gdk-pixbuf (2.30.7-0ubuntu1.8) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gif_get_lzw function
    - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
    - CVE-2017-1000422
  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 11 Jan 2018 14:47:54 -0300

gdk-pixbuf (2.30.7-0ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patch/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311.patch: return an error when ICO didn't
      load in gdk-pixbuf/io-ico.
    - CVE-2017-6311

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 14 Sep 2017 11:38:36 -0300

gdk-pixbuf (2.30.7-0ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
    - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
      headers. Based on upstream patch.
    - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
    - CVE-2016-6352
  * SECURITY UPDATE: Fix a heap-based buffer overflow
    - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on
      upstream patches.
    - CVE-2015-7552
  * SECURITY UPDATE: Fix multiple integer overflows
    - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid
      overflow when shifting
    - CVE-2015-8875

 -- Emily Ratliff <emily.ratliff@canonical.com>  Wed, 21 Sep 2016 09:38:31 -0500

gdk-pixbuf (2.30.7-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Heap overflow and DoS with tga files
    - debian/patches/CVE-2015-7673-1.patch: pass on OOM conditions in
      make_weights functions in gdk-pixbuf/pixops/pixops.c
    - debian/patches/CVE-2015-7673-2.patch: Wrap TGAColormap struct in
      its own API in gdk-pixbuf/io-tga.c
    - debian/patches/CVE-2015-7673-3.patch: always parse colormaps in
      gdk-pixbuf/io-tga.c
  * SECURITY UPDATE: heap overflow when scaling GIF images
    - debian/patches/CVE-2015-767.patch: ensure variables are large
      enough when shifting bits in gdk-pixbuf/pixops/pixops.c

 -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 08 Oct 2015 15:58:55 -0700

gdk-pixbuf (2.30.7-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow when scaling bitmap images
    - debian/patches/CVE-2015-4491-1.patch: check for overflows in
      gdk-pixbuf/pixops/pixops.c.
    - debian/patches/CVE-2015-4491-2.patch: also check n_x in
      gdk-pixbuf/pixops/pixops.c.
    - CVE-2015-4491

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 18 Aug 2015 13:02:29 -0400

gdk-pixbuf (2.30.7-0ubuntu1) trusty; urgency=medium

  * New upstream version

 -- Sebastien Bacher <seb128@ubuntu.com>  Mon, 31 Mar 2014 17:15:34 +0200

gdk-pixbuf (2.30.6-1) unstable; urgency=medium

  * New upstream release.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sun, 09 Mar 2014 14:15:14 +0100

gdk-pixbuf (2.30.5-1) unstable; urgency=medium

  * New upstream release.
  * debian/control.in:
    + Build depend on gtk-doc-tools 1.20.
    + Drop unnecessary b-d on autotools-dev.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Thu, 20 Feb 2014 20:37:53 +0100

gdk-pixbuf (2.30.4-1) unstable; urgency=low

  [ Michael Biebl ]
  * Use the official field for udebs: Package-Type.

  [ Jackson Doak ]
  * New upstream release (2.30.1).
  * debian/control:
    - Bump required glib version
    - Switch to libtiff over libtiff5. Closes: #681099, #736005.
    - Use canonical VCS fields
  * Update symbols
  * Create basic manpage for gdk-pixbuf-pixdata
  * debian/rules: Add upstream changelog location

  [ Emilio Pozuelo Monfort ]
  * New upstream release (2.30.4).
  * debian/control.in:
    + Bump glib requirement.
    + Bump shared-mime-info b-d, needed to properly detect tga files and
      use the right loader for them. This affects a couple of tests.
    + Standards-Version is 3.9.5, no changes needed.
  * debian/rules:
    + Let debhelper install NEWS as the upstream changelog, otherwise we
      end up with NEWS installed twice: as NEWS.gz and changelog.gz.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sun, 16 Feb 2014 20:21:48 +0100

gdk-pixbuf (2.28.2-1) unstable; urgency=low

  * New upstream release.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sat, 08 Jun 2013 18:32:31 +0200

gdk-pixbuf (2.28.1-2) unstable; urgency=low

  * debian/rules,
    debian/control:
    + Run dh-autoreconf to avoid an rpath issue on hurd.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sun, 02 Jun 2013 15:41:38 +0200

gdk-pixbuf (2.28.1-1) unstable; urgency=low

  * New upstream release.
  * Track stable releases again.
  * Drop explicit Build-Depends on gir1.2-glib-2.0.
  * Bump Standards-Version to 3.9.4.
  * Upload to unstable.

 -- Michael Biebl <biebl@debian.org>  Thu, 09 May 2013 02:01:16 +0200

gdk-pixbuf (2.28.0-1) experimental; urgency=low

  * New upstream release.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Tue, 26 Mar 2013 13:09:02 +0100

gdk-pixbuf (2.27.3-1) experimental; urgency=low

  * New upstream release.
    + d/p/0001-animation-Allow-prepare_func-call-in-stop_load.patch:
      - Removed, included upstream.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Tue, 19 Mar 2013 00:23:11 +0100

gdk-pixbuf (2.27.2-2) experimental; urgency=low

  * d/p/0001-animation-Allow-prepare_func-call-in-stop_load.patch:
    + Backport patch from upstream GIT, fixes a crash with animations.
      Closes: #702780, #702517.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Thu, 14 Mar 2013 22:19:36 +0100

gdk-pixbuf (2.27.2-1) experimental; urgency=low

  [ Martin Pitt ]
  * Add debian/tests: Simple compile/link/run autopkgtest. Thanks Rafał
    Cieślak! (LP: #1073528)

  [ Emilio Pozuelo Monfort ]
  * New upstream release.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sat, 02 Mar 2013 18:26:49 +0100

gdk-pixbuf (2.27.1-1) experimental; urgency=low

  * New upstream release.
    + debian/control.in:
      - Update build dependencies.
    + debian/libgdk-pixbuf2.0-0.symbols:
      - Updated for the new symbols.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sat, 23 Feb 2013 19:58:45 +0100

gdk-pixbuf (2.26.4-2) experimental; urgency=low

  * Team upload
  * Add a -dbg package
  * Go to debhelper compat level 9, for compressed symbol files

 -- Simon McVittie <smcv@debian.org>  Wed, 24 Oct 2012 19:37:52 +0100

gdk-pixbuf (2.26.4-1) experimental; urgency=low

  * Team upload
  * New upstream bugfix release

 -- Simon McVittie <smcv@debian.org>  Tue, 23 Oct 2012 16:41:38 +0100

gdk-pixbuf (2.26.1-1) unstable; urgency=low

  * New upstream bug fix release:
    - Fix srcdir != builddir build.
    - Avoid an integer overflow in the xbm loader. (LP: #681150)
    - Translation updates.
  * debian/control.in: Prefer building against libpng-dev over libpng12-dev,
    to be prepared for the libpng 1.5 transition. (Closes: #662344)
  * debian/control.in: Bump Standards-Version to 3.9.3 (no changes necessary).

 -- Martin Pitt <mpitt@debian.org>  Mon, 16 Apr 2012 07:21:41 +0200

gdk-pixbuf (2.26.0-2) unstable; urgency=low

  * Upload to unstable.

 -- Michael Biebl <biebl@debian.org>  Fri, 30 Mar 2012 09:01:26 +0200

gdk-pixbuf (2.26.0-1) experimental; urgency=low

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Wed, 21 Mar 2012 01:48:57 +0100

gdk-pixbuf (2.25.2-1) experimental; urgency=low

  * New upstream development release.
  * debian/libgdk-pixbuf2.0-0.symbols: Add new symbols.
  * debian/libgdk-pixbuf2.0-dev.install: Install gdk-pixbuf-pixdata tool.
  * debian/control.in: Bump Build-Depends on libglib2.0-dev to (>= 2.31.0).

 -- Michael Biebl <biebl@debian.org>  Sun, 04 Mar 2012 07:45:41 +0100

gdk-pixbuf (2.24.1-1) unstable; urgency=low

  * New upstream release.
  * Explicitly enable X11 support.
  * Use upper case form of term GDK in package description. (Closes: #622217)

 -- Michael Biebl <biebl@debian.org>  Mon, 06 Feb 2012 04:39:50 +0100

gdk-pixbuf (2.24.0-2) unstable; urgency=low

  [ Michael Biebl ]
  * debian/watch:
    - Switch to .xz tarballs.

  [ Josselin Mouette ]
  * Split locales in a separate package for multiarch: 
    libgdk-pixbuf2.0-common. Make it m-a: foreign.

  [ Michael Biebl ]
  * Change section of gir1.2-gdkpixbuf-2.0 to introspection.

 -- Michael Biebl <biebl@debian.org>  Wed, 14 Dec 2011 22:12:21 +0100

gdk-pixbuf (2.24.0-1) unstable; urgency=low

  * New upstream bug fix release.

 -- Martin Pitt <mpitt@debian.org>  Fri, 02 Sep 2011 12:05:31 +0200

gdk-pixbuf (2.23.5-3) unstable; urgency=low

  * debian/rules:
    - Trap errors in for loop using 'set -e'.
  * debian/libgdk-pixbuf2.0-0.postinst.in:
    - Don't hide error messages from gdk-pixbuf-query-loaders.
    - Handle more gracefully the case where the non-multiarch loaders
      directory is empty or doesn't exist.

 -- Michael Biebl <biebl@debian.org>  Thu, 28 Jul 2011 18:18:06 +0200

gdk-pixbuf (2.23.5-2) unstable; urgency=low

  [ Steve Langasek ]
  * Multiarch support. (Closes: #632354)

  [ Michael Biebl ]
  * debian/libgdk-pixbuf2.0-dev.install:
    - Don't ship libtool .la file as this breaks multiarch.
  * debian/control.in:
    - Change Build-Depends on libjpeg62-dev to libjpeg-dev in preparation of
      the libjpeg8 transition. (Closes: #633940)

 -- Michael Biebl <biebl@debian.org>  Sat, 16 Jul 2011 01:25:32 +0200

gdk-pixbuf (2.23.5-1) unstable; urgency=low

  * New upstream release.
  * debian/watch: Switch to .bz2 tarballs.
  * Refresh debian/patches/041_ia32-libs.patch.
  * Bump Standards-Version to 3.9.2. No further changes.
  * Bump debhelper compatiblility level to 8.
    - Update Build-Depends on debhelper.
    - Strip debian/tmp/ from .install files.

 -- Michael Biebl <biebl@debian.org>  Sat, 02 Jul 2011 00:45:36 +0200

gdk-pixbuf (2.23.3-3.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix improper check of gif_main_loop() resulting in DoS conditions
    on specially crafted GIF images (CVE-2011-2485; Closes: #631524)

 -- Nico Golde <nion@debian.org>  Tue, 28 Jun 2011 21:59:16 +0200

gdk-pixbuf (2.23.3-3) unstable; urgency=low

  * Move the mime.cache generation from gtk+ udebs to this one, since 
    this file is actually needed for gdk_pixbuf.
  * Add related build-dependencies on shared-mime-info and xsltproc.

 -- Josselin Mouette <joss@debian.org>  Sun, 10 Apr 2011 18:04:19 +0200

gdk-pixbuf (2.23.3-2) unstable; urgency=low

  * Upload to unstable.

 -- Josselin Mouette <joss@debian.org>  Sun, 10 Apr 2011 15:27:42 +0200

gdk-pixbuf (2.23.3-1) experimental; urgency=low

  [ Laurent Bigonville ]
  * New Upstream release
    - Bump libglib2.0-dev build-dependency
  * Make libgdk-pixbuf2.0-dev Breaks/Replaces libgtk2.0-bin (<< 2.21.3)
    (Closes: #612580)
  * debian/control.in, debian/rules: Rely on cdbs to call dh_girepository

  [ Josselin Mouette ]
  * Make the -dev package depend on the gir package.
  * Add missing Replaces on gir1.2-gtk-2.0. Closes: #620572.

 -- Laurent Bigonville <bigon@debian.org>  Tue, 05 Apr 2011 11:21:38 +0200

gdk-pixbuf (2.23.0-2) experimental; urgency=low

  * Re-add .la files, too much other packages are still referencing it.
    (Closes: #607000, LP: #665768)

 -- Laurent Bigonville <bigon@debian.org>  Tue, 04 Jan 2011 20:54:56 +0100

gdk-pixbuf (2.23.0-1) experimental; urgency=low

  * New upstream development release.
    - debian/libgdk-pixbuf2.0-0.symbols:
      + Updated.
  * debian/rules:
    - Blindly bump the shlibs version. We've got a symbols file anyway and
      updating the version is error prone.
    - Run the test suite during the build.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Fri, 24 Dec 2010 20:10:44 +0000

gdk-pixbuf (2.22.1-4) experimental; urgency=low

  * Update to the new gir policy:
    - Rename gir1.0-gdkpixbuf-2.0 to gir1.2-gdkpixbuf-2.0.
    - Bump the gobject-introspection build dependency.
    - Build depend on gir1.2 packages.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sat, 11 Dec 2010 19:24:49 +0100

gdk-pixbuf (2.22.1-3) experimental; urgency=low

  * debian/control.in:
    - Add Replaces: gir-repository-dev for
      libgdk-pixbuf2.0-dev package (Closes: #605734)
    - Use Breaks instead of Conflicts when required

 -- Laurent Bigonville <bigon@debian.org>  Sun, 05 Dec 2010 19:04:56 +0100

gdk-pixbuf (2.22.1-2) experimental; urgency=low

  * debian/watch: Fix URL pattern

 -- Laurent Bigonville <bigon@debian.org>  Tue, 23 Nov 2010 20:36:29 +0100

gdk-pixbuf (2.22.1-1) experimental; urgency=low

  [ Emilio Pozuelo Monfort ]
  * Add a gir package, based on the Ubuntu changes.

  [ Laurent Bigonville ]
  * New upstream stable release.
    - Bump build-dependencies
  * debian/control.in:
    - Bump Standards-Version to 3.9.1 (no further changes)
    - Use Debian GNOME Maintainers team as Maintainer
    - Add Vcs-Svn and Vcs-Browser fields
    - Add dependency against libpng12-dev on libgdk-pixbuf2.0-dev package
      (as required by the .pc file)
  * debian/rules: Pass --enable-introspection to configure
  * debian/libgdk-pixbuf2.0-dev.install: Install .gir file

 -- Laurent Bigonville <bigon@debian.org>  Mon, 22 Nov 2010 19:14:29 +0100

gdk-pixbuf (2.22.0-1) experimental; urgency=low

  * New upstream stable release.

 -- Sebastian Dröge <slomo@debian.org>  Tue, 21 Sep 2010 20:49:40 +0200

gdk-pixbuf (2.21.7-1) experimental; urgency=low

  * New upstream development release:
    + debian/patches/041_ia32-libs.patch:
      - Refreshed.

 -- Sebastian Dröge <slomo@debian.org>  Fri, 10 Sep 2010 15:41:43 +0200

gdk-pixbuf (2.21.6-2) experimental; urgency=low

  * debian/control.in:
    + Add Breaks for libwmf0.2-7 (<< 0.2.8.4-7) and librsvg2-2 (<< 2.26.3-2)
      because of the new location for the pixbuf loaders.

 -- Sebastian Dröge <slomo@debian.org>  Fri, 23 Jul 2010 07:49:08 +0200

gdk-pixbuf (2.21.6-1) experimental; urgency=low

  [ Robert Ancell ]
  * Initial release

  [ Sebastian Dröge ]
  * debian/control.in:
    + Fix GTK+2.0 replaces/conflicts versions to << 2.21.3.
    + Rename packages to include the 2.0 API version.
  * debian/rules,
    debian/libgdk-pixbuf2.0-0.symbols:
    + Add symbols file and pass correct parameters to dh_makeshlibs.
  * debian/copyright:
    + Update with all copyright holders.
  * debian/control.in,
    debian/rules,
    debian/libgdk-pixbuf2.0-0-udeb.install:
    + Add udeb package.
  * debian/rules:
    + Enable libjasper JPEG2000 loader.
  * debian/rules:
    + Generate loader files for the udeb.
  * debian/libgdk-pixbuf2.0-0.triggers,
    debian/libgdk-pixbuf2.0-0.postinst,
    debian/libgdk-pixbuf2.0-0.postrm:
    + Use triggers for the pixbuf loaders.
  * debian/libgdk-pixbuf2.0-0.install,
    debian/libgdk-pixbuf2.0-dev.links:
    + Put gdk-pixbuf-query-loaders into a versioned directory
      and put a link to it for /usr/bin into the -dev package.
    + Move manpage into the -dev package too.
  * debian/control.in,
    + Add libx11-dev and libglib2.0-dev to the -dev package dependencies.
    + Build depend on libx11-dev.

 -- Sebastian Dröge <slomo@debian.org>  Thu, 22 Jul 2010 17:20:30 +0200
