import autotrace-0.31.1-55.el8
This commit is contained in:
parent
236f0dcd37
commit
fe335ea4a0
44
SOURCES/autotrace-0.31.1-CVE-2022-32323.patch
Normal file
44
SOURCES/autotrace-0.31.1-CVE-2022-32323.patch
Normal file
@ -0,0 +1,44 @@
|
||||
--- autotrace-0.31.1.old/input-bmp.c 2022-09-05 14:41:15.694254375 +0530
|
||||
+++ autotrace-0.31.1/input-bmp.c 2022-09-08 17:11:28.131973020 +0530
|
||||
@@ -88,7 +88,7 @@
|
||||
at_address msg_data)
|
||||
{
|
||||
FILE *fd;
|
||||
- unsigned char buffer[64];
|
||||
+ unsigned char buffer[128];
|
||||
int ColormapSize, rowbytes, Maps, Grey;
|
||||
unsigned char ColorMap[256][3];
|
||||
at_bitmap_type image = at_bitmap_init(0, 0, 0, 1);
|
||||
@@ -345,6 +345,10 @@
|
||||
*(temp++)= buffer[xpos * 4 + 1];
|
||||
*(temp++)= buffer[xpos * 4];
|
||||
}
|
||||
+
|
||||
+ if (ypos == 0)
|
||||
+ break;
|
||||
+
|
||||
--ypos; /* next line */
|
||||
}
|
||||
}
|
||||
@@ -361,6 +365,10 @@
|
||||
*(temp++)= buffer[xpos * 3 + 1];
|
||||
*(temp++)= buffer[xpos * 3];
|
||||
}
|
||||
+
|
||||
+ if (ypos == 0)
|
||||
+ break;
|
||||
+
|
||||
--ypos; /* next line */
|
||||
}
|
||||
}
|
||||
@@ -378,6 +386,10 @@
|
||||
*(temp++)= (unsigned char)(((rgb >> 5) & 0x1f) * 8);
|
||||
*(temp++)= (unsigned char)(((rgb) & 0x1f) * 8);
|
||||
}
|
||||
+
|
||||
+ if (ypos == 0)
|
||||
+ break;
|
||||
+
|
||||
--ypos; /* next line */
|
||||
}
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
Name: autotrace
|
||||
Version: 0.31.1
|
||||
Release: 53%{?dist}
|
||||
Release: 55%{?dist}
|
||||
Summary: Utility for converting bitmaps to vector graphics
|
||||
License: GPLv2+ and LGPLv2+
|
||||
URL: http://autotrace.sourceforge.net/
|
||||
@ -15,6 +15,8 @@ Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch
|
||||
Patch7: autotrace-0.31.1-CVE-2016-7392.patch
|
||||
Patch8: autotrace-0.31.1-CVE-2019-19004.patch
|
||||
Patch9: autotrace-0.31.1-CVE-2019-19005.patch
|
||||
# Upstream patch
|
||||
Patch10: autotrace-0.31.1-CVE-2022-32323.patch
|
||||
|
||||
BuildRequires: libpng-devel > 2:1.2
|
||||
BuildRequires: libexif-devel
|
||||
@ -61,6 +63,7 @@ This package contains header files and development libraries for autotrace.
|
||||
%patch7 -p1 -b .CVE-2016-7392
|
||||
%patch8 -p1 -b .CVE-2019-19004
|
||||
%patch9 -p1 -b .CVE-2019-19005
|
||||
%patch10 -p1 -b .CVE-2022-32323
|
||||
autoreconf -ivf
|
||||
|
||||
%build
|
||||
@ -100,6 +103,14 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Sep 13 2022 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-55
|
||||
- Resolves: rhbz#2121827 Fix the gating tests by using only local test
|
||||
Upstream testsuite will not work as this package code is very old
|
||||
|
||||
* Mon Sep 12 2022 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-54
|
||||
- Resolves: rhbz#2121827
|
||||
CVE-2022-32323 - heap-buffer overflow via the ReadImage() at input-bmp.c
|
||||
|
||||
* Fri Apr 30 2021 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-53
|
||||
- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c
|
||||
- Resolves: CVE-2019-19005 : fix bitmap double free in main.c
|
||||
|
Loading…
Reference in New Issue
Block a user