CVS commit: pkgsrc/graphics/giflib

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/giflib
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sun, 26 Mar 2023 12:36:29 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Sun Mar 26 12:36:28 UTC 2023

Modified Files:
        pkgsrc/graphics/giflib: Makefile distinfo
Added Files:
        pkgsrc/graphics/giflib/patches: patch-CVE-2022-28506

Log Message:
fix CVE-2022-28506 with a patch from
https://sourceforge.net/u/mmuzila/giflib/ci/fix-cve-2022-28506/


To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/graphics/giflib/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/graphics/giflib/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/giflib/patches/patch-CVE-2022-28506

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/giflib/Makefile
diff -u pkgsrc/graphics/giflib/Makefile:1.56 pkgsrc/graphics/giflib/Makefile:1.57
--- pkgsrc/graphics/giflib/Makefile:1.56        Fri Jun  5 12:48:59 2020
+++ pkgsrc/graphics/giflib/Makefile     Sun Mar 26 12:36:28 2023
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.56 2020/06/05 12:48:59 jperkin Exp $
+# $NetBSD: Makefile,v 1.57 2023/03/26 12:36:28 spz Exp $
 
 .include "Makefile.common"
-PKGREVISION=   4
+PKGREVISION=   5
 
 COMMENT=       GIF image format library
 

Index: pkgsrc/graphics/giflib/distinfo
diff -u pkgsrc/graphics/giflib/distinfo:1.25 pkgsrc/graphics/giflib/distinfo:1.26
--- pkgsrc/graphics/giflib/distinfo:1.25        Tue Oct 26 10:46:10 2021
+++ pkgsrc/graphics/giflib/distinfo     Sun Mar 26 12:36:28 2023
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.25 2021/10/26 10:46:10 nia Exp $
+$NetBSD: distinfo,v 1.26 2023/03/26 12:36:28 spz Exp $
 
 BLAKE2s (giflib-5.2.1.tar.gz) = cac59c8c5042cb67b4dfef98e3344a79817e775409bc37839cabcdd184753ad0
 SHA512 (giflib-5.2.1.tar.gz) = 4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736
 Size (giflib-5.2.1.tar.gz) = 444187 bytes
+SHA1 (patch-CVE-2022-28506) = 1c1819a656dfd5ee82ddc4b7981ab42548e76d6a
 SHA1 (patch-Makefile) = fcc937f5d0aebc9fd36895322f1b9518a775635e

Added files:

Index: pkgsrc/graphics/giflib/patches/patch-CVE-2022-28506
diff -u /dev/null pkgsrc/graphics/giflib/patches/patch-CVE-2022-28506:1.1
--- /dev/null   Sun Mar 26 12:36:29 2023
+++ pkgsrc/graphics/giflib/patches/patch-CVE-2022-28506 Sun Mar 26 12:36:28 2023
@@ -0,0 +1,18 @@
+$NetBSD: patch-CVE-2022-28506,v 1.1 2023/03/26 12:36:28 spz Exp $
+
+from https://sourceforge.net/u/mmuzila/giflib/ci/fix-cve-2022-28506/
+
+--- gif2rgb.c.orig     2019-06-24 07:24:27.000000000 +0000
++++ gif2rgb.c
+@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/chat/libmsn
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/chat/libmsn
Indexes:

Home | Main Index | Thread Index | Old Index