Accepting request 354774 from devel:libraries:c_c++
bsc#960319, CVE-2015-7555 OBS-URL: https://build.opensuse.org/request/show/354774 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/giflib?expand=0&rev=34
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
06c67e2e22
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:391014aceb21c8b489dc7b0d0b6a917c4e32cc014ce2426d47ca376d02fe2ffc
|
||||
size 654389
|
||||
3
giflib-5.1.2.tar.bz2
Normal file
3
giflib-5.1.2.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:76c0a084c3b02f9315ff937b8be6096186002fea26f33e2123081ba2be6e2a7c
|
||||
size 638967
|
||||
@ -1,10 +1,6 @@
|
||||
Index: b/configure.ac
|
||||
===================================================================
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -5,11 +5,11 @@ AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall])
|
||||
dnl Make builds less verbose. Shuts off Makefile portability checks.
|
||||
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
||||
--- giflib-5.1.2/configure.ac 2016-01-19 13:55:58.238147631 +0100
|
||||
+++ giflib-5.1.2/configure.ac 2016-01-19 13:56:31.165397666 +0100
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
dnl Note: config.h is not used in the current build
|
||||
dnl We leave this in place only to suppress an error message at autogen time
|
||||
@ -13,5 +9,3 @@ Index: b/configure.ac
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
|
||||
dnl Checks for programs.
|
||||
AC_PROG_CC_STDC
|
||||
AC_USE_SYSTEM_EXTENSIONS
|
||||
|
||||
@ -1,20 +1,13 @@
|
||||
---
|
||||
configure.ac | 7 +++++--
|
||||
lib/gif_hash.h | 4 ++++
|
||||
lib/gif_lib_private.h | 3 +++
|
||||
3 files changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: giflib-5.0.4/configure.ac
|
||||
===================================================================
|
||||
--- giflib-5.0.4.orig/configure.ac
|
||||
+++ giflib-5.0.4/configure.ac
|
||||
@@ -8,11 +8,14 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_R
|
||||
--- giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100
|
||||
+++ giflib-5.1.2/configure.ac 2016-01-19 13:54:45.119812921 +0100
|
||||
@@ -9,12 +9,15 @@
|
||||
dnl Note: config.h is not used in the current build
|
||||
dnl We leave this in place only to suppress an error message at autogen time
|
||||
AM_CONFIG_HEADER(config.h)
|
||||
+AC_CONFIG_MACRO_DIR([m4])
|
||||
|
||||
dnl Checks for programs.
|
||||
AM_PROG_AR
|
||||
-AC_PROG_LIBTOOL
|
||||
-AC_PROG_CC
|
||||
+AC_PROG_CC_STDC
|
||||
@ -25,11 +18,9 @@ Index: giflib-5.0.4/configure.ac
|
||||
AC_PROG_INSTALL
|
||||
AC_PROG_LN_S
|
||||
AC_PROG_MAKE_SET
|
||||
Index: giflib-5.0.4/lib/gif_hash.h
|
||||
===================================================================
|
||||
--- giflib-5.0.4.orig/lib/gif_hash.h
|
||||
+++ giflib-5.0.4/lib/gif_hash.h
|
||||
@@ -25,6 +25,8 @@ gif_hash.h - magfic constants and declar
|
||||
--- giflib-5.1.2/lib/gif_hash.h 2014-05-16 12:46:53.000000000 +0200
|
||||
+++ giflib-5.1.2/lib/gif_hash.h 2016-01-19 13:54:45.119812921 +0100
|
||||
@@ -25,6 +25,8 @@
|
||||
#define HT_PUT_KEY(l) (l << 12)
|
||||
#define HT_PUT_CODE(l) (l & 0x0FFF)
|
||||
|
||||
@ -38,7 +29,7 @@ Index: giflib-5.0.4/lib/gif_hash.h
|
||||
typedef struct GifHashTableType {
|
||||
uint32_t HTable[HT_SIZE];
|
||||
} GifHashTableType;
|
||||
@@ -34,6 +36,8 @@ void _ClearHashTable(GifHashTableType *H
|
||||
@@ -34,6 +36,8 @@
|
||||
void _InsertHashTable(GifHashTableType *HashTable, uint32_t Key, int Code);
|
||||
int _ExistsHashTable(GifHashTableType *HashTable, uint32_t Key);
|
||||
|
||||
@ -47,11 +38,9 @@ Index: giflib-5.0.4/lib/gif_hash.h
|
||||
#endif /* _GIF_HASH_H_ */
|
||||
|
||||
/* end */
|
||||
Index: giflib-5.0.4/lib/gif_lib_private.h
|
||||
===================================================================
|
||||
--- giflib-5.0.4.orig/lib/gif_lib_private.h
|
||||
+++ giflib-5.0.4/lib/gif_lib_private.h
|
||||
@@ -29,6 +29,8 @@ gif_lib_private.h - internal giflib rout
|
||||
--- giflib-5.1.2/lib/gif_lib_private.h 2014-05-16 12:46:53.000000000 +0200
|
||||
+++ giflib-5.1.2/lib/gif_lib_private.h 2016-01-19 13:54:45.119812921 +0100
|
||||
@@ -29,6 +29,8 @@
|
||||
#define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ)
|
||||
#define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE)
|
||||
|
||||
@ -60,7 +49,7 @@ Index: giflib-5.0.4/lib/gif_lib_private.h
|
||||
typedef struct GifFilePrivateType {
|
||||
GifWord FileState, FileHandle, /* Where all this data goes to! */
|
||||
BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */
|
||||
@@ -54,6 +56,7 @@ typedef struct GifFilePrivateType {
|
||||
@@ -54,6 +56,7 @@
|
||||
bool gif89;
|
||||
} GifFilePrivateType;
|
||||
|
||||
|
||||
@ -1,3 +1,37 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 19 12:59:02 UTC 2016 - fstrba@suse.com
|
||||
|
||||
- Update to version 5.1.2 (fixes CVE-2015-7555, bsc#960319)
|
||||
* Code Fixes
|
||||
+ Code hardening using reallocarray() from OpenBSD.
|
||||
+ Sanity check in giffilter catches files with malformed
|
||||
extension records. Fixes SourceForge bug #63: malformed gif
|
||||
causes segfault in giffilter.
|
||||
+ Inexpensive sanity check in DGifSlurp() catches malformed files
|
||||
with no image descriptor. Fixes SourceForge bug #64: malformed
|
||||
gif causes crash in giftool.
|
||||
+ Fix SourceForge bug #66: GifDrawBoxedText8x8() modifying
|
||||
constant input parameter.
|
||||
+ Bail out of GIF read on invalid pixel width. Addresses Savannah
|
||||
bug #67: invalid shift in dgif_lib.c
|
||||
+ Fix SourceForge bug #69: #69 Malformed: Gif file with no
|
||||
extension block after a GRAPHICS_EXT_FUNC_CODE extension causes
|
||||
segfault (in giftext).
|
||||
+ Fix SourceForge bug #71: Buffer overwrite when giffixing a
|
||||
malformed gif.
|
||||
+ Fix SourceForge bug #73: Null pointer deference in gifclrmap
|
||||
(only reachable with malformed GIF).
|
||||
+ Fix SourceForge bug #74: Double free in gifsponge under 5.1,1,
|
||||
for any valid gif image.
|
||||
+ Fix SourceForge bug #75: GAGetArgs overflows due to uncounted
|
||||
use of va_arg.
|
||||
+ Sanity check in giffix catches some malformed files. Addresses
|
||||
SourceForge bug #77: dgif_lib.c: extension processing error
|
||||
- Modified patches:
|
||||
* giflib-automake-1_13.patch
|
||||
* giflib-visibility.patch
|
||||
+ rediff to changed context
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 15 13:36:49 UTC 2015 - tchvatal@suse.com
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package giflib
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -18,7 +18,7 @@
|
||||
|
||||
%define lname libgif7
|
||||
Name: giflib
|
||||
Version: 5.1.1
|
||||
Version: 5.1.2
|
||||
Release: 0
|
||||
Summary: A Library for Working with GIF Images
|
||||
License: MIT
|
||||
|
||||
Loading…
Reference in New Issue
Block a user