tags 577014 + patch thanks Dear maintainer,
I've prepared an NMU for abcm2ps (versioned as 5.9.13-0.1) and uploaded it to DELAYED/15, as it introduces a new upstream version. Please note, that I picked 5.9.13 instead of 5.9.12 as reported by Moritz, as 5.9.13 is to "Fix more security vulnerabilities". Best regards, Alexander PS: debscripts nmudiff shows all changes between the versions, however my changes are just to copy your debian directory and adding a changelog entry.
diff -Nru abcm2ps-5.9.7/abc2ps.c abcm2ps-5.9.13/abc2ps.c
--- abcm2ps-5.9.7/abc2ps.c 2009-09-28 10:21:10.000000000 +0200
+++ abcm2ps-5.9.13/abc2ps.c 2010-04-11 12:16:16.000000000 +0200
@@ -1,7 +1,7 @@
/*
* abcm2ps: a program to typeset tunes written in abc format using PostScript
*
- * Copyright (C) 1998-2008 Jean-François Moine
+ * Copyright (C) 1998-2010 Jean-François Moine
*
* Adapted from abc2ps-1.2.5:
* Copyright (C) 1996,1997 Michael Methfessel
@@ -84,9 +84,10 @@
/* memory arena (for clrarena, lvlarena & getarena) */
#define MAXAREAL 2 /* max area levels:
* 0; global, 1: tune */
+#define MAXAREANASZ 8192
static int str_level; /* current arena level */
static struct str_a {
- char str[4096]; /* memory area */
+ char str[MAXAREANASZ]; /* memory area */
char *p; /* pointer in area */
struct str_a *n; /* next area */
int r; /* remaining space in area */
@@ -275,7 +276,10 @@
cfmt.continueall = 1;
lock_fmt(&cfmt.continueall);
break;
- case 'E': epsf = 1; break;
+ case 'E':
+ close_output_file();
+ epsf = 1;
+ break;
case 'f':
cfmt.flatbeams = 1;
lock_fmt(&cfmt.flatbeams);
@@ -465,6 +469,11 @@
}
break;
case 'O':
+ if (strlen(aaa) >= sizeof outfn) {
+ fprintf(stderr,
+ "++++ '-O' too large\n");
+ exit(1);
+ }
strcpy(outfn, aaa);
break;
case 's':
@@ -860,7 +869,13 @@
a_p = str_c[str_level];
len = (len + 7) & ~7; /* align at 64 bits boundary */
- if (a_p->r < len) {
+ if (len > a_p->r) {
+ if (len > MAXAREANASZ) {
+ fprintf(stderr,
+ "++++ getarena - data too wide %d - aborting\n",
+ len);
+ exit(1);
+ }
if (a_p->n == 0) {
a_p->n = malloc(sizeof *str_r[0]);
a_p->n->n = 0;
diff -Nru abcm2ps-5.9.7/buffer.c abcm2ps-5.9.13/buffer.c
--- abcm2ps-5.9.7/buffer.c 2009-09-25 10:37:00.000000000 +0200
+++ abcm2ps-5.9.13/buffer.c 2010-04-05 09:14:14.000000000 +0200
@@ -561,7 +561,7 @@
l = strlen(mbf);
nbuf += l;
- if (nbuf >= BUFFSZ - 500) { /* must have place for 1 more line */
+ if (nbuf >= BUFFSZ - BSIZE) { /* must have room for 1 more line */
error(1, 0, "a2b: buffer full, BUFFSZ=%d", BUFFSZ);
exit(3);
}
@@ -649,14 +649,16 @@
error(1, 0, "Cannot open EPS file '%s'", p);
} else {
fprintf(fout,
- "save %% EPS file '%s'\n"
+ "save\n"
"/showpage{}def/setpagedevice{pop}def\n"
- "%s T\n",
- p, &buf[i]);
+ "%s T\n"
+ "%%%%BeginDocument: %s\n",
+ &buf[i], p);
while (fgets(line, sizeof line, f)) /* copy the file */
fwrite(line, 1, strlen(line), fout);
fclose(f);
- strcpy(line, "restore % end EPS\n");
+ strcpy(line, "%%EndDocument\n"
+ "restore\n");
fwrite(line, 1, strlen(line), fout);
}
}
diff -Nru abcm2ps-5.9.7/Changes abcm2ps-5.9.13/Changes
--- abcm2ps-5.9.7/Changes 2009-11-18 11:28:20.000000000 +0100
+++ abcm2ps-5.9.13/Changes 2010-04-11 12:16:35.000000000 +0200
@@ -1,3 +1,35 @@
+---- Version 5.9.13 - 10/04/11 ----
+
+Fix more security vulnerabilities (thanks to Tim Starling).
+
+---- Version 5.9.12 - 10/04/05 ----
+
+Fix some security vulnerabilities (thanks to Tim Starling).
+Add %%Begin/EndDocument when inserting a EPS file (thanks to Reinier Maliepaard).
+
+---- Version 5.9.11 - 10/02/24 ----
+
+Fix measure bar numbering when %%setbarnb and many voices.
+Fix measure bar numbering when M:none.
+Fix the output of user postscript sequences when many output files.
+Fix a crash when slur ending on a grace note at end of a secundary voice.
+Fix a crash when a tune ends with T:.
+
+---- Version 5.9.10 - 10/02/02 ----
+
+Fix lyrics display when not enough or too many lyrics in a music line alone
+ (the previous fix was not applied).
+
+---- Version 5.9.9 - 10/01/31 ----
+
+Fix bar numbering when incomplete measure at start of tune.
+Fix bar numbering when incomplete measure at end of previous line.
+Fix lyrics display when not enough or too many lyrics in a music line alone.
+
+---- Version 5.9.8 - 10/01/19 ----
+
+Add all whistle types in flute.fmt (thanks to Guido Gonzato).
+
---- Version 5.9.7 - 09/11/18 ----
Add default PS definitions for dble sharp/flat percussion heads.
diff -Nru abcm2ps-5.9.7/config.h abcm2ps-5.9.13/config.h
--- abcm2ps-5.9.7/config.h 2009-11-18 12:11:34.000000000 +0100
+++ abcm2ps-5.9.13/config.h 2010-04-11 12:16:54.000000000 +0200
@@ -16,5 +16,5 @@
/* Define to have ~ as roll instead of twiddle. */
/* #undef DECO_IS_ROLL */
-#define VERSION "5.9.7"
-#define VDATE "November 18, 2009"
+#define VERSION "5.9.13"
+#define VDATE "April 11, 2010"
diff -Nru abcm2ps-5.9.7/configure abcm2ps-5.9.13/configure
--- abcm2ps-5.9.7/configure 2009-11-18 12:11:04.000000000 +0100
+++ abcm2ps-5.9.13/configure 2010-04-11 12:17:16.000000000 +0200
@@ -1702,8 +1702,8 @@
-VERSION=5.9.7
-VDATE='November 18, 2009'
+VERSION=5.9.13
+VDATE='April 11, 2010'
ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
diff -Nru abcm2ps-5.9.7/configure.in abcm2ps-5.9.13/configure.in
--- abcm2ps-5.9.7/configure.in 2009-11-18 12:10:47.000000000 +0100
+++ abcm2ps-5.9.13/configure.in 2010-04-11 12:17:07.000000000 +0200
@@ -1,10 +1,10 @@
dnl Configure source for abcm2ps -*- sh -*-
-dnl Copyright (C) 2001-2009 JF Moine.
+dnl Copyright (C) 2001-2010 JF Moine.
AC_INIT(abc2ps.h)
-VERSION=5.9.7
-VDATE='November 18, 2009'
+VERSION=5.9.13
+VDATE='April 11, 2010'
AC_CANONICAL_SYSTEM
diff -Nru abcm2ps-5.9.7/debian/changelog abcm2ps-5.9.13/debian/changelog
--- abcm2ps-5.9.7/debian/changelog 2009-12-21 12:45:53.000000000 +0100
+++ abcm2ps-5.9.13/debian/changelog 2010-04-23 10:17:30.000000000 +0200
@@ -1,3 +1,11 @@
+abcm2ps (5.9.13-0.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Upload new upstream release to fix "some security vulnerabilities" and
+ "more security vulnerabilities" (Closes: #577014)
+
+ -- Alexander Reichle-Schmehl <[email protected]> Fri, 23 Apr 2010 10:15:13 +0200
+
abcm2ps (5.9.7-1) unstable; urgency=low
* New upstream release
diff -Nru abcm2ps-5.9.7/deco.c abcm2ps-5.9.13/deco.c
--- abcm2ps-5.9.7/deco.c 2009-11-18 10:03:57.000000000 +0100
+++ abcm2ps-5.9.13/deco.c 2010-01-31 08:29:26.000000000 +0100
@@ -1793,46 +1793,16 @@
{
struct SYMBOL *s;
char *showm;
- int bar_time, any_nb, wmeasure;
+ int any_nb, bar_num;
float x, y, w;
showm = cfmt.measurebox ? "showb" : "show";
any_nb = 0;
- /* get the current bar number */
-/*fixme: what to do if no symbol in the 1st voice?*/
- if ((s = voice_tb[cursys->top_voice].sym) == 0
- || (s = s->next) == 0)
- return;
- for ( ; s->next != 0; s = s->next) {
- switch (s->type) {
- case TIMESIG:
- case CLEF:
- case KEYSIG:
- case FMTCHG:
- case STBRK:
- continue;
- case BAR:
- if (s->u != 0)
- nbar = s->u; /* (%%setbarnb) */
- else if (s->as.u.bar.repeat_bar
- && s->as.text != 0
- && cfmt.contbarnb == 0) {
- if (s->as.text[0] == '1')
- nbar_rep = nbar;
- else nbar = nbar_rep; /* restart bar numbering */
- }
- break;
- default:
- break;
- }
- break;
- }
- if (nbar > 1) {
- if (s->prev->type != CLEF)
- s = s->prev;
+ s = tsfirst; /* clef */
+ bar_num = nbar;
+ if (bar_num > 1) {
if (cfmt.measurenb == 0) {
- s = s->prev; /* clef */
set_font(MEASUREFONT);
any_nb = 1;
x = 0;
@@ -1842,15 +1812,28 @@
y = staff_tb[0].topbar + 14;
PUT0("0 ");
puty(y);
- PUT2("y0 M(%d)%s",nbar, showm);
+ PUT2("y0 M(%d)%s",bar_num, showm);
y_set(s, 1, x, w, y + cfmt.font_tb[MEASUREFONT].size + 2);
- } else if (nbar % cfmt.measurenb == 0) {
+ } else if (bar_num % cfmt.measurenb == 0) {
+ for ( ; ; s = s->ts_next) {
+ switch (s->type) {
+ case TIMESIG:
+ case CLEF:
+ case KEYSIG:
+ case FMTCHG:
+ case STBRK:
+ continue;
+ }
+ break;
+ }
+ if (s->prev->type != CLEF)
+ s = s->prev;
x = s->x - s->wl;
set_font(MEASUREFONT);
any_nb = 1;
w = cwid('0') * cfmt.font_tb[MEASUREFONT].size;
- if (nbar >= 10) {
- if (nbar >= 100)
+ if (bar_num >= 10) {
+ if (bar_num >= 100)
w *= 3;
else w *= 2;
}
@@ -1861,58 +1844,29 @@
y = staff_tb[0].topbar + 6;
y += 2;
putxy(x, y);
- PUT2("y0 M(%d)%s", nbar, showm);
+ PUT2("y0 M(%d)%s", bar_num, showm);
y += cfmt.font_tb[MEASUREFONT].size;
y_set(s, 1, x, w, y);
s->ymx = y;
}
}
-/*fixme: KO when no bar at the end of the previous line */
- wmeasure = voice_tb[cursys->top_voice].meter.wmeasure;
- bar_time = voice_tb[cursys->top_voice].sym->time + wmeasure;
- for (s = voice_tb[cursys->top_voice].sym->next; s != 0; s = s->next) {
- switch (s->type) {
- case TIMESIG:
- wmeasure = s->as.u.meter.wmeasure;
- bar_time = s->time + wmeasure;
- continue;
- case MREST:
- nbar += s->as.u.bar.len - 1;
- continue;
- default:
- continue;
- case BAR:
- break;
- }
- if (s->u != 0)
- nbar = s->u; /* (%%setbarnb) */
- if (s->time < bar_time) /* incomplete measure */
- continue;
- if (s->u == 0) {
- nbar++;
- if (s->as.u.bar.repeat_bar
- && s->as.text != 0
- && cfmt.contbarnb == 0) {
- if (s->as.text[0] == '1')
- nbar_rep = nbar;
- else nbar = nbar_rep; /* restart bar numbering */
- }
- }
- bar_time = s->time + wmeasure;
- if (s->as.u.bar.repeat_bar
- || s->next == 0
- || cfmt.measurenb == 0
- || (nbar % cfmt.measurenb) != 0
- || nbar <= 1)
+ for ( ; s != 0; s = s->ts_next) {
+ if (s->type != BAR
+ || s->u == 0)
+ continue;
+ bar_num = s->u;
+ if (cfmt.measurenb == 0
+ || (bar_num % cfmt.measurenb) != 0
+ || s->next == 0)
continue;
if (!any_nb) {
any_nb = 1;
set_font(MEASUREFONT);
}
w = cwid('0') * cfmt.font_tb[MEASUREFONT].size;
- if (nbar >= 10) {
- if (nbar >= 100)
+ if (bar_num >= 10) {
+ if (bar_num >= 100)
w *= 3;
else w *= 2;
}
@@ -1934,13 +1888,14 @@
y += 2;
PUT0(" ");
putxy(x, y);
- PUT2("y0 M(%d)%s",nbar, showm);
+ PUT2("y0 M(%d)%s",bar_num, showm);
y += cfmt.font_tb[MEASUREFONT].size;
y_set(s, 1, x, w, y);
s->ymx = y;
}
if (any_nb)
PUT0("\n");
+ nbar = bar_num;
}
/* -- get the beat from a time signature -- */
diff -Nru abcm2ps-5.9.7/draw.c abcm2ps-5.9.13/draw.c
--- abcm2ps-5.9.7/draw.c 2009-09-30 09:50:52.000000000 +0200
+++ abcm2ps-5.9.13/draw.c 2010-02-20 10:59:28.000000000 +0100
@@ -2163,7 +2163,8 @@
for (s1 = s; s1->next != 0; s1 = s1->next)
;
s1->next = gr1->next;
- gr1->next->prev = s1;
+ if (gr1->next != 0)
+ gr1->next->prev = s1;
gr1->as.u.note.slur_st = SL_AUTO;
}
if (gr2 != 0) {
@@ -2227,7 +2228,8 @@
}
/* if slur in grace note sequence, restore the linkages */
- if (gr1 != 0) {
+ if (gr1 != 0
+ && gr1->next != 0) {
gr1->next->prev->next = 0;
gr1->next->prev = gr1;
}
diff -Nru abcm2ps-5.9.7/flute.fmt abcm2ps-5.9.13/flute.fmt
--- abcm2ps-5.9.7/flute.fmt 2008-02-09 11:56:36.000000000 +0100
+++ abcm2ps-5.9.13/flute.fmt 2010-01-10 11:35:25.000000000 +0100
@@ -120,6 +120,13 @@
pop grestore
}!
endps
-tablature #1 pitch=C 28 0 63 tw_head tw_note
-tablature #2 pitch=Bb, 54 0 63 tw_head tw_note
-tablature #3 pitch=C 10 0 56 gbl_tete gbl_note
+% all tin whistle transpositions
+tablature #1 pitch=D 28 0 63 tw_head tw_note
+tablature #2 pitch=C 28 0 63 tw_head tw_note
+tablature #3 pitch=Eb 28 0 63 tw_head tw_note
+tablature #4 pitch=Bb, 54 0 63 tw_head tw_note
+tablature #5 pitch=F, 54 0 63 tw_head tw_note
+tablature #6 pitch=G, 54 0 63 tw_head tw_note
+tablature #7 pitch=A, 54 0 63 tw_head tw_note
+% galoubet
+tablature #8 pitch=C 10 0 56 gbl_tete gbl_note
diff -Nru abcm2ps-5.9.7/Makefile abcm2ps-5.9.13/Makefile
--- abcm2ps-5.9.7/Makefile 2009-10-02 10:41:15.000000000 +0200
+++ abcm2ps-5.9.13/Makefile 2010-04-09 12:52:43.000000000 +0200
@@ -1,6 +1,6 @@
# Makefile source for abcm2ps
-VERSION = 5.9.7
+VERSION = 5.9.13
CC = gcc
INSTALL = /usr/bin//install -c
diff -Nru abcm2ps-5.9.7/music.c abcm2ps-5.9.13/music.c
--- abcm2ps-5.9.7/music.c 2009-11-18 11:37:35.000000000 +0100
+++ abcm2ps-5.9.13/music.c 2010-02-24 09:35:57.000000000 +0100
@@ -2024,6 +2024,86 @@
return s;
}
+/* -- set the bar numbers -- */
+static void set_bar_num(void)
+{
+ struct SYMBOL *s;
+ int bar_time, wmeasure;
+ int bar_num;
+
+ wmeasure = voice_tb[cursys->top_voice].meter.wmeasure;
+ if (wmeasure == 0) /* if M:none */
+ wmeasure = 1;
+
+ /* don't count a bar at start of line */
+ for (s = tsfirst; ; s = s->ts_next) {
+ if (s == 0)
+ return;
+ switch (s->type) {
+ case TIMESIG:
+ case CLEF:
+ case KEYSIG:
+ case FMTCHG:
+ case STBRK:
+ continue;
+ case BAR:
+ if (s->u != 0) {
+ nbar = s->u; /* (%%setbarnb) */
+ break;
+ }
+ if (s->as.u.bar.repeat_bar
+ && s->as.text != 0
+ && cfmt.contbarnb == 0) {
+ if (s->as.text[0] == '1')
+ nbar_rep = nbar;
+ else {
+ nbar = nbar_rep; /* restart bar numbering */
+ s->u = nbar;
+ }
+ }
+ break;
+ }
+ break;
+ }
+
+ /* set the measure number on the top bars */
+ bar_time = s->time + 1; /* for incomplete measure at start of tune */
+ bar_num = nbar;
+ for ( ; s != 0; s = s->ts_next) {
+ switch (s->type) {
+ case TIMESIG:
+ wmeasure = s->as.u.meter.wmeasure;
+ bar_time = s->time + wmeasure;
+ break;
+ case MREST:
+ bar_num += s->as.u.bar.len - 1;
+ break;
+ case BAR:
+ if (s->u != 0) {
+ bar_num = s->u; /* (%%setbarnb) */
+ s->u = 0;
+ if (s->time < bar_time)
+ break;
+ } else {
+ if (s->time < bar_time) /* incomplete measure */
+ break;
+ bar_num++;
+ }
+ if (s->as.u.bar.repeat_bar
+ && s->as.text != 0
+ && cfmt.contbarnb == 0) {
+ if (s->as.text[0] == '1')
+ nbar_rep = bar_num;
+ else /* restart bar numbering */
+ bar_num = nbar_rep;
+ }
+ s->u = bar_num;
+ bar_time = s->time + wmeasure;
+ break;
+ }
+ }
+}
+
/* -- cut the tune into music lines -- */
static void cut_tune(float lwidth, float indent)
{
@@ -4151,6 +4231,7 @@
lwidth = 20 CM;
}
indent = set_indent();
+ set_bar_num();
cut_tune(lwidth, indent);
alfa_last = 0.1;
beta_last = 0;
diff -Nru abcm2ps-5.9.7/options.txt abcm2ps-5.9.13/options.txt
--- abcm2ps-5.9.7/options.txt 2008-02-07 08:53:44.000000000 +0100
+++ abcm2ps-5.9.13/options.txt 2010-01-10 11:35:29.000000000 +0100
@@ -141,6 +141,7 @@
-T<int>[<voice>], +T[<int>[<voice>]]
Activate or deactivate tablature drawing.
<int> is the tablature number as defined in %%tablature.
+ There may be only 8 different tablatures.
<voice> is the voice name, full name or subname as found in V:.
When absent, apply to all voices.
Up to 4 such commands may be defined.
diff -Nru abcm2ps-5.9.7/parse.c abcm2ps-5.9.13/parse.c
--- abcm2ps-5.9.7/parse.c 2009-11-18 10:57:37.000000000 +0100
+++ abcm2ps-5.9.13/parse.c 2010-02-02 19:45:51.000000000 +0100
@@ -743,6 +743,7 @@
lyric_cont = 0;
ln = lyric_nb - 1;
}
+ curvoice->have_ly = 1;
/* scan the lyric line */
while (*p != '\0') {
@@ -876,7 +877,6 @@
s = s->next;
if (s != 0)
return "Not enough words for lyric line";
- curvoice->have_ly = 1;
return 0;
}
diff -Nru abcm2ps-5.9.7/subs.c abcm2ps-5.9.13/subs.c
--- abcm2ps-5.9.7/subs.c 2008-09-22 09:41:51.000000000 +0200
+++ abcm2ps-5.9.13/subs.c 2010-04-05 08:54:52.000000000 +0200
@@ -912,8 +912,7 @@
static char *trim_title(char *p, int first)
{
char *b, *q;
- int l;
-static char buf[256];
+static char buf[STRL1];
q = 0;
if (cfmt.titletrim) {
@@ -925,20 +924,29 @@
}
}
if (q == 0 && !cfmt.titlecaps && !(first && cfmt.withxrefs))
- return p; /* keep the title as it is */
+ return p; /* keep the title as it is */
b = buf;
- if (first && cfmt.withxrefs)
- b += sprintf(b, "%s. ", &info['X' - 'A']->as.text[2]);
+ if (first && cfmt.withxrefs) {
+ char *r;
+
+ r = &info['X' - 'A']->as.text[2];
+ if (strlen(p) + strlen(r) + 3 >= STRL1) {
+ error(1, 0, "Title or X: too long");
+ return p;
+ }
+ b += sprintf(b, "%s. ", r);
+ } else {
+ if (strlen(p) >= STRL1) {
+ error(1, 0, "Title too long");
+ return p;
+ }
+ }
if (q != 0) {
strcpy(b, q + 2);
b += strlen(q + 2);
*b++ = ' ';
- l = q - p;
- if (l > buf + sizeof buf - b - 1)
- l = buf + sizeof buf - b - 1;
- } else l = buf + sizeof buf - b - 1;
- strncpy(b, p, l);
- b[l] = '\0';
+ }
+ strcpy(b, p);
if (cfmt.titlecaps)
cap_str(buf);
return buf;
@@ -1300,12 +1308,9 @@
/* -- output the user defined postscript sequences -- */
void user_ps_write(void)
{
- struct u_ps *t, *r;
+ struct u_ps *t;
- if ((t = user_ps) == 0)
- return;
- user_ps = 0;
- for (;;) {
+ for (t = user_ps; t != 0; t = t->next) {
if (t->text[0] == '\001') { /* PS file */
FILE *f;
char line[BSIZE];
@@ -1318,10 +1323,8 @@
fwrite(line, 1, strlen(line), fout);
fclose(f);
}
- } else fprintf(fout, "%s\n", t->text);
- r = t->next;
- free(t);
- if ((t = r) == 0)
- break;
+ } else {
+ fprintf(fout, "%s\n", t->text);
+ }
}
}
signature.asc
Description: Digital signature
