobject(fp)) == NULL) return(-1); -@@ -119,7 +115,6 @@ read_1_3_objects(FILE *fp, F_compound *o - le = (le->next = e); - else - le = obj->ellipses = e; -- num_object++; - break; - case OBJ_ARC : - if ((a = read_arcobject(fp)) == NULL) return(-1); -@@ -127,7 +122,6 @@ read_1_3_objects(FILE *fp, F_compound *o - la = (la->next = a); - else - la = obj->arcs = a; -- num_object++; - break; - case OBJ_TEXT : - if ((t = read_textobject(fp)) == NULL) return(-1); -@@ -135,7 +129,6 @@ read_1_3_objects(FILE *fp, F_compound *o - lt = (lt->next = t); - else - lt = obj->texts = t; -- num_object++; - break; - case OBJ_COMPOUND : - if ((c = read_compoundobject(fp)) == NULL) return(-1); -@@ -143,7 +136,6 @@ read_1_3_objects(FILE *fp, F_compound *o - lc = (lc->next = c); - else - lc = obj->compounds = c; -- num_object++; - break; - default: - put_msg("Incorrect object code %d", object); ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-01-21 11:31:32.048794834 +0000 -@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to vario - dnl Copyright (c) 1991 by Micah Beck - dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - dnl Parts Copyright (c) 1989-2015 by Brian V. Smith --dnl Parts Copyright (c) 2015-2019 by Thomas Loimer -+dnl Parts Copyright (c) 2015-2020 by Thomas Loimer - dnl - dnl Any party obtaining a copy of these files is granted, free of charge, a - dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -14,7 +14,7 @@ dnl party to do so, with the only requir - dnl and this permission notice remain intact. - - dnl read.at --dnl Author: Thomas Loimer, 2017-2019 -+dnl Author: Thomas Loimer, 2017-2020 - - - AT_BANNER([Sanitize and harden input.]) -@@ -279,7 +279,7 @@ AT_CHECK([fig2dev -L box < -Date: Tue, 28 Jan 2020 22:56:40 +0100 -Subject: [PATCH] Reject text or ellipse angles beyond -2pi to 2pi, #76 - -In fact, generously extend the allowed range to -7 to 7. -Sane applications, e.g., xfig, certainly keep the angles within one revolution. ---- - CHANGES | 6 +++--- - fig2dev/object.h | 7 ++++--- - fig2dev/tests/read.at | 8 ++++++++ - 3 files changed, 15 insertions(+), 6 deletions(-) - -|diff --git CHANGES CHANGES -|index 4834e50..52daead 100644 -|--- CHANGES -|+++ CHANGES -|@@ -6,9 +6,9 @@ Patchlevel Xx (Xxx 20xx) -| -| BUGS FIXED: -| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. -|- o Fix ticket #81. -|- o Do not allow ASCII NUL anywhere in input. -|- Fixes tickets #65, #68, #71, #73, #75, #80. -|+ o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76. -|+ o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81. -|+ o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80. -| o Use getline() to improve input scanning. -| Fixes tickets #58, #59, #61, #62, #67, #78, #79. -| o Correctly scan embedded pdfs for /MediaBox value. -diff --git fig2dev/object.h fig2dev/object.h -index fe56bbb..8464010 100644 ---- fig2dev/object.h -+++ fig2dev/object.h -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -94,7 +94,8 @@ typedef struct f_ellipse { - #define INVALID_ELLIPSE(e) \ - e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA || \ - COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \ -- e->radiuses.x == 0 || e->radiuses.y == 0 -+ e->radiuses.x == 0 || e->radiuses.y == 0 || \ -+ e->angle < -7. || e->angle > 7. - - typedef struct f_arc { - int type; -@@ -243,7 +244,7 @@ typedef struct f_text { - t->type < T_LEFT_JUSTIFIED || t->type > T_RIGHT_JUSTIFIED || \ - t->font < DEFAULT || t->font > MAX_PSFONT || \ - t->flags < DEFAULT || t->flags >= 2 * HIDDEN_TEXT || \ -- t->height < 0 || t->length < 0 -+ t->height < 0 || t->length < 0 || t->angle < -7. || t->angle > 7. - - typedef struct f_control { - double lx, ly, rx, ry; /* used by older versions*/ -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 726e6da..2d066e4 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -424,6 +424,14 @@ AT_KEYWORDS([read.c svg]) -| AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) -| AT_CLEANUP -| -|+AT_SETUP([reject out of range text angle, ticket #76]) -|+AT_CHECK([fig2dev -L pstricks < -Date: Wed, 11 Dec 2019 21:36:46 +0100 -Subject: [PATCH] Convert polygons with too few points to polylines - -As a side effect, this also fixes ticket #56. ---- - fig2dev/read.c | 16 ++++++++++++++++ - fig2dev/tests/read.at | 11 +++++++++++ - 2 files changed, 27 insertions(+) - ---- fig2dev/read.c -+++ fig2dev/read.c 2020-01-21 11:29:27.367140319 +0000 -@@ -793,8 +793,10 @@ read_ellipseobject(void) - /* - * Sanitize line objects. Return 0 on success, -1 otherwise. - * On error, call free_linestorage(l) after sanitize_lineobject(). -+ * - * polylines: remove fill, if less than 3 points - * remove arrows, if only one point -+ * polygons: convert to polyline if less than 3 unique points - * rectangles, polygons: last point must coincide with first point - * rectangle: convert to polygon, if not 5 points - * rectangle with rounded corners: error, if not 5 points -@@ -854,6 +856,20 @@ sanitize_lineobject( - q->y = l->points->y; - } - -+ if (l->type == T_POLYGON) { -+ int npts; -+ -+ q = l->points; -+ for (npts = 1; q->next && npts < 4; q = q->next) -+ ++npts; -+ if (npts < 4 ) { -+ put_msg("A polygon with %d points at line %d - convert to a polyline.", -+ npts, line_no); -+ l->type = T_POLYLINE; -+ return 0; -+ } -+ } -+ - if (l->type == T_BOX || l->type == T_ARC_BOX || l->type == T_PIC_BOX) { - int npts = 1; - for (q = l->points; q->next; q = q->next) ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-01-21 11:29:27.367140319 +0000 -@@ -147,6 +147,17 @@ EOF - ]) - AT_CLEANUP - -+AT_SETUP([convert short polygon to polyline, ticket #56]) -+AT_KEYWORDS(read.c polygon) -+AT_CHECK([fig2dev -L ptk < -Date: Mon, 17 Feb 2020 12:18:12 +0100 -Subject: [PATCH] Amend previous commit - avoid buffer overflow - -Regards to Dr. Werner Fink, see discussion to ticket #83. ---- - fig2dev/read.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git fig2dev/read.c fig2dev/read.c -index 0bdcd3d..d1ae463 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -1489,8 +1489,6 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - - len = strlen(start); - start[len++] = '\n'; /* put back the newline */ -- start[len] = '\0'; /* and terminate the string, -- in case nothing else is found */ - - /* allocate plenty of space */ - next = malloc(len + BUFSIZ); -@@ -1500,6 +1498,8 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - return NULL; - } - memcpy(next, start, len + 1); -+ next[len] = '\0'; /* terminate the initial string, -+ in case nothing else is found */ - - while ((chars = getline(line, line_len, fp)) != -1) { - ++(*line_no); --- -2.16.4 - diff --git a/d6a10d.patch b/d6a10d.patch deleted file mode 100644 index 17a2a17..0000000 --- a/d6a10d.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d6a10d168469ed9c4d681ebdc577ea0f65de1501 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sun, 26 Jan 2020 22:13:26 +0100 -Subject: [PATCH] Fix ticket #60. The previous commit fixed also #65, #68, #71, - #73, #75 - ---- - CHANGES | 3 ++- - fig2dev/read.c | 1 + - 2 files changed, 3 insertions(+), 1 deletion(-) - -|diff --git CHANGES CHANGES -|index f1bbbc3..4834e50 100644 -|--- CHANGES -|+++ CHANGES -|@@ -7,7 +7,8 @@ Patchlevel Xx (Xxx 20xx) -| BUGS FIXED: -| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. -| o Fix ticket #81. -|- o Do not allow ASCII NUL anywhere in input. Fixes ticket #80. -|+ o Do not allow ASCII NUL anywhere in input. -|+ Fixes tickets #65, #68, #71, #73, #75, #80. -| o Use getline() to improve input scanning. -| Fixes tickets #58, #59, #61, #62, #67, #78, #79. -| o Correctly scan embedded pdfs for /MediaBox value. -diff --git fig2dev/read.c fig2dev/read.c -index 86cee71..797030c 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -1322,6 +1322,7 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, - } - q->x = x; - q->y = y; -+ q->next = NULL; - p->next = q; - p = q; - ++c; --- -2.16.4 - diff --git a/d70e4b.patch b/d70e4b.patch deleted file mode 100644 index 4afd3c6..0000000 --- a/d70e4b.patch +++ /dev/null @@ -1,129 +0,0 @@ -From d70e4ba6308046f71cb51f67db8412155af52411 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sun, 26 Jan 2020 13:16:52 +0100 -Subject: [PATCH] Reject ASCII NUL anywhere in the input - -The input is read in line by line, stored in a buffer and processed further -with sscanf(). Embedded NUL characters ('\0') would already disturb sscanf(), -and nowhere does the code expect NUL characters. Therefore, detect NUL while -reading the input, and exit with an error message when NUL is found anywere. -Fixes ticket #80. ---- - CHANGES | 4 ++++ - fig2dev/read.c | 21 +++++++++++++++++++-- - fig2dev/tests/data/text_w_ascii0.fig | Bin 0 -> 321 bytes - fig2dev/tests/read.at | 6 ++++++ - 4 files changed, 29 insertions(+), 2 deletions(-) - create mode 100644 fig2dev/tests/data/text_w_ascii0.fig - -|diff --git CHANGES CHANGES -|index 4a414fa..f1bbbc3 100644 -|--- CHANGES -|+++ CHANGES -|@@ -6,6 +6,10 @@ Patchlevel Xx (Xxx 20xx) -| -| BUGS FIXED: -| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. -|+ o Fix ticket #81. -|+ o Do not allow ASCII NUL anywhere in input. Fixes ticket #80. -|+ o Use getline() to improve input scanning. -|+ Fixes tickets #58, #59, #61, #62, #67, #78, #79. -| o Correctly scan embedded pdfs for /MediaBox value. -| o Convert polygons having too few points to polylines. Ticket #56. -| o Reject huge arrow types causing integer overflow. Ticket #57. -diff --git fig2dev/read.c fig2dev/read.c -index e85ee10..86cee71 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -178,8 +178,14 @@ read_objects(FILE *fp, F_compound *obj) - put_msg("Could not read input file."); - return -1; - } -- /* seek to the end of the first line */ -- if (strchr(buf, '\n') == NULL) { -+ -+ /* check for embedded '\0' */ -+ if (strlen(buf) < sizeof buf - 1 && buf[strlen(buf) - 1] != '\n') { -+ put_msg("ASCII NUL ('\\0') character within the first line."); -+ exit(EXIT_FAILURE); -+ /* seek to the end of the first line -+ (the only place, where '\0's are tolerated) */ -+ } else if (buf[strlen(buf) - 1] != '\n') { - int c; - do - c = fgetc(fp); -@@ -1398,6 +1404,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, - return s; - } - -+static void -+exit_on_ascii_NUL(const char *restrict line, size_t chars, int line_no) -+{ -+ if (strlen(line) < (size_t)chars) { -+ put_msg("ASCII NUL ('\\0') in line %d.", line_no); -+ exit(EXIT_FAILURE); -+ } -+} -+ - static char * - find_end(const char *str, int v30flag) - { -@@ -1469,6 +1484,7 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - - while ((chars = getline(line, line_len, fp)) != -1) { - ++(*line_no); -+ exit_on_ascii_NUL(*line, chars, *line_no); - end = find_end(*line, v30_flag); - if (end) { - *end = '\0'; -@@ -1640,6 +1656,7 @@ get_line(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - if (**line == '\n' || (**line == '\r' && - chars == 2 && (*line)[1] == '\n')) - continue; -+ exit_on_ascii_NUL(*line, chars, *line_no); - /* remove newline and possibly a carriage return */ - if ((*line)[chars-1] == '\n') { - chars -= (*line)[chars - 2] == '\r' ? 2 : 1; -|diff --git fig2dev/tests/data/text_w_ascii0.fig fig2dev/tests/data/text_w_ascii0.fig -|new file mode 100644 -|index 0000000000000000000000000000000000000000..fb15b306b26a42446b809d0caf77efcfc73c588a -|GIT binary patch -|literal 321 -|zcmV-H0lxktMoC8?GcGa;Okr+hb7Ns}WeP)OZggdG3Q2BbXk~K>Ol5R*WpWBJFfcAK -|zFbY#?Zf9&|3N11UF)}bPATkOxATS^>ATl5@ATl)|F*Y+GGch1HATS^xFd!{4ATb~? -|zATkOdFeV^0ATcs9AT=O)Tp%DYATS^>US3{aUP@kGUS3`R!hplS!@pi$US3{aUS3{a -|zUS3{aUS3{aUS3{aG&LYaTrf#7d0a3sF$yCzATS^>AT=-`EioW1F(5HAATTa4ATS^? -|zH83DFFf|}BATS_7ZXjWEV`*t1dS!BNASYa0Fee~rWpZU8Ej|D)E-qniWFT{IZDk;B -|zZ*pZIbY*ySAZBlDY;SjIZf7hYcWHEJAYmY5WpZ?3X>K54ZEtmMbRchLAZ=-GX>E0F -|TAY*7@a$#e1WpZ;|FfcI+7J*tc -| -|literal 0 -|KcmV+b0RR6000031 -| -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 331afb5..60982b0 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -407,6 +407,7 @@ EOF -| AT_CLEANUP -| -| AT_SETUP([allow tex font -1, ticket #81]) -|+AT_KEYWORDS([pict2e tikz]) -| AT_DATA([text.fig], [FIG_FILE_TOP -| 4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 -| ]) -|@@ -416,6 +417,11 @@ AT_CHECK([fig2dev -L tikz text.fig -| ], 0, ignore) -| AT_CLEANUP -| -|+AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) -|+AT_KEYWORDS([read.c svg]) -|+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) -|+AT_CLEANUP -|+ -| AT_BANNER([Dynamically allocate picture file name.]) -| -| AT_SETUP([prepend fig file path to picture file name]) --- -2.16.4 - diff --git a/e3cee2.patch b/e3cee2.patch deleted file mode 100644 index c3f8a25..0000000 --- a/e3cee2.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e3cee2576438f47a3b8678c6960472e625f8f7d7 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Mon, 27 Jan 2020 22:14:29 +0100 -Subject: [PATCH] Keep coordinates of spline controls within sane range - -This fixes the fundamental issue of ticket #65. ---- - fig2dev/read.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git fig2dev/read.c fig2dev/read.c -index 797030c..255586a 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -1393,6 +1393,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, - free_splinestorage(s); - return NULL; - } -+ if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN || ly > INT_MAX || -+ rx < INT_MIN || rx > INT_MAX || ry < INT_MIN || ry > INT_MAX) { -+ /* do not care to clean up, we exit anyway -+ cp->next = NULL; -+ free_splinestorage(s); */ -+ put_msg("Spline control points out of range at line %d.", -+ *line_no); -+ exit(EXIT_FAILURE); -+ } - cq->lx = lx; cq->ly = ly; - cq->rx = rx; cq->ry = ry; - cp->next = cq; --- -2.16.4 - diff --git a/fig2dev-3.2.6-fig2mpdf.patch b/fig2dev-3.2.6-fig2mpdf.patch index cb556ed..a302a68 100644 --- a/fig2dev-3.2.6-fig2mpdf.patch +++ b/fig2dev-3.2.6-fig2mpdf.patch @@ -1,8 +1,3 @@ -Author: Michael Pfeiffer -Description: creating multilayered or singlelayer PDF or EPS figures for - including into LaTeX documents. -Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html - --- fig2dev/dev/genpstex.c | 331 ++++++++++++++++++++++++ fig2dev/drivers.h | 4 @@ -13,22 +8,23 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html man/fig2dev.1.in | 69 +++++ 7 files changed, 1311 insertions(+), 2 deletions(-) ---- a/fig2dev-3.2.7b/fig2dev/dev/genpstex.c -+++ b/fig2dev-3.2.7b/fig2dev/dev/genpstex.c -@@ -48,9 +48,12 @@ +diff --git a/fig2dev/dev/genpstex.c b/fig2dev/dev/genpstex.c +--- a/fig2dev/dev/genpstex.c ++++ b/fig2dev/dev/genpstex.c +@@ -47,9 +47,12 @@ + #include #include - #include #include +#include #include "fig2dev.h" - #include "object.h" /* does #include */ + #include "object.h" +#include "texfonts.h" +#include "setfigfont.h" extern double rad2deg; -@@ -79,6 +82,308 @@ extern void genps_grid(float major, floa +@@ -78,6 +81,308 @@ extern void genps_grid(float major, floa static char pstex_file[1000] = ""; @@ -337,7 +333,7 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html void genpstex_t_option(char opt, char *optarg) { -@@ -128,6 +433,32 @@ genpstex_option(char opt, char *optarg) +@@ -127,6 +432,32 @@ genpstex_option(char opt, char *optarg) genlatex_option(opt, optarg); } @@ -370,8 +366,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html struct driver dev_pstex_t = { genpstex_t_option, genpstex_t_start, ---- a/fig2dev-3.2.7b/fig2dev/drivers.h -+++ b/fig2dev-3.2.7b/fig2dev/drivers.h +diff --git a/fig2dev/drivers.h b/fig2dev/drivers.h +--- a/fig2dev/drivers.h ++++ b/fig2dev/drivers.h @@ -36,8 +36,10 @@ extern struct driver dev_eps; extern struct driver dev_pdf; extern struct driver dev_pdftex; @@ -399,9 +396,10 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html {"pstricks", &dev_pstricks}, {"ptk", &dev_ptk}, {"shape", &dev_shape}, ---- a/fig2dev-3.2.7b/fig2dev/fig2dev.c -+++ b/fig2dev-3.2.7b/fig2dev/fig2dev.c -@@ -821,6 +821,23 @@ help_msg(void) +diff --git a/fig2dev/fig2dev.c b/fig2dev/fig2dev.c +--- a/fig2dev/fig2dev.c ++++ b/fig2dev/fig2dev.c +@@ -826,6 +826,23 @@ help_msg(void) ); } @@ -425,7 +423,7 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html if (dev == NULL || !strcmp(lang, "shape")) { puts( "SHAPE (ShapePar driver) Options:\n" -@@ -968,6 +985,12 @@ static int compound_dump(F_compound *com +@@ -973,6 +990,12 @@ static int compound_dump(F_compound *com static int rec_comp(struct obj_rec *r1, struct obj_rec *r2) { @@ -438,8 +436,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html return (r2->depth - r1->depth); } ---- a/fig2dev-3.2.7b/fig2mpdf/copyright.txt -+++ b/fig2dev-3.2.7b/fig2mpdf/copyright.txt +diff --git a/fig2mpdf/copyright.txt b/fig2mpdf/copyright.txt +--- a/fig2mpdf/copyright.txt ++++ b/fig2mpdf/copyright.txt @@ -0,0 +1,25 @@ +The following files contain copyright and license info for +the code they contain: @@ -466,8 +465,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html + + (Author's note: the license is in the file gpl.txt, which is included + in the archive.) ---- a/fig2dev-3.2.7b/fig2mpdf/fig2mpdf.1 -+++ b/fig2dev-3.2.7b/fig2mpdf/fig2mpdf.1 +diff --git a/fig2mpdf/fig2mpdf.1 b/fig2mpdf/fig2mpdf.1 +--- a/fig2mpdf/fig2mpdf.1 ++++ b/fig2mpdf/fig2mpdf.1 @@ -0,0 +1,208 @@ +.TH fig2mpdf 1 "Jun 2006" "" "Including xfig figures into LaTeX documents" +.SH NAME @@ -677,8 +677,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html +.IR pdflatex(1) +.IR latex(1) +.IR dvips(1) ---- a/fig2dev-3.2.7b/fig2mpdf/fig2mpdf -+++ b/fig2dev-3.2.7b/fig2mpdf/fig2mpdf +diff --git a/fig2mpdf/fig2mpdf b/fig2mpdf/fig2mpdf +--- a/fig2mpdf/fig2mpdf ++++ b/fig2mpdf/fig2mpdf @@ -0,0 +1,653 @@ +#!/bin/sh + @@ -1333,8 +1334,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html +} +' -- $* + ---- a/fig2dev-3.2.7b/man/fig2dev.1.in -+++ b/fig2dev-3.2.7b/man/fig2dev.1.in +diff --git a/man/fig2dev.1.in b/man/fig2dev.1.in +--- a/man/fig2dev.1.in ++++ b/man/fig2dev.1.in @@ -64,8 +64,8 @@ Set the output graphics language. Valid languages are \fBbox, cgm, dxf, epic, eepic, eepicemu, emf, eps, gbx (Gerber beta diff --git a/fig2dev-3.2.6a-RGBFILE.patch b/fig2dev-3.2.6a-RGBFILE.patch index 3dbfc03..b0f7ec9 100644 --- a/fig2dev-3.2.6a-RGBFILE.patch +++ b/fig2dev-3.2.6a-RGBFILE.patch @@ -9,7 +9,7 @@ Subject: rgb.txt can not be located via FIG2DEV_RGBFILE environment variable. --- a/fig2dev/colors.c +++ b/fig2dev/colors.c 2019-10-29 11:03:32.206632962 +0000 -@@ -731,8 +731,13 @@ read_colordb(void) +@@ -730,8 +730,13 @@ read_colordb(void) FILE *fp; #define MAX_LINE 100 char s[MAX_LINE], s1[MAX_LINE]; diff --git a/fig2dev-3.2.7b.tar.xz b/fig2dev-3.2.7b.tar.xz deleted file mode 100644 index f628acf..0000000 --- a/fig2dev-3.2.7b.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:47dc1b4420a1bc503b3771993e19cdaf75120d38be6548709f7d84f7b07d68b2 -size 512224 diff --git a/fig2dev-3.2.8.tar.xz b/fig2dev-3.2.8.tar.xz new file mode 100644 index 0000000..077e82d --- /dev/null +++ b/fig2dev-3.2.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:931258ae43950d0931ddcea13ce6554d2cd7fc3c93585aebf74e393bb14fe27d +size 518984 diff --git a/transfig-3.2.6.dif b/transfig-3.2.6.dif deleted file mode 100644 index 5fdce95..0000000 --- a/transfig-3.2.6.dif +++ /dev/null @@ -1,171 +0,0 @@ ---- - fig2dev/dev/genps.c | 29 ++++++++++++++++++++++++----- - fig2dev/dev/genpstex.c | 8 ++++++-- - fig2dev/fig2ps2tex.csh | 2 +- - fig2dev/getopt.c | 9 +++++++++ - transfig/transfig.c | 2 ++ - 5 files changed, 42 insertions(+), 8 deletions(-) - ---- fig2dev/dev/genps.c -+++ fig2dev/dev/genps.c 2018-05-07 08:16:40.161130640 +0000 -@@ -59,6 +59,7 @@ - #include - #endif - #include -+#include - #include "pi.h" - - #include "fig2dev.h" /* includes "bool.h" */ -@@ -844,8 +845,9 @@ genps_start(F_compound *objects) - fprintf(tfp, "%s\n", SPLINE_PS); - #ifdef I18N - if (support_i18n && iso_text_exist(objects)) { -- char *libdir, *locale; -+ char *libdir, *locale, *codeset; - char localefile[512], str[512]; -+ size_t llen; - FILE *fp; - libdir = getenv("FIG2DEV_LIBDIR"); - #ifdef I18N_DATADIR -@@ -853,18 +855,35 @@ genps_start(F_compound *objects) - libdir = I18N_DATADIR; - #endif - locale = setlocale(LC_CTYPE, NULL); -+ llen = strcspn(locale, ".@"); -+ codeset = nl_langinfo(CODESET); - if (locale == NULL) { - fprintf(stderr, - "fig2dev: LANG not defined; assuming C locale\n"); - locale = "C"; - } -- sprintf(localefile, "%s/%s.ps", libdir, locale); -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, locale); - /* get filename like ``/usr/local/lib/fig2dev/japanese.ps'' */ - fp = fopen(localefile, "rb"); - if (fp == NULL) { -- fprintf(stderr, "fig2dev: can not open file: %s\n", -- localefile); -- } else { -+ fprintf(stderr, "fig2dev: can not open file: %s\n", localefile); -+ } -+ if (fp == NULL && strlen(locale) != llen) { -+ locale[llen] = '\0'; -+ /* get filename like ``/usr/local/lib/fig2dev/de_DE.ps'' */ -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, locale); -+ fp = fopen(localefile, "rb"); -+ if (fp == NULL) -+ fprintf(stderr, "fig2dev: B can't open file: %s\n", localefile); -+ } -+ if (fp == NULL && codeset) { -+ /* get filename like ``/usr/local/lib/fig2dev/ISO-8859-9.ps'' */ -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, codeset); -+ fp = fopen(localefile, "rb"); -+ if (fp == NULL) -+ fprintf(stderr, "fig2dev: C can't open file: %s\n", localefile); -+ } -+ if (fp) { - while (fgets(str, sizeof(str), fp)) { - if (strstr(str, "CompositeRoman")) - enable_composite_font = true; ---- fig2dev/dev/genpstex.c -+++ fig2dev/dev/genpstex.c 2018-05-07 08:10:27.872048970 +0000 -@@ -47,6 +47,7 @@ - #include - #include - #include -+#include - - #include "fig2dev.h" - #include "object.h" /* does #include */ -@@ -63,10 +64,13 @@ extern void - genps_spline(F_spline *s), - genlatex_option(char opt, char *optarg), - genlatex_text(F_text *t), -- genps_text(F_text *t); -+ genps_text(F_text *t), -+ genpdf_option(char opt, char *optarg), -+ genpdf_start(F_compound *objects); - extern int - genlatex_end(void), -- genps_end(void); -+ genps_end(void), -+ genpdf_end(void); - - extern void genpdf_option(char opt, char *optarg); /* genpdf.c */ - extern void genpdf_start(F_compound *objects); /* genpdf.c */ ---- fig2dev/fig2ps2tex.csh -+++ fig2dev/fig2ps2tex.csh 2018-05-07 08:11:38.206742453 +0000 -@@ -22,7 +22,7 @@ - # 2016-07-07 Thomas Loimer - # * use here-document, instead of echo - # -- -+set echo_style = bsd - set bbox = `grep "^%%BoundingBox:" $1` - - set xsp = `echo "3k $bbox[4] $bbox[2] - 72 / p" | dc` ---- fig2dev/getopt.c -+++ fig2dev/getopt.c 2018-05-07 08:13:44.400397232 +0000 -@@ -48,6 +48,7 @@ static char sccsfid[] = "@(#) getopt.c 5 - #define EMSG "" - #define ENDARGS "--" - -+#ifndef __GLIBC__ - /* - * get option letter from argument vector - */ -@@ -94,3 +95,11 @@ fig_getopt(int nargc, char **nargv, char - } - return optc; /* dump back option letter */ - } -+#else -+#include -+int -+fig_getopt(int nargc, char * const nargv[], const char *ostr) -+{ -+ return getopt(nargc, nargv, ostr); -+} -+#endif ---- transfig/transfig.c -+++ transfig/transfig.c 2018-05-07 08:01:42.105796359 +0000 -@@ -26,6 +26,8 @@ - - #include - #include -+#include -+#include - #include "transfig.h" - - extern void sysmv(char *file); /* sys.c */ ---- configure -+++ configure 2020-01-24 13:08:02.103408590 +0000 -@@ -4122,7 +4122,7 @@ main () - - int dynamic_array[ni.number]; - dynamic_array[ni.number - 1] = 543; -- -+ free(ia); - // work around unused variable warnings - return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' - || dynamic_array[ni.number - 1] != 543); -@@ -6377,8 +6377,8 @@ char *malloc (); - int - main () - { --return ! malloc (0); -- ; -+void *tmp = malloc (0); -+if (tmp) free (tmp); return !tmp; - return 0; - } - _ACEOF -@@ -6444,7 +6444,8 @@ char *realloc (); - int - main () - { --return ! realloc (0, 0); -+void *tmp = realloc (0, 0); -+if (tmp) free (tmp); return !tmp; - ; - return 0; - } diff --git a/transfig-3.2.8.dif b/transfig-3.2.8.dif new file mode 100644 index 0000000..fae4f7e --- /dev/null +++ b/transfig-3.2.8.dif @@ -0,0 +1,163 @@ +--- + configure | 2 +- + fig2dev/dev/genps.c | 32 ++++++++++++++++++++++---------- + fig2dev/dev/genpstex.c | 8 ++++++-- + fig2dev/fig2ps2tex.csh | 2 +- + fig2dev/lib/getopt.c | 9 +++++++++ + transfig/transfig.c | 2 ++ + 6 files changed, 41 insertions(+), 14 deletions(-) + +--- configure ++++ configure 2021-02-12 08:54:37.958704809 +0000 +@@ -4015,7 +4015,7 @@ main () + + int dynamic_array[ni.number]; + dynamic_array[ni.number - 1] = 543; +- ++ free(ia); + // work around unused variable warnings + return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' + || dynamic_array[ni.number - 1] != 543); +--- fig2dev/dev/genps.c ++++ fig2dev/dev/genps.c 2021-02-12 09:13:56.896176342 +0000 +@@ -56,6 +56,7 @@ + #include + #endif + #include ++#include + + #include "fig2dev.h" /* includes bool.h and object.h */ + //#include "object.h" /* NUMSHADES, NUMTINTS */ +@@ -958,9 +959,10 @@ genps_start(F_compound *objects) + fprintf(tfp, "%s\n", SPLINE_PS); + #ifdef I18N + if (support_i18n && iso_text_exist(objects)) { +- char *libdir, *locale; +- char localefile_buf[128]; +- char *localefile = localefile_buf; ++ char *libdir, *locale, *codeset; ++ char *localefile = NULL; ++ size_t llen; ++ int ret; + FILE *fp; + libdir = getenv("FIG2DEV_LIBDIR"); + #ifdef I18N_DATADIR +@@ -968,19 +970,30 @@ genps_start(F_compound *objects) + libdir = I18N_DATADIR; + #endif + locale = setlocale(LC_CTYPE, NULL); ++ llen = strcspn(locale, ".@"); ++ codeset = nl_langinfo(CODESET); + if (locale == NULL) { + fprintf(stderr, + "fig2dev: LANG not defined; assuming C locale\n"); + locale = "C"; + } +- if (strlen(libdir) + strlen(locale) + 5 > sizeof localefile_buf) +- localefile = malloc(strlen(libdir) + strlen(locale) + 5); +- if (localefile != NULL) { +- sprintf(localefile, "%s/%s.ps", libdir, locale); ++ retry: ++ ret = asprintf(&localefile, "%s/%s.ps", libdir, locale); ++ if (ret > 0) { + /* get filename like + ``/usr/local/lib/fig2dev/japanese.ps'' */ + fp = fopen(localefile, "rb"); + if (fp == NULL) { ++ if (strlen(locale) != llen) { ++ free(localefile); ++ locale[llen] = '\0'; ++ goto retry; ++ } ++ if (codeset && locale != codeset) { ++ free(localefile); ++ locale = codeset; ++ goto retry; ++ } + fprintf(stderr, "fig2dev: can not open file: %s\n", + localefile); + } else { +@@ -998,11 +1011,10 @@ genps_start(F_compound *objects) + "The output might be broken.\n", + localefile); + } +- fclose(fp); ++ fclose(fp); + } +- } +- if (localefile != localefile_buf) + free(localefile); ++ } + } + #endif /* I18N */ + +--- fig2dev/dev/genpstex.c ++++ fig2dev/dev/genpstex.c 2021-02-12 09:17:16.360300734 +0000 +@@ -46,6 +46,7 @@ + + #include + #include ++#include + + #include "fig2dev.h" + #include "object.h" +@@ -62,10 +63,13 @@ extern void + genps_spline(F_spline *s), + genlatex_option(char opt, char *optarg), + genlatex_text(F_text *t), +- genps_text(F_text *t); ++ genps_text(F_text *t), ++ genpdf_option(char opt, char *optarg), ++ genpdf_start(F_compound *objects); + extern int + genlatex_end(void), +- genps_end(void); ++ genps_end(void), ++ genpdf_end(void); + + extern void genpdf_option(char opt, char *optarg); /* genpdf.c */ + extern void genpdf_start(F_compound *objects); /* genpdf.c */ +--- fig2dev/fig2ps2tex.csh ++++ fig2dev/fig2ps2tex.csh 2021-02-12 08:54:37.954704887 +0000 +@@ -22,7 +22,7 @@ + # 2016-07-07 Thomas Loimer + # * use here-document, instead of echo + # +- ++set echo_style = bsd + set bbox = `grep "^%%BoundingBox:" $1` + + set xsp = `echo "3k $bbox[4] $bbox[2] - 72 / p" | dc` +--- fig2dev/lib/getopt.c ++++ fig2dev/lib/getopt.c 2021-02-12 08:54:37.954704887 +0000 +@@ -42,6 +42,7 @@ + #define EMSG "" + #define ENDARGS "--" + ++#ifndef __GLIBC__ + /* + * get option letter from argument vector + */ +@@ -88,3 +89,11 @@ getopt(int nargc, char **nargv, const ch + } + return optc; /* dump back option letter */ + } ++#else ++#include ++int ++fig_getopt(int nargc, char * const nargv[], const char *ostr) ++{ ++ return getopt(nargc, nargv, ostr); ++} ++#endif +--- transfig/transfig.c ++++ transfig/transfig.c 2021-02-12 08:54:37.954704887 +0000 +@@ -26,6 +26,8 @@ + + #include + #include ++#include ++#include + #include "transfig.h" + + extern void sysmv(char *file); /* sys.c */ diff --git a/transfig-fix-afl.patch b/transfig-fix-afl.patch index fb85133..0f01fbd 100644 --- a/transfig-fix-afl.patch +++ b/transfig-fix-afl.patch @@ -1,10 +1,10 @@ --- - fig2dev-3.2.7b/fig2dev/alloc.h | 20 ++++++++++---------- + fig2dev-3.2.8/fig2dev/alloc.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) ---- fig2dev-3.2.7b/fig2dev/alloc.h -+++ fig2dev-3.2.7b/fig2dev/alloc.h 2019-10-29 10:49:00.939061663 +0000 -@@ -19,16 +19,16 @@ +--- fig2dev-3.2.8/fig2dev/alloc.h ++++ fig2dev-3.2.8/fig2dev/alloc.h 2021-02-12 09:43:47.313357380 +0000 +@@ -19,15 +19,15 @@ #ifndef ALLOC_H #define ALLOC_H @@ -29,5 +29,4 @@ +#define Control_malloc(z) z = calloc(CONTROL_SIZE,1) +#define Arrow_malloc(z) z = calloc(ARROW_SIZE,1) - extern char Err_mem[]; - + #endif /* ALLOC_H */ diff --git a/transfig.3.2.5-binderman.dif b/transfig.3.2.5-binderman.dif deleted file mode 100644 index 2a1261c..0000000 --- a/transfig.3.2.5-binderman.dif +++ /dev/null @@ -1,14 +0,0 @@ ---- - transfig/sys.c | 1 + - 1 file changed, 1 insertion(+) - ---- transfig/sys.c -+++ transfig/sys.c 2016-09-22 13:02:49.040774112 +0000 -@@ -39,6 +39,7 @@ sysls(void) - i += 1; - c = fgetc(ls); - } -+ pclose(ls); - sysbuf[i] = '\0'; - return sysbuf; - } diff --git a/transfig.3.2.5d-mediaboxrealnb.dif b/transfig.3.2.5d-mediaboxrealnb.dif deleted file mode 100644 index 739c069..0000000 --- a/transfig.3.2.5d-mediaboxrealnb.dif +++ /dev/null @@ -1,32 +0,0 @@ ---- - fig2dev/dev/readeps.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - ---- fig2dev/dev/readeps.c -+++ fig2dev/dev/readeps.c 2018-05-07 08:45:37.772825723 +0000 -@@ -83,9 +83,11 @@ read_eps_pdf(FILE *file, int filetype, F - while (fgets(buf, BUFSIZ, file) != NULL) { - /* look for /MediaBox for pdf file */ - if (pdf_flag) { -+ char *s; -+ for(s=buf; (s=strchr(s,'/')); s++) { - if (!strncmp(buf, "/MediaBox", 9)) { /* look for the MediaBox spec */ -- c = strchr(buf, '[') + 1; -- if (c && sscanf(c, "%d %d %d %d", llx, lly, &urx, &ury) < 4) -+ c = strchr(s, '['); -+ if (c && sscanf(c+1, "%d %d %d %d", llx, lly, &urx, &ury) < 4) - { - *llx = *lly = 0; - urx = paperdef[0].width*72; -@@ -93,7 +95,11 @@ read_eps_pdf(FILE *file, int filetype, F - put_msg("Bad MediaBox in imported PDF file %s, assuming %s size", - pic->file, metric? "A4" : "Letter" ); - } -+ pic->bit_size.x = (urx-(*llx)); -+ pic->bit_size.y = (ury-(*lly)); -+ break; - } -+ } - /* look for bounding box for EPS file */ - } else if (!nested && !strncmp(buf, "%%BoundingBox:", 14)) { - c = buf + 14; diff --git a/transfig.changes b/transfig.changes index a2141c8..7b443f1 100644 --- a/transfig.changes +++ b/transfig.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Fri Feb 12 09:50:30 UTC 2021 - Dr. Werner Fink + +- Update to fig2dev version 3.2.8 (Patchlevel 8 (Dec 2020) + o Use deflate to embed image data into eps output, often substantially + reducing file size. + o Embed pdf files into ps output by converting the pdf to eps. + o Allow negative arrow widths. This might be useful for asymmetric arrow + tips, which can thus be mirrored around the corresponding line. + Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. + o Reject negative text font sizes. Fixes ticket #86. + o Allow fig files ending without previous eol character. Fixes #83, #84. + o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76. + o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81. + o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80. + o Use getline() to improve input scanning. + Fixes tickets #58, #59, #61, #62, #67, #78, #79, #82. + o Correctly scan embedded pdfs for /MediaBox value. + o Convert polygons having too few points to polylines. Ticket #56. + o Reject huge arrow types causing integer overflow. Ticket #57. + o Allow Fig v2 text strings ending with multiple ^A. Ticket #55. + o Embed images in pdfs with their original compression type, i.e., leave + the gs switch "-dAutoFilterColorImages" at its default value "true". +- This update includes the fixes for + bsc#1159293 - CVE-2019-19797: transfig,xfig: out-of-bounds write in + read_colordef in read.c + bsc#1161698 - CVE-2019-19555: transfig,xfig: stack-based buffer + overflow because of an incorrect sscanf + bsc#1159130 - CVE-2019-19746: transfig,xfig: segmentation fault and + out-of-bounds write because of an integer overflow via + a large arrow type + and many more +- Port and rename patch transfig-3.2.6.dif which is now transfig-3.2.8.dif +- Remove patches now obsolete + * 00cded.patch + * 100e27.patch + * 2f8d1a.patch + * 3065eb.patch + * 3165d8.patch + * 421afa.patch + * 4d4e1f.patch + * 639c36.patch + * CVE-2019-19555.patch + * CVE-2019-19746.patch + * CVE-2019-19797.patch + * acccc8.patch + * c379fe.patch + * ca48cc.patch + * d6a10d.patch + * d70e4b.patch + * e3cee2.patch + * transfig.3.2.5-binderman.dif + * transfig.3.2.5d-mediaboxrealnb.dif +- Port patches + * fig2dev-3.2.6-fig2mpdf.patch + * fig2dev-3.2.6a-RGBFILE.patch + + ------------------------------------------------------------------- Wed Sep 30 10:48:31 UTC 2020 - Dr. Werner Fink diff --git a/transfig.spec b/transfig.spec index 9abc300..54b9a22 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,7 +1,7 @@ # # spec file for package transfig # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -45,34 +45,15 @@ Requires: ghostscript-fonts-std Requires: ghostscript-library Requires: netpbm Requires: texlive-epstopdf -Version: 3.2.7b +Version: 3.2.8 Release: 0 Summary: Graphic Converter #Source: http://sourceforge.net/projects/mcj/files/fig2dev-%{version}.tar.xz/download#/fig2dev-%{version}.tar.xz License: MIT Group: Productivity/Graphics/Convertors Source: fig2dev-%{version}.tar.xz -Patch0: transfig-3.2.6.dif -Patch1: CVE-2019-19555.patch -Patch2: transfig.3.2.5-binderman.dif -Patch3: transfig.3.2.5d-mediaboxrealnb.dif +Patch0: transfig-3.2.8.dif Patch4: transfig-fix-afl.patch -Patch5: CVE-2019-19746.patch -Patch6: c379fe.patch -Patch7: CVE-2019-19797.patch -Patch8: 00cded.patch -Patch9: d70e4b.patch -Patch10: d6a10d.patch -Patch11: acccc8.patch -Patch12: e3cee2.patch -Patch13: 421afa.patch -Patch14: 2f8d1a.patch -Patch15: 4d4e1f.patch -Patch16: 3165d8.patch -Patch17: 639c36.patch -Patch18: 100e27.patch -Patch19: 3065eb.patch -Patch20: ca48cc.patch Patch43: fig2dev-3.2.6-fig2mpdf.patch Patch44: fig2dev-3.2.6-fig2mpdf-doc.patch Patch45: fig2dev-3.2.6a-RGBFILE.patch @@ -113,27 +94,8 @@ Authors: %setup -q -n fig2dev-%{version} find -type f | xargs -r chmod a-x,go-w %patch0 -p0 -b .0 -%patch1 -p0 -b .sec -%patch2 -p0 -b .bm -%patch3 -p0 -b .mbox %patch4 -p1 -b .afl -%patch5 -p0 -b .sec2 -%patch6 -p0 -b .sec3 -%patch7 -p0 -b .sec4 -%patch8 -p0 -b .sec5 -%patch9 -p0 -b .sec6 -%patch10 -p0 -b .sec7 -%patch11 -p0 -b .sec8 -%patch12 -p0 -b .sec9 -%patch13 -p0 -b .sec10 -%patch14 -p0 -b .sec11 -%patch15 -p0 -b .sec12 -%patch16 -p0 -b .sec13 -%patch17 -p0 -b .sec14 -%patch18 -p0 -b .sec15 -%patch19 -p0 -b .sec16 -%patch20 -p0 -b .sec17 -%patch43 -p2 -b .mpdf +%patch43 -p1 -b .mpdf %patch44 -p1 -b .mpdfdoc %patch45 -p1 -b .p45