OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=39

2016-04-12 08:41:32 +00:00 · 2016-04-12 08:41:32 +00:00 · 013cac56b3
commit 013cac56b3
parent a635d5eed4
6 changed files with 35 additions and 18 deletions
--- a/giflib-5.1.3.tar.bz2
+++ b/giflib-5.1.3.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5096d27805283599b01074d487ad3f8e02bd26b84d759b9017be876ca3d5b81d
-size 639420
--- a/giflib-5.1.4.tar.bz2
+++ b/giflib-5.1.4.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:df27ec3ff24671f80b29e6ab1c4971059c14ac3db95406884fc26574631ba8d5
+size 639703
--- a/giflib-CVE-2016-3977.patch
+++ b/giflib-CVE-2016-3977.patch
@ -0,0 +1,15 @@
+--- giflib-5.1.4/util/gif2rgb.c	2016-03-17 17:24:17.000000000 +0100
+++ giflib-5.1.4/util/gif2rgb.c	2016-04-12 10:37:35.672174495 +0200
+@@ -471,6 +471,12 @@
+         exit(EXIT_FAILURE);
+     }
+ 
+    /* check that the background color isn't garbage (SF bug #87) */
+    if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) {
+        fprintf(stderr, "Background color out of range for colormap\n");
+        exit(EXIT_FAILURE);
+    }
+
+     DumpScreen2RGB(OutFileName, OneFileFlag,
+ 		   ColorMap,
+ 		   ScreenBuffer, 
--- a/giflib-sf-88.patch
+++ b/giflib-sf-88.patch
@ -1,12 +0,0 @@
-Index: giflib-5.1.3/util/gifbuild.c
-===================================================================
--- giflib-5.1.3.orig/util/gifbuild.c
-+++ giflib-5.1.3/util/gifbuild.c
-@@ -724,6 +724,7 @@ static void DumpExtensions(GifFileType *
- 	    printf("end\n\n");
- 	}
- 	else if (ep->Function == APPLICATION_EXT_FUNC_CODE 
-+         && ep->ByteCount >= 11
- 		 && memcmp(ep->Bytes, "NETSCAPE2.0", 11) == 0) {
- 	    unsigned char *params = (++ep)->Bytes;
- 	    unsigned int loopcount = params[1] | (params[2] << 8);
--- a/giflib.changes
+++ b/giflib.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue Apr 12 08:34:44 UTC 2016 - fstrba@suse.com
+
+- Update to version 5.1.3
+  * Fix SF bug #94: giflib 5 loves to fail to load images... a LOT.
+  * Fix SF Bug #92: Fix buffer overread in gifbuild.
+  * Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path
+  * Fix SF Bug #89: Fix buffer overread in gifbuild.
+- Removed patch:
+  * giflib-sf-88.patch
+    + Integrated upstream
+- Added patch:
+  * giflib-CVE-2016-3977.pach
+    - Fix CVE-2016-3977: heap buffer overflow in gif2rgb
+      (bsc#974847)
+
 -------------------------------------------------------------------
 Wed Mar 23 08:23:32 UTC 2016 - idonmez@suse.com

--- a/giflib.spec
+++ b/giflib.spec
@ -18,7 +18,7 @@

 %define lname   libgif7
 Name:           giflib
-Version:        5.1.3
+Version:        5.1.4
 Release:        0
 Summary:        A Library for Working with GIF Images
 License:        MIT
@ -28,7 +28,6 @@ Source:         http://downloads.sf.net/giflib/%{name}-%{version}.tar.bz2
 Source2:        baselibs.conf
 Patch1:         giflib-visibility.patch
 Patch2:         giflib-automake-1_13.patch
-Patch3:         giflib-sf-88.patch
 BuildRequires:  libtool >= 2
 BuildRequires:  xorg-x11-libICE-devel
 BuildRequires:  xorg-x11-libSM-devel
@ -72,7 +71,6 @@ have expired, giflib can again be used instead of libungif.
 %setup -q
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1

 # USE __TIMESTAMP__ instead of __DATE__ , __TIME__
 # this change is pointless unless we preserve the original