Change log for gdk-pixbuf package in Ubuntu

175 of 126 results
Published in xenial-updates on 2019-03-20
Published in xenial-security on 2019-03-20
gdk-pixbuf (2.32.2-1ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: stack corruption via crafted file folder
    - debian/patches/CVE-2017-12447-1.patch: reject bogus depth in
      gdk-pixbuf/io-bmp.c.
    - debian/patches/CVE-2017-12447-2.patch: reject impossible palette
      size in gdk-pixbuf/io-bmp.c.
    - CVE-2017-12447

 -- Marc Deslauriers <email address hidden>  Wed, 20 Mar 2019 11:43:33 -0400
Published in disco-release on 2019-03-06
Deleted in disco-proposed (Reason: moved to release)
gdk-pixbuf (2.38.1+dfsg-1) unstable; urgency=medium

  * New upstream release
    - Add variables in the pkg-config files for binary utilities
    - Fix error handling in PNG loader
    - Fix introspection generation
    - Fix OOM in JPEG2000 loader
    - Fix thumbnailing of animated GIFs
    - Improve reproducibility of the build
    - Multiple improvements to the GIF loader
    - Speed up saving PNG files
  * Drop upstream patches.
     - Use-basename-instead-of-filename.patch,
       build-Include-gdk-pixdata.c-when-building-GdkPixbuf-2.0.g.patch:
       Included in this release

 -- Iain Lane <email address hidden>  Mon, 04 Mar 2019 14:31:35 +0000

Available diffs

Superseded in disco-release on 2019-03-06
Deleted in disco-proposed on 2019-03-07 (Reason: moved to release)
gdk-pixbuf (2.38.0+dfsg-7) unstable; urgency=medium

  * debian/rules: Stop including gnome-get-source.mk, use uscan instead
  * debian/libgdk-pixbuf2.0-0.symbols: Set Build-Depends-Package
  * Add -Wl,-O1 -Wl,-z,defs -Wl,--as-needed to our LDFLAGS
  * Enable all hardening flags
  * Bump Standards-Version to 4.3.0

 -- Jeremy Bicha <email address hidden>  Sun, 23 Dec 2018 22:44:55 -0500

Available diffs

Superseded in disco-release on 2018-12-25
Published in cosmic-release on 2018-09-22
Deleted in cosmic-proposed (Reason: moved to release)
gdk-pixbuf (2.38.0+dfsg-6) unstable; urgency=medium

  * Team upload
  * gir1.2-gdkpixbuf-2.0 Breaks: libgtk3-perl (<< 0.034-2~), to avoid
    #908323 being reported as an autopkgtest regression in gtk+3.0
  * d/watch: Use dversionmangle to remove +dfsg suffix (thanks, Lintian)
  * d/copyright: Correct syntax for matching
    contrib/gdk-pixbuf-xlib/gdk-pixbuf-xlibrgb.?. Machine-readable
    copyright file format supports * and ? wildcards, but not [ch].
  * d/copyright: Remove stanzas for files that are no longer included
  * Enable bindnow linker hardening
  * gir1.2-gdkpixbuf-2.0 Provides gir1.2-gdkpixdata-2.0, to reflect its
    contents
    - Remove lintian overrides that are no longer necessary

 -- Simon McVittie <email address hidden>  Wed, 19 Sep 2018 11:57:58 +0100

Available diffs

Superseded in cosmic-release on 2018-09-22
Deleted in cosmic-proposed on 2018-09-23 (Reason: moved to release)
gdk-pixbuf (2.38.0+dfsg-5) unstable; urgency=medium

  [ Jeremy Bicha ]
  * debian/rules: Use meson test --print-errorlogs
    dh_auto_test normally does that for us

  [ Iain Lane ]
  * Add new patch to include gdk-pixdata.c when building the GdkPixbuf gir.
    This fixes broken introspection metadata that at least would have broken
    libgtk3-perl. (Closes: #908673)

 -- Iain Lane <email address hidden>  Thu, 13 Sep 2018 12:50:53 +0100

Available diffs

Superseded in cosmic-release on 2018-09-15
Deleted in cosmic-proposed on 2018-09-17 (Reason: moved to release)
gdk-pixbuf (2.38.0+dfsg-4) unstable; urgency=medium

  [ Jeremy Bicha ]
  * Update debian/gbp.conf
  * debian/libgdk-pixbuf2.0-0.install: Use ${DEB_HOST_MULTIARCH} less.
    Thanks lintian.

  [ John Paul Adrian Glaubitz ]
  * debian/rules: Have dh_auto_test override honor nocheck (Closes: #908373)

  [ Chris Lamb ]
  * Add Use-basename-instead-of-filename.patch:
    - Proposed patch for reproducible builds and multi-arch co-installability
      (Closes: #908309)

 -- Jeremy Bicha <email address hidden>  Sun, 09 Sep 2018 08:12:01 -0400

Available diffs

Superseded in cosmic-release on 2018-09-10
Deleted in cosmic-proposed on 2018-09-11 (Reason: moved to release)
gdk-pixbuf (2.36.12-2) unstable; urgency=medium

  * Team upload

  [ Hugh McMaster ]
  * Move gdk-pixbuf-csource and gdk-pixbuf-pixdata into
    libgdk-pixbuf2.0-bin (Closes: #876183, #882785).
  * Update the package description for libgdk-pixbuf2.0-bin.
  * Mark libgdk-pixbuf2.0-dev Multi-Arch: same (Closes: #689125).

  [ Simon McVittie ]
  * Update versioned Breaks/Replaces
  * Remove /usr/bin/gdk-pixbuf-query-loaders symlink from -dev package.
    It has architecture-dependent output and breaks Multi-Arch: same
    co-installability. Debian packages do not seem to rely on this tool
    being in PATH.
  * d/copyright: Update

 -- Simon McVittie <email address hidden>  Tue, 21 Aug 2018 15:15:42 +0100

Available diffs

Superseded in cosmic-release on 2018-08-26
Deleted in cosmic-proposed on 2018-08-27 (Reason: moved to release)
gdk-pixbuf (2.36.12-1) unstable; urgency=medium

  * Team upload
  * New upstream release
    - Drop all patches, applied upstream
  * d/copyright: Mention gtk-doc.make and m4/gtk-doc.m4
  * d/p/Remove-test-for-GNOME-753605.patch:
    Patch out test for GNOME#753605. It relies on non-free test data
    (that is malformed in the right way to exhibit the bug), which was
    not included in the upstream 2.36.12 tarball.
    (Note to future maintainers: when packaging versions
    2.37+ please check that the non-free file is not included.)
  * Set Rules-Requires-Root to no
  * Standards-Version: 4.1.5 (no changes required)
  * Use debhelper 11 compat level
  * d/copyright: Correct syntax
  * Upgrade udeb from deprecated priority extra to optional
  * Remove ineffective lintian override for the udeb
  * d/libgdk-pixbuf2.0-0.lintian-overrides: Document non-SONAME-based
    package name

 -- Simon McVittie <email address hidden>  Thu, 26 Jul 2018 10:44:54 +0100

Available diffs

Superseded in xenial-updates on 2019-03-20
Deleted in xenial-proposed on 2019-03-22 (Reason: moved to -updates)
gdk-pixbuf (2.32.2-1ubuntu1.5) xenial; urgency=medium

  * Convert triggers to noawait (LP: #1780996)

 -- Julian Andres Klode <email address hidden>  Tue, 10 Jul 2018 21:47:55 +0200
Superseded in cosmic-release on 2018-07-26
Published in bionic-release on 2018-03-23
Deleted in bionic-proposed (Reason: moved to release)
gdk-pixbuf (2.36.11-2) unstable; urgency=medium

  * Team upload

  [ Emilio Pozuelo Monfort ]
  * Switch triggers to noawait.

  [ Simon McVittie ]
  * Update Vcs-* for move from Alioth svn to Salsa git
  * debian/gbp.conf: Add
  * Add patches from upstream to fix crash bugs:
    - CVE-2017-6312: out-of-bounds read in ico (Closes: #856444)
    - CVE-2017-6313: integer underflow in icns (Closes: #856445)
    - CVE-2017-6314: infinite loop in tiff (Closes: #856448)
    Thanks to Salvatore Bonaccorso for highlighting the relevant commits.

 -- Simon McVittie <email address hidden>  Fri, 16 Mar 2018 10:57:57 +0000
Superseded in bionic-release on 2018-03-23
Deleted in bionic-proposed (Reason: moved to release)
Published in artful-updates on 2018-01-15
Published in artful-security on 2018-01-15
gdk-pixbuf (2.36.11-1ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 11 Jan 2018 15:05:48 -0300
Superseded in xenial-updates on 2018-07-26
Superseded in xenial-security on 2019-03-20
gdk-pixbuf (2.32.2-1ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gif_get_lzw function
    - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
    - CVE-2017-1000422
  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 11 Jan 2018 15:01:31 -0300
Published in trusty-updates on 2018-01-15
Published in trusty-security on 2018-01-15
gdk-pixbuf (2.30.7-0ubuntu1.8) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gif_get_lzw function
    - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
    - CVE-2017-1000422
  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 11 Jan 2018 14:47:54 -0300
Superseded in bionic-release on 2018-03-16
Published in artful-release on 2017-10-04
Deleted in artful-proposed (Reason: moved to release)
gdk-pixbuf (2.36.11-1) unstable; urgency=medium

  * New upstream release
  * debian/copyright: The non-free images have been replaced
    (thanks Olly Betts!) so drop the Files-Excluded line
  * Drop git_fix-tiff-build.patch: Applied in new release

 -- Jeremy Bicha <email address hidden>  Mon, 02 Oct 2017 12:36:35 -0400

Available diffs

Superseded in artful-release on 2017-10-04
Deleted in artful-proposed on 2017-10-05 (Reason: moved to release)
gdk-pixbuf (2.36.10-2) unstable; urgency=medium

  * Add git_fix-tiff-build.patch:
    - Backport patch to fix tiff loader build (LP: #1718526)

 -- Jeremy Bicha <email address hidden>  Wed, 20 Sep 2017 19:04:33 -0400
Superseded in artful-proposed on 2017-09-21
gdk-pixbuf (2.36.10-1) unstable; urgency=medium

  [ Jeremy Bicha ]
  * New upstream release 2.36.9.
  * Drop obsolete 0001-skip-perturb-for-cve-2015-4491-original-test.patch
  * debian/libgdk-pixbuf2.0-0.symbols: Add new symbol

  [ Emilio Pozuelo Monfort ]
  * New upstream release 2.36.10.
    - CVE-2017-2862: fix code execution vulnerability in jpeg loader.
      Closes: #874552.
  * Switch to copyright format 1.0.
  * copyright: exclude non-free test ref images.
  * rules: drop obsolete dh_strip --dbgsym-migration switch.
  * postinst: make loaders.cache reproducible. Thanks Chris Lamb for the
    patch. Closes: #875704.

 -- Emilio Pozuelo Monfort <email address hidden>  Tue, 19 Sep 2017 23:39:30 +0200
Superseded in artful-release on 2017-09-21
Deleted in artful-proposed on 2017-09-23 (Reason: moved to release)
gdk-pixbuf (2.36.5-3ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patches/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
    - debian/patches/CVE-2017-2862-part3.patch: add test in
      tests/pixbuf-fail.c.
    - CVE-2017-2862
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
      a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
    - debian/patches/CVE-2017-6311-part2.patch: return an error if the
      ICO didn't load in gdk-pixbuf/io-ico.c.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 14 Sep 2017 18:36:00 -0300
Superseded in xenial-updates on 2018-01-15
Superseded in xenial-security on 2018-01-15
gdk-pixbuf (2.32.2-1ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patch/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311.patch: return an error when ICO
      didn't load in gdk-pixbuf/io-ico.c.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 14 Sep 2017 13:38:49 -0300
Superseded in trusty-updates on 2018-01-15
Superseded in trusty-security on 2018-01-15
gdk-pixbuf (2.30.7-0ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patch/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311.patch: return an error when ICO didn't
      load in gdk-pixbuf/io-ico.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 14 Sep 2017 11:38:36 -0300
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
gdk-pixbuf (2.36.5-3ubuntu0.2) zesty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patches/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
    - debian/patches/CVE-2017-2862-part3.patch: add test in
      tests/pixbuf-fail.c.
    - CVE-2017-2862
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
      a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
    - debian/patches/CVE-2017-6311-part2.patch: return an error if the
      ICO didn't load in gdk-pixbuf/io-ico.c.
    - CVE-2017-6311

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 13 Sep 2017 16:51:56 -0300
Superseded in artful-release on 2017-09-19
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
gdk-pixbuf (2.36.5-3) experimental; urgency=medium

  [ Jeremy Bicha ]
  * Add new libgdk-pixbuf2.0-bin package to install thumbnailer
    binary and metadata needed by gnome-desktop 3.23 (LP: #1665602)
  * Have libgdk-pibxuf2.0-0 recommend libgdk-pixbuf2.0-bin
  * debian/rules: Change dh_install's --list-missing to --fail-missing to
    catch this issue sooner next time

  [ Iain Lane ]
  * debian/rules: Don't use -X.la - it's error prone as it does substring
    matching instead of globbing. Instead use `find ... -delete' to remove
    *.la files explicitly.
  * debian/control.*: Update Vcs-* for branch.

 -- Jeremy Bicha <email address hidden>  Tue, 14 Mar 2017 16:05:47 +0000

Available diffs

Superseded in zesty-release on 2017-03-23
Deleted in zesty-proposed on 2017-04-07 (Reason: moved to release)
gdk-pixbuf (2.36.5-1) experimental; urgency=medium

  * Branch to experimental - update Vcs-*
  * New upstream release 2.36.5
    + Fix mimetypes for thumbnailer
    + Handle fseek failure
    + Fix signed/unsigned handling
    + Fix an overflow check
    + Handle extreme scaling better
  * Bump libglib2.0 BD to 2.48.0, per configure.ac
  * Try replacing d/p/01-disable-oom-test.patch with
    d/p/0001-skip-perturb-for-cve-2015-4491-original-test.patch: This should
    ideally allow the test to be run without OOMing, which is better than not
    running it at all. (The proper fix is still to be investigated.)

 -- Iain Lane <email address hidden>  Tue, 14 Feb 2017 11:36:07 +0000
Superseded in zesty-proposed on 2017-02-14
gdk-pixbuf (2.36.5-0ubuntu1) zesty; urgency=medium

  * New upstream release (LP: #1664288)

 -- Jeremy Bicha <email address hidden>  Mon, 13 Feb 2017 11:20:38 -0500
Superseded in zesty-release on 2017-02-15
Deleted in zesty-proposed on 2017-02-16 (Reason: moved to release)
gdk-pixbuf (2.36.4-1) unstable; urgency=medium

  * New upstream release.

 -- Emilio Pozuelo Monfort <email address hidden>  Tue, 17 Jan 2017 00:45:42 +0100

Available diffs

Superseded in zesty-release on 2017-01-18
Deleted in zesty-proposed on 2017-01-19 (Reason: moved to release)
gdk-pixbuf (2.36.3-1) unstable; urgency=medium

  [ Emilio Pozuelo Monfort ]
  * New upstream release.

 -- Iain Lane <email address hidden>  Mon, 09 Jan 2017 14:23:04 +0000
Superseded in zesty-proposed on 2017-01-09
gdk-pixbuf (2.36.2-1) unstable; urgency=medium

  * New upstream release.

 -- Michael Biebl <email address hidden>  Thu, 22 Dec 2016 02:20:02 +0100
Superseded in zesty-release on 2017-01-10
Deleted in zesty-proposed on 2017-01-11 (Reason: moved to release)
gdk-pixbuf (2.36.0-1ubuntu1) zesty; urgency=medium

  * Sync with Debian (LP: #1643222). Remaining change:
    - Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as
      it fails with OOM, or gets OOM killed.
  * Drop CVE-2016-6352.patch, the fix was applied in new upstream version

 -- Jeremy Bicha <email address hidden>  Sat, 19 Nov 2016 12:50:45 -0500

Available diffs

Published in precise-updates on 2016-09-21
Published in precise-security on 2016-09-21
gdk-pixbuf (2.26.1-1ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Fix a heap-based buffer overflow
    - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on
      upstream patches.
    - CVE-2015-7552
  * SECURITY UPDATE: Fix multiple integer overflows
    - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid
      overflow when shifting
    - CVE-2015-8875

 -- Emily Ratliff <email address hidden>  Wed, 21 Sep 2016 10:14:57 -0500
Superseded in trusty-updates on 2017-09-18
Superseded in trusty-security on 2017-09-18
gdk-pixbuf (2.30.7-0ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
    - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
      headers. Based on upstream patch.
    - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
    - CVE-2016-6352
  * SECURITY UPDATE: Fix a heap-based buffer overflow
    - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on
      upstream patches.
    - CVE-2015-7552
  * SECURITY UPDATE: Fix multiple integer overflows
    - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid
      overflow when shifting
    - CVE-2015-8875

 -- Emily Ratliff <email address hidden>  Wed, 21 Sep 2016 09:38:31 -0500
Superseded in xenial-updates on 2017-09-18
Superseded in xenial-security on 2017-09-18
gdk-pixbuf (2.32.2-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
    - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
      headers. Based on upstream patch.
    - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
    - CVE-2016-6352

 -- Emily Ratliff <email address hidden>  Tue, 20 Sep 2016 11:21:58 -0500
Superseded in zesty-release on 2016-11-21
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
gdk-pixbuf (2.34.0-1ubuntu2) yakkety; urgency=medium

  * SECURITY UPDATE: Fixes for write out-of-bounds error
   - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
     headers. Based on upstream patch.
   - CVE-2016-6352

 -- Emily Ratliff <email address hidden>  Fri, 02 Sep 2016 17:30:17 -0500
Superseded in yakkety-release on 2016-09-10
Deleted in yakkety-proposed on 2016-09-11 (Reason: moved to release)
gdk-pixbuf (2.34.0-1ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable (LP: #1573839).  Remaining changes:
    - Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as
      it fails with OOM, or gets OOM killed.

Available diffs

Superseded in yakkety-release on 2016-04-25
Published in xenial-release on 2015-11-25
Deleted in xenial-proposed (Reason: moved to release)
gdk-pixbuf (2.32.2-1ubuntu1) xenial; urgency=medium

  * Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as
    it fails with OOM, or gets OOM killed.

 -- Dimitri John Ledkov <email address hidden>  Tue, 24 Nov 2015 16:58:42 +0000
Superseded in xenial-release on 2015-11-25
Deleted in xenial-proposed on 2015-11-26 (Reason: moved to release)
gdk-pixbuf (2.32.2-1) unstable; urgency=medium

  * New upstream release.
  * Update watch file to track stable releases only.

 -- Michael Biebl <email address hidden>  Wed, 11 Nov 2015 02:01:07 +0100

Available diffs

Superseded in precise-updates on 2016-09-21
Superseded in precise-security on 2016-09-21
gdk-pixbuf (2.26.1-1ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Heap overflow and DoS with tga files
    - debian/patches/CVE-2015-7673-1.patch: pass on OOM conditions in
      make_weights functions in gdk-pixbuf/pixops/pixops.c
    - debian/patches/CVE-2015-7673-2.patch: Wrap TGAColormap struct in
      its own API in gdk-pixbuf/io-tga.c
    - debian/patches/CVE-2015-7673-3.patch: always parse colormaps in
      gdk-pixbuf/io-tga.c
  * SECURITY UPDATE: heap overflow when scaling GIF images
    - debian/patches/CVE-2015-767.patch: ensure variables are large
      enough when shifting bits in gdk-pixbuf/pixops/pixops.c

 -- Steve Beattie <email address hidden>  Sat, 10 Oct 2015 07:55:26 -0700
Superseded in trusty-updates on 2016-09-21
Superseded in trusty-security on 2016-09-21
gdk-pixbuf (2.30.7-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Heap overflow and DoS with tga files
    - debian/patches/CVE-2015-7673-1.patch: pass on OOM conditions in
      make_weights functions in gdk-pixbuf/pixops/pixops.c
    - debian/patches/CVE-2015-7673-2.patch: Wrap TGAColormap struct in
      its own API in gdk-pixbuf/io-tga.c
    - debian/patches/CVE-2015-7673-3.patch: always parse colormaps in
      gdk-pixbuf/io-tga.c
  * SECURITY UPDATE: heap overflow when scaling GIF images
    - debian/patches/CVE-2015-767.patch: ensure variables are large
      enough when shifting bits in gdk-pixbuf/pixops/pixops.c

 -- Steve Beattie <email address hidden>  Thu, 08 Oct 2015 15:58:55 -0700
Obsolete in vivid-updates on 2018-01-18
Obsolete in vivid-security on 2018-01-18
gdk-pixbuf (2.31.3-1ubuntu0.2) vivid-security; urgency=medium

  * SECURITY UPDATE: Heap overflow and DoS with tga files
    - debian/patches/CVE-2015-7673-1.patch: pass on OOM conditions in
      make_weights functions in gdk-pixbuf/pixops/pixops.c
    - debian/patches/CVE-2015-7673-2.patch: Wrap TGAColormap struct in
      its own API in gdk-pixbuf/io-tga.c
    - debian/patches/CVE-2015-7673-3.patch: always parse colormaps in
      gdk-pixbuf/io-tga.c
  * SECURITY UPDATE: heap overflow when scaling GIF images
    - debian/patches/CVE-2015-767.patch: ensure variables are large
      enough when shifting bits in gdk-pixbuf/pixops/pixops.c

 -- Steve Beattie <email address hidden>  Thu, 08 Oct 2015 13:33:31 -0700
Superseded in xenial-release on 2015-11-11
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
gdk-pixbuf (2.32.1-1) unstable; urgency=medium

  * New upstream release 2.32.1
  * Drop patch which is applied upstream

 -- Iain Lane <email address hidden>  Mon, 05 Oct 2015 17:51:16 +0100
Superseded in wily-release on 2015-10-06
Deleted in wily-proposed on 2015-10-07 (Reason: moved to release)
gdk-pixbuf (2.32.0-1ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    unsafe shift
    - debian/patches/CVE-2015-7674.patch: make variables big enough in
      gdk-pixbuf/pixops/pixops.c.
    - CVE-2015-7674

 -- Marc Deslauriers <email address hidden>  Fri, 02 Oct 2015 13:58:10 -0400
Superseded in wily-release on 2015-10-02
Deleted in wily-proposed on 2015-10-04 (Reason: moved to release)
gdk-pixbuf (2.32.0-1) unstable; urgency=medium

  * New upstream release 2.32.0
  * debian/patches/0001-Skip-tests-when-we-can-t-run-them-due-to-lack-of-mem.patch:
    Cherry-pick patch from upstream. If we can't run some of the new large
    tests due to a lack of memory then skip them. (Closes: #799239)
  * debian/patches/skip-large-file-tests-instead-of-ooming: Drop - this was a
    previous version of the above patch, which has now been sent upstream.

 -- Iain Lane <email address hidden>  Tue, 22 Sep 2015 16:15:30 +0100
Superseded in wily-proposed on 2015-09-24
gdk-pixbuf (2.31.7-1) unstable; urgency=medium

  [ Michael Biebl ]
  * New upstream release.
    - Fixes CVE-2015-4491 (crash with malicious BMP files)
  * Disable jasper support. It's an abandoned code base with frequent security
    issues and JPEG2000 is an exotic fringe format unused in practice.
    Closes: #796270

  [ Iain Lane ]
  * New upstream release 2.31.7
    - Fix several integer overflows (Closes: #753569)
    - Fix build failure with --disable-modules
    - Port animations to GTask

 -- Iain Lane <email address hidden>  Tue, 15 Sep 2015 16:24:31 +0100
Superseded in precise-updates on 2015-10-13
Superseded in precise-security on 2015-10-13
gdk-pixbuf (2.26.1-1ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: heap overflow when scaling bitmap images
    - debian/patches/CVE-2015-4491-1.patch: check for overflows in
      gdk-pixbuf/pixops/pixops.c.
    - debian/patches/CVE-2015-4491-2.patch: also check n_x in
      gdk-pixbuf/pixops/pixops.c.
    - CVE-2015-4491

 -- Marc Deslauriers <email address hidden>  Tue, 18 Aug 2015 13:04:11 -0400
Superseded in vivid-updates on 2015-10-13
Superseded in vivid-security on 2015-10-13
gdk-pixbuf (2.31.3-1ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: heap overflow when scaling bitmap images
    - debian/patches/CVE-2015-4491-1.patch: check for overflows in
      gdk-pixbuf/pixops/pixops.c.
    - debian/patches/CVE-2015-4491-2.patch: also check n_x in
      gdk-pixbuf/pixops/pixops.c.
    - CVE-2015-4491

 -- Marc Deslauriers <email address hidden>  Tue, 18 Aug 2015 12:57:20 -0400
Superseded in trusty-updates on 2015-10-13
Superseded in trusty-security on 2015-10-13
gdk-pixbuf (2.30.7-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow when scaling bitmap images
    - debian/patches/CVE-2015-4491-1.patch: check for overflows in
      gdk-pixbuf/pixops/pixops.c.
    - debian/patches/CVE-2015-4491-2.patch: also check n_x in
      gdk-pixbuf/pixops/pixops.c.
    - CVE-2015-4491

 -- Marc Deslauriers <email address hidden>  Tue, 18 Aug 2015 13:02:29 -0400
Superseded in wily-release on 2015-09-25
Deleted in wily-proposed on 2015-09-26 (Reason: moved to release)
gdk-pixbuf (2.31.5-1ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: heap overflow when scaling bitmap images
    - debian/patches/CVE-2015-4491-2.patch: also check n_x in
      gdk-pixbuf/pixops/pixops.c.
    - CVE-2015-4491

 -- Marc Deslauriers <email address hidden>  Tue, 18 Aug 2015 12:53:51 -0400
Superseded in wily-release on 2015-09-08
Deleted in wily-proposed on 2015-09-09 (Reason: moved to release)
gdk-pixbuf (2.31.5-1) unstable; urgency=medium

  * New upstream release.
  * Remove obsolete Breaks/Replaces from pre-wheezy.

 -- Michael Biebl <email address hidden>  Wed, 22 Jul 2015 01:19:13 +0200

Available diffs

Superseded in wily-release on 2015-07-26
Deleted in wily-proposed on 2015-07-27 (Reason: moved to release)
gdk-pixbuf (2.31.4-2) unstable; urgency=medium

  * Install typelib files into multiarch paths.
  * Mark gir package as Multi-Arch: same.
  * Point Vcs-* to the unstable branch.

 -- Michael Biebl <email address hidden>  Wed, 27 May 2015 01:31:18 +0200

Available diffs

Superseded in wily-proposed on 2015-05-27
gdk-pixbuf (2.31.4-1) unstable; urgency=medium

  * New upstream release.
  * Upload to unstable.

 -- Michael Biebl <email address hidden>  Wed, 20 May 2015 00:07:11 +0200
Superseded in wily-release on 2015-05-27
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
gdk-pixbuf (2.31.3-1) experimental; urgency=medium


  * New upstream release 2.31.3
    - Revert an annotation change that broke bindings
    - Clean up configure
    - Fix Visual Studio build
    - Define MAP_ANONYMOUS when needed
    - Include gi18n-lib.h where needed
  * Drop debian/patches: the revert is upstream in this release.
  * premature-end.* are disted properly now - drop our local copy and manual
    installation.

 -- Iain Lane <email address hidden>  Wed, 11 Mar 2015 12:38:43 +0000

Available diffs

Superseded in vivid-release on 2015-03-12
Deleted in vivid-proposed on 2015-03-13 (Reason: moved to release)
gdk-pixbuf (2.31.2-2) experimental; urgency=medium


  * revert-0001-lib-Annotate-var-arg-gdk_pixbuf_save.patch: Revert upstream
    commit which breaks API which applications actually use.

 -- Iain Lane <email address hidden>  Wed, 25 Feb 2015 19:51:11 +0000

Available diffs

Superseded in vivid-proposed on 2015-02-26
gdk-pixbuf (2.31.2-1) experimental; urgency=medium


  * debian/watch: Update to find unstable versions too.
  * New upstream release 2.31.2
    + API changes:
      - Deprecate GdkPixdata
      - Add gdk_pixbuf_get_options() helper to list set options
      - Annotations fixes for various functions
      - Remove incorrect info about area-prepared signal
    + Image format support changes
      - Flag multi-page TIFF files
      - Fix memory usage for GIF animations, add note about minimum frame
        length (LP: #139067)
      - Return an error for truncated PNG files
      - Add density (DPI) support for JPEG, PNG and TIFF
      - Fix reading CMYK JPEG files generated by Photoshop
      - Allow saving 1-bit mono TIFF files as used in faxes
      - Simplify loader names
      - Fix loading GIF files when the first write is short
      - Add progressive loading to ICNS files
      - Add support for 256x256 ICO files
      - Fix reading MS AMCap2 BMP files
    + Other:
      - Honour requested depth in Xlib
      - Special-case compositing/copying with no scaling
      - Add relocation support to OSX and Linux
  * Upstream forgot to dist premature-end.* - bring them in temporarily to get
    a fully passing testsuite.
  * Add new symbol to symbols file.

 -- Iain Lane <email address hidden>  Tue, 24 Feb 2015 18:10:15 +0000

Available diffs

Superseded in vivid-release on 2015-02-26
Deleted in vivid-proposed on 2015-02-27 (Reason: moved to release)
gdk-pixbuf (2.31.1-2) unstable; urgency=medium


  * debian/rules: Fix the permissions of "loaders.cache" file in the udeb to
    please lintian
  * debian/control.in: Bump Standards-Version to 3.9.6 (no further changes)
  * Add debian/libgdk-pixbuf2.0-0-udeb.lintian-overrides: Add an override for
    package-contains-mime-cache-file as we intend to ship mime.cache

 -- Laurent Bigonville <email address hidden>  Tue, 07 Oct 2014 22:28:49 +0200

Available diffs

Superseded in vivid-release on 2014-10-25
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
gdk-pixbuf (2.30.8-1) unstable; urgency=medium


  * New upstream release.
  * Add Depends on shared-mime-info to libgdk-pixbuf2.0-dev. The
    gdk-pixbuf-csource utility requires it for image file format detection.
    Closes: #758813

 -- Michael Biebl <email address hidden>  Tue, 02 Sep 2014 00:45:43 +0200

Available diffs

Superseded in utopic-release on 2014-09-19
Deleted in utopic-proposed on 2014-09-21 (Reason: moved to release)
gdk-pixbuf (2.30.7-1) unstable; urgency=medium


  * New upstream release.

 -- Michael Biebl <email address hidden>  Wed, 23 Apr 2014 15:46:48 +0200
Superseded in utopic-release on 2014-05-12
Published in trusty-release on 2014-04-01
Deleted in trusty-proposed (Reason: moved to release)
gdk-pixbuf (2.30.7-0ubuntu1) trusty; urgency=medium

  * New upstream version
 -- Sebastien Bacher <email address hidden>   Mon, 31 Mar 2014 17:15:34 +0200
Superseded in precise-updates on 2015-08-26
Deleted in precise-proposed on 2015-08-27 (Reason: moved to -updates)
gdk-pixbuf (2.26.1-1ubuntu1.1) precise; urgency=medium

  * Link with -Wl,--no-as-needed so that we get linked against libgobject,
    avoiding crashes when modules load and unload newer versions of libgobject
    which have a global constructor. (LP: #1174253)
 -- Iain Lane <email address hidden>   Fri, 21 Mar 2014 18:06:47 +0000

Available diffs

Superseded in trusty-release on 2014-04-01
Deleted in trusty-proposed on 2014-04-02 (Reason: moved to release)
gdk-pixbuf (2.30.6-1) unstable; urgency=medium


  * New upstream release.

 -- Emilio Pozuelo Monfort <email address hidden>  Sun, 09 Mar 2014 14:15:14 +0100
Superseded in trusty-release on 2014-03-12
Deleted in trusty-proposed on 2014-03-13 (Reason: moved to release)
gdk-pixbuf (2.30.5-0ubuntu1) trusty; urgency=medium

  * New upstream version
 -- Sebastien Bacher <email address hidden>   Wed, 19 Feb 2014 13:21:41 +0100

Available diffs

Superseded in trusty-release on 2014-02-19
Deleted in trusty-proposed on 2014-02-20 (Reason: moved to release)
gdk-pixbuf (2.30.4-0ubuntu1) trusty; urgency=medium

  * New upstream release
  * debian/patches/0001-Fix-test-failure-if-PNG_iTXt_SUPPORTED-not-defined.patch:
  * debian/patches/0001-Set-GDK_PIXBUF_MODULE_FILE-when-running-the-tests.patch:
    - Applied upstream
 -- Robert Ancell <email address hidden>   Tue, 04 Feb 2014 10:06:49 +0000

Available diffs

Superseded in trusty-release on 2014-02-04
Deleted in trusty-proposed on 2014-02-05 (Reason: moved to release)
gdk-pixbuf (2.30.3-0ubuntu1) trusty; urgency=medium

  * New upstream release:
    - Expand the test suite
    - Enable coverage testing with --enable-coverage
    - Unify sniff buffer sizes across loaders: 4k everywhere
    - Port to GTask
    - xpm: Fix scaling
    - xpm: Update colors from pango
    - qtif: fix fread() error check
  * debian/control:
    - Bump build-depends on libglib2.0-dev
    - Add build-depends on gawk
  * debian/patches/fix-xpm-scaling.patch:
    - Applied upstream
  * debian/patches/0001-Fix-test-failure-if-PNG_iTXt_SUPPORTED-not-defined.patch:
    - Fix test failing due to how our libpng is compiled
 -- Robert Ancell <email address hidden>   Wed, 15 Jan 2014 10:41:02 +1300

Available diffs

Superseded in trusty-release on 2014-01-15
Deleted in trusty-proposed on 2014-01-16 (Reason: moved to release)
gdk-pixbuf (2.30.2-0ubuntu2) trusty; urgency=medium

  * debian/patches/fix-xpm-scaling.patch:
    - Fix XPM scaling (LP: #1061037)
 -- Robert Ancell <email address hidden>   Wed, 08 Jan 2014 12:19:10 +1300
Superseded in trusty-release on 2014-01-08
Deleted in trusty-proposed on 2014-01-09 (Reason: moved to release)
gdk-pixbuf (2.30.2-0ubuntu1) trusty; urgency=medium

  * New upstream release:
    - jpeg: fix icc profile loading
    - jpeg: Improve error handling
    - Make --update-cache work better
  * debian/libgdk-pixbuf2.0-0.symbols:
    - Remove ubuntu version from symbol
 -- Robert Ancell <email address hidden>   Wed, 18 Dec 2013 09:24:51 +1300
Superseded in trusty-release on 2013-12-18
Deleted in trusty-proposed on 2013-12-19 (Reason: moved to release)
gdk-pixbuf (2.30.1-0ubuntu2) trusty; urgency=low

  * Restore revision dropped by error
 -- Sebastien Bacher <email address hidden>   Fri, 22 Nov 2013 18:22:28 +0100
Superseded in trusty-proposed on 2013-11-22
gdk-pixbuf (2.30.1-0ubuntu1) trusty; urgency=low

  * New upstream version
 -- Sebastien Bacher <email address hidden>   Fri, 22 Nov 2013 18:03:49 +0100
Superseded in trusty-release on 2013-11-22
Deleted in trusty-proposed on 2013-11-24 (Reason: moved to release)
gdk-pixbuf (2.30.0-0ubuntu2) trusty; urgency=low

  * debian/patches/0001-Set-GDK_PIXBUF_MODULE_FILE-when-running-the-tests.patch:
    Set GDK_PIXBUF_MODULE_FILE when running the tests to fix FTBFS.
 -- Iain Lane <email address hidden>   Wed, 06 Nov 2013 12:54:09 +0000
Superseded in trusty-proposed on 2013-11-06
gdk-pixbuf (2.30.0-0ubuntu1) trusty; urgency=low

  * New upstream version
  * debian/libgdk-pixbuf2.0-0.symbols: new version update
  * Resynchronize on Debian, remaining changes:
  * debian/control.in:
    - B-D on libtiff5-dev | libtiff-dev instead of libtiff4-dev
  * Dropped change (included in the new version):
  * debian/patches/git-gicon-serialization-support.patch:
    - Add upstream's GdkPixbuf serialization support.

Available diffs

Superseded in trusty-release on 2013-11-07
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
gdk-pixbuf (2.28.1-1ubuntu2) saucy; urgency=low

  * debian/patches/git-gicon-serialization-support.patch:
    - Add upstream's GdkPixbuf serialization support.
 -- William Hua <email address hidden>   Fri, 17 May 2013 00:11:11 -0400
Superseded in saucy-release on 2013-05-28
Deleted in saucy-proposed on 2013-05-30 (Reason: moved to release)
gdk-pixbuf (2.28.1-1ubuntu1) saucy; urgency=low

  * Resynchronize on Debian, remaining changes:
  * debian/control.in:
    - B-D on libtiff5-dev | libtiff-dev instead of libtiff-dev, as we
      have made this transition ahead of Debian.

Superseded in saucy-release on 2013-05-13
Deleted in saucy-proposed on 2013-05-15 (Reason: moved to release)
gdk-pixbuf (2.28.0-1ubuntu1) saucy; urgency=low

  * Resynchronize on Debian, remaining changes:
  * debian/control.in:
    - B-D on libtiff5-dev | libtiff-dev instead of libtiff-dev, as we
      have made this transition ahead of Debian.
 -- Sebastien Bacher <email address hidden>   Tue, 07 May 2013 19:03:11 +0200

Available diffs

Superseded in saucy-release on 2013-05-07
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
gdk-pixbuf (2.28.0-0ubuntu1) raring; urgency=low

  * New upstream version
  * debian/patches/git_missing_icons.patch: included in the new version
 -- Sebastien Bacher <email address hidden>   Tue, 26 Mar 2013 10:36:03 +0100
Superseded in raring-release on 2013-03-26
Deleted in raring-proposed on 2013-03-27 (Reason: moved to release)
gdk-pixbuf (2.27.1-1ubuntu1) raring; urgency=low

  * Resynchronize on Debian, remaining change:
  * debian/control.in:
    - B-D on libtiff5-dev | libtiff-dev instead of libtiff-dev, as we
      have made this transition ahead of Debian.
  * debian/control.in, debian/tests: Simple compile/link/run autopkgtest.
  * debian/patches/git_missing_icons.patch:
    - backport fix from git for missing icons issue

Available diffs

Superseded in raring-release on 2013-02-28
Deleted in raring-proposed on 2013-03-01 (Reason: moved to release)
gdk-pixbuf (2.26.5-0ubuntu4) raring; urgency=low

  * debian/tests/build:
    - Add -Wall -Werror for being more thorough.
    - Don't call deprecated g_type_init() when building with glib >= 2.35.
 -- Martin Pitt <email address hidden>   Wed, 16 Jan 2013 13:44:47 +0100

Available diffs

Superseded in raring-release on 2013-01-17
Deleted in raring-proposed on 2013-01-18 (Reason: moved to release)
gdk-pixbuf (2.26.5-0ubuntu3) raring; urgency=low

  * debian/control.in: Fix misplaced XS-Testsuite header.
 -- Martin Pitt <email address hidden>   Thu, 13 Dec 2012 13:35:50 +0100

Available diffs

Superseded in raring-release on 2012-12-13
Deleted in raring-proposed on 2012-12-14 (Reason: moved to release)
gdk-pixbuf (2.26.5-0ubuntu2) raring; urgency=low

  * Fix regression from 2.26.4: EXIF orientation tag is ignored
    LP: #1077186
 -- Tormod Volden <email address hidden>   Sat, 17 Nov 2012 11:36:17 +0100
Superseded in raring-release on 2012-11-19
Deleted in raring-proposed on 2012-11-20 (Reason: moved to release)
gdk-pixbuf (2.26.5-0ubuntu1) raring; urgency=low

  * New upstream release
  * debian/control:
    - Bump build-depends on libglib2.0-dev
 -- Robert Ancell <email address hidden>   Tue, 13 Nov 2012 09:55:33 +1300

Available diffs

175 of 126 results