Package init

2019-12-25 15:46:31 +08:00 · 2019-12-25 15:46:31 +08:00 · cbb8f7c291
commit cbb8f7c291
parent ce0a07f0a9
3 changed files with 46 additions and 2 deletions
--- a/CVE-2018-11490.patch
+++ b/CVE-2018-11490.patch
@ -0,0 +1,25 @@
+From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Sat, 9 Feb 2019 10:52:21 -0500
+Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function
+ DGifDecompressLine()...
+
+This was CVE-2018-11490
+---
+ lib/dgif_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: giflib-5.1.4/lib/dgif_lib.c
+===================================================================
+--- giflib-5.1.4.orig/lib/dgif_lib.c
+++ giflib-5.1.4/lib/dgif_lib.c
+@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile,
+                 while (StackPtr != 0 && i < LineLen)
+                     Line[i++] = Stack[--StackPtr];
+             }
+-            if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
+            if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
+                 Prefix[Private->RunningCode - 2] = LastCode;
+ 
+                 if (CrntCode == Private->RunningCode - 2) {
+
--- a/CVE-2019-15133.patch
+++ b/CVE-2019-15133.patch
@ -0,0 +1,11 @@
+--- a/lib/dgif_lib.c	2019-10-15 07:16:42.457000000 -0400
+++ b/lib/dgif_lib-1.c	2019-10-15 07:18:08.173000000 -0400
+@@ -1103,7 +1103,7 @@ DGifSlurp(GifFileType *GifFile)
+ 
+               sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
+               /* Allocate memory for the image */
+-              if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
+              if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 &&
+                       sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
+                   return GIF_ERROR;
+               }
--- a/giflib.spec
+++ b/giflib.spec
@ -1,12 +1,14 @@
 Name:          giflib
 Version:       5.1.4
-Release:       3
+Release:       4
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
 Source:        http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2

 Patch6000:     CVE-2016-3977.patch
+Patch6001:     CVE-2019-15133.patch
+Patch6002:     CVE-2018-11490.patch

 BuildRequires: make xmlto
 provides:      giflib-utils
@ -58,5 +60,11 @@ rm -f doc/Makefile*
 %{_mandir}/man1/gif*.1*

 %changelog
+* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.1.4-4
+- Type:cves
+- ID:NA
+- SUG:NA
+- DESC:Add CVE patches
+
 * Tue Sep 10 2019 Lijin Yang <yanglijin@huawei.com> - 5.1.4-3
- Package init
+- Package init