rpms/autotrace
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import autotrace-0.31.1-65.el9

Browse Source
This commit is contained in:
CentOS Sources 2023-03-28 12:43:36 +00:00 committed by root
parent e3ad9408d9
commit 9d73fee5f9
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
SOURCES/autotrace-0.31.1-CVE-2022-32323.patch Normal file
View File

@ -0,0 +1,44 @@
--- autotrace-0.31.1.old/input-bmp.c 2022-09-05 14:41:15.694254375 +0530
+++ autotrace-0.31.1/input-bmp.c 2022-09-08 17:11:28.131973020 +0530
@@ -88,7 +88,7 @@
at_address msg_data)
{
FILE *fd;
- unsigned char buffer[64];
+ unsigned char buffer[128];
int ColormapSize, rowbytes, Maps, Grey;
unsigned char ColorMap[256][3];
at_bitmap_type image = at_bitmap_init(0, 0, 0, 1);
@@ -345,6 +345,10 @@
*(temp++)= buffer[xpos * 4 + 1];
*(temp++)= buffer[xpos * 4];
}
+
+ if (ypos == 0)
+ break;
+
--ypos; /* next line */
}
}
@@ -361,6 +365,10 @@
*(temp++)= buffer[xpos * 3 + 1];
*(temp++)= buffer[xpos * 3];
}
+
+ if (ypos == 0)
+ break;
+
--ypos; /* next line */
}
}
@@ -378,6 +386,10 @@
*(temp++)= (unsigned char)(((rgb >> 5) & 0x1f) * 8);
*(temp++)= (unsigned char)(((rgb) & 0x1f) * 8);
}
+
+ if (ypos == 0)
+ break;
+
--ypos; /* next line */
}
}

13
SPECS/autotrace.spec
View File

@ -1,6 +1,6 @@
Name: autotrace Name: autotrace
Version: 0.31.1 Version: 0.31.1
Release: 63%{?dist} Release: 65%{?dist}
Summary: Utility for converting bitmaps to vector graphics Summary: Utility for converting bitmaps to vector graphics
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: http://autotrace.sourceforge.net/ URL: http://autotrace.sourceforge.net/
@ -15,6 +15,8 @@ Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch
Patch7: autotrace-0.31.1-CVE-2016-7392.patch Patch7: autotrace-0.31.1-CVE-2016-7392.patch
Patch8: autotrace-0.31.1-CVE-2019-19004.patch Patch8: autotrace-0.31.1-CVE-2019-19004.patch
Patch9: autotrace-0.31.1-CVE-2019-19005.patch Patch9: autotrace-0.31.1-CVE-2019-19005.patch
# Upstream patch
Patch10: autotrace-0.31.1-CVE-2022-32323.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
%if ! 0%{?rhel} %if ! 0%{?rhel}
@ -68,6 +70,7 @@ This package contains header files and development libraries for autotrace.
%patch7 -p1 -b .CVE-2016-7392 %patch7 -p1 -b .CVE-2016-7392
%patch8 -p1 -b .CVE-2019-19004 %patch8 -p1 -b .CVE-2019-19004
%patch9 -p1 -b .CVE-2019-19005 %patch9 -p1 -b .CVE-2019-19005
%patch10 -p1 -b .CVE-2022-32323
autoreconf -ivf autoreconf -ivf
%build %build
@ -109,6 +112,14 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
%changelog %changelog
* Tue Sep 13 2022 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-65
- Resolves: rhbz#2121828 Fix the gating tests by using only local test
Upstream testsuite will not work as this package code is very old
* Mon Sep 12 2022 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-64
- Resolves: rhbz#2121828
CVE-2022-32323 - heap-buffer overflow via the ReadImage() at input-bmp.c
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.31.1-63 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.31.1-63
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688