From 013cac56b3d256c71792576c669b7f1c5f866443c4a74b35ef538a3d2b9274c8 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 12 Apr 2016 08:41:32 +0000
Subject: [PATCH 1/4] OBS-URL:
 https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=39

---
 giflib-5.1.3.tar.bz2       |  3 ---
 giflib-5.1.4.tar.bz2       |  3 +++
 giflib-CVE-2016-3977.patch | 15 +++++++++++++++
 giflib-sf-88.patch         | 12 ------------
 giflib.changes             | 16 ++++++++++++++++
 giflib.spec                |  4 +---
 6 files changed, 35 insertions(+), 18 deletions(-)
 delete mode 100644 giflib-5.1.3.tar.bz2
 create mode 100644 giflib-5.1.4.tar.bz2
 create mode 100644 giflib-CVE-2016-3977.patch
 delete mode 100644 giflib-sf-88.patch

diff --git a/giflib-5.1.3.tar.bz2 b/giflib-5.1.3.tar.bz2
deleted file mode 100644
index 2d6eab4..0000000
--- a/giflib-5.1.3.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5096d27805283599b01074d487ad3f8e02bd26b84d759b9017be876ca3d5b81d
-size 639420
diff --git a/giflib-5.1.4.tar.bz2 b/giflib-5.1.4.tar.bz2
new file mode 100644
index 0000000..9886133
--- /dev/null
+++ b/giflib-5.1.4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:df27ec3ff24671f80b29e6ab1c4971059c14ac3db95406884fc26574631ba8d5
+size 639703
diff --git a/giflib-CVE-2016-3977.patch b/giflib-CVE-2016-3977.patch
new file mode 100644
index 0000000..c54d817
--- /dev/null
+++ b/giflib-CVE-2016-3977.patch
@@ -0,0 +1,15 @@
+--- giflib-5.1.4/util/gif2rgb.c	2016-03-17 17:24:17.000000000 +0100
++++ giflib-5.1.4/util/gif2rgb.c	2016-04-12 10:37:35.672174495 +0200
+@@ -471,6 +471,12 @@
+         exit(EXIT_FAILURE);
+     }
+ 
++    /* check that the background color isn't garbage (SF bug #87) */
++    if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) {
++        fprintf(stderr, "Background color out of range for colormap\n");
++        exit(EXIT_FAILURE);
++    }
++
+     DumpScreen2RGB(OutFileName, OneFileFlag,
+ 		   ColorMap,
+ 		   ScreenBuffer, 
diff --git a/giflib-sf-88.patch b/giflib-sf-88.patch
deleted file mode 100644
index a88ea84..0000000
--- a/giflib-sf-88.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Index: giflib-5.1.3/util/gifbuild.c
-===================================================================
---- giflib-5.1.3.orig/util/gifbuild.c
-+++ giflib-5.1.3/util/gifbuild.c
-@@ -724,6 +724,7 @@ static void DumpExtensions(GifFileType *
- 	    printf("end\n\n");
- 	}
- 	else if (ep->Function == APPLICATION_EXT_FUNC_CODE 
-+         && ep->ByteCount >= 11
- 		 && memcmp(ep->Bytes, "NETSCAPE2.0", 11) == 0) {
- 	    unsigned char *params = (++ep)->Bytes;
- 	    unsigned int loopcount = params[1] | (params[2] << 8);
diff --git a/giflib.changes b/giflib.changes
index cc37029..09d413f 100644
--- a/giflib.changes
+++ b/giflib.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue Apr 12 08:34:44 UTC 2016 - fstrba@suse.com
+
+- Update to version 5.1.3
+  * Fix SF bug #94: giflib 5 loves to fail to load images... a LOT.
+  * Fix SF Bug #92: Fix buffer overread in gifbuild.
+  * Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path
+  * Fix SF Bug #89: Fix buffer overread in gifbuild.
+- Removed patch:
+  * giflib-sf-88.patch
+    + Integrated upstream
+- Added patch:
+  * giflib-CVE-2016-3977.pach
+    - Fix CVE-2016-3977: heap buffer overflow in gif2rgb
+      (bsc#974847)
+
 -------------------------------------------------------------------
 Wed Mar 23 08:23:32 UTC 2016 - idonmez@suse.com
 
diff --git a/giflib.spec b/giflib.spec
index 7786a5b..2649b6f 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -18,7 +18,7 @@
 
 %define lname   libgif7
 Name:           giflib
-Version:        5.1.3
+Version:        5.1.4
 Release:        0
 Summary:        A Library for Working with GIF Images
 License:        MIT
@@ -28,7 +28,6 @@ Source:         http://downloads.sf.net/giflib/%{name}-%{version}.tar.bz2
 Source2:        baselibs.conf
 Patch1:         giflib-visibility.patch
 Patch2:         giflib-automake-1_13.patch
-Patch3:         giflib-sf-88.patch
 BuildRequires:  libtool >= 2
 BuildRequires:  xorg-x11-libICE-devel
 BuildRequires:  xorg-x11-libSM-devel
@@ -72,7 +71,6 @@ have expired, giflib can again be used instead of libungif.
 %setup -q
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 
 # USE __TIMESTAMP__ instead of __DATE__ , __TIME__
 # this change is pointless unless we preserve the original

From 473ab0ad7f3f1e8debb36af34fb03a223eddfaa9a483997c048ecb86483a5125 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 12 Apr 2016 09:03:40 +0000
Subject: [PATCH 2/4] OBS-URL:
 https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=40

---
 giflib.changes | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/giflib.changes b/giflib.changes
index 09d413f..7a18bc9 100644
--- a/giflib.changes
+++ b/giflib.changes
@@ -1,7 +1,12 @@
+-------------------------------------------------------------------
+Tue Apr 12 09:02:59 UTC 2016 - fstrba@suse.com
+
+- 
+
 -------------------------------------------------------------------
 Tue Apr 12 08:34:44 UTC 2016 - fstrba@suse.com
 
-- Update to version 5.1.3
+- Update to version 5.1.4
   * Fix SF bug #94: giflib 5 loves to fail to load images... a LOT.
   * Fix SF Bug #92: Fix buffer overread in gifbuild.
   * Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path
@@ -10,7 +15,7 @@ Tue Apr 12 08:34:44 UTC 2016 - fstrba@suse.com
   * giflib-sf-88.patch
     + Integrated upstream
 - Added patch:
-  * giflib-CVE-2016-3977.pach
+  * giflib-CVE-2016-3977.patch
     - Fix CVE-2016-3977: heap buffer overflow in gif2rgb
       (bsc#974847)
 

From 35e8a0dd13462ba7b2b6a8354e257bed41b0b4385073b6cb0d0f8ca53250521e Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 12 Apr 2016 09:09:50 +0000
Subject: [PATCH 3/4] OBS-URL:
 https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=41

---
 giflib.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/giflib.spec b/giflib.spec
index 2649b6f..dce38aa 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -28,6 +28,7 @@ Source:         http://downloads.sf.net/giflib/%{name}-%{version}.tar.bz2
 Source2:        baselibs.conf
 Patch1:         giflib-visibility.patch
 Patch2:         giflib-automake-1_13.patch
+Patch3:         giflib-CVE-2016-3977.patch
 BuildRequires:  libtool >= 2
 BuildRequires:  xorg-x11-libICE-devel
 BuildRequires:  xorg-x11-libSM-devel
@@ -71,6 +72,7 @@ have expired, giflib can again be used instead of libungif.
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 # USE __TIMESTAMP__ instead of __DATE__ , __TIME__
 # this change is pointless unless we preserve the original

From 011b5cf3e08e36dba7d85ef730d20f98d9cc6be46e37e4e2fdda87451902426d Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 12 Apr 2016 13:53:06 +0000
Subject: [PATCH 4/4] OBS-URL:
 https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=42

---
 giflib.changes | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/giflib.changes b/giflib.changes
index 7a18bc9..9695fbe 100644
--- a/giflib.changes
+++ b/giflib.changes
@@ -1,8 +1,3 @@
--------------------------------------------------------------------
-Tue Apr 12 09:02:59 UTC 2016 - fstrba@suse.com
-
-- 
-
 -------------------------------------------------------------------
 Tue Apr 12 08:34:44 UTC 2016 - fstrba@suse.com