libpng (1.2.50-2+dyson1) unstable; urgency=medium
* Package for Dyson
-- Igor Pashev <pashev.igor@gmail.com> Wed, 24 Dec 2014 03:03:29 +0300
libpng (1.2.50-2) unstable; urgency=medium
* Merge 1.2.50-1ubuntu3.
Closes: #689092.
* Use defaults for dh_builddeb.
* Remove debian/source/options.
* Refresh patches.
-- Anibal Monsalve Salazar <anibal@debian.org> Sat, 26 Jul 2014 03:27:02 +0100
libpng (1.2.50-1ubuntu3) utopic; urgency=medium
* Make the -dev package Multi-Arch: same. Closes: #689092.
* Don't hard-code the libdir in libpng-config, and error out when
using the libpng-config --libdir option.
-- Matthias Klose <doko@ubuntu.com> Thu, 19 Jun 2014 11:20:33 +0200
libpng (1.2.50-1ubuntu2) trusty; urgency=medium
* Add debian/patches/02-required-space.patch, thanks to Dan Kegel for the
patch. (LP: #1298779)
-- Brian Murray <brian@ubuntu.com> Mon, 31 Mar 2014 14:20:51 -0700
libpng (1.2.50-1ubuntu1) trusty; urgency=medium
* Merge from Debian testing. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
* Drop our autopkgtest changes, debian has those now
-- Jackson Doak <noskcaj@ubuntu.com> Fri, 31 Jan 2014 06:41:50 +1100
libpng (1.2.50-1) unstable; urgency=low
* New upstream release.
* Update Standards-Version to 3.9.5.
* Add support autopkgtest. (Closes: #693047)
Thanks Rafał Cieślak, Martin Pitt and Jakub Wilk.
-- Nobuhiro Iwamatsu <iwamatsu@debian.org> Mon, 27 Jan 2014 11:51:01 +0900
libpng (1.2.49-5ubuntu1) trusty; urgency=low
* Merge from Debian testing. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
- Add debian/tests: Simple compile/link/run autopkgtest
-- Jackson Doak <noskcaj@ubuntu.com> Tue, 22 Oct 2013 06:41:11 +1100
libpng (1.2.49-5) unstable; urgency=low
[ Slテ。vek Banko ]
* Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink
in libpng12-0, instead of libpng12-dev. (Closes: #713270)
[ Anibal Monsalve Salazar ]
* Standards-Version: 3.9.4
* Fix Lintian issue:
- libpng source: brace-expansion-in-debhelper-config-file
debian/libpng12-dev.install
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 06 Oct 2013 10:31:53 +1100
libpng (1.2.49-4ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
- Add debian/tests: Simple compile/link/run autopkgtest
-- Jackson Doak <noskcaj@ubuntu.com> Thu, 22 Aug 2013 16:05:43 +1000
libpng (1.2.49-4) unstable; urgency=low
[ Andreas Beckmann ]
* libpng12-dev: Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 ->
/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink, too, to prevent ldconfig
from playing ping-pong with the SONAME link. (Closes: #706181)
-- Anibal Monsalve Salazar <anibal@debian.org> Fri, 26 Apr 2013 16:42:23 +1000
libpng (1.2.49-3) unstable; urgency=low
* Remove patches/02-681408-CVE-2012-3386-Makefile.in.patch.
This patch is unnecessary. This issue is already fixed in automake.
-- Nobuhiro Iwamatsu <iwamatsu@debian.org> Tue, 28 Aug 2012 16:22:51 +0900
libpng (1.2.49-2) unstable; urgency=high
* Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
Add 02-681408-CVE-2012-3386-Makefile.in.patch
Closes: #681408
-- Anibal Monsalve Salazar <anibal@debian.org> Fri, 13 Jul 2012 12:31:39 +1000
libpng (1.2.49-1ubuntu2) raring; urgency=low
* Add debian/tests: Simple compile/link/run autopkgtest. (LP: #1073538)
-- Rafał Cieślak <rafalcieslak256@ubuntu.com> Wed, 31 Oct 2012 16:43:53 +0100
libpng (1.2.49-1ubuntu1) quantal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 24 May 2012 10:13:23 -0400
libpng (1.2.49-1) unstable; urgency=high
* New upstream version 1.2.49
- Fix CVE-2011-3048 (memory corruption flaw)
Closes: 667475
- Don't crash with electric fence memory debugger
Closes: 668082
* Merged upstream: 02-665208-CVE-2012-3045.patch
-- Anibal Monsalve Salazar <anibal@debian.org> Mon, 09 Apr 2012 12:08:13 +1000
libpng (1.2.47-2) unstable; urgency=high
* Fix Buffer overflow
Fix CVE-2012-3045
Add 02-665208-CVE-2012-3045.patch
Closes: 665208
* Standards Version is 3.9.3
-- Anibal Monsalve Salazar <anibal@debian.org> Tue, 27 Mar 2012 12:04:46 +1100
libpng (1.2.47-1) unstable; urgency=low
* New upstream version 1.2.47
The purpose of this release is to fix the dangerous CVE-2011-3026.
The libpng patch is different from the one that was distributed
earlier by Chromium, in that the libpng user limit feature is not
crippled by the patch.
Remove 02-660026-CVE-2011-3026.patch
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 19 Feb 2012 12:10:18 +1100
libpng (1.2.46-5) unstable; urgency=high
* Check for both truncation (64-bit platforms) and integer overflow
Fix CVE-2011-3026
Add 02-660026-CVE-2011-3026.patch
Closes: 660026
-- Anibal Monsalve Salazar <anibal@debian.org> Thu, 16 Feb 2012 08:21:54 +1100
libpng (1.2.46-4) unstable; urgency=low
* Update debian/rules.
Enabled hardened build flags. (Closes: #654149)
-- Nobuhiro Iwamatsu <iwamatsu@debian.org> Mon, 09 Jan 2012 21:23:43 +0900
libpng (1.2.46-3ubuntu4) precise; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Apr 2012 08:21:56 -0400
libpng (1.2.46-3ubuntu3) precise; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/CVE-2011-3045.patch: use correct type, properly handle
odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Mar 2012 13:16:18 -0400
libpng (1.2.46-3ubuntu2) precise; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 15 Feb 2012 21:10:29 -0600
libpng (1.2.46-3ubuntu1) oneiric; urgency=low
* Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
-- Colin Watson <cjwatson@ubuntu.com> Wed, 10 Aug 2011 21:25:16 +0100
libpng (1.2.46-3) unstable; urgency=low
* libpng12-0-udeb: Don't use bzip2 compression
Closes: 634865
-- Anibal Monsalve Salazar <anibal@debian.org> Wed, 27 Jul 2011 12:44:46 +1000
libpng (1.2.46-2) unstable; urgency=low
[ Steve Langasek ]
* Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any. Closes: 634151
* Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
[ Anibal Monsalve Salazar ]
* Fix doc-base file
Closes: 633944, 633957, 634120
* Pass "-Zbzip2 -z9" to dpkg-deb
-- Anibal Monsalve Salazar <anibal@debian.org> Mon, 18 Jul 2011 22:05:48 +1000
libpng (1.2.46-1) unstable; urgency=high
* New upstream release (Closes: #633871).
- Fix CVE: CVE-2011-2690
Buffer overwrite in png_rgb_to_gray
- CVE: CVE-2011-2691
Crash in png_default_error due to use of NULL Pointer
- CVE: CVE-2011-2692
Memory corruption when handling empty sCAL chunks
- Update patches/01-legacy.patch
- Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.
-- Nobuhiro Iwamatsu <iwamatsu@debian.org> Fri, 15 Jul 2011 11:47:49 +0900
libpng (1.2.44-3) unstable; urgency=high
* Fix 1-byte uninitialized memory reference in png_format_buffer()
Fix CVE-2011-2501
Add debian/patches/02-632786-CVE-2011-2501.patch
Closes: 632786
* Standards version is 3.9.2
* Fix xc-package-type-in-debian-control
* Fix debian-rules-missing-recommended-target
-- Anibal Monsalve Salazar <anibal@debian.org> Wed, 06 Jul 2011 10:04:32 +1000
libpng (1.2.44-2) unstable; urgency=low
* debian/libpng3.links: fix up the compat symlink to point to /lib
Patch by Steve Langasek
Closes: #579074, LP: #284325
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 13 Mar 2011 14:40:33 +1100
libpng (1.2.44-1) unstable; urgency=low
* New upstream release
Stop memory leak when reading a malformed sCAL chunk
-- Anibal Monsalve Salazar <anibal@debian.org> Sat, 26 Jun 2010 13:32:43 +1000
libpng (1.2.43-1) unstable; urgency=high
* New upstream release
* Fix CVE-2010-0205 and Cert VU#576029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
https://www.kb.cert.org/vuls/id/576029
Do not stall and consume large quantities of memory while processing
certain Portable Network Graphics (PNG) files
Closes: 572308
-- Anibal Monsalve Salazar <anibal@debian.org> Wed, 03 Mar 2010 16:44:47 +1100
libpng (1.2.42-2) unstable; urgency=low
* Merge 1.2.42-1ubuntu1
Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
* Fix out-of-date-standards-version
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 14 Feb 2010 13:09:51 +1100
libpng (1.2.42-1ubuntu1) lucid; urgency=low
* Merge from Debian testing. Remaining changes:
- Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 28 Jan 2010 11:57:34 +0000
libpng (1.2.42-1) unstable; urgency=low
* New upstream release
* Remove 02-export-png_set_strip_error_numbers.patch (merged)
* Fix debhelper-but-no-misc-depends
-- Anibal Monsalve Salazar <anibal@debian.org> Sat, 16 Jan 2010 17:53:14 +1100
libpng (1.2.41-1ubuntu1) lucid; urgency=low
* Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
with a separate /usr.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 00:18:15 -0800
libpng (1.2.41-1) unstable; urgency=low
* New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
Define PNG_ERROR_NUMBERS_SUPPORTED
Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
exported.
-- Anibal Monsalve Salazar <anibal@debian.org> Fri, 04 Dec 2009 11:23:50 +1100
libpng (1.2.40-1) unstable; urgency=low
* New upstream release
-- Anibal Monsalve Salazar <anibal@debian.org> Wed, 07 Oct 2009 12:44:09 +1100
libpng (1.2.39-1) unstable; urgency=low
* New upstream release
* Fix out-of-date-standards-version
* Fix patch-system-but-no-source-readme
-- Anibal Monsalve Salazar <anibal@debian.org> Thu, 20 Aug 2009 14:57:46 +1000
libpng (1.2.38-1) unstable; urgency=low
* New upstream release
* Fix out-of-date-standards-version
* Update upstream homepage
Closes: 536474
-- Anibal Monsalve Salazar <anibal@debian.org> Sat, 18 Jul 2009 05:44:23 +1000
libpng (1.2.37-1) unstable; urgency=low
* New upstream release
-- Anibal Monsalve Salazar <anibal@debian.org> Thu, 04 Jun 2009 23:03:58 +1000
libpng (1.2.36-1) unstable; urgency=low
* New upstream release
* Standards-Version is 3.8.1
* debhelper compat is 7
* Run dh_prep instead of dh_clean -k
-- Anibal Monsalve Salazar <anibal@debian.org> Fri, 22 May 2009 09:11:26 +1000
libpng (1.2.35-1) unstable; urgency=high
* New upstream release
- http://secunia.com/advisories/33970/
Fix a vulnerability reported by Tavis Ormandy in which
some arrays of pointers are not initialized prior to using
"malloc" to define the pointers.
Closes: #516256
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
The png_check_keyword function in pngwutil.c in libpng, might
allow context-dependent attackers to set the value of an
arbitrary memory location to zero via vectors involving
creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
Closes: #486415
-- Anibal Monsalve Salazar <anibal@debian.org> Sat, 21 Feb 2009 15:50:52 +1100
libpng (1.2.33-2) unstable; urgency=low
* Fix the following lintian issues:
W: libpng12-0: copyright-refers-to-versionless-license-file
usr/share/common-licenses/GPL
-- Anibal Monsalve Salazar <anibal@debian.org> Mon, 16 Feb 2009 11:32:17 +1100
libpng (1.2.33-1) experimental; urgency=low
* New upstream release
- Fix memory leak after reading a malformed tEXt chunk
-- Anibal Monsalve Salazar <anibal@debian.org> Sat, 01 Nov 2008 17:21:56 +1100
libpng (1.2.32-1) experimental; urgency=low
* New upstream release
- libpng.pc is configured to do static linking; closes: #483477
- use autoconf variables in .pc and libpng-config; closes: #483478
* Remove debian/patches/02-501109-pngtest.c.diff; it was merged
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 05 Oct 2008 08:20:20 +1100
libpng (1.2.27-2) unstable; urgency=medium
* Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0
-- Anibal Monsalve Salazar <anibal@debian.org> Sat, 04 Oct 2008 19:45:17 +1000
libpng (1.2.27-1) unstable; urgency=low
* New upstream release
* Patches merged upstream:
debian/patches/02-476669-CVE-2008-1382.diff
debian/patches/03-404514-png.5.diff
* Run ./autogen.sh
-- Anibal Monsalve Salazar <anibal@debian.org> Tue, 29 Apr 2008 17:22:16 +1000
libpng (1.2.26-1) unstable; urgency=high
* New upstream release. Closes: #431202
* Use quilt
Add 01-legacy.diff
* Fix CVE-2008-1382 denial of service and possibly code execution
Add 02-476669-CVE-2008-1382.diff
Closes: #476669
* Fix URL in png.5. Closes: #404514
Add 03-404514-png.5.diff
* Move examples to libpng12-dev. Closes: #401467
* Fix "libpng (<= 1.2.20) contains grey-licensed code". Closes: #469126
* Fix the following lintian issues:
W: libpng source: debian-rules-ignores-make-clean-error line 37
W: libpng source: substvar-source-version-is-deprecated libpng12-dev
W: libpng source: out-of-date-standards-version 3.7.2 (current is 3.7.3)
W: libpng12-0-udeb udeb: description-contains-homepage
W: libpng3: description-contains-homepage
W: libpng12-dev: description-contains-homepage
W: libpng12-0: package-contains-empty-directory usr/bin/
W: libpng12-0: package-contains-empty-directory usr/sbin/
W: libpng12-0: description-contains-homepage
W: libpng12-0: doc-base-unknown-section libpng12:22 Apps/Programming
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 20 Apr 2008 18:22:32 +1000
libpng (1.2.15~beta5-3) unstable; urgency=high
* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 14 Oct 2007 09:55:00 +1000
libpng (1.2.15~beta5-2.1) unstable; urgency=high
* Non-maintainer upload by testing security team.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
-- Nico Golde <nion@debian.org> Sun, 14 Oct 2007 01:12:51 +0200
libpng (1.2.15~beta5-2) unstable; urgency=high
* It seems that a grayscale image with a malformed (bad CRC) tRNS
chunk will crash libpng and mozilla. Closes: #424729.
- CVE-2007-2445
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
- CERT Vulnerability Note VU#684664
http://www.kb.cert.org/vuls/id/684664
-- Anibal Monsalve Salazar <anibal@debian.org> Wed, 09 May 2007 17:34:02 +1000
libpng (1.2.15~beta5-1) unstable; urgency=low
* Applied legacy_symbols.patch.
* Changed shlibs dependecy versions to ">= 1.2.13-4".
* libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
povray-3.5 (<= 3.5.0c-10).
-- Anibal Monsalve Salazar <anibal@debian.org> Wed, 20 Dec 2006 10:24:18 +1100
libpng (1.2.15~beta5-0) unstable; urgency=high
* New upstream release.
- Fixed asm API functions not exported on amd64. Closes: #401044.
- Fixed "libpng hangs when saving profile". Closes: #401423.
* Fixed "Incorrect shlibs information". Closes: #401465.
* Removed patches for png.h and pngconf.h.
* Updated debian/watch.
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 03 Dec 2006 14:47:41 +1100
libpng (1.2.13-4) unstable; urgency=low
* Removed drop_pass_width patch. Closes: #399499.
-- Anibal Monsalve Salazar <anibal@debian.org> Tue, 21 Nov 2006 19:07:43 +1100
libpng (1.2.13-3) unstable; urgency=low
* libpng12-dev: removed the conflict with libpng3-dev.
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 19 Nov 2006 16:36:02 +1100
libpng (1.2.13-2) unstable; urgency=low
* Put back binary package libpng3.
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 19 Nov 2006 15:32:39 +1100
libpng (1.2.13-1) unstable; urgency=low
* Fixed conflict with the new libpng package. Closes: #399296.
* Fixed png.5 man page formatting. Closes: #353061.
Patch by Kevin Ryde <user42@zip.com.au>.
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 19 Nov 2006 13:55:17 +1100
libpng (1.2.13-0) unstable; urgency=high
* New upstream release.
* CVE-2006-5793: Fixed a new security issue regarding malformed
sPLT chunks. Closes: #398706.
* Transitional package libpng3 is not shipped anymore.
Closes: #369104.
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 19 Nov 2006 09:02:09 +1100
libpng (1.2.12-0) unstable; urgency=high
* New upstream release. Closes: #366070.
* CVE-2006-3334: Fixed Buffer overflow in the png_decompress_chunk
function in pngrutil.c in libpng before 1.2.12 allows
context-dependent attackers to cause a denial of service and
possibly execute arbitrary code via unspecified vectors related
to "chunk error processing," possibly involving the "chunk_name".
Closes: #397892.
* Removed debian/x86_patches/pnggccrd-PIC.patch as it's merged
upstream.
-- Anibal Monsalve Salazar <anibal@debian.org> Thu, 09 Nov 2006 19:25:08 +1100
libpng (1.2.8rel-7) unstable; urgency=low
* New maintainer. Closes: #393109.
* ACK NMUs. Closes: #378463, #377298, #356252.
* debian/control:
- set Standards-Version to 3.7.2.
- set Priority to extra for libpng12-0-udeb.
- added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
dependency lists.
* Added debian/watch file.
-- Anibal Monsalve Salazar <anibal@debian.org> Mon, 16 Oct 2006 17:34:58 +1000
libpng (1.2.8rel-6) unstable; urgency=low
* Orphaning package.
-- Josselin Mouette <joss@debian.org> Sun, 15 Oct 2006 03:22:24 +0200
libpng (1.2.8rel-5.2) unstable; urgency=low
* Non-maintainer upload.
* Backport changes from 1.2.12 to fix a buffer overflow in
png_decompress_chunk; patch by Alec Berryman. [CVE-2006-3334]
(Closes: #377298)
-- Steinar H. Gunderson <sesse@debian.org> Sun, 16 Jul 2006 16:27:56 +0200
libpng (1.2.8rel-5.1) unstable; urgency=low
* Non Maintainer Upload (closes: #356252).
* Add support for udeb dependency resolution in shlibs file.
* Update debhelper compatibility to level 5.
-- Frans Pop <fjp@debian.org> Thu, 30 Mar 2006 11:46:39 +0200
libpng (1.2.8rel-5) unstable; urgency=low
* drop_pass_width.patch: don't export png_pass_width, it's absolutely
unnecessary.
* libpng12-0.shlibs: downgrade the shlibs accordingly
(closes: #331383).
-- Josselin Mouette <joss@debian.org> Mon, 3 Oct 2005 20:18:43 +0200
libpng (1.2.8rel-4) unstable; urgency=low
* makefile.patch:
+ Use PNG_PRIVATE to get the list of private symbols as well. It
sucks, but they've been there for too long (closes: #329886).
+ Use mawk instead of awk (closes: #329812).
* control: build-depend on mawk.
* rules:
+ Use -O2, not -O3.
+ Actually run the tests.
+ Make use of x86_patches/ on x86 architectures.
* x86_patches/mmxbuild.patch: build MMX routines in pnggccrd.c.
* x86_patches/pnggccrd-PIC.patch: patch from Christian Aichinger
to make the assembly routines PIC-compatible.
* libpng12-0.shlibs: bump the shlibs version.
-- Josselin Mouette <joss@debian.org> Sun, 25 Sep 2005 15:25:34 +0200
libpng (1.2.8rel-3) unstable; urgency=low
* Upload to unstable.
* Rename the source package to libpng.
-- Josselin Mouette <joss@debian.org> Thu, 22 Sep 2005 18:24:37 +0200
libpng3 (1.2.8rel-2) experimental; urgency=low
* makefile.patch:
+ now patch makefile.elf, so that only public symbols are truly
exported.
+ shorten the differences as much as possible.
* rules: use makefile.elf now.
* Move libpng3 to oldlibs.
* Entirely remove libpng3-dev, making libpng12-dev provide it
(closes: #322051).
* poynton.patch: correct Charles Poynton's address (closes: #289437).
* Don't run the test when cross-building (closes: #285427).
* setjmp_error.patch: don't stop when we are not using _BSD_SOURCE, as
in this case this is harmless (closes: #299343).
* libpng3.postinst: removed, the fix is in sarge.
* Standards-version is 3.6.2.
* legacy_symbols.patch: still export png_read_destroy and
png_write_destroy, which are deprecated but should nevertheless be
accessible.
-- Josselin Mouette <joss@debian.org> Tue, 13 Sep 2005 02:07:16 +0200
libpng3 (1.2.8rel-1) unstable; urgency=medium
* New upstream release.
* read_transformations.patch: removed, included upstream.
* libpng12-0.shlibs: Update to version 1.2.8rel, new flags seem to have been
added.
-- Josselin Mouette <joss@debian.org> Sat, 4 Dec 2004 15:54:53 +0100
libpng3 (1.2.8beta5-2) unstable; urgency=medium
* read_transformations.patch: fix segmentation fault with latex
(closes: #281789) and totem (closes: #278618).
-- Josselin Mouette <joss@debian.org> Thu, 25 Nov 2004 16:49:28 +0100
libpng3 (1.2.8beta5-1) unstable; urgency=medium
* New upstream release.
+ Correct segmentation violation in png_combine_row.
Closes: #278526, #278917, #278921, #279258, #281789, #282368.
-- Josselin Mouette <joss@debian.org> Wed, 24 Nov 2004 13:53:49 +0100
libpng3 (1.2.7-1) unstable; urgency=medium
* New upstream release (closes: #278308).
* libpng12-0.shlibs: update shlibs to version 1.2.7.
* Remove all security fixed, they are included upstream.
-- Josselin Mouette <joss@debian.org> Tue, 26 Oct 2004 13:40:25 +0200
libpng3 (1.2.5.0-9) unstable; urgency=high
* CAN-2004-0954.patch: removed, this is already fixed in
CAN-2004-0597_0598_0599.patch.
-- Josselin Mouette <joss@debian.org> Tue, 19 Oct 2004 10:52:28 +0200
libpng3 (1.2.5.0-8) unstable; urgency=high
* Switch to CDBS.
+ Ship modifications and security fixes in debian/patches.
+ debian/rules: rewritten.
+ debian/control: build-depend on cdbs.
+ debian/libpng12-0.shlibs: new.
* setjmp_error.patch: port explanation of the error when including setjmp.h
from libpng10, thanks Matijs van Zuijlen <Matijs.van.Zuijlen@xs4all.nl>
(closes: #273473).
* CAN-2004-0954.patch: fix buffer overflow vulnerability in
png_handle_tRNS().
* CAN-2004-0955.patch: fix integer arithmetic overflow vulnerability in
png_read_png().
-- Josselin Mouette <joss@debian.org> Thu, 14 Oct 2004 20:06:08 +0200
libpng3 (1.2.5.0-7) unstable; urgency=high
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<chris@scary.beasts.org> to fix several vulnerabilities (closes: #263500):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598].
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599].
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].
-- Josselin Mouette <joss@debian.org> Thu, 5 Aug 2004 12:37:32 +0200
libpng3 (1.2.5.0-6) unstable; urgency=high
* pngerror.c: applied patch by Steve Grubb <linux_4ever@yahoo.com> to
fix unintended memory access that could result in a crash of the
application linking against libpng [CAN-2004-0421].
-- Josselin Mouette <joss@debian.org> Tue, 20 Apr 2004 13:39:02 +0200
libpng3 (1.2.5.0-5) unstable; urgency=low
* Use debhelper 4.2, which generates the udeb appropriately.
* Update control and rules appropriately.
* Don't use ${shlibs:Depends} for the udeb, rather write the
dependencies by hand.
* Standards-version is 3.6.1.
-- Josselin Mouette <joss@debian.org> Fri, 20 Feb 2004 19:23:05 +0100
libpng3 (1.2.5.0-4) unstable; urgency=low
* scripts/makefile.linux: use versioned dependencies
(closes: #155891).
* debian/rules: bump dependency for dh_makeshlibs.
* add the libpng.a link in libpng12-dev.
* Rework scripts/makefile.linux to make it more consistent.
* Update stuff in debian/ accordingly.
* Updated README.Debian.
-- Josselin Mouette <joss@debian.org> Tue, 10 Jun 2003 18:14:32 +0200
libpng3 (1.2.5.0-3) unstable; urgency=low
* Make libpng3{,-dev} depend on libpng12-{0,dev} >= 1.2.5.0-2 instead
of the strict source version.
* Move /usr/share/doc/libpng3{,-dev} into symlinks at postinst time
when directories already exist.
* debian/rules: install correctly doc-base stuff.
* debian/libpng12-dev.doc-base: updated URIs.
-- Josselin Mouette <joss@debian.org> Tue, 6 May 2003 19:44:59 +0200
libpng3 (1.2.5.0-2) unstable; urgency=low
* scripts/{makefile.linux,libpng-config-body.in}: correct the
libpng12-config script.
* Install correctly pkg-config stuff (closes: #191081).
* Make libpng12-dev conflict explicitly with libpng12-0-dev.
* Update README.Debian.
-- Josselin Mouette <joss@debian.org> Mon, 28 Apr 2003 19:42:15 +0200
libpng3 (1.2.5.0-1) unstable; urgency=low
* New maintainer.
* Use real upstream tarball from 1.2.5 release.
* Use dpkg-source's way instead of dpatch for patching.
* A bit of rework in debian/rules, use dh_install and debhelper 4.
* Standards-version is 3.5.9.
* The -dev package is now named libpng12-dev (stop using the
libpkg-guide way).
* libpng3 is now arch-independent.
* Improved descriptions a bit.
* Don't supply libpngpf.3, it is not useful to programmers.
-- Josselin Mouette <joss@debian.org> Wed, 16 Apr 2003 18:41:02 +0200
libpng3 (1.2.5-11) unstable; urgency=low
* Add udeb (closes: #174842)
* Add missing section on source files.
-- Junichi Uekawa <dancer@debian.org> Mon, 31 Mar 2003 00:28:06 +0900
libpng3 (1.2.5-10) unstable; urgency=low
* Rebuild with d-shlibs with fixed "libgcc_s1-dev" handling (for gcc-3.2).
(closes: #178070), build-depend on d-shlibs 0.10 or greater.
-- Junichi Uekawa <dancer@debian.org> Fri, 24 Jan 2003 12:23:35 +0900
libpng3 (1.2.5-9) unstable; urgency=low
* Use dpatch for patch system -- divide Debian patch, and security fix patch.
* Standards-Version: 3.5.8
* add manual page libpng-config.1 and libpng12-config.1
-- Junichi Uekawa <dancer@debian.org> Wed, 15 Jan 2003 17:55:17 +0900
libpng3 (1.2.5-8) unstable; urgency=low
* Sorry folks, I made a mistake.
* Forward-port of patch from the Security Team,
really apply what was there. (closes: #172868,#172871)
-- Junichi Uekawa <dancer@debian.org> Fri, 13 Dec 2002 16:12:01 +0900
libpng3 (1.2.5-7) unstable; urgency=high
* Forward-port of patch from the Security Team
* Applied patch to pngrtran.c by Glenn Randers-Pehrson
<glennrp@comcast.net> to fix a buffer overrun.
-- Junichi Uekawa <dancer@debian.org> Thu, 12 Dec 2002 20:36:28 +0900
libpng3 (1.2.5-6) unstable; urgency=low
* Typo in scripts/makefile.linux.
Mistake. -lz and -lm weren't happening.
* Change LDFLAGS to not list -lz -lm, so that testsuite will catch such error.
* set prefix=/usr/ in scripts/makefile.linux, since it was set to usr/local.
-- Junichi Uekawa <dancer@debian.org> Wed, 30 Oct 2002 20:54:54 +0900
libpng3 (1.2.5-5) unstable; urgency=low
* scripts/makefile.linux: LIBADDFLAGS introduced, for shared library lib additional
flags, and use that for shared library.
- this should fix build failure (closes: #166704)
Thanks Daniel Schepler <schepler@math.berkeley.edu> for reporting.
* updated copyright file to note that libpng3 in Debian is patched to
link with -lz -lm.
-- Junichi Uekawa <dancer@debian.org> Mon, 28 Oct 2002 12:25:57 +0900
libpng3 (1.2.5-4) unstable; urgency=low
* Trying to fix the problem that libpng3 seems to be not linked against libz.
LDFLAGS was defined but not being used.
Thanks Mike Furr <mfurr@debian.org> for reporting (closes: #166489)
-- Junichi Uekawa <dancer@debian.org> Sun, 27 Oct 2002 16:07:54 +0900
libpng3 (1.2.5-3) unstable; urgency=low
* Fixed description, I mixed up the -devel and non-devel
packages.
* updated README.Debian.
-- Junichi Uekawa <dancer@debian.org> Thu, 24 Oct 2002 18:56:34 +0900
libpng3 (1.2.5-2) unstable; urgency=low
* careless mistake :(
* reinstall libpng.so symlink in libpng-12-0-dev package.
Otherwise other packages won't build ...
-- Junichi Uekawa <dancer@debian.org> Wed, 23 Oct 2002 16:46:23 +0900
libpng3 (1.2.5-1) unstable; urgency=low
* New upstream version (closes: #163425)
* re-patched makefile.linux to work with system zlib,
added workaround to set CFLAGS, and remove rpath settings from LDFLAGS
* Use debhelper.
* No longer create /usr/doc symlinks.
* Standards-Version: 3.5.7
-- Junichi Uekawa <dancer@debian.org> Tue, 22 Oct 2002 21:05:33 +0900
libpng3 (1.2.1-5) unstable; urgency=low
* Not yet released.
* Change priority from standard to optional.
-- Junichi Uekawa <dancer@debian.org> Sun, 15 Sep 2002 15:39:12 +0900
libpng3 (1.2.1-4) unstable; urgency=low
* change -dev dependency of libc6-dev to libc-dev
-- Junichi Uekawa <dancer@debian.org> Fri, 13 Sep 2002 18:40:53 +0900
libpng3 (1.2.1-3) unstable; urgency=low
* Security fix backported from 1.2.4. Check bounds of variables.
(closes: #155403)
-- Junichi Uekawa <dancer@debian.org> Wed, 7 Aug 2002 17:30:32 +0900
libpng3 (1.2.1-2) unstable; urgency=low
* New maintainer (closes: #151343)
* apply buffer overflow patch for interlaced png files (closes: #150595)
* update description for libpng3-dev.
* change libpng-dev to libpng3-dev
-- Junichi Uekawa <dancer@debian.org> Thu, 25 Jul 2002 16:28:24 +0900
libpng3 (1.2.1-1.1) unstable; urgency=low
* NMU
* Provides: libpng2-dev has been changed to Provides: libpng3-dev
libpng2-dev can be put back in when some kind of sane transition has
finished.
(closes: #128384, #128871, #129268, #129269)
-- Junichi Uekawa <dancer@debian.org> Tue, 12 Feb 2002 02:31:53 +0900
libpng3 (1.2.1-1) unstable; urgency=low
* New upstream version; closes: #125679.
* New source package name: libpng3.
* Renamed libpng<x>-dev to libpng-dev to avoid having to maintain several
development packages (the -dev is source compatible).
* Moved png.5 into the -dev package.
* Added a Replaces: libpng2 to libpng-dev so that we can steal the png.5
manpage without fuss.
* Changed debian/shlibs for libpng3.
* Compress examples/pngtest.c.
-- Philippe Troin <phil@fifi.org> Tue, 18 Dec 2001 20:01:04 -0800
libpng (1.0.12-3) unstable; urgency=low
* Moved the png.5 manpage to the dev package to allow multiple libpng<n>
packages installed at the same time.
-- Philippe Troin <phil@fifi.org> Tue, 18 Dec 2001 23:58:25 -0800
libpng (1.0.12-2) unstable; urgency=low
* Changed libpng2-dev's section to devel to resync with override file.
* Fixed upstream version detection in debian/rules; closes: #105931.
-- Philippe Troin <phil@fifi.org> Sun, 29 Jul 2001 11:52:40 -0700
libpng (1.0.12-1) unstable; urgency=low
* New upstream release; closes: #105354.
* Bumped dependency information in debian/shlibs to libpng >= 1.0.12
since there were some non-backwards compatible changes to the API.
* Added support for DEB_BUILD_OPTIONS and get-orig-source to debian/rules.
* Added call to ldconfig on postrm's remove.
* Removed INSTALL file from /usr/share/doc/libpng2.
* Bumped standards version to 3.5.5.0.
-- Philippe Troin <phil@fifi.org> Tue, 17 Jul 2001 23:32:36 -0700
libpng (1.0.11-1) unstable; urgency=low
* New upstream release.
-- Philippe Troin <phil@fifi.org> Wed, 2 May 2001 20:43:51 -0700
libpng (1.0.10-2) unstable; urgency=low
* Force recompile because of bad sparc package.
* Libpng2's priority changed to standard to comply with the override file.
-- Philippe Troin <phil@fifi.org> Tue, 24 Apr 2001 11:49:31 -0700
libpng (1.0.10-1) unstable; urgency=low
* New upstream release.
* Changed shlib to depend on libpng2 (>= 2.0.10) because of
non-backwards compatible changes.
-- Philippe Troin <phil@fifi.org> Sun, 22 Apr 2001 22:48:30 -0700
libpng (1.0.8-1) unstable; urgency=low
* Changed the doc-base type from 'test' to 'text'; closes: #59877.
* New upstream relase 1.0.8; closes: #70464.
* Updated copyright notice.
* Removed Y2kINFO from the doc directory.
* Added pngtest.c in examples; closes: #65229.
* Updated to standards version 3.2.1.0.
* Added build-depends line in control file; closes: #69291.
-- Philippe Troin <phil@fifi.org> Mon, 11 Sep 2000 23:19:12 -0700
libpng (1.0.5-1) frozen unstable; urgency=low
* Maintainer upload (closes: #48244, #48246).
* Added some extra explanations for the setjmp.h mess (closes: #56759),
see pngconf.h for details.
-- Philippe Troin <phil@fifi.org> Mon, 28 Feb 2000 13:53:22 -0800
libpng (1.0.5-0.1) unstable; urgency=low
* Non-maintainer release.
* New upstream release. (closes:Bug#48244).
* Remove versioned depend from shlibs (closes:Bug#48246).
-- Joel Klecker <espy@debian.org> Sat, 30 Oct 1999 08:12:53 -0700
libpng (1.0.3-1) unstable; urgency=low
* New upstream version (1.0.3); Closes: #31870, #46333.
* Maintainer upload, closes NMU bugs; Closes: #28412, #31523, #31690.
* FHS compliant.
* New standard-version 3.0.1.
* Lintian clean.
* Removed temporary zlib1g line in control file (used to be a bug in
zlib1g).
* Moved the documentation file to the -dev package.
* Register documentation file to doc-base.
* Fontified man pages with addformat script; Closes #38680.
-- Philippe Troin <phil@fifi.org> Mon, 4 Oct 1999 18:59:42 -0700
libpng (1.0.2b-0.1) frozen unstable; urgency=low
* New upstream (bug-fix only) version.
(Should fix bugs #31690滼, since I can't reproduce them)
From the author:
"I have recently uploaded libpng-1.0.2b to
ftp://swrinde.nde.swri.edu/pub/png-group/src
I plan to release it as libpng-1.0.3 in a
few days, but would like to hear whether it
fixes the problems with GNOME.
It restores a few lines of code that were
inadvertently deleted from pngread.c, which
seems to be the cause of problems with adding
an alpha channel (which you fixed by downgrading
to libpng-1.0.1's pngread.c)."
[Glenn Randers-Pehrson <glennrp@netgsi.com>]
* Masquerade version number to 1.0.3 to make Imlib & Co. happy.
-- Vincent Renardias <vincent@waw.com> Mon, 11 Jan 1999 06:27:55 +0100
libpng (1.0.2-1.1) frozen unstable; urgency=low
* Fix Important bug #28412
(using pngread.c from libpng-1.0.1 did the trick).
-- Vincent Renardias <vincent@waw.com> Wed, 6 Jan 1999 19:00:15 +0100
libpng (1.0.2-1) unstable; urgency=low
* Maintainer release (to change a bit).
* Pristine sources.
* Libpng2-dev includes example.c (fixes bug #10315).
* Changed control file to reflect difference with libpng0g (fixes #23795).
* Recompiled (should fix the zlib1g missing symbol, bug #24450).
* Added -D_REENTRANT also to static library.
* Added a dependency upon zlib1g >= 1.1.2 (otherwise we get a missing
symbol) (fixes bug #24450).
-- Philippe Troin <phil@fifi.org> Tue, 22 Sep 1998 00:17:16 -0700
libpng (1.0.2-0.1) unstable; urgency=low
* Non-maintainer release
* New upstream version
-- Karl M. Hegbloom <karlheg@debian.org> Tue, 4 Aug 1998 23:47:00 -0700
libpng (1.0.1-0.2) unstable; urgency=medium
* debian/rules (binary-arch): don't call install with -s as an
argument when installing a shared library; it doesn't know to use
--strip-unneeded, and we call strip separately later anyway.
* scripts/makefile.lnx (CFLAGS): killed i386-isms.
* scripts/makefile.lnx: compiled shared libraries with -D_REENTRANT.
(The above fixes are from James Troup, who yet again, alerted me to
my screwups ;)
* debian/postinst: only call ldconfig if $1 = configure.
-- Joel Klecker <jk@espy.org> Wed, 17 Jun 1998 10:25:27 -0700
libpng (1.0.1-0.1) unstable; urgency=low
* New upstream bug fix release.
* Include man pages.
-- Joel Klecker <jk@espy.org> Wed, 06 May 1998 08:51:49 -0700
libpng (1.0.0-0.1) unstable; urgency=low
* Non-maintainer Release.
* New Upstream Release.
* Changed source package name to `libpng'.
* Added `-f makefile.lnx' to make invocations in debian/rules.
* Removed `ldconfig' call from postrm.
-- Joel Klecker <jk@espy.org> Tue, 4 Mar 1998 17:58:05 -0800
libpng0 (0.96-5) unstable; urgency=low
* Removed executable permissions on shared libs (fixes bug #15478).
* Updated Standards-Version to 2.3.0.1.
-- Philippe Troin <phil@fifi.org> Sun, 25 Jan 1998 13:19:51 -0800
libpng0 (0.96-4) unstable; urgency=low
* Shared libraries are stripped with --strip-unneeded and static
libraries with --strip-debug (fixes bug #15669).
* Made the build strip non-i386 specific (patch by James Troup) (fixes
bug #13832).
* Removed the dependency between the libc5 and libc6 versions.
-- Philippe Troin <phil@fifi.org> Sun, 18 Jan 1998 22:37:19 -0800
libpng0 (0.96-3) unstable; urgency=low
* Libc6 compilation.
-- Philippe Troin <phil@fifi.org> Tue, 23 Sep 1997 21:38:42 -0700
libpng0 (0.96-2) unstable; urgency=low
* Fixed permissions in /usr/doc/libpng0 (fixes bug #10540).
-- Philippe Troin <phil@fifi.org> Sun, 15 Jun 1997 13:18:38 -0700
libpng0 (0.96-1) unstable; urgency=low
* New upstream sources.
-- Philippe Troin <phil@fifi.org> Thu, 12 Jun 1997 23:32:29 -0700
libpng0 (0.95b-1) unstable; urgency=low
* New maintainer.
* Upgraded to upstream version 0.95b.
* Make debian/rules version independent.
* Debian/rules clean now removes substvars.
* Bumped the shlibs version to 0.95 as some incompatibilities were
introduced between 0.89 and 0.90.
* Added the Section: and Priority: fields to the control file (fixes bug
#6370).
* Now /usr/doc/libpng0 contains various info and the debian change log
stuff (fixes bug #7925).
* Added -D_REENTRANT compilation flag.
-- Philippe Troin <phil@fifi.org> Fri, 18 Apr 1997 14:44:09 -0700
libpng (0.89c-6) unstable; urgency=low
* Moved shlibs file to correct location
-- Michael Alan Dorman <mdorman@debian.org> Sun, 15 Dec 1996 13:03:19 -0500
libpng (0.89c-5) unstable; urgency=low
* Added shlibs file
-- Michael Alan Dorman <mdorman@debian.org> Sat, 23 Nov 1996 16:23:06 -0500
libpng (0.89c-4) unstable; urgency=low
* Now stripping shared libraries (Bug#5134)
-- Michael Alan Dorman <mdorman@debian.org> Sat, 23 Nov 1996 12:05:06 -0500
libpng (0.89c-3) unstable; urgency=low
* Corrected maintainers address
-- Michael Alan Dorman <mdorman@debian.org> Mon, 23 Sep 1996 12:52:03 -0400
libpng (0.89c-2) unstable; urgency=low
* Accommodate the fact that dpkg-source doesn't properly preserve
permissions on scripts when extracting package. (Bug#4513)
-- Michael Alan Dorman <mdorman@calder.med.miami.edu> Mon, 23 Sep 1996 12:34:35 -0400
libpng (0.89c-1) unstable; urgency=low
* New upstream version.
* Moved to new source packaging format.
-- Michael Alan Dorman <mdorman@calder.med.miami.edu> Thu, 12 Sep 1996 15:19:35 -0400