Add patch for CVE-2023-39742

fix-get-args-segment-violation.patch

@@ -0,0 +1,24 @@
+Description: Fix segmentation faults due to non correct checking for args
+Author: David Suárez <david.sephirot@gmail.com>
+Origin: vendor
+Bug: https://sourceforge.net/p/giflib/bugs/153/
+Bug-Debian: https://bugs.debian.org/715963
+Bug-Debian: https://bugs.debian.org/715964
+Bug-Debian: https://bugs.debian.org/715967
+Last-Update: 2020-12-20
+
+--- a/getarg.c
++++ b/getarg.c
+@@ -305,6 +305,12 @@
+     int i = 0, ScanRes;
+ 
+     while (!(ISSPACE(CtrlStrCopy[i]))) {
++
++        if ((*argv) == argv_end) {
++            GAErrorToken = Option;
++            return CMD_ERR_NumRead;
++        }
++
+         switch (CtrlStrCopy[i + 1]) {
+           case 'd':    /* Get signed integers. */
+               ScanRes = sscanf(*((*argv)++), "%d",

giflib.spec

@@ -1,7 +1,7 @@
 Name:          giflib
 Summary:       A library and utilities for processing GIFs
 Version:       5.2.1
-Release:       16%{?dist}
+Release:       17%{?dist}
 
 License:       MIT
 URL:           http://www.sourceforge.net/projects/%{name}/
@@ -17,6 +17,10 @@ Patch2:        giflib_html-docs-consistent-ids.patch
 # Backport fix for CVE-2022-28506
 # See https://sourceforge.net/u/mmuzila/giflib/ci/5b74cdd9c1285514eaa4675347ba3eea81d32c65/
 Patch3:        CVE-2022-28506.patch
+# Fix segmentation faults when invoking tools with incorrect arguments (CVE-2023-39742)
+# Taken from Debian package
+Patch4:        fix-get-args-segment-violation.patch
+
 
 BuildRequires: cmake
 BuildRequires: gcc
@@ -148,6 +152,9 @@ rm -rf %{buildroot}%{mingw64_mandir}
 
 
 %changelog
+* Thu Sep 14 2023 Sandro Mani <manisandro@gmail.com> - 5.2.1-17
+- Add patch for CVE-2023-39742
+
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.1-16
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild