From 3ee93968e10126adc7dad5c8872f0170c3421e13 Mon Sep 17 00:00:00 2001
From: zorz <zorz@krypt.sh>
Date: Tue, 5 May 2026 18:29:35 +0300
Subject: various obsolette

---
 giflib/Pkgfile                             | 25 +++++++++++++++++
 giflib/giflib-5.2.2-security_fixes-1.patch | 27 ++++++++++++++++++
 giflib/giflib-5.2.2-upstream_fixes-1.patch | 45 ++++++++++++++++++++++++++++++
 3 files changed, 97 insertions(+)
 create mode 100644 giflib/Pkgfile
 create mode 100644 giflib/giflib-5.2.2-security_fixes-1.patch
 create mode 100644 giflib/giflib-5.2.2-upstream_fixes-1.patch

(limited to 'giflib')

diff --git a/giflib/Pkgfile b/giflib/Pkgfile
new file mode 100644
index 0000000..781445a
--- /dev/null
+++ b/giflib/Pkgfile
@@ -0,0 +1,25 @@
+# Description: A compressed GIF library compatible with libungif
+# URL: https://giflib.sourceforge.net
+# Maintainer: zorz, zorz at gmx dot com
+
+name=giflib
+version=5.2.2
+release=2
+source=(https://sourceforge.net/projects/giflib/files/$name-$version.tar.gz
+  giflib-5.2.2-security_fixes-1.patch
+  giflib-5.2.2-upstream_fixes-1.patch)
+
+build() {
+  cd $name-$version
+
+  sed -e "/\$(MAKE) -C doc$/d" -i Makefile
+
+  patch -Np1 -i $SRC/giflib-5.2.2-security_fixes-1.patch
+  patch -Np1 -i $SRC/giflib-5.2.2-upstream_fixes-1.patch
+
+  make
+  make PREFIX=$PKG/usr install
+
+  install -vDm 644 doc/*.1 -t $PKG/usr/share/man/man1/
+  install -vDm 644 doc/*.7 -t $PKG/usr/share/man/man7/
+}
diff --git a/giflib/giflib-5.2.2-security_fixes-1.patch b/giflib/giflib-5.2.2-security_fixes-1.patch
new file mode 100644
index 0000000..b81d28a
--- /dev/null
+++ b/giflib/giflib-5.2.2-security_fixes-1.patch
@@ -0,0 +1,27 @@
+Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
+Date:                    2025-05-19
+Initial Package Version: 5.2.2
+Upstream Status:         Abandoned
+Origin:                  OpenMandriva (see BLFS Ticket #21574)
+Description:             Fixes several CVEs in giflib that are known to lead to
+                         a heap buffer overflow. The CVEs in question are
+                         CVE-2025-31344, CVE-2024-45993, CVE-2023-48161, and
+                         CVE-2022-28506. The CVEs are all rated High, and are
+                         known to cause crashes with a lower chance of impacts
+                         including arbitrary code execution.
+
+diff -Naurp giflib-5.2.2.orig/gif2rgb.c giflib-5.2.2/gif2rgb.c
+--- giflib-5.2.2.orig/gif2rgb.c	2024-02-18 21:01:28.000000000 -0600
++++ giflib-5.2.2/gif2rgb.c	2025-05-19 15:23:36.911153908 -0500
+@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileNam
+ 			GifRow = ScreenBuffer[i];
+ 			GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+ 			for (j = 0; j < ScreenWidth; j++) {
++            /* Check if color is within color palete */
++            if (GifRow[j] >= ColorMap->ColorCount) {
++               GIF_EXIT(GifErrorString(
++                   D_GIF_ERR_IMAGE_DEFECT));
++            }
+ 				ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+ 				Buffers[0][j] = ColorMapEntry->Red;
+ 				Buffers[1][j] = ColorMapEntry->Green;
diff --git a/giflib/giflib-5.2.2-upstream_fixes-1.patch b/giflib/giflib-5.2.2-upstream_fixes-1.patch
new file mode 100644
index 0000000..798d8b6
--- /dev/null
+++ b/giflib/giflib-5.2.2-upstream_fixes-1.patch
@@ -0,0 +1,45 @@
+Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
+Date:                    2024-03-02
+Initial Package Version: 5.2.2
+Origin:                  Upstream (thanks to Joe Locash for the pointer)
+Upstream Status:         Applied
+Description:             Prevents giflib from installing XML files into
+                         /usr/share/man/man1 instead of manual pages.
+
+diff -Naurp giflib-5.2.2.orig/Makefile giflib-5.2.2/Makefile
+--- giflib-5.2.2.orig/Makefile	2024-03-02 12:53:46.244595714 -0600
++++ giflib-5.2.2/Makefile	2024-03-02 12:55:35.428874223 -0600
+@@ -63,15 +63,19 @@ UTILS = $(INSTALLABLE) \
+ 
+ LDLIBS=libgif.a -lm
+ 
+-MANUAL_PAGES = \
++MANUAL_PAGES_1 = \
+ 	doc/gif2rgb.xml \
+ 	doc/gifbuild.xml \
+ 	doc/gifclrmp.xml \
+ 	doc/giffix.xml \
+-	doc/giflib.xml \
+ 	doc/giftext.xml \
+ 	doc/giftool.xml
+ 
++MANUAL_PAGES_7 = \
++	doc/giflib.xml
++
++MANUAL_PAGES = $(MANUAL_PAGES_1) $(MANUAL_PAGES_7)
++
+ SOEXTENSION	= so
+ LIBGIFSO	= libgif.$(SOEXTENSION)
+ LIBGIFSOMAJOR	= libgif.$(SOEXTENSION).$(LIBMAJOR)
+@@ -148,8 +152,9 @@ install-lib:
+ 	ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
+ 	ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
+ install-man:
+-	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
+-	$(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
++	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1" "$(DESTDIR)$(MANDIR)/man7"
++	$(INSTALL) -m 644 $(MANUAL_PAGES_1:xml=1) "$(DESTDIR)$(MANDIR)/man1"
++	$(INSTALL) -m 644 $(MANUAL_PAGES_7:xml=7) "$(DESTDIR)$(MANDIR)/man7"
+ uninstall: uninstall-man uninstall-include uninstall-lib uninstall-bin
+ uninstall-bin:
+ 	cd "$(DESTDIR)$(BINDIR)" && rm -f $(INSTALLABLE)
-- 
cgit v1.2.3