Hello community, here is the log from the commit of package giflib for openSUSE:Factory checked in at 2016-03-29 09:53:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/giflib (Old) and /work/SRC/openSUSE:Factory/.giflib.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "giflib" Changes: -------- --- /work/SRC/openSUSE:Factory/giflib/giflib.changes 2016-01-23 01:14:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.giflib.new/giflib.changes 2016-03-29 09:53:14.000000000 +0200 @@ -1,0 +2,16 @@ +Wed Mar 23 08:23:32 UTC 2016 - [email protected] + +- Update to version 5.1.3 + * Prevent malloc randomess from causing the header output routine + to emit a GIF89 version string even when no GIF89 features are + present. + * Prevent malloc randomess from producing sporadic failures by causing + sanity checks added in 5.1.2 to misfire. + * Bulletproof gif2rgb against 0-height images. Addressed sf#78: + Heap overflow in gif2rgb with images of size 0, also sf#82. + * Remove unnecessary duplicate EGifClose() in gifcolor.c. Fixes sf#83 + introduced in 5.1.2. + * Fix sf#84: incorrect return of DGifSlurp(). +- Add giflib-sf-88.patch to fix sf#88 + +------------------------------------------------------------------- Old: ---- giflib-5.1.2.tar.bz2 New: ---- giflib-5.1.3.tar.bz2 giflib-sf-88.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ giflib.spec ++++++ --- /var/tmp/diff_new_pack.C7I0ij/_old 2016-03-29 09:53:15.000000000 +0200 +++ /var/tmp/diff_new_pack.C7I0ij/_new 2016-03-29 09:53:15.000000000 +0200 @@ -18,18 +18,17 @@ %define lname libgif7 Name: giflib -Version: 5.1.2 +Version: 5.1.3 Release: 0 Summary: A Library for Working with GIF Images License: MIT Group: Development/Libraries/C and C++ Url: http://giflib.sf.net/ -#Git-Clone: git://git.code.sf.net/p/giflib/code -#Freecode-URL: http://freecode.com/projects/giflib Source: http://downloads.sf.net/giflib/%{name}-%{version}.tar.bz2 Source2: baselibs.conf Patch1: giflib-visibility.patch Patch2: giflib-automake-1_13.patch +Patch3: giflib-sf-88.patch BuildRequires: libtool >= 2 BuildRequires: xorg-x11-libICE-devel BuildRequires: xorg-x11-libSM-devel @@ -71,8 +70,9 @@ %prep %setup -q -# LT_INIT requires libtool >= 2 -%patch -P 1 -P 2 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 # USE __TIMESTAMP__ instead of __DATE__ , __TIME__ # this change is pointless unless we preserve the original ++++++ giflib-5.1.2.tar.bz2 -> giflib-5.1.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/Makefile.am new/giflib-5.1.3/Makefile.am --- old/giflib-5.1.2/Makefile.am 2015-05-28 07:02:44.000000000 +0200 +++ new/giflib-5.1.3/Makefile.am 2016-01-08 06:00:18.000000000 +0100 @@ -38,3 +38,9 @@ cd doc; make website shipper version=@VERSION@ | sh -e -x rm -fr doc/staging + +# Refresh the wbsite +refresh: + cd doc; make website + shipper -w version=@VERSION@ | sh -e -x + rm -fr doc/staging diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/Makefile.in new/giflib-5.1.3/Makefile.in --- old/giflib-5.1.2/Makefile.in 2016-01-07 13:54:02.000000000 +0100 +++ new/giflib-5.1.3/Makefile.in 2016-03-17 17:31:57.000000000 +0100 @@ -1212,6 +1212,12 @@ shipper version=@VERSION@ | sh -e -x rm -fr doc/staging +# Refresh the wbsite +refresh: + cd doc; make website + shipper -w version=@VERSION@ | sh -e -x + rm -fr doc/staging + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/NEWS new/giflib-5.1.3/NEWS --- old/giflib-5.1.2/NEWS 2016-01-07 13:53:05.000000000 +0100 +++ new/giflib-5.1.3/NEWS 2016-03-17 17:31:46.000000000 +0100 @@ -1,5 +1,30 @@ GIFLIB NEWS +Version 5.1.3 +============= + +As of this version the library and code has been seriously abused by fuzzers, +smoking out crash bugs (now fixed) induced by various kinds of severely +malformed GIF. + +Code Fixes +---------- + +* Prevent malloc randomess from causing the header output routine to emit + a GIF89 version string even when no GIF89 features are present. Only + breaks tests, not production code, but it's odd this wasn't caught sooner. + +* Prevent malloc randomess from producing sporadic failures by causing + sanity checks added in 5.1.2 to misfire. + +* Bulletproof gif2rgb against 0-height images. Addressed SF bug #78: + Heap overflow in gif2rgb with images of size 0, also SF bug #82. + +* Remove unnecessary duplicate EGifClose() in gifcolor.c. Fixes SF bug #83 + introduced in 5.1.2. + +* Fix SF Bug #84: incorrect return of DGifSlurp(). + Version 5.1.2 ============= @@ -30,7 +55,7 @@ * Fix SourceForge bug #73: Null pointer deference in gifclrmap (only reachable with malformed GIF). -* Fix SourceForge bug #74: Double free in gifsponge under 5.1,1, +* Fix SourceForge bug #74: Double free in gifsponge under 5.1.1, for any valid gif image. * Fix SourceForge bug #75: GAGetArgs overflows due to uncounted use of va_arg. @@ -146,7 +171,7 @@ Retirements ----------- -* gifinter is gone. Use convert -interlace from the ImageMagic suite. +* gifinter is gone. Use convert -interlace from the ImageMagick suite. Code Fixes ---------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/configure new/giflib-5.1.3/configure --- old/giflib-5.1.2/configure 2016-01-07 13:54:02.000000000 +0100 +++ new/giflib-5.1.3/configure 2016-03-17 17:31:57.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for giflib 5.1.2. +# Generated by GNU Autoconf 2.69 for giflib 5.1.3. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='giflib' PACKAGE_TARNAME='giflib' -PACKAGE_VERSION='5.1.2' -PACKAGE_STRING='giflib 5.1.2' +PACKAGE_VERSION='5.1.3' +PACKAGE_STRING='giflib 5.1.3' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1314,7 +1314,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures giflib 5.1.2 to adapt to many kinds of systems. +\`configure' configures giflib 5.1.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1384,7 +1384,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of giflib 5.1.2:";; + short | recursive ) echo "Configuration of giflib 5.1.3:";; esac cat <<\_ACEOF @@ -1489,7 +1489,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -giflib configure 5.1.2 +giflib configure 5.1.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1858,7 +1858,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by giflib $as_me 5.1.2, which was +It was created by giflib $as_me 5.1.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2723,7 +2723,7 @@ # Define the identity of the package. PACKAGE='giflib' - VERSION='5.1.2' + VERSION='5.1.3' cat >>confdefs.h <<_ACEOF @@ -13218,7 +13218,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by giflib $as_me 5.1.2, which was +This file was extended by giflib $as_me 5.1.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13284,7 +13284,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -giflib config.status 5.1.2 +giflib config.status 5.1.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/configure.ac new/giflib-5.1.3/configure.ac --- old/giflib-5.1.2/configure.ac 2016-01-07 13:51:33.000000000 +0100 +++ new/giflib-5.1.3/configure.ac 2016-03-17 17:31:46.000000000 +0100 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(giflib, [5.1.2], [[email protected]], giflib) +AC_INIT(giflib, [5.1.3], [[email protected]], giflib) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([lib/dgif_lib.c]) AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/history.asc new/giflib-5.1.3/history.asc --- old/giflib-5.1.2/history.asc 2015-05-28 06:33:34.000000000 +0200 +++ new/giflib-5.1.3/history.asc 2016-01-17 05:04:33.000000000 +0100 @@ -59,6 +59,12 @@ direct support for GIF89 graphics control blocks, and tossed out large amounts of obsolete utility code. +More recent version of the code (5.1.0 and onwards) have been hardened +by both static analysis and fuzz testing. While these failed to turn +up bugs in normal rendering cases, they did uncover some crash and +corruption bugs that could be tickled by carefully crafted malformed +GIFs. + This code is very old, very stable, and *everywhere* - browsers game consoles, smartphones, pretty much everything that opens an HTTP port and does graphics uses it. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/lib/dgif_lib.c new/giflib-5.1.3/lib/dgif_lib.c --- old/giflib-5.1.2/lib/dgif_lib.c 2016-01-07 11:44:44.000000000 +0100 +++ new/giflib-5.1.3/lib/dgif_lib.c 2016-03-17 17:27:57.000000000 +0100 @@ -97,6 +97,9 @@ free((char *)GifFile); return NULL; } + + /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); + #ifdef _WIN32 _setmode(FileHandle, O_BINARY); /* Make sure it is in binary mode. */ #endif /* _WIN32 */ @@ -179,6 +182,7 @@ free((char *)GifFile); return NULL; } + /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); GifFile->Private = (void *)Private; Private->FileHandle = 0; @@ -764,7 +768,7 @@ BitsPerPixel = CodeSize; /* this can only happen on a severely malformed GIF */ - if (BitsPerPixel > 8 || Private->RunningBits > 32) { + if (BitsPerPixel > 8) { GifFile->Error = D_GIF_ERR_READ_FAILED; /* somewhat bogus error code */ return GIF_ERROR; /* Failed to read Code size. */ } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/lib/egif_lib.c new/giflib-5.1.3/lib/egif_lib.c --- old/giflib-5.1.2/lib/egif_lib.c 2014-05-16 12:46:53.000000000 +0200 +++ new/giflib-5.1.3/lib/egif_lib.c 2016-01-22 11:36:36.000000000 +0100 @@ -103,6 +103,7 @@ *Error = E_GIF_ERR_NOT_ENOUGH_MEM; return NULL; } + /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); if ((Private->HashTable = _InitHashTable()) == NULL) { free(GifFile); free(Private); @@ -121,6 +122,7 @@ Private->FileHandle = FileHandle; Private->File = f; Private->FileState = FILE_STATE_WRITE; + Private->gif89 = false; Private->Write = (OutputFunc) 0; /* No user write routine (MRB) */ GifFile->UserData = (void *)NULL; /* No user write handle (MRB) */ @@ -157,6 +159,8 @@ return NULL; } + memset(Private, '\0', sizeof(GifFilePrivateType)); + Private->HashTable = _InitHashTable(); if (Private->HashTable == NULL) { free (GifFile); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/lib/gif_lib.h new/giflib-5.1.3/lib/gif_lib.h --- old/giflib-5.1.2/lib/gif_lib.h 2016-01-07 13:51:53.000000000 +0100 +++ new/giflib-5.1.3/lib/gif_lib.h 2016-03-17 17:31:46.000000000 +0100 @@ -13,7 +13,7 @@ #define GIFLIB_MAJOR 5 #define GIFLIB_MINOR 1 -#define GIFLIB_RELEASE 2 +#define GIFLIB_RELEASE 3 #define GIF_ERROR 0 #define GIF_OK 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/util/gif2rgb.c new/giflib-5.1.3/util/gif2rgb.c --- old/giflib-5.1.2/util/gif2rgb.c 2014-05-16 12:46:53.000000000 +0200 +++ new/giflib-5.1.3/util/gif2rgb.c 2016-03-17 17:24:17.000000000 +0100 @@ -181,9 +181,6 @@ 0, 0, Width, Height, false, NULL) == GIF_ERROR) PrintGifError(Error); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); GifQprintf("\n%s: Image 1 at (%d, %d) [%dx%d]: ", @@ -192,12 +189,7 @@ for (i = 0; i < Height; i++) { if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) - { - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); - } GifQprintf("\b\b\b\b%-4d", Height - i - 1); Ptr += Width; @@ -205,9 +197,6 @@ if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) PrintGifError(Error); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } @@ -378,6 +367,11 @@ } } + if (GifFile->SHeight == 0 || GifFile->SWidth == 0) { + fprintf(stderr, "Image of width or height 0\n"); + exit(EXIT_FAILURE); + } + /* * Allocate the screen as vector of column of rows. Note this * screen is device independent - it's the screen defined by the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/util/gifbg.c new/giflib-5.1.3/util/gifbg.c --- old/giflib-5.1.2/util/gifbg.c 2014-05-16 12:46:53.000000000 +0200 +++ new/giflib-5.1.3/util/gifbg.c 2016-03-17 16:52:45.000000000 +0100 @@ -327,9 +327,6 @@ if (EGifCloseFile(GifFile, &ErrorCode) == GIF_ERROR) { PrintGifError(ErrorCode); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/util/gifcolor.c new/giflib-5.1.3/util/gifcolor.c --- old/giflib-5.1.2/util/gifcolor.c 2014-05-16 12:46:53.000000000 +0200 +++ new/giflib-5.1.3/util/gifcolor.c 2016-03-15 12:57:37.000000000 +0100 @@ -122,9 +122,6 @@ if (EGifCloseFile(GifFile, &ErrorCode) == GIF_ERROR) { PrintGifError(ErrorCode); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/util/gifecho.c new/giflib-5.1.3/util/gifecho.c --- old/giflib-5.1.2/util/gifecho.c 2014-05-16 12:46:53.000000000 +0200 +++ new/giflib-5.1.3/util/gifecho.c 2016-03-17 16:53:13.000000000 +0100 @@ -162,9 +162,6 @@ if (EGifCloseFile(GifFile, &ErrorCode) == GIF_ERROR) { PrintGifError(ErrorCode); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/giflib-5.1.2/util/gifinto.c new/giflib-5.1.3/util/gifinto.c --- old/giflib-5.1.2/util/gifinto.c 2016-01-06 00:07:24.000000000 +0100 +++ new/giflib-5.1.3/util/gifinto.c 2016-03-17 17:26:04.000000000 +0100 @@ -73,7 +73,7 @@ int FD; int NumFiles; bool Error, MinSizeFlag = false, HelpFlag = false; - char **FileName = NULL, FoutTmpName[STRLEN], FullPath[STRLEN], *p; + char **FileName = NULL, FoutTmpName[STRLEN+1], FullPath[STRLEN+1], *p; FILE *Fin, *Fout; if ((Error = GAGetArgs(argc, argv, CtrlStr, &GifNoisyPrint, @@ -160,7 +160,8 @@ fclose(Fout); unlink(*FileName); if (rename(FoutTmpName, *FileName) != 0) { - char DefaultName[STRLEN]; + char DefaultName[STRLEN+1]; + memset(DefaultName, '\0', sizeof(DefaultName)); if ( (strlen(FullPath) + strlen(DEFAULT_OUT_NAME)) > STRLEN-1 ) GIF_EXIT("Filename too long."); strncpy(DefaultName, FullPath, STRLEN); // cppcheck-suppress uninitstring ++++++ giflib-sf-88.patch ++++++ Index: giflib-5.1.3/util/gifbuild.c =================================================================== --- giflib-5.1.3.orig/util/gifbuild.c +++ giflib-5.1.3/util/gifbuild.c @@ -724,6 +724,7 @@ static void DumpExtensions(GifFileType * printf("end\n\n"); } else if (ep->Function == APPLICATION_EXT_FUNC_CODE + && ep->ByteCount >= 11 && memcmp(ep->Bytes, "NETSCAPE2.0", 11) == 0) { unsigned char *params = (++ep)->Bytes; unsigned int loopcount = params[1] | (params[2] << 8);
