openjpeg2 (2.3.0.5-2+deb10u2+dde) unstable; urgency=medium

  * update

 -- Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>  Tue, 06 Jul 2021 10:13:52 +0800

openjpeg2 (2.3.0.5-2+deb10u2+dde) buster-security; urgency=medium

  * Non-maintainer upload.
  * fix CVE-2016-9114

 -- wangpei <wangpei@uniontech.com>  Wed, 05 Jul 2021 17:59:23 +0800

openjpeg2 (2.3.0-2+deb10u2) buster-security; urgency=medium

  * CVE-2020-27814
  * CVE-2020-27823
  * CVE-2020-27841
  * CVE-2020-27842
  * CVE-2020-27843 (Closes: #983663)
  * CVE-2020-27845
  * CVE-2020-27824
  * CVE-2020-15389 (Closes: #965220)
  * CVE-2020-8112 (Closes: #950184)
  * CVE-2020-6851 (Closes: #950000)

 -- Moritz Mühlenhoff <jmm@debian.org>  Fri, 26 Mar 2021 18:50:02 +0100

openjpeg2 (2.3.0.4-1+eagle) unstable; urgency=medium

  * fix CVE-2020-27841 CVE-2020-27845 CVE-2020-27824 CVE-2020-27823

 -- zhouzilong <zhouzilong@uniontech.com>  Sat, 20 Feb 2021 11:00:34 +0800

openjpeg2 (2.3.0.1-1+dde) unstable; urgency=medium

  * Non-maintainer upload.
  * rebuild

 -- zhouzilong <zhouzilong@uniontech.com>  Sun, 05 Jul 2020 16:18:55 +0800

openjpeg2 (2.3.0-2+deb10u1) buster; urgency=high

  * Backport security fixes:
  * CVE-2018-21010: heap buffer overflow in color_apply_icc_profile
    (Closes: #939553).
  * CVE-2018-20847: improper computation of values in the function
    opj_get_encoding_parameters, leading to an integer overflow
    (Closes: #931294).

 -- Hugo Lefeuvre <hle@debian.org>  Thu, 17 Oct 2019 14:48:09 +0200

openjpeg2 (2.3.0-2) unstable; urgency=high

  [ Hugo Lefeuvre ]
  * CVE-2017-17480: stack-based buffer overflow in the pgxtovolume function in
    jp3d/convert.c (Closes: #884738).
  * CVE-2018-14423: division-by-zero in pi_next_pcrl, pi_next_cprl, and
    pi_next_rpcl in lib/openjp3d/pi.c (Closes: #904873).
  * CVE-2018-18088: null pointer dereference in imagetopnm in jp2/convert.c
    (Closes: #910763).
  * CVE-2018-5785: integer overflow caused by an out-of-bounds left shift in the
    opj_j2k_setup_encoder function (openjp2/j2k.c) (Closes: #888533).
  * CVE-2018-6616: excessive iteration in the opj_t1_encode_cblks function of
    openjp2/t1.c (Closes: #889683).

  [ Mathieu Malaterre ]
  * Add Hugo as Uploader

 -- Mathieu Malaterre <malat@debian.org>  Sun, 10 Mar 2019 18:34:51 +0100

openjpeg2 (2.3.0-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix "FTBFS with Java 9 due to -source/-target only":
    apply patch by Markus Koschany to build with Java 9 or later.
    (Closes: #873997)

 -- gregor herrmann <gregoa@debian.org>  Sun, 02 Dec 2018 18:18:22 +0100

openjpeg2 (2.3.0-1) unstable; urgency=medium

  * New upstream release. Closes: #877758
  * Drop explicit -dbg package. Closes: #877676
  * Fix CVE-2017-14041. Closes: #874115
  * Fix CVE-2017-14151. Closes: #874430
  * Fix CVE-2017-14152. Closes: #874431

 -- Mathieu Malaterre <malat@debian.org>  Mon, 16 Oct 2017 07:43:41 +0200

openjpeg2 (2.2.0-2) unstable; urgency=medium

  * Fix changelog. Closes: #876535
  * Provide openjpeg-2.1 compat symlinks:
    + usr/include/openjpeg-2.1
    + usr/lib/$(DEB_HOST_MULTIARCH)/openjpeg-2.1

 -- Mathieu Malaterre <malat@debian.org>  Tue, 03 Oct 2017 07:20:44 +0200

openjpeg2 (2.2.0-1) unstable; urgency=medium

  * New upstream release. Closes: #872041
  * Fix CVE-2016-9113. Closes: #844552
  * Fix CVE-2016-9114. Closes: #844553
  * Fix CVE-2016-9115. Closes: #844554
  * Fix CVE-2016-9116. Closes: #844555
  * Fix CVE-2016-9117. Closes: #844556

 -- Mathieu Malaterre <malat@debian.org>  Fri, 22 Sep 2017 21:51:36 +0200

openjpeg2 (2.1.2-1.3) unstable; urgency=medium

  * Fix FTFBS (Closes: #871905)

 -- Moritz Muehlenhoff <jmm@debian.org>  Sat, 12 Aug 2017 15:54:38 +0200

openjpeg2 (2.1.2-1.2) unstable; urgency=medium

  * Non-maintainer upload
  * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
    CVE-2016-9118.patch

 -- Moritz Muehlenhoff <jmm@debian.org>  Fri, 11 Aug 2017 22:17:07 +0200

openjpeg2 (2.1.2-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add CVE-2016-9572_CVE-2016-9573.patch patch.
    CVE-2016-9572: NULL pointer dereference in input decoding
    CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
    imagetopnm(). (Closes: #851422)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 22 Jan 2017 14:18:13 +0100

openjpeg2 (2.1.2-1) unstable; urgency=medium

  * New upstream. Closes: #839120
  * Fix CVE-2016-7163. Closes: #837604
  * Fix CVE-2016-7445. Closes: #838690
  * Remove patches applied upstream:

 -- Mathieu Malaterre <malat@debian.org>  Thu, 29 Sep 2016 08:11:30 +0200

openjpeg2 (2.1.1-1) unstable; urgency=medium

  * New upstream. Closes: #829734
    + d/watch points toward github now
    + Fix man page typos. Closes: #772889, #784377
    + Raise priority to optional. Closes: #822577
    + Fix multiple CVEs: Closes: #800453, #800149, #818399
  * Fix pc file. Closes: #787383
  * Remove reference to contrib. Closes: #820190
  * Bump Std-Vers to 3.9.8, no changes needed

 -- Mathieu Malaterre <malat@debian.org>  Mon, 11 Jul 2016 09:28:19 +0200

openjpeg2 (2.1.0-2.1) unstable; urgency=high

  * Non-maintainer upload.
  * Apache 2.4 transition: (Closes: #786333)
    + d/rules: Added --with apache2.
    + Drop d/libopenjpip-server.install.
    + Drop d/libopenjpip-server.prerm.
    + d/control: Add build-depends on dh-apache2, replace depends on
      apache2.2-bin by ${misc:Recommends}, add recommends on
      libapache2-mod-fastcgi.
    + New d/libopenjpip-server.conf for apache2 fastcgi setup.
    + Drop d/libopenjpip-server.load.
    + New d/libopenjpip-server.apache2 to set up the configuration.

 -- Jean-Michel Vourgère <nirgal@debian.org>  Thu, 21 May 2015 23:05:40 +0200

openjpeg2 (2.1.0-2) unstable; urgency=low

  * Install *.pc files. Closes: #762251
  * Remove cmake-fatal-error export stuff
  * Fix warnings in d/copyright
  * Bump Std-Vers to 3.9.6, no changes needed
  * Fix include path in export file to handle multi-arch install
    + debian/patches/multiarch_path.patch

 -- Mathieu Malaterre <malat@debian.org>  Tue, 07 Oct 2014 13:14:43 +0200

openjpeg2 (2.1.0-1) unstable; urgency=low

  * New upstream. Closes: #761154, #761155
  * Rename binary packages to prevent conflicts. Closes: #760874
  * Remove "Multi-Arch: same" for -dev package. Closes: #760421

 -- Mathieu Malaterre <malat@debian.org>  Thu, 11 Sep 2014 17:40:46 +0200

openjpeg2 (2.0.0-1) unstable; urgency=low

  * New upstream. Closes: #738655.

 -- Mathieu Malaterre <malat@debian.org>  Fri, 23 May 2014 18:23:37 +0200
