From feb179721fef488cf225049fcab8e5c9dda52ba1 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Tue, 12 Oct 2021 14:59:56 +0800 Subject: [PATCH] fix CVE-2021-32280 (cherry picked from commit a7d683941c244f6a6f31a926e48e8bfb6b0db00a) --- CVE-2021-32280.patch | 19 +++++++++++++++++++ transfig.spec | 8 ++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 CVE-2021-32280.patch diff --git a/CVE-2021-32280.patch b/CVE-2021-32280.patch new file mode 100644 index 0000000..769fac0 --- /dev/null +++ b/CVE-2021-32280.patch @@ -0,0 +1,19 @@ +diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c +index b6fb413..f9b6c18 100644 +--- a/fig2dev/trans_spline.c ++++ b/fig2dev/trans_spline.c +@@ -228,6 +228,11 @@ compute_closed_spline(F_spline *spline, float precision) + if (!init_point_array(300, 200)) + return NULL; + ++ if (!(spline->points /* p0 */ && spline->controls /* s0 */ && ++ spline->points->next /* p1 */ && spline->controls->next /* s1 */ && ++ spline->points->next->next && spline->controls->next->next/* p2, s2 */&& ++ spline->points->next->next->next && spline->controls->next->next->next)) ++ return NULL; + INIT_CONTROL_POINTS(spline, p0, s0, p1, s1, p2, s2, p3, s3); + COPY_CONTROL_POINT(first, s_first, p0, s0); + +-- +2.27.0 + diff --git a/transfig.spec b/transfig.spec index e11f060..2de127a 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,7 +1,7 @@ Name: transfig Summary: Utility for converting FIG files (made by xfig) to other formats Version: 3.2.6a -Release: 6 +Release: 7 Epoch: 1 License: MIT URL: https://sourceforge.net/projects/mcj/ @@ -9,6 +9,7 @@ URL: https://sourceforge.net/projects/mcj/ Source0: http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz Patch1: fig2dev-3.2.6a-CVE-2017-16899.patch +Patch2: CVE-2021-32280.patch Requires: netpbm-progs ghostscript bc @@ -49,5 +50,8 @@ figures into certain graphics languages. %{_datadir}/fig2dev/rgb.txt %changelog +* Tue Oct 12 2021 yaoxin - 1:3.2.6a-7 +- Fix CVE-2021-32280 + * Tue Dec 3 2019 caomeng - 1:3.2.6a-6 -- Package init \ No newline at end of file +- Package init -- Gitee