From 25ac9adecdadabe85c407bb4a0920c23cf6e6dbb Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Wed, 6 Oct 2021 13:56:11 -0400 Subject: [PATCH] import autotrace-0.31.1-53.el8 --- SOURCES/autotrace-0.31.1-CVE-2019-19004.patch | 17 +++++++++ SOURCES/autotrace-0.31.1-CVE-2019-19005.patch | 35 +++++++++++++++++++ SPECS/autotrace.spec | 10 +++++- 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 SOURCES/autotrace-0.31.1-CVE-2019-19004.patch create mode 100644 SOURCES/autotrace-0.31.1-CVE-2019-19005.patch diff --git a/SOURCES/autotrace-0.31.1-CVE-2019-19004.patch b/SOURCES/autotrace-0.31.1-CVE-2019-19004.patch new file mode 100644 index 0000000..7121b94 --- /dev/null +++ b/SOURCES/autotrace-0.31.1-CVE-2019-19004.patch @@ -0,0 +1,17 @@ +diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c +--- autotrace-0.31.1.old/input-bmp.c 2021-04-30 15:03:16.264446518 +0530 ++++ autotrace-0.31.1/input-bmp.c 2021-04-30 15:06:14.682051209 +0530 +@@ -220,6 +220,13 @@ + * word length (32 bits == 4 bytes) + */ + ++ unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt; ++ if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) { ++ LOG("Error reading BMP file header. Width is too large\n"); ++ at_exception_fatal(&exp, "Error reading BMP file header. Width is too large"); ++ goto cleanup; ++ } ++ + rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4; + + #ifdef DEBUG diff --git a/SOURCES/autotrace-0.31.1-CVE-2019-19005.patch b/SOURCES/autotrace-0.31.1-CVE-2019-19005.patch new file mode 100644 index 0000000..cb0ffc7 --- /dev/null +++ b/SOURCES/autotrace-0.31.1-CVE-2019-19005.patch @@ -0,0 +1,35 @@ +diff -urN autotrace-0.31.1.old/xstd.h autotrace-0.31.1/xstd.h +--- autotrace-0.31.1.old/xstd.h 2002-10-11 02:14:17.000000000 +0530 ++++ autotrace-0.31.1/xstd.h 2021-04-30 15:22:25.853589944 +0530 +@@ -20,6 +20,7 @@ + #define XMALLOC(new_mem, size) \ + do \ + { \ ++ assert(size); \ + new_mem = (at_address) malloc (size); \ + assert(new_mem); \ + } while (0) +@@ -28,6 +29,7 @@ + #define XCALLOC(new_mem, size) \ + do \ + { \ ++ assert(size); \ + new_mem = (at_address) calloc (size, 1); \ + assert(new_mem); \ + } while (0) +@@ -55,6 +57,7 @@ + #define XMALLOC(new_mem, size) \ + do \ + { \ ++ assert(size); \ + (at_address&)(new_mem) = (at_address) malloc (size); \ + assert(new_mem); \ + } while (0) +@@ -63,6 +66,7 @@ + #define XCALLOC(new_mem, sizex) \ + do \ + { \ ++ assert(size); \ + (at_address&)(new_mem) = (void *) calloc (sizex, 1); \ + assert(new_mem); \ + } while (0) diff --git a/SPECS/autotrace.spec b/SPECS/autotrace.spec index 075e5c0..ecf7ae1 100644 --- a/SPECS/autotrace.spec +++ b/SPECS/autotrace.spec @@ -1,6 +1,6 @@ Name: autotrace Version: 0.31.1 -Release: 52%{?dist} +Release: 53%{?dist} Summary: Utility for converting bitmaps to vector graphics License: GPLv2+ and LGPLv2+ URL: http://autotrace.sourceforge.net/ @@ -13,6 +13,8 @@ Patch4: autotrace-0.31.1-CVE-2013-1953.patch Patch5: autotrace-0.31.1-multilib-fix.patch Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch Patch7: autotrace-0.31.1-CVE-2016-7392.patch +Patch8: autotrace-0.31.1-CVE-2019-19004.patch +Patch9: autotrace-0.31.1-CVE-2019-19005.patch BuildRequires: libpng-devel > 2:1.2 BuildRequires: libexif-devel @@ -57,6 +59,8 @@ This package contains header files and development libraries for autotrace. %patch5 -p1 -b .multilib-fix %patch6 -p1 -b .pstoedit-detection-fix %patch7 -p1 -b .CVE-2016-7392 +%patch8 -p1 -b .CVE-2019-19004 +%patch9 -p1 -b .CVE-2019-19005 autoreconf -ivf %build @@ -96,6 +100,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';' %changelog +* Fri Apr 30 2021 Parag Nemade - 0.31.1-53 +- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c +- Resolves: CVE-2019-19005 : fix bitmap double free in main.c + * Tue Aug 21 2018 Parag Nemade - 0.31.1-52 - Resolves:rh#1564990: Removed BR: ImageMagick-devel