What's the rational to want to push for a newer version at this point of the cycle and what sort of testing was done to ensure it's not including potential regressions? The security fixes are included as patches in the current package revision...
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libwebp in Ubuntu. https://bugs.launchpad.net/bugs/2037527 Title: [Ffe] libwebp Status in libwebp package in Ubuntu: Incomplete Bug description: - 9/13/2023: version 1.3.2 This is a binary compatible release. * security fix for lossless decoder (chromium: #1479274, CVE-2023-4863) - 6/23/2023: version 1.3.1 This is a binary compatible release. * security fixes for lossless encoder (#603, chromium: #1420107, #1455619, CVE-2023-1999) * improve error reporting through WebPPicture error codes * fix upsampling for RGB565 and RGBA4444 in NEON builds * img2webp: add -sharp_yuv & -near_lossless * Windows builds: - fix compatibility with clang-cl (#607) - improve Arm64 performance with cl.exe - add Arm64EC support * fix webp_js with emcc >= 3.1.27 (stack size change, #614) * CMake fixes (#592, #610, #612) * further updates to the container and lossless bitstream docs (#581, #611) - 12/16/2022: version 1.3.0 This is a binary compatible release. * add libsharpyuv, which exposes -sharp_yuv/config.use_sharp_yuv functionality to other libraries; libwebp now depends on this library * major updates to the container and lossless bitstream docs (#448, #546, #551) * miscellaneous warning, bug & build fixes (#576, #583, #584) Moreover the LP: #2013083 can be closed in this release. The non-bugfix changes are related to a new library added, that is used probably by firefox and chromium (next releases? or maybe they are using the embedded library) Changes since mantic version 1.2.4-0.3 ====================================== libwebp (1.3.2-0.3) unstable; urgency=medium * Non-maintainer upload. * Fix invalid incremental decoding check. (Closes: #1052447) * Fix next is invalid pointer when WebPSafeMalloc fails * Fix static analyzer warnings. -- Salvatore Bonaccorso Fri, 22 Sep 2023 09:41:18 +0200 libwebp (1.3.2-0.2) unstable; urgency=medium * Non-maintainer upload. * debian/control: Add missing dependency libwebp-dev => libsharpyuv-dev. (Closes: #1052355) -- Boyuan Yang Wed, 20 Sep 2023 15:59:13 -0400 libwebp (1.3.2-0.1) unstable; urgency=medium * Non-maintainer upload. * Upload to unstable. -- Boyuan Yang Wed, 20 Sep 2023 11:03:28 -0400 libwebp (1.3.2-0.1~exp2) experimental; urgency=medium * Non-maintainer upload. [ Gianfranco Costamagna ] * Also install .a files again. * Make sure we have built and installed anim_dump and anim_diff. (Closes: #1023482) -- Boyuan Yang Fri, 15 Sep 2023 14:41:40 -0400 libwebp (1.3.2-0.1~exp1) experimental; urgency=medium * Non-maintainer upload. * New upstream release 1.3.2. + The 1.3.x branch introduces libsharpyuv, which will be introduced as separate Debian binary packages. (Closes: #1040970) + CVE-2023-4863 is handled in this release. (LP: #2035220) * debian/gbp.conf: Use ignore-branch=True to avoid limitation on experimental branch. * debian/control: + Drop unnecessary build-dependency on autotools-related packages. + Add build-dependency on pkg-config. + Migrate buildsystem to cmake. (Closes: #1040972, LP: #2013083) + Apply RPATH-related hotfix before debhelper compat level 14. + Add new binary packages: libsharpyuv-dev, libsharpyuv0, libwebpdecoder3. * debian/libwebp-dev.install: Do not install static library anymore since CMake is not building them by default. * debian/rules: + Enforce --buildsystem=cmake. + Drop explicit option --enable-aligned, this option has been removed by libwebp upstream (see upstream ChangeLog). * debian/docs: Rename to libwebp-dev.docs to avoid confusion. * debian/patches: Drop all old patches, merged upstream. * debian/patches/: + 0001-CMakeLists.txt-Install-CMake-Config-to-arch-dep-loca.patch: Add patch to install CMake Config files to architecture-dependent location instead to retain Multi-Arch property of dev packages. * debian/copyright: Completely rewritten in machine-readable copyright format. -- Boyuan Yang Thu, 14 Sep 2023 22:22:30 -0400 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libwebp/+bug/2037527/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
