jbig2dec (0.12+20150918-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in jbig2_image_new
    - debian/patches/CVE-2016-9601-pre.patch: prevent checking too early in
      jbig2.c.
    - debian/patches/CVE-2016-9601-1.patch: fix signed/unsigned warnings in
      jbig2.c, jbig2.h, jbig2_generic.c, jbig2_halftone.c, jbig2_huffman.c,
      jbig2_huffman.h, jbig2_image.c, jbig2_mmr.c, jbig2_page.c,
      jbig2_priv.h, jbig2_segment.c, jbig2_symbol_dict.c,
      jbig2_symbol_dict.h, jbig2_text.c, jbig2_text.h.
    - debian/patches/CVE-2016-9601-2.patch: fix warnings in jbig2_image.c,
      jbig2_mmr.c, jbig2_symbol_dict.c.
    - CVE-2016-9601
  * SECURITY UPDATE: integer overflow in big2_decode_symbol_dict
    - debian/patches/CVE-2017-7885.patch: add extra check to
      jbig2_symbol_dict.c.
    - CVE-2017-7885
  * SECURITY UPDATE: integer overflow in jbig2_build_huffman_table
    - debian/patches/CVE-2017-7975.patch: use uint32_t in jbig2_huffman.c.
    - CVE-2017-7975
  * SECURITY UPDATE: integer overflow in jbig2_image_compose
    - debian/patches/CVE-2017-7976.patch: add bounds check to
      jbig2_image.c.
    - CVE-2017-7976

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 19 May 2017 08:26:25 -0400

jbig2dec (0.12+20150918-1) unstable; urgency=medium

  [ upstream ]
  * Snapshot.
    + Tidy build configuration.
    + Update for modern libpng.
    + Commit of build_consolidation branch.
    + Fixes for Windows build with VS 2015.
    + Check that cloned image exists before proceeding further.
    + Release huffman table memory properly.

  [ Jonas Smedegaard ]
  * Fix lintian overrides.
  * Unfuzz all patches.

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 26 Sep 2015 17:33:05 +0200

jbig2dec (0.12-2) unstable; urgency=medium

  * Move package maintenance to printing team.
  * Suppress lintian warning about build-depending unversioned on
    debhelper.
  * Update copyright info: Fix strip stray License field.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 31 Jul 2015 19:19:18 +0200

jbig2dec (0.12-1) unstable; urgency=medium

  * Update README.source to emphasize that control.in file is *not* a
    show-stopper for contributions, referring to wiki page for details.
  * Update upstream URLs to reflect move to git.ghostscript.com and lack
    of tarball releases.
  * Declare compliance with Debian Policy 3.9.6.
  * Update Vcs-* fields.
  * Bump debhelper compatibility level to 9.
  * Update copyright info:
    + Extend coverage for myself.
    + Bump packaging license to GPL-3+.
    + Fix use SPDX shortname for X11 license.
      Thanks to Paul Richards Tagliamonte.
    + Use file format 1.0.
    + Use license short-name public-domain.
    + Bump main license to AGPL-3+.
      Add NEWS file about that change.
    + Drop unused Files and License sections for autotools files.
    + Use License-Grant and License-Reference fields.
      Thanks to Ben Finney.
  * Use newest autotools.
    Build-depend automake (not automake1.11) and on recent cdbs.
  * Drop patches 1002 1003 applied upstream.
  * Improve patch 1004: Remove extracted file from script to detect
    upstream code changes.
  * Add debian/patches/README documenting patch naming micro-policy.
  * Add patch 2001 to avoid including problematic and seemingly uneeded
    pngstruct.h.
  * Let CDBS move aside upstream cruft during build.
  * Cleanup more autotools files.
  * Add symbols file.
    Closes: bug#694899. Thanks to Logan Rosen.
  * Fix tie d-shlibs target also to development package (not only
    library package).
  * Add lintian overrides regarding license in License-Reference field.
    See bug#786450.
  * Update package relations:
    + Build-depend unversioned on d-shlibs: Needed version satisfied
      even in oldstable.
  * Install into multiarch paths.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 31 Jul 2015 11:45:03 +0200

jbig2dec (0.11+20120125-1) unstable; urgency=low

  * New snapshot of upstream git.
  * Autogenerate autotools.
  * Add patches cherry-picked from Ghostscript:
    1002: Prevent composition if src outside clip region.
    1003: Implement generic refinement region when TPGRON is TRUE.
  * Add patch 1004 to add config_types.h.in (not create in autogen.sh).
  * Fix strip editing noise from copyright file.
  * Fix watch file to cover current release: Ignore compression suffix.
  * Bump debhelper compat level to 7.
  * Bump standards-version to 3.9.2.
  * Simplify *.install file, thanks to debhelper compat level 7.
  * Ease building with git-buildpackage: Git-ignore .pc dir.
  * Update copyright file:
    + Reformat using rev. 174 of draft DEP-5 syntax.
    + Fix declare exceptions as such.
    + Fix include Expat~X license verbatim (adding "Some files
      differ..." to License field violates need for "verbatim copy").
    + Separate comments from License field in GNU License sections,
      shorten comments and quote license in them.
    + Rename licenses to better match recent DEP5 draft (e.g. avoid
      "other" prefix).
    + Rewrap License sections at 72 chars.
    + Fix reference GNU licenses versioned.
    + Document in Comment field of AFPL License section the lack of
      actual licensing text: license unused by Debian.
    + Extend copyright years.
  * Update package relations:
    + Relax build-depend unversioned on debhelper and devscripts (needed
      versions satisfied even in oldstable).
    + Build-depend on libtool, automake1.11 and autoconf.
    + Tighten build-dependency on d-shlibs.
  * Stop installing -la file.
    Closes bug#621683. Thanks to Neil Williams.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 10 Feb 2012 17:44:51 +0100

jbig2dec (0.11-1) unstable; urgency=low

  * Initial release. Closes: bug#539965.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 21 Apr 2010 21:06:47 +0200
