import autotrace-0.31.1-53.el8

2021-10-06 13:56:11 -04:00 · 2021-10-06 13:56:11 -04:00 · 25ac9adecd
commit 25ac9adecd
parent a919918acd
3 changed files with 61 additions and 1 deletions
--- a/SOURCES/autotrace-0.31.1-CVE-2019-19004.patch
+++ b/SOURCES/autotrace-0.31.1-CVE-2019-19004.patch
@ -0,0 +1,17 @@
+diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1.old/input-bmp.c	2021-04-30 15:03:16.264446518 +0530
+++ autotrace-0.31.1/input-bmp.c	2021-04-30 15:06:14.682051209 +0530
+@@ -220,6 +220,13 @@
+    * word length (32 bits == 4 bytes)
+    */
+ 
+  unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
+  if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
+    LOG("Error reading BMP file header. Width is too large\n");
+    at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
+    goto cleanup;
+  }
+
+   rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;  
+ 
+ #ifdef DEBUG
--- a/SOURCES/autotrace-0.31.1-CVE-2019-19005.patch
+++ b/SOURCES/autotrace-0.31.1-CVE-2019-19005.patch
@ -0,0 +1,35 @@
+diff -urN autotrace-0.31.1.old/xstd.h autotrace-0.31.1/xstd.h
+--- autotrace-0.31.1.old/xstd.h	2002-10-11 02:14:17.000000000 +0530
+++ autotrace-0.31.1/xstd.h	2021-04-30 15:22:25.853589944 +0530
+@@ -20,6 +20,7 @@
+ #define XMALLOC(new_mem, size)			\
+ do						\
+   {						\
+    assert(size);                              \
+     new_mem = (at_address) malloc (size);	\
+     assert(new_mem);				\
+   } while (0)
+@@ -28,6 +29,7 @@
+ #define XCALLOC(new_mem, size)			\
+ do						\
+   {						\
+    assert(size);                              \
+     new_mem = (at_address) calloc (size, 1);	\
+     assert(new_mem);				\
+   } while (0)
+@@ -55,6 +57,7 @@
+ #define XMALLOC(new_mem, size)					\
+ do								\
+   {								\
+    assert(size);                                              \
+     (at_address&)(new_mem) = (at_address) malloc (size);	\
+      assert(new_mem);						\
+   } while (0) 
+@@ -63,6 +66,7 @@
+ #define XCALLOC(new_mem, sizex)					\
+ do								\
+   {								\
+    assert(size);                                              \
+     (at_address&)(new_mem) = (void *) calloc (sizex, 1);	\
+     assert(new_mem);						\
+   } while (0) 
--- a/SPECS/autotrace.spec
+++ b/SPECS/autotrace.spec
@ -1,6 +1,6 @@
 Name:           autotrace
 Version:        0.31.1
-Release:        52%{?dist}
+Release:        53%{?dist}
 Summary:        Utility for converting bitmaps to vector graphics
 License:        GPLv2+ and LGPLv2+
 URL:            http://autotrace.sourceforge.net/
@ -13,6 +13,8 @@ Patch4:         autotrace-0.31.1-CVE-2013-1953.patch
 Patch5:         autotrace-0.31.1-multilib-fix.patch
 Patch6:         autotrace-0.31.1-pstoedit-detection-fix.patch
 Patch7:         autotrace-0.31.1-CVE-2016-7392.patch
+Patch8:         autotrace-0.31.1-CVE-2019-19004.patch
+Patch9:         autotrace-0.31.1-CVE-2019-19005.patch

 BuildRequires:  libpng-devel > 2:1.2
 BuildRequires:  libexif-devel
@ -57,6 +59,8 @@ This package contains header files and development libraries for autotrace.
 %patch5 -p1 -b .multilib-fix
 %patch6 -p1 -b .pstoedit-detection-fix
 %patch7 -p1 -b .CVE-2016-7392
+%patch8 -p1 -b .CVE-2019-19004
+%patch9 -p1 -b .CVE-2019-19005
 autoreconf -ivf

 %build
@ -96,6 +100,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'


 %changelog
+* Fri Apr 30 2021 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-53
+- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c
+- Resolves: CVE-2019-19005 : fix bitmap double free in main.c
+
 * Tue Aug 21 2018 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-52
 - Resolves:rh#1564990: Removed BR: ImageMagick-devel