Both 5.1.3 and 5.1.4 are bug fix releases: +Version 5.1.4 +============= + +Code Fixes +---------- + +* Fix SF bug #94: giflib 5 loves to fail to load images... a LOT. + +* Fix SF Bug #92: Fix buffer overread in gifbuild. + +* Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path + +* Fix SF Bug #89: Fix buffer overread in gifbuild. + +Version 5.1.3 +============= + +As of this version the library and code has been seriously abused by fuzzers, +smoking out crash bugs (now fixed) induced by various kinds of severely +malformed GIF. + +Code Fixes +---------- + +* Prevent malloc randomess from causing the header output routine to emit + a GIF89 version string even when no GIF89 features are present. Only + breaks tests, not production code, but it's odd this wasn't caught sooner. + +* Prevent malloc randomess from producing sporadic failures by causing + sanity checks added in 5.1.2 to misfire. + +* Bulletproof gif2rgb against 0-height images. Addressed SF bug #78: + Heap overflow in gif2rgb with images of size 0, also SF bug #82. + +* Remove unnecessary duplicate EGifClose() in gifcolor.c. Fixes SF bug #83 + introduced in 5.1.2. + +* Fix SF Bug #84: incorrect return of DGifSlurp(). +
** Description changed: Ubuntu Xenial Xerus currently ships with giflib 5.1.2-0.2, which is completely broken. It fails to read gif images in both libvips and imagemagick. Please update to 5.1.4-0.2, which is already published in Yakkety Yak. I have build the 5.1.4-0.2 package on Xenial and can confirm that it fixes both of the above mentioned problems. The upstream bug report is: https://sourceforge.net/p/giflib/bugs/94/ And fix release is 5.1.4. + + Prepared 5.1.4, test built in the PPA ubuntu-toolchain-r/ppa, and test- + build all rdeps in main (emacs24 libgdiplus libwebp openjdk-8 tracker). + + Acceptance criteria: Builds, and tests succeed on all architectures. ** Patch added: "giflib.debdiff" https://bugs.launchpad.net/ubuntu/+source/giflib/+bug/1580376/+attachment/4683604/+files/giflib.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to giflib in Ubuntu. https://bugs.launchpad.net/bugs/1580376 Title: Update giflib Xenial Package to 5.1.4 Status in giflib package in Ubuntu: Confirmed Bug description: Ubuntu Xenial Xerus currently ships with giflib 5.1.2-0.2, which is completely broken. It fails to read gif images in both libvips and imagemagick. Please update to 5.1.4-0.2, which is already published in Yakkety Yak. I have build the 5.1.4-0.2 package on Xenial and can confirm that it fixes both of the above mentioned problems. The upstream bug report is: https://sourceforge.net/p/giflib/bugs/94/ And fix release is 5.1.4. Prepared 5.1.4, test built in the PPA ubuntu-toolchain-r/ppa, and test-build all rdeps in main (emacs24 libgdiplus libwebp openjdk-8 tracker). Acceptance criteria: Builds, and tests succeed on all architectures. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/giflib/+bug/1580376/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
