Wednesday, February 28, 2024

UPDATE: giflib 5.2.2

Here is an update to giflib 5.2.2.

CVE-2022-28506, CVE-2023-48161


Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/giflib/Makefile,v
retrieving revision 1.33
diff -u -p -u -p -r1.33 Makefile
--- Makefile 7 Nov 2023 14:19:33 -0000 1.33
+++ Makefile 29 Feb 2024 03:29:19 -0000
@@ -1,9 +1,8 @@
COMMENT= tools and library routines for working with GIF images

-DISTNAME= giflib-5.2.1
-SHARED_LIBS += gif 9.0 # 7.1
+DISTNAME= giflib-5.2.2
+SHARED_LIBS += gif 9.1 # 7.1
CATEGORIES= graphics
-REVISION= 0

SITES= ${SITE_SOURCEFORGE:=giflib/}

Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/giflib/distinfo,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 distinfo
--- distinfo 2 Jul 2022 14:13:43 -0000 1.7
+++ distinfo 29 Feb 2024 03:29:19 -0000
@@ -1,2 +1,2 @@
-SHA256 (giflib-5.2.1.tar.gz) = MdpVYvRMXxXWM0Cgmk/WK0jEViDNMC93ptms8Ad4eb0=
-SIZE (giflib-5.2.1.tar.gz) = 444187
+SHA256 (giflib-5.2.2.tar.gz) = vn/70FfK3r4qoURUL9kMaDjGoIO16KkEi47jtmsp1fs=
+SIZE (giflib-5.2.2.tar.gz) = 447175
Index: patches/patch-Makefile
===================================================================
RCS file: /cvs/ports/graphics/giflib/patches/patch-Makefile,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 patch-Makefile
--- patches/patch-Makefile 2 Jul 2022 14:13:43 -0000 1.3
+++ patches/patch-Makefile 29 Feb 2024 03:29:19 -0000
@@ -1,3 +1,6 @@
+- Correct document page install.
+ 61f375082c80ee479eb8ff03189aea691a6a06aa
+
hunk 1, disable -Wno-format-truncation, not available on some compilers?

hunk 2, move quantize.c back to exported library, it was in the public
@@ -5,7 +8,7 @@ API prior to 5.2 and is used by various
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935088
https://src.fedoraproject.org/rpms/giflib/c/109bf038d703a471b857aba44af673be103d7079?branch=master

-hunk 3-4, library naming
+hunk 5-6, library handling

Index: Makefile
--- Makefile.orig
@@ -33,31 +36,61 @@ Index: Makefile
UHEADERS = getarg.h
UOBJECTS = $(USOURCES:.c=.o)

-@@ -61,13 +61,13 @@ UTILS = $(INSTALLABLE) \
+@@ -63,17 +63,21 @@ UTILS = $(INSTALLABLE) \

LDLIBS=libgif.a -lm

--all: libgif.so libgif.a libutil.so libutil.a $(UTILS)
-+all: libgif.so.${LIBVER} libgif.a libutil.so libutil.a $(UTILS)
- $(MAKE) -C doc
-
- $(UTILS):: libgif.a libutil.a
-
--libgif.so: $(OBJECTS) $(HEADERS)
-- $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,libgif.so.$(LIBMAJOR) -o libgif.so $(OBJECTS)
-+libgif.so.$(LIBVER): $(OBJECTS) $(HEADERS)
-+ $(CC) $(CFLAGS) -shared $(OFLAGS) -o libgif.so.$(LIBVER) $(OBJECTS)
+-MANUAL_PAGES = \
++MANUAL_PAGES_1 = \
+ doc/gif2rgb.xml \
+ doc/gifbuild.xml \
+ doc/gifclrmp.xml \
+ doc/giffix.xml \
+- doc/giflib.xml \
+ doc/giftext.xml \
+ doc/giftool.xml
+
++MANUAL_PAGES_7 = \
++ doc/giflib.xml
++
++MANUAL_PAGES = $(MANUAL_PAGES_1) $(MANUAL_PAGES_7)
++
+ SOEXTENSION = so
+-LIBGIFSO = libgif.$(SOEXTENSION)
++LIBGIFSO = libgif.$(SOEXTENSION).$(LIBVER)
+ LIBGIFSOMAJOR = libgif.$(SOEXTENSION).$(LIBMAJOR)
+ LIBGIFSOVER = libgif.$(SOEXTENSION).$(LIBVER)
+ LIBUTILSO = libutil.$(SOEXTENSION)
+@@ -99,7 +103,7 @@ $(LIBGIFSO): $(OBJECTS) $(HEADERS)
+ ifeq ($(UNAME), Darwin)
+ $(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(OBJECTS) -o $(LIBGIFSO)
+ else
+- $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBGIFSOMAJOR) -o $(LIBGIFSO) $(OBJECTS)
++ $(CC) $(CFLAGS) -shared $(LDFLAGS) -o $(LIBGIFSO) $(OBJECTS)
+ endif

libgif.a: $(OBJECTS) $(HEADERS)
- $(AR) rcs libgif.a $(OBJECTS)
-@@ -99,9 +99,7 @@ install-include:
- install-lib:
+@@ -109,7 +113,7 @@ $(LIBUTILSO): $(UOBJECTS) $(UHEADERS)
+ ifeq ($(UNAME), Darwin)
+ $(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(OBJECTS) -o $(LIBUTILSO)
+ else
+- $(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILMAJOR) -o $(LIBUTILSO) $(UOBJECTS)
++ $(CC) $(CFLAGS) -shared $(LDFLAGS) -o $(LIBUTILSO) $(UOBJECTS)
+ endif
+
+ libutil.a: $(UOBJECTS) $(UHEADERS)
+@@ -145,11 +149,10 @@ install-lib:
$(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
$(INSTALL) -m 644 libgif.a "$(DESTDIR)$(LIBDIR)/libgif.a"
-- $(INSTALL) -m 755 libgif.so "$(DESTDIR)$(LIBDIR)/libgif.so.$(LIBVER)"
-- ln -sf libgif.so.$(LIBVER) "$(DESTDIR)$(LIBDIR)/libgif.so.$(LIBMAJOR)"
-- ln -sf libgif.so.$(LIBMAJOR) "$(DESTDIR)$(LIBDIR)/libgif.so"
-+ $(INSTALL) -m 755 libgif.so.$(LIBVER) "$(DESTDIR)$(LIBDIR)/libgif.so.$(LIBVER)"
+ $(INSTALL) -m 755 $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOVER)"
+- ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
+- ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
install-man:
- $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
- $(INSTALL) -m 644 doc/*.1 "$(DESTDIR)$(MANDIR)/man1"
+- $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
+- $(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
++ $(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1" "$(DESTDIR)$(MANDIR)/man7"
++ $(INSTALL) -m 644 $(MANUAL_PAGES_1:xml=1) "$(DESTDIR)$(MANDIR)/man1"
++ $(INSTALL) -m 644 $(MANUAL_PAGES_7:xml=7) "$(DESTDIR)$(MANDIR)/man7"
+ uninstall: uninstall-man uninstall-include uninstall-lib uninstall-bin
+ uninstall-bin:
+ cd "$(DESTDIR)$(BINDIR)" && rm -f $(INSTALLABLE)
Index: patches/patch-doc_Makefile
===================================================================
RCS file: patches/patch-doc_Makefile
diff -N patches/patch-doc_Makefile
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_Makefile 29 Feb 2024 03:29:19 -0000
@@ -0,0 +1,14 @@
+Disable calling a target which wants ImageMagick.
+
+Index: doc/Makefile
+--- doc/Makefile.orig
++++ doc/Makefile
+@@ -46,7 +46,7 @@ giflib-logo.gif: ../pic/gifgrid.gif
+ convert $^ -resize 50x50 $@
+
+ # Philosophical choice: the website gets the internal manual pages
+-allhtml: $(XMLALL:.xml=.html) giflib-logo.gif
++allhtml: $(XMLALL:.xml=.html)
+
+ manpages: $(XMLMAN1:.xml=.1) $(XMLMAN7:.xml=.7) $(XMLINTERNAL:.xml=.1)
+
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/graphics/giflib/pkg/PLIST,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 PLIST
--- pkg/PLIST 2 Jul 2022 14:13:43 -0000 1.12
+++ pkg/PLIST 29 Feb 2024 03:29:19 -0000
@@ -10,15 +10,9 @@ include/gif_lib.h
@static-lib lib/libgif.a
@lib lib/libgif.so.${LIBgif_VERSION}
@man man/man1/gif2rgb.1
-@man man/man1/gifbg.1
@man man/man1/gifbuild.1
@man man/man1/gifclrmp.1
-@man man/man1/gifcolor.1
-@man man/man1/gifecho.1
@man man/man1/giffix.1
-@man man/man1/gifhisto.1
-@man man/man1/gifinto.1
-@man man/man1/giflib.1
@man man/man1/giftext.1
@man man/man1/giftool.1
-@man man/man1/gifwedge.1
+@man man/man7/giflib.7

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)