diff --git a/CVE-2021-32280.patch b/CVE-2021-32280.patch deleted file mode 100644 index 769fac0004fc31853407ddaf451f30d184162276..0000000000000000000000000000000000000000 --- a/CVE-2021-32280.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c -index b6fb413..f9b6c18 100644 ---- a/fig2dev/trans_spline.c -+++ b/fig2dev/trans_spline.c -@@ -228,6 +228,11 @@ compute_closed_spline(F_spline *spline, float precision) - if (!init_point_array(300, 200)) - return NULL; - -+ if (!(spline->points /* p0 */ && spline->controls /* s0 */ && -+ spline->points->next /* p1 */ && spline->controls->next /* s1 */ && -+ spline->points->next->next && spline->controls->next->next/* p2, s2 */&& -+ spline->points->next->next->next && spline->controls->next->next->next)) -+ return NULL; - INIT_CONTROL_POINTS(spline, p0, s0, p1, s1, p2, s2, p3, s3); - COPY_CONTROL_POINT(first, s_first, p0, s0); - --- -2.27.0 - diff --git a/fig2dev-3.2.6a-CVE-2017-16899.patch b/fig2dev-3.2.6a-CVE-2017-16899.patch deleted file mode 100644 index 7f3df377d62176795b6c71d1829b16802837b67c..0000000000000000000000000000000000000000 --- a/fig2dev-3.2.6a-CVE-2017-16899.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up fig2dev-3.2.6a/fig2dev/read.c.orig fig2dev-3.2.6a/fig2dev/read.c ---- fig2dev-3.2.6a/fig2dev/read.c.orig 2017-01-07 23:01:19.000000000 +0100 -+++ fig2dev-3.2.6a/fig2dev/read.c 2017-11-21 15:17:31.195643198 +0100 -@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp) - | PSFONT_TEXT; - - /* keep the font number reasonable */ -- if (t->font > MAXFONT(t)) -+ if (t->font > MAXFONT(t)) { - t->font = MAXFONT(t); -+ } else if (t->font < 0 ) { -+ if (psfont_text(t) && t->font < -1) -+ t->font = -1; -+ else -+ t->font = 0; -+ } - fix_and_note_color(&t->color); - t->comments = attach_comments(); /* attach any comments */ - return t; -diff -up fig2dev-3.2.6a/fig2dev/read1_3.c.orig fig2dev-3.2.6a/fig2dev/read1_3.c ---- fig2dev-3.2.6a/fig2dev/read1_3.c.orig 2016-08-19 21:34:38.000000000 +0200 -+++ fig2dev-3.2.6a/fig2dev/read1_3.c 2017-11-21 15:17:31.196643206 +0100 -@@ -470,6 +470,15 @@ read_textobject(FILE *fp) - free((char*) t); - return(NULL); - } -+ /* keep the font number within valid range */ -+ if (t->font > MAXFONT(t)) { -+ t->font = MAXFONT(t); -+ } else if (t->font < 0 ) { -+ if (psfont_text(t) && t->font < -1) -+ t->font = -1; -+ else -+ t->font = 0; -+ } - (void)strcpy(t->cstring, buf); - if (t->size == 0) t->size = 18; - return(t); diff --git a/fig2dev-3.2.6a.tar.xz b/fig2dev-3.2.6a.tar.xz deleted file mode 100644 index f65c72d95e5b76eaf65ed4fdecbb41a5a722facc..0000000000000000000000000000000000000000 Binary files a/fig2dev-3.2.6a.tar.xz and /dev/null differ diff --git a/fig2dev-3.2.8b.tar.xz b/fig2dev-3.2.8b.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..f39ab13206e764f7067f5a05fbcfd10fda65a722 Binary files /dev/null and b/fig2dev-3.2.8b.tar.xz differ diff --git a/transfig.spec b/transfig.spec index 2de127a056388f505136d1d21dbcd993b6878565..d9f696342152702cb0e52f97e51f08d0d609ffb7 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,16 +1,13 @@ Name: transfig Summary: Utility for converting FIG files (made by xfig) to other formats -Version: 3.2.6a -Release: 7 +Version: 3.2.8b +Release: 1 Epoch: 1 License: MIT URL: https://sourceforge.net/projects/mcj/ Source0: http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz -Patch1: fig2dev-3.2.6a-CVE-2017-16899.patch -Patch2: CVE-2021-32280.patch - Requires: netpbm-progs ghostscript bc BuildRequires: gcc libpng-devel libjpeg-devel libXpm-devel @@ -42,14 +39,15 @@ figures into certain graphics languages. %{_bindir}/fig2* %{_bindir}/pic2tpic %{_datadir}/fig2dev/i18n/*.ps -%{_datadir}/fig2dev/bitmaps/*.bmp %files help %doc %{name}/doc/manual.pdf %{_mandir}/man1/*.1.gz -%{_datadir}/fig2dev/rgb.txt %changelog +* Thu Jan 20 2022 yaoxin - 1:3.2.8b-1 +- Upgrade transfig to 3.2.8b, fix CVE-2021-37529 CVE-2021-37530 + * Tue Oct 12 2021 yaoxin - 1:3.2.6a-7 - Fix CVE-2021-32280