giflib stable port information

Package: giflib
Version: 4.1.6
Revision: 2
Depends: %N-shlibs (= %v-%r), %N-bin (= %v-%r)
BuildDepends: fink (>= 0.28.0-1)
BuildDependsOnly: True
Conflicts: libungif (<< 4.1.6-2)
Replaces: libungif (<< 4.1.6-2)
Source: mirror:sourceforge:%n/%n-%v.tar.bz2
Source-MD5: 7125644155ae6ad33dbc9fc15a14735f
PatchFile: %n.patch
PatchFile-MD5: 4afe1a9f59418d6aa11b79dc0c82529a

NoSetCPPFLAGS: true
NoSetLDFLAGS: true
InstallScript: <<
#!/bin/sh -ev

make -j1 install DESTDIR=%d
pushd %i/lib
ln -s libgif.dylib libungif.dylib
ln -s libgif.a libungif.a
popd

install -d -m 755 %i/share/doc/installed-packages
for package in libungif-shlibs libungif-bin; do
touch %i/share/doc/installed-packages/$package
done
<<
SplitOff: <<
Package: %N-shlibs
Depends: x11
Conflicts: libungif-shlibs (<< 4.1.6-1)
Replaces: libungif-shlibs (<< 4.1.6-1), libungif (<< 4.1.6-1), giflib (<= 4.1.0-2)
Files: lib/libgif.*.dylib
Shlibs: %p/lib/libgif.4.dylib 6.0.0 giflib-shlibs (>= 4.1.6-1)
DocFiles: README COPYING AUTHORS
<<
SplitOff2: <<
Package: %N-bin
Depends: x11, %N-shlibs (= %v-%r)
Conflicts: libungif-bin (<< 4.1.6-1)
Replaces: libungif-bin (<< 4.1.6-1), libungif (<< 4.1.6-1), giflib (<= 4.1.0-2)
InstallScript: <<
mkdir -p %i/share/doc/%N
cp doc/*.txt %i/share/doc/%N/
mkdir -p %i/share/doc/%N/html
cp doc/*.png doc/*.html %i/share/doc/%N/html/
<<
Files: bin
DocFiles: README COPYING AUTHORS
<<
SplitOff4: <<
Package: libungif-shlibs
Description: OBSOLETE: use package %N-shlibs instead
Depends: %N-shlibs (>= %v-%r), fink-obsolete-packages
Files: share/doc/installed-packages/%n
<<
SplitOff5: <<
Package: libungif-bin
Description: OBSOLETE: use package %N-bin instead
Depends: %N-bin (>= %v-%r), fink-obsolete-packages
Files: share/doc/installed-packages/%n
<<

DocFiles: README COPYING AUTHORS
Description: GIF image format handling library
DescPort: Uses autoconf and libtool. The usual fixes.
License: OSI-Approved
Homepage: http://giflib.sourceforge.net/
Maintainer: Benjamin Reed

giflib stable port .patch

#!/bin/sh /usr/share/dpatch/dpatch-run
## 01-cve.dpatch by Michael Fedrowitz
##
## DP: Fix CVE-2005-2974 and CVE-2005-3350 (Closes: #337972).

@DPATCH@

diff -Naurp giflib-4.1.6.orig/lib/dgif_lib.c giflib-4.1.6/lib/dgif_lib.c
--- giflib-4.1.6.orig/lib/dgif_lib.c 2007-11-10 22:54:44.000000000 +0000
+++ giflib-4.1.6/lib/dgif_lib.c 2008-03-07 13:45:02.000000000 +0000
@@ -249,6 +249,8 @@ DGifGetScreenDesc(GifFileType * GifFile)

if (READ(GifFile, Buf, 3) != 3) {
_GifError = D_GIF_ERR_READ_FAILED;
+ FreeMapObject(GifFile->SColorMap);
+ GifFile->SColorMap = NULL;
return GIF_ERROR;
}
GifFile->SColorResolution = (((Buf[0] & 0x70) + 1) >> 4) + 1;
@@ -346,6 +348,8 @@ DGifGetImageDesc(GifFileType * GifFile)
return GIF_ERROR;
if (READ(GifFile, Buf, 1) != 1) {
_GifError = D_GIF_ERR_READ_FAILED;
+ FreeMapObject(GifFile->Image.ColorMap);
+ GifFile->Image.ColorMap = NULL;
return GIF_ERROR;
}
BitsPerPixel = (Buf[0] & 0x07) + 1;
@@ -994,6 +998,14 @@ DGifBufferedInput(GifFileType * GifFile,
_GifError = D_GIF_ERR_IMAGE_DEFECT;
return GIF_ERROR;
}
+ /* There shouldn't be any empty data blocks here as the LZW spec
+ * says the LZW termination code should come first. Therefore we
+ * shouldn't be inside this routine at that point.
+ */
+ if (Buf[0] == 0) {
+ _GifError = D_GIF_ERR_IMAGE_DEFECT;
+ return GIF_ERROR;
+ }
if (READ(GifFile, &Buf[1], Buf[0]) != Buf[0]) {
_GifError = D_GIF_ERR_READ_FAILED;
return GIF_ERROR;

giflib _unstable_ port .patch