libpng (1.0.12-3.woody.9) stable-security; urgency=high * Non-maintainer upload by the Security Team * Reverted patch against pngrutil.c since it was only incomplete code reordering * The real patch was applied earlier already (CAN-2004-0597, DSA 536) -- Martin Schulze Tue, 19 Oct 2004 10:31:33 +0200 libpng (1.0.12-3.woody.8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added PNG_UINT_32_MAX macro [png.h] * Applied upstream patch to detect potential buffer overflows [png.c] * Applied upstream patch to add a check to detect a buffer overflow [pngmem.c] * Applied upstream patch to fix integer overflow [pngread.c, CAN-2004-0955] * Applied upstream patch to fix buffer overflow [pngrutil.c, CAN-2004-0954] -- Martin Schulze Thu, 14 Oct 2004 15:12:57 +0200 libpng (1.0.12-3.woody.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply additional patch from upstream to fix CAN-2004-0768 -- Matt Zimmerman Tue, 3 Aug 2004 20:31:18 -0700 libpng (1.0.12-3.woody.6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Patch from Chris Evans to fix multiple vulnerabilities: - libpng fails to properly check length on PNG data [CAN-2004-0597] - libpng "png_handle_sBIT" does not perform proper checks to avoid stack buffer overflow [CAN-2004-0597] - libpng "png_handle_iCCP" possible NULL-pointer crash [CAN-2004-0598] - libpng "png_handle_sPLT" possible integer overflow [CAN-2004-0599] - libpng "png_read_png" does not properly handle a PNG with excessive height (integer overflow) [CAN-2004-0599] - libpng progressive reading integer overflow [CAN-2004-0599] -- Matt Zimmerman Fri, 16 Jul 2004 14:09:24 -0700 libpng (1.0.12-3.woody.5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Adjusted the patch to not clip error messages needlessly, thanks to Ralf S. Engelschall [pngerror.c, CAN-2004-0421] -- Martin Schulze Thu, 29 Apr 2004 19:19:50 +0200 libpng (1.0.12-3.woody.4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Steve Grubb to fix unintended memory access that could result in a crash of the application linking against libpng [pngerror.c, CAN-2004-0421] -- Martin Schulze Tue, 20 Apr 2004 11:11:52 +0200 libpng (1.0.12-3.woody.3) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch to pngrtran.c by Glenn Randers-Pehrson to fix a buffer overrun. -- Martin Schulze Sat, 7 Dec 2002 21:59:06 +0100 libpng (1.0.12-3.woody.2) stable-security; urgency=high * Applied security related patch Glenn Randers-Pehrson informed us about, which preserves libpng from processing too wide images. -- Martin Schulze Fri, 2 Aug 2002 11:37:52 +0200 libpng (1.0.12-3.woody.1) stable-security; urgency=high * NMU by the security team to fix a buffer overflow that could potentially have lead to the execution of malicious code (Closes: Bug#150595) -- Noah L. Meyerhans Fri, 19 Jul 2002 20:57:55 -0400 libpng (1.0.12-3) unstable; urgency=low * Moved the png.5 manpage to the dev package to allow multiple libpng packages installed at the same time. -- Philippe Troin Tue, 18 Dec 2001 23:58:25 -0800 libpng (1.0.12-2) unstable; urgency=low * Changed libpng2-dev's section to devel to resync with override file. * Fixed upstream version detection in debian/rules; closes: #105931. -- Philippe Troin Sun, 29 Jul 2001 11:52:40 -0700 libpng (1.0.12-1) unstable; urgency=low * New upstream release; closes: #105354. * Bumped dependency information in debian/shlibs to libpng >= 1.0.12 since there were some non-backwards compatible changes to the API. * Added support for DEB_BUILD_OPTIONS and get-orig-source to debian/rules. * Added call to ldconfig on postrm's remove. * Removed INSTALL file from /usr/share/doc/libpng2. * Bumped standards version to 3.5.5.0. -- Philippe Troin Tue, 17 Jul 2001 23:32:36 -0700 libpng (1.0.11-1) unstable; urgency=low * New upstream release. -- Philippe Troin Wed, 2 May 2001 20:43:51 -0700 libpng (1.0.10-2) unstable; urgency=low * Force recompile because of bad sparc package. * Libpng2's priority changed to standard to comply with the override file. -- Philippe Troin Tue, 24 Apr 2001 11:49:31 -0700 libpng (1.0.10-1) unstable; urgency=low * New upstream release. * Changed shlib to depend on libpng2 (>= 2.0.10) because of non-backwards compatible changes. -- Philippe Troin Sun, 22 Apr 2001 22:48:30 -0700 libpng (1.0.8-1) unstable; urgency=low * Changed the doc-base type from 'test' to 'text'; closes: #59877. * New upstream relase 1.0.8; closes: #70464. * Updated copyright notice. * Removed Y2kINFO from the doc directory. * Added pngtest.c in examples; closes: #65229. * Updated to standards version 3.2.1.0. * Added build-depends line in control file; closes: #69291. -- Philippe Troin Mon, 11 Sep 2000 23:19:12 -0700 libpng (1.0.5-1) frozen unstable; urgency=low * Maintainer upload (closes: #48244, #48246). * Added some extra explanations for the setjmp.h mess (closes: #56759), see pngconf.h for details. -- Philippe Troin Mon, 28 Feb 2000 13:53:22 -0800 libpng (1.0.5-0.1) unstable; urgency=low * Non-maintainer release. * New upstream release. (closes:Bug#48244). * Remove versioned depend from shlibs (closes:Bug#48246). -- Joel Klecker Sat, 30 Oct 1999 08:12:53 -0700 libpng (1.0.3-1) unstable; urgency=low * New upstream version (1.0.3); Closes: #31870, #46333. * Maintainer upload, closes NMU bugs; Closes: #28412, #31523, #31690. * FHS compliant. * New standard-version 3.0.1. * Lintian clean. * Removed temporary zlib1g line in control file (used to be a bug in zlib1g). * Moved the documentation file to the -dev package. * Register documentation file to doc-base. * Fontified man pages with addformat script; Closes #38680. -- Philippe Troin Mon, 4 Oct 1999 18:59:42 -0700 libpng (1.0.2b-0.1) frozen unstable; urgency=low * New upstream (bug-fix only) version. (Should fix bugs #31690滼, since I can't reproduce them) From the author: "I have recently uploaded libpng-1.0.2b to ftp://swrinde.nde.swri.edu/pub/png-group/src I plan to release it as libpng-1.0.3 in a few days, but would like to hear whether it fixes the problems with GNOME. It restores a few lines of code that were inadvertently deleted from pngread.c, which seems to be the cause of problems with adding an alpha channel (which you fixed by downgrading to libpng-1.0.1's pngread.c)." [Glenn Randers-Pehrson ] * Masquerade version number to 1.0.3 to make Imlib & Co. happy. -- Vincent Renardias Mon, 11 Jan 1999 06:27:55 +0100 libpng (1.0.2-1.1) frozen unstable; urgency=low * Fix Important bug #28412 (using pngread.c from libpng-1.0.1 did the trick). -- Vincent Renardias Wed, 6 Jan 1999 19:00:15 +0100 libpng (1.0.2-1) unstable; urgency=low * Maintainer release (to change a bit). * Pristine sources. * Libpng2-dev includes example.c (fixes bug #10315). * Changed control file to reflect difference with libpng0g (fixes #23795). * Recompiled (should fix the zlib1g missing symbol, bug #24450). * Added -D_REENTRANT also to static library. * Added a dependency upon zlib1g >= 1.1.2 (otherwise we get a missing symbol) (fixes bug #24450). -- Philippe Troin Tue, 22 Sep 1998 00:17:16 -0700 libpng (1.0.2-0.1) unstable; urgency=low * Non-maintainer release * New upstream version -- Karl M. Hegbloom Tue, 4 Aug 1998 23:47:00 -0700 libpng (1.0.1-0.2) unstable; urgency=medium * debian/rules (binary-arch): don't call install with -s as an argument when installing a shared library; it doesn't know to use --strip-unneeded, and we call strip separately later anyway. * scripts/makefile.lnx (CFLAGS): killed i386-isms. * scripts/makefile.lnx: compiled shared libraries with -D_REENTRANT. (The above fixes are from James Troup, who yet again, alerted me to my screwups ;) * debian/postinst: only call ldconfig if $1 = configure. -- Joel Klecker Wed, 17 Jun 1998 10:25:27 -0700 libpng (1.0.1-0.1) unstable; urgency=low * New upstream bug fix release. * Include man pages. -- Joel Klecker Wed, 06 May 1998 08:51:49 -0700 libpng (1.0.0-0.1) unstable; urgency=low * Non-maintainer Release. * New Upstream Release. * Changed source package name to `libpng'. * Added `-f makefile.lnx' to make invocations in debian/rules. * Removed `ldconfig' call from postrm. -- Joel Klecker Tue, 4 Mar 1998 17:58:05 -0800 libpng0 (0.96-5) unstable; urgency=low * Removed executable permissions on shared libs (fixes bug #15478). * Updated Standards-Version to 2.3.0.1. -- Philippe Troin Sun, 25 Jan 1998 13:19:51 -0800 libpng0 (0.96-4) unstable; urgency=low * Shared libraries are stripped with --strip-unneeded and static libraries with --strip-debug (fixes bug #15669). * Made the build strip non-i386 specific (patch by James Troup) (fixes bug #13832). * Removed the dependency between the libc5 and libc6 versions. -- Philippe Troin Sun, 18 Jan 1998 22:37:19 -0800 libpng0 (0.96-3) unstable; urgency=low * Libc6 compilation. -- Philippe Troin Tue, 23 Sep 1997 21:38:42 -0700 libpng0 (0.96-2) unstable; urgency=low * Fixed permissions in /usr/doc/libpng0 (fixes bug #10540). -- Philippe Troin Sun, 15 Jun 1997 13:18:38 -0700 libpng0 (0.96-1) unstable; urgency=low * New upstream sources. -- Philippe Troin Thu, 12 Jun 1997 23:32:29 -0700 libpng0 (0.95b-1) unstable; urgency=low * New maintainer. * Upgraded to upstream version 0.95b. * Make debian/rules version independent. * Debian/rules clean now removes substvars. * Bumped the shlibs version to 0.95 as some incompatibilities were introduced between 0.89 and 0.90. * Added the Section: and Priority: fields to the control file (fixes bug #6370). * Now /usr/doc/libpng0 contains various info and the debian change log stuff (fixes bug #7925). * Added -D_REENTRANT compilation flag. -- Philippe Troin Fri, 18 Apr 1997 14:44:09 -0700 libpng (0.89c-6) unstable; urgency=low * Moved shlibs file to correct location -- Michael Alan Dorman Sun, 15 Dec 1996 13:03:19 -0500 libpng (0.89c-5) unstable; urgency=low * Added shlibs file -- Michael Alan Dorman Sat, 23 Nov 1996 16:23:06 -0500 libpng (0.89c-4) unstable; urgency=low * Now stripping shared libraries (Bug#5134) -- Michael Alan Dorman Sat, 23 Nov 1996 12:05:06 -0500 libpng (0.89c-3) unstable; urgency=low * Corrected maintainers address -- Michael Alan Dorman Mon, 23 Sep 1996 12:52:03 -0400 libpng (0.89c-2) unstable; urgency=low * Accommodate the fact that dpkg-source doesn't properly preserve permissions on scripts when extracting package. (Bug#4513) -- Michael Alan Dorman Mon, 23 Sep 1996 12:34:35 -0400 libpng (0.89c-1) unstable; urgency=low * New upstream version. * Moved to new source packaging format. -- Michael Alan Dorman Thu, 12 Sep 1996 15:19:35 -0400 LocalWords: libpng doc Troin setjmp pngconf shlibs Klecker Oct NMU FHS Co LocalWords: Lintian zlib dev Fontified addformat pngread Randers Pehrson LocalWords: Imlib Renardias Sep Hegbloom Aug debian CFLAGS isms Troup Jun LocalWords: postinst ldconfig lnx postrm libs libc libc substvars Apr Nov LocalWords: Dorman dpkg changelog