!4 [sync] PR-3: fix CVE-2021-32280

From: @openeuler-sync-bot
Reviewed-by: @small_leek
Signed-off-by: @small_leek

CVE-2021-32280.patch

@@ -0,0 +1,19 @@
+diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c
+index b6fb413..f9b6c18 100644
+--- a/fig2dev/trans_spline.c
++++ b/fig2dev/trans_spline.c
+@@ -228,6 +228,11 @@ compute_closed_spline(F_spline *spline, float precision)
+   if (!init_point_array(300, 200))
+       return NULL;
+ 
++  if (!(spline->points /* p0 */ && spline->controls /* s0 */ &&
++       spline->points->next /* p1 */ && spline->controls->next /* s1 */ &&
++       spline->points->next->next && spline->controls->next->next/* p2, s2 */&&
++       spline->points->next->next->next && spline->controls->next->next->next))
++      return NULL;
+   INIT_CONTROL_POINTS(spline, p0, s0, p1, s1, p2, s2, p3, s3);
+   COPY_CONTROL_POINT(first, s_first, p0, s0);
+ 
+-- 
+2.27.0
+

transfig.spec

@@ -1,7 +1,7 @@
 Name:		transfig
 Summary:	Utility for converting FIG files (made by xfig) to other formats
 Version:	3.2.6a
-Release:	6
+Release:	7
 Epoch:		1
 License:	MIT
 URL:		https://sourceforge.net/projects/mcj/
@@ -9,6 +9,7 @@ URL:		https://sourceforge.net/projects/mcj/
 Source0:	http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz
 
 Patch1:     fig2dev-3.2.6a-CVE-2017-16899.patch
+Patch2:     CVE-2021-32280.patch
 
 Requires:	netpbm-progs ghostscript bc
 
@@ -49,5 +50,8 @@ figures into certain graphics languages.
 %{_datadir}/fig2dev/rgb.txt
 
 %changelog
+* Tue Oct 12 2021 yaoxin<yaoxin30@huawei.com> - 1:3.2.6a-7
+- Fix CVE-2021-32280
+
 * Tue Dec 3 2019 caomeng<caomeng5@huawei.com> - 1:3.2.6a-6
-- Package init
+- Package init