* SECURITY UPDATE: use after free in png_image_free
- debian/patches/CVE-2019-7317.patch: call png_image_free_function
without guarding it with png_safe_execute in png.c.
- CVE-2019-7317
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-13785.patch: fix a divide by zero in
pngrutil.c.
- CVE-2018-13785
* New upstream version 1.6.34
* Remove files removed upstream (the failing png files)
* New upstream version 1.6.33
* Drop idat patch: upstream
* Update copyright
* Bump std-version to 4.1.1
* Remove some new test png files that make testsuite fail
(they fail also on older libpng version, just they weren't available
status is tracked at https://sourceforge.net/p/libpng/bugs/271/ )
* Fix invalid IDAT images, thanks Felix Geyer for the debug/bug reassign!
(Closes: #876563)
* Bump std-version to 4.1.0, now priority is extra
* Add missing newline on copyright entry, making lintian sad
* Move the examples into the main libpng-dev (Closes: #876244)
- thanks Helmut Grohne for the useful bug report!
* New upstream version 1.6.32
* Update copyright file
* New upstream release.
* Update d/watch to point to ftp site and to verify gpg signature.
* fix-arm-build.patch removed, fixed upstream.
* Update d/copyright (years and add new maintainers) and remove some
redudant entries.
* Fix arm* build failures with upstream patch
(Closes: #867670)
* New upstream release.
* Update copyright
* Bump std-version to 4.0.0
* Upload to unstable
* Enable PIE eveywhere
* New upstream release.
- Drop fix multiarch patch: upstream
* Use autoreconf.
* Override autoreconf due to debhelper bug 844504
* No-autoreconf for cmake builds
* Readd multiarch patch, it was merged by
upstream on master but not on 1.6 branch
* Switch to cmake
* New upstream release.
* New upstream release (Closes: #849799)
- Fix for CVE-2016-10087
* Enable pie in Debian, disable it in Ubuntu.
- thanks pochu :)
* Revert cmake switch, failing on arm64.
* Upload to unstable.
* Disable pie where Ubuntu has not defaulted yet.
(armhf, arm64, powerpc)
* Switch to cmake.
* Enable full hardening (+pie) (Closes: #844429)
* New upstream release.
* Switch to compat level 10
- Drop autoreconf/parallel, automatically injected
* Mark the -tools package Multi-Arch: foreign.
(Closes: #840446).
Thanks Francois Gourget for the bug report!
* New upstream release.
* Stop providing pngcp, because a tool with the same
name is provided by pngtools (Closes: #834119, #834118).
- Consider re-enabling it if ineeded, but for now the
tool has no manpage and no help command.
- An alternative might be to make pngtools and libpng-tools
conflict each others.
* New upstream release.
- install also new pngcp tool in libpng-tools package.
* New upstream release.
* New upstream release.
- drop fix_define_PNG_READ_16_TO_8.patch: upstream
* Update copyright file.
* d/control: Add VCS-* to repository on collab-maint.
* Add patch to properly define PNG_READ_16_TO_8_SUPPORTED (Closes: #824014)
* Add d/gbp.conf to ensure signed tags.
* add libpng-config.patch from the old
src:libpng.
- disabling multiarch bits in libpng-config has
the "side-effect" to let us have a Multiarch libpng-dev package.
Closes: #822297
* Make the libpng-dev package Multiarch ready.
[ Manuel A. Fernandez Montecelo ]
* Add hardening flags (excluding PIE. CLoses: #805822)
[ Gianfranco Costamagna ]
* Drop useless pre-depends line.
[ Bart Martens ]
* Fix watch file
[ Laurent Bigonville ]
* Drop useless packages in Replaces field. (Closes: #820887)
* Upload to unstable.
* Add myself and Tobias to uploaders, as per maintainers
suggestion.
* Bump std-version to 3.9.8, no changes required.
* Team upload.
* New upstream release.
* Add upstream signing key
* Fix watch file.
* Update copyright file.
* Drop libpng16-devtools, useless and merged in libpng-dev.
(many packages relies on that script for building correctly)
- breaks + replaces accordingly.
* Remove multiarch -dev package
* Rename libpng16-tools to libpng-tools, there is no need of
strict versioning here.
* Install upstream changelog.
* Run upstream testsuite.
* Remove README.* files, useless now.
* Team upload
* Move libpng16-dev to libpng-dev, to ease next transitions.
* Drop conflicts against mzscheme, pngcrush, pngmeta,
povray-3.5, qemacs, some of them disappeared, some of
them have later versions already in old-oldstable.
* Simplify even more the packaging, probably fixing #813288
* Fix symlinks, and two lintian errors:
- library-in-root-and-usr
- old-style-config-script-multiarch-path
(multiarch: no for libpng16-devtools)
* Update standard-version to 3.9.7, no changes required.
* Switch to dh-autoreconf (Closes: #813027)
* Remove libpng16-devtools circular dependency, recommend it instead.
* Fix duplicate description lintian warning
* Fix copyright lintian warnings
* Remove copyright.in file
* Use new plain dh calls in rules file
* Remove some old lintian overrides.
[ Tobias Frost ]
* libpng16-16-udeb should not Conflicts: libpng-12-0.
[ Anibal Monsalve Salazar ]
* debhelper compat version is 9.
* debian/control: libpng16-devtools is "Multi-Arch: same".
* Non-maintainer upload.
* Preparation for the transition, going to experimental.
* Make libpng16-dev depend on libpng16-devtools to have libpng-config
pulled in automatically for reverse dependencies.
* Provide a so-name neutral devtools package
* New upstream release.
Fix CVE-2015-8472.
Closes: #810074.
* Use default options to compress.
Remove debian/source/options.
* New upstream release.
* Update lintian-overrides for 1.6.19.
* New upstream release (Closes: #773823)
Fix CVE-2015-8540.
* Standards Version is 3.9.6.
* Update debian/copyright.
Add infomation of license for other all files.
* Update lintian-overrides for 1.6.16.
* Add libpng16-devtools package.
Move libpng-config to this package.
* New upstream release (Closes: #740585)
Fixed CVE-2014-0333.
* Update overrides files.
* Update debian/copyright. (Closes: #735737)
* New upstream release.
* New upstream release.
* New upstream release.
* Remove libpng12-dev binary package. libpng-dev provides and replaces
libpng12-dev.
* Add transition packages libpng3, libpng12-0 and libpng12-dev
* New upstream version 1.5.10
- Fix CVE-2011-3048 (memory corruption flaw)
Closes: 667475
* Standards Version is 3.9.3
* New upstream version 1.5.9
The purpose of this release is to fix the dangerous CVE-2011-3026.
The libpng patch is different from the one that was distributed
earlier by Chromium, in that the libpng user limit feature is not
crippled by the patch.
Remove 02-660026-CVE-2011-3026.patch
* New upstream release.
Fix a one-byte (stack) buffer-overrun bug in
png_formatted_warning(), which could lead to crashes (denial of
service) or, conceivably, execution of hostile code.
This vulnerability has been assigned ID CVE-2011-3464.
* Check for both truncation (64-bit platforms) and integer overflow
Fix CVE-2011-3026
Add 02-660026-CVE-2011-3026.patch
Closes: 660026
* Fix typo from PPFLAGS to CPPFLAGS.
* New upstream release.
* Update debian/rules.
Enabled hardened build flags. (Closes: #654149)
* New upstream release.
* New upstream release.
* Fix lintian error: udeb-uses-non-gzip-data-tarball.
Changed option of dh_builddeb for every package.
* Fix lintian warning: brace-expansion-in-debhelper-config-file.
Remove brace-expansion from debian/libpng-dev.install.
* Port Steve Langasek's changes for 1.2.46-1
- Build for multiarch. Closes: 634151
- Drop debian/libpng15-15-udeb.dirs, which just adds a pointless empty
directory to the udeb
* Update debian/docs and debian/libpng15-15.docs
* Add debian/libpng15-15.doc-base
* Build-Depend on autotools-dev
[ Steve Langasek ]
* Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any. Closes: 634151
* Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
[ Anibal Monsalve Salazar ]
* Fix doc-base file
Closes: 633944, 633957, 634120
* Pass "-Zbzip2 -z9" to dpkg-deb
* New upstream release (Closes: #633871).
- Fix CVE: CVE-2011-2690
Buffer overwrite in png_rgb_to_gray
- CVE: CVE-2011-2691
Crash in png_default_error due to use of NULL Pointer
- CVE: CVE-2011-2692
Memory corruption when handling empty sCAL chunks
- Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.
* New upstream release (Closes: #633871).
- Fix CVE: CVE-2011-2690
Buffer overwrite in png_rgb_to_gray
- CVE: CVE-2011-2691
Crash in png_default_error due to use of NULL Pointer
- CVE: CVE-2011-2692
Memory corruption when handling empty sCAL chunks
- Update patches/01-legacy.patch
- Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.
* Rename libpng15-dev to libpng-dev
* Fix 1-byte uninitialized memory reference in png_format_buffer()
Fix CVE-2011-2501
Add debian/patches/02-632786-CVE-2011-2501.patch
Closes: 632786
* Pass "-Zbzip2 -z9" to dpkg-deb
* Fix xc-package-type-in-debian-control
* Fix debian-rules-missing-recommended-target
* Fix 1-byte uninitialized memory reference in png_format_buffer()
Fix CVE-2011-2501
Add debian/patches/02-632786-CVE-2011-2501.patch
Closes: 632786
* Standards version is 3.9.2
* Fix xc-package-type-in-debian-control
* Fix debian-rules-missing-recommended-target
* New upstream release (Closes: #565821, #574257, #606867).
* Remove Sam Hocevar from Uploaders.
* Add myself to Uploaders.
* Remove libtool, automake and autoconf from Build-depends.
* Disable practice of autogen.sh from debian/rules.
* Remove support libpng3 package (Closes: #369104, #615558).
* Update debian/copyright.
- Update copyright holder.
- Add new license for contrib/pngsuite (Closes: #615558).
* Remove patches directory.
* Add libpng15-dev.lintian-overrides.
Overrides manpage-has-errors-from-man usr/share/man/man3/libpng.3.gz.
* debian/libpng3.links: fix up the compat symlink to point to /lib
Patch by Steve Langasek
Closes: #579074, LP: #284325
* New upstream release
Stop memory leak when reading a malformed sCAL chunk
* New upstream release
* Fix CVE-2010-0205 and Cert VU#576029
CVE-2010-0205">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
https://www.kb.cert.org/vuls/id/576029
Do not stall and consume large quantities of memory while processing
certain Portable Network Graphics (PNG) files
Closes: 572308
* Merge 1.2.42-1ubuntu1
Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
* Fix out-of-date-standards-version
* Merge from Debian testing. Remaining changes:
- Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
* New upstream release
* Remove 02-export-png_set_strip_error_numbers.patch (merged)
* Fix debhelper-but-no-misc-depends
* Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
with a separate /usr.
* New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
Define PNG_ERROR_NUMBERS_SUPPORTED
Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
exported.
* New upstream release
* New upstream release
* Fix out-of-date-standards-version
* Fix patch-system-but-no-source-readme
* New upstream release
* Fix out-of-date-standards-version
* Update upstream homepage
Closes: 536474
* New upstream release
* New upstream release
* Standards-Version is 3.8.1
* debhelper compat is 7
* Run dh_prep instead of dh_clean -k
* New upstream release
- http://secunia.com/advisories/33970/
Fix a vulnerability reported by Tavis Ormandy in which
some arrays of pointers are not initialized prior to using
"malloc" to define the pointers.
Closes: #516256
- CVE-2008-5907">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
The png_check_keyword function in pngwutil.c in libpng, might
allow context-dependent attackers to set the value of an
arbitrary memory location to zero via vectors involving
creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
Closes: #486415
* Fix the following lintian issues:
W: libpng12-0: copyright-refers-to-versionless-license-file
usr/share/common-licenses/GPL
* New upstream release
- Fix memory leak after reading a malformed tEXt chunk
* New upstream release
- libpng.pc is configured to do static linking; closes: #483477
- use autoconf variables in .pc and libpng-config; closes: #483478
* Remove debian/patches/02-501109-pngtest.c.diff; it was merged
* Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0
* New upstream release
* Patches merged upstream:
debian/patches/02-476669-CVE-2008-1382.diff
debian/patches/03-404514-png.5.diff
* Run ./autogen.sh
* New upstream release. Closes: #431202
* Use quilt
Add 01-legacy.diff
* Fix CVE-2008-1382 denial of service and possibly code execution
Add 02-476669-CVE-2008-1382.diff
Closes: #476669
* Fix URL in png.5. Closes: #404514
Add 03-404514-png.5.diff
* Move examples to libpng12-dev. Closes: #401467
* Fix "libpng (<= 1.2.20) contains grey-licensed code". Closes: #469126
* Fix the following lintian issues:
W: libpng source: debian-rules-ignores-make-clean-error line 37
W: libpng source: substvar-source-version-is-deprecated libpng12-dev
W: libpng source: out-of-date-standards-version 3.7.2 (current is 3.7.3)
W: libpng12-0-udeb udeb: description-contains-homepage
W: libpng3: description-contains-homepage
W: libpng12-dev: description-contains-homepage
W: libpng12-0: package-contains-empty-directory usr/bin/
W: libpng12-0: package-contains-empty-directory usr/sbin/
W: libpng12-0: description-contains-homepage
W: libpng12-0: doc-base-unknown-section libpng12:22 Apps/Programming
* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
* Non-maintainer upload by testing security team.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
* It seems that a grayscale image with a malformed (bad CRC) tRNS
chunk will crash libpng and mozilla. Closes: #424729.
- CVE-2007-2445
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
- CERT Vulnerability Note VU#684664
http://www.kb.cert.org/vuls/id/684664
* Applied legacy_symbols.patch.
* Changed shlibs dependecy versions to ">= 1.2.13-4".
* libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
povray-3.5 (<= 3.5.0c-10).
* New upstream release.
- Fixed asm API functions not exported on amd64. Closes: #401044.
- Fixed "libpng hangs when saving profile". Closes: #401423.
* Fixed "Incorrect shlibs information". Closes: #401465.
* Removed patches for png.h and pngconf.h.
* Updated debian/watch.
* Removed drop_pass_width patch. Closes: #399499.
* libpng12-dev: removed the conflict with libpng3-dev.
* Put back binary package libpng3.
* Fixed conflict with the new libpng package. Closes: #399296.
* Fixed png.5 man page formatting. Closes: #353061.
Patch by Kevin Ryde <user42@zip.com.au>.
* New upstream release.
* CVE-2006-5793: Fixed a new security issue regarding malformed
sPLT chunks. Closes: #398706.
* Transitional package libpng3 is not shipped anymore.
Closes: #369104.
* New upstream release. Closes: #366070.
* CVE-2006-3334: Fixed Buffer overflow in the png_decompress_chunk
function in pngrutil.c in libpng before 1.2.12 allows
context-dependent attackers to cause a denial of service and
possibly execute arbitrary code via unspecified vectors related
to "chunk error processing," possibly involving the "chunk_name".
Closes: #397892.
* Removed debian/x86_patches/pnggccrd-PIC.patch as it's merged
upstream.
* New maintainer. Closes: #393109.
* ACK NMUs. Closes: #378463, #377298, #356252.
* debian/control:
- set Standards-Version to 3.7.2.
- set Priority to extra for libpng12-0-udeb.
- added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
dependency lists.
* Added debian/watch file.
* Orphaning package.
* Non-maintainer upload.
* Backport changes from 1.2.12 to fix a buffer overflow in
png_decompress_chunk; patch by Alec Berryman. [CVE-2006-3334]
(Closes: #377298)
* Non Maintainer Upload (closes: #356252).
* Add support for udeb dependency resolution in shlibs file.
* Update debhelper compatibility to level 5.
* drop_pass_width.patch: don't export png_pass_width, it's absolutely
unnecessary.
* libpng12-0.shlibs: downgrade the shlibs accordingly
(closes: #331383).
* makefile.patch:
+ Use PNG_PRIVATE to get the list of private symbols as well. It
sucks, but they've been there for too long (closes: #329886).
+ Use mawk instead of awk (closes: #329812).
* control: build-depend on mawk.
* rules:
+ Use -O2, not -O3.
+ Actually run the tests.
+ Make use of x86_patches/ on x86 architectures.
* x86_patches/mmxbuild.patch: build MMX routines in pnggccrd.c.
* x86_patches/pnggccrd-PIC.patch: patch from Christian Aichinger
to make the assembly routines PIC-compatible.
* libpng12-0.shlibs: bump the shlibs version.
* Upload to unstable.
* Rename the source package to libpng.
* makefile.patch:
+ now patch makefile.elf, so that only public symbols are truly
exported.
+ shorten the differences as much as possible.
* rules: use makefile.elf now.
* Move libpng3 to oldlibs.
* Entirely remove libpng3-dev, making libpng12-dev provide it
(closes: #322051).
* poynton.patch: correct Charles Poynton's address (closes: #289437).
* Don't run the test when cross-building (closes: #285427).
* setjmp_error.patch: don't stop when we are not using _BSD_SOURCE, as
in this case this is harmless (closes: #299343).
* libpng3.postinst: removed, the fix is in sarge.
* Standards-version is 3.6.2.
* legacy_symbols.patch: still export png_read_destroy and
png_write_destroy, which are deprecated but should nevertheless be
accessible.
* New upstream release.
* read_transformations.patch: removed, included upstream.
* libpng12-0.shlibs: Update to version 1.2.8rel, new flags seem to have been
added.
* read_transformations.patch: fix segmentation fault with latex
(closes: #281789) and totem (closes: #278618).
* New upstream release.
+ Correct segmentation violation in png_combine_row.
Closes: #278526, #278917, #278921, #279258, #281789, #282368.
* New upstream release (closes: #278308).
* libpng12-0.shlibs: update shlibs to version 1.2.7.
* Remove all security fixed, they are included upstream.
* CAN-2004-0954.patch: removed, this is already fixed in
CAN-2004-0597_0598_0599.patch.
* Switch to CDBS.
+ Ship modifications and security fixes in debian/patches.
+ debian/rules: rewritten.
+ debian/control: build-depend on cdbs.
+ debian/libpng12-0.shlibs: new.
* setjmp_error.patch: port explanation of the error when including setjmp.h
from libpng10, thanks Matijs van Zuijlen <Matijs.van.Zuijlen@xs4all.nl>
(closes: #273473).
* CAN-2004-0954.patch: fix buffer overflow vulnerability in
png_handle_tRNS().
* CAN-2004-0955.patch: fix integer arithmetic overflow vulnerability in
png_read_png().
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<chris@scary.beasts.org> to fix several vulnerabilities (closes: #263500):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598].
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599].
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].
* pngerror.c: applied patch by Steve Grubb <linux_4ever@yahoo.com> to
fix unintended memory access that could result in a crash of the
application linking against libpng [CAN-2004-0421].
* Use debhelper 4.2, which generates the udeb appropriately.
* Update control and rules appropriately.
* Don't use ${shlibs:Depends} for the udeb, rather write the
dependencies by hand.
* Standards-version is 3.6.1.
* scripts/makefile.linux: use versioned dependencies
(closes: #155891).
* debian/rules: bump dependency for dh_makeshlibs.
* add the libpng.a link in libpng12-dev.
* Rework scripts/makefile.linux to make it more consistent.
* Update stuff in debian/ accordingly.
* Updated README.Debian.
* Make libpng3{,-dev} depend on libpng12-{0,dev} >= 1.2.5.0-2 instead
of the strict source version.
* Move /usr/share/doc/libpng3{,-dev} into symlinks at postinst time
when directories already exist.
* debian/rules: install correctly doc-base stuff.
* debian/libpng12-dev.doc-base: updated URIs.
* scripts/{makefile.linux,libpng-config-body.in}: correct the
libpng12-config script.
* Install correctly pkg-config stuff (closes: #191081).
* Make libpng12-dev conflict explicitly with libpng12-0-dev.
* Update README.Debian.
* New maintainer.
* Use real upstream tarball from 1.2.5 release.
* Use dpkg-source's way instead of dpatch for patching.
* A bit of rework in debian/rules, use dh_install and debhelper 4.
* Standards-version is 3.5.9.
* The -dev package is now named libpng12-dev (stop using the
libpkg-guide way).
* libpng3 is now arch-independent.
* Improved descriptions a bit.
* Don't supply libpngpf.3, it is not useful to programmers.
* Add udeb (closes: #174842)
* Add missing section on source files.
* Rebuild with d-shlibs with fixed "libgcc_s1-dev" handling (for gcc-3.2).
(closes: #178070), build-depend on d-shlibs 0.10 or greater.
* Use dpatch for patch system -- divide Debian patch, and security fix patch.
* Standards-Version: 3.5.8
* add manual page libpng-config.1 and libpng12-config.1
* Sorry folks, I made a mistake.
* Forward-port of patch from the Security Team,
really apply what was there. (closes: #172868,#172871)
* Forward-port of patch from the Security Team
* Applied patch to pngrtran.c by Glenn Randers-Pehrson
<glennrp@comcast.net> to fix a buffer overrun.
* Typo in scripts/makefile.linux.
Mistake. -lz and -lm weren't happening.
* Change LDFLAGS to not list -lz -lm, so that testsuite will catch such error.
* set prefix=/usr/ in scripts/makefile.linux, since it was set to usr/local.
* scripts/makefile.linux: LIBADDFLAGS introduced, for shared library lib additional
flags, and use that for shared library.
- this should fix build failure (closes: #166704)
Thanks Daniel Schepler <schepler@math.berkeley.edu> for reporting.
* updated copyright file to note that libpng3 in Debian is patched to
link with -lz -lm.
* Trying to fix the problem that libpng3 seems to be not linked against libz.
LDFLAGS was defined but not being used.
Thanks Mike Furr <mfurr@debian.org> for reporting (closes: #166489)
* Fixed description, I mixed up the -devel and non-devel
packages.
* updated README.Debian.
* careless mistake :(
* reinstall libpng.so symlink in libpng-12-0-dev package.
Otherwise other packages won't build ...
* New upstream version (closes: #163425)
* re-patched makefile.linux to work with system zlib,
added workaround to set CFLAGS, and remove rpath settings from LDFLAGS
* Use debhelper.
* No longer create /usr/doc symlinks.
* Standards-Version: 3.5.7
* Not yet released.
* Change priority from standard to optional.
* change -dev dependency of libc6-dev to libc-dev
* Security fix backported from 1.2.4. Check bounds of variables.
(closes: #155403)
* New maintainer (closes: #151343)
* apply buffer overflow patch for interlaced png files (closes: #150595)
* update description for libpng3-dev.
* change libpng-dev to libpng3-dev
* NMU
* Provides: libpng2-dev has been changed to Provides: libpng3-dev
libpng2-dev can be put back in when some kind of sane transition has
finished.
(closes: #128384, #128871, #129268, #129269)
* New upstream version; closes: #125679.
* New source package name: libpng3.
* Renamed libpng<x>-dev to libpng-dev to avoid having to maintain several
development packages (the -dev is source compatible).
* Moved png.5 into the -dev package.
* Added a Replaces: libpng2 to libpng-dev so that we can steal the png.5
manpage without fuss.
* Changed debian/shlibs for libpng3.
* Compress examples/pngtest.c.
* Moved the png.5 manpage to the dev package to allow multiple libpng<n>
packages installed at the same time.
* Changed libpng2-dev's section to devel to resync with override file.
* Fixed upstream version detection in debian/rules; closes: #105931.
* New upstream release; closes: #105354.
* Bumped dependency information in debian/shlibs to libpng >= 1.0.12
since there were some non-backwards compatible changes to the API.
* Added support for DEB_BUILD_OPTIONS and get-orig-source to debian/rules.
* Added call to ldconfig on postrm's remove.
* Removed INSTALL file from /usr/share/doc/libpng2.
* Bumped standards version to 3.5.5.0.
* New upstream release.
* Force recompile because of bad sparc package.
* Libpng2's priority changed to standard to comply with the override file.
* New upstream release.
* Changed shlib to depend on libpng2 (>= 2.0.10) because of
non-backwards compatible changes.
* Changed the doc-base type from 'test' to 'text'; closes: #59877.
* New upstream relase 1.0.8; closes: #70464.
* Updated copyright notice.
* Removed Y2kINFO from the doc directory.
* Added pngtest.c in examples; closes: #65229.
* Updated to standards version 3.2.1.0.
* Added build-depends line in control file; closes: #69291.
* Maintainer upload (closes: #48244, #48246).
* Added some extra explanations for the setjmp.h mess (closes: #56759),
see pngconf.h for details.
* Non-maintainer release.
* New upstream release. (closes:Bug#48244).
* Remove versioned depend from shlibs (closes:Bug#48246).
* New upstream version (1.0.3); Closes: #31870, #46333.
* Maintainer upload, closes NMU bugs; Closes: #28412, #31523, #31690.
* FHS compliant.
* New standard-version 3.0.1.
* Lintian clean.
* Removed temporary zlib1g line in control file (used to be a bug in
zlib1g).
* Moved the documentation file to the -dev package.
* Register documentation file to doc-base.
* Fontified man pages with addformat script; Closes #38680.
* New upstream (bug-fix only) version.
(Should fix bugs #31690滼, since I can't reproduce them)
From the author:
"I have recently uploaded libpng-1.0.2b to
ftp://swrinde.nde.swri.edu/pub/png-group/src
I plan to release it as libpng-1.0.3 in a
few days, but would like to hear whether it
fixes the problems with GNOME.
It restores a few lines of code that were
inadvertently deleted from pngread.c, which
seems to be the cause of problems with adding
an alpha channel (which you fixed by downgrading
to libpng-1.0.1's pngread.c)."
[Glenn Randers-Pehrson <glennrp@netgsi.com>]
* Masquerade version number to 1.0.3 to make Imlib & Co. happy.
* Fix Important bug #28412
(using pngread.c from libpng-1.0.1 did the trick).
* Maintainer release (to change a bit).
* Pristine sources.
* Libpng2-dev includes example.c (fixes bug #10315).
* Changed control file to reflect difference with libpng0g (fixes #23795).
* Recompiled (should fix the zlib1g missing symbol, bug #24450).
* Added -D_REENTRANT also to static library.
* Added a dependency upon zlib1g >= 1.1.2 (otherwise we get a missing
symbol) (fixes bug #24450).
* Non-maintainer release
* New upstream version
* debian/rules (binary-arch): don't call install with -s as an
argument when installing a shared library; it doesn't know to use
--strip-unneeded, and we call strip separately later anyway.
* scripts/makefile.lnx (CFLAGS): killed i386-isms.
* scripts/makefile.lnx: compiled shared libraries with -D_REENTRANT.
(The above fixes are from James Troup, who yet again, alerted me to
my screwups ;)
* debian/postinst: only call ldconfig if $1 = configure.
* New upstream bug fix release.
* Include man pages.
* Non-maintainer Release.
* New Upstream Release.
* Changed source package name to `libpng'.
* Added `-f makefile.lnx' to make invocations in debian/rules.
* Removed `ldconfig' call from postrm.
* Removed executable permissions on shared libs (fixes bug #15478).
* Updated Standards-Version to 2.3.0.1.
* Shared libraries are stripped with --strip-unneeded and static
libraries with --strip-debug (fixes bug #15669).
* Made the build strip non-i386 specific (patch by James Troup) (fixes
bug #13832).
* Removed the dependency between the libc5 and libc6 versions.
* Libc6 compilation.
* Fixed permissions in /usr/doc/libpng0 (fixes bug #10540).
* New upstream sources.
* New maintainer.
* Upgraded to upstream version 0.95b.
* Make debian/rules version independent.
* Debian/rules clean now removes substvars.
* Bumped the shlibs version to 0.95 as some incompatibilities were
introduced between 0.89 and 0.90.
* Added the Section: and Priority: fields to the control file (fixes bug
#6370).
* Now /usr/doc/libpng0 contains various info and the debian change log
stuff (fixes bug #7925).
* Added -D_REENTRANT compilation flag.
* Moved shlibs file to correct location
* Added shlibs file
* Now stripping shared libraries (Bug#5134)
* Corrected maintainers address
* Accommodate the fact that dpkg-source doesn't properly preserve
permissions on scripts when extracting package. (Bug#4513)
* New upstream version.
* Moved to new source packaging format.