djvulibre - Debian Package Tracker

general

source: djvulibre (main)
version: 3.5.28-2.2
maintainer: Barak A. Pearlmutter (DMD) (LowNMU)
uploaders: Leon Bottou [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.5.28-2
old-sec: 3.5.28-2.2~deb11u1
stable: 3.5.28-2
stable-sec: 3.5.28-2.1~deb12u1
stable-p-u: 3.5.28-2.1~deb12u1
testing: 3.5.28-2.1
unstable: 3.5.28-2.2

versioned links

3.5.28-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.28-2.1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.28-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.28-2.2~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.28-2.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

djview (1 bugs: 0, 0, 1, 0)
djview3
djvulibre-bin (13 bugs: 0, 9, 4, 0)
djvulibre-desktop
djvuserve
libdjvulibre-dev
libdjvulibre-text
libdjvulibre21 (2 bugs: 0, 2, 0, 0)

action needed

A new upstream version is available: 3.5.29 high

A new upstream version 3.5.29 is available, you should consider packaging it.

Created: 2025-07-05 Last update: 2025-07-22 20:35

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2021-46310: An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
CVE-2021-46312: An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

Created: 2023-08-24 Last update: 2025-07-21 16:30

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-07-22 20:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.5.29-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 495b88427af13ef9f601a96d9446c8bb8a5bc282
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue Jul 8 14:13:03 2025 +0100

    lintian
    
    I: djvuserve: ored-depends-on-obsolete-package
    Recommends: apache => apache2

commit f61d54797577778189de6f3eaf01c9b9d582a345
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue Jul 8 07:58:01 2025 +0100

    update patches and log changes

commit e281b22c0ba86a24b5c4e8754a2978f26ba424e2
Merge: b55ebd1 4a285e8
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue Jul 8 07:54:25 2025 +0100

    Merge tag 'release.3.5.29' into debian

commit b55ebd109fa06d70abe2b457f1e1360e349f1dea
Merge: 1fba21d 80395d4
Author: Salvatore Bonaccorso <carnil@debian.org>
Date:   Fri Jul 4 16:53:56 2025 +0200

    Merge tag 'debian/3.5.28-2.1' into debian
    
    tagging package djvulibre version debian/3.5.28-2.1

commit 1fba21d12bd78e44b5f433872ef31e08b3db0f4b
Merge: b5c2aad f6e18b0
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date:   Fri Jul 4 12:23:16 2025 +0000

    Merge branch 'scrub-obsolete' into 'debian'
    
    Remove unnecessary constraints
    
    See merge request debian/djvulibre!1

commit 4a285e8da5cd9a2a6b296242a952ee96e519280d
Author: Leon Bottou <leonb@fb.com>
Date:   Thu Jul 3 11:33:32 2025 -0400

    MMRDecoder: more margin in lineruns

commit bc14493f95f6d3737a1095098cff7d1517a04e9a
Author: Leon Bottou <leonb@fb.com>
Date:   Wed Jul 2 13:10:18 2025 -0400

    Release 3.5.29 (bug fix release)

commit 33f645196593d70bd5e37f55b63886c31c82c3da
Author: Leon Bottou <leonb@fb.com>
Date:   Wed Jul 2 12:49:40 2025 -0400

    Fix potential buffer overflow in MMRDecoder

commit 73cda644ea5572cae241c3beac47ff1960f7d4c7
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Apr 15 08:01:42 2025 -0400

    Make ddjvu help text mention pdf

commit 4d741e544a6b043d32eb98339166a7b466ac3ba6
Author: Leon Bottou <leon@bottou.org>
Date:   Thu Nov 14 07:38:18 2024 -0500

    Fixed djvudigital space issues

commit b0ff6fa85532870306dd59e38283dbd61c020e11
Merge: 7e6b80a 576b89c
Author: b'Leon Bottou <allura@localhost>
Date:   Fri Sep 13 15:30:15 2024 +0000

    Merge /u/trufanov/djvu/ branch master into master
    
    https://sourceforge.net/p/djvu/djvulibre-git/merge-requests/2/

commit 7e6b80a0ee6077abcd55b359e24d2371e2281511
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Jul 16 12:34:14 2024 -0400

    clang warning cleanup (harmless)

commit af70e20ecd343edb495ee179cad4bd2191afe16c
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Jul 16 12:27:00 2024 -0400

    misc protection against corrupted data.

commit 502f2b4b7457223e8f3b65cd62fa4d5afbece7a6
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Jul 16 09:59:44 2024 -0400

    Adjust pctx when resizing the numcoder context.
    
    Otherwise one might write to just freed memory in line 488.
    This is not supposed to happen in normal djvu files,
    but can happen in corrupted files.

commit a8ae572254a6cf5c0f036e655daf3517a0452e07
Author: Leon Bottou <leon@bottou.org>
Date:   Wed May 8 10:14:19 2024 -0400

    Eliminate warning with a uintptr_t cast

commit 4be971a9e4ffb8cf24d8a421eb5e66d172e872e5
Author: Michael Bogdanov <mikhael.bogdanov@gmail.com>
Date:   Fri Apr 26 09:12:50 2024 +0200

    Add lost return
    
    Original commit: 90bb99a7c01d77cd066644fd1862664d70b29483

commit 0b838120c7840b48399bddc9e98c774773a84828
Author: Leon Bottou <leon@bottou.org>
Date:   Sun Mar 10 16:17:11 2024 -0400

    clang compat -- snprintf -- vtorri's datadir patch

commit d30971e232461c66a545d210ec4f024749a5f6c3
Author: Leon Bottou <leonb@fb.com>
Date:   Mon Nov 6 15:00:16 2023 -0500

    Added DDJVUAPI to GMonitor and GSafeFlags
    Is this enough to remove --export-all-symbols?

commit 208a8d6c212e994071dbc56ee5eea3f931eb5860
Author: Leon Bottou <leonb@fb.com>
Date:   Mon Nov 6 13:59:03 2023 -0500

    Navigating the INT32 problems in JPEGLIB

commit b5c2aad795be6b770793322b51bba90fa02658b4
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue Mar 22 22:02:42 2022 +0000

    approved way of snarfing DEB_HOST_MULTARCH

commit 1b3abdc78d799756494de8d66dfeebec91b19970
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Wed Jul 26 21:02:53 2023 +0100

    Update standards version to 4.6.2, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 646e08bf470debac77cc44666c06d31492a9ef91
Merge: 58afe62 6a1e5ba
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Wed Jul 26 21:00:24 2023 +0100

    Merge branch 'master' into debian

commit f6e18b0e42919354715fba93344c07e23467d0ac
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 9 16:48:55 2022 +0000

    Remove constraints unnecessary since buster (oldstable)
    
    * libdjvulibre-text: Drop conflict with removed package djview3 (= 3.5.20-9) in Replaces.
    * libdjvulibre-text: Drop conflict with removed package djvulibre-desktop (<< 3.5.20-9) in Replaces.
    * djvulibre-desktop: Drop conflict with removed package libdjvulibre21 (<= 3.5.20-5) in Conflicts.
    * djvuserve: Drop conflict with removed package djvulibre-bin (<< 3.5.9-3) in Conflicts.
    
    Changes-By: deb-scrub-obsolete

commit 58afe620206653054d163e63325b9c9081eafb5f
Merge: 8a7c725 2d77098
Author: Jelmer Vernooĳ <jelmer@debian.org>
Date:   Sat Nov 19 11:52:46 2022 +0000

    Merge branch 'lintian-fixes' into 'debian'
    
    Fix some issues reported by lintian
    
    See merge request debian/djvulibre!2

commit 2d770986c5b1a97153eeda91b3f1c87c7de3fa0a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Mon Nov 14 23:48:47 2022 +0000

    Update standards version to 4.6.1, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit eb64cda0e7d1f38e72986ba608439288c99b295b
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Mon Nov 14 23:48:34 2022 +0000

    Use secure URI in Homepage field.
    
    Changes-By: lintian-brush
    Fixes: lintian: homepage-field-uses-insecure-uri
    See-also: https://lintian.debian.org/tags/homepage-field-uses-insecure-uri.html

commit 6a1e5ba1c9ef81c205a4b270c3f121a1e106f4fc
Author: Leon Bottou <leonb@fb.com>
Date:   Thu Aug 4 19:06:51 2022 -0400

    Add navm fix to djvuchanges. Fix -bpp limit in c44.

commit 1a47fd3a6396efcbcba892bb415185ddeb6d3535
Author: Leon Bottou <leon@bottou.org>
Date:   Sun Dec 5 19:17:49 2021 -0500

    Improved merge_and_split_ccs does not join large cc pieces.
    See https://sourceforge.net/p/djvu/discussion/103286/thread/3898bf84bf/?limit=25#b26f

commit 8a7c7253ad2a1a8c64f09c81d4b72fd0d8e28024
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Thu Sep 2 14:17:17 2021 +0100

    bump policy

commit d0b5e196b0417cce836ce606df9dd5691f1fe2d1
Merge: 2bec685 2ad2b70
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Fri Jul 23 14:14:49 2021 +0100

    Merge remote-tracking branch 'upstream/master' into debian

commit 2ad2b702d864d1974f0c569a7594b27e67c64a40
Author: Leon Bottou <leon@bottou.org>
Date:   Sun Jul 11 09:38:52 2021 -0400

    fixed typo in previous commit

commit 254b3f3f3824960eb1eed5f3d5683c30365ff95c
Author: Leon Bottou <leon@bottou.org>
Date:   Sun Jul 11 08:48:31 2021 -0400

    Tentative fix for bug #302

commit 9d00916b06a54bb8ce2807f2d6faeb4f1a6aa118
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Jun 15 18:38:23 2021 -0400

    tentative fix for incorrect resolution in tiff tags

commit eec7b7228d2c4d8f95d824fc3911f2a5ff57ffa9
Author: Leon Bottou <leon@bottou.org>
Date:   Wed Jun 2 09:50:37 2021 -0400

    DjVuToPS fix for images without foreground.

commit 576b89ccecd5524e2509c6c1ecbb12374ab15394
Author: Alexander Trufanov <trufanovan@gmail.com>
Date:   Mon May 31 13:20:33 2021 +0300

    Fix initial zoom value description

commit 2bec685223379e3ab590318f0d2600d822f78aca
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Fri May 28 11:37:56 2021 +0100

    All Hail the Multiarch Hinter Toad!

commit 0a984511acc1e7cbfa34bcee23d9fdd3de07febb
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue May 11 23:13:07 2021 +0100

    remove upstreamed or unnecessary patches

commit 5613eca9d98aa7a2eaf2143f415dd7294db6b646
Merge: 098c818 cd8b5c9
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue May 11 23:08:08 2021 +0100

    Merge remote-tracking branch 'upstream/master' into debian

commit cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6
Author: Leon Bottou <leon@bottou.org>
Date:   Tue May 11 14:44:09 2021 -0400

    Reviewed Fedora patches and adopted some of them (or variants thereof)
    
     - Patch0: djvulibre-3.5.22-cdefs.patch                  (forward ported)
    Does not make imuch sense. GSmartPointer.h already includes "stddef.h"
     - Patch6: djvulibre-3.5.27-export-file.patch              (forward ported)
    Incorrect: inkscape command is --export-png, not --export-filename.
     - Patch8: djvulibre-3.5.27-check-image-size.patch         (forward ported)
    Correct: adopted a variant of this
     - Patch9: djvulibre-3.5.27-integer-overflow.patch         (forward ported)
    Correct: adopted a variant of this
     - Patch10: djvulibre-3.5.27-check-input-pool.patch        (forward ported)
    Adopted: input validation never hurts
     - Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch (forward ported)
    Dubious: Instead I changed djvufile to prevent a file from including itself
    which is the only way I can imagine to create an file creation loop.
     - Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch (forward ported)
    Adopted: but without including limits.h

Created: 2021-05-28 Last update: 2025-07-21 03:00

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-07-05 Last update: 2025-07-05 06:01

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

djvulibre-desktop could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2025-07-22 19:30

debian/patches: 8 patches to forward upstream low

Among the 10 debian patches available in version 3.5.28-2.2 of the package, we noticed the following issues:

8 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-07-21 06:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-03 Last update: 2018-11-03 08:00

No known security issue in bookworm wishlist

There are 2 open security issues in bookworm.

2 ignored issues:

CVE-2021-46310: An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
CVE-2021-46312: An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

Created: 2023-08-24 Last update: 2025-07-21 16:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.5.1).

Created: 2021-08-18 Last update: 2025-07-21 07:30

testing migrations

excuses:
- Migration status for djvulibre (3.5.28-2.1 to 3.5.28-2.2): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 2 of 5 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/djvulibre.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Overriding age needed from 5 days to 5 by ivodd
- ∙ ∙ Ignoring block request by freeze, due to unblock request by ivodd
- Not considered

news

[rss feed]

[2025-07-21] Accepted djvulibre 3.5.28-2.2~deb11u1 (source) into oldstable-security (Adrian Bunk)
[2025-07-20] Accepted djvulibre 3.5.28-2.2 (source) into unstable (Adrian Bunk)
[2025-07-08] Accepted djvulibre 3.5.28-2.1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-07-07] Accepted djvulibre 3.5.28-2.1~deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-07-07] djvulibre 3.5.28-2.1 MIGRATED to testing (Debian testing watch)
[2025-07-04] Accepted djvulibre 3.5.28-2.1 (source) into unstable (Salvatore Bonaccorso)
[2022-01-08] Accepted djvulibre 3.5.27.1-10+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Florian Weimer)
[2021-12-28] Accepted djvulibre 3.5.27.1-10+deb10u1 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Florian Weimer)
[2021-07-03] Accepted djvulibre 3.5.27.1-7+deb9u2 (source) into oldstable (Utkarsh Gupta)
[2021-05-26] Accepted djvulibre 3.5.27.1-7+deb9u1 (source) into oldstable (Sylvain Beucler)
[2021-05-16] djvulibre 3.5.28-2 MIGRATED to testing (Debian testing watch)
[2021-05-10] Accepted djvulibre 3.5.28-2 (source) into unstable (Barak A. Pearlmutter)
[2020-11-28] djvulibre 3.5.28-1 MIGRATED to testing (Debian testing watch)
[2020-11-23] Accepted djvulibre 3.5.28-1 (source) into unstable (Barak A. Pearlmutter)
[2020-07-28] djvulibre 3.5.27.1-15 MIGRATED to testing (Debian testing watch)
[2020-07-22] Accepted djvulibre 3.5.27.1-15 (source) into unstable (Barak A. Pearlmutter)
[2019-11-27] djvulibre 3.5.27.1-14 MIGRATED to testing (Debian testing watch)
[2019-11-21] Accepted djvulibre 3.5.27.1-14 (source) into unstable (Barak A. Pearlmutter)
[2019-11-08] Accepted djvulibre 3.5.25.4-4+deb8u2 (source amd64 all) into oldoldstable (Chris Lamb)
[2019-09-16] djvulibre 3.5.27.1-13 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted djvulibre 3.5.27.1-13 (source) into unstable (Barak A. Pearlmutter)
[2019-08-29] Accepted djvulibre 3.5.25.4-4+deb8u1 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2019-08-15] djvulibre 3.5.27.1-12 MIGRATED to testing (Debian testing watch)
[2019-08-10] Accepted djvulibre 3.5.27.1-12 (source) into unstable (Barak A. Pearlmutter)
[2019-06-06] Accepted djvulibre 3.5.27.1-11 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-11-08] djvulibre 3.5.27.1-10 MIGRATED to testing (Debian testing watch)
[2018-11-02] Accepted djvulibre 3.5.27.1-10 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-05-06] djvulibre 3.5.27.1-9 MIGRATED to testing (Debian testing watch)
[2018-04-30] Accepted djvulibre 3.5.27.1-9 (source all amd64) into unstable (Barak A. Pearlmutter)
[2017-10-14] djvulibre 3.5.27.1-8 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 19
RC: 0
I&N: 12
M&W: 7
F&P: 0
patch: 2

links

homepage
lintian (0, 5)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.5.28-2.2
6 bugs