Enabled pstoedit backend

Fixed out of bounds write when using pstoedit backend Resolves: CVE-2016-7392 Fixed hardcoded version on source URL Fixed bogus date in changelog (best effort)
2017-01-20 18:18:18 +01:00 · 2017-01-20 18:18:18 +01:00 · eb3e392089
commit eb3e392089
parent 72a936af8c
3 changed files with 64 additions and 3 deletions
--- a/autotrace-0.31.1-CVE-2016-7392.patch
+++ b/autotrace-0.31.1-CVE-2016-7392.patch
@ -0,0 +1,16 @@
+Subject: Fix heap-based buffer overflow in pstoedit_suffix_table_init
+ID: CVE-2016-7392
+Author: unknown (taken from DLA-621-1)
+Bug-Debian: https://bugs.debian.org/837599
+
+--- a/output-pstoedit.c
+++ b/output-pstoedit.c
+@@ -84,7 +84,7 @@
+       dd_tmp   = dd_start;
+       while (dd_tmp->symbolicname)
+ 	dd_tmp++;
+-      XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1);
+      XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - dd_start) + 1));
+ 
+ #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__)
+   fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__);
--- a/autotrace-0.31.1-pstoedit-detection-fix.patch
+++ b/autotrace-0.31.1-pstoedit-detection-fix.patch
@ -0,0 +1,33 @@
+--- autotrace-0.31.1.orig/configure.in
+++ autotrace-0.31.1/configure.in
+@@ -282,8 +300,12 @@ AC_CHECK_LIB(dl,main,[LIBLD_LDFLAGS=-ldl
+ if test "x${LIBLD_LDFLAGS}" != x; then
+    LIBPSTOEDIT_EXTRA_LIBS="${LIBPSTOEDIT_EXTRA_LIBS} ${LIBLD_LDFLAGS}"
+ fi
+-
+-echo '*** Checking pstoedit existence TWICE(if needed) ***'
+        
+echo '*** Checking pstoedit existence THRICE(if needed)***'
+echo '*** This is the 0th check                        ***'
+PKG_CHECK_MODULES(LIBPSTOEDIT,[pstoedit >= 3.32.1],HAVE_LIBPSTOEDIT_321=yes)
+if test ${HAVE_LIBPSTOEDIT_321} != yes; then
+   echo '*** The 0th check failed                         ***'
+ echo '*** This is the 1st check                        ***'
+ AM_PATH_PSTOEDIT(3.32.1,HAVE_LIBPSTOEDIT_321=yes)
+ if test ${HAVE_LIBPSTOEDIT_321} != yes; then
+@@ -310,6 +332,15 @@ else
+ 	LIBPSTOEDIT_LIBS="${PSTOEDIT_LIBS} ${LIBPSTOEDIT_EXTRA_LIBS}"	
+ 	LIBPSTOEDIT_CFLAGS="${PSTOEDIT_CFLAGS}"
+ fi
+else
+        echo '*** The 0th check is passed.                     ***'
+	HAVE_LIBPSTOEDIT=yes
+
+       # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1415258
+       LIBPSTOEDIT_LIBS="${LIBPSTOEDIT_LIBS/@LIBPNG_LDFLAGS@/-lpng}"
+
+	AC_DEFINE(HAVE_LIBPSTOEDIT)
+fi
+ 
+ if test ${HAVE_LIBPSTOEDIT} = yes; then
+ 	AC_CHECK_FUNCS([mkstemp])
--- a/autotrace.spec
+++ b/autotrace.spec
@ -1,17 +1,19 @@
 Name:           autotrace
 Version:        0.31.1
-Release:        42%{?dist}
+Release:        43%{?dist}
 Summary:        Utility for converting bitmaps to vector graphics
 Group:          Applications/Multimedia
 License:        GPLv2+ and LGPLv2+
 URL:            http://autotrace.sourceforge.net/
-Source0:        http://download.sf.net/autotrace/autotrace-0.31.1.tar.gz
+Source0:        http://download.sf.net/autotrace/%{name}-%{version}.tar.gz
 Patch1:         autotrace-0001-Modify-GetOnePixel-usage-to-build-against-current-Im.patch
 Patch2:         autotrace-0002-Fixed-underquoted-AM_PATH_AUTOTRACE-definition.patch
 Patch3:         autotrace-0003-libpng-fix.patch
 # Sent upstream
 Patch4:         autotrace-0.31.1-CVE-2013-1953.patch
 Patch5:         autotrace-0.31.1-multilib-fix.patch
+Patch6:         autotrace-0.31.1-pstoedit-detection-fix.patch
+Patch7:         autotrace-0.31.1-CVE-2016-7392.patch
 BuildRequires:  ImageMagick-devel
 BuildRequires:  libpng-devel > 2:1.2
 BuildRequires:  libexif-devel
@ -25,6 +27,7 @@ BuildRequires:  pstoedit-devel
 BuildRequires:	autoconf
 BuildRequires:	automake
 BuildRequires:	libtool
+BuildRequires:	pstoedit-devel


 %description
@ -54,6 +57,8 @@ This package contains header files and development libraries for autotrace.
 %patch3 -p1 -b .libpng15
 %patch4 -p1 -b .CVE-2013-1953
 %patch5 -p1 -b .multilib-fix
+%patch6 -p1 -b .pstoedit-detection-fix
+%patch7 -p1 -b .CVE-2016-7392
 autoreconf -ivf

 %build
@ -94,6 +99,13 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'


 %changelog
+* Fri Jan 20 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 0.31.1-43
+- Enabled pstoedit backend
+- Fixed out of bounds write when using pstoedit backend
+  Resolves: CVE-2016-7392
+- Fixed hardcoded version on source URL
+- Fixed bogus date in changelog (best effort)
+
 * Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.31.1-42
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

@ -218,7 +230,7 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
 * Wed May 25 2005 Jeremy Katz <katzj@redhat.com> - 0.31.1-5
 - rebuild

-* Fri Apr  7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
+* Thu Apr  7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
 - rebuilt

 * Sat Aug 21 2004 Marius L. Jøhndal <mariuslj at ifi.uio.no> - 0:0.31.1-3