Accepted libpng 1.2.8rel-5 (source)

Ubuntu Installer archive at ubuntu.com
Wed Feb 22 20:55:26 GMT 2006


Accepted:
 OK: libpng_1.2.8rel-5.dsc
     -> Component: universe Section: libs
 OK: libpng_1.2.8rel.orig.tar.gz
 OK: libpng_1.2.8rel-5.diff.gz

Origin: Debian/unstable
Format: 1.7
Date: Wed,  22 Feb 2006 20:45:23 +0000
Source: libpng
Binary: libpng12-0-udeb, libpng12-dev, libpng3, libpng12-0
Architecture: source
Version: 1.2.8rel-5
Distribution: dapper
Urgency: high
Maintainer: Josselin Mouette <joss at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Closes: 125679 128384 128871 129268 129269 150595 151343 155403 155891 163425 166489 166704 172868 172871 174842 178070 191081 263500 273473 278308 278526 278618 278917 278921 279258 281789 281789 282368 285427 289437 299343 322051 329812 329886 331383
Changes: 
 libpng (1.2.8rel-5) unstable; urgency=low
 .
   * drop_pass_width.patch: don't export png_pass_width, it's absolutely 
     unnecessary.
   * libpng12-0.shlibs: downgrade the shlibs accordingly
     (closes: #331383).
 .
 libpng (1.2.8rel-4) unstable; urgency=low
 .
   * makefile.patch:
     + Use PNG_PRIVATE to get the list of private symbols as well. It
       sucks, but they've been there for too long (closes: #329886).
     + Use mawk instead of awk (closes: #329812).
   * control: build-depend on mawk.
   * rules:
     + Use -O2, not -O3.
     + Actually run the tests.
     + Make use of x86_patches/ on x86 architectures.
   * x86_patches/mmxbuild.patch: build MMX routines in pnggccrd.c.
   * x86_patches/pnggccrd-PIC.patch: patch from Christian Aichinger
     to make the assembly routines PIC-compatible.
   * libpng12-0.shlibs: bump the shlibs version.
 .
 libpng (1.2.8rel-3) unstable; urgency=low
 .
   * Upload to unstable.
   * Rename the source package to libpng.
 .
 libpng3 (1.2.8rel-2) experimental; urgency=low
 .
   * makefile.patch:
     + now patch makefile.elf, so that only public symbols are truly
       exported.
     + shorten the differences as much as possible.
   * rules: use makefile.elf now.
   * Move libpng3 to oldlibs.
   * Entirely remove libpng3-dev, making libpng12-dev provide it
     (closes: #322051).
   * poynton.patch: correct Charles Poynton's address (closes: #289437).
   * Don't run the test when cross-building (closes: #285427).
   * setjmp_error.patch: don't stop when we are not using _BSD_SOURCE, as
     in this case this is harmless (closes: #299343).
   * libpng3.postinst: removed, the fix is in sarge.
   * Standards-version is 3.6.2.
   * legacy_symbols.patch: still export png_read_destroy and 
     png_write_destroy, which are deprecated but should nevertheless be 
     accessible.
 .
 libpng3 (1.2.8rel-1) unstable; urgency=medium
 .
   * New upstream release.
   * read_transformations.patch: removed, included upstream.
   * libpng12-0.shlibs: Update to version 1.2.8rel, new flags seem to have been
     added.
 .
 libpng3 (1.2.8beta5-2) unstable; urgency=medium
 .
   * read_transformations.patch: fix segmentation fault with latex
     (closes: #281789) and totem (closes: #278618).
 .
 libpng3 (1.2.8beta5-1) unstable; urgency=medium
 .
   * New upstream release.
     + Correct segmentation violation in png_combine_row.
       Closes: #278526, #278917, #278921, #279258, #281789, #282368.
 .
 libpng3 (1.2.7-1) unstable; urgency=medium
 .
   * New upstream release (closes: #278308).
   * libpng12-0.shlibs: update shlibs to version 1.2.7.
   * Remove all security fixed, they are included upstream.
 .
 libpng3 (1.2.5.0-9) unstable; urgency=high
 .
   * CAN-2004-0954.patch: removed, this is already fixed in
     CAN-2004-0597_0598_0599.patch.
 .
 libpng3 (1.2.5.0-8) unstable; urgency=high
 .
   * Switch to CDBS.
     + Ship modifications and security fixes in debian/patches.
     + debian/rules: rewritten.
     + debian/control: build-depend on cdbs.
     + debian/libpng12-0.shlibs: new.
   * setjmp_error.patch: port explanation of the error when including setjmp.h
     from libpng10, thanks Matijs van Zuijlen <Matijs.van.Zuijlen at xs4all.nl>
     (closes: #273473).
   * CAN-2004-0954.patch: fix buffer overflow vulnerability in
     png_handle_tRNS().
   * CAN-2004-0955.patch: fix integer arithmetic overflow vulnerability in
     png_read_png().
 .
 libpng3 (1.2.5.0-7) unstable; urgency=high
 .
   * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
     buffer offsets [CAN-2004-0768].
   * png.h, pngpread.c, pngrutil.c: patch from Chris Evans
     <chris at scary.beasts.org> to fix several vulnerabilities (closes: #263500):
     + libpng fails to properly check length on PNG data [CAN-2004-0597].
     + libpng "png_handle_sBIT" does not perform proper checks to avoid stack
       buffer overflow [CAN-2004-0597].
     + libpng "png_handle_iCCP" possible NULL-pointer crash
       [CAN-2004-0598].
     + libpng "png_handle_sPLT" possible integer overflow
       [CAN-2004-0599].
     + libpng "png_read_png" does not properly handle a PNG with excessive
       height (integer overflow) [CAN-2004-0599].
     + libpng progressive reading integer overflow [CAN-2004-0599].
 .
 libpng3 (1.2.5.0-6) unstable; urgency=high
 .
   * pngerror.c: applied patch by Steve Grubb <linux_4ever at yahoo.com> to
     fix unintended memory access that could result in a crash of the
     application linking against libpng [CAN-2004-0421].
 .
 libpng3 (1.2.5.0-5) unstable; urgency=low
 .
   * Use debhelper 4.2, which generates the udeb appropriately.
   * Update control and rules appropriately.
   * Don't use ${shlibs:Depends} for the udeb, rather write the
     dependencies by hand.
   * Standards-version is 3.6.1.
 .
 libpng3 (1.2.5.0-4) unstable; urgency=low
 .
   * scripts/makefile.linux: use versioned dependencies
     (closes: #155891).
   * debian/rules: bump dependency for dh_makeshlibs.
   * add the libpng.a link in libpng12-dev.
   * Rework scripts/makefile.linux to make it more consistent.
   * Update stuff in debian/ accordingly.
   * Updated README.Debian.
 .
 libpng3 (1.2.5.0-3) unstable; urgency=low
 .
   * Make libpng3{,-dev} depend on libpng12-{0,dev} >= 1.2.5.0-2 instead
     of the strict source version.
   * Move /usr/share/doc/libpng3{,-dev} into symlinks at postinst time
     when directories already exist.
   * debian/rules: install correctly doc-base stuff.
   * debian/libpng12-dev.doc-base: updated URIs.
 .
 libpng3 (1.2.5.0-2) unstable; urgency=low
 .
   * scripts/{makefile.linux,libpng-config-body.in}: correct the
     libpng12-config script.
   * Install correctly pkg-config stuff (closes: #191081).
   * Make libpng12-dev conflict explicitly with libpng12-0-dev.
   * Update README.Debian.
 .
 libpng3 (1.2.5.0-1) unstable; urgency=low
 .
   * New maintainer.
   * Use real upstream tarball from 1.2.5 release.
   * Use dpkg-source's way instead of dpatch for patching.
   * A bit of rework in debian/rules, use dh_install and debhelper 4.
   * Standards-version is 3.5.9.
   * The -dev package is now named libpng12-dev (stop using the
     libpkg-guide way).
   * libpng3 is now arch-independent.
   * Improved descriptions a bit.
   * Don't supply libpngpf.3, it is not useful to programmers.
 .
 libpng3 (1.2.5-11) unstable; urgency=low
 .
   * Add udeb (closes: #174842)
   * Add missing section on source files.
 .
 libpng3 (1.2.5-10) unstable; urgency=low
 .
   * Rebuild with d-shlibs with fixed "libgcc_s1-dev" handling (for gcc-3.2).
   (closes: #178070), build-depend on d-shlibs 0.10 or greater.
 .
 libpng3 (1.2.5-9) unstable; urgency=low
 .
   * Use dpatch for patch system -- divide Debian patch, and security fix patch.
   * Standards-Version: 3.5.8
   * add manual page libpng-config.1 and libpng12-config.1
 .
 libpng3 (1.2.5-8) unstable; urgency=low
 .
   * Sorry folks, I made a mistake.
   * Forward-port of patch from the Security Team,
   really apply what was there. (closes: #172868,#172871)
 .
 libpng3 (1.2.5-7) unstable; urgency=high
 .
   * Forward-port of patch from the Security Team
   * Applied patch to pngrtran.c by Glenn Randers-Pehrson
     <glennrp at comcast.net> to fix a buffer overrun.
 .
 libpng3 (1.2.5-6) unstable; urgency=low
 .
   * Typo in scripts/makefile.linux.
   Mistake. -lz and -lm weren't happening.
   * Change LDFLAGS to not list -lz -lm, so that testsuite will catch such error.
   * set prefix=/usr/ in scripts/makefile.linux, since it was set to usr/local.
 .
 libpng3 (1.2.5-5) unstable; urgency=low
 .
   * scripts/makefile.linux: LIBADDFLAGS introduced, for shared library lib additional
   flags, and use that for shared library.
   - this should fix build failure (closes: #166704)
   Thanks Daniel Schepler <schepler at math.berkeley.edu> for reporting.
   * updated copyright file to note that libpng3 in Debian is patched to
   link with -lz -lm.
 .
 libpng3 (1.2.5-4) unstable; urgency=low
 .
   * Trying to fix the problem that libpng3 seems to be not linked against libz.
   LDFLAGS was defined but not being used.
   Thanks Mike Furr <mfurr at debian.org> for reporting (closes: #166489)
 .
 libpng3 (1.2.5-3) unstable; urgency=low
 .
   * Fixed description, I mixed up the -devel and non-devel
   packages.
   * updated README.Debian.
 .
 libpng3 (1.2.5-2) unstable; urgency=low
 .
   * careless mistake :(
   * reinstall libpng.so symlink in libpng-12-0-dev package.
   Otherwise other packages won't build ...
 .
 libpng3 (1.2.5-1) unstable; urgency=low
 .
   * New upstream version (closes: #163425)
   * re-patched makefile.linux to work with system zlib,
     added workaround to set CFLAGS, and remove rpath settings from LDFLAGS
   * Use debhelper.
   * No longer create /usr/doc symlinks.
   * Standards-Version: 3.5.7
 .
 libpng3 (1.2.1-5) unstable; urgency=low
 .
   * Not yet released.
   * Change priority from standard to optional.
 .
 libpng3 (1.2.1-4) unstable; urgency=low
 .
   * change -dev dependency of libc6-dev to libc-dev 
 .
 libpng3 (1.2.1-3) unstable; urgency=low
 .
   * Security fix backported from 1.2.4. Check bounds of variables.
   (closes: #155403)
 .
 libpng3 (1.2.1-2) unstable; urgency=low
 .
   * New maintainer (closes: #151343)
   * apply buffer overflow patch for interlaced png files (closes: #150595)
   * update description for libpng3-dev.
   * change libpng-dev to libpng3-dev
 .
 libpng3 (1.2.1-1.1) unstable; urgency=low
 .
   * NMU
   * Provides: libpng2-dev has been changed to Provides: libpng3-dev
     libpng2-dev can be put back in when some kind of sane transition has
     finished.
     (closes: #128384, #128871, #129268, #129269)
 .
 libpng3 (1.2.1-1) unstable; urgency=low
 .
   * New upstream version; closes: #125679.
   * New source package name: libpng3.
   * Renamed libpng<x>-dev to libpng-dev to avoid having to maintain several
     development packages (the -dev is source compatible).
   * Moved png.5 into the -dev package.
   * Added a Replaces: libpng2 to libpng-dev so that we can steal the png.5
     manpage without fuss.
   * Changed debian/shlibs for libpng3.
   * Compress examples/pngtest.c.
Files: 
 47746a3af5ffa1976813484c3cffd700 634 libs optional libpng_1.2.8rel-5.dsc
 cac1512878fb98f2456df6dc50bc9bc7 510681 libs optional libpng_1.2.8rel.orig.tar.gz
 e022840e7ef59026fe4e4f34d8e5383f 15862 libs optional libpng_1.2.8rel-5.diff.gz





More information about the dapper-changes mailing list