giflib: 5.2.1 -> 5.2.2, apply patch for CVE-2021-40633
Fixes CVE-2023-48161, CVE-2023-39742 and CVE-2021-40633. Changes: https://sourceforge.net/p/giflib/code/ci/5.2.2/tree/NEWS
This commit is contained in:
parent
e87b3a7d6e
commit
ce852b43b0
26
pkgs/development/libraries/giflib/CVE-2021-40633.patch
Normal file
26
pkgs/development/libraries/giflib/CVE-2021-40633.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From ccbc956432650734c91acb3fc88837f7b81267ff Mon Sep 17 00:00:00 2001
|
||||
From: "Eric S. Raymond" <esr@thyrsus.com>
|
||||
Date: Wed, 21 Feb 2024 18:55:00 -0500
|
||||
Subject: [PATCH] Clean up memory better at end of run (CVE-2021-40633)
|
||||
|
||||
---
|
||||
gif2rgb.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/gif2rgb.c b/gif2rgb.c
|
||||
index d51226d..fc2e683 100644
|
||||
--- a/gif2rgb.c
|
||||
+++ b/gif2rgb.c
|
||||
@@ -517,6 +517,9 @@ static void GIF2RGB(int NumFiles, char *FileName, bool OneFileFlag,
|
||||
DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
|
||||
GifFile->SWidth, GifFile->SHeight);
|
||||
|
||||
+ for (i = 0; i < GifFile->SHeight; i++) {
|
||||
+ (void)free(ScreenBuffer[i]);
|
||||
+ }
|
||||
(void)free(ScreenBuffer);
|
||||
|
||||
{
|
||||
--
|
||||
2.44.0
|
||||
|
@ -4,31 +4,20 @@
|
||||
, fetchpatch
|
||||
, fixDarwinDylibNames
|
||||
, pkgsStatic
|
||||
, imagemagick_light
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "giflib";
|
||||
version = "5.2.1";
|
||||
version = "5.2.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/giflib/giflib-${version}.tar.gz";
|
||||
sha256 = "1gbrg03z1b6rlrvjyc6d41bc8j1bsr7rm8206gb1apscyii5bnii";
|
||||
hash = "sha256-vn/70FfK3r4qoURUL9kMaDjGoIO16KkEi47jtmsp1fs=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-28506.patch";
|
||||
url = "https://src.fedoraproject.org/rpms/giflib/raw/2e9917bf13df114354163f0c0211eccc00943596/f/CVE-2022-28506.patch";
|
||||
sha256 = "sha256-TBemEXkuox8FdS9RvjnWcTWPaHRo4crcwSR9czrUwBY=";
|
||||
})
|
||||
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
|
||||
# https://sourceforge.net/p/giflib/bugs/133/
|
||||
(fetchpatch {
|
||||
name = "darwin-soname.patch";
|
||||
url = "https://sourceforge.net/p/giflib/bugs/_discuss/thread/4e811ad29b/c323/attachment/Makefile.patch";
|
||||
sha256 = "12afkqnlkl3n1hywwgx8sqnhp3bz0c5qrwcv8j9hifw1lmfhv67r";
|
||||
extraPrefix = "./";
|
||||
})
|
||||
./CVE-2021-40633.patch
|
||||
] ++ lib.optionals stdenv.hostPlatform.isMinGW [
|
||||
# Build dll libraries.
|
||||
(fetchurl {
|
||||
@ -40,7 +29,9 @@ stdenv.mkDerivation rec {
|
||||
./mingw-install-exes.patch
|
||||
];
|
||||
|
||||
nativeBuildInputs = lib.optionals stdenv.isDarwin [
|
||||
nativeBuildInputs = [
|
||||
imagemagick_light
|
||||
] ++ lib.optionals stdenv.isDarwin [
|
||||
fixDarwinDylibNames
|
||||
];
|
||||
|
||||
@ -50,10 +41,11 @@ stdenv.mkDerivation rec {
|
||||
|
||||
postPatch = lib.optionalString stdenv.hostPlatform.isStatic ''
|
||||
# Upstream build system does not support NOT building shared libraries.
|
||||
sed -i '/all:/ s/libgif.so//' Makefile
|
||||
sed -i '/all:/ s/libutil.so//' Makefile
|
||||
sed -i '/-m 755 libgif.so/ d' Makefile
|
||||
sed -i '/ln -sf libgif.so/ d' Makefile
|
||||
sed -i '/all:/ s/$(LIBGIFSO)//' Makefile
|
||||
sed -i '/all:/ s/$(LIBUTILSO)//' Makefile
|
||||
sed -i '/-m 755 $(LIBGIFSO)/ d' Makefile
|
||||
sed -i '/ln -sf $(LIBGIFSOVER)/ d' Makefile
|
||||
sed -i '/ln -sf $(LIBGIFSOMAJOR)/ d' Makefile
|
||||
'';
|
||||
|
||||
passthru.tests = {
|
||||
|
Loading…
Reference in New Issue
Block a user