imlib2 (1.4.6-2+deb8u2) jessie-security; urgency=high * Fix divide-by-zero on 2x1 ellipse as per CVE-2011-5326 (Closes: #639414) * Fix integer overflow as per CVE-2014-9771 (Closes: #820206) * Fix off-by-one OOB read as per CVE-2016-3993 (Closes: #819818) * Fix out-of-bounds read in the GIF loader as per CVE-2016-3994 (Closes: #785369) * Fix integer overflow as per CVE-2016-4024 (Closes: #821732) -- Alessandro Ghedini Sat, 23 Apr 2016 17:21:25 +0100 imlib2 (1.4.6-2+deb8u1) jessie-security; urgency=high * Non-maintainer upload. * CVE-2014-9762: Fix segmentation fault on images without colormap. * CVE-2014-9763: Prevent division-by-zero crashes. * CVE-2014-9764: Fix segfault when opening specially crafted input with feh. -- Markus Koschany Tue, 29 Mar 2016 18:55:07 +0200 imlib2 (1.4.6-2) unstable; urgency=medium * Add 03_fix-imlib-config-libraries.patch to fix imlib2-config --libs output Thanks to Wookey for the patch (Closes: #734425) -- Alessandro Ghedini Tue, 07 Jan 2014 12:02:29 +0100 imlib2 (1.4.6-1) unstable; urgency=medium * New upstream release * Bump Standards-Version to 3.9.5 (no changes needed) * Refresh patches * Update symbols file -- Alessandro Ghedini Fri, 27 Dec 2013 12:35:13 +0100 imlib2 (1.4.5-4) unstable; urgency=low * Fix Vcs-Browser field * Add patch to fix loading gif with no color map (Closes: #697143) Thanks to Samuel Thibault -- Alessandro Ghedini Wed, 20 Nov 2013 16:24:00 +0100 imlib2 (1.4.5-3) unstable; urgency=low * New maintainer (Closes: #722197) * Remove builddir thingy * Cleanup (Build-)Depends * Bump debhelper compat level to 9 (Closes: #722781) * Use dh-autoreconf instead of calling autoreconf manually * Remove installchangelogs override * Bump Standards-Version to 3.9.4 (no changes needed) * Update short/long descriptions (Closes: #642046) * Add Vcs-* fields * Remove useless files * Update *.install files * Do not duplicate Section * Add watch file * Add *.symbols file * Do not override dh_auto_test * Add DEP3 headers to patch * Cleanup *.la cleaning code -- Alessandro Ghedini Sat, 14 Sep 2013 14:52:36 +0200 imlib2 (1.4.5-2) unstable; urgency=low * Orphaned. -- Laurence J. Lane Sun, 08 Sep 2013 18:47:22 -0400 imlib2 (1.4.5-1) unstable; urgency=low * New upstream release * Added harden build flags patch by Moritz Muehlenhoff. Thanks. Closes: #656512 * Build-depend on libpng-dev for libpng15-transition. Reported by Nobuhiro Iwamatsu. Thanks. Closes: #662377 * New release builds with libpng 1.5. FTBFS reported by Nobuhiro Iwamatsu. Thanks. Closes: #635947 -- Laurence J. Lane Fri, 27 Apr 2012 13:41:49 -0400 imlib2 (1.4.4-1.1) unstable; urgency=low * Non-maintainer upload. * Add build-arch and build-indep targets to BUILD_DIR_TARGETS (closes: #666318). Thanks to Lucas Nussbaum for the bug report. -- Jakub Wilk Sun, 22 Apr 2012 15:11:07 +0200 imlib2 (1.4.4-1) unstable; urgency=low * New upstream release * fixed FTBFS. 1.4.2-8ubuntu1 patch by Matthias Klose. Thanks. Closes: #554867 * 1.4.2-8ubuntu2 patch by Steve Langasek. Thanks. + removed dependency_libs from .la files. Closes: #619689 + use dh overrides for debian/rules -- Laurence J. Lane Sat, 02 Apr 2011 21:17:51 -0400 imlib2 (1.4.2-8) unstable; urgency=low * 1.4.2-7 was the wrong upload, sorry * changed all libjpeg build dependencies to libjpeg-dev -- Laurence J. Lane Sun, 14 Feb 2010 05:29:48 -0500 imlib2 (1.4.2-7) unstable; urgency=low * reverted to libjpeg62-dev. Closes: #569743 * removed tiff support until conflict with libjpeg62 is resolved * removed quilt build dependency -- Laurence J. Lane Sat, 13 Feb 2010 19:47:18 -0500 imlib2 (1.4.2-6) unstable; urgency=low * move to libjpeg8-dev because of conflicts * switch to dpkg-source 3.0 (quilt) format -- Laurence J. Lane Fri, 12 Feb 2010 19:25:30 -0500 imlib2 (1.4.2-5) unstable; urgency=low * renamed debian/patches to debian/patch to avoid 3.0-quilt-by-default bug reports. Closes: #538607 * bumped Standards Version to 3.8.2 -- Laurence J. Lane Tue, 28 Jul 2009 09:18:02 -0400 imlib2 (1.4.2-4) unstable; urgency=low * debian/rules again, force binary* dependency on install target -- Laurence J. Lane Tue, 13 Jan 2009 16:25:23 -0500 imlib2 (1.4.2-3) unstable; urgency=low * fixed debian/rules build and install stamps. Problem reported by Alessio Treglia. Thanks. See #511714 -- Laurence J. Lane Tue, 13 Jan 2009 15:09:40 -0500 imlib2 (1.4.2-2) unstable; urgency=low * added debian/builddir.mk support * added missing changelog entries for 1.4.0-1.1 and 1.4.0-1.2. Thanks for the NMUs nion and tv. * added missing security NMU patch from 1.4.0-1.2. -- Laurence J. Lane Mon, 12 Jan 2009 12:28:01 -0500 imlib2 (1.4.2-1) unstable; urgency=low * New upstream version * moved from cdbs to debhelper's dh * added quilt style patch management -- Laurence J. Lane Fri, 02 Jan 2009 21:03:17 -0500 imlib2 (1.4.0-1.2) unstable; urgency=high * Non-maintainer upload. * Fix crash in XPM loader. Bug and test case by Julien Danjou, patch by Peter De Wachter, thanks! Closes: #505714 aka CVE-2008-5187 * Change libungif4-dev to libgif-dev in (Build-)Depends. * Fix doc-base section to drop Apps/. -- Thomas Viehmann Sat, 22 Nov 2008 10:45:27 +0100 imlib2 (1.4.0-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix stack-based buffer overflow in pnm and xpm image loader modules leading to arbitrary code execution (CVE-2008-2426; Closes: #483816). -- Nico Golde Sat, 31 May 2008 14:14:50 +0200 imlib2 (1.4.0-1) unstable; urgency=low * New upstream version * Removed extraneous libs from 'imlib2-config --libs' output. Reported and fixed by Eric Dorland. Thanks. closes: #452449 -- Laurence J. Lane Sat, 24 Nov 2007 13:34:50 -0500 imlib2 (1.3.0.0debian1-4) unstable; urgency=high * debian/rules: disable amd64 optimzations. closes: #397012 -- Laurence J. Lane Wed, 8 Nov 2006 23:19:16 -0500 imlib2 (1.3.0.0debian1-3) unstable; urgency=high * fixes non-loading of TIFF on amd64. Reported and fixed by M Joonas Pihlaja. Thanks. Merged upstream. closes: #381177 * fixes alpha handling inconsistency with TIFF. Reported and fixed by M Joonas Pihlaja. Thanks. Merged upstream. closes: #381213 * fixes segfault when saving TIFF with alpha. Reported and fixed by M Joonas Pihlaja. Thanks. Merged upstream. closes: #381216 (again) * fixes multiple buffer overflow vulnerabilites in width and height checks in src/modules/loaders/*.c. CVE-2006-480[6-9]. Fixed in upstream CVS. Reported by Stefan Fritsch. Thanks. closes: #397371 * build-depend on debhelper 5 -- Laurence J. Lane Mon, 6 Nov 2006 20:42:17 -0500 imlib2 (1.3.0.0debian1-2) unstable; urgency=low * imlib2.pc.in, removed Requires line, deja vu, Bug#286636 * take two on removing the duplicate Architecture line -- Laurence J. Lane Wed, 25 Oct 2006 21:01:57 -0400 imlib2 (1.3.0.0debian1-1) unstable; urgency=low * New upstream release * bumped Standards version to 3.7.2, no changes * removed unusused data/ dir from upstream tarball. Fixes non-free font issue reported by Sam Hocevar. Thanks. closes: #393743 * debian/control: removed duplicate "Architecture: any" line reported by Stefan Huehner. Thanks. closes: #356902 * upstream fix for tiff with alpha segfault, reported by M Joonas Pihlaja. Thanks. closes: #381216 -- Laurence J. Lane Mon, 23 Oct 2006 23:42:43 -0400 imlib2 (1.2.1-2) unstable; urgency=low * src/lib/rend.c: upstream CVS patch fixes crash in digikam. Reported by EikeSauer@t-online.de. Thanks. Closes: #318013 -- Laurence J. Lane Wed, 24 Aug 2005 19:24:35 -0400 imlib2 (1.2.1-1) unstable; urgency=low * New upstream release -- Laurence J. Lane Sat, 20 Aug 2005 00:49:55 -0400 imlib2 (1.2.0-2.2) unstable; urgency=high * Non-maintainer upload. * High-urgency upload for sarge-targetted RC bugfix. * Drop the Requires: line from imlib2.pc.in, since there's nothing in the current code that will populate it with a proper pkg-config dependency list. Closes: #286636. -- Steve Langasek Fri, 25 Mar 2005 01:37:23 -0800 imlib2 (1.2.0-2.1) unstable; urgency=low * Non-maintainer upload. * Rip out upstream's buggy homebrew X detection code, which silently disables X support (and breaks the library ABI) if it doesn't find X headers in the right place; now fails out properly unless passing --without-x to configure. Closes: #295350. -- Steve Langasek Sun, 27 Feb 2005 13:41:05 -0800 imlib2 (1.2.0-2) unstable; urgency=high * provoke buildds -- Laurence J. Lane Mon, 21 Feb 2005 14:48:17 -0500 imlib2 (1.2.0-1.1) unstable; urgency=high * Non-maintainer upload. * High-urgency upload for sarge-targetted RC bugfix * Fix regression in the linkage of the loader modules which resulted in undefined symbols, making libimlib2 unusable when being dlopen()ed by an application; thanks to Don Armstrong for the patch. Closes: #293815. -- Steve Langasek Sat, 12 Feb 2005 15:19:12 -0800 imlib2 (1.2.0-1) unstable; urgency=low * New upstream version -- Laurence J. Lane Sat, 29 Jan 2005 11:39:44 -0500 imlib2 (1.1.2-3) unstable; urgency=medium * added tiff loader patch from Renchi Raju for Bug#285582, reported by Nick Phillips. Thanks. -- Laurence J. Lane Fri, 7 Jan 2005 22:14:24 -0500 imlib2 (1.1.2-2.1) unstable; urgency=HIGH * NMU with the following changes taken from the Ubuntu patch by Martin Pitt Closes: #284925 * SECURITY UPDATE: fix several buffer overflows * loaders/loader_bmp.c: check for negative image width/height * loaders/loader_xpm.c: - check for negative image attributes - check the length of the "col" buffer to avoid overflowing it - patch taken from upstream CVS * References: CAN-2004-1025 CAN-2004-1026 -- Joey Hess Thu, 6 Jan 2005 16:29:53 -0500 imlib2 (1.1.2-2) unstable; urgency=low * added libltdl3-dev Build-Depend for libimlib2-dev. See Bug#287188, reported by Kurt Roeckx. Thanks. * replaced libimlib2-dev's libpng3-dev Build-Depend with libpng12-dev for libimlib2-dev. See Bug#282743, reported by Tuomas Jormola. Thanks. -- Laurence J. Lane Sun, 26 Dec 2004 22:08:23 -0500 imlib2 (1.1.2-1) unstable; urgency=low * New upstream release * debian/control: added libltdl3-dev and libbz2-dev to Build-Depends * debian/*.install: adjust paths from loaders/ to imlib2_loaders/ -- Laurence J. Lane Sun, 28 Nov 2004 14:47:27 -0500 imlib2 (1.1.0-12.4) unstable; urgency=high * Non-Maintainer Upload. * Fix remote BMP heap overflow, patch from Martin Pitt. (Closes: #271375) -- Steinar H. Gunderson Sun, 19 Sep 2004 00:39:15 +0200 imlib2 (1.1.0-12.3) unstable; urgency=medium * NMU * Fix FTBFS introduced by stripping build-depends in last uploads. Use AC_PATH_X([X11],[X11/Xlib.h],[XrmInitialize()] instead of plain AC_PATH_X because libX11 is used by the package, while the default for AC_PATH_X (libXt) is not. (Closes: #263827) (Thanks to J.H.M. Dassen.) -- Andreas Metzler Sat, 7 Aug 2004 09:18:44 +0200 imlib2 (1.1.0-12.2) unstable; urgency=low * NMU to incorporate Samuel Hocevar's changes. * src/rgbadraw.c: patch from Andreas Jochens to fix FTBFS with GCC 3.4 (closes: #258971). * doc/index.html: fixed the prototype of imlib_polygon_new() (closes: #174622). * debian/control: + Standards-version is 3.6.1.1. + (Build-)depend on libx11-dev, libxext-dev instead of xlibs-dev. + Uncapitalize short description. -- Josselin Mouette Wed, 4 Aug 2004 15:45:05 +0200 imlib2 (1.1.0-12.1) unstable; urgency=medium * NMU * Rebuild against libtiff4 (closes: #262158). * configure.ac: use AM_MAINTAINER_MODE to avoid build failure. * run libtoolize -c -f; aclocal-1.7; automake-1.7 -acf; autoheader; autoconf; rm -rf autom4te.cache. * debian/rules: clean test, demo and libltdl subdirectories. -- Josselin Mouette Wed, 4 Aug 2004 13:39:07 +0200 imlib2 (1.1.0-12) unstable; urgency=low * shooting rubberbands at the arm buildd -- Laurence J. Lane Wed, 17 Mar 2004 19:05:27 -0500 imlib2 (1.1.0-11) unstable; urgency=low * removed @x_includes@ from imlib2.pc.in. Corrects a problem with pkgconfig output, reported by Rob Weir. Thanks. * disavow existence of -9 and -10 uploads -- Laurence J. Lane Sun, 8 Feb 2004 10:58:20 -0500 imlib2 (1.1.0-8) unstable; urgency=low * Closes: #218433, libimlib2-dev: cannot create dhelp file, reported by Jan Niehusmann. Thanks. * removed Depends: libedb1-dev -- Laurence J. Lane Fri, 31 Oct 2003 08:44:23 -0500 imlib2 (1.1.0-7) unstable; urgency=low * Closes: #218246, libimlib2-dev: Should replaces libimlib2, reported by Christian Marillat. Thanks. -- Laurence J. Lane Wed, 29 Oct 2003 21:20:03 -0500 imlib2 (1.1.0-6) unstable; urgency=low * converted to CDBS * src/Makefile*: added -lm to LDFLAGS * moved imlib2.pc to the -dev package * removed debian/compat and debian/docs * updated to Standards-Version: 3.6.1.0 * removed Build-Depends: libedb1-dev -- Laurence J. Lane Tue, 28 Oct 2003 18:08:29 -0500 imlib2 (1.1.0-5) unstable; urgency=low * another freetype2-dev to libfreetype6-dev change -- Laurence J. Lane Sat, 20 Sep 2003 09:26:43 -0400 imlib2 (1.1.0-4) unstable; urgency=low * update configure scripts -- Laurence J. Lane Thu, 11 Sep 2003 19:09:45 -0400 imlib2 (1.1.0-3) unstable; urgency=low * change freetype build dependency to libfreetype6-dev -- Laurence J. Lane Wed, 10 Sep 2003 10:35:06 -0400 imlib2 (1.1.0-2) unstable; urgency=low * change -dev to section libdevel -- Laurence J. Lane Wed, 10 Sep 2003 05:58:27 -0400 imlib2 (1.1.0-1) unstable; urgency=low * New upstream release * update libimlib2-dev description * change libpng3-dev dependency to libpng12-dev * return to non-native packaging -- Laurence J. Lane Tue, 9 Sep 2003 22:22:43 -0400 imlib2 (1.0.6-3) unstable; urgency=low * added CVS dynamic_filters.c patch, fixes MotionNotify segfault in feh -- Laurence J. Lane Sun, 23 Feb 2003 17:22:10 -0500 imlib2 (1.0.6-2) unstable; urgency=low * update to libpng3 -- Laurence J. Lane Wed, 15 Jan 2003 01:00:51 -0500 imlib2 (1.0.6-1) unstable; urgency=low * New upstream release * updated to debhelper 4 and Standards Version 3.5.8.0 * removed alternate giflib dependencies -- Laurence J. Lane Mon, 6 Jan 2003 09:11:32 +0000 imlib2 (1.0.5-2) unstable; urgency=low * config.{guess,sub} update, closes: #130381 -- Laurence J. Lane Tue, 22 Jan 2002 12:18:14 -0500 imlib2 (1.0.5-1) unstable; urgency=low * New upstream release * missing loaders problem corrected, closes: #129877 -- Laurence J. Lane Sun, 20 Jan 2002 17:48:45 -0500 imlib2 (1.0.5-0pre2002011602) unstable; urgency=low * automake -a -c, closes: #129799 -- Laurence J. Lane Fri, 18 Jan 2002 09:55:48 -0500 imlib2 (1.0.5-0pre2002011601) unstable; urgency=high * static buffer clean-up, closes: #129603 (BUGTRAQ 2002-01-13 "Eterm SGID utmp Buffer Overflow") -- Laurence J. Lane Wed, 16 Jan 2002 23:29:20 -0500 imlib2 (1.0.4-1) unstable; urgency=low * New upstream release * debian/rules: minor rewrite * debian/control: updated Standards-Version to 3.5.6.0 * debian/changelog; removed emacs mode settings -- Laurence J. Lane Thu, 8 Nov 2001 18:37:37 -0500 imlib2 (1.0.3-2) unstable; urgency=low * replaced config.sub, Closes: #96664 * added conditional CFLAGS for DEB_BUILD_OPTIONS -- Laurence J. Lane Mon, 7 May 2001 13:35:01 -0400 imlib2 (1.0.3-1) unstable; urgency=low * New upstream release * changed *gif-dev order, Closes: #90724 * changed freetype2-dev to libttf-dev, Closes: #94944 * upgraded standards version to 3.5.4.0 * removed dh_testversion from debian/rules * added local lintian override for plug-ins -- Laurence J. Lane Wed, 2 May 2001 09:55:55 -0400 imlib2 (1.0.2-1) unstable; urgency=low * New upstream release -- Laurence J. Lane Sat, 3 Mar 2001 22:22:28 -0500 imlib2 (1.0.1-1) unstable; urgency=low * New upstream release -- Laurence J. Lane Sat, 27 Jan 2001 13:08:15 -0500 imlib2 (1.0.0-2) unstable; urgency=low * loaders and filters (.so files) go in the main package, not -dev -- Laurence J. Lane Thu, 9 Nov 2000 14:31:33 -0500 imlib2 (1.0.0-1) unstable; urgency=low * Initial release -- Laurence J. Lane Sat, 28 Oct 2000 17:59:14 -0400