Package: fig2dev / 1:3.2.7a-5+deb10u3

Metadata

Package Version Patches format
fig2dev 1:3.2.7a-5+deb10u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
14_fig2mpdf.patch | (download)

fig2dev/dev/genpstex.c | 331 331 + 0 - 0 !
fig2dev/drivers.h | 4 4 + 0 - 0 !
fig2dev/fig2dev.c | 23 23 + 0 - 0 !
fig2mpdf/copyright.txt | 25 25 + 0 - 0 !
fig2mpdf/fig2mpdf | 653 653 + 0 - 0 !
fig2mpdf/fig2mpdf.1 | 208 208 + 0 - 0 !
6 files changed, 1244 insertions(+)

 
 creating multilayered or singlelayer pdf or eps figures for
 including into LaTeX documents.
15_fig2mpdf doc.patch | (download)

fig2mpdf/doc/Makefile | 11 11 + 0 - 0 !
fig2mpdf/doc/XFig-LaTeX-together.jpg.uue | 150 150 + 0 - 0 !
fig2mpdf/doc/XFig-LaTeX.jpg.uue | 305 305 + 0 - 0 !
fig2mpdf/doc/anim-presentation.gif.uue | 1187 1187 + 0 - 0 !
fig2mpdf/doc/fig2dev-pdftex_p.html | 120 120 + 0 - 0 !
fig2mpdf/doc/fig2mpdf-output.gif.uue | 62 62 + 0 - 0 !
fig2mpdf/doc/fig2mpdf.css | 178 178 + 0 - 0 !
fig2mpdf/doc/fig2mpdf.html | 238 238 + 0 - 0 !
fig2mpdf/doc/fig2ps-output.gif.uue | 89 89 + 0 - 0 !
fig2mpdf/doc/index.html | 45 45 + 0 - 0 !
fig2mpdf/doc/overlay-sample.jpg.uue | 770 770 + 0 - 0 !
fig2mpdf/doc/overlay-sample.lfig | 39 39 + 0 - 0 !
fig2mpdf/doc/overlaying.gif.uue | 119 119 + 0 - 0 !
fig2mpdf/doc/sample-flat.jpg.uue | 169 169 + 0 - 0 !
fig2mpdf/doc/sample-flat.pdf.uue | 975 975 + 0 - 0 !
fig2mpdf/doc/sample-presentation.gif.uue | 223 223 + 0 - 0 !
fig2mpdf/doc/sample-presentation.tex | 47 47 + 0 - 0 !
fig2mpdf/doc/uudecode | 19 19 + 0 - 0 !
18 files changed, 4746 insertions(+)

 
 fig2mpdf 1.2 documentation
28_fix_fig2dev_chmod.patch | (download)

fig2dev/dev/genpstex.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 the missing sys/stat.h prototype leads to an implicit declaration
 of fchmod(), which uses signed int while kFreeBSD expects unsigned int, which
 results in a wrong bitmap, which leads to a build failure.
 This is only required for the fig2mpdf patch.
Bug-Debian: http://bugs.debian.org/654767
29_RGBFILE.patch | (download)

fig2dev/colors.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 
 rgb.txt can not be located via fig2dev_rgbfile environment variable.
 This allows one to run the test suite without the package being
 installed before.
30_man_typo.patch | (download)

man/fig2dev.1.in | 4 2 + 2 - 0 !
man/fig2ps2tex.1 | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 
 fix typos in man pages
31_maxcomments.patch | (download)

fig2dev/read.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 
 ignore more than maxcomments comment lines, ticket #25
Bug-Debian: https://bugs.debian.org/906740
Bug: https://sourceforge.net/p/mcj/tickets/25/
32_freelinestorage.patch | (download)

fig2dev/read1_3.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 correctly free line-storage, fix ticket #26
Bug-Debian: https://bugs.debian.org/906743
Bug: https://sourceforge.net/p/mcj/tickets/26/
33_hardeninput.patch | (download)

fig2dev/dev/readpcx.c | 2 0 + 2 - 0 !
fig2dev/read.c | 48 35 + 13 - 0 !
2 files changed, 35 insertions(+), 15 deletions(-)

 
 harden input in read.c, fixes tickets #27 and #28
 o Allow one char without newline in the last line of an input file.
   Fixes ticket #28.
 o Harden input, mainly against files in which an incomplete object would
   be created and freeing the object would violate memory, i.e, it may
   cause segfault. See, e.g., ticket #27.
 This fixes CVE-2018-16140
34_one_point_spline.patch | (download)

fig2dev/read.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 
 ignore splines with less than 2 points, ticket #29
 o A spline with one point would cause segfault. Fixed, see ticket #29.
35_neg_colornum.patch | (download)

fig2dev/read.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 
 change negative color number to default, ticket #30
36_free_realname.patch | (download)

fig2dev/dev/genemf.c | 11 6 + 5 - 0 !
fig2dev/dev/genps.c | 8 4 + 4 - 0 !
fig2dev/dev/readgif.c | 11 9 + 2 - 0 !
fig2dev/dev/readjpg.c | 1 1 + 0 - 0 !
fig2dev/dev/readpng.c | 8 7 + 1 - 0 !
fig2dev/dev/readxbm.c | 13 6 + 7 - 0 !
fig2dev/read1_3.c | 8 7 + 1 - 0 !
7 files changed, 40 insertions(+), 20 deletions(-)

 
 fix some memory leaks, harden reading files v1.3
 Free realname, returned by open_picfile, in genemf.c, genps.c,
 readgif.c, readjpg.c. Free the pointer to the array of row pointers
 in read_png(). For some types of reading failurs, read_gif() would
 return "success". Do not free the data returned by readxbm.c. On
 reading format 1.3 files, assign ppi, do not accept splines
 consisting of one single point.
37_pgf etex.patch | (download)

fig2dev/tests/output.at | 4 2 + 2 - 0 !
fig2dev/tests/testsuite | 6 3 + 3 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-)

 
 use tikz/pgf with etex instead tex
38_omit_showpage.patch | (download)

fig2dev/dev/readjpg.c | 14 4 + 10 - 0 !
1 file changed, 4 insertions(+), 10 deletions(-)

 
 omit showpage when inserting jpeg into eps output

Translating a fig file that contains a jpeg picture object to pdf would
result in the jpeg to appear on a separate page in the resulting pdf.
Omitting one showpage command fixes this issue.
40_circle_arrowhead.patch | (download)

fig2dev/bound.c | 6 3 + 3 - 0 !
fig2dev/tests/read.at | 23 23 + 0 - 0 !
fig2dev/tests/testsuite | 324 192 + 132 - 0 !
3 files changed, 218 insertions(+), 135 deletions(-)

 
 allow circle arrowheads when mag >= 42, ticket #52
 Circle and half-circle arrowheads would be drawn with 40 + mag/4 points by
 calc_arrow() in bound.c. However, the point arrays passed to calc_arrow()
 would only contain 50 points. With a magnification >= 42, a buffer overrun
 would occur. Simply use 40 points, independent of magnification.
 .
 This fixes CVE-2019-14275
41_CVE 2019 19555.patch | (download)

fig2dev/read.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 allow fig v2 text strings ending with multiple ^a.
 This fixes CVE-2019-19555
42_CVE 2019 19746.patch | (download)

fig2dev/arrow.c | 13 8 + 5 - 0 !
1 file changed, 8 insertions(+), 5 deletions(-)

 
 reject huge arrow types causing integer overflow.
 This fixes CVE-2019-19746
43_fgets2getline.patch | (download)

fig2dev/fig2dev.c | 2 1 + 1 - 0 !
fig2dev/fig2dev.h | 2 1 + 1 - 0 !
fig2dev/read.c | 908 506 + 402 - 0 !
fig2dev/read1_3.c | 8 0 + 8 - 0 !
4 files changed, 508 insertions(+), 412 deletions(-)

 
 replace most calls to fgets() by getline() in read.c
 Also, fig files version 1.4 must begin with `#FIG 1.4`. Previously, a `#` in the
 first line was sufficient to detect at least a version 1.4 fig file.
 Move some variables with file scope into functions.

 This commit fixes tickets #58, #59, #61, #62, #67, #78 and #79.

In fig2dev/lib/, replacements are provided for some library functions used in
 fig2dev, e.g., strncasecmp(), strrchr(), etc. The getline() function was
 introduced more recently than any of the functions provided in fig2dev/lib.
 Nevertheless, for getline() a replacement function is not provided. It seems,
 that all the replacement functions do not work, but nobody noticed. Therefore,
 only provide a replacement function for getline() if that turns out to
 be useful.
 The replacement functions do not work, because a header file providing the
 necessary function declarations is missing.

 This fixes CVE-2019-19797