[packages/giflib] - updated to 6.1.3 (fixes CVE-2021-40633 CVE-2025-31344 CVE-2026-23868) + Fedora patch for CVE-2026-
qboosh
qboosh at pld-linux.org
Sun May 17 18:36:41 CEST 2026
commit 7838bc8851f4a121919815880e5a410b7eceb29f
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sun May 17 18:36:36 2026 +0200
- updated to 6.1.3 (fixes CVE-2021-40633 CVE-2025-31344 CVE-2026-23868) + Fedora patch for CVE-2026-26740
- upstream didn't decide to change soname, but all code using EGifSpew() function must be rebuild
giflib-CVE-2026-26740.patch | 13 ++++++++++
giflib-extern.patch | 10 +++----
giflib-make.patch | 63 +++++++++++++++++++++++----------------------
giflib.spec | 40 ++++++++++++----------------
4 files changed, 67 insertions(+), 59 deletions(-)
---
diff --git a/giflib.spec b/giflib.spec
index 37feab9..be84d4c 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -9,14 +9,15 @@ Summary(pt_BR.UTF-8): Biblioteca de manipulação de arquivos GIF
Summary(ru.UTF-8): Библиотека для работы с GIF-файлами
Summary(uk.UTF-8): Бібліотека для роботи з GIF-файлами
Name: giflib
-Version: 5.2.2
-Release: 2
+Version: 6.1.3
+Release: 1
License: MIT-like
Group: Libraries
Source0: https://downloads.sourceforge.net/giflib/%{name}-%{version}.tar.gz
-# Source0-md5: 913dd251492134e235ee3c9a91987a4d
+# Source0-md5: a70e90ff780e9ebee9cb84b82bbd46a7
Patch0: %{name}-make.patch
Patch1: %{name}-extern.patch
+Patch2: %{name}-CVE-2026-26740.patch
URL: https://sourceforge.net/projects/giflib/
BuildRequires: ImageMagick
BuildRequires: gcc >= 5:3.2
@@ -145,6 +146,7 @@ GIF.
%setup -q
%patch -P0 -p1
%patch -P1 -p1
+%patch -P2 -p1
%build
%{__make} \
@@ -167,19 +169,13 @@ rm -rf $RPM_BUILD_ROOT
PREFIX=%{_prefix} \
LIBDIR=%{_libdir}
-# wrong files installed in 5.2.2
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/*.xml
-cp -p doc/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
-install -d $RPM_BUILD_ROOT%{_mandir}/man7
-cp -p doc/*.7 $RPM_BUILD_ROOT%{_mandir}/man7
-
-# docs for not installed programs used in tests
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{gifbg,gifcolor,gifecho,giffilter,gifhisto,gifinto,gifsponge,gifwedge}.1
-
cd $RPM_BUILD_ROOT%{_libdir}
ln -sf libgif.so.*.*.* $RPM_BUILD_ROOT%{_libdir}/libungif.so
ln -sf libgif.a $RPM_BUILD_ROOT%{_libdir}/libungif.a
+# HTML version of man pages
+%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/giflib
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -188,18 +184,18 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
-%doc COPYING ChangeLog NEWS README TODO history.adoc
-%attr(755,root,root) %{_libdir}/libgif.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgif.so.7
-%attr(755,root,root) %{_libdir}/libgifutil.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgifutil.so.7
+%doc COPYING ChangeLog NEWS README.adoc TODO history.adoc
+%{_libdir}/libgif.so.*.*.*
+%ghost %{_libdir}/libgif.so.7
+%{_libdir}/libgifutil.so.*.*.*
+%ghost %{_libdir}/libgifutil.so.7
%files devel
%defattr(644,root,root,755)
-%doc doc/{gif_lib,intro}.html doc/whatsinagif
-%attr(755,root,root) %{_libdir}/libgif.so
-%attr(755,root,root) %{_libdir}/libgifutil.so
-%attr(755,root,root) %{_libdir}/libungif.so
+%doc doc/{gif_lib,intro}.html doc/{gifstandard,whatsinagif}
+%{_libdir}/libgif.so
+%{_libdir}/libgifutil.so
+%{_libdir}/libungif.so
%{_includedir}/gif_lib.h
%{_includedir}/gif_util.h
@@ -211,13 +207,11 @@ rm -rf $RPM_BUILD_ROOT
%files progs
%defattr(644,root,root,755)
-%attr(755,root,root) %{_bindir}/gif2rgb
%attr(755,root,root) %{_bindir}/gifbuild
%attr(755,root,root) %{_bindir}/gifclrmp
%attr(755,root,root) %{_bindir}/giffix
%attr(755,root,root) %{_bindir}/giftext
%attr(755,root,root) %{_bindir}/giftool
-%{_mandir}/man1/gif2rgb.1*
%{_mandir}/man1/gifbuild.1*
%{_mandir}/man1/gifclrmp.1*
%{_mandir}/man1/giffix.1*
diff --git a/giflib-CVE-2026-26740.patch b/giflib-CVE-2026-26740.patch
new file mode 100644
index 0000000..4069f52
--- /dev/null
+++ b/giflib-CVE-2026-26740.patch
@@ -0,0 +1,13 @@
+diff -rupN --no-dereference giflib-6.1.3/egif_lib.c giflib-6.1.3-new/egif_lib.c
+--- giflib-6.1.3/egif_lib.c 2026-04-12 19:17:27.000000000 +0200
++++ giflib-6.1.3-new/egif_lib.c 2026-05-12 22:33:37.069644909 +0200
+@@ -690,6 +690,9 @@ int EGifGCBToSavedExtension(const Graphi
+ ExtensionBlock *ep =
+ &GifFile->SavedImages[ImageIndex].ExtensionBlocks[i];
+ if (ep->Function == GRAPHICS_EXT_FUNC_CODE) {
++ if (ep->ByteCount != 4) {
++ return GIF_ERROR;
++ }
+ EGifGCBToExtension(GCB, ep->Bytes);
+ return GIF_OK;
+ }
diff --git a/giflib-extern.patch b/giflib-extern.patch
index 40e507f..f35fac5 100644
--- a/giflib-extern.patch
+++ b/giflib-extern.patch
@@ -1,5 +1,5 @@
---- giflib-5.2.2/gif_lib.h.orig 2024-02-19 08:35:14.000000000 +0100
-+++ giflib-5.2.2/gif_lib.h 2024-08-29 19:25:22.379409692 +0200
+--- giflib-6.1.3/gif_lib.h.orig 2026-04-12 19:17:27.000000000 +0200
++++ giflib-6.1.3/gif_lib.h 2026-05-17 16:33:35.590082692 +0200
@@ -9,10 +9,6 @@ SPDX-License-Identifier: MIT
#ifndef _GIF_LIB_H_
#define _GIF_LIB_H_ 1
@@ -8,9 +8,9 @@
-extern "C" {
-#endif /* __cplusplus */
-
- #define GIFLIB_MAJOR 5
- #define GIFLIB_MINOR 2
- #define GIFLIB_RELEASE 2
+ #define GIFLIB_MAJOR 6
+ #define GIFLIB_MINOR 1
+ #define GIFLIB_RELEASE 3
@@ -29,6 +25,10 @@ extern "C" {
#define GIF87_STAMP "GIF87a" /* First chars in file - GIF stamp. */
#define GIF89_STAMP "GIF89a" /* First chars in file - GIF stamp. */
diff --git a/giflib-make.patch b/giflib-make.patch
index 097453f..814ddf0 100644
--- a/giflib-make.patch
+++ b/giflib-make.patch
@@ -1,15 +1,15 @@
---- giflib-5.2.2/Makefile.orig 2024-02-25 21:33:25.080972300 +0100
-+++ giflib-5.2.2/Makefile 2024-02-25 21:50:41.035360053 +0100
-@@ -61,7 +61,7 @@ UTILS = $(INSTALLABLE) \
- gifsponge \
- gifwedge
+--- giflib-6.1.3/Makefile.orig 2026-04-12 19:17:27.000000000 +0200
++++ giflib-6.1.3/Makefile 2026-05-17 16:14:28.886294920 +0200
+@@ -75,7 +75,7 @@ UTILS = $(INSTALLABLE) \
+ gifwedge \
+ gif2rgb
-LDLIBS=libgif.a -lm
+LDLIBS=-L. -lgif -lm
- MANUAL_PAGES = \
- doc/gif2rgb.xml \
-@@ -76,24 +76,24 @@ SOEXTENSION = so
+ MANUAL_PAGES_1 = \
+ doc/gifbuild.xml \
+@@ -95,19 +95,19 @@ SOEXTENSION = so
LIBGIFSO = libgif.$(SOEXTENSION)
LIBGIFSOMAJOR = libgif.$(SOEXTENSION).$(LIBMAJOR)
LIBGIFSOVER = libgif.$(SOEXTENSION).$(LIBVER)
@@ -28,29 +28,32 @@
+LIBUTILSOMAJOR = libgifutil.$(LIBMAJOR).$(SOEXTENSION)
endif
--all: $(LIBGIFSO) libgif.a $(LIBUTILSO) libutil.a $(UTILS)
-+all: $(LIBGIFSO) libgif.a $(LIBUTILSO) libgifutil.a $(UTILS)
+ SHARED_LIBS = $(LIBGIFSO) $(LIBUTILSO)
+-STATIC_LIBS = libgif.a libutil.a
++STATIC_LIBS = libgif.a libgifutil.a
+
+ all: shared-lib static-lib $(UTILS)
ifeq ($(UNAME), Darwin)
- else
+@@ -115,7 +115,7 @@ else
$(MAKE) -C doc
endif
--$(UTILS):: libgif.a libutil.a
-+$(UTILS):: $(LIBGIFSO) $(LIBUTILSO)
+-$(UTILS):: $(STATIC_LIBS)
++$(UTILS):: $(SHARED_LIBS)
- $(LIBGIFSO): $(OBJECTS) $(HEADERS)
- ifeq ($(UNAME), Darwin)
-@@ -105,18 +105,18 @@ endif
+ shared-lib: $(SHARED_LIBS)
+
+@@ -131,15 +131,15 @@ endif
libgif.a: $(OBJECTS) $(HEADERS)
$(AR) rcs libgif.a $(OBJECTS)
-$(LIBUTILSO): $(UOBJECTS) $(UHEADERS)
-+$(LIBUTILSO): $(UOBJECTS) $(UHEADERS) libgif.so
++$(LIBUTILSO): $(UOBJECTS) $(UHEADERS) $(LIBGIFSO)
ifeq ($(UNAME), Darwin)
- $(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(OBJECTS) -o $(LIBUTILSO)
+ $(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(UOBJECTS) -o $(LIBUTILSO)
else
-- $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILMAJOR) -o $(LIBUTILSO) $(UOBJECTS)
-+ $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILSOMAJOR) -o $(LIBUTILSO) $(UOBJECTS) -L. -lgif
+- $(CC) $(CFLAGS) $(CPPLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILSOMAJOR) -o $(LIBUTILSO) $(UOBJECTS)
++ $(CC) $(CFLAGS) $(CPPLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILSOMAJOR) -o $(LIBUTILSO) $(UOBJECTS) -L. -lgif
endif
-libutil.a: $(UOBJECTS) $(UHEADERS)
@@ -59,30 +62,28 @@
+ $(AR) rcs libgifutil.a $(UOBJECTS)
clean:
-- rm -f $(UTILS) $(TARGET) libgetarg.a libgif.a $(LIBGIFSO) libutil.a $(LIBUTILSO) *.o
-+ rm -f $(UTILS) $(TARGET) libgetarg.a libgif.a $(LIBGIFSO) libgifutil.a $(LIBUTILSO) *.o
- rm -f $(LIBGIFSOVER)
- rm -f $(LIBGIFSOMAJOR)
- rm -fr doc/*.1 *.html doc/staging
-@@ -141,12 +141,17 @@ install-bin: $(INSTALLABLE)
+ rm -f $(UTILS) $(OBSOLETE_UTILS) $(TARGET) libgetarg.a $(SHARED_LIBS) $(STATIC_LIBS) *.o
+@@ -178,14 +178,19 @@ install-bin: $(INSTALLABLE)
install-include:
$(INSTALL) -d "$(DESTDIR)$(INCDIR)"
$(INSTALL) -m 644 gif_lib.h "$(DESTDIR)$(INCDIR)"
+ $(INSTALL) -m 644 getarg.h "$(DESTDIR)$(INCDIR)/gif_util.h"
- install-lib:
+ install-static-lib:
$(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
$(INSTALL) -m 644 libgif.a "$(DESTDIR)$(LIBDIR)/libgif.a"
++ $(INSTALL) -m 644 libgifutil.a "$(DESTDIR)$(LIBDIR)/libgifutil.a"
+ install-shared-lib:
+ $(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
$(INSTALL) -m 755 $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOVER)"
ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
-+ $(INSTALL) -m 644 libgifutil.a "$(DESTDIR)$(LIBDIR)/libgifutil.a"
+ $(INSTALL) -m 755 libgifutil.so "$(DESTDIR)$(LIBDIR)/libgifutil.so.$(LIBVER)"
+ ln -sf libgifutil.so.$(LIBVER) "$(DESTDIR)$(LIBDIR)/libgifutil.so.$(LIBMAJOR)"
+ ln -sf libgifutil.so.$(LIBMAJOR) "$(DESTDIR)$(LIBDIR)/libgifutil.so"
+ install-lib: install-static-lib install-shared-lib
install-man:
- $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
- $(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
-@@ -158,6 +163,8 @@ uninstall-include:
+ $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1" "$(DESTDIR)$(MANDIR)/man7"
+@@ -206,6 +211,8 @@ uninstall-include:
uninstall-lib:
cd "$(DESTDIR)$(LIBDIR)" && \
rm -f libgif.a $(LIBGIFSO) $(LIBGIFSOMAJOR) $(LIBGIFSOVER)
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/giflib.git/commitdiff/7838bc8851f4a121919815880e5a410b7eceb29f
More information about the pld-cvs-commit
mailing list