Backport fix for CVE-2022-28506

CVE-2022-28506.patch

@@ -0,0 +1,15 @@
+diff -rupN giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c
+--- giflib-5.2.1/gif2rgb.c	2019-06-24 09:24:27.000000000 +0200
++++ giflib-5.2.1-new/gif2rgb.c	2022-07-21 09:58:28.256036156 +0200
+@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;

giflib.spec

@@ -1,7 +1,7 @@
 Name:          giflib
 Summary:       A library and utilities for processing GIFs
 Version:       5.2.1
-Release:       8%{?dist}
+Release:       9%{?dist}
 
 License:       MIT
 URL:           http://www.sourceforge.net/projects/%{name}/
@@ -12,6 +12,9 @@ Patch0:        giflib_quantize.patch
 Patch1:        giflib_coverity.patch
 # Generate HTML docs with consistent section IDs to avoid multilib difference
 Patch2:        giflib_html-docs-consistent-ids.patch
+# Backport fix for CVE-2022-28506
+# See https://sourceforge.net/u/mmuzila/giflib/ci/5b74cdd9c1285514eaa4675347ba3eea81d32c65/
+Patch3:        CVE-2022-28506.patch
 
 BuildRequires: gcc
 BuildRequires: make
@@ -74,6 +77,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a
 
 
 %changelog
+* Thu Jul 21 2022 Sandro Mani <manisandro@gmail.com> - 5.2.1-9
+- Backport fix for CVE-2022-28506
+
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.1-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild