public inbox for buildroot@busybox.net
 help / color / mirror / Atom feed
From: Bernd Kuhls <bernd@kuhls.net>
To: buildroot@buildroot.org
Subject: [Buildroot] [PATCH 3/3] package/giflib: security bump version to 6.1.2
Date: Sun, 15 Mar 2026 14:11:07 +0100	[thread overview]
Message-ID: <20260315131107.3959487-3-bernd@kuhls.net> (raw)
In-Reply-To: <20260315131107.3959487-1-bernd@kuhls.net>

https://sourceforge.net/p/giflib/code/ci/6.1.2/tree/NEWS

Patch 0001 was removed because it is included in this release:
https://sourceforge.net/p/giflib/code/ci/dd8b375e2a5ddfabb9709c99e38bbe0fd3b212a4/

Patch 0002 is not needed anymore because upstream removed gif2rgb from
the list of installable make targets:
https://sourceforge.net/p/giflib/code/ci/35dc68311aab89bb678ac422d1d18cd37246f803/

Updated license hash due to upstream commit
https://sourceforge.net/p/giflib/code/ci/4a425b734811799662762b3edc46458c180e3770/

The CVEs mentioned in the release notes (CVE-2021-40633 &
CVE-2025-31344) are related to gif2rgb only.

Build-tested using this defconfig:

  BR2_x86_64=y
  BR2_TOOLCHAIN_EXTERNAL=y
  BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
  BR2_PACKAGE_KODI=y
  BR2_PACKAGE_EFL=y
  # BR2_PACKAGE_EFL_EEZE is not set
  # BR2_PACKAGE_EFL_FONTCONFIG is not set
  # BR2_PACKAGE_EFL_GSTREAMER1 is not set
  # BR2_PACKAGE_EFL_LIBFRIBIDI is not set
  # BR2_PACKAGE_EFL_ELPUT is not set
  # BR2_PACKAGE_EFL_LIBSNDFILE is not set
  # BR2_PACKAGE_EFL_PULSEAUDIO is not set
  # BR2_PACKAGE_EFL_UTIL_LINUX_LIBMOUNT is not set
  BR2_PACKAGE_MESA3D=y
  BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SOFTPIPE=y
  BR2_PACKAGE_MESA3D_OPENGL_EGL=y
  BR2_PACKAGE_MESA3D_OPENGL_ES=y
  BR2_PACKAGE_XORG7=y
  BR2_PACKAGE_LUAJIT=y
  BR2_PACKAGE_OPENJDK=y
  BR2_PACKAGE_PYTHON3=y
  BR2_PACKAGE_PYTHON3_PY_ONLY=y
  BR2_PACKAGE_IMLIB2=y
  BR2_PACKAGE_IMLIB2_GIF=y
  BR2_PACKAGE_LEPTONICA=y
  BR2_PACKAGE_LIBGDIPLUS=y
  BR2_PACKAGE_WEBP=y
  BR2_PACKAGE_DLIB=y
  BR2_PACKAGE_GDAL=y

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 ...dd-targets-to-manage-static-building.patch | 73 -------------------
 ...veral-defects-found-by-Coverity-scan.patch | 61 ----------------
 package/giflib/giflib.hash                    | 10 +--
 package/giflib/giflib.mk                      |  4 +-
 4 files changed, 7 insertions(+), 141 deletions(-)
 delete mode 100644 package/giflib/0001-Makefile-add-targets-to-manage-static-building.patch
 delete mode 100644 package/giflib/0002-Fix-several-defects-found-by-Coverity-scan.patch

diff --git a/package/giflib/0001-Makefile-add-targets-to-manage-static-building.patch b/package/giflib/0001-Makefile-add-targets-to-manage-static-building.patch
deleted file mode 100644
index 31d7542e60..0000000000
--- a/package/giflib/0001-Makefile-add-targets-to-manage-static-building.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 409af8210f2256eed4d2c73083aa75975f03424b Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 12 Jul 2019 12:20:38 +0200
-Subject: [PATCH] Makefile: add targets to manage static building
-
-Add static-lib, shared-lib, install-static-lib and install-shared-lib
-targets to allow the user to build giflib when dynamic library support
-is not available or enable on the toolchain
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Dario: make the patch to be applied with fuzz factor 0]
-Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
-Upstream: https://sourceforge.net/p/giflib/code/merge-requests/7
----
- Makefile | 18 ++++++++++++++----
- 1 file changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 87966a96cd4f..4a93aace54b8 100644
---- a/Makefile
-+++ b/Makefile
-@@ -87,13 +87,20 @@ LIBUTILSO	= libutil.$(SOEXTENSION)
- LIBUTILSOMAJOR	= libutil.$(LIBMAJOR).$(SOEXTENSION)
- endif
- 
--all: $(LIBGIFSO) libgif.a $(LIBUTILSO) libutil.a $(UTILS)
-+SHARED_LIBS = $(LIBGIFSO) $(LIBUTILSO)
-+STATIC_LIBS = libgif.a libutil.a
-+
-+all: shared-lib static-lib $(UTILS)
- ifeq ($(UNAME), Darwin)
- else
- 	$(MAKE) -C doc
- endif
- 
--$(UTILS):: libgif.a libutil.a
-+$(UTILS):: $(STATIC_LIBS)
-+
-+shared-lib: $(SHARED_LIBS)
-+
-+static-lib: $(STATIC_LIBS)
- 
- $(LIBGIFSO): $(OBJECTS) $(HEADERS)
- ifeq ($(UNAME), Darwin)
-@@ -116,7 +123,7 @@ libutil.a: $(UOBJECTS) $(UHEADERS)
- 	$(AR) rcs libutil.a $(UOBJECTS)
- 
- clean:
--	rm -f $(UTILS) $(TARGET) libgetarg.a libgif.a $(LIBGIFSO) libutil.a $(LIBUTILSO) *.o
-+	rm -f $(UTILS) $(TARGET) libgetarg.a $(SHARED_LIBS) $(STATIC_LIBS) *.o
- 	rm -f $(LIBGIFSOVER)
- 	rm -f $(LIBGIFSOMAJOR)
- 	rm -fr doc/*.1 *.html doc/staging
-@@ -141,12 +148,15 @@ install-bin: $(INSTALLABLE)
- install-include:
- 	$(INSTALL) -d "$(DESTDIR)$(INCDIR)"
- 	$(INSTALL) -m 644 gif_lib.h "$(DESTDIR)$(INCDIR)"
--install-lib:
-+install-static-lib:
- 	$(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
- 	$(INSTALL) -m 644 libgif.a "$(DESTDIR)$(LIBDIR)/libgif.a"
-+install-shared-lib:
-+	$(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
- 	$(INSTALL) -m 755 $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOVER)"
- 	ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
- 	ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
-+install-lib: install-static-lib install-shared-lib
- install-man:
- 	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
- 	$(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
--- 
-2.43.0
-
diff --git a/package/giflib/0002-Fix-several-defects-found-by-Coverity-scan.patch b/package/giflib/0002-Fix-several-defects-found-by-Coverity-scan.patch
deleted file mode 100644
index 77f21b402e..0000000000
--- a/package/giflib/0002-Fix-several-defects-found-by-Coverity-scan.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 7c3bce4add77944e5b479ef5da81ae7fd71a7e95 Mon Sep 17 00:00:00 2001
-From: Sandro Mani <manisandro@gmail.com>
-Date: Tue, 5 Dec 2023 16:38:48 -0700
-Subject: [PATCH] Fix several defects found by Coverity scan
-
-From: giflib-5.2.1-17.fc39.src.rpm
-Upstream: Not submitted
-
-Signed-off-by: Sandro Mani <manisandro@gmail.com>
-Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
-[Fabrice: updated for 5.2.2]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Dario: make the patch to be applied with fuzz factor 0]
-Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
----
- gif2rgb.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/gif2rgb.c b/gif2rgb.c
-index d51226d65d3d..50c43ae44ee2 100644
---- a/gif2rgb.c
-+++ b/gif2rgb.c
-@@ -165,6 +165,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height,
- 	/* Open stdout for the output file: */
- 	if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) {
- 		PrintGifError(Error);
-+		free(OutputBuffer);
-+		GifFreeMapObject(OutputColorMap);
- 		exit(EXIT_FAILURE);
- 	}
- 
-@@ -173,6 +175,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height,
- 	    EGifPutImageDesc(GifFile, 0, 0, Width, Height, false, NULL) ==
- 	        GIF_ERROR) {
- 		PrintGifError(Error);
-+		free(OutputBuffer);
-+		GifFreeMapObject(OutputColorMap);
- 		exit(EXIT_FAILURE);
- 	}
- 
-@@ -182,6 +186,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height,
- 
- 	for (i = 0; i < Height; i++) {
- 		if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) {
-+			free(OutputBuffer);
-+			GifFreeMapObject(OutputColorMap);
- 			exit(EXIT_FAILURE);
- 		}
- 		GifQprintf("\b\b\b\b%-4d", Height - i - 1);
-@@ -191,6 +197,8 @@ static void SaveGif(GifByteType *OutputBuffer, int Width, int Height,
- 
- 	if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) {
- 		PrintGifError(Error);
-+		free(OutputBuffer);
-+		GifFreeMapObject(OutputColorMap);
- 		exit(EXIT_FAILURE);
- 	}
- }
--- 
-2.43.0
-
diff --git a/package/giflib/giflib.hash b/package/giflib/giflib.hash
index dcc384a523..8c1b1d06f5 100644
--- a/package/giflib/giflib.hash
+++ b/package/giflib/giflib.hash
@@ -1,6 +1,6 @@
-# From https://sourceforge.net/projects/giflib/files/giflib-5.x/
-md5  913dd251492134e235ee3c9a91987a4d  giflib-5.2.2.tar.gz
-sha1  608ba98d2dd8d03dfa7476f434d57de50a33e10b  giflib-5.2.2.tar.gz
+# From https://sourceforge.net/projects/giflib/files/giflib-6.x/
+md5  d4ad42777ef499a7c6f8aabf2ccf7716  giflib-6.1.2.tar.gz
+sha1  bf0440c7aee5a0a151d7abbbe3657d3c1998ce86  giflib-6.1.2.tar.gz
 # Locally computed
-sha256  be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb  giflib-5.2.2.tar.gz
-sha256  0c9b7990ecdca88b676db232c226548ac408b279f550d424d996f0d83591dd8e  COPYING
+sha256  2421abb54f5906b14965d28a278fb49e1ec9fe5ebbc56244dd012383a973d5c0  giflib-6.1.2.tar.gz
+sha256  ed5d90cb4a041bddad679470a071302ab05ae5d0ec2cf8f9c97ad7b2708751e6  COPYING
diff --git a/package/giflib/giflib.mk b/package/giflib/giflib.mk
index 00922ce2db..bb563ee689 100644
--- a/package/giflib/giflib.mk
+++ b/package/giflib/giflib.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-GIFLIB_VERSION_MAJOR = 5
-GIFLIB_VERSION = $(GIFLIB_VERSION_MAJOR).2.2
+GIFLIB_VERSION_MAJOR = 6
+GIFLIB_VERSION = $(GIFLIB_VERSION_MAJOR).1.2
 GIFLIB_SITE = https://sourceforge.net/projects/giflib/files/giflib-$(GIFLIB_VERSION_MAJOR).x
 GIFLIB_INSTALL_STAGING = YES
 GIFLIB_LICENSE = MIT
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  parent reply	other threads:[~2026-03-15 13:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-15 13:11 [Buildroot] [PATCH 1/3] package/giflib: update tarball URL Bernd Kuhls
2026-03-15 13:11 ` [Buildroot] [PATCH 2/3] package/kodi: allow build with giflib 6.x Bernd Kuhls
2026-03-15 13:11 ` Bernd Kuhls [this message]
2026-04-01 18:43 ` [Buildroot] [PATCH 1/3] package/giflib: update tarball URL Julien Olivain via buildroot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260315131107.3959487-3-bernd@kuhls.net \
    --to=bernd@kuhls.net \
    --cc=buildroot@buildroot.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox