The release of giflib 5.1.9 removed GifQuantizeBuffer from its API as it was
undocumented. Unfortunately a number of third party programs were relying on
this function, and no longer built without it.
The original attempt to fix this was to build and install the libgifutil.so
library that now contains it, but this was done incorrectly (the SONAME was
broken) and required modifying those third party programs anyway to pull in
libgifutil (see e.g. multimedia/mplayer-share), which feels like completely
missing the point.
It is a lot simpler and less error-prone to simply revert the upstream decision
and put GifQuantizeBuffer back into the main library. This is the approach
that other upstreams (e.g. Fedora) have taken, and so we now do the same.
Bump PKGREVISION.
Changes:
Version 5.1.4
=============
Code Fixes
----------
* Fix SF bug #94: giflib 5 loves to fail to load images... a LOT.
* Fix SF Bug #92: Fix buffer overread in gifbuild.
* Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path
* Fix SF Bug #89: Fix buffer overread in gifbuild.
Version 5.1.3
=============
As of this version the library and code has been seriously abused by fuzzers,
smoking out crash bugs (now fixed) induced by various kinds of severely
malformed GIF.
Code Fixes
----------
* Prevent malloc randomess from causing the header output routine to emit
a GIF89 version string even when no GIF89 features are present. Only
breaks tests, not production code, but it's odd this wasn't caught sooner.
* Prevent malloc randomess from producing sporadic failures by causing
sanity checks added in 5.1.2 to misfire.
* Bulletproof gif2rgb against 0-height images. Addressed SF bug #78:
Heap overflow in gif2rgb with images of size 0, also SF bug #82.
* Remove unnecessary duplicate EGifClose() in gifcolor.c. Fixes SF bug #83
introduced in 5.1.2.
* Fix SF Bug #84: incorrect return of DGifSlurp().
Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Version 5.1.1
=============
Code Fixes
----------
* Numerous minor fixes in getarg.c. Affects only the utilities, not the
core library.
* Fix SourceForge bug #59 DGifOpen can segfault if DGifGetScreenDesc fails.
* SourceForge patch #20: In gifalloc, fix usage of realloc() in case of failure.
* Fix SourceForge bug #61 Leak in gifsponge.
Build Fixes
----------
* glibtoolize port fix for OS X.
=============
Changes to the API require a library major-version bump.
Code Fixes
----------
* A small change to the API: DGifClose() and EGifClose() now take a
pointer-to-int second argument (like the corresponding openers)
where a diagnostic code will be deposited when they return
GIF_ERROR. This replaces the old behavior in which the GifFile
structure was left unfreed so the Error member in it could be filled
and remain available. The change was was required because it's
not always possible to free the struct afterwards. Case in point is
a C# wrapper for giflib (or any language/environment where you can't
just free objects allocated in a foreign shared library.)
* Minor fix for SF bug 56; BitsPerPixel may be left as uninitialized
value when reading (truncated) gif.
* Applied SF patch 17: Use a fallback on Windows where mkstemp is not
available.
* Applied SF patch 15: Code hardening, preventing spurious
defective-image messages.
Retirements
-----------
* Removed gif2raw from utils. Its blithe assumption that the EGA16
palette is a reliable default is now about 20 years obsolete. Format
conversion is better done with convert(1) from the ImageMagick suite,
anyway.
Changelog:
Version 5.0.4
=============
Fix for a rare misrendering bug when a GIF overruns the decompression-code
table. The image on which this was spotted was a relatively long-running
animated GIF; still images of ordinary size should have been immune.
Version 5.0.3
=============
Fix a build-system glitch so it will install manpages.
Version 5.0.2
=============
Documentation and polish
------------------------
* Partial build is now possible on systems without xmlto.
Code Fixes
----------
* Change unused return of EGifSetGifVersion() to void.
* Buffer overrun prevention in gifinto.
Version 5.0.1
=============
Documentation and polish
------------------------
* There is now an installable manual page for the GIFLIB utility kit.
Retirements
-----------
* gifinter is gone. Use convert -interlace from the ImageMagic suite.
Code Fixes
----------
* In 5.0.0 the private gif89 bit wasn't being guaranteed cleared at
the beginning of EGifGetGifVersion(); this occasionally led to an
incorrect version prefix being issued dependent on the state of
malloced memory.
* An EGifSetGifVersion() function taking a GifFile argument has been
added for use with the low-level sequential API. This change requires
a bump of the library revision number.
Version 5.0.0
=============
Changes to the API require a library major-version bump. Certain
initialization functions have acquired an integer address argument for
passing back an error code, in order to avoid thread-unsafe static
storage. Application code using extension blocks will require minor
changes. A few functions have been renamed.
Code Fixes
----------
* Fixes applied for CVE-2005-2974 and CVE-2005-3350
This closes Debian bug #337972.
New API Features
----------------
Thread Safety
~~~~~~~~~~~~~
The library is now completely re-entrant and thread-safe.
* Library error handling no longer uses a static cell to store the last
error code registered; that made the library thread-unsafe. For functions
other than GIF file openers, the code is now put in an Error member of
the GifFileType structure. The GifError() amd GifLastError() functions
that referenced that static cell are gone, and the GifErrorString()
function introduced in the 4.2 release now takes an explicit error code
argument.
* GIF file openers - DGifOpenFileName(), DGifOpenFileHandle(), DGifOpen(),
EGifOpenFileName(), EGifOpenFileHandle(), and EGifOpen() - all now take
a final integer address argument. If non-null, this is used to pass
back an error code when the function returns NULL.
Extensions
~~~~~~~~~~
The ExtensionBlock API has been repaired, solving some problems with GIF89
extension handling in earlier versions.
* DGifSlurp() and EGifSpew() now preserve trailing extension blocks with
no following image file.
* Three documented functions - EGifPutExtensionFirst(), EGifPutExtensionNext(),
and EGifPutExtensionLast() - have been relaced by new functions
EGifPutExtensionLeader(), EGifPutExtensionBlock(), and
EGifPutExtensionTrailer(). See the Compatibility section of
the library API documentation for details.
* New functions DGifSavedExtensionToGCB() and EGifGCBToSavedExtension()
make it easy to read and edit GIF89 graphics control blocks in saved images.
Namespacing
~~~~~~~~~~~
All functions exported by giflib now have DGif, EGif, or Gif as a name prefix.
* Three documented functions - MakeMapObject(), FreeMapObject(), and
UnionColorMap() - have been renamed to GifMakeMapObject(),
GifFreeMapObject(), and GifUnionColorMap() respectively.
* The library Draw* functions are now prefixed GifDraw*, and the
text-drawing ones are suffixed with "8x8". This fixes a conflict
with the Windows API and leaves the door open for more general text-drawing
functions with different font sizes.
Other changes
~~~~~~~~~~~~~
* DGifSlurp() and EGifSpew() now read and write interlaced images properly.
* The amazingly obscure colormap sort flag and pixel aspect ratio
features of GIF are now read and preserved, for whatever good that
may do.
* Six undocumented functions have been renamed; five of these take additional
or slightly different argument types. See the Compatibility section of
the library API documentation for details.
* There's now an EGifGetGifVersion() that computes the version EGifSpew()
will write.
* QuantizeBuffer() has been returned to the core library as GifQuantizeBuffer()
- turns out some important applications (notably mplayer) were using it.
* TRUE and FALSE macros are gone, also VoidPtr. No more namespace pollution.
* Various arguments have been made const where possible.
Retirements
-----------
* The (undocumented) gifinfo utility is gone. Use giftool -f instead.
* The gifburst utility is gone. Everybody has image viewers that
can pan now, and removing it gets rid of a dependency on Perl.
* gifcompose is gone. It was a decent idea when I wrote it in 1989,
but I did the same thing better and cleaner a decade later with
PILdriver in the PIL package. Removing it gets rid of a dependency
on shell.
* gif2x11 gifasm, gifcomb, gifflip, gifovly, gifpos, gifresize, and gifrotate
are all gone. The ImageMagick display(1)/convert(1) utilities and PILdriver
do these things better and in a format-independent way.
* Lennie Araki's Windows C++ wrapper is gone. It's eight years old,
unmaintained, he has dropped out of sight, and a better one needs to
be written to use the high-level GIFLIB API and GIF89 graphics
control extension support. We'll carry such a wrapper when we have
a maintainer for it.
* EGifSetVersion(), introduced in 4.2, is gone. The library always
writes GIF87 or GIF89 as required by the data. This change helps
with thread safety.
Utilities
---------
* Several utilities have been renamed to (a) fix last-century's habit
of arbitarily smashing vowels out of names to make them just one or two
characters shorter, (b) ensure that every utility in this set has 'gif'
as a name prefix. Here's the list:
giffiltr -> giffilter
gifspnge -> gifsponge
icon2gif -> gifbuild
text2gif -> gifecho
raw2gif -> gif2raw
* To go with its new name, gif2raw now dumps raw pixels from a GIF if the
(previously required) size option is missing.
* Standalone rgb2gif is gone; the same capability is now a mode of gif2rgb.
* giftext displays the parsed contents of GIF89 graphics control blocks.
* gifbuild handles GIF89 graphics control blocks and Netscape animation
loop blocks; it can can display and update either.
* gifrotate and other filter utilities now preserve extension blocks,
including the graphics control information for transparency and delay time.
* A new utility, giftool, supports a wide variety of filtering operations
on GIFs, including: setting background and transparency colors, changing
interlacing, setting image delays, setting the user-input flag, and setting
the aspect-ratio byte. It can sequence multiple operations.
* The test-pattern generators gifbg, gifcolor, gihisto and gifwedge and the
code templates giffilter and gifsponge are no longer installed by default.
Documentation and polish
------------------------
* The history.txt and build.txt and files from 4.2.0 now have .asc extensions
to indicate that they use asciidoc markup, contrasting with the txt
standards files from CompuServe.
* The documentation now includes "What's In A GIF", a very detailed narrative
description of the file format.
* The -A option of gifasm (for inserting a loop control block) is documented.
* The documentation directory includes a copy of the original GIF87
specification as well as GIF89's.
* The project now has a logo.
Version 4.2.0
=============
Now maintained by ESR again after handoff by Toshio Kuratomi.
Code Fixes
----------
* Code updated internally to C99 to enable more correctness checks by
the compiler. Compiles under GCC 4.6.1 without errors or warnings.
* A rare resource leak in the colormap-object maker was found with
Coverity and fixed.
* The code now audits clean under Coverity and cppcheck.
* splint cleanup begun, there's a lot of work still to do on this.
New API Features
----------------
* The default GIF version to write is now computed at write time from
the types of an image's extension blocks, but can be overridden with
EGifSetGifVersion().
* EGifSpew() is now thread-safe.
* Two new functions, GifError() and GifErrorString(),
return the error state in a form that can be used by programs.
* Two library functions - EGifOpenFileName() and EGifPutImageDesc() -
now have bool rather than int flag arguments. Since bool is a
typedef of int and TRUE/FALSE have been redefined to true/false,
both source and object compatibility with older library versions
should be preserved.
* GAGetArgs(), used only in the utilities, now returns bool rather
than int.
* The undocumented GIF_LIB_VERSION symbol is gone from the library header.
It has been replaced with three documented symbols: GIFLIB_MAJOR,
GIFLIB_MINOR, and GIFLIB_RELEASE.
Retirements
-----------
* The gif2epsn and gif2iris utilities are gone. They were full of
platform dependencies for platforms long dead. There are enough
platform-independent GIF viewers in the world that these weren't
adding any value. Removing these gets rid of a dependency on GL.
* The rle2gif, gif2rle, and gif2ps utilities are also gone. There are enough
multiformat image converters in the world that these weren't adding
any value either. Removing them reduces the codebase's dependencies.
* The undocumented DumpScreen2Gif() is gone from the library. The
only non-obsolete capture mode it supported was through X, and that
probably hasn't been used in years and is replaceable by any number
of capture utilities. Dropping this code makes the library's
portability issues go away.
* QuantizeBuffer(), GifQprintf(), PrintGifError(), GIF_ERROR()
and GIF_MESSAGE() have been removed from the core library.
They were used only by the utilities. QuantizeBuffer() has been
inlined where it was used and the latter three are now part of the
utility support library.
* The Game Boy Advanced test code is gone. The platform was discontinued
in 2008; more to the point, nobody ever documented the code's assumptions
or expected results.
* The Changelog file is now retained for archival purposes only, and because
autotools throws a hissy fit if there isn't one. The single point of
truth about changes and the reasons for them is the repository history.
Behavior changes
----------------
* The -q option of the utilities is replaced by an opposite -v (verbose)
option; the default is now quiet for all platforms. Defaulting to chattiness
on MSDOS made sense in a world of slow text consoles, but not today.
Testing
-------
* There is now a proper regression-test suite; run 'make' in tests/.
The old test-unx script is now tests/visual-check and can be run
occasionally for a check with the Mark One Eyeball.
Documentation
-------------
* Build instructions now live in build.txt
* An overview of the giflib API now lives in api.txt.
* Documentation is now in DocBook-XML, so either HTML or man pages can
be generated from it.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.