giflib: fix CVEs

Patches taken from Fedora

Signed-off-by: Rosen Penev <rosenp@gmail.com>

diff --git a/libs/giflib/Makefile b/libs/giflib/Makefile
index a6174e9825d21573f5a0f9a6f163090d5dc7139e..722c7bdfe888e282ab4be42e4299f591fb37105f 100644 (file)
--- a/libs/giflib/Makefile
+++ b/libs/giflib/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=giflib
 PKG_VERSION:=5.2.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/giflib

diff --git a/libs/giflib/patches/010-CVE-2022-28506.patch b/libs/giflib/patches/010-CVE-2022-28506.patch
new file mode 100644 (file)
index 0000000..f6de2be
--- /dev/null
+++ b/libs/giflib/patches/010-CVE-2022-28506.patch
@@ -0,0 +1,14 @@
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;

diff --git a/libs/giflib/patches/020-CVE-2023-39742.patch b/libs/giflib/patches/020-CVE-2023-39742.patch
new file mode 100644 (file)
index 0000000..8d01c93
--- /dev/null
+++ b/libs/giflib/patches/020-CVE-2023-39742.patch
@@ -0,0 +1,24 @@
+Description: Fix segmentation faults due to non correct checking for args
+Author: David Suárez <david.sephirot@gmail.com>
+Origin: vendor
+Bug: https://sourceforge.net/p/giflib/bugs/153/
+Bug-Debian: https://bugs.debian.org/715963
+Bug-Debian: https://bugs.debian.org/715964
+Bug-Debian: https://bugs.debian.org/715967
+Last-Update: 2020-12-20
+
+--- a/getarg.c
++++ b/getarg.c
+@@ -307,6 +307,12 @@ GAGetParmeters(void *Parameters[],
+     int i = 0, ScanRes;
+ 
+     while (!(ISSPACE(CtrlStrCopy[i]))) {
++
++        if ((*argv) == argv_end) {
++            GAErrorToken = Option;
++            return CMD_ERR_NumRead;
++        }
++
+         switch (CtrlStrCopy[i + 1]) {
+           case 'd':    /* Get signed integers. */
+               ScanRes = sscanf(*((*argv)++), "%d",