Ubuntu
gdk-pixbuf package

Change log for gdk-pixbuf package in Ubuntu

175 of 172 results FirstPreviousLast
Published in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular) 
gdk-pixbuf (2.42.12+dfsg-1) unstable; urgency=high

  * Team upload
  * New upstream release
    - Reject malformed .ani files, including one category that can cause
      memory corruption (CVE-2022-48622)
  * d/rules: Keep .ani, .bmp, .icns, .ico, .pnm, .qtif, .tga, .xbm, .xpm
    loaders enabled for now. They are weakly maintained, and no longer
    enabled by default upstream to reduce security exposure, but disabling
    them would be a feature regression, which we shouldn't do in the same
    upload as a security fix.
  * d/rules: Disable miscellaneous loaders for the udeb, which as far as
    we know only needs PNG support
  * d/copyright: Pre-generated HTML documentation no longer needs excluding
  * Set high urgency for security fix

 -- Simon McVittie <email address hidden>  Thu, 16 May 2024 15:25:37 +0100
Superseded in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
gdk-pixbuf (2.42.10+dfsg-3ubuntu3) noble; urgency=medium

  * Rebuild against new libpng16-16t64.

 -- Gianfranco Costamagna <email address hidden>  Tue, 16 Apr 2024 15:33:12 +0200
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
gdk-pixbuf (2.42.10+dfsg-3ubuntu2) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 01:04:18 +0000
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
gdk-pixbuf (2.42.10+dfsg-3ubuntu1) noble; urgency=medium

  * Drop dh-sequence-gnome from Build-Depends

 -- Zixing Liu <email address hidden>  Fri, 08 Mar 2024 15:37:24 -0700
Superseded in noble-proposed 
gdk-pixbuf (2.42.10+dfsg-3build1) noble; urgency=medium

  * No-change rebuild against libpng16-16t64

 -- Steve Langasek <email address hidden>  Thu, 29 Feb 2024 06:36:05 +0000
Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
gdk-pixbuf (2.42.10+dfsg-3) unstable; urgency=medium

  * Team upload
  * d/control, d/rules: Reinstate dh-sequence-gnome, but disable
    control.in.
    Ubuntu uses this sequence to pull in the Ubuntu-specific
    dh_translations.
  * d/control: Add ${gir:Depends} to -dev package
  * d/control: Use ${gir:Provides} instead of hard-coding it.
    gobject-introspection (>= 1.78.1-5~) generates this for us.

 -- Simon McVittie <email address hidden>  Tue, 14 Nov 2023 10:02:24 +0000
Superseded in noble-proposed 
gdk-pixbuf (2.42.10+dfsg-2) unstable; urgency=medium

  * Team upload

  [ Amin Bandali ]
  * Change packaging branch to debian/latest

  [ Simon McVittie ]
  * d/clean: Clean up debian/tmp-udeb/, obj-udeb/ (Closes: #1045013)
  * d/rules: Fix escaped newline.
    No functional change, because the options after the incorrect newline
    were explicitly setting default behaviour anyway.
  * d/.gitignore: Add
  * d/control: Stop generating from a template.
    We don't use any of the other dh-sequence-gnome features (there are no
    libtool archives, and we don't use the gnome:Foo family of substvars)
    so drop the build-dependency on dh-sequence-gnome.
  * d/control: Add Provides on gir1.2-*-dev package names.
    Adding versioned Provides on gir1.2-*-dev corresponding to each GIR XML
    file is a small step towards being able to exclude GObject-Introspection
    with a build-profile when cross-compiling.
    (Helps: #1030223)
  * Remove version constraints unnecessary since bullseye (oldstable)
  * Update standards version to 4.6.2, no changes needed.

 -- Simon McVittie <email address hidden>  Wed, 01 Nov 2023 23:29:20 +0000
Superseded in noble-release
Published in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
gdk-pixbuf (2.42.10+dfsg-1build1) lunar; urgency=medium

  * Rebuild against latest tiff

 -- Jeremy Bicha <email address hidden>  Sat, 04 Feb 2023 07:26:19 -0500
Obsolete in kinetic-updates
Deleted in kinetic-proposed (Reason: moved to -updates) 
gdk-pixbuf (2.42.9+dfsg-1ubuntu1) kinetic; urgency=medium

  * debian/patches/git_jpg_memlimit.patch:
    - increase the new jpg loader memory limitation to 1GB, the 100MB
      value previously used isn't enough for highres images (lp: #1998263)

 -- Sebastien Bacher <email address hidden>  Fri, 13 Jan 2023 12:20:08 +0100
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
gdk-pixbuf (2.42.10+dfsg-1) unstable; urgency=medium

  * Team upload
  * New upstream release
    - Increase memory limit for JPEGs to 1 GiB
  * Update standards version to 4.6.1 (no changes needed)
  * d/upstream/metadata: Update Gitlab URLs

 -- Simon McVittie <email address hidden>  Fri, 18 Nov 2022 19:13:50 +0000

Available diffs

Published in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
gdk-pixbuf (2.42.8+dfsg-1ubuntu0.2) jammy; urgency=medium

  * debian/patches/debian_queryloader_dir.patch:
    - fix the directory referenced for gdk-pixbuf-query-loaders
      in the .pc since that file is moved by the packaging (lp: #1993785)

 -- Sebastien Bacher <email address hidden>  Fri, 21 Oct 2022 09:26:30 +0200
Published in focal-updates
Published in focal-security 
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-Buffer-Overflow
    - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size
      in gdk-pixbuf/lzw.c.
    - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value
      of LZW initial code size in gdk-pixbuf/io-gif.c.
    - debian/patches/CVE-2021-44648-3.patch:  Add tests for GIF files with
      invalid LZW code size in tests/tests-images/fail/* and
      tests/tests-images/gif-test-suite/*.
    - debian/source/include-binaries: add tests binaries to the package
    - CVE-2021-44648

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 07 Sep 2022 12:05:42 -0300
Superseded in jammy-updates
Published in jammy-security 
gdk-pixbuf (2.42.8+dfsg-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap-Buffer-Overflow
    - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size
      in gdk-pixbuf/lzw.c.
    - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value
      of LZW initial code size in gdk-pixbuf/io-gif.c.
    - debian/patches/CVE-2021-44648-3.patch:  Add tests for GIF files with
      invalid LZW code size in tests/tests-images/fail/* and
      tests/tests-images/gif-test-suite/*.
    - debian/source/include-binaries: add tests binaries to the package
    - CVE-2021-44648

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 07 Sep 2022 11:14:12 -0300
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
gdk-pixbuf (2.42.9+dfsg-1) unstable; urgency=medium

  * New upstream release
  * d/rules, d/control.in: Build-depend on python3-docutils for man pages.
    We no longer need docbook DTDs or stylesheets. We still need xsltproc,
    but only if we're building the udeb.
  * d/watch: Update options
  * d/changelog: Remove trailing whitespace
  * d/copyright: Stop excluding gi-docgen, no longer in upstream tarballs
  * d/copyright: Exclude prebuilt documentation when importing tarball
  * debian/patches/debian_queryloader_dir.patch:
    Format patch metadata for gbp pq
  * d/p/tests-Tolerate-either-CORRUPT_IMAGE-or-INSUFFICIENT_MEMOR.patch:
    Add patch to work around test failures with very large JPEG.
    Be less demanding about the exact error behaviour, but instead just
    require there to be an error.

 -- Simon McVittie <email address hidden>  Tue, 16 Aug 2022 11:20:11 +0100

Available diffs

Superseded in focal-updates
Superseded in focal-security 
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overwrite in io-gif-animation.c
    composite_frame() (LP: #1982898)
    - debian/patches/CVE-2021-46829.patch: gif: Check for overflow
      when compositing or clearing frames.
    - CVE-2021-46829

 -- Joshua Peisach <email address hidden>  Tue, 26 Jul 2022 20:42:00 -0400
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
gdk-pixbuf (2.42.8+dfsg-2) unstable; urgency=medium

  * debian/patches/debian_queryloader_dir.patch:
    - fix the directory referenced for gdk-pixbuf-query-loaders 
      in the .pc since that file is moved by the packaging 

 -- Sebastien Bacher <email address hidden>  Wed, 27 Jul 2022 15:23:37 +0200
Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
gdk-pixbuf (2.42.8+dfsg-1) unstable; urgency=medium

  [ Jeremy Bicha ]
  * New upstream release
  * debian/control.in: Loosen dependency on libgdk-pixbuf2.0-common.
    This fixes an issue seen repeatedly in Ubuntu when the amd64 (+all)
    build finishes and is published before one of the other arches starts
    to build.
  * Build-Depend on gi-docgen
  * Build-Depend on dh-sequence-gir & dh-sequence-gnome
  * debian/rules: Update configure flags
  * debian/rules: Drop unneeded -Wl,--as-needed
  * debian/copyright: Use shorter CC0-1.0 text
  * debian/rules: Handle over-aggressive dh_fixperms for installed-tests

  [ Simon McVittie ]
  * Use debhelper compat level 13
    - We can now use debhelper substitutions for DEB_HOST_MULTIARCH in
      d/libgdk-pixbuf-2.0-0.install, rather than using dh-exec.
    - We can now pass `meson test` options to dh_auto_test, which no longer
      uses `ninja test` directly.

 -- Jeremy Bicha <email address hidden>  Mon, 28 Mar 2022 15:44:22 -0400
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
gdk-pixbuf (2.42.6+dfsg-2ubuntu3) jammy; urgency=medium

  * No-change rebuild for ppc64el baseline bump.

 -- Łukasz 'sil2100' Zemczak <email address hidden>  Wed, 23 Mar 2022 14:53:52 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
gdk-pixbuf (2.42.6+dfsg-2ubuntu2) jammy; urgency=medium

  * Build with the release pocket only.

 -- Matthias Klose <email address hidden>  Wed, 20 Oct 2021 16:31:41 +0200
Superseded in jammy-proposed 
gdk-pixbuf (2.42.6+dfsg-2ubuntu1) jammy; urgency=high

  * debian/control.in: Loosen dependency on libgdk-pixbuf2.0-common

 -- Jeremy Bicha <email address hidden>  Tue, 19 Oct 2021 20:02:08 -0400
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
Deleted in impish-proposed (Reason: Moved ot jammy) 
gdk-pixbuf (2.42.6+dfsg-1build3) impish; urgency=medium

  * No-change rebuild to build packages with zstd compression.

 -- Matthias Klose <email address hidden>  Thu, 07 Oct 2021 12:11:52 +0200
Superseded in jammy-proposed 
gdk-pixbuf (2.42.6+dfsg-2) unstable; urgency=medium

  * Team upload
  * Upload to unstable

 -- Simon McVittie <email address hidden>  Sun, 15 Aug 2021 14:39:53 +0100
Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
gdk-pixbuf (2.42.6+dfsg-1build2) impish; urgency=medium

  * Rebuild against release pocket.

 -- Gianfranco Costamagna <email address hidden>  Fri, 04 Jun 2021 11:57:23 +0200
Superseded in impish-proposed 
gdk-pixbuf (2.42.6+dfsg-1) experimental; urgency=medium

  * Team upload
  * New upstream release
  * Drop patches that were applied upstream
  * d/copyright: Exclude pregenerated documentation and fonts from
    .orig.tar.xz
  * d/copyright: Use standalone license paragraphs
  * d/copyright: Update
  * d/README.source: Describe how to update to a new upstream.
    This is not quite the same as other GNOME packages because we have to
    repack the tarball.
  * Build documentation with gi-docgen
    - d/p/gi-docgen/Disable-web-fonts-for-now.patch:
      Disable use of remote or bundled fonts
    - d/p/gi-docgen/templates-Remove-html5shiv.patch:
      Disable use of remote html5shiv
    - d/rules: Use bundled gi-docgen even if it's installed system-wide.
      Until it's declared stable, the upstream recommendation is to vendor
      gi-docgen, which means Policy §4.13 allows an embedded code copy.
  * Build the PNG and JPEG loaders into the library.
    This matches upstream's recommendation: building these loaders in is
    one less thing that can go wrong.
    For the udeb, we previously installed the production library and the
    PNG loader; now we build a separate library that can only load PNGs.
    This means the udeb doesn't actually need loadable modules at all.
    Create an empty loaders.cache file, just to prevent warnings.
  * d/control: Add -dev dependencies on libjpeg-dev, libtiff-dev.
    The pkg-config metadata now depends on these.

 -- Simon McVittie <email address hidden>  Wed, 02 Jun 2021 21:29:21 +0100
Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
gdk-pixbuf (2.42.2+dfsg-1build1) hirsute; urgency=medium

  * No-change rebuild to drop the udeb package.

 -- Matthias Klose <email address hidden>  Mon, 22 Feb 2021 10:33:18 +0100
Obsolete in groovy-updates
Obsolete in groovy-security 
gdk-pixbuf (2.40.0+dfsg-5ubuntu0.2) groovy-security; urgency=medium

  * SECURITY UPDATE: integer underflow in GIF loader
    - debian/patches/CVE-2021-20240.patch: check for overflow in
      gdk-pixbuf/io-gif-animation.c.
    - CVE-2021-20240

 -- Marc Deslauriers <email address hidden>  Thu, 18 Feb 2021 09:39:36 -0500
Superseded in focal-updates
Superseded in focal-security 
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer underflow in GIF loader
    - debian/patches/CVE-2021-20240.patch: check for overflow in
      gdk-pixbuf/io-gif-animation.c.
    - CVE-2021-20240

 -- Marc Deslauriers <email address hidden>  Thu, 18 Feb 2021 09:41:16 -0500
Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
gdk-pixbuf (2.42.2+dfsg-1) unstable; urgency=medium

  * Team upload
  * New upstream release, without the Xlib API
    - Fix infinite loop on invalid LZW codes in the GIF loader
      (Closes: #977166, CVE-2020-29385)
  * d/patches: Update to upstream 2.42.2-6-g89a4cedc
    - Make enum GType registration thread-safe
    - Fix memory leaks in test code
    - Update Romanian translation
  * d/rules: Update Meson parameter names
  * Update versioned build-dependencies
  * d/patches: Change how the test for GNOME#753605 is avoided.
    Instead of deleting the code, which will cause merge conflicts on new
    upstream versions, just skip the test if the non-free file is missing.
  * Stop deleting .la files.
    This package no longer uses libtool, so there are none.
  * d/rules: Don't chmod a file that is no longer shipped
  * Don't try to remove non-determinism from test data.
    Some of the images included with the tests are deliberately malformed.
  * d/patches: Add proposed patches to run all the tests, and make
    them pass
  * d/copyright: Remove information about contrib/, which was removed.
    The former contrib directory from this source package has moved to
    the gdk-pixbuf-xlib source package.

 -- Simon McVittie <email address hidden>  Sat, 12 Dec 2020 22:57:45 +0000
Superseded in groovy-updates
Superseded in groovy-security 
gdk-pixbuf (2.40.0+dfsg-5ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: infinite loop in write_indexes
    - debian/patches/CVE-2020-29385.patch: fix LZW decoder accepting
      invalid LZW code in gdk-pixbuf/lzw.c.
    - CVE-2020-29385

 -- Marc Deslauriers <email address hidden>  Tue, 08 Dec 2020 08:30:38 -0500
Superseded in focal-updates
Superseded in focal-security 
gdk-pixbuf (2.40.0+dfsg-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in write_indexes
    - debian/patches/CVE-2020-29385.patch: fix LZW decoder accepting
      invalid LZW code in gdk-pixbuf/lzw.c.
    - CVE-2020-29385

 -- Marc Deslauriers <email address hidden>  Tue, 08 Dec 2020 08:32:30 -0500
Superseded in hirsute-proposed 
gdk-pixbuf (2.40.0+dfsg-10build2) hirsute; urgency=medium

  * Rebuild against hirsute proposed pocket

 -- Gianfranco Costamagna <email address hidden>  Tue, 08 Dec 2020 13:22:58 +0100
Superseded in hirsute-proposed 
gdk-pixbuf (2.40.0+dfsg-10) unstable; urgency=medium

  * Team upload
  * Release to unstable, without the Xlib API which is now provided by
    src:gdk-pixbuf-xlib (Closes: #974870)

 -- Simon McVittie <email address hidden>  Sun, 06 Dec 2020 13:21:23 +0000

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
gdk-pixbuf (2.40.0+dfsg-8) unstable; urgency=medium

  * Team upload
  * Generate shlibs dependencies without a transitional alternative.
    The libgdk-pixbuf-2.0-0 and libgdk-pixbuf-xlib-2.0-0 packages are now
    available in testing, so we don't need an alternative dependency on
    libgdk-pixbuf2.0-0 for a smooth transition.
    This avoids an apparently-circular dependency between
    libgdk-pixbuf-xlib-2.0-0 and the transitional libgdk-pixbuf2.0-0.
    (Closes: #975904)
  * Standards-Version: 4.5.1 (no changes required)
  * Don't install tests/test-images/fail/file3.jp2 as executable.
    It isn't an executable or script.

 -- Simon McVittie <email address hidden>  Sat, 28 Nov 2020 13:32:25 +0000
Superseded in hirsute-proposed 
gdk-pixbuf (2.40.0+dfsg-7build1) hirsute; urgency=medium

  * Bootstrap from hirsute archive

 -- Gianfranco Costamagna <email address hidden>  Mon, 23 Nov 2020 14:42:41 +0100
Deleted in hirsute-proposed (Reason: remove gdk-pixbuf from proposed, uninstallable) 
gdk-pixbuf (2.40.0+dfsg-7) unstable; urgency=medium

  * Team upload
  * Release to unstable

 -- Simon McVittie <email address hidden>  Sun, 22 Nov 2020 15:45:56 +0000
Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
gdk-pixbuf (2.40.0+dfsg-5) unstable; urgency=medium

  * rules: Don't mangle PNGs in gdk-pixbuf-tests (for Ubuntu)

 -- Iain Lane <email address hidden>  Mon, 01 Jun 2020 17:05:16 +0100
Superseded in groovy-proposed 
gdk-pixbuf (2.40.0+dfsg-4build4) groovy; urgency=medium

  * No change rebuild. The resources embedded in the test binaries in that
    package appear to be incomplete (missing ICC profile in PNG images for
    example).

 -- Iain Lane <email address hidden>  Mon, 01 Jun 2020 15:43:24 +0100
Superseded in groovy-proposed 
gdk-pixbuf (2.40.0+dfsg-4build3) groovy; urgency=medium

  * Rebuild against bootstrapped gdk-pixbuf

 -- Gianfranco Costamagna <email address hidden>  Tue, 28 Apr 2020 19:46:04 +0200
Superseded in groovy-proposed 
gdk-pixbuf (2.40.0+dfsg-4build2) groovy; urgency=medium

  * Rebuild against bootstrapped gdk-pixbuf

 -- Gianfranco Costamagna <email address hidden>  Tue, 28 Apr 2020 19:46:04 +0200
Superseded in groovy-proposed 
gdk-pixbuf (2.40.0+dfsg-4) unstable; urgency=medium

  * Do not rebuild the documentation when it's not necessary
  * debian/control.in: Bump Standards-Version to 4.5.0
  * Ship the installed tests and run them in the dep8 tests

 -- Laurent Bigonville <email address hidden>  Wed, 08 Apr 2020 14:34:38 +0200
Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
gdk-pixbuf (2.40.0+dfsg-3) unstable; urgency=medium

  * debian/rules: Make the tests non-fatal on kfreebsd-amd64

 -- Laurent Bigonville <email address hidden>  Sun, 08 Mar 2020 18:35:39 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
gdk-pixbuf (2.40.0+dfsg-2) unstable; urgency=medium

  * Team upload
  * d/tests/build: Mark as superficial
  * d/tests/build: Make autopkgtest cross-test-friendly.
    Use an appropriate cross-compiler and cross-pkg-config when using
    proposed autopkgtest cross-testing support.
    Thanks to Steve Langasek. (Closes: #946374)
  * d/tests/build: Fail on references to unset variables
  * d/tests/build: Fix shellcheck warnings
  * Bump Standards-Version to 4.4.1

 -- Simon McVittie <email address hidden>  Thu, 26 Dec 2019 16:33:27 +0000
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
gdk-pixbuf (2.40.0+dfsg-1ubuntu1) focal; urgency=medium

  * Make autopkgtests cross-test-friendly.

 -- Steve Langasek <email address hidden>  Sat, 07 Dec 2019 16:54:54 -0800
Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to Release) 
gdk-pixbuf (2.40.0+dfsg-1build1) eoan; urgency=medium

  * No-change rebuild to avoid ABI dependency on now-removed glib2.0

 -- Adam Conrad <email address hidden>  Mon, 14 Oct 2019 02:14:10 -0600
Superseded in eoan-proposed 
gdk-pixbuf (2.40.0+dfsg-1) unstable; urgency=medium

  * New upstream release

  [ Simon McVittie ]
  * Re-import upstream source code with non-free test data excluded
  * d/gbp.conf: Disable automatic merging of upstream VCS tags.
    This doesn't work well with +dfsg versions.

 -- Sebastien Bacher <email address hidden>  Thu, 10 Oct 2019 17:38:01 +0200

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gdk-pixbuf (2.39.2-3) experimental; urgency=medium

  * debian/rules:
    - use dh_missing --fail-missing

 -- Sebastien Bacher <email address hidden>  Wed, 14 Aug 2019 21:40:38 +0200

Available diffs

Published in xenial-updates
Published in xenial-security 
gdk-pixbuf (2.32.2-1ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: stack corruption via crafted file folder
    - debian/patches/CVE-2017-12447-1.patch: reject bogus depth in
      gdk-pixbuf/io-bmp.c.
    - debian/patches/CVE-2017-12447-2.patch: reject impossible palette
      size in gdk-pixbuf/io-bmp.c.
    - CVE-2017-12447

 -- Marc Deslauriers <email address hidden>  Wed, 20 Mar 2019 11:43:33 -0400
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release) 
gdk-pixbuf (2.38.1+dfsg-1) unstable; urgency=medium

  * New upstream release
    - Add variables in the pkg-config files for binary utilities
    - Fix error handling in PNG loader
    - Fix introspection generation
    - Fix OOM in JPEG2000 loader
    - Fix thumbnailing of animated GIFs
    - Improve reproducibility of the build
    - Multiple improvements to the GIF loader
    - Speed up saving PNG files
  * Drop upstream patches.
     - Use-basename-instead-of-filename.patch,
       build-Include-gdk-pixdata.c-when-building-GdkPixbuf-2.0.g.patch:
       Included in this release

 -- Iain Lane <email address hidden>  Mon, 04 Mar 2019 14:31:35 +0000

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release) 
gdk-pixbuf (2.38.0+dfsg-7) unstable; urgency=medium

  * debian/rules: Stop including gnome-get-source.mk, use uscan instead
  * debian/libgdk-pixbuf2.0-0.symbols: Set Build-Depends-Package
  * Add -Wl,-O1 -Wl,-z,defs -Wl,--as-needed to our LDFLAGS
  * Enable all hardening flags
  * Bump Standards-Version to 4.3.0

 -- Jeremy Bicha <email address hidden>  Sun, 23 Dec 2018 22:44:55 -0500

Available diffs

Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
gdk-pixbuf (2.38.0+dfsg-6) unstable; urgency=medium

  * Team upload
  * gir1.2-gdkpixbuf-2.0 Breaks: libgtk3-perl (<< 0.034-2~), to avoid
    #908323 being reported as an autopkgtest regression in gtk+3.0
  * d/watch: Use dversionmangle to remove +dfsg suffix (thanks, Lintian)
  * d/copyright: Correct syntax for matching
    contrib/gdk-pixbuf-xlib/gdk-pixbuf-xlibrgb.?. Machine-readable
    copyright file format supports * and ? wildcards, but not [ch].
  * d/copyright: Remove stanzas for files that are no longer included
  * Enable bindnow linker hardening
  * gir1.2-gdkpixbuf-2.0 Provides gir1.2-gdkpixdata-2.0, to reflect its
    contents
    - Remove lintian overrides that are no longer necessary

 -- Simon McVittie <email address hidden>  Wed, 19 Sep 2018 11:57:58 +0100

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
gdk-pixbuf (2.38.0+dfsg-5) unstable; urgency=medium

  [ Jeremy Bicha ]
  * debian/rules: Use meson test --print-errorlogs
    dh_auto_test normally does that for us

  [ Iain Lane ]
  * Add new patch to include gdk-pixdata.c when building the GdkPixbuf gir.
    This fixes broken introspection metadata that at least would have broken
    libgtk3-perl. (Closes: #908673)

 -- Iain Lane <email address hidden>  Thu, 13 Sep 2018 12:50:53 +0100

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
gdk-pixbuf (2.38.0+dfsg-4) unstable; urgency=medium

  [ Jeremy Bicha ]
  * Update debian/gbp.conf
  * debian/libgdk-pixbuf2.0-0.install: Use ${DEB_HOST_MULTIARCH} less.
    Thanks lintian.

  [ John Paul Adrian Glaubitz ]
  * debian/rules: Have dh_auto_test override honor nocheck (Closes: #908373)

  [ Chris Lamb ]
  * Add Use-basename-instead-of-filename.patch:
    - Proposed patch for reproducible builds and multi-arch co-installability
      (Closes: #908309)

 -- Jeremy Bicha <email address hidden>  Sun, 09 Sep 2018 08:12:01 -0400

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.12-2) unstable; urgency=medium

  * Team upload

  [ Hugh McMaster ]
  * Move gdk-pixbuf-csource and gdk-pixbuf-pixdata into
    libgdk-pixbuf2.0-bin (Closes: #876183, #882785).
  * Update the package description for libgdk-pixbuf2.0-bin.
  * Mark libgdk-pixbuf2.0-dev Multi-Arch: same (Closes: #689125).

  [ Simon McVittie ]
  * Update versioned Breaks/Replaces
  * Remove /usr/bin/gdk-pixbuf-query-loaders symlink from -dev package.
    It has architecture-dependent output and breaks Multi-Arch: same
    co-installability. Debian packages do not seem to rely on this tool
    being in PATH.
  * d/copyright: Update

 -- Simon McVittie <email address hidden>  Tue, 21 Aug 2018 15:15:42 +0100

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.12-1) unstable; urgency=medium

  * Team upload
  * New upstream release
    - Drop all patches, applied upstream
  * d/copyright: Mention gtk-doc.make and m4/gtk-doc.m4
  * d/p/Remove-test-for-GNOME-753605.patch:
    Patch out test for GNOME#753605. It relies on non-free test data
    (that is malformed in the right way to exhibit the bug), which was
    not included in the upstream 2.36.12 tarball.
    (Note to future maintainers: when packaging versions
    2.37+ please check that the non-free file is not included.)
  * Set Rules-Requires-Root to no
  * Standards-Version: 4.1.5 (no changes required)
  * Use debhelper 11 compat level
  * d/copyright: Correct syntax
  * Upgrade udeb from deprecated priority extra to optional
  * Remove ineffective lintian override for the udeb
  * d/libgdk-pixbuf2.0-0.lintian-overrides: Document non-SONAME-based
    package name

 -- Simon McVittie <email address hidden>  Thu, 26 Jul 2018 10:44:54 +0100

Available diffs

Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates) 
gdk-pixbuf (2.32.2-1ubuntu1.5) xenial; urgency=medium

  * Convert triggers to noawait (LP: #1780996)

 -- Julian Andres Klode <email address hidden>  Tue, 10 Jul 2018 21:47:55 +0200
Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.11-2) unstable; urgency=medium

  * Team upload

  [ Emilio Pozuelo Monfort ]
  * Switch triggers to noawait.

  [ Simon McVittie ]
  * Update Vcs-* for move from Alioth svn to Salsa git
  * debian/gbp.conf: Add
  * Add patches from upstream to fix crash bugs:
    - CVE-2017-6312: out-of-bounds read in ico (Closes: #856444)
    - CVE-2017-6313: integer underflow in icns (Closes: #856445)
    - CVE-2017-6314: infinite loop in tiff (Closes: #856448)
    Thanks to Salvatore Bonaccorso for highlighting the relevant commits.

 -- Simon McVittie <email address hidden>  Fri, 16 Mar 2018 10:57:57 +0000
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
Obsolete in artful-updates
Obsolete in artful-security 
gdk-pixbuf (2.36.11-1ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 11 Jan 2018 15:05:48 -0300
Superseded in xenial-updates
Superseded in xenial-security 
gdk-pixbuf (2.32.2-1ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gif_get_lzw function
    - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
    - CVE-2017-1000422
  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 11 Jan 2018 15:01:31 -0300
Published in trusty-updates
Published in trusty-security 
gdk-pixbuf (2.30.7-0ubuntu1.8) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gif_get_lzw function
    - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
    - CVE-2017-1000422
  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 11 Jan 2018 14:47:54 -0300
Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.11-1) unstable; urgency=medium

  * New upstream release
  * debian/copyright: The non-free images have been replaced
    (thanks Olly Betts!) so drop the Files-Excluded line
  * Drop git_fix-tiff-build.patch: Applied in new release

 -- Jeremy Bicha <email address hidden>  Mon, 02 Oct 2017 12:36:35 -0400

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.10-2) unstable; urgency=medium

  * Add git_fix-tiff-build.patch:
    - Backport patch to fix tiff loader build (LP: #1718526)

 -- Jeremy Bicha <email address hidden>  Wed, 20 Sep 2017 19:04:33 -0400
Superseded in artful-proposed 
gdk-pixbuf (2.36.10-1) unstable; urgency=medium

  [ Jeremy Bicha ]
  * New upstream release 2.36.9.
  * Drop obsolete 0001-skip-perturb-for-cve-2015-4491-original-test.patch
  * debian/libgdk-pixbuf2.0-0.symbols: Add new symbol

  [ Emilio Pozuelo Monfort ]
  * New upstream release 2.36.10.
    - CVE-2017-2862: fix code execution vulnerability in jpeg loader.
      Closes: #874552.
  * Switch to copyright format 1.0.
  * copyright: exclude non-free test ref images.
  * rules: drop obsolete dh_strip --dbgsym-migration switch.
  * postinst: make loaders.cache reproducible. Thanks Chris Lamb for the
    patch. Closes: #875704.

 -- Emilio Pozuelo Monfort <email address hidden>  Tue, 19 Sep 2017 23:39:30 +0200
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.5-3ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patches/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
    - debian/patches/CVE-2017-2862-part3.patch: add test in
      tests/pixbuf-fail.c.
    - CVE-2017-2862
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
      a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
    - debian/patches/CVE-2017-6311-part2.patch: return an error if the
      ICO didn't load in gdk-pixbuf/io-ico.c.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 14 Sep 2017 18:36:00 -0300
Superseded in xenial-updates
Superseded in xenial-security 
gdk-pixbuf (2.32.2-1ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patch/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311.patch: return an error when ICO
      didn't load in gdk-pixbuf/io-ico.c.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 14 Sep 2017 13:38:49 -0300
Superseded in trusty-updates
Superseded in trusty-security 
gdk-pixbuf (2.30.7-0ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patch/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311.patch: return an error when ICO didn't
      load in gdk-pixbuf/io-ico.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 14 Sep 2017 11:38:36 -0300
Obsolete in zesty-updates
Obsolete in zesty-security 
gdk-pixbuf (2.36.5-3ubuntu0.2) zesty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patches/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
    - debian/patches/CVE-2017-2862-part3.patch: add test in
      tests/pixbuf-fail.c.
    - CVE-2017-2862
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
      a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
    - debian/patches/CVE-2017-6311-part2.patch: return an error if the
      ICO didn't load in gdk-pixbuf/io-ico.c.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 13 Sep 2017 16:51:56 -0300
Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.5-3) experimental; urgency=medium

  [ Jeremy Bicha ]
  * Add new libgdk-pixbuf2.0-bin package to install thumbnailer
    binary and metadata needed by gnome-desktop 3.23 (LP: #1665602)
  * Have libgdk-pibxuf2.0-0 recommend libgdk-pixbuf2.0-bin
  * debian/rules: Change dh_install's --list-missing to --fail-missing to
    catch this issue sooner next time

  [ Iain Lane ]
  * debian/rules: Don't use -X.la - it's error prone as it does substring
    matching instead of globbing. Instead use `find ... -delete' to remove
    *.la files explicitly.
  * debian/control.*: Update Vcs-* for branch.

 -- Jeremy Bicha <email address hidden>  Tue, 14 Mar 2017 16:05:47 +0000
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.5-1) experimental; urgency=medium

  * Branch to experimental - update Vcs-*
  * New upstream release 2.36.5
    + Fix mimetypes for thumbnailer
    + Handle fseek failure
    + Fix signed/unsigned handling
    + Fix an overflow check
    + Handle extreme scaling better
  * Bump libglib2.0 BD to 2.48.0, per configure.ac
  * Try replacing d/p/01-disable-oom-test.patch with
    d/p/0001-skip-perturb-for-cve-2015-4491-original-test.patch: This should
    ideally allow the test to be run without OOMing, which is better than not
    running it at all. (The proper fix is still to be investigated.)

 -- Iain Lane <email address hidden>  Tue, 14 Feb 2017 11:36:07 +0000
Superseded in zesty-proposed 
gdk-pixbuf (2.36.5-0ubuntu1) zesty; urgency=medium

  * New upstream release (LP: #1664288)

 -- Jeremy Bicha <email address hidden>  Mon, 13 Feb 2017 11:20:38 -0500
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.4-1) unstable; urgency=medium

  * New upstream release.

 -- Emilio Pozuelo Monfort <email address hidden>  Tue, 17 Jan 2017 00:45:42 +0100

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.3-1) unstable; urgency=medium

  [ Emilio Pozuelo Monfort ]
  * New upstream release.

 -- Iain Lane <email address hidden>  Mon, 09 Jan 2017 14:23:04 +0000
Superseded in zesty-proposed 
gdk-pixbuf (2.36.2-1) unstable; urgency=medium

  * New upstream release.

 -- Michael Biebl <email address hidden>  Thu, 22 Dec 2016 02:20:02 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gdk-pixbuf (2.36.0-1ubuntu1) zesty; urgency=medium

  * Sync with Debian (LP: #1643222). Remaining change:
    - Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as
      it fails with OOM, or gets OOM killed.
  * Drop CVE-2016-6352.patch, the fix was applied in new upstream version

 -- Jeremy Bicha <email address hidden>  Sat, 19 Nov 2016 12:50:45 -0500

Available diffs

Published in precise-updates
Published in precise-security 
gdk-pixbuf (2.26.1-1ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Fix a heap-based buffer overflow
    - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on
      upstream patches.
    - CVE-2015-7552
  * SECURITY UPDATE: Fix multiple integer overflows
    - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid
      overflow when shifting
    - CVE-2015-8875

 -- Emily Ratliff <email address hidden>  Wed, 21 Sep 2016 10:14:57 -0500
Superseded in trusty-updates
Superseded in trusty-security 
gdk-pixbuf (2.30.7-0ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
    - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
      headers. Based on upstream patch.
    - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
    - CVE-2016-6352
  * SECURITY UPDATE: Fix a heap-based buffer overflow
    - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on
      upstream patches.
    - CVE-2015-7552
  * SECURITY UPDATE: Fix multiple integer overflows
    - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid
      overflow when shifting
    - CVE-2015-8875

 -- Emily Ratliff <email address hidden>  Wed, 21 Sep 2016 09:38:31 -0500
175 of 172 results FirstPreviousLast