diff -Nru gdk-pixbuf-2.36.5/debian/changelog gdk-pixbuf-2.36.5/debian/changelog --- gdk-pixbuf-2.36.5/debian/changelog 2018-01-15 00:04:23.000000000 +0100 +++ gdk-pixbuf-2.36.5/debian/changelog 2018-01-17 08:31:42.000000000 +0100 @@ -1,3 +1,13 @@ +gdk-pixbuf (2.36.5-2+deb9u2.0tails1) bugfix-15177-rebase-gdk-pixbuf-on-deb9u2; urgency=medium + + * Non-maintainer upload. + * Merge from Debian. Remaining changes: + - Add patch: 0001-queryloaders-Make-output-more-reproducible.patch + - Sort loaders.cache when generated after installation, and triggered + when an application installs a GdkPixbuf loader + + -- intrigeri Wed, 17 Jan 2018 07:31:42 +0000 + gdk-pixbuf (2.36.5-2+deb9u2) stretch-security; urgency=medium * Fix CVE-2017-1000422 (and while we're add it also add patches for three @@ -5,12 +15,36 @@ -- Moritz Mühlenhoff Mon, 15 Jan 2018 00:04:23 +0100 +gdk-pixbuf (2.36.5-2+deb9u1.0tails1) bugfix-14729-gdk-pixbuf-cve-2017-2862; urgency=medium + + * Non-maintainer upload. + * Merge from Debian. Remaining changes: + - Add patch: 0001-queryloaders-Make-output-more-reproducible.patch + - Sort loaders.cache when generated after installation, and triggered + when an application installs a GdkPixbuf loader + + -- intrigeri Mon, 06 Nov 2017 16:54:05 +0000 + gdk-pixbuf (2.36.5-2+deb9u1) stretch-security; urgency=medium * CVE-2017-2862 -- Moritz Muehlenhoff Thu, 14 Sep 2017 23:16:04 +0200 +gdk-pixbuf (2.36.5-2.0tails2) bugfix-13442-reproducible-gdk-pixbuf-loaders.cache; urgency=medium + + * Sort loaders.cache when generated after installation, and triggered + when an application installs a GdkPixbuf loader + + -- anonym Wed, 13 Sep 2017 21:57:17 +0200 + +gdk-pixbuf (2.36.5-2.0tails1) bugfix-13442-reproducible-gdk-pixbuf-loaders.cache; urgency=medium + + * Non-maintainer upload. + * Add patch: 0001-queryloaders-Make-output-more-reproducible.patch + + -- anonym Thu, 07 Sep 2017 13:46:15 +0200 + gdk-pixbuf (2.36.5-2) unstable; urgency=medium * Unbranch - that was short lived. Upload the stable release to unstable. diff -Nru gdk-pixbuf-2.36.5/debian/libgdk-pixbuf2.0-0.postinst.in gdk-pixbuf-2.36.5/debian/libgdk-pixbuf2.0-0.postinst.in --- gdk-pixbuf-2.36.5/debian/libgdk-pixbuf2.0-0.postinst.in 2011-07-28 18:18:01.000000000 +0200 +++ gdk-pixbuf-2.36.5/debian/libgdk-pixbuf2.0-0.postinst.in 2018-01-17 08:29:32.000000000 +0100 @@ -14,7 +14,7 @@ # This is triggered everytime an application installs a # GdkPixbuf loader /usr/lib/#MULTIARCH#/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \ - $(find $LOADERS_DIR $LOADERS_DIR_OLD -name *.so 2> /dev/null) \ + $(find $LOADERS_DIR $LOADERS_DIR_OLD -name *.so 2> /dev/null | LC_ALL=C sort) \ > /usr/lib/#MULTIARCH#/gdk-pixbuf-2.0/2.10.0/loaders.cache || true ;; esac @@ -28,6 +28,6 @@ # Also handle the initial installation if [ -d $LOADERS_DIR ] || [ -d $LOADERS_DIR_OLD ]; then /usr/lib/#MULTIARCH#/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \ - $(find $LOADERS_DIR $LOADERS_DIR_OLD -name *.so 2> /dev/null) \ + $(find $LOADERS_DIR $LOADERS_DIR_OLD -name *.so 2> /dev/null | LC_ALL=C sort) \ > /usr/lib/#MULTIARCH#/gdk-pixbuf-2.0/2.10.0/loaders.cache || true fi diff -Nru gdk-pixbuf-2.36.5/debian/patches/0001-queryloaders-Make-output-more-reproducible.patch gdk-pixbuf-2.36.5/debian/patches/0001-queryloaders-Make-output-more-reproducible.patch --- gdk-pixbuf-2.36.5/debian/patches/0001-queryloaders-Make-output-more-reproducible.patch 1970-01-01 01:00:00.000000000 +0100 +++ gdk-pixbuf-2.36.5/debian/patches/0001-queryloaders-Make-output-more-reproducible.patch 2018-01-17 08:29:32.000000000 +0100 @@ -0,0 +1,49 @@ +From 33d7e78a843cbc2bc4b9a36e9a59cec7d006f0f6 Mon Sep 17 00:00:00 2001 +From: Jussi Kukkonen +Date: Fri, 9 Jun 2017 11:03:19 +0300 +Subject: [PATCH] queryloaders: Make output more reproducible + +Reproducible builds are good: Sort the output by module name so that +same input always leads to same output. + +This should also make gdk-pixbuf-print-mime-types output and +gdk-pixbuf-thumbnailer.thumbnailer reproducible. +--- + gdk-pixbuf/queryloaders.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/gdk-pixbuf/queryloaders.c b/gdk-pixbuf/queryloaders.c +index a9ca01524..3cb5517d4 100644 +--- a/gdk-pixbuf/queryloaders.c ++++ b/gdk-pixbuf/queryloaders.c +@@ -341,6 +341,7 @@ int main (int argc, char **argv) + #ifdef USE_GMODULE + const char *path; + GDir *dir; ++ GList *l, *modules = NULL; + + path = g_getenv ("GDK_PIXBUF_MODULEDIR"); + #ifdef G_OS_WIN32 +@@ -360,11 +361,18 @@ int main (int argc, char **argv) + gint len = strlen (dent); + if (len > SOEXT_LEN && + strcmp (dent + len - SOEXT_LEN, SOEXT) == 0) { +- query_module (contents, path, dent); ++ modules = g_list_prepend (modules, ++ g_strdup (dent)); + } + } + g_dir_close (dir); + } ++ ++ modules = g_list_sort (modules, (GCompareFunc)strcmp); ++ for (l = modules; l != NULL; l = l->next) ++ query_module (contents, path, l->data); ++ ++ g_list_free_full (modules, g_free); + #else + g_string_append_printf (contents, "# dynamic loading of modules not supported\n"); + #endif +-- +2.11.0 + diff -Nru gdk-pixbuf-2.36.5/debian/patches/series gdk-pixbuf-2.36.5/debian/patches/series --- gdk-pixbuf-2.36.5/debian/patches/series 2018-01-15 00:04:23.000000000 +0100 +++ gdk-pixbuf-2.36.5/debian/patches/series 2018-01-17 08:29:32.000000000 +0100 @@ -1,3 +1,4 @@ 0001-skip-perturb-for-cve-2015-4491-original-test.patch +0001-queryloaders-Make-output-more-reproducible.patch CVE-2017-2862.patch CVE-2017-1000422_CVE-2017-6312_CVE-2017-6313_CVE-2017-6314.patch