!49 [sync] PR-47: Update to 5.2.2 for fix CVE-2020-23922 and CVE-2023-48161

From: @openeuler-sync-bot 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001

CVE-2021-40633.patch

@@ -0,0 +1,13 @@
+diff -urN giflib-5.2.2/gif2rgb.c giflib-5.2.2-bak/gif2rgb.c
+--- giflib-5.2.2/gif2rgb.c	2024-05-14 16:06:40.098092160 +0800
++++ giflib-5.2.2-bak/gif2rgb.c	2024-05-14 15:53:42.426757251 +0800
+@@ -525,6 +525,9 @@
+ 	DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
+ 	               GifFile->SWidth, GifFile->SHeight);
+ 
++	for (i = 0; i < GifFile->SHeight; i++) {
++		(void)free(ScreenBuffer[i]);
++	}
+ 	(void)free(ScreenBuffer);
+ 
+ 	{

giflib.spec

@@ -1,8 +1,8 @@
 %define debug_package %{nil}
 
 Name:          giflib
-Version:       5.2.1
-Release:       2 
+Version:       5.2.2
+Release:       1
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@@ -14,8 +14,10 @@ Patch0:giflib_quantize.patch
 Patch1:giflib_coverity.patch
 # Generate HTML docs with consistent section IDs to avoid multilib difference
 Patch2:giflib_html-docs-consistent-ids.patch
+Patch3:CVE-2021-40633.patch
 
 BuildRequires: make xmlto gcc
+BuildRequires: ImageMagick
 provides:      giflib-utils
 
 %description
@@ -28,13 +30,21 @@ Requires:      %{name} = %{version}-%{release}
 %description   devel
 development header files, libraries for programs using the giflib library.
 
+%package       utils
+Summary:       Programs for manipulating GIF format image files
+Requires:      %{name}%{?_isa} = %{version}-%{release}
+
+%description   utils
+The giflib-utils package contains various programs for manipulationg GIF
+format imange files.
+
 %package_help
 
 %prep
 %autosetup -n %{name}-%{version} -p1
 
 %build
-%make_build
+%make_build CFLAGS="$RPM_OPT_FLAGS -s -fPIC"
 
 %install
 %make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}"
@@ -50,7 +60,6 @@ rm -f %{buildroot}/debugsourcefiles.list
 %license COPYING
 %{_libdir}/libgif.so.7*
 %exclude %{_libdir}/*.a
-%{_bindir}/gif*
 
 %files devel
 %defattr(-,root,root)
@@ -60,9 +69,37 @@ rm -f %{buildroot}/debugsourcefiles.list
 
 %files help
 %defattr(-,root,root)
-%{_mandir}/man1/gif*.1*
+%{_mandir}/man1/gif*.*
+
+%files utils
+%{_bindir}/gif*
 
 %changelog
+* Fri Jun 21 2024 yaoxin <yao_xin001@hoperun.com> - 5.2.2-1
+- Update to 5.2.2
+  * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
+  * Address SF issue #151: A heap-buffer-overflow in gif2rgb.c:294:45
+  * Address SF issue #166: a read zero page leads segment fault in
+    getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
+
+* Tue May 14 2024 liwenjie <liwenjie@kylinos.cn> - 5.2.1-8
+- Fix CVE-2021-40633
+
+* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-7
+- Fix CVE-2023-39742
+
+* Thu Aug 25 2022 caodongxia <caodongxia@h-partners.com> -5.2.1-6
+- Fix rpmbuild error
+
+* Wed Jun 15 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-5
+- fix CVE-2022-28506
+
+* Sat Sep 4 2021 zhanzhimin <zhanzhimin@huawei.com> - 5.2.1-4
+- strip binary files
+
+* Thu May 20 2021 liuyumeng <liuyumeng5@huawei.com> - 5.2.1-3
+- Add a package named utils
+
 * Wed Jul 29 2020 hanhui <hanhui15@huawei.com> - 5.2.1-2
 - add bugfix
 

giflib_coverity.patch

@@ -1,43 +1,39 @@
-diff -rupN --no-dereference giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c
---- giflib-5.2.1/gif2rgb.c	2019-06-24 09:24:27.000000000 +0200
-+++ giflib-5.2.1-new/gif2rgb.c	2020-02-17 16:51:04.468397502 +0100
-@@ -170,6 +170,8 @@ static void SaveGif(GifByteType *OutputB
-     /* Open stdout for the output file: */
-     if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) {
- 	PrintGifError(Error);
-+	free(OutputBuffer);
-+	GifFreeMapObject(OutputColorMap);
- 	exit(EXIT_FAILURE);
-     }
+diff -rupN --no-dereference giflib-5.2.2/gif2rgb.c giflib-5.2.2-new/gif2rgb.c
+--- giflib-5.2.2/gif2rgb.c	2024-02-19 04:01:28.000000000 +0100
++++ giflib-5.2.2-new/gif2rgb.c	2024-02-19 09:39:38.750976758 +0100
+@@ -165,6 +165,8 @@ static void SaveGif(GifByteType *OutputB
+ 	/* Open stdout for the output file: */
+ 	if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) {
+ 		PrintGifError(Error);
++		free(OutputBuffer);
++		GifFreeMapObject(OutputColorMap);
+ 		exit(EXIT_FAILURE);
+ 	}
  
-@@ -179,6 +181,8 @@ static void SaveGif(GifByteType *OutputB
- 	EGifPutImageDesc(GifFile,
- 			 0, 0, Width, Height, false, NULL) == GIF_ERROR) {
- 	PrintGifError(Error);
-+	free(OutputBuffer);
-+	GifFreeMapObject(OutputColorMap);
- 	exit(EXIT_FAILURE);
-     }
+@@ -173,6 +175,8 @@ static void SaveGif(GifByteType *OutputB
+ 	    EGifPutImageDesc(GifFile, 0, 0, Width, Height, false, NULL) ==
+ 	        GIF_ERROR) {
+ 		PrintGifError(Error);
++		free(OutputBuffer);
++		GifFreeMapObject(OutputColorMap);
+ 		exit(EXIT_FAILURE);
+ 	}
  
-@@ -187,8 +191,11 @@ static void SaveGif(GifByteType *OutputB
- 	       GifFile->Image.Width, GifFile->Image.Height);
+@@ -182,6 +186,8 @@ static void SaveGif(GifByteType *OutputB
  
-     for (i = 0; i < Height; i++) {
--	if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR)
-+	if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) {
-+	    free(OutputBuffer);
-+	    GifFreeMapObject(OutputColorMap);
- 	    exit(EXIT_FAILURE);
-+        }
- 	GifQprintf("\b\b\b\b%-4d", Height - i - 1);
+ 	for (i = 0; i < Height; i++) {
+ 		if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) {
++			free(OutputBuffer);
++			GifFreeMapObject(OutputColorMap);
+ 			exit(EXIT_FAILURE);
+ 		}
+ 		GifQprintf("\b\b\b\b%-4d", Height - i - 1);
+@@ -191,6 +197,8 @@ static void SaveGif(GifByteType *OutputB
  
- 	Ptr += Width;
-@@ -196,6 +203,8 @@ static void SaveGif(GifByteType *OutputB
- 
-     if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) {
- 	PrintGifError(Error);
-+	free(OutputBuffer);
-+	GifFreeMapObject(OutputColorMap);
- 	exit(EXIT_FAILURE);
-     }
+ 	if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) {
+ 		PrintGifError(Error);
++		free(OutputBuffer);
++		GifFreeMapObject(OutputColorMap);
+ 		exit(EXIT_FAILURE);
+ 	}
  }

giflib_html-docs-consistent-ids.patch

@@ -1,8 +1,8 @@
-diff -rupN --no-dereference giflib-5.2.1/doc/Makefile giflib-5.2.1-new/doc/Makefile
---- giflib-5.2.1/doc/Makefile	2019-03-28 18:05:25.000000000 +0100
-+++ giflib-5.2.1-new/doc/Makefile	2020-02-17 16:51:04.489397582 +0100
+diff -rupN --no-dereference giflib-5.2.2/doc/Makefile giflib-5.2.2-new/doc/Makefile
+--- giflib-5.2.2/doc/Makefile	2024-02-18 19:15:05.000000000 +0100
++++ giflib-5.2.2-new/doc/Makefile	2024-02-19 09:39:38.785968237 +0100
 @@ -1,7 +1,7 @@
- .SUFFIXES: .xml .html .txt .adoc .1
+ .SUFFIXES: .xml .html .txt .adoc .1 .7
  
  .xml.html:
 -	xmlto xhtml-nochunks $<

giflib_quantize.patch

@@ -1,6 +1,6 @@
-diff -rupN --no-dereference giflib-5.2.1/Makefile giflib-5.2.1-new/Makefile
---- giflib-5.2.1/Makefile	2019-06-24 18:08:57.000000000 +0200
-+++ giflib-5.2.1-new/Makefile	2020-02-17 16:51:04.450397434 +0100
+diff -rupN --no-dereference giflib-5.2.2/Makefile giflib-5.2.2-new/Makefile
+--- giflib-5.2.2/Makefile	2024-02-19 02:01:50.000000000 +0100
++++ giflib-5.2.2-new/Makefile	2024-02-19 09:39:38.715985279 +0100
 @@ -29,11 +29,11 @@ LIBPOINT=0
  LIBVER=$(LIBMAJOR).$(LIBMINOR).$(LIBPOINT)