linux/meta-openembedded.git/meta-oe/recipes-devtools/giflib, branch master

giflib: mark CVE-2026-23868 patched

2026-04-06T16:46:30+00:00

The fix[1] that is referenced by the NVD advisory is already included in the current recipe version. [1]: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/ Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

giflib: upgrade 5.2.2 -> 6.1.2

2026-04-01T21:07:45+00:00

Drop patch that was merged upstream. License update: a copyright line was removed. The license is still MIT. Changes: Version 6.1.2 ============= Code Fixes ---------- * Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild, but not the core library - library clients need not be alarned. Version 6.1.1 ============= This release bumps the major version, but only one entry point - EGifSpew() - has changed signature and behavior (in order to be able to pass out a detailed error code). The internal error codes in the E_GIF_ERR series have changed value so none of them collides with GIF_ERROR. This code has been systematically audited and hardened wuth ChatGPT-5.2. The only library fixes reported by users or found by robot were for some memory leaks that could only triggered by severely malformed GIFs. Other bugs are edge-case failures in the CLI tools. The gif2rbg CLI tool has been moved to the "obsolete" bin, because its only deployment case in 2026 is as a piñata at fuzzer parties. Warning: the CLI tools in the obsolete category will soon be removed from the distribution entirely. The maintainer is tired of fielding junk bugs filed against them by would-be coup-counters who found yet another edge case, and the rest of the world doesn't need noisy CVEs that aren't actually DoS or security issues for giflib clients. Code Fixes ---------- * Fix for CVE-2021-40633. * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms * Fix SF bug #172 Incorrect object files in shared libutil on darwin * Fix SF bug #173 installation of manual pages and html documentation * Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject * Fix SF bug #177 wrong pointer used in giftool getbool * Fix SF bug #179 Path Traversal vulnerability * Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug * Fix SF bug #182 out‐of‐bounds writes in Icon2Gif * Fix SF bug #184 uninitialized buffer in DumpScreen2RGB * Fix SF bug #185 integer overflow in gifbg.c * Fix SF bug #186 integer overflow in Icon2Gif * Fix SF bug #187: CVE-2025-31344 * Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c * Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c * Fix SF bug #142 ABI break public symbol GifQuantizeBuffer Other bugs that duplicate these have breen addressesed by these fixes * SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller might want to write a GIF, modify the in-memory data, then write again. Tests ----- Test suite now emits TAP (Test Anything Protocol). Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

giflib: fix build with gold and avoid imagemagick-native dependency

2024-07-08T15:40:19+00:00

* avoid imagemagick-native like upstream did in: https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/ Signed-off-by: Martin Jansa Signed-off-by: Khem Raj

giflib: upgrade to version 5.2.2

2024-06-14T17:23:13+00:00

Upgrade to latest version giflib v5.2.2. This version fixes bugs listed in link below: Link: https://sourceforge.net/p/giflib/code/ci/5.2.2/tree/NEWS Fixes for CVE-2023-48161, CVE-2022-28506, CVE-2023-39742 Link: https://clients.neighbourhood.ie/yocto/1-40.html#:~:text=CVE%2D2023%2D39742%3A%20giflib%3Agiflib%2Dnative Added dependency on ImageMagick which includes "convert" utility, to ensure availability of required tool during compilation process. Add patch to rename binary used in Makefile from "convert" to "convert.im7" as installed by imagemagick package. Signed-off-by: Bhabu Bindu Signed-off-by: Khem Raj

Convert to new override syntax

2021-08-03T17:21:25+00:00

This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa

giflib: upgrade 5.1.4 -> 5.2.1

2021-05-24T14:39:35+00:00

* Project removed autotools configuration files. It is now a pure Makefile build so autotools are not required any more * Checked sources: Back ported CVE-patch can go Signed-off-by: Andreas Müller Signed-off-by: Khem Raj

giflib: apply patch for CVE-2019-15133 and set CVE_PRODUCT

2021-01-21T08:26:41+00:00

Backport upstream patch for CVE-2019-15133. Set CVE_PRODUCT to "giflib_project:giflib" which is used in NVD. https://nvd.nist.gov/vuln/detail/CVE-2019-15133 Signed-off-by: Mikko Rapeli Signed-off-by: Khem Raj

giflib: update to version 5.1.4

2016-05-10T18:18:29+00:00

- Remove EXTRA_OECONF to disable X11 support since direct X11 window rendering has been retired Signed-off-by: Derek Straka Signed-off-by: Martin Jansa

giflib: RDEPENDS on perl

2015-03-21T15:42:22+00:00

The giflib utility "gifburst" is a Perl-script, so make sure Perl is a run-time dependency for the giflib-utils package. This will silence file-rdeps QA issue. Signed-off-by: Magnus Olsson Signed-off-by: Martin Jansa

recipes: convert remaining SUMMARY/DESCRIPTION cosmetic issues

2014-02-23T22:20:02+00:00

Changes: - rename SUMMARY with length > 80 to DESCRIPTION - rename DESCRIPTION with length < 80 to (non present tag) SUMMARY - drop final point character at the end of SUMMARY string - remove trailing whitespace of SUMMARY line Note: don't bump PR Signed-off-by: Matthieu Crapet Signed-off-by: Martin Jansa