libgd2 (2.2.5-5.2ubuntu2.1) focal-security; urgency=medium * SECURITY UPDATE: Heap-based buffer over-read - debian/patches/CVE-2017-6363-*.patch: make sure transparent palette index is within bounds in src/gd_gd.c and add tests in tests/gd/bug00383.c, tests/gd/CMakeLists.txt, tests/gd/Makemodule.am, tests/gd2/bug00383.c, tests/gd2/CMakeLists.txt, test/gd2/Makemodule.am. - CVE-2017-6363 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in reading tga header file in src/gd_tga.c. - CVE-2021-38115 * SECURITY UPDATE: Double free - debian/patches/CVE-2021-40145.patch: fix a memory leak in src/gd_gd2.c. - CVE-2021-40145 -- Leonidas Da Silva Barbosa Mon, 30 Aug 2021 15:10:22 -0300 libgd2 (2.2.5-5.2ubuntu2) focal; urgency=medium * No change rebuild. -- Tiago Stürmer Daitx Thu, 16 Apr 2020 15:43:03 +0000 libgd2 (2.2.5-5.2ubuntu1) focal; urgency=medium * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers to crash an application via a specific function call sequence - debian/patches/CVE-2018-14553.patch: remove manual style copy from src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c. - CVE-2018-14553 -- Avital Ostromich Thu, 05 Mar 2020 14:12:25 -0500 libgd2 (2.2.5-5.2) unstable; urgency=high * Non-maintainer upload. * Fix CVE-2019-11038: Uninitialized read in gdImageCreateFromXbm (Closes: #929821) -- Jonas Meurer Tue, 11 Jun 2019 16:21:57 +0200 libgd2 (2.2.5-5.1) unstable; urgency=medium * Non-maintainer upload. * Heap-based buffer overflow in gdImageColorMatch (CVE-2019-6977) (Closes: #920645) * Potential double-free in gdImage*Ptr() (CVE-2019-6978) (Closes: #920728) -- Salvatore Bonaccorso Sat, 02 Feb 2019 10:55:00 +0100 libgd2 (2.2.5-5) unstable; urgency=medium * Update Vcs-* links to salsa.d.o * Update maintainers address to team+gd@tracker.d.o (Closes: #899928) * Remove Files-Excluded from d/copyright, the files just inherit the global license (Closes: #883760) -- Ondřej Surý Sun, 28 Oct 2018 22:20:23 +0000 libgd2 (2.2.5-4.1) unstable; urgency=medium * Non-maintainer upload. * Potential infinite loop in gdImageCreateFromGifCtx (CVE-2018-5711) (Closes: #887485) * bmp: check return value in gdImageBmpPtr (CVE-2018-1000222) (Closes: #906886) * Remove src/Makefile.am patching in tests-make-a-little-change-for-autopkgtest.patch. Fixes "libgd2 FTBFS: cannot find -lgd". Thanks to Helmut Grohne and Adrian Bunk (Closes: #906840) -- Salvatore Bonaccorso Sat, 06 Oct 2018 00:22:59 +0200 libgd2 (2.2.5-4) unstable; urgency=medium [ Jiří Paleček ] * Disable the test during build and run the testsuite through autopkgtest (Closes: #867003) * Make --as-needed work again [ Ondřej Surý ] * Get rid of libgd2*-dev traces (Closes: #879254) -- Ondřej Surý Sun, 22 Oct 2017 11:14:32 +0200 libgd2 (2.2.5-3) unstable; urgency=medium * Disable gdimagerotate/bug00067 because it FTBFS on i386 -- Ondřej Surý Tue, 05 Sep 2017 13:46:57 +0200 libgd2 (2.2.5-2) unstable; urgency=medium * Fix OOB read due to crafted GD/GD2 images * Disable gdimagecopyresampled/bug00201 that makes some platforms to FTBFS -- Ondřej Surý Mon, 04 Sep 2017 09:43:31 +0200 libgd2 (2.2.5-1) unstable; urgency=high * New upstream version 2.2.5 + [CVE-2017-6362]: Double-free in gdImagePngPtr(). + [CVE-2017-7890]: Buffer over-read into uninitialized memory. * Update d/watch for the github releases * Refresh patches for the 2.2.5 release -- Ondřej Surý Wed, 30 Aug 2017 14:21:43 +0200 libgd2 (2.2.4-2) unstable; urgency=medium * Apply correct patch on tiff_invalid_read -- Ondřej Surý Wed, 18 Jan 2017 21:06:46 +0100 libgd2 (2.2.4-1) unstable; urgency=medium * New upstream version 2.2.4 * Rebase patches on top of libgd-2.2.4 release * Disable tiff/tiff_invalid_read test -- Ondřej Surý Wed, 18 Jan 2017 12:11:06 +0100 libgd2 (2.2.3-87-gd0fec80-3) unstable; urgency=medium * Disable tests/gdimagegrayscale as it breaks the 32-bit builds -- Ondřej Surý Mon, 07 Nov 2016 09:37:59 +0100 libgd2 (2.2.3-87-gd0fec80-2) unstable; urgency=medium * [CVE-2016-6911]: Fix invalid read in gdImageCreateFromTiffPtr() (Closes: #840806) -- Ondřej Surý Sun, 06 Nov 2016 23:38:28 +0100 libgd2 (2.2.3-87-gd0fec80-1) unstable; urgency=medium * Imported Upstream version 2.2.3-87-gd0fec80 + [CVE-2016-8670]: Stack Buffer Overflow in GD dynamicGetbuf + [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr() + [CVE-2016-7568]: Integer overflow in gdImageWebpCtx (Closes: #840805, #840806, #839659) * Refresh patches on top of git snapshot 2.2.3-87-gd0fec80 * Replace -dbg with -dbgsym packages * Disable php_bug_72339 that has overflow constant * Fix error: ISO C99 requires at least one argument for the "..." in a variadic macro -- Ondřej Surý Mon, 31 Oct 2016 09:56:49 +0100 libgd2 (2.2.3-3) unstable; urgency=medium * Initialize error in tests/gd2/gd2_read.c -- Ondřej Surý Wed, 27 Jul 2016 11:04:33 +0200 libgd2 (2.2.3-2) unstable; urgency=medium * Remove the failing test from the test suite rather than juggling with architecture tests (Closes: #832390) -- Ondřej Surý Wed, 27 Jul 2016 09:12:12 +0200 libgd2 (2.2.3-1) unstable; urgency=medium * Imported Upstream version 2.2.3 -- Ondřej Surý Tue, 26 Jul 2016 09:03:38 +0200 libgd2 (2.2.2-43-g22cba39-2) unstable; urgency=medium * Use DEB_HOST_ARCH instead of DEB_HOST_GNU_CPU to detect i386 (Closes: #832390) -- Ondřej Surý Mon, 25 Jul 2016 09:57:12 +0200 libgd2 (2.2.2-43-g22cba39-1) unstable; urgency=medium * Imported Upstream version 2.2.2-43-g22cba39 * Don't fail on failed tests to fix i386 FTBFS * Add default debian rules include to skip checking tests only on i386 -- Ondřej Surý Wed, 20 Jul 2016 07:34:04 +0200 libgd2 (2.2.2-29-g3c2b605-1) unstable; urgency=medium * Imported Upstream version 2.2.2-29-g3c2b605 + [CVE-2016-5766]: Fix Integer Overflow in _gd2GetHeader() resulting in heap overflow (Closes: #829014) + [CVE-2016-6128]: Fix invalid color index not handled, can lead to crash (Closes: #829062) + [CVE-2016-6161]: Add upstream patch to fix gif: avoid out-of-bound reads of masks array + [CVE-2016-6132]: Fix out-of-bounds read in the parsing of TGA files (Closes: #829694) + [CVE-2016-6214]: Fix read out-of-bands was found in TGA + Fix another out-of-bounds read in read_image_tga (upstream #248) * Remove patches merged upstream -- Ondřej Surý Thu, 14 Jul 2016 10:53:07 +0200 libgd2 (2.2.1-1) unstable; urgency=medium [ Salvatore Bonaccorso ] * Imported Debian patch 2.1.1-4.1 [ Ondřej Surý ] * Imported Upstream version 2.2.0 * Delete obsolete patches * Don't install obsolete gdlib-config * [CVE-2015-8874]: Stack consumption vulnerability in GD allows remote attackers to cause a denial of service via a crafted imagefilltoborder call * Build with libwebp-dev instead of old libvpx-dev * Initialize full_filename in tests/gdimagefile/gdnametest.c * Imported Upstream version 2.2.1 * CVE-2015-8874 is now fixed in the upstream release -- Ondřej Surý Mon, 23 May 2016 14:39:37 +0200 libgd2 (2.1.1-4.1) unstable; urgency=high * Non-maintainer upload (with Ondrej's approval directly uploaded) * CVE-2016-3074: Signedness vulnerability causing heap overflow (Closes: #822242) -- Salvatore Bonaccorso Sat, 23 Apr 2016 10:49:43 +0200 libgd2 (2.1.1-4) unstable; urgency=medium * Fix xmp vs xpm typo in Provides (Closes: #791435) -- Ondřej Surý Tue, 07 Jul 2015 13:09:26 +0200 libgd2 (2.1.1-3) unstable; urgency=medium * Add libgd-{no,}xmp-dev to libgd-dev Provides to fix FTBFS in packages still depending on old name (Closes: #791435). Thanks Mattia Rizzolo for catching this early. -- Ondřej Surý Tue, 07 Jul 2015 08:59:00 +0200 libgd2 (2.1.1-2) unstable; urgency=medium * Drop libgd2-{xpm,noxmp}-dev dummy packages -- Ondřej Surý Mon, 29 Jun 2015 13:38:39 +0200 libgd2 (2.1.1-1) unstable; urgency=medium [ Sebastian Ramacher ] * Fix build against libvpx 1.4 (Closes: #785403) [ Mario Lang ] * Fix Vcs-* URL in debian/control. [ Ondřej Surý ] * New upstream version 2.1.1 * Update patches for GD 2.1.1 release -- Ondřej Surý Tue, 19 May 2015 11:22:50 +0200 libgd2 (2.1.0-5) unstable; urgency=high * Remove seanius from Uploaders. So Long, and Thanks for All the Fish. (Closes: #773439) * Fix buffer overflow found by Jan Bee and fixed by Remi Collet -- Ondřej Surý Thu, 18 Dec 2014 13:30:57 +0100 libgd2 (2.1.0-4.1) unstable; urgency=medium * Non-maintainer upload. * Make package binNMU-safe by converting empty transitional packages to arch=any. (Closes: #762325) -- Andreas Barth Sun, 28 Sep 2014 12:01:30 +0000 libgd2 (2.1.0-4) unstable; urgency=medium * [CVE-2014-2497]: NULL pointer dereference -- Ondřej Surý Mon, 04 Aug 2014 11:07:19 +0200 libgd2 (2.1.0-3) unstable; urgency=low * Enable subdir-objects in AC_INIT_AUTOMAKE (Closes: #724841) -- Ondřej Surý Mon, 30 Sep 2013 11:10:16 +0200 libgd2 (2.1.0-2) unstable; urgency=low * Properly quote GD_EXTRA_VERSIOn and GD_VERSION_STRING (Courtesy of Marc Deslauriers) (Closes: #714363) -- Ondřej Surý Fri, 28 Jun 2013 15:44:28 +0200 libgd2 (2.1.0-1) unstable; urgency=low * New upstream version 2.1.0 * Remove patches merged upstream and pull a fix for incorrect compiled-in version -- Ondřej Surý Thu, 27 Jun 2013 10:02:00 +0200 libgd2 (2.1.0~rc2-2) unstable; urgency=low * Pull new upstream tests and fixes (fixes the FTBFS on 32-bit archs) -- Ondřej Surý Mon, 10 Jun 2013 09:46:52 +0200 libgd2 (2.1.0~rc2-1) unstable; urgency=low * New upstream version 2.1.0~rc2 * font-pattern-pointer-deref.patch: Remove, merged upstream * Add new gdImageClone symbol in upstream libgd3 library -- Ondřej Surý Fri, 07 Jun 2013 13:30:36 +0200 libgd2 (2.1.0~rc1-2) unstable; urgency=low [ Colin Watson ] * Add missing pointer dereference in font_pattern (closes: #709050). [ Ondřej Surý ] * "I will test my changes with piuparts" release (Closes: #708111) -- Ondřej Surý Sat, 25 May 2013 19:43:22 +0200 libgd2 (2.1.0~rc1-1) unstable; urgency=low * Imported Upstream version 2.1.0~rc1 * Remove patches merged in upstream -- Ondřej Surý Fri, 24 May 2013 09:09:47 +0200 libgd2 (2.1.0~alpha1-6) unstable; urgency=low * Fix libgd2-dev -> libgd-dev in transitional packages (Closes: #708111) -- Ondřej Surý Thu, 23 May 2013 13:24:57 +0200 libgd2 (2.1.0~alpha1-5) unstable; urgency=low * Drop chrpath, it's not needed when we switched to libtiff-dev and it was broken anyway. -- Ondřej Surý Wed, 22 May 2013 10:28:27 +0200 libgd2 (2.1.0~alpha1-4) unstable; urgency=low * Build-Depend and Depend on libtiff-dev to make binNMUs easier * Fix libgd-dev dependency from libpng12-dev to libpng-dev * Don't ignore errors in postinst scripts * Fix debhelper-but-no-misc-depends in transitional packages * Silence invalid warning about virtual package depends on libgd-dev * Add missing Files: * to debian/copyright main License block * Explicitly call --with-tiff=/usr to catch tiff 3.x without pkg-config * Enable full hardening build -- Ondřej Surý Tue, 21 May 2013 17:47:54 +0200 libgd2 (2.1.0~alpha1-3) unstable; urgency=low * Build-depend on libtiff5-alt-dev to easy the transition * Pull some upstream fixes (Closes: #709074, #709074) * Add pkg-config support for tiff-4 (and others) to allow compilation against libtiff5-alt-dev (pull from upstream) * libgd-dev now depends on libtiff5-alt-dev | libtiff5-dev | libtiff-dev * Remove RPATH from binaries, it's not needed -- Ondřej Surý Fri, 17 May 2013 15:32:27 +0200 libgd2 (2.1.0~alpha1-2) unstable; urgency=low * Upload to unstable * Build-depend on libtiff5-dev | libtiff-dev to allow easier backports * Remove libjpeg skip test patch, add HAVE_CONFIG_H patch (Closes: #708413) * Yet another rename when uploading to unstable: + development library package to libgd-dev + shared library package to libgd3 -- Ondřej Surý Wed, 15 May 2013 13:42:49 +0200 libgd2 (2.1.0~alpha1-1) experimental; urgency=low * Update copyright with correct cmake module authors * Imported Upstream version 2.1.0~alpha1 * Update debian/watch to bitbucket.org * Add docdir symlinks in postinst for transitional packages when upgrading (Closes: #708111) -- Ondřej Surý Mon, 13 May 2013 16:57:19 +0200 libgd2 (2.1.0~alpha~8+ecc535-2) experimental; urgency=low * Build-Depend on libpng-dev (Closes: #662401) -- Ondřej Surý Tue, 07 May 2013 12:09:12 +0200 libgd2 (2.1.0~alpha~8+ecc535-1) experimental; urgency=low * Imported Upstream version 2.1.0~alpha~8+ecc535 * Imported Upstream version 2.1.0~alpha~7+292b0a * Imported Upstream version 2.1.0~alpha~6+bc7015 * Remove Breaks: php5-common, since it also clashes with PHP 5.4 * Introduce libgd2-dbg package with debug symbols -- Ondřej Surý Sun, 05 May 2013 10:42:20 +0200 libgd2 (2.1.0~alpha~5+9ca645-1) experimental; urgency=low * Imported Upstream version 2.1.0~alpha~5+9ca645 + This build changes the double->int conversion in clip_1d hopefully allowing the tests to pass correctly -- Ondřej Surý Sat, 27 Apr 2013 09:15:08 +0200 libgd2 (2.1.0~alpha~4+cf9d7f-1) experimental; urgency=low * Imported Upstream version 2.1.0~alpha~3 * Imported Upstream version 2.1.0~alpha~4+cf9d7f * Disable jpeg_read test which is broken with libjpeg8 * Add couple of new symbols and remove gdImageAntialias, that didn't make it to 2.1.0; add Breaks: php5 (<< 5.5.0~beta4) -- Ondřej Surý Thu, 25 Apr 2013 12:17:06 +0200 libgd2 (2.1.0~alpha~2-1) experimental; urgency=low * Imported Upstream version 2.1.0~alpha~2 * Update debian/libgd2-3.symbols with new functions -- Ondřej Surý Thu, 18 Apr 2013 09:35:28 +0200 libgd2 (2.1.0~alpha~1-2) experimental; urgency=low * Introduce transitional packages for libgd2-{noxpm,xpm}-dev * Don't install separate docs for transitional packages * Fix some formatting errors in gdlib-config.1 manpage * Fix the xmp->xpm typo -- Ondřej Surý Tue, 16 Apr 2013 08:58:45 +0200 libgd2 (2.1.0~alpha~1-1) experimental; urgency=low * Imported Upstream version 2.1.0~alpha~1 (upstream 2.1.0-alpha git snapshot) * Update uploaders to include me and remove Jonas * Update gbp.conf for experimental * Switch the build system to debhelper * Drop gnulib dependency (I have updated config.rpath upstream) (Closes: #396172) * Get rid of xpm vs noxpm library dichotomy (Closes: #443654, #376098) + Rename libgd2-{xpm,noxpm} to libgd2-3 to match bumped SONAME + Rename libgd2-{xpm,noxpm}-dev to libgd2-dev * Update debian/copyright; add license for gd_nnquant.c and gd_wepimp.* * Override dh_install to add --fail-missing to catch all new files * Remove obsolete patches from 2.0.x series, all have been merged upstream * Add autoreconf to dh invocation to generate configure * Add VPX and TIFF support to GD library * Update libgd2-3.symbols for latest git upstream version (Closes: #661543) * Install pkgconfig files * Patch gdlib-config to use pkg-config internally (Closes: #672953) -- Ondřej Surý Sun, 14 Apr 2013 11:12:25 +0200 libgd2 (2.0.36~rc1~dfsg-6.1) unstable; urgency=low * Non-maintainer upload. * Support multi-arch: (closes: #652496) - Mark libgd2-xpm, libgd2-noxpm, libgd2-xpm-dev and libgd2-noxpm-dev as same. - Adjust d-shlibs and dh-buildinfo build-dependency. * Drop .la files. -- Bastian Blank Sun, 13 May 2012 09:16:37 +0000 libgd2 (2.0.36~rc1~dfsg-6) unstable; urgency=low * Acknowledge NMU. Closes: bug#619537, #621612. Thanks to Luk Claes. * Rewrite copyright file using draft 174 of DEP-5 format. * Add patch 0003 to fix support large images. Closes: bug#595368. Thanks to Teodor Milkov. * Add patch 0004 to fix printf string formatting. Closes: bug#643422. Thanks to Didier Raboud and Thorsten Glaser. * Bump Standards-Version to 3.9.2. * Bump debhelper compatibility level to 7. * Update package relations: + Tighten build-dependency on cdbs: Needed to support debhelper 7. + Relax build-depend unversioned on debhelper and devscripts: Needed versions satisfied even in oldstable. -- Jonas Smedegaard Sat, 15 Oct 2011 22:23:42 +0200 libgd2 (2.0.36~rc1~dfsg-5.1) unstable; urgency=low * Non-maintainer upload. * Remove references to other libraries from dependency_libs field Closes: #619537,#621612. -- Luk Claes Mon, 30 May 2011 07:51:27 +0200 libgd2 (2.0.36~rc1~dfsg-5) unstable; urgency=low * Workaround CDBS not honoring per-flavor configure flags yet. Closes: bug#595709. Thanks to brian m. carlson. * Ease building with git-buildpackage: + Git-ignore quilt .pc dir. + Add dpkg source local-options. * Update copyright-check suppression: + Fix add ./ prefix. + Suppress demo/test graphics. + Avoid suppressing the whole debian subdir. -- Jonas Smedegaard Sun, 17 Oct 2010 15:11:45 +0200 libgd2 (2.0.36~rc1~dfsg-4) unstable; urgency=low * Acknowledge NMUs. Thanks to Giuseppe Iuculano and Robert Lemmen. * Drop local CDBS snippets: All included in main cdbs package now. As local snippets conflicted with recent releases of the cdbs package this closes: bug#564374. Thanks to Lucas Nussbaum and Philipp Kern. Tighten build-dependency on cdbs. * Use dpkg source format "3.0 (quilt)". Drop patchsys-quilt.mk and related dependencies. * Packaging moved to Git: + Update Vcs-* stanzas. + Add git-buildpackage config enabling pristine-tar and signed tags. * Add README.source documenting use of CDBS and git-buildpackage, and drop README.cdbs-tweaks. Drop cdbs comments in debian/rules. * Add DEP3 hints ot patch. * Update packaging hall of shame in TODO. * Rewrite debian/copyright using draft DEP5 format rev. 135. * Preserve (not clean) upstream-shipped tempfile during build. * Depend on ${misc:Depends}. Thanks to lintian. * Bump up standards-version to 3.9.1. * Use $(filter ...) instead of $(findstring ...) to extract space- separated options from DEB_BUILD_OPTIONS in debian/rules. * Build-depend unversioned on d-shlibs (needed version satisfied in oldstable). -- Jonas Smedegaard Sun, 05 Sep 2010 14:36:52 +0200 libgd2 (2.0.36~rc1~dfsg-3.2) unstable; urgency=low * Non-maintainer upload. * Fixed libjpeg dependency (Closes: #569682) -- Robert Lemmen Tue, 23 Mar 2010 17:06:39 +0000 libgd2 (2.0.36~rc1~dfsg-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks via crafted files (Closes: #552534) -- Giuseppe Iuculano Mon, 09 Nov 2009 21:19:11 +0100 libgd2 (2.0.36~rc1~dfsg-3) unstable; urgency=medium * Drop bogus "-Wl,--disable-rpath" ld flags. Closes: bug#478534, #476018, thanks to Kumar Appaiah. * Install (cleaned copy of) index.html as both README and README.html. * Build-depend on html2text (pulled in by debhelper too, but also used explicitly so we must depend on it ourselves according to Policy). * Update local cdbs snippets: + Add and use local autotools.mk extended to support multiple build flavors (instead of custom-invoked configure + make). As extra bonus this fixes support for cross-compilation (thanks to Kumar Appaiah for pointing it out in bug#476018). + Add local autotools-vars.mk, makefile.mk and makefile-vars.mk needed by local autotools.mk above. + Strip non-printable characters in copyright-check.mk. + Relaxed copyright-check.mk to only warn by default. + Update dependency cleanup to strip cdbs 0.4.27 (not 0.4.27-1). * Update debian/copyright-hints. * Bump debhelper compatibility level to 6. * Semi-auto-update debian/control to update build-dependencies: DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean * Set urgency=medium as this fixes serious FTBFS bugs. -- Jonas Smedegaard Sat, 28 Jun 2008 16:54:40 +0200 libgd2 (2.0.36~rc1~dfsg-2) unstable; urgency=medium * Add symbols file. * Add patch 0001 to fix leak in gdImageCopyResized. * Set urgency=medium, as the bugfix above seems security-related. * Update local cdbs snippets: + Enable patchsys-quilt.mk. + Major improvements to update-tarball (but none of them affecting this current packaging). + Major improvements to copyright-check, including new versioned build-dependency on devscripts. Update debian/copyright_hints. Closes: bug#466642. + Drop buildcore.mk override. Set DEB_AUTO_UPDATE_DEBIAN_CONTROL directly instead when needed. + Update debian/README.cdbs-tweaks * Avoid copyright-check choking on config/install.sh and aclocal.m4. * Semi-auto-update debian/control to update build-dependencies: DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean -- Jonas Smedegaard Sat, 12 Apr 2008 00:49:13 +0200 libgd2 (2.0.36~rc1~dfsg-1) unstable; urgency=medium * New upstream prerelease. + Fixed gdImageCopy with true color image, the transparent color was ignored + Fixed support of PNG grayscale image with alpha channel + _gdCreateFromFile() can crash if gdImageCreate fails + gdImageCreateFrom*Ptr() can crash if gdNewDynamicCtxEx() fails + gdImageRectangle draws 1x1 rectangles as 1x3 rectangles + Possible integer overflow in gdImageFill() + Optimization for single pixel line not in correct order + gdImageColorDeallocate can write outside buffer + gdImageColorTransparent can write outside buffer + gdImageWBMPCtx can crash when createwbmp fails * Set urgency=medium due to this being a bugfix-only release, and some of the fixes seems security-related. * Move Homepage to own field (from pseudo-field in long description). * Move XS-Vcs-* control fields to Vcs-*. * Add patch 0003 to fix segfault when createwbmp fails. * Adjust watch file: + Include upstream prereleases + Ignore local trailing ~dfsg repackaging hint + Invoke svn-upgrade (not uupdate) * Update cdbs tweaks: + Support zip in upstream-tarball.mk (unneeded here) + Use ~ as repackaging delimiter in upstream-tarball.mk to make room for point releases and cleaned up rerelease + Rename top srcdir in repackaged tarball to $pkg-$ver.orig to comply with Developers Reference 6.7.8.2. + Support mangling upstream version string in upstream-tarball.mk + Drop buildcore.mk override (set DEB_AUTO_UPDATE_DEBIAN_CONTROL manually when needed instead) * Drop all patches: applied upstream. * Strip tests from repackaged source tarball: newly added truetype font comes without license, and all tests are unusable anyway without cmake modules that are already stripped. * Document stripped files in debian/copyright. * Update debian/copyright_hints (newer years for automade files). * Bump standards-version to 3.7.3 (no changes needed). * Semi-auto-update debian/control: DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules -- Jonas Smedegaard Thu, 03 Jan 2008 16:14:46 +0100 libgd2 (2.0.35.dfsg-3) unstable; urgency=high * Add patch hand-picked from upstream CVS: + gdImageColorTransparent can write outside buffer * Raise to urgency=high as this a small, security-related bugfix. -- Jonas Smedegaard Sun, 16 Sep 2007 21:57:28 +0200 libgd2 (2.0.35.dfsg-2) unstable; urgency=medium * Add patch (using patchsystem-quilt.mk cdbs snippet) hand-picked from upstream CVS to fix various security-related issues: + _gdCreateFromFile() can crash if gdImageCreate fails + gdImageCreateFrom*Ptr() can crash if gdNewDynamicCtxEx() + gdImageRectangle draws 1x1 rectangles as 1x3 rectangles + Possible integer overflow in gdImageFill() + Optimization for single pixel line not in correct order + gdImageColorDeallocate can write outside buffer * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control. * Update cdbs tweaks: + Support non-dot-delimited repackaging tag in update-tarball. + update-tarball needs recent cdbs (only relevant for backports). * Cleanup duplicate build-dependencies in debian/rules. * Semi-auto-update debian/control: DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules pre-build * Fix shlibs dependencies: Use DEB_UPSTREAM_VERSION (instead of custom version variables). * Set urgenvy=medium due to the security-related fixes. -- Jonas Smedegaard Tue, 04 Sep 2007 20:28:46 +0200 libgd2 (2.0.35.dfsg-1) unstable; urgency=low * New upstream release. Closes: bug#431443, thanks to Sean Finney. * Repackage source tarball to avoid files below VMS and cmake that contains copyrights with questionable or missing licensing info. * Switch to team maintainance using Alioth project pkg-gd, and myself and Sean Finney as uploaders. Others interested in helping out maintaining packaging of GD and related packages, please get in touch with us at pgk-gd-devel@lists.alioth.debian.org . * Update CDBS tweaks: + Minor improvements to upstream-tarball.mk. + Advertise debian/README.cdbs-tweaks in debian/rules. * Replace deprecated ${Source-Version} with Use binNMU-safe ${binary:Version} in debian/control. Thanks to Lintian. * Update debian/copyright to include new copyright (BSD) for the file strlcpy.c. -- Jonas Smedegaard Sun, 12 Aug 2007 13:40:55 +0200 libgd2 (2.0.34-1) unstable; urgency=low * New upstream release. * Update cdbs tweaks: + Switch from vcs.mk to improved upstream-tarball.mk. + Minor updates to copyright-check. + Minor documentation updates. * Use debhelper.mk cdbs snippet (greatly simplifies custom rules). * No longer set library version (upstream takes care of this now). * Use www.libgd.org (not just libgd.org) as homepage. * Update watch file to use new upstream source (ignoring prereleases). * Cleanup package dependencies: + Provide virtual packages libgd-dev and libgd2. + Drop conflicts on pre-Sarge packages. + Fix conflicting with libgd-noxpm-dev (was libgd-xpm-dev twice). * Fix old changelog entry closing bug#167976, to please lintian. -- Jonas Smedegaard Thu, 17 May 2007 12:29:12 +0200 libgd2 (2.0.34~rc1-1) unstable; urgency=high * New upstream prerelease. * Drop all patches. Bugfixing patches are all either adopted or differently implemented upstream now, and the only feature patch to improve anti-aliasing is recommended by upstream to be avoided for now (will be included in later releases of GD). * Drop pthreads workaround. Upstream now properly handles this. * Avoid fallback build-dependencies on xlibs-dev, thanks to lintian. Avoid *-dev package dependencies too, and tighten build-dependency on d-shlibs to versions supporting the neat new runtime override feature of d-devlibdeps used for this. * Drop duplicate build-dependency on autotools-dev, thanks to lintian. * Bump up standards-version to 3.7.2. * Update debian/copyright and long descriptions with new upstream author and new upstream URLs. * Semi-autoupdate debian/control to have the above take effect: $ DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules clean * Update debian/copyright-hints due to the relibtoolization. * Add new CDBS snippet vcs.mk hinting about the source environment. * Fix copyright-check CDBS snippet to properly ignore also CDBS-overridden autotools files. * Set urgency high, as the older pathced code is known to contain several bugs fixed in current upstream code. Work is ongoing about resolving if any of those bugs have known security issues with an official CVE. -- Jonas Smedegaard Tue, 30 Jan 2007 15:06:48 +0100 libgd2 (2.0.33-6) unstable; urgency=high * Acknowledge NMUs. Closes: bug#384838, #383747. Thanks to Paul and Martín Ferrari, and to Andreas Barth and Steinar H. Gunderson for watching my back. * Update local cdbs snippets (and add debian/README.cdbs-tweaks to source, documenting their purpose), fixing a FTBFS. Closes: bug#396174, thanks to Martin Pitt. * Semi-autoupdate debian/control to have the above take effect: $ DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules clean * Add patch 1009 to fix segfaults due to lack of boundary checks for anti-aliasing. Closes: bug#404774, thanks (again!) to Paul. * Set urgency=high as the above is important to include with etch. -- Jonas Smedegaard Mon, 1 Jan 2007 20:18:13 +0100 libgd2 (2.0.33-5.2) unstable; urgency=high * Non-maintainer upload. * remove 1006_western_european_fonts.patch, as this breaks (at least) two different packages, and creates issues for people with central european encoding. It is also an unnecessary derivation from upstream. Closes: #383747 -- Andreas Barth Wed, 29 Nov 2006 16:34:54 +0000 libgd2 (2.0.33-5.1) unstable; urgency=medium * Non-maintainer upload. * 1008_segfault_invalid_gif.patch: New patch, adapted by Stefan Fritsch; fixes segfault (and possible security issue) when reading some forms of corrupted GIFs. (Closes: #384838) -- Steinar H. Gunderson Mon, 11 Sep 2006 01:24:24 +0200 libgd2 (2.0.33-5) unstable; urgency=low * Merge patch 1002 with different approach from ubuntu, and rename as 1002_CVE-2006-2906 now that the bug (infinite loop in GIF code) has an official name. Closes: bug#372912 (thanks to Alec Berryman for reporting, and to Martin Pitt for providing a patch). * Add patch to switch to western european fonts (ISO8859-1/ISO8859-15) instead of the current eastern european (ISO8859-2). * Add --without-xpm option to configure when compiling -noxpm variant. Closes: bug#370572 (thanks to Omniflux ). * Indent Homepage string in long descriptions. * Add patch 1007 to avoid advertising external libraries in gdlib-config script (advertise them in new --static-libs instead). Closes: bug#375806 (thanks to Samuel Thibault ). -- Jonas Smedegaard Mon, 17 Jul 2006 02:15:53 +0200 libgd2 (2.0.33-4) unstable; urgency=low * Have libgd-noxpm-dev provide libgd2-dev (a virtual package since woody). libgd-xpm-dev does not provide it, as the two packages does not provide same shlibdeps info: Both provide same ABI but not same package dependencies, so those requiring XPM support will want to explicitly (build-)depend on that variant. Closes: bug#350704, #358306 (thanks to Daniel Schepler and Martin Michlmayr for reporting, and to Junichi Uekawa for patience and helpful input). * Use quilt (instead of CDBS builtin patch routines). * Use local cdbs snippet to enable debian-control (semi-)auto-update. * Update local cdbs snippet buildinfo.mk: + Correct namespace. * Update local cdbs snippet copyright-check.mk: + Correct namespace. + Treat all found files as non-binary. + Broaden scan to also look for "(c)" by default. + Make egrep options configurable. * Semi-auto-update debian/control (nothing remarkable). * Semi-auto-update debian/copyright_hints (nothing remarkable). * Renumber and unfuzz patches, and add debian/patches/README documenting the new numbering scheme. * Add patch 1003 fixing an antialiasing segfault. Closes: bug#364024 (thanks to Paul ). * Add patch 1004 improving antialiasing lines at image edges (thanks to Paul ). * Add patch 1005 to more sanely bail out on missing or wrong data, and include config.h also for tools and examples. This closes: bug#360966 (thanks to the Graphviz project were these was extracted from, and to Matthias Klose reporting it). -- Jonas Smedegaard Sun, 21 May 2006 09:51:07 +0200 libgd2 (2.0.33-3) unstable; urgency=low * Update debian/rules only if DEB_BUILD_OPTIONS contains "update". * Auto-update debian/rules (and manually strip bogus build-dependency on build-essential). * Upgrade watch file to version 3. * Standards version 3.6.2. * Mention homepage (not website) on long descriptions. * Add new local cdbs snippet copyright-check.mk. * Update debian/copyright with differing (but still DFSG-free) licensing of gd_gif_out.c (thanks to copyright-check.mk). * Update TODO with a bunch of entries to the "packaging hall of shame" (list of packages without -noxpm support). * Add patch to not treat negative return values from buffer routines as ok. Closes: bug#308981, #312500 (both thanks to Jim Meyering ). * Dropped old transitional packages libgd2 and libgd2-dev. Closes: bug#322044 (thanks to Javier Fernández-Sanguino Peña ). -- Jonas Smedegaard Thu, 8 Dec 2005 02:29:44 +0100 libgd2 (2.0.33-2) unstable; urgency=low * Acknowledge NMU. Closes: bug#278625, #283991 (thanks to Martin Pitt , Steve Kemp and others). * Revert order of dependencies for transitional packages to favor -xpm over -noxpm, and thus avoid surprises when upgrading from woody. Closes: bug#291783 (thanks to Don Armstrong ). * Rerun "libtoolize -c -f; aclocal-1.9; autoconf" with newer autotools. * Use cdbs (except debhelper snippet: too big change for now). * Define version strings "simply expanded" (small compile speedup). -- Jonas Smedegaard Thu, 21 Apr 2005 16:10:34 +0200 libgd2 (2.0.33-1.1) unstable; urgency=high * Non-maintainer upload with permission from Jonas * Apply patch to close security hole CAN-2004-0941 -- Steve Kemp Thur, 3 Dec 2004 19:09:54 +0000 libgd2 (2.0.33-1) unstable; urgency=low * New upstream release. + Improved font handling. Closes: Bug#281349 (thanks to Alexander Schories ). * Improve build rules to support kfreebsd-gnu. Closes: Bug#268280 (thanks to Robert Millan ), and probably also bug#276441 (but leaving open until confirmed). + Patch autoconf.ac to work around broken detection of pthreads. + Run "libtoolize -c -f; aclocal-1.9; autoconf" once. + Include the above patch with source, for use with newer upstream releases. + Update config.guess and config.sub at build time. + Build-depend on autotools-dev for the above. + Update config.rpath from http://savannah.gnu.org/projects/gnulib (grabbed from CVS). * Build -noxpm variant without fontconfig support as well (and add TODO note about possibly renaming to -nobloat in the future). * Mention fontconfig support (or lack thereof) to long descriptions. Closes: bug#280369 (thanks to Josip Rodin and Julian Mehnle ). * Drop obsolete and unused debian/rocks file. * Update TODO: rrdtool now properly acknowledges -noxpm (at last!). -- Jonas Smedegaard Sun, 7 Nov 2004 14:08:29 +0100 libgd2 (2.0.30-1) unstable; urgency=high * New upstream release: + Security fix: potential buffer overflow (CAN-2004-0990). Closes: bug#278625 (thanks to Martin Pitt ). * Tightened d-devlibdeps build-dependency (local hack is adopted now). * New fontconfig support enabled. * Include "hall of shame" to TODO. * Set urgency=high as this closes a security-related bug in sarge. -- Jonas Smedegaard Sat, 30 Oct 2004 22:22:10 +0200 libgd2 (2.0.28-3) unstable; urgency=high * Acknowledge NMU (thanks to Simon Richter for noticing and Steve Langasek for providing the fix). The bugreport contains other less urgent parts not fixed by this package, so will be split/closed manually. * Temporarily use local hacked d-devlibdeps that correctly (more or less, but at least better than before) resolve the recent X11 package split (bugreport filed against devlibs). * Clean out test gif's on clean target (in addition to png's). * Keep urgency=high for the RC bugfix to reach sarge, and because all the changes affects no binaries, only packaging hints. -- Jonas Smedegaard Mon, 13 Sep 2004 18:29:45 +0200 libgd2 (2.0.28-2.1) unstable; urgency=high * Non-maintainer upload. * High-urgency upload for sarge-targetted RC fix. * Add build-dependency on libxt-dev to ensure that libgd2-xpm really does support XPMs (closes: #270655). -- Steve Langasek Wed, 22 Sep 2004 04:32:23 -0700 libgd2 (2.0.28-2) unstable; urgency=low * Build-depend on libx11-dev (in addition to libxpm-dev) to actually include XPM support in the -xpm packages (broken on all but powerpc since 2.0.23-1), and configure explicitly using --with-xpm to hopfully fail less silently in the future. Thanks to Matt Zimmerman for spotting the bug. -- Jonas Smedegaard Wed, 28 Jul 2004 11:17:10 +0200 libgd2 (2.0.28-1) unstable; urgency=low * New upstream release. Closes:Bug#260793 (thanks to Adam Conrad ). * Drop TODO about dropping noxpm packages: Even with the new fine- grained packaging of X11 libraries XPM support still pulls in several megabytes irrelevant for most web server applications (the most popular usage of GD). * Minor corrections to gdlib-config man page. -- Jonas Smedegaard Thu, 22 Jul 2004 14:18:45 +0200 libgd2 (2.0.27-1) unstable; urgency=low * New upstream release. Closes: Bug# 254569 (except request for LZW support - I rely on the good judgement of upstream. Thanks anyway to Domenico Andreoli for the suggestion). * Cleaned up debian/copyright: + Replace info contained in changelog with note on "GNU systems". + Declare each topic more strictly. + Mention "licensing info" together with copyright. * Improved long descriptions: + General introduction to GD in all (non-transitional) packages + Website URL added -- Jonas Smedegaard Sat, 17 Jul 2004 15:03:27 +0200 libgd2 (2.0.23-2) unstable; urgency=low * Rebuild to override secret NMU (HEY!!! when did we change rules to not need to warn before doing an NMU?!?). Still closes: Bug#243500, #238890. -- Jonas Smedegaard Thu, 22 Apr 2004 00:36:44 +0200 libgd2 (2.0.23-1) unstable; urgency=low * New upstream release. Closes: Bug#243500 (thanks to Jan-Åke Larsson ). * Acknowledge NMU. Closes: Bug#238890 (thanks to Domenico Andreoli ). * Build-depend on libxpm-dev, with only a fallback to older xlibs-dev. * Use (and build-depend on) dh_buildinfo. * Add debian/TODO to source package, with notes on noxpm branch and interest in switching to cdbs (bzzzt, this changelog entry should *not* count in the "taking over the world" statistics of cdbs ;-) ). -- Jonas Smedegaard Wed, 21 Apr 2004 23:36:28 +0200 libgd2 (2.0.22-0.1) unstable; urgency=low * New upstream release. Closes: Bug#238890. * This is a NMU. -- Domenico Andreoli Fri, 19 Mar 2004 18:09:11 +0100 libgd2 (2.0.20-1) unstable; urgency=low * New upstream release. Closes: Bug#226179. -- Jonas Smedegaard Fri, 9 Jan 2004 03:58:46 +0100 libgd2 (2.0.16-1) unstable; urgency=low * New upstream release. * FreeType headers are now properly handled. Closes: Bug#224789. * Bump up (and correct syntax of) standards-version to 3.6.1 (no changes needed). Closes: Bug#210415. -- Jonas Smedegaard Thu, 25 Dec 2003 00:35:51 +0100 libgd2 (2.0.15-1) unstable; urgency=low * New upstream release. * Standards version 3.6 (no changes needed). -- Jonas Smedegaard Tue, 22 Jul 2003 11:54:41 +0200 libgd2 (2.0.12-2) unstable; urgency=low * Have development packages conflict with libgd-gif1-dev. This relates to Bug#191039 (thanks to Martin Schulze ). * This package complies with Debian Policy 3.5.10. -- Jonas Smedegaard Fri, 16 May 2003 17:56:22 +0200 libgd2 (2.0.12-1) unstable; urgency=low * New upstream release. * Correct paths to shared libraries for generating -dev dependencies. * Switch debhelper hint from DH_COMPAT to debian/compat. * Claim compliance with Policy 3.5.9 (no changes needed). * Change section devel to libdevel. * Run configure using --disable-rpath (although it is still ignored). -- Jonas Smedegaard Sun, 13 Apr 2003 22:39:43 +0200 libgd2 (2.0.11-3) unstable; urgency=low * Update doc_cleaner.pl to make html file completely weblint-clean (required for woody, so closes: Bug#185492). -- Jonas Smedegaard Wed, 19 Mar 2003 23:38:54 +0100 libgd2 (2.0.11-2) unstable; urgency=low * Simplify debian/rules a bit: Remove the INSTALL* definitions that may have stripped the binaries (not sure if it is honoured by the automade Makefile, but better safe than sorry). -- Jonas Smedegaard Fri, 7 Mar 2003 01:29:49 +0100 libgd2 (2.0.11-1) unstable; urgency=low * New upstream release (closes: Bug#170353). * Adapt debian/rules to the new proper configure script. * Drop DBS and use plain debhelper instead. Adapt build-depends. * Use homebrewn debian/doc_cleaner.pl to clean the html doc instead of a patch (more sustainable if upstream chooses to not fix the horrible html with next release). * Mention new binary annotate in libgd-tools.1 manpage and add a symlink. * Remove obsolete dh_undocumented from debian/rules. * Add a minimal manpage for the new helper script gdlib-config. -- Jonas Smedegaard Sun, 16 Feb 2003 02:00:42 +0100 libgd2 (2.0.4-11) unstable; urgency=low * Relax dependency for transitional packages of their real counterparts. -- Jonas Smedegaard Mon, 16 Dec 2002 02:02:35 +0100 libgd2 (2.0.4-10) unstable; urgency=low * Use d-shlibdeps package again, and build-depend on corrected versions of the package. * Declare compliance with Policy version 3.5.8.0 (no changed needed). * Remove full stop in description to please lintian. -- Jonas Smedegaard Mon, 16 Dec 2002 01:50:10 +0100 libgd2 (2.0.4-9) unstable; urgency=medium * The "Will we ever make it in time...?" release. * Use a local hacked d-devlibdeps (to properly handle libXpm dependency), and remove build-depend on d-shlibs. * Use html2text instead of w3m (as w3m doesn't build on all platforms). Thanks to Adam Conrad for pointing it out. Hack the html to be weblint-clean for html2text to accept it. * Set urgency=medium - same argument as below. -- Jonas Smedegaard Sun, 24 Nov 2002 21:01:27 +0100 libgd2 (2.0.4-8) unstable; urgency=high * Have libgd2-(no)xpm replace libgd2 older than 2.0.4-2 (when it became a transitional package, instead of a virtual on (which is ignored by Replaces:), and instead of the old plain package). * Set urgency=high, as only change is with this extra hint, and we really want this in testing soon - even with the current (unreported) bug it does more good than harm to let it in. -- Jonas Smedegaard Thu, 21 Nov 2002 06:36:41 +0100 libgd2 (2.0.4-7) unstable; urgency=low * Conflict with old virtual libgd2(-dev) packages (closes: Bug#16881). -- Jonas Smedegaard Wed, 13 Nov 2002 00:16:26 +0100 libgd2 (2.0.4-6) unstable; urgency=low * Preload libgd.so when running tests. Allows building without libgd2 already installed, and closes: Bug#167976. -- Jonas Smedegaard Wed, 6 Nov 2002 06:03:09 +0100 libgd2 (2.0.4-5) unstable; urgency=low * Have -dev packages conflict on libgd-(no)xpm-dev. * Have only transitional packages provide and conflict libgd1g, libgd1-altdev and old -tools packages. * Change build-depends to only the virtual libz-dev and libpng12-dev (not their real counterparts as well). * Add watch file. -- Jonas Smedegaard Wed, 6 Nov 2002 05:25:56 +0100 libgd2 (2.0.4-4) unstable; urgency=low * Use (and build-depend on) d-shlibs to make proper depends for -dev packages. * Tidy debian/ by generating debhelper files in configure target and remove it on clean. -- Jonas Smedegaard Mon, 4 Nov 2002 19:00:36 +0100 libgd2 (2.0.4-3) unstable; urgency=low * Correct dependencies for transitional packages. -- Jonas Smedegaard Mon, 4 Nov 2002 17:33:31 +0100 libgd2 (2.0.4-2) unstable; urgency=low * Provide transitional packages (a virtual package cannot satisfy a versioned dependency). * Tighten libgd2-xpm-dev to only same lib (noxpm binaries work well with xpm lib, but not the other way around). * Generate shlibs files without debhelper (to correctly do the above). * Simplify dh_shlibdeps invocation (it is really only used for libgd-tools anyway) and avoid using -L flag (to allow rebuild on woody with debhelper << 4.1.1 where the flag first appeared). * Enable tests (gddemo and gdtest). * Include test images as examples in -dev packages. * Remove TODO.Debian (the item - warnings possibly caused by signedness problems - have been dealt with upstream). -- Jonas Smedegaard Mon, 4 Nov 2002 15:30:29 +0100 libgd2 (2.0.4-1) unstable; urgency=low * New upstream release. * Update gdft patch 02add_gdImageStringFTEx. * Update configure patch 01makefile_generic_install. * Make sure not to compile libgd.a with -fPIC. * Corrections to debian/rules to adapt to new configure. -- Jonas Smedegaard Mon, 28 Oct 2002 02:40:39 +0100 libgd2 (2.0.2-2) unstable; urgency=low * Add unofficial function gdImageStringFTEx to not break binary compatibility with 2.0.1 (thanks to Nils Rennebarth for complaining and providing the patch. * Fix building without libgd2-dev already installed. * Fix linking libgd-tools against libgd2-noxpm (not static built). * Suggest noxpm in favor of xpm for packages built against noxpm. * Build-depend on new libpng12-0-dev and on zlib1g-dev, with fallback to their virtual packages. -- Jonas Smedegaard Sat, 26 Oct 2002 10:32:56 +0200 libgd2 (2.0.2-1) unstable; urgency=low * New upstream version. + Antialiased freetype text output now works properly in both truecolor and non-truecolor contexts! + By default, alpha blending is now done within the library. Also, by default, alpha channel is not saved with PNG images. * Repackage using dbs (with no patches applied for now). * Readme only html now, so build a text version (and build-depend on w3m). * Update debian/copyright (years added, and contact address changed). * Correct libgd-tools dependency on libgd2-(no)xpm. * Build and run tests. -- Jonas Smedegaard Tue, 22 Oct 2002 01:46:22 +0200 libgd2 (2.0.1-19) unstable; urgency=low * Conflict with libgd2 (and closes: #158639, #157920). -- Jonas Smedegaard Thu, 29 Aug 2002 03:50:26 +0200 libgd2 (2.0.1-18) unstable; urgency=low * Build against libpng3 (thanks to Junichi Uekawa for cleaning up the mess finally!). -- Jonas Smedegaard Sun, 18 Aug 2002 18:30:28 +0200 libgd2 (2.0.1-17) unstable; urgency=low * Install libgd-tools.1 (closes: #130499). -- Jonas Smedegaard Sun, 11 Aug 2002 02:41:02 +0200 libgd2 (2.0.1-16) unstable; urgency=low * Correct shlibs dependency on libgd2-xpm (not the virtual libgd2). Thanks to Chris Halls for spotting the error, which closes: #155498. -- Jonas Smedegaard Mon, 5 Aug 2002 16:58:06 +0200 libgd2 (2.0.1-15) unstable; urgency=low * Patch gdft.c for truecolor antialiasing. Patch found at http://www.coupin.net/gd-freetype/ thanks to Michael Ganss , and closes: #154112. -- Jonas Smedegaard Mon, 29 Jul 2002 04:04:52 +0200 libgd2 (2.0.1-14) unstable; urgency=low * Correct bug related to color resolving, thanks to Egon Eckert . -- Jonas Smedegaard Sun, 28 Jul 2002 10:28:30 +0200 libgd2 (2.0.1-13) unstable; urgency=low * libgd2-xpm-dev should depend on libgd2-xpm, not libgd2. -- Jonas Smedegaard Sat, 13 Jul 2002 17:33:04 +0200 libgd2 (2.0.1-12) unstable; urgency=low * Include docs in all packages. -- Jonas Smedegaard Sat, 13 Jul 2002 17:21:20 +0200 libgd2 (2.0.1-11) unstable; urgency=low * The "No more potatoes" release. * Major rewrite of debian/* to use debhelper V4. * Remove libgd.a from libgd-tools. * Rename libgd2 to libgd2-xpm and use libgd2 as a virtual package. * Add new package libgd2-noxpm-dev and do the same rename as above with -dev. * Include all header files (some where left out) in -dev packages. * Tighten shlib dependency to at least this build to avoid the old mess... * Add all demos from libgd-tools as example source in -dev. Remove compiled demos from -tools. * Add debug and nostrip support to debian/rules. * Add contact address gd@boutell.com to debian/copyright. * Remove libgd-tools Conflicts on libgd2-noxpm - they should work fine together (none of the tools use xpm). * Move libgd-tools Conflicts and Replaces on older libgd-tools to libgd2-xpm and -noxpm to make lintian happier. Suggest -tools as well. * Include/improve comment about XPM for long descriptions. * Set sane access rights on whole source as part of clean target. * Write a manpage for the libgd-tools applications to please lintian (and the rest of the world). This closes: Bug#130499. -- Jonas Smedegaard Sat, 13 Jul 2002 16:20:27 +0200 libgd2 (2.0.1-10) unstable; urgency=low * Correct a typo (my fault!) whith the patch. This closes: bug#142946. -- Jonas Smedegaard Mon, 15 Apr 2002 11:22:32 +0200 libgd2 (2.0.1-9) unstable; urgency=low * Change ligd-tools priority from extra to optional. * Include patch from Stephen to handle antialiasing (let's hope we make it for Woody). -- Jonas Smedegaard Wed, 10 Apr 2002 12:48:11 +0200 libgd2 (2.0.1-8) unstable; urgency=low * Add both xpm and non-xpm to substvars files, thanks to Joey Hess. * Now that we are at it: Loosen up shlibs dependencies. -- Jonas Smedegaard Mon, 25 Mar 2002 22:46:10 +0100 libgd2 (2.0.1-7) unstable; urgency=low * Oops - now _really_ loosen up libpng2-dev dependency... -- Jonas Smedegaard Fri, 22 Feb 2002 04:43:53 +0100 libgd2 (2.0.1-6) unstable; urgency=low * Reflect changes in (NMU of) libpng3 and only Build-conflicts: the badly hinted one, to loosen up libpng2 dependency to all _real_ releases available (and possibly libpng3 if indeed it is/becomes as compatible as claimed!). * Change libgd-tools priority and libgd2-dev section to make Debian Installer happy. -- Jonas Smedegaard Fri, 22 Feb 2002 02:10:37 +0100 libgd2 (2.0.1-5) unstable; urgency=low * Build a -noxpm variant. -- Jonas Smedegaard Fri, 1 Feb 2002 02:49:59 +0100 libgd2 (2.0.1-4) unstable; urgency=low * Another workaround to the libpng{2,3} mess: build-depend on specific version to avoid illegal versioned build-conflict on (sometimes!) virtual package. This will probably cause problems on autobuilders as well (if they still see replacing libpng-dev with libpng2-dev as a downgrade), but should at least be legal. * Add readme.* to libgd2-dev. -- Jonas Smedegaard Sun, 20 Jan 2002 15:08:43 +0100 libgd2 (2.0.1-3) unstable; urgency=low * Put back conflicts/replaces on libgd-tools (<<2.0.0). They where needed after all (even though lintian complains). -- Jonas Smedegaard Sun, 13 Jan 2002 16:19:51 +0100 libgd2 (2.0.1-2) unstable; urgency=low * New maintainer (thanks, Ivo :-). Updating maintainer field. * Strip non-libgd2 part of changelog (go read the one from libgd package if interested in older changes). * Updating copyright file (Closes: #119288). * Cleanup old freetype2 (FreeType1) mess. * Use debhelper V3, tighten Build-Dependency on debhelper accordingly and remove postinst to have debhelper handle ldconfig correctly. * Build-Conflicts: libpng-dev (>= 1.2) (stuff like libgd-perl needs to know wether png2 or png3 is used - let's be conservative for a start). * Remove duplicate dependencies and strange conflicts/replaces (probably wrongly converted from those against libgd1g in libgd) in debian/control. -- Jonas Smedegaard Sun, 13 Jan 2002 15:50:02 +0100 libgd2 (2.0.1-1) unstable; urgency=low * Initial package, based upon libgd1. (Closes: #102179, #102494) -- Ivo Timmermans Sat, 18 Aug 2001 19:55:14 +0200