From a3750e3aed5052d4826000be0ba275784e0edecae635bf8ccf0548b48bb62f4f Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 13 Jul 2020 07:14:07 +0000 Subject: [PATCH 1/2] Accepting request 820057 from home:elimat:branches:devel:libraries:c_c++ - Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. - Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. - Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 - Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no - Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. - Changes in version 5.1.6 * Fix library installation in the Makefile. - Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running "make" from the top-level directory. - Run spec-cleaner - Drop patches fixed upstream: * giflib-visibility.patch * giflib-automake-1_13.patch * giflib-CVE-2016-3977.patch * fix-autoconf11.patch - Change build system to Make only (upstream not using autoconf) OBS-URL: https://build.opensuse.org/request/show/820057 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=50 --- fix-autoconf11.patch | 12 -------- giflib-5.1.4.tar.bz2 | 3 -- giflib-5.2.1.tar.gz | 3 ++ giflib-CVE-2016-3977.patch | 15 ---------- giflib-automake-1_13.patch | 11 ------- giflib-visibility.patch | 59 -------------------------------------- giflib.changes | 57 ++++++++++++++++++++++++++++++++++++ giflib.spec | 45 ++++++++--------------------- 8 files changed, 72 insertions(+), 133 deletions(-) delete mode 100644 fix-autoconf11.patch delete mode 100644 giflib-5.1.4.tar.bz2 create mode 100644 giflib-5.2.1.tar.gz delete mode 100644 giflib-CVE-2016-3977.patch delete mode 100644 giflib-automake-1_13.patch delete mode 100644 giflib-visibility.patch diff --git a/fix-autoconf11.patch b/fix-autoconf11.patch deleted file mode 100644 index cb8f3d5..0000000 --- a/fix-autoconf11.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nur giflib-5.1.4/configure.ac new/configure.ac ---- giflib-5.1.4/configure.ac 2016-05-13 17:43:01.232661891 +0200 -+++ new/configure.ac 2016-05-13 17:42:47.136471014 +0200 -@@ -12,7 +12,7 @@ - AC_CONFIG_MACRO_DIR([m4]) - - dnl Checks for programs. --AM_PROG_AR -+m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - AC_PROG_CC_STDC - AC_USE_SYSTEM_EXTENSIONS - AC_SYS_LARGEFILE diff --git a/giflib-5.1.4.tar.bz2 b/giflib-5.1.4.tar.bz2 deleted file mode 100644 index 9886133..0000000 --- a/giflib-5.1.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:df27ec3ff24671f80b29e6ab1c4971059c14ac3db95406884fc26574631ba8d5 -size 639703 diff --git a/giflib-5.2.1.tar.gz b/giflib-5.2.1.tar.gz new file mode 100644 index 0000000..9a27b38 --- /dev/null +++ b/giflib-5.2.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd +size 444187 diff --git a/giflib-CVE-2016-3977.patch b/giflib-CVE-2016-3977.patch deleted file mode 100644 index c54d817..0000000 --- a/giflib-CVE-2016-3977.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- giflib-5.1.4/util/gif2rgb.c 2016-03-17 17:24:17.000000000 +0100 -+++ giflib-5.1.4/util/gif2rgb.c 2016-04-12 10:37:35.672174495 +0200 -@@ -471,6 +471,12 @@ - exit(EXIT_FAILURE); - } - -+ /* check that the background color isn't garbage (SF bug #87) */ -+ if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) { -+ fprintf(stderr, "Background color out of range for colormap\n"); -+ exit(EXIT_FAILURE); -+ } -+ - DumpScreen2RGB(OutFileName, OneFileFlag, - ColorMap, - ScreenBuffer, diff --git a/giflib-automake-1_13.patch b/giflib-automake-1_13.patch deleted file mode 100644 index 84d3c0c..0000000 --- a/giflib-automake-1_13.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- giflib-5.1.2/configure.ac 2016-01-19 13:55:58.238147631 +0100 -+++ giflib-5.1.2/configure.ac 2016-01-19 13:56:31.165397666 +0100 -@@ -8,7 +8,7 @@ - - dnl Note: config.h is not used in the current build - dnl We leave this in place only to suppress an error message at autogen time --AM_CONFIG_HEADER(config.h) -+AC_CONFIG_HEADERS(config.h) - AC_CONFIG_MACRO_DIR([m4]) - - dnl Checks for programs. diff --git a/giflib-visibility.patch b/giflib-visibility.patch deleted file mode 100644 index 040645c..0000000 --- a/giflib-visibility.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100 -+++ giflib-5.1.2/configure.ac 2016-01-19 13:54:45.119812921 +0100 -@@ -9,12 +9,15 @@ - dnl Note: config.h is not used in the current build - dnl We leave this in place only to suppress an error message at autogen time - AM_CONFIG_HEADER(config.h) -+AC_CONFIG_MACRO_DIR([m4]) - - dnl Checks for programs. - AM_PROG_AR --AC_PROG_LIBTOOL --AC_PROG_CC -+AC_PROG_CC_STDC -+AC_USE_SYSTEM_EXTENSIONS -+AC_SYS_LARGEFILE - AC_PROG_CPP -+LT_INIT([pic-only disable-static]) - AC_PROG_INSTALL - AC_PROG_LN_S - AC_PROG_MAKE_SET ---- giflib-5.1.2/lib/gif_hash.h 2014-05-16 12:46:53.000000000 +0200 -+++ giflib-5.1.2/lib/gif_hash.h 2016-01-19 13:54:45.119812921 +0100 -@@ -25,6 +25,8 @@ - #define HT_PUT_KEY(l) (l << 12) - #define HT_PUT_CODE(l) (l & 0x0FFF) - -+#pragma GCC visibility push(hidden) -+ - typedef struct GifHashTableType { - uint32_t HTable[HT_SIZE]; - } GifHashTableType; -@@ -34,6 +36,8 @@ - void _InsertHashTable(GifHashTableType *HashTable, uint32_t Key, int Code); - int _ExistsHashTable(GifHashTableType *HashTable, uint32_t Key); - -+#pragma GCC visibility pop -+ - #endif /* _GIF_HASH_H_ */ - - /* end */ ---- giflib-5.1.2/lib/gif_lib_private.h 2014-05-16 12:46:53.000000000 +0200 -+++ giflib-5.1.2/lib/gif_lib_private.h 2016-01-19 13:54:45.119812921 +0100 -@@ -29,6 +29,8 @@ - #define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ) - #define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE) - -+#pragma GCC visibility push(hidden) -+ - typedef struct GifFilePrivateType { - GifWord FileState, FileHandle, /* Where all this data goes to! */ - BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */ -@@ -54,6 +56,7 @@ - bool gif89; - } GifFilePrivateType; - -+#pragma GCC visibility pop - #endif /* _GIF_LIB_PRIVATE_H */ - - /* end */ diff --git a/giflib.changes b/giflib.changes index b689aa9..ddff6e3 100644 --- a/giflib.changes +++ b/giflib.changes @@ -1,3 +1,60 @@ +------------------------------------------------------------------- +Fri Jul 10 21:23:35 UTC 2020 - Matthias Eliasson + +- Update to version 5.2.1 + * In gifbuild.c, avoid a core dump on no color map. + * Restore inadvertently removed library version numbers in Makefile. +- Changes in version 5.2.0 + * The undocumented and deprecated GifQuantizeBuffer() entry point + has been moved to the util library to reduce libgif size and attack + surface. Applications needing this function are couraged to link the + util library or make their own copy. + * The following obsolete utility programs are no longer installed: + gifecho, giffilter, gifinto, gifsponge. These were either installed in + error or have been obsolesced by modern image-transformmation tools + like ImageMagick convert. They may be removed entirely in a future + release. + * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 + * Address SF bug #134: Giflib fails to slurp significant number of gifs + * Apply SPDX convention for license tagging. +- Changes in version 5.1.9 + * The documentation directory now includes an HTMlified version of the + GIF89 standard, and a more detailed description of how LZW compression + is applied to GIFs. + * Address SF bug #129: The latest version of giflib cannot be build on windows. + * Address SF bug #126: Cannot compile giflib using c89 +- Changes in version 5.1.8 + * Address SF bug #119: MemorySanitizer: FPE on unknown address + * Address SF bug #125: 5.1.7: xmlto is still required for tarball + * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible + * Address SF bug #122: 5.1.7 installs manpages to wrong directory + * Address SF bug #121: make: getversion: Command not found + * Address SF bug #120: 5.1.7 does not build a proper library - no +- Changes in version 5.1.7 + * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. +- Changes in version 5.1.6 + * Fix library installation in the Makefile. +- Changes in version 5.1.5 + * Fix SF bug #114: Null dereferences in main() of gifclrmp + * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() + in cgif.c. This had been assigned (CVE-2018-11490). + * Fix SF bug #111: segmentation fault in PrintCodeBlock + * Fix SF bug #109: Segmentation fault of giftool reading a crafted file + * Fix SF bug #107: Floating point exception in giftext utility + * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 + * Fix SF bug #104: Ineffective bounds check in DGifSlurp + * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment + * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). + * The horrible old autoconf build system has been removed with extreme prejudice. + You now build this simply by running "make" from the top-level directory. +- Run spec-cleaner +- Drop patches fixed upstream: + * giflib-visibility.patch + * giflib-automake-1_13.patch + * giflib-CVE-2016-3977.patch + * fix-autoconf11.patch +- Change build system to Make only (upstream not using autoconf) + ------------------------------------------------------------------- Fri Nov 9 23:16:46 UTC 2018 - schwab@suse.de diff --git a/giflib.spec b/giflib.spec index 5f0f7b6..4b35a12 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ # # spec file for package giflib # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,20 +18,14 @@ %define lname libgif7 Name: giflib -Version: 5.1.4 +Version: 5.2.1 Release: 0 Summary: A Library for Working with GIF Images License: MIT -Group: Development/Libraries/C and C++ -Url: http://giflib.sf.net/ -Source: http://downloads.sf.net/giflib/%{name}-%{version}.tar.bz2 +URL: http://giflib.sf.net/ +Source: http://downloads.sf.net/giflib/%{name}-%{version}.tar.gz Source2: baselibs.conf -Patch1: giflib-visibility.patch -Patch2: giflib-automake-1_13.patch -Patch3: giflib-CVE-2016-3977.patch -Patch4: fix-autoconf11.patch BuildRequires: libtool >= 2 -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This Library allows manipulating GIF Image files. Since the LZW patents @@ -39,7 +33,6 @@ have expired, giflib can again be used instead of libungif. %package -n %{lname} Summary: A Library for Working with GIF Images -Group: System/Libraries %description -n %{lname} This Library allows manipulating GIF Image files. Since the LZW patents @@ -47,7 +40,6 @@ have expired, giflib can again be used instead of libungif. %package progs Summary: Tools for Working with the GIF Library -Group: Productivity/Graphics/Convertors Provides: ungif = %{version} Obsoletes: ungif < %{version} @@ -56,7 +48,6 @@ A tool for converting GIFs to various formats. %package devel Summary: Library for Working with GIF Images - Files Mandatory for Development -Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} %description devel @@ -64,16 +55,10 @@ This Library allows manipulating GIF Image files. Since the LZW patents have expired, giflib can again be used instead of libungif. %prep -%setup -q +%autosetup for file in `find util -name "*.c"`; do touch -r $file $file.stamp done -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%if 0%{?suse_version} <= 1110 -%patch4 -p1 -%endif # USE __TIMESTAMP__ instead of __DATE__ , __TIME__ # this change is pointless unless we preserve the original @@ -84,39 +69,33 @@ for file in `find util -name "*.c"`; do rm -v $file.stamp done -mkdir -p m4; autoreconf -fiv - %build -%configure \ - --disable-silent-rules \ - --disable-static \ - --with-pic \ - --x-libraries=%{_libdir} -make %{?_smp_mflags} +export CFLAGS="%optflags" +%make_build %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}" find %{buildroot} -type f -name "*.la" -delete -print find doc -name "Makefile*" -print -delete -%post -n %{lname} -p /sbin/ldconfig +# Drop static library +rm -f %{buildroot}%{_libdir}/libgif.a +%post -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} -%defattr(-,root,root) %license COPYING %{_libdir}/lib*.so.* %files devel -%defattr(-,root,root) %{_includedir}/gif_lib.h %{_libdir}/lib*.so %files progs -%defattr(-,root,root) %license COPYING %doc NEWS README doc %{_bindir}/* +%{_mandir}/man1/*.1%{?ext_man} %changelog From b1060181e94fd7d6db0bdad5418973e245b1cfd704d6757458f9714b33b2a1a6 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 13 Jul 2020 07:22:52 +0000 Subject: [PATCH 2/2] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=51 --- giflib.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 4b35a12..c7b79b0 100644 --- a/giflib.spec +++ b/giflib.spec @@ -71,7 +71,7 @@ done %build export CFLAGS="%optflags" -%make_build +make %{?_smp_mflags} %install %make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}"