13 changed files with 64 additions and 429 deletions
--- a/CVE-2021-32280.patch
+++ b/CVE-2021-32280.patch
@ -0,0 +1,19 @@
 diff --git a/fig2dev/trans_spline.c b/fig2dev/trans_spline.c
 index b6fb413..f9b6c18 100644
 --- a/fig2dev/trans_spline.c
 +++ b/fig2dev/trans_spline.c
@@ -228,6 +228,11 @@ compute_closed_spline(F_spline *spline, float precision)
   if (!init_point_array(300, 200))
       return NULL;
 +  if (!(spline->points /* p0 */ && spline->controls /* s0 */ &&
 +       spline->points->next /* p1 */ && spline->controls->next /* s1 */ &&
 +       spline->points->next->next && spline->controls->next->next/* p2, s2 */&&
 +       spline->points->next->next->next && spline->controls->next->next->next))
 +      return NULL;
   INIT_CONTROL_POINTS(spline, p0, s0, p1, s1, p2, s2, p3, s3);
   COPY_CONTROL_POINT(first, s_first, p0, s0);
 -- 
 2.27.0
--- a/CVE-2025-31162.patch
+++ b/CVE-2025-31162.patch
@ -1,21 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/185/
 https://sourceforge.net/p/mcj/fig2dev/ci/da8992f44b84a337b4edaa67fc8b36b55eaef696/
 --- a/fig2dev/object.h
 +++ b/fig2dev/object.h
@@ -57,12 +57,13 @@
 	struct f_comment	*next;
 } F_comment;
 +#define	STYLE_VAL_MAX	6400.0	/* dash length 80 inches, that is enough */
 #define COMMON_PROPERTIES(o)						\
 	o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE ||		\
 	o->thickness < 0 || o->depth < 0 || o->depth > 999 ||		\
 	o->fill_style < UNFILLED ||					\
 	o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS ||		\
 -	o->style_val < 0.0
 +	o->style_val < 0.0 || o->style_val > STYLE_VAL_MAX
 typedef struct f_ellipse {
 	int			type;
--- a/CVE-2025-31163.patch
+++ b/CVE-2025-31163.patch
@ -1,86 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/186/
 https://sourceforge.net/p/mcj/fig2dev/ci/c8a87d22036e62bac0c6f7836078d8103caa6457/
 --- a/fig2dev/object.h
 +++ b/fig2dev/object.h
@@ -3,7 +3,7 @@
  * Copyright (c) 1991 by Micah Beck
  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
  * Parts Copyright (c) 1989-2015 by Brian V. Smith
 - * Parts Copyright (c) 2015-2023 by Thomas Loimer
 + * Parts Copyright (c) 2015-2025 by Thomas Loimer
  *
  * Any party obtaining a copy of these files is granted, free of charge, a
  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -91,10 +91,10 @@ typedef struct f_ellipse {
 	struct f_ellipse	*next;
 } F_ellipse;
 -#define INVALID_ELLIPSE(e)	\
 +#define INVALID_ELLIPSE(e)						\
 	e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA ||	\
 -	COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \
 -	e->radiuses.x == 0 || e->radiuses.y == 0 || \
 +	COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) ||  \
 +	e->radiuses.x == 0 || e->radiuses.y == 0 ||			\
 	e->angle < -7. || e->angle > 7.
 typedef struct f_arc {
@@ -121,12 +121,16 @@ typedef struct f_arc {
 	struct f_arc		*next;
 } F_arc;
 -#define INVALID_ARC(a)	\
 +#define COINCIDENT(a, b)	(a.x == b.x && a.y == b.y)
 +#define INVALID_ARC(a)							\
 	a->type < T_OPEN_ARC || a->type > T_PIE_WEDGE_ARC ||		\
 	COMMON_PROPERTIES(a) || a->cap_style < 0 || a->cap_style > 2 ||	\
 	a->center.x < COORD_MIN || a->center.x > COORD_MAX ||		\
 	a->center.y < COORD_MIN || a->center.y > COORD_MAX ||		\
 -	(a->direction != 0 && a->direction != 1)
 +	(a->direction != 0 && a->direction != 1) ||			\
 +	COINCIDENT(a->point[0], a->point[1]) ||				\
 +	COINCIDENT(a->point[0], a->point[2]) ||				\
 +	COINCIDENT(a->point[1], a->point[2])
 typedef struct f_line {
 	int			type;
 --- a/fig2dev/tests/read.at
 +++ b/fig2dev/tests/read.at
@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to various Devices
 dnl Copyright (c) 1991 by Micah Beck
 dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
 dnl Parts Copyright (c) 1989-2015 by Brian V. Smith
 -dnl Parts Copyright (c) 2015-2023 by Thomas Loimer
 +dnl Parts Copyright (c) 2015-2025 by Thomas Loimer
 dnl
 dnl Any party obtaining a copy of these files is granted, free of charge, a
 dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -14,7 +14,7 @@ dnl party to do so, with the only requirement being that the above copyright
 dnl and this permission notice remain intact.
 dnl read.at
 -dnl Author: Thomas Loimer, 2017-2020
 +dnl Author: Thomas Loimer, 2017-2025
 AT_BANNER([Sanitize and harden input.])
@@ -237,6 +237,16 @@ EOF
 ])
 AT_CLEANUP
 +AT_SETUP([reject arcs with coincident points, ticket #186])
 +AT_KEYWORDS(read.c arc)
 +AT_CHECK([fig2dev -L pict2e <<EOF
 +FIG_FILE_TOP
 +5 1 0 15 0 7 50 0 -1 0.0 1 0 0 0 0.0 0.0 1 1 1 1 2 0
 +EOF
 +], 1, ignore, [Invalid arc object at line 10.
 +])
 +AT_CLEANUP
 +
 AT_SETUP([survive debian bugs #881143, #881144])
 AT_KEYWORDS([font pic tikz])
 AT_CHECK([fig2dev -L pic <<EOF
--- a/CVE-2025-31164.patch
+++ b/CVE-2025-31164.patch
@ -1,41 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/184/
 https://sourceforge.net/p/mcj/fig2dev/ci/ff9aba206a30288f456dfc91584a52ba9927b438/
 --- a/fig2dev/read.c
 +++ b/fig2dev/read.c
@@ -1058,6 +1058,14 @@
 							line_no);
 					return -1;
 				}
 +				if (l->type == T_ARC_BOX && l->radius == 0) {
 +					put_msg("A %s, but zero corner radius "
 +							"at line %d - convert "
 +							"to a rectangle.",
 +							obj_name[l->type - 2],
 +							line_no);
 +					l->type = T_BOX;
 +				}
 			}
 		} else { /* T_BOX || T_POLYGON */
 --- a/fig2dev/tests/read.at
 +++ b/fig2dev/tests/read.at
@@ -123,6 +123,17 @@
 ])
 AT_CLEANUP
 +AT_SETUP([convert an arc-box with zero radius to a box])
 +AT_KEYWORDS(read.c arc-box)
 +AT_CHECK([fig2dev -L pict2e <<EOF
 +FIG_FILE_TOP
 +2 4 1 1 0 0 50 -1 -1 4.0 0 0 0 0 0 5
 +	0 0 300 0 300 300 0 300 0 0
 +EOF
 +],0,ignore,[A rectangle with rounded corners, but zero corner radius at line 11 - convert to a rectangle.
 +])
 +AT_CLEANUP
 +
 AT_SETUP([fail on a malformed arc-box])
 AT_KEYWORDS(read.c malformed arc-box)
 AT_CHECK([fig2dev -L pict2e <<EOF
--- a/CVE-2025-46397.patch
+++ b/CVE-2025-46397.patch
@ -1,49 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/192/
 https://sourceforge.net/p/mcj/fig2dev/ci/dfa8b661b506a463a669754ed635b0a8eb67580e/
 --- a/fig2dev/read.c	2025-04-29 13:52:18.589400762 +0800
 +++ b/fig2dev/read.c	2025-04-29 13:55:48.807400762 +0800
@@ -1539,9 +1539,11 @@
 			free_splinestorage(s);
 			return NULL;
 		}
 -		if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN ||
 -				ly > INT_MAX || rx < INT_MIN || rx > INT_MAX ||
 -				ry < INT_MIN || ry > INT_MAX) {
 +		if (		!isfinite(lx) || lx < INT_MIN || lx > INT_MAX ||
 +				!isfinite(ly) || ly < INT_MIN || ly > INT_MAX ||
 +				!isfinite(rx) || rx < INT_MIN || rx > INT_MAX ||
 +				!isfinite(ry) || ry < INT_MIN || ry > INT_MAX)
 +		{
 			/* do not care to clean up, we exit anyway
 			   cp->next = NULL;
 			   free_splinestorage(s);	*/
 --- a/fig2dev/tests/read.at     2025-04-29 14:02:20.618400762 +0800
 +++ b/fig2dev/tests/read.at     2025-04-29 14:03:13.226400762 +0800
@@ -595,6 +595,25 @@
 ])
 AT_CLEANUP
 +AT_SETUP([reject nan in spline controls values, #192])
 +AT_KEYWORDS([read.c])
 +# Use an output language that does not natively support Bezier splines.
 +# Otherwise, the huge values are simply copied to the output.
 +AT_CHECK([fig2dev -L epic <<EOF
 +#FIG 3.1
 +Landscape
 +Center
 +Metric
 +1200 2
 +3 2 0 1 0 7 50 -1 -1 0.0 0 0 0 2
 +        0 0 1200 0
 +        600 600 600 nan
 +        600 600 600 600
 +EOF
 +], 1, ignore, [Spline control points out of range at line 8.
 +])
 +AT_CLEANUP
 +
 AT_BANNER([Dynamically allocate picture file name.])
 AT_SETUP([prepend fig file path to picture file name])
--- a/CVE-2025-46398.patch
+++ b/CVE-2025-46398.patch
@ -1,25 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/191/
 https://sourceforge.net/p/mcj/fig2dev/ci/5f22009dba73922e98d49c0096cece8b215cd45b/
 --- a/fig2dev/read.c
 +++ b/fig2dev/read.c
@@ -190,7 +190,8 @@
 	}
 	/* check for embedded '\0' */
 -	if (strlen(buf) < sizeof buf - 1 && buf[strlen(buf) - 1] != '\n') {
 +	if (*buf == '\0' || (strlen(buf) < sizeof buf - 1 &&
 +			buf[strlen(buf) - 1] != '\n')) {
 		put_msg("ASCII NUL ('\\0') character within the first line.");
 		exit(EXIT_FAILURE);
 	/* seek to the end of the first line
@@ -239,7 +240,7 @@
 		   the encoding given in the file */
 		if (!input_encoding && !strcmp(buf, "encoding: UTF-8\n")) {
 			input_encoding = "UTF-8";
 -		} else if (buf[strlen(buf) - 1] != '\n') {
 +		} else if (*buf == '\0' || buf[strlen(buf) - 1] != '\n') {
 			/* seek forward to the end of the line;
 			   comments here are not mentioned by the
 			   specification, thus ignore this comment */
--- a/CVE-2025-46399.patch
+++ b/CVE-2025-46399.patch
@ -1,23 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/190/
 https://sourceforge.net/p/mcj/fig2dev/ci/2bd6c0b210916d0d3ca81f304535b5af0849aa93/
 --- a/fig2dev/dev/genge.c	2025-04-29 14:04:55.185400762 +0800
 +++ b/fig2dev/dev/genge.c	2025-04-29 14:06:40.765400762 +0800
@@ -229,8 +229,6 @@
 	int		 xmin, ymin;
 	a = s->controls;
 -
 -	a = s->controls;
 	p = s->points;
 	/* go through the points to find the last two */
 	for (q = p->next; q != NULL; p = q, q = q->next) {
@@ -238,6 +236,7 @@
 	    a = b;
 	}
 +	a = s->controls;
 	p = s->points;
 	fprintf(tfp, "n %d %d m\n", p->x, p->y);
 	xmin = 999999;
--- a/CVE-2025-46400-1.patch
+++ b/CVE-2025-46400-1.patch
@ -1,48 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/187/
 https://sourceforge.net/p/mcj/fig2dev/ci/1e5515a1ea2ec8651cf85ab5000d026bb962492a/
 --- a/fig2dev/dev/genpict2e.c
 +++ b/fig2dev/dev/genpict2e.c
@@ -3,7 +3,7 @@
  * Copyright (c) 1991 by Micah Beck
  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
  * Parts Copyright (c) 1989-2015 by Brian V. Smith
 - * Parts Copyright (c) 2015-2023 by Thomas Loimer
 + * Parts Copyright (c) 2015-2025 by Thomas Loimer
  *
  * Any party obtaining a copy of these files is granted, free of charge, a
  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -19,7 +19,7 @@
 /*
  * genpict2e.c: convert fig to pict2e macro language for LaTeX
  *
 - * Author: Thomas Loimer, 2014-2023
 + * Author: Thomas Loimer, 2014-2025
  * Based on the latex picture driver, genlatex.c
  *
  */
@@ -2277,8 +2277,13 @@
 	l->join_style = MITERJOIN;
 	p = l->points;
 -	if (p == NULL)
 +	for (i = 0; i < 8 && p != NULL; ++i)
 +		p = p->next;
 +	/* If the radius is about 1, the spline may consist of
 +	   a few points only. */
 +	if (i < 7)
 		return;
 +	p = l->points;
 	/*
 	 * Walk along the spline, until the arc angle is covered.
@@ -2428,7 +2433,7 @@
 	rad = 0.5*(sqrt((double)d1x*d1x + (double)d1y*d1y)
 			+ sqrt((double)d2x*d2x + (double)d2y*d2y));
 	rad = round(rad*10.0) / 10.0;
 -	/* how precise must the angle be given? 
 +	/* how precise must the angle be given?
 	   1/rad is the view angle of one pixel */
 	da = 180.0 / M_PI / rad;
 	preca = 0;
--- a/CVE-2025-46400-2.patch
+++ b/CVE-2025-46400-2.patch
@ -1,110 +0,0 @@
 Origin:
 https://sourceforge.net/p/mcj/tickets/187/
 https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
 --- a/fig2dev/dev/genpict2e.c
 +++ b/fig2dev/dev/genpict2e.c
@@ -3,7 +3,7 @@
  * Copyright (c) 1991 by Micah Beck
  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
  * Parts Copyright (c) 1989-2015 by Brian V. Smith
 - * Parts Copyright (c) 2015-2025 by Thomas Loimer
 + * Parts Copyright (c) 2015-2023 by Thomas Loimer
  *
  * Any party obtaining a copy of these files is granted, free of charge, a
  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -19,7 +19,7 @@
 /*
  * genpict2e.c: convert fig to pict2e macro language for LaTeX
  *
 - * Author: Thomas Loimer, 2014-2025
 + * Author: Thomas Loimer, 2014-2023
  * Based on the latex picture driver, genlatex.c
  *
  */
@@ -2277,13 +2277,8 @@
 	l->join_style = MITERJOIN;
 	p = l->points;
 -	for (i = 0; i < 8 && p != NULL; ++i)
 -		p = p->next;
 -	/* If the radius is about 1, the spline may consist of
 -	   a few points only. */
 -	if (i < 7)
 +	if (p == NULL)
 		return;
 -	p = l->points;
 	/*
 	 * Walk along the spline, until the arc angle is covered.
@@ -2433,7 +2428,7 @@
 	rad = 0.5*(sqrt((double)d1x*d1x + (double)d1y*d1y)
 			+ sqrt((double)d2x*d2x + (double)d2y*d2y));
 	rad = round(rad*10.0) / 10.0;
 -	/* how precise must the angle be given?
 +	/* how precise must the angle be given? 
 	   1/rad is the view angle of one pixel */
 	da = 180.0 / M_PI / rad;
 	preca = 0;
 --- a/fig2dev/object.h
 +++ b/fig2dev/object.h
@@ -92,11 +92,14 @@
 	struct f_ellipse	*next;
 } F_ellipse;
 +#define RADIUS2_MIN	9
 #define INVALID_ELLIPSE(e)						\
 	e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA ||	\
 	COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) ||  \
 	e->radiuses.x == 0 || e->radiuses.y == 0 ||			\
 +	e->radiuses.x + e->radiuses.y < RADIUS2_MIN ||			\
 	e->angle < -7. || e->angle > 7.
 +	/* radiuses are set to positive in read.c */
 typedef struct f_arc {
 	int			type;
@@ -135,7 +138,10 @@
 	(a->direction != 0 && a->direction != 1) ||			\
 	COINCIDENT(a->point[0], a->point[1]) ||				\
 	COINCIDENT(a->point[0], a->point[2]) ||				\
 -	COINCIDENT(a->point[1], a->point[2])
 +	COINCIDENT(a->point[1], a->point[2]) ||				\
 +	(a->point[0].x - a->center.x) * (a->point[0].x - a->center.x) +	\
 +	(a->point[0].y - a->center.y) * (a->point[0].y - a->center.y) <	\
 +	RADIUS2_MIN
 typedef struct f_line {
 	int			type;
 --- a/fig2dev/read1_3.c
 +++ b/fig2dev/read1_3.c
@@ -3,7 +3,7 @@
  * Copyright (c) 1991 by Micah Beck
  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
  * Parts Copyright (c) 1989-2015 by Brian V. Smith
 - * Parts Copyright (c) 2015-2022 by Thomas Loimer
 + * Parts Copyright (c) 2015-2025 by Thomas Loimer
  *
  * Any party obtaining a copy of these files is granted, free of charge, a
  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
@@ -156,8 +156,10 @@
 	a->pen_color = a->fill_color = BLACK_COLOR;
 	a->depth = 0;
 	a->pen = 0;
 +	a->fill_style = 0;
 	a->for_arrow = NULL;
 	a->back_arrow = NULL;
 +	a->cap_style = 0;
 	a->comments = NULL;
 	a->next = NULL;
 	n = fscanf(fp,
@@ -328,6 +330,10 @@
 		e->type = T_CIRCLE_BY_RAD;
 	else
 		e->type = T_CIRCLE_BY_DIA;
 +	if (e->radiuses.x < 0)
 +		e->radiuses.x *= -1;
 +	if (e->radiuses.y < 0)
 +		e->radiuses.y *= -1;
 	if (INVALID_ELLIPSE(e)) {
 		put_msg(Err_invalid, "ellipse");
 		free(e);
--- a/fig2dev-3.2.6a-CVE-2017-16899.patch
+++ b/fig2dev-3.2.6a-CVE-2017-16899.patch
@ -0,0 +1,38 @@
 diff -up fig2dev-3.2.6a/fig2dev/read.c.orig fig2dev-3.2.6a/fig2dev/read.c
 --- fig2dev-3.2.6a/fig2dev/read.c.orig	2017-01-07 23:01:19.000000000 +0100
 +++ fig2dev-3.2.6a/fig2dev/read.c	2017-11-21 15:17:31.195643198 +0100
@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp)
 				| PSFONT_TEXT;
 	/* keep the font number reasonable */
 -	if (t->font > MAXFONT(t))
 +	if (t->font > MAXFONT(t)) {
 		t->font = MAXFONT(t);
 +	} else if (t->font < 0 ) {
 +		if (psfont_text(t) && t->font < -1)
 +			t->font = -1;
 +		else
 +			t->font = 0;
 +	}
 	fix_and_note_color(&t->color);
 	t->comments = attach_comments();	/* attach any comments */
 	return t;
 diff -up fig2dev-3.2.6a/fig2dev/read1_3.c.orig fig2dev-3.2.6a/fig2dev/read1_3.c
 --- fig2dev-3.2.6a/fig2dev/read1_3.c.orig	2016-08-19 21:34:38.000000000 +0200
 +++ fig2dev-3.2.6a/fig2dev/read1_3.c	2017-11-21 15:17:31.196643206 +0100
@@ -470,6 +470,15 @@ read_textobject(FILE *fp)
 	    free((char*) t);
 	    return(NULL);
 	    }
 +	/* keep the font number within valid range */
 +	if (t->font > MAXFONT(t)) {
 +		t->font = MAXFONT(t);
 +	} else if (t->font < 0 ) {
 +		if (psfont_text(t) && t->font < -1)
 +			t->font = -1;
 +		else
 +			t->font = 0;
 +	}
 	(void)strcpy(t->cstring, buf);
 	if (t->size == 0) t->size = 18;
 	return(t);
--- a/fig2dev-3.2.6a.tar.xz
+++ b/fig2dev-3.2.6a.tar.xz
--- a/fig2dev-3.2.9.tar.xz
+++ b/fig2dev-3.2.9.tar.xz
--- a/transfig.spec
+++ b/transfig.spec
@ -1,25 +1,19 @@
 Name:		transfig
 Summary:	Utility for converting FIG files (made by xfig) to other formats
-Version:	3.2.9
+Version:	3.2.6a
-Release:	3
+Release:	7
 Epoch:		1
 License:	MIT
 URL:		https://sourceforge.net/projects/mcj/
 Source0:	http://downloads.sourceforge.net/mcj/fig2dev-%{version}.tar.xz
-Patch0: 	CVE-2025-31162.patch
+Patch1:     fig2dev-3.2.6a-CVE-2017-16899.patch
-Patch1: 	CVE-2025-31163.patch
+Patch2:     CVE-2021-32280.patch
 Patch2: 	CVE-2025-31164.patch
 Patch3: 	CVE-2025-46397.patch
 Patch4: 	CVE-2025-46398.patch
 Patch5: 	CVE-2025-46399.patch
 Patch6: 	CVE-2025-46400-1.patch
 Patch7: 	CVE-2025-46400-2.patch
 Requires:	netpbm-progs ghostscript bc
-BuildRequires:  gcc libpng-devel libjpeg-devel libXpm-devel ghostscript
+BuildRequires:  gcc libpng-devel libjpeg-devel libXpm-devel
 %description
 The transfig utility creates a makefile which translates FIG (created
@ -48,27 +42,14 @@ figures into certain graphics languages.
 %{_bindir}/fig2*
 %{_bindir}/pic2tpic
 %{_datadir}/fig2dev/i18n/*.ps
 %{_datadir}/fig2dev/bitmaps/*.bmp
 %files help
 %doc %{name}/doc/manual.pdf
 %{_mandir}/man1/*.1.gz
 %{_datadir}/fig2dev/rgb.txt
 %changelog
 * Tue Apr 29 2025 yaoxin <1024769339@qq.com> - 1:3.2.9-3
 - Fix CVE-2025-46397,CVE-2025-46398,CVE-2025-46399 and CVE-2025-46400
 * Tue Apr 01 2025 yaoxin <1024769339@qq.com> - 1:3.2.9-2
 - Fix CVE-2025-31162,CVE-2025-31163 and CVE-2025-31164
 * Tue Dec 19 2023 Ge Wang <wang__ge@126.com> - 1:3.2.9-1
 - Upgrade transfig to 3.2.9
 * Fri Feb 11 2022 herengui <herengui@uniontech.com> - 1:3.2.8b-2
 - fix GSEXE undefined issue.
 * Thu Jan 20 2022 yaoxin<yaoxin30@huawei.com> - 1:3.2.8b-1
 - Upgrade transfig to 3.2.8b, fix CVE-2021-37529 CVE-2021-37530
 * Tue Oct 12 2021 yaoxin<yaoxin30@huawei.com> - 1:3.2.6a-7
 - Fix CVE-2021-32280