transfig-3.2.8a-bp153.3.3.2

- Make spec file build with older SLE versions as well
  * This version is used by xfig 3.2.8 and above

- Add upstream commit as patch 6827c09d.patch
  Global buffer overflow in fig2dev/read.c in function read_colordef()
  (boo#1186329, CVE-2021-3561)

- Update to fig2dev version 3.2.8 Patchlevel 8a (Mar 2021)
  o Allow closed splines with three points.
  o Fix build under Darwin.
- Correct hunk offsets of the patch
  o transfig-3.2.8.dif

- Update to fig2dev version 3.2.8 (Patchlevel 8 (Dec 2020)
  o Use deflate to embed image data into eps output, often substantially
    reducing file size.
  o Embed pdf files into ps output by converting the pdf to eps.
  o Allow negative arrow widths. This might be useful for asymmetric arrow
    tips, which can thus be mirrored around the corresponding line.
  Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
  o Reject negative text font sizes. Fixes ticket #86.
  o Allow fig files ending without previous eol character. Fixes #83, #84.
  o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76.
  o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81.
  o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80.
  o Use getline() to improve input scanning.
    Fixes tickets #58, #59, #61, #62, #67, #78, #79, #82.
  o Correctly scan embedded pdfs for /MediaBox value.
  o Convert polygons having too few points to polylines. Ticket #56.
  o Reject huge arrow types causing integer overflow. Ticket #57.
  o Allow Fig v2 text strings ending with multiple ^A. Ticket #55.
  o Embed images in pdfs with their original compression type, i.e., leave
    the gs switch "-dAutoFilterColorImages" at its default value "true".
- This update includes the fixes for
  bsc#1159293 - CVE-2019-19797: transfig,xfig: out-of-bounds write in
    read_colordef in read.c
  bsc#1161698 - CVE-2019-19555: transfig,xfig: stack-based buffer
    overflow because of an incorrect sscanf
  bsc#1159130 - CVE-2019-19746: transfig,xfig: segmentation fault and
    out-of-bounds write because of an integer overflow via
    a large arrow type
  bsc#1189343 - CVE-2020-21680: transfig: A stack-based buffer overflow in the
    put_arrow() component in genpict2e.c
  bsc#1189345 - CVE-2020-21681: transfig: A global buffer overflow in the
    set_color component in genge.c
  bsc#1189325 - CVE-2020-21683: transfig: A global buffer overflow in the
    shade_or_tint_name_after_declare_color in genpstricks.c
  bsc#1189346 - CVE-2020-21682: transfig: A global buffer overflow in the
    set_fill component in genge.c
  and many more
- Port and rename patch transfig-3.2.6.dif which is now transfig-3.2.8.dif
- Remove patches now obsolete
  * 00cded.patch
  * 100e27.patch
  * 2f8d1a.patch
  * 3065eb.patch
  * 3165d8.patch
  * 421afa.patch
  * 4d4e1f.patch
  * 639c36.patch
  * CVE-2019-19555.patch
  * CVE-2019-19746.patch
  * CVE-2019-19797.patch
  * acccc8.patch
  * c379fe.patch
  * ca48cc.patch
  * d6a10d.patch
  * d70e4b.patch
  * e3cee2.patch
  * transfig.3.2.5-binderman.dif
  * transfig.3.2.5d-mediaboxrealnb.dif
- Port patches
  * fig2dev-3.2.6-fig2mpdf.patch
  * fig2dev-3.2.6a-RGBFILE.patch

- Add upstream security patches/commits
  * 100e27.patch
  * 3065eb.patch
  * ca48cc.patch

- Do hardening via compile and linker flags

- Add upstream security patches/commits
  * 00cded.patch
  * 2f8d1a.patch
  * 3165d8.patch
  * 421afa.patch
  * 4d4e1f.patch
  * 639c36.patch
  * acccc8.patch
  * d6a10d.patch
  * d70e4b.patch
  * e3cee2.patch

- Avoid auto(re)config

- Add security patches
  * CVE-2019-19746.patch -- bsc#1159130
  * c379fe.patch ... currently without CVE and bugzilla entry
  * CVE-2019-19797.patch -- bsc#1159293

- Add patch CVE-2019-19555.patch
  * Even if we are not affected add fix for CVE-2019-19555

- Update to fig2dev version 3.2.7 (Patchlevel 7b (Oct 2019)
  o A X color database is not needed, but can be provided. The location of
    the database can be given at compile time, default /etc/X11/rgb.txt.
  Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
  Debian bug numbers refer to https://bugs.debian.org/#.
  o Do not clip objects with line-thickness 0 having arrows. Ticket #53.
  o Do not segfault on circle/half circle arrowheads with a magnification
    larger 42. Always draw circle arrowheads with 40 points. Ticket #52.
  o Allow circles or ellipses with negative radii. Ticket #49.
  o Avoid "dimension too large error" with tikz output by avoiding
    coordinate values smaller than -16383.
  o Make tests (test1.c) work with -fsanitize=address compiler option.
  o Obey join-style of lines in tikz output.
  o Pass utf8-strings to svg output, escape some chars (<>&).
  o Accept inclined boxes and change them to polygons. Fixes ticket #43.
  o Make tests #27 and #33 work on Mac Darwin, failed due to whitespace
    formatting differences. From Hanspeter Niederstrasser. Ticket #40.
  o Use only latex, neither etex or tex, to test tikz output. Usage of
    etex, after hint from Roland Rosenfeld, closed debian bug 920368.
  o For tikz output, do not draw arrows on a single point line.
  o Omit spurious showpage when including jpg-file. From Rainer Buchty.
  o Correct a few memory leaks and corruptions. See commit d1c54f6.
  o Change negative color numbers to default color. Fixes ticket #30.
  o A spline with one point would cause segfault. Fixed, see ticket #29.
  o Allow one char without newline in the last line of an input file.
    Fixes ticket #28.
  o Harden input, mainly against files in which an incomplete object would
    be created and freeing the object would violate memory, i.e, it may
    cause segfault. See, e.g., ticket #27.
  o Properly initalize line storage when reading fig files version 1.3.
    Would segfault when reading incomplete line and trying to free it.
    Fixes ticket #26, debian bug 906743.
  o Silently ignore the hundred-first and more comment lines. This
    fixes ticket #25 and debian bug 906740.
  o Use SetFigFont, not SetFigFontNFSS in pictex output. Fixes
    https://bugs.launchpad.net/ubuntu/+source/transfig/+bug/1359485 .
  o Accept blanks in color names (e.g., fig2dev -L eps -g"Misty Rose"..).
  o Correct typos in man-pages, debian 30_man_typo.patch.
- Remove patches now upstream
  * fig2dev-3.2.6a-man-typo.patch
  * transfig-03ea4578.patch
  * transfig-e0c4b024.patch
  * transfig-fix-of-e0c4b024.patch
- Port patches to new version
  * transfig-3.2.6.dif
  * transfig-fix-afl.patch
  * fig2dev-3.2.6-fig2mpdf.patch
  * fig2dev-3.2.6a-RGBFILE.patch

- Update to fig2dev version 3.2.7a (Patchlevel 7a (April 2018))
  o  Language         previous option         current option
  - -----------------------------------------------------------
    cgm              -b dummy                -a
    epic             -A scale                -d scale
    eepic            -A scale                -d scale
    eepicemu         -A scale                -d scale
    gbx              -i on|off               -v
    ibmgl            -m mag,xoff,yoff        -m mag -x xoff -y yoff
    mp               -I file                 -d file
    ps               -S dummy                -o
  o Print language-specific help text by using fig2dev -L lang -h.
  o Add option -M, multipage, for MetaPost output language.
  o Add option -P, pagemode, and -z to choose a pagesize for pdf output.
  o Add option -W (scaling of figures not possible) for tikz.
  o Add option -b, border width, for LaTeX output language.
  o Add option -f for pstex_t and pdftex_t output language.
  o Add uk_UA and ru_RU encodings for PostScript output. Ticket #12.
  o Fix regression whereupon flipped ellipses were not read. Ticket #23.
  o Distribute i18n files ru_RU.CP1251.ps and uk_UA.KOI8-U.ps.
  o Make test "survive debian bug #890016" succeed on 32 bit systems.
  o Distribute the X bitmaps files within fig2dev, no need to install
    these files. The files were needed for Tk and Perl/Tk output.
  o Add option -w, wrap (create stand-alone perl file) for Perl/Tk output.
  o Update help text: Output help for dxf and textyl output language,
    add description of -g option for Tk/Tcl and Perl/Tk output, allow -f
    option for pstex_t and pdftex_t output language.
  o Sanitize input. Do not segfault on malformed input files. Fixes debian
    bugs 881143, 881144, 881396, 890015, 890016, 882021 and also 882022.
  o Do not put an %%Orientation: comment into PostScript output. Some
    viewers would rotate the resulting file, others not.
  o Fix build on NetBSD, which has a _setmode() function different from
    _setmode() on Windows. Ticket #17. Also, avoid alloca(). Ticket #16.
  o tikz output: Omit the semicolon after \pgftext[..]{...};.
  o Define PostScript patterns with larger tiles, may render better. #13
  o Fix build in case libXpm is missing. Ticket #15.
  o Use netpbm programs instead of ghostscript, to produce smaller files.
  o Correctly embed eps files with binary preview (epsi, typically
    found on Microsoft systems). Also, allow to embed ps-files. Fixes
    debian bug 248807, ticket #8.
  o For compilation, do not depend on PATH_MAX being defined.
- Remove patches now upstream
    fig2dev-3.2.6-genps_oldpatterns.patch
    fig2dev-3.2.6a-input-sanitizing.patch
    fig2dev-3.2.6a-style-overflow.patch
- Modify patches
    fig2dev-3.2.6-fig2mpdf-doc.patch
    fig2dev-3.2.6-fig2mpdf.patch
    fig2dev-3.2.6a-RGBFILE.patch
    transfig-3.2.6.dif
    transfig-fix-afl.patch
    transfig.3.2.5d-mediaboxrealnb.dif

- Change xorg-x11-devel --> pkgconfig(xpm)
- buildrequire default libpng.

- Add patch transfig-03ea4578.patch from upstream commit 03ea4578
  to fix bsc#1143650 with CVE-2019-14275

- Add patch transfig-fix-of-e0c4b024.patch to fix last added upstream
  commit (boo#1136882)

- Add patch transfig-e0c4b024.patch from upstream commit e0c4b024
  to fix bsc#1106531 with CVE-2018-16140

- Added patches
  * fig2dev-3.2.6a-RGBFILE.patch to let rgb.txt be located via
    environment variable FIG2DEV_RGBFILE
  * fig2dev-3.2.6a-man-typo.patch to fix simple typo in manual page
  * fig2dev-3.2.6a-input-sanitizing.patch to do some input
    sanitizing when reading FIG files (bsc#1069257, CVE-2017-16899)
  * fig2dev-3.2.6a-style-overflow.patch

- Fix now failing download source service, that is don't do this

- Update to fig2dev version 3.2.6a (Patchlevel 6a (January 2017))
  NEW FEATURES:
    o Distribute transfig.pdf. No need to build it from the TeX sources.
    o Enable reproducible build for svg output.
    o Set the creator to fig2dev, not to the path by which fig2dev is
    invoked.
  BUGS FIXED:
    Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
    o The svg output now produces correct patterns and pie-wege arcs.
    Property names instead of style attributes are used. Hollow arrow
    heads are really hollow, not filled with white. In the PostScript
    output, this might also clip a bit of the filling underneath an arrow.
    o tikz output: Re-use \dimen \XFigu if it is already defined. Ticket #3.
    o tikz output: A pattern in an object with line width zero and the
    stroke color equal to the fill color would produce a white fill.
    The tikz output now does not try to be smart and puts a pattern, even
    if the result is equal to a solid fill. Ticket #1.
    o pict2e output: Standalone tex-files always include color.sty. #2.
    o pict2e output: A pattern with stroke color equal to fill color is
    rendered as a solid fill.
    o Compiles when gnu iconv and standard iconv are present.

- Update to fig2dev version 3.2.6 (the successor of transfig)
  o Add compile switch --enable-versioning and script update-version_m4,
    to create version string from source control system
  o tikz output: Support -G (grid) option. Make \XFigwidth and \XFigheight
    only scale coordinates, not line widths; Do not set unnecessarily
    \color{black} on text.
  From Roland Rosenfeld <roland@spinnaker.de>
  o Correct comment string in man page fig2ps2tex.1
  o Distribute autotest file lookup_X_color.at - only useful for hacko
  From Brian V. Smith:
  o Changed object defs from O_ to OBJ_ because O_TEXT conflicts
    with system typedef (debian 37_OBJ_typedef.patch)
  o Remove unused charset variables cs and ca from genibmgl.c
    (debian 38_unusedcharset.patch)
  o Build with make CFLAGS="-Werror -Wpedantic -Wformat -Wformat-security'
  o On lines with Round or Projecting cap style and arrowheads, the line
    endpoint stuck out beyond the arrowhead (this was fixed in
    xfig 3.2.5c, but not here until now; debian 41_arrowhead.patch)
  o Changed .ce (center lines) to .RS (right-justify) in fig2ps2tex man
    page file because of issues when generating HTML (From Eric Raymond)
    (debian 36_manpage_ce2RS.patch)
  o Quotes added to output file name for several formats in case there
    are blanks in the name (debian 39_gs_quote.patch)
  o For PDF output, changed -dColorImageFilter from /FlateEncode to
    /DCTEncode for lossy compression (smaller pdf files)
    (debian 40_ColorImageFilter.patch)
  o Update help for PDF options (debian 42_PDF_help.patch)
  From Roland Rosenfeld. Bug numers refer to https://bugs.debian.org/#.
  o Remove bashisms in fig2ps2tex script. Reported from
    Chris Lamb <chris@chris-lamb.co.uk>. Fixes debian bug 480615.
  o Include sys/stat.h in genps.c. Reported from Steven Chamberlain
    <steven@pyro.eu.org>. Debian bug 654767. (28_fix_chmod...patch)
  o Distribute the man page transig.1. (34_transfig.1.patch)
  o Do not report user information in ps files. Debian bug 316382
    (04_displaywho.patch)
  o Set locale to C. Debian bug 45378 (05_locale_patch).
  o Support pdftex in transfig (20_transfig_pdftex.patch). Reported by
    Jindrich Makovicka <makovick@gmail.com>.
  o Fix some typos (22_typos.patch, 35_manpage_typos.patch).
  o Honor environment variable SOURCE_DATE_EPOCH, for reproducible
    builds. Debian bug 819911. From Alexis Bienvenüe <pado@passoire.fr>.
    (33_honour_SOURCE_DATE_EPOCH.patch).
  o Enable fonts >= 42 pt, needs \usepackage{type1cm}. Bug 343139,
    (09_maxfontsize.patch).
  o New pict2e and tikz output language, for use with TeX/LaTeX.
  o Compile with ./configure; make; make install.
    Optionally, use make check; make installcheck.
  o By default, transfig is not built.
  o Swap patterns in PostScript output, were upside down.
  o Silence most compiler warnings.
  o Update man-pages and help text.
  o Accurately position arrowheads, flush with line, in PostScript output.
- Remove transfig.3.2.5d-patches.tar.bz2 but port and add the oldpatterns
  and mpdf patches to 3.2.6:
    fig2dev-3.2.6-fig2mpdf-doc.patch
    fig2dev-3.2.6-fig2mpdf.patch
    fig2dev-3.2.6-genps_oldpatterns.patch
- Patch transfig.3.2.5d.dif becomes transfig-3.2.6.dif
- Modify the patches
    transfig-fix-afl.patch
    transfig.3.2.5-binderman.dif
    transfig.3.2.5d-mediaboxrealnb.dif

- transfig-fix-afl.patch: fixed crashes due to uninitialized memory,
  found by afl.

- Update to transfig version 3.2.5e
  * HTML map output was limited to 100 links.
    Fix by Jan van Dijk
  * Updated for compatibility to PNG 1.5
    From Matthias Scheler
  * Was adding "showpage" command when producing bitmap formats from intermediate EPS.
    This produced "illegal" PNG and JPEG files with extra, blank image.
  * Maximum width of included image in PS/EPS output increased from 8192 to 16384
  * Precision of some PIC objects increased from %.2f to %.3f
  * Double close of output file when ghostscript fails. Original bug report from
    https://bugzilla.redhat.com/728825
- Change out patch sets to fit 3.2.5e

- Add Source URL, see https://en.opensuse.org/SourceUrls

- Use original patches from Debian

- Add xfig.3.2.5b-mediaboxrealnb.dif to fix regarding pdf import,
  reported by Loic Le Guyader compare with Debian bug #530898

- Update to transfig version 3.2.5d
  * made PostScript output DSC 3.0 compliant to work with CUPS
    patch from Ian Dall (see https://bugzilla.redhat.com/558380)
  * Changed STOCK_LAST from 17 to 19 in fig2dev/dev/genemf.c
  * Questionable copy of one data type to another in genemf.c
  * Changed definition of command for short slanted lines in genlatex.c
  * Added check for existance of arrows in SVG line generator
  * Removed %%Page: directive from included JPEG files in PostScript/EPS output
  * bound.c was passing pointers to int instead of double to arc_tangent
  * put_msg function uses proper varargs now
  * Option for debug comments in GBX output is "yes" or "no", not "on" or "off"
  * Added help (-h)  info for GBX output
  * In version 1.4 of the PNG library dither was removed so fig2dev now uses
    quantize when importing PNG images with palettes
  * put_msg was declared twice (fig2dev/dev/genemf.c)
  * Added xlink namespace for images in SVG export
  * SVG output for imported images didn't form href link properly
  * New PSTricks driver from Gene Ressler (see man fig2dev for info)
  * transfig command was hardwired for "tex" for "make all" directive and
    removing files with "make clean" directive in creating Makefile
  * -a option added to PostScript and PICTeX languages to NOT include user's
    login name in output
  * Gerber (RS-247-X for CAD drawings for printed circuits) export language from Edward Gr

- Add missed fonts

- Make it build with latest TeXLive 2012 with new package layout

- Add URL due bnc#676463

- Add compatibility switch for libpng 1.4 or higher

- fixed libpng buildrequires for openSUSE >= 11.3

- Apply latest binderman patch

- Update to transfig version 3.2.5a
  * 22 new arrowhead types
  * HTML map now produces reference to .png file instead of .gif
  * CreationDate in pictex output was either wrong or caused segfault
  * bugs fixed in SVG Driver:
  - blue component of shaded colors was always zero
  - line protruding beyond arrowhead on long arrows
  - wrong position of back arrowhead on double-headed arrows
  - fill patterns either missing or using incorrect linewidth
  - lowercase greek phi did not match its X11 counterpart
    from Martin Kroeker
  * dubious printf(j++,j++) in MP driver
  * missing #includes in MP driver
  * added !defined(__FreeBSD) to fig2dev.h def for sys_nerr and errno
    From Eric Scott
  * added -quiet options to giftopnm and ppmtopcs in reading GIF files
    From Eric Scott
  * Typo in LaTeX driver when generating arc-box. "iut" should be "put"
  * extraneous stroke:black in svg header removed along with stroke color
    for text, since the text fill color does the whole job
  * fig2dev produces more correctly structured PostScript.  Files get printed via
    CUPS on PostScript printers.  When viewing a .ps-file in gv you can go to the
    last page and back and to the last page again without getting PostScript errors.
    From Ronald Lembcke
  * Renamed the macro \SetFigFont to \SetFigFontNFSS if NFSS is #defined to alleviate
    some problems. From Roland Rosenfeld.
  * Grid in metric mode was incorrectly scaled
  * Removes any %EOF or %%EOF from imported EPS pictures before exporting.
    Also doesn't add %EOF when importing JPEG file now.
  * Missing call to get local time before converting to string in genpictex.c

- Yet an other David Binderman bug (bnc#544938)