From 28e3cae483396a425496b0542eae7aa8a78d9905 Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens04@gmail.com>
Date: Wed, 4 Dec 2019 13:41:09 -0600
Subject: [PATCH] fig2dev: add CVE-2019-19555 patch

Signed-off-by: Nathan Owens <ndowens04@gmail.com>
---
 srcpkgs/fig2dev/patches/CVE-2019-19555.patch | 42 ++++++++++++++++++++
 srcpkgs/fig2dev/template                     |  6 +--
 2 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/fig2dev/patches/CVE-2019-19555.patch

diff --git a/srcpkgs/fig2dev/patches/CVE-2019-19555.patch b/srcpkgs/fig2dev/patches/CVE-2019-19555.patch
new file mode 100644
index 0000000000..74406916d8
--- /dev/null
+++ b/srcpkgs/fig2dev/patches/CVE-2019-19555.patch
@@ -0,0 +1,42 @@
+-- fig2dev/read.c
++++fig2dev/read.c
+@@ -3,7 +3,7 @@
+  * Copyright (c) 1991 by Micah Beck
+  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+  * Parts Copyright (c) 1989-2015 by Brian V. Smith
+- * Parts Copyright (c) 2015-2018 by Thomas Loimer
++ * Parts Copyright (c) 2015-2019 by Thomas Loimer
+  *
+  * Any party obtaining a copy of these files is granted, free of charge, a
+  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -1328,7 +1328,7 @@
+   If we do not find the CONTROL-A on this line then this must
+   be a multi-line text object and we will have to read more. */
+ 
+-     n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%[\1]",
++     n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]",
+   &t->type, &t->font, &t->size, &t->pen,
+   &t->color, &t->depth, &t->angle,
+   &t->flags, &t->height, &t->length,
+--- fig2dev/tests/read.at
++++ fig2dev/tests/read.at
+@@ -359,6 +359,17 @@
+ ], 0, ignore)
+ AT_CLEANUP
+ 
++AT_SETUP([allow text ending with multiple ^A, ticket #55])
++AT_KEYWORDS([read.c])
++AT_CHECK([fig2dev -L box <<EOF
++#FIG 2
++1200 2
++4 2 0 0 1 0 0 390 306 110 376 639 5 Text
++EOF
++], 1, ignore, [Invalid text object at line 2.
++])
++AT_CLEANUP
++
+ AT_BANNER([Dynamically allocate picture file name.])
+ 
+ AT_SETUP([prepend fig file path to picture file name])
+
+
diff --git a/srcpkgs/fig2dev/template b/srcpkgs/fig2dev/template
index 87d56a2752..2ae0123d50 100644
--- a/srcpkgs/fig2dev/template
+++ b/srcpkgs/fig2dev/template
@@ -1,18 +1,18 @@
 # Template file for 'fig2dev'
 pkgname=fig2dev
 version=3.2.7b
-revision=1
+revision=2
 build_style=gnu-configure
 configure_args="--enable-transfig"
 hostmakedepends="ghostscript"
 makedepends="libpng-devel libXpm-devel"
-replaces="transfig>=0"
 short_desc="Export .xfig to various output formats"
 maintainer="Leah Neukirchen <leah@vuxu.org>"
-license="MIT-like"
+license="custom:MIT-like"
 homepage="http://www.xfig.org/"
 distfiles="${SOURCEFORGE_SITE}/mcj/${pkgname}-${version}.tar.xz"
 checksum=47dc1b4420a1bc503b3771993e19cdaf75120d38be6548709f7d84f7b07d68b2
+replaces="transfig>=0"
 
 post_install() {
 	sed '/^$/q' <fig2dev/fig2dev.c >LICENSE