From 4a93a8319637ebb8be33c126da28242201d6fa70 Mon Sep 17 00:00:00 2001
From: Adam Duskett <adam.duskett@amarulasolutions.com>
Date: Tue, 5 Dec 2023 16:59:17 -0700
Subject: [PATCH] package/giflib/0002-Fix-CVE-2022-28506.patch: New security
 patch

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: add GIFLIB_IGNORE_CVES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
 package/giflib/0002-Fix-CVE-2022-28506.patch | 34 ++++++++++++++++++++
 package/giflib/giflib.mk                     |  3 ++
 2 files changed, 37 insertions(+)
 create mode 100644 package/giflib/0002-Fix-CVE-2022-28506.patch

diff --git a/package/giflib/0002-Fix-CVE-2022-28506.patch b/package/giflib/0002-Fix-CVE-2022-28506.patch
new file mode 100644
index 0000000000..35d5f60a95
--- /dev/null
+++ b/package/giflib/0002-Fix-CVE-2022-28506.patch
@@ -0,0 +1,34 @@
+From c0cca041fc4fb6748d8dff3675fe7a839253d668 Mon Sep 17 00:00:00 2001
+From: Sandro Mani <manisandro@gmail.com>
+Date: Tue, 5 Dec 2023 16:24:32 -0700
+Subject: [PATCH] Fix CVE-2022-28506
+
+From: giflib-5.2.1-17.fc39.src.rpm
+Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-28506
+Upstream: https://sourceforge.net/p/giflib/bugs/159/
+
+Signed-off-by: Sandro Mani <manisandro@gmail.com>
+Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
+---
+ gif2rgb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index 8d7c0ff..d9a469f 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;
+-- 
+2.43.0
+
diff --git a/package/giflib/giflib.mk b/package/giflib/giflib.mk
index d47edfaa8b..1207eafa16 100644
--- a/package/giflib/giflib.mk
+++ b/package/giflib/giflib.mk
@@ -11,6 +11,9 @@ GIFLIB_LICENSE = MIT
 GIFLIB_LICENSE_FILES = COPYING
 GIFLIB_CPE_ID_VENDOR = giflib_project
 
+# 0002-Fix-CVE-2022-28506.patch
+GIFLIB_IGNORE_CVES = CVE-2022-28506
+
 ifeq ($(BR2_STATIC_LIBS),y)
 GIFLIB_BUILD_LIBS = static-lib
 GIFLIB_INSTALL_LIBS = install-static-lib