diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-06-02 09:31:05 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-06-02 09:31:05 +0000 |
| commit | 425a7367eea8902aaa6b5f08cc8ad5a58a6389ae (patch) | |
| tree | 94444d41ee118f73fc1625f6481c4281162e88d9 | |
| parent | 9c357d4b73ee5422aa963ff6ac9f0748053150ec (diff) | |
| download | aports-425a7367eea8902aaa6b5f08cc8ad5a58a6389ae.tar.bz2 aports-425a7367eea8902aaa6b5f08cc8ad5a58a6389ae.tar.xz | |
main/giflib: security fix (CVE-2015-7555). Fixes #5663
| -rw-r--r-- | main/giflib/APKBUILD | 12 | ||||
| -rw-r--r-- | main/giflib/CVE-2015-7555.patch | 26 |
2 files changed, 34 insertions, 4 deletions
diff --git a/main/giflib/APKBUILD b/main/giflib/APKBUILD index 70cfb1874e..c396550b4b 100644 --- a/main/giflib/APKBUILD +++ b/main/giflib/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=giflib pkgver=5.0.6 -pkgrel=1 +pkgrel=2 pkgdesc="A library for reading and writing gif images" url="http://sourceforge.net/projects/giflib/" arch="all" @@ -12,6 +12,7 @@ makedepends="libx11-dev libsm-dev util-linux-dev xmlto" source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 xmlto-skip-validation.patch CVE-2016-3977.patch + CVE-2015-7555.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -56,10 +57,13 @@ utils() { md5sums="603838feeed62e9eaa90415742adddf9 giflib-5.0.6.tar.bz2 e1ae3d46e40a8609231dea3075388d4a xmlto-skip-validation.patch -ff293c617b58bc0741304fda1a329d4e CVE-2016-3977.patch" +ff293c617b58bc0741304fda1a329d4e CVE-2016-3977.patch +0db53bd9a66b8f03c63eb6f54abd672a CVE-2015-7555.patch" sha256sums="8909839ccbdfca75cfbe6a4db907b55978e11fb268a8f3cde24bd923a0f669ea giflib-5.0.6.tar.bz2 2244e339343d027044732e47bce2b0bdb3e6d9c472963748af4adb2304374022 xmlto-skip-validation.patch -17f2b56775a0cb2eae231bda819e940b8d144befbe1998af3d538ffc70baefce CVE-2016-3977.patch" +17f2b56775a0cb2eae231bda819e940b8d144befbe1998af3d538ffc70baefce CVE-2016-3977.patch +a0ff8ff588e95e2a4545ccb63d806de1a645c0e3296f5337e22d9acf2a595829 CVE-2015-7555.patch" sha512sums="117e20319f2df32bdf094678cdececad2b6f33a40baff172d4df68ade86547825ebca81186071bff51e60126692df84dbd7bb5cc4877ba68448f7c47a2cc2491 giflib-5.0.6.tar.bz2 36f92cb092ee9dc463aa1b6b9857d1a1591fa5ed6bf973b02385a979a7178cf2c1f7fc75d6474c2fa90c090e9659178ab8cfe6bb3e147425828a1b5a59ca6f06 xmlto-skip-validation.patch -f945bec00e0ad00435a52e58af3b211b5cf2383a94e7564b6b7143c636a11b8819f2080eee8ccb6ce9921cf3bd215e3fa161888072d4b84647db2e9bded9dbe3 CVE-2016-3977.patch" +f945bec00e0ad00435a52e58af3b211b5cf2383a94e7564b6b7143c636a11b8819f2080eee8ccb6ce9921cf3bd215e3fa161888072d4b84647db2e9bded9dbe3 CVE-2016-3977.patch +5423fd0bd9ad327fc67c42f585981ccc8624186811b60b45149110c2899453f71fc7d2da59eaa55acb43bd7a2e7cc82fd99183808b3c7d36c494efa06368c9ea CVE-2015-7555.patch" diff --git a/main/giflib/CVE-2015-7555.patch b/main/giflib/CVE-2015-7555.patch new file mode 100644 index 0000000000..ca109c2ec5 --- /dev/null +++ b/main/giflib/CVE-2015-7555.patch @@ -0,0 +1,26 @@ +From 179510be300bf11115e37528d79619b53c884a63 Mon Sep 17 00:00:00 2001 +From: "Eric S. Raymond" <esr@thyrsus.com> +Date: Tue, 5 Jan 2016 23:01:45 -0500 +Subject: [PATCH] Address SF bug #71: Buffer overwrite when giffixing a + malformed gif. + +--- + util/giffix.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/util/giffix.c b/util/giffix.c +index 6fba84a..c14c45b 100644 +--- a/util/giffix.c ++++ b/util/giffix.c +@@ -112,6 +112,8 @@ int main(int argc, char **argv) + Height = GifFileIn->Image.Height; + GifQprintf("\n%s: Image %d at (%d, %d) [%dx%d]: ", + PROGRAM_NAME, ++ImageNum, Col, Row, Width, Height); ++ if (Width > GifFileIn->SWidth) ++ GIF_EXIT("Image is wider than total"); + + /* Put the image descriptor to out file: */ + if (EGifPutImageDesc(GifFileOut, Col, Row, Width, Height, +-- +1.9.1 + |