From 9e0628cbb55369a447f9c0acf2b263d8ab1dd71b91201540e18a3cb585049124 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Tue, 19 Jan 2016 13:06:37 +0000 Subject: [PATCH] bsc#960319, CVE-2015-7555 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=35 --- giflib-5.1.1.tar.bz2 | 3 --- giflib-5.1.2.tar.bz2 | 3 +++ giflib-automake-1_13.patch | 12 +++--------- giflib-visibility.patch | 35 ++++++++++++----------------------- giflib.changes | 34 ++++++++++++++++++++++++++++++++++ giflib.spec | 4 ++-- 6 files changed, 54 insertions(+), 37 deletions(-) delete mode 100644 giflib-5.1.1.tar.bz2 create mode 100644 giflib-5.1.2.tar.bz2 diff --git a/giflib-5.1.1.tar.bz2 b/giflib-5.1.1.tar.bz2 deleted file mode 100644 index 998db44..0000000 --- a/giflib-5.1.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:391014aceb21c8b489dc7b0d0b6a917c4e32cc014ce2426d47ca376d02fe2ffc -size 654389 diff --git a/giflib-5.1.2.tar.bz2 b/giflib-5.1.2.tar.bz2 new file mode 100644 index 0000000..3584069 --- /dev/null +++ b/giflib-5.1.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:76c0a084c3b02f9315ff937b8be6096186002fea26f33e2123081ba2be6e2a7c +size 638967 diff --git a/giflib-automake-1_13.patch b/giflib-automake-1_13.patch index 1bc8253..84d3c0c 100644 --- a/giflib-automake-1_13.patch +++ b/giflib-automake-1_13.patch @@ -1,10 +1,6 @@ -Index: b/configure.ac -=================================================================== ---- a/configure.ac -+++ b/configure.ac -@@ -5,11 +5,11 @@ AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall]) - dnl Make builds less verbose. Shuts off Makefile portability checks. - m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +--- giflib-5.1.2/configure.ac 2016-01-19 13:55:58.238147631 +0100 ++++ giflib-5.1.2/configure.ac 2016-01-19 13:56:31.165397666 +0100 +@@ -8,7 +8,7 @@ dnl Note: config.h is not used in the current build dnl We leave this in place only to suppress an error message at autogen time @@ -13,5 +9,3 @@ Index: b/configure.ac AC_CONFIG_MACRO_DIR([m4]) dnl Checks for programs. - AC_PROG_CC_STDC - AC_USE_SYSTEM_EXTENSIONS diff --git a/giflib-visibility.patch b/giflib-visibility.patch index ccd5472..040645c 100644 --- a/giflib-visibility.patch +++ b/giflib-visibility.patch @@ -1,20 +1,13 @@ ---- - configure.ac | 7 +++++-- - lib/gif_hash.h | 4 ++++ - lib/gif_lib_private.h | 3 +++ - 3 files changed, 12 insertions(+), 2 deletions(-) - -Index: giflib-5.0.4/configure.ac -=================================================================== ---- giflib-5.0.4.orig/configure.ac -+++ giflib-5.0.4/configure.ac -@@ -8,11 +8,14 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_R +--- giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100 ++++ giflib-5.1.2/configure.ac 2016-01-19 13:54:45.119812921 +0100 +@@ -9,12 +9,15 @@ dnl Note: config.h is not used in the current build dnl We leave this in place only to suppress an error message at autogen time AM_CONFIG_HEADER(config.h) +AC_CONFIG_MACRO_DIR([m4]) dnl Checks for programs. + AM_PROG_AR -AC_PROG_LIBTOOL -AC_PROG_CC +AC_PROG_CC_STDC @@ -25,11 +18,9 @@ Index: giflib-5.0.4/configure.ac AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET -Index: giflib-5.0.4/lib/gif_hash.h -=================================================================== ---- giflib-5.0.4.orig/lib/gif_hash.h -+++ giflib-5.0.4/lib/gif_hash.h -@@ -25,6 +25,8 @@ gif_hash.h - magfic constants and declar +--- giflib-5.1.2/lib/gif_hash.h 2014-05-16 12:46:53.000000000 +0200 ++++ giflib-5.1.2/lib/gif_hash.h 2016-01-19 13:54:45.119812921 +0100 +@@ -25,6 +25,8 @@ #define HT_PUT_KEY(l) (l << 12) #define HT_PUT_CODE(l) (l & 0x0FFF) @@ -38,7 +29,7 @@ Index: giflib-5.0.4/lib/gif_hash.h typedef struct GifHashTableType { uint32_t HTable[HT_SIZE]; } GifHashTableType; -@@ -34,6 +36,8 @@ void _ClearHashTable(GifHashTableType *H +@@ -34,6 +36,8 @@ void _InsertHashTable(GifHashTableType *HashTable, uint32_t Key, int Code); int _ExistsHashTable(GifHashTableType *HashTable, uint32_t Key); @@ -47,11 +38,9 @@ Index: giflib-5.0.4/lib/gif_hash.h #endif /* _GIF_HASH_H_ */ /* end */ -Index: giflib-5.0.4/lib/gif_lib_private.h -=================================================================== ---- giflib-5.0.4.orig/lib/gif_lib_private.h -+++ giflib-5.0.4/lib/gif_lib_private.h -@@ -29,6 +29,8 @@ gif_lib_private.h - internal giflib rout +--- giflib-5.1.2/lib/gif_lib_private.h 2014-05-16 12:46:53.000000000 +0200 ++++ giflib-5.1.2/lib/gif_lib_private.h 2016-01-19 13:54:45.119812921 +0100 +@@ -29,6 +29,8 @@ #define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ) #define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE) @@ -60,7 +49,7 @@ Index: giflib-5.0.4/lib/gif_lib_private.h typedef struct GifFilePrivateType { GifWord FileState, FileHandle, /* Where all this data goes to! */ BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */ -@@ -54,6 +56,7 @@ typedef struct GifFilePrivateType { +@@ -54,6 +56,7 @@ bool gif89; } GifFilePrivateType; diff --git a/giflib.changes b/giflib.changes index e53cb55..084bd24 100644 --- a/giflib.changes +++ b/giflib.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Tue Jan 19 12:59:02 UTC 2016 - fstrba@suse.com + +- Update to version 5.1.2 (fixes CVE-2015-7555, bsc#960319) + * Code Fixes + + Code hardening using reallocarray() from OpenBSD. + + Sanity check in giffilter catches files with malformed + extension records. Fixes SourceForge bug #63: malformed gif + causes segfault in giffilter. + + Inexpensive sanity check in DGifSlurp() catches malformed files + with no image descriptor. Fixes SourceForge bug #64: malformed + gif causes crash in giftool. + + Fix SourceForge bug #66: GifDrawBoxedText8x8() modifying + constant input parameter. + + Bail out of GIF read on invalid pixel width. Addresses Savannah + bug #67: invalid shift in dgif_lib.c + + Fix SourceForge bug #69: #69 Malformed: Gif file with no + extension block after a GRAPHICS_EXT_FUNC_CODE extension causes + segfault (in giftext). + + Fix SourceForge bug #71: Buffer overwrite when giffixing a + malformed gif. + + Fix SourceForge bug #73: Null pointer deference in gifclrmap + (only reachable with malformed GIF). + + Fix SourceForge bug #74: Double free in gifsponge under 5.1,1, + for any valid gif image. + + Fix SourceForge bug #75: GAGetArgs overflows due to uncounted + use of va_arg. + + Sanity check in giffix catches some malformed files. Addresses + SourceForge bug #77: dgif_lib.c: extension processing error +- Modified patches: + * giflib-automake-1_13.patch + * giflib-visibility.patch + + rediff to changed context + ------------------------------------------------------------------- Thu Jan 15 13:36:49 UTC 2015 - tchvatal@suse.com diff --git a/giflib.spec b/giflib.spec index 6f4ad89..0614a17 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ # # spec file for package giflib # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define lname libgif7 Name: giflib -Version: 5.1.1 +Version: 5.1.2 Release: 0 Summary: A Library for Working with GIF Images License: MIT