diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2022-10-31 14:14:37 +0100 |
|---|---|---|
| committer | alice <alice@ayaya.dev> | 2022-10-31 16:59:58 +0000 |
| commit | dfb827fab2f783983bce4f4ab53d67078047032c (patch) | |
| tree | c920959e759469e9a8fdc275aa8293ec36a80d9d | |
| parent | c740579bf5097c20c5a659e550ba72dd329f6d6f (diff) | |
| download | aports-dfb827fab2f783983bce4f4ab53d67078047032c.tar.gz aports-dfb827fab2f783983bce4f4ab53d67078047032c.tar.bz2 aports-dfb827fab2f783983bce4f4ab53d67078047032c.tar.xz | |
main/giflib: patch CVE-2022-28506
| -rw-r--r-- | main/giflib/APKBUILD | 21 | ||||
| -rw-r--r-- | main/giflib/CVE-2022-28506.patch | 15 |
2 files changed, 30 insertions, 6 deletions
diff --git a/main/giflib/APKBUILD b/main/giflib/APKBUILD index a8dea712c8..db186cb681 100644 --- a/main/giflib/APKBUILD +++ b/main/giflib/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=giflib pkgver=5.2.1 -pkgrel=1 +pkgrel=2 pkgdesc="A library for reading and writing GIF images" url="https://sourceforge.net/projects/giflib/" arch="all" @@ -9,11 +9,17 @@ license="MIT" subpackages="$pkgname-dev $pkgname-doc $pkgname-utils" makedepends="xmlto" checkdepends="coreutils" -source="https://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz - giflib-restore-deprecated-functions.patch" +source="https://downloads.sourceforge.net/sourceforge/giflib/giflib-$pkgver.tar.gz + CVE-2022-28506.patch + giflib-restore-deprecated-functions.patch + " + +# secfixes: +# 5.2.1-r2: +# - CVE-2022-28506 build() { - make CFLAGS="-fPIC" + make CFLAGS="$CFLAGS -fPIC" } check() { @@ -31,5 +37,8 @@ utils() { amove usr/bin } -sha512sums="4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736 giflib-5.2.1.tar.gz -fdc4a46e4a61e15e14ad712f164a3595902da700c3280ef3ec6fae345118c055eefb1eb73bb755078d0ea1f6112fa4a2b8edf9d918017e0bdf413497d15e1eaf giflib-restore-deprecated-functions.patch" +sha512sums=" +4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736 giflib-5.2.1.tar.gz +1742eb5006628de4b4578fa4920b9ea849f4d340900f8acb1bf825d9d5041941770a2c21a2fadc467e8185696e9592d05486bfdcdd7102dba6f2eb18b5142410 CVE-2022-28506.patch +fdc4a46e4a61e15e14ad712f164a3595902da700c3280ef3ec6fae345118c055eefb1eb73bb755078d0ea1f6112fa4a2b8edf9d918017e0bdf413497d15e1eaf giflib-restore-deprecated-functions.patch +" diff --git a/main/giflib/CVE-2022-28506.patch b/main/giflib/CVE-2022-28506.patch new file mode 100644 index 0000000000..7dbd669487 --- /dev/null +++ b/main/giflib/CVE-2022-28506.patch @@ -0,0 +1,15 @@ +https://sourceforge.net/p/giflib/code/merge-requests/12/ +--- a/gif2rgb.c ++++ b/gif2rgb.c +@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam + GifRow = ScreenBuffer[i]; + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); + for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) { ++ /* Check if color is within color palete */ ++ if (GifRow[j] >= ColorMap->ColorCount) ++ { ++ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT)); ++ } + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; + *BufferP++ = ColorMapEntry->Red; + *BufferP++ = ColorMapEntry->Green; |