main/giflib: security upgrade to 5.2.2

Author: J0WI

main/giflib/APKBUILD

@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <[email protected]>
 pkgname=giflib
-pkgver=5.2.1
-pkgrel=2
+pkgver=5.2.2
+pkgrel=0
 pkgdesc="A library for reading and writing GIF images"
 url="https://sourceforge.net/projects/giflib/"
 arch="all"
@@ -10,11 +10,16 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
 makedepends="xmlto"
 checkdepends="coreutils"
 source="https://downloads.sourceforge.net/sourceforge/giflib/giflib-$pkgver.tar.gz
-	CVE-2022-28506.patch
-	giflib-restore-deprecated-functions.patch
+	CVE-2021-40633.patch
+	correct-document-page-install.patch
+	dont-build-html-pages-images.patch
 	"
 
 # secfixes:
+#   5.2.2-r0:
+#     - CVE-2023-39742
+#     - CVE-2023-48161
+#     - CVE-2021-40633
 #   5.2.1-r2:
 #     - CVE-2022-28506
 
@@ -38,7 +43,8 @@ utils() {
 }
 
 sha512sums="
-4550e53c21cb1191a4581e363fc9d0610da53f7898ca8320f0d3ef6711e76bdda2609c2df15dc94c45e28bff8de441f1227ec2da7ea827cb3c0405af4faa4736  giflib-5.2.1.tar.gz
-1742eb5006628de4b4578fa4920b9ea849f4d340900f8acb1bf825d9d5041941770a2c21a2fadc467e8185696e9592d05486bfdcdd7102dba6f2eb18b5142410  CVE-2022-28506.patch
-fdc4a46e4a61e15e14ad712f164a3595902da700c3280ef3ec6fae345118c055eefb1eb73bb755078d0ea1f6112fa4a2b8edf9d918017e0bdf413497d15e1eaf  giflib-restore-deprecated-functions.patch
+0865ab2b1904fa14640c655fdb14bb54244ad18a66e358565c00287875d00912343f9be8bfac7658cc0146200d626f7ec9160d7a339f20ba3be6b9941d73975f  giflib-5.2.2.tar.gz
+33394cd01a5379ffadffa1a3c9ebd4fe2fddd3ea53fd3c713cc65b0ea0158d26aeb5148a9721c4892e944ef1a5694f54c23450118ab3b6f597e64eb6f3986731  CVE-2021-40633.patch
+6cb391eefc95f554ee83e89edf6fae365498597e370d684de5d020cb8f87f7bc3506afb30cbd36e9de2302d3301e33e044804c2d2a2c977d1bb7fa9e73f489cb  correct-document-page-install.patch
+aa32ccce78120a50f84c2dec644d10996a0fdb41335b47a1d71b45d14ffc9efd14e6aca3f2392dd6713e3c216c07736e94d21d661a90cfe4d57422eb08a1fbc2  dont-build-html-pages-images.patch
 "

main/giflib/CVE-2021-40633.patch

@@ -0,0 +1,30 @@
+From ccbc956432650734c91acb3fc88837f7b81267ff Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <[email protected]>
+Date: Wed, 21 Feb 2024 18:55:00 -0500
+Subject: [PATCH] Clean up memory better at end of run (CVE-2021-40633)
+
+---
+ gif2rgb.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index d51226d..fc2e683 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -515,10 +515,13 @@ static void GIF2RGB(int NumFiles, char *FileName, bool OneFileFlag,
+ 	}
+ 
+ 	DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
+ 	               GifFile->SWidth, GifFile->SHeight);
+ 
++	for (i = 0; i < GifFile->SHeight; i++) {
++        	(void)free(ScreenBuffer[i]);
++	}
+ 	(void)free(ScreenBuffer);
+ 
+ 	{
+ 		int Error;
+ 		if (DGifCloseFile(GifFile, &Error) == GIF_ERROR) {
+-- 
+2.43.0
+

main/giflib/CVE-2022-28506.patch

@@ -0,0 +1,58 @@
+From 61f375082c80ee479eb8ff03189aea691a6a06aa Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <[email protected]>
+Date: Wed, 21 Feb 2024 08:33:51 -0500
+Subject: [PATCH] Correct document page install.
+
+---
+ Makefile | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 87966a9..f4ecb24 100644
+--- a/Makefile
++++ b/Makefile
+@@ -61,19 +61,23 @@ UTILS = $(INSTALLABLE) \
+ 	gifsponge \
+ 	gifwedge
+ 
+ LDLIBS=libgif.a -lm
+ 
+-MANUAL_PAGES = \
++MANUAL_PAGES_1 = \
+ 	doc/gif2rgb.xml \
+ 	doc/gifbuild.xml \
+ 	doc/gifclrmp.xml \
+ 	doc/giffix.xml \
+-	doc/giflib.xml \
+ 	doc/giftext.xml \
+ 	doc/giftool.xml
+ 
++MANUAL_PAGES_7 = \
++	doc/giflib.xml
++
++MANUAL_PAGES = $(MANUAL_PAGES_1) $(MANUAL_PAGES_7)
++
+ SOEXTENSION	= so
+ LIBGIFSO	= libgif.$(SOEXTENSION)
+ LIBGIFSOMAJOR	= libgif.$(SOEXTENSION).$(LIBMAJOR)
+ LIBGIFSOVER	= libgif.$(SOEXTENSION).$(LIBVER)
+ LIBUTILSO	= libutil.$(SOEXTENSION)
+@@ -146,12 +150,13 @@ install-lib:
+ 	$(INSTALL) -m 644 libgif.a "$(DESTDIR)$(LIBDIR)/libgif.a"
+ 	$(INSTALL) -m 755 $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOVER)"
+ 	ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
+ 	ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
+ install-man:
+-	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
+-	$(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
++	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1" "$(DESTDIR)$(MANDIR)/man7"
++	$(INSTALL) -m 644 $(MANUAL_PAGES_1:xml=1) "$(DESTDIR)$(MANDIR)/man1"
++	$(INSTALL) -m 644 $(MANUAL_PAGES_7:xml=7) "$(DESTDIR)$(MANDIR)/man7"
+ uninstall: uninstall-man uninstall-include uninstall-lib uninstall-bin
+ uninstall-bin:
+ 	cd "$(DESTDIR)$(BINDIR)" && rm -f $(INSTALLABLE)
+ uninstall-include:
+ 	rm -f "$(DESTDIR)$(INCDIR)/gif_lib.h"
+-- 
+2.43.0
+

main/giflib/correct-document-page-install.patch

@@ -0,0 +1,18 @@
+Description: Don't build the site HTML pages images.
+  It saves us to have ImageMagick as a b-depend.
+Author: David Suárez <[email protected]>
+Origin: vendor
+Last-Update: 2024-03-24
+Forwarded: not-needed
+
+--- a/doc/Makefile
++++ b/doc/Makefile
+@@ -46,7 +46,7 @@
+ 	convert $^ -resize 50x50 $@
+ 
+ # Philosophical choice: the website gets the internal manual pages
+-allhtml: $(XMLALL:.xml=.html) giflib-logo.gif
++allhtml: $(XMLALL:.xml=.html)
+ 
+ manpages: $(XMLMAN1:.xml=.1) $(XMLMAN7:.xml=.7) $(XMLINTERNAL:.xml=.1)
+