jbig2dec (0.13-4~deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Prevent integer overflow vulnerability (CVE-2017-7885) (Closes: #860460)
  * Prevent SEGV due to integer overflow (CVE-2017-7975) (Closes: #860788)
  * Bounds check before reading from image source data (CVE-2017-7976)
    (Closes: #860787)

 -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 16 May 2017 22:35:00 +0200

jbig2dec (0.13-4~deb8u1) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian Security Team.
  * Backport latest upstream release to Jessie.
  * Fixes CVE-2016-9601 and many other unreported issues.
  * Drop licensecheck from build-depends as it was part of devscripts
    in the past (and we don't need such a check in stable/oldstable).
  * Disable multiarch support to not introduce unexpected regression.

 -- Raphaël Hertzog <hertzog@debian.org>  Fri, 17 Mar 2017 14:59:04 +0100

jbig2dec (0.13-4) unstable; urgency=medium

  * Add patches cherry-picked upstream to squash signed/unsigned
    warnings and to fix warning for always-false unsigned < 0 tests.
    Closes: Bug#850497. Thanks to Salvatore Bonaccorso.
  * Modernize Vcs-Browser field: Use git subdir (not cgit).
  * Stop override lintian for
    package-needs-versioned-debhelper-build-depends: Fixed in lintian.
  * Update copyright info: Extend coverage of Debian packaging.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 23 Jan 2017 21:13:34 +0100

jbig2dec (0.13-3) unstable; urgency=medium

  * Add patch cherry-picked upstream to prevent checking too early for
    buffer overrun.
  * Modernize CDBS: Build-depend on licensecheck (not devscripts).

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 23 Aug 2016 10:13:47 +0200

jbig2dec (0.13-2) unstable; urgency=medium

  * Fix mark libjbig2dec0 as multi-ach: same.
    Closes: Bug#799916. Thanks to Jacek Szafarkiewicz and Yuriy M.
    Kaminskiy.
  * Add patch 2001 to avoid compile unrelated and unusable Memento
    memory debugging code.
    Closes: Bug#824483. Thanks to Yuriy M. Kaminskiy.
  * Drop symbols for dropped Memento code.
    Thanks to Yuriy M. Kaminskiy.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 16 May 2016 18:35:14 +0200

jbig2dec (0.13-1) unstable; urgency=medium

  [ upstream ]
  * New bugfix release.

  [ Jonas Smedegaard ]
  * Update watch file:
    + Bump file format to version 4.
    + Mangle scanned page to get tarball URLs from tags, and adapt URL
      pattern.
    + Mangle download filename.
    + Mention gbp in usage comment.
  * Use https protocol in Vcs-Git URL.
  * Declare compliance with Debian Policy 3.9.8.
  * Update copyright info:
    + Extend coverage for main author to include recent years.
    + Extend copyright of packaging to cover current year.
  * Update git-buildpackage config: Filter any .gitignore file.
  * Drop patch 2001: Applied upstream.
  * Drop 3 symbols (unused, according to http://codesearch.debian.net/).
  * Fix remove old lintian overrides file.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 10 May 2016 16:51:55 +0200

jbig2dec (0.12+20150918-1) unstable; urgency=medium

  [ upstream ]
  * Snapshot.
    + Tidy build configuration.
    + Update for modern libpng.
    + Commit of build_consolidation branch.
    + Fixes for Windows build with VS 2015.
    + Check that cloned image exists before proceeding further.
    + Release huffman table memory properly.

  [ Jonas Smedegaard ]
  * Fix lintian overrides.
  * Unfuzz all patches.

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 26 Sep 2015 17:33:05 +0200

jbig2dec (0.12-2) unstable; urgency=medium

  * Move package maintenance to printing team.
  * Suppress lintian warning about build-depending unversioned on
    debhelper.
  * Update copyright info: Fix strip stray License field.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 31 Jul 2015 19:19:18 +0200

jbig2dec (0.12-1) unstable; urgency=medium

  * Update README.source to emphasize that control.in file is *not* a
    show-stopper for contributions, referring to wiki page for details.
  * Update upstream URLs to reflect move to git.ghostscript.com and lack
    of tarball releases.
  * Declare compliance with Debian Policy 3.9.6.
  * Update Vcs-* fields.
  * Bump debhelper compatibility level to 9.
  * Update copyright info:
    + Extend coverage for myself.
    + Bump packaging license to GPL-3+.
    + Fix use SPDX shortname for X11 license.
      Thanks to Paul Richards Tagliamonte.
    + Use file format 1.0.
    + Use license short-name public-domain.
    + Bump main license to AGPL-3+.
      Add NEWS file about that change.
    + Drop unused Files and License sections for autotools files.
    + Use License-Grant and License-Reference fields.
      Thanks to Ben Finney.
  * Use newest autotools.
    Build-depend automake (not automake1.11) and on recent cdbs.
  * Drop patches 1002 1003 applied upstream.
  * Improve patch 1004: Remove extracted file from script to detect
    upstream code changes.
  * Add debian/patches/README documenting patch naming micro-policy.
  * Add patch 2001 to avoid including problematic and seemingly uneeded
    pngstruct.h.
  * Let CDBS move aside upstream cruft during build.
  * Cleanup more autotools files.
  * Add symbols file.
    Closes: bug#694899. Thanks to Logan Rosen.
  * Fix tie d-shlibs target also to development package (not only
    library package).
  * Add lintian overrides regarding license in License-Reference field.
    See bug#786450.
  * Update package relations:
    + Build-depend unversioned on d-shlibs: Needed version satisfied
      even in oldstable.
  * Install into multiarch paths.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 31 Jul 2015 11:45:03 +0200

jbig2dec (0.11+20120125-1) unstable; urgency=low

  * New snapshot of upstream git.
  * Autogenerate autotools.
  * Add patches cherry-picked from Ghostscript:
    1002: Prevent composition if src outside clip region.
    1003: Implement generic refinement region when TPGRON is TRUE.
  * Add patch 1004 to add config_types.h.in (not create in autogen.sh).
  * Fix strip editing noise from copyright file.
  * Fix watch file to cover current release: Ignore compression suffix.
  * Bump debhelper compat level to 7.
  * Bump standards-version to 3.9.2.
  * Simplify *.install file, thanks to debhelper compat level 7.
  * Ease building with git-buildpackage: Git-ignore .pc dir.
  * Update copyright file:
    + Reformat using rev. 174 of draft DEP-5 syntax.
    + Fix declare exceptions as such.
    + Fix include Expat~X license verbatim (adding "Some files
      differ..." to License field violates need for "verbatim copy").
    + Separate comments from License field in GNU License sections,
      shorten comments and quote license in them.
    + Rename licenses to better match recent DEP5 draft (e.g. avoid
      "other" prefix).
    + Rewrap License sections at 72 chars.
    + Fix reference GNU licenses versioned.
    + Document in Comment field of AFPL License section the lack of
      actual licensing text: license unused by Debian.
    + Extend copyright years.
  * Update package relations:
    + Relax build-depend unversioned on debhelper and devscripts (needed
      versions satisfied even in oldstable).
    + Build-depend on libtool, automake1.11 and autoconf.
    + Tighten build-dependency on d-shlibs.
  * Stop installing -la file.
    Closes bug#621683. Thanks to Neil Williams.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 10 Feb 2012 17:44:51 +0100

jbig2dec (0.11-1) unstable; urgency=low

  * Initial release. Closes: bug#539965.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 21 Apr 2010 21:06:47 +0200
