"David Costanzo has reported a vulnerability in GdkPixbuf, which can be
exploited by malicious people to crash certain applications on a user's
system.
The vulnerability is caused due to a double free error in the BMP loader.
This can be exploited to crash an application linked against GdkPixbuf
when a specially crafted BMP image is processed."
Bump PKGREVISION. Patch from Fedora.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
generated files.
(Not portability) changes since 0.18:
* Made the GIF loader handle animations with frames whose bounds go outside
of the base image's bounds (Federico).
* Made the GIF loader handle zero-sized frames that GifBuilder and
similar crap spits sometimes (Federico).
* The PNM loader doesn't abort() anymore if it cannot allocate memory
(Federico).
* Fixed a g_object_unref() -> gdk_pixbuf_unref() thinko (Federico).
* Merged the patch from Red Hat Linux 8.0 to fix the crash on
corrupted/short GIFs - Ximian 29040 (patch by Elliot Lee).
* Fixed the RGB 565 LSB -> MSB case in gdk-pixbuf-drawable - 79463
(Federico).
* Fixed the update region notification in the BMP loader (Federico).
* Merged the BMP loader changes from GTK+ HEAD -- check all reallocs,
fix 16bpp BI_RGB thinko, properly handle BI_RLE4 and skips and jumps
(changes by Matthias Clasen).
* Merged the ICO loader changes from GTK+ HEAD (changes by Matthias
Clasen).
* Merged changes from gtk+/gdk-pixbuf HEAD into the JPEG loader --
fixes CMYK JPEG problems (changes by Matthias Clasen).
-being here, update to 0.18.0
changes:
* Fixed the RGB 565 MSB -> MSB case in gdk-pixbuf-drawable - #79190
* Fixed alignment issues in the BMP loader - #84083 (Federico).
* Merged pixops.c from GTK+ HEAD as of 2002/Jun/18 (Federico).
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
* Merged the endianness conversion fixes from the GDK version into the
Xlib version; oops (Federico).
* Merged fixes from GTK+ 2.0
* Minor documentation improvements (Federico).
* Fixed endianness conversion in the 16-bit gdk-pixbuf-drawable
functions (Federico).
* Minor fixes for the IBM/AIX compiler (Christian Schaller).
* The image loaders are now linked against the pixbuf and GTK+
libraries so that the Python bindings work (Johan Dahlin).
* Backported the BMP loader from GTK+ 1.3 (Federico).
* Added support for BI_BITFIELDS coding to the BMP loader [Ximian bug
#12125] (Federico).
* Fixed stupid bug in the ICO loader. ICO pixbufs should always have
an alpha channel [Ximian bug #11224]. (Federico)
* Slight tweaks to the documentation Makefile. (Federico)
* Added support for 16-bpp BMPs and ICOs (Federico).
* Added support for 32-bpp ICOs (Federico).
* Use the correct visual and colormap for the pixbuf-demo widgets
* Install the headers in a versioned directory so that they don't
collide with the GNOME 2 platform (Havoc).
all dependencies on packages depending on "png" which contain shared
libraries, all for the (imminent) update to the "png" package.
[List courtesy of John Darrow, courtesy of "bulk-build".]
to ${X11BASE} in the header and library search paths into references to
${LOCALBASE}/share/x11-links. These packages should now be strongly-
buildlinked regardless of whether xpkgwedge is installed.
Changes well-tested on NetBSD-1.5X/i386 with and without xpkgwedge and
lightly-tested on NetBSD-1.5.1/alpha without xpkgwedge.
* Integrated John Harper's patch to provide an Xlib-only version of
gdk-pixbuf. Now plain Xlib apps such as Sawfish can use gdk-pixbuf
(John Harper, Federico).
* Animation bounding box fixes (Larry).
* Important error-handling fixes to the JPEG and PNG loaders (Michael,
Larry).
* Miscellaneous build fixes (Darin, Frank, Mathieu).
* New flashy demo program of the scaling and compositing functions
(Federico).
* New appendix in the programmer's documentation describing how to
port applications from Imlib to gdk-pixbuf (Federico).
Add a new USE_LIBTOOL definition that uses the libtool package instead of
pkglibtool which is now considered outdated.
USE_PKGLIBTOOL is available for backwards compatibility with old packages
but is deprecated for new packages.
