d/gdk-pixbuf: security update to 2.44.6+dfsg-1 (CVE-2026-5201)

deepin-ci-robot · deepin-ci-robot · commit df2b42e2e9dd · 2026-04-14T23:00:44.000+08:00
Source: https://salsa.debian.org/gnome-team/gdk-pixbuf/-/tree/debian/2.44.6+dfsg-1 CVE-2026-5201: JPEG loader heap buffer overflow via improper validation of color component counts
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 /subprojects/*/
+.pc/
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,110 @@
+gdk-pixbuf (2.44.6+dfsg-1) unstable; urgency=high
+
+  * New upstream release
+    - CVE-2026-5201 Heap overflow via improper validation of color
+      component counts (Closes: #1132501)
+  * Remove test patch applied in new release
+  * Remove transitional libgdk-pixbuf2.0-0-udeb
+  * Update Standards Version to 4.7.4
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Thu, 02 Apr 2026 14:04:10 -0400
+
+gdk-pixbuf (2.44.5+dfsg-4) unstable; urgency=medium
+
+  * Add patch to support JPEG2000 (Closes: #815612)
+  * Bump minimum glycin to 2.0.8 for this to work
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Sat, 14 Feb 2026 10:24:34 -0500
+
+gdk-pixbuf (2.44.5+dfsg-3) unstable; urgency=medium
+
+  * Re-enable glycin for loong64
+  * Release to unstable
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Mon, 09 Feb 2026 07:00:40 -0500
+
+gdk-pixbuf (2.44.5+dfsg-2) experimental; urgency=medium
+
+  [ Alessandro Astone ]
+  * d/control, d/rules: Enable glycin on i386
+
+  [ Carlos Henrique Lima Melara ]
+  * d/rules: remove useless if clause in dh_auto_test override
+
+  [ Jeremy Bícha ]
+  * Disable glycin for loong64 because it isn't fully bootstrapped yet.
+    glycin is now enabled on all other Debian Release Architectures, but not
+    enabled on any Debian ports.
+  * Bump Standards Version to 4.7.3
+
+  [ Simon McVittie ]
+  * Opt into Salsa CI
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Thu, 05 Feb 2026 13:50:28 -0500
+
+gdk-pixbuf (2.44.5+dfsg-1) experimental; urgency=medium
+
+  * New upstream release
+  * d/rules: Re-enable build test gating
+  * d/p: Rebase patches
+  * d/patches: Fix tests with older gdk-pixbuf installed in the rootfs
+  * d/patches: Use the native xpm and xbm loaders instead of glycin
+
+ -- Alessandro Astone <alessandro.astone@canonical.com>  Thu, 29 Jan 2026 10:56:51 +0100
+
+gdk-pixbuf (2.44.4+dfsg-3) experimental; urgency=medium
+
+  * Enable the legacy non-glycin XPM & XBM loaders for glycin architectures
+    (Closes: #1120607)
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Wed, 12 Nov 2025 22:37:30 -0500
+
+gdk-pixbuf (2.44.4+dfsg-2) experimental; urgency=medium
+
+  * Switch to glycin for release architectures and loong64 except i386
+    (Closes: #1116981, #1071271) (LP: #2122289)
+  * Depend on glycin-thumbnailers on those architectures
+  * libgdk-pixbuf2.0-bin no longer contains a thumbnailer on those
+    architectures, but still contains gdk-pixbuf-pixdata and
+    gdk-pixbuf-csource, so stop recommending it on those architectures
+  * Use dh-exec to manage architecture-specific install rules
+  * Follow Fedora's example and disable auto features
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Wed, 12 Nov 2025 07:06:13 -0500
+
+gdk-pixbuf (2.44.4+dfsg-1) unstable; urgency=medium
+
+  * New upstream release
+  * Remove bitmap patch applied in new release
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Tue, 21 Oct 2025 13:28:37 -0400
+
+gdk-pixbuf (2.44.3+dfsg-3) unstable; urgency=medium
+
+  * Cherry-pick proposed patch to fix bitmap loading, as seen in
+    the window buttons feature for the Xfce panel
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Wed, 01 Oct 2025 14:37:38 -0400
+
+gdk-pixbuf (2.44.3+dfsg-2) unstable; urgency=medium
+
+  * Release to unstable
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Wed, 01 Oct 2025 06:45:40 -0400
+
+gdk-pixbuf (2.44.3+dfsg-1) experimental; urgency=medium
+
+  * New upstream release
+  * Update configure options
+    - Don't switch to glycin yet
+    - Explicitly disable native Android loader
+    - Disable tiff for udeb
+    - Disable thumbnailer for udeb
+    - Keep jpeg & png as "built-in" loaders since that was the previous default
+  * Remove 3 patches applied in new release
+
+ -- Jeremy Bícha <jbicha@ubuntu.com>  Tue, 30 Sep 2025 13:45:03 -0400
+
 gdk-pixbuf (2.42.12+dfsg-5) unstable; urgency=medium
 
   * Team upload
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,
                                 /* Invalid code received - just stop here */
                                 if (self->code >= self->code_table_size) {
                                         self->last_code = self->eoi_code;
-                                        return output_length;
+                                        return n_written;
                                 }
 
                                 /* Convert codeword into indexes */
diff --git a/gdk-pixbuf/meson.build b/gdk-pixbuf/meson.build
@@ -380,7 +380,7 @@ pkgconfig.generate(
     'gdk_pixbuf_cache_file=${gdk_pixbuf_binarydir}/loaders.cache',
     'gdk_pixbuf_csource=${bindir}/gdk-pixbuf-csource',
     'gdk_pixbuf_pixdata=${bindir}/gdk-pixbuf-pixdata',
-    'gdk_pixbuf_query_loaders=${bindir}/gdk-pixbuf-query-loaders',
+    'gdk_pixbuf_query_loaders=${libdir}/@0@/gdk-pixbuf-query-loaders'.format(gdk_pixbuf_api_name),
   ],
   requires: 'gobject-2.0',
   subdirs: gdk_pixbuf_api_name,
diff --git a/tests/meson.build b/tests/meson.build
@@ -72,7 +72,7 @@ installed_tests = {
   },
   'pixbuf-fail': { 'suites': ['conform', 'slow'], },
   'pixbuf-icon-serialize': { 'suites': ['conform'], },
-  'pixbuf-randomly-modified': { 'suites': ['slow'], },
+  'pixbuf-randomly-modified': { 'suites': ['slow', 'flaky'], },
   'pixbuf-threads': { 'suites': ['io'], },
   'pixbuf-gif': {
     'suites': ['io'],
@@ -138,7 +138,6 @@ test_data = [
   'bug143608-comment.jpg',
   'bug725582-testrotate.jpg',
   'bug725582-testrotate.png',
-  'bug753605-atsize.jpg',
   'cve-2015-4491.bmp',
   'large.png',
   'large.jpg',
diff --git a/tests/pixbuf-jpeg.c b/tests/pixbuf-jpeg.c
@@ -127,6 +127,12 @@ test_at_size (void)
       return;
     }
 
+  if (!g_file_test (g_test_get_filename (G_TEST_DIST, "bug753605-atsize.jpg", NULL), G_FILE_TEST_EXISTS))
+    {
+      g_test_skip ("non-free test data removed");
+      return;
+    }
+
   ref = gdk_pixbuf_new_from_file (g_test_get_filename (G_TEST_DIST, "bug753605-atsize.jpg", NULL), &error);
   g_assert_no_error (error);
   g_object_unref (ref);
@@ -196,10 +202,11 @@ test_jpeg_fbfbfbfb (void)
   g_assert_no_error (error);
 
   gdk_pixbuf_loader_close (loader, &error);
-  g_assert_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE);
 
-  pixbuf = gdk_pixbuf_loader_get_pixbuf (loader);
-  g_assert_nonnull (pixbuf);
+  if (error != NULL && error->domain == GDK_PIXBUF_ERROR && error->code == GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY)
+    g_test_message ("OK: failed reporting insufficient memory: %s", error->message);
+  else
+    g_assert_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE);
 
   g_object_unref (loader);
   g_free (contents);

Original file line number	Diff line number	Diff line change
`@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,`
`208`	`208`	`/* Invalid code received - just stop here */`
`209`	`209`	`if (self->code >= self->code_table_size) {`
`210`	`210`	`self->last_code = self->eoi_code;`
`211`		`- return output_length;`
	`211`	`+ return n_written;`
`212`	`212`	`}`
`213`	`213`
`214`	`214`	`/* Convert codeword into indexes */`