giflib: upgrade to version 5.2.2

Upgrade to latest version giflib v5.2.2.

This version fixes bugs listed in link below:
Link: https://sourceforge.net/p/giflib/code/ci/5.2.2/tree/NEWS

Fixes for CVE-2023-48161, CVE-2022-28506, CVE-2023-39742
Link: https://clients.neighbourhood.ie/yocto/1-40.html#:~:text=CVE%2D2023%2D39742%3A%20giflib%3Agiflib%2Dnative

Added dependency on ImageMagick which includes "convert" utility,
to ensure availability of required tool during compilation process.

Add patch to rename binary used in Makefile from
"convert" to "convert.im7" as installed by imagemagick package.

Drop CVE-2022-28506.patch as it is fixed in this version.

Signed-off-by: Bhabu Bindu <bhabubindu@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

3 files changed, 46 insertions, 43 deletions

diff --git a/meta-oe/recipes-devtools/giflib/files/CVE-2022-28506.patch b/meta-oe/recipes-devtools/giflib/files/CVE-2022-28506.patch
deleted file mode 100644
index 221e10811a..0000000000
--- a/meta-oe/recipes-devtools/giflib/files/CVE-2022-28506.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 368f28c0034ecfb6dd4b3412af4cc589a56e0611 Mon Sep 17 00:00:00 2001
-From: Matej Muzila <mmuzila@redhat.com>
-Date: Mon, 30 May 2022 09:04:27 +0200
-Subject: [PATCH] Fix heap-buffer overflow (CVE-2022-28506)
-
-There is a heap buffer overflow in DumpScreen2RGB() in gif2rgb.c.  This
-occurs when a crafted gif file, where size of color table is < 256 but
-image data contains pixels with color code highier than size of color
-table. This causes oferflow of ColorMap->Colors array.
-
-Fix the issue by checking if value of each pixel is within bounds of
-given color table. If the value is out of color table, print error
-message and exit.
-
-Fixes: #159
-
-Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/5b74cdd9c1285514eaa4675347ba3eea81d32c65/]
-Signed-off-by: nikhil r <nikhil.r@kpit.com>
----
- gif2rgb.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/gif2rgb.c b/gif2rgb.c
-index 8d7c0ff..d9a469f 100644
---- a/gif2rgb.c
-+++ b/gif2rgb.c
-@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
-             GifRow = ScreenBuffer[i];
-             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
-             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
-+                /* Check if color is within color palete */
-+                if (GifRow[j] >= ColorMap->ColorCount)
-+                {
-+                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
-+                }
-                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
-                 *BufferP++ = ColorMapEntry->Red;
-                 *BufferP++ = ColorMapEntry->Green;
--- 
-2.25.1
diff --git a/meta-oe/recipes-devtools/giflib/files/add_suffix_to_convert_binary_used_in_Makefile.patch b/meta-oe/recipes-devtools/giflib/files/add_suffix_to_convert_binary_used_in_Makefile.patch
new file mode 100644
index 0000000000..a01b28ac6d
--- /dev/null
+++ b/meta-oe/recipes-devtools/giflib/files/add_suffix_to_convert_binary_used_in_Makefile.patch
@@ -0,0 +1,42 @@
+Subject: Modify binary name "convert" to "convert.im7"
+
+The change is needed to resolve the below compilation error
+after giflib version upgrade. Log data follows:
+| DEBUG: Executing shell function do_compile
+| NOTE: make -j 8
+| make -C doc
+| make[1]: Entering directory '../giflib/5.2.2/giflib-5.2.2/doc'
+| convert ../pic/gifgrid.gif -resize 50x50 giflib-logo.gif
+| make[1]: convert: No such file or directory
+| make[1]: *** [Makefile:46: giflib-logo.gif] Error 127
+| make[1]: Leaving directory '../giflib/5.2.2/giflib-5.2.2/doc'
+| make: *** [Makefile:93: all] Error 2
+| ERROR: oe_runmake failed
+
+Added dependency on ImageMagick which includes "convert" utility,
+to ensure availability of required tool during compilation process.
+
+This patch updates the binary name used in Makefile from
+"convert" to "convert.im7" for resizing the logo image used in HTML
+documentation as Imagemagick installs binary in this format.
+
+Below commits justify the cause of adding the suffix to binaries
+provided by ImageMagic package:
+https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/imagemagick?id=dcbb49f707e7ad9bf755dd3275ffc442154b8144
+https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/imagemagick?id=6e0c24e9b3f9d430dec57f61f8c12c74bca5375d
+
+Signed-off-by:   Bhabu Bindu <bhabubindu@kpit.com>
+Upstream-Status: Inappropriate [OE specific]
+
+===================================================================
+--- a/doc/Makefile
++++ b/doc/Makefile
+@@ -43,7 +43,7 @@
+ 
+ # Logo image file for HTML docs
+ giflib-logo.gif: ../pic/gifgrid.gif
+-       convert $^ -resize 50x50 $@
++       convert.im7 $^ -resize 50x50 $@
+ 
+ # Philosophical choice: the website gets the internal manual pages
+ allhtml: $(XMLALL:.xml=.html) giflib-logo.gif
diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
index 011ca1ffb7..7d8a175fe3 100644
--- a/meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb
+++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
@@ -5,12 +5,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ae11c61b04b2917be39b11f78d71519a"
 
 CVE_PRODUCT = "giflib_project:giflib"
 
-DEPENDS = "xmlto-native"
+DEPENDS = "xmlto-native imagemagick-native"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \
-           file://CVE-2022-28506.patch"
+           file://add_suffix_to_convert_binary_used_in_Makefile.patch"
+
+SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb"
 
-SRC_URI[sha256sum] = "31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd"
 
 do_install() {
     # using autotools's default will end up in /usr/local