diff --git a/CVE-2016-3977.patch b/CVE-2016-3977.patch deleted file mode 100644 index f912d41..0000000 --- a/CVE-2016-3977.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- a/lib/dgif_lib.c 2016-04-02 23:34:00.000000000 +0800 -+++ b/lib/dgif_lib_1.c 2019-07-17 11:42:30.488000000 +0800 -@@ -288,7 +288,11 @@ DGifGetScreenDesc(GifFileType *GifFile) - } else { - GifFile->SColorMap = NULL; - } -- -+ /* -+ * No check here for whether the background color is in range for the -+ * screen color map. Possibly there should be. -+ */ -+ - return GIF_OK; - } - ---- a/util/gif2rgb.c 2016-03-18 00:24:17.000000000 +0800 -+++ b/util/gif2rgb_1.c 2019-07-17 11:45:22.044000000 +0800 -@@ -15,7 +15,7 @@ Toshio Kuratomi had written this in a co - - I (ESR) took this off the main to-do list in 2012 because I don't think - the GIFLIB project actually needs to be in the converters-and-tools business. --Plenty of hackers do that; our jub is to supply stable library capability -+Plenty of hackers do that; our job is to supply stable library capability - with our utilities mainly interesting as test tools. - - ***************************************************************************/ -@@ -461,7 +461,7 @@ static void GIF2RGB(int NumFiles, char * - break; - } - } while (RecordType != TERMINATE_RECORD_TYPE); -- -+ - /* Lets dump it - set the global variables required and do it: */ - ColorMap = (GifFile->Image.ColorMap - ? GifFile->Image.ColorMap -@@ -471,6 +471,12 @@ static void GIF2RGB(int NumFiles, char * - exit(EXIT_FAILURE); - } - -+ /* check that the background color isn't garbage (SF bug #87) */ -+ if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) { -+ fprintf(stderr, "Background color out of range for colormap\n"); -+ exit(EXIT_FAILURE); -+ } -+ - DumpScreen2RGB(OutFileName, OneFileFlag, - ColorMap, - ScreenBuffer, diff --git a/CVE-2018-11490.patch b/CVE-2018-11490.patch deleted file mode 100644 index 3200ce6..0000000 --- a/CVE-2018-11490.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001 -From: "Eric S. Raymond" -Date: Sat, 9 Feb 2019 10:52:21 -0500 -Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function - DGifDecompressLine()... - -This was CVE-2018-11490 ---- - lib/dgif_lib.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: giflib-5.1.4/lib/dgif_lib.c -=================================================================== ---- giflib-5.1.4.orig/lib/dgif_lib.c -+++ giflib-5.1.4/lib/dgif_lib.c -@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile, - while (StackPtr != 0 && i < LineLen) - Line[i++] = Stack[--StackPtr]; - } -- if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) { -+ if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) { - Prefix[Private->RunningCode - 2] = LastCode; - - if (CrntCode == Private->RunningCode - 2) { - diff --git a/CVE-2019-15133.patch b/CVE-2019-15133.patch deleted file mode 100644 index 9ce7034..0000000 --- a/CVE-2019-15133.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/lib/dgif_lib.c 2019-10-15 07:16:42.457000000 -0400 -+++ b/lib/dgif_lib-1.c 2019-10-15 07:18:08.173000000 -0400 -@@ -1103,7 +1103,7 @@ DGifSlurp(GifFileType *GifFile) - - sp = &GifFile->SavedImages[GifFile->ImageCount - 1]; - /* Allocate memory for the image */ -- if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 && -+ if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 && - sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) { - return GIF_ERROR; - } diff --git a/giflib-5.1.4.tar.bz2 b/giflib-5.1.4.tar.bz2 deleted file mode 100644 index a3b103a..0000000 Binary files a/giflib-5.1.4.tar.bz2 and /dev/null differ diff --git a/giflib-5.2.1.tar.gz b/giflib-5.2.1.tar.gz new file mode 100644 index 0000000..f5555f5 Binary files /dev/null and b/giflib-5.2.1.tar.gz differ diff --git a/giflib.spec b/giflib.spec index b8a7294..f66cbd5 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,18 +1,15 @@ +%define debug_package %{nil} + Name: giflib -Version: 5.1.4 -Release: 6 +Version: 5.2.1 +Release: 1 Summary: A library and utilities for processing GIFs License: MIT URL: http://www.sourceforge.net/projects/giflib/ -Source: http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2 +Source: http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.gz -Patch6000: CVE-2016-3977.patch -Patch6001: CVE-2019-15133.patch -Patch6002: CVE-2018-11490.patch - -BuildRequires: make xmlto +BuildRequires: make xmlto gcc provides: giflib-utils -Obsoletes: giflib-utils %description giflib is a library of gif images and provides utilities for processing images. @@ -30,23 +27,22 @@ development header files, libraries for programs using the giflib library. %autosetup -n %{name}-%{version} -p1 %build -%configure -sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool -sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %make_build %install -%make_install +%make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}" rm -f doc/Makefile* +rm -f %{buildroot}/debugsourcefiles.list + %ldconfig_scriptlets %files %defattr(-,root,root) -%doc AUTHORS ChangeLog NEWS README +%doc ChangeLog NEWS README %license COPYING %{_libdir}/libgif.so.7* -%exclude %{_libdir}/*.{a,la} +%exclude %{_libdir}/*.a %{_bindir}/gif* %files devel @@ -60,6 +56,9 @@ rm -f doc/Makefile* %{_mandir}/man1/gif*.1* %changelog +* Thu Jul 23 2020 hanhui - 5.2.1-1 +- update to 5.2.1 + * Wed Jan 15 2020 openEuler Buildteam - 5.1.4-6 - add the require for devel