update giflib-5.1.4

2020-07-24 17:09:17 +08:00 · 2020-07-24 17:09:17 +08:00 · 622efcc29d
commit 622efcc29d
parent 04c90610c2
6 changed files with 12 additions and 99 deletions
--- a/CVE-2016-3977.patch
+++ b/CVE-2016-3977.patch
@ -1,48 +0,0 @@
--- a/lib/dgif_lib.c	2016-04-02 23:34:00.000000000 +0800
-+++ b/lib/dgif_lib_1.c	2019-07-17 11:42:30.488000000 +0800
-@@ -288,7 +288,11 @@ DGifGetScreenDesc(GifFileType *GifFile)
-     } else {
-         GifFile->SColorMap = NULL;
-     }
-
-+    /*
-+     * No check here for whether the background color is in range for the
-+     * screen color map.  Possibly there should be.
-+     */
-+ 
-     return GIF_OK;
- }
- 
--- a/util/gif2rgb.c	2016-03-18 00:24:17.000000000 +0800
-+++ b/util/gif2rgb_1.c	2019-07-17 11:45:22.044000000 +0800
-@@ -15,7 +15,7 @@ Toshio Kuratomi had written this in a co
- 
- I (ESR) took this off the main to-do list in 2012 because I don't think
- the GIFLIB project actually needs to be in the converters-and-tools business.
-Plenty of hackers do that; our jub is to supply stable library capability
-+Plenty of hackers do that; our job is to supply stable library capability
- with our utilities mainly interesting as test tools.
- 
- ***************************************************************************/
-@@ -461,7 +461,7 @@ static void GIF2RGB(int NumFiles, char *
- 		break;
- 	}
-     } while (RecordType != TERMINATE_RECORD_TYPE);
-
-+    
-     /* Lets dump it - set the global variables required and do it: */
-     ColorMap = (GifFile->Image.ColorMap
- 		? GifFile->Image.ColorMap
-@@ -471,6 +471,12 @@ static void GIF2RGB(int NumFiles, char *
-         exit(EXIT_FAILURE);
-     }
- 
-+    /* check that the background color isn't garbage (SF bug #87) */
-+    if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) {
-+        fprintf(stderr, "Background color out of range for colormap\n");
-+        exit(EXIT_FAILURE);
-+    }
-+
-     DumpScreen2RGB(OutFileName, OneFileFlag,
- 		   ColorMap,
- 		   ScreenBuffer, 
--- a/CVE-2018-11490.patch
+++ b/CVE-2018-11490.patch
@ -1,25 +0,0 @@
-From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001
-From: "Eric S. Raymond" <esr@thyrsus.com>
-Date: Sat, 9 Feb 2019 10:52:21 -0500
-Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function
- DGifDecompressLine()...
-
-This was CVE-2018-11490
---
- lib/dgif_lib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: giflib-5.1.4/lib/dgif_lib.c
-===================================================================
--- giflib-5.1.4.orig/lib/dgif_lib.c
-+++ giflib-5.1.4/lib/dgif_lib.c
-@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile,
-                 while (StackPtr != 0 && i < LineLen)
-                     Line[i++] = Stack[--StackPtr];
-             }
-            if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
-+            if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
-                 Prefix[Private->RunningCode - 2] = LastCode;
- 
-                 if (CrntCode == Private->RunningCode - 2) {
-
--- a/CVE-2019-15133.patch
+++ b/CVE-2019-15133.patch
@ -1,11 +0,0 @@
--- a/lib/dgif_lib.c	2019-10-15 07:16:42.457000000 -0400
-+++ b/lib/dgif_lib-1.c	2019-10-15 07:18:08.173000000 -0400
-@@ -1103,7 +1103,7 @@ DGifSlurp(GifFileType *GifFile)
- 
-               sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
-               /* Allocate memory for the image */
-              if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
-+              if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 &&
-                       sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
-                   return GIF_ERROR;
-               }
--- a/giflib-5.1.4.tar.bz2
+++ b/giflib-5.1.4.tar.bz2
--- a/giflib-5.2.1.tar.gz
+++ b/giflib-5.2.1.tar.gz
--- a/giflib.spec
+++ b/giflib.spec
@ -1,18 +1,13 @@
 Name:          giflib
-Version:       5.1.4
-Release:       6
+Version:       5.2.1
+Release:       1
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
-Source:        http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2
+Source:        http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.gz

-Patch6000:     CVE-2016-3977.patch
-Patch6001:     CVE-2019-15133.patch
-Patch6002:     CVE-2018-11490.patch
-
-BuildRequires: make xmlto
+BuildRequires: make xmlto gcc
 provides:      giflib-utils
-Obsoletes:     giflib-utils

 %description
 giflib is a library of gif images and provides utilities for processing images.
@ -30,23 +25,22 @@ development header files, libraries for programs using the giflib library.
 %autosetup -n %{name}-%{version} -p1

 %build
-%configure
-sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
-sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %make_build

 %install
-%make_install
+%make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}"
 rm -f doc/Makefile*

+rm -f %{buildroot}/debugsourcefiles.list
+
 %ldconfig_scriptlets

 %files
 %defattr(-,root,root)
-%doc AUTHORS ChangeLog NEWS README
+%doc ChangeLog NEWS README
 %license COPYING
 %{_libdir}/libgif.so.7*
-%exclude %{_libdir}/*.{a,la}
+%exclude %{_libdir}/*.a
 %{_bindir}/gif*

 %files devel
@ -60,6 +54,9 @@ rm -f doc/Makefile*
 %{_mandir}/man1/gif*.1*

 %changelog
+* Thu Jul 23 2020 hanhui <hanhui15@huawei.com> - 5.2.1-1
+- update to 5.2.1
+
 * Wed Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 5.1.4-6
 - add the require for devel