Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

8 changed files with 383 additions and 435 deletions

View File

@ -1,2 +1 @@
66649b7bd255e315f4561ad72db48d15224de589 SOURCES/bug753605-atsize.jpg
2a32bf71fd7c47b22abd9843bc3116e771772fbe SOURCES/gdk-pixbuf-2.36.12.tar.xz
320ed10a4cb74a0770de91a9e5741767ebdef2bf SOURCES/gdk-pixbuf-2.42.6.tar.xz

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/bug753605-atsize.jpg
SOURCES/gdk-pixbuf-2.36.12.tar.xz
SOURCES/gdk-pixbuf-2.42.6.tar.xz

View File

@ -1,50 +0,0 @@
From 4af78023ce7d3b5e3cec422a59bb4f48fa4f5886 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Fri, 11 Jul 2025 11:02:05 -0400
Subject: [PATCH] jpeg: Be more careful with chunked icc data
We we inadvertendly trusting the sequence numbers not to lie.
If they do we would report a larger data size than we actually
allocated, leading to out of bounds memory access in base64
encoding later on.
This has been assigned CVE-2025-7345.
Fixes: #249
---
gdk-pixbuf/io-jpeg.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
index 9cfd29718..103820c5a 100644
--- a/gdk-pixbuf/io-jpeg.c
+++ b/gdk-pixbuf/io-jpeg.c
@@ -359,6 +359,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
context->icc_profile = g_new (gchar, chunk_size);
/* copy the segment data to the profile space */
memcpy (context->icc_profile, marker->data + 14, chunk_size);
+ ret = TRUE;
goto out;
}
@@ -380,12 +381,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
/* copy the segment data to the profile space */
memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
- /* it's now this big plus the new data we've just copied */
- context->icc_profile_size += chunk_size;
+ context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
/* success */
ret = TRUE;
out:
+ if (!ret) {
+ g_free (context->icc_profile);
+ context->icc_profile = NULL;
+ }
return ret;
}
--
2.50.0

View File

@ -1,264 +0,0 @@
From 00c071dd11f723ca608608eef45cb1aa98da89cc Mon Sep 17 00:00:00 2001
From: Benjamin Gilbert <bgilbert@backtick.net>
Date: Tue, 30 Apr 2024 07:26:54 -0500
Subject: [PATCH 1/3] ANI: Reject files with multiple anih chunks
An anih chunk causes us to initialize a bunch of state, which we only
expect to do once per file.
Fixes: #202
Fixes: CVE-2022-48622
---
gdk-pixbuf/io-ani.c | 9 +++++++++
tests/test-images/fail/CVE-2022-48622.ani | Bin 0 -> 28012 bytes
2 files changed, 9 insertions(+)
create mode 100644 tests/test-images/fail/CVE-2022-48622.ani
diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
index c6c4642cf4..a78ea7ace4 100644
--- a/gdk-pixbuf/io-ani.c
+++ b/gdk-pixbuf/io-ani.c
@@ -295,6 +295,15 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
if (context->chunk_id == TAG_anih)
{
+ if (context->animation)
+ {
+ g_set_error_literal (error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+ _("Invalid header in animation"));
+ return FALSE;
+ }
+
context->HeaderSize = read_int32 (context);
context->NumFrames = read_int32 (context);
context->NumSteps = read_int32 (context);
diff --git a/tests/test-images/fail/CVE-2022-48622.ani b/tests/test-images/fail/CVE-2022-48622.ani
new file mode 100644
index 0000000000000000000000000000000000000000..276b5b989f1e9ec9185e49eb45f710ee38278eb2
GIT binary patch
literal 28012
zcmeHQ2Ut|c+TMaKCefJWrWwJY#u6-vNsJ|8EU`vo%DpjvEQu|#CK_X<2#5tiihxLO
z(m|^9E?s(;zVxNDv@P#Hv#_`lDM~E&xt`}4=giDE-}laU=IlAlH}7%tnpLZI9$+w*
zE#LUnj)TAMox)%+Xkzswl8FyF@-LGlT2J%!YrgrmaX*8x`;Q$5e*NXp!DFA0O47<=
z%$-XmUSv2-WiY0ZIypJoGMeEqp24_7>ZX$t5n*g6iOG;7|2{vSd*HbT{#QNlFD7Fx
zNx$@@wf{|ipqOXA`Fgo@qILfbV<0%!QrrPPK1jZkjO65G1d?-FN86tE7zl<R2Esu7
zOtB^<C4p1HL3u^FH2$Z44SM|eKpfJ(=aiSBqOx4<|AG1p<cr7AMzQpVr`Pw1Nhslz
zpp1;+S(-c49~66#pPytti?74mBiT%8-<Q*QQ^^s}|Nh4MID9)4ofJ=0cqnqR((W6B
z#P{@`rGDpBJbS*E_&=K9Z)|M5Zwz!?bgs~QmZp^Cl>5dv6yH1v8H$tQ=ka)GX=x#2
zNXNYQWXos0{YH6ISR~3gfBVgO>c5%NexdkpM}(oRtqm=$t!Qp)L2*$5^7FGu%0*>W
z1<CWDN#9H6&+W)Cw70jTm0SaQ9cXH3XaKjKi|X1cq^G9$;-~jTKWUS+U!K%C^?wY(
z&*$^e+1V*h9UYx$@9027V;#74wMe-Wi<{2Q;xSP9{?fuV%&kufx5Q32{%{Bc0`VBS
zI=jSUXm9Tz*P|7!ZB1z5)uO4j9F4pZG_>ZSt~CQq?K!A!O+rexr+8ch`=1h>Pco<Y
zW23?$6bi{0_~`1Q*Pxvw9y&T(!E0|KW2ixEdnKCNN(k-(G_+--vMC;!h275$ihbEi
z=GZ5RTVhKZKOF;~PyF9S@OQPMy|W2zopoaDE$yXZ>`m<idrLf$irm_0Uxm$#lM-D|
zBmWzIVHdjiZRq5;prfmv;I9I&lY`dI0yK7JqPjgE@f>^cocZuDL;Y!BmbTd!zfjl-
zzOWTtf<|--YS1p=pq*cYMnO7C+CvaiX)DG)X*WYzTF=uur}*QdBgFGxDCCp8jo@!W
zmynB2VI|sxg=i9HprkVd;nijxRQ~Os87k6vuUE3@V$V}KB=|)l5y9R?QY*n<Pf|4*
zLm66yS*R375$xvOzn^>W$Np46OBt2m2RTIOgh12;K5D=hm6I_Ppq?L(=q5`s_P74S
zI4$W4h!@zzMOSNimb2B&uYBAWn+5xQ9uwrZG%LVoWtN}M${07N#b&mq(>7RMe~&Hc
z`%mWg<8Olib?8C`nL9;j?z)4FTK6vToY}`veUM#;>r<xtxy`Xjj{B;nqU<1f=AA)9
zvkJJ4s;H<rjoiEY5D~h%*3nME=9=NunGe!2oH}XzLbMY6Ty%*_iSO?st=d)WcLimZ
z=7Vgw+srt0Cwg6NL)}sGd!<T#XHTNG@po`)_M@b7AIhqK7pIcSgGkT%KX`e4$~7{a
zeCR>C9<}Zsei4~J&1C-9fXB~8R-T8DwoO!FTzZghABRO33$hQA*N&^?_w^!5D}O~?
z>S}n0%!QM;JRH5`;o(0AK~c+*kp7)0E%zrRrF{!epU?P)dh!<^r1Meg?%@|gMCLxP
zqY$};0pe%VjC~9>X`KjV$k4K@)zSmSIcj_n{K$L7b);tQfwQ{;42&l5^bN-5X=;wQ
zR6qN&={e08QnmD7<(XN}fLEX*BI7qAGHwIx9Y5h~pPzJ4TKA)#OXCNbKbe{S0$R6p
zH}gL1ska#7`_Ic{#k4!oC%6J(9C@DzM*N*4Fg2eAZS67Pm$aCh-P~kGOR%V&8_hmr
zBD3<W{!4+EuS^u#In9Glz;bx{t%RZBoI15LQ|Qw9unq}+5!#TR5zMFMxr-QoJV>dF
z)tWJW&RcBjYyHW)MKaPdufo*y3ux=g-_SA`MHl`1Jyb4_(K)aA8sEfxCT=({5t-X4
zLQQ3go$_(nG5vNLLW2Z<NlA+M*))9`qu=|>$!z7ixUe(a*49{*l)A#n<!2b^FS>o*
z`m>QkFvU<k@sf+W+AGjCm<baLMVvc7w@yuI+J>R@?N5f{zkc<C_;=>B*)oUwlcV(>
z_Up_ulC@D$;fk=(Bhc0Pw8P$E^{RpTNVln-8aY$x#0yQTs&7L}_hVepS^{;odFIkG
z4|`7W(<D2Av3sz-&bG^9(o-&xzh}<E-dYitHRMwV>(jSg_0&rd$B(@V<+BRVxUdY$
zD)VCc$~;V&Vt@ZFmiAEkm>PbP6&-OLp@BPKtUDE&%CBA@N<V2Cb*0w~jvspyXOw3{
zU2_GFAD@{e-TtuW1p6M^XSV#{?_heDKFRX;*#}SOjnKOw3ym|c8$GN&4W%~>luo^e
zv+9d+;nGH&`fJXx@IQ?G%j%0`+#Pqp)n+pc&MV;DnMnx`)1S(oKOrBZp*9Z}wbqIB
z47TE&^5S95pNFx3MMKft!E&d_&1M_Sbe7|S>a^DL$Jc!{R2{m9HhpwKd1{NE_9~c}
z?h#sA9Dwe{Rl~Y}hiaS3>8UMRXKA#R>+5m~4%dE!p5_AR9Qo+xP<0SlPu&Zj!rF8@
zyl!5ArTK2I-i6QC4YmJp<#bdQjxoHr)+T`1zU6ovH?IBw9kp2k^)v5k4W?WD^lLg-
zG!z83*S5g#=2-;aGJvtp1{)o<g~NJ&4Q97*`(?Fd(_C#1aTCKV5$dW0C!;OUQ=c!?
zIXc%{Re9zz^)qtf_YB%klbmaiI_)EKee^Uw7CM;zh)^F5B;K}%yZsTauErO`et+nT
zZzyFGtuGFS`)ctsW1SH1cNxCc`(bfqHLhsP<&pWFtf};lvF4d~j4mooxudHwk7uq+
z-b?KdA}&}D*~uOVzopGLx%|aH^8PjyybqGGySnLOT(CaBBqI>HagIpv*Fmt;33yuV
zfeV@6&L-R7VYwRtj>ixia2YvC&M3(AM@)zw-^O6mg$L<;(sj1_YYv5bDc2UH`k*2|
z3Y_c^6s36MZjw9l5?xV{auX%lfhfNlh5R&cgnB8}+UT$D_x<Wg<EQqlbXQMzHT%&f
z%2%y6C&>k6x#8dtycGqv!O4$6Zi+jiZfVrISo~;Xsker1D|zM)8~wGc8&}tDxM{i7
z%-``qOn~#DtU%|(StO6~wBBK6Z?t}cjp4ch->;v!K|LWrblrrkg)j!qBYWgjdvb9P
z23dsbE`QGK&L{QcquJeMnVy_6s=M5qkLxKjWXTB~EUloqq%6smd+JF>+k5mg*rDBJ
ziQbn~WX0{WR1uN;oLVCJX$C<+@+#VsbWa&c5HlF;V%acdl8-80T1@kC#meGbwiu1H
zytF6Z){~<*@0LT4Jc^f!^`Nm^FFLyIK+tU$qHY|-rWhB{jgx>UNB2H0IRa0Sr04sz
zh!dV4|5Y9!vHrJ7$|lL2q<K#oJhAB=5f+B@^mLH(#K&cy=nf{Sm84H4Ht0D?**Q5m
zhzJX%_8<E1afz<Ma-zF3KR1`!=*2+Jy?s19#PQ{~N3nfKd01;H17V={X<S$u1F1_d
zEiFYtTr4JzVP_1~f4FVbeg}!^N@H-gvnBhHIG8k+9XxqFd*g6z4Ah_6r!nSk46Vq|
z%SC;C4T+DJV#@36uo-W&!WHD$5%Z?8BR~Ft6*Z8qM`@$>yW^7-1C7-;prNS}wGDSs
z!A(JFbrcFKZy_Pm6w8;h;vdDvKz*ov`ot0l1>*Q(TL)Jh&*iqHkyvg7${M^7SE!9u
zyIE;VwzK~6c_^_jA`ylz5?^cQm!p})Gwa$T!Qr_gvQh;rb(nV*4zRu+XdI8))@@%v
zVgw|<N8(HE!hAFdVo=-V0k?)<u}F_uFntH>D~bNkdg4n9z!>u>IVbrDN!z33?~Gzs
ziQ`*nAW^Pj@Q{QCp$|No_F<7et5E)XmUv$bzk)IHdMay*W~|Jg=MqQUFiM&bu9-d}
zMl)>mwL=jy2foi`$v=vHa(`FS_)Zr{OcUuOQWA{(Mjd?a!K|3Jk-eJg<kT=GyJxYk
z#FdXPscQYUliRE$;I-dEO|vzs8qEbc<)@kqk|x~V7sB36{2`7-3>6Ex$1C|{>>Vf~
zC}L4mZ-Ot3nMKp~GsV|Cy_WG>R4Ut@+d8wOgKvTA=8Z@zoPp5vSKyg69zi)X5nuQX
zvPzEgJ#K%Lx%D#pS8`p3j6v>Yc9r<LBO4`LXKdQbOq+d~xlMvU=nm7fq1CXnjqin8
zo)di1#-w=!k2&rTGir`Q;;0YJea9TK4SpdkF!nRVru+;e$9d^1ce01P-{iel*j3c`
zWwpUrvznE#@ORcX65A;uj0Hu-bGSlLy{N1)2%gECeSBLdzAI^`c`TWO=48C~UXx8+
zedmd8`fU~bXaCC{3%4*QNXzwiF8?aKs=O)@3+J<AmaS*qw`Lyf$<!;a*6*ln%0pnb
zc5bJzv^NIRSKkFNMrjz2a91;$g@dO*%wM{i_03|bSZrT;NqNevtg6|QS&^U3Wh+YR
zXpRcT>uwG*UZoY9g3hisxQ6dkzb*6`@VcJVmifuk?IeCVI;-h(MW(W}zW&aqyvDBj
zK#sMzZ#%I+&cc`#aMS-S;SKLuu)Y1pqP{YH%c|-!?`%0CgRc&}!(aLtOTTaX!<32r
zQKyfvTrID^FETThgSY#vS%dYr)?XrbKuHcxc3OhZKW1GSOn$KTZJSx=4YfD5dfwOr
zADeXp#$c!}Tl4k%O`P}OuM1zdEd7Yp8<QW*PJiu+b6FcNsctLub5en?<+h;y<RtZu
zPCtd`rH7ID)7B!|S5p6|`La2z@q50X?HuK6ER6M5N3iWqv;K4ik+w*G4TOXk33qK#
zaG`zslYN-_)gQ9IanReHoD=7O%*gAAbUhXsXus#Ezr{~e1I@Nh3ANe#M}+&asFWBJ
zWF_3d4ZYndw9muX7)<u?TA3{&*83AmG6MKT8NMh^@j*tk8PZA0ymJHj*}kYLN)QCt
z?MtGvgXw#ecHN&wth#wl(KRhdzoIlVsDoRUhMI~ra7$9UlEU;VT`w$kr!tSCd#HV`
zZ5{a%N$W}aizK6-M9*p6OGDKoEl1zI`W}L%<b8~!H%S^z5<|Hs(Uk^Ck|pQ!mBCPy
z1w&;Nm}FUkP149wOuRfU3=_wdV6kio1SE+hX<RtzM3zm6Ji>^gVp%+ApGjYh=jYEo
z@Z1AK_W)&sko0p;692U@^xjWblJ0hw?9%ATIkfKSq8gfYg7Z21Y-p}}Bq=%{`kM>V
zzJJa>dnES`+KKxAIs0r-H$651>i_5Lv&ZJ%K^0T~-+s<Mql~mogF5Rm2vGl1_E}d~
zmpC#&S#)h}?cfnM;C~bQj7B!-7&_YtbB>IG$7@4VOB2~0UWdl!3e+_ff!myi+NM-g
zH^rfjcL$uNFhnI;h<DyTZT49=dyX>aI?&P1BV%Ym8)2Tc@an|Oxh4s7j+cpA!kR0o
zCp*Wp?0T_38|*U@*&yt>4#J$H%rjm)Wu8@mVsGT-qn==|;}PtQ!3fVb>1CgNvTN|2
ztB+yoi&fJ3FJb=)X=F%1*nfmM*U{BTm}i9b*HMa=jsi4wWP(eWXB=KIf(x#Q{Z80t
zY6=_fv2Y$2#)0(Sk6%dGAMN7kQYW7)jxh1~1>kjMgUgRaF3%1AC6~q6Df>)rEAy$b
zwj^Vs`0ugLy4hP@!a6bYtX)_lW^dIA;*i(whMOFXUiO*%k1Xb#U!UH*>5IRceMZ<@
zV&+^8xdt3EhP#A0mxvO94?H>N#D1Si*k}LxQv7)&iHfJ1OZ*RVh|o@0XOz8FP8d*y
zWDFUo=?aE#{dqBV%03(WF;lz?jV!PA&K*aq$t)+U8S8!AKQ|5ZQH;6ey(G)mOEJsG
z`^y+N7ezB`v-dYxUVHDc>|VPcKVkl%S{z;M5N4yHGXilH*Cp&TmCwKZ`+TuAojTpi
zdA3!2^tzg&q64U`J%dW_S#WC4qPRjC899d#61=w7!DhCtnc@47nSDl?f0gJI<rCkh
zBZgxv_B&ypol`UY`<!vKlHV5-v81A+;uldv>k(8p9zj{nVH8#zz+KKk<dq&qZrLBm
zDL#zEl&$c*xsZF^=)FOs8xJ!f@A;py&l<@5CsFOLWF)4VQuY~#u+J`z*w{U1r1g5(
zzptK^wyv$2w_C(*+Kqy;?~s_j6v5F7@C}^;?_hb{3ZH|pxaEjR{Wsz>wjwI=d$@Qk
z;u{*s|6{vn@8PHHvpTf2Wg$7skv^L^gnf2aVLy|laIkyc5cZjP4!c;&@5{^F+}_@K
zP*l^f1L=8R;FkYn*xHWou(TYTaY^eHQ%&^=MtTM>CYe}G;N5VY4&RVv2#MJYzmTtB
zY5Pg%<#YcG3s4$A(1iH-8<c&<A?!2N>3g~vXVmY6eI~wNy-YrsmK61MRY#|)sG<27
z(z4dV)pa6F9Y=+^d9hX}CXVQh@@rpxk!9f~v&`D;#aq|RCy5+g=fl-|73`c=;EK*1
zuF8q`hrN4Tf?q^q;&HB&ea0c|v)>o*Wyrj{^Zw_PyY;Fu{w|wr8fx`LybgWj75s*q
zt_pB>9p$Lc{rmkPJ>Rr%zIa(r=Pka4^=z0~E)f_QDMI<g6x-8B<c76-UxGh3FN!{!
zID~z6aP=k@d*R;uu~RG_)~h!p-&W=d1Yu;?jWxo8w!zD4dR$`2_#t6X_jtisOZ_$I
zUQrNf>n(+<(p>J@WA6`(JwfsJu+KPzeRgQYqI+{j+JE#s_~v$tiV_#{ew2c|91FrA
z_^vbl)|b6IM*7P4EvqK6W~!eW+j#cO+fY-V4^`F0Q2A3~SnL(*bCSvk`)t>Od8}UM
zLtopp9N~K?rjZ*>zS5F{q!>Nenk-LFjs9c6K7I9QD8Cqf`sf6lKB)jDm8Cd&RAE@`
zA%eYxFu1fnn!#o*n*aCbleGO%&wW|-wNa?&CL%Ui16pd64W-+Ma;|aaRf98szKWB_
zXG2MO1x_BBJuLPX!M=UwL^gZwG}fTc_h65mS=HsYP|3N4XulIM(w4Ot3T9~;O_etc
zHP6UH`Sb#jn%a7t{&ViI@Js6+>^#8byO`p;_9!iM6h-^}0VgZ@?C?C9-rvi?`qTC+
znsV{Fgf(?Za~&>g{Q$L73x+j+hGJ79<7&CuG$rPuupq}m5F2<1&e!L)`*@CCCTSlm
z*VS3`v9Z>iR&)KYaP8_2m>BKB70ngHx_<|=Dcx?Rzj$4c=YDQ}x+!7<kHE+3OITlf
z`IfZIK<9>93q5W1SHaO@7o2Y>!NO!G*Wkj^Vf}s%WUp_VsrHgFcGouAq{bQ{IZ_kh
zt~+r<f05w&*#$a%W&4%`{U%<v(_1X?wBCh)n`-d))`5xc*EV|R6o>Te=&SEh%LeDa
zoa*m#jGL2WhlBt%gpwUIj{3`mrrMwQx?WzTXnE<w-rrM8&3SBh?G=h9Iv@Mm>8}(9
z*#Cwo-}6X{wu7g`Q7&QP4g3A!QO04Zz4~BWkRHDv#RDn9I*4}p6Tap@z)|lDo`u%@
zWGyv0BdxQth87p+-*GZn!Sl8JKSX()!kth9WD#c6?SLzMOa0YPm3`)X?YoP~;l}*p
z%mCykI3X>>010I0PPE%`L^%JBaHqqFbUBK6A2p<f8zVp29YvXeNC>^kcQN_*Klb&8
zNAbU;kE`*<L(zn_RhaHe*k{p%eHM)3RBsd#hF@XwO%xHvSy@g9VRA*IFvAbgzGrJ)
zuWfv$*k|qr8>ahOZL_)Ur%{_n*k_!)2r=Hu!dNi_EuYM>82|INzSi4qJPg)9lk78h
z<BcqrYa2KC+Wc%5<nnt=kn7<rl4k|G9*Oa@`^C)V+NKTe#+wFxzDus_|58rZO~_iv
zGt53)D#k~6Zaq242;OeQB$Ke)MySY&>&JDoycm;u*k_BW1d*HG%?e}mu+JDh>@#K$
z`)pJXn~bo~#O$+iJ!~`Cd#p2Y{XN#1goXB;eMYaw^W%Th1B8|FoPCx}*=J!-mwiT<
zXoP__<h6{4ovoC8BhCCGWy-vhW}l@$tj>p#r}iJjKC2*K1s1c<#yv^)SvLz$!akFK
zl@&_X5yEFpVn@u8XGMNEo&6ZuXI<pWs)T(;zDnBIOxb6JWW7I~u+Io1r!t6q>C6g>
zi`lUc<J+OgQvcH@Fa5$I{kkRnDra+B8R}Zd7cHA&2>Z+r2?d7u@;|IQpYC{E>@&JX
z-$lM`*GyuA<ZGs#xrBWdi}F@4gqLeT@gy_*gWp(>WgkNK_$BN!5}PDnm24IylK7Gj
ze7JvM!9`a7G^ueDc9ocMM)DU3%c=Ko%AxrBK{C|-J@#2CVV|X<Q5XRK#=r217At@1
zW>)W>&L5K5@BW@7b6hK2#^hqy2w%0h7ekK3$XNXmIAYh&QS3J*%(w^H>96jc(d<fr
zn0;17qHH;6K{zrRw6VyM$$4*WHyg>miNX4fFw3m-#;0f2eBV-9tHiHvutr_8Khi6d
zI`5VnG?@p;`u$}i^Yt<eyx!dx$Gc<MRRS^dj<V0<k=}3>E7h5~@006I7<bHo2F7?D
zZ}#~+^|P8<JKRNO^`{V)J_FwI<KdI=20T(`AnxuS#1$Op+Xu~0-hNVMdtVy^mAlzz
z)nx2hgnj0OHAk3P^A0jM(>~SJj0t9btgH2He|EKWC?UOeExgjFq?w10IpG*OdWN?5
zn5kxNWA_?+kM(y5nk5R1*#a%I5AP_hXMZ=4P3g97_8AAIHU3z)j+MChFte9A5}v|b
zo0Rnqr={a0GAb9tIbo!iZ71V3N&gfw7ZXVe1Y@L$^IQ5pfg54(zE!a4KjR!0u3)_)
zksBzd?5pzXI1si}3}L_B$KLRdWjfV2>GA7Z%Hf*2KBKB}(!cuCMXvjZvpS=lPoA5F
zU3)*uUbJXv_v_Tx+0}EWv7?qOVEt{qFFBi;-`W-{s;Mu6Q`p|K-tGS$a82{%Ihh|$
zDJx*d?zxSN7P8LthgG_M+P{eXsq7`vb@ZIFzfxjGXY+W4<O`VrxZ=O&gT69-%f~fF
zyz|$oY4~Q_B>v(B!)Bko8RjQ<r@qb+$?=v*3fcH^UweJaW`>L9em^-GhmS4i50`yL
z*?&%EOt<9tuey?B_aoACrBYveeam*{8}?b*{sukWgRR45pAq|`jWk(DL;SYXrpBot
z+VjU4QrG|WC%-#hPJ6-w{dI9pb8GQG!9FwAU{1VrdS*a!l(8r&h%n3Sf3aXl?JtlX
zzrX!2<}ra6MRDP_!d?IO&$7>)uI^6FjdwssqzR(jjz@;r|9aHlT+BY38e+HSNF-sO
zrAJ*yc7g-!uI@_taz6W8X>7wir;M^-!age{?6Z;#f80%Q7PHSXZkr)H@dirB{ZW=3
zA_%tGpZGZ0XC9hM-BKm&GftYQt}<K1$qnmF4K=Lv)LP}Cvwg&u!yW5D{VBt&hiN8e
zpPB4<!PsQyizf_sjND-O^HX4-%_S=!+sBF7XXJZ3U{UtjNXkA7$0RBC8D*deNS$cZ
M-`Qsm^M9uOKm6?EwEzGB
literal 0
HcmV?d00001
--
GitLab
From d52134373594ff76614fb415125b0d1c723ddd56 Mon Sep 17 00:00:00 2001
From: Benjamin Gilbert <bgilbert@backtick.net>
Date: Tue, 30 Apr 2024 07:13:37 -0500
Subject: [PATCH 2/3] ANI: Reject files with multiple INAM or IART chunks
There should be at most one chunk each. These would cause memory leaks
otherwise.
---
gdk-pixbuf/io-ani.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
index a78ea7ace4..8e8414117c 100644
--- a/gdk-pixbuf/io-ani.c
+++ b/gdk-pixbuf/io-ani.c
@@ -445,7 +445,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
}
else if (context->chunk_id == TAG_INAM)
{
- if (!context->animation)
+ if (!context->animation || context->title)
{
g_set_error_literal (error,
GDK_PIXBUF_ERROR,
@@ -472,7 +472,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
}
else if (context->chunk_id == TAG_IART)
{
- if (!context->animation)
+ if (!context->animation || context->author)
{
g_set_error_literal (error,
GDK_PIXBUF_ERROR,
--
GitLab
From 91b8aa5cd8a0eea28acb51f0e121827ca2e7eb78 Mon Sep 17 00:00:00 2001
From: Benjamin Gilbert <bgilbert@backtick.net>
Date: Tue, 30 Apr 2024 08:17:25 -0500
Subject: [PATCH 3/3] ANI: Validate anih chunk size
Before reading a chunk, we verify that enough bytes are available to match
the chunk size declared by the file. However, uniquely, the anih chunk
loader doesn't verify that this size matches the number of bytes it
actually intends to read. Thus, if the chunk size is too small and the
file ends in the middle of the chunk, we populate some context fields with
stack garbage. (But we'd still fail later on because the file doesn't
contain any images.) Fix this.
---
gdk-pixbuf/io-ani.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
index 8e8414117c..cfafd7b196 100644
--- a/gdk-pixbuf/io-ani.c
+++ b/gdk-pixbuf/io-ani.c
@@ -295,6 +295,14 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
if (context->chunk_id == TAG_anih)
{
+ if (context->chunk_size < 36)
+ {
+ g_set_error_literal (error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+ _("Malformed chunk in animation"));
+ return FALSE;
+ }
if (context->animation)
{
g_set_error_literal (error,
--
GitLab

View File

@ -1,11 +0,0 @@
--- a/configure.ac 2015-08-19 02:48:05.000000000 +0200
+++ b/configure.ac 2015-08-19 02:48:05.000000000 +0200
@@ -872,7 +872,7 @@
AC_MSG_CHECKING(for x86 platform)
case $host_cpu in
i386|i486|i586|i686|i786|k6|k7)
- use_x86_asm=yes
+ use_x86_asm=no
;;
*)
use_x86_asm=no

View File

@ -0,0 +1,61 @@
From 6976bdc8ee9dd2c2954f91066f7b0f643769a379 Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Thu, 3 Jun 2021 11:05:56 +1200
Subject: [PATCH] gif: Check for overflow when compositing or clearing frames.
Fixes: #190
Similar to fix in 086e8adf4cc352cd11572f96066b001b545f354e
---
gdk-pixbuf/io-gif-animation.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
index 8335cdd76..71d9265e6 100644
--- a/gdk-pixbuf/io-gif-animation.c
+++ b/gdk-pixbuf/io-gif-animation.c
@@ -369,7 +369,7 @@ composite_frame (GdkPixbufGifAnim *anim, GdkPixbufFrame *frame)
for (i = 0; i < n_indexes; i++) {
guint8 index = index_buffer[i];
guint x, y;
- int offset;
+ gsize offset;
if (index == frame->transparent_index)
continue;
@@ -379,11 +379,13 @@ composite_frame (GdkPixbufGifAnim *anim, GdkPixbufFrame *frame)
if (x >= anim->width || y >= anim->height)
continue;
- offset = y * gdk_pixbuf_get_rowstride (anim->last_frame_data) + x * 4;
- pixels[offset + 0] = frame->color_map[index * 3 + 0];
- pixels[offset + 1] = frame->color_map[index * 3 + 1];
- pixels[offset + 2] = frame->color_map[index * 3 + 2];
- pixels[offset + 3] = 255;
+ if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
+ g_size_checked_add (&offset, offset, x * 4)) {
+ pixels[offset + 0] = frame->color_map[index * 3 + 0];
+ pixels[offset + 1] = frame->color_map[index * 3 + 1];
+ pixels[offset + 2] = frame->color_map[index * 3 + 2];
+ pixels[offset + 3] = 255;
+ }
}
out:
@@ -448,8 +450,11 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
x_end = MIN (anim->last_frame->x_offset + anim->last_frame->width, anim->width);
y_end = MIN (anim->last_frame->y_offset + anim->last_frame->height, anim->height);
for (y = anim->last_frame->y_offset; y < y_end; y++) {
- guchar *line = pixels + y * gdk_pixbuf_get_rowstride (anim->last_frame_data) + anim->last_frame->x_offset * 4;
- memset (line, 0, (x_end - anim->last_frame->x_offset) * 4);
+ gsize offset;
+ if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
+ g_size_checked_add (&offset, offset, anim->last_frame->x_offset * 4)) {
+ memset (pixels + offset, 0, (x_end - anim->last_frame->x_offset) * 4);
+ }
}
break;
case GDK_PIXBUF_FRAME_REVERT:
--
GitLab

View File

@ -0,0 +1,224 @@
From 76eda67dbc3f48c9dd6815a5aaf6014ea4a16771 Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Wed, 2 Feb 2022 12:36:08 +1300
Subject: [PATCH 1/4] Fix test GIF that was broken in the LZW code size, not
the values of the pixels
---
.../test-images/gif-test-suite/invalid-colors.gif | Bin 37 -> 35 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/tests/test-images/gif-test-suite/invalid-colors.gif b/tests/test-images/gif-test-suite/invalid-colors.gif
index c3111525ac2d977a0dbedf917f2beae610b614f8..6c3a7240e6ba58c344051351eb3581887fa314c7 100644
GIT binary patch
delta 11
ScmY#Yo*>J{%%s7|U=08YGy!b@
delta 13
UcmY#ZogmA>!}4E&fr-Hy01|-$Y5)KL
--
GitLab
From 0cf97225c9c227d11fc4ddf9cba8e8480672ee1b Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Wed, 2 Feb 2022 12:38:45 +1300
Subject: [PATCH 2/4] Add an assertion that checks for maximum LZW code size
---
gdk-pixbuf/lzw.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
index 105daf2b1..15293560b 100644
--- a/gdk-pixbuf/lzw.c
+++ b/gdk-pixbuf/lzw.c
@@ -121,6 +121,8 @@ lzw_decoder_new (guint8 code_size)
LZWDecoder *self;
int i;
+ g_return_val_if_fail (code_size <= LZW_CODE_MAX, NULL);
+
self = g_object_new (lzw_decoder_get_type (), NULL);
self->min_code_size = code_size;
--
GitLab
From 19ebba03117aefc9d0312f675f3a210ffdcc4907 Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Wed, 2 Feb 2022 14:03:13 +1300
Subject: [PATCH 3/4] Fix the check for maximum value of LZW initial code size.
This value is the number of bits for each symbol (i.e. colour index) decoded via LZW.
The maximum LZW code is specified as 12 bits, so the value here can only be 11 as two additional code words are required (clear and end of information) that immediately uses an additional bit.
This implementation has always been wrong, and the Firefox implementation has the same issue so it seems a common misinterpretation of the spec.
This has been changed here to avoid an assertion later in the LZW decoder.
Note that there is never any reason for a GIF to be encoded with more than 8 bits of colour information, as the colour tables only support up to 8 bits.
---
gdk-pixbuf/io-gif.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
index 1befba155..310bdff6a 100644
--- a/gdk-pixbuf/io-gif.c
+++ b/gdk-pixbuf/io-gif.c
@@ -499,8 +499,8 @@ gif_prepare_lzw (GifContext *context)
/*g_message (_("GIF: EOF / read error on image data\n"));*/
return -1;
}
-
- if (context->lzw_set_code_size > 12) {
+
+ if (context->lzw_set_code_size >= 12) {
g_set_error_literal (context->error,
GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
--
GitLab
From 449441210921c8ed417b0c4d5edbccd2d57e23f8 Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Wed, 2 Feb 2022 14:19:06 +1300
Subject: [PATCH 4/4] Add tests for GIF files with invalid LZW code sizes
---
tests/test-images/fail/overflow-codes-max.gif | Bin 0 -> 65 bytes
tests/test-images/fail/overflow-codes.gif | Bin 0 -> 35 bytes
tests/test-images/gif-test-suite/TESTS | 2 ++
tests/test-images/gif-test-suite/invalid-code.conf | 11 +++++++++++
tests/test-images/gif-test-suite/invalid-code.gif | Bin 0 -> 35 bytes
.../gif-test-suite/overflow-codes-max.conf | 11 +++++++++++
.../gif-test-suite/overflow-codes-max.gif | Bin 0 -> 65 bytes
.../test-images/gif-test-suite/overflow-codes.conf | 11 +++++++++++
.../test-images/gif-test-suite/overflow-codes.gif | Bin 0 -> 35 bytes
9 files changed, 35 insertions(+)
create mode 100644 tests/test-images/fail/overflow-codes-max.gif
create mode 100644 tests/test-images/fail/overflow-codes.gif
create mode 100644 tests/test-images/gif-test-suite/invalid-code.conf
create mode 100644 tests/test-images/gif-test-suite/invalid-code.gif
create mode 100644 tests/test-images/gif-test-suite/overflow-codes-max.conf
create mode 100644 tests/test-images/gif-test-suite/overflow-codes-max.gif
create mode 100644 tests/test-images/gif-test-suite/overflow-codes.conf
create mode 100644 tests/test-images/gif-test-suite/overflow-codes.gif
diff --git a/tests/test-images/fail/overflow-codes-max.gif b/tests/test-images/fail/overflow-codes-max.gif
new file mode 100644
index 0000000000000000000000000000000000000000..3d507ca7daa790c9370e69a2ab277f55d749a013
GIT binary patch
literal 65
ncmZ?wbhEHbWMW`q_`m=H|NsBj0ns24hW`ozAU1Bm$Y2csUc3i2
literal 0
HcmV?d00001
diff --git a/tests/test-images/fail/overflow-codes.gif b/tests/test-images/fail/overflow-codes.gif
new file mode 100644
index 0000000000000000000000000000000000000000..c38053872ae2e3378ff6fb8f3eaff839fa5d35ed
GIT binary patch
literal 35
jcmZ?wbhEHbWMW`q_`m=H|NsBj0ns241|B8>Mh0sDhc^Z!
literal 0
HcmV?d00001
diff --git a/tests/test-images/gif-test-suite/TESTS b/tests/test-images/gif-test-suite/TESTS
index 1d4a3f13f..bc573acf4 100644
--- a/tests/test-images/gif-test-suite/TESTS
+++ b/tests/test-images/gif-test-suite/TESTS
@@ -44,6 +44,8 @@ max-height
255-codes
large-codes
max-codes
+#overflow-codes
+#overflow-codes-max
transparent
invalid-transparent
disabled-transparent
diff --git a/tests/test-images/gif-test-suite/invalid-code.conf b/tests/test-images/gif-test-suite/invalid-code.conf
new file mode 100644
index 000000000..3bf287b4e
--- /dev/null
+++ b/tests/test-images/gif-test-suite/invalid-code.conf
@@ -0,0 +1,11 @@
+# Automatically generated, do not edit!
+[config]
+input = invalid-code.gif
+version = GIF89a
+width = 2
+height = 2
+background = #000000
+loop-count = 0
+force-animation = no
+frames =
+
diff --git a/tests/test-images/gif-test-suite/invalid-code.gif b/tests/test-images/gif-test-suite/invalid-code.gif
new file mode 100644
index 0000000000000000000000000000000000000000..7d929c9431c0c5b7cd53f636f7711d47385f88b2
GIT binary patch
literal 35
jcmZ?wbhEHbWMW`q_`m=H|NsBj0ns241}3Ke{~4?Sjj;#^
literal 0
HcmV?d00001
diff --git a/tests/test-images/gif-test-suite/overflow-codes-max.conf b/tests/test-images/gif-test-suite/overflow-codes-max.conf
new file mode 100644
index 000000000..f6d3f38d8
--- /dev/null
+++ b/tests/test-images/gif-test-suite/overflow-codes-max.conf
@@ -0,0 +1,11 @@
+# Automatically generated, do not edit!
+[config]
+input = overflow-codes-max.gif
+version = GIF89a
+width = 2
+height = 2
+background = #000000
+loop-count = 0
+force-animation = no
+frames =
+
diff --git a/tests/test-images/gif-test-suite/overflow-codes-max.gif b/tests/test-images/gif-test-suite/overflow-codes-max.gif
new file mode 100644
index 0000000000000000000000000000000000000000..3d507ca7daa790c9370e69a2ab277f55d749a013
GIT binary patch
literal 65
ncmZ?wbhEHbWMW`q_`m=H|NsBj0ns24hW`ozAU1Bm$Y2csUc3i2
literal 0
HcmV?d00001
diff --git a/tests/test-images/gif-test-suite/overflow-codes.conf b/tests/test-images/gif-test-suite/overflow-codes.conf
new file mode 100644
index 000000000..19f57fa74
--- /dev/null
+++ b/tests/test-images/gif-test-suite/overflow-codes.conf
@@ -0,0 +1,11 @@
+# Automatically generated, do not edit!
+[config]
+input = overflow-codes.gif
+version = GIF89a
+width = 2
+height = 2
+background = #000000
+loop-count = 0
+force-animation = no
+frames =
+
diff --git a/tests/test-images/gif-test-suite/overflow-codes.gif b/tests/test-images/gif-test-suite/overflow-codes.gif
new file mode 100644
index 0000000000000000000000000000000000000000..c38053872ae2e3378ff6fb8f3eaff839fa5d35ed
GIT binary patch
literal 35
jcmZ?wbhEHbWMW`q_`m=H|NsBj0ns241|B8>Mh0sDhc^Z!
literal 0
HcmV?d00001
--
GitLab

View File

@ -1,47 +1,34 @@
%global glib2_version 2.48.0
%global glib2_version 2.56.0
Name: gdk-pixbuf2
Version: 2.36.12
Release: 7%{?dist}
Version: 2.42.6
Release: 3%{?dist}
Summary: An image loading library
License: LGPLv2+
URL: http://www.gtk.org
#VCS: git:git://git.gnome.org/gdk-pixbuf
Source0: http://download.gnome.org/sources/gdk-pixbuf/2.36/gdk-pixbuf-%{version}.tar.xz
Source1: bug753605-atsize.jpg
URL: https://gitlab.gnome.org/GNOME/gdk-pixbuf
Source0: https://download.gnome.org/sources/gdk-pixbuf/2.42/gdk-pixbuf-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=1630565
Patch0: Turn-off-mmx-support.diff
# https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/172
Patch1: CVE-2022-48622.patch
Patch2: 0001-jpeg-Be-more-careful-with-chunked-icc-data.patch
Patch0: gif-check-for-overflow.patch
Patch1: gif-lzw-code-size-overflow.patch
BuildRequires: docbook-style-xsl
BuildRequires: gettext
BuildRequires: git
BuildRequires: pkgconfig(gio-2.0) >= %{glib2_version}
BuildRequires: libpng-devel
BuildRequires: libjpeg-devel
BuildRequires: libtiff-devel
BuildRequires: jasper-devel
BuildRequires: pkgconfig(x11)
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.3
BuildRequires: libxslt
BuildRequires: meson
BuildRequires: pkgconfig(gobject-introspection-1.0)
# gdk-pixbuf does a configure time check which uses the GIO mime
# layer; we need to actually have the mime type database.
BuildRequires: shared-mime-info
BuildRequires: git
Requires: glib2%{?_isa} >= %{glib2_version}
# We also need MIME information at runtime
Requires: shared-mime-info
# Bootstrap requirements
BuildRequires: autoconf automake libtool gtk-doc
BuildRequires: gettext-autopoint
# gdk-pixbuf was included in gtk2 until 2.21.2
Conflicts: gtk2 <= 2.21.2
# We need rpm with file triggers support
Conflicts: rpm < 4.12.90
%description
gdk-pixbuf is an image loading library that can be extended by loadable
@ -49,41 +36,21 @@ modules for new image formats. It is used by toolkits such as GTK+ or
clutter.
%package modules
Summary: Additional image modules for gdk-pixbuf
Summary: Additional image modules for gdk-pixbuf2
Requires: %{name}%{?_isa} = %{version}-%{release}
%description modules
This package contains the additional modules that are needed to load various
image formats such as ICO and JPEG.
%package xlib
Summary: Additional library for using gdk-pixbuf with bare xlib
Requires: %{name}%{?_isa} = %{version}-%{release}
%description xlib
This package contains the old libgdk-pixbuf-xlib library that is needed by some
programs to load GdkPixbuf using bare XLib calls.
%package xlib-devel
Summary: Development files for gdk-pixbuf-xlib
Requires: %{name}-xlib%{?_isa} = %{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
%description xlib-devel
This package contains the libraries and header files that are needed
for writing applications that are using gdk-pixbuf-xlib.
%package devel
Summary: Development files for gdk-pixbuf
Summary: Development files for gdk-pixbuf2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: glib2-devel%{?_isa} >= %{glib2_version}
# gdk-pixbuf was included in gtk2 until 2.21.2
Conflicts: gtk2-devel <= 2.21.2
%description devel
This package contains the libraries and header files that are needed
for writing applications that are using gdk-pixbuf.
for writing applications that are using gdk-pixbuf2.
%package tests
Summary: Tests for the %{name} package
@ -93,29 +60,20 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
The %{name}-tests package contains tests that can be used to verify
the functionality of the installed %{name} package.
%prep
%autosetup -n gdk-pixbuf-%{version} -p1 -Sgit
%build
autoreconf -fi
%configure \
--with-x11 \
--with-libjasper \
--with-included-loaders=png \
--enable-installed-tests \
--disable-silent-rules
make %{?_smp_mflags}
%meson \
-Dgtk_doc=false \
-Dman=true \
%{nil}
%global _smp_mflags -j1
%meson_build
%install
%make_install RUN_QUERY_LOADER_TEST=false
cp -a ${RPM_SOURCE_DIR}/bug753605-atsize.jpg $RPM_BUILD_ROOT%{_libexecdir}/installed-tests/gdk-pixbuf
# Remove unpackaged files
rm $RPM_BUILD_ROOT%{_libdir}/*.la
rm $RPM_BUILD_ROOT%{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders/*.la
%meson_install
touch $RPM_BUILD_ROOT%{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders.cache
@ -125,16 +83,6 @@ touch $RPM_BUILD_ROOT%{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders.cache
%find_lang gdk-pixbuf
%post
/sbin/ldconfig
%postun
/sbin/ldconfig
%post xlib -p /sbin/ldconfig
%postun xlib -p /sbin/ldconfig
%transfiletriggerin -- %{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders
gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
@ -143,7 +91,7 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
%files -f gdk-pixbuf.lang
%license COPYING
%doc AUTHORS NEWS
%doc NEWS
%{_libdir}/libgdk_pixbuf-2.0.so.*
%{_libdir}/girepository-1.0
%dir %{_libdir}/gdk-pixbuf-2.0
@ -158,14 +106,6 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
%files modules
%{_libdir}/gdk-pixbuf-2.0/2.10.0/loaders/*.so
%files xlib
%{_libdir}/libgdk_pixbuf_xlib-2.0.so.*
%files xlib-devel
%{_includedir}/gdk-pixbuf-2.0/gdk-pixbuf-xlib
%{_libdir}/libgdk_pixbuf_xlib-2.0.so
%{_libdir}/pkgconfig/gdk-pixbuf-xlib-2.0.pc
%files devel
%dir %{_includedir}/gdk-pixbuf-2.0
%{_includedir}/gdk-pixbuf-2.0/gdk-pixbuf
@ -173,40 +113,90 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
%{_libdir}/pkgconfig/gdk-pixbuf-2.0.pc
%{_bindir}/gdk-pixbuf-csource
%{_bindir}/gdk-pixbuf-pixdata
%{_datadir}/gir-1.0
%{_datadir}/gtk-doc/html/*
%{_datadir}/gir-1.0/
%{_mandir}/man1/gdk-pixbuf-csource.1*
%files tests
%{_libexecdir}/installed-tests
%{_datadir}/installed-tests
%changelog
* Fri Jul 18 2025 Matthias Clasen <mclasen@redhat.com> - 2.36.12-7
- Backport fixes for CVE-2025-7345
- Resolves: RHEL-102346
* Mon Oct 31 2022 Tomas Popela <tpopela@redhat.com> - 2.42.6-3
- Backport fixes for CVE-2021-46829 and CVE-2021-44648
- Resolves: rhbz#2115213
- Resolves: rhbz#2044346
* Wed May 15 2024 Tomas Popela <tpopela@redhat.com> - 2.36.12-6
- Backport fixes for CVE-2022-48622
- Apply patches with git to enable binary patching
- Resolves: RHEL-30478
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.42.6-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Aug 29 2019 Benjamin Otte <otte@gnome.org> - 2.36.12-5
- Disable mmx support
Resolves: #1630565
* Fri May 14 2021 Kalev Lember <klember@redhat.com> - 2.42.6-1
- Update to 2.42.6
- Use upstream defaults (png and jpeg) for builtin loaders
* Fri Dec 14 2018 Ray Strode <rstrode@redhat.com> - 2.36.12-4
- Install missing test image
Related: #1625683
- Fix up tests.yml
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.42.4-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Dec 14 2018 Ray Strode <rstrode@redhat.com> - 2.36.12-3
- rebuild
* Tue Mar 23 2021 Kalev Lember <klember@redhat.com> - 2.42.4-2
- Rebuild
* Mon Dec 10 2018 Josh Boyer <jwboyer@redhat.com> - 2.36.12-2
- Rebuild for CET note fixes
Resolves: #1657310
* Tue Mar 23 2021 Kalev Lember <klember@redhat.com> - 2.42.4-1
- Update to 2.42.4
- Disable gtk-doc support as we don't have gi-docgen in Fedora yet
* Fri Feb 19 2021 Kalev Lember <klember@redhat.com> - 2.42.2-2
- Avoid using deprecated meson options
- Fix gtk-doc directory ownership
* Fri Feb 19 2021 Kalev Lember <klember@redhat.com> - 2.42.2-1
- Update to 2.42.2
- Split out gdk-pixbuf2-xlib to separate source package
- Update upstream URLs
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.40.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.40.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.40.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Oct 08 2019 Kalev Lember <klember@redhat.com> - 2.40.0-1
- Update to 2.40.0
* Mon Aug 19 2019 Kalev Lember <klember@redhat.com> - 2.39.2-1
- Update to 2.39.2
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.38.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Feb 28 2019 Kalev Lember <klember@redhat.com> - 2.38.1-1
- Update to 2.38.1
* Tue Feb 12 2019 Kalev Lember <klember@redhat.com> - 2.38.0-6
- Backport a patch to fix perl-Gtk3 build (#1676474)
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.38.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Sep 10 2018 Kalev Lember <klember@redhat.com> - 2.38.0-4
- Disable parallel make to work around thumbnailer generation issue (#1626835)
* Mon Sep 10 2018 Kalev Lember <klember@redhat.com> - 2.38.0-3
- Rebuilt to pick up all thumbnailers (#1626835)
* Fri Sep 07 2018 Kalev Lember <klember@redhat.com> - 2.38.0-2
- Rebuilt against fixed atk (#1626575)
* Thu Sep 06 2018 Kalev Lember <klember@redhat.com> - 2.38.0-1
- Update to 2.38.0
- Switch to the meson build system
- Remove ancient conflicts
- Remove ldconfig scriptlets
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.36.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Apr 08 2018 Kalev Lember <klember@redhat.com> - 2.36.12-1
- Update to 2.36.12