exactimage (0.8.9-7+deb8u2) jessie; urgency=high * debian/patches: - Add Fix-CVE-2015-8366-Index-overflow-in-smal_decode_segment.patch, Fix CVE-2015-8366: Index overflow in smal_decode_segment -- Sven Eckelmann Tue, 23 Feb 2016 14:02:53 +0100 exactimage (0.8.9-7+deb8u1) jessie; urgency=high * Fix CVE-2015-3885: Integer overflow in the ljpeg_start function in dcraw * debian/patches: - Add CVE-2015-3885.patch, Avoid overflow in ljpeg_start() (Closes: #786785) - Add draw_jpeg_fix.patch, Fix execution order of ljpeg_start() and result check -- Sven Eckelmann Mon, 25 May 2015 17:45:27 +0200 exactimage (0.8.9-7) unstable; urgency=medium * debian/rules: - Use Largefile Support enabled C API * debian/patches: - Update libjpeg8_compat.patch, use transupp compatible with libjpeg8 and libjpeg62 API -- Sven Eckelmann Sat, 30 Aug 2014 15:46:57 +0200 exactimage (0.8.9-6) unstable; urgency=medium * debian/rules: - Activate LTO for reduce binary size - Add support for multiarch triplet in libexactimage-perl.install * Build-Depend on perl to evaluate $Config{vendorarch} * debian/patches: - Add perl_vendor_dir.patch, Install module to perl vendor path (Closes: #752344) -- Sven Eckelmann Sun, 22 Jun 2014 22:44:44 +0200 exactimage (0.8.9-5) unstable; urgency=medium * debian/control: - Remove Build-Depends to liblcms1-dev because it will be removed and is not used anymore in dcraw since 0.8.9 (Closes: #745522) -- Sven Eckelmann Tue, 22 Apr 2014 20:34:15 +0200 exactimage (0.8.9-4) unstable; urgency=medium * Update copyright years in debian/copyright * debian/patches: - Add ftbfs_evas_object.patch, Disable unused Evas Helper function to avoid FTBFS (Closes: #741782) -- Sven Eckelmann Sun, 16 Mar 2014 15:10:04 +0100 exactimage (0.8.9-3) unstable; urgency=low * Upgraded to policy 3.9.5, no changes required * debian/patches: - Add libgif.patch, Link against libgif instead of deprecated libungif (Closes: #732327) -- Sven Eckelmann Mon, 16 Dec 2013 19:55:34 +0100 exactimage (0.8.9-2) unstable; urgency=high * Fix CVE-2013-1441: exactimage: DoS, econvert crashes * debian/gbp.conf - Force pristine-tar to guarantee correct orig tarball with git-buildpackage * debian/patches: - Add CVE-2013-1441.patch, exactimage: DoS, econvert crashes -- Sven Eckelmann Wed, 04 Sep 2013 21:05:50 +0200 exactimage (0.8.9-1) unstable; urgency=high * New Upstream Version * Fix CVE-2013-1438: multiple denial of service vulnerabilities (Closes: #721236) * debian/rules: - Enable section garbage collection to reduce size caused by partial linked static library - Provide override_dh_auto_clean/test to avoid problems with stricter debhelper clean/test behavior since 9.20130720 * debian/patches: - Add gcc_48_dcraw_infinite_loop.patch, Avoid infinite loops generated by GCC 4.8 caused by undefined behaviour - Remove upstream merged tga_memcpy_signature.patch and spelling_error.patch - Add CVE-2013-1438, Fix CVE-2013-1438 -- Sven Eckelmann Thu, 29 Aug 2013 16:17:32 +0200 exactimage (0.8.8-3) unstable; urgency=low * Disable LTO again because it triggers binutils bug PR/15323 (or similar) on armel, armhf, ia64, mips, mipsel, powerpc, ... -- Sven Eckelmann Sun, 02 Jun 2013 10:55:06 +0200 exactimage (0.8.8-2) unstable; urgency=low * debian/patches: - Add verbose_build.patch, Enforce simple verbose build for blhc - Add decode_before_read_stride.patch, Decode image before accessing the stride attribute for rotation (Closes: #523948) - Add tga_memcpy_signature.patch, Don't write outside tga signature array - Add spelling_error.patch, Fix "characters" spelling error * debian/rules: - Activate LTO for reduce binary size * debian/control - Remove Daniel Stender as maintainer (Closes: #708417) - Switch from libtiff-dev provided by oldlib libtiff4-dev to libtiff5-dev -- Sven Eckelmann Sat, 01 Jun 2013 22:59:02 +0200 exactimage (0.8.8-1) unstable; urgency=low [ Sven Eckelmann ] * New Upstream Version * debian/control: - Reformat for better usability with version control systems - Add Vcs-* fields to debian/control - Upgraded to policy 3.9.4, no changes required * Update debian/copyright to copyright-format 1.0 * Update compat level to 9 * debian/rules: - Enable security flags in debian/rules - Convert to dh - Fix installation path for python modules - Provide optional target get-orig-source * debian/patches: - Use common suffix .patch - Rebase on top of 0.8.8 - Remove upstream merged edentify_tga_mismatch.patch, gcc47.patch, missing_include_vector.patch, optimize2bw_denoise.patch * Convert from python-support to python2 * Update years in debian/copyright [ Boris Pek ] * debian/copyright: - Corrected license text for codecs/dcraw.h - Use more specific BSD-3-clause license short name instead of BSD - Replace old dep-5 style "|" with "or" [ Bart Martens ] * Rewrite debian/watch -- Sven Eckelmann Sun, 05 May 2013 13:12:03 +0200 exactimage (0.8.5-5+deb7u3) stable-security; urgency=high * Add debian/patches/CVE-2013-1441.patch, Fix CVE-2013-1441: exactimage: DoS, econvert crashes -- Sven Eckelmann Wed, 04 Sep 2013 21:27:57 +0200 exactimage (0.8.5-5+deb7u2) stable-security; urgency=high * Add debian/patches/CVE-2013-1438.patch, Fix CVE-2013-1438: multiple denial of service vulnerabilities (Closes: #721236) -- Sven Eckelmann Thu, 29 Aug 2013 17:16:53 +0200 exactimage (0.8.5-5) unstable; urgency=low * debian/control: - Add Daniel Stender and Sven Eckelmann as new maintainer (Closes: #587062) - Depend on libpng-dev instead of libpng12-dev (Closes: #662317) - Depend on libjpeg8-dev to avoid hiccups with other libjpeg versions * debian/patches: - Add edentify_tga_mismatch.patch, Fix misidentification of PNM as TGA (Closes: #575324) - missing_include_vector.patch, Add missing includes for std::vector - Add libjpeg8_compat.patch, Build jpeg functionality for libjpeg8 to avoid crashes and other hiccups (Closes: #679775) - Add optimize2bw_denoise.patch, Fix optimize2bw denoise crash on 64-bit systems (Closes: #679772) -- Sven Eckelmann Sun, 01 Jul 2012 15:55:10 +0200 exactimage (0.8.5-4) unstable; urgency=low * QA upload. * Fix build failure with GCC 4.7 (Sven Eckelmann). Closes: #667159. -- Matthias Klose Wed, 30 May 2012 04:23:46 +0000 exactimage (0.8.5-3) unstable; urgency=low * QA upload. * Patch libpng15: Fix FTBFS with libpng 1.5 (closes: #635745). Thanks to Nobuhiro Iwamatsu for the patch! -- Ralf Treinen Fri, 05 Aug 2011 12:04:05 +0200 exactimage (0.8.5-2) unstable; urgency=low * QA upload (see #587062). + Set Maintainer to Debian QA Group. * Add build-arch and build-indep targets. * Remove Vcs-* fields. -- Jakub Wilk Fri, 17 Jun 2011 00:08:28 +0200 exactimage (0.8.5-1) unstable; urgency=low * New upstream release. + Refresh patches. * Fix a formatting error in the bardecode manual page. * Bump standards version to 3.9.1: + Replace Conflicts with Breaks. * Drop debian/pyversions. * Export LDFLAGS. * Use dpkg-buildflags. Build depend on dpkg-dev (>= 1.15.7). * Drop transitional dummy package exactimage-perl. * Respect the ‘parallel’ build option. * Use OpenMP: append ‘-fopenmp’ to CFLAGS. + Build edisplay (closes: #520975): - Build depend on libevas-dev and libxrender-dev. - Automatically generate dependencies on libevas*-engines-x. - Restore references to edisplay in package description and in manual pages. - Install MIME information. * Loosen dependencies of the exactimage-dbg package. Use Breaks to ensure that versions of packages matches. * Bump standards to version to 3.9.2 (no changes needed). -- Jakub Wilk Sat, 30 Apr 2011 14:30:54 +0200 exactimage (0.8.1-3+deb6u3) oldstable-security; urgency=high * Add debian/patches/CVE-2013-1441.patch, Fix CVE-2013-1441: exactimage: DoS, econvert crashes -- Sven Eckelmann Wed, 04 Sep 2013 21:27:57 +0200 exactimage (0.8.1-3+deb6u2) oldstable-security; urgency=high * Add debian/patches/CVE-2013-1438.patch, Fix CVE-2013-1438: multiple denial of service vulnerabilities (Closes: #721236) -- Sven Eckelmann Thu, 29 Aug 2013 17:16:53 +0200 exactimage (0.8.1-3) unstable; urgency=low * Don't use upstream Makefile to install Python modules (really closes: #582431). * Disable dead code that is causing compilation errors (closes: #583281). -- Jakub Wilk Sun, 30 May 2010 11:36:08 +0200 exactimage (0.8.1-1) unstable; urgency=low * New upstream release: + Drop configure-perl-detection.diff, different fix applied upstream. + Drop utility-timer-dead-code.diff, different fix applied upstream. * Fix FTBFS with nostrip build option. * Remove bogus Python modules directory created by upstream Makefile (closes: #582431). Thanks to Stefano Rivera for the bug report. * Use DESTDIR, not prefix, for make install. * Update years in debian/copyright. -- Jakub Wilk Fri, 21 May 2010 01:28:14 +0200 exactimage (0.8.0-4) unstable; urgency=low * Patch the configure script to make detection of Perl more robust (closes: #578549). Thanks to Niko Tyni for the bug report. [configure-perl-detection.diff] -- Jakub Wilk Thu, 22 Apr 2010 20:53:59 +0200 exactimage (0.8.0-2) unstable; urgency=low * Add ‘X_SYSTEM=Linux’ to yet another make invocation to fix build failures on non-Linux systems. * Rewrite manual pages in DocBook XML from scratch. + Build-depend on docbook-xsl, docbook-xml, xsltproc, libxml2-utils. * Add proper Replaces/Conflicts to the libexactimage-perl, which were accidentally ommited in the previous release. -- Jakub Wilk Sun, 11 Apr 2010 20:09:24 +0200 exactimage (0.8.0-1) unstable; urgency=low * New upstream release: + --help no longer trigger errors (closes: #574880, #574885, #574890). + SVG with invalid path no longer leads to crashes (closes: #574124). + Drop edisplay-dpy.diff, applied upstream. + Drop utility-timer-syntax-error.diff, applied upstream. + Refresh other patches. * Improve package descriptions (both in debian/control and in manual pages). * Shorten “SEE ALSO” sections of manual pages. * Disable dead code in utility/Timer.cc, as it is causing build failures on some architectures. [utility-timer-dead-code.diff] * Explicitly disable building with evas. * Build extensions for all supported Python versions. + Build-depend on python-all-dev. + Update debian/rules accordingly. * Add ‘Q=’ to each make invocation to make build process more verbose. * Embedded copy of AGG is no longer shipped; remove references from debian/copyright. * Install Perl modules into the correct directory (closes: #575749). Thanks to Bruce Stephens for the bug report. * In order to comply with Perl Policy 4.2, rename exactimage-perl to libexactimage-perl (closes: #575935). Thanks to Ansgar Burchardt for the bug report. -- Jakub Wilk Fri, 09 Apr 2010 21:11:38 +0200 exactimage (0.7.5-3) unstable; urgency=low * Fix FTBFS with Python 2.6 as the default version (closes: #571209). -- Jakub Wilk Sun, 28 Feb 2010 15:07:57 +0100 exactimage (0.7.5-1) unstable; urgency=low * New upstream release. * New maintainer (closes: #543838). * Switch to source format 3.0 (quilt). * Various improvements in package building: + Add ‘X_SYSTEM=Linux’ to each make invocation to enable compilation on non-Linux systems. + Fix building Python modules (closes: #568671): - Add XS-Python-Version header. - Build depend on python-dev (>= 2.5.4) rather than python-all-dev (for now, only modules for the current Python version are built). - As upstream Makefile always put the modules in 2.5 directory, move them into the right one in debian/rules. - Move *.so with detached symbols to a directory where gdb will expect it. - Update debian/*.install to catch both site-packages and dist-packages. - Drop debian/pycompat. + Fix syntax and name errors. [utility-timer-syntax-error.diff, edisplay-dpy.diff] + Link with system copy of AGG (closes: #570089): - Update debian/rules. - Add missing includes. [agg-missing-includes.diff] - Use PIC version of static AGG library. [agg-pic.diff] + Don't let the configure script be called more that once. + Produce debugging information for the core library. + Respect the ‘noopt’ build option. [makefile-cflags.diff] + Use LDFLAGS=-Wl,--as-needed to avoid superfluous runtime dependencies. * Fix exactimage-dbg package description. * Remove duplicate section field for the binary package. * Add ‘Depends: ${misc:Depends}’ to binary packages. * Add watchfile. * Fix typos: in the manual pages and in frontends/econvert.cc. [econvert-typo.diff] * Bump standards version to 3.8.4 (no changes needed). * Add Vcs-* fields. * Remove all references to edisplay, as Debian package cannot ship it for now (see bug #520975). * Update debian/copyright; convert it to the DEP-5 format. -- Jakub Wilk Tue, 16 Feb 2010 18:34:31 +0100 exactimage (0.7.4-3) unstable; urgency=low * QA upload. * Remove alternatives to the phpapi-* dependency (Closes: #566296) -- Raphael Geissert Fri, 29 Jan 2010 19:26:25 -0600 exactimage (0.7.4-2) unstable; urgency=low * Updating package to standards version 3.8.3. * Removing vcs fields. * Orphaning package. -- Daniel Baumann Thu, 27 Aug 2009 07:15:20 +0200 exactimage (0.7.4-1) unstable; urgency=low * Using correct rfc-2822 date formats in changelog. * Merging upstream version 0.7.4. * Updating standards version to 3.8.2. -- Daniel Baumann Mon, 06 Jul 2009 14:36:40 +0200 exactimage (0.7.3-1) unstable; urgency=low * Merging upstream version 0.7.3. -- Daniel Baumann Sun, 03 May 2009 12:25:00 +0200 exactimage (0.7.2-1) unstable; urgency=low * Updating section of debug packages. * Merging upstream version 0.7.2. * Tidy rules file. -- Daniel Baumann Sun, 26 Apr 2009 11:08:00 +0200 exactimage (0.7.1-1) unstable; urgency=low * Merging upstream version 0.7.1. * Updating to standards version 3.8.1. * Adding alternatives to phpapi depends. * Correcting permissions of ExactImage.py. -- Daniel Baumann Sun, 22 Mar 2009 14:23:00 +0100 exactimage (0.7.0-1) unstable; urgency=low * Merging upstream version 0.7.0. -- Daniel Baumann Sun, 22 Mar 2009 13:50:00 +0100 exactimage (0.6.9-1) unstable; urgency=low * Initial release (Closes: #502183). -- Daniel Baumann Sat, 07 Feb 2009 14:45:00 +0100