commit ce0a07f0a9651f1ef3f1904faa4cdb3f9337eded Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 10:40:34 2019 -0400 Package init diff --git a/CVE-2016-3977.patch b/CVE-2016-3977.patch new file mode 100644 index 0000000..f912d41 --- /dev/null +++ b/CVE-2016-3977.patch @@ -0,0 +1,48 @@ +--- a/lib/dgif_lib.c 2016-04-02 23:34:00.000000000 +0800 ++++ b/lib/dgif_lib_1.c 2019-07-17 11:42:30.488000000 +0800 +@@ -288,7 +288,11 @@ DGifGetScreenDesc(GifFileType *GifFile) + } else { + GifFile->SColorMap = NULL; + } +- ++ /* ++ * No check here for whether the background color is in range for the ++ * screen color map. Possibly there should be. ++ */ ++ + return GIF_OK; + } + +--- a/util/gif2rgb.c 2016-03-18 00:24:17.000000000 +0800 ++++ b/util/gif2rgb_1.c 2019-07-17 11:45:22.044000000 +0800 +@@ -15,7 +15,7 @@ Toshio Kuratomi had written this in a co + + I (ESR) took this off the main to-do list in 2012 because I don't think + the GIFLIB project actually needs to be in the converters-and-tools business. +-Plenty of hackers do that; our jub is to supply stable library capability ++Plenty of hackers do that; our job is to supply stable library capability + with our utilities mainly interesting as test tools. + + ***************************************************************************/ +@@ -461,7 +461,7 @@ static void GIF2RGB(int NumFiles, char * + break; + } + } while (RecordType != TERMINATE_RECORD_TYPE); +- ++ + /* Lets dump it - set the global variables required and do it: */ + ColorMap = (GifFile->Image.ColorMap + ? GifFile->Image.ColorMap +@@ -471,6 +471,12 @@ static void GIF2RGB(int NumFiles, char * + exit(EXIT_FAILURE); + } + ++ /* check that the background color isn't garbage (SF bug #87) */ ++ if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) { ++ fprintf(stderr, "Background color out of range for colormap\n"); ++ exit(EXIT_FAILURE); ++ } ++ + DumpScreen2RGB(OutFileName, OneFileFlag, + ColorMap, + ScreenBuffer, diff --git a/giflib-5.1.4.tar.bz2 b/giflib-5.1.4.tar.bz2 new file mode 100644 index 0000000..a3b103a Binary files /dev/null and b/giflib-5.1.4.tar.bz2 differ diff --git a/giflib.spec b/giflib.spec new file mode 100644 index 0000000..c3630bf --- /dev/null +++ b/giflib.spec @@ -0,0 +1,62 @@ +Name: giflib +Version: 5.1.4 +Release: 3 +Summary: A library and utilities for processing GIFs +License: MIT +URL: http://www.sourceforge.net/projects/giflib/ +Source: http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.bz2 + +Patch6000: CVE-2016-3977.patch + +BuildRequires: make xmlto +provides: giflib-utils +Obsoletes: giflib-utils + +%description +giflib is a library of gif images and provides utilities for processing images. + +%package devel +Summary: files for developing programs which use the giflib library + +%description devel +development header files, libraries for programs using the giflib library. + +%package help +Summary: help document for manipulating GIF format image files +Buildarch: noarch + +%description help +help document for manipulating GIF format image files + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +%configure +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool +%make_build + +%install +%make_install +rm -f doc/Makefile* + +%ldconfig_scriptlets + +%files +%doc AUTHORS ChangeLog NEWS README COPYING +%{_libdir}/libgif.so.7* +%exclude %{_libdir}/*.{a,la} +%{_bindir}/gif* + +%files devel +%doc doc/* +%{_libdir}/libgif.so +%{_includedir}/gif_lib.h + +%files help +%{_mandir}/man1/gif*.1* + +%changelog +* Tue Sep 10 2019 Lijin Yang - 5.1.4-3 +- Package init \ No newline at end of file