From 5886e3522e5807d0c0380bf05408a42608d1ef11 Mon Sep 17 00:00:00 2001
From: Till Maas <opensource@till.name>
Date: Mon, 4 Dec 2017 22:00:05 +0100
Subject: [PATCH] Add patches for CVE-2017-1000229 and CVE-2017-16938 Cleanup
 spec

---
 ...ger-overflow-bug-65-CVE-2017-1000229.patch | 25 +++++++++++
 optipng-076-sfbug-69.patch                    | 45 +++++++++++++++++++
 optipng.spec                                  | 14 +++---
 3 files changed, 77 insertions(+), 7 deletions(-)
 create mode 100644 0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
 create mode 100644 optipng-076-sfbug-69.patch

diff --git a/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch b/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
new file mode 100644
index 0000000..19dc3ad
--- /dev/null
+++ b/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
@@ -0,0 +1,25 @@
+From 77ac8e9fd9b2c1aeec3951e2bb50f7cc2c1e92d2 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 19 Nov 2017 16:04:26 +0100
+Subject: [PATCH] Prevent integer overflow (bug #65, CVE-2017-1000229)
+
+---
+ src/minitiff/tiffread.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c
+index b4910ec..5f9b376 100644
+--- a/src/minitiff/tiffread.c
++++ b/src/minitiff/tiffread.c
+@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp)
+         count = tiff_ptr->strip_offsets_count;
+         if (count == 0 || count > tiff_ptr->height)
+             goto err_invalid;
++        if (count > (size_t)-1 / sizeof(long))
++            goto err_memory;
+         tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long));
+         if (tiff_ptr->strip_offsets == NULL)
+             goto err_memory;
+-- 
+2.14.2
+
diff --git a/optipng-076-sfbug-69.patch b/optipng-076-sfbug-69.patch
new file mode 100644
index 0000000..76246a2
--- /dev/null
+++ b/optipng-076-sfbug-69.patch
@@ -0,0 +1,45 @@
+From e05fb81a20541833a2d62ce08552b18c0920b9a1 Mon Sep 17 00:00:00 2001
+From: Cosmin Truta <ctruta@gmail.com>
+Date: Sat, 25 Nov 2017 23:17:46 -0500
+Subject: [PATCH] gifread: Detect indirect circular dependencies in LZW tables
+
+---
+ src/gifread/gifread.c | 4 +++-
+ src/gifread/gifread.h | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/gifread/gifread.c b/src/gifread/gifread.c
+index 0123456789abcdef..0123456789abcdef 100644
+--- a/src/gifread/gifread.c
++++ b/src/gifread/gifread.c
+@@ -5,7 +5,7 @@
+  * @author Cosmin Truta
+  *
+  * @section Copyright
+- * Copyright (C) 2003-2015 Cosmin Truta.
++ * Copyright (C) 2003-2017 Cosmin Truta.
+  * This software was derived from "giftopnm.c" by David Koblas,
+  * and is distributed under the same copyright and warranty terms.
+  *
+@@ -499,6 +499,8 @@ static int LZWReadByte(int init_flag, int input_code_size, FILE *stream)
+             *sp++ = table[1][code];
+             if (code == table[0][code])
+                 GIFError("GIF/LZW error: circular table entry");
++            if ((size_t)(sp - stack) >= sizeof(stack) / sizeof(stack[0]))
++                GIFError("GIF/LZW error: circular table");
+             code = table[0][code];
+         }
+ 
+diff --git a/src/gifread/gifread.h b/src/gifread/gifread.h
+index 0123456789abcdef..0123456789abcdef 100644
+--- a/src/gifread/gifread.h
++++ b/src/gifread/gifread.h
+@@ -5,7 +5,7 @@
+  * @author Cosmin Truta
+  *
+  * @section Copyright
+- * Copyright (C) 2003-2015 Cosmin Truta.
++ * Copyright (C) 2003-2017 Cosmin Truta.
+  * This software was derived from "giftopnm.c" by David Koblas,
+  * and is distributed under the same copyright and warranty terms.
+  *
diff --git a/optipng.spec b/optipng.spec
index 1d1edb2..4247b90 100644
--- a/optipng.spec
+++ b/optipng.spec
@@ -1,13 +1,13 @@
 Name:           optipng
 Version:        0.7.6
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        PNG optimizer and converter
 
-Group:          Applications/Multimedia
 License:        zlib
 URL:            http://optipng.sourceforge.net/
 Source0:        http://downloads.sourceforge.net/optipng/%{name}-%{version}.tar.gz
-BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch0:         0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
+Patch1:         optipng-076-sfbug-69.patch
 
 BuildRequires:  zlib-devel libpng-devel
 
@@ -45,10 +45,6 @@ chmod -c 755 $RPM_BUILD_ROOT%{_bindir}/optipng
 make test CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
 
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
 %files
 %{!?_licensedir:%global license %%doc}
 %license LICENSE.txt
@@ -58,6 +54,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Dec 04 2017 Till Maas <opensource@till.name> - 0.7.6-5
+- Add patches for CVE-2017-1000229 and CVE-2017-16938
+- Cleanup spec
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.6-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild