commit: 17c1060c4b234c0201025918a0266f8fc28e81c9 Author: Brett A C Sheffield <bacs <AT> librecast <DOT> net> AuthorDate: Mon Mar 9 16:39:08 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Mar 11 14:23:49 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17c1060c
media-gfx/gifsicle: drop 1.93, 1.94 Security cleanup. Bug: https://bugs.gentoo.org/918436 Signed-off-by: Brett A C Sheffield <bacs <AT> librecast.net> Part-of: https://codeberg.org/gentoo/gentoo/pulls/274 Merges: https://codeberg.org/gentoo/gentoo/pulls/274 Signed-off-by: Sam James <sam <AT> gentoo.org> media-gfx/gifsicle/Manifest | 2 - .../files/gifsicle-1.94-CVE-2023-46009.patch | 94 ---------------------- media-gfx/gifsicle/gifsicle-1.93.ebuild | 31 ------- media-gfx/gifsicle/gifsicle-1.94.ebuild | 33 -------- 4 files changed, 160 deletions(-) diff --git a/media-gfx/gifsicle/Manifest b/media-gfx/gifsicle/Manifest index 39a76edaba02..c2f161d3a957 100644 --- a/media-gfx/gifsicle/Manifest +++ b/media-gfx/gifsicle/Manifest @@ -1,4 +1,2 @@ -DIST gifsicle-1.93.tar.gz 578194 BLAKE2B c5635fc736e2fd97278ab97377663f9702d2891cab5e19b16fa1aa53412ae48945d82ee42e9690208532cb854c99397ec4c1a11d4521454d8d40efd9adfd9d2a SHA512 1ace2c9597a405d69bb9dfa24764a3d7c7dd9864e1832d25a4a7ad2e32780038206b889711846d6e4dbc7189482d0d03874f18d86966ebffbc4ee10569c390d3 -DIST gifsicle-1.94.tar.gz 579194 BLAKE2B 0d6a734d6340938579633061cbff1f702c33adf7c206d3120488fa4a14eb69ef2f5838ee42b92cb371fa39398b57114c6315308d83fd951c399d9d6c3b3986d0 SHA512 5dc84332d929bc765b642f31fb79ed2998b193985070513cb3e412bca519c7c6065537c14df13e9860ae09dc5c66a06ca5475b1fdee62cd9509d42a5e2d0c9b6 DIST gifsicle-1.95.tar.gz 579636 BLAKE2B 32af2f786328b059745828ade184eea216e147abbb8023cb681c2d37a40a4abc9d0f32bb60a322b17f1af03a5e2c566b194e4c6a8d685e0697f90497294a9c81 SHA512 888bb3f4501ce3f12e810045bb432c9e56952df1def565e4a8983529856b00be8e79d9df148858fe2a327d1dd751eb71280e17c8e0426e68290b0dfe02247891 DIST gifsicle-1.96.tar.gz 587298 BLAKE2B 977f2ecf4f465c6dde9db67fcc3d96da4d5dbdcc169e788abfcf8eca32aad607139295939f4934400a6a9820d8446889ead2849d35df9705031fd808d9694214 SHA512 2ca9d24b23aaaaa5af10a34c6eb71549a5376952a98913da1c1139a274a5c57767bdfd937649d833f26f3ed1b838a056a2448babb398dadad7ab7ffbb660077b diff --git a/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch b/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch deleted file mode 100644 index 6b82c8ecdd0c..000000000000 --- a/media-gfx/gifsicle/files/gifsicle-1.94-CVE-2023-46009.patch +++ /dev/null @@ -1,94 +0,0 @@ -diff -Naurp a/src/giffunc.c b/src/giffunc.c ---- a/src/giffunc.c 2021-09-20 13:19:00.000000000 +0200 -+++ b/src/giffunc.c 2024-02-04 14:05:47.811880522 +0100 -@@ -466,8 +466,10 @@ Gif_CopyImage(Gif_Image *src) - void Gif_MakeImageEmpty(Gif_Image* gfi) { - Gif_ReleaseUncompressedImage(gfi); - Gif_ReleaseCompressedImage(gfi); -- gfi->left = gfi->top = 0; -- gfi->width = gfi->height = 1; -+ gfi->left = gfi->left < 0xFFFE ? gfi->left : 0xFFFE; -+ gfi->top = gfi->top < 0xFFFE ? gfi->top : 0xFFFE; -+ gfi->width = 1; -+ gfi->height = 1; - gfi->transparent = 0; - Gif_CreateUncompressedImage(gfi, 0); - gfi->img[0][0] = 0; -diff -Naurp a/src/support.c b/src/support.c ---- a/src/support.c 2023-06-14 17:47:12.000000000 +0200 -+++ b/src/support.c 2024-02-04 14:05:51.307885109 +0100 -@@ -1421,9 +1421,9 @@ analyze_crop(int nmerger, Gt_Crop* crop, - } - } - -- if (t > b) -+ if (t > b) { - crop->w = crop->h = 0; -- else { -+ } else { - crop->x = l; - crop->y = t; - crop->w = r - l; -@@ -1618,7 +1618,8 @@ merge_frame_interval(Gt_Frameset *fset, - desti->comment = 0; - } - if (fr->comment) { -- if (!desti->comment) desti->comment = Gif_NewComment(); -+ if (!desti->comment) -+ desti->comment = Gif_NewComment(); - merge_comments(desti->comment, fr->comment); - /* delete the comment early to help with memory; set field to 0 so we - don't re-free it later */ -@@ -1628,10 +1629,22 @@ merge_frame_interval(Gt_Frameset *fset, - - if (fr->interlacing >= 0) - desti->interlace = fr->interlacing; -- if (fr->left >= 0) -- desti->left = fr->left + (fr->position_is_offset ? desti->left : 0); -- if (fr->top >= 0) -- desti->top = fr->top + (fr->position_is_offset ? desti->top : 0); -+ if (fr->left >= 0) { -+ int left = fr->left + (fr->position_is_offset ? desti->left : 0); -+ if (left + desti->width > 65535) { -+ error(1, "left position %d out of range", left); -+ return 0; -+ } -+ desti->left = left; -+ } -+ if (fr->top >= 0) { -+ int top = fr->top + (fr->position_is_offset ? desti->top : 0); -+ if (top + desti->height > 65535) { -+ error(1, "top position %d out of range", top); -+ return 0; -+ } -+ desti->top = top; -+ } - - if (fr->delay >= 0) - desti->delay = fr->delay; -diff -Naurp a/src/xform.c b/src/xform.c ---- a/src/xform.c 2023-06-14 17:48:05.000000000 +0200 -+++ b/src/xform.c 2024-02-04 14:05:47.812880524 +0100 -@@ -262,18 +262,18 @@ crop_image(Gif_Image* gfi, Gt_Frame* fr, - gfi->img[j] = old_img[c.y + j] + c.x; - gfi->img[c.h] = 0; - Gif_DeleteArray(old_img); -+ gfi->left += c.x - fr->left_offset; -+ gfi->top += c.y - fr->top_offset; - gfi->width = c.w; - gfi->height = c.h; -- } else if (preserve_total_crop) -+ } else if (preserve_total_crop) { - Gif_MakeImageEmpty(gfi); -- else { -+ } else { - Gif_DeleteArray(gfi->img); - gfi->img = 0; - gfi->width = gfi->height = 0; - } - -- gfi->left += c.x - fr->left_offset; -- gfi->top += c.y - fr->top_offset; - return gfi->img != 0; - } - diff --git a/media-gfx/gifsicle/gifsicle-1.93.ebuild b/media-gfx/gifsicle/gifsicle-1.93.ebuild deleted file mode 100644 index 1fa660c84d9f..000000000000 --- a/media-gfx/gifsicle/gifsicle-1.93.ebuild +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DESCRIPTION="Create, manipulate, and optimize GIF images and animations" -HOMEPAGE="https://www.lcdf.org/~eddietwo/gifsicle/ https://github.com/kohler/gifsicle"; -SRC_URI="https://www.lcdf.org/~eddietwo/${PN}/${P}.tar.gz"; - -LICENSE="GPL-2 MIT" -SLOT="0" -KEYWORDS="~alpha amd64 ppc ~ppc64 ~sparc x86" -IUSE="X" - -RDEPEND=" - X? ( - x11-libs/libX11 - x11-libs/libXt - ) -" -DEPEND="${RDEPEND} - X? ( x11-base/xorg-proto )" - -DOCS=( - NEWS.md - README.md -) - -src_configure() { - econf $(use_enable X gifview) -} diff --git a/media-gfx/gifsicle/gifsicle-1.94.ebuild b/media-gfx/gifsicle/gifsicle-1.94.ebuild deleted file mode 100644 index b5b73cce8412..000000000000 --- a/media-gfx/gifsicle/gifsicle-1.94.ebuild +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DESCRIPTION="Create, manipulate, and optimize GIF images and animations" -HOMEPAGE="https://www.lcdf.org/~eddietwo/gifsicle/ https://github.com/kohler/gifsicle"; -SRC_URI="https://www.lcdf.org/~eddietwo/${PN}/${P}.tar.gz"; - -LICENSE="GPL-2 MIT" -SLOT="0" -KEYWORDS="~alpha amd64 ppc ~ppc64 ~sparc x86" -IUSE="X" - -PATCHES=( "${FILESDIR}/${P}-CVE-2023-46009.patch" ) - -RDEPEND=" - X? ( - x11-libs/libX11 - x11-libs/libXt - ) -" -DEPEND="${RDEPEND} - X? ( x11-base/xorg-proto )" - -DOCS=( - NEWS.md - README.md -) - -src_configure() { - econf $(use_enable X gifview) -}
