OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=61

0001-Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch

@@ -0,0 +1,26 @@
+From ccbc956432650734c91acb3fc88837f7b81267ff Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Wed, 21 Feb 2024 18:55:00 -0500
+Subject: [PATCH] Clean up memory better at end of run (CVE-2021-40633)
+
+---
+ gif2rgb.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index d51226d..fc2e683 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -517,6 +517,9 @@ static void GIF2RGB(int NumFiles, char *FileName, bool OneFileFlag,
+ 	DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
+ 	               GifFile->SWidth, GifFile->SHeight);
+ 
++	for (i = 0; i < GifFile->SHeight; i++) {
++        	(void)free(ScreenBuffer[i]);
++	}
+ 	(void)free(ScreenBuffer);
+ 
+ 	{
+-- 
+2.43.2
+

PIE.patch

@@ -1,5 +1,3 @@
-Index: a/Makefile
-===================================================================
 --- a/Makefile
 +++ b/Makefile
 @@ -8,7 +8,7 @@
@@ -11,11 +9,11 @@ Index: a/Makefile
  
  SHELL = /bin/sh
  TAR = tar
-@@ -64,6 +64,7 @@ LDLIBS=libgif.a -lm
- all: libgif.so libgif.a libutil.so libutil.a $(UTILS)
+@@ -93,6 +93,7 @@
  	$(MAKE) -C doc
+ endif
 
 +$(UTILS):: LDFLAGS += -pie
  $(UTILS):: libgif.a libutil.a
  
- libgif.so: $(OBJECTS) $(HEADERS)
+ $(LIBGIFSO): $(OBJECTS) $(HEADERS)

giflib.changes

@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Mon Feb 26 11:29:46 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Update to version 5.2.2
+  * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506
+    (bsc#1198880)
+  * Address SF issue #138 Documentation for obsolete utilities still
+    installed
+  * Address SF issue #139: Typo in "LZW image data" page
+    ("110_2 = 4_10")
+  * Address SF issue #140: Typo in "LZW image data" page ("LWZ")
+  * Address SF issue #141: Typo in "Bits and bytes" page ("filed")
+  * Note as already fixed SF issue #143: cannot compile under mingw
+  * Address SF issue #144: giflib-5.2.1 cannot be build on windows
+    and other platforms using c89
+  * Address SF issue #145: Remove manual pages installation for
+    binaries that are not installed too
+  * Address SF issue #146: [PATCH] Limit installed man pages to
+    binaries, move giflib to section 7
+  * Address SF issue #147 [PATCH] Fixes to doc/whatsinagif/ content
+  * Address SF issue #148: heap Out of Bound Read in gif2rgb.c:298
+    DumpScreen2RGB
+  * Declared no-info on SF issue #150: There is a denial of service
+    vulnerability in GIFLIB 5.2.1
+  * Declared Won't-fix on SF issue 149: Out of source builds no
+    longer possible
+  * Address SF issue #151: A heap-buffer-overflow in gif2rgb.c:294:45
+  * Address SF issue #152: Fix some typos on the html documentation
+    and man pages
+  * Address SF issue #153: Fix segmentation faults due to non
+    correct checking for args
+  * Address SF issue #154: Recover the giffilter manual page
+  * Address SF issue #155: Add gifsponge docs
+  * Address SF issue #157: An OutofMemory-Exception or Memory Leak
+    in gif2rgb
+  * Address SF issue #158: There is a null pointer problem in
+    gif2rgb
+  * Address SF issue #159 A heap-buffer-overflow in GIFLIB5.2.1
+    DumpScreen2RGB() in gif2rgb.c:298:45
+  * Address SF issue #163: detected memory leaks in
+    openbsd_reallocarray giflib/openbsd-reallocarray.c
+  * Address SF issue #164: detected memory leaks in GifMakeMapObject
+    giflib/gifalloc.c
+  * Address SF issue #166: a read zero page leads segment fault in
+    getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
+  * Address SF issue #167: Heap-Buffer Overflow during Image Saving
+    in DumpScreen2RGB Function at Line 321 of gif2rgb.c
+- Added patch:
+  * 0001-Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch
+    + upstream fix for CVE-2021-40633 (bsc#1200551)
+- Modified patches:
+  * PIE.patch
+  * reproducible.patch
+    + rediff to changed context
+
 -------------------------------------------------------------------
 Sat Aug 12 21:30:14 UTC 2023 - Fridrich Strba <fstrba@suse.com>
 

giflib.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package giflib
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %{!?make_build:%global make_build make %{?_smp_mflags}}
 %define lname   libgif7
 Name:           giflib
-Version:        5.2.1
+Version:        5.2.2
 Release:        0
 Summary:        A Library for Working with GIF Images
 License:        MIT
@@ -28,6 +28,8 @@ Source:         https://downloads.sf.net/giflib/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
 Patch1:         PIE.patch
 Patch2:         reproducible.patch
+Patch3:         0001-Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch
+BuildRequires:  ImageMagick
 BuildRequires:  libtool >= 2
 
 %description
@@ -66,9 +68,16 @@ export CFLAGS="%{optflags}"
 
 %install
 %make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}"
+find %{buildroot}%{_mandir} -name *.xml* -print -delete
 find %{buildroot} -type f -name "*.la" -delete -print
 find doc -name "Makefile*" -print -delete
 
+# Install the manpages
+mkdir -p %{buildroot}%{_mandir}/man1
+for i in doc/*.1; do
+  install -pm 0644 ${i} %{buildroot}%{_mandir}/man1/
+done
+
 # Drop static library
 rm -f %{buildroot}%{_libdir}/libgif.a
 

reproducible.patch

@@ -1,132 +1,132 @@
-Index: giflib-5.2.1/gif2rgb.c
-===================================================================
---- giflib-5.2.1.orig/gif2rgb.c
-+++ giflib-5.2.1/gif2rgb.c
-@@ -43,7 +43,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+diff -urEbwB giflib-5.2.2.orig/gif2rgb.c giflib-5.2.2/gif2rgb.c
+--- giflib-5.2.2.orig/gif2rgb.c	2024-02-26 11:30:03.664803994 +0100
++++ giflib-5.2.2/gif2rgb.c	2024-02-26 11:37:23.682311215 +0100
+@@ -40,7 +40,7 @@
+ #define PROGRAM_NAME "gif2rgb"
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber,	"
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/gifbg.c
-===================================================================
---- giflib-5.2.1.orig/gifbg.c
-+++ giflib-5.2.1/gifbg.c
-@@ -46,7 +46,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME
+     " v%- c%-#Colors!d s%-Width|Height!d!d 1%- o%-OutFileName!s h%- GifFile!*s";
+diff -urEbwB giflib-5.2.2.orig/gifbg.c giflib-5.2.2/gifbg.c
+--- giflib-5.2.2.orig/gifbg.c	2024-02-26 11:30:03.664803994 +0100
++++ giflib-5.2.2/gifbg.c	2024-02-26 11:36:40.688895721 +0100
+@@ -42,7 +42,7 @@
+ #define DEFAULT_DIR "T" /* TOP (North) direction. */
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber,	"
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/gifbuild.c
-===================================================================
---- giflib-5.2.1.orig/gifbuild.c
-+++ giflib-5.2.1/gifbuild.c
-@@ -23,7 +23,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Eric Raymond,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME " v%- d%-Dir!s l%-#Lvls!d c%-R|G|B!d!d!d "
+                                     "m%-MinI!d M%-MaxI!d s%-W|H!d!d h%-";
+diff -urEbwB giflib-5.2.2.orig/gifbuild.c giflib-5.2.2/gifbuild.c
+--- giflib-5.2.2.orig/gifbuild.c	2024-02-26 11:30:03.664803994 +0100
++++ giflib-5.2.2/gifbuild.c	2024-02-26 11:37:44.819018268 +0100
+@@ -18,7 +18,7 @@
+ #define PROGRAM_NAME "gifbuild"
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Eric Raymond,	" __DATE__ ",   " __TIME__ "\n"
++    "	Eric Raymond, "
      "(C) Copyright 1992 Eric Raymond.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/gifclrmp.c
-===================================================================
---- giflib-5.2.1.orig/gifclrmp.c
-+++ giflib-5.2.1/gifclrmp.c
-@@ -24,7 +24,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr =
+     PROGRAM_NAME " v%- d%- t%-Characters!s h%- GifFile(s)!*s";
+diff -urEbwB giflib-5.2.2.orig/gifclrmp.c giflib-5.2.2/gifclrmp.c
+--- giflib-5.2.2.orig/gifclrmp.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/gifclrmp.c	2024-02-26 11:36:47.398908549 +0100
+@@ -20,7 +20,7 @@
+ #define PROGRAM_NAME "gifclrmp"
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber,	"
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/gifcolor.c
-===================================================================
---- giflib-5.2.1.orig/gifcolor.c
-+++ giflib-5.2.1/gifcolor.c
-@@ -25,7 +25,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr =
+     PROGRAM_NAME " v%- s%- t%-TranslationFile!s l%-ColorMapFile!s g%-Gamma!F "
+diff -urEbwB giflib-5.2.2.orig/gifcolor.c giflib-5.2.2/gifcolor.c
+--- giflib-5.2.2.orig/gifcolor.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/gifcolor.c	2024-02-26 11:36:26.345534978 +0100
+@@ -21,7 +21,7 @@
+ #define IMAGEWIDTH LINE_LEN *GIF_FONT_WIDTH
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber, "
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr = PROGRAM_NAME " v%- b%-Background!d h%-";
-Index: giflib-5.2.1/gifecho.c
-===================================================================
---- giflib-5.2.1.orig/gifecho.c
-+++ giflib-5.2.1/gifecho.c
-@@ -32,7 +32,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME " v%- b%-Background!d h%-";
+ 
+diff -urEbwB giflib-5.2.2.orig/gifecho.c giflib-5.2.2/gifecho.c
+--- giflib-5.2.2.orig/gifecho.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/gifecho.c	2024-02-26 11:38:07.805728847 +0100
+@@ -28,7 +28,7 @@
+ #define DEFAULT_COLOR_BLUE 255
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber,	"
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/giffix.c
-===================================================================
---- giflib-5.2.1.orig/giffix.c
-+++ giflib-5.2.1/giffix.c
-@@ -22,7 +22,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME
+     " v%- s%-ClrMapSize!d f%-FGClr!d c%-R|G|B!d!d!d t%-\"Text\"!s h%-";
+diff -urEbwB giflib-5.2.2.orig/giffix.c giflib-5.2.2/giffix.c
+--- giflib-5.2.2.orig/giffix.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/giffix.c	2024-02-26 11:35:54.068806640 +0100
+@@ -18,7 +18,7 @@
+ #define PROGRAM_NAME "giffix"
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber, "
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/gifhisto.c
-===================================================================
---- giflib-5.2.1.orig/gifhisto.c
-+++ giflib-5.2.1/gifhisto.c
-@@ -26,7 +26,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME " v%- h%- GifFile!*s";
+ 
+diff -urEbwB giflib-5.2.2.orig/gifhisto.c giflib-5.2.2/gifhisto.c
+--- giflib-5.2.2.orig/gifhisto.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/gifhisto.c	2024-02-26 11:36:12.948842716 +0100
+@@ -22,7 +22,7 @@
+ #define HISTO_BITS_PER_PIXEL 2 /* Size of bitmap for histogram GIF. */
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber, "
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/gifinto.c
-===================================================================
---- giflib-5.2.1.orig/gifinto.c
-+++ giflib-5.2.1/gifinto.c
-@@ -35,7 +35,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME
+     " v%- t%- s%-Width|Height!d!d n%-ImageNumber!d b%- h%- GifFile!*s";
+diff -urEbwB giflib-5.2.2.orig/gifinto.c giflib-5.2.2/gifinto.c
+--- giflib-5.2.2.orig/gifinto.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/gifinto.c	2024-02-26 11:36:57.795595088 +0100
+@@ -31,7 +31,7 @@
+ #define DEFAULT_TMP_NAME "TempInto.XXXXXX"
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber,	"
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/giftext.c
-===================================================================
---- giflib-5.2.1.orig/giftext.c
-+++ giflib-5.2.1/giftext.c
-@@ -28,7 +28,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME " v%- s%-MinFileSize!d h%- GifFile!*s";
+ 
+diff -urEbwB giflib-5.2.2.orig/giftext.c giflib-5.2.2/giftext.c
+--- giflib-5.2.2.orig/giftext.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/giftext.c	2024-02-26 11:37:08.212281658 +0100
+@@ -24,7 +24,7 @@
+ #define MAKE_PRINTABLE(c) (isprint(c) ? (c) : ' ')
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber,	"
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
-Index: giflib-5.2.1/gifwedge.c
-===================================================================
---- giflib-5.2.1.orig/gifwedge.c
-+++ giflib-5.2.1/gifwedge.c
-@@ -27,7 +27,6 @@ static char
- 	PROGRAM_NAME
- 	VERSION_COOKIE
- 	"	Gershon Elber,	"
--	__DATE__ ",   " __TIME__ "\n"
+ static char *CtrlStr = PROGRAM_NAME " v%- c%- e%- z%- p%- r%- h%- GifFile!*s";
+ 
+diff -urEbwB giflib-5.2.2.orig/gifwedge.c giflib-5.2.2/gifwedge.c
+--- giflib-5.2.2.orig/gifwedge.c	2024-02-26 11:30:03.668137334 +0100
++++ giflib-5.2.2/gifwedge.c	2024-02-26 11:36:33.392215111 +0100
+@@ -23,7 +23,7 @@
+ #define DEFAULT_NUM_LEVELS 16 /* Number of colors to gen the image. */
+ 
+ static char *VersionStr = PROGRAM_NAME VERSION_COOKIE
+-    "	Gershon Elber,	" __DATE__ ",   " __TIME__ "\n"
++    "	Gershon Elber, "
      "(C) Copyright 1989 Gershon Elber.\n";
- static char
-     *CtrlStr =
+ static char *CtrlStr = PROGRAM_NAME " v%- l%-#Lvls!d s%-Width|Height!d!d h%-";
+