pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/graphics
Module Name: pkgsrc
Committed By: nia
Date: Sun May 4 11:19:20 UTC 2025
Modified Files:
pkgsrc/graphics/giflib: Makefile distinfo
pkgsrc/graphics/giflib-util: Makefile
Added Files:
pkgsrc/graphics/giflib/patches: patch-CVE-2025-31344
Log Message:
giflib: Apply patch for CVE-2025-31344
To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 pkgsrc/graphics/giflib/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/giflib/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/graphics/giflib-util/Makefile
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/giflib/patches/patch-CVE-2025-31344
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/giflib/Makefile
diff -u pkgsrc/graphics/giflib/Makefile:1.59 pkgsrc/graphics/giflib/Makefile:1.60
--- pkgsrc/graphics/giflib/Makefile:1.59 Wed Sep 18 23:02:59 2024
+++ pkgsrc/graphics/giflib/Makefile Sun May 4 11:19:19 2025
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.59 2024/09/18 23:02:59 nia Exp $
+# $NetBSD: Makefile,v 1.60 2025/05/04 11:19:19 nia Exp $
.include "Makefile.common"
+PKGREVISION= 1
+
COMMENT= GIF image format library
CONFLICTS+= libungif-[0-9]*
Index: pkgsrc/graphics/giflib/distinfo
diff -u pkgsrc/graphics/giflib/distinfo:1.30 pkgsrc/graphics/giflib/distinfo:1.31
--- pkgsrc/graphics/giflib/distinfo:1.30 Thu Sep 19 09:01:15 2024
+++ pkgsrc/graphics/giflib/distinfo Sun May 4 11:19:19 2025
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.30 2024/09/19 09:01:15 nia Exp $
+$NetBSD: distinfo,v 1.31 2025/05/04 11:19:19 nia Exp $
BLAKE2s (giflib-5.2.2.tar.gz) = 2a24163a1af876f9241b5971a7e523f054d131661435e4a3ab11b7cf6acc20f1
SHA512 (giflib-5.2.2.tar.gz) = 0865ab2b1904fa14640c655fdb14bb54244ad18a66e358565c00287875d00912343f9be8bfac7658cc0146200d626f7ec9160d7a339f20ba3be6b9941d73975f
Size (giflib-5.2.2.tar.gz) = 447175 bytes
+SHA1 (patch-CVE-2025-31344) = ea977fd36f1e7bb03844dd8eae9a6e70ceb5d4d6
SHA1 (patch-Makefile) = f7dcce252760dfdcafee46513936d6a2a6fcd668
Index: pkgsrc/graphics/giflib-util/Makefile
diff -u pkgsrc/graphics/giflib-util/Makefile:1.15 pkgsrc/graphics/giflib-util/Makefile:1.16
--- pkgsrc/graphics/giflib-util/Makefile:1.15 Wed Sep 18 23:02:59 2024
+++ pkgsrc/graphics/giflib-util/Makefile Sun May 4 11:19:20 2025
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.15 2024/09/18 23:02:59 nia Exp $
+# $NetBSD: Makefile,v 1.16 2025/05/04 11:19:20 nia Exp $
.include "../../graphics/giflib/Makefile.common"
PKGNAME= ${DISTNAME:S/-/-util-/}
+PKGREVISION= 1
COMMENT= GIF image format utility
Added files:
Index: pkgsrc/graphics/giflib/patches/patch-CVE-2025-31344
diff -u /dev/null pkgsrc/graphics/giflib/patches/patch-CVE-2025-31344:1.1
--- /dev/null Sun May 4 11:19:20 2025
+++ pkgsrc/graphics/giflib/patches/patch-CVE-2025-31344 Sun May 4 11:19:20 2025
@@ -0,0 +1,21 @@
+$NetBSD: patch-CVE-2025-31344,v 1.1 2025/05/04 11:19:20 nia Exp $
+
+Fix CVE-2025-31344
+
+https://github.com/OpenMandrivaAssociation/giflib/blob/master/giflib-5.2.2-cve-2025-31344.patch
+https://security-tracker.debian.org/tracker/CVE-2025-31344
+
+--- gif2rgb.c.orig 2024-02-19 03:01:28.000000000 +0000
++++ gif2rgb.c
+@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileNam
+ GifRow = ScreenBuffer[i];
+ GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+ for (j = 0; j < ScreenWidth; j++) {
++ /* Check if color is within color palete */
++ if (GifRow[j] >= ColorMap->ColorCount) {
++ GIF_EXIT(GifErrorString(
++ D_GIF_ERR_IMAGE_DEFECT));
++ }
+ ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+ Buffers[0][j] = ColorMapEntry->Red;
+ Buffers[1][j] = ColorMapEntry->Green;
Home |
Main Index |
Thread Index |
Old Index