!16 [sync] PR-9: Upgrade transfig to 3.2.8b, fix CVE-2021-37529 CVE-2021-37530

Merge pull request !16 from openeuler-sync-bot/sync-pr9-master-to-openEuler-22.03-LTS-Next

CVE-2021-32280.patch

@@ -1,19 +0,0 @@
-diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c
-index b6fb413..f9b6c18 100644
---- a/fig2dev/trans_spline.c
-+++ b/fig2dev/trans_spline.c
-@@ -228,6 +228,11 @@ compute_closed_spline(F_spline *spline, float precision)
-   if (!init_point_array(300, 200))
-       return NULL;
- 
-+  if (!(spline->points /* p0 */ && spline->controls /* s0 */ &&
-+       spline->points->next /* p1 */ && spline->controls->next /* s1 */ &&
-+       spline->points->next->next && spline->controls->next->next/* p2, s2 */&&
-+       spline->points->next->next->next && spline->controls->next->next->next))
-+      return NULL;
-   INIT_CONTROL_POINTS(spline, p0, s0, p1, s1, p2, s2, p3, s3);
-   COPY_CONTROL_POINT(first, s_first, p0, s0);
- 
--- 
-2.27.0
-

fig2dev-3.2.6a-CVE-2017-16899.patch

@@ -1,38 +0,0 @@
-diff -up fig2dev-3.2.6a/fig2dev/read.c.orig fig2dev-3.2.6a/fig2dev/read.c
---- fig2dev-3.2.6a/fig2dev/read.c.orig	2017-01-07 23:01:19.000000000 +0100
-+++ fig2dev-3.2.6a/fig2dev/read.c	2017-11-21 15:17:31.195643198 +0100
-@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp)
- 				| PSFONT_TEXT;
- 
- 	/* keep the font number reasonable */
--	if (t->font > MAXFONT(t))
-+	if (t->font > MAXFONT(t)) {
- 		t->font = MAXFONT(t);
-+	} else if (t->font < 0 ) {
-+		if (psfont_text(t) && t->font < -1)
-+			t->font = -1;
-+		else
-+			t->font = 0;
-+	}
- 	fix_and_note_color(&t->color);
- 	t->comments = attach_comments();	/* attach any comments */
- 	return t;
-diff -up fig2dev-3.2.6a/fig2dev/read1_3.c.orig fig2dev-3.2.6a/fig2dev/read1_3.c
---- fig2dev-3.2.6a/fig2dev/read1_3.c.orig	2016-08-19 21:34:38.000000000 +0200
-+++ fig2dev-3.2.6a/fig2dev/read1_3.c	2017-11-21 15:17:31.196643206 +0100
-@@ -470,6 +470,15 @@ read_textobject(FILE *fp)
- 	    free((char*) t);
- 	    return(NULL);
- 	    }
-+	/* keep the font number within valid range */
-+	if (t->font > MAXFONT(t)) {
-+		t->font = MAXFONT(t);
-+	} else if (t->font < 0 ) {
-+		if (psfont_text(t) && t->font < -1)
-+			t->font = -1;
-+		else
-+			t->font = 0;
-+	}
- 	(void)strcpy(t->cstring, buf);
- 	if (t->size == 0) t->size = 18;
- 	return(t);

transfig.spec

@@ -1,16 +1,13 @@
 Name:		transfig
 Summary:	Utility for converting FIG files (made by xfig) to other formats
-Version:	3.2.6a
+Version:	3.2.8b
-Release:	7
+Release:	1
 Epoch:		1
 License:	MIT
 URL:		https://sourceforge.net/projects/mcj/
 
 Source0:	http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz
 
-Patch1:     fig2dev-3.2.6a-CVE-2017-16899.patch
-Patch2:     CVE-2021-32280.patch
-
 Requires:	netpbm-progs ghostscript bc
 
 BuildRequires:  gcc libpng-devel libjpeg-devel libXpm-devel
@@ -42,14 +39,15 @@ figures into certain graphics languages.
 %{_bindir}/fig2*
 %{_bindir}/pic2tpic
 %{_datadir}/fig2dev/i18n/*.ps
-%{_datadir}/fig2dev/bitmaps/*.bmp
 
 %files help
 %doc %{name}/doc/manual.pdf
 %{_mandir}/man1/*.1.gz
-%{_datadir}/fig2dev/rgb.txt
 
 %changelog
+* Thu Jan 20 2022 yaoxin<yaoxin30@huawei.com> - 1:3.2.8b-1
+- Upgrade transfig to 3.2.8b, fix CVE-2021-37529 CVE-2021-37530
+
 * Tue Oct 12 2021 yaoxin<yaoxin30@huawei.com> - 1:3.2.6a-7
 - Fix CVE-2021-32280