From 6031215ee18e2009ba1ee19870ff4ee6fb2d2456 Mon Sep 17 00:00:00 2001 From: ErrorNoInternet Date: Tue, 26 Aug 2025 23:35:19 +0800 Subject: [PATCH] Apply fix for CVE-2025-9300 --- libsixel-fix-cve-2025-9300.patch | 30 ++++++++++++++++++++++++++++++ libsixel.spec | 3 +++ 2 files changed, 33 insertions(+) create mode 100644 libsixel-fix-cve-2025-9300.patch diff --git a/libsixel-fix-cve-2025-9300.patch b/libsixel-fix-cve-2025-9300.patch new file mode 100644 index 0000000..39b1c37 --- /dev/null +++ b/libsixel-fix-cve-2025-9300.patch @@ -0,0 +1,30 @@ +From a384e96ac83a141c3e752026123325436eb5b8e8 Mon Sep 17 00:00:00 2001 +From: ErrorNoInternet +Date: Tue, 26 Aug 2025 23:24:14 +0800 +Subject: [PATCH] Fix CVE-2025-9300 + +Modified version of +https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1. +--- + src/encoder.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/encoder.c b/src/encoder.c +index 4a6a038..45061a1 100644 +--- a/src/encoder.c ++++ b/src/encoder.c +@@ -700,9 +700,9 @@ sixel_debug_print_palette( + fprintf(stderr, "palette:\n"); + for (i = 0; i < sixel_dither_get_num_of_palette_colors(dither); ++i) { + fprintf(stderr, "%d: #%02x%02x%02x\n", i, ++ palette[i * 3 + 0], + palette[i * 3 + 1], +- palette[i * 3 + 2], +- palette[i * 3 + 3]); ++ palette[i * 3 + 2]); + } + } + +-- +2.49.0 + diff --git a/libsixel.spec b/libsixel.spec index 3a0a97c..f0409c5 100644 --- a/libsixel.spec +++ b/libsixel.spec @@ -11,6 +11,9 @@ Source: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz # Taken from https://github.com/libsixel/libsixel/pull/89 Patch: libsixel-fix-bash-completions.patch +# https://github.com/saitoha/libsixel/issues/200 +Patch: libsixel-fix-cve-2025-9300.patch + BuildRequires: gcc BuildRequires: meson BuildRequires: pkgconfig(gdlib)