Bug 207849 - graphics/giflib: regression in version 5.1.2
Summary: graphics/giflib: regression in version 5.1.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Port Management Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-09 17:01 UTC by Stefan Ehmann
Modified: 2016-03-09 17:15 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (portmgr)

Attachments
patch to fix giflib-5.1.2 issues (450 bytes, patch)
2016-03-09 17:01 UTC, Stefan Ehmann 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Ehmann 2016-03-09 17:01:56 UTC 
Created attachment 167928 [details]
patch to fix giflib-5.1.2 issues

There is a bug in giflib-5.1.2 that break some applications. I've seen errors in konqueror and mplayer (with GIF=on).

Currently, there is no upstream fix available.

Attached is a patch that fixes the problem. The removed check look redundant - I couldn't find a code path where Private->RunningBits would exceed that limit after initialization. (Currently Private->RunningBits is checked before it is initialized)

Previous discussion:
http://lists.freebsd.org/pipermail/freebsd-ports/2016-March/102367.html

Upstream ticket:
https://sourceforge.net/p/giflib/bugs/84/
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-03-09 17:14:40 UTC 
A commit references this bug:

Author: feld
Date: Wed Mar  9 17:13:49 UTC 2016
New revision: 410712
URL: https://svnweb.freebsd.org/changeset/ports/410712

Log:
  graphics/giflib: Add patch to fix regression

  There is a regression with the 5.1.2 update to giflib. This affects the
  ability for applications to render gif images usually ocurring after the
  first gif image is rendered. Upstream has been notified but has not yet
  provided feedback.

  giflib 5.1.2 was a security fix, so reverting is not reasonable.

  "The removed check look redundant - I couldn't find a code path where
  Private->RunningBits would exceed that limit after initialization.
  (Currently Private->RunningBits is checked before it is initialized)."

  PR:		207849
  Submitted by:	Stefan Ehmann <shoesoft@gmx.net>
  Approved by:	ports-secteam (with hat)
  MFH:		2016Q1

Changes:
  head/graphics/giflib/Makefile
  head/graphics/giflib/files/patch-lib_dgif__lib.c
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-03-09 17:14:42 UTC 
A commit references this bug:

Author: feld
Date: Wed Mar  9 17:14:23 UTC 2016
New revision: 410713
URL: https://svnweb.freebsd.org/changeset/ports/410713

Log:
  MFH: r410712

  graphics/giflib: Add patch to fix regression

  There is a regression with the 5.1.2 update to giflib. This affects the
  ability for applications to render gif images usually ocurring after the
  first gif image is rendered. Upstream has been notified but has not yet
  provided feedback.

  giflib 5.1.2 was a security fix, so reverting is not reasonable.

  "The removed check look redundant - I couldn't find a code path where
  Private->RunningBits would exceed that limit after initialization.
  (Currently Private->RunningBits is checked before it is initialized)."

  PR:		207849
  Submitted by:	Stefan Ehmann <shoesoft@gmx.net>
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/graphics/giflib/Makefile
  branches/2016Q1/graphics/giflib/files/patch-lib_dgif__lib.c
Comment 3 Mark Felder freebsd_committer freebsd_triage 2016-03-09 17:15:08 UTC 
Thanks for your work. I've committed this fix for now.