From 9b6d2443f94b5eaa434e55078959d0e64f7bb898 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Sat, 3 Dec 2022 18:11:53 +0800
Subject: [PATCH] Sync 22.09 release to 22.03

(cherry picked from commit 1523a8d08213d6a2a07242c7b25e0ac86c8f598a)
---
 CVE-2022-28506.patch | 31 +++++++++++++++++++++++++++++++
 giflib.spec          | 14 ++++++++++++--
 2 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2022-28506.patch

diff --git a/CVE-2022-28506.patch b/CVE-2022-28506.patch
new file mode 100644
index 0000000..1905969
--- /dev/null
+++ b/CVE-2022-28506.patch
@@ -0,0 +1,31 @@
+From c80f2b9f12a9ed0df7a629c9da1c4a82e9e39923 Mon Sep 17 00:00:00 2001
+From: duyiwei <duyiwei@kylinos.cn>
+Date: Wed, 15 Jun 2022 14:46:24 +0800
+Subject: [PATCH] CVE-2022-28506
+
+Signed-off-by: duyiwei <duyiwei@kylinos.cn>
+---
+ gif2rgb.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index ccbc0aa..87c413e 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -303,7 +303,12 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
+-                ColorMapEntry = &ColorMap->Colors[GifRow[j]];
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
++	       	ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;
+                 *BufferP++ = ColorMapEntry->Blue;
+-- 
+2.33.0
+
diff --git a/giflib.spec b/giflib.spec
index fead976..03ac303 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -2,7 +2,7 @@
 
 Name:          giflib
 Version:       5.2.1
-Release:       3 
+Release:       6
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@@ -14,6 +14,7 @@ Patch0:giflib_quantize.patch
 Patch1:giflib_coverity.patch
 # Generate HTML docs with consistent section IDs to avoid multilib difference
 Patch2:giflib_html-docs-consistent-ids.patch
+Patch3:CVE-2022-28506.patch
 
 BuildRequires: make xmlto gcc
 provides:      giflib-utils
@@ -42,7 +43,7 @@ format imange files.
 %autosetup -n %{name}-%{version} -p1
 
 %build
-%make_build
+%make_build CFLAGS="$RPM_OPT_FLAGS -s -fPIC"
 
 %install
 %make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}"
@@ -73,6 +74,15 @@ rm -f %{buildroot}/debugsourcefiles.list
 %{_bindir}/gif*
 
 %changelog
+* Thu Aug 25 2022 caodongxia <caodongxia@h-partners.com> -5.2.1-6
+- Fix rpmbuild error
+
+* Wed Jun 15 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-5
+- fix CVE-2022-28506
+
+* Sat Sep 4 2021 zhanzhimin <zhanzhimin@huawei.com> - 5.2.1-4
+- strip binary files
+
 * Thu May 20 2021 liuyumeng <liuyumeng5@huawei.com> - 5.2.1-3
 - Add a package named utils