packages/transfig
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:09586c8a510df02cbdd019ecd2846cf6d87c47fe
Branches Tags
packages:main
...
compare: packages:6b8f303340a3cc0b7cc6fe474908065736738a23
Branches Tags
packages:main

10 Commits
09586c8a51 ... 6b8f303340

Author SHA1 Message Date
openeuler-ci-bot
6b8f303340
!32 [sync] PR-28: Fix CVE-2025-31162,CVE-2025-31163 and CVE-2025-31164 
From: @openeuler-sync-bot 
Reviewed-by: @starlet-dx 
Signed-off-by: @starlet-dx
 2025-04-01 07:17:22 +00:00
caodongxia
2041480f1a Fix CVE-2025-31162,CVE-2025-31163 and CVE-2025-31164 
(cherry picked from commit b3e9b9e9f0a5c5ac55a9afd979dc95e2c4b918f9)
 2025-04-01 15:05:12 +08:00
openeuler-ci-bot
b3cbb8867b
!25 [sync] PR-17: fix GSEXE undefined issue 
From: @openeuler-sync-bot 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
 2022-02-15 01:41:50 +00:00
herengui
d17732410b fix GSEXE undefined issue 
Signed-off-by: herengui <herengui@uniontech.com>
(cherry picked from commit fb55ae6d15ab533d7f065dbb581775a482a97c62)
 2022-02-11 21:29:10 +08:00
openeuler-ci-bot
682a8bc790
!16 [sync] PR-9: Upgrade transfig to 3.2.8b, fix CVE-2021-37529 CVE-2021-37530 
Merge pull request !16 from openeuler-sync-bot/sync-pr9-master-to-openEuler-22.03-LTS-Next
 2022-01-22 01:32:52 +00:00
starlet-dx
fac8c83a1a Upgrade transfig to 3.2.8b, fix CVE-2021-37529 CVE-2021-37530 
(cherry picked from commit 46d3143eeb1958151b39e268d8c27aa029a1e04d)
 2022-01-21 15:00:25 +08:00
openeuler-ci-bot
628f14ddbf !4 [sync] PR-3: fix CVE-2021-32280 
From: @openeuler-sync-bot
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2021-10-12 09:20:33 +00:00
starlet-dx
0d03fd98d6 fix CVE-2021-32280 
(cherry picked from commit a7d683941c244f6a6f31a926e48e8bfb6b0db00a)
 2021-10-12 15:36:09 +08:00
openeuler-ci-bot
a8391075b9 !2 add yaml file 
Merge pull request !2 from sigui/master
 2020-05-19 15:33:40 +08:00
si-gui
f577c219ae add yaml file 2020-05-12 17:57:13 +08:00
8 changed files with 171 additions and 45 deletions
Show Stats Expand all files Collapse all files

21
CVE-2025-31162.patch Normal file
View File

@ -0,0 +1,21 @@
Origin:
https://sourceforge.net/p/mcj/tickets/185/
https://sourceforge.net/p/mcj/fig2dev/ci/da8992f44b84a337b4edaa67fc8b36b55eaef696/
--- a/fig2dev/object.h
+++ b/fig2dev/object.h
@@ -57,12 +57,13 @@
struct f_comment *next;
} F_comment;
+#define STYLE_VAL_MAX 6400.0 /* dash length 80 inches, that is enough */
#define COMMON_PROPERTIES(o) \
o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE || \
o->thickness < 0 || o->depth < 0 || o->depth > 999 || \
o->fill_style < UNFILLED || \
o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS || \
- o->style_val < 0.0
+ o->style_val < 0.0 || o->style_val > STYLE_VAL_MAX
typedef struct f_ellipse {
int type;

86
CVE-2025-31163.patch Normal file
View File

@ -0,0 +1,86 @@
Origin:
https://sourceforge.net/p/mcj/tickets/186/
https://sourceforge.net/p/mcj/fig2dev/ci/c8a87d22036e62bac0c6f7836078d8103caa6457/
--- a/fig2dev/object.h
+++ b/fig2dev/object.h
@@ -3,7 +3,7 @@
* Copyright (c) 1991 by Micah Beck
* Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
* Parts Copyright (c) 1989-2015 by Brian V. Smith
- * Parts Copyright (c) 2015-2020 by Thomas Loimer
+ * Parts Copyright (c) 2015-2025 by Thomas Loimer
*
* Any party obtaining a copy of these files is granted, free of charge, a
* full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -91,10 +91,10 @@ typedef struct f_ellipse {
struct f_ellipse *next;
} F_ellipse;
-#define INVALID_ELLIPSE(e) \
+#define INVALID_ELLIPSE(e) \
e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA || \
- COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \
- e->radiuses.x == 0 || e->radiuses.y == 0 || \
+ COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \
+ e->radiuses.x == 0 || e->radiuses.y == 0 || \
e->angle < -7. || e->angle > 7.
typedef struct f_arc {
@@ -121,12 +121,16 @@ typedef struct f_arc {
struct f_arc *next;
} F_arc;
-#define INVALID_ARC(a) \
+#define COINCIDENT(a, b) (a.x == b.x && a.y == b.y)
+#define INVALID_ARC(a) \
a->type < T_OPEN_ARC || a->type > T_PIE_WEDGE_ARC || \
COMMON_PROPERTIES(a) || a->cap_style < 0 || a->cap_style > 2 || \
a->center.x < COORD_MIN || a->center.x > COORD_MAX || \
a->center.y < COORD_MIN || a->center.y > COORD_MAX || \
- (a->direction != 0 && a->direction != 1)
+ (a->direction != 0 && a->direction != 1) || \
+ COINCIDENT(a->point[0], a->point[1]) || \
+ COINCIDENT(a->point[0], a->point[2]) || \
+ COINCIDENT(a->point[1], a->point[2])
typedef struct f_line {
int type;
--- a/fig2dev/tests/read.at
+++ b/fig2dev/tests/read.at
@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to various Devices
dnl Copyright (c) 1991 by Micah Beck
dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
dnl Parts Copyright (c) 1989-2015 by Brian V. Smith
-dnl Parts Copyright (c) 2015-2021 by Thomas Loimer
+dnl Parts Copyright (c) 2015-2025 by Thomas Loimer
dnl
dnl Any party obtaining a copy of these files is granted, free of charge, a
dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -14,7 +14,7 @@ dnl party to do so, with the only requirement being that the above copyright
dnl and this permission notice remain intact.
dnl read.at
-dnl Author: Thomas Loimer, 2017-2020
+dnl Author: Thomas Loimer, 2017-2025
AT_BANNER([Sanitize and harden input.])
@@ -213,6 +213,16 @@ EOF
])
AT_CLEANUP
+AT_SETUP([reject arcs with coincident points, ticket #186])
+AT_KEYWORDS(read.c arc)
+AT_CHECK([fig2dev -L pict2e <<EOF
+FIG_FILE_TOP
+5 1 0 15 0 7 50 0 -1 0.0 1 0 0 0 0.0 0.0 1 1 1 1 2 0
+EOF
+], 1, ignore, [Invalid arc object at line 10.
+])
+AT_CLEANUP
+
AT_SETUP([survive debian bugs #881143, #881144])
AT_KEYWORDS([font pic tikz])
AT_CHECK([fig2dev -L pic <<EOF

41
CVE-2025-31164.patch Normal file
View File

@ -0,0 +1,41 @@
Origin:
https://sourceforge.net/p/mcj/tickets/184/
https://sourceforge.net/p/mcj/fig2dev/ci/ff9aba206a30288f456dfc91584a52ba9927b438/
--- a/fig2dev/read.c
+++ b/fig2dev/read.c
@@ -989,6 +989,14 @@ sanitize_lineobject(
obj_name[l->type-2], line_no);
return -1;
}
+ if (l->type == T_ARC_BOX && l->radius == 0) {
+ put_msg("A %s, but zero corner radius "
+ "at line %d - convert "
+ "to a rectangle.",
+ obj_name[l->type - 2],
+ line_no);
+ l->type = T_BOX;
+ }
}
}
--- a/fig2dev/tests/read.at
+++ b/fig2dev/tests/read.at
@@ -99,6 +99,17 @@ EOF
])
AT_CLEANUP
+AT_SETUP([convert an arc-box with zero radius to a box])
+AT_KEYWORDS(read.c arc-box)
+AT_CHECK([fig2dev -L pict2e <<EOF
+FIG_FILE_TOP
+2 4 1 1 0 0 50 -1 -1 4.0 0 0 0 0 0 5
+ 0 0 300 0 300 300 0 300 0 0
+EOF
+],0,ignore,[A rectangle with rounded corners, but zero corner radius at line 11 - convert to a rectangle.
+])
+AT_CLEANUP
+
AT_SETUP([fail on a malformed arc-box])
AT_KEYWORDS(read.c malformed arc-box)
AT_CHECK([fig2dev -L pict2e <<EOF

38
fig2dev-3.2.6a-CVE-2017-16899.patch
View File

@ -1,38 +0,0 @@
diff -up fig2dev-3.2.6a/fig2dev/read.c.orig fig2dev-3.2.6a/fig2dev/read.c
--- fig2dev-3.2.6a/fig2dev/read.c.orig 2017-01-07 23:01:19.000000000 +0100
+++ fig2dev-3.2.6a/fig2dev/read.c 2017-11-21 15:17:31.195643198 +0100
@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp)
| PSFONT_TEXT;
/* keep the font number reasonable */
- if (t->font > MAXFONT(t))
+ if (t->font > MAXFONT(t)) {
t->font = MAXFONT(t);
+ } else if (t->font < 0 ) {
+ if (psfont_text(t) && t->font < -1)
+ t->font = -1;
+ else
+ t->font = 0;
+ }
fix_and_note_color(&t->color);
t->comments = attach_comments(); /* attach any comments */
return t;
diff -up fig2dev-3.2.6a/fig2dev/read1_3.c.orig fig2dev-3.2.6a/fig2dev/read1_3.c
--- fig2dev-3.2.6a/fig2dev/read1_3.c.orig 2016-08-19 21:34:38.000000000 +0200
+++ fig2dev-3.2.6a/fig2dev/read1_3.c 2017-11-21 15:17:31.196643206 +0100
@@ -470,6 +470,15 @@ read_textobject(FILE *fp)
free((char*) t);
return(NULL);
}
+ /* keep the font number within valid range */
+ if (t->font > MAXFONT(t)) {
+ t->font = MAXFONT(t);
+ } else if (t->font < 0 ) {
+ if (psfont_text(t) && t->font < -1)
+ t->font = -1;
+ else
+ t->font = 0;
+ }
(void)strcpy(t->cstring, buf);
if (t->size == 0) t->size = 18;
return(t);

BIN
fig2dev-3.2.6a.tar.xz
View File

Binary file not shown.

BIN
fig2dev-3.2.8b.tar.xz Normal file
View File

Binary file not shown.

26
transfig.spec
View File

@ -1,18 +1,20 @@
Name: transfig
Summary: Utility for converting FIG files (made by xfig) to other formats
Version: 3.2.6a
Release: 6
Version: 3.2.8b
Release: 3
Epoch: 1
License: MIT
URL: https://sourceforge.net/projects/mcj/
Source0: http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz
Patch1: fig2dev-3.2.6a-CVE-2017-16899.patch
Patch0: CVE-2025-31162.patch
Patch1: CVE-2025-31163.patch
Patch2: CVE-2025-31164.patch
Requires: netpbm-progs ghostscript bc
BuildRequires: gcc libpng-devel libjpeg-devel libXpm-devel
BuildRequires: gcc libpng-devel libjpeg-devel libXpm-devel ghostscript
%description
The transfig utility creates a makefile which translates FIG (created
@ -41,13 +43,23 @@ figures into certain graphics languages.
%{_bindir}/fig2*
%{_bindir}/pic2tpic
%{_datadir}/fig2dev/i18n/*.ps
%{_datadir}/fig2dev/bitmaps/*.bmp
%files help
%doc %{name}/doc/manual.pdf
%{_mandir}/man1/*.1.gz
%{_datadir}/fig2dev/rgb.txt
%changelog
* Tue Apr 01 2025 caodongxia <caodongxia@h-partners.com> - 1:3.2.8b-3
- Fix CVE-2025-31162,CVE-2025-31163 and CVE-2025-31164
* Fri Feb 11 2022 herengui <herengui@uniontech.com> - 1:3.2.8b-2
- fix GSEXE undefined issue.
* Thu Jan 20 2022 yaoxin<yaoxin30@huawei.com> - 1:3.2.8b-1
- Upgrade transfig to 3.2.8b, fix CVE-2021-37529 CVE-2021-37530
* Tue Oct 12 2021 yaoxin<yaoxin30@huawei.com> - 1:3.2.6a-7
- Fix CVE-2021-32280
* Tue Dec 3 2019 caomeng<caomeng5@huawei.com> - 1:3.2.6a-6
- Package init
- Package init

4
transfig.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: git
src_repo: https://sourceforge.net/p/mcj/fig2dev/ci/master/tree/
tag_prefix: ^
seperator: .