* SECURITY UPDATE: use-after-free via directory
- debian/patches/CVE-2020-15389.patch: fix double-free on input
directory with mix of valid and invalid images in
src/bin/jp2/opj_decompress.c.
- CVE-2020-15389
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2020-27814-1.patch: grow buffer size in
src/lib/openjp2/tcd.c.
- debian/patches/CVE-2020-27814-2.patch: grow it again
- debian/patches/CVE-2020-27814-3.patch: and some more
- debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
- CVE-2020-27814
* SECURITY UPDATE: heap-buffer-overflow write
- debian/patches/CVE-2020-27823.patch: fix wrong computation in
src/bin/jp2/convertpng.c.
- CVE-2020-27823
* SECURITY UPDATE: global-buffer-overflow
- debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
irreversible conversion when too many decomposition levels are
specified in src/lib/openjp2/dwt.c.
- CVE-2020-27824
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27841.patch: add extra checks to
src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c.
- CVE-2020-27841
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2020-27842.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27842
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27843.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27843
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27845.patch: add extra checks to
src/lib/openjp2/pi.c.
- CVE-2020-27845
* SECURITY UPDATE: denial of service via excessive iteration
- debian/patches/CVE-2019-12973-1.patch: detect invalid file dimensions
early in src/bin/jp2/convertbmp.c.
- debian/patches/CVE-2019-12973-2.patch: avoid potential infinite loop
in src/bin/jp2/convertbmp.c.
- CVE-2019-12973
* SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
- debian/patches/CVE-2020-6851.patch: reject images whose
coordinates are beyond INT_MAX in src/lib/openjp2/j2k.c.
- CVE-2020-6851
* SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
- debian/patches/CVE-2020-8112.patch: avoid integer overflow in
src/lib/openjp2/tcd.c.
- CVE-2020-8112
* Actually omit libopenjpip-server, not libkate-tools which is not in
this package.
* No-change rebuild with fixed binutils on arm64.
* Omit libopenjpip-server on i386, we only want the libraries for
compatibility.
* New upstream release, addressing following security issues:
- CVE-2018-20847 (Closes: #931294)
- CVE-2018-21010 (Closes: #939553)
- CVE-2018-5727 (Closes: #888532)
* Remove following patches, applied upstream:
- CVE-2017-17480.patch
- CVE-2018-14423.patch
- CVE-2018-18088.patch
- CVE-2018-5785.patch
- CVE-2018-6616.patch
* Remove debian/patches/multiarch_path.patch:
- useless since latest upstream changes.
* Bump Standards-Version to 4.4.1.
* Refresh and rework manpages.
* Remove debian/README.source (Closes: #846390).
[ Helmut Grohne ]
* Demote java dependencies to Build-Depends-Indep. (Closes: #870644)
[ Mathieu Malaterre ]
* debian/control: update URLs to new salsa location
[ Hugo Lefeuvre ]
* CVE-2017-17480: stack-based buffer overflow in the pgxtovolume function in
jp3d/convert.c (Closes: #884738).
* CVE-2018-14423: division-by-zero in pi_next_pcrl, pi_next_cprl, and
pi_next_rpcl in lib/openjp3d/pi.c (Closes: #904873).
* CVE-2018-18088: null pointer dereference in imagetopnm in jp2/convert.c
(Closes: #910763).
* CVE-2018-5785: integer overflow caused by an out-of-bounds left shift in the
opj_j2k_setup_encoder function (openjp2/j2k.c) (Closes: #888533).
* CVE-2018-6616: excessive iteration in the opj_t1_encode_cblks function of
openjp2/t1.c (Closes: #889683).
[ Mathieu Malaterre ]
* Add Hugo as Uploader
* Non-maintainer upload.
* Fix "FTBFS with Java 9 due to -source/-target only":
apply patch by Markus Koschany to build with Java 9 or later.
(Closes: #873997)
* New upstream release. Closes: #877758
* Drop explicit -dbg package. Closes: #877676
* Fix CVE-2017-14041. Closes: #874115
* Fix CVE-2017-14151. Closes: #874430
* Fix CVE-2017-14152. Closes: #874431
* Fix changelog. Closes: #876535
* Provide openjpeg-2.1 compat symlinks:
+ usr/include/openjpeg-2.1
+ usr/lib/$(DEB_HOST_MULTIARCH)/openjpeg-2.1
* New upstream release. Closes: #872041
* Fix CVE-2016-9113. Closes: #844552
* Fix CVE-2016-9114. Closes: #844553
* Fix CVE-2016-9115. Closes: #844554
* Fix CVE-2016-9116. Closes: #844555
* Fix CVE-2016-9117. Closes: #844556
* Fix FTFBS (Closes: #871905)
* Non-maintainer upload
* Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
CVE-2016-9118.patch
* Non-maintainer upload.
* Add CVE-2016-9572_CVE-2016-9573.patch patch.
CVE-2016-9572: NULL pointer dereference in input decoding
CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
imagetopnm(). (Closes: #851422)
* New upstream. Closes: #839120
* Fix CVE-2016-7163. Closes: #837604
* Fix CVE-2016-7445. Closes: #838690
* Remove patches applied upstream:
* New upstream. Closes: #829734
+ d/watch points toward github now
+ Fix man page typos. Closes: #772889, #784377
+ Raise priority to optional. Closes: #822577
+ Fix multiple CVEs: Closes: #800453, #800149, #818399
* Fix pc file. Closes: #787383
* Remove reference to contrib. Closes: #820190
* Bump Std-Vers to 3.9.8, no changes needed
* Non-maintainer upload.
* Apache 2.4 transition: (Closes: #786333)
+ d/rules: Added --with apache2.
+ Drop d/libopenjpip-server.install.
+ Drop d/libopenjpip-server.prerm.
+ d/control: Add build-depends on dh-apache2, replace depends on
apache2.2-bin by ${misc:Recommends}, add recommends on
libapache2-mod-fastcgi.
+ New d/libopenjpip-server.conf for apache2 fastcgi setup.
+ Drop d/libopenjpip-server.load.
+ New d/libopenjpip-server.apache2 to set up the configuration.
* Install *.pc files. Closes: #762251
* Remove cmake-fatal-error export stuff
* Fix warnings in d/copyright
* Bump Std-Vers to 3.9.6, no changes needed
* Fix include path in export file to handle multi-arch install
+ debian/patches/multiarch_path.patch
* New upstream. Closes: #761154, #761155
* Rename binary packages to prevent conflicts. Closes: #760874
* Remove "Multi-Arch: same" for -dev package. Closes: #760421
* New upstream. Closes: #738655.