diff --git a/gdk-pixbuf-2.34.0.tar.xz b/gdk-pixbuf-2.34.0.tar.xz deleted file mode 100644 index 9a095b4..0000000 --- a/gdk-pixbuf-2.34.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d55e5b383ee219bd0e23bf6ed4427d56a7db5379729a6e3e0a0e0eba9a8d8879 -size 2709320 diff --git a/gdk-pixbuf-2.36.0.tar.xz b/gdk-pixbuf-2.36.0.tar.xz new file mode 100644 index 0000000..145a49f --- /dev/null +++ b/gdk-pixbuf-2.36.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:85ab52ce9f2c26327141b3dcf21cca3da6a3f8de84b95fa1e727d8871a23245c +size 2718648 diff --git a/gdk-pixbuf-bgo768484-ico-set-errors.patch b/gdk-pixbuf-bgo768484-ico-set-errors.patch deleted file mode 100644 index 2eca03a..0000000 --- a/gdk-pixbuf-bgo768484-ico-set-errors.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0cff83e985fba5350695c00ed1ac30fc31ec5960 Mon Sep 17 00:00:00 2001 -From: Hanno Boeck -Date: Wed, 6 Jul 2016 13:05:00 +0000 -Subject: [PATCH] ico: Always set errors - -When the ico header turn out to be bad, always set an -error when we fail. Otherwise, applications will get -confused. - -This commit also adds an example image with a bad ico header. - -https://bugzilla.gnome.org/show_bug.cgi?id=768484 ---- - gdk-pixbuf/io-ico.c | 14 ++++++++++++-- - tests/test-images/randomly-modified/bad-header.ico | Bin 0 -> 6 bytes - 2 files changed, 12 insertions(+), 2 deletions(-) - create mode 100644 tests/test-images/randomly-modified/bad-header.ico - -diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c -index 86714af..82d3e4e 100644 ---- a/gdk-pixbuf/io-ico.c -+++ b/gdk-pixbuf/io-ico.c -@@ -258,8 +258,13 @@ static void DecodeHeader(guchar *Data, gint Bytes, - State->HeaderBuf = tmp; - State->BytesInHeaderBuf = State->HeaderSize; - } -- if (Bytes < State->HeaderSize) -+ if (Bytes < State->HeaderSize) { -+ g_set_error_literal (error, -+ GDK_PIXBUF_ERROR, -+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -+ _("Not enough bytes for header")); - return; -+ } - - /* Now iterate through the ICONDIRENTRY structures, and sort them by - * which one we think is "best" (essentially the largest) */ -@@ -399,8 +404,13 @@ static void DecodeHeader(guchar *Data, gint Bytes, - State->HeaderBuf = tmp; - State->BytesInHeaderBuf = State->HeaderSize; - } -- if (Bytes < State->HeaderSize) -+ if (Bytes < State->HeaderSize) { -+ g_set_error_literal (error, -+ GDK_PIXBUF_ERROR, -+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -+ _("Not enough bytes for header")); - return; -+ } - - /* Negative heights mean top-down pixel-order */ - if (State->Header.height < 0) { diff --git a/gdk-pixbuf-bgo768688-bmp-overflow.patch b/gdk-pixbuf-bgo768688-bmp-overflow.patch deleted file mode 100644 index fabb833..0000000 --- a/gdk-pixbuf-bgo768688-bmp-overflow.patch +++ /dev/null @@ -1,56 +0,0 @@ -From b69009f2a2de151103ed87e9594615ba0fe72daf Mon Sep 17 00:00:00 2001 -From: Tobias Mueller -Date: Mon, 11 Jul 2016 17:01:00 +0000 -Subject: [PATCH] bmp: Fix an integer overflow in DecodeColormap - -Return an error if n_colors * samples overflows. - -This commit also adds a reproducer that will cause -pixbuf-randomly-modified to crash in the absence of -the patch. - -https://bugzilla.gnome.org/show_bug.cgi?id=768688 ---- - gdk-pixbuf/io-bmp.c | 15 ++++++++++++--- - tests/test-images/randomly-modified/decodecolormap.bmp | Bin 0 -> 118 bytes - 2 files changed, 12 insertions(+), 3 deletions(-) - create mode 100644 tests/test-images/randomly-modified/decodecolormap.bmp - -diff --git a/gdk-pixbuf/io-bmp.c b/gdk-pixbuf/io-bmp.c -index f412997..748ebae 100644 ---- a/gdk-pixbuf/io-bmp.c -+++ b/gdk-pixbuf/io-bmp.c -@@ -518,12 +518,16 @@ static gboolean DecodeColormap (guchar *buff, - { - gint i; - gint samples; -+ guint newbuffersize; - - g_assert (State->read_state == READ_STATE_PALETTE); - - samples = (State->Header.size == 12 ? 3 : 4); -- if (State->BufferSize < State->Header.n_colors * samples) { -- State->BufferSize = State->Header.n_colors * samples; -+ newbuffersize = State->Header.n_colors * samples; -+ if (newbuffersize / samples != State->Header.n_colors) /* Integer overflow check */ -+ return FALSE; -+ if (State->BufferSize < newbuffersize) { -+ State->BufferSize = newbuffersize; - if (!grow_buffer (State, error)) - return FALSE; - return TRUE; -@@ -1247,8 +1251,13 @@ gdk_pixbuf__bmp_image_load_increment(gpointer data, - break; - - case READ_STATE_PALETTE: -- if (!DecodeColormap (context->buff, context, error)) -+ if (!DecodeColormap (context->buff, context, error)) { -+ g_set_error (error, -+ GDK_PIXBUF_ERROR, -+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -+ _("Error while decoding colormap")); - return FALSE; -+ } - break; - - case READ_STATE_BITMASKS: diff --git a/gdk-pixbuf-bgo769170-ico-headers.patch b/gdk-pixbuf-bgo769170-ico-headers.patch deleted file mode 100644 index 36f4d14..0000000 --- a/gdk-pixbuf-bgo769170-ico-headers.patch +++ /dev/null @@ -1,213 +0,0 @@ -From 88af50a864195da1a4f7bda5f02539704fbda599 Mon Sep 17 00:00:00 2001 -From: Matthias Clasen -Date: Wed, 3 Aug 2016 12:40:48 -0400 -Subject: [PATCH] ico: Be more careful when parsing headers - -There is some redundancy between the ico directory and the -bitmap image header. If the two disagree on the icon dimensions, -just toss the image, instead of risking crashes or OOM later. Also -add some more debug spew that helped in tracking this down, and -make error messages more unique. - -The commit also includes a test image that has an example of -this discrepancy and triggers the early exit. - -https://bugzilla.gnome.org/show_bug.cgi?id=769170 - -Backported by Mike Gorse ---- -diff -urp gdk-pixbuf-2.34.0.orig/gdk-pixbuf/io-ico.c gdk-pixbuf-2.34.0/gdk-pixbuf/io-ico.c ---- gdk-pixbuf-2.34.0.orig/gdk-pixbuf/io-ico.c 2016-08-30 13:57:44.715146613 -0500 -+++ gdk-pixbuf-2.34.0/gdk-pixbuf/io-ico.c 2016-08-30 15:17:40.887044723 -0500 -@@ -23,6 +23,8 @@ - */ - - #undef DUMPBIH -+#define DEBUG(s) -+ - /* - - Icons are just like BMP's, except for the header. -@@ -75,14 +77,14 @@ struct BitmapInfoHeader { - }; - - #ifdef DUMPBIH --/* -+/* - - DumpBIH printf's the values in a BitmapInfoHeader to the screen, for - debugging purposes. - - */ - static void DumpBIH(unsigned char *BIH) --{ -+{ - printf("biSize = %i \n", - (int)(BIH[3] << 24) + (BIH[2] << 16) + (BIH[1] << 8) + (BIH[0])); - printf("biWidth = %i \n", -@@ -125,6 +127,8 @@ struct headerpair { - /* Score the various parts of the icon */ - struct ico_direntry_data { - gint ImageScore; -+ gint width; -+ gint height; - gint DIBoffset; - gint x_hot; - gint y_hot; -@@ -241,11 +245,12 @@ static void DecodeHeader(guchar *Data, g - return; - } - -- - IconCount = (Data[5] << 8) + (Data[4]); - - State->HeaderSize = 6 + IconCount*16; - -+ DEBUG(g_print ("Image type: %d (%s)\nImage count: %d\n", imgtype, imgtype == 2 ? "cursor" : "icon", IconCount)); -+ - if (State->HeaderSize>State->BytesInHeaderBuf) { - guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize); - if (!tmp) { -@@ -259,10 +264,6 @@ static void DecodeHeader(guchar *Data, g - State->BytesInHeaderBuf = State->HeaderSize; - } - if (Bytes < State->HeaderSize) { -- g_set_error_literal (error, -- GDK_PIXBUF_ERROR, -- GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -- _("Not enough bytes for header")); - return; - } - -@@ -272,17 +273,37 @@ static void DecodeHeader(guchar *Data, g - State->entries = 0; - Ptr = Data + 6; - for (I=0;IImageScore = (Ptr[11] << 24) + (Ptr[10] << 16) + (Ptr[9] << 8) + (Ptr[8]); -- if (entry->ImageScore == 0) -- entry->ImageScore = 256; -- entry->x_hot = (Ptr[5] << 8) + Ptr[4]; -- entry->y_hot = (Ptr[7] << 8) + Ptr[6]; -- entry->DIBoffset = (Ptr[15]<<24)+(Ptr[14]<<16)+ -- (Ptr[13]<<8) + (Ptr[12]); -+ entry->ImageScore = data_size; -+ -+ entry->width = width ? width : 256; -+ entry->height = height ? height : 256; -+ entry->x_hot = x_hot; -+ entry->y_hot = y_hot; -+ entry->DIBoffset = data_offset; - State->entries = g_list_insert_sorted (State->entries, entry, compare_direntry_scores); - Ptr += 16; -- } -+ } - - /* Now go through and find one we can parse */ - entry = NULL; -@@ -351,9 +372,9 @@ static void DecodeHeader(guchar *Data, g - - #ifdef DUMPBIH - DumpBIH(BIH); --#endif -+#endif - /* Add the palette to the headersize */ -- -+ - State->Header.width = - (int)(BIH[7] << 24) + (BIH[6] << 16) + (BIH[5] << 8) + (BIH[4]); - if (State->Header.width == 0) -@@ -364,12 +385,28 @@ static void DecodeHeader(guchar *Data, g - /* /2 because the BIH height includes the transparency mask */ - if (State->Header.height == 0) - State->Header.height = 256; -+ -+ /* Negative heights mean top-down pixel-order */ -+ if (State->Header.height < 0) { -+ State->Header.height = -State->Header.height; -+ State->Header.Negative = 1; -+ } -+ if (State->Header.width < 0) { -+ State->Header.width = -State->Header.width; -+ } -+ -+ if (State->Header.width != entry->width || -+ State->Header.height != entry->height) { -+ g_set_error_literal (error, -+ GDK_PIXBUF_ERROR, -+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -+ _("Invalid header in icon")); -+ return; -+ } -+ - State->Header.depth = (BIH[15] << 8) + (BIH[14]); -+ State->Type = State->Header.depth; - -- State->Type = State->Header.depth; -- if (State->Lines>=State->Header.height) -- State->Type = 1; /* The transparency mask is 1 bpp */ -- - /* Determine the palette size. If the header indicates 0, it - is actually the maximum for the bpp. You have to love the - guys who made the spec. */ -@@ -405,24 +442,9 @@ static void DecodeHeader(guchar *Data, g - State->BytesInHeaderBuf = State->HeaderSize; - } - if (Bytes < State->HeaderSize) { -- g_set_error_literal (error, -- GDK_PIXBUF_ERROR, -- GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -- _("Not enough bytes for header")); - return; - } - -- /* Negative heights mean top-down pixel-order */ -- if (State->Header.height < 0) { -- State->Header.height = -State->Header.height; -- State->Header.Negative = 1; -- } -- if (State->Header.width < 0) { -- State->Header.width = -State->Header.width; -- } -- g_assert (State->Header.width > 0); -- g_assert (State->Header.height > 0); -- - if (State->Type == 32) - State->LineWidth = State->Header.width * 4; - else if (State->Type == 24) -@@ -465,7 +487,6 @@ static void DecodeHeader(guchar *Data, g - - - if (State->pixbuf == NULL) { --#if 1 - if (State->size_func) { - gint width = State->Header.width; - gint height = State->Header.height; -@@ -476,7 +497,6 @@ static void DecodeHeader(guchar *Data, g - return; - } - } --#endif - - State->pixbuf = - gdk_pixbuf_new(GDK_COLORSPACE_RGB, TRUE, 8, diff --git a/gdk-pixbuf-bgo769738-bmp-overflow.patch b/gdk-pixbuf-bgo769738-bmp-overflow.patch deleted file mode 100644 index fe40970..0000000 --- a/gdk-pixbuf-bgo769738-bmp-overflow.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 779429ce34e439c01d257444fe9d6739e72a2024 Mon Sep 17 00:00:00 2001 -From: Tobias Mueller -Date: Tue, 12 Jul 2016 15:20:00 +0000 -Subject: [PATCH] bmp: Detect integer overflow of the line width - -Instead of risking crashes or OOM, return an error if -we detect integer overflow. - -The commit also includes a test image that triggers -this overflow when used with pixbuf-read. - -https://bugzilla.gnome.org/show_bug.cgi?id=768738 ---- - gdk-pixbuf/io-bmp.c | 21 ++++++++++++--------- - .../randomly-modified/bmp-line-overflow.bmp | Bin 0 -> 74 bytes - 2 files changed, 12 insertions(+), 9 deletions(-) - create mode 100644 tests/test-images/randomly-modified/bmp-line-overflow.bmp - -diff --git a/gdk-pixbuf/io-bmp.c b/gdk-pixbuf/io-bmp.c -index 748ebae..08e3c76 100644 ---- a/gdk-pixbuf/io-bmp.c -+++ b/gdk-pixbuf/io-bmp.c -@@ -254,6 +254,7 @@ static gboolean DecodeHeader(unsigned char *BFH, unsigned char *BIH, - GError **error) - { - gint clrUsed; -+ guint bytesPerPixel; - - /* First check for the two first bytes content. A sane - BMP file must start with bytes 0x42 0x4D. */ -@@ -380,15 +381,17 @@ static gboolean DecodeHeader(unsigned char *BFH, unsigned char *BIH, - return FALSE; - } - -- if (State->Type == 32) -- State->LineWidth = State->Header.width * 4; -- else if (State->Type == 24) -- State->LineWidth = State->Header.width * 3; -- else if (State->Type == 16) -- State->LineWidth = State->Header.width * 2; -- else if (State->Type == 8) -- State->LineWidth = State->Header.width * 1; -- else if (State->Type == 4) -+ if ((State->Type >= 8) && (State->Type <= 32) && (State->Type % 8 == 0)) { -+ bytesPerPixel = State->Type / 8; -+ State->LineWidth = State->Header.width * bytesPerPixel; -+ if (State->Header.width != State->LineWidth / bytesPerPixel) { -+ g_set_error_literal (error, -+ GDK_PIXBUF_ERROR, -+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -+ _("BMP image width too large")); -+ return FALSE; -+ } -+ } else if (State->Type == 4) - State->LineWidth = (State->Header.width + 1) / 2; - else if (State->Type == 1) { - State->LineWidth = State->Header.width / 8; diff --git a/gdk-pixbuf.changes b/gdk-pixbuf.changes index 52cdef9..5311079 100644 --- a/gdk-pixbuf.changes +++ b/gdk-pixbuf.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Mon Sep 19 17:22:31 UTC 2016 - zaitor@opensuse.org + +- Update to version 2.36.0: + + Updated translations. + +------------------------------------------------------------------- +Tue Sep 13 16:08:17 UTC 2016 - zaitor@opensuse.org + +- Update to version 2.35.5: + + Fix undefined behavior in overflow checks (bgo#770986). + + Fix a typo (bgo#770756). + + Avoid segfault in some tests (bgo#771026). + + Updated translations. + +------------------------------------------------------------------- +Tue Aug 30 18:39:13 UTC 2016 - zaitor@opensuse.org + +- Update to version 2.35.4: + + Updated translations. +- Conditionally apply translations-update-upstream BuildRequires + and macro for non-openSUSE only. +- Escape some macros in comments to silence rpmlint. + +------------------------------------------------------------------- +Tue Aug 30 18:39:12 UTC 2016 - zaitor@opensuse.org + +- Update to version 2.35.3: + + Add API to determine supported save options (bgo#683371). + + Add helper API for pixbuf options (bgo#768043). + + Fix invalid gettext use (bgo#758552). + + Fix a compiler warning in the xpm loader (bgo#768042). + + Fix integer overflows in the bmp loader (bgo#768688, + bgo#768738). + + Fix a crash in the ico loader (bgo#769170). + + Updated translations. +- Drop gdk-pixbuf-bgo768688-bmp-overflow.patch, + gdk-pixbuf-bgo768484-ico-set-errors.patch, + gdk-pixbuf-bgo769738-bmp-overflow.patch and + gdk-pixbuf-bgo769170-ico-headers.patch: Fixed upstream. + +------------------------------------------------------------------- +Tue Aug 30 18:39:11 UTC 2016 - zaitor@opensuse.org + +- Update to version 2.35.2: + + Use compiler directives for exporting symbols (bgo#767164). + + Fix a problem with nearest scaling (bgo#766842). + + Avoid redundant property notification. + + Updated translations. + +------------------------------------------------------------------- +Tue Aug 30 18:39:10 UTC 2016 - zaitor@opensuse.org + +- Update to version 2.35.1: + + Add non-varargs variant to save to stream (bgo#683063). + + Add a common autotools module (bgo#765034). + + Updated translations. + ------------------------------------------------------------------- Tue Aug 30 18:39:06 UTC 2016 - mgorse@suse.com diff --git a/gdk-pixbuf.spec b/gdk-pixbuf.spec index 4112fea..e07967e 100644 --- a/gdk-pixbuf.spec +++ b/gdk-pixbuf.spec @@ -20,28 +20,22 @@ %define gdk_pixbuf_binary_version 2.10.0 Name: gdk-pixbuf -Version: 2.34.0 +Version: 2.36.0 Release: 0 Summary: An image loading library License: LGPL-2.1+ Group: System/Libraries Url: http://www.gnome.org/ -Source: http://download.gnome.org/sources/gdk-pixbuf/2.34/%{name}-%{version}.tar.xz +Source: http://download.gnome.org/sources/gdk-pixbuf/2.36/%{name}-%{version}.tar.xz Source1: macros.gdk-pixbuf Source2: README.SUSE Source99: baselibs.conf -# PATCH-FIX-UPSTREAM gdk-pixbuf-bgo768688-bmp-overflow.patch bgo#768688 mgorse@suse.com -- fix a bmp overflow. -Patch0: gdk-pixbuf-bgo768688-bmp-overflow.patch -# PATCh-FIX-UPSTREAM gdk-pixbuf-bgo768484-ico-set-errors.patch bgo#768484 mgorse@suse.com -- ico: always set errors. -Patch1: gdk-pixbuf-bgo768484-ico-set-errors.patch -# PATCH-FIX-UPSTREAM gdk-pixbuf-bgo769738-bmp-overflow.patch bsc#988745 bgo#769738 mgorse@suse.com -- fix another bmp overflow. -Patch2: gdk-pixbuf-bgo769738-bmp-overflow.patch -# PATCh-FIX-UPSTREAM gdk-pixbuf-bgo769170-ico-headers.patch bsc#991450 bgo#769170 CVE-2016-6352 mgorse@suse.com -- be more careful when parsing ico headers. -Patch3: gdk-pixbuf-bgo769170-ico-headers.patch BuildRequires: libjasper-devel BuildRequires: libjpeg-devel BuildRequires: libtiff-devel +%if !0%{?is_opensuse} BuildRequires: translation-update-upstream +%endif BuildRequires: pkgconfig(glib-2.0) >= 2.37.2 BuildRequires: pkgconfig(gobject-introspection-1.0) BuildRequires: pkgconfig(libpng) @@ -55,7 +49,7 @@ Clutter. %package -n libgdk_pixbuf-2_0-0 Summary: An image loading library Group: System/Libraries -# Provide %{name} to make the lang package installable +# Provide %%{name} to make the lang package installable Provides: %{name} = %{version} Requires(post): gdk-pixbuf-query-loaders Recommends: %{name}-lang = %{version} @@ -105,11 +99,9 @@ This package contains development files for gdk-pixbuf. %lang_package %prep %setup -q +%if !0%{?is_opensuse} translation-update-upstream -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%endif %if "%_lib" == "lib64" cp -a %{S:2} . %endif @@ -139,7 +131,7 @@ cp %{S:1} %{buildroot}%{_sysconfdir}/rpm # Note: when updating scriptlets, don't forget to also update baselibs.conf ########################################################################### -# Convenient %define for the scriplets +# Convenient %%define for the scriplets %if "%_lib" == "lib64" %define _gdk_pixbuf_query_loaders %{_bindir}/gdk-pixbuf-query-loaders-64 %else @@ -152,7 +144,7 @@ cp %{S:1} %{buildroot}%{_sysconfdir}/rpm %if 0 # In case libgdk_pixbuf-2_0-0 gets installed before gdk-pixbuf-query-loaders, # we don't want to fail. So we make the call to gdk-pixbuf-query-loaders -# dependent on the existence of the binary. This is why we also have a %post +# dependent on the existence of the binary. This is why we also have a %%post # for gdk-pixbuf-query-loaders. %endif if test -f %{_gdk_pixbuf_query_loaders}; then @@ -163,7 +155,7 @@ fi %if 0 # If we install gdk-pixbuf-query-loaders for the first time, then we should run # it in case libgdk_pixbuf-2_0-0 was installed first (ie, if -# %{_libdir}/gdk-pixbuf-2.0/%{gdk_pixbuf_binary_version} already exists) which +# %%{_libdir}/gdk-pixbuf-2.0/%%{gdk_pixbuf_binary_version} already exists) which # means gdk-pixbuf-query-loaders couldn't run there. %endif if [ $1 = 1 ]; then