gdk-pixbuf (2.42.8+dfsg-1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: heap memory corruption
- debian/patches/CVE-2022-48622-*.patch: adds checks for invalid ani files
to gdk-pixbuf/io-ani.c.
- tests/tests-images/fail/CVE-2022-48622.ani: test file.
- debian/source/include-binaries: including binary test file.
- CVE-2022-48622
-- Ian Constantin <ian.constantin@canonical.com> Mon, 03 Jun 2024 19:40:54 +0300
gdk-pixbuf (2.42.8+dfsg-1ubuntu0.2) jammy; urgency=medium
* debian/patches/debian_queryloader_dir.patch:
- fix the directory referenced for gdk-pixbuf-query-loaders
in the .pc since that file is moved by the packaging (lp: #1993785)
-- Sebastien Bacher <seb128@ubuntu.com> Fri, 21 Oct 2022 09:26:30 +0200
gdk-pixbuf (2.42.8+dfsg-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Heap-Buffer-Overflow
- debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size
in gdk-pixbuf/lzw.c.
- debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value
of LZW initial code size in gdk-pixbuf/io-gif.c.
- debian/patches/CVE-2021-44648-3.patch: Add tests for GIF files with
invalid LZW code size in tests/tests-images/fail/* and
tests/tests-images/gif-test-suite/*.
- debian/source/include-binaries: add tests binaries to the package
- CVE-2021-44648
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 07 Sep 2022 11:14:12 -0300
gdk-pixbuf (2.42.8+dfsg-1) unstable; urgency=medium
[ Jeremy Bicha ]
* New upstream release
* debian/control.in: Loosen dependency on libgdk-pixbuf2.0-common.
This fixes an issue seen repeatedly in Ubuntu when the amd64 (+all)
build finishes and is published before one of the other arches starts
to build.
* Build-Depend on gi-docgen
* Build-Depend on dh-sequence-gir & dh-sequence-gnome
* debian/rules: Update configure flags
* debian/rules: Drop unneeded -Wl,--as-needed
* debian/copyright: Use shorter CC0-1.0 text
* debian/rules: Handle over-aggressive dh_fixperms for installed-tests
[ Simon McVittie ]
* Use debhelper compat level 13
- We can now use debhelper substitutions for DEB_HOST_MULTIARCH in
d/libgdk-pixbuf-2.0-0.install, rather than using dh-exec.
- We can now pass `meson test` options to dh_auto_test, which no longer
uses `ninja test` directly.
-- Jeremy Bicha <jbicha@ubuntu.com> Mon, 28 Mar 2022 15:44:22 -0400
gdk-pixbuf (2.42.6+dfsg-2) unstable; urgency=medium
* Team upload
* Upload to unstable
-- Simon McVittie <smcv@debian.org> Sun, 15 Aug 2021 14:39:53 +0100
gdk-pixbuf (2.42.6+dfsg-1) experimental; urgency=medium
* Team upload
* New upstream release
* Drop patches that were applied upstream
* d/copyright: Exclude pregenerated documentation and fonts from
.orig.tar.xz
* d/copyright: Use standalone license paragraphs
* d/copyright: Update
* d/README.source: Describe how to update to a new upstream.
This is not quite the same as other GNOME packages because we have to
repack the tarball.
* Build documentation with gi-docgen
- d/p/gi-docgen/Disable-web-fonts-for-now.patch:
Disable use of remote or bundled fonts
- d/p/gi-docgen/templates-Remove-html5shiv.patch:
Disable use of remote html5shiv
- d/rules: Use bundled gi-docgen even if it's installed system-wide.
Until it's declared stable, the upstream recommendation is to vendor
gi-docgen, which means Policy ยง4.13 allows an embedded code copy.
* Build the PNG and JPEG loaders into the library.
This matches upstream's recommendation: building these loaders in is
one less thing that can go wrong.
For the udeb, we previously installed the production library and the
PNG loader; now we build a separate library that can only load PNGs.
This means the udeb doesn't actually need loadable modules at all.
Create an empty loaders.cache file, just to prevent warnings.
* d/control: Add -dev dependencies on libjpeg-dev, libtiff-dev.
The pkg-config metadata now depends on these.
-- Simon McVittie <smcv@debian.org> Wed, 02 Jun 2021 21:29:21 +0100
gdk-pixbuf (2.42.2+dfsg-1) unstable; urgency=medium
* Team upload
* New upstream release, without the Xlib API
- Fix infinite loop on invalid LZW codes in the GIF loader
(Closes: #977166, CVE-2020-29385)
* d/patches: Update to upstream 2.42.2-6-g89a4cedc
- Make enum GType registration thread-safe
- Fix memory leaks in test code
- Update Romanian translation
* d/rules: Update Meson parameter names
* Update versioned build-dependencies
* d/patches: Change how the test for GNOME#753605 is avoided.
Instead of deleting the code, which will cause merge conflicts on new
upstream versions, just skip the test if the non-free file is missing.
* Stop deleting .la files.
This package no longer uses libtool, so there are none.
* d/rules: Don't chmod a file that is no longer shipped
* Don't try to remove non-determinism from test data.
Some of the images included with the tests are deliberately malformed.
* d/patches: Add proposed patches to run all the tests, and make
them pass
* d/copyright: Remove information about contrib/, which was removed.
The former contrib directory from this source package has moved to
the gdk-pixbuf-xlib source package.
-- Simon McVittie <smcv@debian.org> Sat, 12 Dec 2020 22:57:45 +0000
gdk-pixbuf (2.40.0+dfsg-10) unstable; urgency=medium
* Team upload
* Release to unstable, without the Xlib API which is now provided by
src:gdk-pixbuf-xlib (Closes: #974870)
-- Simon McVittie <smcv@debian.org> Sun, 06 Dec 2020 13:21:23 +0000
gdk-pixbuf (2.40.0+dfsg-9) experimental; urgency=medium
* Team upload
* Branch for experimental again
* Drop gdk-pixbuf-xlib binary packages.
These will be taken over by a new src:gdk-pixbuf-xlib binary package
when it gets through NEW.
-- Simon McVittie <smcv@debian.org> Sat, 28 Nov 2020 15:27:13 +0000
gdk-pixbuf (2.40.0+dfsg-8) unstable; urgency=medium
* Team upload
* Generate shlibs dependencies without a transitional alternative.
The libgdk-pixbuf-2.0-0 and libgdk-pixbuf-xlib-2.0-0 packages are now
available in testing, so we don't need an alternative dependency on
libgdk-pixbuf2.0-0 for a smooth transition.
This avoids an apparently-circular dependency between
libgdk-pixbuf-xlib-2.0-0 and the transitional libgdk-pixbuf2.0-0.
(Closes: #975904)
* Standards-Version: 4.5.1 (no changes required)
* Don't install tests/test-images/fail/file3.jp2 as executable.
It isn't an executable or script.
-- Simon McVittie <smcv@debian.org> Sat, 28 Nov 2020 13:32:25 +0000
# For older changelog entries, run 'apt-get changelog libgdk-pixbuf2.0-common'
Generated by dwww version 1.14 on Thu Jan 23 03:33:28 CET 2025.