tiff3 (3.9.6-11+deb7u11) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2018-8905: heap-based buffer overflow occurs in LZWDecodeCompat()
    (Closes: #893806).

 -- Hugo Lefeuvre <hle@debian.org>  Sun, 13 May 2018 17:00:04 -0400

tiff3 (3.9.6-11+deb7u10) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2018-7456: NULL Pointer Dereference occurs in TIFFPrintDirectory()
    via crafted TIFF image defining illegal SamplesPerPixel or Transfer
    Function fields (Closes: #891288).

 -- Hugo Lefeuvre <hle@debian.org>  Sun, 15 Apr 2018 12:20:17 -0400

tiff3 (3.9.6-11+deb7u9) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory() via
    crafted TIFF image (Closes: #885985)

 -- Roberto C. Sanchez <roberto@debian.org>  Sat, 27 Jan 2018 12:32:55 -0500

tiff3 (3.9.6-11+deb7u8) wheezy-security; urgency=high

  * Non-maintainer upload by the Debian LTS team.
  * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
    (Closes: #868513)

 -- Roberto C. Sanchez <roberto@debian.org>  Sat, 09 Sep 2017 18:43:38 -0400

tiff3 (3.9.6-11+deb7u7) wheezy-security; urgency=medium

  * Non-maintainer upload by the Debian LTS team.
  * CVE-2017-9936: memory leak in error code path of JBIGDecode()
    (closes: #866113)

 -- Roberto C. Sanchez <roberto@debian.org>  Tue, 11 Jul 2017 08:52:04 -0400

tiff3 (3.9.6-11+deb7u6) wheezy-security; urgency=medium

  * Non-maintainer upload by the Debian LTS team.
  * Switch to upstream-provided patch to fix the numerous CVE related
    to _TIFFVGetField(). Drop CVE-2014-8128-5-fixed.patch,
    CVE-2016-5318_CVE-2015-7554.patch and handle-codec-specific-tags.patch in
    favor of CVE-2016-10095_CVE-2017-9147.patch.
    Fixes CVE-2016-10095 and CVE-2017-9147 (on top of the older similar
    CVE).
  * CVE-2017-9403: Fix memory leak in TIFFReadDirEntryLong8Array.
  * CVE-2017-9404: Fix multiple memory leaks in tif_ojpeg.c.

 -- Raphaël Hertzog <hertzog@debian.org>  Tue, 13 Jun 2017 14:33:24 +0200

tiff3 (3.9.6-11+deb7u5) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix the following security vulnerabilities:
  * CVE-2017-7593:
    tif_read.c in LibTIFF does not ensure that tif_rawdata is properly
    initialized, which might allow remote attackers to obtain sensitive
    information from process memory via a crafted image.
  * CVE-2017-7594:
    The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF
    allows remote attackers to cause a denial of service (memory leak) via a
    crafted image.
  * CVE-2017-7595:
    The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF allows remote
    attackers to cause a denial of service (divide-by-zero error and
    application crash) via a crafted image.
  * CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600:
    LibTIFF has an "outside the range of representable values of type float"
    undefined behavior issue, which might allow remote attackers to cause a
    denial of service (application crash) or possibly have unspecified other
    impact via a crafted image.
  * CVE-2017-7601:
    LibTIFF has a "shift exponent too large for 64-bit type long" undefined
    behavior issue, which might allow remote attackers to cause a denial of
    service (application crash) or possibly have unspecified other impact via a
    crafted image.

 -- Markus Koschany <apo@debian.org>  Mon, 24 Apr 2017 12:26:42 +0200

tiff3 (3.9.6-11+deb7u4) wheezy-security; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * Add patches for CVE missed in the past and a few newer CVE:
    - CVE-2015-8781
    - CVE-2015-8782
    - CVE-2015-8783
    - CVE-2015-8784
    - CVE-2016-9533
    - CVE-2016-9534
    - CVE-2016-9535

 -- Raphaël Hertzog <hertzog@debian.org>  Tue, 28 Mar 2017 16:51:15 +0200

tiff3 (3.9.6-11+deb7u3) wheezy-security; urgency=low

  * When writing out a TIFF file, skip codec-specific tags that are not
    relevant for the current codec (compression scheme). Closes: #852610
    This fixes a regression introduced by CVE-2014-8128-5-fixed.patch and
    CVE-2016-5318_CVE-2015-7554.patch.

 -- Raphaël Hertzog <hertzog@debian.org>  Thu, 26 Jan 2017 13:27:21 +0000

tiff3 (3.9.6-11+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * Fix CVE-2016-5318 and CVE-2015-7554 by letting libtiff know about
    all the "tags" currently in use.

 -- Raphaël Hertzog <hertzog@debian.org>  Wed, 02 Nov 2016 12:26:59 +0100

tiff3 (3.9.6-11+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix several security vulnerabilities in tiff3. An attacker could take
    advantage of these flaws to cause a denial-of-service against an
    application using the libtiff4 library (application crash), or potentially
    execute arbitrary code with the privileges of the user running the
    application. The following patches were added to address these issues:
    - CVE-2014-8128-1.patch
    - CVE-2014-8128-2.patch
    - CVE-2014-8128-3.patch
    - CVE-2014-8128-4.patch
    - CVE-2014-8128-5-fixed.patch
    - CVE-2014-8129.patch
    - CVE-2014-9655.patch
    - fix-various-crasher-bugs-on-fuzzed-images.patch
    - CVE-2015-8665-and-CVE-2015-8683.patch
    - CVE-2016-3623.patch
    - CVE-2016-5875.patch
    - CVE-2016-5321.patch
    - CVE-2016-5323.patch
    - CVE-2016-6223.patch
    - CVE-2016-3991.patch
    - CVE-2016-3990.patch
    - CVE-2016-3945.patch
    - CVE-2016-3186.patch
    - CVE-2013-1961.patch
    - CVE-2010-2596.patch
   In total these security issues were resolved:
   CVE-2016-5322, CVE-2016-3991, CVE-2016-3990, CVE-2016-3945, CVE-2013-1961,
   CVE-2014-8128, CVE-2014-8129, CVE-2014-9655, CVE-2015-1547, CVE-2015-8665,
   CVE-2015-8683, CVE-2016-3623, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316,
   CVE-2016-5317, CVE-2016-5320, CVE-2016-5875, CVE-2016-5323, CVE-2016-5321,
   CVE-2016-3186, CVE-2010-2596, CVE-2016-6223

 -- Markus Koschany <apo@debian.org>  Sun, 04 Sep 2016 23:10:55 +0200

tiff3 (3.9.6-11) unstable; urgency=high

  * Fix /usr/share/doc symlink to directory transition.  When upgrading
    from very old versions (pre 3.8.2-8), /usr/share/doc may contain
    symbolic links that should be removed.  (Closes: #699041)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 26 Jan 2013 12:27:56 -0500

tiff3 (3.9.6-10) unstable; urgency=high

  * Add fix for CVE-2012-5581, reimplementing DOTRANGE handling to make it
    safer.  Thanks to Red Hat security team for backporting the fix.
    (Closes: #694693)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 15 Dec 2012 06:04:00 -0500

tiff3 (3.9.6-9) unstable; urgency=high

  * Previous change was uploaded with the wrong CVE number.  I updated the
    last changelog entry.  The correct CVE number is CVE-2012-4447.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 05 Oct 2012 17:32:42 -0400

tiff3 (3.9.6-8) unstable; urgency=high

  * Add fix for CVE-2012-4447, a buffer overrun.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 05 Oct 2012 17:04:17 -0400

tiff3 (3.9.6-7) unstable; urgency=high

  * SECURITY UPDATE: possible arbitrary code execution via heap overflow
    in tiff2pdf.  (Closes: #682195)
    - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
      tools/tiff2pdf.c.
    - CVE-2012-3401
    Changes prepared by Marc Deslauriers for Ubuntu.  Thanks!

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 21 Jul 2012 21:33:53 -0400

tiff3 (3.9.6-6) unstable; urgency=high

  * Incorporated fix to CVE-2012-2088, a buffer overflow with certain
    tiled tiff files.  Note that CVE-2012-2113 is not fixed in this
    package, but it applies only to tiff2pdf, which is not packaged here.
    (It is packaged in the "tiff" source package, which is based on a
    newer version that doesn't have the problem.)

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 29 Jun 2012 16:17:11 -0400

tiff3 (3.9.6-5) unstable; urgency=low

  * Fix shlibs again.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 22 Apr 2012 11:41:52 -0400

tiff3 (3.9.6-4) unstable; urgency=low

  * Use >= instead of > in shlibs file.  (Closes: #669042)

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 22 Apr 2012 10:56:37 -0400

tiff3 (3.9.6-3) unstable; urgency=low

  * Support JBIG now that patents have expired.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 08 Apr 2012 07:58:38 -0400

tiff3 (3.9.6-2) unstable; urgency=high

  * Incorporated fix to CVE-2012-1173, a problem in the parsing of the
    TileSize entry, which could result in the execution of arbitrary code
    if a malformed image is opened.
  * Updated standards to 3.9.3

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Apr 2012 10:09:01 -0400

tiff3 (3.9.6-1) unstable; urgency=low

  * New upstream release
  * Fix watch file to restrict to 3.x versions of tiff and to point to new
    download location.

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 20 Feb 2012 09:38:04 -0500

tiff3 (3.9.5-4) experimental; urgency=low

  * Fix Conflicts for renaming of binary packages in the tiff source
    package.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 04 Feb 2012 09:40:40 -0500

tiff3 (3.9.5-3) experimental; urgency=low

  * New source package for tiff 3.x.  Dropped libtiff-tools,
    libtiff-opengl, and libtiff-doc, which are still in the tiff source
    package.
  * Enabled versioned symbols; bumped shlibs files to force properly
    versioned dependency for new builds.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 28 Jan 2012 10:49:12 -0500

tiff (3.9.5-2) unstable; urgency=low

  * Implemented mulitarch and and PIE build for security hardening by
    integrating the changes from the Ubuntu tiff packages.  Thanks to Marc
    Deslauriers and anyone else who did the actual work.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 17 Sep 2011 10:15:39 -0400

tiff (3.9.5-1) unstable; urgency=low

  * New upstream release.  All security patches are fully incorporated
    into this version, as are many other bug fixes.
  * Updated standards version to 3.9.2.  No changes needed.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 16 Apr 2011 13:15:51 -0400

tiff (3.9.4-9) unstable; urgency=high

  * CVE-2011-1167: correct potential buffer overflow with thunder encoded
    files with wrong bitspersample set.  (Closes: #619614)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Apr 2011 10:59:38 -0400

tiff (3.9.4-8) unstable; urgency=low

  * Enable PIE (position independent executable) build for security
    hardening.  Patch from Ubuntu.  (Closes: #613759)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 19 Mar 2011 10:22:32 -0400

tiff (3.9.4-7) unstable; urgency=high

  * Incorporate revised fix to CVE-2011-0192.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 13 Mar 2011 14:33:38 -0400

tiff (3.9.4-6) unstable; urgency=high

  * Incorporated fix to CVE-2011-0192, "Buffer overflow in Fax4Decode".

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 26 Feb 2011 18:44:23 -0500

tiff (3.9.4-5) unstable; urgency=high

  * Incorporated fix to CVE-2010-3087, a potential denial of service
    exploitable with a specially crafted TIFF file.  (Closes: #600188)

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Oct 2010 16:44:08 -0400

tiff (3.9.4-4) unstable; urgency=high

  * Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
    putcontig8bitYCbCr11tile".  (Closes: #595064)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Oct 2010 13:17:12 -0400

tiff (3.9.4-3) unstable; urgency=low

  * Updated control file to remove obsolete Conflicts/Replaces for ancient
    packages.
  * Empty dependency_libs in all .la files as part of the .la file.  This
    also resolves the problem of having hard-coded paths in the .la file.
    (Closes: #509016)
  * Updated standards version to 3.9.1.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 14 Aug 2010 16:28:49 -0400

tiff (3.9.4-2) unstable; urgency=high

  * Incorporated patch to fix CVE-2010-2233, which fixes a specific
    failure of tif_getimage on 64-bit platforms.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 13 Aug 2010 20:16:29 -0400

tiff (3.9.4-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 18 Jun 2010 21:28:11 -0400

tiff (3.9.2-3) unstable; urgency=low

  * Depend on libjpeg-dev instead of libjpeg62-dev.  (Closes: #569242)
  * Change source format to '3.0 (quilt)'
  * Update standards version to 3.8.4.  No changes required.

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 10 Feb 2010 19:20:20 -0500

tiff (3.9.2-2) unstable; urgency=low

  * Include patch from upstream to fix problems with TIFFReadScanline()
    and ycbcr-encoded JPEG images.  (Closes: #510792)
  * Fix some manual page spelling errors found by lintian.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 10 Jan 2010 10:56:32 -0500

tiff (3.9.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Nov 2009 22:52:06 -0500

tiff (3.9.1-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 15:44:23 -0400

tiff (3.9.0-2) unstable; urgency=low

  * Fix critical bug that could cause corrupt files to be written in some
    cases.  (Closes: #543079)

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 13:38:03 -0400

tiff (3.9.0-1) unstable; urgency=low

  * New upstream release.  All previous security patches have been
    integrated.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 21 Aug 2009 11:40:49 -0400

tiff (3.9.0beta+deb1-1) experimental; urgency=low

  * New upstream release (binary compatible with 3.8.2) -- release based
    on 3.9 branch from upstream CVS; see README.Debian for details.
    (Closes: #537118)
  * Updated standards to 3.8.3; no changes required.
  * Stopped using tarball in tarball packaging.  (Closes: #538565)

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 19 Aug 2009 20:33:10 -0400

tiff (3.8.2-13) unstable; urgency=high

  * Apply patches to fix CVE-2009-2347, which covers two integer overflow
    conditions.
  * LZW patch from last update addressed CVE-2009-2285.  Renamed the patch
    to make this clearer.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 12 Jul 2009 18:03:33 -0400

tiff (3.8.2-12) unstable; urgency=low

  * Apply patch to fix crash in lzw decoder that can be caused by certain
    invalid image files.  (Closes: #534137)
  * No longer ignore errors in preinst
  * Fixed new lintian warnings; updated standards version to 3.8.2.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 28 Jun 2009 13:17:44 -0400

tiff (3.8.2-11) unstable; urgency=high

  * Apply security patches (CVE-2008-2327)
  * Convert patch system to quilt
  * Create README.source
  * Set standards version to 3.8.0

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 13:16:37 -0400

tiff (3.8.2-10+lenny1) testing-security; urgency=high

  * Apply patches from Drew Yao of Apple Product Security to fix
    CVE-2008-2327, a potential buffer underflow in the LZW decoder
    (tif_lzw.c).

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 11:56:01 -0400

tiff (3.8.2-10) unstable; urgency=low

  * Fix segmentation fault on subsequent parts of a file with an invalid
    directory tag.  (Closes: #475489)

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 09 Jun 2008 11:02:53 -0400

tiff (3.8.2-9) unstable; urgency=low

  * Backported tiff2pdf from 4.0.0 beta 2.  This fixes many tiff2pdf bugs,
    though unfortunately none of the ones opened in the debian bug
    database!
  * Added upstream homepage to debian control file.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 07 Jun 2008 22:52:27 -0400

tiff (3.8.2-8) unstable; urgency=low

  * Accepted tmpfile patch tiff2pdf to fix bug that has been fixed
    upstream since upstream release appears stalled.  Thanks Jesse Long.
    (Closes: #419773)
  * Update standards version to 3.7.3; no changes required.
  * ${Source-Version} -> ${binary:Version} in control
  * Split documentation into separate libtiff-doc package.  (Closes:
    #472189)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 22 Mar 2008 12:30:38 -0400

tiff (3.8.2-7+etch1) stable-security; urgency=high

  * Apply patches from Drew Yao of Apple Product Security to fix
    CVE-2008-2327, a potential buffer underflow in the LZW decoder
    (tif_lzw.c).

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 11:56:01 -0400

tiff (3.8.2-7) unstable; urgency=high

  * Replace empty directories in /usr/share/doc with links during package
    upgrade.  (Closes: #404631)

 -- Jay Berkenbilt <qjb@debian.org>  Tue,  2 Jan 2007 15:50:50 -0500

tiff (3.8.2-6) unstable; urgency=high

  * Add watch file
  * Tavis Ormandy of the Google Security Team discovered several problems
    in the TIFF library.  The Common Vulnerabilities and Exposures project
    identifies the following issues:
     - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
       tif_dirread.c
     - CVE-2006-3460: A heap overflow vulnerability was discovered in the
       jpeg decoder
     - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
     - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
       overflow
     - CVE-2006-3463: An infinite loop was discovered in
       EstimateStripByteCounts()
     - CVE-2006-3464: Multiple unchecked arithmetic operations were
       uncovered, including a number of the range checking operations
       deisgned to ensure the offsets specified in tiff directories are
       legitimate.
     - A number of codepaths were uncovered where assertions did not hold
       true, resulting in the client application calling abort()
     - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
       support

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 31 Jul 2006 18:14:59 -0400

tiff (3.8.2-5) unstable; urgency=low

  * Fix logic error that caused -q flag to be ignored when doing jpeg
    compression with tiff2pdf.  (Closes: #373102)

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 19 Jun 2006 18:55:38 -0400

tiff (3.8.2-4) unstable; urgency=high

  * SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
    Thanks to Martin Pitt.  (Closes: #371064)
  * Add debian/patches/tiff2pdf-octal-printf.patch:
    - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
      signed char (it printed a signed integer, which overflew the buffer and
      was wrong anyway).
    - CVE-2006-2193

 -- Jay Berkenbilt <qjb@debian.org>  Wed,  7 Jun 2006 17:52:12 -0400

tiff (3.8.2-3) unstable; urgency=high

  * SECURITY UPDATE: Arbitrary command execution with crafted long file
    names.  Thanks to Martin Pitt for forwarding this.
    Add debian/patches/tiffsplit-fname-overflow.patch:
    - tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
      user-specified file name into a statically sized buffer.
    CVE-2006-2656.  (Closes: #369819)
  * Update standards version to 3.7.2.  No changes required.
  * Moved doc-base information to libtiff4 instead of libtiff4-dev.

 -- Jay Berkenbilt <qjb@debian.org>  Thu,  1 Jun 2006 21:24:21 -0400

tiff (3.8.2-2) unstable; urgency=low

  * Fix build dependencies to get OpenGL utility libraries after new Xorg
    packaging.  (Closes: #365722)
  * Updated standards version to 3.7.0; no changes required to package.

 -- Jay Berkenbilt <qjb@debian.org>  Tue,  2 May 2006 10:10:45 -0400

tiff (3.8.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 28 Mar 2006 21:42:33 -0500

tiff (3.8.0-3) unstable; urgency=low

  * Switched build dependency from xlibmesa-gl-dev to libgl1-mesa-dev
    (incorporating Ubunutu patch)
  * Incorporated patch from upstream to fix handling of RGBA tiffs in
    tiff2pdf.  (Closes: #352849)

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 26 Feb 2006 13:21:17 -0500

tiff (3.8.0-2) unstable; urgency=low

  * Applied fixes from upstream to address a memory access violation
    [CVE-2006-0405].  (Closes: #350715, #351223)

 -- Jay Berkenbilt <qjb@debian.org>  Fri,  3 Feb 2006 21:48:39 -0500

tiff (3.8.0-1) unstable; urgency=low

  * New upstream release.  (Closes: #349921)
  * NOTE: The debian version of 3.8.0 includes a patch to correct a binary
    incompatibility in the original 3.8.0 release.  This libtiff package
    is binary compatible with 3.7.4 and will be binary compatible with the
    upcoming 3.8.1 release.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 27 Jan 2006 21:38:58 -0500

tiff (3.7.4-1) unstable; urgency=low

  * New upstream release
  * Fix typos in manual page (Closes: #327921, #327922, #327923, #327924)

 -- Jay Berkenbilt <qjb@debian.org>  Fri,  7 Oct 2005 10:25:49 -0400

tiff (3.7.3-1) unstable; urgency=low

  * New upstream release
  * g++ 4.0 transition: libtiffxx0 is now libtiffxx0c2.

 -- Jay Berkenbilt <qjb@debian.org>  Sat,  9 Jul 2005 12:00:44 -0400

tiff (3.7.2-3) unstable; urgency=high

  * Fix for exploitable segmentation fault on files with bad BitsPerSample
    values.  (Closes: #309739)
    [libtiff/tif_dirread.c, CAN-2005-1544]
    Thanks to Martin Pitt for the report.

 -- Jay Berkenbilt <qjb@debian.org>  Thu, 19 May 2005 05:41:28 -0400

tiff (3.7.2-2) unstable; urgency=high

  * Fix zero pagesize bug with tiff2ps -a2 and tiff2ps -a3.  Thanks to
    Patrice Fournier for the patch.  (Closes: #303583)
  * Note: uploading with urgency=high since this very small fix impacts
    tools only (not the library), and we don't want to block tiff's many
    reverse dependencies from transitioning to sarge.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 10 Apr 2005 10:12:37 -0400

tiff (3.7.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 19 Mar 2005 14:51:06 -0500

tiff (3.7.1-4) unstable; urgency=low

  * Fix from upstream: include a better workaround for tiff files with
    invalid strip byte counts.  (Closes: #183268)

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 22 Feb 2005 19:20:14 -0500

tiff (3.7.1-3) unstable; urgency=low

  * Disable C++ new experimental interfaces for now; will reappear in a
    future version in the separate libtiffxx0 package.

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 29 Jan 2005 13:32:37 -0500

tiff (3.7.1+pre3.7.2-1) experimental; urgency=low

  * New upstream release
  * Separate experimental C++ interface into separate libtiffxx library.

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 29 Jan 2005 13:03:19 -0500

tiff (3.7.1-2) unstable; urgency=low

  * Make -dev package depend upon other -dev packages referenced in the
    .la file created by libtool.  (Closes: #291136)
  * tiff2ps: Allow one of -w and -h without the other.  (Closes: #244247)

 -- Jay Berkenbilt <ejb@ql.org>  Wed, 19 Jan 2005 10:45:00 -0500

tiff (3.7.1-1) unstable; urgency=low

  * New upstream release
  * Correct error in doc-base file (Closes: #285652)

 -- Jay Berkenbilt <ejb@ql.org>  Wed,  5 Jan 2005 16:54:12 -0500

tiff (3.7.0-2) experimental; urgency=low

  * Replace hard-coded libc6-dev dependency with something friendlier to
    porters (libc6-dev | libc-dev).  (Closes: #179727)
  * Fixed upstream: proper netbsdelf*-gnu support in configure.  Actually
    fixed in 3.7.0-1 but left out of changelog.  (Closes: #179728)
  * Include opengl support; adds new libtiff-opengl package. (Closes: #219456)
  * Fixed upstream: fax2ps now allows access to first page. (Closes: #244251)

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 11 Dec 2004 09:51:52 -0500

tiff (3.7.0-1) experimental; urgency=low

  * New upstream release (Closes: #276996)
  * New maintainer (Thanks Joy!)
  * Repackage using cdbs and simple-patchsys to fix some errors and
    simplify patch management
  * Fixed upstream: tiff2pdf ignores -z and -j (Closes: #280682)
  * Fixed upstream: Memory leak in TIFFClientOpen (Closes: #256657)

 -- Jay Berkenbilt <ejb@ql.org>  Fri, 26 Nov 2004 13:50:13 -0500

tiff (3.6.1-5) unstable; urgency=high

  * New maintainer (thanks Joy!)
  * Applied patch by Dmitry V. Levin to fix a segmentation fault
    [tools/tiffdump.c, CAN-2004-1183]
    Thanks to Martin Schulze for forwarding the patch.
  * Fixed section of -dev package (devel -> libdevel)

 -- Jay Berkenbilt <ejb@ql.org>  Wed,  5 Jan 2005 16:27:26 -0500

tiff (3.6.1-4) unstable; urgency=high

  * Fix heap overflow security bug [CAN-2004-1308].  (Closes: #286815)

 -- Jay Berkenbilt <ejb@ql.org>  Wed, 22 Dec 2004 10:20:52 -0500

tiff (3.6.1-3) unstable; urgency=medium

  * Patches from upstream to fix zero-size tile and integer overflow
    problems created by previous security patches, closes: #276783.
  * Added Jay Berkenbilt as co-maintainer. Jay thanks Joy for letting him
    help and eventually take over maintenance of these packages!

 -- Josip Rodin <joy-packages@debian.org>  Mon, 01 Nov 2004 12:28:27 +0100

tiff (3.6.1-2) unstable; urgency=low

  * Included security fixes for:
    + CAN-2004-0803
      - libtiff/tif_luv.c
      - libtiff/tif_next.c
      - libtiff/tif_thunder.c
    + CAN-2004-0804 (but this one is already applied upstream, it seems)
      - libtiff/tif_dirread.c
    + CAN-2004-0886
      - libtiff/tif_aux.c
      - libtiff/tif_compress.c
      - libtiff/tif_dir.c
      - libtiff/tif_dirinfo.c
      - libtiff/tif_dirread.c
      - libtiff/tif_dirwrite.c
      - libtiff/tif_extension.c
      - libtiff/tif_fax3.c
      - libtiff/tiffiop.h
      - libtiff/tif_getimage.c
      - libtiff/tif_luv.c
      - libtiff/tif_pixarlog.c
      - libtiff/tif_strip.c
      - libtiff/tif_tile.c
      - libtiff/tif_write.c
    Thanks to Martin Schulze for forwarding the patches.

 -- Josip Rodin <joy-packages@debian.org>  Thu, 14 Oct 2004 16:13:11 +0200

tiff (3.6.1-1.1) unstable; urgency=medium

  * Non-maintainer upload; thanks to Jay Berkenbilt <ejb@ql.org> for
    preparing the patches
  * Rename shared library and development packages to resolve accidental
    upstream ABI change.  Closes: #236247
  * Include patch from upstream to fix multistrip g3 fax bug.
    Closes: #243405
  * Include LZW support.  Closes: #260242, #248490
  * Fix URL in copyright file.  Closes: #261357
  * Install missing documentation files.  Closes: #261356

 -- Steve Langasek <vorlon@debian.org>  Sun, 25 Jul 2004 10:28:06 -0400

tiff (3.6.1-1) unstable; urgency=low

  * New upstream version, closes: #231977.
  * Slightly fixed up the static lib build rules so that the build process
    does the normal stuff for the dynamic lib and then does the static with
    the same tiffvers.h.

 -- Josip Rodin <joy-packages@debian.org>  Mon, 23 Feb 2004 18:23:34 +0100

tiff (3.5.7-2) unstable; urgency=high

  * Added back the patch that used -src static/libtiff.a in the install
    rule. Wonder how that disappeared... closes: #170914.
  * Fake it's a GNU system in order for the configure script to use our
    toolchain stuff on the NetBSD port, thanks to Joel Baker, closes: #130636.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 10 Dec 2002 17:18:28 +0100

tiff (3.5.7-1) unstable; urgency=low

  * New upstream version, closes: #144940.
  * A whole new set of patches for the breakage in the build system :)

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sun,  6 Oct 2002 22:54:08 +0200

tiff (3.5.5-6) unstable; urgency=low

  * It appears that the general 64-bit detection code, isn't.
    We have to include all of those three conditions, feh.
    This really closes: #106706.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed,  8 Aug 2001 23:09:55 +0200

tiff (3.5.5-5) unstable; urgency=low

  * Changed two Alpha/Mips-isms into general 64-bit detection code,
    patch from John Daily <jdaily@progeny.com>, closes: #106706.
  * Patched man/Makefile.in to generate a manual page file for
    TIFFClientOpen(3t), as a .so link to TIFFOpen(3t), closes: #99577.
  * Used /usr/share/doc in the doc-base file, closes: #74122.
  * Changed libtiff3g-dev's section back to devel, since graphics was,
    according to elmo, "hysterical raisins". :))

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 27 Jul 2001 01:43:04 +0200

tiff (3.5.5-4) unstable; urgency=low

  * Updated config.* files, closes: #94696.
  * Fixed libtiff3g-dev's section, closes: #85533.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed, 20 Jun 2001 18:29:24 +0200

tiff (3.5.5-3) unstable; urgency=low

  * Build shared library on Hurd, too, closes: #72482.
  * Upped Standards-Version to 3.5.0.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sat, 30 Sep 2000 17:42:13 +0200

tiff (3.5.5-2) unstable; urgency=low

  * Make `dynamic shared object' on Linux unconditionally, fixes the problem
    with libc.so.6.1 on alpha, thanks Chris C. Chimelis.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed, 13 Sep 2000 21:44:00 +0200

tiff (3.5.5-1) unstable; urgency=low

  * New upstream version.
  * The upstream build system sucks. There, I said it. Back to work now. :)
  * Added a build dependencies on make (>= 3.77) (closes: #67747) and
    debhelper.
  * Standards-Version: 3.2.1:
    + added DEB_BUILD_OPTIONS checks in debian/rules

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 29 Aug 2000 14:06:02 +0200

tiff (3.5.4-5) frozen unstable; urgency=low

  * Fixed 16-bit/32-bit values bug in fax2ps from libtiff-tools, that
    also breaks printing from hylafax, using provided oneliner patch
    from Bernd Herd (accepted upstream), closes: #49232 and probably #62235.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Mon, 27 Mar 2000 17:12:10 +0200

tiff (3.5.4-4) frozen unstable; urgency=low

  * Weird dpkg-shlibdeps from dpkg 1.6.8-pre has done it again, this time
    with libz.so, making the packages depend on zlib1 (instead of zlib1g).
    Closes: #56134, #56137, #56140, #56155.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 25 Jan 2000 18:05:28 +0100

tiff (3.5.4-3) frozen unstable; urgency=low

  * Included libtiff.so file in libtiff3g-dev, dammit :( My eye hurts,
    a lot, but this was easy to fix, thank goodness :) (closes: #55814).
    This bugfix deserves to get into frozen because the bug cripples
    libtiff3g-dev, a lot.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 21 Jan 2000 19:02:22 +0100

tiff (3.5.4-2) unstable; urgency=low

  * Fixed upstream build system to use ${DESTDIR}, and with that working,
    created install: rule in debian/rules and used it.
  * Fixed the way rules file gets the version from upstream sources,
    and fixed dist/tiff.alpha, it didn't work.
  * Removed README file from libtiff3g binary package, useless.
  * Fixed configure script not to emit the wrong warning about
    zlib/jpeg dirs not specified (they're in /usr/include, stupid :).

 -- Josip Rodin <jrodin@jagor.srce.hr>  Thu, 30 Dec 1999 01:17:32 +0100

tiff (3.5.4-1) unstable; urgency=low

  * New upstream version, closes: #50338.
  * Disabled libc5 build, it wouldn't compile. :(

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri,  3 Dec 1999 20:49:25 +0100

tiff (3.5.2-4) unstable; urgency=low

  * Castrated the rules file, to make it actually work on !(i386 m68k).
    Closes: #49316.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sat,  6 Nov 1999 13:22:54 +0100

tiff (3.5.2-3) unstable; urgency=low

  * Removed sparc from the libtiff3 arches list, as BenC advised.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 29 Oct 1999 23:29:23 +0200

tiff (3.5.2-2) unstable; urgency=low

  * Changed Architecture: line for libtiff3 from "any" to "i386 m68k sparc"
    as it is actually only built on those. Changed description a little bit.
  * Minor fixes to the rules file.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Thu, 28 Oct 1999 14:00:02 +0200

tiff (3.5.2-1) unstable; urgency=low

  * New upstream version.
  * Renamed source package to just "tiff", like upstream tarball name.
  * New maintainer (thanks Guy!). Renewed packaging, with debhelper,
    using Joey's nifty multi2 example, with several adjustments.
  * Ditched libtiff3-altdev, nobody's using that and nobody should be
    using that. Packaging for it still exists, it's just commented out.
  * Uses doc-base for -dev docs now. Uncompressed HTML docs, 100kb space
    saved is pointless when you can't use any links between documents.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 26 Oct 1999 16:20:46 +0200

libtiff3 (3.4beta037-8) unstable; urgency=low

  * Argh, same bug in the prerm, closes: #36990, #36850, #36855,
    #36866, #36988.

 -- Guy Maor <maor@debian.org>  Sat,  1 May 1999 10:12:23 -0700

libtiff3 (3.4beta037-7) unstable; urgency=low

  * Don't error when dhelp is not installed, closes: #36879, #36922.

 -- Guy Maor <maor@debian.org>  Thu, 29 Apr 1999 19:17:55 -0700

libtiff3 (3.4beta037-6) unstable; urgency=low

  * Only build libc5 packages on appropriate archs, closes: #27083, #32007.
  * Apply NMU patch, closes: #26413, #26887.
  * Add dhelp support, closes: #35154.
  * Recompile removes invalid dependency, closes: #30961.

 -- Guy Maor <maor@debian.org>  Sat, 24 Apr 1999 15:17:51 -0700

libtiff3 (3.4beta037-5.1) frozen unstable; urgency=low

  * NMU to not use install -s to strip static .a libraries. Fixes: #26413
  * Build with recent libjpeg. Fixes: #26887
  * Add Section: and Priority: headers to debian/control.

 -- Ben Gertzfield <che@debian.org>  Mon, 26 Oct 1998 22:44:33 -0800

libtiff3 (3.4beta037-5) unstable; urgency=low

  * Explicit link with -lm (and don't need -lc now), fixes: #19167, #22180.

 -- Guy Maor <maor@ece.utexas.edu>  Tue, 11 Aug 1998 22:27:56 -0700

libtiff3 (3.4beta037-4) unstable; urgency=low

  * libtiff3-tools conflicts & replaces with libtiff3-gif (13521,15107).

 -- Guy Maor <maor@ece.utexas.edu>  Sun, 11 Jan 1998 13:09:28 -0800

libtiff3 (3.4beta037-3) unstable; urgency=low

  * New libjpegg contains shlibs file, so don't need shlibs.local.
  * Compile with -D_REENTRANT.
  * Add shlibs for libtiff3g (13423).

 -- Guy Maor <maor@ece.utexas.edu>  Sat, 27 Sep 1997 13:17:45 -0500

libtiff3 (3.4beta037-2) unstable; urgency=low

  * Add libjpegg6a to shlibs.local to correct for broken dependency.

 -- Guy Maor <maor@ece.utexas.edu>  Fri, 26 Sep 1997 11:23:55 -0500

libtiff3 (3.4beta037-1) unstable; urgency=low

  * New upstream version, libc6 compile, policy 2.3.0.0 (5136, 7470, 7627, 8166
    8312, 9479, 9492, 9531, 11700, 11702).
  * Fix check for shared lib support (10805).

 -- Guy Maor <maor@ece.utexas.edu>  Tue, 23 Sep 1997 16:55:56 -0500
