mupdf (1.14.0+ds1-4+deb10u3) buster; urgency=high
* Non-maintainer upload.
* Avoid a use-after-free in fz_drop_band_writer (CVE-2020-16600)
(Closes: #989526)
* Fix double free of object during linearization (CVE-2021-3407)
(Closes: #983684)
-- Bastian Germann <bastiangermann@fishpost.de> Fri, 19 Feb 2021 08:55:54 +0100
mupdf (1.14.0+ds1-4+deb10u2) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
* Detect/avoid overflow when calculating sizes of pixmaps (CVE-2020-26519)
(Closes: #971595)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 07 Nov 2020 10:20:45 +0100
mupdf (1.14.0+ds1-4+deb10u1) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
* Heap-based buffer overflow in fz_append_display_node (CVE-2019-13290)
(Closes: #931475)
-- Salvatore Bonaccorso <carnil@debian.org> Fri, 28 Aug 2020 20:42:12 +0200
mupdf (1.14.0+ds1-4) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* Avoid being smart about keeping only a single reference to the buffer
(CVE-2018-16647)
(Closes: #924351)
* Fix text used as clip mask in pdfwrite device (CVE-2018-16648)
(Closes: #924351)
* Fix typo in pdf write device
[ Kan-Ru Chen ]
* Add more options to mupdf wrapper and display usage correctly
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sat, 16 Mar 2019 09:42:00 +0900
mupdf (1.14.0+ds1-3) unstable; urgency=high
* d/patches: import upstream fixes for various bugs.
Fixes CVE-2018-18662, CVE-2019-6131, CVE-2019-6130
(Closes: #912013, #918970, #918971)
* d/control: Bump Standards-Version to 4.3.0, no changes required
* Fix FTCBFS
+ Supply a cross LD for wrapping fonts.
+ Supply PKG_CONFIG to all make targets.
Thanks to Helmut Grohne for the patch (Closes: #913515)
* Regenerate cmaps from source.
Thanks to Helmut Grohne for the suggestion
* d/patches/0007-typographical-and-formatting-fixes-to-the-manual.patch:
typographical and formatting fixes to the manual.
Thanks to Bjarni Ingi Gislason for the patch
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sat, 19 Jan 2019 12:01:19 +0900
mupdf (1.14.0+ds1-2) unstable; urgency=medium
* Fix FTBFS on mips64el
Disabled objcopy to avoid linking error.
* Bump Standards-Version to 4.2.1
Supports noopt and terse in DEB_BUILD_OPTIONS.
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sun, 04 Nov 2018 09:13:26 +0900
mupdf (1.14.0+ds1-1) unstable; urgency=medium
* New upstream version 1.14.0+ds1
- Fixes CVE-2018-1000036 (Closes: #900129, upstream bug 699695)
* d/patches: fresh patches
* d/rules: adjust to work with updated upstream Makefile
* d/rules: Set CC_FOR_BUILD (Closes: #903319)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sun, 28 Oct 2018 14:48:12 +0900
mupdf (1.13.0+ds1-3) unstable; urgency=medium
* debian/patches: import upstream patch for CVE-2018-10289 (Closes: 896545)
* More FTCBFS patches.
Thanks to Helmut Grohne for the patches. (Closes: 903319)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Mon, 03 Sep 2018 09:10:50 +0900
mupdf (1.13.0+ds1-2) unstable; urgency=medium
* Use dh_auto_build/dh_auto_install --parallel.
Thanks to Helmut Grohne for the patch (Closes: #902968)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sun, 08 Jul 2018 15:17:02 +0900
mupdf (1.13.0+ds1-1) unstable; urgency=medium
* New upstream version 1.13.0+ds1
- Fixes CVE-2018-5686 (Closes: #887130)
- Fixes CVE-2018-6187 (Closes: #888464)
- Fixes CVE-2018-6192 (Closes: #888487)
* debian/control: Migrate vcs to salsa.debian.org
* debian/patches: Refresh patches
* debian/rules: Build with Debian CFLAGS and enable PIC libmupdf.a
(Closes: #841403)
* debian/rules: use Debian flavor build options (Closes: #877067)
* debian/mupdf.sh: Do not read from a file descriptor
(Closes: #893115, #893862)
* debian/mupdf.desktop: Fixes and add ePub and XPS to supported mimetype.
Thanks to Pino Toscano, Hartmut Buhrmester (Closes: #877082)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Mon, 30 Apr 2018 11:17:25 +0900
mupdf (1.12.0+ds1-1) unstable; urgency=high
* New upstream version 1.12.0+ds1
- Fixes CVE-2017-17866 (Closes: #885120)
- Closes: #877062
* Exclude thirdparty/{freeglut,lcms2} from upstream source
* Refresh patches
* Add freeglut3-dev build-dep
* d/mupdf.docs: Include droid fonts NOTICE file
* d/patches: Fix CVE-2018-6544 / CVE-2018-1000051 (Closes: #891245)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Wed, 14 Mar 2018 21:26:44 +0900
mupdf (1.11+ds1-2) unstable; urgency=high
* Acknowledge NMU. Thanks, Salvatore.
* Renumber patches
* Fixes CVE-2017-15587 (Closes: 879055)
* Sort files in static library to make the build reproducible.
* Bump Standards-Version to 4.1.1. No changes needed.
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Thu, 26 Oct 2017 22:28:43 +0800
mupdf (1.11+ds1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Don't use xps font if it could not be loaded (CVE-2017-14685)
(Closes: #877379)
* Check name, comment and meta size field signs (CVE-2017-14686)
(Closes: #877379)
* Handle non-tags in tag name comparisons (CVE-2017-14687) (Closes: #877379)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 08 Oct 2017 10:37:23 +0200
mupdf (1.11+ds1-1) unstable; urgency=medium
* New upstream version 1.11+ds1
(Closes: #702479, #868821, #868822, #868052)
* Refresh patches
* debian/copyright: thirdparty/jpeg renamed to thirdparty/libjpeg
* Bump Standards-Version to 4.1.0. No changes needed.
* debian/copyright: Update copyright information for font resources
* debian/mupdf.sh: handle double-dash shell opts (Closes: #851942)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sun, 24 Sep 2017 14:56:00 +0800
mupdf (1.9a+ds1-4) unstable; urgency=high
* Fix patch for CVE-2017-5991: The original patch was incomplete.
(Closes: #855383)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sat, 18 Feb 2017 00:43:12 +0800
mupdf (1.9a+ds1-3) unstable; urgency=high
* CVE-2017-5896: use-after-free in fz_subsample_pixmap() (Closes: #854734)
* CVE-2017-5991: NULL pointer dereference in pdf_run_xobject()
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Thu, 16 Feb 2017 23:43:55 +0800
mupdf (1.9a+ds1-2) unstable; urgency=medium
* Acknowledge NMU.
* CVE-2016-8674: heap-use-after-free in pdf_to_num (pdf-object.c)
(Closes: #840957)
* Set debhelper compact to 9
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Tue, 15 Nov 2016 00:07:55 +0800
mupdf (1.9a+ds1-1.2) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2016-6525: heap overflow in pdf_load_mesh_params() (Closes: #833417)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 06 Aug 2016 13:44:07 +0200
mupdf (1.9a+ds1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2016-6265: Use after free vulnerability in pdf_xref.c
(Closes: #832031)
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 01 Aug 2016 14:17:20 +0200
mupdf (1.9a+ds1-1) unstable; urgency=medium
* New upstream release (Closes: #819101)
* Add glfw and harfbuzz third party libraries to Files-Excluded
* Building now requires libharfbuzz-dev
* Drop patches included in upstream release
* Disable mupdf to read from console. (Closes: #830143)
* The mudraw command is merged to mutool
* Update debian/watch to reflect new download page structure
* Fix typo in debian/control
* Use --uscan with gbp import-orig by default
* Support more options in the wrapper (Closes: #819099)
* Bump Standards-Version to 3.9.8, no changes needed
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Thu, 07 Jul 2016 01:58:00 +0800
mupdf (1.7a-1) unstable; urgency=high
* New Upstream version 1.7a
* debian/rules: Fix FTBFS with new libjbig2. (Closes: #796420)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Fri, 18 Sep 2015 23:14:20 +0800
mupdf (1.7-1) unstable; urgency=medium
* New Upstream version 1.7
+ Added missing section in mutool man page. (Closes: #775427)
+ Set _NET_WM_NAME properly. (Closes: #780019)
+ Support continuously scrolling. (Closes: #611221)
+ "mutool clean" now has correct exit status. (Closes: #781746)
* Refresh patches
* Remove generated file in clean target
* debian/control: Add that MuPDF also reads XPS, OpenXPS and ePub.
* debian/watch: Use repacksuffix and dversionmangle
* Move mupdf-x11 out of /usr/bin.
Thanks to Mathieu Malaterre for the patch (Closes: #752207)
* debian/patches/0008-Bigger-scaling.patch: Add more scale level.
Thanks to Thomas Prokosch for the patch (Closes: #769282)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Thu, 07 May 2015 00:03:39 +0800
mupdf (1.6-1) unstable; urgency=medium
* New upstream release. (Closes: #767391)
* Refresh patches.
* debian/copyright: New files source/fitz/{ftoa.c,strtod.c}
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sat, 01 Nov 2014 19:28:58 +0800
mupdf (1.5-1) unstable; urgency=medium
* New upstream release. (Closes: #761960)
* Use git-buildpackage to maintain the package repository
* Unapply patches from source after build
* Use MUJS to provide JS functionality (Closes: #760480, #745247)
* Build against openjpeg 2.1 (Closes: #745246, #761955)
* Fix build with libopenjp2.
* Fix -Werror=format-security error
* debian/copyright: Add Files-Excluded header
* debian/copyright: Update short license name
* Fix unsafe conversion from float to fz_linecap (Closes: #749902)
* Enable verbose build log
* Fix FTBFS with clang.
Thanks to Alexander (Closes: #755741)
* Document mudraw -F command line switch in man page (Closes: #750724)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sat, 20 Sep 2014 23:18:10 +0800
mupdf (1.4-2) unstable; urgency=medium
* Disable JavaScript support on powerpc, s390x and sparc. (Closes: #747131)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Mon, 19 May 2014 00:11:11 +0800
mupdf (1.4-1) unstable; urgency=medium
[ Quoc-Viet Nguyen ]
* New upstream release.
* Fix compiling with libopenjpeg5. (Closes: #743103, #735878)
[ Kan-Ru Chen (陳侃如) ]
* Update debian/copyright.
* Enable JavaScript support with v8. (Closes: #743414)
* Won't crash when pdf file changes. (Closes: #699686)
* Add mupdf.sh so it could be used with compressed pdf-files. Thanks
Jörg-Volker Peetz! (Closes: #734183)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sun, 20 Apr 2014 01:49:29 +0800
mupdf (1.3-2) unstable; urgency=medium
* Fix CVE-2014-2013: Stack-based Buffer Overflow in
xps_parse_color(). (Closes: #738857)
* Add description of key P to mupdf(1). (Closes: #736125)
* Add description of BROWSER env to mupdf(1). (Closes: #699684)
* Bump Standards-Version to 3.9.5, no changes needed
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Sun, 09 Mar 2014 23:41:55 +0800
mupdf (1.3-1) unstable; urgency=low
* New upstream release. (Closes: #719281, #686806, #667971)
* Remove fix_compiling_1.2.patch
* Disable JPEG2000 support if compiled with libopenjpeg2
* Fix header mismatch with libjpeg-dev. (Closes: #717201)
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Mon, 25 Nov 2013 01:38:45 +0800
mupdf (1.2-2) unstable; urgency=low
* Upload to unstable
* Fix build with openjpeg 1.3.
* debian/control: Update mupdf-tools long description.
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Thu, 20 Jun 2013 22:59:39 +0800
mupdf (1.2-1) experimental; urgency=low
[ Quoc-Viet Nguyen ]
* New upstream release: 1.2. (Closes: #690983)
- Changed MuPDF license to AGPL.
- Increased openjpeg version dependency to 1.5.
- New binary `mutool' now includes most mupdf tools. (Closes: #656267).
* Use debian/watch from Bart Martens.
[ Kan-Ru Chen (陳侃如) ]
* Add Quoc-Viet Nguyen as co-maintainer. Congratulations!
* Bump Standards-Version to 3.9.4, no changes needed
* debian/copyright: Updated.
* Provides: pdf-viewer. (Closes: #682450)
* Enable CPPFLAGS hardening flags. Thanks Simon Ruderich (Closes: #665315)
* debian/rules: Remove generated files at clean target.
* Fix mudraw.1 formatting.
-- Kan-Ru Chen (陳侃如) <koster@debian.org> Thu, 20 Jun 2013 01:43:14 +0800
mupdf (0.9-2) unstable; urgency=low
* Enable harden flags.
* debian/copyright: Updated.
* Bump Standards-Version to 3.9.2, no changes needed
* debian/patches/bug621894.patch: Fix text copying with
selection. (Closes: #621894)
* debian/patches/bug646350.patch: Fix FTBFS with
-Werror=format-security. (Closes: #646350)
-- Kan-Ru Chen <koster@debian.org> Sat, 17 Dec 2011 22:25:35 +0800
mupdf (0.9-1) unstable; urgency=low
* New upstream release. (Closes: #641169)
* debian/patches/mupdf_update_manpages.patch: Merged upstream.
* debian/libmupdf-dev.install: Install more library and headers.
-- Kan-Ru Chen <koster@debian.org> Sun, 11 Sep 2011 12:08:18 +0800
mupdf (0.8.15-1) unstable; urgency=low
* New upstream release.
* debian/patches/mupdf_fix_build.patch,
debian/patches/mupdf_install_manpages_default.patch,
debian/patches/mupdf_move_manpages_to_upstream.patch,
debian/patches/mupdf_remove_extra_usage.patch: Merged upstream.
* debian/watch: Upstream now uses google code hosting.
-- Kan-Ru Chen <koster@debian.org> Tue, 05 Apr 2011 20:03:33 +0800
mupdf (0.8-1) unstable; urgency=low
* New upstream release. (Closes: #604746)
* debian/patches/mupdf_move_manpages_to_upstream.patch,
debian/patches/mupdf_update_manpages.patch: Sync with upstream.
Remove debug purpose keybinding from manpage. (Closes: #597337)
* Add NoDisplay=true to mupdf.desktop as the application is not
intended for standalone use but a viewer. (Closes: #602293)
* debian/mupdf.menu: Removed as well.
* debian/patches/mupdf_remove_extra_usage.patch: New patch, remove
redundant usage string from output.
* Add non-standard DEB_BUILD_OPTIONS x-fpic support. (Closes: #617253)
-- Kan-Ru Chen <koster@debian.org> Wed, 09 Mar 2011 11:23:12 +0800
mupdf (0.7-2) unstable; urgency=low
* Fix FTBFS on hurd-i386, kfreebsd-amd64, kfreebsd-i386
-- Kan-Ru Chen <koster@debian.org> Wed, 15 Sep 2010 17:15:47 +0800
mupdf (0.7-1) unstable; urgency=low
* New upstream release
(Closes: #590263, #590264, #590245)
* Update manpages to reflect keybinding change
* Patch build system to accept additional CFLAGS.
* Add mupdf-tools to Suggests of mupdf. (Closes: #593446)
* Update watch file
* Bump Standards-Version to 3.9.1, no changes needed
-- Kan-Ru Chen <koster@debian.org> Wed, 15 Sep 2010 02:27:06 +0800
mupdf (0.6-1) unstable; urgency=low
* Initial release. (Closes: #559906)
-- Kan-Ru Chen <koster@debian.org> Thu, 22 Jul 2010 08:23:00 +0800