import UBI gdk-pixbuf2-2.42.12-4.el10_0

.gdk-pixbuf2.metadata

@@ -1,2 +0,0 @@
-66649b7bd255e315f4561ad72db48d15224de589 SOURCES/bug753605-atsize.jpg
-2a32bf71fd7c47b22abd9843bc3116e771772fbe SOURCES/gdk-pixbuf-2.36.12.tar.xz

.gitignore

@@ -1,2 +1 @@
-SOURCES/bug753605-atsize.jpg
-SOURCES/gdk-pixbuf-2.36.12.tar.xz
+gdk-pixbuf-2.42.12.tar.xz

0001-jpeg-Be-more-careful-with-chunked-icc-data.patch

@@ -0,0 +1,50 @@
+From 4af78023ce7d3b5e3cec422a59bb4f48fa4f5886 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 11 Jul 2025 11:02:05 -0400
+Subject: [PATCH] jpeg: Be more careful with chunked icc data
+
+We we inadvertendly trusting the sequence numbers not to lie.
+If they do we would report a larger data size than we actually
+allocated, leading to out of bounds memory access in base64
+encoding later on.
+
+This has been assigned CVE-2025-7345.
+
+Fixes: #249
+---
+ gdk-pixbuf/io-jpeg.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 9cfd29718..103820c5a 100644
+--- a/gdk-pixbuf/io-jpeg.c
++++ b/gdk-pixbuf/io-jpeg.c
+@@ -359,6 +359,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ 		context->icc_profile = g_new (gchar, chunk_size);
+ 		/* copy the segment data to the profile space */
+ 		memcpy (context->icc_profile, marker->data + 14, chunk_size);
++                ret = TRUE;
+ 		goto out;
+ 	}
+ 
+@@ -380,12 +381,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ 	/* copy the segment data to the profile space */
+ 	memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
+ 
+-	/* it's now this big plus the new data we've just copied */
+-	context->icc_profile_size += chunk_size;
++        context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
+ 
+ 	/* success */
+ 	ret = TRUE;
+ out:
++        if (!ret) {
++                g_free (context->icc_profile);
++                context->icc_profile = NULL;
++        }
+ 	return ret;
+ }
+ 
+-- 
+2.50.0
+

SOURCES/CVE-2022-48622.patch

@@ -1,264 +0,0 @@
-From 00c071dd11f723ca608608eef45cb1aa98da89cc Mon Sep 17 00:00:00 2001
-From: Benjamin Gilbert <bgilbert@backtick.net>
-Date: Tue, 30 Apr 2024 07:26:54 -0500
-Subject: [PATCH 1/3] ANI: Reject files with multiple anih chunks
-
-An anih chunk causes us to initialize a bunch of state, which we only
-expect to do once per file.
-
-Fixes: #202
-Fixes: CVE-2022-48622
----
- gdk-pixbuf/io-ani.c                       |   9 +++++++++
- tests/test-images/fail/CVE-2022-48622.ani | Bin 0 -> 28012 bytes
- 2 files changed, 9 insertions(+)
- create mode 100644 tests/test-images/fail/CVE-2022-48622.ani
-
-diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
-index c6c4642cf4..a78ea7ace4 100644
---- a/gdk-pixbuf/io-ani.c
-+++ b/gdk-pixbuf/io-ani.c
-@@ -295,6 +295,15 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
-         
-         if (context->chunk_id == TAG_anih) 
- 	{
-+		if (context->animation)
-+		{
-+			g_set_error_literal (error,
-+                                             GDK_PIXBUF_ERROR,
-+                                             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
-+                                             _("Invalid header in animation"));
-+			return FALSE;
-+		}
-+
- 		context->HeaderSize = read_int32 (context);
- 		context->NumFrames = read_int32 (context);
- 		context->NumSteps = read_int32 (context);
-diff --git a/tests/test-images/fail/CVE-2022-48622.ani b/tests/test-images/fail/CVE-2022-48622.ani
-new file mode 100644
-index 0000000000000000000000000000000000000000..276b5b989f1e9ec9185e49eb45f710ee38278eb2
-GIT binary patch
-literal 28012
-zcmeHQ2Ut|c+TMaKCefJWrWwJY#u6-vNsJ|8EU`vo%DpjvEQu|#CK_X<2#5tiihxLO
-z(m|^9E?s(;zVxNDv@P#Hv#_`lDM~E&xt`}4=giDE-}laU=IlAlH}7%tnpLZI9$+w*
-zE#LUnj)TAMox)%+Xkzswl8FyF@-LGlT2J%!YrgrmaX*8x`;Q$5e*NXp!DFA0O47<=
-z%$-XmUSv2-WiY0ZIypJoGMeEqp24_7>ZX$t5n*g6iOG;7|2{vSd*HbT{#QNlFD7Fx
-zNx$@@wf{|ipqOXA`Fgo@qILfbV<0%!QrrPPK1jZkjO65G1d?-FN86tE7zl<R2Esu7
-zOtB^<C4p1HL3u^FH2$Z44SM|eKpfJ(=aiSBqOx4<|AG1p<cr7AMzQpVr`Pw1Nhslz
-zpp1;+S(-c49~66#pPytti?74mBiT%8-<Q*QQ^^s}|Nh4MID9)4ofJ=0cqnqR((W6B
-z#P{@`rGDpBJbS*E_&=K9Z)|M5Zwz!?bgs~QmZp^Cl>5dv6yH1v8H$tQ=ka)GX=x#2
-zNXNYQWXos0{YH6ISR~3gfBVgO>c5%NexdkpM}(oRtqm=$t!Qp)L2*$5^7FGu%0*>W
-z1<CWDN#9H6&+W)Cw70jTm0SaQ9cXH3XaKjKi|X1cq^G9$;-~jTKWUS+U!K%C^?wY(
-z&*$^e+1V*h9UYx$@9027V;#74wMe-Wi<{2Q;xSP9{?fuV%&kufx5Q32{%{Bc0`VBS
-zI=jSUXm9Tz*P|7!ZB1z5)uO4j9F4pZG_>ZSt~CQq?K!A!O+rexr+8ch`=1h>Pco<Y
-zW23?$6bi{0_~`1Q*Pxvw9y&T(!E0|KW2ixEdnKCNN(k-(G_+--vMC;!h275$ihbEi
-z=GZ5RTVhKZKOF;~PyF9S@OQPMy|W2zopoaDE$yXZ>`m<idrLf$irm_0Uxm$#lM-D|
-zBmWzIVHdjiZRq5;prfmv;I9I&lY`dI0yK7JqPjgE@f>^cocZuDL;Y!BmbTd!zfjl-
-zzOWTtf<|--YS1p=pq*cYMnO7C+CvaiX)DG)X*WYzTF=uur}*QdBgFGxDCCp8jo@!W
-zmynB2VI|sxg=i9HprkVd;nijxRQ~Os87k6vuUE3@V$V}KB=|)l5y9R?QY*n<Pf|4*
-zLm66yS*R375$xvOzn^>W$Np46OBt2m2RTIOgh12;K5D=hm6I_Ppq?L(=q5`s_P74S
-zI4$W4h!@zzMOSNimb2B&uYBAWn+5xQ9uwrZG%LVoWtN}M${07N#b&mq(>7RMe~&Hc
-z`%mWg<8Olib?8C`nL9;j?z)4FTK6vToY}`veUM#;>r<xtxy`Xjj{B;nqU<1f=AA)9
-zvkJJ4s;H<rjoiEY5D~h%*3nME=9=NunGe!2oH}XzLbMY6Ty%*_iSO?st=d)WcLimZ
-z=7Vgw+srt0Cwg6NL)}sGd!<T#XHTNG@po`)_M@b7AIhqK7pIcSgGkT%KX`e4$~7{a
-zeCR>C9<}Zsei4~J&1C-9fXB~8R-T8DwoO!FTzZghABRO33$hQA*N&^?_w^!5D}O~?
-z>S}n0%!QM;JRH5`;o(0AK~c+*kp7)0E%zrRrF{!epU?P)dh!<^r1Meg?%@|gMCLxP
-zqY$};0pe%VjC~9>X`KjV$k4K@)zSmSIcj_n{K$L7b);tQfwQ{;42&l5^bN-5X=;wQ
-zR6qN&={e08QnmD7<(XN}fLEX*BI7qAGHwIx9Y5h~pPzJ4TKA)#OXCNbKbe{S0$R6p
-zH}gL1ska#7`_Ic{#k4!oC%6J(9C@DzM*N*4Fg2eAZS67Pm$aCh-P~kGOR%V&8_hmr
-zBD3<W{!4+EuS^u#In9Glz;bx{t%RZBoI15LQ|Qw9unq}+5!#TR5zMFMxr-QoJV>dF
-z)tWJW&RcBjYyHW)MKaPdufo*y3ux=g-_SA`MHl`1Jyb4_(K)aA8sEfxCT=({5t-X4
-zLQQ3go$_(nG5vNLLW2Z<NlA+M*))9`qu=|>$!z7ixUe(a*49{*l)A#n<!2b^FS>o*
-z`m>QkFvU<k@sf+W+AGjCm<baLMVvc7w@yuI+J>R@?N5f{zkc<C_;=>B*)oUwlcV(>
-z_Up_ulC@D$;fk=(Bhc0Pw8P$E^{RpTNVln-8aY$x#0yQTs&7L}_hVepS^{;odFIkG
-z4|`7W(<D2Av3sz-&bG^9(o-&xzh}<E-dYitHRMwV>(jSg_0&rd$B(@V<+BRVxUdY$
-zD)VCc$~;V&Vt@ZFmiAEkm>PbP6&-OLp@BPKtUDE&%CBA@N<V2Cb*0w~jvspyXOw3{
-zU2_GFAD@{e-TtuW1p6M^XSV#{?_heDKFRX;*#}SOjnKOw3ym|c8$GN&4W%~>luo^e
-zv+9d+;nGH&`fJXx@IQ?G%j%0`+#Pqp)n+pc&MV;DnMnx`)1S(oKOrBZp*9Z}wbqIB
-z47TE&^5S95pNFx3MMKft!E&d_&1M_Sbe7|S>a^DL$Jc!{R2{m9HhpwKd1{NE_9~c}
-z?h#sA9Dwe{Rl~Y}hiaS3>8UMRXKA#R>+5m~4%dE!p5_AR9Qo+xP<0SlPu&Zj!rF8@
-zyl!5ArTK2I-i6QC4YmJp<#bdQjxoHr)+T`1zU6ovH?IBw9kp2k^)v5k4W?WD^lLg-
-zG!z83*S5g#=2-;aGJvtp1{)o<g~NJ&4Q97*`(?Fd(_C#1aTCKV5$dW0C!;OUQ=c!?
-zIXc%{Re9zz^)qtf_YB%klbmaiI_)EKee^Uw7CM;zh)^F5B;K}%yZsTauErO`et+nT
-zZzyFGtuGFS`)ctsW1SH1cNxCc`(bfqHLhsP<&pWFtf};lvF4d~j4mooxudHwk7uq+
-z-b?KdA}&}D*~uOVzopGLx%|aH^8PjyybqGGySnLOT(CaBBqI>HagIpv*Fmt;33yuV
-zfeV@6&L-R7VYwRtj>ixia2YvC&M3(AM@)zw-^O6mg$L<;(sj1_YYv5bDc2UH`k*2|
-z3Y_c^6s36MZjw9l5?xV{auX%lfhfNlh5R&cgnB8}+UT$D_x<Wg<EQqlbXQMzHT%&f
-z%2%y6C&>k6x#8dtycGqv!O4$6Zi+jiZfVrISo~;Xsker1D|zM)8~wGc8&}tDxM{i7
-z%-``qOn~#DtU%|(StO6~wBBK6Z?t}cjp4ch->;v!K|LWrblrrkg)j!qBYWgjdvb9P
-z23dsbE`QGK&L{QcquJeMnVy_6s=M5qkLxKjWXTB~EUloqq%6smd+JF>+k5mg*rDBJ
-ziQbn~WX0{WR1uN;oLVCJX$C<+@+#VsbWa&c5HlF;V%acdl8-80T1@kC#meGbwiu1H
-zytF6Z){~<*@0LT4Jc^f!^`Nm^FFLyIK+tU$qHY|-rWhB{jgx>UNB2H0IRa0Sr04sz
-zh!dV4|5Y9!vHrJ7$|lL2q<K#oJhAB=5f+B@^mLH(#K&cy=nf{Sm84H4Ht0D?**Q5m
-zhzJX%_8<E1afz<Ma-zF3KR1`!=*2+Jy?s19#PQ{~N3nfKd01;H17V={X<S$u1F1_d
-zEiFYtTr4JzVP_1~f4FVbeg}!^N@H-gvnBhHIG8k+9XxqFd*g6z4Ah_6r!nSk46Vq|
-z%SC;C4T+DJV#@36uo-W&!WHD$5%Z?8BR~Ft6*Z8qM`@$>yW^7-1C7-;prNS}wGDSs
-z!A(JFbrcFKZy_Pm6w8;h;vdDvKz*ov`ot0l1>*Q(TL)Jh&*iqHkyvg7${M^7SE!9u
-zyIE;VwzK~6c_^_jA`ylz5?^cQm!p})Gwa$T!Qr_gvQh;rb(nV*4zRu+XdI8))@@%v
-zVgw|<N8(HE!hAFdVo=-V0k?)<u}F_uFntH>D~bNkdg4n9z!>u>IVbrDN!z33?~Gzs
-ziQ`*nAW^Pj@Q{QCp$|No_F<7et5E)XmUv$bzk)IHdMay*W~|Jg=MqQUFiM&bu9-d}
-zMl)>mwL=jy2foi`$v=vHa(`FS_)Zr{OcUuOQWA{(Mjd?a!K|3Jk-eJg<kT=GyJxYk
-z#FdXPscQYUliRE$;I-dEO|vzs8qEbc<)@kqk|x~V7sB36{2`7-3>6Ex$1C|{>>Vf~
-zC}L4mZ-Ot3nMKp~GsV|Cy_WG>R4Ut@+d8wOgKvTA=8Z@zoPp5vSKyg69zi)X5nuQX
-zvPzEgJ#K%Lx%D#pS8`p3j6v>Yc9r<LBO4`LXKdQbOq+d~xlMvU=nm7fq1CXnjqin8
-zo)di1#-w=!k2&rTGir`Q;;0YJea9TK4SpdkF!nRVru+;e$9d^1ce01P-{iel*j3c`
-zWwpUrvznE#@ORcX65A;uj0Hu-bGSlLy{N1)2%gECeSBLdzAI^`c`TWO=48C~UXx8+
-zedmd8`fU~bXaCC{3%4*QNXzwiF8?aKs=O)@3+J<AmaS*qw`Lyf$<!;a*6*ln%0pnb
-zc5bJzv^NIRSKkFNMrjz2a91;$g@dO*%wM{i_03|bSZrT;NqNevtg6|QS&^U3Wh+YR
-zXpRcT>uwG*UZoY9g3hisxQ6dkzb*6`@VcJVmifuk?IeCVI;-h(MW(W}zW&aqyvDBj
-zK#sMzZ#%I+&cc`#aMS-S;SKLuu)Y1pqP{YH%c|-!?`%0CgRc&}!(aLtOTTaX!<32r
-zQKyfvTrID^FETThgSY#vS%dYr)?XrbKuHcxc3OhZKW1GSOn$KTZJSx=4YfD5dfwOr
-zADeXp#$c!}Tl4k%O`P}OuM1zdEd7Yp8<QW*PJiu+b6FcNsctLub5en?<+h;y<RtZu
-zPCtd`rH7ID)7B!|S5p6|`La2z@q50X?HuK6ER6M5N3iWqv;K4ik+w*G4TOXk33qK#
-zaG`zslYN-_)gQ9IanReHoD=7O%*gAAbUhXsXus#Ezr{~e1I@Nh3ANe#M}+&asFWBJ
-zWF_3d4ZYndw9muX7)<u?TA3{&*83AmG6MKT8NMh^@j*tk8PZA0ymJHj*}kYLN)QCt
-z?MtGvgXw#ecHN&wth#wl(KRhdzoIlVsDoRUhMI~ra7$9UlEU;VT`w$kr!tSCd#HV`
-zZ5{a%N$W}aizK6-M9*p6OGDKoEl1zI`W}L%<b8~!H%S^z5<|Hs(Uk^Ck|pQ!mBCPy
-z1w&;Nm}FUkP149wOuRfU3=_wdV6kio1SE+hX<RtzM3zm6Ji>^gVp%+ApGjYh=jYEo
-z@Z1AK_W)&sko0p;692U@^xjWblJ0hw?9%ATIkfKSq8gfYg7Z21Y-p}}Bq=%{`kM>V
-zzJJa>dnES`+KKxAIs0r-H$651>i_5Lv&ZJ%K^0T~-+s<Mql~mogF5Rm2vGl1_E}d~
-zmpC#&S#)h}?cfnM;C~bQj7B!-7&_YtbB>IG$7@4VOB2~0UWdl!3e+_ff!myi+NM-g
-zH^rfjcL$uNFhnI;h<DyTZT49=dyX>aI?&P1BV%Ym8)2Tc@an|Oxh4s7j+cpA!kR0o
-zCp*Wp?0T_38|*U@*&yt>4#J$H%rjm)Wu8@mVsGT-qn==|;}PtQ!3fVb>1CgNvTN|2
-ztB+yoi&fJ3FJb=)X=F%1*nfmM*U{BTm}i9b*HMa=jsi4wWP(eWXB=KIf(x#Q{Z80t
-zY6=_fv2Y$2#)0(Sk6%dGAMN7kQYW7)jxh1~1>kjMgUgRaF3%1AC6~q6Df>)rEAy$b
-zwj^Vs`0ugLy4hP@!a6bYtX)_lW^dIA;*i(whMOFXUiO*%k1Xb#U!UH*>5IRceMZ<@
-zV&+^8xdt3EhP#A0mxvO94?H>N#D1Si*k}LxQv7)&iHfJ1OZ*RVh|o@0XOz8FP8d*y
-zWDFUo=?aE#{dqBV%03(WF;lz?jV!PA&K*aq$t)+U8S8!AKQ|5ZQH;6ey(G)mOEJsG
-z`^y+N7ezB`v-dYxUVHDc>|VPcKVkl%S{z;M5N4yHGXilH*Cp&TmCwKZ`+TuAojTpi
-zdA3!2^tzg&q64U`J%dW_S#WC4qPRjC899d#61=w7!DhCtnc@47nSDl?f0gJI<rCkh
-zBZgxv_B&ypol`UY`<!vKlHV5-v81A+;uldv>k(8p9zj{nVH8#zz+KKk<dq&qZrLBm
-zDL#zEl&$c*xsZF^=)FOs8xJ!f@A;py&l<@5CsFOLWF)4VQuY~#u+J`z*w{U1r1g5(
-zzptK^wyv$2w_C(*+Kqy;?~s_j6v5F7@C}^;?_hb{3ZH|pxaEjR{Wsz>wjwI=d$@Qk
-z;u{*s|6{vn@8PHHvpTf2Wg$7skv^L^gnf2aVLy|laIkyc5cZjP4!c;&@5{^F+}_@K
-zP*l^f1L=8R;FkYn*xHWou(TYTaY^eHQ%&^=MtTM>CYe}G;N5VY4&RVv2#MJYzmTtB
-zY5Pg%<#YcG3s4$A(1iH-8<c&<A?!2N>3g~vXVmY6eI~wNy-YrsmK61MRY#|)sG<27
-z(z4dV)pa6F9Y=+^d9hX}CXVQh@@rpxk!9f~v&`D;#aq|RCy5+g=fl-|73`c=;EK*1
-zuF8q`hrN4Tf?q^q;&HB&ea0c|v)>o*Wyrj{^Zw_PyY;Fu{w|wr8fx`LybgWj75s*q
-zt_pB>9p$Lc{rmkPJ>Rr%zIa(r=Pka4^=z0~E)f_QDMI<g6x-8B<c76-UxGh3FN!{!
-zID~z6aP=k@d*R;uu~RG_)~h!p-&W=d1Yu;?jWxo8w!zD4dR$`2_#t6X_jtisOZ_$I
-zUQrNf>n(+<(p>J@WA6`(JwfsJu+KPzeRgQYqI+{j+JE#s_~v$tiV_#{ew2c|91FrA
-z_^vbl)|b6IM*7P4EvqK6W~!eW+j#cO+fY-V4^`F0Q2A3~SnL(*bCSvk`)t>Od8}UM
-zLtopp9N~K?rjZ*>zS5F{q!>Nenk-LFjs9c6K7I9QD8Cqf`sf6lKB)jDm8Cd&RAE@`
-zA%eYxFu1fnn!#o*n*aCbleGO%&wW|-wNa?&CL%Ui16pd64W-+Ma;|aaRf98szKWB_
-zXG2MO1x_BBJuLPX!M=UwL^gZwG}fTc_h65mS=HsYP|3N4XulIM(w4Ot3T9~;O_etc
-zHP6UH`Sb#jn%a7t{&ViI@Js6+>^#8byO`p;_9!iM6h-^}0VgZ@?C?C9-rvi?`qTC+
-znsV{Fgf(?Za~&>g{Q$L73x+j+hGJ79<7&CuG$rPuupq}m5F2<1&e!L)`*@CCCTSlm
-z*VS3`v9Z>iR&)KYaP8_2m>BKB70ngHx_<|=Dcx?Rzj$4c=YDQ}x+!7<kHE+3OITlf
-z`IfZIK<9>93q5W1SHaO@7o2Y>!NO!G*Wkj^Vf}s%WUp_VsrHgFcGouAq{bQ{IZ_kh
-zt~+r<f05w&*#$a%W&4%`{U%<v(_1X?wBCh)n`-d))`5xc*EV|R6o>Te=&SEh%LeDa
-zoa*m#jGL2WhlBt%gpwUIj{3`mrrMwQx?WzTXnE<w-rrM8&3SBh?G=h9Iv@Mm>8}(9
-z*#Cwo-}6X{wu7g`Q7&QP4g3A!QO04Zz4~BWkRHDv#RDn9I*4}p6Tap@z)|lDo`u%@
-zWGyv0BdxQth87p+-*GZn!Sl8JKSX()!kth9WD#c6?SLzMOa0YPm3`)X?YoP~;l}*p
-z%mCykI3X>>010I0PPE%`L^%JBaHqqFbUBK6A2p<f8zVp29YvXeNC>^kcQN_*Klb&8
-zNAbU;kE`*<L(zn_RhaHe*k{p%eHM)3RBsd#hF@XwO%xHvSy@g9VRA*IFvAbgzGrJ)
-zuWfv$*k|qr8>ahOZL_)Ur%{_n*k_!)2r=Hu!dNi_EuYM>82|INzSi4qJPg)9lk78h
-z<BcqrYa2KC+Wc%5<nnt=kn7<rl4k|G9*Oa@`^C)V+NKTe#+wFxzDus_|58rZO~_iv
-zGt53)D#k~6Zaq242;OeQB$Ke)MySY&>&JDoycm;u*k_BW1d*HG%?e}mu+JDh>@#K$
-z`)pJXn~bo~#O$+iJ!~`Cd#p2Y{XN#1goXB;eMYaw^W%Th1B8|FoPCx}*=J!-mwiT<
-zXoP__<h6{4ovoC8BhCCGWy-vhW}l@$tj>p#r}iJjKC2*K1s1c<#yv^)SvLz$!akFK
-zl@&_X5yEFpVn@u8XGMNEo&6ZuXI<pWs)T(;zDnBIOxb6JWW7I~u+Io1r!t6q>C6g>
-zi`lUc<J+OgQvcH@Fa5$I{kkRnDra+B8R}Zd7cHA&2>Z+r2?d7u@;|IQpYC{E>@&JX
-z-$lM`*GyuA<ZGs#xrBWdi}F@4gqLeT@gy_*gWp(>WgkNK_$BN!5}PDnm24IylK7Gj
-ze7JvM!9`a7G^ueDc9ocMM)DU3%c=Ko%AxrBK{C|-J@#2CVV|X<Q5XRK#=r217At@1
-zW>)W>&L5K5@BW@7b6hK2#^hqy2w%0h7ekK3$XNXmIAYh&QS3J*%(w^H>96jc(d<fr
-zn0;17qHH;6K{zrRw6VyM$$4*WHyg>miNX4fFw3m-#;0f2eBV-9tHiHvutr_8Khi6d
-zI`5VnG?@p;`u$}i^Yt<eyx!dx$Gc<MRRS^dj<V0<k=}3>E7h5~@006I7<bHo2F7?D
-zZ}#~+^|P8<JKRNO^`{V)J_FwI<KdI=20T(`AnxuS#1$Op+Xu~0-hNVMdtVy^mAlzz
-z)nx2hgnj0OHAk3P^A0jM(>~SJj0t9btgH2He|EKWC?UOeExgjFq?w10IpG*OdWN?5
-zn5kxNWA_?+kM(y5nk5R1*#a%I5AP_hXMZ=4P3g97_8AAIHU3z)j+MChFte9A5}v|b
-zo0Rnqr={a0GAb9tIbo!iZ71V3N&gfw7ZXVe1Y@L$^IQ5pfg54(zE!a4KjR!0u3)_)
-zksBzd?5pzXI1si}3}L_B$KLRdWjfV2>GA7Z%Hf*2KBKB}(!cuCMXvjZvpS=lPoA5F
-zU3)*uUbJXv_v_Tx+0}EWv7?qOVEt{qFFBi;-`W-{s;Mu6Q`p|K-tGS$a82{%Ihh|$
-zDJx*d?zxSN7P8LthgG_M+P{eXsq7`vb@ZIFzfxjGXY+W4<O`VrxZ=O&gT69-%f~fF
-zyz|$oY4~Q_B>v(B!)Bko8RjQ<r@qb+$?=v*3fcH^UweJaW`>L9em^-GhmS4i50`yL
-z*?&%EOt<9tuey?B_aoACrBYveeam*{8}?b*{sukWgRR45pAq|`jWk(DL;SYXrpBot
-z+VjU4QrG|WC%-#hPJ6-w{dI9pb8GQG!9FwAU{1VrdS*a!l(8r&h%n3Sf3aXl?JtlX
-zzrX!2<}ra6MRDP_!d?IO&$7>)uI^6FjdwssqzR(jjz@;r|9aHlT+BY38e+HSNF-sO
-zrAJ*yc7g-!uI@_taz6W8X>7wir;M^-!age{?6Z;#f80%Q7PHSXZkr)H@dirB{ZW=3
-zA_%tGpZGZ0XC9hM-BKm&GftYQt}<K1$qnmF4K=Lv)LP}Cvwg&u!yW5D{VBt&hiN8e
-zpPB4<!PsQyizf_sjND-O^HX4-%_S=!+sBF7XXJZ3U{UtjNXkA7$0RBC8D*deNS$cZ
-M-`Qsm^M9uOKm6?EwEzGB
-
-literal 0
-HcmV?d00001
-
--- 
-GitLab
-
-
-From d52134373594ff76614fb415125b0d1c723ddd56 Mon Sep 17 00:00:00 2001
-From: Benjamin Gilbert <bgilbert@backtick.net>
-Date: Tue, 30 Apr 2024 07:13:37 -0500
-Subject: [PATCH 2/3] ANI: Reject files with multiple INAM or IART chunks
-
-There should be at most one chunk each.  These would cause memory leaks
-otherwise.
----
- gdk-pixbuf/io-ani.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
-index a78ea7ace4..8e8414117c 100644
---- a/gdk-pixbuf/io-ani.c
-+++ b/gdk-pixbuf/io-ani.c
-@@ -445,7 +445,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
- 	}
-         else if (context->chunk_id == TAG_INAM) 
- 	{
--		if (!context->animation) 
-+		if (!context->animation || context->title)
- 		{
- 			g_set_error_literal (error,
-                                              GDK_PIXBUF_ERROR,
-@@ -472,7 +472,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
- 	}
-         else if (context->chunk_id == TAG_IART) 
- 	{
--		if (!context->animation) 
-+		if (!context->animation || context->author)
- 		{
- 			g_set_error_literal (error,
-                                              GDK_PIXBUF_ERROR,
--- 
-GitLab
-
-
-From 91b8aa5cd8a0eea28acb51f0e121827ca2e7eb78 Mon Sep 17 00:00:00 2001
-From: Benjamin Gilbert <bgilbert@backtick.net>
-Date: Tue, 30 Apr 2024 08:17:25 -0500
-Subject: [PATCH 3/3] ANI: Validate anih chunk size
-
-Before reading a chunk, we verify that enough bytes are available to match
-the chunk size declared by the file.  However, uniquely, the anih chunk
-loader doesn't verify that this size matches the number of bytes it
-actually intends to read.  Thus, if the chunk size is too small and the
-file ends in the middle of the chunk, we populate some context fields with
-stack garbage.  (But we'd still fail later on because the file doesn't
-contain any images.)  Fix this.
----
- gdk-pixbuf/io-ani.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
-index 8e8414117c..cfafd7b196 100644
---- a/gdk-pixbuf/io-ani.c
-+++ b/gdk-pixbuf/io-ani.c
-@@ -295,6 +295,14 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
-         
-         if (context->chunk_id == TAG_anih) 
- 	{
-+		if (context->chunk_size < 36)
-+		{
-+			g_set_error_literal (error,
-+                                             GDK_PIXBUF_ERROR,
-+                                             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
-+                                             _("Malformed chunk in animation"));
-+			return FALSE;
-+		}
- 		if (context->animation)
- 		{
- 			g_set_error_literal (error,
--- 
-GitLab
-

SOURCES/Turn-off-mmx-support.diff

@@ -1,11 +0,0 @@
---- a/configure.ac	2015-08-19 02:48:05.000000000 +0200
-+++ b/configure.ac	2015-08-19 02:48:05.000000000 +0200
-@@ -872,7 +872,7 @@
- AC_MSG_CHECKING(for x86 platform)
- case $host_cpu in
-   i386|i486|i586|i686|i786|k6|k7)
--        use_x86_asm=yes
-+        use_x86_asm=no
-         ;;
-    *)
-         use_x86_asm=no

gdk-pixbuf2.spec

@@ -1,46 +1,43 @@
-%global glib2_version 2.48.0
+## START: Set by rpmautospec
+## (rpmautospec version 0.6.5)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 4;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
+
+%global glib2_version 2.56.0
 
 Name:           gdk-pixbuf2
-Version:        2.36.12
-Release:        6%{?dist}
+Version:        2.42.12
+Release:        %autorelease
 Summary:        An image loading library
 
-License:        LGPLv2+
-URL:            http://www.gtk.org
-#VCS:           git:git://git.gnome.org/gdk-pixbuf
-Source0:        http://download.gnome.org/sources/gdk-pixbuf/2.36/gdk-pixbuf-%{version}.tar.xz
-Source1:        bug753605-atsize.jpg
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1630565
-Patch0:         Turn-off-mmx-support.diff
-# https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/172
-Patch1:         CVE-2022-48622.patch
+License:        LGPL-2.1-or-later
+URL:            https://gitlab.gnome.org/GNOME/gdk-pixbuf
+Source0:        https://download.gnome.org/sources/gdk-pixbuf/2.42/gdk-pixbuf-%{version}.tar.xz
+Patch0:         0001-jpeg-Be-more-careful-with-chunked-icc-data.patch
 
+BuildRequires:  docbook-style-xsl
+BuildRequires:  gettext
+BuildRequires:  gi-docgen
 BuildRequires:  pkgconfig(gio-2.0) >= %{glib2_version}
 BuildRequires:  libpng-devel
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtiff-devel
-BuildRequires:  jasper-devel
-BuildRequires:  pkgconfig(x11)
-BuildRequires:  pkgconfig(gobject-introspection-1.0) >= 0.9.3
+BuildRequires:  libxslt
+BuildRequires:  meson
+BuildRequires:  pkgconfig(gobject-introspection-1.0)
 # gdk-pixbuf does a configure time check which uses the GIO mime
 # layer; we need to actually have the mime type database.
 BuildRequires:  shared-mime-info
-BuildRequires:  git
+BuildRequires:  /usr/bin/rst2man
 
 Requires: glib2%{?_isa} >= %{glib2_version}
-
 # We also need MIME information at runtime
 Requires: shared-mime-info
-# Bootstrap requirements
-BuildRequires: autoconf automake libtool gtk-doc
-BuildRequires: gettext-autopoint
-
-# gdk-pixbuf was included in gtk2 until 2.21.2
-Conflicts: gtk2 <= 2.21.2
-
-# We need rpm with file triggers support
-Conflicts: rpm < 4.12.90
 
 %description
 gdk-pixbuf is an image loading library that can be extended by loadable
@@ -48,41 +45,34 @@ modules for new image formats. It is used by toolkits such as GTK+ or
 clutter.
 
 %package modules
-Summary: Additional image modules for gdk-pixbuf
+Summary: GIF and TIFF modules for gdk-pixbuf2
 Requires: %{name}%{?_isa} = %{version}-%{release}
+# Recommend external pixbuf loaders for popular image formats only.
+# Please do not recommend obscure image formats here.
+%if ! 0%{?rhel}
+# avif and jxl are not shipped in RHEL
+Recommends: avif-pixbuf-loader
+Recommends: jxl-pixbuf-loader
+Recommends: webp-pixbuf-loader
+%endif
+Recommends: rsvg-pixbuf-loader
 
 %description modules
-This package contains the additional modules that are needed to load various
-image formats such as ICO and JPEG.
-
-%package xlib
-Summary: Additional library for using gdk-pixbuf with bare xlib
-Requires: %{name}%{?_isa} = %{version}-%{release}
-
-%description xlib
-This package contains the old libgdk-pixbuf-xlib library that is needed by some
-programs to load GdkPixbuf using bare XLib calls.
-
-%package xlib-devel
-Summary: Development files for gdk-pixbuf-xlib
-Requires: %{name}-xlib%{?_isa} = %{version}-%{release}
-Requires: %{name}-devel%{?_isa} = %{version}-%{release}
-
-%description xlib-devel
-This package contains the libraries and header files that are needed
-for writing applications that are using gdk-pixbuf-xlib.
+This package contains the additional modules that are needed to load GIF and
+TIFF images.
 
 %package devel
-Summary: Development files for gdk-pixbuf
+Summary: Development files for gdk-pixbuf2
 Requires: %{name}%{?_isa} = %{version}-%{release}
 Requires: glib2-devel%{?_isa} >= %{glib2_version}
-
-# gdk-pixbuf was included in gtk2 until 2.21.2
-Conflicts: gtk2-devel <= 2.21.2
+# Because web fonts from upstream are not bundled in the gi-docgen package,
+# packages containing documentation generated with gi-docgen should depend on
+# this metapackage to ensure the proper system fonts are present.
+Recommends: gi-docgen-fonts
 
 %description devel
 This package contains the libraries and header files that are needed
-for writing applications that are using gdk-pixbuf.
+for writing applications that are using gdk-pixbuf2.
 
 %package tests
 Summary: Tests for the %{name} package
@@ -92,48 +82,34 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 The %{name}-tests package contains tests that can be used to verify
 the functionality of the installed %{name} package.
 
-
 %prep
-%autosetup -n gdk-pixbuf-%{version} -p1 -Sgit
+%autosetup -n gdk-pixbuf-%{version} -p1
 
 %build
-autoreconf -fi
-%configure                           \
-        --with-x11                   \
-        --with-libjasper             \
-        --with-included-loaders=png  \
-        --enable-installed-tests     \
-        --disable-silent-rules
-make %{?_smp_mflags}
+%meson \
+       -Dothers=disabled \
+       -Dgtk_doc=true \
+       -Dman=true \
+       %{nil}
 
+%global _smp_mflags -j1
+%meson_build
 
 %install
-%make_install RUN_QUERY_LOADER_TEST=false
-
-cp -a ${RPM_SOURCE_DIR}/bug753605-atsize.jpg $RPM_BUILD_ROOT%{_libexecdir}/installed-tests/gdk-pixbuf
-
-# Remove unpackaged files
-rm $RPM_BUILD_ROOT%{_libdir}/*.la
-rm $RPM_BUILD_ROOT%{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders/*.la
+%meson_install
 
 touch $RPM_BUILD_ROOT%{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders.cache
 
+# Rename gdk-pixbuf-query-loaders
 (cd $RPM_BUILD_ROOT%{_bindir}
  mv gdk-pixbuf-query-loaders gdk-pixbuf-query-loaders-%{__isa_bits}
 )
+# ... and fix up gdk-pixbuf-query-loaders reference in the .pc file
+sed -i -e 's/gdk-pixbuf-query-loaders/gdk-pixbuf-query-loaders-%{__isa_bits}/' \
+    $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdk-pixbuf-2.0.pc
 
 %find_lang gdk-pixbuf
 
-%post
-/sbin/ldconfig
-
-%postun
-/sbin/ldconfig
-
-%post xlib -p /sbin/ldconfig
-
-%postun xlib -p /sbin/ldconfig
-
 %transfiletriggerin -- %{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders
 gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 
@@ -142,7 +118,7 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 
 %files -f gdk-pixbuf.lang
 %license COPYING
-%doc AUTHORS NEWS
+%doc NEWS README.md
 %{_libdir}/libgdk_pixbuf-2.0.so.*
 %{_libdir}/girepository-1.0
 %dir %{_libdir}/gdk-pixbuf-2.0
@@ -157,14 +133,6 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %files modules
 %{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders/*.so
 
-%files xlib
-%{_libdir}/libgdk_pixbuf_xlib-2.0.so.*
-
-%files xlib-devel
-%{_includedir}/gdk-pixbuf-2.0/gdk-pixbuf-xlib
-%{_libdir}/libgdk_pixbuf_xlib-2.0.so
-%{_libdir}/pkgconfig/gdk-pixbuf-xlib-2.0.pc
-
 %files devel
 %dir %{_includedir}/gdk-pixbuf-2.0
 %{_includedir}/gdk-pixbuf-2.0/gdk-pixbuf
@@ -172,36 +140,147 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %{_libdir}/pkgconfig/gdk-pixbuf-2.0.pc
 %{_bindir}/gdk-pixbuf-csource
 %{_bindir}/gdk-pixbuf-pixdata
-%{_datadir}/gir-1.0
-%{_datadir}/gtk-doc/html/*
+%{_datadir}/gir-1.0/
 %{_mandir}/man1/gdk-pixbuf-csource.1*
+%doc %{_datadir}/doc/gdk-pixbuf/
+%doc %{_datadir}/doc/gdk-pixdata/
 
 %files tests
 %{_libexecdir}/installed-tests
 %{_datadir}/installed-tests
 
-
 %changelog
-* Wed May 15 2024 Tomas Popela <tpopela@redhat.com> - 2.36.12-6
-- Backport fixes for CVE-2022-48622
-- Apply patches with git to enable binary patching
-- Resolves: RHEL-30478
+## START: Generated by rpmautospec
+* Fri Jul 11 2025 Matthias Clasen <mclasen@redhat.com> - 2.42.12-4
+- jpeg: Be more careful with chunked icc data
 
-* Thu Aug 29 2019 Benjamin Otte <otte@gnome.org> - 2.36.12-5
-- Disable mmx support
-  Resolves: #1630565
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.42.12-3
+- Bump release for October 2024 mass rebuild:
 
-* Fri Dec 14 2018 Ray Strode <rstrode@redhat.com> - 2.36.12-4
-- Install missing test image
-  Related: #1625683
-- Fix up tests.yml
+* Thu Aug 22 2024 Tomas Popela <tpopela@redhat.com> - 2.42.12-2
+- Recommend webp loader only on Fedora
 
-* Fri Dec 14 2018 Ray Strode <rstrode@redhat.com> - 2.36.12-3
-- rebuild
+* Fri Jul 19 2024 Tomas Popela <tpopela@redhat.com> - 2.42.12-1
+- Update to 2.42.12 and sync with Fedora
 
-* Mon Dec 10 2018 Josh Boyer <jwboyer@redhat.com> - 2.36.12-2
-- Rebuild for CET note fixes
-  Resolves: #1657310
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.42.10-11
+- Bump release for June 2024 mass rebuild
+
+* Thu Apr 11 2024 Matthias Clasen <mclasen@redhat.com> - 2.42.10-10
+- Use SPDX license format
+
+* Tue Apr 09 2024 Tomas Pelka <tpelka@redhat.com> - 2.42.10-9
+- Update file gating.yaml
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.10-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.10-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 12 2024 Tomas Popela <tpopela@redhat.com> - 2.42.10-6
+- Don't recommend avif and jxl loaders on RHEL
+
+* Fri Jul 21 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.10-5
+- Recommend popular pixbuf loaders to ensure they get installed
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Oct 27 2022 David King <amigadave@amigadave.com> - 2.42.10-1
+- Update to 2.42.10
+
+* Wed Sep 28 2022 Bastien Nocera <bnocera@redhat.com> - 2.42.9-2
+- Fix loading of large JPEG files
+
+* Wed Aug 10 2022 Kalev Lember <klember@redhat.com> - 2.42.9-1
+- Update to 2.42.9
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.8-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jul 20 2022 Kalev Lember <klember@redhat.com> - 2.42.8-3
+- Fix up gdk-pixbuf-query-loaders reference in the .pc file (#2109099)
+
+* Fri Jul 15 2022 Kalev Lember <klember@redhat.com> - 2.42.8-2
+- Re-enable developer documentation building (#2107411)
+
+* Fri Mar 18 2022 David King <amigadave@amigadave.com> - 2.42.8-1
+- Update to 2.42.8
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Apr 13 2021 Kalev Lember <klember@redhat.com> - 2.42.6-1
+- Update to 2.42.6
+- Use upstream defaults (png and jpeg) for builtin loaders
+
+* Tue Mar 23 2021 Kalev Lember <klember@redhat.com> - 2.42.4-2
+- Rebuild
+
+* Tue Mar 23 2021 Kalev Lember <klember@redhat.com> - 2.42.4-1
+- Update to 2.42.4
+- Disable gtk-doc support as we don't have gi-docgen in Fedora yet
+
+* Fri Feb 19 2021 Kalev Lember <klember@redhat.com> - 2.42.2-2
+- Avoid using deprecated meson options
+- Fix gtk-doc directory ownership
+
+* Fri Feb 19 2021 Kalev Lember <klember@redhat.com> - 2.42.2-1
+- Update to 2.42.2
+- Split out gdk-pixbuf2-xlib to separate source package
+- Update upstream URLs
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.40.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.40.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.40.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Oct 08 2019 Kalev Lember <klember@redhat.com> - 2.40.0-1
+- Update to 2.40.0
+
+* Mon Aug 19 2019 Kalev Lember <klember@redhat.com> - 2.39.2-1
+- Update to 2.39.2
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.38.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Feb 28 2019 Kalev Lember <klember@redhat.com> - 2.38.1-1
+- Update to 2.38.1
+
+* Tue Feb 12 2019 Kalev Lember <klember@redhat.com> - 2.38.0-6
+- Backport a patch to fix perl-Gtk3 build (#1676474)
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.38.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Sep 10 2018 Kalev Lember <klember@redhat.com> - 2.38.0-4
+- Disable parallel make to work around thumbnailer generation issue (#1626835)
+
+* Mon Sep 10 2018 Kalev Lember <klember@redhat.com> - 2.38.0-3
+- Rebuilt to pick up all thumbnailers (#1626835)
+
+* Fri Sep 07 2018 Kalev Lember <klember@redhat.com> - 2.38.0-2
+- Rebuilt against fixed atk (#1626575)
+
+* Thu Sep 06 2018 Kalev Lember <klember@redhat.com> - 2.38.0-1
+- Update to 2.38.0
+- Switch to the meson build system
+- Remove ancient conflicts
+- Remove ldconfig scriptlets
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.36.12-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Sun Apr 08 2018 Kalev Lember <klember@redhat.com> - 2.36.12-1
 - Update to 2.36.12
@@ -539,3 +618,5 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 
 * Sat Jun 26 2010 Matthias Clasen <mclasen@redhat.com> 2.21.3-1
 - Initial packaging
+
+## END: Generated by rpmautospec

sources

@@ -0,0 +1 @@
+SHA512 (gdk-pixbuf-2.42.12.tar.xz) = ae9fcc9b4e8fd10a4c9bf34c3a755205dae7bbfe13fbc93ec4e63323dad10cc862df6a9e2e2e63c84ffa01c5e120a3be06ac9fad2a7c5e58d3dc6ba14d1766e8