Resolves: rhbz#1950001 , CVE-2019-19005
Resolves: rhbz#1950141 , CVE-2019-19004
This commit is contained in:
parent
e922ce40fe
commit
80d0f79256
17
autotrace-0.31.1-CVE-2019-19004.patch
Normal file
17
autotrace-0.31.1-CVE-2019-19004.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
|
||||||
|
--- autotrace-0.31.1.old/input-bmp.c 2021-04-30 15:03:16.264446518 +0530
|
||||||
|
+++ autotrace-0.31.1/input-bmp.c 2021-04-30 15:06:14.682051209 +0530
|
||||||
|
@@ -220,6 +220,13 @@
|
||||||
|
* word length (32 bits == 4 bytes)
|
||||||
|
*/
|
||||||
|
|
||||||
|
+ unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
|
||||||
|
+ if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
|
||||||
|
+ LOG("Error reading BMP file header. Width is too large\n");
|
||||||
|
+ at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;
|
||||||
|
|
||||||
|
#ifdef DEBUG
|
35
autotrace-0.31.1-CVE-2019-19005.patch
Normal file
35
autotrace-0.31.1-CVE-2019-19005.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
diff -urN autotrace-0.31.1.old/xstd.h autotrace-0.31.1/xstd.h
|
||||||
|
--- autotrace-0.31.1.old/xstd.h 2002-10-11 02:14:17.000000000 +0530
|
||||||
|
+++ autotrace-0.31.1/xstd.h 2021-04-30 15:22:25.853589944 +0530
|
||||||
|
@@ -20,6 +20,7 @@
|
||||||
|
#define XMALLOC(new_mem, size) \
|
||||||
|
do \
|
||||||
|
{ \
|
||||||
|
+ assert(size); \
|
||||||
|
new_mem = (at_address) malloc (size); \
|
||||||
|
assert(new_mem); \
|
||||||
|
} while (0)
|
||||||
|
@@ -28,6 +29,7 @@
|
||||||
|
#define XCALLOC(new_mem, size) \
|
||||||
|
do \
|
||||||
|
{ \
|
||||||
|
+ assert(size); \
|
||||||
|
new_mem = (at_address) calloc (size, 1); \
|
||||||
|
assert(new_mem); \
|
||||||
|
} while (0)
|
||||||
|
@@ -55,6 +57,7 @@
|
||||||
|
#define XMALLOC(new_mem, size) \
|
||||||
|
do \
|
||||||
|
{ \
|
||||||
|
+ assert(size); \
|
||||||
|
(at_address&)(new_mem) = (at_address) malloc (size); \
|
||||||
|
assert(new_mem); \
|
||||||
|
} while (0)
|
||||||
|
@@ -63,6 +66,7 @@
|
||||||
|
#define XCALLOC(new_mem, sizex) \
|
||||||
|
do \
|
||||||
|
{ \
|
||||||
|
+ assert(size); \
|
||||||
|
(at_address&)(new_mem) = (void *) calloc (sizex, 1); \
|
||||||
|
assert(new_mem); \
|
||||||
|
} while (0)
|
@ -1,6 +1,6 @@
|
|||||||
Name: autotrace
|
Name: autotrace
|
||||||
Version: 0.31.1
|
Version: 0.31.1
|
||||||
Release: 60%{?dist}
|
Release: 61%{?dist}
|
||||||
Summary: Utility for converting bitmaps to vector graphics
|
Summary: Utility for converting bitmaps to vector graphics
|
||||||
License: GPLv2+ and LGPLv2+
|
License: GPLv2+ and LGPLv2+
|
||||||
URL: http://autotrace.sourceforge.net/
|
URL: http://autotrace.sourceforge.net/
|
||||||
@ -13,6 +13,9 @@ Patch4: autotrace-0.31.1-CVE-2013-1953.patch
|
|||||||
Patch5: autotrace-0.31.1-multilib-fix.patch
|
Patch5: autotrace-0.31.1-multilib-fix.patch
|
||||||
Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch
|
Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch
|
||||||
Patch7: autotrace-0.31.1-CVE-2016-7392.patch
|
Patch7: autotrace-0.31.1-CVE-2016-7392.patch
|
||||||
|
Patch8: autotrace-0.31.1-CVE-2019-19004.patch
|
||||||
|
Patch9: autotrace-0.31.1-CVE-2019-19005.patch
|
||||||
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
%if ! 0%{?rhel}
|
%if ! 0%{?rhel}
|
||||||
BuildRequires: ImageMagick-devel
|
BuildRequires: ImageMagick-devel
|
||||||
@ -63,6 +66,8 @@ This package contains header files and development libraries for autotrace.
|
|||||||
%patch5 -p1 -b .multilib-fix
|
%patch5 -p1 -b .multilib-fix
|
||||||
%patch6 -p1 -b .pstoedit-detection-fix
|
%patch6 -p1 -b .pstoedit-detection-fix
|
||||||
%patch7 -p1 -b .CVE-2016-7392
|
%patch7 -p1 -b .CVE-2016-7392
|
||||||
|
%patch8 -p1 -b .CVE-2019-19004
|
||||||
|
%patch9 -p1 -b .CVE-2019-19005
|
||||||
autoreconf -ivf
|
autoreconf -ivf
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -104,6 +109,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 30 2021 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-61
|
||||||
|
- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c
|
||||||
|
- Resolves: CVE-2019-19005 : fix bitmap double free in main.c
|
||||||
|
|
||||||
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.31.1-60
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.31.1-60
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user