Bug 152766 - CAN-2004-0753,0782,0783,0788 gdk-pixbuf bmp image loader DOS
CAN-2004-0753,0782,0783,0788 gdk-pixbuf bmp image loader DOS
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: gdk-pixbuf (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
LEGACY, rh73, rh90
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-23 14:00 EDT by Marc Deslauriers
Modified: 2007-04-18 13:22 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-05 19:20:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:26:42 EST
An infinite loop has been found in the gdk-pixbuf BMP image loader.

http://bugzilla.gnome.org/show_bug.cgi?id=150601
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130455
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130441



------- Additional Comments From dwb7@ccmr.cornell.edu 2004-08-31 08:32:37 ----

Welp, this is the patch mentioned in the gnome bug report. Doesn't look anything
like what is in DoCompressed in the version of gdk-pixbuf in rh7.3

Index: io-bmp.c
===================================================================
RCS file: /cvs/gnome/gtk+/gdk-pixbuf/io-bmp.c,v
retrieving revision 1.41
diff -u -p -r1.41 io-bmp.c
--- io-bmp.c	13 Aug 2004 02:26:57 -0000	1.41
+++ io-bmp.c	20 Aug 2004 00:18:14 -0000
@@ -876,8 +876,10 @@ DoCompressed(struct bmp_progressive_stat
 	guchar c;
 	gint idx;
 
-	if (context->compr.y >= context->Header.height)
+	if (context->compr.y >= context->Header.height) {
+		context->BufferDone = 0;
 		return TRUE;
+	}
 
 	y = context->compr.y;
 




------- Additional Comments From peak@argo.troja.mff.cuni.cz 2004-09-15 12:53:25 ----

gdk-pixbuf 0.14 is too old.
RHEL AS 2.1 was upgraded to 0.22 in March 2004 (RHSA-2004:103-05)

It might be possible to backport the fix to 0.14 but 0.14's version of io-bmp.c
appears to be 1. unreadable (compared to 0.22), 2. ripe with other bugs
(including a nasty buffer overflow (different from CAN-2004-0111) fixed in
0.22), ergo I think it would be a total waste of time to try to fix 0.14.




------- Additional Comments From michal@harddata.com 2004-09-15 13:22:21 ----

Created an attachment (id=840)
A patch to fix CAN-2004-0782, CAN-2004-0783

RHSA-2004:447-23 from 2004-09-15 includes patches for the original
CAN-2004-0753
but also for CAN-2004-0782, CAN-2004-0783 (a heap overflow in the XPM image
decoder) and CAN-2004-0788 (an integer overflow in the ICO image decoder).
Looking at the source code I cannot tell if the original, CAN-2004-0753,
affects gdk-pixbuf-0.14.0 or not; but at least two patches from the quoted
advisory apply on the top of gdk-pixbuf-0.14.0-9.legacy.2.src.rpm.
Here is one for loaders.



------- Additional Comments From michal@harddata.com 2004-09-15 13:25:08 ----

Created an attachment (id=841)
a patch for gdk-pixbuf.m4 

Another patch from RHSA-2004:447-23 advisory



------- Additional Comments From michal@harddata.com 2004-09-15 13:34:29 ----

Created an attachment (id=842)
A patch needed for gdk-pixbuf-0.22.0-11.1.2E.src.rpm to work on RH7.3

RHEL 2.1AS also used originally gdk-pixbuf-0.14.0 and it switched some time ago

to gdk-pixbuf-0.22.0.  We can follow that suit.
gdk-pixbuf-0.22.0-11.1.2E.src.rpm
recompiles without any problems on RH7.3 system but there is a catch.
A loaders patch introduces undefined g_try_malloc function and bad things
happen
if you will try to load an xpm file.  Replacing it with g_malloc restores
an order and everything works fine again.  I strongly suspect that RHEL 2,
as opposed to 3, will have the same problem.  This patch make this minor
substitution.



------- Additional Comments From michal@harddata.com 2004-09-15 17:52:37 ----

Ah, not so long after my remarks a new gdk-pixbuf-0.22.0-11.2.2E.src.rpm
showed up with the following entry in '%changelog':

* Wed Sep 15 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.2E
- Fix a bug in the previous change that broke the xpm loader

It is using malloc() instead of a wrong g_try_malloc() and where I put
g_malloc().  There is no real difference between these two fix options
but 0.22.0-11.2.2E could be used as a base for a legacy release.  This
will recompile without any extra patches.




------- Additional Comments From peak@argo.troja.mff.cuni.cz 2004-09-15 23:49:06 ----

The use of malloc() instead of g_malloc() is deliberate. g_malloc() aborts the
program when it runs out of memory. malloc() (as well as g_try_malloc()
introduced in newer versions of glib) does not abort and returns NULL.
Nevertheless, the use of aborting and non-aborting memory allocation is far from
consistent in 0.22, therefore it does not really matter which one is used.



------- Additional Comments From peak@argo.troja.mff.cuni.cz 2004-09-16 00:02:29 ----

Created an attachment (id=844)
spec for 7.3

Here is a proposed spec for 7.3.
I added some BuildPrereqs to make sure all loaders are built.
The version is 0.22.0-7.legacy. This is newer than the last RH9 version
(0.22.0-6.1.0) and older than current FC1 version (0.22.0-11.3.5).
A package built with this spec passes the "smoke test".



------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-18 16:30:42 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages for rh73 and rh9 to QA.
They are based on the RHEL ones and Pavel's spec file.

Changelog:
* Sat Sep 18 2004 Marc Deslauriers <marcdeslauriers@videotron.ca>
1:0.22.0-7.90.1.legacy
- - Changed release number and ajusted spec file parameters for rh9
 
* Thu Sep 16 2004 Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> 1:0.22.0-7.legacy
- - added buildreqs from previous legacy pkgs (minus pointless libdb1-devel)
- - fix for CAN-2004-0111 included in 0.22.0

7.3:
a0c3f816498e14b77351265b38f14bc44b6ff576  gdk-pixbuf-0.22.0-7.73.1.legacy.i386.rpm
02419834e00b4027d36e0c5989d61e0350e2bd09  gdk-pixbuf-0.22.0-7.73.1.legacy.src.rpm
0dce4786f45e8c20ce0709a9839178edf2dce660 
gdk-pixbuf-devel-0.22.0-7.73.1.legacy.i386.rpm
44afb40fb128a4aec73e3354848a2fe602abc46c 
gdk-pixbuf-gnome-0.22.0-7.73.1.legacy.i386.rpm

9:
091fe2bb5f880ecffa7bcfee4d482219ce293d70  gdk-pixbuf-0.22.0-7.90.1.legacy.i386.rpm
ebc7eb1913db8c3dd01e66c5cefab504e645955d  gdk-pixbuf-0.22.0-7.90.1.legacy.src.rpm
973c2112b573982520d97a3bdbdc618ef6cdfff8 
gdk-pixbuf-devel-0.22.0-7.90.1.legacy.i386.rpm
6818f34cc8be7806fb04d019d11028cd8736d926 
gdk-pixbuf-gnome-0.22.0-7.90.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-0.22.0-7.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-0.22.0-7.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-devel-0.22.0-7.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-gnome-0.22.0-7.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-0.22.0-7.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-0.22.0-7.90.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-devel-0.22.0-7.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-gnome-0.22.0-7.90.1.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBTO9hLMAs/0C4zNoRAszuAKCI79enDUvF7FKQiiRIrxjV7wM8NwCaA1XB
zcBnyfpB6nT2bLXGfIGFNWU=
=Qv0u
-----END PGP SIGNATURE-----




------- Additional Comments From barryn@pobox.com 2004-09-23 09:36:27 ----

I tried the RH 7.3 packages mentioned in comment #9 and they worked in my
testing. (I didn't try exploits against them or anything like that, but I did
make sure that they didn't break anything.)

This isn't formally an approval of the packages for various reasons (including
the fact that I'm not signing this post) but I'll try to post something with
official validity (and post a Self-Introduction to the mailing list) at some
point in the next few days (hopefully before Sunday).



------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-03 15:30:38 ----

I just noticed Red Hat's advisory was updated to correct smoe patches, we should
make sure ours are OK as we got them from theirs.

https://rhn.redhat.com/errata/RHSA-2004-447.html




------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-21 16:21:53 ----

OK, the patches used in the packages in comment 9 are good.

We need to QA them.



------- Additional Comments From ckelley@ibnads.com 2004-10-25 05:26:04 ----

Created an attachment (id=897)
Differences between Redhat's gdk-pixbuf-0.14.0-8 and
gdk-pixbuf-0.22.0-7.73.1.legacy




------- Additional Comments From ckelley@ibnads.com 2004-10-25 05:26:20 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
02419834e00b4027d36e0c5989d61e0350e2bd09  gdk-pixbuf-0.22.0-7.73.1.legacy.src.rpm
 
 - gdk-pixbuf-0.18.0-gmodulehack.patch : simple build patch
 - gdk-pixbuf-0.22.0-acquote.patch : simple autoconf patch
 - gdk-pixbuf-0.22.0-bmp-colormap.patch : changes signed ints to unsigned, checks
   bitdepth in a few routines, looks good
 - gdk-pixbuf-0.22.0-bmploop.patch : boundary check, simple and good
 - gdk-pixbuf-0.22.0-ico-width.patch : simple patch to fix a bug, looks good
 - gdk-pixbuf-0.22.0-libtool15.patch : simple build patch
 - gdk-pixbuf-0.22.0-loaders.patch : some new g_warnings with boundary checks,
   also some checks for returns on malloc; g_* calls converted to malloc/free;
   looks good
 - gdk-pixbuf-underquoted.patch : another autoconf patch
 - source builds fine
 - updstream checks out
 - package installs fine; gaim/gimp run fine
 
There are a LOT of differences between this and gdk-pixbuf-0.14.0-8; I'm including
an attachment of them.  If these differences are intentional, then +PUBLISH
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBfRqiyQ+yTHz+jJkRAhbdAJ4rftTrxXSZjKnqPbkY1B+Gi7Ja4QCfZOsB
tQjLn6q9uMq8IO6QaPAOqIo=
=Ddx6
-----END PGP SIGNATURE-----




------- Additional Comments From ckelley@ibnads.com 2004-10-25 05:40:09 ----

I didn't mention it, but I feel that the changes noted in comment #13 are benign
(docs and library version numbers); but I felt I should pass them along anyway,
just in case.



------- Additional Comments From peak@argo.troja.mff.cuni.cz 2004-10-26 23:59:34 ----

1. filename changes under /usr/lib/gdk-pixbuf/loaders are harmless (as long as
all formats supported by the old version are supported by the new version too)
because no one but libgdk_pixbuf.so itself should load those libraries
2. changes under /usr/share/doc/ are harmless ex definitiones




------- Additional Comments From pekkas@netcore.fi 2004-12-15 22:41:49 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
                                                                               
                       
QA for RHL9 SRPM w/ rpm-build-compare.sh:
 - Sources, patches and spec OK wrt RHEL update
 - Changes to spec compared to the earlier RHL9 seem OK, a few
   buildrequires changes, but that should be OK.
                                                                               
                       
NOTE:
 - Red Hat has already release gdk-pixbuf update for RHL9,
   gdk-pixbuf-0.22.0-6.1.0.src.rpm.  We can assume folks have already
   installed that and it works. The security patches could have been
   better ported against that, instead of going to RHEL version.
                                                                               
                       
So there are two ways forward here:
 a) Go for it as it is.
                                                                               
                       
    It will require a bit more attention at VERIFY stage to
    see that it works correctly.
                                                                               
                       
    In that case, +PUBLISH (RHL9)
                                                                               
                       
 b) Go back, and redo the RHL9 RPMs against gdk-pixbuf-0.22.0-6.1.0.
    Requires smaller amount of QA later, but requires respinning the
    packages.
                                                                               
                       
ebc7eb1913db8c3dd01e66c5cefab504e645955d  gdk-pixbuf-0.22.0-7.90.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
                                                                               
                       
iD8DBQFBwUolGHbTkzxSL7QRAic9AJ91yfSB+PpkQqiwqKll6Zus/wJe4ACdGCjB
FoJRlA33nAj9wV8SFLfDOLg=
=vLYx
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2004-12-16 19:11:48 ----

In response to comment #17: 

gdk-pixbuf-0.22.0-7.90.1.legacy is the equivalent of 0.22.0-6.1.0 but with the
security patches added and a couple of missing BuildRequires added also.

I don't see a reason why we should rebuild it by adding the security patches to
6.1.0 as the end result will be the same...






------- Additional Comments From pekkas@netcore.fi 2004-12-16 20:31:43 ----

It's not fully equivalent. It also has:

- new gdk-pixbuf-0.22.0-loaders.patch
- new gdk-pixbuf-underquoted.patch
- local-hack-gmoule.tar.gz replaced with local-hack-gmodule2.tar.gz
  (though these have only very trivial differences)
- a slightly more complex spec file because it has RHEL cruft

But as said, I've reviewed the proposed one for correctness (against the RHEL
update), and provided that someone is willing to give it a bit more scrutiny at
VERIFY, I'm OK with it.



------- Additional Comments From jpdalbec@ysu.edu 2005-01-03 11:48:00 ----

> * Thu Sep 16 2004 Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> 1:0.22.0-7.legacy
> - added buildreqs from previous legacy pkgs (minus pointless libdb1-devel)
> - fix for CAN-2004-0111 included in 0.22.0

db1-devel is not pointless.  If it is not installed the following error occurs:

gcc -shared  gnome-canvas-pixbuf.lo  -L/usr/lib -L/usr/X11R6/lib -lgnomeui
-lart_lgpl -lgdk_imlib -lSM -lICE /usr/lib/libgtk.so /usr/lib/libgdk.so
/usr/lib/libgmodule.so -ldl -lXi -lXext -lX11 -lgnome -lgnomesupport
/usr/lib/libesd.so -laudiofile -lm -ldb1 /usr/lib/libglib.so  -Wl,-soname
-Wl,libgnomecanvaspixbuf.so.1 -o .libs/libgnomecanvaspixbuf.so.1.0.0
/usr/bin/ld: cannot find -ldb1
collect2: ld returned 1 exit status
make[3]: *** [libgnomecanvaspixbuf.la] Error 1
make[3]: Leaving directory `/usr/src/rpm/BUILD/gdk-pixbuf-0.22.0/gdk-pixbuf'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/src/rpm/BUILD/gdk-pixbuf-0.22.0/gdk-pixbuf'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/rpm/BUILD/gdk-pixbuf-0.22.0'
make: *** [all-recursive-am] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.21806 (%build)



------- Additional Comments From jpdalbec@ysu.edu 2005-01-03 12:12:28 ----

I get the following error when I try to build gdk-pixbuf in mach:

/bin/sh ../libtool  --mode=install /usr/bin/install -c libpixbufloader-png.la /v
ar/tmp/gdk-pixbuf-0.22.0-root//usr/lib/gdk-pixbuf/loaders/libpixbufloader-png.la
libtool: install: warning: relinking `libpixbufloader-png.la'
(cd /usr/src/rpm/BUILD/gdk-pixbuf-0.22.0/gdk-pixbuf; /bin/sh ../libtool --mode=r
elink gcc -O2 -march=i386 -mcpu=i686 -o libpixbufloader-png.la -rpath /usr/lib/g
dk-pixbuf/loaders -module -avoid-version io-png.lo -lpng -lz libgdk_pixbuf.la -L
/usr/lib -L/usr/X11R6/lib -lgtk -lgdk -rdynamic -lgmodule -lglib -ldl -lXi -lXex
t -lX11 -lm)
gcc -shared  io-png.lo  -L/usr/X11R6/lib -lpng -lz -L/usr/lib -lgdk_pixbuf -lgtk
 -lgdk -lgmodule -lglib -ldl -lXi -lXext -lX11 -lm   -Wl,-soname -Wl,libpixbuflo
ader-png.so -o .libs/libpixbufloader-png.so
/usr/bin/ld: cannot find -lgdk_pixbuf
collect2: ld returned 1 exit status
libtool: install: error: relink `libpixbufloader-png.la' with the above command 
before installing it
libtool: install: warning: remember to run `libtool --finish /usr/lib/gdk-pixbuf
/loaders'

which leads to

RPM build errors:
    File not found by glob: /var/tmp/gdk-pixbuf-0.22.0-root/usr/lib/gdk-pixbuf/l
oaders/lib*.so*
    File not found by glob: /var/tmp/gdk-pixbuf-0.22.0-root/usr/lib/gdk-pixbuf/l
oaders/lib*.a

libgdk_pixbuf.so can be found in .libs and also in $RPM_BUILD_ROOT/usr/lib but
libtool does not appear to be looking in either directory.

Any ideas?




------- Additional Comments From peak@argo.troja.mff.cuni.cz 2005-01-03 13:36:46 ----

> db1-devel is not pointless.

Oops. Well, it is pointless but gnome-config --libs insists on including it in
the list of libraries even if no one uses it. Re-adding it to the list of
BuildReqs is ugly but it is probably the easiest way to solve that. :P

> /usr/bin/ld: cannot find -lgdk_pixbuf

Chicken and egg problem. Libtool expects libgdk_pixbuf in /usr/lib but it is not
there because the package is being built right now, and its files are installed
into the buildroot. In fact, the build process is broken even in non-mach
environment because libtool uses the old installed libgdk_pixbuf to link loaders
(fortunately, this does not matter in most cases).

I have not found a clean way to convince libtool to work but there are dirty
ways to do it. For instance, you can add this (or anything equivalent) to
%install before make install:

perl -i -e "if (/^relink_command=/) {
  s!libgdk_pixbuf.la!$RPM_BUILD_DIR/%{_libdir}/libgdk_pixbuf.so!;
}" gdk-pixbuf/.libs/libpixbufloader*.la

This chance should make libtool use libgdk_pixbuf.so from the buildroot.




------- Additional Comments From jpdalbec@ysu.edu 2005-01-07 07:08:44 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

New RHL 7.3 gdk-pixbuf packages are available from
http://www.fedora-legacy.org/contrib/gdk-pixbuf/

sha1sums:
6d3abda3abe154d8aab20941ae263700840e4193
gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm

132d418d0268f68054a4b02302c9826a348fb5a9
gdk-pixbuf-0.22.0-7.73.2.legacy.src.rpm

c07cf85a0e3625217e2725a868b09064b61c6470
gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm

a70c4f9a0864173d31a718c09775a00f1e157771
gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm

I had installed the 0.14.0-9.legacy.1 RPMs in updates-testing which broke image
display in GNOME.  I've installed the binary RPMs on my RHL 7.3 VMware virtual
machine and images started working again.  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFB3sAaJL4A+ldA7asRAkB4AKCQvhDElewhQOk2Q06RiY7SO0VQQwCbB6bj
wjoC4VT1Pv13Y6fKTG9i5a4=
=ZW5B
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas@netcore.fi 2005-01-07 23:27:41 ----

s/fedora-legacy/fedoralegacy/ above..

I verified John's RHL73 package against that from Marc (#9), and the changes are OK.

With respect to my comment #19, I am still uncertain, but it's probably best to
just use these ones, because nobody seems to want to bother creating new
packages, and they seem to work at least for John.



------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-09 16:15:46 ----

Packages were pushed to updates-testing.



------- Additional Comments From mschout@gkg.net 2005-02-10 14:59:35 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

a29384912cdf63b635694050c1ecf2f8f56f2e3c
  gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm
2e9223509766118f53b1934f77ed9d625558772c
  gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm
550e131ff9707a021c1949472ed94c23aec2391c
  gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm

* rpm --checksig:
gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm: md5 gpg OK
gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm: md5 gpg OK
gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm: md5 gpg OK

* packages install/update with no errors.

* images in gnome still work, so looks like it works normally.

+VERIFY RH 7.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCDAP3+CqvSzp9LOwRAjMmAJ9iWz6gxuSORKTJcIlPnw2VDaI+zgCfeqKT
mk3ZCLOHgxl9fF3ZP42GAzo=
=wOkP
-----END PGP SIGNATURE-----



------- Additional Comments From pekkas@netcore.fi 2005-02-21 22:39:43 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA
 - GPG signature OK
 - rpm-build-compare.sh on binaries looks OK
 - installs nicely
 - two applications using gdk-pixbuf (mrproject, gtkhtml) run OK
 
+VERIFY RHL9
 
1783c789f1eca62ee264eb7dd5aaef93084a154a  gdk-pixbuf-0.22.0-7.90.2.legacy.i386.rpm
a7c5d85e2d367b81425ddd0eab32fb18b1b316b2 
gdk-pixbuf-devel-0.22.0-7.90.2.legacy.i386.rpm
50eea5f1886468a5ec6c9d0d10765afcae9791a1 
gdk-pixbuf-gnome-0.22.0-7.90.2.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCGu+YGHbTkzxSL7QRAtOAAKDV5i+kxefLy0nChr1GbW0ErJlH3QCeKWIB
Pi1oShVdhs9p7FfmixRNFYw=
=B4kO
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-23 17:56:55 ----

Packages were pushed to official updates.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:26 -------

This bug previously known as bug 2005 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2005
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
A patch to fix CAN-2004-0782, CAN-2004-0783
https://bugzilla.fedora.us/attachment.cgi?action=view&id=840
a patch for gdk-pixbuf.m4 
https://bugzilla.fedora.us/attachment.cgi?action=view&id=841
A patch needed for gdk-pixbuf-0.22.0-11.1.2E.src.rpm to work on RH7.3
https://bugzilla.fedora.us/attachment.cgi?action=view&id=842
spec for 7.3
https://bugzilla.fedora.us/attachment.cgi?action=view&id=844
Differences between Redhat's gdk-pixbuf-0.14.0-8 and gdk-pixbuf-0.22.0-7.73.1.legacy
https://bugzilla.fedora.us/attachment.cgi?action=view&id=897

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity major. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.