From cbb8f7c291e2eab6d1f2a2030637e1e5f99bd2a1 Mon Sep 17 00:00:00 2001
From: dogsheng <960055655@qq.com>
Date: Wed, 25 Dec 2019 15:46:31 +0800
Subject: [PATCH] Package init

---
 CVE-2018-11490.patch | 25 +++++++++++++++++++++++++
 CVE-2019-15133.patch | 11 +++++++++++
 giflib.spec          | 12 ++++++++++--
 3 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2018-11490.patch
 create mode 100644 CVE-2019-15133.patch

diff --git a/CVE-2018-11490.patch b/CVE-2018-11490.patch
new file mode 100644
index 0000000..3200ce6
--- /dev/null
+++ b/CVE-2018-11490.patch
@@ -0,0 +1,25 @@
+From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Sat, 9 Feb 2019 10:52:21 -0500
+Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function
+ DGifDecompressLine()...
+
+This was CVE-2018-11490
+---
+ lib/dgif_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: giflib-5.1.4/lib/dgif_lib.c
+===================================================================
+--- giflib-5.1.4.orig/lib/dgif_lib.c
++++ giflib-5.1.4/lib/dgif_lib.c
+@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile,
+                 while (StackPtr != 0 && i < LineLen)
+                     Line[i++] = Stack[--StackPtr];
+             }
+-            if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
++            if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
+                 Prefix[Private->RunningCode - 2] = LastCode;
+ 
+                 if (CrntCode == Private->RunningCode - 2) {
+
diff --git a/CVE-2019-15133.patch b/CVE-2019-15133.patch
new file mode 100644
index 0000000..9ce7034
--- /dev/null
+++ b/CVE-2019-15133.patch
@@ -0,0 +1,11 @@
+--- a/lib/dgif_lib.c	2019-10-15 07:16:42.457000000 -0400
++++ b/lib/dgif_lib-1.c	2019-10-15 07:18:08.173000000 -0400
+@@ -1103,7 +1103,7 @@ DGifSlurp(GifFileType *GifFile)
+ 
+               sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
+               /* Allocate memory for the image */
+-              if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
++              if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 &&
+                       sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
+                   return GIF_ERROR;
+               }
diff --git a/giflib.spec b/giflib.spec
index c3630bf..e29a046 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -1,12 +1,14 @@
 Name:          giflib
 Version:       5.1.4
-Release:       3
+Release:       4
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
 Source:        http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2
 
 Patch6000:     CVE-2016-3977.patch
+Patch6001:     CVE-2019-15133.patch
+Patch6002:     CVE-2018-11490.patch
 
 BuildRequires: make xmlto
 provides:      giflib-utils
@@ -58,5 +60,11 @@ rm -f doc/Makefile*
 %{_mandir}/man1/gif*.1*
 
 %changelog
+* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.1.4-4
+- Type:cves
+- ID:NA
+- SUG:NA
+- DESC:Add CVE patches
+
 * Tue Sep 10 2019 Lijin Yang <yanglijin@huawei.com> - 5.1.4-3
-- Package init
\ No newline at end of file
+- Package init