giflib/giflib.changes

514 lines
20 KiB
Plaintext

-------------------------------------------------------------------
Mon Feb 26 11:29:46 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Update to version 5.2.2
* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506
(bsc#1198880)
* Address SF issue #138 Documentation for obsolete utilities still
installed
* Address SF issue #139: Typo in "LZW image data" page
("110_2 = 4_10")
* Address SF issue #140: Typo in "LZW image data" page ("LWZ")
* Address SF issue #141: Typo in "Bits and bytes" page ("filed")
* Note as already fixed SF issue #143: cannot compile under mingw
* Address SF issue #144: giflib-5.2.1 cannot be build on windows
and other platforms using c89
* Address SF issue #145: Remove manual pages installation for
binaries that are not installed too
* Address SF issue #146: [PATCH] Limit installed man pages to
binaries, move giflib to section 7
* Address SF issue #147 [PATCH] Fixes to doc/whatsinagif/ content
* Address SF issue #148: heap Out of Bound Read in gif2rgb.c:298
DumpScreen2RGB
* Declared no-info on SF issue #150: There is a denial of service
vulnerability in GIFLIB 5.2.1
* Declared Won't-fix on SF issue 149: Out of source builds no
longer possible
* Address SF issue #151: A heap-buffer-overflow in gif2rgb.c:294:45
* Address SF issue #152: Fix some typos on the html documentation
and man pages
* Address SF issue #153: Fix segmentation faults due to non
correct checking for args
* Address SF issue #154: Recover the giffilter manual page
* Address SF issue #155: Add gifsponge docs
* Address SF issue #157: An OutofMemory-Exception or Memory Leak
in gif2rgb
* Address SF issue #158: There is a null pointer problem in
gif2rgb
* Address SF issue #159 A heap-buffer-overflow in GIFLIB5.2.1
DumpScreen2RGB() in gif2rgb.c:298:45
* Address SF issue #163: detected memory leaks in
openbsd_reallocarray giflib/openbsd-reallocarray.c
* Address SF issue #164: detected memory leaks in GifMakeMapObject
giflib/gifalloc.c
* Address SF issue #166: a read zero page leads segment fault in
getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
* Address SF issue #167: Heap-Buffer Overflow during Image Saving
in DumpScreen2RGB Function at Line 321 of gif2rgb.c
- Added patch:
* giflib-5.2.2-no-imagemagick.patch
+ do not use ImageMagick to resize one gif file. It creates a
build cycle.
* 0001-Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch
+ upstream fix for CVE-2021-40633 (bsc#1200551)
- Modified patches:
* PIE.patch
* reproducible.patch
+ rediff to changed context
-------------------------------------------------------------------
Sat Aug 12 21:30:14 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Define make_build for distributions which do not define them in
system macros
-------------------------------------------------------------------
Mon Dec 12 21:29:29 UTC 2022 - Dirk Müller <dmueller@suse.com>
- add reproducible.patch to avoid timestamp patching in the build
section and allowing it to build with -Werror=date-time
-------------------------------------------------------------------
Thu Apr 15 15:15:15 UTC 2021 - olaf@aepfle.de
- prep section should just extract and patch,
further modifications have to be done in the build section
-------------------------------------------------------------------
Wed Apr 14 11:32:49 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* PIE.patch
+ build path independent objects and inherit CFLAGS from the
build system (bsc#1184123)
-------------------------------------------------------------------
Fri Jul 10 21:23:35 UTC 2020 - Matthias Eliasson <elimat@opensuse.org>
- Update to version 5.2.1
* In gifbuild.c, avoid a core dump on no color map.
* Restore inadvertently removed library version numbers in Makefile.
- Changes in version 5.2.0
* The undocumented and deprecated GifQuantizeBuffer() entry point
has been moved to the util library to reduce libgif size and attack
surface. Applications needing this function are couraged to link the
util library or make their own copy.
* The following obsolete utility programs are no longer installed:
gifecho, giffilter, gifinto, gifsponge. These were either installed in
error or have been obsolesced by modern image-transformmation tools
like ImageMagick convert. They may be removed entirely in a future
release.
* Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84
* Address SF bug #134: Giflib fails to slurp significant number of gifs
* Apply SPDX convention for license tagging.
- Changes in version 5.1.9
* The documentation directory now includes an HTMlified version of the
GIF89 standard, and a more detailed description of how LZW compression
is applied to GIFs.
* Address SF bug #129: The latest version of giflib cannot be build on windows.
* Address SF bug #126: Cannot compile giflib using c89
- Changes in version 5.1.8
* Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299)
* Address SF bug #125: 5.1.7: xmlto is still required for tarball
* Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible
* Address SF bug #122: 5.1.7 installs manpages to wrong directory
* Address SF bug #121: make: getversion: Command not found
* Address SF bug #120: 5.1.7 does not build a proper library - no
- Changes in version 5.1.7
* Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs.
- Changes in version 5.1.6
* Fix library installation in the Makefile.
- Changes in version 5.1.5
* Fix SF bug #114: Null dereferences in main() of gifclrmp
* Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine()
in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832).
* Fix SF bug #111: segmentation fault in PrintCodeBlock
* Fix SF bug #109: Segmentation fault of giftool reading a crafted file
* Fix SF bug #107: Floating point exception in giftext utility
* Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317
* Fix SF bug #104: Ineffective bounds check in DGifSlurp
* Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment
* Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847)
* The horrible old autoconf build system has been removed with extreme prejudice.
You now build this simply by running "make" from the top-level directory.
- Run spec-cleaner
- Drop patches fixed upstream:
* giflib-visibility.patch
* giflib-automake-1_13.patch
* giflib-CVE-2016-3977.patch
* fix-autoconf11.patch
- Change build system to Make only (upstream not using autoconf)
-------------------------------------------------------------------
Fri Nov 9 23:16:46 UTC 2018 - schwab@suse.de
- Remove unused build requires on X libraries
- Use %license
-------------------------------------------------------------------
Wed Jul 5 05:38:23 UTC 2017 - bwiedemann@suse.com
- Keep timestamps before patch updates them to fix build-compare
-------------------------------------------------------------------
Fri May 13 15:50:28 UTC 2016 - rpm@fthiessen.de
- Added fix-autoconf11.patch for fixing build with older autoconf,
requires for SLE11.
-------------------------------------------------------------------
Tue Apr 12 08:34:44 UTC 2016 - fstrba@suse.com
- Update to version 5.1.4
* Fix SF bug #94: giflib 5 loves to fail to load images... a LOT.
* Fix SF Bug #92: Fix buffer overread in gifbuild.
* Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path
* Fix SF Bug #89: Fix buffer overread in gifbuild.
- Removed patch:
* giflib-sf-88.patch
+ Integrated upstream
- Added patch:
* giflib-CVE-2016-3977.patch
- Fix CVE-2016-3977: heap buffer overflow in gif2rgb
(bsc#974847)
-------------------------------------------------------------------
Wed Mar 23 08:23:32 UTC 2016 - idonmez@suse.com
- Update to version 5.1.3
* Prevent malloc randomess from causing the header output routine
to emit a GIF89 version string even when no GIF89 features are
present.
* Prevent malloc randomess from producing sporadic failures by causing
sanity checks added in 5.1.2 to misfire.
* Bulletproof gif2rgb against 0-height images. Addressed sf#78:
Heap overflow in gif2rgb with images of size 0, also sf#82.
* Remove unnecessary duplicate EGifClose() in gifcolor.c. Fixes sf#83
introduced in 5.1.2.
* Fix sf#84: incorrect return of DGifSlurp().
- Add giflib-sf-88.patch to fix sf#88
-------------------------------------------------------------------
Tue Jan 19 12:59:02 UTC 2016 - fstrba@suse.com
- Update to version 5.1.2 (fixes CVE-2015-7555, bsc#960319)
* Code Fixes
+ Code hardening using reallocarray() from OpenBSD.
+ Sanity check in giffilter catches files with malformed
extension records. Fixes SourceForge bug #63: malformed gif
causes segfault in giffilter.
+ Inexpensive sanity check in DGifSlurp() catches malformed files
with no image descriptor. Fixes SourceForge bug #64: malformed
gif causes crash in giftool.
+ Fix SourceForge bug #66: GifDrawBoxedText8x8() modifying
constant input parameter.
+ Bail out of GIF read on invalid pixel width. Addresses Savannah
bug #67: invalid shift in dgif_lib.c
+ Fix SourceForge bug #69: #69 Malformed: Gif file with no
extension block after a GRAPHICS_EXT_FUNC_CODE extension causes
segfault (in giftext).
+ Fix SourceForge bug #71: Buffer overwrite when giffixing a
malformed gif.
+ Fix SourceForge bug #73: Null pointer deference in gifclrmap
(only reachable with malformed GIF).
+ Fix SourceForge bug #74: Double free in gifsponge under 5.1,1,
for any valid gif image.
+ Fix SourceForge bug #75: GAGetArgs overflows due to uncounted
use of va_arg.
+ Sanity check in giffix catches some malformed files. Addresses
SourceForge bug #77: dgif_lib.c: extension processing error
- Modified patches:
* giflib-automake-1_13.patch
* giflib-visibility.patch
+ rediff to changed context
-------------------------------------------------------------------
Thu Jan 15 13:36:49 UTC 2015 - tchvatal@suse.com
- Cleanup a bit
- Remove obsolete sle10 deprecations
- Fix one tiny rpmlint warning
-------------------------------------------------------------------
Wed Jan 14 22:39:16 UTC 2015 - p.drouand@gmail.com
- Update to version 5.1.1
+ Numerous minor fixes in getarg.c. Affects only the utilities, not the
core library.
+ Fix SourceForge bug #59 DGifOpen can segfault if DGifGetScreenDesc fails.
+ SourceForge patch #20: In gifalloc, fix usage of realloc() in case of failure.
+ Fix SourceForge bug #61 Leak in gifsponge.
+ glibtoolize port fix for OS X.
-------------------------------------------------------------------
Fri May 30 14:36:54 UTC 2014 - jengelh@inai.de
- Update to new upstream release 5.1.0
* Minor API change to assist library wrappers in dynamic languages,
removal of the the gif2raw utility, and various minor fix patches
for unusual edge cases.
* API changes to functions:
GifErrorString returns const char *;
EGifGetGifVersion returns const char *;
EGifCloseFile takes another int *errorcode;
DGifCloseFile takes another int *errorcode;
-------------------------------------------------------------------
Sat Aug 31 10:42:33 UTC 2013 - jengelh@inai.de
- Update to new upstream release 5.0.5 (bugfix release)
* This release sets the error return properly when a screen
descriptor read fails, and fixes minor API documentation bugs.
-------------------------------------------------------------------
Wed Jun 26 00:43:20 UTC 2013 - jengelh@inai.de
- Update to new upstream release 5.0.4
* Fix for a rare misrendering bug when a GIF overruns the
decompression-code table.
- Make patches have -p1, as requested by
http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
-------------------------------------------------------------------
Wed Mar 27 08:31:44 UTC 2013 - mmeister@suse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
-------------------------------------------------------------------
Sat Mar 2 10:13:17 UTC 2013 - seife+obs@b1-systems.com
- add giflib-automake-1_13.patch, fix build with automake-1.13.1
-------------------------------------------------------------------
Fri Jan 11 22:13:53 UTC 2013 - jengelh@inai.de
- Remove "Obsoletes: giflib", because libgif6 must not obsolete
libgif4 (it would do that by way of libgif4's "Provides: giflib").
-------------------------------------------------------------------
Fri Jan 4 15:02:09 UTC 2013 - jengelh@inai.de
- Adjust baselibs.conf for libgif6, remove libungif rpm symbols
since they are now no longer provided.
-------------------------------------------------------------------
Sun Dec 30 22:31:28 UTC 2012 - crrodriguez@opensuse.org
- Version 5.0.3
* The library is now purely reentrant and thread-safe
* Adds an EGifSetGifVersion() entry point
* All names of exported functions now have a Gif, DGif, or EGif prefix.
- packaging changes:
* soname is now libgif6
* Compatibility with ancient "libungif" via rpm spec file hacks
is no longer included, if there is any application around
that still requires this it has to be fixed.
-------------------------------------------------------------------
Sun Feb 5 16:23:36 UTC 2012 - jengelh@medozas.de
- Remove redundant tags/sections
-------------------------------------------------------------------
Mon Oct 10 02:57:31 UTC 2011 - crrodriguez@opensuse.org
- annotate functions from gif_lib_private.h with visibility
hidden so they are not exported.
-------------------------------------------------------------------
Sat Oct 1 05:39:13 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
-------------------------------------------------------------------
Wed Sep 21 10:59:15 UTC 2011 - jengelh@medozas.de
- Correct project URL
- Implement shlib naming (libgif4)
- Apply packaging guidelines (remove redundant/obsolete
tags/sections from specfile, etc.)
-------------------------------------------------------------------
Sun Aug 29 23:15:24 UTC 2010 - cristian.rodriguez@opensuse.org
- Do not use __Date__ and __TIME__ , make build-compare
happier
-------------------------------------------------------------------
Thu Dec 17 20:50:13 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Tue Jan 13 16:19:37 CET 2009 - olh@suse.de
- obsolete old libungif-64bit on ppc64 (bnc#437293)
-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
-------------------------------------------------------------------
Mon Nov 24 12:34:56 CET 2008 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Sat Aug 30 14:55:14 CEST 2008 - crrodriguez@suse.de
- update to version 4.1.6, changes since 4.1.4 includes:
* Fix segfault in utilities due to referencing ColorMaps in GifFiles that had
no ColorMap present.
* Fix gif2x11 to work on 24 bit displays.
* Fix for giftext segfault when the GifFile does not store a global colormap.
* Checks to fail gracefully when an image contains improper LZ codes.
* Close file handles on failure in DGifOpenFileHandle()
* Checks to operate on files in binary mode on WIN32 as well as MSDOS.
- kill "la" files and static libraries
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Wed Aug 16 20:28:34 CEST 2006 - aj@suse.de
- Replace xorg-x11-devel BuildRequires with really needed libs.
- Fix configure call for X11 R7.
-------------------------------------------------------------------
Wed Jan 25 21:30:18 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Thu Jan 12 16:17:07 CET 2006 - nadvornik@suse.cz
- compile with -fstack-protector
-------------------------------------------------------------------
Tue Jan 3 12:21:11 CET 2006 - nadvornik@suse.cz
- updated to 4.1.4
-------------------------------------------------------------------
Tue Apr 26 21:19:18 CEST 2005 - jw@suse.de
- fixed EGifCompressLine for 64bit archs,
to make perl-Prima testcases happy.
-------------------------------------------------------------------
Tue Sep 14 16:30:45 CEST 2004 - nadvornik@suse.cz
- fixed provides on 64bit architectures [#44842]
-------------------------------------------------------------------
Thu Sep 09 14:13:20 CEST 2004 - nadvornik@suse.cz
- added Provides: libungif.so.4 [#44842]
-------------------------------------------------------------------
Wed Sep 01 13:51:38 CEST 2004 - nadvornik@suse.cz
- updated to giflib 4.1.3: LZW is enabled again
- renamed libungif -> giflib
ungif -> giflib-progs
- new subpackage giflib-devel
- added compatibility symlinks
-------------------------------------------------------------------
Tue Feb 24 21:43:47 CET 2004 - kukuk@suse.de
- Cleanup neededforbuild
-------------------------------------------------------------------
Sat Jan 10 18:20:46 CET 2004 - adrian@suse.de
- add %defattr and %run_ldconfig
-------------------------------------------------------------------
Mon Feb 11 11:36:10 CET 2002 - schwab@suse.de
- Fix use of varargs.
-------------------------------------------------------------------
Wed Feb 6 10:54:53 CET 2002 - nadvornik@suse.cz
- updated to 4.1.0b1:
- bugfix release
-------------------------------------------------------------------
Tue Jan 8 17:00:30 CET 2002 - nadvornik@suse.cz
- used macros %{_lib} and %{_libdir}
-------------------------------------------------------------------
Tue Jun 12 12:08:36 CEST 2001 - ro@suse.de
- libtoolize to build
-------------------------------------------------------------------
Tue Jun 5 18:17:54 CEST 2001 - schwab@suse.de
- Change DumpScreen2Gif parameters to long.
-------------------------------------------------------------------
Thu May 24 18:10:55 CEST 2001 - pblaha@suse.cz
- fix cast pointer on ia64
-------------------------------------------------------------------
Wed Apr 18 09:59:04 CEST 2001 - pblaha@suse.cz
- patch from nadvornik@suse.cz for bug in loading images
-------------------------------------------------------------------
Mon Apr 9 01:10:42 CEST 2001 - ro@suse.de
- fixed group tag
-------------------------------------------------------------------
Wed May 17 15:51:01 CEST 2000 - bubnikv@suse.cz
- fixed bug of $chmod 755 libungif.so* (missing $RPM_BUILD_ROOT)
- spec file cleanup
-------------------------------------------------------------------
Mon May 15 12:10:06 CEST 2000 - nadvornik@suse.cz
- added BuildRoot
- added URL
-------------------------------------------------------------------
Tue Apr 4 18:04:59 CEST 2000 - bk@suse.de
- config.{sub,guess} update macro needs automake
-------------------------------------------------------------------
Sat Apr 1 23:05:01 CEST 2000 - bk@suse.de
- suse s390 team added required %suse_update_config for s390
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Tue Jun 29 12:29:15 MEST 1999 - ro@suse.de
- split: ungif (containing the tools) is build as a separate package
-------------------------------------------------------------------
Tue Apr 6 17:15:24 MEST 1999 - ro@suse.de
- initial package