update to 5.2.1

2020-05-11 22:29:33 +08:00 · 2020-05-11 22:29:33 +08:00 · f8670c5d3a
commit f8670c5d3a
parent b00405a446
9 changed files with 87 additions and 101 deletions
--- a/CVE-2016-3977.patch
+++ b/CVE-2016-3977.patch
@ -1,48 +0,0 @@
 --- a/lib/dgif_lib.c	2016-04-02 23:34:00.000000000 +0800
 +++ b/lib/dgif_lib_1.c	2019-07-17 11:42:30.488000000 +0800
@@ -288,7 +288,11 @@ DGifGetScreenDesc(GifFileType *GifFile)
     } else {
         GifFile->SColorMap = NULL;
     }
 -
 +    /*
 +     * No check here for whether the background color is in range for the
 +     * screen color map.  Possibly there should be.
 +     */
 + 
     return GIF_OK;
 }
 --- a/util/gif2rgb.c	2016-03-18 00:24:17.000000000 +0800
 +++ b/util/gif2rgb_1.c	2019-07-17 11:45:22.044000000 +0800
@@ -15,7 +15,7 @@ Toshio Kuratomi had written this in a co
 I (ESR) took this off the main to-do list in 2012 because I don't think
 the GIFLIB project actually needs to be in the converters-and-tools business.
 -Plenty of hackers do that; our jub is to supply stable library capability
 +Plenty of hackers do that; our job is to supply stable library capability
 with our utilities mainly interesting as test tools.
 ***************************************************************************/
@@ -461,7 +461,7 @@ static void GIF2RGB(int NumFiles, char *
 		break;
 	}
     } while (RecordType != TERMINATE_RECORD_TYPE);
 -
 +    
     /* Lets dump it - set the global variables required and do it: */
     ColorMap = (GifFile->Image.ColorMap
 		? GifFile->Image.ColorMap
@@ -471,6 +471,12 @@ static void GIF2RGB(int NumFiles, char *
         exit(EXIT_FAILURE);
     }
 +    /* check that the background color isn't garbage (SF bug #87) */
 +    if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) {
 +        fprintf(stderr, "Background color out of range for colormap\n");
 +        exit(EXIT_FAILURE);
 +    }
 +
     DumpScreen2RGB(OutFileName, OneFileFlag,
 		   ColorMap,
 		   ScreenBuffer, 
--- a/CVE-2018-11490.patch
+++ b/CVE-2018-11490.patch
@ -1,25 +0,0 @@
 From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001
 From: "Eric S. Raymond" <esr@thyrsus.com>
 Date: Sat, 9 Feb 2019 10:52:21 -0500
 Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function
 DGifDecompressLine()...
 This was CVE-2018-11490
 ---
 lib/dgif_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 Index: giflib-5.1.4/lib/dgif_lib.c
 ===================================================================
 --- giflib-5.1.4.orig/lib/dgif_lib.c
 +++ giflib-5.1.4/lib/dgif_lib.c
@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile,
                 while (StackPtr != 0 && i < LineLen)
                     Line[i++] = Stack[--StackPtr];
             }
 -            if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
 +            if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
                 Prefix[Private->RunningCode - 2] = LastCode;
                 if (CrntCode == Private->RunningCode - 2) {
--- a/CVE-2019-15133.patch
+++ b/CVE-2019-15133.patch
@ -1,11 +0,0 @@
 --- a/lib/dgif_lib.c	2019-10-15 07:16:42.457000000 -0400
 +++ b/lib/dgif_lib-1.c	2019-10-15 07:18:08.173000000 -0400
@@ -1103,7 +1103,7 @@ DGifSlurp(GifFileType *GifFile)
               sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
               /* Allocate memory for the image */
 -              if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
 +              if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 &&
                       sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
                   return GIF_ERROR;
               }
--- a/giflib-5.1.4.tar.bz2
+++ b/giflib-5.1.4.tar.bz2
--- a/giflib-5.2.1.tar.gz
+++ b/giflib-5.2.1.tar.gz
--- a/giflib.spec
+++ b/giflib.spec
@ -1,18 +1,18 @@
 Name:          giflib
-Version:       5.1.4
+Version:       5.2.1
-Release:       6
+Release:       1
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
-Source:        http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2
+Source:        http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.gz
-Patch6000:     CVE-2016-3977.patch
+Patch6001:     giflib_quantize.patch
-Patch6001:     CVE-2019-15133.patch
+Patch6002:     giflib_coverity.patch
-Patch6002:     CVE-2018-11490.patch
+Patch6003:     giflib_html-docs-consistent-ids.patch
-BuildRequires: make xmlto
+BuildRequires: make xmlto gcc
-provides:      giflib-utils
+provides:      giflib-utils = %{name}-%{version}
-Obsoletes:     giflib-utils
+Obsoletes:     giflib-utils < %{name}-%{version}
 %description
 giflib is a library of gif images and provides utilities for processing images.
@ -30,23 +30,19 @@ development header files, libraries for programs using the giflib library.
 %autosetup -n %{name}-%{version} -p1
 %build
-%configure
+%make_build CFLAGS="%{optflags} -fPIC" LDFLAGS="%{__global_ldflags}"
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %make_build
 %install
-%make_install
+%make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}"
-rm -f doc/Makefile*
+rm -f %{buildroot}%{_libdir}/libgif.a
 %ldconfig_scriptlets
 %files
 %defattr(-,root,root)
-%doc AUTHORS ChangeLog NEWS README
+%doc ChangeLog NEWS README
 %license COPYING
 %{_libdir}/libgif.so.7*
 %exclude %{_libdir}/*.{a,la}
 %{_bindir}/gif*
 %files devel
@ -60,6 +56,9 @@ rm -f doc/Makefile*
 %{_mandir}/man1/gif*.1*
 %changelog
 * Tue Apr 14 2020 zhangrui <zhangrui182@huawei.com> - 5.2.1-1
 - Update to 5.2.1
 * Wed Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 5.1.4-6
 - add the require for devel
--- a/giflib_coverity.patch
+++ b/giflib_coverity.patch
@ -0,0 +1,43 @@
 diff -rupN --no-dereference giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c
 --- giflib-5.2.1/gif2rgb.c	2019-06-24 09:24:27.000000000 +0200
 +++ giflib-5.2.1-new/gif2rgb.c	2020-02-17 16:51:04.468397502 +0100
@@ -170,6 +170,8 @@ static void SaveGif(GifByteType *OutputB
     /* Open stdout for the output file: */
     if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) {
 	PrintGifError(Error);
 +	free(OutputBuffer);
 +	GifFreeMapObject(OutputColorMap);
 	exit(EXIT_FAILURE);
     }
@@ -179,6 +181,8 @@ static void SaveGif(GifByteType *OutputB
 	EGifPutImageDesc(GifFile,
 			 0, 0, Width, Height, false, NULL) == GIF_ERROR) {
 	PrintGifError(Error);
 +	free(OutputBuffer);
 +	GifFreeMapObject(OutputColorMap);
 	exit(EXIT_FAILURE);
     }
@@ -187,8 +191,11 @@ static void SaveGif(GifByteType *OutputB
 	       GifFile->Image.Width, GifFile->Image.Height);
     for (i = 0; i < Height; i++) {
 -	if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR)
 +	if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) {
 +	    free(OutputBuffer);
 +	    GifFreeMapObject(OutputColorMap);
 	    exit(EXIT_FAILURE);
 +        }
 	GifQprintf("\b\b\b\b%-4d", Height - i - 1);
 	Ptr += Width;
@@ -196,6 +203,8 @@ static void SaveGif(GifByteType *OutputB
     if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) {
 	PrintGifError(Error);
 +	free(OutputBuffer);
 +	GifFreeMapObject(OutputColorMap);
 	exit(EXIT_FAILURE);
     }
 }
--- a/giflib_html-docs-consistent-ids.patch
+++ b/giflib_html-docs-consistent-ids.patch
@ -0,0 +1,12 @@
 diff -rupN --no-dereference giflib-5.2.1/doc/Makefile giflib-5.2.1-new/doc/Makefile
 --- giflib-5.2.1/doc/Makefile	2019-03-28 18:05:25.000000000 +0100
 +++ giflib-5.2.1-new/doc/Makefile	2020-02-17 16:51:04.489397582 +0100
@@ -1,7 +1,7 @@
 .SUFFIXES: .xml .html .txt .adoc .1
 .xml.html:
 -	xmlto xhtml-nochunks $<
 +	xmlto --stringparam generate.consistent.ids=1 xhtml-nochunks $<
 .xml.1:
 	xmlto man $<
--- a/giflib_quantize.patch
+++ b/giflib_quantize.patch
@ -0,0 +1,16 @@
 diff -rupN --no-dereference giflib-5.2.1/Makefile giflib-5.2.1-new/Makefile
 --- giflib-5.2.1/Makefile	2019-06-24 18:08:57.000000000 +0200
 +++ giflib-5.2.1-new/Makefile	2020-02-17 16:51:04.450397434 +0100
@@ -29,11 +29,11 @@ LIBPOINT=0
 LIBVER=$(LIBMAJOR).$(LIBMINOR).$(LIBPOINT)
 SOURCES = dgif_lib.c egif_lib.c gifalloc.c gif_err.c gif_font.c \
 -	gif_hash.c openbsd-reallocarray.c
 +	gif_hash.c openbsd-reallocarray.c quantize.c
 HEADERS = gif_hash.h  gif_lib.h  gif_lib_private.h
 OBJECTS = $(SOURCES:.c=.o)
 -USOURCES = qprintf.c quantize.c getarg.c 
 +USOURCES = qprintf.c getarg.c
 UHEADERS = getarg.h
 UOBJECTS = $(USOURCES:.c=.o)