jbig2dec (0.16-1+deb10u1) buster; urgency=high * Team upload (printing and LTS) * CVE-2020-12268 avoid overflow with extreme values of x,y,w,h in function jbig2_image_compose() -- Thorsten Alteholz Sun, 24 Oct 2021 19:03:02 +0200 jbig2dec (0.16-1) unstable; urgency=high [ upstream ] * New bugfix release. (no code changes since 0.15+20190209-1) [ Jonas Smedegaard ] * Set urgency=high, due to ghostscript 9.27 CVE fixes. -- Jonas Smedegaard Sun, 07 Apr 2019 17:52:08 +0200 jbig2dec (0.15+20190209-1) unstable; urgency=medium [ upstream ] * Development snapshot. + Update source/header file copyright notice to 2019 + Indicate error upon error, do not just warn. + Use common pattern for error detection. + Clarify the element size of GR_stats when memsetting. + Make sure to indicate error upon unexpected OOB. + Without enough prefix codes, a Huffman table cannot be generated. + Return allocator once it is retired. [ Jonas Smedegaard ] * Drop patches cherry-picked upstream since applied. * Update copyright info: Extend coverage for main upstream author. * Update symbols file: Bump version for symbol jbig2_ctx_free. -- Jonas Smedegaard Thu, 04 Apr 2019 12:41:06 +0200 jbig2dec (0.15-2) unstable; urgency=medium * Add patches cherry-picked upstream: + Fix signed/unsigned mismatches. + Only print repeated error/warning messages once. + Bring jbig2dec's copy of memento up to date. * Simplify rules: Stop resolve build-dependencies in rules file. * Stop build-depend on dh-buildinfo. * Wrap and sort control file. * Update copyright info: Extend coverage for main upstream author. -- Jonas Smedegaard Wed, 21 Nov 2018 01:50:52 +0100 jbig2dec (0.15-1) unstable; urgency=medium [ upstream ] * New bugfix release. (no code changes since 0.14+20180826-1) -- Jonas Smedegaard Fri, 14 Sep 2018 14:10:04 +0200 jbig2dec (0.14+20180826-1) unstable; urgency=medium [ upstream ] * Development snapshot. [ Jonas Smedegaard ] * Unfuzz patches. * Declare compliance with Debian Policy 4.2.1. * Set Rules-Requires-Root: no. * Relax symbols check when targeting experimental * Update symbols: + Flag as optional symbols not declared in public header file. + Drop 10 private symbols. + Drop 1 symbol (unused in Debian). + Add 1 symbol. Update copyright info: + Extend coverage for main author to include current year. -- Jonas Smedegaard Fri, 31 Aug 2018 00:12:20 +0200 jbig2dec (0.14-1) unstable; urgency=medium [ upstream ] * New bugfix release. [ Jonas Smedegaard ] * Update copyright info: + Extend copyright of packaging to cover past year. + Strip nedless copyright signs. * Drop patches cherry-picked upstream since applied. * Declare compliance with Debian Policy 4.1.4. -- Jonas Smedegaard Thu, 24 May 2018 14:41:41 +0200 jbig2dec (0.13-6) unstable; urgency=medium * Team upload * Update Vcs-* fields for the move to salsa.d.o -- Didier Raboud Sat, 10 Feb 2018 16:29:26 +0100 jbig2dec (0.13-5) unstable; urgency=medium * Add DEP-3 header to patch 1001. * Advertise DEP-3 format in patch headers. * Add patches cherry-picked upstream: + Fix decoder error on JBIG2 compressed image. + Tidy up unused code. + Add sanity check on image sizes. + refine test for "Denial of Service" images + Prevent SEGV due to integer overflow. + Prevent integer overflow vulnerability. + Bounds check before reading from image source data. + Plug leak of parameter info in command-line tool. + Fix memory leak in case of error. + Make clipping in image compositing handle underflow. + Fix double free in error case. + Do bounds checking of read data. + Do not grow page if page height is known. + Fix SEGV due to error code being ignored. Closes: Bug#863279; CVE-2017-9216. Thanks to Salvatore Bonaccorso. + Allow for symbol dictionary with 0 symbols. * Update watch file: Use substitution strings. * Stop put aside auto-generated header file during build: No longer shipped upstream. * Modernize cdbs: + Do copyright-check in maintainer script (not during build). + Relax to build-depend unversioned on cdbs. + Stop build-depend on licensecheck. * Declare compliance with Debian Policy 4.1.0. * Update copyright info: + Use https protocol in file format URL. + Fix rename License section AGPL-3 → AGPL-3+. * Tighten lintian overrides regarding License-Reference. -- Jonas Smedegaard Sat, 23 Sep 2017 13:27:40 +0200 jbig2dec (0.13-4) unstable; urgency=medium * Add patches cherry-picked upstream to squash signed/unsigned warnings and to fix warning for always-false unsigned < 0 tests. Closes: Bug#850497. Thanks to Salvatore Bonaccorso. * Modernize Vcs-Browser field: Use git subdir (not cgit). * Stop override lintian for package-needs-versioned-debhelper-build-depends: Fixed in lintian. * Update copyright info: Extend coverage of Debian packaging. -- Jonas Smedegaard Mon, 23 Jan 2017 21:13:34 +0100 jbig2dec (0.13-3) unstable; urgency=medium * Add patch cherry-picked upstream to prevent checking too early for buffer overrun. * Modernize CDBS: Build-depend on licensecheck (not devscripts). -- Jonas Smedegaard Tue, 23 Aug 2016 10:13:47 +0200 jbig2dec (0.13-2) unstable; urgency=medium * Fix mark libjbig2dec0 as multi-ach: same. Closes: Bug#799916. Thanks to Jacek Szafarkiewicz and Yuriy M. Kaminskiy. * Add patch 2001 to avoid compile unrelated and unusable Memento memory debugging code. Closes: Bug#824483. Thanks to Yuriy M. Kaminskiy. * Drop symbols for dropped Memento code. Thanks to Yuriy M. Kaminskiy. -- Jonas Smedegaard Mon, 16 May 2016 18:35:14 +0200 jbig2dec (0.13-1) unstable; urgency=medium [ upstream ] * New bugfix release. [ Jonas Smedegaard ] * Update watch file: + Bump file format to version 4. + Mangle scanned page to get tarball URLs from tags, and adapt URL pattern. + Mangle download filename. + Mention gbp in usage comment. * Use https protocol in Vcs-Git URL. * Declare compliance with Debian Policy 3.9.8. * Update copyright info: + Extend coverage for main author to include recent years. + Extend copyright of packaging to cover current year. * Update git-buildpackage config: Filter any .gitignore file. * Drop patch 2001: Applied upstream. * Drop 3 symbols (unused, according to http://codesearch.debian.net/). * Fix remove old lintian overrides file. -- Jonas Smedegaard Tue, 10 May 2016 16:51:55 +0200 jbig2dec (0.12+20150918-1) unstable; urgency=medium [ upstream ] * Snapshot. + Tidy build configuration. + Update for modern libpng. + Commit of build_consolidation branch. + Fixes for Windows build with VS 2015. + Check that cloned image exists before proceeding further. + Release huffman table memory properly. [ Jonas Smedegaard ] * Fix lintian overrides. * Unfuzz all patches. -- Jonas Smedegaard Sat, 26 Sep 2015 17:33:05 +0200 jbig2dec (0.12-2) unstable; urgency=medium * Move package maintenance to printing team. * Suppress lintian warning about build-depending unversioned on debhelper. * Update copyright info: Fix strip stray License field. -- Jonas Smedegaard Fri, 31 Jul 2015 19:19:18 +0200 jbig2dec (0.12-1) unstable; urgency=medium * Update README.source to emphasize that control.in file is *not* a show-stopper for contributions, referring to wiki page for details. * Update upstream URLs to reflect move to git.ghostscript.com and lack of tarball releases. * Declare compliance with Debian Policy 3.9.6. * Update Vcs-* fields. * Bump debhelper compatibility level to 9. * Update copyright info: + Extend coverage for myself. + Bump packaging license to GPL-3+. + Fix use SPDX shortname for X11 license. Thanks to Paul Richards Tagliamonte. + Use file format 1.0. + Use license short-name public-domain. + Bump main license to AGPL-3+. Add NEWS file about that change. + Drop unused Files and License sections for autotools files. + Use License-Grant and License-Reference fields. Thanks to Ben Finney. * Use newest autotools. Build-depend automake (not automake1.11) and on recent cdbs. * Drop patches 1002 1003 applied upstream. * Improve patch 1004: Remove extracted file from script to detect upstream code changes. * Add debian/patches/README documenting patch naming micro-policy. * Add patch 2001 to avoid including problematic and seemingly uneeded pngstruct.h. * Let CDBS move aside upstream cruft during build. * Cleanup more autotools files. * Add symbols file. Closes: bug#694899. Thanks to Logan Rosen. * Fix tie d-shlibs target also to development package (not only library package). * Add lintian overrides regarding license in License-Reference field. See bug#786450. * Update package relations: + Build-depend unversioned on d-shlibs: Needed version satisfied even in oldstable. * Install into multiarch paths. -- Jonas Smedegaard Fri, 31 Jul 2015 11:45:03 +0200 jbig2dec (0.11+20120125-1) unstable; urgency=low * New snapshot of upstream git. * Autogenerate autotools. * Add patches cherry-picked from Ghostscript: 1002: Prevent composition if src outside clip region. 1003: Implement generic refinement region when TPGRON is TRUE. * Add patch 1004 to add config_types.h.in (not create in autogen.sh). * Fix strip editing noise from copyright file. * Fix watch file to cover current release: Ignore compression suffix. * Bump debhelper compat level to 7. * Bump standards-version to 3.9.2. * Simplify *.install file, thanks to debhelper compat level 7. * Ease building with git-buildpackage: Git-ignore .pc dir. * Update copyright file: + Reformat using rev. 174 of draft DEP-5 syntax. + Fix declare exceptions as such. + Fix include Expat~X license verbatim (adding "Some files differ..." to License field violates need for "verbatim copy"). + Separate comments from License field in GNU License sections, shorten comments and quote license in them. + Rename licenses to better match recent DEP5 draft (e.g. avoid "other" prefix). + Rewrap License sections at 72 chars. + Fix reference GNU licenses versioned. + Document in Comment field of AFPL License section the lack of actual licensing text: license unused by Debian. + Extend copyright years. * Update package relations: + Relax build-depend unversioned on debhelper and devscripts (needed versions satisfied even in oldstable). + Build-depend on libtool, automake1.11 and autoconf. + Tighten build-dependency on d-shlibs. * Stop installing -la file. Closes bug#621683. Thanks to Neil Williams. -- Jonas Smedegaard Fri, 10 Feb 2012 17:44:51 +0100 jbig2dec (0.11-1) unstable; urgency=low * Initial release. Closes: bug#539965. -- Jonas Smedegaard Wed, 21 Apr 2010 21:06:47 +0200