gif2png updated to version 2.5.9 Package built ok and gif to png test ok on amd64
Notes: patches/patch-web2png_1 - Patch removed as this appears to work correctly now patches/patch-gif2png_c - strcpy changed to strlcpy, sprintf changed to snprintf and strcat changed to strlcat as per identified warnings. Other parts of original patch appear to have been merged in upstream thus removed. Thoughts / OK / Commit ? ---------------------- Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/gif2png/Makefile,v retrieving revision 1.42 diff -u -p -u -p -r1.42 Makefile --- Makefile 3 Jun 2013 02:46:57 -0000 1.42 +++ Makefile 24 Oct 2014 02:02:26 -0000 @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.42 2013/06/03 02:46:57 naddy Exp $ +# $OpenBSD: Makefile,v 1.43 2014/10/24 10:26:56 naddy Exp $ COMMENT= converts GIF images to the PNG format -DISTNAME= gif2png-2.5.2 +DISTNAME= gif2png-2.5.9 REVISION= 1 CATEGORIES= graphics HOMEPAGE= http://www.catb.org/~esr/gif2png/ Index: distinfo =================================================================== RCS file: /cvs/ports/graphics/gif2png/distinfo,v retrieving revision 1.7 diff -u -p -u -p -r1.7 distinfo --- distinfo 17 Oct 2010 06:51:48 -0000 1.7 +++ distinfo 24 Oct 2014 02:02:26 -0000 @@ -1,5 +1,2 @@ -MD5 (gif2png-2.5.2.tar.gz) = IgCEHwJ8hIHEuFGdq/dFsA== -RMD160 (gif2png-2.5.2.tar.gz) = o2GxivI+WbcxIa4loVW1T7YusUo= -SHA1 (gif2png-2.5.2.tar.gz) = Dp5m1nKP5+Lc3mGtDjmKYIlJRrM= -SHA256 (gif2png-2.5.2.tar.gz) = wbQGatN83LhoHOzt1j2u2MtcgnNE2kZScPMkvBL/Ptc= -SIZE (gif2png-2.5.2.tar.gz) = 171740 +SHA256 (gif2png-2.5.9.tar.gz) = yEBrfAwI9QSVKhcZ4E8jZu5EyIjA7frDpj/qKrBbZMc= +SIZE (gif2png-2.5.9.tar.gz) = 137750 cvs server: Diffing files cvs server: Diffing patches Index: patches/patch-gif2png_c =================================================================== RCS file: /cvs/ports/graphics/gif2png/patches/patch-gif2png_c,v retrieving revision 1.2 diff -u -p -u -p -r1.2 patch-gif2png_c --- patches/patch-gif2png_c 8 Jul 2011 20:36:09 -0000 1.2 +++ patches/patch-gif2png_c 24 Oct 2014 02:02:26 -0000 @@ -1,36 +1,6 @@ -$OpenBSD: patch-gif2png_c,v 1.2 2011/07/08 20:36:09 naddy Exp $ - -Fixes cmdline buffer overflow described in - -http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072002.html -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 - -From: http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup - -Fix build with png-1.5. - ---- gif2png.c.orig Wed Nov 11 13:28:02 2009 -+++ gif2png.c Wed Jul 6 17:39:37 2011 -@@ -10,6 +10,7 @@ - #include <string.h> - #include <stdlib.h> - #include <unistd.h> /* for isatty() */ -+#include <zlib.h> - - #if !defined(TRUE) - #define FALSE 0 -@@ -120,8 +121,8 @@ int writefile(struct GIFelement *s,struct GIFelement * - int colors_used = 0; - byte remap[MAXCMSIZE]; - int low_prec; -- png_struct *png_ptr = xalloc(sizeof (png_struct)); -- png_info *info_ptr = xalloc(sizeof (png_info)); -+ png_struct *png_ptr; -+ png_info *info_ptr; - int p; - int gray_bitdepth; - png_color pal_rgb[MAXCMSIZE], *pltep; -@@ -136,6 +137,19 @@ int writefile(struct GIFelement *s,struct GIFelement * +--- gif2png.c.orig Fri Mar 9 16:08:27 2012 ++++ gif2png.c Fri Oct 24 11:58:55 2014 +@@ -140,6 +140,19 @@ static int writefile(struct GIFelement *s, struct GIFe png_text software; png_text comment; @@ -49,30 +19,44 @@ Fix build with png-1.5. + /* these volatile declarations prevent gcc warnings ("variable might be * clobbered by `longjmp' or `vfork'") */ - volatile int gray = TRUE; -@@ -682,7 +696,10 @@ int processfile(char *fname, FILE *fp) + volatile bool gray = true; +@@ -751,7 +764,7 @@ static int processfile(char *fname, FILE *fp) - strcpy(outname, fname); + /* create output filename */ -- file_ext = outname+strlen(outname)-4; -+ file_ext = outname+strlen(outname); -+ if (file_ext >= outname + 4) -+ file_ext -= 4; -+ - if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 && - strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) { - /* try to derive basename */ -@@ -874,6 +891,13 @@ int main(int argc, char *argv[]) +- (void)strcpy(outname, fname); ++ (void)strlcpy(outname, fname, strlen(fname)+1); + + file_ext = outname+strlen(outname); + if (file_ext >= outname + 4) +@@ -771,7 +784,7 @@ static int processfile(char *fname, FILE *fp) } - } else { - for (i = ac;i<argc; i++) { -+ /* make sure that there is enough space for a '.p<NUM>' suffix; -+ this check catches also the '.gif' case below. */ -+ if (strlen(argv[i]) >= sizeof name - sizeof ".p" - 3 * sizeof(int)) { -+ fprintf(stderr, "%s: name too long\n", argv[i]); -+ errors = 1; -+ continue; -+ } - strcpy(name, argv[i]); + } + +- (void)strcpy(file_ext, ".png"); /* images are named .png, .p01, .p02, ... */ ++ (void)strlcpy(file_ext, ".png", 5); /* images are named .png, .p01, .p02, ... */ + + start = NULL; + +@@ -802,7 +815,7 @@ static int processfile(char *fname, FILE *fp) + ++numpngs; + start = NULL; + /*@-bufferoverflowhigh*/ +- (void)sprintf(file_ext, ".p%02d", i); ++ (void)snprintf(file_ext, 5, ".p%02d", i); + /*@=bufferoverflowhigh*/ + } + } +@@ -972,10 +985,10 @@ int main(int argc, char *argv[]) + continue; + } + +- (void)strcpy(name, argv[i]); ++ (void)strlcpy(name, argv[i], strlen(argv[i])+1); if ((fp = fopen(name, "rb")) == NULL) { /* retry with .gif appended */ +- (void)strcat(name, ".gif"); ++ (void)strlcat(name, ".gif", 5); + fp = fopen(name,"rb"); + } + if (fp == NULL) {
