[packages/autotrace] - updated libpng patch (to simplify loading code), added CVE-2013-1953,CVE-2016-7392,CVE-2019-19004,
qboosh
qboosh at pld-linux.org
Mon Apr 11 19:41:51 CEST 2022
commit f1049f72a94d7b31f40fe08726bf1e0fa20c13f9
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Mon Apr 11 19:41:57 2022 +0200
- updated libpng patch (to simplify loading code), added CVE-2013-1953,CVE-2016-7392,CVE-2019-19004,CVE-2019-19005 from Fedora
- drop .la file
- release 18
autotrace-CVE-2013-1953.patch | 12 +++++++++++
autotrace-CVE-2016-7392.patch | 16 +++++++++++++++
autotrace-CVE-2019-19004.patch | 17 ++++++++++++++++
autotrace-CVE-2019-19005.patch | 35 ++++++++++++++++++++++++++++++++
autotrace-libpng.patch | 46 +++++++++++++++++++++++++++---------------
autotrace-link.patch | 19 +++++++++++++++++
autotrace.spec | 14 +++++++++++--
7 files changed, 141 insertions(+), 18 deletions(-)
---
diff --git a/autotrace.spec b/autotrace.spec
index 0018667..693eb09 100644
--- a/autotrace.spec
+++ b/autotrace.spec
@@ -2,7 +2,7 @@ Summary: AutoTrace - convert bitmap to vector graphics
Summary(pl.UTF-8): AutoTrace - konwerter grafiki rastrowej do wektorowej
Name: autotrace
Version: 0.31.1
-Release: 17
+Release: 18
License: GPL v2+
Group: Applications/Graphics
Source0: http://downloads.sourceforge.net/autotrace/%{name}-%{version}.tar.gz
@@ -13,6 +13,10 @@ Patch2: %{name}-am18.patch
Patch3: %{name}-magick6.patch
Patch4: %{name}-am.patch
Patch5: %{name}-libpng.patch
+Patch6: %{name}-CVE-2013-1953.patch
+Patch7: %{name}-CVE-2016-7392.patch
+Patch8: %{name}-CVE-2019-19004.patch
+Patch9: %{name}-CVE-2019-19005.patch
URL: http://autotrace.sourceforge.net/
BuildRequires: ImageMagick-devel >= 1:6.2.4.0
BuildRequires: autoconf
@@ -70,6 +74,10 @@ Biblioteka statyczna AutoTrace.
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
%build
%{__libtoolize}
@@ -87,6 +95,9 @@ rm -rf $RPM_BUILD_ROOT
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
+# obsoleted by pkg-config
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libautotrace.la
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -105,7 +116,6 @@ rm -rf $RPM_BUILD_ROOT
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/autotrace-config
%attr(755,root,root) %{_libdir}/libautotrace.so
-%{_libdir}/libautotrace.la
%{_includedir}/autotrace
%{_aclocaldir}/autotrace.m4
%{_pkgconfigdir}/autotrace.pc
diff --git a/autotrace-CVE-2013-1953.patch b/autotrace-CVE-2013-1953.patch
new file mode 100644
index 0000000..38d7eae
--- /dev/null
+++ b/autotrace-CVE-2013-1953.patch
@@ -0,0 +1,12 @@
+diff -up autotrace-0.31.1/input-bmp.c.orig autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1/input-bmp.c.orig 2002-10-10 22:44:08.000000000 +0200
++++ autotrace-0.31.1/input-bmp.c 2013-06-28 10:24:58.336056959 +0200
+@@ -166,7 +166,7 @@ input_bmp_reader (at_string filename,
+ /* 36 */
+ Maps = 4;
+ }
+- else if (Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
++ else if (Bitmap_File_Head.biSize >= 40 && Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
+ {
+ if (!ReadOK (fd, buffer, Bitmap_File_Head.biSize - 4))
+ {
diff --git a/autotrace-CVE-2016-7392.patch b/autotrace-CVE-2016-7392.patch
new file mode 100644
index 0000000..183320d
--- /dev/null
+++ b/autotrace-CVE-2016-7392.patch
@@ -0,0 +1,16 @@
+Subject: Fix heap-based buffer overflow in pstoedit_suffix_table_init
+ID: CVE-2016-7392
+Author: unknown (taken from DLA-621-1)
+Bug-Debian: https://bugs.debian.org/837599
+
+--- a/output-pstoedit.c
++++ b/output-pstoedit.c
+@@ -84,7 +84,7 @@
+ dd_tmp = dd_start;
+ while (dd_tmp->symbolicname)
+ dd_tmp++;
+- XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1);
++ XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - dd_start) + 1));
+
+ #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__)
+ fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__);
diff --git a/autotrace-CVE-2019-19004.patch b/autotrace-CVE-2019-19004.patch
new file mode 100644
index 0000000..7121b94
--- /dev/null
+++ b/autotrace-CVE-2019-19004.patch
@@ -0,0 +1,17 @@
+diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1.old/input-bmp.c 2021-04-30 15:03:16.264446518 +0530
++++ autotrace-0.31.1/input-bmp.c 2021-04-30 15:06:14.682051209 +0530
+@@ -220,6 +220,13 @@
+ * word length (32 bits == 4 bytes)
+ */
+
++ unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
++ if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
++ LOG("Error reading BMP file header. Width is too large\n");
++ at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
++ goto cleanup;
++ }
++
+ rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;
+
+ #ifdef DEBUG
diff --git a/autotrace-CVE-2019-19005.patch b/autotrace-CVE-2019-19005.patch
new file mode 100644
index 0000000..cb0ffc7
--- /dev/null
+++ b/autotrace-CVE-2019-19005.patch
@@ -0,0 +1,35 @@
+diff -urN autotrace-0.31.1.old/xstd.h autotrace-0.31.1/xstd.h
+--- autotrace-0.31.1.old/xstd.h 2002-10-11 02:14:17.000000000 +0530
++++ autotrace-0.31.1/xstd.h 2021-04-30 15:22:25.853589944 +0530
+@@ -20,6 +20,7 @@
+ #define XMALLOC(new_mem, size) \
+ do \
+ { \
++ assert(size); \
+ new_mem = (at_address) malloc (size); \
+ assert(new_mem); \
+ } while (0)
+@@ -28,6 +29,7 @@
+ #define XCALLOC(new_mem, size) \
+ do \
+ { \
++ assert(size); \
+ new_mem = (at_address) calloc (size, 1); \
+ assert(new_mem); \
+ } while (0)
+@@ -55,6 +57,7 @@
+ #define XMALLOC(new_mem, size) \
+ do \
+ { \
++ assert(size); \
+ (at_address&)(new_mem) = (at_address) malloc (size); \
+ assert(new_mem); \
+ } while (0)
+@@ -63,6 +66,7 @@
+ #define XCALLOC(new_mem, sizex) \
+ do \
+ { \
++ assert(size); \
+ (at_address&)(new_mem) = (void *) calloc (sizex, 1); \
+ assert(new_mem); \
+ } while (0)
diff --git a/autotrace-libpng.patch b/autotrace-libpng.patch
index 0009317..5504fd0 100644
--- a/autotrace-libpng.patch
+++ b/autotrace-libpng.patch
@@ -1,6 +1,17 @@
---- autotrace-0.31.1/input-png.c.orig 2002-10-10 22:44:14.000000000 +0200
-+++ autotrace-0.31.1/input-png.c 2013-03-22 20:20:49.835238916 +0100
-@@ -42,17 +42,17 @@
+From 56103b05af8a9d67ce158eceab9f7c984b38eabb Mon Sep 17 00:00:00 2001
+From: Jon Ciesla <limburgher at gmail.com>
+Date: Fri, 2 Mar 2012 09:39:36 -0600
+Subject: [PATCH 3/3] libpng fix.
+
+---
+ input-png.c | 22 ++++++----------------
+ 1 file changed, 6 insertions(+), 16 deletions(-)
+
+diff --git a/input-png.c b/input-png.c
+index 77b96f1..b631f07 100644
+--- a/input-png.c
++++ b/input-png.c
+@@ -42,17 +42,17 @@ static png_bytep * read_png(png_structp png_ptr, png_infop info_ptr, at_input_op
static void handle_warning(png_structp png, const at_string message) {
LOG1("PNG warning: %s", message);
@@ -22,7 +33,7 @@
"PNG error"); */
}
-@@ -157,8 +157,8 @@
+@@ -157,8 +157,8 @@ read_png(png_structp png_ptr, png_infop info_ptr, at_input_opts_type * opts)
png_set_strip_16(png_ptr);
png_set_packing(png_ptr);
@@ -33,26 +44,29 @@
(png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)))
png_set_expand(png_ptr);
-@@ -184,17 +184,16 @@
+@@ -181,20 +181,10 @@ read_png(png_structp png_ptr, png_infop info_ptr, at_input_opts_type * opts)
+ PNG_BACKGROUND_GAMMA_FILE, 1, 1.0);
+ } else
+ png_set_strip_alpha(png_ptr);
++ png_set_interlace_handling(png_ptr);
png_read_update_info(png_ptr, info_ptr);
-
+-
- info_ptr->row_pointers = (png_bytepp)png_malloc(png_ptr,
- info_ptr->height * sizeof(png_bytep));
-+ png_set_rows(png_ptr, info_ptr, (png_bytepp)png_malloc(png_ptr,
-+ png_get_image_height(png_ptr, info_ptr) * sizeof(png_bytep)));
- #ifdef PNG_FREE_ME_SUPPORTED
- info_ptr->free_me |= PNG_FREE_ROWS;
- #endif
+-#ifdef PNG_FREE_ME_SUPPORTED
+- info_ptr->free_me |= PNG_FREE_ROWS;
+-#endif
- for (row = 0; row < (int)info_ptr->height; row++)
- info_ptr->row_pointers[row] = (png_bytep)png_malloc(png_ptr,
-+ for (row = 0; row < (int)png_get_image_height(png_ptr, info_ptr); row++)
-+ png_get_rows(png_ptr, info_ptr)[row] = (png_bytep)png_malloc(png_ptr,
- png_get_rowbytes(png_ptr, info_ptr));
-
+- png_get_rowbytes(png_ptr, info_ptr));
+-
- png_read_image(png_ptr, info_ptr->row_pointers);
- info_ptr->valid |= PNG_INFO_IDAT;
-+ png_read_image(png_ptr, png_get_rows(png_ptr, info_ptr));
++ png_read_png(png_ptr, info_ptr, PNG_TRANSFORM_IDENTITY, NULL);
png_read_end(png_ptr, info_ptr);
return png_get_rows(png_ptr, info_ptr);
}
+--
+1.7.11.2
+
diff --git a/autotrace-link.patch b/autotrace-link.patch
index 0be012a..42fe867 100644
--- a/autotrace-link.patch
+++ b/autotrace-link.patch
@@ -27,3 +27,22 @@
m4datadir = $(datadir)/aclocal
m4data_DATA = autotrace.m4
+--- autotrace-0.31.1/autotrace-config.af.orig 2002-10-10 22:43:58.000000000 +0200
++++ autotrace-0.31.1/autotrace-config.af 2022-04-11 19:26:53.462381571 +0200
+@@ -16,4 +16,4 @@ AF_ARG_VERSION(@VERSION@)
+ #dummy because this should always be selected
+ AF_LIBRARY(autotrace)
+ AF_DEF_CFLAGS([-I at includedir@])
+-AF_DEF_LIBS([-L at libdir@ -lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@])
++AF_DEF_LIBS([-lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@])
+--- autotrace-0.31.1/autotrace-config.in.orig 2002-11-08 19:18:31.000000000 +0100
++++ autotrace-0.31.1/autotrace-config.in 2022-04-11 19:27:10.912287037 +0200
+@@ -205,7 +205,7 @@ fi
+ #dummy because this should always be selected
+
+ af_cflags="$af_cflags -I at includedir@"
+-af_libs="-L at libdir@ -lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@ $af_libs"
++af_libs="-lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@ $af_libs"
+
+
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/autotrace.git/commitdiff/f1049f72a94d7b31f40fe08726bf1e0fa20c13f9
More information about the pld-cvs-commit
mailing list