pool/giflib
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 354774 from devel:libraries:c_c++

Browse Source 
bsc#960319, CVE-2015-7555

OBS-URL: https://build.opensuse.org/request/show/354774
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/giflib?expand=0&rev=34
This commit is contained in:
Dominique Leuenberger 2016-01-23 00:14:20 +00:00 committed by Git OBS Bridge
commit 06c67e2e22
6 changed files with 54 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
giflib-5.1.1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:391014aceb21c8b489dc7b0d0b6a917c4e32cc014ce2426d47ca376d02fe2ffc
size 654389

3
giflib-5.1.2.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76c0a084c3b02f9315ff937b8be6096186002fea26f33e2123081ba2be6e2a7c
size 638967

12
giflib-automake-1_13.patch
View File

@ -1,10 +1,6 @@
Index: b/configure.ac --- giflib-5.1.2/configure.ac 2016-01-19 13:55:58.238147631 +0100
=================================================================== +++ giflib-5.1.2/configure.ac 2016-01-19 13:56:31.165397666 +0100
--- a/configure.ac @@ -8,7 +8,7 @@
+++ b/configure.ac
@@ -5,11 +5,11 @@ AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall])
dnl Make builds less verbose. Shuts off Makefile portability checks.
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
dnl Note: config.h is not used in the current build dnl Note: config.h is not used in the current build
dnl We leave this in place only to suppress an error message at autogen time dnl We leave this in place only to suppress an error message at autogen time
@ -13,5 +9,3 @@ Index: b/configure.ac
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])
dnl Checks for programs. dnl Checks for programs.
AC_PROG_CC_STDC
AC_USE_SYSTEM_EXTENSIONS

35
giflib-visibility.patch
View File

@ -1,20 +1,13 @@
--- --- giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100
configure.ac | 7 +++++-- +++ giflib-5.1.2/configure.ac 2016-01-19 13:54:45.119812921 +0100
lib/gif_hash.h | 4 ++++ @@ -9,12 +9,15 @@
lib/gif_lib_private.h | 3 +++
3 files changed, 12 insertions(+), 2 deletions(-)
Index: giflib-5.0.4/configure.ac
===================================================================
--- giflib-5.0.4.orig/configure.ac
+++ giflib-5.0.4/configure.ac
@@ -8,11 +8,14 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_R
dnl Note: config.h is not used in the current build dnl Note: config.h is not used in the current build
dnl We leave this in place only to suppress an error message at autogen time dnl We leave this in place only to suppress an error message at autogen time
AM_CONFIG_HEADER(config.h) AM_CONFIG_HEADER(config.h)
+AC_CONFIG_MACRO_DIR([m4]) +AC_CONFIG_MACRO_DIR([m4])
dnl Checks for programs. dnl Checks for programs.
AM_PROG_AR
-AC_PROG_LIBTOOL -AC_PROG_LIBTOOL
-AC_PROG_CC -AC_PROG_CC
+AC_PROG_CC_STDC +AC_PROG_CC_STDC
@ -25,11 +18,9 @@ Index: giflib-5.0.4/configure.ac
AC_PROG_INSTALL AC_PROG_INSTALL
AC_PROG_LN_S AC_PROG_LN_S
AC_PROG_MAKE_SET AC_PROG_MAKE_SET
Index: giflib-5.0.4/lib/gif_hash.h --- giflib-5.1.2/lib/gif_hash.h 2014-05-16 12:46:53.000000000 +0200
=================================================================== +++ giflib-5.1.2/lib/gif_hash.h 2016-01-19 13:54:45.119812921 +0100
--- giflib-5.0.4.orig/lib/gif_hash.h @@ -25,6 +25,8 @@
+++ giflib-5.0.4/lib/gif_hash.h
@@ -25,6 +25,8 @@ gif_hash.h - magfic constants and declar
#define HT_PUT_KEY(l) (l << 12) #define HT_PUT_KEY(l) (l << 12)
#define HT_PUT_CODE(l) (l & 0x0FFF) #define HT_PUT_CODE(l) (l & 0x0FFF)
@ -38,7 +29,7 @@ Index: giflib-5.0.4/lib/gif_hash.h
typedef struct GifHashTableType { typedef struct GifHashTableType {
uint32_t HTable[HT_SIZE]; uint32_t HTable[HT_SIZE];
} GifHashTableType; } GifHashTableType;
@@ -34,6 +36,8 @@ void _ClearHashTable(GifHashTableType *H @@ -34,6 +36,8 @@
void _InsertHashTable(GifHashTableType *HashTable, uint32_t Key, int Code); void _InsertHashTable(GifHashTableType *HashTable, uint32_t Key, int Code);
int _ExistsHashTable(GifHashTableType *HashTable, uint32_t Key); int _ExistsHashTable(GifHashTableType *HashTable, uint32_t Key);
@ -47,11 +38,9 @@ Index: giflib-5.0.4/lib/gif_hash.h
#endif /* _GIF_HASH_H_ */ #endif /* _GIF_HASH_H_ */
/* end */ /* end */
Index: giflib-5.0.4/lib/gif_lib_private.h --- giflib-5.1.2/lib/gif_lib_private.h 2014-05-16 12:46:53.000000000 +0200
=================================================================== +++ giflib-5.1.2/lib/gif_lib_private.h 2016-01-19 13:54:45.119812921 +0100
--- giflib-5.0.4.orig/lib/gif_lib_private.h @@ -29,6 +29,8 @@
+++ giflib-5.0.4/lib/gif_lib_private.h
@@ -29,6 +29,8 @@ gif_lib_private.h - internal giflib rout
#define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ) #define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ)
#define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE) #define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE)
@ -60,7 +49,7 @@ Index: giflib-5.0.4/lib/gif_lib_private.h
typedef struct GifFilePrivateType { typedef struct GifFilePrivateType {
GifWord FileState, FileHandle, /* Where all this data goes to! */ GifWord FileState, FileHandle, /* Where all this data goes to! */
BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */ BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */
@@ -54,6 +56,7 @@ typedef struct GifFilePrivateType { @@ -54,6 +56,7 @@
bool gif89; bool gif89;
} GifFilePrivateType; } GifFilePrivateType;

34
giflib.changes
View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Tue Jan 19 12:59:02 UTC 2016 - fstrba@suse.com
- Update to version 5.1.2 (fixes CVE-2015-7555, bsc#960319)
* Code Fixes
+ Code hardening using reallocarray() from OpenBSD.
+ Sanity check in giffilter catches files with malformed
extension records. Fixes SourceForge bug #63: malformed gif
causes segfault in giffilter.
+ Inexpensive sanity check in DGifSlurp() catches malformed files
with no image descriptor. Fixes SourceForge bug #64: malformed
gif causes crash in giftool.
+ Fix SourceForge bug #66: GifDrawBoxedText8x8() modifying
constant input parameter.
+ Bail out of GIF read on invalid pixel width. Addresses Savannah
bug #67: invalid shift in dgif_lib.c
+ Fix SourceForge bug #69: #69 Malformed: Gif file with no
extension block after a GRAPHICS_EXT_FUNC_CODE extension causes
segfault (in giftext).
+ Fix SourceForge bug #71: Buffer overwrite when giffixing a
malformed gif.
+ Fix SourceForge bug #73: Null pointer deference in gifclrmap
(only reachable with malformed GIF).
+ Fix SourceForge bug #74: Double free in gifsponge under 5.1,1,
for any valid gif image.
+ Fix SourceForge bug #75: GAGetArgs overflows due to uncounted
use of va_arg.
+ Sanity check in giffix catches some malformed files. Addresses
SourceForge bug #77: dgif_lib.c: extension processing error
- Modified patches:
* giflib-automake-1_13.patch
* giflib-visibility.patch
+ rediff to changed context
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 15 13:36:49 UTC 2015 - tchvatal@suse.com Thu Jan 15 13:36:49 UTC 2015 - tchvatal@suse.com

4
giflib.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package giflib # spec file for package giflib
# #
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
%define lname libgif7 %define lname libgif7
Name: giflib Name: giflib
Version: 5.1.1 Version: 5.1.2
Release: 0 Release: 0
Summary: A Library for Working with GIF Images Summary: A Library for Working with GIF Images
License: MIT License: MIT