libexif (0.6.24-1) unstable; urgency=medium
* New upstream version 0.6.24:
- Regression in exif_data_load_data fixed; EXIF in JPEG data loads again.
- Many Canon tag names decoded.
- "Persistent" AFL fuzzer added to code samples.
- Translation updates.
* debian/copyright: Update for libexif 0.6.24.
* Install the upstream documentation and examples in libexif-dev but package
the files in libexif-doc (as preferred by Debian Policy section 12.3).
* Upstream README and NEWS files are now only installed in libexif-dev.
* Delete debian/README.source.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Sun, 05 Dec 2021 16:28:31 +1100
libexif (0.6.23-1) unstable; urgency=medium
* New upstream version:
- Support for more Exif 2.3 tags.
- Support for Apple iOS MakerNote format.
- Default GPS IFD table added.
- EXIF_TAG_SENSITIVITY_TYPE decoder added.
- Translation updates.
- Multiple security fixes.
* debian/control: Raise Standards-Version to 4.6.0 (no changes needed).
* debian/copyright: Update for libexif 0.6.23.
* debian/gbp.conf: Use DEP-14 branch naming.
* debian/patches: Drop all patches. Security fixes included in this version.
* debian/upstream/metadata: Update ChangeLog URL.
* debian/watch: Use string substitutions where possible.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Sun, 26 Sep 2021 13:28:52 +1000
libexif (0.6.22-3) unstable; urgency=medium
* Add upstream patch to prevent compiler optimization of a buffer
overflow check (fixes CVE-2020-0452).
* Add Forwarded: not-needed to cve-2020-0198.patch.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Fri, 06 Nov 2020 23:01:25 +1100
libexif (0.6.22-2) unstable; urgency=medium
* Add upstream patch to fix an unsigned integer overflow in
libexif/exif-data.c (CVE-2020-0198) (Closes: #962345).
-- Hugh McMaster <hugh.mcmaster@outlook.com> Sat, 13 Jun 2020 18:01:44 +1000
libexif (0.6.22-1) unstable; urgency=medium
* New upstream version.
- Support for certain EXIF 2.3 tags.
- Multiple security fixes.
- New and updated translations.
* debian/copyright: Update for libexif 0.6.22.
* debian/patches: Drop all patches. Upstream has fixed all known bugs.
* debian/rules:
- No longer include /usr/share/dpkg/architecture.mk.
- Remove special handling for the 'binary' target. The problematic
directory was renamed 'binary-dist' in this version of libexif.
* libexif-dev: Install SECURITY.md.
* libexif-doc: Drop dependency on libjs-jquery.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Tue, 02 Jun 2020 22:02:21 +1000
libexif (0.6.21-9) unstable; urgency=medium
* Emmanuel Bouthenot has stepped down as an Uploader.
- Thank you for maintaining libexif!
* Add Hugh McMaster as an Uploader.
* Add upstream patches to fix multiple security issues:
- cve-2020-13112.patch: Fix MakerNote tag size overflow issues at
read time (CVE-2020-13112) (Closes: #961407).
- cve-2020-13113.patch: Ensure MakerNote data pointers are
NULL-initialized (CVE-2020-13113) (Closes: #961409).
- cve-2020-13114.patch: Add a failsafe on the maximum number of
Canon MakerNote subtags to catch extremely large values in tags
(CVE-2020-13114) (Closes: #961410).
* Rebase other patches as needed.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Thu, 28 May 2020 23:23:33 +1000
libexif (0.6.21-8) unstable; urgency=medium
* Team upload.
* debian/copyright:
- Extend Emmanuel Bouthenot's years of maintenance to 2014.
- Add myself to the 'debian' section.
* debian/patches/cve-2020-0093.patch:
- Prevent a read buffer overflow in exif-data.c (CVE-2020-0093).
* libexif-doc:
- Do not remove the Doxygen-generated jquery.js file.
- Do not symlink jquery.js to the equivalent system file.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Wed, 20 May 2020 22:30:00 +1000
libexif (0.6.21-7) unstable; urgency=medium
* Team upload.
* Frederic Peters has stepped down as an Uploader. Thank you for your work!
* debian/control:
- Use debhelper-compat v13.
- Update Uploaders field.
* debian/copyright: Add information for files in contrib/examples.
* debian/patches/cve-2020-12767.patch:
- Prevent some possible divide-by-zero errors in exif-entry.c's
exif_entry_get_value() function (CVE-2020-12767) (Closes: #960199).
* debian/patches/exif-loader-undefined-behaviour.patch:
- Prevent undefined behaviour when left-shifting with type 'int'.
* debian/rules:
- Use dh_installdocs-indep override instead of dh_installdocs override.
- Remove embedded jquery.js file after installing documentation.
- Do not install the upstream ChangeLog.
* libexif12: Update source paths for documentation files.
* libexif-dev: Update source paths for documentation files.
* libexif-doc:
- Update source paths for documentation files.
- Install contrib/example source files.
* Add debian/not-installed file.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Fri, 15 May 2020 23:23:07 +1000
libexif (0.6.21-6) unstable; urgency=medium
* Team upload.
* Acknowledge NMU by Salvatore Bonaccorso.
* debian/changelog: Remove trailing whitespace.
* debian/control:
- Build-Depend on debhelper-compat (=12).
- Raise Standards-Version to 4.5.0 from 4.1.3 (no changes needed).
- Declare Rules-Requires-Root: no.
* debian/patches: Add upstream patches by Marcus Meissner:
- Avoid the use of unsafe integer overflow checking constructs
(CVE-2019-9278) (Closes: #945948).
- Avoid implicit behaviour by casting to unsigned int before shifting left.
* debian/rules: Do not manually install libexif.pc into a multi-arch libdir.
* libexif12.symbols: Specify libexif-dev in the Build-Depends-Package
meta-information field.
* Add Debian upstream/metadata file.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Thu, 23 Jan 2020 20:03:01 +1100
libexif (0.6.21-5.1) unstable; urgency=medium
* Non-maintainer upload.
* Reduce maximum recursion depth in exif_data_load_data_content
* Improve deep recursion detection in exif_data_load_data_content
(CVE-2018-20030) (Closes: #918730)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 10 Feb 2019 14:59:33 +0100
libexif (0.6.21-5) unstable; urgency=medium
* Team upload.
* debhelper update:
- Update package compatibility to level 11.
* debian/changelog:
- Remove trailing whitespace.
* debian/control:
- Build-Depend on debhelper version 11.
- Raise Standards-Version from 4.1.1 to 4.1.3 (no changes needed).
- Update the Homepage field to point to https://libexif.github.io
(Closes: #894183).
- Update the Vcs fields to point to https://salsa.debian.org.
* debian/copyright:
- Update the Source URL field to point to https://libexif.github.io.
* debian/patches:
- Add .patch file extensions to existing patches.
- add-am_prog_ar.patch: Add the AM_PROG_AR macro to configure.ac to avoid
an automake warning.
- ac_lang_source-macro.patch: Use AC_LANG_SOURCE macros to avoid several
automake warnings in configure.ac.
- fix-size_t-warnings.patch: Cast %u format specifiers to unsigned long to
prevent compiler warnings on 32-bit and 64-bit platforms.
* debian/rules:
- Update dh_installdocs overrides.
- Remove '--parallel' (now handled by debhelper >= level 11).
* debian/source/options:
- Remove from package. Debhelper handles the specified options by default.
* debian/watch:
- Update to version 4 and switch to upstream's github repository.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Tue, 03 Apr 2018 22:53:18 +1000
libexif (0.6.21-4) unstable; urgency=high
* Team upload.
* debian/control:
- Allow libexif-doc to take ownership of all documentation files
previously packaged with libexif-dev (Closes: #880213).
- Remove the Replaces field from libexif12 and libexif-dev.
* debian/rules:
- Include /usr/share/dpkg/architecture.mk.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Thu, 02 Nov 2017 22:31:00 +1100
libexif (0.6.21-3) unstable; urgency=medium
* Team upload.
* Import changes from NMU version 0.6.21-2.1.
* Introduce libexif-doc:
- Move the development documentation from libexif-dev to
avoid PNG file conflicts during multi-arch installation.
- Update the package's doc-base registration.
* debian/control:
- Revise package order.
- Update package Depends lists.
* debian/copyright:
- Fix a formatting error.
* debian/rules:
- Exclude doxygen md5 files from installation during the
'dh_installdocs' phase.
* Do not package the AUTHORS file, since all developers are
listed in the debian/copyright file.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Fri, 27 Oct 2017 21:29:37 +1100
libexif (0.6.21-2.1) unstable; urgency=medium
* Non-maintainer upload.
* debhelper update:
- Update package compatibility to level 10.
* debian/control:
- Bump debhelper build-dep to >= 10~.
- Remove dh-autoreconf from the Build-Depends list, as debhelper
enables the 'autoreconf' sequence by default.
- Bump Standards-Version from 3.9.5 to 4.1.1.
- Use the https protocol in the Vcs-Browser field.
- Update the URI referenced by the Vcs-Git field.
- Mark libexif-dev Multi-Arch: same (Closes: #786562).
* debian/copyright:
- Update the format specification URI.
- Remove references to libjpeg/* and configure.in (lintian).
- Merge paragraphs referring to the same source file (lintian).
* debian/patches:
- Add upstream patches to fix CVE-2016-6328 and CVE-2017-7544
(thanks to Marcus Meissner) (Closes: #873022, #876466).
* debian/rules:
- Add 'hardening=+all' to DEB_BUILD_MAINT_OPTIONS.
- Exclude doxygen md5 files from installation (lintian).
- Remove '--with autoreconf' (now handled by debhelper level 10).
- Fix grammatical errors in a comment.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Sat, 07 Oct 2017 22:42:00 +1100
libexif (0.6.21-2) unstable; urgency=medium
* Use autoreconf instead of autotools-dev (Closes: #754399)
* Bump Standards-Version to 3.9.5
* Add symbols file for libexif12
* Enable parallel building
-- Emmanuel Bouthenot <kolter@debian.org> Sun, 24 Aug 2014 21:34:56 +0200
libexif (0.6.21-1) unstable; urgency=low
* New upstream release
* Refresh and remove deprecated patches
* Bump Standards-Version to 3.9.4
* Adjust debhelper dependency version to >= 9
-- Emmanuel Bouthenot <kolter@debian.org> Sat, 26 Jan 2013 18:03:12 +0000
libexif (0.6.20-3) unstable; urgency=high
* Add patches to fix multiples security issues: CVE-2012-2814,
CVE-2012-2840, CVE-2012-2813, CVE-2012-2812, CVE-2012-2841,
CVE-2012-2836, CVE-2012-2837 (Closes: #681454).
-- Emmanuel Bouthenot <kolter@debian.org> Tue, 17 Jul 2012 19:05:20 +0000
libexif (0.6.20-2) unstable; urgency=low
[ Kees Cook ]
* debian/copyright: fix empty lines in multi-line section, add missing
intended "license" lines, add missing BSD license for pt_BR.po.
* debian/libexif-dev.install:
- use multiple lines instead of technically unsupported {}.
- remove .la file, per release goal; there are no build dep using it.
* debian/{control,compat,*.install,rules}: build for Multi-Arch support
(Closes: #650998)
[ Emmanuel Bouthenot ]
* Bump Standards-Version to 3.9.2
* Remove DMUA field (no more needed)
* Update debian/rules to enable usage of autotools_dev sequence with
debhelper
* Switch debhelper compatibility to 9
* Update Vcs-Git and Vcs-Browser fields
-- Emmanuel Bouthenot <kolter@debian.org> Fri, 27 Jan 2012 20:34:17 +0000
libexif (0.6.20-1) unstable; urgency=low
* New upstream release
* debian/copyright:
- updates (huge backlog)
- switch to DEP5 format
* Refresh patches and convert them to DEP3 format
* Switch to dpkg-source 3.0 (quilt) format
* Update uploader email (me)
* Bump Standards-Version to 3.9.1
* Add a patch to support new Canon camera. Thanks to Adrian von Bidder for
the patch. Rest In Peace Adrian. (Closes: #617764).
-- Emmanuel Bouthenot <kolter@debian.org> Wed, 27 Apr 2011 18:17:43 +0000
libexif (0.6.19-1) unstable; urgency=high
* New upstream release
- fix CVE-2009-3895: heap buffer overflow during tag format conversion
(Closes: #557137)
-- Emmanuel Bouthenot <kolter@openics.org> Thu, 19 Nov 2009 22:38:27 +0000
libexif (0.6.18-1) unstable; urgency=low
* New upstream release
* Clean and minify the build process (using dh7 overrides)
* Bump Standards-Version to 3.8.3.
* Add README.source file.
* Add doc-base file for libexif API documentation.
-- Emmanuel Bouthenot <kolter@openics.org> Sat, 24 Oct 2009 09:29:24 +0200
libexif (0.6.17-1) unstable; urgency=low
* Adopt the package within pkg-phototools:
- Set the Maintainer to the group
- Add Frederic Peters and myself as Uploaders.
- Add Vcs-Browser and Vcs-Git fields accordingly.
* New upstream release:
- remove patches merged upsteam:
+ 30_olympus_makernote.dpatch
+ 40_crash_looking_up_invalid_values.dpatch
+ 50_relibtoolize.dpatch
+ CVE-2007-6351.dpatch
+ CVE-2007-6352.dpatch
- convert existing patches from dpatch to quilt.
- Fix a bug while reading exif datas in some cases (Closes: #447907)
* Switch packaging to debhelper 7
* Update debian/control:
- Drop duplicate section field for exif12
- Bump Standards-Version to 3.8.1
- Replace deprecated ${Source-Version} by ${binary:Version}
- Enhance libexif-dev long description.
- Add homepage field.
- Add DM-Upload-Allowed field.
* Force remove of files not fully cleaned
* Remove empty doc files in libexif-dev.
* Update debian/copyright.
-- Emmanuel Bouthenot <kolter@openics.org> Sun, 19 Apr 2009 17:53:15 +0200
libexif (0.6.16-2.1) unstable; urgency=high
* Non-maintainer upload by security team.
* This update addresses the following security issues:
- possible denial of service attack via crafted
image file leading to an infinite recursion in the
exif-loader.c (CVE-2007-6351; Closes: #457330).
- integer overflow in exif-data.c triggered by a crafted
image file could lead to arbitrary code execution
(CVE-2007-6352; Closes: #457330).
-- Nico Golde <nion@debian.org> Fri, 21 Dec 2007 17:13:58 +0100
libexif (0.6.16-2) unstable; urgency=low
* debian/libexif12.docs: added README file (closes: #434773)
-- Frederic Peters <fpeters@debian.org> Thu, 26 Jul 2007 19:37:47 +0200
libexif (0.6.16-1) unstable; urgency=high
* New upstream release, with security fix:
* Integer overflow in the exif_data_load_data_entry (CVE-2006-4168)
(closes: #430012)
-- Frederic Peters <fpeters@debian.org> Thu, 21 Jun 2007 20:42:24 +0200
libexif (0.6.15-1) unstable; urgency=high
* New upstream release, with security fixes:
* Integer overflow in the exif_data_load_data_entry (CVE-2007-2645)
(closes: #424775)
* Don't dereference NULL (CID 4) (no assigned CVE)
* Don't parse Makernote when there is not enough data for
(makernote-irelevant) IFD1 (no assigned CVE)
* debian/patches/30_olympus_makernote.dpatch: merged upstream
* debian/patches/40_crash_looking_up_invalid_values.dpatch: merged upstream
* debian/patches/50_relibtoolize.dpatch: run libtoolize on sources
-- Frederic Peters <fpeters@debian.org> Fri, 25 May 2007 10:04:00 +0200
libexif (0.6.13-6) unstable; urgency=low
* debian/control: added build-depends on dpatch
* debian/rules: use dpatch
* debian/patches/10_pkg_config_header_dir.dpatch: patch from 0.6.13-4
* debian/patches/20_extra_colorspace_check.dpatch: patch from 0.6.13-5
* debian/patches/30_olympus_makernote.dpatch: added support for Olympus S760
& S770 makernote (closes: #418945)
* debian/patches/40_crash_looking_up_invalid_values.dpatch: backport of
"fixed crashes when looking up invalid values (upstream #1457501)".
-- Frederic Peters <fpeters@debian.org> Tue, 08 May 2007 11:47:19 +0200
libexif (0.6.13-5) unstable; urgency=low
* libexif/exif-entry.c: added extra check against value read for color
space (closes: #398426) (this is not from upstream but upstream is
said to have this fixed as well, couldn't find how)
-- Frederic Peters <fpeters@debian.org> Sun, 19 Nov 2006 22:57:21 +0100
libexif (0.6.13-4) unstable; urgency=low
* libexif/libexif.pc.in: fixed CFLAGS, so include dir is correctly set.
(closes: #356567)
-- Frederic Peters <fpeters@debian.org> Sun, 12 Mar 2006 21:14:27 +0100
libexif (0.6.13-3) unstable; urgency=low
* debian/watch: added uscan file.
-- Frederic Peters <fpeters@debian.org> Mon, 6 Mar 2006 00:06:29 +0100
libexif (0.6.13-2) unstable; urgency=low
* ship NEWS file in libexif12 package. (closes: #355262)
-- Frederic Peters <fpeters@debian.org> Sat, 4 Mar 2006 16:57:03 +0100
libexif (0.6.13-1) unstable; urgency=low
* New upstream release.
* debian/control: depends on doxygen and graphviz to build documentation;
packaged in libexif-dev.
-- Frederic Peters <fpeters@debian.org> Sun, 26 Feb 2006 20:09:03 +0100
libexif (0.6.12-2) unstable; urgency=low
* libexif/exif-data.c: backported fix from CVS (revision 1.68)
(closes: #318662)
-- Frederic Peters <fpeters@debian.org> Sun, 17 Jul 2005 02:49:46 +0200
libexif (0.6.12-1) unstable; urgency=low
* New upstream release. (closes: #281297)
* soname bumped to 12
* buffer size checks in exif-data.c merged upstream.
* po-domain.path merged upstream.
* libexif/exif-utils.c: fixed exif_get_sshort declaration mismatch.
-- Frederic Peters <fpeters@debian.org> Sat, 16 Jul 2005 10:08:51 +0200
libexif (0.6.9-6) unstable; urgency=low
* libexif/exif-loader.h: don't include itself. (closes: #299507)
-- Frederic Peters <fpeters@debian.org> Mon, 14 Mar 2005 16:56:48 +0100
libexif (0.6.9-5) unstable; urgency=high
* Urgency high since it fixes a security issue.
* Patch provided from Ubuntu by Martin Pitt, written by Sylvain Defresne.
* libexif/exif-data.c: Add buffer size checks in several places before
trying to access it. (closes: #298464)
* Reference: https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
* debian/control: reworded description synopsis.
-- Frederic Peters <fpeters@debian.org> Mon, 7 Mar 2005 18:56:31 +0100
libexif (0.6.9-4) unstable; urgency=low
* debian/copyright: fixed license (LGPL, not GPL) (closes: #281442)
-- Frederic Peters <fpeters@debian.org> Tue, 16 Nov 2004 10:40:55 +0100
libexif (0.6.9-3) unstable; urgency=medium
* src/exif-data.c: fix for crasher bug with EXIF data in some Canon
pictures. (closes: #279337)
* debian/rules: fixed clean target
-- Frederic Peters <fpeters@debian.org> Wed, 3 Nov 2004 09:38:13 +0100
libexif (0.6.9-2) unstable; urgency=medium
* Adopted package.
* debian/control: bumped Standards-Version to 3.6.1
* debian/rules: delete po/libexif-$(major).pot in clean target
* libexif/exif-data.c: fixed segfault on some pictures (urgency medium since
it broke gimp and others with those files)
-- Frederic Peters <fpeters@debian.org> Mon, 11 Oct 2004 09:44:24 +0200
libexif (0.6.9-1) unstable; urgency=low
* New upstream release.
-- christophe barbe <christophe@debian.org> Fri, 28 May 2004 16:15:19 -0400
libexif (0.5.12-1) unstable; urgency=low
* New upstream release (Closes: #206081).
-- christophe barbe <christophe@debian.org> Mon, 18 Aug 2003 21:00:57 -0400
libexif (0.5.10-2) unstable; urgency=low
* Use soname in po domain to avoid conflict with libexif5 (Closes: #203956).
-- christophe barbe <christophe@debian.org> Sun, 3 Aug 2003 10:24:48 -0400
libexif (0.5.10-1) unstable; urgency=low
* New upstream featuring a new exif-loader.
-- christophe barbe <christophe@debian.org> Sun, 27 Jul 2003 16:01:27 -0400
libexif (0.5.9-5) unstable; urgency=low
* Move DH_COMPAT in debian/compat.
* Bump Standards-Version up to 3.5.9.
* In new libdevel section.
-- christophe barbe <christophe@debian.org> Thu, 3 Apr 2003 20:42:49 -0500
libexif (0.5.9-4) unstable; urgency=low
* Apply the libtool patch soon enough.
-- christophe barbe <christophe@debian.org> Mon, 27 Jan 2003 10:26:40 -0500
libexif (0.5.9-3) unstable; urgency=low
* Libtool update to finally get a working MIPS package (Closes: 177973).
-- christophe barbe <christophe@debian.org> Sun, 26 Jan 2003 16:04:42 -0500
libexif (0.5.9-2) unstable; urgency=low
* Added autotools-dev code (so the MIPS package should be built).
-- christophe barbe <christophe@debian.org> Wed, 22 Jan 2003 09:01:47 -0500
libexif (0.5.9-1) unstable; urgency=low
* New upstream release.
-- christophe barbe <christophe@debian.org> Mon, 20 Jan 2003 16:48:14 -0500
libexif (0.5.7-1) unstable; urgency=low
* New upstream release.
-- christophe barbe <christophe@debian.org> Mon, 2 Dec 2002 21:29:45 -0500
libexif (0.5.6-4) unstable; urgency=low
* Fix override disparity (The 'I can do it' release).
-- christophe barbe <christophe@debian.org> Sat, 16 Nov 2002 16:12:16 -0500
libexif (0.5.6-3) unstable; urgency=low
* Fix override disparity.
-- christophe barbe <christophe@debian.org> Sat, 16 Nov 2002 16:00:59 -0500
libexif (0.5.6-2) unstable; urgency=low
* Quick fix to avoid conflict with libexif5 (Closes: #169313, #169336, #169337).
-- christophe barbe <christophe@debian.org> Sat, 16 Nov 2002 15:18:18 -0500
libexif (0.5.6-1) unstable; urgency=low
* New upstream release (Closes: #168382).
-- christophe barbe <christophe@debian.org> Sun, 10 Nov 2002 22:20:05 -0500
libexif (0.5.3-1) unstable; urgency=low
* New upstream release.
-- christophe barbe <christophe@debian.org> Tue, 18 Jun 2002 21:17:56 -0400
libexif (0.5.0-2) unstable; urgency=low
* Fix wrong email address in control file.
-- christophe barbe <christophe@debian.org> Wed, 24 Apr 2002 14:38:37 -0400
libexif (0.5.0-1) unstable; urgency=low
* Initial Release.
-- christophe barbe <christophe.barbe@ufies.org> Wed, 13 Feb 2002 17:58:36 -0500
Generated by dwww version 1.15 on Sat Jun 15 20:38:13 CEST 2024.