Bug 207849

Summary: graphics/giflib: regression in version 5.1.2
Product: Ports & Packages Reporter: Stefan Ehmann <shoesoft>
Component: Individual Port(s)Assignee: Port Management Team <portmgr>
Status: Closed FIXED    
Severity: Affects Some People CC: feld, pi
Priority: --- Flags: bugzilla: maintainer-feedback? (portmgr)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to fix giflib-5.1.2 issues none

Description Stefan Ehmann 2016-03-09 17:01:56 UTC 
Created attachment 167928 [details]
patch to fix giflib-5.1.2 issues

There is a bug in giflib-5.1.2 that break some applications. I've seen errors in konqueror and mplayer (with GIF=on).

Currently, there is no upstream fix available.

Attached is a patch that fixes the problem. The removed check look redundant - I couldn't find a code path where Private->RunningBits would exceed that limit after initialization. (Currently Private->RunningBits is checked before it is initialized)

Previous discussion:
http://lists.freebsd.org/pipermail/freebsd-ports/2016-March/102367.html

Upstream ticket:
https://sourceforge.net/p/giflib/bugs/84/
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-03-09 17:14:40 UTC 
A commit references this bug:

Author: feld
Date: Wed Mar  9 17:13:49 UTC 2016
New revision: 410712
URL: https://svnweb.freebsd.org/changeset/ports/410712

Log:
  graphics/giflib: Add patch to fix regression

  There is a regression with the 5.1.2 update to giflib. This affects the
  ability for applications to render gif images usually ocurring after the
  first gif image is rendered. Upstream has been notified but has not yet
  provided feedback.

  giflib 5.1.2 was a security fix, so reverting is not reasonable.

  "The removed check look redundant - I couldn't find a code path where
  Private->RunningBits would exceed that limit after initialization.
  (Currently Private->RunningBits is checked before it is initialized)."

  PR:		207849
  Submitted by:	Stefan Ehmann <shoesoft@gmx.net>
  Approved by:	ports-secteam (with hat)
  MFH:		2016Q1

Changes:
  head/graphics/giflib/Makefile
  head/graphics/giflib/files/patch-lib_dgif__lib.c
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-03-09 17:14:42 UTC 
A commit references this bug:

Author: feld
Date: Wed Mar  9 17:14:23 UTC 2016
New revision: 410713
URL: https://svnweb.freebsd.org/changeset/ports/410713

Log:
  MFH: r410712

  graphics/giflib: Add patch to fix regression

  There is a regression with the 5.1.2 update to giflib. This affects the
  ability for applications to render gif images usually ocurring after the
  first gif image is rendered. Upstream has been notified but has not yet
  provided feedback.

  giflib 5.1.2 was a security fix, so reverting is not reasonable.

  "The removed check look redundant - I couldn't find a code path where
  Private->RunningBits would exceed that limit after initialization.
  (Currently Private->RunningBits is checked before it is initialized)."

  PR:		207849
  Submitted by:	Stefan Ehmann <shoesoft@gmx.net>
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/graphics/giflib/Makefile
  branches/2016Q1/graphics/giflib/files/patch-lib_dgif__lib.c
Comment 3 Mark Felder freebsd_committer freebsd_triage 2016-03-09 17:15:08 UTC 
Thanks for your work. I've committed this fix for now.