Debian Bug report logs -
#875704
gdk-pixbuf: please make the output of gdk-pixbuf-query-loaders reproducible
Reported by: Chris Lamb <lamby@debian.org>
Date: Wed, 13 Sep 2017 19:30:01 UTC
Severity: wishlist
Tags: patch
Found in version gdk-pixbuf/2.36.5-4
Fixed in version gdk-pixbuf/2.36.10-1
Done: Emilio Pozuelo Monfort <pochu@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#875704; Package src:gdk-pixbuf.
(Wed, 13 Sep 2017 19:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>.
(Wed, 13 Sep 2017 19:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: gdk-pixbuf
Version: 2.36.5-4
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: toolchain filesystemordering
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0], we noticed
that the output from gdk-pixbuf's gdk-pixbuf-query-loaders was
not reproducible
This is because libgdk-pixbuf2.0-0's postinst script iterates over
the filesystem without sorting. It was found whilst testing the Tails
[1] ISO for reproducibility issues.
Patch attached.
[0] https://reproducible-builds.org/
[1] https://tails.boum.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
[gdk-pixbuf.diff.txt (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#875704; Package src:gdk-pixbuf.
(Wed, 13 Sep 2017 19:39:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>.
(Wed, 13 Sep 2017 19:39:10 GMT) (full text, mbox, link).
Message #10 received at 875704@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Chris Lamb wrote:
> Patch attached.
Updated patch attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
[gdk-pixbuf.diff.txt (text/plain, attachment)]
Added tag(s) pending.
Request was from Emilio Pozuelo Monfort <pochu@debian.org>
to control@bugs.debian.org.
(Tue, 19 Sep 2017 21:39:06 GMT) (full text, mbox, link).
Reply sent
to Emilio Pozuelo Monfort <pochu@debian.org>:
You have taken responsibility.
(Tue, 19 Sep 2017 22:09:09 GMT) (full text, mbox, link).
Notification sent
to Chris Lamb <lamby@debian.org>:
Bug acknowledged by developer.
(Tue, 19 Sep 2017 22:09:09 GMT) (full text, mbox, link).
Message #17 received at 875704-close@bugs.debian.org (full text, mbox, reply):
Source: gdk-pixbuf
Source-Version: 2.36.10-1
We believe that the bug you reported is fixed in the latest version of
gdk-pixbuf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 875704@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated gdk-pixbuf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 19 Sep 2017 23:39:30 +0200
Source: gdk-pixbuf
Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb gir1.2-gdkpixbuf-2.0
Architecture: source
Version: 2.36.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection
libgdk-pixbuf2.0-0 - GDK Pixbuf library
libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb)
libgdk-pixbuf2.0-bin - GDK Pixbuf library (thumbnailer)
libgdk-pixbuf2.0-common - GDK Pixbuf library - data files
libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files)
libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation)
Closes: 874552 875704
Changes:
gdk-pixbuf (2.36.10-1) unstable; urgency=medium
.
[ Jeremy Bicha ]
* New upstream release 2.36.9.
* Drop obsolete 0001-skip-perturb-for-cve-2015-4491-original-test.patch
* debian/libgdk-pixbuf2.0-0.symbols: Add new symbol
.
[ Emilio Pozuelo Monfort ]
* New upstream release 2.36.10.
- CVE-2017-2862: fix code execution vulnerability in jpeg loader.
Closes: #874552.
* Switch to copyright format 1.0.
* copyright: exclude non-free test ref images.
* rules: drop obsolete dh_strip --dbgsym-migration switch.
* postinst: make loaders.cache reproducible. Thanks Chris Lamb for the
patch. Closes: #875704.
Checksums-Sha1:
9b2275f6d86b4fc9a32b48b477ef161645a618d7 2925 gdk-pixbuf_2.36.10-1.dsc
1d0a8e77214d59645473535f5efb2d7837d05750 5497116 gdk-pixbuf_2.36.10.orig.tar.xz
4e866228368033ab943bf0df9574dc5c99a15610 13468 gdk-pixbuf_2.36.10-1.debian.tar.xz
7b568a4b5b52c4fb71b9fb52733aa57d9fbcd987 7811 gdk-pixbuf_2.36.10-1_source.buildinfo
Checksums-Sha256:
ef75ef876dc753c3454f6634a452385dd60404b8e3d4076a11cf60d51345245d 2925 gdk-pixbuf_2.36.10-1.dsc
9226eee3be46811d25e3f2d9a1267ad6d8e78d9af95d8bc68d6556e92f3f0aaf 5497116 gdk-pixbuf_2.36.10.orig.tar.xz
c2c77ec156d79af102d57d1cadbafac5d36dec9445fd7e1705f3d50884d51ebf 13468 gdk-pixbuf_2.36.10-1.debian.tar.xz
1ebdad2d2c77b861badbbf702f3a574d016c646ab70e8de30ad0d15fc5e7cf6a 7811 gdk-pixbuf_2.36.10-1_source.buildinfo
Files:
b20fb3c4d3b59b03e20ea3d22938de1d 2925 libs optional gdk-pixbuf_2.36.10-1.dsc
db7251a0f639617b94de1a0616908e6a 5497116 libs optional gdk-pixbuf_2.36.10.orig.tar.xz
62da12266104f6e39b4cbe3fcee9ad50 13468 libs optional gdk-pixbuf_2.36.10-1.debian.tar.xz
11427115aface882ab2d93fda732568c 7811 libs optional gdk-pixbuf_2.36.10-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnBjrAACgkQnUbEiOQ2
gwIalhAAtGgKq0bwpFQNRSBhWb3CaWLl2EmPjjCiEZ+BAGwIkcJaToavIXaC+bTs
RfydRQY7jBDwZQxDRM4Jh+d8shO0Kxot+soRFvpr+g017vgoZpg7spQnBL2QuxLr
4snIhjtlx/BKe48OkRt0w5wU2MPQ4RaS1hjCyAyv5PpNUps1cmOkjs7uuuyx6uoF
uEEvvmmwvUSQfCUMm7fklwVS1ZBxFFTPNvOtupiaAX1eO0Nt9PFS3mDa8YV/qPXd
6n3VLt+0vRTZ217FC+Cd//74TaJQGZ66YBWVjXD1FW8M9GQ/le3Tc2VHxEc/bJBL
N8ebXVE7OQM7Rq1ON14otIOJzUNZRcqisumFZsns8EFtZe/9z2HyRYtT8BpZLxZK
lvOgxVpp8CJxt5cSnJEwzVKeNtKZvcireE54lWgEijAZDqqZQruRMashPD52PkWQ
kY9XXpHYqxupQ7htBC3nhzCrPZYhCDj+RZ07Hz/b912GJTDhnm7rBVesmbJ5Cejq
h17iZEOdPNDw4Paki3pWj5Ddfq1hz4zznY70cx6av63RbxyM7VGb0R1pfSCMKaVd
dBI7fZbowzE22rpB2pVN2Xxv7qIZKcHRwtSnM5Q+VLC5hrHV9TcdXR5pE5xTNbnr
svPp8jSrqZEdDhIPche7FBTNdoanbHP+8B8ud3VP+AUCWjg4X9c=
=J95R
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 18 Oct 2017 07:25:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Aug 19 15:09:39 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.