#939155 libgnustep-gui0.27: Uses GifQuantizeBuffer - binary stops working with newer giflib

Package:
src:libgnustep-gui0.27
Source:
libgnustep-gui0.27
Submitter:
Andreas Metzler
Date:
2025-11-19 19:29:03 UTC
Severity:
important
#939155#5
Date:
2019-09-01 16:45:52 UTC
From:
To:
Hello,

this package uses GifQuantizeBuffer() from giflib. The symbol has been
dropped in giflib 5.2 (libgif-dev/libgif7 5.2.1 is available in
experimental) and therefore the package
a) stops working when the gif library package is upgraded and
b) if built against libgif-dev >= 5.2 then GIF support is
disabled/limited.

I do not think giflib did the right thing by dropping the symbol without
a soname bump but that is beside the point.[1] Even with the correct way
(giflib soname bump) this package loses gif support. I am quite confident
that GifQuantizeBuffer() will not be reintroduced - It was ripped out to
"reduce libgif size and attack surface".

I am reporting this /now/ with severity important, but please treat it
as rc issue.

cu Andreas

[1] I have suggested to upstream to do a soname bump. If this is not
accepted we will probably end up with newer libgif7 having a Breaks for
GifQuantizeBuffer()-using-software.
------------------------
checking for QuantizeBuffer... no
checking for GifQuantizeBuffer... no
#939155#16
Date:
2025-11-18 04:16:26 UTC
From:
To:
I simply forgot about this old bug.  I don't think it's still relevant:

$ objdump -T /usr/lib/x86_64-linux-gnu/libgif.so.7.2.0 | grep GifQuantizeBuffer
00000000000069d0 g    DF .text	0000000000000707  Base        GifQuantizeBuffer

Right?
#939155#21
Date:
2025-11-19 06:22:21 UTC
From:
To:
Good morning,
Upstream giflib has dropped the symbol. The Debian packages have been
patched to re-introduce it.

So no, this bug is still relevant.

cu Andreas
#939155#26
Date:
2025-11-19 19:27:30 UTC
From:
To:
Andreas Metzler wrote:

Oh, thanks for the pointer.  I took a closer look and it's an
obscure feature lost which is already marked as experimental and
basically unused.  GNUstep upstream is aware of the change in giflib.

To verify, I rebuilt giflib with

  revert-GifQuantizeBuffer-remove-from-lib.patch
  giflib_quantize-header.patch

removed and GifQuantizeBuffer deleted from the .symbols file.  Then
rebuilt gnustep-gui and installed the library package.  Viewing GIF
files with preview.app and price.app works and that's what is
important.

So you can safely exclude gnustep-gui from the list of problematic
packages that are affected by this change.