rpms/autotrace
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import autotrace-0.31.1-53.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-10-06 13:56:11 -04:00 committed by Stepan Oksanichenko
parent a919918acd
commit 25ac9adecd
3 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
SOURCES/autotrace-0.31.1-CVE-2019-19004.patch Normal file
View File

@ -0,0 +1,17 @@
diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
--- autotrace-0.31.1.old/input-bmp.c 2021-04-30 15:03:16.264446518 +0530
+++ autotrace-0.31.1/input-bmp.c 2021-04-30 15:06:14.682051209 +0530
@@ -220,6 +220,13 @@
* word length (32 bits == 4 bytes)
*/
+ unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
+ if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
+ LOG("Error reading BMP file header. Width is too large\n");
+ at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
+ goto cleanup;
+ }
+
rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;
#ifdef DEBUG

35
SOURCES/autotrace-0.31.1-CVE-2019-19005.patch Normal file
View File

@ -0,0 +1,35 @@
diff -urN autotrace-0.31.1.old/xstd.h autotrace-0.31.1/xstd.h
--- autotrace-0.31.1.old/xstd.h 2002-10-11 02:14:17.000000000 +0530
+++ autotrace-0.31.1/xstd.h 2021-04-30 15:22:25.853589944 +0530
@@ -20,6 +20,7 @@
#define XMALLOC(new_mem, size) \
do \
{ \
+ assert(size); \
new_mem = (at_address) malloc (size); \
assert(new_mem); \
} while (0)
@@ -28,6 +29,7 @@
#define XCALLOC(new_mem, size) \
do \
{ \
+ assert(size); \
new_mem = (at_address) calloc (size, 1); \
assert(new_mem); \
} while (0)
@@ -55,6 +57,7 @@
#define XMALLOC(new_mem, size) \
do \
{ \
+ assert(size); \
(at_address&)(new_mem) = (at_address) malloc (size); \
assert(new_mem); \
} while (0)
@@ -63,6 +66,7 @@
#define XCALLOC(new_mem, sizex) \
do \
{ \
+ assert(size); \
(at_address&)(new_mem) = (void *) calloc (sizex, 1); \
assert(new_mem); \
} while (0)

10
SPECS/autotrace.spec
View File

@ -1,6 +1,6 @@
Name: autotrace Name: autotrace
Version: 0.31.1 Version: 0.31.1
Release: 52%{?dist} Release: 53%{?dist}
Summary: Utility for converting bitmaps to vector graphics Summary: Utility for converting bitmaps to vector graphics
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: http://autotrace.sourceforge.net/ URL: http://autotrace.sourceforge.net/
@ -13,6 +13,8 @@ Patch4: autotrace-0.31.1-CVE-2013-1953.patch
Patch5: autotrace-0.31.1-multilib-fix.patch Patch5: autotrace-0.31.1-multilib-fix.patch
Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch
Patch7: autotrace-0.31.1-CVE-2016-7392.patch Patch7: autotrace-0.31.1-CVE-2016-7392.patch
Patch8: autotrace-0.31.1-CVE-2019-19004.patch
Patch9: autotrace-0.31.1-CVE-2019-19005.patch
BuildRequires: libpng-devel > 2:1.2 BuildRequires: libpng-devel > 2:1.2
BuildRequires: libexif-devel BuildRequires: libexif-devel
@ -57,6 +59,8 @@ This package contains header files and development libraries for autotrace.
%patch5 -p1 -b .multilib-fix %patch5 -p1 -b .multilib-fix
%patch6 -p1 -b .pstoedit-detection-fix %patch6 -p1 -b .pstoedit-detection-fix
%patch7 -p1 -b .CVE-2016-7392 %patch7 -p1 -b .CVE-2016-7392
%patch8 -p1 -b .CVE-2019-19004
%patch9 -p1 -b .CVE-2019-19005
autoreconf -ivf autoreconf -ivf
%build %build
@ -96,6 +100,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
%changelog %changelog
* Fri Apr 30 2021 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-53
- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c
- Resolves: CVE-2019-19005 : fix bitmap double free in main.c
* Tue Aug 21 2018 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-52 * Tue Aug 21 2018 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-52
- Resolves:rh#1564990: Removed BR: ImageMagick-devel - Resolves:rh#1564990: Removed BR: ImageMagick-devel