File: changelog

package info (click to toggle)
libpng1.6 1.6.36-6
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 9,608 kB
  • sloc: ansic: 58,101; sh: 4,974; awk: 782; makefile: 544; asm: 205; cpp: 135
file content (1584 lines) | stat: -rw-r--r-- 54,009 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
libpng1.6 (1.6.36-6) unstable; urgency=medium

  * Upload to unstable

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 08 Apr 2019 10:55:25 +0200

libpng1.6 (1.6.36-5exp1) experimental; urgency=medium

  * Drop Anibal from uploaders list,
    thank you for your nice work! (Closes: #925014)
  * Update copyright years.
  * Drop patch 272.patch, superseeded by upstream commits:
    70d122aac42933ab8a708c538f973c3307853212.patch (uncommented)
    82ae623ec9bc3cb5c68aad22596a766e86d593b7.patch
    a627bd26a375f5c41d54f90a47c838157d1bec97.patch

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 20 Mar 2019 11:58:35 +0100

libpng1.6 (1.6.36-5) unstable; urgency=medium

  * Tweak old 272 patch to add the only relevant part of commit
    70d122aac42933ab8a708c538f973c3307853212.patch
  * Drop 70d122aac42933ab8a708c538f973c3307853212.patch, it breaks the
    testsuite.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 05 Feb 2019 12:54:50 +0100

libpng1.6 (1.6.36-4) unstable; urgency=high

  * debian/patches/70d122aac42933ab8a708c538f973c3307853212.patch,
    debian/patches/8439534daa1d3a5705ba92e653eda9251246dd61.patch:
    - new fixes for arm64 and general test failures (and leaks)
  * debian/patches/CVE-2019-7317.patch:
    - fix for CVE 2019-7317 (Closes: #921355)
      Thanks Salvatore Bonaccorso for your report!

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 05 Feb 2019 11:43:24 +0100

libpng1.6 (1.6.36-3) unstable; urgency=medium

  * debian/patches/272.patch:
    - upstream fix for arm64 test failures.
    - drop previous revert-* patches

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 31 Dec 2018 09:24:07 +0100

libpng1.6 (1.6.36-2) unstable; urgency=medium

  * Update watch file for github location
  * Add apng support, like what is done in arch linux
    - https://github.com/glennrp/libpng/issues/267
  * d/p/revert-{7734cda20cf1236aef60f3bbd2267c97bbb40869,
    1ceaa83a844cd3ecef25279d60720f910b96f297,
    b66ed711315c46ef6c556c83c0074ecdcbd9937f}.patch:
    revert on arm64 only the chromebook optimizations, they are
    making the build fail.
    - discussion at https://github.com/glennrp/libpng/issues/266
  [ Mattia Rizzolo ]
  * Fixup std-version numbering

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Fri, 28 Dec 2018 14:13:52 +0100

libpng1.6 (1.6.36-1) unstable; urgency=medium

  * New upstream version 1.6.36
  * update copyright file
  * Bump std-version to 4.3.0.1, no changes required
  * drop patch 8a057: upstream
  * Add nocheck profile in rules file

  [ Ondřej Nový <onovy@debian.org> ]
  * d/changelog: Remove trailing whitespaces

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 27 Dec 2018 13:47:10 +0100

libpng1.6 (1.6.34-2) unstable; urgency=medium

  [ Salvatore Bonaccorso ]
  * debian/patches/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2.patch:
    Closes: #903430
    CVE-2018-13785

  [ Gianfranco Costamagna ]
  * Upload to unstable
  * Switch VCS fields to salsa.d.o
  * Bump std-version to 4.1.5, no changes required
  * Switch copyright in https mode

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 10 Jul 2018 13:17:30 +0200

libpng1.6 (1.6.34-1) unstable; urgency=medium

  * New upstream version 1.6.34
  * Remove files removed upstream (the failing png files)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Fri, 29 Sep 2017 18:54:51 +0200

libpng1.6 (1.6.33-1) unstable; urgency=medium

  * New upstream version 1.6.33
  * Drop idat patch: upstream
  * Update copyright
  * Bump std-version to 4.1.1
  * Remove some new test png files that make testsuite fail
    (they fail also on older libpng version, just they weren't available
     status is tracked at https://sourceforge.net/p/libpng/bugs/271/ )

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Fri, 29 Sep 2017 08:44:54 +0200

libpng1.6 (1.6.32-3) unstable; urgency=high

  * Fix invalid IDAT images, thanks Felix Geyer for the debug/bug reassign!
    (Closes: #876563)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 26 Sep 2017 10:15:08 +0200

libpng1.6 (1.6.32-2) unstable; urgency=medium

  * Bump std-version to 4.1.0, now priority is extra
  * Add missing newline on copyright entry, making lintian sad
  * Move the examples into the main libpng-dev (Closes: #876244)
    - thanks Helmut Grohne for the useful bug report!

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sun, 17 Sep 2017 10:37:44 +0200

libpng1.6 (1.6.32-1) unstable; urgency=medium

  * New upstream version 1.6.32
  * Update copyright file

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 26 Aug 2017 23:43:31 +0200

libpng1.6 (1.6.31-1) unstable; urgency=medium

  * New upstream release.
  * Update d/watch to point to ftp site and to verify gpg signature.
  * fix-arm-build.patch removed, fixed upstream.
  * Update d/copyright (years and add new maintainers) and remove some
    redudant entries.

 -- Tobias Frost <tobi@debian.org>  Fri, 04 Aug 2017 07:10:47 +0200

libpng1.6 (1.6.30-2) unstable; urgency=medium

  * Fix arm* build failures with upstream patch
    (Closes: #867670)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sun, 09 Jul 2017 01:02:17 +0200

libpng1.6 (1.6.30-1) unstable; urgency=medium

  * New upstream release.
  * Update copyright
  * Bump std-version to 4.0.0

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 08 Jul 2017 12:52:44 +0200

libpng1.6 (1.6.29-3) unstable; urgency=medium

  * Upload to unstable

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 12 Jun 2017 11:22:51 +0200

libpng1.6 (1.6.29-2) experimental; urgency=medium

  * Enable PIE eveywhere

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 22 Apr 2017 14:46:34 +0200

libpng1.6 (1.6.29-1) experimental; urgency=medium

  * New upstream release.
    - Drop fix multiarch patch: upstream
  * Use autoreconf.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 10 Apr 2017 08:39:26 +0200

libpng1.6 (1.6.28-1exp4) experimental; urgency=medium

  * Override autoreconf due to debhelper bug 844504

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 02 Mar 2017 16:29:47 +0100

libpng1.6 (1.6.28-1exp3) experimental; urgency=medium

  * No-autoreconf for cmake builds

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 02 Mar 2017 16:14:47 +0100

libpng1.6 (1.6.28-1exp2) experimental; urgency=medium

  * Readd multiarch patch, it was merged by
    upstream on master but not on 1.6 branch

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 02 Mar 2017 15:07:10 +0100

libpng1.6 (1.6.28-1exp1) experimental; urgency=medium

  * Switch to cmake

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 09 Jan 2017 19:53:06 +0100

libpng1.6 (1.6.28-1) unstable; urgency=medium

  * New upstream release.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 09 Jan 2017 19:50:31 +0100

libpng1.6 (1.6.27-1) unstable; urgency=medium

  * New upstream release (Closes: #849799)
    - Fix for CVE-2016-10087

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 31 Dec 2016 08:51:32 +0100

libpng1.6 (1.6.26-6) unstable; urgency=medium

  * Enable pie in Debian, disable it in Ubuntu.
    - thanks pochu :)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 08 Dec 2016 17:03:30 +0100

libpng1.6 (1.6.26-5) unstable; urgency=medium

  * Revert cmake switch, failing on arm64.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 07 Dec 2016 08:41:24 +0100

libpng1.6 (1.6.26-4) unstable; urgency=low

   * Upload to unstable.
   * Disable pie where Ubuntu has not defaulted yet.
     (armhf, arm64, powerpc)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 15 Nov 2016 20:50:40 +0100

libpng1.6 (1.6.26-3) experimental; urgency=medium

  * Switch to cmake.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 15 Nov 2016 20:50:40 +0100

libpng1.6 (1.6.26-2) unstable; urgency=medium

  * Enable full hardening (+pie) (Closes: #844429)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 15 Nov 2016 18:10:16 +0100

libpng1.6 (1.6.26-1) unstable; urgency=low

  * New upstream release.
  * Switch to compat level 10
    - Drop autoreconf/parallel, automatically injected

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 24 Oct 2016 19:36:32 +0200

libpng1.6 (1.6.25-2) unstable; urgency=medium

  * Mark the -tools package Multi-Arch: foreign.
    (Closes: #840446).
    Thanks Francois Gourget for the bug report!

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 11 Oct 2016 19:13:50 +0200

libpng1.6 (1.6.25-1) unstable; urgency=medium

  * New upstream release.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 06 Sep 2016 12:29:51 +0200

libpng1.6 (1.6.24-2) unstable; urgency=medium

  * Stop providing pngcp, because a tool with the same
    name is provided by pngtools (Closes: #834119, #834118).
    - Consider re-enabling it if ineeded, but for now the
      tool has no manpage and no help command.
    - An alternative might be to make pngtools and libpng-tools
      conflict each others.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Fri, 12 Aug 2016 10:35:50 +0200

libpng1.6 (1.6.24-1) unstable; urgency=medium

  * New upstream release.
    - install also new pngcp tool in libpng-tools package.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 11 Aug 2016 23:14:13 +0200

libpng1.6 (1.6.23-1) unstable; urgency=medium

  * New upstream release.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 15 Jun 2016 16:41:46 +0200

libpng1.6 (1.6.22-1) unstable; urgency=medium

  * New upstream release.
    - drop fix_define_PNG_READ_16_TO_8.patch: upstream
  * Update copyright file.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sun, 05 Jun 2016 23:41:22 +0200

libpng1.6 (1.6.21-5) unstable; urgency=medium

  * d/control: Add VCS-* to repository on collab-maint.
  * Add patch to properly define PNG_READ_16_TO_8_SUPPORTED (Closes: #824014)
  * Add d/gbp.conf to ensure signed tags.

 -- Tobias Frost <tobi@debian.org>  Wed, 11 May 2016 19:30:16 +0200

libpng1.6 (1.6.21-4) unstable; urgency=medium

  * add libpng-config.patch from the old
    src:libpng.
    - disabling multiarch bits in libpng-config has
      the "side-effect" to let us have a Multiarch libpng-dev package.
      Closes: #822297
  * Make the libpng-dev package Multiarch ready.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 23 Apr 2016 09:04:06 +0200

libpng1.6 (1.6.21-3) unstable; urgency=medium

  [ Manuel A. Fernandez Montecelo ]
  * Add hardening flags (excluding PIE. CLoses: #805822)

  [ Gianfranco Costamagna ]
  * Drop useless pre-depends line.

  [ Bart Martens ]
  * Fix watch file

  [ Laurent Bigonville ]
  * Drop useless packages in Replaces field. (Closes: #820887)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 13 Apr 2016 08:49:30 +0200

libpng1.6 (1.6.21-2) unstable; urgency=medium

  * Upload to unstable.
  * Add myself and Tobias to uploaders, as per maintainers
    suggestion.
  * Bump std-version to 3.9.8, no changes required.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 06 Apr 2016 17:26:38 +0200

libpng1.6 (1.6.21-1) experimental; urgency=medium

  * Team upload.
  * New upstream release.
  * Add upstream signing key
  * Fix watch file.
  * Update copyright file.
  * Drop libpng16-devtools, useless and merged in libpng-dev.
    (many packages relies on that script for building correctly)
    - breaks + replaces accordingly.
  * Remove multiarch -dev package
  * Rename libpng16-tools to libpng-tools, there is no need of
    strict versioning here.
  * Install upstream changelog.
  * Run upstream testsuite.
  * Remove README.* files, useless now.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 31 Mar 2016 14:43:03 +0200

libpng1.6 (1.6.20-3) experimental; urgency=medium

  * Team upload
  * Move libpng16-dev to libpng-dev, to ease next transitions.
  * Drop conflicts against mzscheme, pngcrush, pngmeta,
    povray-3.5, qemacs, some of them disappeared, some of
    them have later versions already in old-oldstable.
  * Simplify even more the packaging, probably fixing #813288
  * Fix symlinks, and two lintian errors:
    - library-in-root-and-usr
    - old-style-config-script-multiarch-path
      (multiarch: no for libpng16-devtools)
  * Update standard-version to 3.9.7, no changes required.
  * Switch to dh-autoreconf (Closes: #813027)
  * Remove libpng16-devtools circular dependency, recommend it instead.
  * Fix duplicate description lintian warning
  * Fix copyright lintian warnings
  * Remove copyright.in file
  * Use new plain dh calls in rules file
  * Remove some old lintian overrides.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 16 Mar 2016 17:05:08 +0100

libpng1.6 (1.6.20-2) experimental; urgency=medium

  [ Tobias Frost ]
  * libpng16-16-udeb should not Conflicts: libpng-12-0.

  [ Anibal Monsalve Salazar ]
  * debhelper compat version is 9.
  * debian/control: libpng16-devtools is "Multi-Arch: same".

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 28 Jan 2016 10:33:54 +0000

libpng1.6 (1.6.20-1.1) experimental; urgency=medium

  * Non-maintainer upload.
  * Preparation for the transition, going to experimental.
  * Make libpng16-dev depend on libpng16-devtools to have libpng-config
    pulled in automatically for reverse dependencies.
  * Provide a so-name neutral devtools package

 -- Tobias Frost <tobi@debian.org>  Sun, 24 Jan 2016 11:26:12 +0100

libpng1.6 (1.6.20-1) experimental; urgency=medium

  * New upstream release.
    Fix CVE-2015-8472.
    Closes: #810074.
  * Use default options to compress.
    Remove debian/source/options.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 07 Jan 2016 23:35:21 +0000

libpng1.6 (1.6.19-1) experimental; urgency=medium

  * New upstream release.
  * Update lintian-overrides for 1.6.19.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Wed, 18 Nov 2015 13:07:21 +0900

libpng1.6 (1.6.16-1) experimental; urgency=medium

  * New upstream release (Closes: #773823)
    Fix CVE-2015-8540.
  * Standards Version is 3.9.6.
  * Update debian/copyright.
    Add infomation of license for other all files.
  * Update lintian-overrides for 1.6.16.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Sat, 07 Mar 2015 18:33:32 +0900

libpng1.6 (1.6.10-2) experimental; urgency=low

  * Add libpng16-devtools package.
    Move libpng-config to this package.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Wed, 02 Apr 2014 09:16:13 +0900

libpng1.6 (1.6.10-1) experimental; urgency=low

  * New upstream release (Closes: #740585)
    Fixed CVE-2014-0333.
  * Update overrides files.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Sat, 22 Mar 2014 09:58:12 +0900

libpng1.6 (1.6.8-2) experimental; urgency=low

  * Update debian/copyright. (Closes: #735737)

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Tue, 21 Jan 2014 08:59:56 +0900

libpng1.6 (1.6.8-1) experimental; urgency=low

  * New upstream release.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Wed, 15 Jan 2014 13:10:28 +0900

libpng1.6 (1.6.7-1) experimental; urgency=low

  * New upstream release.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Tue, 14 Jan 2014 15:21:52 +0900

libpng (1.5.11-1) experimental; urgency=low

  * New upstream release.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Thu, 05 Jul 2012 13:18:14 +0900

libpng (1.5.10-3) experimental; urgency=low

  * Remove libpng12-dev binary package. libpng-dev provides and replaces
    libpng12-dev.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 19 May 2012 18:55:25 +1000

libpng (1.5.10-2) experimental; urgency=low

  * Add transition packages libpng3, libpng12-0 and libpng12-dev

 -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 18 May 2012 10:09:24 +1000

libpng (1.5.10-1) experimental; urgency=high

  * New upstream version 1.5.10
    - Fix CVE-2011-3048 (memory corruption flaw)
      Closes: 667475
  * Standards Version is 3.9.3

 -- Anibal Monsalve Salazar <anibal@debian.org>  Mon, 09 Apr 2012 13:29:39 +1000

libpng (1.5.9-1) experimental; urgency=low

  * New upstream version 1.5.9

    The purpose of this release is to fix the dangerous CVE-2011-3026.
    The libpng patch is different from the one that was distributed
    earlier by Chromium, in that the libpng user limit feature is not
    crippled by the patch.

    Remove 02-660026-CVE-2011-3026.patch

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 19 Feb 2012 12:22:43 +1100

libpng (1.5.8-1) experimental; urgency=high

  * New upstream release.
    Fix a one-byte (stack) buffer-overrun bug in
    png_formatted_warning(), which could lead to crashes (denial of
    service) or, conceivably, execution of hostile code.
    This vulnerability has been assigned ID CVE-2011-3464.
  * Check for both truncation (64-bit platforms) and integer overflow
    Fix CVE-2011-3026
    Add 02-660026-CVE-2011-3026.patch
    Closes: 660026

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 16 Feb 2012 09:18:13 +1100

libpng (1.5.7-2) experimental; urgency=low

  * Fix typo from PPFLAGS to CPPFLAGS.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Mon, 09 Jan 2012 21:39:33 +0900

libpng (1.5.7-1) experimental; urgency=low

  * New upstream release.
  * Update debian/rules.
    Enabled hardened build flags. (Closes: #654149)

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Mon, 09 Jan 2012 21:02:50 +0900

libpng (1.5.6-1) experimental; urgency=low

  * New upstream release.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Mon, 07 Nov 2011 12:35:59 +0900

libpng (1.5.5-1) experimental; urgency=low

  * New upstream release.
  * Fix lintian error: udeb-uses-non-gzip-data-tarball.
    Changed option of dh_builddeb for every package.
  * Fix lintian warning: brace-expansion-in-debhelper-config-file.
    Remove brace-expansion from debian/libpng-dev.install.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Wed, 26 Oct 2011 12:35:05 +0900

libpng (1.5.4-2) experimental; urgency=low

  * Port Steve Langasek's changes for 1.2.46-1
    - Build for multiarch. Closes: 634151
    - Drop debian/libpng15-15-udeb.dirs, which just adds a pointless empty
      directory to the udeb
  * Update debian/docs and debian/libpng15-15.docs
  * Add debian/libpng15-15.doc-base
  * Build-Depend on autotools-dev

 -- Anibal Monsalve Salazar <anibal@debian.org>  Tue, 19 Jul 2011 00:49:57 +1000

libpng (1.2.46-2) unstable; urgency=low

  [ Steve Langasek ]
  * Build for multiarch.  Requires converting libpng3 from Arch: all to
    Arch: any. Closes: 634151
  * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
    directory to the udeb.

  [ Anibal Monsalve Salazar ]
  * Fix doc-base file
    Closes: 633944, 633957, 634120
  * Pass "-Zbzip2 -z9" to dpkg-deb

 -- Anibal Monsalve Salazar <anibal@debian.org>  Mon, 18 Jul 2011 23:38:25 +1000

libpng (1.5.4-1) experimental; urgency=low

  * New upstream release (Closes: #633871).
    - Fix CVE: CVE-2011-2690
      Buffer overwrite in png_rgb_to_gray
    - CVE: CVE-2011-2691
      Crash in png_default_error due to use of NULL Pointer
    - CVE: CVE-2011-2692
      Memory corruption when handling empty sCAL chunks
    - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Fri, 15 Jul 2011 12:01:42 +0900

libpng (1.2.46-1) unstable; urgency=high

  * New upstream release (Closes: #633871).
    - Fix CVE: CVE-2011-2690
      Buffer overwrite in png_rgb_to_gray
    - CVE: CVE-2011-2691
      Crash in png_default_error due to use of NULL Pointer
    - CVE: CVE-2011-2692
      Memory corruption when handling empty sCAL chunks
    - Update patches/01-legacy.patch
    - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Fri, 15 Jul 2011 11:47:49 +0900

libpng (1.5.2-3) experimental; urgency=low

  * Rename libpng15-dev to libpng-dev

 -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 06 Jul 2011 13:14:03 +1000

libpng (1.5.2-2) experimental; urgency=low

  * Fix 1-byte uninitialized memory reference in png_format_buffer()
    Fix CVE-2011-2501
    Add debian/patches/02-632786-CVE-2011-2501.patch
    Closes: 632786
  * Pass "-Zbzip2 -z9" to dpkg-deb
  * Fix xc-package-type-in-debian-control
  * Fix debian-rules-missing-recommended-target

 -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 06 Jul 2011 11:27:05 +1000

libpng (1.2.44-3) unstable; urgency=high

  * Fix 1-byte uninitialized memory reference in png_format_buffer()
    Fix CVE-2011-2501
    Add debian/patches/02-632786-CVE-2011-2501.patch
    Closes: 632786
  * Standards version is 3.9.2
  * Fix xc-package-type-in-debian-control
  * Fix debian-rules-missing-recommended-target

 -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 06 Jul 2011 10:04:32 +1000

libpng (1.5.2-1) experimental; urgency=low

  * New upstream release (Closes: #565821, #574257, #606867).
  * Remove Sam Hocevar from Uploaders.
  * Add myself to Uploaders.
  * Remove libtool, automake and autoconf from Build-depends.
  * Disable practice of autogen.sh from debian/rules.
  * Remove support libpng3 package (Closes: #369104, #615558).
  * Update debian/copyright.
    - Update copyright holder.
    - Add new license for contrib/pngsuite (Closes: #615558).
  * Remove patches directory.
  * Add libpng15-dev.lintian-overrides.
    Overrides manpage-has-errors-from-man usr/share/man/man3/libpng.3.gz.

 -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Thu, 09 Jun 2011 21:37:11 +0900

libpng (1.2.44-2) unstable; urgency=low

  * debian/libpng3.links: fix up the compat symlink to point to /lib
    Patch by Steve Langasek
    Closes: #579074, LP: #284325

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 13 Mar 2011 14:40:33 +1100

libpng (1.2.44-1) unstable; urgency=low

  * New upstream release
    Stop memory leak when reading a malformed sCAL chunk

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 26 Jun 2010 13:32:43 +1000

libpng (1.2.43-1) unstable; urgency=high

  * New upstream release
  * Fix CVE-2010-0205 and Cert VU#576029
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
    https://www.kb.cert.org/vuls/id/576029
    Do not stall and consume large quantities of memory while processing
    certain Portable Network Graphics (PNG) files
    Closes: 572308

 -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 03 Mar 2010 16:44:47 +1100

libpng (1.2.42-2) unstable; urgency=low

  * Merge 1.2.42-1ubuntu1
    Move libpng from /usr/lib to /lib, so that plymouth is usable on
    systems with a separate /usr.
  * Fix out-of-date-standards-version

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 14 Feb 2010 13:09:51 +1100

libpng (1.2.42-1ubuntu1) lucid; urgency=low

  * Merge from Debian testing.  Remaining changes:
    - Move libpng from /usr/lib to /lib, so that plymouth is usable on
      systems with a separate /usr.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 28 Jan 2010 11:57:34 +0000

libpng (1.2.42-1) unstable; urgency=low

  * New upstream release
  * Remove 02-export-png_set_strip_error_numbers.patch (merged)
  * Fix debhelper-but-no-misc-depends

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 16 Jan 2010 17:53:14 +1100

libpng (1.2.41-1ubuntu1) lucid; urgency=low

  * Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
    with a separate /usr.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 25 Jan 2010 00:18:15 -0800

libpng (1.2.41-1) unstable; urgency=low

  * New upstream release
  * Debian source format is 3.0 (quilt)
  * Update debian/watch
  * Add 02-export-png_set_strip_error_numbers.patch
    Define PNG_ERROR_NUMBERS_SUPPORTED
    Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
    a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
    exported.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 04 Dec 2009 11:23:50 +1100

libpng (1.2.40-1) unstable; urgency=low

  * New upstream release

 -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 07 Oct 2009 12:44:09 +1100

libpng (1.2.39-1) unstable; urgency=low

  * New upstream release
  * Fix out-of-date-standards-version
  * Fix patch-system-but-no-source-readme

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 20 Aug 2009 14:57:46 +1000

libpng (1.2.38-1) unstable; urgency=low

  * New upstream release
  * Fix out-of-date-standards-version
  * Update upstream homepage
    Closes: 536474

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 18 Jul 2009 05:44:23 +1000

libpng (1.2.37-1) unstable; urgency=low

  * New upstream release

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 04 Jun 2009 23:03:58 +1000

libpng (1.2.36-1) unstable; urgency=low

  * New upstream release
  * Standards-Version is 3.8.1
  * debhelper compat is 7
  * Run dh_prep instead of dh_clean -k

 -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 22 May 2009 09:11:26 +1000

libpng (1.2.35-1) unstable; urgency=high

  * New upstream release
    - http://secunia.com/advisories/33970/
      Fix a vulnerability reported by Tavis Ormandy in which
      some arrays of pointers are not initialized prior to using
      "malloc" to define the pointers.
      Closes: #516256
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
      The png_check_keyword function in pngwutil.c in libpng, might
      allow context-dependent attackers to set the value of an
      arbitrary memory location to zero via vectors involving
      creation of crafted PNG files with keywords, related to an
      implicit cast of the '\0' character constant to a NULL pointer.
  * Don't build libpng3 when binary-indep target is not called.
    Closes: #486415

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 21 Feb 2009 15:50:52 +1100

libpng (1.2.33-2) unstable; urgency=low

  * Fix the following lintian issues:
    W: libpng12-0: copyright-refers-to-versionless-license-file
       usr/share/common-licenses/GPL

 -- Anibal Monsalve Salazar <anibal@debian.org>  Mon, 16 Feb 2009 11:32:17 +1100

libpng (1.2.33-1) experimental; urgency=low

  * New upstream release
    - Fix memory leak after reading a malformed tEXt chunk

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 01 Nov 2008 17:21:56 +1100

libpng (1.2.32-1) experimental; urgency=low

  * New upstream release
    - libpng.pc is configured to do static linking; closes: #483477
    - use autoconf variables in .pc and libpng-config; closes: #483478
  * Remove debian/patches/02-501109-pngtest.c.diff; it was merged

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 05 Oct 2008 08:20:20 +1100

libpng (1.2.27-2) unstable; urgency=medium

  * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
  * Standards-Version is 3.8.0

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 04 Oct 2008 19:45:17 +1000

libpng (1.2.27-1) unstable; urgency=low

  * New upstream release
  * Patches merged upstream:
    debian/patches/02-476669-CVE-2008-1382.diff
    debian/patches/03-404514-png.5.diff
  * Run ./autogen.sh

 -- Anibal Monsalve Salazar <anibal@debian.org>  Tue, 29 Apr 2008 17:22:16 +1000

libpng (1.2.26-1) unstable; urgency=high

  * New upstream release. Closes: #431202
  * Use quilt
    Add 01-legacy.diff
  * Fix CVE-2008-1382 denial of service and possibly code execution
    Add 02-476669-CVE-2008-1382.diff
    Closes: #476669
  * Fix URL in png.5. Closes: #404514
    Add 03-404514-png.5.diff
  * Move examples to libpng12-dev. Closes: #401467
  * Fix "libpng (<= 1.2.20) contains grey-licensed code". Closes: #469126
  * Fix the following lintian issues:
    W: libpng source: debian-rules-ignores-make-clean-error line 37
    W: libpng source: substvar-source-version-is-deprecated libpng12-dev
    W: libpng source: out-of-date-standards-version 3.7.2 (current is 3.7.3)
    W: libpng12-0-udeb udeb: description-contains-homepage
    W: libpng3: description-contains-homepage
    W: libpng12-dev: description-contains-homepage
    W: libpng12-0: package-contains-empty-directory usr/bin/
    W: libpng12-0: package-contains-empty-directory usr/sbin/
    W: libpng12-0: description-contains-homepage
    W: libpng12-0: doc-base-unknown-section libpng12:22 Apps/Programming

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 20 Apr 2008 18:22:32 +1000

libpng (1.2.15~beta5-3) unstable; urgency=high

  * ACKed NMU.
  * Fixed out-of-bounds read operations triggered by crafted
    png image files (CVE-2007-5269) (Closes: #446308).

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 14 Oct 2007 09:55:00 +1000

libpng (1.2.15~beta5-2.1) unstable; urgency=high

  * Non-maintainer upload by testing security team.
  * Fixed out-of-bounds read operations triggered by crafted
    png image files (CVE-2007-5269) (Closes: #446308).

 -- Nico Golde <nion@debian.org>  Sun, 14 Oct 2007 01:12:51 +0200

libpng (1.2.15~beta5-2) unstable; urgency=high

  * It seems that a grayscale image with a malformed (bad CRC) tRNS
    chunk will crash libpng and mozilla. Closes: #424729.
    - CVE-2007-2445
      http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
    - CERT Vulnerability Note VU#684664
      http://www.kb.cert.org/vuls/id/684664

 -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 09 May 2007 17:34:02 +1000

libpng (1.2.15~beta5-1) unstable; urgency=low

  * Applied legacy_symbols.patch.
  * Changed shlibs dependecy versions to ">= 1.2.13-4".
  * libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
    pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
    povray-3.5 (<= 3.5.0c-10).

 -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 20 Dec 2006 10:24:18 +1100

libpng (1.2.15~beta5-0) unstable; urgency=high

  * New upstream release.
    - Fixed asm API functions not exported on amd64. Closes: #401044.
    - Fixed "libpng hangs when saving profile". Closes: #401423.
  * Fixed "Incorrect shlibs information". Closes: #401465.
  * Removed patches for png.h and pngconf.h.
  * Updated debian/watch.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 03 Dec 2006 14:47:41 +1100

libpng (1.2.13-4) unstable; urgency=low

  * Removed drop_pass_width patch. Closes: #399499.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Tue, 21 Nov 2006 19:07:43 +1100

libpng (1.2.13-3) unstable; urgency=low

  * libpng12-dev: removed the conflict with libpng3-dev.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 19 Nov 2006 16:36:02 +1100

libpng (1.2.13-2) unstable; urgency=low

  * Put back binary package libpng3.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 19 Nov 2006 15:32:39 +1100

libpng (1.2.13-1) unstable; urgency=low

  * Fixed conflict with the new libpng package. Closes: #399296.
  * Fixed png.5 man page formatting. Closes: #353061.
    Patch by Kevin Ryde <user42@zip.com.au>.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 19 Nov 2006 13:55:17 +1100

libpng (1.2.13-0) unstable; urgency=high

  * New upstream release.
  * CVE-2006-5793: Fixed a new security issue regarding malformed
    sPLT chunks. Closes: #398706.
  * Transitional package libpng3 is not shipped anymore.
    Closes: #369104.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 19 Nov 2006 09:02:09 +1100

libpng (1.2.12-0) unstable; urgency=high

  * New upstream release. Closes: #366070.
  * CVE-2006-3334: Fixed Buffer overflow in the png_decompress_chunk
    function in pngrutil.c in libpng before 1.2.12 allows
    context-dependent attackers to cause a denial of service and
    possibly execute arbitrary code via unspecified vectors related
    to "chunk error processing," possibly involving the "chunk_name".
    Closes: #397892.
  * Removed debian/x86_patches/pnggccrd-PIC.patch as it's merged
    upstream.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 09 Nov 2006 19:25:08 +1100

libpng (1.2.8rel-7) unstable; urgency=low

  * New maintainer. Closes: #393109.
  * ACK NMUs. Closes: #378463, #377298, #356252.
  * debian/control:
    - set Standards-Version to 3.7.2.
    - set Priority to extra for libpng12-0-udeb.
    - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
      dependency lists.
  * Added debian/watch file.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Mon, 16 Oct 2006 17:34:58 +1000

libpng (1.2.8rel-6) unstable; urgency=low

  * Orphaning package.

 -- Josselin Mouette <joss@debian.org>  Sun, 15 Oct 2006 03:22:24 +0200

libpng (1.2.8rel-5.2) unstable; urgency=low

  * Non-maintainer upload.
  * Backport changes from 1.2.12 to fix a buffer overflow in
    png_decompress_chunk; patch by Alec Berryman. [CVE-2006-3334]
    (Closes: #377298)

 -- Steinar H. Gunderson <sesse@debian.org>  Sun, 16 Jul 2006 16:27:56 +0200

libpng (1.2.8rel-5.1) unstable; urgency=low

  * Non Maintainer Upload (closes: #356252).
  * Add support for udeb dependency resolution in shlibs file.
  * Update debhelper compatibility to level 5.

 -- Frans Pop <fjp@debian.org>  Thu, 30 Mar 2006 11:46:39 +0200

libpng (1.2.8rel-5) unstable; urgency=low

  * drop_pass_width.patch: don't export png_pass_width, it's absolutely
    unnecessary.
  * libpng12-0.shlibs: downgrade the shlibs accordingly
    (closes: #331383).

 -- Josselin Mouette <joss@debian.org>  Mon,  3 Oct 2005 20:18:43 +0200

libpng (1.2.8rel-4) unstable; urgency=low

  * makefile.patch:
    + Use PNG_PRIVATE to get the list of private symbols as well. It
      sucks, but they've been there for too long (closes: #329886).
    + Use mawk instead of awk (closes: #329812).
  * control: build-depend on mawk.
  * rules:
    + Use -O2, not -O3.
    + Actually run the tests.
    + Make use of x86_patches/ on x86 architectures.
  * x86_patches/mmxbuild.patch: build MMX routines in pnggccrd.c.
  * x86_patches/pnggccrd-PIC.patch: patch from Christian Aichinger
    to make the assembly routines PIC-compatible.
  * libpng12-0.shlibs: bump the shlibs version.

 -- Josselin Mouette <joss@debian.org>  Sun, 25 Sep 2005 15:25:34 +0200

libpng (1.2.8rel-3) unstable; urgency=low

  * Upload to unstable.
  * Rename the source package to libpng.

 -- Josselin Mouette <joss@debian.org>  Thu, 22 Sep 2005 18:24:37 +0200

libpng3 (1.2.8rel-2) experimental; urgency=low

  * makefile.patch:
    + now patch makefile.elf, so that only public symbols are truly
      exported.
    + shorten the differences as much as possible.
  * rules: use makefile.elf now.
  * Move libpng3 to oldlibs.
  * Entirely remove libpng3-dev, making libpng12-dev provide it
    (closes: #322051).
  * poynton.patch: correct Charles Poynton's address (closes: #289437).
  * Don't run the test when cross-building (closes: #285427).
  * setjmp_error.patch: don't stop when we are not using _BSD_SOURCE, as
    in this case this is harmless (closes: #299343).
  * libpng3.postinst: removed, the fix is in sarge.
  * Standards-version is 3.6.2.
  * legacy_symbols.patch: still export png_read_destroy and
    png_write_destroy, which are deprecated but should nevertheless be
    accessible.

 -- Josselin Mouette <joss@debian.org>  Tue, 13 Sep 2005 02:07:16 +0200

libpng3 (1.2.8rel-1) unstable; urgency=medium

  * New upstream release.
  * read_transformations.patch: removed, included upstream.
  * libpng12-0.shlibs: Update to version 1.2.8rel, new flags seem to have been
    added.

 -- Josselin Mouette <joss@debian.org>  Sat,  4 Dec 2004 15:54:53 +0100

libpng3 (1.2.8beta5-2) unstable; urgency=medium

  * read_transformations.patch: fix segmentation fault with latex
    (closes: #281789) and totem (closes: #278618).

 -- Josselin Mouette <joss@debian.org>  Thu, 25 Nov 2004 16:49:28 +0100

libpng3 (1.2.8beta5-1) unstable; urgency=medium

  * New upstream release.
    + Correct segmentation violation in png_combine_row.
      Closes: #278526, #278917, #278921, #279258, #281789, #282368.

 -- Josselin Mouette <joss@debian.org>  Wed, 24 Nov 2004 13:53:49 +0100

libpng3 (1.2.7-1) unstable; urgency=medium

  * New upstream release (closes: #278308).
  * libpng12-0.shlibs: update shlibs to version 1.2.7.
  * Remove all security fixed, they are included upstream.

 -- Josselin Mouette <joss@debian.org>  Tue, 26 Oct 2004 13:40:25 +0200

libpng3 (1.2.5.0-9) unstable; urgency=high

  * CAN-2004-0954.patch: removed, this is already fixed in
    CAN-2004-0597_0598_0599.patch.

 -- Josselin Mouette <joss@debian.org>  Tue, 19 Oct 2004 10:52:28 +0200

libpng3 (1.2.5.0-8) unstable; urgency=high

  * Switch to CDBS.
    + Ship modifications and security fixes in debian/patches.
    + debian/rules: rewritten.
    + debian/control: build-depend on cdbs.
    + debian/libpng12-0.shlibs: new.
  * setjmp_error.patch: port explanation of the error when including setjmp.h
    from libpng10, thanks Matijs van Zuijlen <Matijs.van.Zuijlen@xs4all.nl>
    (closes: #273473).
  * CAN-2004-0954.patch: fix buffer overflow vulnerability in
    png_handle_tRNS().
  * CAN-2004-0955.patch: fix integer arithmetic overflow vulnerability in
    png_read_png().

 -- Josselin Mouette <joss@debian.org>  Thu, 14 Oct 2004 20:06:08 +0200

libpng3 (1.2.5.0-7) unstable; urgency=high

  * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
    buffer offsets [CAN-2004-0768].
  * png.h, pngpread.c, pngrutil.c: patch from Chris Evans
    <chris@scary.beasts.org> to fix several vulnerabilities (closes: #263500):
    + libpng fails to properly check length on PNG data [CAN-2004-0597].
    + libpng "png_handle_sBIT" does not perform proper checks to avoid stack
      buffer overflow [CAN-2004-0597].
    + libpng "png_handle_iCCP" possible NULL-pointer crash
      [CAN-2004-0598].
    + libpng "png_handle_sPLT" possible integer overflow
      [CAN-2004-0599].
    + libpng "png_read_png" does not properly handle a PNG with excessive
      height (integer overflow) [CAN-2004-0599].
    + libpng progressive reading integer overflow [CAN-2004-0599].

 -- Josselin Mouette <joss@debian.org>  Thu,  5 Aug 2004 12:37:32 +0200

libpng3 (1.2.5.0-6) unstable; urgency=high

  * pngerror.c: applied patch by Steve Grubb <linux_4ever@yahoo.com> to
    fix unintended memory access that could result in a crash of the
    application linking against libpng [CAN-2004-0421].

 -- Josselin Mouette <joss@debian.org>  Tue, 20 Apr 2004 13:39:02 +0200

libpng3 (1.2.5.0-5) unstable; urgency=low

  * Use debhelper 4.2, which generates the udeb appropriately.
  * Update control and rules appropriately.
  * Don't use ${shlibs:Depends} for the udeb, rather write the
    dependencies by hand.
  * Standards-version is 3.6.1.

 -- Josselin Mouette <joss@debian.org>  Fri, 20 Feb 2004 19:23:05 +0100

libpng3 (1.2.5.0-4) unstable; urgency=low

  * scripts/makefile.linux: use versioned dependencies
    (closes: #155891).
  * debian/rules: bump dependency for dh_makeshlibs.
  * add the libpng.a link in libpng12-dev.
  * Rework scripts/makefile.linux to make it more consistent.
  * Update stuff in debian/ accordingly.
  * Updated README.Debian.

 -- Josselin Mouette <joss@debian.org>  Tue, 10 Jun 2003 18:14:32 +0200

libpng3 (1.2.5.0-3) unstable; urgency=low

  * Make libpng3{,-dev} depend on libpng12-{0,dev} >= 1.2.5.0-2 instead
    of the strict source version.
  * Move /usr/share/doc/libpng3{,-dev} into symlinks at postinst time
    when directories already exist.
  * debian/rules: install correctly doc-base stuff.
  * debian/libpng12-dev.doc-base: updated URIs.

 -- Josselin Mouette <joss@debian.org>  Tue,  6 May 2003 19:44:59 +0200

libpng3 (1.2.5.0-2) unstable; urgency=low

  * scripts/{makefile.linux,libpng-config-body.in}: correct the
    libpng12-config script.
  * Install correctly pkg-config stuff (closes: #191081).
  * Make libpng12-dev conflict explicitly with libpng12-0-dev.
  * Update README.Debian.

 -- Josselin Mouette <joss@debian.org>  Mon, 28 Apr 2003 19:42:15 +0200

libpng3 (1.2.5.0-1) unstable; urgency=low

  * New maintainer.
  * Use real upstream tarball from 1.2.5 release.
  * Use dpkg-source's way instead of dpatch for patching.
  * A bit of rework in debian/rules, use dh_install and debhelper 4.
  * Standards-version is 3.5.9.
  * The -dev package is now named libpng12-dev (stop using the
    libpkg-guide way).
  * libpng3 is now arch-independent.
  * Improved descriptions a bit.
  * Don't supply libpngpf.3, it is not useful to programmers.

 -- Josselin Mouette <joss@debian.org>  Wed, 16 Apr 2003 18:41:02 +0200

libpng3 (1.2.5-11) unstable; urgency=low

  * Add udeb (closes: #174842)
  * Add missing section on source files.

 -- Junichi Uekawa <dancer@debian.org>  Mon, 31 Mar 2003 00:28:06 +0900

libpng3 (1.2.5-10) unstable; urgency=low

  * Rebuild with d-shlibs with fixed "libgcc_s1-dev" handling (for gcc-3.2).
  (closes: #178070), build-depend on d-shlibs 0.10 or greater.

 -- Junichi Uekawa <dancer@debian.org>  Fri, 24 Jan 2003 12:23:35 +0900

libpng3 (1.2.5-9) unstable; urgency=low

  * Use dpatch for patch system -- divide Debian patch, and security fix patch.
  * Standards-Version: 3.5.8
  * add manual page libpng-config.1 and libpng12-config.1

 -- Junichi Uekawa <dancer@debian.org>  Wed, 15 Jan 2003 17:55:17 +0900

libpng3 (1.2.5-8) unstable; urgency=low

  * Sorry folks, I made a mistake.
  * Forward-port of patch from the Security Team,
  really apply what was there. (closes: #172868,#172871)

 -- Junichi Uekawa <dancer@debian.org>  Fri, 13 Dec 2002 16:12:01 +0900

libpng3 (1.2.5-7) unstable; urgency=high

  * Forward-port of patch from the Security Team
  * Applied patch to pngrtran.c by Glenn Randers-Pehrson
    <glennrp@comcast.net> to fix a buffer overrun.

 -- Junichi Uekawa <dancer@debian.org>  Thu, 12 Dec 2002 20:36:28 +0900

libpng3 (1.2.5-6) unstable; urgency=low

  * Typo in scripts/makefile.linux.
  Mistake. -lz and -lm weren't happening.
  * Change LDFLAGS to not list -lz -lm, so that testsuite will catch such error.
  * set prefix=/usr/ in scripts/makefile.linux, since it was set to usr/local.

 -- Junichi Uekawa <dancer@debian.org>  Wed, 30 Oct 2002 20:54:54 +0900

libpng3 (1.2.5-5) unstable; urgency=low

  * scripts/makefile.linux: LIBADDFLAGS introduced, for shared library lib additional
  flags, and use that for shared library.
  - this should fix build failure (closes: #166704)
  Thanks Daniel Schepler <schepler@math.berkeley.edu> for reporting.
  * updated copyright file to note that libpng3 in Debian is patched to
  link with -lz -lm.

 -- Junichi Uekawa <dancer@debian.org>  Mon, 28 Oct 2002 12:25:57 +0900

libpng3 (1.2.5-4) unstable; urgency=low

  * Trying to fix the problem that libpng3 seems to be not linked against libz.
  LDFLAGS was defined but not being used.
  Thanks Mike Furr <mfurr@debian.org> for reporting (closes: #166489)

 -- Junichi Uekawa <dancer@debian.org>  Sun, 27 Oct 2002 16:07:54 +0900

libpng3 (1.2.5-3) unstable; urgency=low

  * Fixed description, I mixed up the -devel and non-devel
  packages.
  * updated README.Debian.

 -- Junichi Uekawa <dancer@debian.org>  Thu, 24 Oct 2002 18:56:34 +0900

libpng3 (1.2.5-2) unstable; urgency=low

  * careless mistake :(
  * reinstall libpng.so symlink in libpng-12-0-dev package.
  Otherwise other packages won't build ...

 -- Junichi Uekawa <dancer@debian.org>  Wed, 23 Oct 2002 16:46:23 +0900

libpng3 (1.2.5-1) unstable; urgency=low

  * New upstream version (closes: #163425)
  * re-patched makefile.linux to work with system zlib,
    added workaround to set CFLAGS, and remove rpath settings from LDFLAGS
  * Use debhelper.
  * No longer create /usr/doc symlinks.
  * Standards-Version: 3.5.7

 -- Junichi Uekawa <dancer@debian.org>  Tue, 22 Oct 2002 21:05:33 +0900

libpng3 (1.2.1-5) unstable; urgency=low

  * Not yet released.
  * Change priority from standard to optional.

 -- Junichi Uekawa <dancer@debian.org>  Sun, 15 Sep 2002 15:39:12 +0900

libpng3 (1.2.1-4) unstable; urgency=low

  * change -dev dependency of libc6-dev to libc-dev

 -- Junichi Uekawa <dancer@debian.org>  Fri, 13 Sep 2002 18:40:53 +0900

libpng3 (1.2.1-3) unstable; urgency=low

  * Security fix backported from 1.2.4. Check bounds of variables.
  (closes: #155403)

 -- Junichi Uekawa <dancer@debian.org>  Wed,  7 Aug 2002 17:30:32 +0900

libpng3 (1.2.1-2) unstable; urgency=low

  * New maintainer (closes: #151343)
  * apply buffer overflow patch for interlaced png files (closes: #150595)
  * update description for libpng3-dev.
  * change libpng-dev to libpng3-dev

 -- Junichi Uekawa <dancer@debian.org>  Thu, 25 Jul 2002 16:28:24 +0900

libpng3 (1.2.1-1.1) unstable; urgency=low

  * NMU
  * Provides: libpng2-dev has been changed to Provides: libpng3-dev
    libpng2-dev can be put back in when some kind of sane transition has
    finished.
    (closes: #128384, #128871, #129268, #129269)

 -- Junichi Uekawa <dancer@debian.org>  Tue, 12 Feb 2002 02:31:53 +0900

libpng3 (1.2.1-1) unstable; urgency=low

  * New upstream version; closes: #125679.
  * New source package name: libpng3.
  * Renamed libpng<x>-dev to libpng-dev to avoid having to maintain several
    development packages (the -dev is source compatible).
  * Moved png.5 into the -dev package.
  * Added a Replaces: libpng2 to libpng-dev so that we can steal the png.5
    manpage without fuss.
  * Changed debian/shlibs for libpng3.
  * Compress examples/pngtest.c.

 -- Philippe Troin <phil@fifi.org>  Tue, 18 Dec 2001 20:01:04 -0800

libpng (1.0.12-3) unstable; urgency=low

  * Moved the png.5 manpage to the dev package to allow multiple libpng<n>
    packages installed at the same time.

 -- Philippe Troin <phil@fifi.org>  Tue, 18 Dec 2001 23:58:25 -0800

libpng (1.0.12-2) unstable; urgency=low

  * Changed libpng2-dev's section to devel to resync with override file.
  * Fixed upstream version detection in debian/rules; closes: #105931.

 -- Philippe Troin <phil@fifi.org>  Sun, 29 Jul 2001 11:52:40 -0700

libpng (1.0.12-1) unstable; urgency=low

  * New upstream release; closes: #105354.
  * Bumped dependency information in debian/shlibs to libpng >= 1.0.12
    since there were some non-backwards compatible changes to the API.
  * Added support for DEB_BUILD_OPTIONS and get-orig-source to debian/rules.
  * Added call to ldconfig on postrm's remove.
  * Removed INSTALL file from /usr/share/doc/libpng2.
  * Bumped standards version to 3.5.5.0.

 -- Philippe Troin <phil@fifi.org>  Tue, 17 Jul 2001 23:32:36 -0700

libpng (1.0.11-1) unstable; urgency=low

  * New upstream release.

 -- Philippe Troin <phil@fifi.org>  Wed,  2 May 2001 20:43:51 -0700

libpng (1.0.10-2) unstable; urgency=low

  * Force recompile because of bad sparc package.
  * Libpng2's priority changed to standard to comply with the override file.

 -- Philippe Troin <phil@fifi.org>  Tue, 24 Apr 2001 11:49:31 -0700

libpng (1.0.10-1) unstable; urgency=low

  * New upstream release.
  * Changed shlib to depend on libpng2 (>= 2.0.10) because of
    non-backwards compatible changes.

 -- Philippe Troin <phil@fifi.org>  Sun, 22 Apr 2001 22:48:30 -0700

libpng (1.0.8-1) unstable; urgency=low

  * Changed the doc-base type from 'test' to 'text'; closes: #59877.
  * New upstream relase 1.0.8; closes: #70464.
  * Updated copyright notice.
  * Removed Y2kINFO from the doc directory.
  * Added pngtest.c in examples; closes: #65229.
  * Updated to standards version 3.2.1.0.
  * Added build-depends line in control file; closes: #69291.

 -- Philippe Troin <phil@fifi.org>  Mon, 11 Sep 2000 23:19:12 -0700

libpng (1.0.5-1) frozen unstable; urgency=low

  * Maintainer upload (closes: #48244, #48246).
  * Added some extra explanations for the setjmp.h mess (closes: #56759),
    see pngconf.h for details.

 -- Philippe Troin <phil@fifi.org>  Mon, 28 Feb 2000 13:53:22 -0800

libpng (1.0.5-0.1) unstable; urgency=low

  * Non-maintainer release.
  * New upstream release. (closes:Bug#48244).
  * Remove versioned depend from shlibs (closes:Bug#48246).

 -- Joel Klecker <espy@debian.org>  Sat, 30 Oct 1999 08:12:53 -0700

libpng (1.0.3-1) unstable; urgency=low

  * New upstream version (1.0.3); Closes: #31870, #46333.
  * Maintainer upload, closes NMU bugs; Closes: #28412, #31523, #31690.
  * FHS compliant.
  * New standard-version 3.0.1.
  * Lintian clean.
  * Removed temporary zlib1g line in control file (used to be a bug in
    zlib1g).
  * Moved the documentation file to the -dev package.
  * Register documentation file to doc-base.
  * Fontified man pages with addformat script; Closes #38680.

 -- Philippe Troin <phil@fifi.org>  Mon,  4 Oct 1999 18:59:42 -0700

libpng (1.0.2b-0.1) frozen unstable; urgency=low

  * New upstream (bug-fix only) version.
    (Should fix bugs #31690&#28412, since I can't reproduce them)
    From the author:
    "I have recently uploaded libpng-1.0.2b to
    ftp://swrinde.nde.swri.edu/pub/png-group/src
    I plan to release it as libpng-1.0.3 in a
    few days, but would like to hear whether it
    fixes the problems with GNOME.
    It restores a few lines of code that were
    inadvertently deleted from pngread.c, which
    seems to be the cause of problems with adding
    an alpha channel (which you fixed by downgrading
    to libpng-1.0.1's pngread.c)."
      [Glenn Randers-Pehrson <glennrp@netgsi.com>]
  * Masquerade version number to 1.0.3 to make Imlib & Co. happy.

 -- Vincent Renardias <vincent@waw.com>  Mon, 11 Jan 1999 06:27:55 +0100

libpng (1.0.2-1.1) frozen unstable; urgency=low

  * Fix Important bug #28412
    (using pngread.c from libpng-1.0.1 did the trick).

 -- Vincent Renardias <vincent@waw.com>  Wed,  6 Jan 1999 19:00:15 +0100

libpng (1.0.2-1) unstable; urgency=low

  * Maintainer release (to change a bit).
  * Pristine sources.
  * Libpng2-dev includes example.c (fixes bug #10315).
  * Changed control file to reflect difference with libpng0g (fixes #23795).
  * Recompiled (should fix the zlib1g missing symbol, bug #24450).
  * Added -D_REENTRANT also to static library.
  * Added a dependency upon zlib1g >= 1.1.2 (otherwise we get a missing
    symbol) (fixes bug #24450).

 -- Philippe Troin <phil@fifi.org>  Tue, 22 Sep 1998 00:17:16 -0700

libpng (1.0.2-0.1) unstable; urgency=low

  * Non-maintainer release
  * New upstream version

 -- Karl M. Hegbloom <karlheg@debian.org>  Tue,  4 Aug 1998 23:47:00 -0700

libpng (1.0.1-0.2) unstable; urgency=medium

  * debian/rules (binary-arch): don't call install with -s as an
    argument when installing a shared library; it doesn't know to use
    --strip-unneeded, and we call strip separately later anyway.
  * scripts/makefile.lnx (CFLAGS): killed i386-isms.
  * scripts/makefile.lnx: compiled shared libraries with -D_REENTRANT.
    (The above fixes are from James Troup, who yet again, alerted me to
     my screwups ;)
  * debian/postinst: only call ldconfig if $1 = configure.

 -- Joel Klecker <jk@espy.org>  Wed, 17 Jun 1998 10:25:27 -0700

libpng (1.0.1-0.1) unstable; urgency=low

  * New upstream bug fix release.
  * Include man pages.

 -- Joel Klecker <jk@espy.org>  Wed, 06 May 1998 08:51:49 -0700

libpng (1.0.0-0.1) unstable; urgency=low

  * Non-maintainer Release.
  * New Upstream Release.
  * Changed source package name to `libpng'.
  * Added `-f makefile.lnx' to make invocations in debian/rules.
  * Removed `ldconfig' call from postrm.

 -- Joel Klecker <jk@espy.org>  Tue, 4 Mar 1998 17:58:05 -0800

libpng0 (0.96-5) unstable; urgency=low

  * Removed executable permissions on shared libs (fixes bug #15478).
  * Updated Standards-Version to 2.3.0.1.

 -- Philippe Troin <phil@fifi.org>  Sun, 25 Jan 1998 13:19:51 -0800

libpng0 (0.96-4) unstable; urgency=low

  * Shared libraries are stripped with --strip-unneeded and static
    libraries with --strip-debug (fixes bug #15669).
  * Made the build strip non-i386 specific (patch by James Troup) (fixes
    bug #13832).
  * Removed the dependency between the libc5 and libc6 versions.

 -- Philippe Troin <phil@fifi.org>  Sun, 18 Jan 1998 22:37:19 -0800

libpng0 (0.96-3) unstable; urgency=low

  * Libc6 compilation.

 -- Philippe Troin <phil@fifi.org>  Tue, 23 Sep 1997 21:38:42 -0700

libpng0 (0.96-2) unstable; urgency=low

  * Fixed permissions in /usr/doc/libpng0 (fixes bug #10540).

 -- Philippe Troin <phil@fifi.org>  Sun, 15 Jun 1997 13:18:38 -0700

libpng0 (0.96-1) unstable; urgency=low

  * New upstream sources.

 -- Philippe Troin <phil@fifi.org>  Thu, 12 Jun 1997 23:32:29 -0700

libpng0 (0.95b-1) unstable; urgency=low

  * New maintainer.
  * Upgraded to upstream version 0.95b.
  * Make debian/rules version independent.
  * Debian/rules clean now removes substvars.
  * Bumped the shlibs version to 0.95 as some incompatibilities were
    introduced between 0.89 and 0.90.
  * Added the Section: and Priority: fields to the control file (fixes bug
    #6370).
  * Now /usr/doc/libpng0 contains various info and the debian change log
    stuff (fixes bug #7925).
  * Added -D_REENTRANT compilation flag.

 -- Philippe Troin <phil@fifi.org>  Fri, 18 Apr 1997 14:44:09 -0700

libpng (0.89c-6) unstable; urgency=low

  * Moved shlibs file to correct location

 -- Michael Alan Dorman <mdorman@debian.org>  Sun, 15 Dec 1996 13:03:19 -0500

libpng (0.89c-5) unstable; urgency=low

  * Added shlibs file

 -- Michael Alan Dorman <mdorman@debian.org>  Sat, 23 Nov 1996 16:23:06 -0500

libpng (0.89c-4) unstable; urgency=low

  * Now stripping shared libraries (Bug#5134)

 -- Michael Alan Dorman <mdorman@debian.org>  Sat, 23 Nov 1996 12:05:06 -0500

libpng (0.89c-3) unstable; urgency=low

  * Corrected maintainers address

 -- Michael Alan Dorman <mdorman@debian.org>  Mon, 23 Sep 1996 12:52:03 -0400

libpng (0.89c-2) unstable; urgency=low

  * Accommodate the fact that dpkg-source doesn't properly preserve
    permissions on scripts when extracting package. (Bug#4513)

 -- Michael Alan Dorman <mdorman@calder.med.miami.edu>  Mon, 23 Sep 1996 12:34:35 -0400

libpng (0.89c-1) unstable; urgency=low

  * New upstream version.
  * Moved to new source packaging format.

 -- Michael Alan Dorman <mdorman@calder.med.miami.edu>  Thu, 12 Sep 1996 15:19:35 -0400