import autotrace-0.31.1-55.el8

This commit is contained in:
CentOS Sources 2023-05-16 06:19:03 +00:00 committed by Stepan Oksanichenko
parent 236f0dcd37
commit fe335ea4a0
2 changed files with 56 additions and 1 deletions

View File

@ -0,0 +1,44 @@
--- autotrace-0.31.1.old/input-bmp.c 2022-09-05 14:41:15.694254375 +0530
+++ autotrace-0.31.1/input-bmp.c 2022-09-08 17:11:28.131973020 +0530
@@ -88,7 +88,7 @@
at_address msg_data)
{
FILE *fd;
- unsigned char buffer[64];
+ unsigned char buffer[128];
int ColormapSize, rowbytes, Maps, Grey;
unsigned char ColorMap[256][3];
at_bitmap_type image = at_bitmap_init(0, 0, 0, 1);
@@ -345,6 +345,10 @@
*(temp++)= buffer[xpos * 4 + 1];
*(temp++)= buffer[xpos * 4];
}
+
+ if (ypos == 0)
+ break;
+
--ypos; /* next line */
}
}
@@ -361,6 +365,10 @@
*(temp++)= buffer[xpos * 3 + 1];
*(temp++)= buffer[xpos * 3];
}
+
+ if (ypos == 0)
+ break;
+
--ypos; /* next line */
}
}
@@ -378,6 +386,10 @@
*(temp++)= (unsigned char)(((rgb >> 5) & 0x1f) * 8);
*(temp++)= (unsigned char)(((rgb) & 0x1f) * 8);
}
+
+ if (ypos == 0)
+ break;
+
--ypos; /* next line */
}
}

View File

@ -1,6 +1,6 @@
Name: autotrace
Version: 0.31.1
Release: 53%{?dist}
Release: 55%{?dist}
Summary: Utility for converting bitmaps to vector graphics
License: GPLv2+ and LGPLv2+
URL: http://autotrace.sourceforge.net/
@ -15,6 +15,8 @@ Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch
Patch7: autotrace-0.31.1-CVE-2016-7392.patch
Patch8: autotrace-0.31.1-CVE-2019-19004.patch
Patch9: autotrace-0.31.1-CVE-2019-19005.patch
# Upstream patch
Patch10: autotrace-0.31.1-CVE-2022-32323.patch
BuildRequires: libpng-devel > 2:1.2
BuildRequires: libexif-devel
@ -61,6 +63,7 @@ This package contains header files and development libraries for autotrace.
%patch7 -p1 -b .CVE-2016-7392
%patch8 -p1 -b .CVE-2019-19004
%patch9 -p1 -b .CVE-2019-19005
%patch10 -p1 -b .CVE-2022-32323
autoreconf -ivf
%build
@ -100,6 +103,14 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
%changelog
* Tue Sep 13 2022 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-55
- Resolves: rhbz#2121827 Fix the gating tests by using only local test
Upstream testsuite will not work as this package code is very old
* Mon Sep 12 2022 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-54
- Resolves: rhbz#2121827
CVE-2022-32323 - heap-buffer overflow via the ReadImage() at input-bmp.c
* Fri Apr 30 2021 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-53
- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c
- Resolves: CVE-2019-19005 : fix bitmap double free in main.c