summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools/giflib
Commit message (Collapse)AuthorAgeFilesLines
* giflib: upgrade 6.1.2 -> 6.1.3Khem Raj2026-06-151-1/+1
| | | | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* giflib: mark CVE-2026-23868 patchedGyorgy Sarvari2026-04-061-0/+2
| | | | | | | | | | The fix[1] that is referenced by the NVD advisory is already included in the current recipe version. [1]: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* giflib: upgrade 5.2.2 -> 6.1.2Gyorgy Sarvari2026-04-012-37/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that was merged upstream. License update: a copyright line was removed. The license is still MIT. Changes: Version 6.1.2 ============= Code Fixes ---------- * Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild, but not the core library - library clients need not be alarned. Version 6.1.1 ============= This release bumps the major version, but only one entry point - EGifSpew() - has changed signature and behavior (in order to be able to pass out a detailed error code). The internal error codes in the E_GIF_ERR series have changed value so none of them collides with GIF_ERROR. This code has been systematically audited and hardened wuth ChatGPT-5.2. The only library fixes reported by users or found by robot were for some memory leaks that could only triggered by severely malformed GIFs. Other bugs are edge-case failures in the CLI tools. The gif2rbg CLI tool has been moved to the "obsolete" bin, because its only deployment case in 2026 is as a piñata at fuzzer parties. Warning: the CLI tools in the obsolete category will soon be removed from the distribution entirely. The maintainer is tired of fielding junk bugs filed against them by would-be coup-counters who found yet another edge case, and the rest of the world doesn't need noisy CVEs that aren't actually DoS or security issues for giflib clients. Code Fixes ---------- * Fix for CVE-2021-40633. * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms * Fix SF bug #172 Incorrect object files in shared libutil on darwin * Fix SF bug #173 installation of manual pages and html documentation * Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject * Fix SF bug #177 wrong pointer used in giftool getbool * Fix SF bug #179 Path Traversal vulnerability * Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug * Fix SF bug #182 out‐of‐bounds writes in Icon2Gif * Fix SF bug #184 uninitialized buffer in DumpScreen2RGB * Fix SF bug #185 integer overflow in gifbg.c * Fix SF bug #186 integer overflow in Icon2Gif * Fix SF bug #187: CVE-2025-31344 * Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c * Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c * Fix SF bug #142 ABI break public symbol GifQuantizeBuffer Other bugs that duplicate these have breen addressesed by these fixes * SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller might want to write a GIF, modify the in-memory data, then write again. Tests ----- Test suite now emits TAP (Test Anything Protocol). Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* giflib: fix build with gold and avoid imagemagick-native dependencyMartin Jansa2024-07-083-45/+39
| | | | | | | | * avoid imagemagick-native like upstream did in: https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/ Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* giflib: upgrade to version 5.2.2Nikhil R2024-06-142-3/+48
| | | | | | | | | | | | | | | | | | | Upgrade to latest version giflib v5.2.2. This version fixes bugs listed in link below: Link: https://sourceforge.net/p/giflib/code/ci/5.2.2/tree/NEWS Fixes for CVE-2023-48161, CVE-2022-28506, CVE-2023-39742 Link: https://clients.neighbourhood.ie/yocto/1-40.html#:~:text=CVE%2D2023%2D39742%3A%20giflib%3Agiflib%2Dnative Added dependency on ImageMagick which includes "convert" utility, to ensure availability of required tool during compilation process. Add patch to rename binary used in Makefile from "convert" to "convert.im7" as installed by imagemagick package. Signed-off-by: Bhabu Bindu <bhabubindu@kpit.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-3/+3
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* giflib: upgrade 5.1.4 -> 5.2.1Andreas Müller2021-05-242-32/+9
| | | | | | | | | * Project removed autotools configuration files. It is now a pure Makefile build so autotools are not required any more * Checked sources: Back ported CVE-patch can go Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* giflib: apply patch for CVE-2019-15133 and set CVE_PRODUCTMikko Rapeli2021-01-212-1/+29
| | | | | | | | | Backport upstream patch for CVE-2019-15133. Set CVE_PRODUCT to "giflib_project:giflib" which is used in NVD. https://nvd.nist.gov/vuln/detail/CVE-2019-15133 Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* giflib: update to version 5.1.4Derek Straka2016-05-101-5/+2
| | | | | | - Remove EXTRA_OECONF to disable X11 support since direct X11 window rendering has been retired Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* giflib: RDEPENDS on perlMagnus Olsson2015-03-211-0/+2
| | | | | | | | | | The giflib utility "gifburst" is a Perl-script, so make sure Perl is a run-time dependency for the giflib-utils package. This will silence file-rdeps QA issue. Signed-off-by: Magnus Olsson <magnus@minimum.se> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: convert remaining SUMMARY/DESCRIPTION cosmetic issuesMatthieu CRAPET2014-02-231-1/+1
| | | | | | | | | | | | | Changes: - rename SUMMARY with length > 80 to DESCRIPTION - rename DESCRIPTION with length < 80 to (non present tag) SUMMARY - drop final point character at the end of SUMMARY string - remove trailing whitespace of SUMMARY line Note: don't bump PR Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* giflib: don't link against libx11, don't depend on libsmAndreas Oberritter2012-03-021-2/+2
| | | | | | | | | libsm wasn't used unless libx11 was built before giflib. Therefore drop the dependency on libsm and disable x11 unconditionally like Debian does. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
* gitflib: add LIC_FILES_CHKSUMMartin Jansa2011-03-241-0/+1
|
* giflib: import from meta-shrKoen Kooi2011-03-231-0/+19
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>