From 9cfef479ca9d5c62c513cbd76f1e75b0ee94fc80 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 08:02:28 +0000 Subject: [PATCH 01/23] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 5d800f7..87fe454 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 6%{?dist} +Release: 7%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -74,6 +74,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 5.2.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Mon Jul 27 2020 Fedora Release Engineering - 5.2.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From f4dde61417de0ea2d3fb6dd246f232acb404b47e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 22 Jul 2021 01:34:52 +0000 Subject: [PATCH 02/23] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 87fe454..844e435 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 7%{?dist} +Release: 8%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -74,6 +74,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a %changelog +* Thu Jul 22 2021 Fedora Release Engineering - 5.2.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Tue Jan 26 2021 Fedora Release Engineering - 5.2.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From 0a8d631a31148e0bf7fb98cb1a7d8974e0429473 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 20 Jan 2022 05:56:05 +0000 Subject: [PATCH 03/23] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 844e435..8ad2686 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 8%{?dist} +Release: 9%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -74,6 +74,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a %changelog +* Thu Jan 20 2022 Fedora Release Engineering - 5.2.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Thu Jul 22 2021 Fedora Release Engineering - 5.2.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 9f2b9319d785f8248e23489c52937e074f74ee41 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Thu, 24 Feb 2022 11:12:04 +0100 Subject: [PATCH 04/23] Add mingw subpackages --- giflib.spec | 86 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 78 insertions(+), 8 deletions(-) diff --git a/giflib.spec b/giflib.spec index 8ad2686..19957d9 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,11 +1,13 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +# Downstream cmake support +Source1: CMakeLists.txt # Move quantize.c back into libgif.so (#1750122) Patch0: giflib_quantize.patch # Fix several defects found by Coverity scan @@ -13,10 +15,16 @@ Patch1: giflib_coverity.patch # Generate HTML docs with consistent section IDs to avoid multilib difference Patch2: giflib_html-docs-consistent-ids.patch +BuildRequires: cmake BuildRequires: gcc -BuildRequires: make BuildRequires: xmlto +BuildRequires: mingw32-filesystem >= 95 +BuildRequires: mingw32-gcc + +BuildRequires: mingw64-filesystem >= 95 +BuildRequires: mingw64-gcc + %description giflib is a library for reading and writing gif images. @@ -39,23 +47,64 @@ Requires: %{name}%{?_isa} = %{version}-%{release} The giflib-utils package contains various programs for manipulating GIF format image files. +%package -n mingw32-%{name} +Summary: MinGW Windows %{name} library +Obsoletes: mingw32-%{name}-static + +%description -n mingw32-%{name} +%{summary}. + + +%package -n mingw32-%{name}-tools +Summary: Tools for the MinGW Windows %{name} library +Requires: mingw32-%{name} = %{version}-%{release} + +%description -n mingw32-%{name}-tools +%{summary}. + + +%package -n mingw64-%{name} +Summary: MinGW Windows %{name} library +Obsoletes: mingw64-%{name}-static + +%description -n mingw64-%{name} +%{summary}. + + +%package -n mingw64-%{name}-tools +Summary: Tools for the MinGW Windows %{name} library +Requires: mingw64-%{name} = %{version}-%{release} + +%description -n mingw64-%{name}-tools +%{summary}. + + +%{?mingw_debug_package} + %prep %autosetup -p1 +cp -a %{SOURCE1} . %build -%make_build CFLAGS="%{optflags} -fPIC" LDFLAGS="%{__global_ldflags}" +# Native build +%cmake +%cmake_build + +# MinGW build +%mingw_cmake +%mingw_make_build %install -%make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}" - -# Drop static library -rm -f %{buildroot}%{_libdir}/libgif.a +%cmake_install +%mingw_make_install +rm -rf %{buildroot}%{mingw32_mandir} +rm -rf %{buildroot}%{mingw64_mandir} -%ldconfig_scriptlets +%mingw_debug_install_post %files @@ -72,8 +121,29 @@ rm -f %{buildroot}%{_libdir}/libgif.a %{_bindir}/gif* %{_mandir}/man1/*.1* +%files -n mingw32-%{name} +%license COPYING +%{mingw32_bindir}/libgif-7.dll +%{mingw32_includedir}/gif_lib.h +%{mingw32_libdir}/libgif.dll.a + +%files -n mingw32-%{name}-tools +%{mingw32_bindir}/*.exe + +%files -n mingw64-%{name} +%license COPYING +%{mingw64_bindir}/libgif-7.dll +%{mingw64_includedir}/gif_lib.h +%{mingw64_libdir}/libgif.dll.a + +%files -n mingw64-%{name}-tools +%{mingw64_bindir}/*.exe + %changelog +* Sat Feb 19 2022 Sandro Mani - 5.2.1-10 +- Add mingw subpackage + * Thu Jan 20 2022 Fedora Release Engineering - 5.2.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 67fb7bb61705fdbe4b0822925c7559d6d52b3504 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Thu, 24 Feb 2022 16:24:26 +0100 Subject: [PATCH 05/23] Add CMakeLists.txt --- CMakeLists.txt | 141 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 CMakeLists.txt diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..b69a03d --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,141 @@ +cmake_minimum_required(VERSION 2.6.0) + +project(giflib C) + +SET(BUILD_STATIC_LIBS OFF CACHE BOOL "Whether to also build static libs") + +execute_process(COMMAND ./getversion + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} + OUTPUT_VARIABLE VERSION + OUTPUT_STRIP_TRAILING_WHITESPACE +) + +set(LIBMAJOR 7) +set(LIBMINOR 1) +set(LIBPOINT 0) +set(LIBVER "${LIBMAJOR}.${LIBMINOR}.${LIBPOINT}") + +set(giflib_SRC + dgif_lib.c + egif_lib.c + getarg.c + gifalloc.c + gif_err.c + gif_font.c + gif_hash.c + openbsd-reallocarray.c + qprintf.c + quantize.c +) + +# Some utilities are installed +set(giflib_INSTALLABLE + gif2rgb + gifbuild + giffix + giftext + giftool + gifclrmp +) + +# Some utilities are only used internally for testing. +# There is a parallel list in doc/Makefile. +# These are all candidates for removal in future releases. +set(giflib_UTILS + ${giflib_INSTALLABLE} + gifbg + gifcolor + gifecho + giffilter + gifhisto + gifinto + gifwedge +) + +file(GLOB giflib_MAN doc/*.1) + +### Build library / tools + +add_library(gif SHARED ${giflib_SRC}) +target_link_libraries(gif m) +set_target_properties(gif PROPERTIES VERSION ${LIBVER} SOVERSION ${LIBMAJOR}) +if(WIN32) + set_target_properties(gif PROPERTIES SUFFIX "-${LIBMAJOR}${CMAKE_SHARED_LIBRARY_SUFFIX}") +endif(WIN32) + +if(${BUILD_STATIC_LIBS}) + add_library(gif_static STATIC ${giflib_SRC}) + set_target_properties(gif_static PROPERTIES OUTPUT_NAME gif) +endif(${BUILD_STATIC_LIBS}) + + +foreach(UTILITY ${giflib_UTILS}) + add_executable(${UTILITY} ${UTILITY}.c) + target_link_libraries(${UTILITY} gif) +endforeach() + +### Installation + +install(TARGETS gif + RUNTIME DESTINATION bin + ARCHIVE DESTINATION lib${LIB_SUFFIX} + LIBRARY DESTINATION lib${LIB_SUFFIX} +) + +if(${BUILD_STATIC_LIBS}) + install(TARGETS gif_static ARCHIVE DESTINATION lib${LIB_SUFFIX}) +endif(${BUILD_STATIC_LIBS}) + +foreach(UTILITY ${giflib_UTILS}) + install(TARGETS ${UTILITY} DESTINATION bin) +endforeach() + +install(FILES gif_lib.h DESTINATION include) +install(FILES ${giflib_MAN} DESTINATION ${CMAKE_INSTALL_PREFIX}/share/man/man1) + + +### Distribution tarball +set(giflib_DIST + *.c + *.h + README + NEWS + TODO + COPYING + getversion + ChangeLog + CMakeLists.txt + build.adoc + history.adoc + control + doc/whatsinagif + doc/*.1 + doc/*.xml + doc/*.txt + doc/index.html.in + doc/00README + doc/Makefile + tests + pic +) +# We include all of the XML, and also generated manual pages +# so people working from the distribution tarball won't need xmlto. +add_custom_target(dist-gz + COMMAND tar --transform='s:^:giflib-${VERSION}/:' -czf giflib-${VERSION}.tar.gz ${giflib_DIST} + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} +) + +add_custom_target(dist-bz2 + COMMAND tar --transform='s:^:giflib-${VERSION}/:' -cjf giflib-${VERSION}.tar.bz2 ${giflib_DIST} + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} +) + +add_custom_target(dist DEPENDS dist-gz DEPENDS dist-bz2) + + +### Auditing tools + +# cppcheck should run clean +add_custom_target(cppcheck + COMMAND cppcheck --inline-suppr --template gcc --enable=all --suppress=unusedFunction --force *.[ch] +) From 8493e8a24a17201d3eeb5a98d4ab6bce9f7daa2c Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Thu, 24 Feb 2022 20:06:58 +0100 Subject: [PATCH 06/23] Make mingw subpackages noarch --- giflib.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 19957d9..7943043 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 10%{?dist} +Release: 11%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -50,6 +50,7 @@ format image files. %package -n mingw32-%{name} Summary: MinGW Windows %{name} library Obsoletes: mingw32-%{name}-static +BuildArch: noarch %description -n mingw32-%{name} %{summary}. @@ -58,6 +59,7 @@ Obsoletes: mingw32-%{name}-static %package -n mingw32-%{name}-tools Summary: Tools for the MinGW Windows %{name} library Requires: mingw32-%{name} = %{version}-%{release} +BuildArch: noarch %description -n mingw32-%{name}-tools %{summary}. @@ -66,6 +68,7 @@ Requires: mingw32-%{name} = %{version}-%{release} %package -n mingw64-%{name} Summary: MinGW Windows %{name} library Obsoletes: mingw64-%{name}-static +BuildArch: noarch %description -n mingw64-%{name} %{summary}. @@ -74,6 +77,7 @@ Obsoletes: mingw64-%{name}-static %package -n mingw64-%{name}-tools Summary: Tools for the MinGW Windows %{name} library Requires: mingw64-%{name} = %{version}-%{release} +BuildArch: noarch %description -n mingw64-%{name}-tools %{summary}. @@ -141,6 +145,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Thu Feb 24 2022 Sandro Mani - 5.2.1-11 +- Make mingw subpackages noarch + * Sat Feb 19 2022 Sandro Mani - 5.2.1-10 - Add mingw subpackage From 3395452f7e88d981a233fcfefe5ef8af9af1f942 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Fri, 25 Mar 2022 13:56:50 +0100 Subject: [PATCH 07/23] Rebuild with mingw-gcc-12 --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 7943043..8cfaf7b 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 11%{?dist} +Release: 12%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -145,6 +145,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Fri Mar 25 2022 Sandro Mani - 5.2.1-12 +- Rebuild with mingw-gcc-12 + * Thu Feb 24 2022 Sandro Mani - 5.2.1-11 - Make mingw subpackages noarch From 763a35cb09d5fa14e1281326dce9fc96db3ff012 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 21 Jul 2022 06:11:03 +0000 Subject: [PATCH 08/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 8cfaf7b..43974d3 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 12%{?dist} +Release: 13%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -145,6 +145,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Thu Jul 21 2022 Fedora Release Engineering - 5.2.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Fri Mar 25 2022 Sandro Mani - 5.2.1-12 - Rebuild with mingw-gcc-12 From 2e9917bf13df114354163f0c0211eccc00943596 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Thu, 21 Jul 2022 10:01:11 +0200 Subject: [PATCH 09/23] Backport fix for CVE-2022-28506 --- CVE-2022-28506.patch | 15 +++++++++++++++ giflib.spec | 8 +++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-28506.patch diff --git a/CVE-2022-28506.patch b/CVE-2022-28506.patch new file mode 100644 index 0000000..c5f0b9a --- /dev/null +++ b/CVE-2022-28506.patch @@ -0,0 +1,15 @@ +diff -rupN giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c +--- giflib-5.2.1/gif2rgb.c 2019-06-24 09:24:27.000000000 +0200 ++++ giflib-5.2.1-new/gif2rgb.c 2022-07-21 09:58:28.256036156 +0200 +@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam + GifRow = ScreenBuffer[i]; + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); + for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) { ++ /* Check if color is within color palete */ ++ if (GifRow[j] >= ColorMap->ColorCount) ++ { ++ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT)); ++ } + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; + *BufferP++ = ColorMapEntry->Red; + *BufferP++ = ColorMapEntry->Green; diff --git a/giflib.spec b/giflib.spec index 43974d3..885d278 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 13%{?dist} +Release: 14%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -14,6 +14,9 @@ Patch0: giflib_quantize.patch Patch1: giflib_coverity.patch # Generate HTML docs with consistent section IDs to avoid multilib difference Patch2: giflib_html-docs-consistent-ids.patch +# Backport fix for CVE-2022-28506 +# See https://sourceforge.net/u/mmuzila/giflib/ci/5b74cdd9c1285514eaa4675347ba3eea81d32c65/ +Patch3: CVE-2022-28506.patch BuildRequires: cmake BuildRequires: gcc @@ -145,6 +148,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Thu Jul 21 2022 Sandro Mani - 5.2.1-14 +- Backport fix for CVE-2022-28506 + * Thu Jul 21 2022 Fedora Release Engineering - 5.2.1-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 273f1a15ca0097baff757fea079cbbdd2c67970e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 04:49:44 +0000 Subject: [PATCH 10/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 885d278..21e4810 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 14%{?dist} +Release: 15%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -148,6 +148,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 5.2.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Thu Jul 21 2022 Sandro Mani - 5.2.1-14 - Backport fix for CVE-2022-28506 From 8fe05875704f665d85249fb0d30b9723683d51e3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 22:55:59 +0000 Subject: [PATCH 11/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 21e4810..1917ac8 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 15%{?dist} +Release: 16%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -148,6 +148,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 5.2.1-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Thu Jan 19 2023 Fedora Release Engineering - 5.2.1-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 4eea5ef82fe65114294d7752ddb2875ebbddffa0 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Thu, 14 Sep 2023 20:57:35 +0200 Subject: [PATCH 12/23] Add patch for CVE-2023-39742 --- fix-get-args-segment-violation.patch | 24 ++++++++++++++++++++++++ giflib.spec | 9 ++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 fix-get-args-segment-violation.patch diff --git a/fix-get-args-segment-violation.patch b/fix-get-args-segment-violation.patch new file mode 100644 index 0000000..1595450 --- /dev/null +++ b/fix-get-args-segment-violation.patch @@ -0,0 +1,24 @@ +Description: Fix segmentation faults due to non correct checking for args +Author: David Suárez +Origin: vendor +Bug: https://sourceforge.net/p/giflib/bugs/153/ +Bug-Debian: https://bugs.debian.org/715963 +Bug-Debian: https://bugs.debian.org/715964 +Bug-Debian: https://bugs.debian.org/715967 +Last-Update: 2020-12-20 + +--- a/getarg.c ++++ b/getarg.c +@@ -305,6 +305,12 @@ + int i = 0, ScanRes; + + while (!(ISSPACE(CtrlStrCopy[i]))) { ++ ++ if ((*argv) == argv_end) { ++ GAErrorToken = Option; ++ return CMD_ERR_NumRead; ++ } ++ + switch (CtrlStrCopy[i + 1]) { + case 'd': /* Get signed integers. */ + ScanRes = sscanf(*((*argv)++), "%d", diff --git a/giflib.spec b/giflib.spec index 1917ac8..319cf69 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 16%{?dist} +Release: 17%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -17,6 +17,10 @@ Patch2: giflib_html-docs-consistent-ids.patch # Backport fix for CVE-2022-28506 # See https://sourceforge.net/u/mmuzila/giflib/ci/5b74cdd9c1285514eaa4675347ba3eea81d32c65/ Patch3: CVE-2022-28506.patch +# Fix segmentation faults when invoking tools with incorrect arguments (CVE-2023-39742) +# Taken from Debian package +Patch4: fix-get-args-segment-violation.patch + BuildRequires: cmake BuildRequires: gcc @@ -148,6 +152,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Thu Sep 14 2023 Sandro Mani - 5.2.1-17 +- Add patch for CVE-2023-39742 + * Wed Jul 19 2023 Fedora Release Engineering - 5.2.1-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From 33951725b33c1b3ca61e761b06a8d7efac4f28ac Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 22:17:34 +0000 Subject: [PATCH 13/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 319cf69..1c8025e 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 17%{?dist} +Release: 18%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -152,6 +152,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 5.2.1-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Thu Sep 14 2023 Sandro Mani - 5.2.1-17 - Add patch for CVE-2023-39742 From c6d4a9e4fbc69e13ce5d695bc64630cf6ee8f359 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jan 2024 14:46:27 +0000 Subject: [PATCH 14/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 1c8025e..7201b6e 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 18%{?dist} +Release: 19%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -152,6 +152,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Wed Jan 24 2024 Fedora Release Engineering - 5.2.1-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 5.2.1-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From d98866cb09f8b7b5b9e2f001a90b44f42dee2bd5 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Mon, 19 Feb 2024 09:51:30 +0100 Subject: [PATCH 15/23] Update to 5.2.2 --- .gitignore | 1 + CVE-2022-28506.patch | 15 ------ fix-get-args-segment-violation.patch | 24 --------- giflib.spec | 13 ++--- giflib_coverity.patch | 72 +++++++++++++-------------- giflib_html-docs-consistent-ids.patch | 8 +-- giflib_quantize.patch | 6 +-- sources | 2 +- 8 files changed, 48 insertions(+), 93 deletions(-) delete mode 100644 CVE-2022-28506.patch delete mode 100644 fix-get-args-segment-violation.patch diff --git a/.gitignore b/.gitignore index d4babef..cbfea7a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ giflib-4.1.6.tar.bz2 /giflib-5.1.8.tar.gz /giflib-5.1.9.tar.gz /giflib-5.2.1.tar.gz +/giflib-5.2.2.tar.gz diff --git a/CVE-2022-28506.patch b/CVE-2022-28506.patch deleted file mode 100644 index c5f0b9a..0000000 --- a/CVE-2022-28506.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -rupN giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c ---- giflib-5.2.1/gif2rgb.c 2019-06-24 09:24:27.000000000 +0200 -+++ giflib-5.2.1-new/gif2rgb.c 2022-07-21 09:58:28.256036156 +0200 -@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam - GifRow = ScreenBuffer[i]; - GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); - for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) { -+ /* Check if color is within color palete */ -+ if (GifRow[j] >= ColorMap->ColorCount) -+ { -+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT)); -+ } - ColorMapEntry = &ColorMap->Colors[GifRow[j]]; - *BufferP++ = ColorMapEntry->Red; - *BufferP++ = ColorMapEntry->Green; diff --git a/fix-get-args-segment-violation.patch b/fix-get-args-segment-violation.patch deleted file mode 100644 index 1595450..0000000 --- a/fix-get-args-segment-violation.patch +++ /dev/null @@ -1,24 +0,0 @@ -Description: Fix segmentation faults due to non correct checking for args -Author: David Suárez -Origin: vendor -Bug: https://sourceforge.net/p/giflib/bugs/153/ -Bug-Debian: https://bugs.debian.org/715963 -Bug-Debian: https://bugs.debian.org/715964 -Bug-Debian: https://bugs.debian.org/715967 -Last-Update: 2020-12-20 - ---- a/getarg.c -+++ b/getarg.c -@@ -305,6 +305,12 @@ - int i = 0, ScanRes; - - while (!(ISSPACE(CtrlStrCopy[i]))) { -+ -+ if ((*argv) == argv_end) { -+ GAErrorToken = Option; -+ return CMD_ERR_NumRead; -+ } -+ - switch (CtrlStrCopy[i + 1]) { - case 'd': /* Get signed integers. */ - ScanRes = sscanf(*((*argv)++), "%d", diff --git a/giflib.spec b/giflib.spec index 7201b6e..fe98d4d 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs -Version: 5.2.1 -Release: 19%{?dist} +Version: 5.2.2 +Release: 1%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -14,12 +14,6 @@ Patch0: giflib_quantize.patch Patch1: giflib_coverity.patch # Generate HTML docs with consistent section IDs to avoid multilib difference Patch2: giflib_html-docs-consistent-ids.patch -# Backport fix for CVE-2022-28506 -# See https://sourceforge.net/u/mmuzila/giflib/ci/5b74cdd9c1285514eaa4675347ba3eea81d32c65/ -Patch3: CVE-2022-28506.patch -# Fix segmentation faults when invoking tools with incorrect arguments (CVE-2023-39742) -# Taken from Debian package -Patch4: fix-get-args-segment-violation.patch BuildRequires: cmake @@ -152,6 +146,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Mon Feb 19 2024 Sandro Mani - 5.2.2-1 +- Update to 5.2.2 + * Wed Jan 24 2024 Fedora Release Engineering - 5.2.1-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/giflib_coverity.patch b/giflib_coverity.patch index c51234f..0e995ae 100644 --- a/giflib_coverity.patch +++ b/giflib_coverity.patch @@ -1,43 +1,39 @@ -diff -rupN --no-dereference giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c ---- giflib-5.2.1/gif2rgb.c 2019-06-24 09:24:27.000000000 +0200 -+++ giflib-5.2.1-new/gif2rgb.c 2020-02-17 16:51:04.468397502 +0100 -@@ -170,6 +170,8 @@ static void SaveGif(GifByteType *OutputB - /* Open stdout for the output file: */ - if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) { - PrintGifError(Error); -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); - } +diff -rupN --no-dereference giflib-5.2.2/gif2rgb.c giflib-5.2.2-new/gif2rgb.c +--- giflib-5.2.2/gif2rgb.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/gif2rgb.c 2024-02-19 09:39:38.750976758 +0100 +@@ -165,6 +165,8 @@ static void SaveGif(GifByteType *OutputB + /* Open stdout for the output file: */ + if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } -@@ -179,6 +181,8 @@ static void SaveGif(GifByteType *OutputB - EGifPutImageDesc(GifFile, - 0, 0, Width, Height, false, NULL) == GIF_ERROR) { - PrintGifError(Error); -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); - } +@@ -173,6 +175,8 @@ static void SaveGif(GifByteType *OutputB + EGifPutImageDesc(GifFile, 0, 0, Width, Height, false, NULL) == + GIF_ERROR) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } -@@ -187,8 +191,11 @@ static void SaveGif(GifByteType *OutputB - GifFile->Image.Width, GifFile->Image.Height); +@@ -182,6 +186,8 @@ static void SaveGif(GifByteType *OutputB - for (i = 0; i < Height; i++) { -- if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) -+ if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) { -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); -+ } - GifQprintf("\b\b\b\b%-4d", Height - i - 1); + for (i = 0; i < Height; i++) { + if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) { ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + GifQprintf("\b\b\b\b%-4d", Height - i - 1); +@@ -191,6 +197,8 @@ static void SaveGif(GifByteType *OutputB - Ptr += Width; -@@ -196,6 +203,8 @@ static void SaveGif(GifByteType *OutputB - - if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) { - PrintGifError(Error); -+ free(OutputBuffer); -+ GifFreeMapObject(OutputColorMap); - exit(EXIT_FAILURE); - } + if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } } diff --git a/giflib_html-docs-consistent-ids.patch b/giflib_html-docs-consistent-ids.patch index d4006ea..fd29642 100644 --- a/giflib_html-docs-consistent-ids.patch +++ b/giflib_html-docs-consistent-ids.patch @@ -1,8 +1,8 @@ -diff -rupN --no-dereference giflib-5.2.1/doc/Makefile giflib-5.2.1-new/doc/Makefile ---- giflib-5.2.1/doc/Makefile 2019-03-28 18:05:25.000000000 +0100 -+++ giflib-5.2.1-new/doc/Makefile 2020-02-17 16:51:04.489397582 +0100 +diff -rupN --no-dereference giflib-5.2.2/doc/Makefile giflib-5.2.2-new/doc/Makefile +--- giflib-5.2.2/doc/Makefile 2024-02-18 19:15:05.000000000 +0100 ++++ giflib-5.2.2-new/doc/Makefile 2024-02-19 09:39:38.785968237 +0100 @@ -1,7 +1,7 @@ - .SUFFIXES: .xml .html .txt .adoc .1 + .SUFFIXES: .xml .html .txt .adoc .1 .7 .xml.html: - xmlto xhtml-nochunks $< diff --git a/giflib_quantize.patch b/giflib_quantize.patch index aa34629..57c2b69 100644 --- a/giflib_quantize.patch +++ b/giflib_quantize.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference giflib-5.2.1/Makefile giflib-5.2.1-new/Makefile ---- giflib-5.2.1/Makefile 2019-06-24 18:08:57.000000000 +0200 -+++ giflib-5.2.1-new/Makefile 2020-02-17 16:51:04.450397434 +0100 +diff -rupN --no-dereference giflib-5.2.2/Makefile giflib-5.2.2-new/Makefile +--- giflib-5.2.2/Makefile 2024-02-19 02:01:50.000000000 +0100 ++++ giflib-5.2.2-new/Makefile 2024-02-19 09:39:38.715985279 +0100 @@ -29,11 +29,11 @@ LIBPOINT=0 LIBVER=$(LIBMAJOR).$(LIBMINOR).$(LIBPOINT) diff --git a/sources b/sources index 441cb4c..67868a9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (giflib-5.2.1.tar.gz) = 4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736 +SHA512 (giflib-5.2.2.tar.gz) = 0865ab2b1904fa14640c655fdb14bb54244ad18a66e358565c00287875d00912343f9be8bfac7658cc0146200d626f7ec9160d7a339f20ba3be6b9941d73975f From 880d895e67db4ed60978f396be7f7c11deae7cd6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 18 Jul 2024 02:18:16 +0000 Subject: [PATCH 16/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index fe98d4d..8c1766b 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.2 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -146,6 +146,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Thu Jul 18 2024 Fedora Release Engineering - 5.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Mon Feb 19 2024 Sandro Mani - 5.2.2-1 - Update to 5.2.2 From 8e1d361c1b990d5b5680e382e899d266aaad031b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 21:57:03 +0000 Subject: [PATCH 17/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 8c1766b..251f659 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.2 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -146,6 +146,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 5.2.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Thu Jul 18 2024 Fedora Release Engineering - 5.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From a4acb22cd1a25bc9d3c85434d22338e0f25964a8 Mon Sep 17 00:00:00 2001 From: Benson Muite Date: Wed, 2 Apr 2025 11:31:14 +0300 Subject: [PATCH 18/23] Install getarg.h header file --- CMakeLists.txt | 2 +- giflib.spec | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b69a03d..8404ca6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -90,7 +90,7 @@ foreach(UTILITY ${giflib_UTILS}) install(TARGETS ${UTILITY} DESTINATION bin) endforeach() -install(FILES gif_lib.h DESTINATION include) +install(FILES gif_lib.h getarg.h DESTINATION include) install(FILES ${giflib_MAN} DESTINATION ${CMAKE_INSTALL_PREFIX}/share/man/man1) diff --git a/giflib.spec b/giflib.spec index 251f659..de2f6c1 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.2 -Release: 3%{?dist} +Release: 4%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -121,6 +121,7 @@ rm -rf %{buildroot}%{mingw64_mandir} %doc doc/* %{_libdir}/libgif.so %{_includedir}/gif_lib.h +%{_includedir}/getarg.h %files utils %{_bindir}/gif* @@ -130,6 +131,7 @@ rm -rf %{buildroot}%{mingw64_mandir} %license COPYING %{mingw32_bindir}/libgif-7.dll %{mingw32_includedir}/gif_lib.h +%{mingw32_includedir}/getarg.h %{mingw32_libdir}/libgif.dll.a %files -n mingw32-%{name}-tools @@ -139,6 +141,7 @@ rm -rf %{buildroot}%{mingw64_mandir} %license COPYING %{mingw64_bindir}/libgif-7.dll %{mingw64_includedir}/gif_lib.h +%{mingw64_includedir}/getarg.h %{mingw64_libdir}/libgif.dll.a %files -n mingw64-%{name}-tools @@ -146,6 +149,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Wed Apr 02 2025 Benson Muite - 5.2.2-4 +- Install getarg.h header file + * Thu Jan 16 2025 Fedora Release Engineering - 5.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From cb8a423c41cf2f474194bc19b38dac0a6cb8fcc6 Mon Sep 17 00:00:00 2001 From: Benson Muite Date: Wed, 2 Apr 2025 14:29:21 +0300 Subject: [PATCH 19/23] Change getarg.h to gif_getarg.h --- CMakeLists.txt | 2 +- getarg.patch | 308 +++++++++++++++++++++++++++++++++++++++++++++++++ giflib.spec | 16 ++- 3 files changed, 319 insertions(+), 7 deletions(-) create mode 100644 getarg.patch diff --git a/CMakeLists.txt b/CMakeLists.txt index 8404ca6..92151d4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -90,7 +90,7 @@ foreach(UTILITY ${giflib_UTILS}) install(TARGETS ${UTILITY} DESTINATION bin) endforeach() -install(FILES gif_lib.h getarg.h DESTINATION include) +install(FILES gif_lib.h gif_getarg.h DESTINATION include) install(FILES ${giflib_MAN} DESTINATION ${CMAKE_INSTALL_PREFIX}/share/man/man1) diff --git a/getarg.patch b/getarg.patch new file mode 100644 index 0000000..34e9cab --- /dev/null +++ b/getarg.patch @@ -0,0 +1,308 @@ +diff -ruN giflib-5.2.2/getarg.c giflib-5.2.2-getarg/getarg.c +--- giflib-5.2.2/getarg.c 2024-02-19 06:01:27.000000000 +0300 ++++ giflib-5.2.2-getarg/getarg.c 2025-04-02 14:06:46.761392686 +0300 +@@ -112,7 +112,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + + #define MAX_PARAM 100 /* maximum number of parameters allowed. */ + #define CTRL_STR_MAX_LEN 1024 +diff -ruN giflib-5.2.2/getarg.h giflib-5.2.2-getarg/getarg.h +--- giflib-5.2.2/getarg.h 2024-02-19 05:20:00.000000000 +0300 ++++ giflib-5.2.2-getarg/getarg.h 1970-01-01 03:00:00.000000000 +0300 +@@ -1,54 +0,0 @@ +-/*************************************************************************** +- +-getarg.h - Support routines for the giflib utilities +- +-SPDX-License-Identifier: MIT +- +- **************************************************************************/ +- +-#ifndef _GETARG_H +-#define _GETARG_H +- +-#include "gif_lib.h" +-#include +- +-#define VERSION_COOKIE " Version %d.%d, " +- +-/*************************************************************************** +- Error numbers as returned by GAGetArg routine: +-***************************************************************************/ +-#define CMD_ERR_NotAnOpt 1 /* None Option found. */ +-#define CMD_ERR_NoSuchOpt 2 /* Undefined Option Found. */ +-#define CMD_ERR_WildEmpty 3 /* Empty input for !*? seq. */ +-#define CMD_ERR_NumRead 4 /* Failed on reading number. */ +-#define CMD_ERR_AllSatis 5 /* Fail to satisfy (must-'!') option. */ +- +-bool GAGetArgs(int argc, char **argv, char *CtrlStr, ...); +-void GAPrintErrMsg(int Error); +-void GAPrintHowTo(char *CtrlStr); +- +-/****************************************************************************** +- From qprintf.c +-******************************************************************************/ +-extern void GifQprintf(char *Format, ...); +-extern void PrintGifError(int ErrorCode); +- +-/****************************************************************************** +- Color table quantization +-******************************************************************************/ +-int GifQuantizeBuffer(unsigned int Width, unsigned int Height, +- int *ColorMapSize, GifByteType *RedInput, +- GifByteType *GreenInput, GifByteType *BlueInput, +- GifByteType *OutputBuffer, GifColorType *OutputColorMap); +- +-/* These used to live in the library header */ +-#define GIF_MESSAGE(Msg) fprintf(stderr, "\n%s: %s\n", PROGRAM_NAME, Msg) +-#define GIF_EXIT(Msg) \ +- { \ +- GIF_MESSAGE(Msg); \ +- exit(-3); \ +- } +- +-#endif /* _GETARG_H */ +- +-/* end */ +diff -ruN giflib-5.2.2/gif2rgb.c giflib-5.2.2-getarg/gif2rgb.c +--- giflib-5.2.2/gif2rgb.c 2025-04-02 13:56:45.432522463 +0300 ++++ giflib-5.2.2-getarg/gif2rgb.c 2025-04-02 14:11:36.739658922 +0300 +@@ -34,7 +34,7 @@ + #include + #endif /* _WIN32 */ + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gif2rgb" +diff -ruN giflib-5.2.2/gifbg.c giflib-5.2.2-getarg/gifbg.c +--- giflib-5.2.2/gifbg.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/gifbg.c 2025-04-02 14:07:09.489604643 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifbg" +diff -ruN giflib-5.2.2/gifbuild.c giflib-5.2.2-getarg/gifbuild.c +--- giflib-5.2.2/gifbuild.c 2024-02-19 06:05:16.000000000 +0300 ++++ giflib-5.2.2-getarg/gifbuild.c 2025-04-02 14:07:41.226029058 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifbuild" +diff -ruN giflib-5.2.2/gifclrmp.c giflib-5.2.2-getarg/gifclrmp.c +--- giflib-5.2.2/gifclrmp.c 2024-02-19 06:01:27.000000000 +0300 ++++ giflib-5.2.2-getarg/gifclrmp.c 2025-04-02 14:08:05.234274976 +0300 +@@ -14,7 +14,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifclrmp" +diff -ruN giflib-5.2.2/gifcolor.c giflib-5.2.2-getarg/gifcolor.c +--- giflib-5.2.2/gifcolor.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/gifcolor.c 2025-04-02 14:08:24.954333260 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifcolor" +diff -ruN giflib-5.2.2/gifecho.c giflib-5.2.2-getarg/gifecho.c +--- giflib-5.2.2/gifecho.c 2024-02-19 06:01:27.000000000 +0300 ++++ giflib-5.2.2-getarg/gifecho.c 2025-04-02 14:08:42.490448501 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifecho" +diff -ruN giflib-5.2.2/giffilter.c giflib-5.2.2-getarg/giffilter.c +--- giflib-5.2.2/giffilter.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/giffilter.c 2025-04-02 14:09:03.546624488 +0300 +@@ -25,7 +25,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "giffilter" +diff -ruN giflib-5.2.2/giffix.c giflib-5.2.2-getarg/giffix.c +--- giflib-5.2.2/giffix.c 2024-02-19 06:01:27.000000000 +0300 ++++ giflib-5.2.2-getarg/giffix.c 2025-04-02 14:09:26.162882098 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "giffix" +diff -ruN giflib-5.2.2/gif_getarg.h giflib-5.2.2-getarg/gif_getarg.h +--- giflib-5.2.2/gif_getarg.h 1970-01-01 03:00:00.000000000 +0300 ++++ giflib-5.2.2-getarg/gif_getarg.h 2025-04-02 14:04:40.299508057 +0300 +@@ -0,0 +1,54 @@ ++/*************************************************************************** ++ ++getarg.h - Support routines for the giflib utilities ++ ++SPDX-License-Identifier: MIT ++ ++ **************************************************************************/ ++ ++#ifndef _GETARG_H ++#define _GETARG_H ++ ++#include "gif_lib.h" ++#include ++ ++#define VERSION_COOKIE " Version %d.%d, " ++ ++/*************************************************************************** ++ Error numbers as returned by GAGetArg routine: ++***************************************************************************/ ++#define CMD_ERR_NotAnOpt 1 /* None Option found. */ ++#define CMD_ERR_NoSuchOpt 2 /* Undefined Option Found. */ ++#define CMD_ERR_WildEmpty 3 /* Empty input for !*? seq. */ ++#define CMD_ERR_NumRead 4 /* Failed on reading number. */ ++#define CMD_ERR_AllSatis 5 /* Fail to satisfy (must-'!') option. */ ++ ++bool GAGetArgs(int argc, char **argv, char *CtrlStr, ...); ++void GAPrintErrMsg(int Error); ++void GAPrintHowTo(char *CtrlStr); ++ ++/****************************************************************************** ++ From qprintf.c ++******************************************************************************/ ++extern void GifQprintf(char *Format, ...); ++extern void PrintGifError(int ErrorCode); ++ ++/****************************************************************************** ++ Color table quantization ++******************************************************************************/ ++int GifQuantizeBuffer(unsigned int Width, unsigned int Height, ++ int *ColorMapSize, GifByteType *RedInput, ++ GifByteType *GreenInput, GifByteType *BlueInput, ++ GifByteType *OutputBuffer, GifColorType *OutputColorMap); ++ ++/* These used to live in the library header */ ++#define GIF_MESSAGE(Msg) fprintf(stderr, "\n%s: %s\n", PROGRAM_NAME, Msg) ++#define GIF_EXIT(Msg) \ ++ { \ ++ GIF_MESSAGE(Msg); \ ++ exit(-3); \ ++ } ++ ++#endif /* _GETARG_H */ ++ ++/* end */ +diff -ruN giflib-5.2.2/gifhisto.c giflib-5.2.2-getarg/gifhisto.c +--- giflib-5.2.2/gifhisto.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/gifhisto.c 2025-04-02 14:09:45.643183312 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifhisto" +diff -ruN giflib-5.2.2/gifinto.c giflib-5.2.2-getarg/gifinto.c +--- giflib-5.2.2/gifinto.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/gifinto.c 2025-04-02 14:10:06.403197077 +0300 +@@ -19,7 +19,7 @@ + #include + #endif /* _WIN32 */ + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifinto" +diff -ruN giflib-5.2.2/gifsponge.c giflib-5.2.2-getarg/gifsponge.c +--- giflib-5.2.2/gifsponge.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/gifsponge.c 2025-04-02 14:10:23.555170542 +0300 +@@ -25,7 +25,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifsponge" +diff -ruN giflib-5.2.2/giftext.c giflib-5.2.2-getarg/giftext.c +--- giflib-5.2.2/giftext.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/giftext.c 2025-04-02 14:10:40.427363509 +0300 +@@ -16,7 +16,7 @@ + #include + #endif /* _WIN32 */ + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "giftext" +diff -ruN giflib-5.2.2/giftool.c giflib-5.2.2-getarg/giftool.c +--- giflib-5.2.2/giftool.c 2024-02-19 06:01:28.000000000 +0300 ++++ giflib-5.2.2-getarg/giftool.c 2025-04-02 14:10:59.579511889 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "getopt.h" + #include "gif_lib.h" + +diff -ruN giflib-5.2.2/gifwedge.c giflib-5.2.2-getarg/gifwedge.c +--- giflib-5.2.2/gifwedge.c 2024-02-19 06:01:27.000000000 +0300 ++++ giflib-5.2.2-getarg/gifwedge.c 2025-04-02 14:11:16.163652219 +0300 +@@ -12,7 +12,7 @@ + #include + #include + +-#include "getarg.h" ++#include "gif_getarg.h" + #include "gif_lib.h" + + #define PROGRAM_NAME "gifwedge" +diff -ruN giflib-5.2.2/Makefile giflib-5.2.2-getarg/Makefile +--- giflib-5.2.2/Makefile 2025-04-02 13:56:24.568117543 +0300 ++++ giflib-5.2.2-getarg/Makefile 2025-04-02 14:05:51.785348480 +0300 +@@ -34,7 +34,7 @@ + OBJECTS = $(SOURCES:.c=.o) + + USOURCES = qprintf.c getarg.c +-UHEADERS = getarg.h ++UHEADERS = gif_getarg.h + UOBJECTS = $(USOURCES:.c=.o) + + UNAME:=$(shell uname) diff --git a/giflib.spec b/giflib.spec index de2f6c1..d5b4af7 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.2 -Release: 4%{?dist} +Release: 5%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -14,7 +14,9 @@ Patch0: giflib_quantize.patch Patch1: giflib_coverity.patch # Generate HTML docs with consistent section IDs to avoid multilib difference Patch2: giflib_html-docs-consistent-ids.patch - +# Rename getarg.h to gif_getarg.h +# https://sourceforge.net/p/giflib/code/merge-requests/18/ +Patch3: getarg.patch BuildRequires: cmake BuildRequires: gcc @@ -91,7 +93,6 @@ BuildArch: noarch %autosetup -p1 cp -a %{SOURCE1} . - %build # Native build %cmake @@ -121,7 +122,7 @@ rm -rf %{buildroot}%{mingw64_mandir} %doc doc/* %{_libdir}/libgif.so %{_includedir}/gif_lib.h -%{_includedir}/getarg.h +%{_includedir}/gif_getarg.h %files utils %{_bindir}/gif* @@ -131,7 +132,7 @@ rm -rf %{buildroot}%{mingw64_mandir} %license COPYING %{mingw32_bindir}/libgif-7.dll %{mingw32_includedir}/gif_lib.h -%{mingw32_includedir}/getarg.h +%{mingw32_includedir}/gif_getarg.h %{mingw32_libdir}/libgif.dll.a %files -n mingw32-%{name}-tools @@ -141,7 +142,7 @@ rm -rf %{buildroot}%{mingw64_mandir} %license COPYING %{mingw64_bindir}/libgif-7.dll %{mingw64_includedir}/gif_lib.h -%{mingw64_includedir}/getarg.h +%{mingw64_includedir}/gif_getarg.h %{mingw64_libdir}/libgif.dll.a %files -n mingw64-%{name}-tools @@ -149,6 +150,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Wed Apr 02 2025 Benson Muite - 5.2.2-5 +- Rename getarg.h to gif_getarg.h + * Wed Apr 02 2025 Benson Muite - 5.2.2-4 - Install getarg.h header file From c22b8e9757d8c3cd57eb2125b706bb90b7f37791 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Tue, 15 Apr 2025 19:49:32 +0200 Subject: [PATCH 20/23] Add proposed patch for CVE-2025-31334 --- getarg.patch | 140 +++++++++++++------------- giflib-5.2.2-cve-2025-31344.patch | 15 +++ giflib.spec | 11 +- giflib_coverity.patch | 2 +- giflib_html-docs-consistent-ids.patch | 2 +- giflib_quantize.patch | 2 +- 6 files changed, 96 insertions(+), 76 deletions(-) create mode 100644 giflib-5.2.2-cve-2025-31344.patch diff --git a/getarg.patch b/getarg.patch index 34e9cab..4026183 100644 --- a/getarg.patch +++ b/getarg.patch @@ -1,7 +1,7 @@ -diff -ruN giflib-5.2.2/getarg.c giflib-5.2.2-getarg/getarg.c ---- giflib-5.2.2/getarg.c 2024-02-19 06:01:27.000000000 +0300 -+++ giflib-5.2.2-getarg/getarg.c 2025-04-02 14:06:46.761392686 +0300 -@@ -112,7 +112,7 @@ +diff -rupN --no-dereference giflib-5.2.2/getarg.c giflib-5.2.2-new/getarg.c +--- giflib-5.2.2/getarg.c 2024-02-19 04:01:27.000000000 +0100 ++++ giflib-5.2.2-new/getarg.c 2025-04-15 16:56:27.276152030 +0200 +@@ -112,7 +112,7 @@ SPDX-License-Identifier: MIT #include #include @@ -10,9 +10,9 @@ diff -ruN giflib-5.2.2/getarg.c giflib-5.2.2-getarg/getarg.c #define MAX_PARAM 100 /* maximum number of parameters allowed. */ #define CTRL_STR_MAX_LEN 1024 -diff -ruN giflib-5.2.2/getarg.h giflib-5.2.2-getarg/getarg.h ---- giflib-5.2.2/getarg.h 2024-02-19 05:20:00.000000000 +0300 -+++ giflib-5.2.2-getarg/getarg.h 1970-01-01 03:00:00.000000000 +0300 +diff -rupN --no-dereference giflib-5.2.2/getarg.h giflib-5.2.2-new/getarg.h +--- giflib-5.2.2/getarg.h 2024-02-19 03:20:00.000000000 +0100 ++++ giflib-5.2.2-new/getarg.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,54 +0,0 @@ -/*************************************************************************** - @@ -68,10 +68,10 @@ diff -ruN giflib-5.2.2/getarg.h giflib-5.2.2-getarg/getarg.h -#endif /* _GETARG_H */ - -/* end */ -diff -ruN giflib-5.2.2/gif2rgb.c giflib-5.2.2-getarg/gif2rgb.c ---- giflib-5.2.2/gif2rgb.c 2025-04-02 13:56:45.432522463 +0300 -+++ giflib-5.2.2-getarg/gif2rgb.c 2025-04-02 14:11:36.739658922 +0300 -@@ -34,7 +34,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gif2rgb.c giflib-5.2.2-new/gif2rgb.c +--- giflib-5.2.2/gif2rgb.c 2025-04-15 16:56:27.247167987 +0200 ++++ giflib-5.2.2-new/gif2rgb.c 2025-04-15 16:56:27.276617411 +0200 +@@ -34,7 +34,7 @@ with our utilities mainly interesting as #include #endif /* _WIN32 */ @@ -80,10 +80,10 @@ diff -ruN giflib-5.2.2/gif2rgb.c giflib-5.2.2-getarg/gif2rgb.c #include "gif_lib.h" #define PROGRAM_NAME "gif2rgb" -diff -ruN giflib-5.2.2/gifbg.c giflib-5.2.2-getarg/gifbg.c ---- giflib-5.2.2/gifbg.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/gifbg.c 2025-04-02 14:07:09.489604643 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifbg.c giflib-5.2.2-new/gifbg.c +--- giflib-5.2.2/gifbg.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/gifbg.c 2025-04-15 16:56:27.276870781 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -92,10 +92,10 @@ diff -ruN giflib-5.2.2/gifbg.c giflib-5.2.2-getarg/gifbg.c #include "gif_lib.h" #define PROGRAM_NAME "gifbg" -diff -ruN giflib-5.2.2/gifbuild.c giflib-5.2.2-getarg/gifbuild.c ---- giflib-5.2.2/gifbuild.c 2024-02-19 06:05:16.000000000 +0300 -+++ giflib-5.2.2-getarg/gifbuild.c 2025-04-02 14:07:41.226029058 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifbuild.c giflib-5.2.2-new/gifbuild.c +--- giflib-5.2.2/gifbuild.c 2024-02-19 04:05:16.000000000 +0100 ++++ giflib-5.2.2-new/gifbuild.c 2025-04-15 16:56:27.277111740 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -104,10 +104,10 @@ diff -ruN giflib-5.2.2/gifbuild.c giflib-5.2.2-getarg/gifbuild.c #include "gif_lib.h" #define PROGRAM_NAME "gifbuild" -diff -ruN giflib-5.2.2/gifclrmp.c giflib-5.2.2-getarg/gifclrmp.c ---- giflib-5.2.2/gifclrmp.c 2024-02-19 06:01:27.000000000 +0300 -+++ giflib-5.2.2-getarg/gifclrmp.c 2025-04-02 14:08:05.234274976 +0300 -@@ -14,7 +14,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifclrmp.c giflib-5.2.2-new/gifclrmp.c +--- giflib-5.2.2/gifclrmp.c 2024-02-19 04:01:27.000000000 +0100 ++++ giflib-5.2.2-new/gifclrmp.c 2025-04-15 16:56:27.277368098 +0200 +@@ -14,7 +14,7 @@ SPDX-License-Identifier: MIT #include #include @@ -116,10 +116,10 @@ diff -ruN giflib-5.2.2/gifclrmp.c giflib-5.2.2-getarg/gifclrmp.c #include "gif_lib.h" #define PROGRAM_NAME "gifclrmp" -diff -ruN giflib-5.2.2/gifcolor.c giflib-5.2.2-getarg/gifcolor.c ---- giflib-5.2.2/gifcolor.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/gifcolor.c 2025-04-02 14:08:24.954333260 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifcolor.c giflib-5.2.2-new/gifcolor.c +--- giflib-5.2.2/gifcolor.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/gifcolor.c 2025-04-15 16:56:27.277585194 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -128,10 +128,10 @@ diff -ruN giflib-5.2.2/gifcolor.c giflib-5.2.2-getarg/gifcolor.c #include "gif_lib.h" #define PROGRAM_NAME "gifcolor" -diff -ruN giflib-5.2.2/gifecho.c giflib-5.2.2-getarg/gifecho.c ---- giflib-5.2.2/gifecho.c 2024-02-19 06:01:27.000000000 +0300 -+++ giflib-5.2.2-getarg/gifecho.c 2025-04-02 14:08:42.490448501 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifecho.c giflib-5.2.2-new/gifecho.c +--- giflib-5.2.2/gifecho.c 2024-02-19 04:01:27.000000000 +0100 ++++ giflib-5.2.2-new/gifecho.c 2025-04-15 16:56:27.277769355 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -140,10 +140,10 @@ diff -ruN giflib-5.2.2/gifecho.c giflib-5.2.2-getarg/gifecho.c #include "gif_lib.h" #define PROGRAM_NAME "gifecho" -diff -ruN giflib-5.2.2/giffilter.c giflib-5.2.2-getarg/giffilter.c ---- giflib-5.2.2/giffilter.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/giffilter.c 2025-04-02 14:09:03.546624488 +0300 -@@ -25,7 +25,7 @@ +diff -rupN --no-dereference giflib-5.2.2/giffilter.c giflib-5.2.2-new/giffilter.c +--- giflib-5.2.2/giffilter.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/giffilter.c 2025-04-15 16:56:27.277955467 +0200 +@@ -25,7 +25,7 @@ SPDX-License-Identifier: MIT #include #include @@ -152,10 +152,10 @@ diff -ruN giflib-5.2.2/giffilter.c giflib-5.2.2-getarg/giffilter.c #include "gif_lib.h" #define PROGRAM_NAME "giffilter" -diff -ruN giflib-5.2.2/giffix.c giflib-5.2.2-getarg/giffix.c ---- giflib-5.2.2/giffix.c 2024-02-19 06:01:27.000000000 +0300 -+++ giflib-5.2.2-getarg/giffix.c 2025-04-02 14:09:26.162882098 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/giffix.c giflib-5.2.2-new/giffix.c +--- giflib-5.2.2/giffix.c 2024-02-19 04:01:27.000000000 +0100 ++++ giflib-5.2.2-new/giffix.c 2025-04-15 16:56:27.278150152 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -164,9 +164,9 @@ diff -ruN giflib-5.2.2/giffix.c giflib-5.2.2-getarg/giffix.c #include "gif_lib.h" #define PROGRAM_NAME "giffix" -diff -ruN giflib-5.2.2/gif_getarg.h giflib-5.2.2-getarg/gif_getarg.h ---- giflib-5.2.2/gif_getarg.h 1970-01-01 03:00:00.000000000 +0300 -+++ giflib-5.2.2-getarg/gif_getarg.h 2025-04-02 14:04:40.299508057 +0300 +diff -rupN --no-dereference giflib-5.2.2/gif_getarg.h giflib-5.2.2-new/gif_getarg.h +--- giflib-5.2.2/gif_getarg.h 1970-01-01 01:00:00.000000000 +0100 ++++ giflib-5.2.2-new/gif_getarg.h 2025-04-15 16:56:27.278343984 +0200 @@ -0,0 +1,54 @@ +/*************************************************************************** + @@ -222,10 +222,10 @@ diff -ruN giflib-5.2.2/gif_getarg.h giflib-5.2.2-getarg/gif_getarg.h +#endif /* _GETARG_H */ + +/* end */ -diff -ruN giflib-5.2.2/gifhisto.c giflib-5.2.2-getarg/gifhisto.c ---- giflib-5.2.2/gifhisto.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/gifhisto.c 2025-04-02 14:09:45.643183312 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifhisto.c giflib-5.2.2-new/gifhisto.c +--- giflib-5.2.2/gifhisto.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/gifhisto.c 2025-04-15 16:56:27.278489203 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -234,10 +234,10 @@ diff -ruN giflib-5.2.2/gifhisto.c giflib-5.2.2-getarg/gifhisto.c #include "gif_lib.h" #define PROGRAM_NAME "gifhisto" -diff -ruN giflib-5.2.2/gifinto.c giflib-5.2.2-getarg/gifinto.c ---- giflib-5.2.2/gifinto.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/gifinto.c 2025-04-02 14:10:06.403197077 +0300 -@@ -19,7 +19,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifinto.c giflib-5.2.2-new/gifinto.c +--- giflib-5.2.2/gifinto.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/gifinto.c 2025-04-15 16:56:27.278753624 +0200 +@@ -19,7 +19,7 @@ SPDX-License-Identifier: MIT #include #endif /* _WIN32 */ @@ -246,10 +246,10 @@ diff -ruN giflib-5.2.2/gifinto.c giflib-5.2.2-getarg/gifinto.c #include "gif_lib.h" #define PROGRAM_NAME "gifinto" -diff -ruN giflib-5.2.2/gifsponge.c giflib-5.2.2-getarg/gifsponge.c ---- giflib-5.2.2/gifsponge.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/gifsponge.c 2025-04-02 14:10:23.555170542 +0300 -@@ -25,7 +25,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifsponge.c giflib-5.2.2-new/gifsponge.c +--- giflib-5.2.2/gifsponge.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/gifsponge.c 2025-04-15 16:56:27.278945283 +0200 +@@ -25,7 +25,7 @@ SPDX-License-Identifier: MIT #include #include @@ -258,10 +258,10 @@ diff -ruN giflib-5.2.2/gifsponge.c giflib-5.2.2-getarg/gifsponge.c #include "gif_lib.h" #define PROGRAM_NAME "gifsponge" -diff -ruN giflib-5.2.2/giftext.c giflib-5.2.2-getarg/giftext.c ---- giflib-5.2.2/giftext.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/giftext.c 2025-04-02 14:10:40.427363509 +0300 -@@ -16,7 +16,7 @@ +diff -rupN --no-dereference giflib-5.2.2/giftext.c giflib-5.2.2-new/giftext.c +--- giflib-5.2.2/giftext.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/giftext.c 2025-04-15 16:56:27.279142751 +0200 +@@ -16,7 +16,7 @@ SPDX-License-Identifier: MIT #include #endif /* _WIN32 */ @@ -270,10 +270,10 @@ diff -ruN giflib-5.2.2/giftext.c giflib-5.2.2-getarg/giftext.c #include "gif_lib.h" #define PROGRAM_NAME "giftext" -diff -ruN giflib-5.2.2/giftool.c giflib-5.2.2-getarg/giftool.c ---- giflib-5.2.2/giftool.c 2024-02-19 06:01:28.000000000 +0300 -+++ giflib-5.2.2-getarg/giftool.c 2025-04-02 14:10:59.579511889 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/giftool.c giflib-5.2.2-new/giftool.c +--- giflib-5.2.2/giftool.c 2024-02-19 04:01:28.000000000 +0100 ++++ giflib-5.2.2-new/giftool.c 2025-04-15 16:56:27.279376975 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -282,10 +282,10 @@ diff -ruN giflib-5.2.2/giftool.c giflib-5.2.2-getarg/giftool.c #include "getopt.h" #include "gif_lib.h" -diff -ruN giflib-5.2.2/gifwedge.c giflib-5.2.2-getarg/gifwedge.c ---- giflib-5.2.2/gifwedge.c 2024-02-19 06:01:27.000000000 +0300 -+++ giflib-5.2.2-getarg/gifwedge.c 2025-04-02 14:11:16.163652219 +0300 -@@ -12,7 +12,7 @@ +diff -rupN --no-dereference giflib-5.2.2/gifwedge.c giflib-5.2.2-new/gifwedge.c +--- giflib-5.2.2/gifwedge.c 2024-02-19 04:01:27.000000000 +0100 ++++ giflib-5.2.2-new/gifwedge.c 2025-04-15 16:56:27.279666309 +0200 +@@ -12,7 +12,7 @@ SPDX-License-Identifier: MIT #include #include @@ -294,10 +294,10 @@ diff -ruN giflib-5.2.2/gifwedge.c giflib-5.2.2-getarg/gifwedge.c #include "gif_lib.h" #define PROGRAM_NAME "gifwedge" -diff -ruN giflib-5.2.2/Makefile giflib-5.2.2-getarg/Makefile ---- giflib-5.2.2/Makefile 2025-04-02 13:56:24.568117543 +0300 -+++ giflib-5.2.2-getarg/Makefile 2025-04-02 14:05:51.785348480 +0300 -@@ -34,7 +34,7 @@ +diff -rupN --no-dereference giflib-5.2.2/Makefile giflib-5.2.2-new/Makefile +--- giflib-5.2.2/Makefile 2025-04-15 16:56:27.223615747 +0200 ++++ giflib-5.2.2-new/Makefile 2025-04-15 16:56:27.279870038 +0200 +@@ -34,7 +34,7 @@ HEADERS = gif_hash.h gif_lib.h gif_lib OBJECTS = $(SOURCES:.c=.o) USOURCES = qprintf.c getarg.c diff --git a/giflib-5.2.2-cve-2025-31344.patch b/giflib-5.2.2-cve-2025-31344.patch new file mode 100644 index 0000000..bf9abfd --- /dev/null +++ b/giflib-5.2.2-cve-2025-31344.patch @@ -0,0 +1,15 @@ +diff -rupN --no-dereference giflib-5.2.2/gif2rgb.c giflib-5.2.2-new/gif2rgb.c +--- giflib-5.2.2/gif2rgb.c 2025-04-15 16:56:27.300766548 +0200 ++++ giflib-5.2.2-new/gif2rgb.c 2025-04-15 16:56:27.308678722 +0200 +@@ -337,6 +337,11 @@ static void DumpScreen2RGB(char *FileNam + GifRow = ScreenBuffer[i]; + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); + for (j = 0; j < ScreenWidth; j++) { ++ /* Check if color is within color palete */ ++ if (GifRow[j] >= ColorMap->ColorCount) { ++ GIF_EXIT(GifErrorString( ++ D_GIF_ERR_IMAGE_DEFECT)); ++ } + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; + Buffers[0][j] = ColorMapEntry->Red; + Buffers[1][j] = ColorMapEntry->Green; diff --git a/giflib.spec b/giflib.spec index d5b4af7..8d67ff6 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.2 -Release: 5%{?dist} +Release: 6%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -17,15 +17,17 @@ Patch2: giflib_html-docs-consistent-ids.patch # Rename getarg.h to gif_getarg.h # https://sourceforge.net/p/giflib/code/merge-requests/18/ Patch3: getarg.patch +# Proposed patch for CVE-2025-31344 +Patch4: https://raw.githubusercontent.com/OpenMandrivaAssociation/giflib/refs/heads/master/giflib-5.2.2-cve-2025-31344.patch BuildRequires: cmake BuildRequires: gcc BuildRequires: xmlto -BuildRequires: mingw32-filesystem >= 95 +BuildRequires: mingw32-filesystem BuildRequires: mingw32-gcc -BuildRequires: mingw64-filesystem >= 95 +BuildRequires: mingw64-filesystem BuildRequires: mingw64-gcc @@ -150,6 +152,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Tue Apr 15 2025 Sandro Mani - 5.2.2-6 +- Add proposed patch for CVE-2025-31334 + * Wed Apr 02 2025 Benson Muite - 5.2.2-5 - Rename getarg.h to gif_getarg.h diff --git a/giflib_coverity.patch b/giflib_coverity.patch index 0e995ae..acba905 100644 --- a/giflib_coverity.patch +++ b/giflib_coverity.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference giflib-5.2.2/gif2rgb.c giflib-5.2.2-new/gif2rgb.c --- giflib-5.2.2/gif2rgb.c 2024-02-19 04:01:28.000000000 +0100 -+++ giflib-5.2.2-new/gif2rgb.c 2024-02-19 09:39:38.750976758 +0100 ++++ giflib-5.2.2-new/gif2rgb.c 2025-04-15 16:56:27.228197561 +0200 @@ -165,6 +165,8 @@ static void SaveGif(GifByteType *OutputB /* Open stdout for the output file: */ if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) { diff --git a/giflib_html-docs-consistent-ids.patch b/giflib_html-docs-consistent-ids.patch index fd29642..ea3da5b 100644 --- a/giflib_html-docs-consistent-ids.patch +++ b/giflib_html-docs-consistent-ids.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference giflib-5.2.2/doc/Makefile giflib-5.2.2-new/doc/Makefile --- giflib-5.2.2/doc/Makefile 2024-02-18 19:15:05.000000000 +0100 -+++ giflib-5.2.2-new/doc/Makefile 2024-02-19 09:39:38.785968237 +0100 ++++ giflib-5.2.2-new/doc/Makefile 2025-04-15 16:56:27.252074979 +0200 @@ -1,7 +1,7 @@ .SUFFIXES: .xml .html .txt .adoc .1 .7 diff --git a/giflib_quantize.patch b/giflib_quantize.patch index 57c2b69..66c48e0 100644 --- a/giflib_quantize.patch +++ b/giflib_quantize.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference giflib-5.2.2/Makefile giflib-5.2.2-new/Makefile --- giflib-5.2.2/Makefile 2024-02-19 02:01:50.000000000 +0100 -+++ giflib-5.2.2-new/Makefile 2024-02-19 09:39:38.715985279 +0100 ++++ giflib-5.2.2-new/Makefile 2025-04-15 16:56:27.204960961 +0200 @@ -29,11 +29,11 @@ LIBPOINT=0 LIBVER=$(LIBMAJOR).$(LIBMINOR).$(LIBPOINT) From f73f39798eaf4f0befc9430a6195d951735c5e5a Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Wed, 16 Jul 2025 22:38:42 +0200 Subject: [PATCH 21/23] Increase minimum cmake version to 3.5 --- CMakeLists.txt | 2 +- giflib.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 92151d4..be7873a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.6.0) +cmake_minimum_required(VERSION 3.5) project(giflib C) diff --git a/giflib.spec b/giflib.spec index 8d67ff6..a099f47 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.2 -Release: 6%{?dist} +Release: 7%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -152,6 +152,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Wed Jul 16 2025 Sandro Mani - 5.2.2-7 +- Increase minimum cmake version to 3.5 + * Tue Apr 15 2025 Sandro Mani - 5.2.2-6 - Add proposed patch for CVE-2025-31334 From 421662abf7416cbb73cb440112e58b4316b31789 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Wed, 16 Jul 2025 23:00:28 +0200 Subject: [PATCH 22/23] Use GNUInstallDirs --- CMakeLists.txt | 15 ++++++++------- giflib.spec | 1 + 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index be7873a..5bd836c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,6 +1,7 @@ cmake_minimum_required(VERSION 3.5) project(giflib C) +include(GNUInstallDirs) SET(BUILD_STATIC_LIBS OFF CACHE BOOL "Whether to also build static libs") @@ -77,21 +78,21 @@ endforeach() ### Installation install(TARGETS gif - RUNTIME DESTINATION bin - ARCHIVE DESTINATION lib${LIB_SUFFIX} - LIBRARY DESTINATION lib${LIB_SUFFIX} + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ) if(${BUILD_STATIC_LIBS}) - install(TARGETS gif_static ARCHIVE DESTINATION lib${LIB_SUFFIX}) + install(TARGETS gif_static ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) endif(${BUILD_STATIC_LIBS}) foreach(UTILITY ${giflib_UTILS}) - install(TARGETS ${UTILITY} DESTINATION bin) + install(TARGETS ${UTILITY} DESTINATION ${CMAKE_INSTALL_BINDIR}) endforeach() -install(FILES gif_lib.h gif_getarg.h DESTINATION include) -install(FILES ${giflib_MAN} DESTINATION ${CMAKE_INSTALL_PREFIX}/share/man/man1) +install(FILES gif_lib.h gif_getarg.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) +install(FILES ${giflib_MAN} DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) ### Distribution tarball diff --git a/giflib.spec b/giflib.spec index a099f47..5283ed3 100644 --- a/giflib.spec +++ b/giflib.spec @@ -154,6 +154,7 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog * Wed Jul 16 2025 Sandro Mani - 5.2.2-7 - Increase minimum cmake version to 3.5 +- Use GnuInstallDirs * Tue Apr 15 2025 Sandro Mani - 5.2.2-6 - Add proposed patch for CVE-2025-31334 From 23eb07266efa36fb051a62b6b092fcf877025f2c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 22:20:22 +0000 Subject: [PATCH 23/23] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- giflib.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/giflib.spec b/giflib.spec index 5283ed3..682379f 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.2 -Release: 7%{?dist} +Release: 8%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -152,6 +152,9 @@ rm -rf %{buildroot}%{mingw64_mandir} %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 5.2.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Wed Jul 16 2025 Sandro Mani - 5.2.2-7 - Increase minimum cmake version to 3.5 - Use GnuInstallDirs