aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2022-10-31 14:14:37 +0100
committeralice <alice@ayaya.dev>2022-10-31 16:59:58 +0000
commitdfb827fab2f783983bce4f4ab53d67078047032c (patch)
treec920959e759469e9a8fdc275aa8293ec36a80d9d
parentc740579bf5097c20c5a659e550ba72dd329f6d6f (diff)
downloadaports-dfb827fab2f783983bce4f4ab53d67078047032c.tar.gz
aports-dfb827fab2f783983bce4f4ab53d67078047032c.tar.bz2
aports-dfb827fab2f783983bce4f4ab53d67078047032c.tar.xz
main/giflib: patch CVE-2022-28506
-rw-r--r--main/giflib/APKBUILD21
-rw-r--r--main/giflib/CVE-2022-28506.patch15
2 files changed, 30 insertions, 6 deletions
diff --git a/main/giflib/APKBUILD b/main/giflib/APKBUILD
index a8dea712c8..db186cb681 100644
--- a/main/giflib/APKBUILD
+++ b/main/giflib/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=giflib
pkgver=5.2.1
-pkgrel=1
+pkgrel=2
pkgdesc="A library for reading and writing GIF images"
url="https://sourceforge.net/projects/giflib/"
arch="all"
@@ -9,11 +9,17 @@ license="MIT"
subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
makedepends="xmlto"
checkdepends="coreutils"
-source="https://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz
- giflib-restore-deprecated-functions.patch"
+source="https://downloads.sourceforge.net/sourceforge/giflib/giflib-$pkgver.tar.gz
+ CVE-2022-28506.patch
+ giflib-restore-deprecated-functions.patch
+ "
+
+# secfixes:
+# 5.2.1-r2:
+# - CVE-2022-28506
build() {
- make CFLAGS="-fPIC"
+ make CFLAGS="$CFLAGS -fPIC"
}
check() {
@@ -31,5 +37,8 @@ utils() {
amove usr/bin
}
-sha512sums="4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736 giflib-5.2.1.tar.gz
-fdc4a46e4a61e15e14ad712f164a3595902da700c3280ef3ec6fae345118c055eefb1eb73bb755078d0ea1f6112fa4a2b8edf9d918017e0bdf413497d15e1eaf giflib-restore-deprecated-functions.patch"
+sha512sums="
+4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736 giflib-5.2.1.tar.gz
+1742eb5006628de4b4578fa4920b9ea849f4d340900f8acb1bf825d9d5041941770a2c21a2fadc467e8185696e9592d05486bfdcdd7102dba6f2eb18b5142410 CVE-2022-28506.patch
+fdc4a46e4a61e15e14ad712f164a3595902da700c3280ef3ec6fae345118c055eefb1eb73bb755078d0ea1f6112fa4a2b8edf9d918017e0bdf413497d15e1eaf giflib-restore-deprecated-functions.patch
+"
diff --git a/main/giflib/CVE-2022-28506.patch b/main/giflib/CVE-2022-28506.patch
new file mode 100644
index 0000000000..7dbd669487
--- /dev/null
+++ b/main/giflib/CVE-2022-28506.patch
@@ -0,0 +1,15 @@
+https://sourceforge.net/p/giflib/code/merge-requests/12/
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
+ GifRow = ScreenBuffer[i];
+ GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+ for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
++ /* Check if color is within color palete */
++ if (GifRow[j] >= ColorMap->ColorCount)
++ {
++ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++ }
+ ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+ *BufferP++ = ColorMapEntry->Red;
+ *BufferP++ = ColorMapEntry->Green;