summaryrefslogtreecommitdiff
path: root/media-gfx/gifsicle
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-02-04 17:43:06 +0000
committerV3n3RiX <venerix@koprulu.sector>2024-02-04 17:43:06 +0000
commit27ad6a285576ce16e4c74d806efee77166f0c3c6 (patch)
treea24d8faefbaa796b7f97c5f8aac57c68f8958001 /media-gfx/gifsicle
parent11300a8104238529425a7b6651499bf195bf1839 (diff)
gentoo auto-resync : 04:02:2024 - 17:43:06
Diffstat (limited to 'media-gfx/gifsicle')
-rw-r--r--media-gfx/gifsicle/Manifest3
-rw-r--r--media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch94
-rw-r--r--media-gfx/gifsicle/gifsicle-1.94.ebuild33
3 files changed, 130 insertions, 0 deletions
diff --git a/media-gfx/gifsicle/Manifest b/media-gfx/gifsicle/Manifest
index 226bf6821a76..18fbe7d08947 100644
--- a/media-gfx/gifsicle/Manifest
+++ b/media-gfx/gifsicle/Manifest
@@ -1,3 +1,6 @@
+AUX gifsicle-1.94-CVE-2023-46009.patch 3192 BLAKE2B 01926ce195db5f9ef1a5e7bd3d10ddb9d537306c036ad827363be8bb0104c32d9b41b1350879807493ae361e1d9a9c2b20bbb83d251dd89286ab6334d2fd1ba1 SHA512 0e1372e5d8b77522869f7bd3fd6ea0f1a2bcc424e30980936bfd61aabe5e6bb2b86c4e63f9d09d3fb9bf14f705ab1acc20fcb7e991059c1e6f9b0c1d1b74ac45
DIST gifsicle-1.93.tar.gz 578194 BLAKE2B c5635fc736e2fd97278ab97377663f9702d2891cab5e19b16fa1aa53412ae48945d82ee42e9690208532cb854c99397ec4c1a11d4521454d8d40efd9adfd9d2a SHA512 1ace2c9597a405d69bb9dfa24764a3d7c7dd9864e1832d25a4a7ad2e32780038206b889711846d6e4dbc7189482d0d03874f18d86966ebffbc4ee10569c390d3
+DIST gifsicle-1.94.tar.gz 579194 BLAKE2B 0d6a734d6340938579633061cbff1f702c33adf7c206d3120488fa4a14eb69ef2f5838ee42b92cb371fa39398b57114c6315308d83fd951c399d9d6c3b3986d0 SHA512 5dc84332d929bc765b642f31fb79ed2998b193985070513cb3e412bca519c7c6065537c14df13e9860ae09dc5c66a06ca5475b1fdee62cd9509d42a5e2d0c9b6
EBUILD gifsicle-1.93.ebuild 639 BLAKE2B 9c8080193dfaf712da47ac9855142d171861e9568849065e30f03fcc6be0318afc62708f3b3795ba49ef0facc375c77f269a6da2915d055d7f85fca2dec683a1 SHA512 cd058a074484f0aab0730acc8b09b79443e8db055d3f0429279fb0f519cbfb1ea4620209fffaf5a2d0d30e2f44c057be7cb36214cf63afd1274c20c616928a2e
+EBUILD gifsicle-1.94.ebuild 693 BLAKE2B d44945fbdef73b2eb42bf67af9692a40f76d4a1eb04e9c3cd7da2105b16ac883dd1bce4ba80f31178e1b425ee946ebcc19088a3695f1c912e9bd264df4cae34e SHA512 b34b13802f94bd65239ad6cef8fb105fe1e4a470960661c8709ccdaa1faf9eaf3bd9af15d257ce713dbf0c4108152ca5493ddc432ba733b52070ecf591fe7b65
MISC metadata.xml 248 BLAKE2B da21909c8724c7dd7cf27c3ee2fc6a032610f4863f0ff1fc4ff62d317bd8293b4ce63bf4b2f929d8768dcd449aa00aa927033b26e9dca357247aa9361bc3327e SHA512 28c710eb4b97dc08e939fa72c3ee2f834df2743f0146a7a6163a51bdf1166669bbaf05c4716a208d1b393504118150172b9d744bcc41ce23dd85e90599b731e8
diff --git a/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch b/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch
new file mode 100644
index 000000000000..6b82c8ecdd0c
--- /dev/null
+++ b/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch
@@ -0,0 +1,94 @@
+diff -Naurp a/src/giffunc.c b/src/giffunc.c
+--- a/src/giffunc.c 2021-09-20 13:19:00.000000000 +0200
++++ b/src/giffunc.c 2024-02-04 14:05:47.811880522 +0100
+@@ -466,8 +466,10 @@ Gif_CopyImage(Gif_Image *src)
+ void Gif_MakeImageEmpty(Gif_Image* gfi) {
+ Gif_ReleaseUncompressedImage(gfi);
+ Gif_ReleaseCompressedImage(gfi);
+- gfi->left = gfi->top = 0;
+- gfi->width = gfi->height = 1;
++ gfi->left = gfi->left < 0xFFFE ? gfi->left : 0xFFFE;
++ gfi->top = gfi->top < 0xFFFE ? gfi->top : 0xFFFE;
++ gfi->width = 1;
++ gfi->height = 1;
+ gfi->transparent = 0;
+ Gif_CreateUncompressedImage(gfi, 0);
+ gfi->img[0][0] = 0;
+diff -Naurp a/src/support.c b/src/support.c
+--- a/src/support.c 2023-06-14 17:47:12.000000000 +0200
++++ b/src/support.c 2024-02-04 14:05:51.307885109 +0100
+@@ -1421,9 +1421,9 @@ analyze_crop(int nmerger, Gt_Crop* crop,
+ }
+ }
+
+- if (t > b)
++ if (t > b) {
+ crop->w = crop->h = 0;
+- else {
++ } else {
+ crop->x = l;
+ crop->y = t;
+ crop->w = r - l;
+@@ -1618,7 +1618,8 @@ merge_frame_interval(Gt_Frameset *fset,
+ desti->comment = 0;
+ }
+ if (fr->comment) {
+- if (!desti->comment) desti->comment = Gif_NewComment();
++ if (!desti->comment)
++ desti->comment = Gif_NewComment();
+ merge_comments(desti->comment, fr->comment);
+ /* delete the comment early to help with memory; set field to 0 so we
+ don't re-free it later */
+@@ -1628,10 +1629,22 @@ merge_frame_interval(Gt_Frameset *fset,
+
+ if (fr->interlacing >= 0)
+ desti->interlace = fr->interlacing;
+- if (fr->left >= 0)
+- desti->left = fr->left + (fr->position_is_offset ? desti->left : 0);
+- if (fr->top >= 0)
+- desti->top = fr->top + (fr->position_is_offset ? desti->top : 0);
++ if (fr->left >= 0) {
++ int left = fr->left + (fr->position_is_offset ? desti->left : 0);
++ if (left + desti->width > 65535) {
++ error(1, "left position %d out of range", left);
++ return 0;
++ }
++ desti->left = left;
++ }
++ if (fr->top >= 0) {
++ int top = fr->top + (fr->position_is_offset ? desti->top : 0);
++ if (top + desti->height > 65535) {
++ error(1, "top position %d out of range", top);
++ return 0;
++ }
++ desti->top = top;
++ }
+
+ if (fr->delay >= 0)
+ desti->delay = fr->delay;
+diff -Naurp a/src/xform.c b/src/xform.c
+--- a/src/xform.c 2023-06-14 17:48:05.000000000 +0200
++++ b/src/xform.c 2024-02-04 14:05:47.812880524 +0100
+@@ -262,18 +262,18 @@ crop_image(Gif_Image* gfi, Gt_Frame* fr,
+ gfi->img[j] = old_img[c.y + j] + c.x;
+ gfi->img[c.h] = 0;
+ Gif_DeleteArray(old_img);
++ gfi->left += c.x - fr->left_offset;
++ gfi->top += c.y - fr->top_offset;
+ gfi->width = c.w;
+ gfi->height = c.h;
+- } else if (preserve_total_crop)
++ } else if (preserve_total_crop) {
+ Gif_MakeImageEmpty(gfi);
+- else {
++ } else {
+ Gif_DeleteArray(gfi->img);
+ gfi->img = 0;
+ gfi->width = gfi->height = 0;
+ }
+
+- gfi->left += c.x - fr->left_offset;
+- gfi->top += c.y - fr->top_offset;
+ return gfi->img != 0;
+ }
+
diff --git a/media-gfx/gifsicle/gifsicle-1.94.ebuild b/media-gfx/gifsicle/gifsicle-1.94.ebuild
new file mode 100644
index 000000000000..f5f90f0899a5
--- /dev/null
+++ b/media-gfx/gifsicle/gifsicle-1.94.ebuild
@@ -0,0 +1,33 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="Create, manipulate, and optimize GIF images and animations"
+HOMEPAGE="https://www.lcdf.org/~eddietwo/gifsicle/ https://github.com/kohler/gifsicle"
+SRC_URI="https://www.lcdf.org/~eddietwo/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2 MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="X"
+
+PATCHES=( "${FILESDIR}/$P-CVE-2023-46009.patch" )
+
+RDEPEND="
+ X? (
+ x11-libs/libX11
+ x11-libs/libXt
+ )
+"
+DEPEND="${RDEPEND}
+ X? ( x11-base/xorg-proto )"
+
+DOCS=(
+ NEWS.md
+ README.md
+)
+
+src_configure() {
+ econf $(use_enable X gifview)
+}