rpms/giflib/F-9 giflib-4.1.3-colormap.patch, NONE, 1.1 giflib-4.1.3-hash64.patch, NONE, 1.1 giflib.spec, 1.9, 1.10 giflib-hash64.patch, 1.1, NONE
Robert Scheck
robert at fedoraproject.org
Sat May 16 01:45:57 UTC 2009
Author: robert
Update of /cvs/pkgs/rpms/giflib/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21843
Modified Files:
giflib.spec
Added Files:
giflib-4.1.3-colormap.patch giflib-4.1.3-hash64.patch
Removed Files:
giflib-hash64.patch
Log Message:
- CVE-2005-2974: NULL pointer dereference crash (#494826)
- CVE-2005-3350: Memory corruption via a crafted GIF (#494823)
- Solved multilib problems with documentation (#465208, #474538)
- Removed static library from giflib-devel package (#225796 #c1)
giflib-4.1.3-colormap.patch:
--- NEW FILE giflib-4.1.3-colormap.patch ---
--- giflib-4.1.3/lib/gifalloc.c 2005-10-27 15:37:01.000000000 -0400
+++ giflib-4.1.3/lib/gifalloc.c.colormap 2005-10-27 15:37:39.000000000 -0400
@@ -420,8 +420,10 @@
}
for (sp = GifFile->SavedImages;
sp < GifFile->SavedImages + GifFile->ImageCount; sp++) {
- if (sp->ImageDesc.ColorMap)
+ if (sp->ImageDesc.ColorMap) {
FreeMapObject(sp->ImageDesc.ColorMap);
+ sp->ImageDesc.ColorMap = NULL;
+ }
if (sp->RasterBits)
free((char *)sp->RasterBits);
--- giflib-4.1.3/lib/dgif_lib.c 2005-10-27 15:21:30.000000000 -0400
+++ giflib-4.1.3/lib/dgif_lib.c.colormap 2005-10-27 15:25:26.000000000 -0400
@@ -263,6 +263,7 @@
for (i = 0; i < GifFile->SColorMap->ColorCount; i++) {
if (READ(GifFile, Buf, 3) != 3) {
FreeMapObject(GifFile->SColorMap);
+ GifFile->SColorMap = NULL;
_GifError = D_GIF_ERR_READ_FAILED;
return GIF_ERROR;
}
@@ -363,6 +364,7 @@
for (i = 0; i < GifFile->Image.ColorMap->ColorCount; i++) {
if (READ(GifFile, Buf, 3) != 3) {
FreeMapObject(GifFile->Image.ColorMap);
+ GifFile->Image.ColorMap = NULL;
_GifError = D_GIF_ERR_READ_FAILED;
return GIF_ERROR;
}
@@ -923,6 +925,12 @@
0x0fff
};
+ /* The image can't contain more than LZ_BITS per code. */
+ if (Private->RunningBits > LZ_BITS) {
+ _GifError = D_GIF_ERR_IMAGE_DEFECT;
+ return GIF_ERROR;
+ }
+
while (Private->CrntShiftState < Private->RunningBits) {
/* Needs to get more bytes from input stream for next code: */
if (DGifBufferedInput(GifFile, Private->Buf, &NextByte) == GIF_ERROR) {
@@ -938,8 +946,12 @@
Private->CrntShiftState -= Private->RunningBits;
/* If code cannot fit into RunningBits bits, must raise its size. Note
- * however that codes above 4095 are used for special signaling. */
- if (++Private->RunningCode > Private->MaxCode1 &&
+ * however that codes above 4095 are used for special signaling.
+ * If we're using LZ_BITS bits already and we're at the max code, just
+ * keep using the table as it is, don't increment Private->RunningCode.
+ */
+ if (Private->RunningCode < LZ_MAX_CODE + 2 &&
+ ++Private->RunningCode > Private->MaxCode1 &&
Private->RunningBits < LZ_BITS) {
Private->MaxCode1 <<= 1;
Private->RunningBits++;
@@ -964,6 +976,14 @@
_GifError = D_GIF_ERR_READ_FAILED;
return GIF_ERROR;
}
+ /* There shouldn't be any empty data blocks here as the LZW spec
+ * says the LZW termination code should come first. Therefore we
+ * shouldn't be inside this routine at that point.
+ */
+ if (Buf[0] == 0) {
+ _GifError = D_GIF_ERR_IMAGE_DEFECT;
+ return GIF_ERROR;
+ }
if (READ(GifFile, &Buf[1], Buf[0]) != Buf[0]) {
_GifError = D_GIF_ERR_READ_FAILED;
return GIF_ERROR;
--- giflib-4.1.3/lib/egif_lib.c 2005-10-27 15:25:37.000000000 -0400
+++ giflib-4.1.3/lib/egif_lib.c.colormap 2005-10-27 15:29:30.000000000 -0400
@@ -712,10 +712,14 @@
Buf = ';';
WRITE(GifFile, &Buf, 1);
- if (GifFile->Image.ColorMap)
+ if (GifFile->Image.ColorMap) {
FreeMapObject(GifFile->Image.ColorMap);
- if (GifFile->SColorMap)
+ GifFile->Image.ColorMap = NULL;
+ }
+ if (GifFile->SColorMap) {
FreeMapObject(GifFile->SColorMap);
+ GifFile->SColorMap = NULL;
+ }
if (Private) {
free((char *)Private);
}
giflib-4.1.3-hash64.patch:
--- NEW FILE giflib-4.1.3-hash64.patch ---
--- giflib-4.1.3/lib/gif_hash.c 2005-09-20 13:39:32.000000000 -0700
+++ giflib-4.1.3/lib/gif_hash.c.hash64 2005-09-20 13:41:40.000000000 -0700
@@ -45,7 +45,7 @@
NumberOfMisses = 0;
#endif /* DEBUG_HIT_RATE */
-static int KeyItem(unsigned long Item);
+static int KeyItem(unsigned int Item);
/******************************************************************************
* Initialize HashTable - allocate the memory needed and clear it. *
@@ -69,17 +69,17 @@
******************************************************************************/
void _ClearHashTable(GifHashTableType *HashTable)
{
- memset(HashTable -> HTable, 0xFF, HT_SIZE * sizeof(long));
+ memset(HashTable -> HTable, 0xFF, HT_SIZE * sizeof(int));
}
/******************************************************************************
* Routine to insert a new Item into the HashTable. The data is assumed to be *
* new one. *
******************************************************************************/
-void _InsertHashTable(GifHashTableType *HashTable, unsigned long Key, int Code)
+void _InsertHashTable(GifHashTableType *HashTable, unsigned int Key, int Code)
{
int HKey = KeyItem(Key);
- unsigned long *HTable = HashTable -> HTable;
+ unsigned int *HTable = HashTable -> HTable;
#ifdef DEBUG_HIT_RATE
NumberOfTests++;
@@ -99,10 +99,10 @@
* Routine to test if given Key exists in HashTable and if so returns its code *
* Returns the Code if key was found, -1 if not. *
******************************************************************************/
-int _ExistsHashTable(GifHashTableType *HashTable, unsigned long Key)
+int _ExistsHashTable(GifHashTableType *HashTable, unsigned int Key)
{
int HKey = KeyItem(Key);
- unsigned long *HTable = HashTable -> HTable, HTKey;
+ unsigned int *HTable = HashTable -> HTable, HTKey;
#ifdef DEBUG_HIT_RATE
NumberOfTests++;
@@ -127,7 +127,7 @@
* Because the average hit ratio is only 2 (2 hash references per entry), *
* evaluating more complex keys (such as twin prime keys) does not worth it! *
******************************************************************************/
-static int KeyItem(unsigned long Item)
+static int KeyItem(unsigned int Item)
{
return ((Item >> 12) ^ Item) & HT_KEY_MASK;
}
--- giflib-4.1.3/lib/gif_hash.h 2005-09-20 13:39:42.000000000 -0700
+++ giflib-4.1.3/lib/gif_hash.h.hash64 2005-09-20 13:42:08.000000000 -0700
@@ -25,12 +25,12 @@
#define HT_PUT_CODE(l) (l & 0x0FFF)
typedef struct GifHashTableType {
- unsigned long HTable[HT_SIZE];
+ unsigned int HTable[HT_SIZE];
} GifHashTableType;
GifHashTableType *_InitHashTable(void);
void _ClearHashTable(GifHashTableType *HashTable);
-void _InsertHashTable(GifHashTableType *HashTable, unsigned long Key, int Code);
-int _ExistsHashTable(GifHashTableType *HashTable, unsigned long Key);
+void _InsertHashTable(GifHashTableType *HashTable, unsigned int Key, int Code);
+int _ExistsHashTable(GifHashTableType *HashTable, unsigned int Key);
#endif /* _GIF_HASH_H_ */
--- giflib-4.1.3/lib/egif_lib.c 2005-09-20 13:45:28.000000000 -0700
+++ giflib-4.1.3/lib/egif_lib.c.hash64 2005-09-20 13:43:39.000000000 -0700
@@ -188,6 +188,12 @@
_GifError = E_GIF_ERR_NOT_ENOUGH_MEM;
return NULL;
}
+ if ((Private->HashTable = _InitHashTable()) == NULL) {
+ free(GifFile);
+ free(Private);
+ _GifError = E_GIF_ERR_NOT_ENOUGH_MEM;
+ return NULL;
+ }
GifFile->Private = (VoidPtr) Private;
Private->FileHandle = 0;
@@ -832,7 +838,7 @@
/* Form a new unique key to search hash table for the code combines
* CrntCode as Prefix string with Pixel as postfix char.
*/
- NewKey = (((unsigned long) CrntCode) << 8) + Pixel;
+ NewKey = (((unsigned int) CrntCode) << 8) + Pixel;
if ((NewCode = _ExistsHashTable(HashTable, NewKey)) >= 0) {
/* This Key is already there, or the string is old one, so
* simple take new code as our CrntCode:
Index: giflib.spec
===================================================================
RCS file: /cvs/pkgs/rpms/giflib/F-9/giflib.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- giflib.spec 19 Feb 2008 16:15:41 -0000 1.9
+++ giflib.spec 16 May 2009 01:45:27 -0000 1.10
@@ -1,82 +1,83 @@
-Summary: Library for manipulating GIF format image files
-Name: giflib
-Version: 4.1.3
-Release: 9
-License: MIT
-URL: http://www.sf.net/projects/libungif/
-Source0: http://dl.sf.net/libungif/%{name}-%{version}.tar.bz2
-Patch0: giflib-hash64.patch
-Group: System Environment/Libraries
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: libX11-devel, libICE-devel, libSM-devel, libXt-devel
-
-Obsoletes: libungif <= %{version}-%{release}
-Provides: libungif <= %{version}-%{release}
+Summary: Library for manipulating GIF format image files
+Name: giflib
+Version: 4.1.3
+Release: 10%{?dist}
+License: MIT
+Group: System Environment/Libraries
+URL: http://www.sourceforge.net/projects/%{name}/
+Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
+Patch0: giflib-4.1.3-hash64.patch
+Patch1: giflib-4.1.3-colormap.patch
+BuildRequires: libX11-devel, libICE-devel, libSM-devel, libXt-devel
+Provides: libungif = %{version}-%{release}
+Obsoletes: libungif <= %{version}-%{release}
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
-The giflib package contains a shared library of functions for
-loading and saving GIF format image files. It is API and ABI compatible
-with libungif, the library which supported uncompressed GIFs while the
-Unisys LZW patent was in effect.
-
-Install the giflib package if you need to write programs that use GIF files.
-You should also install the giflib-utils package if you need some simple
-utilities to manipulate GIFs.
+The giflib package contains a shared library of functions for loading and
+saving GIF format image files. It is API and ABI compatible with libungif,
+the library which supported uncompressed GIFs while the Unisys LZW patent
+was in effect.
%package devel
-Summary: Development tools for programs which will use the libungif library
-Group: Development/Libraries
-Requires: %{name} = %{version}-%{release}
-Provides: libungif-devel <= %{version}-%{release}
-Obsoletes: libungif-devel <= %{version}-%{release}
+Summary: Development tools for programs using the giflib library
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+Provides: libungif-devel = %{version}-%{release}
+Obsoletes: libungif-devel <= %{version}-%{release}
%description devel
-This package contains the static libraries, header files and
-documentation necessary for development of programs that will use the
-giflib library to load and save GIF format image files.
-
-You should install this package if you need to develop programs which
-will use giflib library functions. You'll also need to install the
-giflib package.
+The giflib-devel package includes header files, libraries necessary for
+developing programs which use the giflib library to load and save GIF format
+image files. It contains the documentation of the giflib library, too.
%package utils
-Summary: Programs for manipulating GIF format image files
-Group: Applications/Multimedia
-Requires: %{name} = %{version}-%{release}
-Obsoletes: libungif-progs <= %{version}-%{release}
+Summary: Programs for manipulating GIF format image files
+Group: Applications/Multimedia
+Requires: %{name} = %{version}-%{release}
+Provides: libungif-progs = %{version}-%{release}
+Obsoletes: libungif-progs <= %{version}-%{release}
%description utils
-The giflib-utils package contains various programs for manipulating
-GIF format image files.
-
-Install this package if you need to manipulate GIF format image files.
-You'll also need to install the giflib package.
+The giflib-utils package contains various programs for manipulating GIF
+format image files. Install it if you need to manipulate GIF format image
+files.
%prep
%setup -q
-%patch0 -p1 -b .amd64
-%{__sed} -i 's/\r//' doc/lzgif.txt
+%patch0 -p1 -b .hash64
+%patch1 -p1 -b .colormap
%build
%configure
make %{?_smp_mflags} all
-MAJOR=`echo '%{version}' | sed 's/\([0-9]\+\)\..*/\1/'`
+# Handling of libungif compatibility
+MAJOR=`echo '%{version}' | sed -e 's/\([0-9]\+\)\..*/\1/'`
%{__cc} $RPM_OPT_FLAGS -shared -Wl,-soname,libungif.so.$MAJOR -Llib/.libs -lgif -o libungif.so.%{version}
%install
-rm -rf ${RPM_BUILD_ROOT}
-
-make install DESTDIR=$RPM_BUILD_ROOT
+rm -rf $RPM_BUILD_ROOT
+make DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' install
-install -m 0755 -p libungif.so.%{version} $RPM_BUILD_ROOT%{_libdir}
-ln -sf libungif.so.%{version} ${RPM_BUILD_ROOT}%{_libdir}/libungif.so.4
-ln -sf libungif.so.4 ${RPM_BUILD_ROOT}%{_libdir}/libungif.so
-
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+# Handling of libungif compatibility
+install -p -m 755 libungif.so.%{version} $RPM_BUILD_ROOT%{_libdir}
+ln -sf libungif.so.%{version} $RPM_BUILD_ROOT%{_libdir}/libungif.so.4
+ln -sf libungif.so.4 $RPM_BUILD_ROOT%{_libdir}/libungif.so
+
+# Don't install any static .a and libtool .la files
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
+
+# Remove makefile relics from documentation
+rm -f doc/Makefile*
+
+# Correct wrong line ending
+sed -e 's/\r//' doc/lzgif.txt > doc/lzgif.txt.new
+touch -c -r doc/lzgif.txt doc/lzgif.txt.new
+mv -f doc/lzgif.txt.new doc/lzgif.txt
%clean
-rm -rf ${RPM_BUILD_ROOT}
+rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
@@ -84,14 +85,12 @@ rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,root,-)
-%doc COPYING README NEWS ONEWS
-%doc ChangeLog TODO BUGS AUTHORS
+%doc AUTHORS ChangeLog COPYING NEWS README
%{_libdir}/lib*.so.*
%files devel
%defattr(-,root,root,-)
%doc doc/* util/giffiltr.c util/gifspnge.c
-%{_libdir}/lib*.a
%{_libdir}/lib*.so
%{_includedir}/*.h
@@ -100,6 +99,12 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/*
%changelog
+* Sat May 16 2009 Robert Scheck <robert at fedoraproject.org> 4.1.3-10
+- CVE-2005-2974: NULL pointer dereference crash (#494826)
+- CVE-2005-3350: Memory corruption via a crafted GIF (#494823)
+- Solved multilib problems with documentation (#465208, #474538)
+- Removed static library from giflib-devel package (#225796 #c1)
+
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 4.1.3-9
- Autorebuild for GCC 4.3
--- giflib-hash64.patch DELETED ---
More information about the scm-commits
mailing list