"David Costanzo has reported a vulnerability in GdkPixbuf, which can be
exploited by malicious people to crash certain applications on a user's
system.
The vulnerability is caused due to a double free error in the BMP loader.
This can be exploited to crash an application linked against GdkPixbuf
when a specially crafted BMP image is processed."
Bump PKGREVISION. Patch from Fedora.
Schwarz tried to compile it with a compiler that errors out when the code
does something as pointless as checking if a pointer is positive.
PR#28889 and http://bugzilla.gnome.org/show_bug.cgi?id=156186
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
generated files.
(Not portability) changes since 0.18:
* Made the GIF loader handle animations with frames whose bounds go outside
of the base image's bounds (Federico).
* Made the GIF loader handle zero-sized frames that GifBuilder and
similar crap spits sometimes (Federico).
* The PNM loader doesn't abort() anymore if it cannot allocate memory
(Federico).
* Fixed a g_object_unref() -> gdk_pixbuf_unref() thinko (Federico).
* Merged the patch from Red Hat Linux 8.0 to fix the crash on
corrupted/short GIFs - Ximian 29040 (patch by Elliot Lee).
* Fixed the RGB 565 LSB -> MSB case in gdk-pixbuf-drawable - 79463
(Federico).
* Fixed the update region notification in the BMP loader (Federico).
* Merged the BMP loader changes from GTK+ HEAD -- check all reallocs,
fix 16bpp BI_RGB thinko, properly handle BI_RLE4 and skips and jumps
(changes by Matthias Clasen).
* Merged the ICO loader changes from GTK+ HEAD (changes by Matthias
Clasen).
* Merged changes from gtk+/gdk-pixbuf HEAD into the JPEG loader --
fixes CMYK JPEG problems (changes by Matthias Clasen).
headers in ${BUILDLINK_DIR}, simply create BUILDLINK_CPPFLAGS.<pkg>
variables whose values are appended to CPPFLAGS, which are automatically
passed to the configure and build processes.
BUILDLINK_TRANSFORM.<pkg> has little use in buildlink2 since packages are
now told that the software may be found where it really is installed, not
in ${BUILDLINK_DIR} as was the case with buildlink1. Eventually, these
variables will be declared unsupported by buildlink2.
-being here, update to 0.18.0
changes:
* Fixed the RGB 565 MSB -> MSB case in gdk-pixbuf-drawable - #79190
* Fixed alignment issues in the BMP loader - #84083 (Federico).
* Merged pixops.c from GTK+ HEAD as of 2002/Jun/18 (Federico).
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
* Merged the endianness conversion fixes from the GDK version into the
Xlib version; oops (Federico).
* Merged fixes from GTK+ 2.0
* Minor documentation improvements (Federico).
* Fixed endianness conversion in the 16-bit gdk-pixbuf-drawable
functions (Federico).
* Minor fixes for the IBM/AIX compiler (Christian Schaller).
* The image loaders are now linked against the pixbuf and GTK+
libraries so that the Python bindings work (Johan Dahlin).
* Backported the BMP loader from GTK+ 1.3 (Federico).
* Added support for BI_BITFIELDS coding to the BMP loader [Ximian bug
#12125] (Federico).
* Fixed stupid bug in the ICO loader. ICO pixbufs should always have
an alpha channel [Ximian bug #11224]. (Federico)
* Slight tweaks to the documentation Makefile. (Federico)
* Added support for 16-bpp BMPs and ICOs (Federico).
* Added support for 32-bpp ICOs (Federico).
* Use the correct visual and colormap for the pixbuf-demo widgets
* Install the headers in a versioned directory so that they don't
collide with the GNOME 2 platform (Havoc).
all dependencies on packages depending on "png" which contain shared
libraries, all for the (imminent) update to the "png" package.
[List courtesy of John Darrow, courtesy of "bulk-build".]