tiff (4.7.0-3) unstable; urgency=medium
[ Santiago Vila <sanvila@debian.org> ]
* Do not run tests in parallel (closes: #1102073).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 05 Apr 2025 07:48:49 +0200
tiff (4.7.0-2) unstable; urgency=medium
* Backport upstream fix for test_directory.c not to fail on big-endian
machines.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 28 Mar 2025 07:08:13 +0100
tiff (4.7.0-1) unstable; urgency=medium
* New upstream release.
* Update libtiff6 symbols.
* Update watch file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 27 Mar 2025 13:27:57 +0100
tiff (4.5.1+git230720-5) unstable; urgency=high
* Backport security fix for CVE-2024-7006, NULL pointer dereference bug in
_TIFFMergeFields() (closes: #1078648).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 15 Aug 2024 18:04:20 +0200
tiff (4.5.1+git230720-4) unstable; urgency=high
* Backport security fix for CVE-2023-52355, an out-of-memory flaw that
could be triggered by passing a crafted tiff file with documentation
update how to prevent it.
* Backport security fix for CVE-2023-52356, a segment fault flaw that
could be triggered by passing a crafted tiff file (closes: #1061524).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 27 Jan 2024 10:32:25 +0100
tiff (4.5.1+git230720-3) unstable; urgency=medium
* Mark break on versions of libimager-perl that don't work with this tiff
version (closes: #1057326).
* Update Standards-Version to 4.6.2 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 03 Dec 2023 15:16:24 +0100
tiff (4.5.1+git230720-2) unstable; urgency=high
* Backport security fix for CVE-2023-6277, passing a crafted tiff file to
TIFFOpen() API may allow a remote attacker to cause a denial of service
(closes: #1056751).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 26 Nov 2023 10:25:48 +0100
tiff (4.5.1+git230720-1) unstable; urgency=medium
* Git snapshot, fixing the following security issues:
- fix TransferFunction writing of only two transfer functions,
- TIFFReadDirectory(): fix crash when reading tag TIFFTAG_EP_BATTERYLEVEL,
- WebP decoder: validate WebP blob width, height, band count against
TIFF parameters,
- TIFFReadDirectoryCheckOrder(): avoid integer overflow,
- tiffcp: fix memory corruption (overflow) on hostile images,
- raw2tiff: fix integer overflow and bypass of the check.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 29 Jul 2023 23:36:42 +0200
tiff (4.5.1-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 21 Jun 2023 17:49:37 +0200
tiff (4.5.1~rc3-1) unstable; urgency=medium
* New upstream release candidate version.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 12 Jun 2023 21:56:31 +0200
tiff (4.5.0-6) unstable; urgency=high
* Backport security fix for CVE-2023-2731, NULL pointer dereference flaw in
LZWDecode() (closes: #1036282).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 18 May 2023 18:20:39 +0200
tiff (4.5.0-5) unstable; urgency=high
* Backport fix for tiffcrop correctly update buffersize after
rotateImage() .
* Backport fix for TIFFClose() avoid NULL pointer dereferencing.
* Backport security fix for CVE-2023-0800, CVE-2023-0801, CVE-2023-0802,
CVE-2023-0803 and CVE-2023-0804, an out-of-bounds write in tiffcrop
allows attackers to cause a denial-of-service via a crafted tiff file.
* Backport security fix for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797,
CVE-2023-0798 and CVE-2023-0799, an out-of-bounds read in tiffcrop allows
attackers to cause a denial-of-service via a crafted tiff file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 19 Feb 2023 08:46:38 +0100
tiff (4.5.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-48281, heap-based buffer overflow in
processCropSelections() (closes: #1029653).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 25 Jan 2023 18:28:55 +0100
tiff (4.5.0-3) unstable; urgency=medium
* Don't use smartquotes for Sphinx (closes: #1028456).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 12 Jan 2023 17:45:09 +0100
tiff (4.5.0-2) unstable; urgency=medium
* Upload to Sid.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 10 Jan 2023 23:02:27 +0100
tiff (4.5.0-1) experimental; urgency=medium
* New upstream release.
* Backport upstream fix to add a tif_config.h include.
* Backport upstream fix for TIFFWriteDirectorySec(): avoid harmless
unsigned integer overflow.
* Backport upstream fix for TIFFSetDirectory(): avoid harmless unsigned
integer overflow.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 17 Dec 2022 14:03:44 +0100
tiff (4.5.0~rc3+git221213-1) experimental; urgency=medium
* New git snapshot release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 14 Dec 2022 17:36:48 +0100
tiff (4.5.0~rc1+git221213-1) experimental; urgency=medium
* New git snapshot release.
* Update libtiff-dev dependency.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 13 Dec 2022 16:54:10 +0100
tiff (4.5.0~rc1-1) experimental; urgency=medium
* New upstream release candidate version.
* Library transition from libtiff{,xx}5 to libtiff{,xx}6 .
* Link common JavaScript files to packaged ones in libtiff-doc.
* Update Standards-Version to 4.6.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 10 Dec 2022 10:16:36 +0100
tiff (4.4.0-6) unstable; urgency=high
* Backport security fix for CVE-2022-2519, double free or corruption in
rotateImage() (closes: #1024670).
* Backport security fix for CVE-2022-2520, sysmalloc assertion fail in
rotateImage().
* Backport security fix for CVE-2022-2521, invalid pointer free operation
in TIFFClose().
* Backport security fix for CVE-2022-2953, out-of-bounds read in
extractImageSection().
* Backport security fix for CVE-2022-3970, fix (unsigned) integer overflow
on strips/tiles > 2 GB in TIFFReadRGBATileExt() (closes: #1024737).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 24 Nov 2022 17:54:18 +0100
tiff (4.4.0-5) unstable; urgency=high
* Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627,
out of bounds write and denial of service via a crafted TIFF file.
* Backport security fix for CVE-2022-3570, multiple heap buffer overflows
via crafted TIFF file.
* Backport security fix for CVE-2022-3599, denial-of-service via a crafted
TIFF file.
* Backport security fix for CVE-2022-3598, denial-of-service via a crafted
TIFF file (closes: #1022555).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 23 Oct 2022 22:38:15 +0200
tiff (4.4.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-34526, denial of service via a crafted
TIFF file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 06 Aug 2022 15:19:15 +0200
tiff (4.4.0-3) unstable; urgency=high
* Backport security fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058,
divide by zero error in tiffcrop (closes: #1014494).
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 08 Jul 2022 19:02:43 +0200
tiff (4.4.0-2) unstable; urgency=medium
* Adjust library symbols with LERC build architectures.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 30 May 2022 18:04:05 +0200
tiff (4.4.0-1) unstable; urgency=medium
* New upstream release.
* Backport upstream fix for adding 4.4.0 changes file to documentation.
* Build with LERC compression support (closes: #990789).
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 29 May 2022 12:28:49 +0200
tiff (4.4.0~rc1-1) unstable; urgency=medium
* New upstream release candidate version.
* Update libtiff5 symbols.
* Update watch file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 21 May 2022 15:41:44 +0200
tiff (4.3.0-8) unstable; urgency=high
* Backport correct security fix for CVE-2022-1355, stack buffer overflow in
"mode" string (closes: #1011160).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 17 May 2022 21:38:14 +0200
tiff (4.3.0-7) unstable; urgency=high
* Backport security fix for CVE-2022-1354, heap buffer overflow in
TIFFReadRawDataStriped().
* Fix segmentation fault printing GPS directory if Altitude tag is present.
* Fix segmentation fault due to field_name=NULL.
* Backport security fix for CVE-2022-1355, stack buffer overflow in "mode"
string.
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 25 Apr 2022 22:24:06 +0200
tiff (4.3.0-6) unstable; urgency=high
* Backport security fix for CVE-2022-0908, null source pointer passed as an
argument to memcpy() function within TIFFFetchNormalTag().
* Backport security fix for CVE-2022-0907, unchecked return value to null
pointer dereference in tiffcrop.
* Backport security fix for CVE-2022-0909, divide by zero error in
tiffcrop.
* Backport security fix for CVE-2022-0891, heap buffer overflow in
ExtractImageSection function in tiffcrop.
* Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 13 Mar 2022 11:00:15 +0100
tiff (4.3.0-5) unstable; urgency=high
* Backport security fix for CVE-2022-0865, crash when reading a file with
multiple IFD in memory-mapped mode and when bit reversal is needed.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 07 Mar 2022 22:23:21 +0100
tiff (4.3.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-0561, TIFFFetchStripThing(): avoid
calling memcpy() with a null source pointer and size of zero.
* Backport security fix for CVE-2022-0562, TIFFReadDirectory(): avoid
calling memcpy() with a null source pointer and size of zero.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 12 Feb 2022 21:21:45 +0100
tiff (4.3.0-3) unstable; urgency=high
* Backport security fix for CVE-2022-22844: global-buffer-overflow for
ASCII tags where count is required.
[ Helmut Grohne <helmut@subdivi.de> ]
* Drop unused Build-Depends: libxmu-dev (closes: #981265).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 26 Jan 2022 17:49:14 +0100
tiff (4.3.0-2) unstable; urgency=medium
* Upload to Sid.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 05 Sep 2021 19:25:09 +0200
tiff (4.3.0-1) experimental; urgency=medium
* New upstream release.
* Remove libport_dummy_function@LIBTIFF_4.0 symbol as no longer part of
the libraries.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 01 Jun 2021 08:19:06 +0200
tiff (4.2.0-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 21 Dec 2020 15:06:46 +0100
tiff (4.1.0+git201212-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- TIFFSetupStrips: enforce 2GB limitation of
Strip/Tile Offsets/ByteCounts arrays,
- tiff2ps: fix heap buffer read overflow in PSDataColorContig() ,
- tiff2pdf: palette bound check in t2p_sample_realize_palette() ,
- tiffcrop: fix asan runtime error caused by integer promotion,
- raw2tiff: avoid divide by zero,
- tif_fax3.c: check buffer overflow in Fax4Decode() ,
- tif_fax3: better fix for CVE-2011-0192,
- TIFFReadCustomDirectory(): fix potential heap buffer overflow when
reading a custom directory, after a regular directory where a codec was
active,
- tif_fax3.h: check for buffer overflow in EXPAND2D before "calling"
CLEANUP_RUNS() ,
- contrib/win_dib/tiff2dib: fix uninitialized variable: lpBits,
- Fax3SetupState(): check consistency of rowbytes and rowpixels,
potential heap overflow in tiff2pdf,
- tiff2pdf: avoid divide by zero, use-after-free in t2p_writeproc()
function,
- tiffcp/tiff2pdf/tiff2ps: enforce maximum malloc size,
- tif_fax3: more buffer overflow checks in Fax3Decode2D() ,
- tiffset: check memory allocation, use of allocated memory without null
pointer check,
- tiffdump: avoid unaligned memory access,
- tiff2pdf: normalizePoint() macro to normalize the white point, avoid
divide by zero,
- tif_fax3: quit Fax3Decode2D() when a buffer overflow occurs,
- tiffcrop: enforce memory allocation limit,
- tiffinfo: fix dump of Tiled images, heap out of bounds read in
TIFFReadRawData() ,
- Fax3PreDecode(): reset curruns and refruns state variables,
heap-buffer-overflow in Fax3Decode2D() ,
- tif_fax3.h: extra buffer overflow checks, heap-buffer-overflow in
Fax3Decode2D() ,
- TIFFStartStrip(): avoid potential crash in WebP codec when using
scanline access on corrupted files,
- gtTileContig(): check Tile width for overflow,
- avoid buffer overflow while writing jpeg end of file marker,
- tiff2ps.c: fix buffer overread, heap-buffer-overflow in PSDataBW() ,
- fix potential overflow in gtStripContig() ,
- more overflow fixes for large width,
- enforce (configurable) memory limit in tiff2rgba,
- tiff2pdf: enforce memory limit for tiled pictures,
- tiffcrop: fix buffer overrun in extractContigSamples24bits() .
* Build with libdeflate support.
* Update libtiff5 symbols.
* Update debhelper level to 13 .
* Update Standards-Version to 4.5.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 13 Dec 2020 07:52:33 +0100
tiff (4.1.0+git191117-2) unstable; urgency=medium
* Backport upstream fix for rowsperstrip parse regression in
OJPEGReadHeaderInfo() (closes: #945402).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 08 Jan 2020 15:47:02 +0000
tiff (4.1.0+git191117-1) unstable; urgency=medium
* Git snapshot, fixing the following issues:
- missing TIFFClose in rgb2ycbcr tool,
- missing checks on TIFFGetField in tiffcrop tool,
- broken sanity check in OJPEG,
- missing generated .sh files for tests.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 18 Nov 2019 18:02:46 +0000
tiff (4.1.0-1) unstable; urgency=medium
* New upstream release.
* Update Standards-Version to 4.4.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 05 Nov 2019 16:26:48 +0000
tiff (4.0.10+git191003-1) unstable; urgency=high
* Git snapshot, fixing the following security issue:
- TIFFReadAndRealloc(): avoid too large memory allocation attempts.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 03 Oct 2019 22:00:39 +0000
tiff (4.0.10+git190903-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- setByteArray(): avoid potential signed integer overflow,
- EstimateStripByteCounts(): avoid several unsigned integer overflows,
- tif_ojpeg: avoid two unsigned integer overflows,
- OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile
dimensions close to UINT32_MAX,
- _TIFFPartialReadStripArray(): avoid unsigned integer overflow,
- JPEG: avoid use of uninitialized memory on corrupted files,
- TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t,
- allocChoppedUpStripArrays(): avoid unsigned integer overflow,
- tif_ojpeg: avoid use of uninitialized memory on edge/broken file,
- ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer
overflows.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 17 Sep 2019 22:07:35 +0000
tiff (4.0.10+git190818-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- RGBA interface: fix integer overflow potentially causing write heap
buffer overflow,
- setByteArray(): avoid potential signed integer overflow.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 18 Aug 2019 11:25:27 +0000
tiff (4.0.10+git190814-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- TryChopUpUncompressedBigTiff(): avoid potential division by zero,
- fix vulnerability introduced by defer strile loading,
- fix vulnerability in 'D' (DeferStrileLoad) mode,
- return infinite distance when denominator is zero,
- OJPEG: avoid use of uninitialized memory on corrupted files,
- OJPEG: fix integer division by zero on corrupted subsampling factors,
- OJPEGReadBufferFill(): avoid very long processing time on corrupted
files,
- TIFFClientOpen(): fix memory leak if one of the required callbacks is
not provided,
- CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other
implementation-defined behaviour (closes: #934780).
* Update libtiff5 symbols.
* Update Standards-Version to 4.4.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 14 Aug 2019 19:24:22 +0000
tiff (4.0.10-4) unstable; urgency=high
* Backport security fixes:
- CVE-2018-12900: heap-based buffer overflow in
cpSeparateBufToContigBuf() cause remote DoS (closes: #902718),
- CVE-2018-17000: NULL pointer dereference in _TIFFmemcmp() cause DoS
(closes: #908778),
- CVE-2018-19210: NULL pointer dereference in TIFFWriteDirectorySec()
cause DoS (closes: #913675),
- CVE-2019-6128: TIFFFdOpen() memory leak (closes: #921157).
* Update watch file.
* Update Standards-Version to 4.3.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 02 Feb 2019 18:34:29 +0000
tiff (4.0.10-3) unstable; urgency=medium
* Backport fix for lossless WebP compression config.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 22 Nov 2018 17:01:04 +0000
tiff (4.0.10-2) unstable; urgency=medium
* Add libegl1-mesa-dev as build dependency until mesa-common-dev is fixed.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 20 Nov 2018 00:24:26 +0000
tiff (4.0.10-1) unstable; urgency=high
* New upstream release.
* Fix CVE-2018-18661: NULL pointer dereference in LZWDecode()
(closes: #912012).
* Move libtiff5-dev contents to libtiff-dev .
* Mark libtiff-dev as Multi-Arch same (closes: #884978).
* Mark libtiff-{tools,opengl} as Multi-Arch foreign (closes: #904165).
* Mark libtiff-doc as Multi-Arch foreign (closes: #907794).
* Fix TIFFReadRawStrip man page typo (closes: #672858).
* Update Standards-Version to 4.2.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 19 Nov 2018 17:16:05 +0000
tiff (4.0.9+git181026-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- CVE-2018-17100, int32 overflow in multiply_ms() which can cause a DoS
or possibly have unspecified other impact via a crafted image file
(closes: #909038),
- CVE-2018-17101, two out-of-bounds writes in cpTags() which can cause a
DoS or possibly have unspecified other impact via a crafted image file
(closes: #909037),
- CVE-2018-18557, out-of-bounds write in JBIGDecode() (closes: #911635).
* Remove previously backported security patches.
* Build with Zstandard, a fast lossless compression algorithm.
* Build with WebP, the modern VP8 compression format.
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 28 Oct 2018 11:04:14 +0000
tiff (4.0.9-6) unstable; urgency=high
* Fix CVE-2018-8905: eap-based buffer overflow in LZWDecodeCompat()
(closes: #893806).
* Fix CVE-2018-10963: remote denial of service (closes: #898348).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 01 Jul 2018 19:46:23 +0000
tiff (4.0.9-5) unstable; urgency=high
* Fix CVE-2017-11613: avoid memory exhaustion in
ChopUpSingleUncompressedStrip() (closes: #869823).
* Fix CVE-2018-7456: NULL pointer dereference in TIFFPrintDirectory()
(closes: #891288).
* Fix CVE-2017-17095: heap-based buffer overflow in pal2rgb tool
(closes: #883320).
* Don't specify parallel to debhelper.
* Update Standards-Version to 4.1.4 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 15 Apr 2018 18:13:42 +0000
tiff (4.0.9-4) unstable; urgency=high
* Fix CVE-2018-5784: uncontrolled resource consumption in TIFFSetDirectory()
(closes: #890441).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 14 Feb 2018 20:07:21 +0000
tiff (4.0.9-3) unstable; urgency=high
* Fix CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory()
(closes: #885985).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 01 Jan 2018 16:26:47 +0000
tiff (4.0.9-2) unstable; urgency=high
* Fix CVE-2017-9935: heap-based buffer overflow in the t2p_write_pdf()
function (closes: #866109).
* Update debhelper level to 11 .
* Update Standards-Version to 4.1.2 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 15 Dec 2017 17:45:42 +0000
tiff (4.0.9-1) unstable; urgency=medium
* New upstream release.
* Remove previously backported security patches.
* Update libtiff5 symbols.
* Make -dev recommend pkg-config (closes: #814417).
* Update debhelper level to 10:
- don't need to specify 'with autotools-dev' anymore,
- remove autotools-dev build dependency,
- remove dh-autoreconf build dependency.
[ Helmut Grohne <helmut@subdivi.de> ]
* Turn libtiff-dev into a real package (closes: #780807).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 02 Dec 2017 09:24:59 +0000
tiff (4.0.8-6) unstable; urgency=high
* Backport security fixes:
- prevent OOM in gtTileContig() ,
- prevent OOM in TIFFFetchStripThing() ,
- CVE-2017-12944, OOM prevention in TIFFReadDirEntryArray()
(closes: #872607),
- avoid floating point division by zero in initCIELabConversion() .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 29 Oct 2017 13:29:44 +0000
tiff (4.0.8-5) unstable; urgency=high
* Backport security fixes:
- CVE-2017-13726, reachable assertion abort in TIFFWriteDirectorySec()
(closes: #873880),
- CVE-2017-13727, reachable assertion abort in
TIFFWriteDirectoryTagSubifd() (closes: #873879).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 31 Aug 2017 21:09:59 +0000
tiff (4.0.8-4) unstable; urgency=high
* Fix regression in the decoding of old-style LZW compressed files.
* Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
(closes: #868513).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 16 Jul 2017 11:07:56 +0000
tiff (4.0.8-3) unstable; urgency=high
* Backport security fixes:
- CVE-2017-9936, memory leak in error code path of JBIGDecode()
(closes: #866113),
- prevent out of memory in gtTileContig() on corrupted files,
- CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX()
(closes: #866611).
* Add required _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbol to the
libtiff5 package.
* Update Standards-Version to 4.0.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 01 Jul 2017 18:13:15 +0000
tiff (4.0.8-2) unstable; urgency=high
* Backport security fixes:
- TIFFYCbCrToRGBInit(): stricter clamping to avoid int32 overflow in
TIFFYCbCrtoRGB(),
- initYCbCrConversion(): stricter validation for refBlackWhite
coefficients values - to avoid invalid float->int32 conversion,
- CVE-2016-10095 and CVE-2017-9147: add _TIFFCheckFieldIsValidForCodec()
and use it in TIFFReadDirectory() (closes: #850316, #863185).
* Add required _TIFFCheckFieldIsValidForCodec@LIBTIFF_4.0 symbol to the
libtiff5 package.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 01 Jun 2017 17:56:08 +0000
tiff (4.0.8-1) unstable; urgency=high
* New upstream release of merged security fixes.
* Add required TIFFReadRGBAStripExt@LIBTIFF_4.0 and
TIFFReadRGBATileExt@LIBTIFF_4.0 symbols to the libtiff5 package.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 24 May 2017 19:49:04 +0000
tiff (4.0.7-7) unstable; urgency=high
* Backport security fix for CVE-2016-10371 (closes: #862929).
* Backport security fix for CVE-2015-7554 (closes: #809066, #842043).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 20 May 2017 16:35:43 +0000
tiff (4.0.7-6) unstable; urgency=high
* Backport security fixes:
- CVE-2017-7595, divide-by-zero in JPEGSetupEncode (closes: #860003),
- CVE-2017-7596, CVE-2017-7597, CVE-2017-7598,CVE-2017-7599 CVE-2017-7600,
CVE-2017-7601 and CVE-2017-7602, multiple UBSAN crashes,
- CVE-2017-7592, left-shift undefined behavior issue in putagreytile
(closes: #859998),
- CVE-2017-7593, unitialized-memory access from tif_rawdata
(closes: #860000),
- CVE-2017-7594, leak in OJPEGReadHeaderInfoSecTablesAcTable
(closes: #860001).
* Add required _TIFFcalloc@LIBTIFF_4.0 symbol to the libtiff5 package.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 14 Apr 2017 07:21:47 +0000
tiff (4.0.7-5) unstable; urgency=high
* Fix CVE-2017-5225: heap buffer overflow via a crafted BitsPerSample value
(closes: #851297).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 15 Jan 2017 16:49:05 +0000
tiff (4.0.7-4) unstable; urgency=high
* Fix CVE-2016-10094: heap-based overflow in t2p_readwrite_pdf_image_tile().
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 01 Jan 2017 19:03:49 +0000
tiff (4.0.7-3) unstable; urgency=medium
* Backport upstream fix of TIFFFaxTabEnt structure.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 13 Dec 2016 19:02:25 +0000
tiff (4.0.7-2) unstable; urgency=high
* Backport security fixes:
- fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer
division by zero,
- avoid uint32 underflow in cpDecodedStrips that can cause various
issues, such as buffer overflows in the library,
- fix heap-based buffer overflow on generation of PixarLog / LUV
compressed files, with ColorMap, TransferFunction attached and nasty
plays with bitspersample,
- fix ChopUpSingleUncompressedStrip() in reading outside of the
StripByCounts/StripOffsets arrays when using TIFFReadScanline()
(closes: #846837),
- make OJPEGDecode() early exit in case of failure in OJPEGPreDecode() to
avoid a divide by zero, and potential other issues,
- fix readContigStripsIntoBuffer() in -i (ignore) mode so that the
output buffer is correctly incremented to avoid write outside bounds,
- add 3 extra bytes at end of strip buffer in
readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
buffer,
- fix integer division by zero when BitsPerSample is missing
(closes: #846838),
- fix null pointer dereference in -r mode when the image has no
StripByteCount tag,
- avoid potential division by zero if BitsPerSamples tag is missing,
- limit the return number of inks to SamplesPerPixel in
TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) , so that code that parses ink
names doesn't go past the end of the buffer,
- avoid another potential division by zero if BitsPerSamples tag is
missing,
- fix uint32 underflow/overflow that can cause heap-based buffer overflow,
- replace assert( (bps % 8) == 0 ) by a non assert check.
* Remove thumbnail and rgb2ycbcr documentations, these tools no longer
present.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 04 Dec 2016 12:24:44 +0000
tiff (4.0.7-1) unstable; urgency=high
* New upstream release.
* Fixes the following vulnerabilities:
- CVE-2015-7313, OOM when parsing crafted tiff files (closes: #800124),
- CVE-2016-3622, denial of service (divide-by-zero error) via
the fpAcc function in tif_predict.c (closes: #820365),
- CVE-2016-3945, multiple integer overflows in the tiff2rgba tool,
- CVE-2016-3990, write buffer overflow in PixarLogEncode,
- CVE-2016-3991 and CVE-2016-5322, heap-based buffer overflow in the
loadImage function,
- CVE-2016-9273, heap-buffer-overflow in cpStrips (closes: #844013),
- CVE-2016-9297, segfault in _TIFFPrintField() (closes: #844226),
- CVE-2016-9448, in TIFFFetchNormalTag(), do not dereference NULL pointer
(regression of CVE-2016-9297),
- heap buffer overflow via writeBufferToSeparateStrips() in tiffcrop.
* Remove backported vulnerability fixes, this release contains those.
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 19 Nov 2016 18:05:24 +0000
tiff (4.0.6-3) unstable; urgency=high
* Fix architecture independent only build (closes: #806118).
* Fix CVE-2015-8668 , CVE-2016-3619 , CVE-2016-3620 (closes: #820363),
CVE-2016-3621 (closes: #820364) and CVE-2016-5319 with removing bmp2tiff
(closes: #820364).
* Fix CVE-2016-3186 and CVE-2016-5102 with removing gif2tiff.
* Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
* Backport upstream fix for CVE-2016-3623 and CVE-2016-3624 .
* Backport upstream fix for CVE-2016-5652 (closes: #842361).
* Backport upstream fix for CVE-2016-3658 .
* Removed vulnerable, unsupported tools (closes: #827484, #842046).
* Comment out Vcs fields for now.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 31 Oct 2016 15:56:56 +0000
tiff (4.0.6-2) unstable; urgency=high
* Backport fix for the following vulnerabilities:
- CVE-2016-5314, PixarLogDecode() heap-based buffer overflow
(closes: #830700),
- CVE-2016-5316, PixarLogCleanup() Segmentation fault,
- CVE-2016-5320, rgb2ycbcr: command excution,
- CVE-2016-5875, heap-based buffer overflow when using the PixarLog
compression format,
- CVE-2016-6223, information leak in libtiff/tif_read.c ,
- CVE-2016-5321, DumpModeDecode(): Ddos,
- CVE-2016-5323, tiffcrop _TIFFFax3fillruns(): NULL pointer dereference.
* Be primary maintainer and keep Ondřej as uploader.
* Update Standards-Version to 3.9.8 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 16 Jul 2016 11:45:21 +0000
tiff (4.0.6-1) unstable; urgency=high
* New upstream release.
* Backport upstream fixes for:
- CVE-2015-8665 an out-of-bound read in TIFFRGBAImage interface,
- CVE-2015-8683 an out-of-bounds read in CIE Lab image format.
* Backport fix for potential out-of-bound writes in decode.
* Backport fix for potential out-of-bound write in NeXTDecode().
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 31 Dec 2015 16:22:24 +0100
tiff (4.0.5-1) unstable; urgency=medium
* Update László Böszörményi to Laszlo Boszormenyi (GCS)
* Add Vcs URLs to debian/control
* Imported Upstream version 4.0.5
* Remove all patches - they have been merged upstream
* Convert the package to pure debhelper and remove some legacy stuff
-- Ondřej Surý <ondrej@debian.org> Tue, 01 Sep 2015 13:10:55 +0200
tiff (4.0.3-13) unstable; urgency=medium
* Thanks Jay for maintaining tiff for so long
* Add me as a new maintainer, and add László Böszörményi to Uploaders
* Cleanup debian a bit:
- Run wrap-and-sortize -a)
- Update d/copyright to Copyright Format 1.0
- Remove files related to libtiff4->libtiff5 transition
* Add C++ symbols file for libtiffxx5
-- Ondřej Surý <ondrej@debian.org> Tue, 05 May 2015 08:37:59 +0200
tiff (4.0.3-12.3) unstable; urgency=medium
* Add another (final) patch for CVE-2014-8128 (Bug #2499). Thanks to
Petr Gajdos
-- Moritz Muehlenhoff <jmm@debian.org> Mon, 23 Mar 2015 18:26:40 +0100
tiff (4.0.3-12.2) unstable; urgency=medium
* Add another patch for CVE-2014-8128 (Bug #2501)
-- Moritz Muehlenhoff <jmm@debian.org> Fri, 13 Mar 2015 23:54:02 +0100
tiff (4.0.3-12.1) unstable; urgency=medium
* NMU as discussed with Ondrej, the future adopter of tiff
* Fix multiple security issues, exact details will be recorded in the
Debian security tracker
-- Moritz Muehlenhoff <jmm@debian.org> Sat, 21 Feb 2015 13:06:08 +0100
tiff (4.0.3-12) unstable; urgency=high
* Fix integer overflow in bmp2tiff. CVE-2014-9330. (Closes: #773987)
-- Jay Berkenbilt <qjb@debian.org> Tue, 30 Dec 2014 11:32:04 -0500
tiff (4.0.3-11) unstable; urgency=medium
* Don't crash on JPEG => non-JPEG conversion (Closes: #741451)
* Thanks Tomasz Buchert <tomasz.buchert@inria.fr> for preparing the fix!
-- Jay Berkenbilt <qjb@debian.org> Tue, 23 Dec 2014 15:51:40 -0500
tiff (4.0.3-10) unstable; urgency=medium
* Remove libtiff4-dev, completing the tiff transition. Packages that
still declare build dependencies on libtiff4-dev must now build depend
on libtiff-dev instead, or if a versioned dependency is required,
libtiff5-dev with a specific version.
-- Jay Berkenbilt <qjb@debian.org> Sun, 29 Jun 2014 17:32:18 -0400
tiff (4.0.3-9) unstable; urgency=medium
* Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat. (Closes:
#742917)
-- Jay Berkenbilt <qjb@debian.org> Sat, 21 Jun 2014 18:12:40 -0400
tiff (4.0.3-8) unstable; urgency=medium
* Remove libtiff5-alt-dev transitional package now that no one is
build-depending on it anymore.
-- Jay Berkenbilt <qjb@debian.org> Sat, 01 Mar 2014 09:36:51 -0500
tiff (4.0.3-7) unstable; urgency=medium
* Use dh-autoreconf to support new architectures in Ubuntu.
-- Jay Berkenbilt <qjb@debian.org> Mon, 23 Dec 2013 09:58:47 -0500
tiff (4.0.3-6) unstable; urgency=low
* Update standards to 3.9.5. No changes required.
* libtiff4 -> libtiff5 transition. libtiff5-dev now provides
libtiff-dev. libtiff5-alt-dev and libtiff4-dev are transitional
packages that depend on libtiff5-dev. They will both be removed
before jessie.
-- Jay Berkenbilt <qjb@debian.org> Wed, 04 Dec 2013 14:36:36 -0500
tiff (4.0.3-5) unstable; urgency=low
* Replace shlibs file with symbols file
* Update standards to 3.9.4
-- Jay Berkenbilt <qjb@debian.org> Sun, 15 Sep 2013 08:31:41 -0400
tiff (4.0.3-4) unstable; urgency=low
* Complete Multi-Arch conversion for dev packages. (Closes: #689085)
-- Jay Berkenbilt <qjb@debian.org> Sat, 24 Aug 2013 11:50:20 -0400
tiff (4.0.3-3) unstable; urgency=high
* Incorporated fixes to security issues CVE-2013-4244.
-- Jay Berkenbilt <qjb@debian.org> Sat, 24 Aug 2013 11:20:00 -0400
tiff (4.0.3-2) unstable; urgency=high
* Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
(Closes: #719303)
-- Jay Berkenbilt <qjb@debian.org> Thu, 22 Aug 2013 11:52:58 -0400
tiff (4.0.3-1) unstable; urgency=low
* Acknowledge/incorporate NMU. Thanks!
* New upstream version. Patches incorporated:
CVE-2012-3401.patch
CVE-2012-4447.patch
* Add build dependency on autotools-dev to help porters.
-- Jay Berkenbilt <qjb@debian.org> Sun, 23 Jun 2013 10:39:04 -0400
tiff (4.0.2-6+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).
-- Michael Gilbert <mgilbert@debian.org> Mon, 17 Jun 2013 01:27:17 +0000
tiff (4.0.2-6) unstable; urgency=high
* Fix /usr/share/doc symlink to directory transition. When upgrading
from very old versions (pre 3.8.2-8), /usr/share/doc may contain
symbolic links that should be removed. (Closes: #687645)
-- Jay Berkenbilt <qjb@debian.org> Sat, 26 Jan 2013 12:28:19 -0500
tiff (4.0.2-5) unstable; urgency=high
* Add fix for CVE-2012-4564, a heap-buffer overflow. Thanks Adrian La
Duca for doing all the work to prepare this upload. (Closes: #692345)
-- Jay Berkenbilt <qjb@debian.org> Sat, 17 Nov 2012 12:40:25 -0500
tiff (4.0.2-4) unstable; urgency=high
* Previous change was uploaded with the wrong CVE number. I updated the
last changelog entry. The correct CVE number is CVE-2012-4447.
-- Jay Berkenbilt <qjb@debian.org> Fri, 05 Oct 2012 17:33:44 -0400
tiff (4.0.2-3) unstable; urgency=high
* Add fix for CVE-2012-4447, a buffer overrun. (Closes: #688944)
-- Jay Berkenbilt <qjb@debian.org> Fri, 05 Oct 2012 17:04:38 -0400
tiff (4.0.2-2) unstable; urgency=high
* SECURITY UPDATE: possible arbitrary code execution via heap overflow
in tiff2pdf. (Closes: #682115)
- debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
tools/tiff2pdf.c.
- CVE-2012-3401
Changes prepared by Marc Deslauriers for Ubuntu. Thanks!
-- Jay Berkenbilt <qjb@debian.org> Sat, 21 Jul 2012 21:27:34 -0400
tiff (4.0.2-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Sun, 24 Jun 2012 13:45:42 -0400
tiff (4.0.1-8) unstable; urgency=low
* Call glFlush() in tiffgt to fix display problems. From
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/797166.
-- Jay Berkenbilt <qjb@debian.org> Sat, 16 Jun 2012 21:20:04 -0400
tiff (4.0.1-7) unstable; urgency=low
* Add new temporary package libtiff5-alt-dev, which provides libtiff5
development files in a location that doesn't conflict with
libtiff4-dev. See README.Debian for details.
-- Jay Berkenbilt <qjb@debian.org> Thu, 24 May 2012 15:24:36 -0400
tiff (4.0.1-6) unstable; urgency=low
* Include pkg-config files
-- Jay Berkenbilt <qjb@debian.org> Sun, 13 May 2012 12:53:38 -0400
tiff (4.0.1-5) unstable; urgency=low
* Fix shlibs again.
-- Jay Berkenbilt <qjb@debian.org> Sun, 22 Apr 2012 11:41:44 -0400
tiff (4.0.1-4) unstable; urgency=low
* Use >= instead of > in shlibs file.
-- Jay Berkenbilt <qjb@debian.org> Sun, 22 Apr 2012 10:57:02 -0400
tiff (4.0.1-3) unstable; urgency=low
* Support JBIG now that patents have expired. (Closes: #667835)
* Support LZMA.
-- Jay Berkenbilt <qjb@debian.org> Sat, 14 Apr 2012 19:03:04 -0400
tiff (4.0.1-2) unstable; urgency=high
* Incorporated fix to CVE-2012-1173, a problem in the parsing of the
TileSize entry, which could result in the execution of arbitrary code
if a malformed image is opened.
* Updated standards to 3.9.3
-- Jay Berkenbilt <qjb@debian.org> Fri, 06 Apr 2012 10:10:48 -0400
tiff (4.0.1-1) unstable; urgency=low
* New upstream release
* Point watch file to new download location
-- Jay Berkenbilt <qjb@debian.org> Mon, 20 Feb 2012 09:43:54 -0500
tiff (4.0.0-2) experimental; urgency=low
* Rename libtiff-dev -> libtiff5-dev to avoid premature transition for
packages that explicitly depend on libtiff-dev. At some future time,
libtiff5-dev will provide or be renamed back to libtiff-dev.
-- Jay Berkenbilt <qjb@debian.org> Sat, 04 Feb 2012 09:41:19 -0500
tiff (4.0.0-1) experimental; urgency=low
* New upstream release
* Enable versioned symbols
-- Jay Berkenbilt <qjb@debian.org> Sat, 28 Jan 2012 10:56:23 -0500
tiff (4.0.0~beta7-2) experimental; urgency=low
* Incorporated changes from 3.9.5-2: security hardening and multiarch
-- Jay Berkenbilt <qjb@debian.org> Sat, 17 Sep 2011 10:28:53 -0400
tiff (4.0.0~beta7-1) experimental; urgency=low
* New upstream release including many security fixes and other
improvements
* Updated changelog with changes from 3.x series.
* Updated standards version to 3.9.2. No changes required.
-- Jay Berkenbilt <qjb@debian.org> Sat, 16 Apr 2011 13:45:33 -0400
tiff (4.0.0~beta6-3) experimental; urgency=low
* Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
putcontig8bitYCbCr11tile", from 3.9.4-4.
-- Jay Berkenbilt <qjb@debian.org> Sat, 02 Oct 2010 13:31:41 -0400
tiff (4.0.0~beta6-2) experimental; urgency=low
* Incorporate changes from 3.9.4-{2,3} including updating standards
version to 3.9.1 along with associated fixes. (CVE-2010-2233 was
already fixed in this version.)
-- Jay Berkenbilt <qjb@debian.org> Sat, 14 Aug 2010 16:36:44 -0400
tiff (4.0.0~beta6-1) experimental; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Fri, 18 Jun 2010 21:42:57 -0400
tiff (4.0.0~beta5-2) experimental; urgency=low
* Depend on libjpeg-dev instead of libjpeg62-dev.
* Change source format to '3.0 (quilt)'
* Update standards version to 3.8.4. No changes required.
-- Jay Berkenbilt <qjb@debian.org> Wed, 10 Feb 2010 19:36:43 -0500
tiff (4.0.0~beta5-1) experimental; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Fri, 06 Nov 2009 22:58:07 -0500
tiff (4.0.0~beta4-1) experimental; urgency=low
* New upstream release. All debian patches incorporated among many
other fixes and enhancements.
-- Jay Berkenbilt <qjb@debian.org> Fri, 28 Aug 2009 11:30:09 -0400
tiff (4.0.0~beta3-2) experimental; urgency=low
* Fixed previously incorrect patch to lzw problem.
-- Jay Berkenbilt <qjb@debian.org> Mon, 24 Aug 2009 14:45:10 -0400
tiff (4.0.0~beta3-1) experimental; urgency=low
* New upstream release. This version is not binary compatible with the
3.x series, nor is it entirely source compatible, but most
applications should port easily.
-- Jay Berkenbilt <qjb@debian.org> Fri, 21 Aug 2009 13:39:37 -0400
tiff (3.9.5-2) unstable; urgency=low
* Implemented mulitarch and and PIE build for security hardening by
integrating the changes from the Ubuntu tiff packages. Thanks to Marc
Deslauriers and anyone else who did the actual work.
-- Jay Berkenbilt <qjb@debian.org> Sat, 17 Sep 2011 10:15:39 -0400
tiff (3.9.5-1) unstable; urgency=low
* New upstream release. All security patches are fully incorporated
into this version, as are many other bug fixes.
* Updated standards version to 3.9.2. No changes needed.
-- Jay Berkenbilt <qjb@debian.org> Sat, 16 Apr 2011 13:15:51 -0400
tiff (3.9.4-9) unstable; urgency=high
* CVE-2011-1167: correct potential buffer overflow with thunder encoded
files with wrong bitspersample set. (Closes: #619614)
-- Jay Berkenbilt <qjb@debian.org> Sat, 02 Apr 2011 10:59:38 -0400
tiff (3.9.4-8) unstable; urgency=low
* Enable PIE (position independent executable) build for security
hardening. Patch from Ubuntu. (Closes: #613759)
-- Jay Berkenbilt <qjb@debian.org> Sat, 19 Mar 2011 10:22:32 -0400
tiff (3.9.4-7) unstable; urgency=high
* Incorporate revised fix to CVE-2011-0192.
-- Jay Berkenbilt <qjb@debian.org> Sun, 13 Mar 2011 14:33:38 -0400
tiff (3.9.4-6) unstable; urgency=high
* Incorporated fix to CVE-2011-0192, "Buffer overflow in Fax4Decode".
-- Jay Berkenbilt <qjb@debian.org> Sat, 26 Feb 2011 18:44:23 -0500
tiff (3.9.4-5) unstable; urgency=high
* Incorporated fix to CVE-2010-3087, a potential denial of service
exploitable with a specially crafted TIFF file. (Closes: #600188)
-- Jay Berkenbilt <qjb@debian.org> Sun, 17 Oct 2010 16:44:08 -0400
tiff (3.9.4-4) unstable; urgency=high
* Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
putcontig8bitYCbCr11tile". (Closes: #595064)
-- Jay Berkenbilt <qjb@debian.org> Sat, 02 Oct 2010 13:17:12 -0400
tiff (3.9.4-3) unstable; urgency=low
* Updated control file to remove obsolete Conflicts/Replaces for ancient
packages.
* Empty dependency_libs in all .la files as part of the .la file. This
also resolves the problem of having hard-coded paths in the .la file.
(Closes: #509016)
* Updated standards version to 3.9.1.
-- Jay Berkenbilt <qjb@debian.org> Sat, 14 Aug 2010 16:28:49 -0400
tiff (3.9.4-2) unstable; urgency=high
* Incorporated patch to fix CVE-2010-2233, which fixes a specific
failure of tif_getimage on 64-bit platforms.
-- Jay Berkenbilt <qjb@debian.org> Fri, 13 Aug 2010 20:16:29 -0400
tiff (3.9.4-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Fri, 18 Jun 2010 21:28:11 -0400
tiff (3.9.2-3) unstable; urgency=low
* Depend on libjpeg-dev instead of libjpeg62-dev. (Closes: #569242)
* Change source format to '3.0 (quilt)'
* Update standards version to 3.8.4. No changes required.
-- Jay Berkenbilt <qjb@debian.org> Wed, 10 Feb 2010 19:20:20 -0500
tiff (3.9.2-2) unstable; urgency=low
* Include patch from upstream to fix problems with TIFFReadScanline()
and ycbcr-encoded JPEG images. (Closes: #510792)
* Fix some manual page spelling errors found by lintian.
-- Jay Berkenbilt <qjb@debian.org> Sun, 10 Jan 2010 10:56:32 -0500
tiff (3.9.2-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Fri, 06 Nov 2009 22:52:06 -0500
tiff (3.9.1-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Fri, 28 Aug 2009 15:44:23 -0400
tiff (3.9.0-2) unstable; urgency=low
* Fix critical bug that could cause corrupt files to be written in some
cases. (Closes: #543079)
-- Jay Berkenbilt <qjb@debian.org> Fri, 28 Aug 2009 13:38:03 -0400
tiff (3.9.0-1) unstable; urgency=low
* New upstream release. All previous security patches have been
integrated.
-- Jay Berkenbilt <qjb@debian.org> Fri, 21 Aug 2009 11:40:49 -0400
tiff (3.9.0beta+deb1-1) experimental; urgency=low
* New upstream release (binary compatible with 3.8.2) -- release based
on 3.9 branch from upstream CVS; see README.Debian for details.
(Closes: #537118)
* Updated standards to 3.8.3; no changes required.
* Stopped using tarball in tarball packaging. (Closes: #538565)
-- Jay Berkenbilt <qjb@debian.org> Wed, 19 Aug 2009 20:33:10 -0400
tiff (3.8.2-13) unstable; urgency=high
* Apply patches to fix CVE-2009-2347, which covers two integer overflow
conditions.
* LZW patch from last update addressed CVE-2009-2285. Renamed the patch
to make this clearer.
-- Jay Berkenbilt <qjb@debian.org> Sun, 12 Jul 2009 18:03:33 -0400
tiff (3.8.2-12) unstable; urgency=low
* Apply patch to fix crash in lzw decoder that can be caused by certain
invalid image files. (Closes: #534137)
* No longer ignore errors in preinst
* Fixed new lintian warnings; updated standards version to 3.8.2.
-- Jay Berkenbilt <qjb@debian.org> Sun, 28 Jun 2009 13:17:44 -0400
tiff (3.8.2-11) unstable; urgency=high
* Apply security patches (CVE-2008-2327)
* Convert patch system to quilt
* Create README.source
* Set standards version to 3.8.0
-- Jay Berkenbilt <qjb@debian.org> Sun, 17 Aug 2008 13:16:37 -0400
tiff (3.8.2-10+lenny1) testing-security; urgency=high
* Apply patches from Drew Yao of Apple Product Security to fix
CVE-2008-2327, a potential buffer underflow in the LZW decoder
(tif_lzw.c).
-- Jay Berkenbilt <qjb@debian.org> Sun, 17 Aug 2008 11:56:01 -0400
tiff (3.8.2-10) unstable; urgency=low
* Fix segmentation fault on subsequent parts of a file with an invalid
directory tag. (Closes: #475489)
-- Jay Berkenbilt <qjb@debian.org> Mon, 09 Jun 2008 11:02:53 -0400
tiff (3.8.2-9) unstable; urgency=low
* Backported tiff2pdf from 4.0.0 beta 2. This fixes many tiff2pdf bugs,
though unfortunately none of the ones opened in the debian bug
database!
* Added upstream homepage to debian control file.
-- Jay Berkenbilt <qjb@debian.org> Sat, 07 Jun 2008 22:52:27 -0400
tiff (3.8.2-8) unstable; urgency=low
* Accepted tmpfile patch tiff2pdf to fix bug that has been fixed
upstream since upstream release appears stalled. Thanks Jesse Long.
(Closes: #419773)
* Update standards version to 3.7.3; no changes required.
* ${Source-Version} -> ${binary:Version} in control
* Split documentation into separate libtiff-doc package. (Closes:
#472189)
-- Jay Berkenbilt <qjb@debian.org> Sat, 22 Mar 2008 12:30:38 -0400
tiff (3.8.2-7+etch1) stable-security; urgency=high
* Apply patches from Drew Yao of Apple Product Security to fix
CVE-2008-2327, a potential buffer underflow in the LZW decoder
(tif_lzw.c).
-- Jay Berkenbilt <qjb@debian.org> Sun, 17 Aug 2008 11:56:01 -0400
tiff (3.8.2-7) unstable; urgency=high
* Replace empty directories in /usr/share/doc with links during package
upgrade. (Closes: #404631)
-- Jay Berkenbilt <qjb@debian.org> Tue, 2 Jan 2007 15:50:50 -0500
tiff (3.8.2-6) unstable; urgency=high
* Add watch file
* Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:
- CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
- CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
- CVE-2006-3461: A heap overflow exists in the PixarLog decoder
- CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
- CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts()
- CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
- A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
- CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support
-- Jay Berkenbilt <qjb@debian.org> Mon, 31 Jul 2006 18:14:59 -0400
tiff (3.8.2-5) unstable; urgency=low
* Fix logic error that caused -q flag to be ignored when doing jpeg
compression with tiff2pdf. (Closes: #373102)
-- Jay Berkenbilt <qjb@debian.org> Mon, 19 Jun 2006 18:55:38 -0400
tiff (3.8.2-4) unstable; urgency=high
* SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
Thanks to Martin Pitt. (Closes: #371064)
* Add debian/patches/tiff2pdf-octal-printf.patch:
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
signed char (it printed a signed integer, which overflew the buffer and
was wrong anyway).
- CVE-2006-2193
-- Jay Berkenbilt <qjb@debian.org> Wed, 7 Jun 2006 17:52:12 -0400
tiff (3.8.2-3) unstable; urgency=high
* SECURITY UPDATE: Arbitrary command execution with crafted long file
names. Thanks to Martin Pitt for forwarding this.
Add debian/patches/tiffsplit-fname-overflow.patch:
- tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
user-specified file name into a statically sized buffer.
CVE-2006-2656. (Closes: #369819)
* Update standards version to 3.7.2. No changes required.
* Moved doc-base information to libtiff4 instead of libtiff4-dev.
-- Jay Berkenbilt <qjb@debian.org> Thu, 1 Jun 2006 21:24:21 -0400
tiff (3.8.2-2) unstable; urgency=low
* Fix build dependencies to get OpenGL utility libraries after new Xorg
packaging. (Closes: #365722)
* Updated standards version to 3.7.0; no changes required to package.
-- Jay Berkenbilt <qjb@debian.org> Tue, 2 May 2006 10:10:45 -0400
tiff (3.8.2-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Tue, 28 Mar 2006 21:42:33 -0500
tiff (3.8.0-3) unstable; urgency=low
* Switched build dependency from xlibmesa-gl-dev to libgl1-mesa-dev
(incorporating Ubunutu patch)
* Incorporated patch from upstream to fix handling of RGBA tiffs in
tiff2pdf. (Closes: #352849)
-- Jay Berkenbilt <qjb@debian.org> Sun, 26 Feb 2006 13:21:17 -0500
tiff (3.8.0-2) unstable; urgency=low
* Applied fixes from upstream to address a memory access violation
[CVE-2006-0405]. (Closes: #350715, #351223)
-- Jay Berkenbilt <qjb@debian.org> Fri, 3 Feb 2006 21:48:39 -0500
tiff (3.8.0-1) unstable; urgency=low
* New upstream release. (Closes: #349921)
* NOTE: The debian version of 3.8.0 includes a patch to correct a binary
incompatibility in the original 3.8.0 release. This libtiff package
is binary compatible with 3.7.4 and will be binary compatible with the
upcoming 3.8.1 release.
-- Jay Berkenbilt <qjb@debian.org> Fri, 27 Jan 2006 21:38:58 -0500
tiff (3.7.4-1) unstable; urgency=low
* New upstream release
* Fix typos in manual page (Closes: #327921, #327922, #327923, #327924)
-- Jay Berkenbilt <qjb@debian.org> Fri, 7 Oct 2005 10:25:49 -0400
tiff (3.7.3-1) unstable; urgency=low
* New upstream release
* g++ 4.0 transition: libtiffxx0 is now libtiffxx0c2.
-- Jay Berkenbilt <qjb@debian.org> Sat, 9 Jul 2005 12:00:44 -0400
tiff (3.7.2-3) unstable; urgency=high
* Fix for exploitable segmentation fault on files with bad BitsPerSample
values. (Closes: #309739)
[libtiff/tif_dirread.c, CAN-2005-1544]
Thanks to Martin Pitt for the report.
-- Jay Berkenbilt <qjb@debian.org> Thu, 19 May 2005 05:41:28 -0400
tiff (3.7.2-2) unstable; urgency=high
* Fix zero pagesize bug with tiff2ps -a2 and tiff2ps -a3. Thanks to
Patrice Fournier for the patch. (Closes: #303583)
* Note: uploading with urgency=high since this very small fix impacts
tools only (not the library), and we don't want to block tiff's many
reverse dependencies from transitioning to sarge.
-- Jay Berkenbilt <qjb@debian.org> Sun, 10 Apr 2005 10:12:37 -0400
tiff (3.7.2-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Sat, 19 Mar 2005 14:51:06 -0500
tiff (3.7.1-4) unstable; urgency=low
* Fix from upstream: include a better workaround for tiff files with
invalid strip byte counts. (Closes: #183268)
-- Jay Berkenbilt <qjb@debian.org> Tue, 22 Feb 2005 19:20:14 -0500
tiff (3.7.1-3) unstable; urgency=low
* Disable C++ new experimental interfaces for now; will reappear in a
future version in the separate libtiffxx0 package.
-- Jay Berkenbilt <ejb@ql.org> Sat, 29 Jan 2005 13:32:37 -0500
tiff (3.7.1+pre3.7.2-1) experimental; urgency=low
* New upstream release
* Separate experimental C++ interface into separate libtiffxx library.
-- Jay Berkenbilt <ejb@ql.org> Sat, 29 Jan 2005 13:03:19 -0500
tiff (3.7.1-2) unstable; urgency=low
* Make -dev package depend upon other -dev packages referenced in the
.la file created by libtool. (Closes: #291136)
* tiff2ps: Allow one of -w and -h without the other. (Closes: #244247)
-- Jay Berkenbilt <ejb@ql.org> Wed, 19 Jan 2005 10:45:00 -0500
tiff (3.7.1-1) unstable; urgency=low
* New upstream release
* Correct error in doc-base file (Closes: #285652)
-- Jay Berkenbilt <ejb@ql.org> Wed, 5 Jan 2005 16:54:12 -0500
tiff (3.7.0-2) experimental; urgency=low
* Replace hard-coded libc6-dev dependency with something friendlier to
porters (libc6-dev | libc-dev). (Closes: #179727)
* Fixed upstream: proper netbsdelf*-gnu support in configure. Actually
fixed in 3.7.0-1 but left out of changelog. (Closes: #179728)
* Include opengl support; adds new libtiff-opengl package. (Closes: #219456)
* Fixed upstream: fax2ps now allows access to first page. (Closes: #244251)
-- Jay Berkenbilt <ejb@ql.org> Sat, 11 Dec 2004 09:51:52 -0500
tiff (3.7.0-1) experimental; urgency=low
* New upstream release (Closes: #276996)
* New maintainer (Thanks Joy!)
* Repackage using cdbs and simple-patchsys to fix some errors and
simplify patch management
* Fixed upstream: tiff2pdf ignores -z and -j (Closes: #280682)
* Fixed upstream: Memory leak in TIFFClientOpen (Closes: #256657)
-- Jay Berkenbilt <ejb@ql.org> Fri, 26 Nov 2004 13:50:13 -0500
tiff (3.6.1-5) unstable; urgency=high
* New maintainer (thanks Joy!)
* Applied patch by Dmitry V. Levin to fix a segmentation fault
[tools/tiffdump.c, CAN-2004-1183]
Thanks to Martin Schulze for forwarding the patch.
* Fixed section of -dev package (devel -> libdevel)
-- Jay Berkenbilt <ejb@ql.org> Wed, 5 Jan 2005 16:27:26 -0500
tiff (3.6.1-4) unstable; urgency=high
* Fix heap overflow security bug [CAN-2004-1308]. (Closes: #286815)
-- Jay Berkenbilt <ejb@ql.org> Wed, 22 Dec 2004 10:20:52 -0500
tiff (3.6.1-3) unstable; urgency=medium
* Patches from upstream to fix zero-size tile and integer overflow
problems created by previous security patches, closes: #276783.
* Added Jay Berkenbilt as co-maintainer. Jay thanks Joy for letting him
help and eventually take over maintenance of these packages!
-- Josip Rodin <joy-packages@debian.org> Mon, 01 Nov 2004 12:28:27 +0100
tiff (3.6.1-2) unstable; urgency=low
* Included security fixes for:
+ CAN-2004-0803
- libtiff/tif_luv.c
- libtiff/tif_next.c
- libtiff/tif_thunder.c
+ CAN-2004-0804 (but this one is already applied upstream, it seems)
- libtiff/tif_dirread.c
+ CAN-2004-0886
- libtiff/tif_aux.c
- libtiff/tif_compress.c
- libtiff/tif_dir.c
- libtiff/tif_dirinfo.c
- libtiff/tif_dirread.c
- libtiff/tif_dirwrite.c
- libtiff/tif_extension.c
- libtiff/tif_fax3.c
- libtiff/tiffiop.h
- libtiff/tif_getimage.c
- libtiff/tif_luv.c
- libtiff/tif_pixarlog.c
- libtiff/tif_strip.c
- libtiff/tif_tile.c
- libtiff/tif_write.c
Thanks to Martin Schulze for forwarding the patches.
-- Josip Rodin <joy-packages@debian.org> Thu, 14 Oct 2004 16:13:11 +0200
tiff (3.6.1-1.1) unstable; urgency=medium
* Non-maintainer upload; thanks to Jay Berkenbilt <ejb@ql.org> for
preparing the patches
* Rename shared library and development packages to resolve accidental
upstream ABI change. Closes: #236247
* Include patch from upstream to fix multistrip g3 fax bug.
Closes: #243405
* Include LZW support. Closes: #260242, #248490
* Fix URL in copyright file. Closes: #261357
* Install missing documentation files. Closes: #261356
-- Steve Langasek <vorlon@debian.org> Sun, 25 Jul 2004 10:28:06 -0400
tiff (3.6.1-1) unstable; urgency=low
* New upstream version, closes: #231977.
* Slightly fixed up the static lib build rules so that the build process
does the normal stuff for the dynamic lib and then does the static with
the same tiffvers.h.
-- Josip Rodin <joy-packages@debian.org> Mon, 23 Feb 2004 18:23:34 +0100
tiff (3.5.7-2) unstable; urgency=high
* Added back the patch that used -src static/libtiff.a in the install
rule. Wonder how that disappeared... closes: #170914.
* Fake it's a GNU system in order for the configure script to use our
toolchain stuff on the NetBSD port, thanks to Joel Baker, closes: #130636.
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 10 Dec 2002 17:18:28 +0100
tiff (3.5.7-1) unstable; urgency=low
* New upstream version, closes: #144940.
* A whole new set of patches for the breakage in the build system :)
-- Josip Rodin <jrodin@jagor.srce.hr> Sun, 6 Oct 2002 22:54:08 +0200
tiff (3.5.5-6) unstable; urgency=low
* It appears that the general 64-bit detection code, isn't.
We have to include all of those three conditions, feh.
This really closes: #106706.
-- Josip Rodin <jrodin@jagor.srce.hr> Wed, 8 Aug 2001 23:09:55 +0200
tiff (3.5.5-5) unstable; urgency=low
* Changed two Alpha/Mips-isms into general 64-bit detection code,
patch from John Daily <jdaily@progeny.com>, closes: #106706.
* Patched man/Makefile.in to generate a manual page file for
TIFFClientOpen(3t), as a .so link to TIFFOpen(3t), closes: #99577.
* Used /usr/share/doc in the doc-base file, closes: #74122.
* Changed libtiff3g-dev's section back to devel, since graphics was,
according to elmo, "hysterical raisins". :))
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 27 Jul 2001 01:43:04 +0200
tiff (3.5.5-4) unstable; urgency=low
* Updated config.* files, closes: #94696.
* Fixed libtiff3g-dev's section, closes: #85533.
-- Josip Rodin <jrodin@jagor.srce.hr> Wed, 20 Jun 2001 18:29:24 +0200
tiff (3.5.5-3) unstable; urgency=low
* Build shared library on Hurd, too, closes: #72482.
* Upped Standards-Version to 3.5.0.
-- Josip Rodin <jrodin@jagor.srce.hr> Sat, 30 Sep 2000 17:42:13 +0200
tiff (3.5.5-2) unstable; urgency=low
* Make `dynamic shared object' on Linux unconditionally, fixes the problem
with libc.so.6.1 on alpha, thanks Chris C. Chimelis.
-- Josip Rodin <jrodin@jagor.srce.hr> Wed, 13 Sep 2000 21:44:00 +0200
tiff (3.5.5-1) unstable; urgency=low
* New upstream version.
* The upstream build system sucks. There, I said it. Back to work now. :)
* Added a build dependencies on make (>= 3.77) (closes: #67747) and
debhelper.
* Standards-Version: 3.2.1:
+ added DEB_BUILD_OPTIONS checks in debian/rules
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 29 Aug 2000 14:06:02 +0200
tiff (3.5.4-5) frozen unstable; urgency=low
* Fixed 16-bit/32-bit values bug in fax2ps from libtiff-tools, that
also breaks printing from hylafax, using provided oneliner patch
from Bernd Herd (accepted upstream), closes: #49232 and probably #62235.
-- Josip Rodin <jrodin@jagor.srce.hr> Mon, 27 Mar 2000 17:12:10 +0200
tiff (3.5.4-4) frozen unstable; urgency=low
* Weird dpkg-shlibdeps from dpkg 1.6.8-pre has done it again, this time
with libz.so, making the packages depend on zlib1 (instead of zlib1g).
Closes: #56134, #56137, #56140, #56155.
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 25 Jan 2000 18:05:28 +0100
tiff (3.5.4-3) frozen unstable; urgency=low
* Included libtiff.so file in libtiff3g-dev, dammit :( My eye hurts,
a lot, but this was easy to fix, thank goodness :) (closes: #55814).
This bugfix deserves to get into frozen because the bug cripples
libtiff3g-dev, a lot.
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 21 Jan 2000 19:02:22 +0100
tiff (3.5.4-2) unstable; urgency=low
* Fixed upstream build system to use ${DESTDIR}, and with that working,
created install: rule in debian/rules and used it.
* Fixed the way rules file gets the version from upstream sources,
and fixed dist/tiff.alpha, it didn't work.
* Removed README file from libtiff3g binary package, useless.
* Fixed configure script not to emit the wrong warning about
zlib/jpeg dirs not specified (they're in /usr/include, stupid :).
-- Josip Rodin <jrodin@jagor.srce.hr> Thu, 30 Dec 1999 01:17:32 +0100
tiff (3.5.4-1) unstable; urgency=low
* New upstream version, closes: #50338.
* Disabled libc5 build, it wouldn't compile. :(
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 3 Dec 1999 20:49:25 +0100
tiff (3.5.2-4) unstable; urgency=low
* Castrated the rules file, to make it actually work on !(i386 m68k).
Closes: #49316.
-- Josip Rodin <jrodin@jagor.srce.hr> Sat, 6 Nov 1999 13:22:54 +0100
tiff (3.5.2-3) unstable; urgency=low
* Removed sparc from the libtiff3 arches list, as BenC advised.
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 29 Oct 1999 23:29:23 +0200
tiff (3.5.2-2) unstable; urgency=low
* Changed Architecture: line for libtiff3 from "any" to "i386 m68k sparc"
as it is actually only built on those. Changed description a little bit.
* Minor fixes to the rules file.
-- Josip Rodin <jrodin@jagor.srce.hr> Thu, 28 Oct 1999 14:00:02 +0200
tiff (3.5.2-1) unstable; urgency=low
* New upstream version.
* Renamed source package to just "tiff", like upstream tarball name.
* New maintainer (thanks Guy!). Renewed packaging, with debhelper,
using Joey's nifty multi2 example, with several adjustments.
* Ditched libtiff3-altdev, nobody's using that and nobody should be
using that. Packaging for it still exists, it's just commented out.
* Uses doc-base for -dev docs now. Uncompressed HTML docs, 100kb space
saved is pointless when you can't use any links between documents.
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 26 Oct 1999 16:20:46 +0200
libtiff3 (3.4beta037-8) unstable; urgency=low
* Argh, same bug in the prerm, closes: #36990, #36850, #36855,
#36866, #36988.
-- Guy Maor <maor@debian.org> Sat, 1 May 1999 10:12:23 -0700
libtiff3 (3.4beta037-7) unstable; urgency=low
* Don't error when dhelp is not installed, closes: #36879, #36922.
-- Guy Maor <maor@debian.org> Thu, 29 Apr 1999 19:17:55 -0700
libtiff3 (3.4beta037-6) unstable; urgency=low
* Only build libc5 packages on appropriate archs, closes: #27083, #32007.
* Apply NMU patch, closes: #26413, #26887.
* Add dhelp support, closes: #35154.
* Recompile removes invalid dependency, closes: #30961.
-- Guy Maor <maor@debian.org> Sat, 24 Apr 1999 15:17:51 -0700
libtiff3 (3.4beta037-5.1) frozen unstable; urgency=low
* NMU to not use install -s to strip static .a libraries. Fixes: #26413
* Build with recent libjpeg. Fixes: #26887
* Add Section: and Priority: headers to debian/control.
-- Ben Gertzfield <che@debian.org> Mon, 26 Oct 1998 22:44:33 -0800
libtiff3 (3.4beta037-5) unstable; urgency=low
* Explicit link with -lm (and don't need -lc now), fixes: #19167, #22180.
-- Guy Maor <maor@ece.utexas.edu> Tue, 11 Aug 1998 22:27:56 -0700
libtiff3 (3.4beta037-4) unstable; urgency=low
* libtiff3-tools conflicts & replaces with libtiff3-gif (13521,15107).
-- Guy Maor <maor@ece.utexas.edu> Sun, 11 Jan 1998 13:09:28 -0800
libtiff3 (3.4beta037-3) unstable; urgency=low
* New libjpegg contains shlibs file, so don't need shlibs.local.
* Compile with -D_REENTRANT.
* Add shlibs for libtiff3g (13423).
-- Guy Maor <maor@ece.utexas.edu> Sat, 27 Sep 1997 13:17:45 -0500
libtiff3 (3.4beta037-2) unstable; urgency=low
* Add libjpegg6a to shlibs.local to correct for broken dependency.
-- Guy Maor <maor@ece.utexas.edu> Fri, 26 Sep 1997 11:23:55 -0500
libtiff3 (3.4beta037-1) unstable; urgency=low
* New upstream version, libc6 compile, policy 2.3.0.0 (5136, 7470, 7627, 8166
8312, 9479, 9492, 9531, 11700, 11702).
* Fix check for shared lib support (10805).
-- Guy Maor <maor@ece.utexas.edu> Tue, 23 Sep 1997 16:55:56 -0500