Change log for gdk-pixbuf package in Ubuntu
1 → 75 of 172 results | First • Previous • Next • Last |
gdk-pixbuf (2.42.12+dfsg-1) unstable; urgency=high * Team upload * New upstream release - Reject malformed .ani files, including one category that can cause memory corruption (CVE-2022-48622) * d/rules: Keep .ani, .bmp, .icns, .ico, .pnm, .qtif, .tga, .xbm, .xpm loaders enabled for now. They are weakly maintained, and no longer enabled by default upstream to reduce security exposure, but disabling them would be a feature regression, which we shouldn't do in the same upload as a security fix. * d/rules: Disable miscellaneous loaders for the udeb, which as far as we know only needs PNG support * d/copyright: Pre-generated HTML documentation no longer needs excluding * Set high urgency for security fix -- Simon McVittie <email address hidden> Thu, 16 May 2024 15:25:37 +0100
Available diffs
Superseded in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
gdk-pixbuf (2.42.10+dfsg-3ubuntu3) noble; urgency=medium * Rebuild against new libpng16-16t64. -- Gianfranco Costamagna <email address hidden> Tue, 16 Apr 2024 15:33:12 +0200
Available diffs
gdk-pixbuf (2.42.10+dfsg-3ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 01:04:18 +0000
Available diffs
gdk-pixbuf (2.42.10+dfsg-3ubuntu1) noble; urgency=medium * Drop dh-sequence-gnome from Build-Depends -- Zixing Liu <email address hidden> Fri, 08 Mar 2024 15:37:24 -0700
Available diffs
Superseded in noble-proposed |
gdk-pixbuf (2.42.10+dfsg-3build1) noble; urgency=medium * No-change rebuild against libpng16-16t64 -- Steve Langasek <email address hidden> Thu, 29 Feb 2024 06:36:05 +0000
Available diffs
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
gdk-pixbuf (2.42.10+dfsg-3) unstable; urgency=medium * Team upload * d/control, d/rules: Reinstate dh-sequence-gnome, but disable control.in. Ubuntu uses this sequence to pull in the Ubuntu-specific dh_translations. * d/control: Add ${gir:Depends} to -dev package * d/control: Use ${gir:Provides} instead of hard-coding it. gobject-introspection (>= 1.78.1-5~) generates this for us. -- Simon McVittie <email address hidden> Tue, 14 Nov 2023 10:02:24 +0000
Available diffs
Superseded in noble-proposed |
gdk-pixbuf (2.42.10+dfsg-2) unstable; urgency=medium * Team upload [ Amin Bandali ] * Change packaging branch to debian/latest [ Simon McVittie ] * d/clean: Clean up debian/tmp-udeb/, obj-udeb/ (Closes: #1045013) * d/rules: Fix escaped newline. No functional change, because the options after the incorrect newline were explicitly setting default behaviour anyway. * d/.gitignore: Add * d/control: Stop generating from a template. We don't use any of the other dh-sequence-gnome features (there are no libtool archives, and we don't use the gnome:Foo family of substvars) so drop the build-dependency on dh-sequence-gnome. * d/control: Add Provides on gir1.2-*-dev package names. Adding versioned Provides on gir1.2-*-dev corresponding to each GIR XML file is a small step towards being able to exclude GObject-Introspection with a build-profile when cross-compiling. (Helps: #1030223) * Remove version constraints unnecessary since bullseye (oldstable) * Update standards version to 4.6.2, no changes needed. -- Simon McVittie <email address hidden> Wed, 01 Nov 2023 23:29:20 +0000
Superseded in noble-release |
Published in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
gdk-pixbuf (2.42.10+dfsg-1build1) lunar; urgency=medium * Rebuild against latest tiff -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 07:26:19 -0500
Available diffs
gdk-pixbuf (2.42.9+dfsg-1ubuntu1) kinetic; urgency=medium * debian/patches/git_jpg_memlimit.patch: - increase the new jpg loader memory limitation to 1GB, the 100MB value previously used isn't enough for highres images (lp: #1998263) -- Sebastien Bacher <email address hidden> Fri, 13 Jan 2023 12:20:08 +0100
Available diffs
gdk-pixbuf (2.42.10+dfsg-1) unstable; urgency=medium * Team upload * New upstream release - Increase memory limit for JPEGs to 1 GiB * Update standards version to 4.6.1 (no changes needed) * d/upstream/metadata: Update Gitlab URLs -- Simon McVittie <email address hidden> Fri, 18 Nov 2022 19:13:50 +0000
Available diffs
gdk-pixbuf (2.42.8+dfsg-1ubuntu0.2) jammy; urgency=medium * debian/patches/debian_queryloader_dir.patch: - fix the directory referenced for gdk-pixbuf-query-loaders in the .pc since that file is moved by the packaging (lp: #1993785) -- Sebastien Bacher <email address hidden> Fri, 21 Oct 2022 09:26:30 +0200
Available diffs
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.4) focal-security; urgency=medium * SECURITY UPDATE: Heap-Buffer-Overflow - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size in gdk-pixbuf/lzw.c. - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value of LZW initial code size in gdk-pixbuf/io-gif.c. - debian/patches/CVE-2021-44648-3.patch: Add tests for GIF files with invalid LZW code size in tests/tests-images/fail/* and tests/tests-images/gif-test-suite/*. - debian/source/include-binaries: add tests binaries to the package - CVE-2021-44648 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 07 Sep 2022 12:05:42 -0300
Available diffs
gdk-pixbuf (2.42.8+dfsg-1ubuntu0.1) jammy-security; urgency=medium * SECURITY UPDATE: Heap-Buffer-Overflow - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size in gdk-pixbuf/lzw.c. - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value of LZW initial code size in gdk-pixbuf/io-gif.c. - debian/patches/CVE-2021-44648-3.patch: Add tests for GIF files with invalid LZW code size in tests/tests-images/fail/* and tests/tests-images/gif-test-suite/*. - debian/source/include-binaries: add tests binaries to the package - CVE-2021-44648 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 07 Sep 2022 11:14:12 -0300
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
gdk-pixbuf (2.42.9+dfsg-1) unstable; urgency=medium * New upstream release * d/rules, d/control.in: Build-depend on python3-docutils for man pages. We no longer need docbook DTDs or stylesheets. We still need xsltproc, but only if we're building the udeb. * d/watch: Update options * d/changelog: Remove trailing whitespace * d/copyright: Stop excluding gi-docgen, no longer in upstream tarballs * d/copyright: Exclude prebuilt documentation when importing tarball * debian/patches/debian_queryloader_dir.patch: Format patch metadata for gbp pq * d/p/tests-Tolerate-either-CORRUPT_IMAGE-or-INSUFFICIENT_MEMOR.patch: Add patch to work around test failures with very large JPEG. Be less demanding about the exact error behaviour, but instead just require there to be an error. -- Simon McVittie <email address hidden> Tue, 16 Aug 2022 11:20:11 +0100
Available diffs
- diff from 2.42.8+dfsg-2 to 2.42.9+dfsg-1 (37.7 KiB)
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.3) focal-security; urgency=medium * SECURITY UPDATE: Buffer overwrite in io-gif-animation.c composite_frame() (LP: #1982898) - debian/patches/CVE-2021-46829.patch: gif: Check for overflow when compositing or clearing frames. - CVE-2021-46829 -- Joshua Peisach <email address hidden> Tue, 26 Jul 2022 20:42:00 -0400
Available diffs
gdk-pixbuf (2.42.8+dfsg-2) unstable; urgency=medium * debian/patches/debian_queryloader_dir.patch: - fix the directory referenced for gdk-pixbuf-query-loaders in the .pc since that file is moved by the packaging -- Sebastien Bacher <email address hidden> Wed, 27 Jul 2022 15:23:37 +0200
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
gdk-pixbuf (2.42.8+dfsg-1) unstable; urgency=medium [ Jeremy Bicha ] * New upstream release * debian/control.in: Loosen dependency on libgdk-pixbuf2.0-common. This fixes an issue seen repeatedly in Ubuntu when the amd64 (+all) build finishes and is published before one of the other arches starts to build. * Build-Depend on gi-docgen * Build-Depend on dh-sequence-gir & dh-sequence-gnome * debian/rules: Update configure flags * debian/rules: Drop unneeded -Wl,--as-needed * debian/copyright: Use shorter CC0-1.0 text * debian/rules: Handle over-aggressive dh_fixperms for installed-tests [ Simon McVittie ] * Use debhelper compat level 13 - We can now use debhelper substitutions for DEB_HOST_MULTIARCH in d/libgdk-pixbuf-2.0-0.install, rather than using dh-exec. - We can now pass `meson test` options to dh_auto_test, which no longer uses `ninja test` directly. -- Jeremy Bicha <email address hidden> Mon, 28 Mar 2022 15:44:22 -0400
Available diffs
gdk-pixbuf (2.42.6+dfsg-2ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Łukasz 'sil2100' Zemczak <email address hidden> Wed, 23 Mar 2022 14:53:52 +0100
Available diffs
gdk-pixbuf (2.42.6+dfsg-2ubuntu2) jammy; urgency=medium * Build with the release pocket only. -- Matthias Klose <email address hidden> Wed, 20 Oct 2021 16:31:41 +0200
Available diffs
Superseded in jammy-proposed |
gdk-pixbuf (2.42.6+dfsg-2ubuntu1) jammy; urgency=high * debian/control.in: Loosen dependency on libgdk-pixbuf2.0-common -- Jeremy Bicha <email address hidden> Tue, 19 Oct 2021 20:02:08 -0400
Available diffs
Superseded in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
Deleted in impish-proposed (Reason: Moved ot jammy) |
gdk-pixbuf (2.42.6+dfsg-1build3) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:11:52 +0200
Available diffs
Superseded in jammy-proposed |
gdk-pixbuf (2.42.6+dfsg-2) unstable; urgency=medium * Team upload * Upload to unstable -- Simon McVittie <email address hidden> Sun, 15 Aug 2021 14:39:53 +0100
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
gdk-pixbuf (2.42.6+dfsg-1build2) impish; urgency=medium * Rebuild against release pocket. -- Gianfranco Costamagna <email address hidden> Fri, 04 Jun 2021 11:57:23 +0200
Available diffs
Superseded in impish-proposed |
gdk-pixbuf (2.42.6+dfsg-1) experimental; urgency=medium * Team upload * New upstream release * Drop patches that were applied upstream * d/copyright: Exclude pregenerated documentation and fonts from .orig.tar.xz * d/copyright: Use standalone license paragraphs * d/copyright: Update * d/README.source: Describe how to update to a new upstream. This is not quite the same as other GNOME packages because we have to repack the tarball. * Build documentation with gi-docgen - d/p/gi-docgen/Disable-web-fonts-for-now.patch: Disable use of remote or bundled fonts - d/p/gi-docgen/templates-Remove-html5shiv.patch: Disable use of remote html5shiv - d/rules: Use bundled gi-docgen even if it's installed system-wide. Until it's declared stable, the upstream recommendation is to vendor gi-docgen, which means Policy §4.13 allows an embedded code copy. * Build the PNG and JPEG loaders into the library. This matches upstream's recommendation: building these loaders in is one less thing that can go wrong. For the udeb, we previously installed the production library and the PNG loader; now we build a separate library that can only load PNGs. This means the udeb doesn't actually need loadable modules at all. Create an empty loaders.cache file, just to prevent warnings. * d/control: Add -dev dependencies on libjpeg-dev, libtiff-dev. The pkg-config metadata now depends on these. -- Simon McVittie <email address hidden> Wed, 02 Jun 2021 21:29:21 +0100
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
gdk-pixbuf (2.42.2+dfsg-1build1) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:33:18 +0100
Available diffs
gdk-pixbuf (2.40.0+dfsg-5ubuntu0.2) groovy-security; urgency=medium * SECURITY UPDATE: integer underflow in GIF loader - debian/patches/CVE-2021-20240.patch: check for overflow in gdk-pixbuf/io-gif-animation.c. - CVE-2021-20240 -- Marc Deslauriers <email address hidden> Thu, 18 Feb 2021 09:39:36 -0500
Available diffs
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: integer underflow in GIF loader - debian/patches/CVE-2021-20240.patch: check for overflow in gdk-pixbuf/io-gif-animation.c. - CVE-2021-20240 -- Marc Deslauriers <email address hidden> Thu, 18 Feb 2021 09:41:16 -0500
Available diffs
gdk-pixbuf (2.42.2+dfsg-1) unstable; urgency=medium * Team upload * New upstream release, without the Xlib API - Fix infinite loop on invalid LZW codes in the GIF loader (Closes: #977166, CVE-2020-29385) * d/patches: Update to upstream 2.42.2-6-g89a4cedc - Make enum GType registration thread-safe - Fix memory leaks in test code - Update Romanian translation * d/rules: Update Meson parameter names * Update versioned build-dependencies * d/patches: Change how the test for GNOME#753605 is avoided. Instead of deleting the code, which will cause merge conflicts on new upstream versions, just skip the test if the non-free file is missing. * Stop deleting .la files. This package no longer uses libtool, so there are none. * d/rules: Don't chmod a file that is no longer shipped * Don't try to remove non-determinism from test data. Some of the images included with the tests are deliberately malformed. * d/patches: Add proposed patches to run all the tests, and make them pass * d/copyright: Remove information about contrib/, which was removed. The former contrib directory from this source package has moved to the gdk-pixbuf-xlib source package. -- Simon McVittie <email address hidden> Sat, 12 Dec 2020 22:57:45 +0000
Available diffs
gdk-pixbuf (2.40.0+dfsg-5ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: infinite loop in write_indexes - debian/patches/CVE-2020-29385.patch: fix LZW decoder accepting invalid LZW code in gdk-pixbuf/lzw.c. - CVE-2020-29385 -- Marc Deslauriers <email address hidden> Tue, 08 Dec 2020 08:30:38 -0500
Available diffs
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: infinite loop in write_indexes - debian/patches/CVE-2020-29385.patch: fix LZW decoder accepting invalid LZW code in gdk-pixbuf/lzw.c. - CVE-2020-29385 -- Marc Deslauriers <email address hidden> Tue, 08 Dec 2020 08:32:30 -0500
Available diffs
Superseded in hirsute-proposed |
gdk-pixbuf (2.40.0+dfsg-10build2) hirsute; urgency=medium * Rebuild against hirsute proposed pocket -- Gianfranco Costamagna <email address hidden> Tue, 08 Dec 2020 13:22:58 +0100
Available diffs
Superseded in hirsute-proposed |
gdk-pixbuf (2.40.0+dfsg-10) unstable; urgency=medium * Team upload * Release to unstable, without the Xlib API which is now provided by src:gdk-pixbuf-xlib (Closes: #974870) -- Simon McVittie <email address hidden> Sun, 06 Dec 2020 13:21:23 +0000
Available diffs
gdk-pixbuf (2.40.0+dfsg-8) unstable; urgency=medium * Team upload * Generate shlibs dependencies without a transitional alternative. The libgdk-pixbuf-2.0-0 and libgdk-pixbuf-xlib-2.0-0 packages are now available in testing, so we don't need an alternative dependency on libgdk-pixbuf2.0-0 for a smooth transition. This avoids an apparently-circular dependency between libgdk-pixbuf-xlib-2.0-0 and the transitional libgdk-pixbuf2.0-0. (Closes: #975904) * Standards-Version: 4.5.1 (no changes required) * Don't install tests/test-images/fail/file3.jp2 as executable. It isn't an executable or script. -- Simon McVittie <email address hidden> Sat, 28 Nov 2020 13:32:25 +0000
Available diffs
Superseded in hirsute-proposed |
gdk-pixbuf (2.40.0+dfsg-7build1) hirsute; urgency=medium * Bootstrap from hirsute archive -- Gianfranco Costamagna <email address hidden> Mon, 23 Nov 2020 14:42:41 +0100
Available diffs
Deleted in hirsute-proposed (Reason: remove gdk-pixbuf from proposed, uninstallable) |
gdk-pixbuf (2.40.0+dfsg-7) unstable; urgency=medium * Team upload * Release to unstable -- Simon McVittie <email address hidden> Sun, 22 Nov 2020 15:45:56 +0000
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
gdk-pixbuf (2.40.0+dfsg-5) unstable; urgency=medium * rules: Don't mangle PNGs in gdk-pixbuf-tests (for Ubuntu) -- Iain Lane <email address hidden> Mon, 01 Jun 2020 17:05:16 +0100
Available diffs
Superseded in groovy-proposed |
gdk-pixbuf (2.40.0+dfsg-4build4) groovy; urgency=medium * No change rebuild. The resources embedded in the test binaries in that package appear to be incomplete (missing ICC profile in PNG images for example). -- Iain Lane <email address hidden> Mon, 01 Jun 2020 15:43:24 +0100
Available diffs
Superseded in groovy-proposed |
gdk-pixbuf (2.40.0+dfsg-4build3) groovy; urgency=medium * Rebuild against bootstrapped gdk-pixbuf -- Gianfranco Costamagna <email address hidden> Tue, 28 Apr 2020 19:46:04 +0200
Available diffs
Superseded in groovy-proposed |
gdk-pixbuf (2.40.0+dfsg-4build2) groovy; urgency=medium * Rebuild against bootstrapped gdk-pixbuf -- Gianfranco Costamagna <email address hidden> Tue, 28 Apr 2020 19:46:04 +0200
Available diffs
Superseded in groovy-proposed |
gdk-pixbuf (2.40.0+dfsg-4) unstable; urgency=medium * Do not rebuild the documentation when it's not necessary * debian/control.in: Bump Standards-Version to 4.5.0 * Ship the installed tests and run them in the dep8 tests -- Laurent Bigonville <email address hidden> Wed, 08 Apr 2020 14:34:38 +0200
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
gdk-pixbuf (2.40.0+dfsg-3) unstable; urgency=medium * debian/rules: Make the tests non-fatal on kfreebsd-amd64 -- Laurent Bigonville <email address hidden> Sun, 08 Mar 2020 18:35:39 +0100
Available diffs
- diff from 2.40.0+dfsg-2 to 2.40.0+dfsg-3 (847 bytes)
gdk-pixbuf (2.40.0+dfsg-2) unstable; urgency=medium * Team upload * d/tests/build: Mark as superficial * d/tests/build: Make autopkgtest cross-test-friendly. Use an appropriate cross-compiler and cross-pkg-config when using proposed autopkgtest cross-testing support. Thanks to Steve Langasek. (Closes: #946374) * d/tests/build: Fail on references to unset variables * d/tests/build: Fix shellcheck warnings * Bump Standards-Version to 4.4.1 -- Simon McVittie <email address hidden> Thu, 26 Dec 2019 16:33:27 +0000
Available diffs
gdk-pixbuf (2.40.0+dfsg-1ubuntu1) focal; urgency=medium * Make autopkgtests cross-test-friendly. -- Steve Langasek <email address hidden> Sat, 07 Dec 2019 16:54:54 -0800
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to Release) |
gdk-pixbuf (2.40.0+dfsg-1build1) eoan; urgency=medium * No-change rebuild to avoid ABI dependency on now-removed glib2.0 -- Adam Conrad <email address hidden> Mon, 14 Oct 2019 02:14:10 -0600
Available diffs
Superseded in eoan-proposed |
gdk-pixbuf (2.40.0+dfsg-1) unstable; urgency=medium * New upstream release [ Simon McVittie ] * Re-import upstream source code with non-free test data excluded * d/gbp.conf: Disable automatic merging of upstream VCS tags. This doesn't work well with +dfsg versions. -- Sebastien Bacher <email address hidden> Thu, 10 Oct 2019 17:38:01 +0200
Available diffs
- diff from 2.39.2-3 to 2.40.0+dfsg-1 (4.2 KiB)
gdk-pixbuf (2.39.2-3) experimental; urgency=medium * debian/rules: - use dh_missing --fail-missing -- Sebastien Bacher <email address hidden> Wed, 14 Aug 2019 21:40:38 +0200
Available diffs
- diff from 2.38.1+dfsg-1 to 2.39.2-3 (73.4 KiB)
gdk-pixbuf (2.32.2-1ubuntu1.6) xenial-security; urgency=medium * SECURITY UPDATE: stack corruption via crafted file folder - debian/patches/CVE-2017-12447-1.patch: reject bogus depth in gdk-pixbuf/io-bmp.c. - debian/patches/CVE-2017-12447-2.patch: reject impossible palette size in gdk-pixbuf/io-bmp.c. - CVE-2017-12447 -- Marc Deslauriers <email address hidden> Wed, 20 Mar 2019 11:43:33 -0400
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
gdk-pixbuf (2.38.1+dfsg-1) unstable; urgency=medium * New upstream release - Add variables in the pkg-config files for binary utilities - Fix error handling in PNG loader - Fix introspection generation - Fix OOM in JPEG2000 loader - Fix thumbnailing of animated GIFs - Improve reproducibility of the build - Multiple improvements to the GIF loader - Speed up saving PNG files * Drop upstream patches. - Use-basename-instead-of-filename.patch, build-Include-gdk-pixdata.c-when-building-GdkPixbuf-2.0.g.patch: Included in this release -- Iain Lane <email address hidden> Mon, 04 Mar 2019 14:31:35 +0000
Available diffs
- diff from 2.38.0+dfsg-7 to 2.38.1+dfsg-1 (232.9 KiB)
gdk-pixbuf (2.38.0+dfsg-7) unstable; urgency=medium * debian/rules: Stop including gnome-get-source.mk, use uscan instead * debian/libgdk-pixbuf2.0-0.symbols: Set Build-Depends-Package * Add -Wl,-O1 -Wl,-z,defs -Wl,--as-needed to our LDFLAGS * Enable all hardening flags * Bump Standards-Version to 4.3.0 -- Jeremy Bicha <email address hidden> Sun, 23 Dec 2018 22:44:55 -0500
Available diffs
- diff from 2.38.0+dfsg-6 to 2.38.0+dfsg-7 (1.2 KiB)
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
gdk-pixbuf (2.38.0+dfsg-6) unstable; urgency=medium * Team upload * gir1.2-gdkpixbuf-2.0 Breaks: libgtk3-perl (<< 0.034-2~), to avoid #908323 being reported as an autopkgtest regression in gtk+3.0 * d/watch: Use dversionmangle to remove +dfsg suffix (thanks, Lintian) * d/copyright: Correct syntax for matching contrib/gdk-pixbuf-xlib/gdk-pixbuf-xlibrgb.?. Machine-readable copyright file format supports * and ? wildcards, but not [ch]. * d/copyright: Remove stanzas for files that are no longer included * Enable bindnow linker hardening * gir1.2-gdkpixbuf-2.0 Provides gir1.2-gdkpixdata-2.0, to reflect its contents - Remove lintian overrides that are no longer necessary -- Simon McVittie <email address hidden> Wed, 19 Sep 2018 11:57:58 +0100
Available diffs
- diff from 2.38.0+dfsg-5 to 2.38.0+dfsg-6 (2.2 KiB)
gdk-pixbuf (2.38.0+dfsg-5) unstable; urgency=medium [ Jeremy Bicha ] * debian/rules: Use meson test --print-errorlogs dh_auto_test normally does that for us [ Iain Lane ] * Add new patch to include gdk-pixdata.c when building the GdkPixbuf gir. This fixes broken introspection metadata that at least would have broken libgtk3-perl. (Closes: #908673) -- Iain Lane <email address hidden> Thu, 13 Sep 2018 12:50:53 +0100
Available diffs
- diff from 2.38.0+dfsg-4 to 2.38.0+dfsg-5 (1.3 KiB)
gdk-pixbuf (2.38.0+dfsg-4) unstable; urgency=medium [ Jeremy Bicha ] * Update debian/gbp.conf * debian/libgdk-pixbuf2.0-0.install: Use ${DEB_HOST_MULTIARCH} less. Thanks lintian. [ John Paul Adrian Glaubitz ] * debian/rules: Have dh_auto_test override honor nocheck (Closes: #908373) [ Chris Lamb ] * Add Use-basename-instead-of-filename.patch: - Proposed patch for reproducible builds and multi-arch co-installability (Closes: #908309) -- Jeremy Bicha <email address hidden> Sun, 09 Sep 2018 08:12:01 -0400
Available diffs
- diff from 2.36.12-2 to 2.38.0+dfsg-4 (831.6 KiB)
gdk-pixbuf (2.36.12-2) unstable; urgency=medium * Team upload [ Hugh McMaster ] * Move gdk-pixbuf-csource and gdk-pixbuf-pixdata into libgdk-pixbuf2.0-bin (Closes: #876183, #882785). * Update the package description for libgdk-pixbuf2.0-bin. * Mark libgdk-pixbuf2.0-dev Multi-Arch: same (Closes: #689125). [ Simon McVittie ] * Update versioned Breaks/Replaces * Remove /usr/bin/gdk-pixbuf-query-loaders symlink from -dev package. It has architecture-dependent output and breaks Multi-Arch: same co-installability. Debian packages do not seem to rely on this tool being in PATH. * d/copyright: Update -- Simon McVittie <email address hidden> Tue, 21 Aug 2018 15:15:42 +0100
Available diffs
- diff from 2.36.12-1 to 2.36.12-2 (2.4 KiB)
gdk-pixbuf (2.36.12-1) unstable; urgency=medium * Team upload * New upstream release - Drop all patches, applied upstream * d/copyright: Mention gtk-doc.make and m4/gtk-doc.m4 * d/p/Remove-test-for-GNOME-753605.patch: Patch out test for GNOME#753605. It relies on non-free test data (that is malformed in the right way to exhibit the bug), which was not included in the upstream 2.36.12 tarball. (Note to future maintainers: when packaging versions 2.37+ please check that the non-free file is not included.) * Set Rules-Requires-Root to no * Standards-Version: 4.1.5 (no changes required) * Use debhelper 11 compat level * d/copyright: Correct syntax * Upgrade udeb from deprecated priority extra to optional * Remove ineffective lintian override for the udeb * d/libgdk-pixbuf2.0-0.lintian-overrides: Document non-SONAME-based package name -- Simon McVittie <email address hidden> Thu, 26 Jul 2018 10:44:54 +0100
Available diffs
- diff from 2.36.11-2 to 2.36.12-1 (213.5 KiB)
gdk-pixbuf (2.32.2-1ubuntu1.5) xenial; urgency=medium * Convert triggers to noawait (LP: #1780996) -- Julian Andres Klode <email address hidden> Tue, 10 Jul 2018 21:47:55 +0200
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
gdk-pixbuf (2.36.11-2) unstable; urgency=medium * Team upload [ Emilio Pozuelo Monfort ] * Switch triggers to noawait. [ Simon McVittie ] * Update Vcs-* for move from Alioth svn to Salsa git * debian/gbp.conf: Add * Add patches from upstream to fix crash bugs: - CVE-2017-6312: out-of-bounds read in ico (Closes: #856444) - CVE-2017-6313: integer underflow in icns (Closes: #856445) - CVE-2017-6314: infinite loop in tiff (Closes: #856448) Thanks to Salvatore Bonaccorso for highlighting the relevant commits. -- Simon McVittie <email address hidden> Fri, 16 Mar 2018 10:57:57 +0000
Available diffs
Superseded in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
Obsolete in artful-updates |
Obsolete in artful-security |
gdk-pixbuf (2.36.11-1ubuntu0.1) artful-security; urgency=medium * SECURITY UPDATE: DoS and integer overflow in io-ico.c - debian/patches/CVE-2017-6312.patch: fix potential integer overflow in gdk-pixbuf/io-ico.c. - CVE-2017-6312 * SECURITY UPDATE: DoS and integer underflow in load_resources function - debian/patches/CVE-2017-6313.patch: protect against too short blocklen in gdk-pixbuf/io-icns.c. - CVE-2017-6313 * SECURITY UPDATE: DoS (infinite loop) - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size computation in gdk-pixbuf/io-tiff.c. - CVE-2017-6314 -- <email address hidden> (Leonidas S. Barbosa) Thu, 11 Jan 2018 15:05:48 -0300
Available diffs
gdk-pixbuf (2.32.2-1ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow in gif_get_lzw function - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c. - CVE-2017-1000422 * SECURITY UPDATE: DoS and integer overflow in io-ico.c - debian/patches/CVE-2017-6312.patch: fix potential integer overflow in gdk-pixbuf/io-ico.c. - CVE-2017-6312 * SECURITY UPDATE: DoS and integer underflow in load_resources function - debian/patches/CVE-2017-6313.patch: protect against too short blocklen in gdk-pixbuf/io-icns.c. - CVE-2017-6313 * SECURITY UPDATE: DoS (infinite loop) - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size computation in gdk-pixbuf/io-tiff.c. - CVE-2017-6314 -- <email address hidden> (Leonidas S. Barbosa) Thu, 11 Jan 2018 15:01:31 -0300
Available diffs
gdk-pixbuf (2.30.7-0ubuntu1.8) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow in gif_get_lzw function - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c. - CVE-2017-1000422 * SECURITY UPDATE: DoS and integer overflow in io-ico.c - debian/patches/CVE-2017-6312.patch: fix potential integer overflow in gdk-pixbuf/io-ico.c. - CVE-2017-6312 * SECURITY UPDATE: DoS and integer underflow in load_resources function - debian/patches/CVE-2017-6313.patch: protect against too short blocklen in gdk-pixbuf/io-icns.c. - CVE-2017-6313 * SECURITY UPDATE: DoS (infinite loop) - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size computation in gdk-pixbuf/io-tiff.c. - CVE-2017-6314 -- <email address hidden> (Leonidas S. Barbosa) Thu, 11 Jan 2018 14:47:54 -0300
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
gdk-pixbuf (2.36.11-1) unstable; urgency=medium * New upstream release * debian/copyright: The non-free images have been replaced (thanks Olly Betts!) so drop the Files-Excluded line * Drop git_fix-tiff-build.patch: Applied in new release -- Jeremy Bicha <email address hidden> Mon, 02 Oct 2017 12:36:35 -0400
Available diffs
- diff from 2.36.10-2 to 2.36.11-1 (25.9 KiB)
gdk-pixbuf (2.36.10-2) unstable; urgency=medium * Add git_fix-tiff-build.patch: - Backport patch to fix tiff loader build (LP: #1718526) -- Jeremy Bicha <email address hidden> Wed, 20 Sep 2017 19:04:33 -0400
Available diffs
- diff from 2.36.5-3ubuntu1 (in Ubuntu) to 2.36.10-2 (308.0 KiB)
- diff from 2.36.10-1 to 2.36.10-2 (1.3 KiB)
gdk-pixbuf (2.36.10-1) unstable; urgency=medium [ Jeremy Bicha ] * New upstream release 2.36.9. * Drop obsolete 0001-skip-perturb-for-cve-2015-4491-original-test.patch * debian/libgdk-pixbuf2.0-0.symbols: Add new symbol [ Emilio Pozuelo Monfort ] * New upstream release 2.36.10. - CVE-2017-2862: fix code execution vulnerability in jpeg loader. Closes: #874552. * Switch to copyright format 1.0. * copyright: exclude non-free test ref images. * rules: drop obsolete dh_strip --dbgsym-migration switch. * postinst: make loaders.cache reproducible. Thanks Chris Lamb for the patch. Closes: #875704. -- Emilio Pozuelo Monfort <email address hidden> Tue, 19 Sep 2017 23:39:30 +0200
Available diffs
gdk-pixbuf (2.36.5-3ubuntu1) artful; urgency=medium * SECURITY UPDATE: Integer overflow checks not enough - debian/patches/CVE-2017-2870.patch: checks for integer overflow in multiplication in gdk-pixbuf/io-tiff.c. - CVE-2017-2870 * SECURITY UPDATE: exploitable heap overflow - debian/patches/CVE-2017-2862-part1.patch: Throw error when number of colour components is unsupported in gdk-pixbuf/io-jpeg.c. - debian/patches/CVE-2017-2862-part2.patch: restore grayscale support in gdk-pixbuf/io-jpeg.c - debian/patches/CVE-2017-2862-part3.patch: add test in tests/pixbuf-fail.c. - CVE-2017-2862 * SECURITY UPDATE: context-dependent to cause DoS - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c. - debian/patches/CVE-2017-6311-part2.patch: return an error if the ICO didn't load in gdk-pixbuf/io-ico.c. - CVE-2017-6311 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Sep 2017 18:36:00 -0300
Available diffs
gdk-pixbuf (2.32.2-1ubuntu1.3) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow checks not enough - debian/patch/CVE-2017-2870.patch: checks for integer overflow in multiplication in gdk-pixbuf/io-tiff.c. - CVE-2017-2870 * SECURITY UPDATE: exploitable heap overflow - debian/patches/CVE-2017-2862-part1.patch: Throw error when number of colour components is unsupported in gdk-pixbuf/io-jpeg.c. - debian/patches/CVE-2017-2862-part2.patch: restore grayscale support in gdk-pixbuf/io-jpeg.c * SECURITY UPDATE: context-dependent to cause DoS - debian/patches/CVE-2017-6311.patch: return an error when ICO didn't load in gdk-pixbuf/io-ico.c. - CVE-2017-6311 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Sep 2017 13:38:49 -0300
Available diffs
gdk-pixbuf (2.30.7-0ubuntu1.7) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow checks not enough - debian/patch/CVE-2017-2870.patch: checks for integer overflow in multiplication in gdk-pixbuf/io-tiff.c. - CVE-2017-2870 * SECURITY UPDATE: exploitable heap overflow - debian/patches/CVE-2017-2862-part1.patch: Throw error when number of colour components is unsupported in gdk-pixbuf/io-jpeg.c. - debian/patches/CVE-2017-2862-part2.patch: restore grayscale support in gdk-pixbuf/io-jpeg.c * SECURITY UPDATE: context-dependent to cause DoS - debian/patches/CVE-2017-6311.patch: return an error when ICO didn't load in gdk-pixbuf/io-ico. - CVE-2017-6311 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Sep 2017 11:38:36 -0300
Available diffs
gdk-pixbuf (2.36.5-3ubuntu0.2) zesty-security; urgency=medium * SECURITY UPDATE: Integer overflow checks not enough - debian/patches/CVE-2017-2870.patch: checks for integer overflow in multiplication in gdk-pixbuf/io-tiff.c. - CVE-2017-2870 * SECURITY UPDATE: exploitable heap overflow - debian/patches/CVE-2017-2862-part1.patch: Throw error when number of colour components is unsupported in gdk-pixbuf/io-jpeg.c. - debian/patches/CVE-2017-2862-part2.patch: restore grayscale support in gdk-pixbuf/io-jpeg.c - debian/patches/CVE-2017-2862-part3.patch: add test in tests/pixbuf-fail.c. - CVE-2017-2862 * SECURITY UPDATE: context-dependent to cause DoS - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c. - debian/patches/CVE-2017-6311-part2.patch: return an error if the ICO didn't load in gdk-pixbuf/io-ico.c. - CVE-2017-6311 -- <email address hidden> (Leonidas S. Barbosa) Wed, 13 Sep 2017 16:51:56 -0300
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
gdk-pixbuf (2.36.5-3) experimental; urgency=medium [ Jeremy Bicha ] * Add new libgdk-pixbuf2.0-bin package to install thumbnailer binary and metadata needed by gnome-desktop 3.23 (LP: #1665602) * Have libgdk-pibxuf2.0-0 recommend libgdk-pixbuf2.0-bin * debian/rules: Change dh_install's --list-missing to --fail-missing to catch this issue sooner next time [ Iain Lane ] * debian/rules: Don't use -X.la - it's error prone as it does substring matching instead of globbing. Instead use `find ... -delete' to remove *.la files explicitly. * debian/control.*: Update Vcs-* for branch. -- Jeremy Bicha <email address hidden> Tue, 14 Mar 2017 16:05:47 +0000
Available diffs
gdk-pixbuf (2.36.5-1) experimental; urgency=medium * Branch to experimental - update Vcs-* * New upstream release 2.36.5 + Fix mimetypes for thumbnailer + Handle fseek failure + Fix signed/unsigned handling + Fix an overflow check + Handle extreme scaling better * Bump libglib2.0 BD to 2.48.0, per configure.ac * Try replacing d/p/01-disable-oom-test.patch with d/p/0001-skip-perturb-for-cve-2015-4491-original-test.patch: This should ideally allow the test to be run without OOMing, which is better than not running it at all. (The proper fix is still to be investigated.) -- Iain Lane <email address hidden> Tue, 14 Feb 2017 11:36:07 +0000
Available diffs
- diff from 2.36.5-0ubuntu1 (in Ubuntu) to 2.36.5-1 (2.1 KiB)
- diff from 2.36.4-1 (in Debian) to 2.36.5-1 (241.0 KiB)
Superseded in zesty-proposed |
gdk-pixbuf (2.36.5-0ubuntu1) zesty; urgency=medium * New upstream release (LP: #1664288) -- Jeremy Bicha <email address hidden> Mon, 13 Feb 2017 11:20:38 -0500
Available diffs
gdk-pixbuf (2.36.4-1) unstable; urgency=medium * New upstream release. -- Emilio Pozuelo Monfort <email address hidden> Tue, 17 Jan 2017 00:45:42 +0100
Available diffs
- diff from 2.36.3-1 to 2.36.4-1 (11.8 KiB)
gdk-pixbuf (2.36.3-1) unstable; urgency=medium [ Emilio Pozuelo Monfort ] * New upstream release. -- Iain Lane <email address hidden> Mon, 09 Jan 2017 14:23:04 +0000
Available diffs
- diff from 2.36.0-1ubuntu1 (in Ubuntu) to 2.36.3-1 (119.6 KiB)
- diff from 2.36.2-1 to 2.36.3-1 (24.9 KiB)
gdk-pixbuf (2.36.2-1) unstable; urgency=medium * New upstream release. -- Michael Biebl <email address hidden> Thu, 22 Dec 2016 02:20:02 +0100
Available diffs
gdk-pixbuf (2.36.0-1ubuntu1) zesty; urgency=medium * Sync with Debian (LP: #1643222). Remaining change: - Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as it fails with OOM, or gets OOM killed. * Drop CVE-2016-6352.patch, the fix was applied in new upstream version -- Jeremy Bicha <email address hidden> Sat, 19 Nov 2016 12:50:45 -0500
Available diffs
- diff from 2.34.0-1ubuntu2 to 2.36.0-1ubuntu1 (268.7 KiB)
gdk-pixbuf (2.26.1-1ubuntu1.5) precise-security; urgency=medium * SECURITY UPDATE: Fix a heap-based buffer overflow - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on upstream patches. - CVE-2015-7552 * SECURITY UPDATE: Fix multiple integer overflows - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid overflow when shifting - CVE-2015-8875 -- Emily Ratliff <email address hidden> Wed, 21 Sep 2016 10:14:57 -0500
Available diffs
gdk-pixbuf (2.30.7-0ubuntu1.6) trusty-security; urgency=medium * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico headers. Based on upstream patch. - Thanks to Franco Costantini for discovering this issue using QuickFuzz. - CVE-2016-6352 * SECURITY UPDATE: Fix a heap-based buffer overflow - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on upstream patches. - CVE-2015-7552 * SECURITY UPDATE: Fix multiple integer overflows - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid overflow when shifting - CVE-2015-8875 -- Emily Ratliff <email address hidden> Wed, 21 Sep 2016 09:38:31 -0500
Available diffs
1 → 75 of 172 results | First • Previous • Next • Last |