- This Update includes the fixes for
* bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
* bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
* bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
* bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
* bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
* bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
* bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
* bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c
OBS-URL: https://build.opensuse.org/request/show/927524
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/transfig?expand=0&rev=53
- Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)
o Detect the output language from the output file name.
o On the command line, a minus (-) as input or output file name refers
to standard input or standard output.
o Correct buffer overflows and segfaults, mainly due to maliciously
crafted input files, tickets #113-117, #122, #123, #125-#135.
o With -Lepic -P, generate a complete tex file.
o Correctly produce a gif if a transparent color is given, ticket #121.
o Return with error if no space is left on the device. Ticket #101.
- Remove patch 6827c09d.patch now upstream
- Add patch 1b09a8.patch from upstream (for ticket #137)
- Port patch fig2dev-3.2.6-fig2mpdf.patch back
OBS-URL: https://build.opensuse.org/request/show/923484
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/transfig?expand=0&rev=52
- Update to fig2dev version 3.2.7 (Patchlevel 7b (Oct 2019)
o A X color database is not needed, but can be provided. The location of
the database can be given at compile time, default /etc/X11/rgb.txt.
Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
Debian bug numbers refer to https://bugs.debian.org/#.
o Do not clip objects with line-thickness 0 having arrows. Ticket #53.
o Do not segfault on circle/half circle arrowheads with a magnification
larger 42. Always draw circle arrowheads with 40 points. Ticket #52.
o Allow circles or ellipses with negative radii. Ticket #49.
o Avoid "dimension too large error" with tikz output by avoiding
coordinate values smaller than -16383.
o Make tests (test1.c) work with -fsanitize=address compiler option.
o Obey join-style of lines in tikz output.
o Pass utf8-strings to svg output, escape some chars (<>&).
o Accept inclined boxes and change them to polygons. Fixes ticket #43.
o Make tests #27 and #33 work on Mac Darwin, failed due to whitespace
formatting differences. From Hanspeter Niederstrasser. Ticket #40.
o Use only latex, neither etex or tex, to test tikz output. Usage of
etex, after hint from Roland Rosenfeld, closed debian bug 920368.
o For tikz output, do not draw arrows on a single point line.
o Omit spurious showpage when including jpg-file. From Rainer Buchty.
o Correct a few memory leaks and corruptions. See commit d1c54f6.
o Change negative color numbers to default color. Fixes ticket #30.
o A spline with one point would cause segfault. Fixed, see ticket #29.
o Allow one char without newline in the last line of an input file.
Fixes ticket #28.
o Harden input, mainly against files in which an incomplete object would
be created and freeing the object would violate memory, i.e, it may
cause segfault. See, e.g., ticket #27.
o Properly initalize line storage when reading fig files version 1.3.
OBS-URL: https://build.opensuse.org/request/show/743820
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/transfig?expand=0&rev=41
- Update to fig2dev version 3.2.7a (Patchlevel 7a (April 2018))
o Language previous option current option
------------------------------------------------------------
cgm -b dummy -a
epic -A scale -d scale
eepic -A scale -d scale
eepicemu -A scale -d scale
gbx -i on|off -v
ibmgl -m mag,xoff,yoff -m mag -x xoff -y yoff
mp -I file -d file
ps -S dummy -o
o Print language-specific help text by using fig2dev -L lang -h.
o Add option -M, multipage, for MetaPost output language.
o Add option -P, pagemode, and -z to choose a pagesize for pdf output.
o Add option -W (scaling of figures not possible) for tikz.
o Add option -b, border width, for LaTeX output language.
o Add option -f for pstex_t and pdftex_t output language.
o Add uk_UA and ru_RU encodings for PostScript output. Ticket #12.
o Fix regression whereupon flipped ellipses were not read. Ticket #23.
o Distribute i18n files ru_RU.CP1251.ps and uk_UA.KOI8-U.ps.
o Make test "survive debian bug #890016" succeed on 32 bit systems.
o Distribute the X bitmaps files within fig2dev, no need to install
these files. The files were needed for Tk and Perl/Tk output.
o Add option -w, wrap (create stand-alone perl file) for Perl/Tk output.
o Update help text: Output help for dxf and textyl output language,
add description of -g option for Tk/Tcl and Perl/Tk output, allow -f
option for pstex_t and pdftex_t output language.
o Sanitize input. Do not segfault on malformed input files. Fixes debian
bugs 881143, 881144, 881396, 890015, 890016, 882021 and also 882022.
o Do not put an %%Orientation: comment into PostScript output. Some
OBS-URL: https://build.opensuse.org/request/show/605087
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/transfig?expand=0&rev=38
- Fix now failing download source service, that is don't do this
- Update to fig2dev version 3.2.6a (Patchlevel 6a (January 2017))
NEW FEATURES:
o Distribute transfig.pdf. No need to build it from the TeX sources.
o Enable reproducible build for svg output.
o Set the creator to fig2dev, not to the path by which fig2dev is
invoked.
BUGS FIXED:
Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
o The svg output now produces correct patterns and pie-wege arcs.
Property names instead of style attributes are used. Hollow arrow
heads are really hollow, not filled with white. In the PostScript
output, this might also clip a bit of the filling underneath an arrow.
o tikz output: Re-use \dimen \XFigu if it is already defined. Ticket #3.
o tikz output: A pattern in an object with line width zero and the
stroke color equal to the fill color would produce a white fill.
The tikz output now does not try to be smart and puts a pattern, even
if the result is equal to a solid fill. Ticket #1.
o pict2e output: Standalone tex-files always include color.sty. #2.
o pict2e output: A pattern with stroke color equal to fill color is
rendered as a solid fill.
o Compiles when gnu iconv and standard iconv are present.
- Update to fig2dev version 3.2.6 (the successor of transfig)
o Add compile switch --enable-versioning and script update-version_m4,
to create version string from source control system
o tikz output: Support -G (grid) option. Make \XFigwidth and \XFigheight
only scale coordinates, not line widths; Do not set unnecessarily
\color{black} on text.
OBS-URL: https://build.opensuse.org/request/show/454942
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/transfig?expand=0&rev=35
