- updated libpng patch (to simplify loading code), added CVE-2013-1953,CVE-2016-7392...

- drop .la file
- release 18

diff --git a/autotrace-CVE-2013-1953.patch b/autotrace-CVE-2013-1953.patch
new file mode 100644 (file)
index 0000000..38d7eae
--- /dev/null
+++ b/autotrace-CVE-2013-1953.patch
@@ -0,0 +1,12 @@
+diff -up autotrace-0.31.1/input-bmp.c.orig autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1/input-bmp.c.orig  2002-10-10 22:44:08.000000000 +0200
++++ autotrace-0.31.1/input-bmp.c       2013-06-28 10:24:58.336056959 +0200
+@@ -166,7 +166,7 @@ input_bmp_reader (at_string filename,
+                                                         /* 36 */
+       Maps = 4;
+     }
+-  else if (Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
++  else if (Bitmap_File_Head.biSize >= 40 && Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
+     {
+       if (!ReadOK (fd, buffer, Bitmap_File_Head.biSize - 4))
+       {

diff --git a/autotrace-CVE-2016-7392.patch b/autotrace-CVE-2016-7392.patch
new file mode 100644 (file)
index 0000000..183320d
--- /dev/null
+++ b/autotrace-CVE-2016-7392.patch
@@ -0,0 +1,16 @@
+Subject: Fix heap-based buffer overflow in pstoedit_suffix_table_init
+ID: CVE-2016-7392
+Author: unknown (taken from DLA-621-1)
+Bug-Debian: https://bugs.debian.org/837599
+
+--- a/output-pstoedit.c
++++ b/output-pstoedit.c
+@@ -84,7 +84,7 @@
+       dd_tmp   = dd_start;
+       while (dd_tmp->symbolicname)
+       dd_tmp++;
+-      XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1);
++      XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - dd_start) + 1));
+ 
+ #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__)
+   fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__);

diff --git a/autotrace-CVE-2019-19004.patch b/autotrace-CVE-2019-19004.patch
new file mode 100644 (file)
index 0000000..7121b94
--- /dev/null
+++ b/autotrace-CVE-2019-19004.patch
@@ -0,0 +1,17 @@
+diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1.old/input-bmp.c   2021-04-30 15:03:16.264446518 +0530
++++ autotrace-0.31.1/input-bmp.c       2021-04-30 15:06:14.682051209 +0530
+@@ -220,6 +220,13 @@
+    * word length (32 bits == 4 bytes)
+    */
+ 
++  unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
++  if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
++    LOG("Error reading BMP file header. Width is too large\n");
++    at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
++    goto cleanup;
++  }
++
+   rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;  
+ 
+ #ifdef DEBUG

diff --git a/autotrace-CVE-2019-19005.patch b/autotrace-CVE-2019-19005.patch
new file mode 100644 (file)
index 0000000..cb0ffc7
--- /dev/null
+++ b/autotrace-CVE-2019-19005.patch
@@ -0,0 +1,35 @@
+diff -urN autotrace-0.31.1.old/xstd.h autotrace-0.31.1/xstd.h
+--- autotrace-0.31.1.old/xstd.h        2002-10-11 02:14:17.000000000 +0530
++++ autotrace-0.31.1/xstd.h    2021-04-30 15:22:25.853589944 +0530
+@@ -20,6 +20,7 @@
+ #define XMALLOC(new_mem, size)                        \
+ do                                            \
+   {                                           \
++    assert(size);                              \
+     new_mem = (at_address) malloc (size);     \
+     assert(new_mem);                          \
+   } while (0)
+@@ -28,6 +29,7 @@
+ #define XCALLOC(new_mem, size)                        \
+ do                                            \
+   {                                           \
++    assert(size);                              \
+     new_mem = (at_address) calloc (size, 1);  \
+     assert(new_mem);                          \
+   } while (0)
+@@ -55,6 +57,7 @@
+ #define XMALLOC(new_mem, size)                                        \
+ do                                                            \
+   {                                                           \
++    assert(size);                                              \
+     (at_address&)(new_mem) = (at_address) malloc (size);      \
+      assert(new_mem);                                         \
+   } while (0) 
+@@ -63,6 +66,7 @@
+ #define XCALLOC(new_mem, sizex)                                       \
+ do                                                            \
+   {                                                           \
++    assert(size);                                              \
+     (at_address&)(new_mem) = (void *) calloc (sizex, 1);      \
+     assert(new_mem);                                          \
+   } while (0) 

diff --git a/autotrace-libpng.patch b/autotrace-libpng.patch
index 000931753cbd14a5ba30c804a3cc05ae0c85c884..5504fd04863e4da1e5a05dbca083fd773741cb66 100644 (file)
--- a/autotrace-libpng.patch
+++ b/autotrace-libpng.patch
@@ -1,6 +1,17 @@
---- autotrace-0.31.1/input-png.c.orig  2002-10-10 22:44:14.000000000 +0200
-+++ autotrace-0.31.1/input-png.c       2013-03-22 20:20:49.835238916 +0100
-@@ -42,17 +42,17 @@
+From 56103b05af8a9d67ce158eceab9f7c984b38eabb Mon Sep 17 00:00:00 2001
+From: Jon Ciesla <limburgher@gmail.com>
+Date: Fri, 2 Mar 2012 09:39:36 -0600
+Subject: [PATCH 3/3] libpng fix.
+
+---
+ input-png.c | 22 ++++++----------------
+ 1 file changed, 6 insertions(+), 16 deletions(-)
+
+diff --git a/input-png.c b/input-png.c
+index 77b96f1..b631f07 100644
+--- a/input-png.c
++++ b/input-png.c
+@@ -42,17 +42,17 @@ static png_bytep * read_png(png_structp png_ptr, png_infop info_ptr, at_input_op
  
  static void handle_warning(png_structp png, const at_string message) {
          LOG1("PNG warning: %s", message);
@@ -22,7 +33,7 @@
           "PNG error"); */
        
  }
-@@ -157,8 +157,8 @@
+@@ -157,8 +157,8 @@ read_png(png_structp png_ptr, png_infop info_ptr, at_input_opts_type * opts)
  
        png_set_strip_16(png_ptr);
        png_set_packing(png_ptr);
@@ -33,26 +44,29 @@
            (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)))
                png_set_expand(png_ptr);
  
-@@ -184,17 +184,16 @@
+@@ -181,20 +181,10 @@ read_png(png_structp png_ptr, png_infop info_ptr, at_input_opts_type * opts)
+                                  PNG_BACKGROUND_GAMMA_FILE, 1, 1.0);
+       } else
+               png_set_strip_alpha(png_ptr);
++      png_set_interlace_handling(png_ptr);
        png_read_update_info(png_ptr, info_ptr);
  
- 
+-
 -      info_ptr->row_pointers = (png_bytepp)png_malloc(png_ptr,
 -                                                      info_ptr->height * sizeof(png_bytep));
-+      png_set_rows(png_ptr, info_ptr, (png_bytepp)png_malloc(png_ptr,
-+                                                      png_get_image_height(png_ptr, info_ptr) * sizeof(png_bytep)));
- #ifdef PNG_FREE_ME_SUPPORTED
-       info_ptr->free_me |= PNG_FREE_ROWS;
- #endif
+-#ifdef PNG_FREE_ME_SUPPORTED
+-      info_ptr->free_me |= PNG_FREE_ROWS;
+-#endif
 -      for (row = 0; row < (int)info_ptr->height; row++)
 -              info_ptr->row_pointers[row] = (png_bytep)png_malloc(png_ptr,
-+      for (row = 0; row < (int)png_get_image_height(png_ptr, info_ptr); row++)
-+              png_get_rows(png_ptr, info_ptr)[row] = (png_bytep)png_malloc(png_ptr,
-                                                                   png_get_rowbytes(png_ptr, info_ptr));
-       
+-                                                                  png_get_rowbytes(png_ptr, info_ptr));
+-      
 -      png_read_image(png_ptr, info_ptr->row_pointers);
 -      info_ptr->valid |= PNG_INFO_IDAT;
-+      png_read_image(png_ptr, png_get_rows(png_ptr, info_ptr));
++      png_read_png(png_ptr, info_ptr, PNG_TRANSFORM_IDENTITY, NULL);
        png_read_end(png_ptr, info_ptr);
        return png_get_rows(png_ptr, info_ptr);
  }
+-- 
+1.7.11.2
+

diff --git a/autotrace-link.patch b/autotrace-link.patch
index 0be012a62867ac1c473f4da39fae43768c67903a..42fe867599562e5e9832af69318538e4ef607579 100644 (file)
--- a/autotrace-link.patch
+++ b/autotrace-link.patch
@@ -27,3 +27,22 @@
  
  m4datadir = $(datadir)/aclocal
  m4data_DATA = autotrace.m4
+--- autotrace-0.31.1/autotrace-config.af.orig  2002-10-10 22:43:58.000000000 +0200
++++ autotrace-0.31.1/autotrace-config.af       2022-04-11 19:26:53.462381571 +0200
+@@ -16,4 +16,4 @@ AF_ARG_VERSION(@VERSION@)
+ #dummy because this should always be selected
+ AF_LIBRARY(autotrace)
+ AF_DEF_CFLAGS([-I@includedir@])
+-AF_DEF_LIBS([-L@libdir@ -lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@])
++AF_DEF_LIBS([-lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@])
+--- autotrace-0.31.1/autotrace-config.in.orig  2002-11-08 19:18:31.000000000 +0100
++++ autotrace-0.31.1/autotrace-config.in       2022-04-11 19:27:10.912287037 +0200
+@@ -205,7 +205,7 @@ fi
+ #dummy because this should always be selected
+ 
+ af_cflags="$af_cflags -I@includedir@"
+-af_libs="-L@libdir@ -lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@ $af_libs"
++af_libs="-lautotrace @LIBPNG_LDFLAGS@ @MAGICK_LDFLAGS@ @LIBSWF_LDFLAGS@ @LIBPSTOEDIT_LIBS@ $af_libs"
+ 
+ 
+ 

diff --git a/autotrace.spec b/autotrace.spec
index 0018667ef64d56f4b3e13a43d23b68f5ee32f16b..693eb091d922bbcd7ce7f40bc6b2905f83cf6ad4 100644 (file)
--- a/autotrace.spec
+++ b/autotrace.spec
@@ -2,7 +2,7 @@ Summary:        AutoTrace - convert bitmap to vector graphics
 Summary(pl.UTF-8):     AutoTrace - konwerter grafiki rastrowej do wektorowej
 Name:          autotrace
 Version:       0.31.1
-Release:       17
+Release:       18
 License:       GPL v2+
 Group:         Applications/Graphics
 Source0:       http://downloads.sourceforge.net/autotrace/%{name}-%{version}.tar.gz
@@ -13,6 +13,10 @@ Patch2:              %{name}-am18.patch
 Patch3:                %{name}-magick6.patch
 Patch4:                %{name}-am.patch
 Patch5:                %{name}-libpng.patch
+Patch6:                %{name}-CVE-2013-1953.patch
+Patch7:                %{name}-CVE-2016-7392.patch
+Patch8:                %{name}-CVE-2019-19004.patch
+Patch9:                %{name}-CVE-2019-19005.patch
 URL:           http://autotrace.sourceforge.net/
 BuildRequires: ImageMagick-devel >= 1:6.2.4.0
 BuildRequires: autoconf
@@ -70,6 +74,10 @@ Biblioteka statyczna AutoTrace.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 %build
 %{__libtoolize}
@@ -87,6 +95,9 @@ rm -rf $RPM_BUILD_ROOT
 %{__make} install \
        DESTDIR=$RPM_BUILD_ROOT
 
+# obsoleted by pkg-config
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libautotrace.la
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -105,7 +116,6 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(644,root,root,755)
 %attr(755,root,root) %{_bindir}/autotrace-config
 %attr(755,root,root) %{_libdir}/libautotrace.so
-%{_libdir}/libautotrace.la
 %{_includedir}/autotrace
 %{_aclocaldir}/autotrace.m4
 %{_pkgconfigdir}/autotrace.pc