[Bug 556483] Re: Merge xpdf 3.02-2 from Debian Unstable

Tue Apr 6 22:18:40 BST 2010

Ack. FFe approved.

** Changed in: xpdf (Ubuntu)
       Status: New => Confirmed

-- 
Merge xpdf 3.02-2 from Debian Unstable
https://bugs.launchpad.net/bugs/556483
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.

Status in “xpdf” package in Ubuntu: Confirmed

Bug description:
Binary package hint: xpdf

This package qualifies for a FFe since it fixes several security issues and bug fixes. 

debian/changelog:
xpdf (3.02-2) unstable; urgency=high

  [Michael Gilbert]
  * Fix multiple security issues (closes: #551287, #575779).
    - CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the
      SplashBitmap::SplashBitmap function in SplashBitmap.cc.
    - CVE-2009-3603: Additional integer overflows in the
      SplashBitmap::SplashBitmap function.
    - CVE-2009-3604: Null pointer dereference in the Splash::drawImage
      function in Splash.cc.
    - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep
      function in PSOutputDev.cc.
    - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream
      function in XRef.cc.
    - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream
      function in Stream.cc.
  * Bump standards version to 3.8.4 (no changes required).
  * Use ${misc:Depends}.
  * Adopt the package (closes: #535261, #527840).

  [Rogério Brito]
  * debian/copyright:
    + include versioned link to the GPL.
  * debian/*
    + convert to source format "3.0 (quilt)".
  * debian/{control,compat}:
    + bump compat to 5.
  * debian/control:
    + remove dpatch build-dep and calls in debian/rules.
    + include Homepage field.
    + build-depend on unversioned automake.
    + build-depend on versioned lesstif.
    + wrap build-depends line to keep sanity.
    + change build-dependency on x-dev to x11proto-core-dev. (Closes: #515495).
    + remove debian revision from versioned build-deps.
    + update standards-version to 3.8.3, with no extra changes required.
  * debian/rules:
    + remove commented lines.
    + fix the includes for lesstif. (See below).
    + remove deprecated dh_desktop helper.
    + don't ignore errors when calling "make -i distclean".
    + separate configuration from package compilation to keep things tidy.
    + don't remove recursively things that are only files.
  * debian/patches:
    + rename 00list to series.
    + disable patches 40 and 41, lesstif is fixed. (Closes: #458763, #528807).
    + refresh enabled patches to avoid potential problems with buildds.
    + escape minus signs from manpages.
    + fix path to configuration files. Tks Andrew Price. (Closes: #424747).
    + flexibilize the print dialog. Tks Dmitry Oboukhov. (Closes: #408502).
    + implement "Fit to Height". Tks Josh Triplett. (Closes: #424178).
  * debian/xpdf-common.postint:
    + don't use command with path in maintainer script.
  * debian/watch:
    + create watch file.
  * debian/xpdf.desktop:
    + remove obsolete indication of encoding.
    + remove custom category "PDFViewer".
  * debian/xpdf-reader.menu:
    + update obsolete section Apps -> Applications.
  * debian/xpdf-reader.dirs:
    + remove empty dir usr/lib/menu. Tks Nelson Oliveira. (Closes: #495150).
  * avoid conflict with poppler-utils. Tks Luca Capello. (Closes: #558020).

 -- Michael Gilbert <michael.s.gilbert at gmail.com>  Fri, 02 Apr 2010 17:40:49 -0400