mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Gyorgy Sarvari
ddfd1cadb2
Drop patch that was merged upstream. License update: a copyright line was removed. The license is still MIT. Changes: Version 6.1.2 ============= Code Fixes ---------- * Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild, but not the core library - library clients need not be alarned. Version 6.1.1 ============= This release bumps the major version, but only one entry point - EGifSpew() - has changed signature and behavior (in order to be able to pass out a detailed error code). The internal error codes in the E_GIF_ERR series have changed value so none of them collides with GIF_ERROR. This code has been systematically audited and hardened wuth ChatGPT-5.2. The only library fixes reported by users or found by robot were for some memory leaks that could only triggered by severely malformed GIFs. Other bugs are edge-case failures in the CLI tools. The gif2rbg CLI tool has been moved to the "obsolete" bin, because its only deployment case in 2026 is as a piñata at fuzzer parties. Warning: the CLI tools in the obsolete category will soon be removed from the distribution entirely. The maintainer is tired of fielding junk bugs filed against them by would-be coup-counters who found yet another edge case, and the rest of the world doesn't need noisy CVEs that aren't actually DoS or security issues for giflib clients. Code Fixes ---------- * Fix for CVE-2021-40633. * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms * Fix SF bug #172 Incorrect object files in shared libutil on darwin * Fix SF bug #173 installation of manual pages and html documentation * Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject * Fix SF bug #177 wrong pointer used in giftool getbool * Fix SF bug #179 Path Traversal vulnerability * Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug * Fix SF bug #182 out‐of‐bounds writes in Icon2Gif * Fix SF bug #184 uninitialized buffer in DumpScreen2RGB * Fix SF bug #185 integer overflow in gifbg.c * Fix SF bug #186 integer overflow in Icon2Gif * Fix SF bug #187: CVE-2025-31344 * Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c * Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c * Fix SF bug #142 ABI break public symbol GifQuantizeBuffer Other bugs that duplicate these have breen addressesed by these fixes * SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller might want to write a GIF, modify the in-memory data, then write again. Tests ----- Test suite now emits TAP (Test Anything Protocol). Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>