diff --git a/giflib_quantize.patch b/0001-Move-quantize.c-back-into-libgif.so.patch similarity index 46% rename from giflib_quantize.patch rename to 0001-Move-quantize.c-back-into-libgif.so.patch index aa34629477705fd9df2f495514d91260fbf710c1..524e1c55007e1ae03efe2cfc765dfcdf0d563b84 100644 --- a/giflib_quantize.patch +++ b/0001-Move-quantize.c-back-into-libgif.so.patch @@ -1,6 +1,17 @@ -diff -rupN --no-dereference giflib-5.2.1/Makefile giflib-5.2.1-new/Makefile ---- giflib-5.2.1/Makefile 2019-06-24 18:08:57.000000000 +0200 -+++ giflib-5.2.1-new/Makefile 2020-02-17 16:51:04.450397434 +0100 +From 980148840e878aff8bb6078fca36c14f0cfc8285 Mon Sep 17 00:00:00 2001 +From: liweigang +Date: Wed, 6 Mar 2024 17:50:45 +0800 +Subject: [PATCH 1/3] Move quantize.c back into libgif.so + +Signed-off-by: liweigang +--- + Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 87966a9..aa88a46 100644 +--- a/Makefile ++++ b/Makefile @@ -29,11 +29,11 @@ LIBPOINT=0 LIBVER=$(LIBMAJOR).$(LIBMINOR).$(LIBPOINT) @@ -11,7 +22,10 @@ diff -rupN --no-dereference giflib-5.2.1/Makefile giflib-5.2.1-new/Makefile OBJECTS = $(SOURCES:.c=.o) -USOURCES = qprintf.c quantize.c getarg.c -+USOURCES = qprintf.c getarg.c ++USOURCES = qprintf.c getarg.c UHEADERS = getarg.h UOBJECTS = $(USOURCES:.c=.o) +-- +2.33.1 + diff --git a/0002-Fix-several-defects-found-by-Coverity-scan.patch b/0002-Fix-several-defects-found-by-Coverity-scan.patch new file mode 100644 index 0000000000000000000000000000000000000000..ad9de7f6cbea08cb7700e95505674bee35ee0980 --- /dev/null +++ b/0002-Fix-several-defects-found-by-Coverity-scan.patch @@ -0,0 +1,53 @@ +From d2568bcbeea18137bec306fa5586a4257a31ad82 Mon Sep 17 00:00:00 2001 +From: liweigang +Date: Wed, 6 Mar 2024 17:54:02 +0800 +Subject: [PATCH 2/3] Fix several defects found by Coverity scan + +Signed-off-by: liweigang +--- + gif2rgb.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/gif2rgb.c b/gif2rgb.c +index d51226d..a82d7eb 100644 +--- a/gif2rgb.c ++++ b/gif2rgb.c +@@ -165,6 +165,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height, + /* Open stdout for the output file: */ + if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + +@@ -173,6 +175,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height, + EGifPutImageDesc(GifFile, 0, 0, Width, Height, false, NULL) == + GIF_ERROR) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + +@@ -182,6 +186,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height, + + for (i = 0; i < Height; i++) { + if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) { ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + GifQprintf("\b\b\b\b%-4d", Height - i - 1); +@@ -191,6 +197,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height, + + if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + } +-- +2.33.1 + diff --git a/0003-Generate-HTML-docs-with-consistent-section-IDs-to-av.patch b/0003-Generate-HTML-docs-with-consistent-section-IDs-to-av.patch new file mode 100644 index 0000000000000000000000000000000000000000..1db6d80e53ec06a13e940d0833a47a53f1bad78d --- /dev/null +++ b/0003-Generate-HTML-docs-with-consistent-section-IDs-to-av.patch @@ -0,0 +1,27 @@ +From cbe6adea04dfa605809697d563df7723f29b702b Mon Sep 17 00:00:00 2001 +From: liweigang +Date: Wed, 6 Mar 2024 17:54:56 +0800 +Subject: [PATCH 3/3] Generate HTML docs with consistent section IDs to avoid + multilib difference + +Signed-off-by: liweigang +--- + doc/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/Makefile b/doc/Makefile +index b34ece0..afa2402 100644 +--- a/doc/Makefile ++++ b/doc/Makefile +@@ -1,7 +1,7 @@ + .SUFFIXES: .xml .html .txt .adoc .1 .7 + + .xml.html: +- xmlto xhtml-nochunks $< ++ xmlto --stringparam generate.consistent.ids=1 xhtml-nochunks $< + + .xml.1: + xmlto man $< +-- +2.33.1 + diff --git a/CVE-2022-28506.patch b/CVE-2022-28506.patch deleted file mode 100644 index 19059693e2398bf6103677fdd79c5380538fdfb5..0000000000000000000000000000000000000000 --- a/CVE-2022-28506.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c80f2b9f12a9ed0df7a629c9da1c4a82e9e39923 Mon Sep 17 00:00:00 2001 -From: duyiwei -Date: Wed, 15 Jun 2022 14:46:24 +0800 -Subject: [PATCH] CVE-2022-28506 - -Signed-off-by: duyiwei ---- - gif2rgb.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/gif2rgb.c b/gif2rgb.c -index ccbc0aa..87c413e 100644 ---- a/gif2rgb.c -+++ b/gif2rgb.c -@@ -303,7 +303,12 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag, - GifRow = ScreenBuffer[i]; - GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); - for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) { -- ColorMapEntry = &ColorMap->Colors[GifRow[j]]; -+ /* Check if color is within color palete */ -+ if (GifRow[j] >= ColorMap->ColorCount) -+ { -+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT)); -+ } -+ ColorMapEntry = &ColorMap->Colors[GifRow[j]]; - *BufferP++ = ColorMapEntry->Red; - *BufferP++ = ColorMapEntry->Green; - *BufferP++ = ColorMapEntry->Blue; --- -2.33.0 - diff --git a/CVE-2023-39742.patch b/CVE-2023-39742.patch deleted file mode 100644 index 15954505a0b737ffee0044e0b4ae3ade1430a741..0000000000000000000000000000000000000000 --- a/CVE-2023-39742.patch +++ /dev/null @@ -1,24 +0,0 @@ -Description: Fix segmentation faults due to non correct checking for args -Author: David Suárez -Origin: vendor -Bug: https://sourceforge.net/p/giflib/bugs/153/ -Bug-Debian: https://bugs.debian.org/715963 -Bug-Debian: https://bugs.debian.org/715964 -Bug-Debian: https://bugs.debian.org/715967 -Last-Update: 2020-12-20 - ---- a/getarg.c -+++ b/getarg.c -@@ -305,6 +305,12 @@ - int i = 0, ScanRes; - - while (!(ISSPACE(CtrlStrCopy[i]))) { -+ -+ if ((*argv) == argv_end) { -+ GAErrorToken = Option; -+ return CMD_ERR_NumRead; -+ } -+ - switch (CtrlStrCopy[i + 1]) { - case 'd': /* Get signed integers. */ - ScanRes = sscanf(*((*argv)++), "%d", diff --git a/giflib-5.2.1.tar.gz b/giflib-5.2.1.tar.gz deleted file mode 100644 index f5555f590d7247a1d0995d576fb28e21a833084b..0000000000000000000000000000000000000000 Binary files a/giflib-5.2.1.tar.gz and /dev/null differ diff --git a/giflib-5.2.2.tar.gz b/giflib-5.2.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..f603813b77c2c2974df0db7d34d2df1f7a0462ef Binary files /dev/null and b/giflib-5.2.2.tar.gz differ diff --git a/giflib.spec b/giflib.spec index 06507c8ef836fd6981639abcc7058461258a51b5..944781ac0d142150724a71b032f8238b62d51319 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,23 +1,22 @@ %define debug_package %{nil} Name: giflib -Version: 5.2.1 -Release: 7 +Version: 5.2.2 +Release: 1 Summary: A library and utilities for processing GIFs License: MIT URL: http://www.sourceforge.net/projects/giflib/ Source: http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.gz # Move quantize.c back into libgif.so (#1750122) -Patch0:giflib_quantize.patch +Patch0: 0001-Move-quantize.c-back-into-libgif.so.patch # Fix several defects found by Coverity scan -Patch1:giflib_coverity.patch +Patch1: 0002-Fix-several-defects-found-by-Coverity-scan.patch # Generate HTML docs with consistent section IDs to avoid multilib difference -Patch2:giflib_html-docs-consistent-ids.patch -Patch3:CVE-2022-28506.patch -Patch4:CVE-2023-39742.patch +Patch2: 0003-Generate-HTML-docs-with-consistent-section-IDs-to-av.patch BuildRequires: make xmlto gcc +BuildRequires: ImageMagick provides: giflib-utils %description @@ -69,12 +68,15 @@ rm -f %{buildroot}/debugsourcefiles.list %files help %defattr(-,root,root) -%{_mandir}/man1/gif*.1* +%{_mandir}/man1/gif*.* %files utils %{_bindir}/gif* %changelog +* Thu Mar 07 2024 liweigang - 5.2.2-1 +- update to version 5.2.2 + * Fri Sep 15 2023 Funda Wang - 5.2.1-7 - Fix CVE-2023-39742 diff --git a/giflib_coverity.patch b/giflib_coverity.patch deleted file mode 100644 index c51234fe5f861e6c9a50f341dc73777e542b837e..0000000000000000000000000000000000000000 --- a/giflib_coverity.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff -rupN --no-dereference giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c ---- giflib-5.2.1/gif2rgb.c 2019-06-24 09:24:27.000000000 +0200 -+++ giflib-5.2.1-new/gif2rgb.c 2020-02-17 16:51:04.468397502 +0100 -@@ -170,6 +170,8 @@ static void SaveGif(GifByteType *OutputB - /* Open stdout for the output file: */ - if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) { - PrintGifError(Error); -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); - } - -@@ -179,6 +181,8 @@ static void SaveGif(GifByteType *OutputB - EGifPutImageDesc(GifFile, - 0, 0, Width, Height, false, NULL) == GIF_ERROR) { - PrintGifError(Error); -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); - } - -@@ -187,8 +191,11 @@ static void SaveGif(GifByteType *OutputB - GifFile->Image.Width, GifFile->Image.Height); - - for (i = 0; i < Height; i++) { -- if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) -+ if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) { -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); -+ } - GifQprintf("\b\b\b\b%-4d", Height - i - 1); - - Ptr += Width; -@@ -196,6 +203,8 @@ static void SaveGif(GifByteType *OutputB - - if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) { - PrintGifError(Error); -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); - } - } diff --git a/giflib_html-docs-consistent-ids.patch b/giflib_html-docs-consistent-ids.patch deleted file mode 100644 index d4006ea72799dc1a30255956e8b4d9a3dfc6de7a..0000000000000000000000000000000000000000 --- a/giflib_html-docs-consistent-ids.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -rupN --no-dereference giflib-5.2.1/doc/Makefile giflib-5.2.1-new/doc/Makefile ---- giflib-5.2.1/doc/Makefile 2019-03-28 18:05:25.000000000 +0100 -+++ giflib-5.2.1-new/doc/Makefile 2020-02-17 16:51:04.489397582 +0100 -@@ -1,7 +1,7 @@ - .SUFFIXES: .xml .html .txt .adoc .1 - - .xml.html: -- xmlto xhtml-nochunks $< -+ xmlto --stringparam generate.consistent.ids=1 xhtml-nochunks $< - - .xml.1: - xmlto man $<