From b038d5c137276d3c84f0393d22fde0a342e1d278 Mon Sep 17 00:00:00 2001
From: Jaroslav Škarvada <jskarvad@redhat.com>
Date: Jun 28 2013 09:11:00 +0000
Subject: Fixed buffer overflow when parsing BMP files


  Resolves: CVE-2013-1953

---

diff --git a/autotrace-0.31.1-CVE-2013-1953.patch b/autotrace-0.31.1-CVE-2013-1953.patch
new file mode 100644
index 0000000..38d7eae
--- /dev/null
+++ b/autotrace-0.31.1-CVE-2013-1953.patch
@@ -0,0 +1,12 @@
+diff -up autotrace-0.31.1/input-bmp.c.orig autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1/input-bmp.c.orig	2002-10-10 22:44:08.000000000 +0200
++++ autotrace-0.31.1/input-bmp.c	2013-06-28 10:24:58.336056959 +0200
+@@ -166,7 +166,7 @@ input_bmp_reader (at_string filename,
+                                                         /* 36 */
+       Maps = 4;
+     }
+-  else if (Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
++  else if (Bitmap_File_Head.biSize >= 40 && Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
+     {
+       if (!ReadOK (fd, buffer, Bitmap_File_Head.biSize - 4))
+ 	{
diff --git a/autotrace.spec b/autotrace.spec
index e15d5e0..d44c341 100644
--- a/autotrace.spec
+++ b/autotrace.spec
@@ -1,6 +1,6 @@
 Name:           autotrace
 Version:        0.31.1
-Release:        33%{?dist}
+Release:        34%{?dist}
 Summary:        Utility for converting bitmaps to vector graphics
 Group:          Applications/Multimedia
 License:        GPLv2+ and LGPLv2+
@@ -9,6 +9,8 @@ Source0:        http://download.sf.net/autotrace/autotrace-0.31.1.tar.gz
 Patch1:         autotrace-0001-Modify-GetOnePixel-usage-to-build-against-current-Im.patch
 Patch2:         autotrace-0002-Fixed-underquoted-AM_PATH_AUTOTRACE-definition.patch
 Patch3:         autotrace-0003-libpng-fix.patch
+# Sent upstream
+Patch4:         autotrace-0.31.1-CVE-2013-1953.patch
 BuildRequires:  ImageMagick-devel
 BuildRequires:  libpng-devel > 2:1.2
 BuildRequires:  libexif-devel
@@ -46,6 +48,7 @@ This package contains header files and development libraries for autotrace.
 %patch1 -p1 -b .GetOnePixel
 %patch2 -p1 -b .aclocal18
 %patch3 -p1 -b .libpng15
+%patch4 -p1 -b .CVE-2013-1953
 
 %build
 %configure
@@ -80,6 +83,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
 
 
 %changelog
+* Fri Jun 28 2013 Jaroslav Škarvada <jskarvad@redhat.com> - 0.31.1-34
+- Fixed buffer overflow when parsing BMP files
+  Resolves: CVE-2013-1953
+
 * Mon Mar 18 2013 Jon Ciesla <limburgher@gmail.com> - 0.31.1-33
 - ImageMagick rebuild.