giflib: Add Gentoo patch to fix various CVEs

Fixes:
    CVE-2022-28506
    CVE-2023-48161
    CVE-2024-45993
    CVE-2025-31344

Remove myself as maintainer

Signed-off-by: Ted Hess <[email protected]>

diff --git a/libs/giflib/Makefile b/libs/giflib/Makefile
index 92e0ceb9bfe0b829a2c4f6ed6d6eb9ca111b82cd..c5b396cbac465433bd8d9659a23326102054b110 100644 (file)
--- a/libs/giflib/Makefile
+++ b/libs/giflib/Makefile
@@ -9,13 +9,12 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=giflib
 PKG_VERSION:=5.2.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/giflib
 PKG_HASH:=be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb
 
-PKG_MAINTAINER:=Ted Hess <[email protected]>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:giflib_project:giflib

diff --git a/libs/giflib/patches/200-verify-color-in-range.patch b/libs/giflib/patches/200-verify-color-in-range.patch
new file mode 100644 (file)
index 0000000..0fedc1e
--- /dev/null
+++ b/libs/giflib/patches/200-verify-color-in-range.patch
@@ -0,0 +1,13 @@
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -329,6 +329,10 @@ static void DumpScreen2RGB(char *FileNam
+                       GifRow = ScreenBuffer[i];
+                       GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+                       for (j = 0; j < ScreenWidth; j++) {
++                              /* Check if color is within color palete */
++                              if (GifRow[j] >= ColorMap->ColorCount) {
++                                      GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                              }
+                               ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                               Buffers[0][j] = ColorMapEntry->Red;
+                               Buffers[1][j] = ColorMapEntry->Green;