packages/giflib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
dogsheng 2019-12-25 15:46:31 +08:00
parent ce0a07f0a9
commit cbb8f7c291
3 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2018-11490.patch Normal file
View File

@ -0,0 +1,25 @@
From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Sat, 9 Feb 2019 10:52:21 -0500
Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function
DGifDecompressLine()...
This was CVE-2018-11490
---
lib/dgif_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: giflib-5.1.4/lib/dgif_lib.c
===================================================================
--- giflib-5.1.4.orig/lib/dgif_lib.c
+++ giflib-5.1.4/lib/dgif_lib.c
@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile,
while (StackPtr != 0 && i < LineLen)
Line[i++] = Stack[--StackPtr];
}
- if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
+ if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
Prefix[Private->RunningCode - 2] = LastCode;
if (CrntCode == Private->RunningCode - 2) {

11
CVE-2019-15133.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/lib/dgif_lib.c 2019-10-15 07:16:42.457000000 -0400
+++ b/lib/dgif_lib-1.c 2019-10-15 07:18:08.173000000 -0400
@@ -1103,7 +1103,7 @@ DGifSlurp(GifFileType *GifFile)
sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
/* Allocate memory for the image */
- if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
+ if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 &&
sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
return GIF_ERROR;
}

12
giflib.spec
View File

@ -1,12 +1,14 @@
Name: giflib Name: giflib
Version: 5.1.4 Version: 5.1.4
Release: 3 Release: 4
Summary: A library and utilities for processing GIFs Summary: A library and utilities for processing GIFs
License: MIT License: MIT
URL: http://www.sourceforge.net/projects/giflib/ URL: http://www.sourceforge.net/projects/giflib/
Source: http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2 Source: http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2
Patch6000: CVE-2016-3977.patch Patch6000: CVE-2016-3977.patch
Patch6001: CVE-2019-15133.patch
Patch6002: CVE-2018-11490.patch
BuildRequires: make xmlto BuildRequires: make xmlto
provides: giflib-utils provides: giflib-utils
@ -58,5 +60,11 @@ rm -f doc/Makefile*
%{_mandir}/man1/gif*.1* %{_mandir}/man1/gif*.1*
%changelog %changelog
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.1.4-4
- Type:cves
- ID:NA
- SUG:NA
- DESC:Add CVE patches
* Tue Sep 10 2019 Lijin Yang <yanglijin@huawei.com> - 5.1.4-3 * Tue Sep 10 2019 Lijin Yang <yanglijin@huawei.com> - 5.1.4-3
- Package init - Package init