From df23eb8615a940966c296847601bcb91d3bb8435 Mon Sep 17 00:00:00 2001 From: Hanno Böck Date: Sun, 4 Feb 2024 14:32:13 +0100 Subject: media-gfx/gifsicle: Version bump and security fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVE-2023-36193 is fixed in 1.94. CVE-2023-46009 fixed by patch from upstream repo (not released yet). Bug: https://bugs.gentoo.org/918436 Signed-off-by: Hanno Böck --- media-gfx/gifsicle/Manifest | 1 + .../files/gifsicle-1.94-CVE-2023-46009.patch | 94 ++++++++++++++++++++++ media-gfx/gifsicle/gifsicle-1.94.ebuild | 33 ++++++++ 3 files changed, 128 insertions(+) create mode 100644 media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch create mode 100644 media-gfx/gifsicle/gifsicle-1.94.ebuild diff --git a/media-gfx/gifsicle/Manifest b/media-gfx/gifsicle/Manifest index cdb785e2d698..f6261fc6b289 100644 --- a/media-gfx/gifsicle/Manifest +++ b/media-gfx/gifsicle/Manifest @@ -1 +1,2 @@ DIST gifsicle-1.93.tar.gz 578194 BLAKE2B c5635fc736e2fd97278ab97377663f9702d2891cab5e19b16fa1aa53412ae48945d82ee42e9690208532cb854c99397ec4c1a11d4521454d8d40efd9adfd9d2a SHA512 1ace2c9597a405d69bb9dfa24764a3d7c7dd9864e1832d25a4a7ad2e32780038206b889711846d6e4dbc7189482d0d03874f18d86966ebffbc4ee10569c390d3 +DIST gifsicle-1.94.tar.gz 579194 BLAKE2B 0d6a734d6340938579633061cbff1f702c33adf7c206d3120488fa4a14eb69ef2f5838ee42b92cb371fa39398b57114c6315308d83fd951c399d9d6c3b3986d0 SHA512 5dc84332d929bc765b642f31fb79ed2998b193985070513cb3e412bca519c7c6065537c14df13e9860ae09dc5c66a06ca5475b1fdee62cd9509d42a5e2d0c9b6 diff --git a/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch b/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch new file mode 100644 index 000000000000..6b82c8ecdd0c --- /dev/null +++ b/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch @@ -0,0 +1,94 @@ +diff -Naurp a/src/giffunc.c b/src/giffunc.c +--- a/src/giffunc.c 2021-09-20 13:19:00.000000000 +0200 ++++ b/src/giffunc.c 2024-02-04 14:05:47.811880522 +0100 +@@ -466,8 +466,10 @@ Gif_CopyImage(Gif_Image *src) + void Gif_MakeImageEmpty(Gif_Image* gfi) { + Gif_ReleaseUncompressedImage(gfi); + Gif_ReleaseCompressedImage(gfi); +- gfi->left = gfi->top = 0; +- gfi->width = gfi->height = 1; ++ gfi->left = gfi->left < 0xFFFE ? gfi->left : 0xFFFE; ++ gfi->top = gfi->top < 0xFFFE ? gfi->top : 0xFFFE; ++ gfi->width = 1; ++ gfi->height = 1; + gfi->transparent = 0; + Gif_CreateUncompressedImage(gfi, 0); + gfi->img[0][0] = 0; +diff -Naurp a/src/support.c b/src/support.c +--- a/src/support.c 2023-06-14 17:47:12.000000000 +0200 ++++ b/src/support.c 2024-02-04 14:05:51.307885109 +0100 +@@ -1421,9 +1421,9 @@ analyze_crop(int nmerger, Gt_Crop* crop, + } + } + +- if (t > b) ++ if (t > b) { + crop->w = crop->h = 0; +- else { ++ } else { + crop->x = l; + crop->y = t; + crop->w = r - l; +@@ -1618,7 +1618,8 @@ merge_frame_interval(Gt_Frameset *fset, + desti->comment = 0; + } + if (fr->comment) { +- if (!desti->comment) desti->comment = Gif_NewComment(); ++ if (!desti->comment) ++ desti->comment = Gif_NewComment(); + merge_comments(desti->comment, fr->comment); + /* delete the comment early to help with memory; set field to 0 so we + don't re-free it later */ +@@ -1628,10 +1629,22 @@ merge_frame_interval(Gt_Frameset *fset, + + if (fr->interlacing >= 0) + desti->interlace = fr->interlacing; +- if (fr->left >= 0) +- desti->left = fr->left + (fr->position_is_offset ? desti->left : 0); +- if (fr->top >= 0) +- desti->top = fr->top + (fr->position_is_offset ? desti->top : 0); ++ if (fr->left >= 0) { ++ int left = fr->left + (fr->position_is_offset ? desti->left : 0); ++ if (left + desti->width > 65535) { ++ error(1, "left position %d out of range", left); ++ return 0; ++ } ++ desti->left = left; ++ } ++ if (fr->top >= 0) { ++ int top = fr->top + (fr->position_is_offset ? desti->top : 0); ++ if (top + desti->height > 65535) { ++ error(1, "top position %d out of range", top); ++ return 0; ++ } ++ desti->top = top; ++ } + + if (fr->delay >= 0) + desti->delay = fr->delay; +diff -Naurp a/src/xform.c b/src/xform.c +--- a/src/xform.c 2023-06-14 17:48:05.000000000 +0200 ++++ b/src/xform.c 2024-02-04 14:05:47.812880524 +0100 +@@ -262,18 +262,18 @@ crop_image(Gif_Image* gfi, Gt_Frame* fr, + gfi->img[j] = old_img[c.y + j] + c.x; + gfi->img[c.h] = 0; + Gif_DeleteArray(old_img); ++ gfi->left += c.x - fr->left_offset; ++ gfi->top += c.y - fr->top_offset; + gfi->width = c.w; + gfi->height = c.h; +- } else if (preserve_total_crop) ++ } else if (preserve_total_crop) { + Gif_MakeImageEmpty(gfi); +- else { ++ } else { + Gif_DeleteArray(gfi->img); + gfi->img = 0; + gfi->width = gfi->height = 0; + } + +- gfi->left += c.x - fr->left_offset; +- gfi->top += c.y - fr->top_offset; + return gfi->img != 0; + } + diff --git a/media-gfx/gifsicle/gifsicle-1.94.ebuild b/media-gfx/gifsicle/gifsicle-1.94.ebuild new file mode 100644 index 000000000000..f5f90f0899a5 --- /dev/null +++ b/media-gfx/gifsicle/gifsicle-1.94.ebuild @@ -0,0 +1,33 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Create, manipulate, and optimize GIF images and animations" +HOMEPAGE="https://www.lcdf.org/~eddietwo/gifsicle/ https://github.com/kohler/gifsicle" +SRC_URI="https://www.lcdf.org/~eddietwo/${PN}/${P}.tar.gz" + +LICENSE="GPL-2 MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="X" + +PATCHES=( "${FILESDIR}/$P-CVE-2023-46009.patch" ) + +RDEPEND=" + X? ( + x11-libs/libX11 + x11-libs/libXt + ) +" +DEPEND="${RDEPEND} + X? ( x11-base/xorg-proto )" + +DOCS=( + NEWS.md + README.md +) + +src_configure() { + econf $(use_enable X gifview) +} -- cgit v1.2.3-65-gdbad