mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-05-06 03:24:16 +02:00
main/giflib: security upgrade to 5.2.2
This commit is contained in:
J0WI
Natanael Copa
parent
3aaebec61d
commit
8280e1837a
6 changed files with 119 additions and 39 deletions
|
|
@ -1,7 +1,7 @@
|
|||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=giflib
|
||||
pkgver=5.2.1
|
||||
pkgrel=5
|
||||
pkgver=5.2.2
|
||||
pkgrel=0
|
||||
pkgdesc="A library for reading and writing GIF images"
|
||||
url="https://sourceforge.net/projects/giflib/"
|
||||
arch="all"
|
||||
|
|
@ -10,11 +10,16 @@ subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-utils"
|
|||
makedepends="xmlto"
|
||||
checkdepends="coreutils"
|
||||
source="https://downloads.sourceforge.net/sourceforge/giflib/giflib-$pkgver.tar.gz
|
||||
CVE-2022-28506.patch
|
||||
giflib-restore-deprecated-functions.patch
|
||||
CVE-2021-40633.patch
|
||||
correct-document-page-install.patch
|
||||
dont-build-html-pages-images.patch
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 5.2.2-r0:
|
||||
# - CVE-2023-39742
|
||||
# - CVE-2023-48161
|
||||
# - CVE-2021-40633
|
||||
# 5.2.1-r2:
|
||||
# - CVE-2022-28506
|
||||
|
||||
|
|
@ -37,7 +42,8 @@ utils() {
|
|||
}
|
||||
|
||||
sha512sums="
|
||||
4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736 giflib-5.2.1.tar.gz
|
||||
1742eb5006628de4b4578fa4920b9ea849f4d340900f8acb1bf825d9d5041941770a2c21a2fadc467e8185696e9592d05486bfdcdd7102dba6f2eb18b5142410 CVE-2022-28506.patch
|
||||
fdc4a46e4a61e15e14ad712f164a3595902da700c3280ef3ec6fae345118c055eefb1eb73bb755078d0ea1f6112fa4a2b8edf9d918017e0bdf413497d15e1eaf giflib-restore-deprecated-functions.patch
|
||||
0865ab2b1904fa14640c655fdb14bb54244ad18a66e358565c00287875d00912343f9be8bfac7658cc0146200d626f7ec9160d7a339f20ba3be6b9941d73975f giflib-5.2.2.tar.gz
|
||||
33394cd01a5379ffadffa1a3c9ebd4fe2fddd3ea53fd3c713cc65b0ea0158d26aeb5148a9721c4892e944ef1a5694f54c23450118ab3b6f597e64eb6f3986731 CVE-2021-40633.patch
|
||||
6cb391eefc95f554ee83e89edf6fae365498597e370d684de5d020cb8f87f7bc3506afb30cbd36e9de2302d3301e33e044804c2d2a2c977d1bb7fa9e73f489cb correct-document-page-install.patch
|
||||
aa32ccce78120a50f84c2dec644d10996a0fdb41335b47a1d71b45d14ffc9efd14e6aca3f2392dd6713e3c216c07736e94d21d661a90cfe4d57422eb08a1fbc2 dont-build-html-pages-images.patch
|
||||
"
|
||||
|
|
|
|||
30
main/giflib/CVE-2021-40633.patch
Normal file
30
main/giflib/CVE-2021-40633.patch
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
From ccbc956432650734c91acb3fc88837f7b81267ff Mon Sep 17 00:00:00 2001
|
||||
From: "Eric S. Raymond" <esr@thyrsus.com>
|
||||
Date: Wed, 21 Feb 2024 18:55:00 -0500
|
||||
Subject: [PATCH] Clean up memory better at end of run (CVE-2021-40633)
|
||||
|
||||
---
|
||||
gif2rgb.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/gif2rgb.c b/gif2rgb.c
|
||||
index d51226d..fc2e683 100644
|
||||
--- a/gif2rgb.c
|
||||
+++ b/gif2rgb.c
|
||||
@@ -515,10 +515,13 @@ static void GIF2RGB(int NumFiles, char *FileName, bool OneFileFlag,
|
||||
}
|
||||
|
||||
DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
|
||||
GifFile->SWidth, GifFile->SHeight);
|
||||
|
||||
+ for (i = 0; i < GifFile->SHeight; i++) {
|
||||
+ (void)free(ScreenBuffer[i]);
|
||||
+ }
|
||||
(void)free(ScreenBuffer);
|
||||
|
||||
{
|
||||
int Error;
|
||||
if (DGifCloseFile(GifFile, &Error) == GIF_ERROR) {
|
||||
--
|
||||
2.43.0
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
https://sourceforge.net/p/giflib/code/merge-requests/12/
|
||||
--- a/gif2rgb.c
|
||||
+++ b/gif2rgb.c
|
||||
@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
|
||||
GifRow = ScreenBuffer[i];
|
||||
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
|
||||
for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
|
||||
+ /* Check if color is within color palete */
|
||||
+ if (GifRow[j] >= ColorMap->ColorCount)
|
||||
+ {
|
||||
+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
|
||||
+ }
|
||||
ColorMapEntry = &ColorMap->Colors[GifRow[j]];
|
||||
*BufferP++ = ColorMapEntry->Red;
|
||||
*BufferP++ = ColorMapEntry->Green;
|
||||
58
main/giflib/correct-document-page-install.patch
Normal file
58
main/giflib/correct-document-page-install.patch
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
From 61f375082c80ee479eb8ff03189aea691a6a06aa Mon Sep 17 00:00:00 2001
|
||||
From: "Eric S. Raymond" <esr@thyrsus.com>
|
||||
Date: Wed, 21 Feb 2024 08:33:51 -0500
|
||||
Subject: [PATCH] Correct document page install.
|
||||
|
||||
---
|
||||
Makefile | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 87966a9..f4ecb24 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -61,19 +61,23 @@ UTILS = $(INSTALLABLE) \
|
||||
gifsponge \
|
||||
gifwedge
|
||||
|
||||
LDLIBS=libgif.a -lm
|
||||
|
||||
-MANUAL_PAGES = \
|
||||
+MANUAL_PAGES_1 = \
|
||||
doc/gif2rgb.xml \
|
||||
doc/gifbuild.xml \
|
||||
doc/gifclrmp.xml \
|
||||
doc/giffix.xml \
|
||||
- doc/giflib.xml \
|
||||
doc/giftext.xml \
|
||||
doc/giftool.xml
|
||||
|
||||
+MANUAL_PAGES_7 = \
|
||||
+ doc/giflib.xml
|
||||
+
|
||||
+MANUAL_PAGES = $(MANUAL_PAGES_1) $(MANUAL_PAGES_7)
|
||||
+
|
||||
SOEXTENSION = so
|
||||
LIBGIFSO = libgif.$(SOEXTENSION)
|
||||
LIBGIFSOMAJOR = libgif.$(SOEXTENSION).$(LIBMAJOR)
|
||||
LIBGIFSOVER = libgif.$(SOEXTENSION).$(LIBVER)
|
||||
LIBUTILSO = libutil.$(SOEXTENSION)
|
||||
@@ -146,12 +150,13 @@ install-lib:
|
||||
$(INSTALL) -m 644 libgif.a "$(DESTDIR)$(LIBDIR)/libgif.a"
|
||||
$(INSTALL) -m 755 $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOVER)"
|
||||
ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
|
||||
ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
|
||||
install-man:
|
||||
- $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
|
||||
- $(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
|
||||
+ $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1" "$(DESTDIR)$(MANDIR)/man7"
|
||||
+ $(INSTALL) -m 644 $(MANUAL_PAGES_1:xml=1) "$(DESTDIR)$(MANDIR)/man1"
|
||||
+ $(INSTALL) -m 644 $(MANUAL_PAGES_7:xml=7) "$(DESTDIR)$(MANDIR)/man7"
|
||||
uninstall: uninstall-man uninstall-include uninstall-lib uninstall-bin
|
||||
uninstall-bin:
|
||||
cd "$(DESTDIR)$(BINDIR)" && rm -f $(INSTALLABLE)
|
||||
uninstall-include:
|
||||
rm -f "$(DESTDIR)$(INCDIR)/gif_lib.h"
|
||||
--
|
||||
2.43.0
|
||||
|
||||
18
main/giflib/dont-build-html-pages-images.patch
Normal file
18
main/giflib/dont-build-html-pages-images.patch
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
Description: Don't build the site HTML pages images.
|
||||
It saves us to have ImageMagick as a b-depend.
|
||||
Author: David Suárez <david.sephirot@gmail.com>
|
||||
Origin: vendor
|
||||
Last-Update: 2024-03-24
|
||||
Forwarded: not-needed
|
||||
|
||||
--- a/doc/Makefile
|
||||
+++ b/doc/Makefile
|
||||
@@ -46,7 +46,7 @@
|
||||
convert $^ -resize 50x50 $@
|
||||
|
||||
# Philosophical choice: the website gets the internal manual pages
|
||||
-allhtml: $(XMLALL:.xml=.html) giflib-logo.gif
|
||||
+allhtml: $(XMLALL:.xml=.html)
|
||||
|
||||
manpages: $(XMLMAN1:.xml=.1) $(XMLMAN7:.xml=.7) $(XMLINTERNAL:.xml=.1)
|
||||
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
Source: Gentoo, written by Gary Stein
|
||||
Upstream: No
|
||||
Reason: restores deprecated GifQuantizeBuffer which some packages (notably libgdiplus) still use
|
||||
--- a/Makefile 2019-03-28 14:57:23.000000000 -0400
|
||||
+++ b/Makefile 2019-03-31 23:38:20.700603561 -0400
|
||||
@@ -67,8 +67,8 @@
|
||||
|
||||
$(UTILS):: libgif.a libutil.a
|
||||
|
||||
-libgif.so: $(OBJECTS) $(HEADERS)
|
||||
- $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,libgif.so.$(LIBMAJOR) -o libgif.so $(OBJECTS)
|
||||
+libgif.so: $(OBJECTS) $(HEADERS) $(UOBJECTS)
|
||||
+ $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,libgif.so.$(LIBMAJOR) -o libgif.so $(OBJECTS) $(UOBJECTS)
|
||||
|
||||
libgif.a: $(OBJECTS) $(HEADERS)
|
||||
$(AR) rcs libgif.a $(OBJECTS)
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue