jbig2dec (0.16-1+deb10u1) buster; urgency=high

  * Team upload (printing and LTS)
  * CVE-2020-12268
    avoid overflow with extreme values of x,y,w,h in function
    jbig2_image_compose()

 -- Thorsten Alteholz <debian@alteholz.de>  Sun, 24 Oct 2021 19:03:02 +0200

jbig2dec (0.16-1) unstable; urgency=high

  [ upstream ]
  * New bugfix release.
    (no code changes since 0.15+20190209-1)

  [ Jonas Smedegaard ]
  * Set urgency=high, due to ghostscript 9.27 CVE fixes.

 -- Jonas Smedegaard <dr@jones.dk>  Sun, 07 Apr 2019 17:52:08 +0200

jbig2dec (0.15+20190209-1) unstable; urgency=medium

  [ upstream ]
  * Development snapshot.
    + Update source/header file copyright notice to 2019
    + Indicate error upon error, do not just warn.
    + Use common pattern for error detection.
    + Clarify the element size of GR_stats when memsetting.
    + Make sure to indicate error upon unexpected OOB.
    + Without enough prefix codes, a Huffman table cannot be generated.
    + Return allocator once it is retired.

  [ Jonas Smedegaard ]
  * Drop patches cherry-picked upstream since applied.
  * Update copyright info: Extend coverage for main upstream author.
  * Update symbols file: Bump version for symbol jbig2_ctx_free.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 04 Apr 2019 12:41:06 +0200

jbig2dec (0.15-2) unstable; urgency=medium

  * Add patches cherry-picked upstream:
    + Fix signed/unsigned mismatches.
    + Only print repeated error/warning messages once.
    + Bring jbig2dec's copy of memento up to date.
  * Simplify rules: Stop resolve build-dependencies in rules file.
  * Stop build-depend on dh-buildinfo.
  * Wrap and sort control file.
  * Update copyright info: Extend coverage for main upstream author.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 21 Nov 2018 01:50:52 +0100

jbig2dec (0.15-1) unstable; urgency=medium

  [ upstream ]
  * New bugfix release.
    (no code changes since 0.14+20180826-1)

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 14 Sep 2018 14:10:04 +0200

jbig2dec (0.14+20180826-1) unstable; urgency=medium

  [ upstream ]
  * Development snapshot.

  [ Jonas Smedegaard ]
  * Unfuzz patches.
  * Declare compliance with Debian Policy 4.2.1.
  * Set Rules-Requires-Root: no.
  * Relax symbols check when targeting experimental
  * Update symbols:
    + Flag as optional symbols not declared in public header file.
    + Drop 10 private symbols.
    + Drop 1 symbol (unused in Debian).
    + Add 1 symbol.
    Update copyright info:
    + Extend coverage for main author to include current year.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 31 Aug 2018 00:12:20 +0200

jbig2dec (0.14-1) unstable; urgency=medium

  [ upstream ]
  * New bugfix release.

  [ Jonas Smedegaard ]
  * Update copyright info:
    + Extend copyright of packaging to cover past year.
    + Strip nedless copyright signs.
  * Drop patches cherry-picked upstream since applied.
  * Declare compliance with Debian Policy 4.1.4.

 -- Jonas Smedegaard <dr@jones.dk>  Thu, 24 May 2018 14:41:41 +0200

jbig2dec (0.13-6) unstable; urgency=medium

  * Team upload
  * Update Vcs-* fields for the move to salsa.d.o

 -- Didier Raboud <odyx@debian.org>  Sat, 10 Feb 2018 16:29:26 +0100

jbig2dec (0.13-5) unstable; urgency=medium

  * Add DEP-3 header to patch 1001.
  * Advertise DEP-3 format in patch headers.
  * Add patches cherry-picked upstream:
    + Fix decoder error on JBIG2 compressed image.
    + Tidy up unused code.
    + Add sanity check on image sizes.
    + refine test for "Denial of Service" images
    + Prevent SEGV due to integer overflow.
    + Prevent integer overflow vulnerability.
    + Bounds check before reading from image source data.
    + Plug leak of parameter info in command-line tool.
    + Fix memory leak in case of error.
    + Make clipping in image compositing handle underflow.
    + Fix double free in error case.
    + Do bounds checking of read data.
    + Do not grow page if page height is known.
    + Fix SEGV due to error code being ignored.
      Closes: Bug#863279; CVE-2017-9216. Thanks to Salvatore Bonaccorso.
    + Allow for symbol dictionary with 0 symbols.
  * Update watch file: Use substitution strings.
  * Stop put aside auto-generated header file during build: No longer
    shipped upstream.
  * Modernize cdbs:
    + Do copyright-check in maintainer script (not during build).
    + Relax to build-depend unversioned on cdbs.
    + Stop build-depend on licensecheck.
  * Declare compliance with Debian Policy 4.1.0.
  * Update copyright info:
    + Use https protocol in file format URL.
    + Fix rename License section AGPL-3 → AGPL-3+.
  * Tighten lintian overrides regarding License-Reference.

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 23 Sep 2017 13:27:40 +0200

jbig2dec (0.13-4) unstable; urgency=medium

  * Add patches cherry-picked upstream to squash signed/unsigned
    warnings and to fix warning for always-false unsigned < 0 tests.
    Closes: Bug#850497. Thanks to Salvatore Bonaccorso.
  * Modernize Vcs-Browser field: Use git subdir (not cgit).
  * Stop override lintian for
    package-needs-versioned-debhelper-build-depends: Fixed in lintian.
  * Update copyright info: Extend coverage of Debian packaging.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 23 Jan 2017 21:13:34 +0100

jbig2dec (0.13-3) unstable; urgency=medium

  * Add patch cherry-picked upstream to prevent checking too early for
    buffer overrun.
  * Modernize CDBS: Build-depend on licensecheck (not devscripts).

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 23 Aug 2016 10:13:47 +0200

jbig2dec (0.13-2) unstable; urgency=medium

  * Fix mark libjbig2dec0 as multi-ach: same.
    Closes: Bug#799916. Thanks to Jacek Szafarkiewicz and Yuriy M.
    Kaminskiy.
  * Add patch 2001 to avoid compile unrelated and unusable Memento
    memory debugging code.
    Closes: Bug#824483. Thanks to Yuriy M. Kaminskiy.
  * Drop symbols for dropped Memento code.
    Thanks to Yuriy M. Kaminskiy.

 -- Jonas Smedegaard <dr@jones.dk>  Mon, 16 May 2016 18:35:14 +0200

jbig2dec (0.13-1) unstable; urgency=medium

  [ upstream ]
  * New bugfix release.

  [ Jonas Smedegaard ]
  * Update watch file:
    + Bump file format to version 4.
    + Mangle scanned page to get tarball URLs from tags, and adapt URL
      pattern.
    + Mangle download filename.
    + Mention gbp in usage comment.
  * Use https protocol in Vcs-Git URL.
  * Declare compliance with Debian Policy 3.9.8.
  * Update copyright info:
    + Extend coverage for main author to include recent years.
    + Extend copyright of packaging to cover current year.
  * Update git-buildpackage config: Filter any .gitignore file.
  * Drop patch 2001: Applied upstream.
  * Drop 3 symbols (unused, according to http://codesearch.debian.net/).
  * Fix remove old lintian overrides file.

 -- Jonas Smedegaard <dr@jones.dk>  Tue, 10 May 2016 16:51:55 +0200

jbig2dec (0.12+20150918-1) unstable; urgency=medium

  [ upstream ]
  * Snapshot.
    + Tidy build configuration.
    + Update for modern libpng.
    + Commit of build_consolidation branch.
    + Fixes for Windows build with VS 2015.
    + Check that cloned image exists before proceeding further.
    + Release huffman table memory properly.

  [ Jonas Smedegaard ]
  * Fix lintian overrides.
  * Unfuzz all patches.

 -- Jonas Smedegaard <dr@jones.dk>  Sat, 26 Sep 2015 17:33:05 +0200

jbig2dec (0.12-2) unstable; urgency=medium

  * Move package maintenance to printing team.
  * Suppress lintian warning about build-depending unversioned on
    debhelper.
  * Update copyright info: Fix strip stray License field.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 31 Jul 2015 19:19:18 +0200

jbig2dec (0.12-1) unstable; urgency=medium

  * Update README.source to emphasize that control.in file is *not* a
    show-stopper for contributions, referring to wiki page for details.
  * Update upstream URLs to reflect move to git.ghostscript.com and lack
    of tarball releases.
  * Declare compliance with Debian Policy 3.9.6.
  * Update Vcs-* fields.
  * Bump debhelper compatibility level to 9.
  * Update copyright info:
    + Extend coverage for myself.
    + Bump packaging license to GPL-3+.
    + Fix use SPDX shortname for X11 license.
      Thanks to Paul Richards Tagliamonte.
    + Use file format 1.0.
    + Use license short-name public-domain.
    + Bump main license to AGPL-3+.
      Add NEWS file about that change.
    + Drop unused Files and License sections for autotools files.
    + Use License-Grant and License-Reference fields.
      Thanks to Ben Finney.
  * Use newest autotools.
    Build-depend automake (not automake1.11) and on recent cdbs.
  * Drop patches 1002 1003 applied upstream.
  * Improve patch 1004: Remove extracted file from script to detect
    upstream code changes.
  * Add debian/patches/README documenting patch naming micro-policy.
  * Add patch 2001 to avoid including problematic and seemingly uneeded
    pngstruct.h.
  * Let CDBS move aside upstream cruft during build.
  * Cleanup more autotools files.
  * Add symbols file.
    Closes: bug#694899. Thanks to Logan Rosen.
  * Fix tie d-shlibs target also to development package (not only
    library package).
  * Add lintian overrides regarding license in License-Reference field.
    See bug#786450.
  * Update package relations:
    + Build-depend unversioned on d-shlibs: Needed version satisfied
      even in oldstable.
  * Install into multiarch paths.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 31 Jul 2015 11:45:03 +0200

jbig2dec (0.11+20120125-1) unstable; urgency=low

  * New snapshot of upstream git.
  * Autogenerate autotools.
  * Add patches cherry-picked from Ghostscript:
    1002: Prevent composition if src outside clip region.
    1003: Implement generic refinement region when TPGRON is TRUE.
  * Add patch 1004 to add config_types.h.in (not create in autogen.sh).
  * Fix strip editing noise from copyright file.
  * Fix watch file to cover current release: Ignore compression suffix.
  * Bump debhelper compat level to 7.
  * Bump standards-version to 3.9.2.
  * Simplify *.install file, thanks to debhelper compat level 7.
  * Ease building with git-buildpackage: Git-ignore .pc dir.
  * Update copyright file:
    + Reformat using rev. 174 of draft DEP-5 syntax.
    + Fix declare exceptions as such.
    + Fix include Expat~X license verbatim (adding "Some files
      differ..." to License field violates need for "verbatim copy").
    + Separate comments from License field in GNU License sections,
      shorten comments and quote license in them.
    + Rename licenses to better match recent DEP5 draft (e.g. avoid
      "other" prefix).
    + Rewrap License sections at 72 chars.
    + Fix reference GNU licenses versioned.
    + Document in Comment field of AFPL License section the lack of
      actual licensing text: license unused by Debian.
    + Extend copyright years.
  * Update package relations:
    + Relax build-depend unversioned on debhelper and devscripts (needed
      versions satisfied even in oldstable).
    + Build-depend on libtool, automake1.11 and autoconf.
    + Tighten build-dependency on d-shlibs.
  * Stop installing -la file.
    Closes bug#621683. Thanks to Neil Williams.

 -- Jonas Smedegaard <dr@jones.dk>  Fri, 10 Feb 2012 17:44:51 +0100

jbig2dec (0.11-1) unstable; urgency=low

  * Initial release. Closes: bug#539965.

 -- Jonas Smedegaard <dr@jones.dk>  Wed, 21 Apr 2010 21:06:47 +0200