diff options
| -rw-r--r-- | CVE-2026-4985.patch | 31 | ||||
| -rw-r--r-- | libcgif.spec | 36 |
2 files changed, 20 insertions, 47 deletions
diff --git a/CVE-2026-4985.patch b/CVE-2026-4985.patch deleted file mode 100644 index 12b538b..0000000 --- a/CVE-2026-4985.patch +++ /dev/null @@ -1,31 +0,0 @@ -From a9ecd7a129f3f7177dfec3e0e7b48c87131ac410 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20L=C3=B6bl?= <dloebl.2000@gmail.com> -Date: Mon, 30 Mar 2026 13:04:27 +0200 -Subject: [PATCH] fix potential undefined behavior in cgif_addframe (#112) - ---- - src/cgif.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/cgif.c b/src/cgif.c -index 7190a1f..d526aee 100644 ---- a/src/cgif.c -+++ b/src/cgif.c -@@ -480,7 +480,7 @@ static void copyFrameConfig(CGIF_FrameConfig* pDest, CGIF_FrameConfig* pSrc) { - int cgif_addframe(CGIF* pGIF, CGIF_FrameConfig* pConfig) { - CGIF_Frame* pNewFrame; - int hasAlpha, hasSetTransp; -- int i; -+ uint32_t i; - cgif_result r; - - // check for previous errors -@@ -518,7 +518,7 @@ int cgif_addframe(CGIF* pGIF, CGIF_FrameConfig* pConfig) { - sameFrame = 0; - } - } else { -- for(i = 0; i < pGIF->config.width * pGIF->config.height; i++) { -+ for(i = 0; i < MULU16(pGIF->config.width, pGIF->config.height); i++) { - if(cmpPixel(pGIF, pConfig, &pGIF->aFrames[pGIF->iHEAD]->config, pConfig->pImageData[i], pGIF->aFrames[pGIF->iHEAD]->config.pImageData[i])) { - sameFrame = 0; - break; diff --git a/libcgif.spec b/libcgif.spec index 7b85bfe..7705715 100644 --- a/libcgif.spec +++ b/libcgif.spec @@ -7,24 +7,26 @@ # Please, preserve the changelog entries # -%global gh_commit 48d28fe9f8c3a344b688bb10274447b6bb1bf0c2 -%global gh_short %(c=%{gh_commit}; echo ${c:0:7}) -#global gh_date 20211001 -%global gh_owner dloebl -%global gh_project cgif %global libname libcgif %global soname 0 +# Github forge +%global gh_vend dloebl +%global gh_proj cgif +%global forgeurl https://github.com/%{gh_vend}/%{gh_proj} +%global tag v%{version} +# remirepo:2 +# for EL-8 to avoid TAG usage +%global archivename %{gh_proj}-%{version} + Name: %{libname} Summary: A fast and lightweight GIF encoder -Version: 0.5.2 -Release: 2%{?dist} License: MIT - -URL: https://github.com/%{gh_owner}/%{gh_project} -Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz - -Patch0: CVE-2026-4985.patch +Version: 0.5.3 +Release: 1%{?dist} +%forgemeta +URL: %{forgeurl} +Source0: %{forgesource} BuildRequires: gcc BuildRequires: meson >= 0.56 @@ -63,8 +65,7 @@ for %{libname}. %prep -%setup -q -n %{gh_project}-%{gh_commit} -%patch -P0 -p1 -b .cve +%forgesetup %build @@ -87,12 +88,15 @@ for %{libname}. %files devel %doc README.md -%{_libdir}/pkgconfig/%{gh_project}.pc +%{_libdir}/pkgconfig/%{gh_proj}.pc %{_libdir}/%{libname}.so -%{_includedir}/%{gh_project}.h +%{_includedir}/%{gh_proj}.h %changelog +* Wed Apr 1 2026 Remi Collet <remi@remirepo.net> - 0.5.3-1 +- update to 0.5.3 + * Tue Mar 31 2026 Remi Collet <remi@remirepo.net> - 0.5.2-2 - fix potential undefined behavior in cgif_addframe CVE-2026-4985 |