From: Brad Smith <brad@comstyle.com>
Subject: UPDATE: giflib 5.2.2
To: ports@openbsd.org
Date: Wed, 28 Feb 2024 22:37:28 -0500

Here is an update to giflib 5.2.2.

CVE-2022-28506, CVE-2023-48161


Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/giflib/Makefile,v
retrieving revision 1.33
diff -u -p -u -p -r1.33 Makefile
--- Makefile	7 Nov 2023 14:19:33 -0000	1.33
+++ Makefile	29 Feb 2024 03:29:19 -0000
@@ -1,9 +1,8 @@
 COMMENT=	tools and library routines for working with GIF images
 
-DISTNAME=	giflib-5.2.1
-SHARED_LIBS +=	gif                  9.0      # 7.1
+DISTNAME=	giflib-5.2.2
+SHARED_LIBS +=	gif                  9.1      # 7.1
 CATEGORIES=	graphics
-REVISION=	0
 
 SITES=		${SITE_SOURCEFORGE:=giflib/}
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/giflib/distinfo,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 distinfo
--- distinfo	2 Jul 2022 14:13:43 -0000	1.7
+++ distinfo	29 Feb 2024 03:29:19 -0000
@@ -1,2 +1,2 @@
-SHA256 (giflib-5.2.1.tar.gz) = MdpVYvRMXxXWM0Cgmk/WK0jEViDNMC93ptms8Ad4eb0=
-SIZE (giflib-5.2.1.tar.gz) = 444187
+SHA256 (giflib-5.2.2.tar.gz) = vn/70FfK3r4qoURUL9kMaDjGoIO16KkEi47jtmsp1fs=
+SIZE (giflib-5.2.2.tar.gz) = 447175
Index: patches/patch-Makefile
===================================================================
RCS file: /cvs/ports/graphics/giflib/patches/patch-Makefile,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 patch-Makefile
--- patches/patch-Makefile	2 Jul 2022 14:13:43 -0000	1.3
+++ patches/patch-Makefile	29 Feb 2024 03:29:19 -0000
@@ -1,3 +1,6 @@
+- Correct document page install.
+  61f375082c80ee479eb8ff03189aea691a6a06aa
+
 hunk 1, disable -Wno-format-truncation, not available on some compilers?
 
 hunk 2, move quantize.c back to exported library, it was in the public
@@ -5,7 +8,7 @@ API prior to 5.2 and is used by various 
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935088
 https://src.fedoraproject.org/rpms/giflib/c/109bf038d703a471b857aba44af673be103d7079?branch=master
 
-hunk 3-4, library naming
+hunk 5-6, library handling
 
 Index: Makefile
 --- Makefile.orig
@@ -33,31 +36,61 @@ Index: Makefile
  UHEADERS = getarg.h
  UOBJECTS = $(USOURCES:.c=.o)
  
-@@ -61,13 +61,13 @@ UTILS = $(INSTALLABLE) \
+@@ -63,17 +63,21 @@ UTILS = $(INSTALLABLE) \
  
  LDLIBS=libgif.a -lm
  
--all: libgif.so libgif.a libutil.so libutil.a $(UTILS)
-+all: libgif.so.${LIBVER} libgif.a libutil.so libutil.a $(UTILS)
- 	$(MAKE) -C doc
- 
- $(UTILS):: libgif.a libutil.a
- 
--libgif.so: $(OBJECTS) $(HEADERS)
--	$(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,libgif.so.$(LIBMAJOR) -o libgif.so $(OBJECTS)
-+libgif.so.$(LIBVER): $(OBJECTS) $(HEADERS)
-+	$(CC) $(CFLAGS) -shared $(OFLAGS) -o libgif.so.$(LIBVER) $(OBJECTS)
+-MANUAL_PAGES = \
++MANUAL_PAGES_1 = \
+ 	doc/gif2rgb.xml \
+ 	doc/gifbuild.xml \
+ 	doc/gifclrmp.xml \
+ 	doc/giffix.xml \
+-	doc/giflib.xml \
+ 	doc/giftext.xml \
+ 	doc/giftool.xml
+ 
++MANUAL_PAGES_7 = \
++	doc/giflib.xml
++
++MANUAL_PAGES = $(MANUAL_PAGES_1) $(MANUAL_PAGES_7)
++
+ SOEXTENSION	= so
+-LIBGIFSO	= libgif.$(SOEXTENSION)
++LIBGIFSO	= libgif.$(SOEXTENSION).$(LIBVER)
+ LIBGIFSOMAJOR	= libgif.$(SOEXTENSION).$(LIBMAJOR)
+ LIBGIFSOVER	= libgif.$(SOEXTENSION).$(LIBVER)
+ LIBUTILSO	= libutil.$(SOEXTENSION)
+@@ -99,7 +103,7 @@ $(LIBGIFSO): $(OBJECTS) $(HEADERS)
+ ifeq ($(UNAME), Darwin)
+ 	$(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(OBJECTS) -o $(LIBGIFSO)
+ else
+-	$(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBGIFSOMAJOR) -o $(LIBGIFSO) $(OBJECTS)
++	$(CC) $(CFLAGS) -shared $(LDFLAGS) -o $(LIBGIFSO) $(OBJECTS)
+ endif
  
  libgif.a: $(OBJECTS) $(HEADERS)
- 	$(AR) rcs libgif.a $(OBJECTS)
-@@ -99,9 +99,7 @@ install-include:
- install-lib:
+@@ -109,7 +113,7 @@ $(LIBUTILSO): $(UOBJECTS) $(UHEADERS)
+ ifeq ($(UNAME), Darwin)
+ 	$(CC) $(CFLAGS) -dynamiclib -current_version $(LIBVER) $(OBJECTS) -o $(LIBUTILSO)
+ else
+-	$(CC) $(CFLAGS) -shared $(LDFLAGS) -Wl,-soname -Wl,$(LIBUTILMAJOR) -o $(LIBUTILSO) $(UOBJECTS)
++	$(CC) $(CFLAGS) -shared $(LDFLAGS) -o $(LIBUTILSO) $(UOBJECTS)
+ endif
+ 
+ libutil.a: $(UOBJECTS) $(UHEADERS)
+@@ -145,11 +149,10 @@ install-lib:
  	$(INSTALL) -d "$(DESTDIR)$(LIBDIR)"
  	$(INSTALL) -m 644 libgif.a "$(DESTDIR)$(LIBDIR)/libgif.a"
--	$(INSTALL) -m 755 libgif.so "$(DESTDIR)$(LIBDIR)/libgif.so.$(LIBVER)"
--	ln -sf libgif.so.$(LIBVER) "$(DESTDIR)$(LIBDIR)/libgif.so.$(LIBMAJOR)"
--	ln -sf libgif.so.$(LIBMAJOR) "$(DESTDIR)$(LIBDIR)/libgif.so"
-+	$(INSTALL) -m 755 libgif.so.$(LIBVER) "$(DESTDIR)$(LIBDIR)/libgif.so.$(LIBVER)"
+ 	$(INSTALL) -m 755 $(LIBGIFSO) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOVER)"
+-	ln -sf $(LIBGIFSOVER) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSOMAJOR)"
+-	ln -sf $(LIBGIFSOMAJOR) "$(DESTDIR)$(LIBDIR)/$(LIBGIFSO)"
  install-man:
- 	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
- 	$(INSTALL) -m 644 doc/*.1 "$(DESTDIR)$(MANDIR)/man1"
+-	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1"
+-	$(INSTALL) -m 644 $(MANUAL_PAGES) "$(DESTDIR)$(MANDIR)/man1"
++	$(INSTALL) -d "$(DESTDIR)$(MANDIR)/man1" "$(DESTDIR)$(MANDIR)/man7"
++	$(INSTALL) -m 644 $(MANUAL_PAGES_1:xml=1) "$(DESTDIR)$(MANDIR)/man1"
++	$(INSTALL) -m 644 $(MANUAL_PAGES_7:xml=7) "$(DESTDIR)$(MANDIR)/man7"
+ uninstall: uninstall-man uninstall-include uninstall-lib uninstall-bin
+ uninstall-bin:
+ 	cd "$(DESTDIR)$(BINDIR)" && rm -f $(INSTALLABLE)
Index: patches/patch-doc_Makefile
===================================================================
RCS file: patches/patch-doc_Makefile
diff -N patches/patch-doc_Makefile
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_Makefile	29 Feb 2024 03:29:19 -0000
@@ -0,0 +1,14 @@
+Disable calling a target which wants ImageMagick.
+
+Index: doc/Makefile
+--- doc/Makefile.orig
++++ doc/Makefile
+@@ -46,7 +46,7 @@ giflib-logo.gif: ../pic/gifgrid.gif
+ 	convert $^ -resize 50x50 $@
+ 
+ # Philosophical choice: the website gets the internal manual pages
+-allhtml: $(XMLALL:.xml=.html) giflib-logo.gif
++allhtml: $(XMLALL:.xml=.html)
+ 
+ manpages: $(XMLMAN1:.xml=.1) $(XMLMAN7:.xml=.7) $(XMLINTERNAL:.xml=.1)
+ 
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/graphics/giflib/pkg/PLIST,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 PLIST
--- pkg/PLIST	2 Jul 2022 14:13:43 -0000	1.12
+++ pkg/PLIST	29 Feb 2024 03:29:19 -0000
@@ -10,15 +10,9 @@ include/gif_lib.h
 @static-lib lib/libgif.a
 @lib lib/libgif.so.${LIBgif_VERSION}
 @man man/man1/gif2rgb.1
-@man man/man1/gifbg.1
 @man man/man1/gifbuild.1
 @man man/man1/gifclrmp.1
-@man man/man1/gifcolor.1
-@man man/man1/gifecho.1
 @man man/man1/giffix.1
-@man man/man1/gifhisto.1
-@man man/man1/gifinto.1
-@man man/man1/giflib.1
 @man man/man1/giftext.1
 @man man/man1/giftool.1
-@man man/man1/gifwedge.1
+@man man/man7/giflib.7