From eb3e3920894ede87f7515b816d8364b52220ec57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= Date: Fri, 20 Jan 2017 18:18:18 +0100 Subject: [PATCH] Enabled pstoedit backend Fixed out of bounds write when using pstoedit backend Resolves: CVE-2016-7392 Fixed hardcoded version on source URL Fixed bogus date in changelog (best effort) --- autotrace-0.31.1-CVE-2016-7392.patch | 16 +++++++++ autotrace-0.31.1-pstoedit-detection-fix.patch | 33 +++++++++++++++++++ autotrace.spec | 18 ++++++++-- 3 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 autotrace-0.31.1-CVE-2016-7392.patch create mode 100644 autotrace-0.31.1-pstoedit-detection-fix.patch diff --git a/autotrace-0.31.1-CVE-2016-7392.patch b/autotrace-0.31.1-CVE-2016-7392.patch new file mode 100644 index 0000000..183320d --- /dev/null +++ b/autotrace-0.31.1-CVE-2016-7392.patch @@ -0,0 +1,16 @@ +Subject: Fix heap-based buffer overflow in pstoedit_suffix_table_init +ID: CVE-2016-7392 +Author: unknown (taken from DLA-621-1) +Bug-Debian: https://bugs.debian.org/837599 + +--- a/output-pstoedit.c ++++ b/output-pstoedit.c +@@ -84,7 +84,7 @@ + dd_tmp = dd_start; + while (dd_tmp->symbolicname) + dd_tmp++; +- XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1); ++ XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - dd_start) + 1)); + + #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__) + fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__); diff --git a/autotrace-0.31.1-pstoedit-detection-fix.patch b/autotrace-0.31.1-pstoedit-detection-fix.patch new file mode 100644 index 0000000..2ff1ce9 --- /dev/null +++ b/autotrace-0.31.1-pstoedit-detection-fix.patch @@ -0,0 +1,33 @@ +--- autotrace-0.31.1.orig/configure.in ++++ autotrace-0.31.1/configure.in +@@ -282,8 +300,12 @@ AC_CHECK_LIB(dl,main,[LIBLD_LDFLAGS=-ldl + if test "x${LIBLD_LDFLAGS}" != x; then + LIBPSTOEDIT_EXTRA_LIBS="${LIBPSTOEDIT_EXTRA_LIBS} ${LIBLD_LDFLAGS}" + fi +- +-echo '*** Checking pstoedit existence TWICE(if needed) ***' ++ ++echo '*** Checking pstoedit existence THRICE(if needed)***' ++echo '*** This is the 0th check ***' ++PKG_CHECK_MODULES(LIBPSTOEDIT,[pstoedit >= 3.32.1],HAVE_LIBPSTOEDIT_321=yes) ++if test ${HAVE_LIBPSTOEDIT_321} != yes; then ++ echo '*** The 0th check failed ***' + echo '*** This is the 1st check ***' + AM_PATH_PSTOEDIT(3.32.1,HAVE_LIBPSTOEDIT_321=yes) + if test ${HAVE_LIBPSTOEDIT_321} != yes; then +@@ -310,6 +332,15 @@ else + LIBPSTOEDIT_LIBS="${PSTOEDIT_LIBS} ${LIBPSTOEDIT_EXTRA_LIBS}" + LIBPSTOEDIT_CFLAGS="${PSTOEDIT_CFLAGS}" + fi ++else ++ echo '*** The 0th check is passed. ***' ++ HAVE_LIBPSTOEDIT=yes ++ ++ # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1415258 ++ LIBPSTOEDIT_LIBS="${LIBPSTOEDIT_LIBS/@LIBPNG_LDFLAGS@/-lpng}" ++ ++ AC_DEFINE(HAVE_LIBPSTOEDIT) ++fi + + if test ${HAVE_LIBPSTOEDIT} = yes; then + AC_CHECK_FUNCS([mkstemp]) diff --git a/autotrace.spec b/autotrace.spec index 2a34c21..8281292 100644 --- a/autotrace.spec +++ b/autotrace.spec @@ -1,17 +1,19 @@ Name: autotrace Version: 0.31.1 -Release: 42%{?dist} +Release: 43%{?dist} Summary: Utility for converting bitmaps to vector graphics Group: Applications/Multimedia License: GPLv2+ and LGPLv2+ URL: http://autotrace.sourceforge.net/ -Source0: http://download.sf.net/autotrace/autotrace-0.31.1.tar.gz +Source0: http://download.sf.net/autotrace/%{name}-%{version}.tar.gz Patch1: autotrace-0001-Modify-GetOnePixel-usage-to-build-against-current-Im.patch Patch2: autotrace-0002-Fixed-underquoted-AM_PATH_AUTOTRACE-definition.patch Patch3: autotrace-0003-libpng-fix.patch # Sent upstream Patch4: autotrace-0.31.1-CVE-2013-1953.patch Patch5: autotrace-0.31.1-multilib-fix.patch +Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch +Patch7: autotrace-0.31.1-CVE-2016-7392.patch BuildRequires: ImageMagick-devel BuildRequires: libpng-devel > 2:1.2 BuildRequires: libexif-devel @@ -25,6 +27,7 @@ BuildRequires: pstoedit-devel BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool +BuildRequires: pstoedit-devel %description @@ -54,6 +57,8 @@ This package contains header files and development libraries for autotrace. %patch3 -p1 -b .libpng15 %patch4 -p1 -b .CVE-2013-1953 %patch5 -p1 -b .multilib-fix +%patch6 -p1 -b .pstoedit-detection-fix +%patch7 -p1 -b .CVE-2016-7392 autoreconf -ivf %build @@ -94,6 +99,13 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';' %changelog +* Fri Jan 20 2017 Jaroslav Škarvada - 0.31.1-43 +- Enabled pstoedit backend +- Fixed out of bounds write when using pstoedit backend + Resolves: CVE-2016-7392 +- Fixed hardcoded version on source URL +- Fixed bogus date in changelog (best effort) + * Wed Feb 03 2016 Fedora Release Engineering - 0.31.1-42 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild @@ -218,7 +230,7 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';' * Wed May 25 2005 Jeremy Katz - 0.31.1-5 - rebuild -* Fri Apr 7 2005 Michael Schwendt +* Thu Apr 7 2005 Michael Schwendt - rebuilt * Sat Aug 21 2004 Marius L. Jøhndal - 0:0.31.1-3