2009
tiff (3.9.2-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Fri, 06 Nov 2009 22:52:06 -0500
tiff (3.9.1-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Fri, 28 Aug 2009 15:44:23 -0400
tiff (3.9.0-2) unstable; urgency=low
* Fix critical bug that could cause corrupt files to be written in some
cases. (Closes: #543079)
-- Jay Berkenbilt <qjb@debian.org> Fri, 28 Aug 2009 13:38:03 -0400
tiff (3.9.0-1) unstable; urgency=low
* New upstream release. All previous security patches have been
integrated.
-- Jay Berkenbilt <qjb@debian.org> Fri, 21 Aug 2009 11:40:49 -0400
tiff (3.9.0beta+deb1-1) experimental; urgency=low
* New upstream release (binary compatible with 3.8.2) -- release based
on 3.9 branch from upstream CVS; see README.Debian for details.
(Closes: #537118)
* Updated standards to 3.8.3; no changes required.
* Stopped using tarball in tarball packaging. (Closes: #538565)
-- Jay Berkenbilt <qjb@debian.org> Wed, 19 Aug 2009 20:33:10 -0400
tiff (3.8.2-13) unstable; urgency=high
* Apply patches to fix CVE-2009-2347, which covers two integer overflow conditions. * LZW patch from last update addressed CVE-2009-2285. Renamed the patch to make this clearer.
-- Jay Berkenbilt <qjb@debian.org> Sun, 12 Jul 2009 18:03:33 -0400
tiff (3.8.2-12) unstable; urgency=low
* Apply patch to fix crash in lzw decoder that can be caused by certain
invalid image files. (Closes: #534137)
* No longer ignore errors in preinst
* Fixed new lintian warnings; updated standards version to 3.8.2.
-- Jay Berkenbilt <qjb@debian.org> Sun, 28 Jun 2009 13:17:44 -0400
2008
tiff (3.8.2-11) unstable; urgency=high
* Apply security patches (CVE-2008-2327) * Convert patch system to quilt * Create README.source * Set standards version to 3.8.0
-- Jay Berkenbilt <qjb@debian.org> Sun, 17 Aug 2008 13:16:37 -0400
tiff (3.8.2-10+lenny1) testing-security; urgency=high
* Apply patches from Drew Yao of Apple Product Security to fix
CVE-2008-2327, a potential buffer underflow in the LZW decoder
(tif_lzw.c).
-- Jay Berkenbilt <qjb@debian.org> Sun, 17 Aug 2008 11:56:01 -0400
tiff (3.8.2-10) unstable; urgency=low
* Fix segmentation fault on subsequent parts of a file with an invalid
directory tag. (Closes: #475489)
-- Jay Berkenbilt <qjb@debian.org> Mon, 09 Jun 2008 11:02:53 -0400
tiff (3.8.2-9) unstable; urgency=low
* Backported tiff2pdf from 4.0.0 beta 2. This fixes many tiff2pdf bugs,
though unfortunately none of the ones opened in the debian bug
database!
* Added upstream homepage to debian control file.
-- Jay Berkenbilt <qjb@debian.org> Sat, 07 Jun 2008 22:52:27 -0400
tiff (3.8.2-8) unstable; urgency=low
* Accepted tmpfile patch tiff2pdf to fix bug that has been fixed
upstream since upstream release appears stalled. Thanks Jesse Long.
(Closes: #419773)
* Update standards version to 3.7.3; no changes required.
* ${Source-Version} -> ${binary:Version} in control
* Split documentation into separate libtiff-doc package. (Closes:
#472189)
-- Jay Berkenbilt <qjb@debian.org> Sat, 22 Mar 2008 12:30:38 -0400
tiff (3.8.2-7+etch1) stable-security; urgency=high
* Apply patches from Drew Yao of Apple Product Security to fix
CVE-2008-2327, a potential buffer underflow in the LZW decoder
(tif_lzw.c).
-- Jay Berkenbilt <qjb@debian.org> Sun, 17 Aug 2008 11:56:01 -0400
2007
tiff (3.8.2-7) unstable; urgency=high
* Replace empty directories in /usr/share/doc with links during package
upgrade. (Closes: #404631)
-- Jay Berkenbilt <qjb@debian.org> Tue, 2 Jan 2007 15:50:50 -0500
2006
tiff (3.8.2-6) unstable; urgency=high
* Add watch file
* Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:
- CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
- CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
- CVE-2006-3461: A heap overflow exists in the PixarLog decoder
- CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
- CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts()
- CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
- A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
- CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support
-- Jay Berkenbilt <qjb@debian.org> Mon, 31 Jul 2006 18:14:59 -0400
tiff (3.8.2-5) unstable; urgency=low
* Fix logic error that caused -q flag to be ignored when doing jpeg
compression with tiff2pdf. (Closes: #373102)
-- Jay Berkenbilt <qjb@debian.org> Mon, 19 Jun 2006 18:55:38 -0400
tiff (3.8.2-4) unstable; urgency=high
* SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
Thanks to Martin Pitt. (Closes: #371064)
* Add debian/patches/tiff2pdf-octal-printf.patch:
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
signed char (it printed a signed integer, which overflew the buffer and
was wrong anyway).
- CVE-2006-2193
-- Jay Berkenbilt <qjb@debian.org> Wed, 7 Jun 2006 17:52:12 -0400
tiff (3.8.2-3) unstable; urgency=high
* SECURITY UPDATE: Arbitrary command execution with crafted long file
names. Thanks to Martin Pitt for forwarding this.
Add debian/patches/tiffsplit-fname-overflow.patch:
- tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
user-specified file name into a statically sized buffer.
CVE-2006-2656. (Closes: #369819)
* Update standards version to 3.7.2. No changes required.
* Moved doc-base information to libtiff4 instead of libtiff4-dev.
-- Jay Berkenbilt <qjb@debian.org> Thu, 1 Jun 2006 21:24:21 -0400
tiff (3.8.2-2) unstable; urgency=low
* Fix build dependencies to get OpenGL utility libraries after new Xorg
packaging. (Closes: #365722)
* Updated standards version to 3.7.0; no changes required to package.
-- Jay Berkenbilt <qjb@debian.org> Tue, 2 May 2006 10:10:45 -0400
tiff (3.8.2-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Tue, 28 Mar 2006 21:42:33 -0500
tiff (3.8.0-3) unstable; urgency=low
* Switched build dependency from xlibmesa-gl-dev to libgl1-mesa-dev
(incorporating Ubunutu patch)
* Incorporated patch from upstream to fix handling of RGBA tiffs in
tiff2pdf. (Closes: #352849)
-- Jay Berkenbilt <qjb@debian.org> Sun, 26 Feb 2006 13:21:17 -0500
tiff (3.8.0-2) unstable; urgency=low
* Applied fixes from upstream to address a memory access violation
[CVE-2006-0405]. (Closes: #350715, #351223)
-- Jay Berkenbilt <qjb@debian.org> Fri, 3 Feb 2006 21:48:39 -0500
tiff (3.8.0-1) unstable; urgency=low
* New upstream release. (Closes: #349921) * NOTE: The debian version of 3.8.0 includes a patch to correct a binary incompatibility in the original 3.8.0 release. This libtiff package is binary compatible with 3.7.4 and will be binary compatible with the upcoming 3.8.1 release.
-- Jay Berkenbilt <qjb@debian.org> Fri, 27 Jan 2006 21:38:58 -0500
2005
tiff (3.7.4-1) unstable; urgency=low
* New upstream release * Fix typos in manual page (Closes: #327921, #327922, #327923, #327924)
-- Jay Berkenbilt <qjb@debian.org> Fri, 7 Oct 2005 10:25:49 -0400
tiff (3.7.3-1) unstable; urgency=low
* New upstream release * g++ 4.0 transition: libtiffxx0 is now libtiffxx0c2.
-- Jay Berkenbilt <qjb@debian.org> Sat, 9 Jul 2005 12:00:44 -0400
tiff (3.7.2-3) unstable; urgency=high
* Fix for exploitable segmentation fault on files with bad BitsPerSample
values. (Closes: #309739)
[libtiff/tif_dirread.c, CAN-2005-1544]
Thanks to Martin Pitt for the report.
-- Jay Berkenbilt <qjb@debian.org> Thu, 19 May 2005 05:41:28 -0400
tiff (3.7.2-2) unstable; urgency=high
* Fix zero pagesize bug with tiff2ps -a2 and tiff2ps -a3. Thanks to
Patrice Fournier for the patch. (Closes: #303583)
* Note: uploading with urgency=high since this very small fix impacts
tools only (not the library), and we don't want to block tiff's many
reverse dependencies from transitioning to sarge.
-- Jay Berkenbilt <qjb@debian.org> Sun, 10 Apr 2005 10:12:37 -0400
tiff (3.7.2-1) unstable; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb@debian.org> Sat, 19 Mar 2005 14:51:06 -0500
tiff (3.7.1-4) unstable; urgency=low
* Fix from upstream: include a better workaround for tiff files with
invalid strip byte counts. (Closes: #183268)
-- Jay Berkenbilt <qjb@debian.org> Tue, 22 Feb 2005 19:20:14 -0500
tiff (3.7.1-3) unstable; urgency=low
* Disable C++ new experimental interfaces for now; will reappear in a
future version in the separate libtiffxx0 package.
-- Jay Berkenbilt <ejb@ql.org> Sat, 29 Jan 2005 13:32:37 -0500
tiff (3.7.1+pre3.7.2-1) experimental; urgency=low
* New upstream release * Separate experimental C++ interface into separate libtiffxx library.
-- Jay Berkenbilt <ejb@ql.org> Sat, 29 Jan 2005 13:03:19 -0500
tiff (3.7.1-2) unstable; urgency=low
* Make -dev package depend upon other -dev packages referenced in the
.la file created by libtool. (Closes: #291136)
* tiff2ps: Allow one of -w and -h without the other. (Closes: #244247)
-- Jay Berkenbilt <ejb@ql.org> Wed, 19 Jan 2005 10:45:00 -0500
tiff (3.7.1-1) unstable; urgency=low
* New upstream release * Correct error in doc-base file (Closes: #285652)
-- Jay Berkenbilt <ejb@ql.org> Wed, 5 Jan 2005 16:54:12 -0500
2004
tiff (3.7.0-2) experimental; urgency=low
* Replace hard-coded libc6-dev dependency with something friendlier to
porters (libc6-dev | libc-dev). (Closes: #179727)
* Fixed upstream: proper netbsdelf*-gnu support in configure. Actually
fixed in 3.7.0-1 but left out of changelog. (Closes: #179728)
* Include opengl support; adds new libtiff-opengl package. (Closes: #219456)
* Fixed upstream: fax2ps now allows access to first page. (Closes: #244251)
-- Jay Berkenbilt <ejb@ql.org> Sat, 11 Dec 2004 09:51:52 -0500
tiff (3.7.0-1) experimental; urgency=low
* New upstream release (Closes: #276996) * New maintainer (Thanks Joy!) * Repackage using cdbs and simple-patchsys to fix some errors and simplify patch management * Fixed upstream: tiff2pdf ignores -z and -j (Closes: #280682) * Fixed upstream: Memory leak in TIFFClientOpen (Closes: #256657)
-- Jay Berkenbilt <ejb@ql.org> Fri, 26 Nov 2004 13:50:13 -0500
tiff (3.6.1-5) unstable; urgency=high
* New maintainer (thanks Joy!)
* Applied patch by Dmitry V. Levin to fix a segmentation fault
[tools/tiffdump.c, CAN-2004-1183]
Thanks to Martin Schulze for forwarding the patch.
* Fixed section of -dev package (devel -> libdevel)
-- Jay Berkenbilt <ejb@ql.org> Wed, 5 Jan 2005 16:27:26 -0500
tiff (3.6.1-4) unstable; urgency=high
* Fix heap overflow security bug [CAN-2004-1308]. (Closes: #286815)
-- Jay Berkenbilt <ejb@ql.org> Wed, 22 Dec 2004 10:20:52 -0500
tiff (3.6.1-3) unstable; urgency=medium
* Patches from upstream to fix zero-size tile and integer overflow
problems created by previous security patches, closes: #276783.
* Added Jay Berkenbilt as co-maintainer. Jay thanks Joy for letting him
help and eventually take over maintenance of these packages!
-- Josip Rodin <joy-packages@debian.org> Mon, 01 Nov 2004 12:28:27 +0100
tiff (3.6.1-2) unstable; urgency=low
* Included security fixes for:
+ CAN-2004-0803
- libtiff/tif_luv.c
- libtiff/tif_next.c
- libtiff/tif_thunder.c
+ CAN-2004-0804 (but this one is already applied upstream, it seems)
- libtiff/tif_dirread.c
+ CAN-2004-0886
- libtiff/tif_aux.c
- libtiff/tif_compress.c
- libtiff/tif_dir.c
- libtiff/tif_dirinfo.c
- libtiff/tif_dirread.c
- libtiff/tif_dirwrite.c
- libtiff/tif_extension.c
- libtiff/tif_fax3.c
- libtiff/tiffiop.h
- libtiff/tif_getimage.c
- libtiff/tif_luv.c
- libtiff/tif_pixarlog.c
- libtiff/tif_strip.c
- libtiff/tif_tile.c
- libtiff/tif_write.c
Thanks to Martin Schulze for forwarding the patches.
-- Josip Rodin <joy-packages@debian.org> Thu, 14 Oct 2004 16:13:11 +0200
tiff (3.6.1-1.1) unstable; urgency=medium
* Non-maintainer upload; thanks to Jay Berkenbilt <ejb@ql.org> for preparing the patches * Rename shared library and development packages to resolve accidental upstream ABI change. Closes: #236247 * Include patch from upstream to fix multistrip g3 fax bug. Closes: #243405 * Include LZW support. Closes: #260242, #248490 * Fix URL in copyright file. Closes: #261357 * Install missing documentation files. Closes: #261356
-- Steve Langasek <vorlon@debian.org> Sun, 25 Jul 2004 10:28:06 -0400
tiff (3.6.1-1) unstable; urgency=low
* New upstream version, closes: #231977. * Slightly fixed up the static lib build rules so that the build process does the normal stuff for the dynamic lib and then does the static with the same tiffvers.h.
-- Josip Rodin <joy-packages@debian.org> Mon, 23 Feb 2004 18:23:34 +0100
2002
tiff (3.5.7-2) unstable; urgency=high
* Added back the patch that used -src static/libtiff.a in the install
rule. Wonder how that disappeared... closes: #170914.
* Fake it's a GNU system in order for the configure script to use our
toolchain stuff on the NetBSD port, thanks to Joel Baker, closes: #130636.
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 10 Dec 2002 17:18:28 +0100
tiff (3.5.7-1) unstable; urgency=low
* New upstream version, closes: #144940. * A whole new set of patches for the breakage in the build system :)
-- Josip Rodin <jrodin@jagor.srce.hr> Sun, 6 Oct 2002 22:54:08 +0200
2001
tiff (3.5.5-6) unstable; urgency=low
* It appears that the general 64-bit detection code, isn't.
We have to include all of those three conditions, feh.
This really closes: #106706.
-- Josip Rodin <jrodin@jagor.srce.hr> Wed, 8 Aug 2001 23:09:55 +0200
tiff (3.5.5-5) unstable; urgency=low
* Changed two Alpha/Mips-isms into general 64-bit detection code,
patch from John Daily <jdaily@progeny.com>, closes: #106706.
* Patched man/Makefile.in to generate a manual page file for
TIFFClientOpen(3t), as a .so link to TIFFOpen(3t), closes: #99577.
* Used /usr/share/doc in the doc-base file, closes: #74122.
* Changed libtiff3g-dev's section back to devel, since graphics was,
according to elmo, "hysterical raisins". :))
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 27 Jul 2001 01:43:04 +0200
tiff (3.5.5-4) unstable; urgency=low
* Updated config.* files, closes: #94696. * Fixed libtiff3g-dev's section, closes: #85533.
-- Josip Rodin <jrodin@jagor.srce.hr> Wed, 20 Jun 2001 18:29:24 +0200
2000
tiff (3.5.5-3) unstable; urgency=low
* Build shared library on Hurd, too, closes: #72482. * Upped Standards-Version to 3.5.0.
-- Josip Rodin <jrodin@jagor.srce.hr> Sat, 30 Sep 2000 17:42:13 +0200
tiff (3.5.5-2) unstable; urgency=low
* Make `dynamic shared object' on Linux unconditionally, fixes the problem
with libc.so.6.1 on alpha, thanks Chris C. Chimelis.
-- Josip Rodin <jrodin@jagor.srce.hr> Wed, 13 Sep 2000 21:44:00 +0200
tiff (3.5.5-1) unstable; urgency=low
* New upstream version. * The upstream build system sucks. There, I said it. Back to work now. :) * Added a build dependencies on make (>= 3.77) (closes: #67747) and debhelper. * Standards-Version: 3.2.1: + added DEB_BUILD_OPTIONS checks in debian/rules
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 29 Aug 2000 14:06:02 +0200
tiff (3.5.4-5) frozen unstable; urgency=low
* Fixed 16-bit/32-bit values bug in fax2ps from libtiff-tools, that
also breaks printing from hylafax, using provided oneliner patch
from Bernd Herd (accepted upstream), closes: #49232 and probably #62235.
-- Josip Rodin <jrodin@jagor.srce.hr> Mon, 27 Mar 2000 17:12:10 +0200
tiff (3.5.4-4) frozen unstable; urgency=low
* Weird dpkg-shlibdeps from dpkg 1.6.8-pre has done it again, this time
with libz.so, making the packages depend on zlib1 (instead of zlib1g).
Closes: #56134, #56137, #56140, #56155.
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 25 Jan 2000 18:05:28 +0100
tiff (3.5.4-3) frozen unstable; urgency=low
* Included libtiff.so file in libtiff3g-dev, dammit :( My eye hurts,
a lot, but this was easy to fix, thank goodness :) (closes: #55814).
This bugfix deserves to get into frozen because the bug cripples
libtiff3g-dev, a lot.
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 21 Jan 2000 19:02:22 +0100
1999
tiff (3.5.4-2) unstable; urgency=low
* Fixed upstream build system to use ${DESTDIR}, and with that working,
created install: rule in debian/rules and used it.
* Fixed the way rules file gets the version from upstream sources,
and fixed dist/tiff.alpha, it didn't work.
* Removed README file from libtiff3g binary package, useless.
* Fixed configure script not to emit the wrong warning about
zlib/jpeg dirs not specified (they're in /usr/include, stupid :).
-- Josip Rodin <jrodin@jagor.srce.hr> Thu, 30 Dec 1999 01:17:32 +0100
tiff (3.5.4-1) unstable; urgency=low
* New upstream version, closes: #50338. * Disabled libc5 build, it wouldn't compile. :(
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 3 Dec 1999 20:49:25 +0100
tiff (3.5.2-4) unstable; urgency=low
* Castrated the rules file, to make it actually work on !(i386 m68k).
Closes: #49316.
-- Josip Rodin <jrodin@jagor.srce.hr> Sat, 6 Nov 1999 13:22:54 +0100
tiff (3.5.2-3) unstable; urgency=low
* Removed sparc from the libtiff3 arches list, as BenC advised.
-- Josip Rodin <jrodin@jagor.srce.hr> Fri, 29 Oct 1999 23:29:23 +0200
tiff (3.5.2-2) unstable; urgency=low
* Changed Architecture: line for libtiff3 from "any" to "i386 m68k sparc"
as it is actually only built on those. Changed description a little bit.
* Minor fixes to the rules file.
-- Josip Rodin <jrodin@jagor.srce.hr> Thu, 28 Oct 1999 14:00:02 +0200
tiff (3.5.2-1) unstable; urgency=low
* New upstream version.
* Renamed source package to just "tiff", like upstream tarball name.
* New maintainer (thanks Guy!). Renewed packaging, with debhelper,
using Joey's nifty multi2 example, with several adjustments.
* Ditched libtiff3-altdev, nobody's using that and nobody should be
using that. Packaging for it still exists, it's just commented out.
* Uses doc-base for -dev docs now. Uncompressed HTML docs, 100kb space
saved is pointless when you can't use any links between documents.
-- Josip Rodin <jrodin@jagor.srce.hr> Tue, 26 Oct 1999 16:20:46 +0200
libtiff3 (3.4beta037-8) unstable; urgency=low
* Argh, same bug in the prerm, closes: #36990, #36850, #36855, #36866, #36988.
-- Guy Maor <maor@debian.org> Sat, 1 May 1999 10:12:23 -0700
libtiff3 (3.4beta037-7) unstable; urgency=low
* Don't error when dhelp is not installed, closes: #36879, #36922.
-- Guy Maor <maor@debian.org> Thu, 29 Apr 1999 19:17:55 -0700
libtiff3 (3.4beta037-6) unstable; urgency=low
* Only build libc5 packages on appropriate archs, closes: #27083, #32007. * Apply NMU patch, closes: #26413, #26887. * Add dhelp support, closes: #35154. * Recompile removes invalid dependency, closes: #30961.
-- Guy Maor <maor@debian.org> Sat, 24 Apr 1999 15:17:51 -0700
1998
libtiff3 (3.4beta037-5.1) frozen unstable; urgency=low
* NMU to not use install -s to strip static .a libraries. Fixes: #26413 * Build with recent libjpeg. Fixes: #26887 * Add Section: and Priority: headers to debian/control.
-- Ben Gertzfield <che@debian.org> Mon, 26 Oct 1998 22:44:33 -0800
libtiff3 (3.4beta037-5) unstable; urgency=low
* Explicit link with -lm (and don't need -lc now), fixes: #19167, #22180.
-- Guy Maor <maor@ece.utexas.edu> Tue, 11 Aug 1998 22:27:56 -0700
libtiff3 (3.4beta037-4) unstable; urgency=low
* libtiff3-tools conflicts & replaces with libtiff3-gif (13521,15107).
-- Guy Maor <maor@ece.utexas.edu> Sun, 11 Jan 1998 13:09:28 -0800
1997
libtiff3 (3.4beta037-3) unstable; urgency=low
* New libjpegg contains shlibs file, so don't need shlibs.local. * Compile with -D_REENTRANT. * Add shlibs for libtiff3g (13423).
-- Guy Maor <maor@ece.utexas.edu> Sat, 27 Sep 1997 13:17:45 -0500
libtiff3 (3.4beta037-2) unstable; urgency=low
* Add libjpegg6a to shlibs.local to correct for broken dependency.
-- Guy Maor <maor@ece.utexas.edu> Fri, 26 Sep 1997 11:23:55 -0500
libtiff3 (3.4beta037-1) unstable; urgency=low
* New upstream version, libc6 compile, policy 2.3.0.0 (5136, 7470, 7627, 8166
8312, 9479, 9492, 9531, 11700, 11702).
* Fix check for shared lib support (10805).
-- Guy Maor <maor@ece.utexas.edu> Tue, 23 Sep 1997 16:55:56 -0500