diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-06-02 07:36:57 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-06-02 07:36:57 +0000 |
commit | a51a6984b5ddb503e3867843734027294cdee7c7 (patch) | |
tree | 00ece1ec255f5e31d10527c7925b8c7e7e07fe17 | |
parent | b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a (diff) | |
download | aports-a51a6984b5ddb503e3867843734027294cdee7c7.tar.bz2 aports-a51a6984b5ddb503e3867843734027294cdee7c7.tar.xz |
main/giflib: security fix (CVE-2016-3977). Fixes #5517
-rw-r--r-- | main/giflib/APKBUILD | 15 | ||||
-rw-r--r-- | main/giflib/CVE-2016-3977.patch | 83 |
2 files changed, 93 insertions, 5 deletions
diff --git a/main/giflib/APKBUILD b/main/giflib/APKBUILD index b2b4fee188..70cfb1874e 100644 --- a/main/giflib/APKBUILD +++ b/main/giflib/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=giflib pkgver=5.0.6 -pkgrel=0 +pkgrel=1 pkgdesc="A library for reading and writing gif images" url="http://sourceforge.net/projects/giflib/" arch="all" @@ -10,7 +10,9 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-utils" depends= makedepends="libx11-dev libsm-dev util-linux-dev xmlto" source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 - xmlto-skip-validation.patch" + xmlto-skip-validation.patch + CVE-2016-3977.patch + " _builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -53,8 +55,11 @@ utils() { } md5sums="603838feeed62e9eaa90415742adddf9 giflib-5.0.6.tar.bz2 -e1ae3d46e40a8609231dea3075388d4a xmlto-skip-validation.patch" +e1ae3d46e40a8609231dea3075388d4a xmlto-skip-validation.patch +ff293c617b58bc0741304fda1a329d4e CVE-2016-3977.patch" sha256sums="8909839ccbdfca75cfbe6a4db907b55978e11fb268a8f3cde24bd923a0f669ea giflib-5.0.6.tar.bz2 -2244e339343d027044732e47bce2b0bdb3e6d9c472963748af4adb2304374022 xmlto-skip-validation.patch" +2244e339343d027044732e47bce2b0bdb3e6d9c472963748af4adb2304374022 xmlto-skip-validation.patch +17f2b56775a0cb2eae231bda819e940b8d144befbe1998af3d538ffc70baefce CVE-2016-3977.patch" sha512sums="117e20319f2df32bdf094678cdececad2b6f33a40baff172d4df68ade86547825ebca81186071bff51e60126692df84dbd7bb5cc4877ba68448f7c47a2cc2491 giflib-5.0.6.tar.bz2 -36f92cb092ee9dc463aa1b6b9857d1a1591fa5ed6bf973b02385a979a7178cf2c1f7fc75d6474c2fa90c090e9659178ab8cfe6bb3e147425828a1b5a59ca6f06 xmlto-skip-validation.patch" +36f92cb092ee9dc463aa1b6b9857d1a1591fa5ed6bf973b02385a979a7178cf2c1f7fc75d6474c2fa90c090e9659178ab8cfe6bb3e147425828a1b5a59ca6f06 xmlto-skip-validation.patch +f945bec00e0ad00435a52e58af3b211b5cf2383a94e7564b6b7143c636a11b8819f2080eee8ccb6ce9921cf3bd215e3fa161888072d4b84647db2e9bded9dbe3 CVE-2016-3977.patch" diff --git a/main/giflib/CVE-2016-3977.patch b/main/giflib/CVE-2016-3977.patch new file mode 100644 index 0000000000..e41b9bc4d7 --- /dev/null +++ b/main/giflib/CVE-2016-3977.patch @@ -0,0 +1,83 @@ +From ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88 Mon Sep 17 00:00:00 2001 +From: "Eric S. Raymond" <esr@thyrsus.com> +Date: Sat, 2 Apr 2016 13:03:47 -0400 +Subject: [PATCH] Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb). + +--- + NEWS | 8 ++++++++ + lib/dgif_lib.c | 5 +++++ + util/gif2rgb.c | 10 ++++++++-- + 3 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/NEWS b/NEWS +index 7209705..ce44959 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,13 @@ + GIFLIB NEWS + ++Repository head ++=============== ++ ++Code Fixes ++---------- ++ ++* Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb). ++ + + Version 5.1.4 + ============= +diff --git a/lib/dgif_lib.c b/lib/dgif_lib.c +index 66a1d6a..3b650b8 100644 +--- a/lib/dgif_lib.c ++++ b/lib/dgif_lib.c +@@ -289,6 +289,11 @@ DGifGetScreenDesc(GifFileType *GifFile) + GifFile->SColorMap = NULL; + } + ++ /* ++ * No check here for whether the background color is in range for the ++ * screen color map. Possibly there should be. ++ */ ++ + return GIF_OK; + } + +diff --git a/util/gif2rgb.c b/util/gif2rgb.c +index e39f37b..da791a2 100644 +--- a/util/gif2rgb.c ++++ b/util/gif2rgb.c +@@ -15,7 +15,7 @@ Toshio Kuratomi had written this in a comment about the rgb2gif code: + + I (ESR) took this off the main to-do list in 2012 because I don't think + the GIFLIB project actually needs to be in the converters-and-tools business. +-Plenty of hackers do that; our jub is to supply stable library capability ++Plenty of hackers do that; our job is to supply stable library capability + with our utilities mainly interesting as test tools. + + ***************************************************************************/ +@@ -461,7 +461,7 @@ static void GIF2RGB(int NumFiles, char *FileName, + break; + } + } while (RecordType != TERMINATE_RECORD_TYPE); +- ++ + /* Lets dump it - set the global variables required and do it: */ + ColorMap = (GifFile->Image.ColorMap + ? GifFile->Image.ColorMap +@@ -471,6 +471,12 @@ static void GIF2RGB(int NumFiles, char *FileName, + exit(EXIT_FAILURE); + } + ++ /* check that the background color isn't garbage (SF bug #87) */ ++ if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) { ++ fprintf(stderr, "Background color out of range for colormap\n"); ++ exit(EXIT_FAILURE); ++ } ++ + DumpScreen2RGB(OutFileName, OneFileFlag, + ColorMap, + ScreenBuffer, +-- +1.9.1 + |