SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for transfig-debugsource-3.2.8b-4.15.1.x86_64.rpm :

* Wed Oct 06 2021 wernerAATTsuse.de- Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) o Detect the output language from the output file name. o On the command line, a minus (-) as input or output file name refers to standard input or standard output. o Correct buffer overflows and segfaults, mainly due to maliciously crafted input files, tickets #113-117, #122, #123, #125-#135. o With -Lepic -P, generate a complete tex file. o Correctly produce a gif if a transparent color is given, ticket #121. o Return with error if no space is left on the device. Ticket #101.- Remove patch 6827c09d.patch now upstream- Add patch 1b09a8.patch from upstream (for ticket #137)- Port patch fig2dev-3.2.6-fig2mpdf.patch back- This Update includes the fixes for
* bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
* bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
* bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
* bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
* bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
* bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
* bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
* bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c
* Mon Aug 16 2021 wernerAATTsuse.de- Skip requirement of texlive-epstopdf as SLE-12 does not have that
* Wed Aug 11 2021 wernerAATTsuse.de- Skip build of documentation of fig2mpdf on SLE-12
* Fri Jun 18 2021 wernerAATTsuse.de- Make spec file build with older SLE versions as well
* This version is used by xfig 3.2.8 and above
* Fri May 21 2021 wernerAATTsuse.de- Add upstream commit as patch 6827c09d.patch Global buffer overflow in fig2dev/read.c in function read_colordef() (boo#1186329, CVE-2021-3561)
* Thu Apr 01 2021 wernerAATTsuse.de- Update to fig2dev version 3.2.8 Patchlevel 8a (Mar 2021) o Allow closed splines with three points. o Fix build under Darwin.- Correct hunk offsets of the patch o transfig-3.2.8.dif
* Fri Feb 12 2021 wernerAATTsuse.de- Update to fig2dev version 3.2.8 (Patchlevel 8 (Dec 2020) o Use deflate to embed image data into eps output, often substantially reducing file size. o Embed pdf files into ps output by converting the pdf to eps. o Allow negative arrow widths. This might be useful for asymmetric arrow tips, which can thus be mirrored around the corresponding line. Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. o Reject negative text font sizes. Fixes ticket #86. o Allow fig files ending without previous eol character. Fixes #83, #84. o Accept text and ellipse angles only within -2
*pi to 2
*pi. Fixes #76. o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81. o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80. o Use getline() to improve input scanning. Fixes tickets #58, #59, #61, #62, #67, #78, #79, #82. o Correctly scan embedded pdfs for /MediaBox value. o Convert polygons having too few points to polylines. Ticket #56. o Reject huge arrow types causing integer overflow. Ticket #57. o Allow Fig v2 text strings ending with multiple ^A. Ticket #55. o Embed images in pdfs with their original compression type, i.e., leave the gs switch \"-dAutoFilterColorImages\" at its default value \"true\".- This update includes the fixes for bsc#1159293 - CVE-2019-19797: transfig,xfig: out-of-bounds write in read_colordef in read.c bsc#1161698 - CVE-2019-19555: transfig,xfig: stack-based buffer overflow because of an incorrect sscanf bsc#1159130 - CVE-2019-19746: transfig,xfig: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type bsc#1189343 - CVE-2020-21680: transfig: A stack-based buffer overflow in the put_arrow() component in genpict2e.c bsc#1189345 - CVE-2020-21681: transfig: A global buffer overflow in the set_color component in genge.c bsc#1189325 - CVE-2020-21683: transfig: A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c bsc#1189346 - CVE-2020-21682: transfig: A global buffer overflow in the set_fill component in genge.c and many more- Port and rename patch transfig-3.2.6.dif which is now transfig-3.2.8.dif- Remove patches now obsolete
* 00cded.patch
* 100e27.patch
* 2f8d1a.patch
* 3065eb.patch
* 3165d8.patch
* 421afa.patch
* 4d4e1f.patch
* 639c36.patch
* CVE-2019-19555.patch
* CVE-2019-19746.patch
* CVE-2019-19797.patch
* acccc8.patch
* c379fe.patch
* ca48cc.patch
* d6a10d.patch
* d70e4b.patch
* e3cee2.patch
* transfig.3.2.5-binderman.dif
* transfig.3.2.5d-mediaboxrealnb.dif- Port patches
* fig2dev-3.2.6-fig2mpdf.patch
* fig2dev-3.2.6a-RGBFILE.patch
* Wed Sep 30 2020 wernerAATTsuse.de- Add upstream security patches/commits
* 100e27.patch
* 3065eb.patch
* ca48cc.patch
* Tue Sep 29 2020 wernerAATTsuse.de- Do hardening via compile and linker flags
* Tue Feb 11 2020 wernerAATTsuse.de- Add upstream security patches/commits
* 00cded.patch
* 2f8d1a.patch
* 3165d8.patch
* 421afa.patch
* 4d4e1f.patch
* 639c36.patch
* acccc8.patch
* d6a10d.patch
* d70e4b.patch
* e3cee2.patch
* Tue Jan 21 2020 wernerAATTsuse.de- Avoid auto(re)config
* Tue Jan 21 2020 wernerAATTsuse.de- Add security patches
* CVE-2019-19746.patch -- bsc#1159130
* c379fe.patch ... currently without CVE and bugzilla entry
* CVE-2019-19797.patch -- bsc#1159293
* Thu Dec 05 2019 wernerAATTsuse.de- Add patch CVE-2019-19555.patch
* Even if we are not affected add fix for CVE-2019-19555
* Tue Oct 29 2019 wernerAATTsuse.de- Update to fig2dev version 3.2.7 (Patchlevel 7b (Oct 2019) o A X color database is not needed, but can be provided. The location of the database can be given at compile time, default /etc/X11/rgb.txt. Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. Debian bug numbers refer to https://bugs.debian.org/#. o Do not clip objects with line-thickness 0 having arrows. Ticket #53. o Do not segfault on circle/half circle arrowheads with a magnification larger 42. Always draw circle arrowheads with 40 points. Ticket #52. o Allow circles or ellipses with negative radii. Ticket #49. o Avoid \"dimension too large error\" with tikz output by avoiding coordinate values smaller than -16383. o Make tests (test1.c) work with -fsanitize=address compiler option. o Obey join-style of lines in tikz output. o Pass utf8-strings to svg output, escape some chars (<>&). o Accept inclined boxes and change them to polygons. Fixes ticket #43. o Make tests #27 and #33 work on Mac Darwin, failed due to whitespace formatting differences. From Hanspeter Niederstrasser. Ticket #40. o Use only latex, neither etex or tex, to test tikz output. Usage of etex, after hint from Roland Rosenfeld, closed debian bug 920368. o For tikz output, do not draw arrows on a single point line. o Omit spurious showpage when including jpg-file. From Rainer Buchty. o Correct a few memory leaks and corruptions. See commit d1c54f6. o Change negative color numbers to default color. Fixes ticket #30. o A spline with one point would cause segfault. Fixed, see ticket #29. o Allow one char without newline in the last line of an input file. Fixes ticket #28. o Harden input, mainly against files in which an incomplete object would be created and freeing the object would violate memory, i.e, it may cause segfault. See, e.g., ticket #27. o Properly initalize line storage when reading fig files version 1.3. Would segfault when reading incomplete line and trying to free it. Fixes ticket #26, debian bug 906743. o Silently ignore the hundred-first and more comment lines. This fixes ticket #25 and debian bug 906740. o Use SetFigFont, not SetFigFontNFSS in pictex output. Fixes https://bugs.launchpad.net/ubuntu/+source/transfig/+bug/1359485 . o Accept blanks in color names (e.g., fig2dev -L eps -g\"Misty Rose\"..). o Correct typos in man-pages, debian 30_man_typo.patch.- Remove patches now upstream
* fig2dev-3.2.6a-man-typo.patch
* transfig-03ea4578.patch
* transfig-e0c4b024.patch
* transfig-fix-of-e0c4b024.patch- Port patches to new version
* transfig-3.2.6.dif
* transfig-fix-afl.patch
* fig2dev-3.2.6-fig2mpdf.patch
* fig2dev-3.2.6a-RGBFILE.patch
* Thu Aug 15 2019 wernerAATTsuse.de- Add patch transfig-03ea4578.patch from upstream commit 03ea4578 to fix bsc#1143650 with CVE-2019-14275
* Wed Jun 26 2019 wernerAATTsuse.de- Add patch transfig-fix-of-e0c4b024.patch to fix last added upstream commit (boo#1136882)
* Thu Aug 30 2018 wernerAATTsuse.de- Add patch transfig-e0c4b024.patch from upstream commit e0c4b024 to fix bsc#1106531 with CVE-2018-16140
* Mon May 07 2018 wernerAATTsuse.de- Update to fig2dev version 3.2.7a (Patchlevel 7a (April 2018)) o Language previous option current option - ----------------------------------------------------------- cgm -b dummy -a epic -A scale -d scale eepic -A scale -d scale eepicemu -A scale -d scale gbx -i on|off -v ibmgl -m mag,xoff,yoff -m mag -x xoff -y yoff mp -I file -d file ps -S dummy -o o Print language-specific help text by using fig2dev -L lang -h. o Add option -M, multipage, for MetaPost output language. o Add option -P, pagemode, and -z to choose a pagesize for pdf output. o Add option -W (scaling of figures not possible) for tikz. o Add option -b, border width, for LaTeX output language. o Add option -f for pstex_t and pdftex_t output language. o Add uk_UA and ru_RU encodings for PostScript output. Ticket #12. o Fix regression whereupon flipped ellipses were not read. Ticket #23. o Distribute i18n files ru_RU.CP1251.ps and uk_UA.KOI8-U.ps. o Make test \"survive debian bug #890016\" succeed on 32 bit systems. o Distribute the X bitmaps files within fig2dev, no need to install these files. The files were needed for Tk and Perl/Tk output. o Add option -w, wrap (create stand-alone perl file) for Perl/Tk output. o Update help text: Output help for dxf and textyl output language, add description of -g option for Tk/Tcl and Perl/Tk output, allow -f option for pstex_t and pdftex_t output language. o Sanitize input. Do not segfault on malformed input files. Fixes debian bugs 881143, 881144, 881396, 890015, 890016, 882021 and also 882022. o Do not put an %%Orientation: comment into PostScript output. Some viewers would rotate the resulting file, others not. o Fix build on NetBSD, which has a _setmode() function different from _setmode() on Windows. Ticket #17. Also, avoid alloca(). Ticket #16. o tikz output: Omit the semicolon after \\pgftext[..]{...};. o Define PostScript patterns with larger tiles, may render better. #13 o Fix build in case libXpm is missing. Ticket #15. o Use netpbm programs instead of ghostscript, to produce smaller files. o Correctly embed eps files with binary preview (epsi, typically found on Microsoft systems). Also, allow to embed ps-files. Fixes debian bug 248807, ticket #8. o For compilation, do not depend on PATH_MAX being defined.- Remove patches now upstream fig2dev-3.2.6-genps_oldpatterns.patch fig2dev-3.2.6a-input-sanitizing.patch fig2dev-3.2.6a-style-overflow.patch- Modify patches fig2dev-3.2.6-fig2mpdf-doc.patch fig2dev-3.2.6-fig2mpdf.patch fig2dev-3.2.6a-RGBFILE.patch transfig-3.2.6.dif transfig-fix-afl.patch transfig.3.2.5d-mediaboxrealnb.dif
* Fri Mar 02 2018 crrodriguezAATTopensuse.org- Change xorg-x11-devel --> pkgconfig(xpm)- buildrequire default libpng.
* Wed Nov 22 2017 wernerAATTsuse.de- Added patches
* fig2dev-3.2.6a-RGBFILE.patch to let rgb.txt be located via environment variable FIG2DEV_RGBFILE
* fig2dev-3.2.6a-man-typo.patch to fix simple typo in manual page
* fig2dev-3.2.6a-input-sanitizing.patch to do some input sanitizing when reading FIG files (bsc#1069257, CVE-2017-16899)
* fig2dev-3.2.6a-style-overflow.patch
* Mon Feb 06 2017 wernerAATTsuse.de- Fix now failing download source service, that is don\'t do this
* Thu Feb 02 2017 wernerAATTsuse.de- Update to fig2dev version 3.2.6a (Patchlevel 6a (January 2017)) NEW FEATURES: o Distribute transfig.pdf. No need to build it from the TeX sources. o Enable reproducible build for svg output. o Set the creator to fig2dev, not to the path by which fig2dev is invoked. BUGS FIXED: Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. o The svg output now produces correct patterns and pie-wege arcs. Property names instead of style attributes are used. Hollow arrow heads are really hollow, not filled with white. In the PostScript output, this might also clip a bit of the filling underneath an arrow. o tikz output: Re-use \\dimen \\XFigu if it is already defined. Ticket #3. o tikz output: A pattern in an object with line width zero and the stroke color equal to the fill color would produce a white fill. The tikz output now does not try to be smart and puts a pattern, even if the result is equal to a solid fill. Ticket #1. o pict2e output: Standalone tex-files always include color.sty. #2. o pict2e output: A pattern with stroke color equal to fill color is rendered as a solid fill. o Compiles when gnu iconv and standard iconv are present.
* Fri Sep 23 2016 wernerAATTsuse.de- Update to fig2dev version 3.2.6 (the successor of transfig) o Add compile switch --enable-versioning and script update-version_m4, to create version string from source control system o tikz output: Support -G (grid) option. Make \\XFigwidth and \\XFigheight only scale coordinates, not line widths; Do not set unnecessarily \\color{black} on text. From Roland Rosenfeld o Correct comment string in man page fig2ps2tex.1 o Distribute autotest file lookup_X_color.at - only useful for hacko From Brian V. Smith: o Changed object defs from O_ to OBJ_ because O_TEXT conflicts with system typedef (debian 37_OBJ_typedef.patch) o Remove unused charset variables cs and ca from genibmgl.c (debian 38_unusedcharset.patch) o Build with make CFLAGS=\"-Werror -Wpedantic -Wformat -Wformat-security\' o On lines with Round or Projecting cap style and arrowheads, the line endpoint stuck out beyond the arrowhead (this was fixed in xfig 3.2.5c, but not here until now; debian 41_arrowhead.patch) o Changed .ce (center lines) to .RS (right-justify) in fig2ps2tex man page file because of issues when generating HTML (From Eric Raymond) (debian 36_manpage_ce2RS.patch) o Quotes added to output file name for several formats in case there are blanks in the name (debian 39_gs_quote.patch) o For PDF output, changed -dColorImageFilter from /FlateEncode to /DCTEncode for lossy compression (smaller pdf files) (debian 40_ColorImageFilter.patch) o Update help for PDF options (debian 42_PDF_help.patch) From Roland Rosenfeld. Bug numers refer to https://bugs.debian.org/#. o Remove bashisms in fig2ps2tex script. Reported from Chris Lamb . Fixes debian bug 480615. o Include sys/stat.h in genps.c. Reported from Steven Chamberlain . Debian bug 654767. (28_fix_chmod...patch) o Distribute the man page transig.1. (34_transfig.1.patch) o Do not report user information in ps files. Debian bug 316382 (04_displaywho.patch) o Set locale to C. Debian bug 45378 (05_locale_patch). o Support pdftex in transfig (20_transfig_pdftex.patch). Reported by Jindrich Makovicka . o Fix some typos (22_typos.patch, 35_manpage_typos.patch). o Honor environment variable SOURCE_DATE_EPOCH, for reproducible builds. Debian bug 819911. From Alexis Bienvenüe . (33_honour_SOURCE_DATE_EPOCH.patch). o Enable fonts >= 42 pt, needs \\usepackage{type1cm}. Bug 343139, (09_maxfontsize.patch). o New pict2e and tikz output language, for use with TeX/LaTeX. o Compile with ./configure; make; make install. Optionally, use make check; make installcheck. o By default, transfig is not built. o Swap patterns in PostScript output, were upside down. o Silence most compiler warnings. o Update man-pages and help text. o Accurately position arrowheads, flush with line, in PostScript output.- Remove transfig.3.2.5d-patches.tar.bz2 but port and add the oldpatterns and mpdf patches to 3.2.6: fig2dev-3.2.6-fig2mpdf-doc.patch fig2dev-3.2.6-fig2mpdf.patch fig2dev-3.2.6-genps_oldpatterns.patch- Patch transfig.3.2.5d.dif becomes transfig-3.2.6.dif- Modify the patches transfig-fix-afl.patch transfig.3.2.5-binderman.dif transfig.3.2.5d-mediaboxrealnb.dif
* Thu Apr 16 2015 meissnerAATTsuse.com- transfig-fix-afl.patch: fixed crashes due to uninitialized memory, found by afl.
  
ICM