From 6a8152811e99fc9d7759b32913a9b655d0f0b111 Mon Sep 17 00:00:00 2001 From: Ted Hess Date: Sat, 27 Sep 2025 17:14:55 -0400 Subject: [PATCH] giflib: Add Gentoo patch to fix various CVEs Fixes: CVE-2022-28506 CVE-2023-48161 CVE-2024-45993 CVE-2025-31344 Remove myself as maintainer Signed-off-by: Ted Hess --- libs/giflib/Makefile | 3 +-- libs/giflib/patches/200-verify-color-in-range.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 libs/giflib/patches/200-verify-color-in-range.patch diff --git a/libs/giflib/Makefile b/libs/giflib/Makefile index 92e0ceb9bf..c5b396cbac 100644 --- a/libs/giflib/Makefile +++ b/libs/giflib/Makefile @@ -9,13 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=giflib PKG_VERSION:=5.2.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/giflib PKG_HASH:=be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb -PKG_MAINTAINER:=Ted Hess PKG_LICENSE:=MIT PKG_LICENSE_FILES:=COPYING PKG_CPE_ID:=cpe:/a:giflib_project:giflib diff --git a/libs/giflib/patches/200-verify-color-in-range.patch b/libs/giflib/patches/200-verify-color-in-range.patch new file mode 100644 index 0000000000..0fedc1efd2 --- /dev/null +++ b/libs/giflib/patches/200-verify-color-in-range.patch @@ -0,0 +1,13 @@ +--- a/gif2rgb.c ++++ b/gif2rgb.c +@@ -329,6 +329,10 @@ static void DumpScreen2RGB(char *FileNam + GifRow = ScreenBuffer[i]; + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); + for (j = 0; j < ScreenWidth; j++) { ++ /* Check if color is within color palete */ ++ if (GifRow[j] >= ColorMap->ColorCount) { ++ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT)); ++ } + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; + Buffers[0][j] = ColorMapEntry->Red; + Buffers[1][j] = ColorMapEntry->Green;