From 9c35e6360859b90b1cfbb65ee6c7ae23bb5c42a1 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sat, 10 Feb 2024 15:46:21 -0800
Subject: [PATCH] giflib: fix CVEs

Patches taken from Fedora

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 libs/giflib/Makefile                         |  2 +-
 libs/giflib/patches/010-CVE-2022-28506.patch | 14 ++++++++++++
 libs/giflib/patches/020-CVE-2023-39742.patch | 24 ++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 libs/giflib/patches/010-CVE-2022-28506.patch
 create mode 100644 libs/giflib/patches/020-CVE-2023-39742.patch

diff --git a/libs/giflib/Makefile b/libs/giflib/Makefile
index a6174e982..722c7bdfe 100644
--- a/libs/giflib/Makefile
+++ b/libs/giflib/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=giflib
 PKG_VERSION:=5.2.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/giflib
diff --git a/libs/giflib/patches/010-CVE-2022-28506.patch b/libs/giflib/patches/010-CVE-2022-28506.patch
new file mode 100644
index 000000000..f6de2bee2
--- /dev/null
+++ b/libs/giflib/patches/010-CVE-2022-28506.patch
@@ -0,0 +1,14 @@
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;
diff --git a/libs/giflib/patches/020-CVE-2023-39742.patch b/libs/giflib/patches/020-CVE-2023-39742.patch
new file mode 100644
index 000000000..8d01c93f6
--- /dev/null
+++ b/libs/giflib/patches/020-CVE-2023-39742.patch
@@ -0,0 +1,24 @@
+Description: Fix segmentation faults due to non correct checking for args
+Author: David Suárez <david.sephirot@gmail.com>
+Origin: vendor
+Bug: https://sourceforge.net/p/giflib/bugs/153/
+Bug-Debian: https://bugs.debian.org/715963
+Bug-Debian: https://bugs.debian.org/715964
+Bug-Debian: https://bugs.debian.org/715967
+Last-Update: 2020-12-20
+
+--- a/getarg.c
++++ b/getarg.c
+@@ -307,6 +307,12 @@ GAGetParmeters(void *Parameters[],
+     int i = 0, ScanRes;
+ 
+     while (!(ISSPACE(CtrlStrCopy[i]))) {
++
++        if ((*argv) == argv_end) {
++            GAErrorToken = Option;
++            return CMD_ERR_NumRead;
++        }
++
+         switch (CtrlStrCopy[i + 1]) {
+           case 'd':    /* Get signed integers. */
+               ScanRes = sscanf(*((*argv)++), "%d",