SHA256
1
0
forked from pool/giflib

bsc#960319, CVE-2015-7555

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/giflib?expand=0&rev=35
This commit is contained in:
Fridrich Strba 2016-01-19 13:06:37 +00:00 committed by Git OBS Bridge
parent 59d44ded4c
commit 9e0628cbb5
6 changed files with 54 additions and 37 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:391014aceb21c8b489dc7b0d0b6a917c4e32cc014ce2426d47ca376d02fe2ffc
size 654389

3
giflib-5.1.2.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76c0a084c3b02f9315ff937b8be6096186002fea26f33e2123081ba2be6e2a7c
size 638967

View File

@ -1,10 +1,6 @@
Index: b/configure.ac
===================================================================
--- a/configure.ac
+++ b/configure.ac
@@ -5,11 +5,11 @@ AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall])
dnl Make builds less verbose. Shuts off Makefile portability checks.
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
--- giflib-5.1.2/configure.ac 2016-01-19 13:55:58.238147631 +0100
+++ giflib-5.1.2/configure.ac 2016-01-19 13:56:31.165397666 +0100
@@ -8,7 +8,7 @@
dnl Note: config.h is not used in the current build
dnl We leave this in place only to suppress an error message at autogen time
@ -13,5 +9,3 @@ Index: b/configure.ac
AC_CONFIG_MACRO_DIR([m4])
dnl Checks for programs.
AC_PROG_CC_STDC
AC_USE_SYSTEM_EXTENSIONS

View File

@ -1,20 +1,13 @@
---
configure.ac | 7 +++++--
lib/gif_hash.h | 4 ++++
lib/gif_lib_private.h | 3 +++
3 files changed, 12 insertions(+), 2 deletions(-)
Index: giflib-5.0.4/configure.ac
===================================================================
--- giflib-5.0.4.orig/configure.ac
+++ giflib-5.0.4/configure.ac
@@ -8,11 +8,14 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_R
--- giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100
+++ giflib-5.1.2/configure.ac 2016-01-19 13:54:45.119812921 +0100
@@ -9,12 +9,15 @@
dnl Note: config.h is not used in the current build
dnl We leave this in place only to suppress an error message at autogen time
AM_CONFIG_HEADER(config.h)
+AC_CONFIG_MACRO_DIR([m4])
dnl Checks for programs.
AM_PROG_AR
-AC_PROG_LIBTOOL
-AC_PROG_CC
+AC_PROG_CC_STDC
@ -25,11 +18,9 @@ Index: giflib-5.0.4/configure.ac
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
Index: giflib-5.0.4/lib/gif_hash.h
===================================================================
--- giflib-5.0.4.orig/lib/gif_hash.h
+++ giflib-5.0.4/lib/gif_hash.h
@@ -25,6 +25,8 @@ gif_hash.h - magfic constants and declar
--- giflib-5.1.2/lib/gif_hash.h 2014-05-16 12:46:53.000000000 +0200
+++ giflib-5.1.2/lib/gif_hash.h 2016-01-19 13:54:45.119812921 +0100
@@ -25,6 +25,8 @@
#define HT_PUT_KEY(l) (l << 12)
#define HT_PUT_CODE(l) (l & 0x0FFF)
@ -38,7 +29,7 @@ Index: giflib-5.0.4/lib/gif_hash.h
typedef struct GifHashTableType {
uint32_t HTable[HT_SIZE];
} GifHashTableType;
@@ -34,6 +36,8 @@ void _ClearHashTable(GifHashTableType *H
@@ -34,6 +36,8 @@
void _InsertHashTable(GifHashTableType *HashTable, uint32_t Key, int Code);
int _ExistsHashTable(GifHashTableType *HashTable, uint32_t Key);
@ -47,11 +38,9 @@ Index: giflib-5.0.4/lib/gif_hash.h
#endif /* _GIF_HASH_H_ */
/* end */
Index: giflib-5.0.4/lib/gif_lib_private.h
===================================================================
--- giflib-5.0.4.orig/lib/gif_lib_private.h
+++ giflib-5.0.4/lib/gif_lib_private.h
@@ -29,6 +29,8 @@ gif_lib_private.h - internal giflib rout
--- giflib-5.1.2/lib/gif_lib_private.h 2014-05-16 12:46:53.000000000 +0200
+++ giflib-5.1.2/lib/gif_lib_private.h 2016-01-19 13:54:45.119812921 +0100
@@ -29,6 +29,8 @@
#define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ)
#define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE)
@ -60,7 +49,7 @@ Index: giflib-5.0.4/lib/gif_lib_private.h
typedef struct GifFilePrivateType {
GifWord FileState, FileHandle, /* Where all this data goes to! */
BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */
@@ -54,6 +56,7 @@ typedef struct GifFilePrivateType {
@@ -54,6 +56,7 @@
bool gif89;
} GifFilePrivateType;

View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Tue Jan 19 12:59:02 UTC 2016 - fstrba@suse.com
- Update to version 5.1.2 (fixes CVE-2015-7555, bsc#960319)
* Code Fixes
+ Code hardening using reallocarray() from OpenBSD.
+ Sanity check in giffilter catches files with malformed
extension records. Fixes SourceForge bug #63: malformed gif
causes segfault in giffilter.
+ Inexpensive sanity check in DGifSlurp() catches malformed files
with no image descriptor. Fixes SourceForge bug #64: malformed
gif causes crash in giftool.
+ Fix SourceForge bug #66: GifDrawBoxedText8x8() modifying
constant input parameter.
+ Bail out of GIF read on invalid pixel width. Addresses Savannah
bug #67: invalid shift in dgif_lib.c
+ Fix SourceForge bug #69: #69 Malformed: Gif file with no
extension block after a GRAPHICS_EXT_FUNC_CODE extension causes
segfault (in giftext).
+ Fix SourceForge bug #71: Buffer overwrite when giffixing a
malformed gif.
+ Fix SourceForge bug #73: Null pointer deference in gifclrmap
(only reachable with malformed GIF).
+ Fix SourceForge bug #74: Double free in gifsponge under 5.1,1,
for any valid gif image.
+ Fix SourceForge bug #75: GAGetArgs overflows due to uncounted
use of va_arg.
+ Sanity check in giffix catches some malformed files. Addresses
SourceForge bug #77: dgif_lib.c: extension processing error
- Modified patches:
* giflib-automake-1_13.patch
* giflib-visibility.patch
+ rediff to changed context
-------------------------------------------------------------------
Thu Jan 15 13:36:49 UTC 2015 - tchvatal@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package giflib
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
%define lname libgif7
Name: giflib
Version: 5.1.1
Version: 5.1.2
Release: 0
Summary: A Library for Working with GIF Images
License: MIT