[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#987894: marked as done (unblock: fig2dev/1:3.2.8-3)

Your message dated Sat, 01 May 2021 17:31:39 +0000
with message-id <E1lctSt-0006Sy-UX@respighi.debian.org>
and subject line unblock fig2dev
has caused the Debian Bug report #987894,
regarding unblock: fig2dev/1:3.2.8-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
987894: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987894
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package fig2dev

This new version consists of four small security related patches
provided by upstream author, that fix some buffer overflows and null
pointer.

I hoped, that the package would be migrated after 20 day, but just
noted, that it is blocked because it is a key package (according to
popcon), so please unblock the migration before the release.

A diff from 3.2.8-2 is attached.

Greetings
Roland

unblock fig2dev/1:3.2.8-3

diff -Nru fig2dev-3.2.8/debian/changelog fig2dev-3.2.8/debian/changelog
--- fig2dev-3.2.8/debian/changelog	2021-02-06 12:59:35.000000000 +0100
+++ fig2dev-3.2.8/debian/changelog	2021-04-30 11:28:30.000000000 +0200
@@ -1,3 +1,12 @@
+fig2dev (1:3.2.8-3) unstable; urgency=medium
+
+  * 30_arrow-poly: Remove arrows from polygon with single point.
+  * 31_trunc-subsuper: Allow truncated sub/superscripts in text.
+  * 32_arrow-point: Omit arrows without points in svg output.
+  * 33_sanitize-color: Sanitize color definitions.
+
+ -- Roland Rosenfeld <roland@debian.org>  Fri, 30 Apr 2021 11:28:30 +0200
+
 fig2dev (1:3.2.8-2) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -Nru fig2dev-3.2.8/debian/patches/30_arrow-poly.patch fig2dev-3.2.8/debian/patches/30_arrow-poly.patch
--- fig2dev-3.2.8/debian/patches/30_arrow-poly.patch	1970-01-01 01:00:00.000000000 +0100
+++ fig2dev-3.2.8/debian/patches/30_arrow-poly.patch	2021-04-30 11:28:30.000000000 +0200
@@ -0,0 +1,70 @@
+From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+Date: Fri Apr 23 22:31:27 2021 +0200
+Bug: https://sourceforge.net/p/mcj/tickets/114/
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/fig2dev/+bug/1926673
+Applied-Upstream: https://sourceforge.net/p/mcj/fig2dev/ci/43cfa693284b076e5d2cc100758a34b76db65e58/
+Subject: Remove arrows from polygon with single point, ticket #114
+ When sanitizing line objects, a polygon consisting of too few points is
+ converted to a polyline. With this commit, the resulting polyline is
+ also sanitized, e.g, by removing arrow tips if the line consists only of
+ a single point.
+
+--- a/fig2dev/read.c
++++ b/fig2dev/read.c
+@@ -3,7 +3,7 @@
+  * Copyright (c) 1991 by Micah Beck
+  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+  * Parts Copyright (c) 1989-2015 by Brian V. Smith
+- * Parts Copyright (c) 2015-2020 by Thomas Loimer
++ * Parts Copyright (c) 2015-2021 by Thomas Loimer
+  *
+  * Any party obtaining a copy of these files is granted, free of charge, a
+  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -936,6 +936,7 @@ sanitize_lineobject(
+ 			put_msg("A polygon with %d points at line %d - convert to a polyline.",
+ 			npts, line_no);
+ 			l->type = T_POLYLINE;
++			sanitize_lineobject(l, p, line_no);
+ 			return 0;
+ 		}
+ 	}
+--- a/fig2dev/tests/read.at
++++ b/fig2dev/tests/read.at
+@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to vario
+ dnl Copyright (c) 1991 by Micah Beck
+ dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+ dnl Parts Copyright (c) 1989-2015 by Brian V. Smith
+-dnl Parts Copyright (c) 2015-2020 by Thomas Loimer
++dnl Parts Copyright (c) 2015-2021 by Thomas Loimer
+ dnl
+ dnl Any party obtaining a copy of these files is granted, free of charge, a
+ dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -121,7 +121,7 @@ EOF
+ ])
+ AT_CLEANUP
+ 
+-AT_SETUP([remove arrows tips from single point])
++AT_SETUP([remove arrow tips from single point])
+ AT_KEYWORDS(read.c polyline)
+ AT_CHECK([fig2dev -L pict2e <<EOF
+ FIG_FILE_TOP
+@@ -134,6 +134,19 @@ EOF
+ A single point with a backward arrow - remove the arrow.
+ ])
+ AT_CLEANUP
++
++AT_SETUP([remove arrow tips on polygon with single point])
++AT_KEYWORDS(read.c polygon)
++AT_CHECK([fig2dev -L svg <<EOF
++FIG_FILE_TOP
++2 3 0 1 -1 -1 50 -1 -1 0. 0 0 0 0 1 1
++	0 0 2. 120. 240.
++	0 0
++EOF
++],0,ignore,[A polygon with 1 points at line 12 - convert to a polyline.
++A single point with a backward arrow - remove the arrow.
++])
++AT_CLEANUP
+ 
+ AT_SETUP([reject huge arrow-type, ticket #57])
+ AT_KEYWORDS(arrow.c arrow)
diff -Nru fig2dev-3.2.8/debian/patches/31_trunc-subsuper.patch fig2dev-3.2.8/debian/patches/31_trunc-subsuper.patch
--- fig2dev-3.2.8/debian/patches/31_trunc-subsuper.patch	1970-01-01 01:00:00.000000000 +0100
+++ fig2dev-3.2.8/debian/patches/31_trunc-subsuper.patch	2021-04-30 11:28:30.000000000 +0200
@@ -0,0 +1,80 @@
+From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+Date: Sat Apr 24 10:29:59 2021 +0200
+Bug: https://sourceforge.net/p/mcj/tickets/113/
+Bug: https://sourceforge.net/p/mcj/tickets/117/
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/fig2dev/+bug/1926674
+Applied-Upstream: https://sourceforge.net/p/mcj/fig2dev/ci/f8ce1ff8837056b12c046f56e3b5248b2c8eeaa1/
+Subject: Allow truncated sub/superscripts in text, #113, #117
+ For svg output, sub- and superscripts are indicated by the ^ and _
+ characters, respectively. A text string truncated right after these
+ characters caused buffer overflow. Fixes tickets #113 and #117.
+
+--- a/fig2dev/dev/gensvg.c
++++ b/fig2dev/dev/gensvg.c
+@@ -3,7 +3,7 @@
+  * Parts Copyright (c) 2002 by Anthony Starks
+  * Parts Copyright (c) 2002-2006 by Martin Kroeker
+  * Parts Copyright (c) 2002-2015 by Brian V. Smith
+- * Parts Copyright (c) 2015-2020 by Thomas Loimer
++ * Parts Copyright (c) 2015-2021 by Thomas Loimer
+  *
+  * Any party obtaining a copy of these files is granted, free of charge, a
+  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -1005,7 +1005,7 @@ gensvg_text(F_text *t)
+ #endif
+ 		for (cp = (unsigned char *)t->cstring; *cp; cp++) {
+ 			ch = *cp;
+-			if (( supsub == 2 &&ch == '}' ) || supsub==1) {
++			if ((supsub == 2 && ch == '}') || supsub==1) {
+ #ifdef NOSUPER
+ 				fprintf(tfp,"</tspan><tspan dy=\"%d\">",-dy);
+ 				old_dy=-dy;
+@@ -1019,6 +1019,8 @@ gensvg_text(F_text *t)
+ 				}
+ 			}
+ 			if (ch == '_' || ch == '^') {
++				if (*(cp + 1) == '\0')
++					break;
+ 				supsub=1;
+ #ifdef NOSUPER
+ 				if (dy != 0)
+@@ -1043,6 +1045,8 @@ gensvg_text(F_text *t)
+ 				++cp;
+ 				ch = *cp;
+ 				if (ch == '{' ) {
++					if (*(cp + 1) == '\0')
++						break;
+ 					supsub=2;
+ 					++cp;
+ 					ch = *cp;
+--- a/fig2dev/tests/output.at
++++ b/fig2dev/tests/output.at
+@@ -231,6 +231,17 @@ AT_CHECK([SOURCE_DATE_EPOCH=1483564881 f
+ 		- $builddir/data/fillswclip.svg])
+ AT_CLEANUP
+ 
++AT_SETUP([truncated sub/superscript, tickets #113, #117])
++AT_KEYWORDS(read.c svg)
++AT_CHECK([fig2dev -L svg <<EOF
++#FIG 2
++1200 2
++4 2 0 0 1 0 0 0 6 110 376 0 0 ^
++4 2 0 0 1 0 0 0 6 110 376 0 200 ^{
++EOF
++], 0, ignore)
++AT_CLEANUP
++
+ 
+ AT_BANNER([Test tikz output language.])
+ 
+--- a/fig2dev/tests/read.at
++++ b/fig2dev/tests/read.at
+@@ -136,7 +136,7 @@ A single point with a backward arrow - r
+ AT_CLEANUP
+ 
+ AT_SETUP([remove arrow tips on polygon with single point])
+-AT_KEYWORDS(read.c polygon)
++AT_KEYWORDS(read.c polygon svg)
+ AT_CHECK([fig2dev -L svg <<EOF
+ FIG_FILE_TOP
+ 2 3 0 1 -1 -1 50 -1 -1 0. 0 0 0 0 1 1
diff -Nru fig2dev-3.2.8/debian/patches/32_arrow-point.patch fig2dev-3.2.8/debian/patches/32_arrow-point.patch
--- fig2dev-3.2.8/debian/patches/32_arrow-point.patch	1970-01-01 01:00:00.000000000 +0100
+++ fig2dev-3.2.8/debian/patches/32_arrow-point.patch	2021-04-30 11:28:30.000000000 +0200
@@ -0,0 +1,63 @@
+From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+Date: Sat Apr 24 23:04:36 2021 +0200
+Bug: https://sourceforge.net/p/mcj/tickets/115/
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/fig2dev/+bug/1926676
+Applied-Upstream: https://sourceforge.net/p/mcj/fig2dev/ci/8c0917994e49110004a6632d0a66ea19501ad39d/
+Subject: Omit arrows without points in svg output, ticket #115
+
+--- a/fig2dev/dev/gensvg.c
++++ b/fig2dev/dev/gensvg.c
+@@ -1173,7 +1173,7 @@ svg_arrows(int line_thickness, F_arrow *
+ 	return true;
+     }
+ 
+-    if (for_arrow) {
++    if (for_arrow && fnpoints > 1) {
+ 	fputs("<!-- Forward arrow", tfp);
+ 	arrow_path(for_arrow, forw2, pen_color, fnpoints, fpoints,
+ 		fnfillpoints, ffillpoints
+@@ -1182,7 +1182,7 @@ svg_arrows(int line_thickness, F_arrow *
+ #endif
+ 		);
+     }
+-    if (back_arrow) {
++    if (back_arrow && bnpoints > 1) {
+ 	fputs("<!-- Backward arrow", tfp);
+ 	arrow_path(back_arrow, back2, pen_color, bnpoints, bpoints,
+ 		bnfillpoints, bfillpoints
+--- a/fig2dev/tests/output.at
++++ b/fig2dev/tests/output.at
+@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to vario
+ dnl Copyright (c) 1991 by Micah Beck
+ dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+ dnl Parts Copyright (c) 1989-2015 by Brian V. Smith
+-dnl Parts Copyright (c) 2015-2020 by Thomas Loimer
++dnl Parts Copyright (c) 2015-2021 by Thomas Loimer
+ dnl
+ dnl Any party obtaining a copy of these files is granted, free of charge, a
+ dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -184,6 +184,7 @@ FIG_FILE_TOP
+ EOF], 0, ignore)
+ AT_CLEANUP
+ 
++
+ AT_BANNER([Test svg output language.])
+ AT_SETUP([compare patterns with template])
+ AT_KEYWORDS(svg pattern creationdate)
+@@ -242,6 +243,16 @@ EOF
+ ], 0, ignore)
+ AT_CLEANUP
+ 
++AT_SETUP([omit arrows without points, ticket #115])
++AT_KEYWORDS(svg arrow)
++AT_CHECK([fig2dev -L svg <<EOF
++FIG_FILE_TOP
++5 1 0 1 7 7 44 -1 6 0.000 0 1 1 1 50 -1 -1500 200 -1 7 50 -1  900 750 975
++	0 0 1.00 45.00 90.00
++	5 0 1.003 1426 1068 1426
++EOF], 0, ignore)
++AT_CLEANUP
++
+ 
+ AT_BANNER([Test tikz output language.])
+ 
diff -Nru fig2dev-3.2.8/debian/patches/33_sanitize-color.patch fig2dev-3.2.8/debian/patches/33_sanitize-color.patch
--- fig2dev-3.2.8/debian/patches/33_sanitize-color.patch	1970-01-01 01:00:00.000000000 +0100
+++ fig2dev-3.2.8/debian/patches/33_sanitize-color.patch	2021-04-30 11:28:30.000000000 +0200
@@ -0,0 +1,61 @@
+From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+Date: Sun Apr 25 00:49:15 2021 +0200
+Bug: https://sourceforge.net/p/mcj/tickets/116/
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/fig2dev/+bug/1926677
+Applied-Upstream: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
+Subject: Sanitize color definitions, ticket #116
+
+--- a/fig2dev/read.c
++++ b/fig2dev/read.c
+@@ -520,30 +520,37 @@ read_colordef(char *line, int line_no)
+ 
+ 	if (num_usr_cols >= MAX_USR_COLS) {
+ 		if (num_usr_cols == MAX_USR_COLS) {
+-			put_msg("Maximum number of color definitions (%d) exceeded at line %d.",
++			put_msg("Maximum number of color definitions (%d) "
++					"exceeded at line %d.",
+ 					MAX_USR_COLS, line_no);
+ 			++num_usr_cols;
+ 		}
+ 		/* ignore additional colors */
+ 		return;
+ 	}
+-	if (sscanf(line, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) != 4) {
+-		if (c >= NUM_STD_COLS && c < NUM_STD_COLS + MAX_USR_COLS) {
+-			put_msg("Invalid color definition at line %d: %s, setting to black (#00000).",
+-					line_no, line);
+-			r = g = b = 0;
+-		} else {
+-			put_msg("User color number at line %d out of range (%d), should be between %d and %d.",
++	if (sscanf(line, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) == 4) {
++		if (c >= NUM_STD_COLS && c < NUM_STD_COLS + MAX_USR_COLS &&
++				r >=0 && r < 256 && g >=0 && g < 256 &&
++				b >= 0 && b < 256 ) {
++			user_col_indx[num_usr_cols] = c;
++			user_colors[num_usr_cols].r = r;
++			user_colors[num_usr_cols].g = g;
++			user_colors[num_usr_cols].b = b;
++			++num_usr_cols;
++		} else if (c < NUM_STD_COLS || c >= NUM_STD_COLS+MAX_USR_COLS) {
++			put_msg("User color number at line %d out of range (%d)"
++					", should be between %d and %d.",
+ 					line_no, c, NUM_STD_COLS,
+ 					NUM_STD_COLS + MAX_USR_COLS - 1);
+-			return;
++		} else {
++			put_msg("Invalid color definition at line %d: %s, color"
++				       " values must be between 0 through 255.",
++								line_no, line);
+ 		}
++	} else {
++		put_msg("Invalid color definition at line %d: %s.",
++							line_no, line);
+ 	}
+-	user_col_indx[num_usr_cols] = c;
+-	user_colors[num_usr_cols].r = r;
+-	user_colors[num_usr_cols].g = g;
+-	user_colors[num_usr_cols].b = b;
+-	++num_usr_cols;
+ }
+ 
+ static void
diff -Nru fig2dev-3.2.8/debian/patches/series fig2dev-3.2.8/debian/patches/series
--- fig2dev-3.2.8/debian/patches/series	2021-02-06 12:59:35.000000000 +0100
+++ fig2dev-3.2.8/debian/patches/series	2021-04-30 11:28:30.000000000 +0200
@@ -2,3 +2,7 @@
 15_fig2mpdf-doc.patch
 28_fix_fig2dev_chmod.patch
 29_RGBFILE.patch
+30_arrow-poly.patch
+31_trunc-subsuper.patch
+32_arrow-point.patch
+33_sanitize-color.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: