changelog 5.47 KB
Newer Older
wester committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
jasper (1.900.1-13) unstable; urgency=high

  * Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
    exploitable via specially crafted input files (Closes: #652649)
    Thanks to Red Hat and Michael Gilbert

 -- Roland Stigge <stigge@antcom.de>  Wed, 04 Jan 2012 19:14:40 +0100

jasper (1.900.1-12) unstable; urgency=low

  * Added patch to fix filename buffer overflow, thanks to Jonas Smedegard
    and Alex Cherepanov from ghostscript (Closes: #649833)

 -- Roland Stigge <stigge@antcom.de>  Sun, 27 Nov 2011 19:56:01 +0100

jasper (1.900.1-11) unstable; urgency=low

  * Added Multiarch support, thanks to Colin Watson (Closes: #645118)

 -- Roland Stigge <stigge@antcom.de>  Wed, 02 Nov 2011 17:16:10 +0100

jasper (1.900.1-10) unstable; urgency=low

  * Added debian/watch
  * debian/patches/01-misc-fixes.patch:
    - Separated out config.{guess,sub}

 -- Roland Stigge <stigge@antcom.de>  Mon, 15 Aug 2011 19:09:29 +0200

jasper (1.900.1-9) unstable; urgency=low

  * Switch to dpkg-source 3.0 (quilt) format
  * Using new dh 7 build system

 -- Roland Stigge <stigge@antcom.de>  Tue, 12 Jul 2011 20:21:21 +0200

jasper (1.900.1-8) unstable; urgency=low

  * Removed unneeded .la file (Closes: #633162)
  * debian/control:
    - Standards-Version: 3.9.2
    - use libjpeg8-dev instead of libjpeg62-dev

 -- Roland Stigge <stigge@antcom.de>  Mon, 11 Jul 2011 21:27:24 +0200

jasper (1.900.1-7) unstable; urgency=low

  * Acknowledge NMU
  * Added patch to fix Debian patch for CVE-2008-3521 (Closes: #506739)
  * debian/control: Standards-Version: 3.8.4

 -- Roland Stigge <stigge@antcom.de>  Sun, 21 Feb 2010 16:09:45 +0100

jasper (1.900.1-6.1) unstable; urgency=low

  * Non-maintainer upload.
  * This is a fix for the GeoJP2 patch introduced in 1.900.1-5 which caused 
    GDAL faulting. Thanks Even Rouault. (Closes: #553429)

 -- Francesco Paolo Lovergine <frankie@debian.org>  Wed, 28 Oct 2009 09:39:28 +0100

jasper (1.900.1-6) unstable; urgency=low

  * Reverted to jasper 1.900.1-6 because 1.900.1-5.1 messed up (see #528543)
    but 1.900.1-5 wasn't available anymore. (Closes: #514296, #528543)
  * Re-applied patch from #275619 as in 1.900.1-5
  * debian/control: Standards-Version: 3.8.2
  * Applied patch by Nico Golde (Closes: #501021)
     - CVE-2008-3522[0]: Buffer overflow.
     - CVE-2008-3521[1]: unsecure temporary files handling.
     - CVE-2008-3520[2]: Multiple integer overflows.

 -- Roland Stigge <stigge@antcom.de>  Sat, 20 Jun 2009 15:21:16 +0200

jasper (1.900.1-5.1) unstable; urgency=low

  * Non-maintainer upload.
  * add patches/02_security.dpatch to fix various CVEs (Closes: #501021):
     + CVE-2008-3522[0]: Buffer overflow.
     + CVE-2008-3521[1]: unsecure temporary files handling.
     + CVE-2008-3520[2]: Multiple integer overflows.

 -- Pierre Habouzit <madcoder@debian.org>  Sun, 12 Oct 2008 21:40:59 +0200

jasper (1.900.1-5) unstable; urgency=low

  * Added GeoJP2 patch by Sven Geggus <sven.geggus@iitb.fraunhofer.de>
    (Closes: #275619)
  * debian/control: Standards-Version: 3.8.0

 -- Roland Stigge <stigge@antcom.de>  Sun, 08 Jun 2008 13:14:24 +0200

jasper (1.900.1-4) unstable; urgency=low

  * src/libjasper/jpc/jpc_dec.c: Extended assert() to accept 4 color
    components (Closes: #469786)
  * debian/rules: improve "make distclean", thanks to lintian
  * debian/control:
    - Standards-Version: 3.7.3
    - ${Source-Version} -> ${binary:Version}
    - Removed self-dependencies of libjasper-dev

 -- Roland Stigge <stigge@antcom.de>  Sun, 09 Mar 2008 11:53:44 +0100

jasper (1.900.1-3) unstable; urgency=low

  * Fixed segfaults on broken images (Closes: #413041)

 -- Roland Stigge <stigge@antcom.de>  Tue, 10 Apr 2007 10:05:10 +0200

jasper (1.900.1-2) experimental; urgency=low

  * Added jas_tmr.h to -dev package (Closes: #414705)

 -- Roland Stigge <stigge@antcom.de>  Tue, 13 Mar 2007 14:23:58 +0100

jasper (1.900.1-1) experimental; urgency=low

  * New upstream release
  * debian/control:
    - Standards-Version: 3.7.2
    - Build-Depends: freeglut3-dev instead of libglut3-dev (Closes: #394496)
  * Renamed packages to libjasper1, libjasper-dev, libjasper-runtime according
    to upstream shared library naming change

 -- Roland Stigge <stigge@antcom.de>  Fri, 26 Jan 2007 14:22:18 +0100

jasper (1.701.0-2) unstable; urgency=low

  * Prevent compression of pdf documents in binary packages
  * Added man pages for the executables (Closes: #250077)
  * Again renamed binary packages to reflect Policy:
      - libjasper-1.701-1
      - libjasper-1.701-dev (Provides, Replaces and Conflicts: libjasper-dev)
      - libjasper-runtime

 -- Roland Stigge <stigge@antcom.de>  Sun, 20 Jun 2004 13:54:10 +0200

jasper (1.701.0-1) unstable; urgency=low

  * New maintainer (Closes: #217099)
  * New upstream release (Closes: #217570)
      - new DFSG-compliant license (Closes: #218999, #245075)
      - includes newer libtool related files (Closes: #210383)
  * debian/control:
      - Standards-Version: 3.6.1
      - Changed binary package names, fixed interdependencies (Closes: #211592)
          libjasper-1.700-2 => libjasper1
          libjasper-1.700-2-dev => libjasper-dev
          libjasper-progs => libjasper-runtime
        (new packages conflicting and replacing the old ones)
      - Added libxi-dev, libxmu-dev, libxt-dev to Build-Depends
        (Closes: #250481)

 -- Roland Stigge <stigge@antcom.de>  Sat, 19 Jun 2004 23:19:32 +0200

jasper (1.700.2-1) unstable; urgency=low

  * Initial Release.

 -- Christopher L Cheney <ccheney@debian.org>  Fri, 22 Aug 2003 01:30:00 -0500