pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/graphics
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 10 20:40:57 UTC 2026
Modified Files:
pkgsrc/graphics/giflib: Makefile Makefile.common distinfo
pkgsrc/graphics/giflib-util: Makefile PLIST
pkgsrc/graphics/giflib/patches: patch-Makefile
Removed Files:
pkgsrc/graphics/giflib/patches: patch-CVE-2025-31344
Log Message:
giflib*: update to 6.1.2
Version 6.1.2
=============
Code Fixes
----------
* Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild,
but not the core library - library clients need not be alarned.
Version 6.1.1
=============
This release bumps the major version, but only one entry point -
EGifSpew() - has changed signature and behavior (in order to be able
to pass out a detailed error code). The internal error
codes in the E_GIF_ERR series have changed value so none of them
collides with GIF_ERROR.
This code has been systematically audited and hardened wuth
ChatGPT-5.2. The only library fixes reported by users or found by
robot were for some memory leaks that could only triggered by severely
malformed GIFs. Other bugs are edge-case failures in the CLI tools.
The gif2rbg CLI tool has been moved to the "obsolete" bin, because its
only deployment case in 2026 is as a piñata at fuzzer parties.
Warning: the CLI tools in the obsolete category will soon be removed
from the distribution entirely. The maintainer is tired of fielding
junk bugs filed against them by would-be coup-counters who found yet
another edge case, and the rest of the world doesn't need noisy CVEs
that aren't actually DoS or security issues for giflib clients.
Code Fixes
----------
* Fix for CVE-2021-40633.
* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap
* Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms
* Fix SF bug #172 Incorrect object files in shared libutil on darwin
* Fix SF bug #173 installation of manual pages and html documentation
* Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject
* Fix SF bug #177 wrong pointer used in giftool getbool
* Fix SF bug #179 Path Traversal vulnerability
* Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug
* Fix SF bug #182 out‐of‐bounds writes in Icon2Gif
* Fix SF bug #184 uninitialized buffer in DumpScreen2RGB
* Fix SF bug #185 integer overflow in gifbg.c
* Fix SF bug #186 integer overflow in Icon2Gif
* Fix SF bug #187: CVE-2025-31344
* Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow
* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap
* Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c
* Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c
* Fix SF bug #142 ABI break public symbol GifQuantizeBuffer
Other bugs that duplicate these have breen addressesed by these fixes
* SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller
might want to write a GIF, modify the in-memory data, then write
again.
Tests
-----
Test suite now emits TAP (Test Anything Protocol).
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/graphics/giflib/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/graphics/giflib/Makefile.common
cvs rdiff -u -r1.31 -r1.32 pkgsrc/graphics/giflib/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/graphics/giflib-util/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/graphics/giflib-util/PLIST
cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/giflib/patches/patch-CVE-2025-31344
cvs rdiff -u -r1.9 -r1.10 pkgsrc/graphics/giflib/patches/patch-Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/giflib/Makefile
diff -u pkgsrc/graphics/giflib/Makefile:1.60 pkgsrc/graphics/giflib/Makefile:1.61
--- pkgsrc/graphics/giflib/Makefile:1.60 Sun May 4 11:19:19 2025
+++ pkgsrc/graphics/giflib/Makefile Tue Mar 10 20:40:57 2026
@@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.60 2025/05/04 11:19:19 nia Exp $
+# $NetBSD: Makefile,v 1.61 2026/03/10 20:40:57 wiz Exp $
.include "Makefile.common"
-PKGREVISION= 1
-
COMMENT= GIF image format library
CONFLICTS+= libungif-[0-9]*
# clang: error: no such file or directory: 'dgif_lib.o'
# clang: error: no such file or directory: 'egif_lib.o'
-MAKE_JOBS_SAFE= no
+#MAKE_JOBS_SAFE= no
INSTALL_TARGET= install-include
INSTALL_TARGET+= install-lib
+TEST_TARGET= check
+
.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/graphics/giflib/Makefile.common
diff -u pkgsrc/graphics/giflib/Makefile.common:1.16 pkgsrc/graphics/giflib/Makefile.common:1.17
--- pkgsrc/graphics/giflib/Makefile.common:1.16 Mon Nov 17 11:00:55 2025
+++ pkgsrc/graphics/giflib/Makefile.common Tue Mar 10 20:40:57 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.16 2025/11/17 11:00:55 wiz Exp $
+# $NetBSD: Makefile.common,v 1.17 2026/03/10 20:40:57 wiz Exp $
# used by graphics/giflib/Makefile
# used by graphics/giflib-util/Makefile
-DISTNAME= giflib-5.2.2
+DISTNAME= giflib-6.1.2
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=giflib/}
@@ -16,3 +16,5 @@ DISTINFO_FILE= ${.CURDIR}/../../graphics
USE_LANGUAGES= c c++
USE_LIBTOOL= yes
USE_TOOLS+= gmake
+
+CFLAGS.NetBSD+= -DHAVE_REALLOCARRAY
Index: pkgsrc/graphics/giflib/distinfo
diff -u pkgsrc/graphics/giflib/distinfo:1.31 pkgsrc/graphics/giflib/distinfo:1.32
--- pkgsrc/graphics/giflib/distinfo:1.31 Sun May 4 11:19:19 2025
+++ pkgsrc/graphics/giflib/distinfo Tue Mar 10 20:40:57 2026
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.31 2025/05/04 11:19:19 nia Exp $
+$NetBSD: distinfo,v 1.32 2026/03/10 20:40:57 wiz Exp $
-BLAKE2s (giflib-5.2.2.tar.gz) = 2a24163a1af876f9241b5971a7e523f054d131661435e4a3ab11b7cf6acc20f1
-SHA512 (giflib-5.2.2.tar.gz) = 0865ab2b1904fa14640c655fdb14bb54244ad18a66e358565c00287875d00912343f9be8bfac7658cc0146200d626f7ec9160d7a339f20ba3be6b9941d73975f
-Size (giflib-5.2.2.tar.gz) = 447175 bytes
-SHA1 (patch-CVE-2025-31344) = ea977fd36f1e7bb03844dd8eae9a6e70ceb5d4d6
-SHA1 (patch-Makefile) = f7dcce252760dfdcafee46513936d6a2a6fcd668
+BLAKE2s (giflib-6.1.2.tar.gz) = 4a11ffb04a0e4b68025385a55e5d96141349612c91444b66152f8b9fba045004
+SHA512 (giflib-6.1.2.tar.gz) = 523cf2a9941c6ddb903bf5ec22ecbf5a283c9470c1c85229360ab4137227a9e4a64b799e3ff0ca1f9f3b9de0fafe197a43fccd3c043239e76561f7b5ede59193
+Size (giflib-6.1.2.tar.gz) = 469032 bytes
+SHA1 (patch-Makefile) = 6f702c821b4da37ce126a6c896ac1b75884f09b6
Index: pkgsrc/graphics/giflib-util/Makefile
diff -u pkgsrc/graphics/giflib-util/Makefile:1.16 pkgsrc/graphics/giflib-util/Makefile:1.17
--- pkgsrc/graphics/giflib-util/Makefile:1.16 Sun May 4 11:19:20 2025
+++ pkgsrc/graphics/giflib-util/Makefile Tue Mar 10 20:40:57 2026
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2025/05/04 11:19:20 nia Exp $
+# $NetBSD: Makefile,v 1.17 2026/03/10 20:40:57 wiz Exp $
.include "../../graphics/giflib/Makefile.common"
PKGNAME= ${DISTNAME:S/-/-util-/}
-PKGREVISION= 1
COMMENT= GIF image format utility
Index: pkgsrc/graphics/giflib-util/PLIST
diff -u pkgsrc/graphics/giflib-util/PLIST:1.6 pkgsrc/graphics/giflib-util/PLIST:1.7
--- pkgsrc/graphics/giflib-util/PLIST:1.6 Wed Sep 18 23:02:59 2024
+++ pkgsrc/graphics/giflib-util/PLIST Tue Mar 10 20:40:57 2026
@@ -1,5 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2024/09/18 23:02:59 nia Exp $
-bin/gif2rgb
+@comment $NetBSD: PLIST,v 1.7 2026/03/10 20:40:57 wiz Exp $
bin/gifbuild
bin/gifclrmp
bin/giffix
Index: pkgsrc/graphics/giflib/patches/patch-Makefile
diff -u pkgsrc/graphics/giflib/patches/patch-Makefile:1.9 pkgsrc/graphics/giflib/patches/patch-Makefile:1.10
--- pkgsrc/graphics/giflib/patches/patch-Makefile:1.9 Thu Sep 19 09:01:15 2024
+++ pkgsrc/graphics/giflib/patches/patch-Makefile Tue Mar 10 20:40:57 2026
@@ -1,58 +1,38 @@
-$NetBSD: patch-Makefile,v 1.9 2024/09/19 09:01:15 nia Exp $
+$NetBSD: patch-Makefile,v 1.10 2026/03/10 20:40:57 wiz Exp $
- Libtoolize.
- Allow override of PREFIX.
- Allow separate installation of utilities.
- Move quantize.c back into libgif.so to fix various library users.
---- Makefile.orig 2024-02-19 01:01:50.000000000 +0000
+--- Makefile.orig 2026-03-10 17:50:52.000000000 +0000
+++ Makefile
-@@ -8,13 +8,13 @@
- #
- OFLAGS = -O0 -g
- OFLAGS = -O2
--CFLAGS = -std=gnu99 -fPIC -Wall -Wno-format-truncation $(OFLAGS)
-+CFLAGS += -std=gnu99 -fPIC
-
- SHELL = /bin/sh
- TAR = tar
- INSTALL = install
-
--PREFIX = /usr/local
-+PREFIX?= /usr/local
- BINDIR = $(PREFIX)/bin
- INCDIR = $(PREFIX)/include
- LIBDIR = $(PREFIX)/lib
-@@ -29,13 +29,13 @@ LIBPOINT=0
- LIBVER=$(LIBMAJOR).$(LIBMINOR).$(LIBPOINT)
-
+@@ -36,11 +36,11 @@ HEADERS = gif_hash.h gif_lib.h gif_lib_private.h
SOURCES = dgif_lib.c egif_lib.c gifalloc.c gif_err.c gif_font.c \
-- gif_hash.c openbsd-reallocarray.c
-+ gif_hash.c openbsd-reallocarray.c quantize.c
+ gif_hash.c openbsd-reallocarray.c quantize.c
HEADERS = gif_hash.h gif_lib.h gif_lib_private.h
-OBJECTS = $(SOURCES:.c=.o)
+OBJECTS = $(SOURCES:.c=.lo)
--USOURCES = qprintf.c quantize.c getarg.c
-+USOURCES = qprintf.c getarg.c
+ USOURCES = qprintf.c getarg.c
UHEADERS = getarg.h
-UOBJECTS = $(USOURCES:.c=.o)
+UOBJECTS = $(USOURCES:.c=.lo)
UNAME:=$(shell uname)
-@@ -61,7 +61,7 @@ UTILS = $(INSTALLABLE) \
- gifsponge \
- gifwedge
+@@ -75,7 +75,7 @@ UTILS = $(INSTALLABLE) \
+ gifwedge \
+ gif2rgb
-LDLIBS=libgif.a -lm
+LDLIBS=-lm
- MANUAL_PAGES = \
- doc/gif2rgb.xml \
-@@ -72,45 +72,30 @@ MANUAL_PAGES = \
- doc/giftext.xml \
- doc/giftool.xml
+ MANUAL_PAGES_1 = \
+ doc/gifbuild.xml \
+@@ -91,52 +91,37 @@ MANUAL_PAGES_7_MAN = $(MANUAL_PAGES_7:%.xml=%.7)
+ MANUAL_PAGES_1_MAN = $(MANUAL_PAGES_1:%.xml=%.1)
+ MANUAL_PAGES_7_MAN = $(MANUAL_PAGES_7:%.xml=%.7)
-SOEXTENSION = so
+SOEXTENSION = la
@@ -70,66 +50,79 @@ $NetBSD: patch-Makefile,v 1.9 2024/09/19
-LIBUTILSOMAJOR = libutil.$(LIBMAJOR).$(SOEXTENSION)
-endif
--all: $(LIBGIFSO) libgif.a $(LIBUTILSO) libutil.a $(UTILS)
+ SHARED_LIBS = $(LIBGIFSO) $(LIBUTILSO)
+ STATIC_LIBS = libgif.a libutil.a
+
+-all: shared-lib static-lib $(UTILS)
-ifeq ($(UNAME), Darwin)
-else
- $(MAKE) -C doc
-endif
+all: $(LIBGIFSO) $(LIBUTILSO)
--$(UTILS):: libgif.a libutil.a
+-$(UTILS):: $(STATIC_LIBS)
+.SUFFIXES: .lo
+ shared-lib: $(SHARED_LIBS)
+
+ static-lib: $(STATIC_LIBS)
+
-$(LIBGIFSO): $(OBJECTS) $(HEADERS)
-ifeq ($(UNAME), Darwin)
- $(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(OBJECTS) -o $(LIBGIFSO)
-else
-- $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBGIFSOMAJOR) -o $(LIBGIFSO) $(OBJECTS)
+- $(CC) $(CFLAGS) $(CPPFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBGIFSOMAJOR) -o $(LIBGIFSO) $(OBJECTS)
-endif
+.c.lo:
+ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(CFLAGS) -c $<
-+
-+.libs/libgif.a: $(LIBGIFSO)
-+.libs/libutil.a: $(LIBUTILSO)
-libgif.a: $(OBJECTS) $(HEADERS)
- $(AR) rcs libgif.a $(OBJECTS)
++.libs/libgif.a: $(LIBGIFSO)
++.libs/libutil.a: $(LIBUTILSO)
+
+$(UTILS): .libs/libutil.a .libs/libgif.a
+
+$(LIBGIFSO): $(OBJECTS) $(HEADERS)
+ $(LIBTOOL) --mode=link --tag=CC $(CC) $(CFLAGS) $(LDFLAGS) -version-info $(LIBMAJOR):0:0 -rpath $(PREFIX)/lib -o $(LIBGIFSO) $(OBJECTS)
-
++
$(LIBUTILSO): $(UOBJECTS) $(UHEADERS)
-ifeq ($(UNAME), Darwin)
-- $(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(OBJECTS) -o $(LIBUTILSO)
+- $(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(UOBJECTS) -o $(LIBUTILSO)
-else
-- $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILMAJOR) -o $(LIBUTILSO) $(UOBJECTS)
+- $(CC) $(CFLAGS) $(CPPLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILSOMAJOR) -o $(LIBUTILSO) $(UOBJECTS)
-endif
+ $(LIBTOOL) --mode=link --tag=CC $(CC) $(CFLAGS) $(LDFLAGS) -version-info $(LIBMAJOR):0:0 -rpath $(PREFIX)/lib -o $(LIBUTILSO) $(UOBJECTS)
libutil.a: $(UOBJECTS) $(UHEADERS)
$(AR) rcs libutil.a $(UOBJECTS)
-@@ -129,11 +114,7 @@ reflow:
+@@ -166,11 +151,7 @@ spellcheck:
- # Installation/uninstallation
+ # Install/uninstall
-ifeq ($(UNAME), Darwin)
-install: all install-bin install-include install-lib
-else
- install: all install-bin install-include install-lib install-man
+ install: all install-bin install-include install-lib install-man install-doc
-endif
install-bin: $(INSTALLABLE)
$(INSTALL) -d "$(DESTDIR)$(BINDIR)"
-@@ -143,10 +124,7 @@ install-include:
+@@ -178,15 +159,9 @@ install-include:
+ install-include:
+ $(INSTALL) -d "$(DESTDIR)$(INCDIR)"
$(INSTALL) -m 644 gif_lib.h "$(DESTDIR)$(INCDIR)"
- install-lib:
+-install-static-lib:
++install-lib:
$(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
- $(INSTALL) -m 644 libgif.a "$(DESTDIR)$(LIBDIR)/libgif.a"
+-install-shared-lib:
+- $(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
- $(INSTALL) -m 755 $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOVER)"
- ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
- ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
+-install-lib: install-static-lib install-shared-lib
+ $(LIBTOOL) --mode=install --tag=CC $(BSD_INSTALL_LIB) $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)"
install-man:
- $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
- $(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
+ $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1" "$(DESTDIR)$(MANDIR)/man7"
+ $(INSTALL) -m 644 $(MANUAL_PAGES_1_MAN) "$(DESTDIR)$(MANDIR)/man1"
Home |
Main Index |
Thread Index |
Old Index