diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-02-04 17:43:06 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-02-04 17:43:06 +0000 |
commit | 27ad6a285576ce16e4c74d806efee77166f0c3c6 (patch) | |
tree | a24d8faefbaa796b7f97c5f8aac57c68f8958001 /media-gfx/gifsicle | |
parent | 11300a8104238529425a7b6651499bf195bf1839 (diff) |
gentoo auto-resync : 04:02:2024 - 17:43:06
Diffstat (limited to 'media-gfx/gifsicle')
-rw-r--r-- | media-gfx/gifsicle/Manifest | 3 | ||||
-rw-r--r-- | media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch | 94 | ||||
-rw-r--r-- | media-gfx/gifsicle/gifsicle-1.94.ebuild | 33 |
3 files changed, 130 insertions, 0 deletions
diff --git a/media-gfx/gifsicle/Manifest b/media-gfx/gifsicle/Manifest index 226bf6821a76..18fbe7d08947 100644 --- a/media-gfx/gifsicle/Manifest +++ b/media-gfx/gifsicle/Manifest @@ -1,3 +1,6 @@ +AUX gifsicle-1.94-CVE-2023-46009.patch 3192 BLAKE2B 01926ce195db5f9ef1a5e7bd3d10ddb9d537306c036ad827363be8bb0104c32d9b41b1350879807493ae361e1d9a9c2b20bbb83d251dd89286ab6334d2fd1ba1 SHA512 0e1372e5d8b77522869f7bd3fd6ea0f1a2bcc424e30980936bfd61aabe5e6bb2b86c4e63f9d09d3fb9bf14f705ab1acc20fcb7e991059c1e6f9b0c1d1b74ac45 DIST gifsicle-1.93.tar.gz 578194 BLAKE2B c5635fc736e2fd97278ab97377663f9702d2891cab5e19b16fa1aa53412ae48945d82ee42e9690208532cb854c99397ec4c1a11d4521454d8d40efd9adfd9d2a SHA512 1ace2c9597a405d69bb9dfa24764a3d7c7dd9864e1832d25a4a7ad2e32780038206b889711846d6e4dbc7189482d0d03874f18d86966ebffbc4ee10569c390d3 +DIST gifsicle-1.94.tar.gz 579194 BLAKE2B 0d6a734d6340938579633061cbff1f702c33adf7c206d3120488fa4a14eb69ef2f5838ee42b92cb371fa39398b57114c6315308d83fd951c399d9d6c3b3986d0 SHA512 5dc84332d929bc765b642f31fb79ed2998b193985070513cb3e412bca519c7c6065537c14df13e9860ae09dc5c66a06ca5475b1fdee62cd9509d42a5e2d0c9b6 EBUILD gifsicle-1.93.ebuild 639 BLAKE2B 9c8080193dfaf712da47ac9855142d171861e9568849065e30f03fcc6be0318afc62708f3b3795ba49ef0facc375c77f269a6da2915d055d7f85fca2dec683a1 SHA512 cd058a074484f0aab0730acc8b09b79443e8db055d3f0429279fb0f519cbfb1ea4620209fffaf5a2d0d30e2f44c057be7cb36214cf63afd1274c20c616928a2e +EBUILD gifsicle-1.94.ebuild 693 BLAKE2B d44945fbdef73b2eb42bf67af9692a40f76d4a1eb04e9c3cd7da2105b16ac883dd1bce4ba80f31178e1b425ee946ebcc19088a3695f1c912e9bd264df4cae34e SHA512 b34b13802f94bd65239ad6cef8fb105fe1e4a470960661c8709ccdaa1faf9eaf3bd9af15d257ce713dbf0c4108152ca5493ddc432ba733b52070ecf591fe7b65 MISC metadata.xml 248 BLAKE2B da21909c8724c7dd7cf27c3ee2fc6a032610f4863f0ff1fc4ff62d317bd8293b4ce63bf4b2f929d8768dcd449aa00aa927033b26e9dca357247aa9361bc3327e SHA512 28c710eb4b97dc08e939fa72c3ee2f834df2743f0146a7a6163a51bdf1166669bbaf05c4716a208d1b393504118150172b9d744bcc41ce23dd85e90599b731e8 diff --git a/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch b/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch new file mode 100644 index 000000000000..6b82c8ecdd0c --- /dev/null +++ b/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch @@ -0,0 +1,94 @@ +diff -Naurp a/src/giffunc.c b/src/giffunc.c +--- a/src/giffunc.c 2021-09-20 13:19:00.000000000 +0200 ++++ b/src/giffunc.c 2024-02-04 14:05:47.811880522 +0100 +@@ -466,8 +466,10 @@ Gif_CopyImage(Gif_Image *src) + void Gif_MakeImageEmpty(Gif_Image* gfi) { + Gif_ReleaseUncompressedImage(gfi); + Gif_ReleaseCompressedImage(gfi); +- gfi->left = gfi->top = 0; +- gfi->width = gfi->height = 1; ++ gfi->left = gfi->left < 0xFFFE ? gfi->left : 0xFFFE; ++ gfi->top = gfi->top < 0xFFFE ? gfi->top : 0xFFFE; ++ gfi->width = 1; ++ gfi->height = 1; + gfi->transparent = 0; + Gif_CreateUncompressedImage(gfi, 0); + gfi->img[0][0] = 0; +diff -Naurp a/src/support.c b/src/support.c +--- a/src/support.c 2023-06-14 17:47:12.000000000 +0200 ++++ b/src/support.c 2024-02-04 14:05:51.307885109 +0100 +@@ -1421,9 +1421,9 @@ analyze_crop(int nmerger, Gt_Crop* crop, + } + } + +- if (t > b) ++ if (t > b) { + crop->w = crop->h = 0; +- else { ++ } else { + crop->x = l; + crop->y = t; + crop->w = r - l; +@@ -1618,7 +1618,8 @@ merge_frame_interval(Gt_Frameset *fset, + desti->comment = 0; + } + if (fr->comment) { +- if (!desti->comment) desti->comment = Gif_NewComment(); ++ if (!desti->comment) ++ desti->comment = Gif_NewComment(); + merge_comments(desti->comment, fr->comment); + /* delete the comment early to help with memory; set field to 0 so we + don't re-free it later */ +@@ -1628,10 +1629,22 @@ merge_frame_interval(Gt_Frameset *fset, + + if (fr->interlacing >= 0) + desti->interlace = fr->interlacing; +- if (fr->left >= 0) +- desti->left = fr->left + (fr->position_is_offset ? desti->left : 0); +- if (fr->top >= 0) +- desti->top = fr->top + (fr->position_is_offset ? desti->top : 0); ++ if (fr->left >= 0) { ++ int left = fr->left + (fr->position_is_offset ? desti->left : 0); ++ if (left + desti->width > 65535) { ++ error(1, "left position %d out of range", left); ++ return 0; ++ } ++ desti->left = left; ++ } ++ if (fr->top >= 0) { ++ int top = fr->top + (fr->position_is_offset ? desti->top : 0); ++ if (top + desti->height > 65535) { ++ error(1, "top position %d out of range", top); ++ return 0; ++ } ++ desti->top = top; ++ } + + if (fr->delay >= 0) + desti->delay = fr->delay; +diff -Naurp a/src/xform.c b/src/xform.c +--- a/src/xform.c 2023-06-14 17:48:05.000000000 +0200 ++++ b/src/xform.c 2024-02-04 14:05:47.812880524 +0100 +@@ -262,18 +262,18 @@ crop_image(Gif_Image* gfi, Gt_Frame* fr, + gfi->img[j] = old_img[c.y + j] + c.x; + gfi->img[c.h] = 0; + Gif_DeleteArray(old_img); ++ gfi->left += c.x - fr->left_offset; ++ gfi->top += c.y - fr->top_offset; + gfi->width = c.w; + gfi->height = c.h; +- } else if (preserve_total_crop) ++ } else if (preserve_total_crop) { + Gif_MakeImageEmpty(gfi); +- else { ++ } else { + Gif_DeleteArray(gfi->img); + gfi->img = 0; + gfi->width = gfi->height = 0; + } + +- gfi->left += c.x - fr->left_offset; +- gfi->top += c.y - fr->top_offset; + return gfi->img != 0; + } + diff --git a/media-gfx/gifsicle/gifsicle-1.94.ebuild b/media-gfx/gifsicle/gifsicle-1.94.ebuild new file mode 100644 index 000000000000..f5f90f0899a5 --- /dev/null +++ b/media-gfx/gifsicle/gifsicle-1.94.ebuild @@ -0,0 +1,33 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Create, manipulate, and optimize GIF images and animations" +HOMEPAGE="https://www.lcdf.org/~eddietwo/gifsicle/ https://github.com/kohler/gifsicle" +SRC_URI="https://www.lcdf.org/~eddietwo/${PN}/${P}.tar.gz" + +LICENSE="GPL-2 MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="X" + +PATCHES=( "${FILESDIR}/$P-CVE-2023-46009.patch" ) + +RDEPEND=" + X? ( + x11-libs/libX11 + x11-libs/libXt + ) +" +DEPEND="${RDEPEND} + X? ( x11-base/xorg-proto )" + +DOCS=( + NEWS.md + README.md +) + +src_configure() { + econf $(use_enable X gifview) +} |