libpng (1.2.8rel-5) unstable; urgency=low
* drop_pass_width.patch: don't export png_pass_width, it's absolutely
unnecessary.
* libpng12-0.shlibs: downgrade the shlibs accordingly
(closes: #331383).
libpng (1.2.8rel-4) unstable; urgency=low
* makefile.patch:
+ Use PNG_PRIVATE to get the list of private symbols as well. It
sucks, but they've been there for too long (closes: #329886).
+ Use mawk instead of awk (closes: #329812).
* control: build-depend on mawk.
* rules:
+ Use -O2, not -O3.
+ Actually run the tests.
+ Make use of x86_patches/ on x86 architectures.
* x86_patches/mmxbuild.patch: build MMX routines in pnggccrd.c.
* x86_patches/pnggccrd-PIC.patch: patch from Christian Aichinger
to make the assembly routines PIC-compatible.
* libpng12-0.shlibs: bump the shlibs version.
libpng (1.2.8rel-3) unstable; urgency=low
* Upload to unstable.
* Rename the source package to libpng.
libpng3 (1.2.8rel-2) experimental; urgency=low
* makefile.patch:
+ now patch makefile.elf, so that only public symbols are truly
exported.
+ shorten the differences as much as possible.
* rules: use makefile.elf now.
* Move libpng3 to oldlibs.
* Entirely remove libpng3-dev, making libpng12-dev provide it
(closes: #322051).
* poynton.patch: correct Charles Poynton's address (closes: #289437).
* Don't run the test when cross-building (closes: #285427).
* setjmp_error.patch: don't stop when we are not using _BSD_SOURCE, as
in this case this is harmless (closes: #299343).
* libpng3.postinst: removed, the fix is in sarge.
* Standards-version is 3.6.2.
* legacy_symbols.patch: still export png_read_destroy and
png_write_destroy, which are deprecated but should nevertheless be
accessible.
libpng3 (1.2.8rel-1) unstable; urgency=medium
* New upstream release.
* read_transformations.patch: removed, included upstream.
* libpng12-0.shlibs: Update to version 1.2.8rel, new flags seem to have been
added.
libpng3 (1.2.8beta5-2) unstable; urgency=medium
* read_transformations.patch: fix segmentation fault with latex
(closes: #281789) and totem (closes: #278618).
libpng3 (1.2.8beta5-1) unstable; urgency=medium
* New upstream release.
+ Correct segmentation violation in png_combine_row.
Closes: #278526, #278917, #278921, #279258, #281789, #282368.
libpng3 (1.2.7-1) unstable; urgency=medium
* New upstream release (closes: #278308).
* libpng12-0.shlibs: update shlibs to version 1.2.7.
* Remove all security fixed, they are included upstream.
libpng3 (1.2.5.0-9) unstable; urgency=high
* CAN-2004-0954.patch: removed, this is already fixed in
CAN-2004-0597_0598_0599.patch.
libpng3 (1.2.5.0-8) unstable; urgency=high
* Switch to CDBS.
+ Ship modifications and security fixes in debian/patches.
+ debian/rules: rewritten.
+ debian/control: build-depend on cdbs.
+ debian/libpng12-0.shlibs: new.
* setjmp_error.patch: port explanation of the error when including setjmp.h
from libpng10, thanks Matijs van Zuijlen <email address hidden>
(closes: #273473).
* CAN-2004-0954.patch: fix buffer overflow vulnerability in
png_handle_tRNS().
* CAN-2004-0955.patch: fix integer arithmetic overflow vulnerability in
png_read_png().
libpng3 (1.2.5.0-7) unstable; urgency=high
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<email address hidden> to fix several vulnerabilities (closes: #263500):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598].
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599].
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].
libpng3 (1.2.5.0-6) unstable; urgency=high
* pngerror.c: applied patch by Steve Grubb <email address hidden> to
fix unintended memory access that could result in a crash of the
application linking against libpng [CAN-2004-0421].
libpng3 (1.2.5.0-5) unstable; urgency=low
* Use debhelper 4.2, which generates the udeb appropriately.
* Update control and rules appropriately.
* Don't use ${shlibs:Depends} for the udeb, rather write the
dependencies by hand.
* Standards-version is 3.6.1.
libpng3 (1.2.5.0-4) unstable; urgency=low
* scripts/makefile.linux: use versioned dependencies
(closes: #155891).
* debian/rules: bump dependency for dh_makeshlibs.
* add the libpng.a link in libpng12-dev.
* Rework scripts/makefile.linux to make it more consistent.
* Update stuff in debian/ accordingly.
* Updated README.Debian.
libpng3 (1.2.5.0-3) unstable; urgency=low
* Make libpng3{,-dev} depend on libpng12-{0,dev} >= 1.2.5.0-2 instead
of the strict source version.
* Move /usr/share/doc/libpng3{,-dev} into symlinks at postinst time
when directories already exist.
* debian/rules: install correctly doc-base stuff.
* debian/libpng12-dev.doc-base: updated URIs.
libpng3 (1.2.5.0-2) unstable; urgency=low
* scripts/{makefile.linux,libpng-config-body.in}: correct the
libpng12-config script.
* Install correctly pkg-config stuff (closes: #191081).
* Make libpng12-dev conflict explicitly with libpng12-0-dev.
* Update README.Debian.
libpng3 (1.2.5.0-1) unstable; urgency=low
* New maintainer.
* Use real upstream tarball from 1.2.5 release.
* Use dpkg-source's way instead of dpatch for patching.
* A bit of rework in debian/rules, use dh_install and debhelper 4.
* Standards-version is 3.5.9.
* The -dev package is now named libpng12-dev (stop using the
libpkg-guide way).
* libpng3 is now arch-independent.
* Improved descriptions a bit.
* Don't supply libpngpf.3, it is not useful to programmers.
libpng3 (1.2.5-11) unstable; urgency=low
* Add udeb (closes: #174842)
* Add missing section on source files.
libpng3 (1.2.5-10) unstable; urgency=low
* Rebuild with d-shlibs with fixed "libgcc_s1-dev" handling (for gcc-3.2).
(closes: #178070), build-depend on d-shlibs 0.10 or greater.
libpng3 (1.2.5-9) unstable; urgency=low
* Use dpatch for patch system -- divide Debian patch, and security fix patch.
* Standards-Version: 3.5.8
* add manual page libpng-config.1 and libpng12-config.1
libpng3 (1.2.5-8) unstable; urgency=low
* Sorry folks, I made a mistake.
* Forward-port of patch from the Security Team,
really apply what was there. (closes: #172868,#172871)
libpng3 (1.2.5-7) unstable; urgency=high
* Forward-port of patch from the Security Team
* Applied patch to pngrtran.c by Glenn Randers-Pehrson
<email address hidden> to fix a buffer overrun.
libpng3 (1.2.5-6) unstable; urgency=low
* Typo in scripts/makefile.linux.
Mistake. -lz and -lm weren't happening.
* Change LDFLAGS to not list -lz -lm, so that testsuite will catch such error.
* set prefix=/usr/ in scripts/makefile.linux, since it was set to usr/local.
libpng3 (1.2.5-5) unstable; urgency=low
* scripts/makefile.linux: LIBADDFLAGS introduced, for shared library lib additional
flags, and use that for shared library.
- this should fix build failure (closes: #166704)
Thanks Daniel Schepler <email address hidden> for reporting.
* updated copyright file to note that libpng3 in Debian is patched to
link with -lz -lm.
libpng3 (1.2.5-4) unstable; urgency=low
* Trying to fix the problem that libpng3 seems to be not linked against libz.
LDFLAGS was defined but not being used.
Thanks Mike Furr <email address hidden> for reporting (closes: #166489)
libpng3 (1.2.5-3) unstable; urgency=low
* Fixed description, I mixed up the -devel and non-devel
packages.
* updated README.Debian.
libpng3 (1.2.5-2) unstable; urgency=low
* careless mistake :(
* reinstall libpng.so symlink in libpng-12-0-dev package.
Otherwise other packages won't build ...
libpng3 (1.2.5-1) unstable; urgency=low
* New upstream version (closes: #163425)
* re-patched makefile.linux to work with system zlib,
added workaround to set CFLAGS, and remove rpath settings from LDFLAGS
* Use debhelper.
* No longer create /usr/doc symlinks.
* Standards-Version: 3.5.7
libpng3 (1.2.1-5) unstable; urgency=low
* Not yet released.
* Change priority from standard to optional.
libpng3 (1.2.1-4) unstable; urgency=low
* change -dev dependency of libc6-dev to libc-dev
libpng3 (1.2.1-3) unstable; urgency=low
* Security fix backported from 1.2.4. Check bounds of variables.
(closes: #155403)
libpng3 (1.2.1-2) unstable; urgency=low
* New maintainer (closes: #151343)
* apply buffer overflow patch for interlaced png files (closes: #150595)
* update description for libpng3-dev.
* change libpng-dev to libpng3-dev
libpng3 (1.2.1-1.1) unstable; urgency=low
* NMU
* Provides: libpng2-dev has been changed to Provides: libpng3-dev
libpng2-dev can be put back in when some kind of sane transition has
finished.
(closes: #128384, #128871, #129268, #129269)
libpng3 (1.2.1-1) unstable; urgency=low
* New upstream version; closes: #125679.
* New source package name: libpng3.
* Renamed libpng<x>-dev to libpng-dev to avoid having to maintain several
development packages (the -dev is source compatible).
* Moved png.5 into the -dev package.
* Added a Replaces: libpng2 to libpng-dev so that we can steal the png.5
manpage without fuss.
* Changed debian/shlibs for libpng3.
* Compress examples/pngtest.c.
-- Martin Pitt <email address hidden> Wed, 22 Feb 2006 20:45:23 +0000
