commit giflib for openSUSE:Factory
Hello community, here is the log from the commit of package giflib for openSUSE:Factory checked in at 2016-04-16 22:07:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/giflib (Old) and /work/SRC/openSUSE:Factory/.giflib.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "giflib" Changes: -------- --- /work/SRC/openSUSE:Factory/giflib/giflib.changes 2016-03-29 09:53:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.giflib.new/giflib.changes 2016-04-16 22:07:43.000000000 +0200 @@ -1,0 +2,16 @@ +Tue Apr 12 08:34:44 UTC 2016 - fstrba@suse.com + +- Update to version 5.1.4 + * Fix SF bug #94: giflib 5 loves to fail to load images... a LOT. + * Fix SF Bug #92: Fix buffer overread in gifbuild. + * Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path + * Fix SF Bug #89: Fix buffer overread in gifbuild. +- Removed patch: + * giflib-sf-88.patch + + Integrated upstream +- Added patch: + * giflib-CVE-2016-3977.patch + - Fix CVE-2016-3977: heap buffer overflow in gif2rgb + (bsc#974847) + +------------------------------------------------------------------- Old: ---- giflib-5.1.3.tar.bz2 giflib-sf-88.patch New: ---- giflib-5.1.4.tar.bz2 giflib-CVE-2016-3977.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ giflib.spec ++++++ --- /var/tmp/diff_new_pack.n9cqLo/_old 2016-04-16 22:07:44.000000000 +0200 +++ /var/tmp/diff_new_pack.n9cqLo/_new 2016-04-16 22:07:44.000000000 +0200 @@ -18,7 +18,7 @@ %define lname libgif7 Name: giflib -Version: 5.1.3 +Version: 5.1.4 Release: 0 Summary: A Library for Working with GIF Images License: MIT @@ -28,7 +28,7 @@ Source2: baselibs.conf Patch1: giflib-visibility.patch Patch2: giflib-automake-1_13.patch -Patch3: giflib-sf-88.patch +Patch3: giflib-CVE-2016-3977.patch BuildRequires: libtool >= 2 BuildRequires: xorg-x11-libICE-devel BuildRequires: xorg-x11-libSM-devel ++++++ giflib-5.1.3.tar.bz2 -> giflib-5.1.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/NEWS new/giflib-5.1.4/NEWS --- old/giflib-5.1.3/NEWS 2016-03-17 17:31:46.000000000 +0100 +++ new/giflib-5.1.4/NEWS 2016-04-02 17:35:30.000000000 +0200 @@ -1,5 +1,20 @@ GIFLIB NEWS + +Version 5.1.4 +============= + +Code Fixes +---------- + +* Fix SF bug #94: giflib 5 loves to fail to load images... a LOT. + +* Fix SF Bug #92: Fix buffer overread in gifbuild. + +* Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path + +* Fix SF Bug #89: Fix buffer overread in gifbuild. + Version 5.1.3 ============= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/configure new/giflib-5.1.4/configure --- old/giflib-5.1.3/configure 2016-03-17 17:31:57.000000000 +0100 +++ new/giflib-5.1.4/configure 2016-04-02 17:36:45.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for giflib 5.1.3. +# Generated by GNU Autoconf 2.69 for giflib 5.1.4. # # Report bugs to <esr@thyrsus.com>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='giflib' PACKAGE_TARNAME='giflib' -PACKAGE_VERSION='5.1.3' -PACKAGE_STRING='giflib 5.1.3' +PACKAGE_VERSION='5.1.4' +PACKAGE_STRING='giflib 5.1.4' PACKAGE_BUGREPORT='esr@thyrsus.com' PACKAGE_URL='' @@ -1314,7 +1314,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures giflib 5.1.3 to adapt to many kinds of systems. +\`configure' configures giflib 5.1.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1384,7 +1384,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of giflib 5.1.3:";; + short | recursive ) echo "Configuration of giflib 5.1.4:";; esac cat <<\_ACEOF @@ -1489,7 +1489,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -giflib configure 5.1.3 +giflib configure 5.1.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1858,7 +1858,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by giflib $as_me 5.1.3, which was +It was created by giflib $as_me 5.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2723,7 +2723,7 @@ # Define the identity of the package. PACKAGE='giflib' - VERSION='5.1.3' + VERSION='5.1.4' cat >>confdefs.h <<_ACEOF @@ -13218,7 +13218,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by giflib $as_me 5.1.3, which was +This file was extended by giflib $as_me 5.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13284,7 +13284,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -giflib config.status 5.1.3 +giflib config.status 5.1.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/configure.ac new/giflib-5.1.4/configure.ac --- old/giflib-5.1.3/configure.ac 2016-03-17 17:31:46.000000000 +0100 +++ new/giflib-5.1.4/configure.ac 2016-04-02 17:35:30.000000000 +0200 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(giflib, [5.1.3], [esr@thyrsus.com], giflib) +AC_INIT(giflib, [5.1.4], [esr@thyrsus.com], giflib) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([lib/dgif_lib.c]) AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/doc/gif2rgb.1 new/giflib-5.1.4/doc/gif2rgb.1 --- old/giflib-5.1.3/doc/gif2rgb.1 2016-03-17 17:29:39.000000000 +0100 +++ new/giflib-5.1.4/doc/gif2rgb.1 2016-04-02 17:34:45.000000000 +0200 @@ -66,7 +66,7 @@ .PP By default, convert a GIF input file to RGB triplets\&. If \-s is specified, convert RGB input to a GIF\&. .PP -If no input file is given, gif2rgb will try to read adata from stdin\&. +If no input file is given, gif2rgb will try to read data from stdin\&. .SH "AUTHOR" .PP Gershon Elber\&. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/doc/gif2rgb.xml new/giflib-5.1.4/doc/gif2rgb.xml --- old/giflib-5.1.3/doc/gif2rgb.xml 2014-05-16 12:46:53.000000000 +0200 +++ new/giflib-5.1.4/doc/gif2rgb.xml 2016-04-02 17:34:00.000000000 +0200 @@ -84,7 +84,7 @@ <para>By default, convert a GIF input file to RGB triplets. If -s is specified, convert RGB input to a GIF.</para> -<para>If no input file is given, gif2rgb will try to read adata +<para>If no input file is given, gif2rgb will try to read data from stdin.</para> </refsect1> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/lib/dgif_lib.c new/giflib-5.1.4/lib/dgif_lib.c --- old/giflib-5.1.3/lib/dgif_lib.c 2016-03-17 17:27:57.000000000 +0100 +++ new/giflib-5.1.4/lib/dgif_lib.c 2016-04-02 17:34:00.000000000 +0200 @@ -89,7 +89,7 @@ GifFile->SavedImages = NULL; GifFile->SColorMap = NULL; - Private = (GifFilePrivateType *)malloc(sizeof(GifFilePrivateType)); + Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType)); if (Private == NULL) { if (Error != NULL) *Error = D_GIF_ERR_NOT_ENOUGH_MEM; @@ -175,7 +175,7 @@ GifFile->SavedImages = NULL; GifFile->SColorMap = NULL; - Private = (GifFilePrivateType *)malloc(sizeof(GifFilePrivateType)); + Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType)); if (!Private) { if (Error != NULL) *Error = D_GIF_ERR_NOT_ENOUGH_MEM; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/lib/gif_lib.h new/giflib-5.1.4/lib/gif_lib.h --- old/giflib-5.1.3/lib/gif_lib.h 2016-03-17 17:31:46.000000000 +0100 +++ new/giflib-5.1.4/lib/gif_lib.h 2016-04-02 17:35:30.000000000 +0200 @@ -13,7 +13,7 @@ #define GIFLIB_MAJOR 5 #define GIFLIB_MINOR 1 -#define GIFLIB_RELEASE 3 +#define GIFLIB_RELEASE 4 #define GIF_ERROR 0 #define GIF_OK 1 Files old/giflib-5.1.3/tests/FOO and new/giflib-5.1.4/tests/FOO differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.3/util/gifbuild.c new/giflib-5.1.4/util/gifbuild.c --- old/giflib-5.1.3/util/gifbuild.c 2014-05-16 12:46:53.000000000 +0200 +++ new/giflib-5.1.4/util/gifbuild.c 2016-04-02 17:34:10.000000000 +0200 @@ -692,6 +692,7 @@ putchar('\n'); while (!last && ep[1].Function == CONTINUE_EXT_FUNC_CODE) { ++ep; + last = (ep - ExtensionBlocks == (ExtensionBlockCount - 1)); VisibleDumpBuffer(ep->Bytes, ep->ByteCount); putchar('\n'); } @@ -703,6 +704,7 @@ putchar('\n'); while (!last && ep[1].Function == CONTINUE_EXT_FUNC_CODE) { ++ep; + last = (ep - ExtensionBlocks == (ExtensionBlockCount - 1)); VisibleDumpBuffer(ep->Bytes, ep->ByteCount); putchar('\n'); } @@ -723,7 +725,10 @@ printf("\ttransparent index %d\n", gcb.TransparentColor); printf("end\n\n"); } - else if (ep->Function == APPLICATION_EXT_FUNC_CODE + else if (!last + && ep->Function == APPLICATION_EXT_FUNC_CODE + && ep->ByteCount >= 11 + && (ep+1)->ByteCount >= 3 && memcmp(ep->Bytes, "NETSCAPE2.0", 11) == 0) { unsigned char *params = (++ep)->Bytes; unsigned int loopcount = params[1] | (params[2] << 8); @@ -734,6 +739,7 @@ VisibleDumpBuffer(ep->Bytes, ep->ByteCount); while (!last && ep[1].Function == CONTINUE_EXT_FUNC_CODE) { ++ep; + last = (ep - ExtensionBlocks == (ExtensionBlockCount - 1)); VisibleDumpBuffer(ep->Bytes, ep->ByteCount); putchar('\n'); } ++++++ giflib-CVE-2016-3977.patch ++++++ --- giflib-5.1.4/util/gif2rgb.c 2016-03-17 17:24:17.000000000 +0100 +++ giflib-5.1.4/util/gif2rgb.c 2016-04-12 10:37:35.672174495 +0200 @@ -471,6 +471,12 @@ exit(EXIT_FAILURE); } + /* check that the background color isn't garbage (SF bug #87) */ + if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) { + fprintf(stderr, "Background color out of range for colormap\n"); + exit(EXIT_FAILURE); + } + DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
participants (1)
-
root@hilbert.suse.de