Changelog for
gdk-pixbuf-lang-2.42.9-5.7.1.noarch.rpm :
* Tue Aug 30 2022 mgorseAATTsuse.com- Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch: fix loading of larger images (glgo#GNOME/gdk-pixbuf#216).
* Mon Aug 15 2022 dmuellerAATTsuse.com- avoid bashism in baselibs postscript (bsc#1195391)
* Tue Aug 09 2022 bjorn.lieAATTgmail.com- Update to version 2.42.9: + Fix the check for maximum value of LZW initial code size (boo#1194633 CVE-2021-44648). + Use CMake for dependencies on Windows/MSVC. + Add option for building tests. + Move man pages to reStructuredText. + Disable relocation when built as a static libary on Windows. + Update wrap file for libjpeg-turbo. + Limit the memory size when loading image data.- Add docutils and pkgconfig(gi-docgen) BuildRequires: New dependencies.
* Fri Mar 18 2022 bjorn.lieAATTgmail.com- Update to version 2.42.8 (boo#1201826): + Clear the pixbuf\'s memory buffer to avoid returning uninitialized memory. + Turn GdkPixbufModule functions into typed callbacks. + tiff: Use non-deprecated C99 integer types. + gif: Check for overflow when compositing or clearing frames. + Change png/jpeg/tiff build options from boolean to feature. + jpeg: Do not rely on UB around setjmp/longjmp. + Build fixes. + Documentation fixes. + Security fixes: CVE-2021-46829. + Updated translations.- Stop passing options to meson that just follow upstream default, just rely on upstream providing sane defaults, apart from where we want to deviate.
* Thu Nov 04 2021 bjorn.lieAATTgmail.com- Stop passing no longer used nor recognized options jasper=false and x11=false to meson, fails the build when using meson 0.60.x.
* Thu Sep 16 2021 sbrabecAATTsuse.com- Remove obsolete translation-update-upstream support (jsc#SLE-21105).
* Fri Jul 30 2021 yfjiangAATTsuse.com- Drop gdk-pixbuf-bsc1180393-CVE-2020-29385.patch on SLE and Leap 15.4: fixed upstream.
* Wed Apr 14 2021 rpmAATTfthiessen.de- Update to stable 2.42.6 + Yield gtk_doc option value in subprojects + Always initialise locale on thumbnailer startup + Add fallback subproject for libjpeg + Use type:array for the builtin_loaders option + Default to using builtin png and jpeg loaders
* Sat Mar 27 2021 dimstarAATTopensuse.org- Disable building of docs: creates a cycle with python: + Drop python3-gi-docgen BuildRequires. + Pass gtk_doc=false to meson
* Sun Mar 21 2021 dimstarAATTopensuse.org- Update to version 2.42.4: + Make enum type registration thread safe. + Do not install skipped test files. + Fix GIF initialization. + Always run GIF loader tests. + Fix leaks discovered via ASan. + Expose GdkPixbufLoader API via introspection. + Fix revert-to-previous first frame behaviour for GIF files. + Link to libintl if needed. + Improve support for using gdk-pixbuf as a subproject. + Fix build with GModule disabled. + Use gi-docgen to generate the API reference from introspection data.- Replace gtk-doc BuildRequires with python3-gi-docgen: follow upstreams port.- As a workaround to https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/177, delete the installed gi-docgen program files.
* Thu Jan 07 2021 zcjiaAATTsuse.com- Add gdk-pixbuf-bsc1180393-CVE-2020-29385.patch: gif: Fix LZW decoder accepting invalid LZW code. (bsc#1180393)
* Tue Dec 08 2020 dimstarAATTopensuse.org- Update to version 2.42.2: + Requre Meson 0.55.3. + Improve the PNG save operation. + Fix leak in the error path of the XPM loader. + Fix loading GIF without a GCE rendering color 0. + Fix invalid LZW codes in the GIF loader (CVE-2020-29385).
* Mon Nov 09 2020 dimstarAATTopensuse.org- Udpate to version 2.42.0: + Remove the libjasper JPEG2000 loader. + Split the gdk-pixbuf-xlib library to a separate repository. + Fix cppcheck \'shifting signed 32-bit value warning\', + Fix memory leaks in pixops error paths, + Improve internal consistency of loaders, + Skip bytes during JPEG incremental load. + Check for overflows. + Let the test suite cope with missing loaders. + Check for mmap failure. + Fix UB in the XPM loader. + Speed up alpha scaling pixop. + Add the `gtk_doc` configuration option, and deprecate `docs`. + Add the `introspection` configuration option, and remove `gir`. + Handle truncated PNMs more gracefully. + Clean up GIF loader code. + Fix colormap handling in GIF.- Drop gdk-pixbuf-boo1174307-io-gif-overflow.patch: fixed upstream.- Replace meson parameters, following upstream changes: + -Ddocs=true => -Dgtk_doc=true. + -Dgir=true => -Dintrospection=enabled.
* Mon Jul 27 2020 zcjiaAATTsuse.com- Add gdk-pixbuf-boo1174307-io-gif-overflow.patch: Avoid overflows by checking the memset length argument (boo#1174307).- Raise dependency glib-2.0 version.
* Mon Feb 24 2020 yfjiangAATTsuse.com- A file tests/test-images/gif-test-suite/max-width.gif from the test suite is correctly identified by clamav to be a malicious BC.Gif.Exploit.Agent-1425366.Agent. This is an intentional part of the test suite to ensure it has no negative side effects. On SLE, the package is built with clamav scanning, which then prevents a successful build. This change repacks the source package to a password-protected zip to bypass the clamav scanning for SLE (bsc#1159337), with following update: + Download upstream tarball through source service + Add pre_checkin.sh to convert tarball to zip file + Update spec-file to use the zip file as main source
* Thu Jan 30 2020 dimstarAATTopensuse.org- No longer recommend -lang: supplements are in use
* Wed Nov 27 2019 bjorn.lieAATTgmail.com- Drop pkgconfig(x11) BuildRequires and pass -Dx11=false to meson. No longer build x11 support, that is now split out in it\'s own compat package.
* Tue Oct 08 2019 bjorn.lieAATTgmail.com- Update to version 2.40.0: + Allow creating a GdkPixbuf instance without any property.
* Mon Sep 09 2019 mgorseAATTsuse.com- Update to version 2.39.2: + Add gdk_pixbuf_init_modules() for applications with GdkPixbuf loader modules in a separate directory. + Add subproject fallback for dependencies. + Handle large XPM without crashing. + Use the appropriate gdk-pixbuf-query-loaders on install. + Disable deprecation warnings introduced by GLib 2.62. + Escape GIF version in error messages. + Render GIF frames on demand.
* Mon Sep 09 2019 bjorn.lieAATTgmail.com- Update to version 2.38.2: + build: Remove unnecessary argument. + gif: Suppress last deprecation warning. + tests: - Disable deprecation warnings for GTimeVal. - Add test for issue 95. - Add test image for invalid XPM data. + Disable deprecation warnings for GTimeVal. + Use the monotonic clock instead of wall one. + xpm: - Fail when XPM file doesn\'t contain enough data. - Simplify error path. - Sanity check XPM file dimensions.
* Wed May 08 2019 dimstarAATTopensuse.org- Move RPM macros to %_rpmmacrodir.
* Thu Feb 28 2019 bjorn.lieAATTgmail.com- Update to version 2.38.1: + Fix OOM in JPEG2000 loader. + Fix thumbnailing of animated GIFs. + Multiple improvements to the GIF loader. + Fix introspection generation. + Fix error handling in PNG loader. + Improve reproducibility of the build. + Speed up saving PNG files. + Add variables in the pkg-config files for binary utilities. + Build fixes.
* Sun Sep 09 2018 antoine.belvireAATTopensuse.org- Update to version 2.38.0: + Stable release. + Documentation fixes.
* Wed Aug 22 2018 bjorn.lieAATTgmail.com- Update to version 2.37.92: + Ensure that GdkPixbuf\'s storage is safely handled. + Add test case for buffer overflow in pixdata loader.
* Sun Jul 08 2018 bjorn.lieAATTgmail.com- Pass all options to meson, ensure we build gdk-pixbuf with the features we want.
* Wed Jun 20 2018 luc14n0AATTlinuxmail.org- Update to version 2.37.0: + Plug a memory leak when using GBytes (bgo#787626). + Fix introspection annotations (bgo#789935). + Fix OOB error when dithering (bgo#748211). + Drop the MMX assembly optimizations for pixops. + Improve compatibility for the post-install script (bgo#795705). + Expose the dimensions of the original image from GdkPixbufLoader (bgo#778517). + Improve thumbnailer implementation (bgo#778517). + Generate separate introspection data for GdkPixdata API (glgo#GNOME/gdk-pixbuf#72). + Deprecate GDK_INTERP_HYPER (glgo#GNOME/gdk-pixbuf#3).- Pass installed_tests as false to meson to make sure we don\'t ship unnecessary tests.- Add typelib-1_0-GdkPixdata GI subpackage and require it on the devel package, following upstream changes.
* Tue Apr 10 2018 luc14n0AATTlinuxmail.org- Update to version 2.36.12: + gif, ico, jpeg, tiff, icns: various fixes (bgo#778584, bgo#779012, bgo#753605, bgo#779020, bgo#779016). + Implement async loading without threads. + Updated translations.- Rename with_docs meson option to docs, following usptream change.- Drop fixed upstream patches: gdk-pixbuf-bgo779012-ico-overflow.patch, gdk-pixbuf-gif-negative-array-indexes.patch, gdk-pixbuf-gif-uninitialized-variable.patch, gdk-pixbuf-tiff-overflow.patch and gdk-pixbuf-icns-handle-short-blocklen.patch.
* Tue Mar 20 2018 dimstarAATTopensuse.org- Unconditionally enable translation-update-upstream: on Tumbleweed, this results in a NOP and for Leap in SLE paid translations being used (boo#1086036).
* Wed Feb 28 2018 dimstarAATTopensuse.org- Modernize spec-file by calling spec-cleaner
* Fri Jan 05 2018 mgorseAATTsuse.com- Add gdk-pixbuf-bgo779012-ico-overflow.patch: fix a potential integer overflow (boo#1027026 CVE-2017-6312).- Add gdk-pixbuf-gif-negative-array-indexes.patch and gdk-pixbuf-gif-uninitialized-variable.patch: protect against access to negative array indexes (BGO#778584).- Add gdk-pixbuf-tiff-overflow.patch: avoid overflow during size computation (bgo#779020).- Add gdk-pixbuf-icns-handle-short-blocklen.patch: protect against short block length when reading icns (boo#1027024 CVE-2017-6313).
* Tue Oct 03 2017 luc14n0AATTlinuxmail.org- Update to version 2.36.11: + Build: - Fix tiff loader build (bgo#786342). - Prefer newer libpng (bgo#786035). + Use a free reference images for tests (bgo#787050). + gif: fail quickly if image dimensions are too big (bgo#785973). + xlib: Avoid an out-of-bounds error on bigendian (bgo#775896). + Updated translations.- Drop u_contrib-gdk-pixbuf-xlib-Fix-rgb888amsb.patch: fixed upstream.- Add gdk-pixbuf-rpmlintrc: filter gdk-pixbuf-devel.
*: W: non-conffile-in-etc /etc/rpm/macros.gdk-pixbuf.
* Mon Sep 11 2017 zaitorAATTopensuse.org- Update to version 2.36.10: + build: meson build improvements. + build: win32 build fixes. + tests: show error before failing (bgo#786259). + Updated translations.
* Fri Sep 08 2017 jengelhAATTinai.de- Update summaries and RPM categories.
* Tue Aug 22 2017 dimstarAATTopensuse.org- Migrate to meosn build system: + Add meson BuildRequires: new dependency. + Add xsltproc, gdk-doc and docbook-xsl-stylesheets BuildRequires: new dependencies, as gtk-doc and man pages are no longer pre-built. + Replace configure, make, make_install calls for respective meson, meson_build and meson_install macros.- Drop libjasper-devel BuildRequires: drop JPEG2000 support: it is not enabled per default by upstream.
* Sat Aug 19 2017 zaitorAATTopensuse.org- Update to version 2.36.9: + build: meson build improvements. + OS X: don\'t require shared-mime-info (bgo#786167). + gif: fix a coverity warning (bgo#785696). + build: make queryloaders output reproducible (bgo#783592). + Updated translations.
* Mon Aug 07 2017 zaitorAATTopensuse.org- Update to version 2.36.8: + jpeg: restore grayscale image support (bgo#785171). + bmp: Tighten image dimension checks (bgo#776694). + ico: Fixo icon quality sorting (bgo#785447). + Various other leak and overflow fixes (bgo#765094, bgo#783538, bgo#778204). + Add some assertion to help static analysis (bgo#778943). + Remove support for building on various obsolete platforms. + Updated translations.
* Tue Jul 18 2017 zaitorAATTopensuse.org- Update to version 2.36.7: + Add tests for recent bug fixes. + ico, bmp, tiff: avoid integer overflows (bgo#776040, bgo#776694, bgo#780269). + jpeg: error out if wrong # of channels (bgo#784866). + Misc.bugfixes (bgo#784583). + Support mimetypes: image/wmf, image/emf. + Updated translations.- Drop gdk-pixbuf-cve-2017-2862-jpeg-channels.patch and gdk-pixbuf-cve-2017-2870-tiff-mul-overflow.patch: Fixed upstream.
* Sun Jul 16 2017 hpjAATTsuse.com- Add fixes for crashes, taken from upstream git (CVE-2017-2862, CVE-2017-2870, bgo#784866, bgo#780269): gdk-pixbuf-cve-2017-2862-jpeg-channels.patch gdk-pixbuf-cve-2017-2870-tiff-mul-overflow.patch
* Wed May 10 2017 dimstarAATTopensuse.org- Supplement libgdk_pixbuf-2_0-0 by the thumbnailers (boo#1037100).
* Sun Mar 26 2017 zaitorAATTopensuse.org- Update to version 2.36.6: + jpeg: Support the EXIF tag (bgo#143608). + ico: Make option parsing locale-independent (bgo#776990). + Fix build on Windows. + Updated translations.
* Mon Feb 13 2017 zaitorAATTopensuse.org- Update to version 2.36.5: + Fix mimetypes for thumbnailer (bgo#778451). + Handle fseek failure (bgo#776990). + Fix signed/unsigned handling (bgo#777374). + Fix an overflow check (bgo#777315). + Handle extreme scaling better (bgo#80925). + Updated translations.
* Mon Jan 16 2017 zaitorAATTopensuse.org- Update to version 2.36.4: + Add a fastpath for no-op scales. + Documentation improvements (bgo#442452). + Fix some coverity warnings (bgo#776945, bgo#768062). + Updated translations.
* Wed Jan 04 2017 zaitorAATTopensuse.org- Update to version 2.36.3: + gif, ico: Fix area-updated coordinates (bgo#581484). + tga: Improve error handling (bgo#575217). + jasper: Improve error handling (bgo#685543). + Test suite improvements (bgo#696331). + Minor documentation fixes (bgo#776457). + Updated translations.
* Tue Dec 20 2016 zaitorAATTopensuse.org- Update to version 2.36.2: + Fix a NULL pointer dereference (bgo#776026). + Fix a memory leak (bgo#776020). + Support bmp headers with bitmask (bgo#766890). + Add tests for scaling (bgo#80925). + Handle compressed pixdata in resources (bgo#776105). + Avoid a buffer overrun in the qtif loader (bgo#775648). + Fix a crash in the bmp loader (bgo#775242). + Fix crash opening pnm images with large dimensions (bgo#775232). + Prevent buffer overflow in the pixdata loader (bgo#775693). + Updated translations.
* Tue Dec 13 2016 dimstarAATTopensuse.org- Update to version 2.36.1: + Remove the pixdata loader (bgo#776004). + Fix integer overflows in the jpeg loader (bgo#775218). + Add an external thumbnailer for images. + Updated translations.- Split the external thumbnailer into gdk-pixbuf-thumbnailer.
* Fri Dec 09 2016 mstaudtAATTsuse.com- Add u_contrib-gdk-pixbuf-xlib-Fix-rgb888amsb.patch: Fix RGBA conversion for big endian X11 environments. Fixes (boo#929462, bsc#1010497, bgo#775896).
* Mon Sep 19 2016 zaitorAATTopensuse.org- Update to version 2.36.0: + Updated translations.
* Tue Sep 13 2016 zaitorAATTopensuse.org- Update to version 2.35.5: + Fix undefined behavior in overflow checks (bgo#770986). + Fix a typo (bgo#770756). + Avoid segfault in some tests (bgo#771026). + Updated translations.
* Tue Aug 30 2016 zaitorAATTopensuse.org- Update to version 2.35.4: + Updated translations.- Conditionally apply translations-update-upstream BuildRequires and macro for non-openSUSE only.- Escape some macros in comments to silence rpmlint.
* Tue Aug 30 2016 zaitorAATTopensuse.org- Update to version 2.35.3: + Add API to determine supported save options (bgo#683371). + Add helper API for pixbuf options (bgo#768043). + Fix invalid gettext use (bgo#758552). + Fix a compiler warning in the xpm loader (bgo#768042). + Fix integer overflows in the bmp loader (bgo#768688, bgo#768738). + Fix a crash in the ico loader (bgo#769170). + Updated translations.- Drop gdk-pixbuf-bgo768688-bmp-overflow.patch, gdk-pixbuf-bgo768484-ico-set-errors.patch, gdk-pixbuf-bgo769738-bmp-overflow.patch and gdk-pixbuf-bgo769170-ico-headers.patch: Fixed upstream.
* Tue Aug 30 2016 zaitorAATTopensuse.org- Update to version 2.35.2: + Use compiler directives for exporting symbols (bgo#767164). + Fix a problem with nearest scaling (bgo#766842). + Avoid redundant property notification. + Updated translations.
* Tue Aug 30 2016 zaitorAATTopensuse.org- Update to version 2.35.1: + Add non-varargs variant to save to stream (bgo#683063). + Add a common autotools module (bgo#765034). + Updated translations.
* Tue Aug 30 2016 mgorseAATTsuse.com- Add fixes for some crashes, taken from upstream git (bsc#988745 bsc#991450 CVE-2016-6352): gdk-pixbuf-bgo768688-bmp-overflow.patch gdk-pixbuf-bgo768484-ico-set-errors.patch gdk-pixbuf-bgo769738-bmp-overflow.patch gdk-pixbuf-bgo769170-ico-headers.patch
* Wed Apr 13 2016 idonmezAATTsuse.com- Update to GNOME 3.20 Fate#318572- Remove upstreamed patches: gdk-pixbuf-bgo758991.patch, 0001-pixops-Don-t-overflow-variables-when-shifting-them.patch, gdk-pixbuf-bgo747605.patch, gdk-pixbuf-bgo752297.patch, 0001-ico-Protect-against-overflow.patch, 0001-pixops-use-gint64-in-more-places-to-avoid-overflow-w.patch, gdk-pixbuf-bsc960155-divide-by-zero.patch, gdk-pixbuf-bsc948790-tga-dos.patch and gdk-pixbuf-2-32-overflow-fixes.patch.
* Fri Mar 25 2016 zaitorAATTopensuse.org- Update to version 2.34.0: + Don\'t force no static builds on Win32 (bgo#760369). + Updated translations.
* Mon Jan 04 2016 mgorseAATTsuse.com- Add gdk-pixbuf-bsc960155-divide-by-zero.patch -- fix a possible divide by zero (bsc#960155).- Add gdk-pixbuf-2-32-overflow-fixes.patch, 0001-ico-Protect-against-overflow.patch, gdk-pixbuf-bgo747605.patch, and gdk-pixbuf-bgo758991.patch: fix various overflows (bsc#958963 CVE-2015-7552).
* Tue Dec 22 2015 zaitorAATTopensuse.org- Update to version 2.33.2: + Fix two crashes in the bmp loader (bgo#747605, bgo#758991). + Updated translations.
* Tue Dec 22 2015 zaitorAATTopensuse.org- Update to version 2.33.1: + Improve various tests. + ico: integer overflow fixes. + tga: rewrite the loader, introducing a buffer queue abstraction. + gif: fix thumbnailing animations. + Updated translations.
* Mon Dec 21 2015 mgorseAATTsuse.com- Update to version 2.32.3: + Fix two crashes in the bmp loader (bgo#747605, bgo#758991). + ico: integer overflow fixes. + Updated translations.
* Wed Nov 25 2015 mgorseAATTsuse.com- Add 0001-pixops-use-gint64-in-more-places-to-avoid-overflow-w.patch: Fix some more overflows scaling a gif (bsc#948791 CVE-2015-7673).
* Mon Nov 09 2015 zaitorAATTopensuse.org- Update to version 2.32.2: + Avoid some integer overflow possibilities in scaling code. + Updated translations.
* Mon Oct 05 2015 mgorseAATTsuse.com- Add gdk-pixbuf-bsc948790-tga-dos.patch: fix an overflow and DoS with a TGA (bsc#948790 CVE-2015-7673).- Add 0001-pixops-Don-t-overflow-variables-when-shifting-them.patch: Fix overflow when scaling a gif (bsc#948791 CVE-2015-7674).
* Fri Sep 25 2015 zaitorAATTopensuse.org- Update to version 2.32.1: + Make relocations optional. + Fix a crash due to overflow when scaling. + Drop loaders for some rare image formats: wbmp, ras, pcx. + Prevent testsuite failures due to lack of memory. + Updated translations.
* Tue Sep 22 2015 dimstarAATTopensuse.org- Update to version 2.32.0: + Fix build issues (bgo#754154). + Fix animation loading (bgo#755269). + More overflow fixes in the scaling code (bgo#754387). + Fix a crash in the tga loader. + Updated translations.
* Mon Sep 14 2015 mgorseAATTsuse.com- Add gdk-pixbuf-bgo752297.patch: Check for overflow before allocating memory when scaling (bsc#942801 CVE-2015-4491). Taken from upstream.
* Wed Sep 02 2015 dimstarAATTopensuse.org- Update to version 2.31.7: + Fix several integer overflows (bgo#753908, bgo#753569). + Fix build failure with --disable-modules (bgo#740912). + Port animations to GTask. + Updated translations.
* Wed Aug 19 2015 zaitorAATTopensuse.org- Update to version 2.31.6: + Really fix bgo#752297. This is CVE-2015-4491. + Updated translations.
* Tue Jul 21 2015 zaitorAATTopensuse.org- Update to version 2.31.5: + Add support for g_autoptr for all object types (bgo#750497). + Avoid a possible divide-by-zero in the pixbuf loader (bgo#750440). + Remove gettext .pot file hack (bgo#743574). + Be more careful about integer overflow (bgo#752297). + Updated translations.- Drop README from docs as it is now empty.- Add generic www.gnome.org URL to silence a few lint warnings.
* Tue May 12 2015 zaitorAATTopensuse.org- Update to version 2.31.4: + SVGZ icons in notification GNOME3 (bgo#648815). + gdk_pixbuf_apply_embedded_orientation is not working (bgo#725582). + Updated translations.
* Sun Mar 08 2015 zaitorAATTopensuse.org- Update to version 2.31.3: + API changes: Revert an annotation change that broke bindings. + Build fixes: - Clean up configure - Fix Visual Studio build - Define MAP_ANONYMOUS when needed - Include gi18n-lib.h where needed + Updated translations.
* Sat Nov 22 2014 zaitorAATTopensuse.org- Update to version 2.31.2: + API changes: - Deprecate GdkPixdata. - Add gdk_pixbuf_get_options() helper to list set options. - Annotations fixes for various functions. - Remove incorrect info about area-prepared signal. + Image format support changes: - Flag multi-page TIFF files. - Fix memory usage for GIF animations, add note about minimum frame length. - Return an error for truncated PNG files. - Add density (DPI) support for JPEG, PNG and TIFF. - Fix reading CMYK JPEG files generated by Photoshop. - Allow saving 1-bit mono TIFF files as used in faxes. - Simplify loader names. - Fix loading GIF files when the first write is short. - Add progressive loading to ICNS files. - Add support for 256x256 ICO files. - Fix reading MS AMCap2 BMP files. + Other: - Honour requested depth in Xlib. - Special-case compositing/copying with no scaling. - Add relocation support to OSX and Linux. - Prefer gdk-pixbuf\'s loaders to the GDI+ ones on Windows.
* Sun Nov 09 2014 ledestAATTgmail.com- fix bashism in post script