xcftools (1.0.7-6.1) unstable; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2019-5086 and CVE-2019-5087: An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. (Closes: #945317) -- Markus Koschany Thu, 25 Feb 2021 08:32:07 +0100 xcftools (1.0.7-6) unstable; urgency=medium * Team upload (collab-maint) * d/p/fix-test-UTF8.patch: - fix test when UTF8 is set, with UTF8 "AE" is not equal to "Æ", and the testsuite is assuming LANG=C * Set link for forwarded/applied patches. * Fix insecure VCS fields * Bump std-version to 3.9.8 * Don't use autotools, autoreconf should be enough to ensure up-to-date Makefiles. -- Gianfranco Costamagna Wed, 18 May 2016 12:13:55 +0200 xcftools (1.0.7-5) unstable; urgency=medium * Team upload (collab-maint) * Fixes for libpng1.6: - low-bit-depth doesn't support fillers - libpng16.patch (Closes: #742569) - change B-D to libpng-dev (Closes: #662556) * Use --with autotools-dev to update config.(guess|sub) (Closes: #728005) * Add Homepage field to github. -- Tobias Frost Sat, 23 Jan 2016 16:30:05 +0100 xcftools (1.0.7-4) unstable; urgency=low * [c4ec39b3] Fix FTBFS when linking --as-needed. Thanks to Felix Geyer , Michael Bienia (Closes: #647504) * [a5c514f9] Switch to dh9, link --as-needed, build with hardening flags * [423bfff4] Bump Standards-Version to 3.9.3 -- Jan Hauke Rahm Thu, 23 Feb 2012 14:06:22 +0100 xcftools (1.0.7-3) unstable; urgency=low * [3b10c637] Use dh-autoreconf and leave all the rest to debhelper * [2049ef96] Remove patches after building * [7fcb49ba] Allow parallel building * [c40088b8] Apply patch to build with libpng-1.5. Thanks to Nobuhiro Iwamatsu * [c148d1ac] Bump Standards-Version to 3.9.2 -- Jan Hauke Rahm Tue, 20 Sep 2011 18:25:36 +0200 xcftools (1.0.7-2) unstable; urgency=low * Fix uninitialized variables error which made xcfview unusable. Thanks and kudos to Anthony DeRobertis (Closes: #572660) * Bumped Standards-Version: 3.8.4 * Switched to Source Format 3.0 (quilt) -- Jan Hauke Rahm Fri, 05 Mar 2010 23:30:32 +0100 xcftools (1.0.7-1) unstable; urgency=high * Adopted (Closes: #525920) + with urgency=high for the security issue + with new debian/copyright according to upstream's relicensing * New upstream release (1.0.7) + Fix GPL-to-PD transition: missed copyright blurb in online banner. * IMPORTANT CHANGE: xcfview is rewritten to use xdg-utils in order to find an image viewer instead of parsing /etc/mailcap on its own * New upstream release (1.0.6) + Change licensing from GPL-2 to PD. + Fix bug: A layer without an alpha channel bug with an active layer mask was wrongly considered to obscure all lower layers. + Fix bug: xcf2pnm would guess PBM as the output format even if the background was explicitly set to an intermediate gray, or if -T might produce grays. * New upstream release (1.0.5) + Fix various bugs if extracted part of image contains pixels with negative canvas-based coordinates. Thanks Jörgen Grahn (Closes: #533361, CVE-2009-2175) + Minor manpage fixes; -C description should be less confusing now. + $(DESTDIR) honored in Makefile's install target * Use quilt for patches * Bump standards-version: 3.8.2 * Added debian/watch * Switched to debhelper 7 * debian/control: Reorganized Recommends and Suggests -- Jan Hauke Rahm Tue, 14 Jul 2009 17:02:09 +0200 xcftools (1.0.4-2) unstable; urgency=low * QA upload. + Set maintainer to Debian QA Group . * Remove strip from Makefile.in. (Closes: #438290). * Update syntax in debian/copyright. * Make clean not ignore errors. * Bump debhelper build-dep version to >= 5.0.0. * Move DH_COMPAT from rules to debian/compat and set to 5. * Bump Standards Version to 3.8.1. -- Barry deFreese Tue, 28 Apr 2009 13:19:55 -0400 xcftools (1.0.4-1) unstable; urgency=low * New upstream version, adding workaround to read certain buggy XCF files produced by historic instances of the Gimp. -- Henning Makholm Sun, 14 May 2006 04:12:20 +0200 xcftools (1.0.3-1) unstable; urgency=low * New upstream version * Look for color name database in the locations werher x11-common 7.*.* provides it. -- Henning Makholm Mon, 17 Apr 2006 04:19:09 +0200 xcftools (1.0.2-1) unstable; urgency=low * New upstream version - Adds --autocrop option; closes: #353883 - Uses full-word syntactic metavariables in manpage and --helo output; closes: #353872 * Recommend x11-common for X11 color name database * Add README.Debian to explain package recommendations. -- Henning Makholm Wed, 22 Feb 2006 21:16:11 +0100 xcftools (1.0.1-1) unstable; urgency=low * New upstream version, fixing lack of fatality when color name database is needed but not found. This was caught by the self-test and made 1.0-1 FTBFS on a number of buildds. -- Henning Makholm Mon, 20 Feb 2006 04:16:16 +0100 xcftools (1.0-1) unstable; urgency=low * New upstream version. - xcfview wrapper script - add Danish (da) translation - more layer modes supported * Provide full GPL blurb in changelog file. * Pull config.{guess,sub} from autotools-dev at build time. * New SUPPRESS_AUTOFOO hook prevents buildds from ever trying to run autofoo stuff by themselves, timestamp skew be damned. -- Henning Makholm Mon, 20 Feb 2006 01:57:52 +0100 xcftools (0.7.1-1) unstable; urgency=low * Initial upload. Closes: #349424 -- Henning Makholm Sun, 29 Jan 2006 05:10:21 +0100