packages/giflib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:36b76a671b48f98f047ce634d670ff3e5245f56d
Branches Tags
packages:main
...
compare: packages:23c12b36b1caded641d899abe2794120ed5079a2
Branches Tags
packages:main

10 Commits
36b76a671b ... 23c12b36b1

Author SHA1 Message Date
openeuler-ci-bot
23c12b36b1
!58 [sync] PR-54: Fix heap-buffer overflow 
From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
 2024-12-18 02:12:57 +00:00
wk333
7982dd0075 Fix heap-buffer overflow 
(cherry picked from commit 2c10c1abf8ff2e88b1da04e050bb721487b73fa3)
 2024-12-18 09:13:03 +08:00
openeuler-ci-bot
f95adbae53
!47 Update to 5.2.2 for fix CVE-2020-23922 and CVE-2023-48161 
From: @starlet-dx 
Reviewed-by: @open-bot 
Signed-off-by: @open-bot
 2024-06-24 05:31:53 +00:00
starlet-dx
6dade95e20 Update to 5.2.2 for fix CVE-2020-23922 and CVE-2023-48161 2024-06-24 10:45:42 +08:00
openeuler-ci-bot
8a0d02e289
!39 Fix CVE-2021-40633 
From: @cn-lwj 
Reviewed-by: @dou33 
Signed-off-by: @dou33
 2024-05-15 15:34:22 +00:00
liwenjie
b3034393b8 Fix CVE-2021-40633 2024-05-14 18:10:33 +08:00
openeuler-ci-bot
88dcb4cbea
!26 Fix CVE-2023-39742 
From: @fundawang 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
 2023-09-16 01:33:01 +00:00
Funda Wang
08694f0665 Fix CVE-2023-39742 2023-09-15 23:41:18 +08:00
openeuler-ci-bot
eebe8de150
!24 [sync] PR-22: 修复自编译失败 
From: @openeuler-sync-bot 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
 2022-12-05 01:13:42 +00:00
caodongxia
b1d970d1fb fix rpmbuild error 
(cherry picked from commit cbfc25510856b264c833c87f5e3fe4699e65d351)
 2022-12-03 18:24:39 +08:00
9 changed files with 110 additions and 81 deletions
Show Stats Expand all files Collapse all files

13
CVE-2021-40633.patch Normal file
View File

@ -0,0 +1,13 @@
diff -urN giflib-5.2.2/gif2rgb.c giflib-5.2.2-bak/gif2rgb.c
--- giflib-5.2.2/gif2rgb.c 2024-05-14 16:06:40.098092160 +0800
+++ giflib-5.2.2-bak/gif2rgb.c 2024-05-14 15:53:42.426757251 +0800
@@ -525,6 +525,9 @@
DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
GifFile->SWidth, GifFile->SHeight);
+ for (i = 0; i < GifFile->SHeight; i++) {
+ (void)free(ScreenBuffer[i]);
+ }
(void)free(ScreenBuffer);
{

31
CVE-2022-28506.patch
View File

@ -1,31 +0,0 @@
From c80f2b9f12a9ed0df7a629c9da1c4a82e9e39923 Mon Sep 17 00:00:00 2001
From: duyiwei <duyiwei@kylinos.cn>
Date: Wed, 15 Jun 2022 14:46:24 +0800
Subject: [PATCH] CVE-2022-28506
Signed-off-by: duyiwei <duyiwei@kylinos.cn>
---
gif2rgb.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/gif2rgb.c b/gif2rgb.c
index ccbc0aa..87c413e 100644
--- a/gif2rgb.c
+++ b/gif2rgb.c
@@ -303,7 +303,12 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
GifRow = ScreenBuffer[i];
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
- ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+ /* Check if color is within color palete */
+ if (GifRow[j] >= ColorMap->ColorCount)
+ {
+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
+ }
+ ColorMapEntry = &ColorMap->Colors[GifRow[j]];
*BufferP++ = ColorMapEntry->Red;
*BufferP++ = ColorMapEntry->Green;
*BufferP++ = ColorMapEntry->Blue;
--
2.33.0

30
Fix-heap-buffer-overflow.patch Normal file
View File

@ -0,0 +1,30 @@
From d132ecb1402dde84ce9851bddaa6587a90014e07 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Tue, 17 Dec 2024 15:44:15 +0800
Subject: [PATCH 1/1] Fix heap-buffer overflow
Refer: https://sourceforge.net/u/mmuzila/giflib/ci/fix-cve-2022-28506/
---
gif2rgb.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gif2rgb.c b/gif2rgb.c
index 2b4bb23..0b2e05a 100644
--- a/gif2rgb.c
+++ b/gif2rgb.c
@@ -337,6 +337,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
GifRow = ScreenBuffer[i];
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
for (j = 0; j < ScreenWidth; j++) {
+ /* Check if color is within color palete */
+ if (GifRow[j] >= ColorMap->ColorCount) {
+ GIF_EXIT(GifErrorString(
+ D_GIF_ERR_IMAGE_DEFECT));
+ }
ColorMapEntry = &ColorMap->Colors[GifRow[j]];
Buffers[0][j] = ColorMapEntry->Red;
Buffers[1][j] = ColorMapEntry->Green;
--
2.33.0

BIN
giflib-5.2.1.tar.gz
View File

Binary file not shown.

BIN
giflib-5.2.2.tar.gz Normal file
View File

Binary file not shown.

31
giflib.spec
View File

@ -1,8 +1,8 @@
%define debug_package %{nil}
Name: giflib
Version: 5.2.1
Release: 5
Version: 5.2.2
Release: 2
Summary: A library and utilities for processing GIFs
License: MIT
URL: http://www.sourceforge.net/projects/giflib/
@ -14,9 +14,11 @@ Patch0:giflib_quantize.patch
Patch1:giflib_coverity.patch
# Generate HTML docs with consistent section IDs to avoid multilib difference
Patch2:giflib_html-docs-consistent-ids.patch
Patch3:CVE-2022-28506.patch
Patch3:CVE-2021-40633.patch
Patch4:Fix-heap-buffer-overflow.patch
BuildRequires: make xmlto gcc
BuildRequires: ImageMagick
provides: giflib-utils
%description
@ -43,7 +45,7 @@ format imange files.
%autosetup -n %{name}-%{version} -p1
%build
%make_build CFLAGS="$RPM_OPT_FLAGS -s"
%make_build CFLAGS="$RPM_OPT_FLAGS -s -fPIC"
%install
%make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}"
@ -68,12 +70,31 @@ rm -f %{buildroot}/debugsourcefiles.list
%files help
%defattr(-,root,root)
%{_mandir}/man1/gif*.1*
%{_mandir}/man1/gif*.*
%files utils
%{_bindir}/gif*
%changelog
* Tue Dec 17 2024 wangkai <13474090681@163.com> - 5.2.2-2
- Fix heap-buffer overflow
* Fri Jun 21 2024 yaoxin <yao_xin001@hoperun.com> - 5.2.2-1
- Update to 5.2.2
* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
* Address SF issue #151: A heap-buffer-overflow in gif2rgb.c:294:45
* Address SF issue #166: a read zero page leads segment fault in
getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
* Tue May 14 2024 liwenjie <liwenjie@kylinos.cn> - 5.2.1-8
- Fix CVE-2021-40633
* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-7
- Fix CVE-2023-39742
* Thu Aug 25 2022 caodongxia <caodongxia@h-partners.com> -5.2.1-6
- Fix rpmbuild error
* Wed Jun 15 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-5
- fix CVE-2022-28506

72
giflib_coverity.patch
View File

@ -1,43 +1,39 @@
diff -rupN --no-dereference giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c
--- giflib-5.2.1/gif2rgb.c 2019-06-24 09:24:27.000000000 +0200
+++ giflib-5.2.1-new/gif2rgb.c 2020-02-17 16:51:04.468397502 +0100
@@ -170,6 +170,8 @@ static void SaveGif(GifByteType *OutputB
/* Open stdout for the output file: */
if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) {
PrintGifError(Error);
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
}
diff -rupN --no-dereference giflib-5.2.2/gif2rgb.c giflib-5.2.2-new/gif2rgb.c
--- giflib-5.2.2/gif2rgb.c 2024-02-19 04:01:28.000000000 +0100
+++ giflib-5.2.2-new/gif2rgb.c 2024-02-19 09:39:38.750976758 +0100
@@ -165,6 +165,8 @@ static void SaveGif(GifByteType *OutputB
/* Open stdout for the output file: */
if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) {
PrintGifError(Error);
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
}
@@ -179,6 +181,8 @@ static void SaveGif(GifByteType *OutputB
EGifPutImageDesc(GifFile,
0, 0, Width, Height, false, NULL) == GIF_ERROR) {
PrintGifError(Error);
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
}
@@ -173,6 +175,8 @@ static void SaveGif(GifByteType *OutputB
EGifPutImageDesc(GifFile, 0, 0, Width, Height, false, NULL) ==
GIF_ERROR) {
PrintGifError(Error);
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
}
@@ -187,8 +191,11 @@ static void SaveGif(GifByteType *OutputB
GifFile->Image.Width, GifFile->Image.Height);
@@ -182,6 +186,8 @@ static void SaveGif(GifByteType *OutputB
for (i = 0; i < Height; i++) {
- if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR)
+ if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) {
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
+ }
GifQprintf("\b\b\b\b%-4d", Height - i - 1);
for (i = 0; i < Height; i++) {
if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) {
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
}
GifQprintf("\b\b\b\b%-4d", Height - i - 1);
@@ -191,6 +197,8 @@ static void SaveGif(GifByteType *OutputB
Ptr += Width;
@@ -196,6 +203,8 @@ static void SaveGif(GifByteType *OutputB
if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) {
PrintGifError(Error);
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
}
if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) {
PrintGifError(Error);
+ free(OutputBuffer);
+ GifFreeMapObject(OutputColorMap);
exit(EXIT_FAILURE);
}
}

8
giflib_html-docs-consistent-ids.patch
View File

@ -1,8 +1,8 @@
diff -rupN --no-dereference giflib-5.2.1/doc/Makefile giflib-5.2.1-new/doc/Makefile
--- giflib-5.2.1/doc/Makefile 2019-03-28 18:05:25.000000000 +0100
+++ giflib-5.2.1-new/doc/Makefile 2020-02-17 16:51:04.489397582 +0100
diff -rupN --no-dereference giflib-5.2.2/doc/Makefile giflib-5.2.2-new/doc/Makefile
--- giflib-5.2.2/doc/Makefile 2024-02-18 19:15:05.000000000 +0100
+++ giflib-5.2.2-new/doc/Makefile 2024-02-19 09:39:38.785968237 +0100
@@ -1,7 +1,7 @@
.SUFFIXES: .xml .html .txt .adoc .1
.SUFFIXES: .xml .html .txt .adoc .1 .7
.xml.html:
- xmlto xhtml-nochunks $<

6
giflib_quantize.patch
View File

@ -1,6 +1,6 @@
diff -rupN --no-dereference giflib-5.2.1/Makefile giflib-5.2.1-new/Makefile
--- giflib-5.2.1/Makefile 2019-06-24 18:08:57.000000000 +0200
+++ giflib-5.2.1-new/Makefile 2020-02-17 16:51:04.450397434 +0100
diff -rupN --no-dereference giflib-5.2.2/Makefile giflib-5.2.2-new/Makefile
--- giflib-5.2.2/Makefile 2024-02-19 02:01:50.000000000 +0100
+++ giflib-5.2.2-new/Makefile 2024-02-19 09:39:38.715985279 +0100
@@ -29,11 +29,11 @@ LIBPOINT=0
LIBVER=$(LIBMAJOR).$(LIBMINOR).$(LIBPOINT)