Hello community,
here is the log from the commit of package giflib for openSUSE:Factory checked in at 2016-01-23 01:14:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/giflib (Old)
and /work/SRC/openSUSE:Factory/.giflib.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "giflib"
Changes:
--------
--- /work/SRC/openSUSE:Factory/giflib/giflib.changes 2015-01-26 16:46:38.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.giflib.new/giflib.changes 2016-01-23 01:14:24.000000000 +0100
@@ -1,0 +2,34 @@
+Tue Jan 19 12:59:02 UTC 2016 - fstrba@suse.com
+
+- Update to version 5.1.2 (fixes CVE-2015-7555, bsc#960319)
+ * Code Fixes
+ + Code hardening using reallocarray() from OpenBSD.
+ + Sanity check in giffilter catches files with malformed
+ extension records. Fixes SourceForge bug #63: malformed gif
+ causes segfault in giffilter.
+ + Inexpensive sanity check in DGifSlurp() catches malformed files
+ with no image descriptor. Fixes SourceForge bug #64: malformed
+ gif causes crash in giftool.
+ + Fix SourceForge bug #66: GifDrawBoxedText8x8() modifying
+ constant input parameter.
+ + Bail out of GIF read on invalid pixel width. Addresses Savannah
+ bug #67: invalid shift in dgif_lib.c
+ + Fix SourceForge bug #69: #69 Malformed: Gif file with no
+ extension block after a GRAPHICS_EXT_FUNC_CODE extension causes
+ segfault (in giftext).
+ + Fix SourceForge bug #71: Buffer overwrite when giffixing a
+ malformed gif.
+ + Fix SourceForge bug #73: Null pointer deference in gifclrmap
+ (only reachable with malformed GIF).
+ + Fix SourceForge bug #74: Double free in gifsponge under 5.1,1,
+ for any valid gif image.
+ + Fix SourceForge bug #75: GAGetArgs overflows due to uncounted
+ use of va_arg.
+ + Sanity check in giffix catches some malformed files. Addresses
+ SourceForge bug #77: dgif_lib.c: extension processing error
+- Modified patches:
+ * giflib-automake-1_13.patch
+ * giflib-visibility.patch
+ + rediff to changed context
+
+-------------------------------------------------------------------
Old:
----
giflib-5.1.1.tar.bz2
New:
----
giflib-5.1.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ giflib.spec ++++++
--- /var/tmp/diff_new_pack.miJoBp/_old 2016-01-23 01:14:25.000000000 +0100
+++ /var/tmp/diff_new_pack.miJoBp/_new 2016-01-23 01:14:25.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package giflib
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define lname libgif7
Name: giflib
-Version: 5.1.1
+Version: 5.1.2
Release: 0
Summary: A Library for Working with GIF Images
License: MIT
++++++ giflib-5.1.1.tar.bz2 -> giflib-5.1.2.tar.bz2 ++++++
++++ 3275 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/NEWS new/giflib-5.1.2/NEWS
--- old/giflib-5.1.1/NEWS 2015-01-06 22:52:52.000000000 +0100
+++ new/giflib-5.1.2/NEWS 2016-01-07 13:53:05.000000000 +0100
@@ -1,8 +1,43 @@
GIFLIB NEWS
-Short summary of recent news:
- Two fixes to prevent library misbehavior in rare failure conditions.
- Minor fixes to gifsponge and getarg.c, affacting utilities only.
+Version 5.1.2
+=============
+
+Code Fixes
+----------
+
+* Code hardening using reallocarray() from OpenBSD.
+
+* Sanity check in giffilter catches files with malformed extension records
+ Fixes SourceForge bug #63: malformed gif causes segfault in giffilter.
+
+* Inexpensive sanity check in DGifSlurp() catches malformed files with
+ no image descriptor. Fixes SourceForge bug #64: malformed gif causes
+ crash in giftool.
+
+* Fix SourceForge bug #66: GifDrawBoxedText8x8() modifying constant input
+ parameter.
+
+* Bail out of GIF read on invalid pixel width. Addresses Savannah bug
+ #67: invalid shift in dgif_lib.c
+
+* Fix SourceForge bug #69: #69 Malformed: Gif file with no extension
+ block after a GRAPHICS_EXT_FUNC_CODE extension causes segfault (in
+ giftext).
+
+* Fix SourceForge bug #71: Buffer overwrite when giffixing a malformed gif.
+
+* Fix SourceForge bug #73: Null pointer deference in gifclrmap (only
+ reachable with malformed GIF).
+
+* Fix SourceForge bug #74: Double free in gifsponge under 5.1,1,
+ for any valid gif image.
+
+* Fix SourceForge bug #75: GAGetArgs overflows due to uncounted use of va_arg.
+
+* Sanity check in giffix catches some malformed files. Addresses
+ SourceForge bug #77: dgif_lib.c: extension processing error
+
Version 5.1.1
=============
@@ -13,7 +48,7 @@
* Numerous minor fixes in getarg.c. Affects only the utilities, not the
core library.
-* Fix SourceForge bug #59 DGifOpen can segfault if DGifGetScreenDesc fails.
+* Fix SourceForge bug #59: DGifOpen can segfault if DGifGetScreenDesc fails.
* SourceForge patch #20: In gifalloc, fix usage of realloc() in case of failure.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/ar-lib new/giflib-5.1.2/ar-lib
--- old/giflib-5.1.1/ar-lib 1970-01-01 01:00:00.000000000 +0100
+++ new/giflib-5.1.2/ar-lib 2015-07-12 23:04:43.000000000 +0200
@@ -0,0 +1,270 @@
+#! /bin/sh
+# Wrapper for Microsoft lib.exe
+
+me=ar-lib
+scriptversion=2012-03-01.08; # UTC
+
+# Copyright (C) 2010-2014 Free Software Foundation, Inc.
+# Written by Peter Rosin .
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to or send patches to
+# .
+
+
+# func_error message
+func_error ()
+{
+ echo "$me: $1" 1>&2
+ exit 1
+}
+
+file_conv=
+
+# func_file_conv build_file
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv in
+ mingw)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_at_file at_file operation archive
+# Iterate over all members in AT_FILE performing OPERATION on ARCHIVE
+# for each of them.
+# When interpreting the content of the @FILE, do NOT use func_file_conv,
+# since the user would need to supply preconverted file names to
+# binutils ar, at least for MinGW.
+func_at_file ()
+{
+ operation=$2
+ archive=$3
+ at_file_contents=`cat "$1"`
+ eval set x "$at_file_contents"
+ shift
+
+ for member
+ do
+ $AR -NOLOGO $operation:"$member" "$archive" || exit $?
+ done
+}
+
+case $1 in
+ '')
+ func_error "no command. Try '$0 --help' for more information."
+ ;;
+ -h | --h*)
+ cat <.
#
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/configure.ac new/giflib-5.1.2/configure.ac
--- old/giflib-5.1.1/configure.ac 2015-01-06 22:53:44.000000000 +0100
+++ new/giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100
@@ -1,5 +1,5 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(giflib, [5.1.1], [esr@thyrsus.com], giflib)
+AC_INIT(giflib, [5.1.2], [esr@thyrsus.com], giflib)
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_SRCDIR([lib/dgif_lib.c])
AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall])
@@ -11,6 +11,7 @@
AM_CONFIG_HEADER(config.h)
dnl Checks for programs.
+AM_PROG_AR
AC_PROG_LIBTOOL
AC_PROG_CC
AC_PROG_CPP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/control new/giflib-5.1.2/control
--- old/giflib-5.1.1/control 2014-12-09 16:15:06.000000000 +0100
+++ new/giflib-5.1.2/control 2015-04-04 18:51:55.000000000 +0200
@@ -16,4 +16,4 @@
XBS-VC-Tag-Template: %(version)s
-#XBS-Freecode-Tags: GIF, graphics
+#XBS-Project-Tags: GIF, graphics
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/history.asc new/giflib-5.1.2/history.asc
--- old/giflib-5.1.1/history.asc 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/history.asc 2015-05-28 06:33:34.000000000 +0200
@@ -21,9 +21,9 @@
(also the tools icon2gif, gifovly, and gifcompose; the last was
removed in 5.0).
-ESR's Unix port was incorporated into the NCSA/Netscape browser in
-1994, which is how GIF became (with JPEG) one of the two most popular
-image formats on the early Web.
+ESR's Unix port was incorporated into the NCSA Mosaic browser in 1994,
+which is how GIF became (with JPEG) one of the two most popular image
+formats on the early Web.
Beginning around 1993, patent claims by Unisys over the LZW
compression method used in GIF theatened adverse legal consequences
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/lib/Makefile.am new/giflib-5.1.2/lib/Makefile.am
--- old/giflib-5.1.1/lib/Makefile.am 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/lib/Makefile.am 2015-05-28 07:04:08.000000000 +0200
@@ -12,6 +12,7 @@
gif_hash.c \
gif_hash.h \
gifalloc.c \
+ openbsd-reallocarray.c \
gif_err.c \
gif_lib_private.h \
quantize.c
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/lib/dgif_lib.c new/giflib-5.1.2/lib/dgif_lib.c
--- old/giflib-5.1.1/lib/dgif_lib.c 2015-01-04 10:59:46.000000000 +0100
+++ new/giflib-5.1.2/lib/dgif_lib.c 2016-01-07 11:44:44.000000000 +0100
@@ -392,8 +392,8 @@
if (GifFile->SavedImages) {
SavedImage* new_saved_images =
- (SavedImage *)realloc(GifFile->SavedImages,
- sizeof(SavedImage) * (GifFile->ImageCount + 1));
+ (SavedImage *)reallocarray(GifFile->SavedImages,
+ (GifFile->ImageCount + 1), sizeof(SavedImage));
if (new_saved_images == NULL) {
GifFile->Error = D_GIF_ERR_NOT_ENOUGH_MEM;
return GIF_ERROR;
@@ -763,6 +763,12 @@
}
BitsPerPixel = CodeSize;
+ /* this can only happen on a severely malformed GIF */
+ if (BitsPerPixel > 8 || Private->RunningBits > 32) {
+ GifFile->Error = D_GIF_ERR_READ_FAILED; /* somewhat bogus error code */
+ return GIF_ERROR; /* Failed to read Code size. */
+ }
+
Private->Buf[0] = 0; /* Input Buffer empty. */
Private->BitsPerPixel = BitsPerPixel;
Private->ClearCode = (1 << BitsPerPixel);
@@ -1098,7 +1104,7 @@
if (ImageSize > (SIZE_MAX / sizeof(GifPixelType))) {
return GIF_ERROR;
}
- sp->RasterBits = (unsigned char *)malloc(ImageSize *
+ sp->RasterBits = (unsigned char *)reallocarray(NULL, ImageSize,
sizeof(GifPixelType));
if (sp->RasterBits == NULL) {
@@ -1170,6 +1176,12 @@
}
} while (RecordType != TERMINATE_RECORD_TYPE);
+ /* Sanity check for corrupted file */
+ if (GifFile->ImageCount == 0) {
+ GifFile->Error = D_GIF_ERR_NO_IMAG_DSCR;
+ return(GIF_ERROR);
+ }
+
return (GIF_OK);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/lib/gif_font.c new/giflib-5.1.2/lib/gif_font.c
--- old/giflib-5.1.1/lib/gif_font.c 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/lib/gif_font.c 2016-01-05 23:44:33.000000000 +0100
@@ -5,6 +5,7 @@
****************************************************************************/
#include
+#include
#include "gif_lib.h"
@@ -209,8 +210,9 @@
const int border,
const int bg, const int fg)
{
- int i, j = 0, LineCount = 0, TextWidth = 0;
+ int j = 0, LineCount = 0, TextWidth = 0;
const char *cp;
+ char *dup;
/* compute size of text to box */
for (cp = legend; *cp; cp++)
@@ -225,28 +227,33 @@
if (j > TextWidth) /* last line might be longer than any previous */
TextWidth = j;
- /* fill the box */
- GifDrawRectangle(Image, x + 1, y + 1,
- border + TextWidth * GIF_FONT_WIDTH + border - 1,
- border + LineCount * GIF_FONT_HEIGHT + border - 1, bg);
-
/* draw the text */
- i = 0;
- cp = strtok((char *)legend, "\r\n");
- do {
- int leadspace = 0;
-
- if (cp[0] == '\t')
- leadspace = (TextWidth - strlen(++cp)) / 2;
-
- GifDrawText8x8(Image, x + border + (leadspace * GIF_FONT_WIDTH),
- y + border + (GIF_FONT_HEIGHT * i++), cp, fg);
- cp = strtok((char *)NULL, "\r\n");
- } while (cp);
-
- /* outline the box */
- GifDrawBox(Image, x, y, border + TextWidth * GIF_FONT_WIDTH + border,
- border + LineCount * GIF_FONT_HEIGHT + border, fg);
+ dup = malloc(strlen(legend)+1);
+ /* FIXME: should return bad status, but that would require API change */
+ if (dup != NULL) {
+ int i = 0;
+ /* fill the box */
+ GifDrawRectangle(Image, x + 1, y + 1,
+ border + TextWidth * GIF_FONT_WIDTH + border - 1,
+ border + LineCount * GIF_FONT_HEIGHT + border - 1, bg);
+ (void)strcpy(dup, (char *)legend);
+ cp = strtok((char *)dup, "\r\n");
+ do {
+ int leadspace = 0;
+
+ if (cp[0] == '\t')
+ leadspace = (TextWidth - strlen(++cp)) / 2;
+
+ GifDrawText8x8(Image, x + border + (leadspace * GIF_FONT_WIDTH),
+ y + border + (GIF_FONT_HEIGHT * i++), cp, fg);
+ cp = strtok((char *)NULL, "\r\n");
+ } while (cp);
+ (void)free((void *)dup);
+
+ /* outline the box */
+ GifDrawBox(Image, x, y, border + TextWidth * GIF_FONT_WIDTH + border,
+ border + LineCount * GIF_FONT_HEIGHT + border, fg);
+ }
}
/* end */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/lib/gif_lib.h new/giflib-5.1.2/lib/gif_lib.h
--- old/giflib-5.1.1/lib/gif_lib.h 2015-01-06 22:54:09.000000000 +0100
+++ new/giflib-5.1.2/lib/gif_lib.h 2016-01-07 13:51:53.000000000 +0100
@@ -13,7 +13,7 @@
#define GIFLIB_MAJOR 5
#define GIFLIB_MINOR 1
-#define GIFLIB_RELEASE 1
+#define GIFLIB_RELEASE 2
#define GIF_ERROR 0
#define GIF_OK 1
@@ -244,6 +244,9 @@
GifPixelType ColorTransIn2[]);
extern int GifBitSize(int n);
+extern void *
+reallocarray(void *optr, size_t nmemb, size_t size);
+
/******************************************************************************
Support for the in-core structures allocation (slurp mode).
******************************************************************************/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/lib/gifalloc.c new/giflib-5.1.2/lib/gifalloc.c
--- old/giflib-5.1.1/lib/gifalloc.c 2015-01-04 10:59:46.000000000 +0100
+++ new/giflib-5.1.2/lib/gifalloc.c 2015-07-13 06:05:46.000000000 +0200
@@ -188,8 +188,8 @@
/* perhaps we can shrink the map? */
if (RoundUpTo < ColorUnion->ColorCount) {
- GifColorType *new_map = (GifColorType *)realloc(Map,
- sizeof(GifColorType) * RoundUpTo);
+ GifColorType *new_map = (GifColorType *)reallocarray(Map,
+ RoundUpTo, sizeof(GifColorType));
if( new_map == NULL ) {
GifFreeMapObject(ColorUnion);
return ((ColorMapObject *) NULL);
@@ -232,9 +232,9 @@
if (*ExtensionBlocks == NULL)
*ExtensionBlocks=(ExtensionBlock *)malloc(sizeof(ExtensionBlock));
else {
- ExtensionBlock* ep_new = (ExtensionBlock *)realloc(*ExtensionBlocks,
- sizeof(ExtensionBlock) *
- (*ExtensionBlockCount + 1));
+ ExtensionBlock* ep_new = (ExtensionBlock *)reallocarray
+ (*ExtensionBlocks, (*ExtensionBlockCount + 1),
+ sizeof(ExtensionBlock));
if( ep_new == NULL )
return (GIF_ERROR);
*ExtensionBlocks = ep_new;
@@ -325,8 +325,8 @@
if (GifFile->SavedImages == NULL)
GifFile->SavedImages = (SavedImage *)malloc(sizeof(SavedImage));
else
- GifFile->SavedImages = (SavedImage *)realloc(GifFile->SavedImages,
- sizeof(SavedImage) * (GifFile->ImageCount + 1));
+ GifFile->SavedImages = (SavedImage *)reallocarray(GifFile->SavedImages,
+ (GifFile->ImageCount + 1), sizeof(SavedImage));
if (GifFile->SavedImages == NULL)
return ((SavedImage *)NULL);
@@ -355,9 +355,10 @@
}
/* next, the raster */
- sp->RasterBits = (unsigned char *)malloc(sizeof(GifPixelType) *
- CopyFrom->ImageDesc.Height *
- CopyFrom->ImageDesc.Width);
+ sp->RasterBits = (unsigned char *)reallocarray(NULL,
+ (CopyFrom->ImageDesc.Height *
+ CopyFrom->ImageDesc.Width),
+ sizeof(GifPixelType));
if (sp->RasterBits == NULL) {
FreeLastSavedImage(GifFile);
return (SavedImage *)(NULL);
@@ -368,9 +369,9 @@
/* finally, the extension blocks */
if (sp->ExtensionBlocks != NULL) {
- sp->ExtensionBlocks = (ExtensionBlock *)malloc(
- sizeof(ExtensionBlock) *
- CopyFrom->ExtensionBlockCount);
+ sp->ExtensionBlocks = (ExtensionBlock *)reallocarray(NULL,
+ CopyFrom->ExtensionBlockCount,
+ sizeof(ExtensionBlock));
if (sp->ExtensionBlocks == NULL) {
FreeLastSavedImage(GifFile);
return (SavedImage *)(NULL);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/lib/openbsd-reallocarray.c new/giflib-5.1.2/lib/openbsd-reallocarray.c
--- old/giflib-5.1.1/lib/openbsd-reallocarray.c 1970-01-01 01:00:00.000000000 +0100
+++ new/giflib-5.1.2/lib/openbsd-reallocarray.c 2015-05-28 06:56:37.000000000 +0200
@@ -0,0 +1,38 @@
+/* $OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $ */
+/*
+ * Copyright (c) 2008 Otto Moerbeek
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+#include
+#include
+
+/*
+ * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
+ * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
+ */
+#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
+
+void *
+reallocarray(void *optr, size_t nmemb, size_t size)
+{
+ if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+ nmemb > 0 && SIZE_MAX / nmemb < size) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ return realloc(optr, size * nmemb);
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/missing new/giflib-5.1.2/missing
--- old/giflib-5.1.1/missing 2014-01-02 20:14:59.000000000 +0100
+++ new/giflib-5.1.2/missing 2015-07-12 23:04:43.000000000 +0200
@@ -3,7 +3,7 @@
scriptversion=2013-10-28.13; # UTC
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard , 1996.
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/test-driver new/giflib-5.1.2/test-driver
--- old/giflib-5.1.1/test-driver 2014-01-02 20:14:59.000000000 +0100
+++ new/giflib-5.1.2/test-driver 2015-07-12 23:04:43.000000000 +0200
@@ -3,7 +3,7 @@
scriptversion=2013-07-13.22; # UTC
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+# Copyright (C) 2011-2014 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -106,11 +106,14 @@
# Test script is run here.
"$@" >$log_file 2>&1
estatus=$?
+
if test $enable_hard_errors = no && test $estatus -eq 99; then
- estatus=1
+ tweaked_estatus=1
+else
+ tweaked_estatus=$estatus
fi
-case $estatus:$expect_failure in
+case $tweaked_estatus:$expect_failure in
0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
0:*) col=$grn res=PASS recheck=no gcopy=no;;
77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
@@ -119,6 +122,12 @@
*:*) col=$red res=FAIL recheck=yes gcopy=yes;;
esac
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>$log_file
+
# Report outcome to console.
echo "${col}${res}${std}: $test_name"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/util/getarg.c new/giflib-5.1.2/util/getarg.c
--- old/giflib-5.1.1/util/getarg.c 2014-10-30 02:22:53.000000000 +0100
+++ new/giflib-5.1.2/util/getarg.c 2016-01-07 13:44:03.000000000 +0100
@@ -172,8 +172,9 @@
va_list ap;
strncpy(CtrlStrCopy, CtrlStr, sizeof(CtrlStrCopy)-1);
+ GASetParamCount(CtrlStr, strlen(CtrlStr), &ParamCount);
va_start(ap, CtrlStr);
- for (i = 1; i <= MAX_PARAM; i++)
+ for (i = 1; i <= ParamCount; i++)
Parameters[i - 1] = va_arg(ap, void *);
va_end(ap);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/util/gifclrmp.c new/giflib-5.1.2/util/gifclrmp.c
--- old/giflib-5.1.1/util/gifclrmp.c 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/util/gifclrmp.c 2016-01-06 06:41:27.000000000 +0100
@@ -127,6 +127,8 @@
if (!ImageNFlag) {
/* We are supposed to modify the screen color map, so do it: */
+ if (!GifFileIn->SColorMap)
+ GIF_EXIT("No colormap to modify");
GifFileIn->SColorMap = ModifyColorMap(GifFileIn->SColorMap);
if (!HasGIFOutput) {
/* We can quit here, as we have the color map: */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/util/giffilter.c new/giflib-5.1.2/util/giffilter.c
--- old/giflib-5.1.1/util/giffilter.c 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/util/giffilter.c 2015-01-31 18:06:43.000000000 +0100
@@ -107,7 +107,7 @@
break;
case EXTENSION_RECORD_TYPE:
/* pass through extension records */
- if (DGifGetExtension(GifFileIn, &ExtCode, &Extension) == GIF_ERROR)
+ if (DGifGetExtension(GifFileIn, &ExtCode, &Extension) == GIF_ERROR || Extension == NULL)
QuitGifError(GifFileIn, GifFileOut);
if (EGifPutExtensionLeader(GifFileOut, ExtCode) == GIF_ERROR)
QuitGifError(GifFileIn, GifFileOut);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/util/giffix.c new/giflib-5.1.2/util/giffix.c
--- old/giflib-5.1.1/util/giffix.c 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/util/giffix.c 2016-01-07 12:08:12.000000000 +0100
@@ -112,6 +112,8 @@
Height = GifFileIn->Image.Height;
GifQprintf("\n%s: Image %d at (%d, %d) [%dx%d]: ",
PROGRAM_NAME, ++ImageNum, Col, Row, Width, Height);
+ if (Width > GifFileIn->SWidth)
+ GIF_EXIT("Image is wider than total");
/* Put the image descriptor to out file: */
if (EGifPutImageDesc(GifFileOut, Col, Row, Width, Height,
@@ -158,10 +160,11 @@
QuitGifError(GifFileIn, GifFileOut);
if (EGifPutExtensionLeader(GifFileOut, ExtCode) == GIF_ERROR)
QuitGifError(GifFileIn, GifFileOut);
- if (EGifPutExtensionBlock(GifFileOut,
+ if (Extension != NULL)
+ if (EGifPutExtensionBlock(GifFileOut,
Extension[0],
Extension + 1) == GIF_ERROR)
- QuitGifError(GifFileIn, GifFileOut);
+ QuitGifError(GifFileIn, GifFileOut);
while (Extension != NULL) {
if (DGifGetExtensionNext(GifFileIn, &Extension)==GIF_ERROR)
QuitGifError(GifFileIn, GifFileOut);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/util/gifinto.c new/giflib-5.1.2/util/gifinto.c
--- old/giflib-5.1.1/util/gifinto.c 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/util/gifinto.c 2016-01-06 00:07:24.000000000 +0100
@@ -70,6 +70,7 @@
******************************************************************************/
int main(int argc, char **argv)
{
+ int FD;
int NumFiles;
bool Error, MinSizeFlag = false, HelpFlag = false;
char **FileName = NULL, FoutTmpName[STRLEN], FullPath[STRLEN], *p;
@@ -126,7 +127,6 @@
/* then add a name for the tempfile */
if ( (strlen(FoutTmpName) + strlen(DEFAULT_TMP_NAME)) > STRLEN-1 ) GIF_EXIT("Filename too long.");
strcat(FoutTmpName, DEFAULT_TMP_NAME);
- int FD;
#ifdef _WIN32
char *tmpFN = _mktemp(FoutTmpName);
if (tmpFN)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/util/gifsponge.c new/giflib-5.1.2/util/gifsponge.c
--- old/giflib-5.1.1/util/gifsponge.c 2014-12-22 22:30:05.000000000 +0100
+++ new/giflib-5.1.2/util/gifsponge.c 2016-01-06 06:59:50.000000000 +0100
@@ -54,9 +54,13 @@
GifFileOut->SHeight = GifFileIn->SHeight;
GifFileOut->SColorResolution = GifFileIn->SColorResolution;
GifFileOut->SBackGroundColor = GifFileIn->SBackGroundColor;
- GifFileOut->SColorMap = GifMakeMapObject(
- GifFileIn->SColorMap->ColorCount,
- GifFileIn->SColorMap->Colors);
+ if (GifFileIn->SColorMap) {
+ GifFileOut->SColorMap = GifMakeMapObject(
+ GifFileIn->SColorMap->ColorCount,
+ GifFileIn->SColorMap->Colors);
+ } else {
+ GifFileOut->SColorMap = NULL;
+ }
for (i = 0; i < GifFileIn->ImageCount; i++)
(void) GifMakeSavedImage(GifFileOut, &GifFileIn->SavedImages[i]);
@@ -74,8 +78,6 @@
if (DGifCloseFile(GifFileIn, &ErrorCode) == GIF_ERROR)
PrintGifError(ErrorCode);
- if (EGifCloseFile(GifFileOut, &ErrorCode) == GIF_ERROR)
- PrintGifError(ErrorCode);
return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/giflib-5.1.1/util/giftext.c new/giflib-5.1.2/util/giftext.c
--- old/giflib-5.1.1/util/giftext.c 2014-05-16 12:46:53.000000000 +0200
+++ new/giflib-5.1.2/util/giftext.c 2016-01-07 13:34:42.000000000 +0100
@@ -259,6 +259,12 @@
if (ExtCode == GRAPHICS_EXT_FUNC_CODE) {
GraphicsControlBlock gcb;
+ if (Extension == NULL) {
+ printf("Invalid extension block\n");
+ GifFile->Error = D_GIF_ERR_IMAGE_DEFECT;
+ PrintGifError(GifFile->Error);
+ exit(EXIT_FAILURE);
+ }
if (DGifExtensionToGCB(Extension[0], Extension+1, &gcb) == GIF_ERROR) {
PrintGifError(GifFile->Error);
exit(EXIT_FAILURE);
++++++ giflib-automake-1_13.patch ++++++
--- /var/tmp/diff_new_pack.miJoBp/_old 2016-01-23 01:14:25.000000000 +0100
+++ /var/tmp/diff_new_pack.miJoBp/_new 2016-01-23 01:14:25.000000000 +0100
@@ -1,10 +1,6 @@
-Index: b/configure.ac
-===================================================================
---- a/configure.ac
-+++ b/configure.ac
-@@ -5,11 +5,11 @@ AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall])
- dnl Make builds less verbose. Shuts off Makefile portability checks.
- m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+--- giflib-5.1.2/configure.ac 2016-01-19 13:55:58.238147631 +0100
++++ giflib-5.1.2/configure.ac 2016-01-19 13:56:31.165397666 +0100
+@@ -8,7 +8,7 @@
dnl Note: config.h is not used in the current build
dnl We leave this in place only to suppress an error message at autogen time
@@ -13,5 +9,3 @@
AC_CONFIG_MACRO_DIR([m4])
dnl Checks for programs.
- AC_PROG_CC_STDC
- AC_USE_SYSTEM_EXTENSIONS
++++++ giflib-visibility.patch ++++++
--- /var/tmp/diff_new_pack.miJoBp/_old 2016-01-23 01:14:25.000000000 +0100
+++ /var/tmp/diff_new_pack.miJoBp/_new 2016-01-23 01:14:25.000000000 +0100
@@ -1,20 +1,13 @@
----
- configure.ac | 7 +++++--
- lib/gif_hash.h | 4 ++++
- lib/gif_lib_private.h | 3 +++
- 3 files changed, 12 insertions(+), 2 deletions(-)
-
-Index: giflib-5.0.4/configure.ac
-===================================================================
---- giflib-5.0.4.orig/configure.ac
-+++ giflib-5.0.4/configure.ac
-@@ -8,11 +8,14 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_R
+--- giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100
++++ giflib-5.1.2/configure.ac 2016-01-19 13:54:45.119812921 +0100
+@@ -9,12 +9,15 @@
dnl Note: config.h is not used in the current build
dnl We leave this in place only to suppress an error message at autogen time
AM_CONFIG_HEADER(config.h)
+AC_CONFIG_MACRO_DIR([m4])
dnl Checks for programs.
+ AM_PROG_AR
-AC_PROG_LIBTOOL
-AC_PROG_CC
+AC_PROG_CC_STDC
@@ -25,11 +18,9 @@
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
-Index: giflib-5.0.4/lib/gif_hash.h
-===================================================================
---- giflib-5.0.4.orig/lib/gif_hash.h
-+++ giflib-5.0.4/lib/gif_hash.h
-@@ -25,6 +25,8 @@ gif_hash.h - magfic constants and declar
+--- giflib-5.1.2/lib/gif_hash.h 2014-05-16 12:46:53.000000000 +0200
++++ giflib-5.1.2/lib/gif_hash.h 2016-01-19 13:54:45.119812921 +0100
+@@ -25,6 +25,8 @@
#define HT_PUT_KEY(l) (l << 12)
#define HT_PUT_CODE(l) (l & 0x0FFF)
@@ -38,7 +29,7 @@
typedef struct GifHashTableType {
uint32_t HTable[HT_SIZE];
} GifHashTableType;
-@@ -34,6 +36,8 @@ void _ClearHashTable(GifHashTableType *H
+@@ -34,6 +36,8 @@
void _InsertHashTable(GifHashTableType *HashTable, uint32_t Key, int Code);
int _ExistsHashTable(GifHashTableType *HashTable, uint32_t Key);
@@ -47,11 +38,9 @@
#endif /* _GIF_HASH_H_ */
/* end */
-Index: giflib-5.0.4/lib/gif_lib_private.h
-===================================================================
---- giflib-5.0.4.orig/lib/gif_lib_private.h
-+++ giflib-5.0.4/lib/gif_lib_private.h
-@@ -29,6 +29,8 @@ gif_lib_private.h - internal giflib rout
+--- giflib-5.1.2/lib/gif_lib_private.h 2014-05-16 12:46:53.000000000 +0200
++++ giflib-5.1.2/lib/gif_lib_private.h 2016-01-19 13:54:45.119812921 +0100
+@@ -29,6 +29,8 @@
#define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ)
#define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE)
@@ -60,7 +49,7 @@
typedef struct GifFilePrivateType {
GifWord FileState, FileHandle, /* Where all this data goes to! */
BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */
-@@ -54,6 +56,7 @@ typedef struct GifFilePrivateType {
+@@ -54,6 +56,7 @@
bool gif89;
} GifFilePrivateType;