mupdf (1.17.0+ds1-1.3~deb11u1) bullseye-security; urgency=high * Non-maintainer upload by the Security Team. * Rebuild for bullseye-security -- Salvatore Bonaccorso Fri, 05 Mar 2021 21:26:00 +0100 mupdf (1.17.0+ds1-1.3) unstable; urgency=medium * Non-maintainer upload. * Fix double free of object during linearization (CVE-2021-3407) (Closes: #983684) -- Salvatore Bonaccorso Sun, 28 Feb 2021 13:40:40 +0100 mupdf (1.17.0+ds1-1.2) unstable; urgency=medium * Non-maintainer upload. * Fix installation location of pkgconfig file. The libmupdf-dev.install file was not marked executable and thus could not correclty use dh-exec to substitute ${DEB_HOST_MULTIARCH} for the target path. (Closes: #976022) -- Salvatore Bonaccorso Sat, 28 Nov 2020 14:59:08 +0100 mupdf (1.17.0+ds1-1.1) unstable; urgency=medium * Non-maintainer upload. * Detect/avoid overflow when calculating sizes of pixmaps (CVE-2020-26519) (Closes: #971595) -- Salvatore Bonaccorso Tue, 03 Nov 2020 21:09:06 +0100 mupdf (1.17.0+ds1-1) unstable; urgency=medium [ Bastian Germann ] * Use system mujs (Closes: #949636) * Patch: Prevent thirdparty archive build * Exclude all thirdparty files * Remove thirdparty files * Build-Depend on python3 (Closes: #937093) * d/copyright: Prepare for 1.17 * Refresh patches for 1.17.0 [ Kan-Ru Chen ] * New upstream version 1.17.0+ds1 * Bump standards-version to 4.5.0 * Refresh patches -- Kan-Ru Chen (陳侃如) Thu, 06 Aug 2020 21:48:09 +0900 mupdf (1.16.1+ds1-2) unstable; urgency=medium [ Kan-Ru Chen ] * Backport fix for upstream bug 701402 allow smart scroll to advance to last page (Closes: #953561) -- Kan-Ru Chen (陳侃如) Sun, 15 Mar 2020 17:27:43 +0900 mupdf (1.16.1+ds1-1) unstable; urgency=medium [ Kan-Ru Chen ] * New upstream version 1.16.1+ds1 Thanks to Bastian Germann (Closes: #944625) * Bump debhelper compat to 12 * Refresh patches * Build mupdf without executable stack. Thanks to Christopher Wellons (Closes: #944817) [ Bastian Germann ] * Don't remove non-existing thirdparty/glfw * Rebase patch queue * Build-depend on liblcms2-dev * Add manpages from build, not src * Fix lintian: pkg-config-unavailable-for-cross-compilation * Fix lintian: debian-watch-uses-insecure-uri * Fix lintian: wildcard-matches-nothing-in-dep5-copyright * Fix lintian: manpage-without-executable * Fix lintian: wildcard-matches-nothing-in-dep5-copyright * d/copyright: Match more font files * d/copyright: Add missing files * Build-Conflict with libssl (no license exception) (Closes: #951705) -- Kan-Ru Chen (陳侃如) Sun, 23 Feb 2020 21:54:53 +0900 mupdf (1.15.0+ds1-1) unstable; urgency=medium * New upstream version 1.15.0+ds1 * debian/watch: Use stricter rule that only matches stable releases * debian/rules: NO_ICC was renamed to FZ_ENABLE_ICC=0 * Fix pkg-config linked library (Closes: #930212) * mupdf.sh: exec the actual mupdf from the shell script. Thanks to Mike for the patch (Closes: #921607) * Fix a heap-based buffer overflow in fz_append_display_node (CVE-2019-13290) (Closes: #931475) * Fix a infinite loop in the function svg_dev_end_tile (CVE-2018-19777) (Closes: #915137) * Add build dependency libssl-dev -- Kan-Ru Chen (陳侃如) Sun, 07 Jul 2019 22:30:07 +0900 mupdf (1.14.0+ds1-4) unstable; urgency=medium [ Salvatore Bonaccorso ] * Avoid being smart about keeping only a single reference to the buffer (CVE-2018-16647) (Closes: #924351) * Fix text used as clip mask in pdfwrite device (CVE-2018-16648) (Closes: #924351) * Fix typo in pdf write device [ Kan-Ru Chen ] * Add more options to mupdf wrapper and display usage correctly -- Kan-Ru Chen (陳侃如) Sat, 16 Mar 2019 09:42:00 +0900 mupdf (1.14.0+ds1-3) unstable; urgency=high * d/patches: import upstream fixes for various bugs. Fixes CVE-2018-18662, CVE-2019-6131, CVE-2019-6130 (Closes: #912013, #918970, #918971) * d/control: Bump Standards-Version to 4.3.0, no changes required * Fix FTCBFS + Supply a cross LD for wrapping fonts. + Supply PKG_CONFIG to all make targets. Thanks to Helmut Grohne for the patch (Closes: #913515) * Regenerate cmaps from source. Thanks to Helmut Grohne for the suggestion * d/patches/0007-typographical-and-formatting-fixes-to-the-manual.patch: typographical and formatting fixes to the manual. Thanks to Bjarni Ingi Gislason for the patch -- Kan-Ru Chen (陳侃如) Sat, 19 Jan 2019 12:01:19 +0900 mupdf (1.14.0+ds1-2) unstable; urgency=medium * Fix FTBFS on mips64el Disabled objcopy to avoid linking error. * Bump Standards-Version to 4.2.1 Supports noopt and terse in DEB_BUILD_OPTIONS. -- Kan-Ru Chen (陳侃如) Sun, 04 Nov 2018 09:13:26 +0900 mupdf (1.14.0+ds1-1) unstable; urgency=medium * New upstream version 1.14.0+ds1 - Fixes CVE-2018-1000036 (Closes: #900129, upstream bug 699695) * d/patches: fresh patches * d/rules: adjust to work with updated upstream Makefile * d/rules: Set CC_FOR_BUILD (Closes: #903319) -- Kan-Ru Chen (陳侃如) Sun, 28 Oct 2018 14:48:12 +0900 mupdf (1.13.0+ds1-3) unstable; urgency=medium * debian/patches: import upstream patch for CVE-2018-10289 (Closes: 896545) * More FTCBFS patches. Thanks to Helmut Grohne for the patches. (Closes: 903319) -- Kan-Ru Chen (陳侃如) Mon, 03 Sep 2018 09:10:50 +0900 mupdf (1.13.0+ds1-2) unstable; urgency=medium * Use dh_auto_build/dh_auto_install --parallel. Thanks to Helmut Grohne for the patch (Closes: #902968) -- Kan-Ru Chen (陳侃如) Sun, 08 Jul 2018 15:17:02 +0900 mupdf (1.13.0+ds1-1) unstable; urgency=medium * New upstream version 1.13.0+ds1 - Fixes CVE-2018-5686 (Closes: #887130) - Fixes CVE-2018-6187 (Closes: #888464) - Fixes CVE-2018-6192 (Closes: #888487) * debian/control: Migrate vcs to salsa.debian.org * debian/patches: Refresh patches * debian/rules: Build with Debian CFLAGS and enable PIC libmupdf.a (Closes: #841403) * debian/rules: use Debian flavor build options (Closes: #877067) * debian/mupdf.sh: Do not read from a file descriptor (Closes: #893115, #893862) * debian/mupdf.desktop: Fixes and add ePub and XPS to supported mimetype. Thanks to Pino Toscano, Hartmut Buhrmester (Closes: #877082) -- Kan-Ru Chen (陳侃如) Mon, 30 Apr 2018 11:17:25 +0900 mupdf (1.12.0+ds1-1) unstable; urgency=high * New upstream version 1.12.0+ds1 - Fixes CVE-2017-17866 (Closes: #885120) - Closes: #877062 * Exclude thirdparty/{freeglut,lcms2} from upstream source * Refresh patches * Add freeglut3-dev build-dep * d/mupdf.docs: Include droid fonts NOTICE file * d/patches: Fix CVE-2018-6544 / CVE-2018-1000051 (Closes: #891245) -- Kan-Ru Chen (陳侃如) Wed, 14 Mar 2018 21:26:44 +0900 mupdf (1.11+ds1-2) unstable; urgency=high * Acknowledge NMU. Thanks, Salvatore. * Renumber patches * Fixes CVE-2017-15587 (Closes: 879055) * Sort files in static library to make the build reproducible. * Bump Standards-Version to 4.1.1. No changes needed. -- Kan-Ru Chen (陳侃如) Thu, 26 Oct 2017 22:28:43 +0800 mupdf (1.11+ds1-1.1) unstable; urgency=medium * Non-maintainer upload. * Don't use xps font if it could not be loaded (CVE-2017-14685) (Closes: #877379) * Check name, comment and meta size field signs (CVE-2017-14686) (Closes: #877379) * Handle non-tags in tag name comparisons (CVE-2017-14687) (Closes: #877379) -- Salvatore Bonaccorso Sun, 08 Oct 2017 10:37:23 +0200 mupdf (1.11+ds1-1) unstable; urgency=medium * New upstream version 1.11+ds1 (Closes: #702479, #868821, #868822, #868052) * Refresh patches * debian/copyright: thirdparty/jpeg renamed to thirdparty/libjpeg * Bump Standards-Version to 4.1.0. No changes needed. * debian/copyright: Update copyright information for font resources * debian/mupdf.sh: handle double-dash shell opts (Closes: #851942) -- Kan-Ru Chen (陳侃如) Sun, 24 Sep 2017 14:56:00 +0800 mupdf (1.9a+ds1-4) unstable; urgency=high * Fix patch for CVE-2017-5991: The original patch was incomplete. (Closes: #855383) -- Kan-Ru Chen (陳侃如) Sat, 18 Feb 2017 00:43:12 +0800 mupdf (1.9a+ds1-3) unstable; urgency=high * CVE-2017-5896: use-after-free in fz_subsample_pixmap() (Closes: #854734) * CVE-2017-5991: NULL pointer dereference in pdf_run_xobject() -- Kan-Ru Chen (陳侃如) Thu, 16 Feb 2017 23:43:55 +0800 mupdf (1.9a+ds1-2) unstable; urgency=medium * Acknowledge NMU. * CVE-2016-8674: heap-use-after-free in pdf_to_num (pdf-object.c) (Closes: #840957) * Set debhelper compact to 9 -- Kan-Ru Chen (陳侃如) Tue, 15 Nov 2016 00:07:55 +0800 mupdf (1.9a+ds1-1.2) unstable; urgency=medium * Non-maintainer upload. * CVE-2016-6525: heap overflow in pdf_load_mesh_params() (Closes: #833417) -- Salvatore Bonaccorso Sat, 06 Aug 2016 13:44:07 +0200 mupdf (1.9a+ds1-1.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2016-6265: Use after free vulnerability in pdf_xref.c (Closes: #832031) -- Salvatore Bonaccorso Mon, 01 Aug 2016 14:17:20 +0200 mupdf (1.9a+ds1-1) unstable; urgency=medium * New upstream release (Closes: #819101) * Add glfw and harfbuzz third party libraries to Files-Excluded * Building now requires libharfbuzz-dev * Drop patches included in upstream release * Disable mupdf to read from console. (Closes: #830143) * The mudraw command is merged to mutool * Update debian/watch to reflect new download page structure * Fix typo in debian/control * Use --uscan with gbp import-orig by default * Support more options in the wrapper (Closes: #819099) * Bump Standards-Version to 3.9.8, no changes needed -- Kan-Ru Chen (陳侃如) Thu, 07 Jul 2016 01:58:00 +0800 mupdf (1.7a-1) unstable; urgency=high * New Upstream version 1.7a * debian/rules: Fix FTBFS with new libjbig2. (Closes: #796420) -- Kan-Ru Chen (陳侃如) Fri, 18 Sep 2015 23:14:20 +0800 mupdf (1.7-1) unstable; urgency=medium * New Upstream version 1.7 + Added missing section in mutool man page. (Closes: #775427) + Set _NET_WM_NAME properly. (Closes: #780019) + Support continuously scrolling. (Closes: #611221) + "mutool clean" now has correct exit status. (Closes: #781746) * Refresh patches * Remove generated file in clean target * debian/control: Add that MuPDF also reads XPS, OpenXPS and ePub. * debian/watch: Use repacksuffix and dversionmangle * Move mupdf-x11 out of /usr/bin. Thanks to Mathieu Malaterre for the patch (Closes: #752207) * debian/patches/0008-Bigger-scaling.patch: Add more scale level. Thanks to Thomas Prokosch for the patch (Closes: #769282) -- Kan-Ru Chen (陳侃如) Thu, 07 May 2015 00:03:39 +0800 mupdf (1.6-1) unstable; urgency=medium * New upstream release. (Closes: #767391) * Refresh patches. * debian/copyright: New files source/fitz/{ftoa.c,strtod.c} -- Kan-Ru Chen (陳侃如) Sat, 01 Nov 2014 19:28:58 +0800 mupdf (1.5-1) unstable; urgency=medium * New upstream release. (Closes: #761960) * Use git-buildpackage to maintain the package repository * Unapply patches from source after build * Use MUJS to provide JS functionality (Closes: #760480, #745247) * Build against openjpeg 2.1 (Closes: #745246, #761955) * Fix build with libopenjp2. * Fix -Werror=format-security error * debian/copyright: Add Files-Excluded header * debian/copyright: Update short license name * Fix unsafe conversion from float to fz_linecap (Closes: #749902) * Enable verbose build log * Fix FTBFS with clang. Thanks to Alexander (Closes: #755741) * Document mudraw -F command line switch in man page (Closes: #750724) -- Kan-Ru Chen (陳侃如) Sat, 20 Sep 2014 23:18:10 +0800 mupdf (1.4-2) unstable; urgency=medium * Disable JavaScript support on powerpc, s390x and sparc. (Closes: #747131) -- Kan-Ru Chen (陳侃如) Mon, 19 May 2014 00:11:11 +0800 mupdf (1.4-1) unstable; urgency=medium [ Quoc-Viet Nguyen ] * New upstream release. * Fix compiling with libopenjpeg5. (Closes: #743103, #735878) [ Kan-Ru Chen (陳侃如) ] * Update debian/copyright. * Enable JavaScript support with v8. (Closes: #743414) * Won't crash when pdf file changes. (Closes: #699686) * Add mupdf.sh so it could be used with compressed pdf-files. Thanks Jörg-Volker Peetz! (Closes: #734183) -- Kan-Ru Chen (陳侃如) Sun, 20 Apr 2014 01:49:29 +0800 mupdf (1.3-2) unstable; urgency=medium * Fix CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color(). (Closes: #738857) * Add description of key P to mupdf(1). (Closes: #736125) * Add description of BROWSER env to mupdf(1). (Closes: #699684) * Bump Standards-Version to 3.9.5, no changes needed -- Kan-Ru Chen (陳侃如) Sun, 09 Mar 2014 23:41:55 +0800 mupdf (1.3-1) unstable; urgency=low * New upstream release. (Closes: #719281, #686806, #667971) * Remove fix_compiling_1.2.patch * Disable JPEG2000 support if compiled with libopenjpeg2 * Fix header mismatch with libjpeg-dev. (Closes: #717201) -- Kan-Ru Chen (陳侃如) Mon, 25 Nov 2013 01:38:45 +0800 mupdf (1.2-2) unstable; urgency=low * Upload to unstable * Fix build with openjpeg 1.3. * debian/control: Update mupdf-tools long description. -- Kan-Ru Chen (陳侃如) Thu, 20 Jun 2013 22:59:39 +0800 mupdf (1.2-1) experimental; urgency=low [ Quoc-Viet Nguyen ] * New upstream release: 1.2. (Closes: #690983) - Changed MuPDF license to AGPL. - Increased openjpeg version dependency to 1.5. - New binary `mutool' now includes most mupdf tools. (Closes: #656267). * Use debian/watch from Bart Martens. [ Kan-Ru Chen (陳侃如) ] * Add Quoc-Viet Nguyen as co-maintainer. Congratulations! * Bump Standards-Version to 3.9.4, no changes needed * debian/copyright: Updated. * Provides: pdf-viewer. (Closes: #682450) * Enable CPPFLAGS hardening flags. Thanks Simon Ruderich (Closes: #665315) * debian/rules: Remove generated files at clean target. * Fix mudraw.1 formatting. -- Kan-Ru Chen (陳侃如) Thu, 20 Jun 2013 01:43:14 +0800 mupdf (0.9-2) unstable; urgency=low * Enable harden flags. * debian/copyright: Updated. * Bump Standards-Version to 3.9.2, no changes needed * debian/patches/bug621894.patch: Fix text copying with selection. (Closes: #621894) * debian/patches/bug646350.patch: Fix FTBFS with -Werror=format-security. (Closes: #646350) -- Kan-Ru Chen Sat, 17 Dec 2011 22:25:35 +0800 mupdf (0.9-1) unstable; urgency=low * New upstream release. (Closes: #641169) * debian/patches/mupdf_update_manpages.patch: Merged upstream. * debian/libmupdf-dev.install: Install more library and headers. -- Kan-Ru Chen Sun, 11 Sep 2011 12:08:18 +0800 mupdf (0.8.15-1) unstable; urgency=low * New upstream release. * debian/patches/mupdf_fix_build.patch, debian/patches/mupdf_install_manpages_default.patch, debian/patches/mupdf_move_manpages_to_upstream.patch, debian/patches/mupdf_remove_extra_usage.patch: Merged upstream. * debian/watch: Upstream now uses google code hosting. -- Kan-Ru Chen Tue, 05 Apr 2011 20:03:33 +0800 mupdf (0.8-1) unstable; urgency=low * New upstream release. (Closes: #604746) * debian/patches/mupdf_move_manpages_to_upstream.patch, debian/patches/mupdf_update_manpages.patch: Sync with upstream. Remove debug purpose keybinding from manpage. (Closes: #597337) * Add NoDisplay=true to mupdf.desktop as the application is not intended for standalone use but a viewer. (Closes: #602293) * debian/mupdf.menu: Removed as well. * debian/patches/mupdf_remove_extra_usage.patch: New patch, remove redundant usage string from output. * Add non-standard DEB_BUILD_OPTIONS x-fpic support. (Closes: #617253) -- Kan-Ru Chen Wed, 09 Mar 2011 11:23:12 +0800 mupdf (0.7-2) unstable; urgency=low * Fix FTBFS on hurd-i386, kfreebsd-amd64, kfreebsd-i386 -- Kan-Ru Chen Wed, 15 Sep 2010 17:15:47 +0800 mupdf (0.7-1) unstable; urgency=low * New upstream release (Closes: #590263, #590264, #590245) * Update manpages to reflect keybinding change * Patch build system to accept additional CFLAGS. * Add mupdf-tools to Suggests of mupdf. (Closes: #593446) * Update watch file * Bump Standards-Version to 3.9.1, no changes needed -- Kan-Ru Chen Wed, 15 Sep 2010 02:27:06 +0800 mupdf (0.6-1) unstable; urgency=low * Initial release. (Closes: #559906) -- Kan-Ru Chen Thu, 22 Jul 2010 08:23:00 +0800