pool/gifsicle
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 562243 from home:manfred999

Browse Source 
update to version 1.91, which includes
two additional fixes for null-pointer dereferences

OBS-URL: https://build.opensuse.org/request/show/562243
OBS-URL: https://build.opensuse.org/package/show/graphics/gifsicle?expand=0&rev=17
This commit is contained in:
Manfred Schwarb 2018-01-06 22:50:45 +00:00 committed by Git OBS Bridge
parent 91249c3f37
commit 2041d407ae
7 changed files with 12 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
fix-null-deref.patch
View File

@ -1,23 +0,0 @@
From f1b8e6323a8fdd029847b7efd400d5fc2ac9aecc Mon Sep 17 00:00:00 2001
From: Eddie Kohler <ekohler@gmail.com>
Date: Tue, 26 Sep 2017 08:46:13 -0700
Subject: [PATCH] Don't release the uncompressed image if it's all there is.
Fix #115, #116 issues reported by Zhao Liang, Huawei Weiran Labs.
---
src/support.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/support.c b/src/support.c
index e48075c..7978974 100644
--- a/src/support.c
+++ b/src/support.c
@@ -1405,7 +1405,7 @@ analyze_crop(int nmerger, Gt_Crop* crop, int compress_immediately)
}
found_right:
- if (compress_immediately > 0)
+ if (compress_immediately > 0 && srci->compressed)
Gif_ReleaseUncompressedImage(srci);
}

24
fix_double-free.patch
View File

@ -1,24 +0,0 @@
From 118a46090c50829dc543179019e6140e1235f909 Mon Sep 17 00:00:00 2001
From: Eddie Kohler <ekohler@gmail.com>
Date: Sat, 2 Dec 2017 23:08:51 -0500
Subject: [PATCH] gif_read: Set last_name = NULL unconditionally.
With a non-malicious GIF, last_name is set to NULL when a name
extension is followed by an image. Reported in #117, via
Debian, via a KAIST fuzzing program.
---
src/gifread.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/gifread.c b/src/gifread.c
index eec4e31..9c287dd 100644
--- a/src/gifread.c
+++ b/src/gifread.c
@@ -900,6 +900,7 @@ read_gif(Gif_Reader *grr, int read_flags,
Gif_DeleteArray(gfc.suffix);
Gif_DeleteArray(gfc.length);
gfc.gfi = 0;
+ last_name = 0;
if (gfs)
gfs->errors = gfc.errors[1];

42
fix_gifdiff_null-deref.patch
View File

@ -1,42 +0,0 @@
From 263cd4519f45bc6ecde74ee280eb1d68ee2de642 Mon Sep 17 00:00:00 2001
From: Eddie Kohler <ekohler@gmail.com>
Date: Sat, 2 Dec 2017 23:10:30 -0500
Subject: [PATCH] Two GIFs with zero images are the same.
Another KAIST report; we null-dereferenced previously.
---
src/gifdiff.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/gifdiff.c b/src/gifdiff.c
index 04721d8..40da3c1 100644
--- a/src/gifdiff.c
+++ b/src/gifdiff.c
@@ -248,12 +248,6 @@ compare(Gif_Stream *s1, Gif_Stream *s2)
Gif_CalculateScreenSize(s1, 0);
Gif_CalculateScreenSize(s2, 0);
- if (s1->nimages != s2->nimages
- && (s1->nimages == 0 || s2->nimages == 0)) {
- different("frame counts differ: <#%d >#%d", s1->nimages, s2->nimages);
- return DIFFERENT;
- }
-
if (s1->screen_width != s2->screen_width
|| s1->screen_height != s2->screen_height) {
different("screen sizes differ: <%dx%d >%dx%d", s1->screen_width,
@@ -268,6 +262,14 @@ compare(Gif_Stream *s1, Gif_Stream *s2)
return DIFFERENT;
}
+ if (s1->nimages == 0 || s2->nimages == 0) {
+ if (s1->nimages != s2->nimages) {
+ different("frame counts differ: <#%d >#%d", s1->nimages, s2->nimages);
+ return DIFFERENT;
+ } else
+ return SAME;
+ }
+
/* Create arrays for the image data */
screen_width = s1->screen_width;
screen_height = s1->screen_height;

3
gifsicle-1.90.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2d73b096752d58fa604cea559199aa6f55b45a3ec833898f94ff7997d22b834d
size 571910

3
gifsicle-1.91.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0a4ee602aa244cdcdd86a250a6b39c94d8343cf526b8fae862d8a0efc337a800
size 571588

8
gifsicle.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Jan 5 23:01:51 UTC 2018 - manfred99@gmx.ch
- drop patches fix_double-free.patch, fix_gifdiff_null-deref.patch
and fix-null-deref.patch
- upgrade to version 1.91:
* Several security bug fixes with malicious GIFs.
-------------------------------------------------------------------
Wed Jan 3 20:58:34 UTC 2018 - manfred99@gmx.ch

11
gifsicle.spec
View File

@ -17,19 +17,13 @@
Name: gifsicle
Version: 1.90
Version: 1.91
Release: 0
Summary: Creating and editing GIF images and animations
License: GPL-2.0
Group: Productivity/Graphics/Other
Url: https://www.lcdf.org/gifsicle/
Source: https://www.lcdf.org/gifsicle/%{name}-%{version}.tar.gz
# PATCH-FIX-UPSTREAM fix-null-deref.patch
Patch0: fix-null-deref.patch
# PATCH-FIX-UPSTREAM fix_double-free.patch
Patch1: fix_double-free.patch
# PATCH-FIX-UPSTREAM fix_gifdiff_null-deref.patch
Patch2: fix_gifdiff_null-deref.patch
Obsoletes: ungifsicle < %{version}
Provides: ungifsicle = %{version}
BuildRequires: pkgconfig(x11)
@ -56,9 +50,6 @@ appearance.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%build
%configure