File: changelog

package info (click to toggle)
mupdf 1.17.0%2Bds1-2
links: PTS, VCS
area: main
in suites: bullseye
size: 64,012 kB
sloc: ansic: 322,239; java: 3,042; javascript: 1,243; python: 775; xml: 498; makefile: 438; sh: 312; awk: 6; sed: 5; lisp: 3
file content (476 lines) | stat: -rw-r--r-- 17,564 bytes
mupdf (1.17.0+ds1-2) unstable; urgency=medium

  * Fix buffer overrun in tiff decoder (CVE-2020-19609) (Closes: #991401)
  * Stay within hash table max key size in cached color converter
    (CVE-2021-37220) (Closes: #991402)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Fri, 23 Jul 2021 17:09:37 +0900

mupdf (1.17.0+ds1-1.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix double free of object during linearization (CVE-2021-3407)
    (Closes: #983684)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 28 Feb 2021 13:40:40 +0100

mupdf (1.17.0+ds1-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix installation location of pkgconfig file.
    The libmupdf-dev.install file was not marked executable and thus could
    not correclty use dh-exec to substitute ${DEB_HOST_MULTIARCH} for the
    target path. (Closes: #976022)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 28 Nov 2020 14:59:08 +0100

mupdf (1.17.0+ds1-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Detect/avoid overflow when calculating sizes of pixmaps (CVE-2020-26519)
    (Closes: #971595)

 -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 03 Nov 2020 21:09:06 +0100

mupdf (1.17.0+ds1-1) unstable; urgency=medium

  [ Bastian Germann ]
  * Use system mujs (Closes: #949636)
  * Patch: Prevent thirdparty archive build
  * Exclude all thirdparty files
  * Remove thirdparty files
  * Build-Depend on python3 (Closes: #937093)
  * d/copyright: Prepare for 1.17
  * Refresh patches for 1.17.0

  [ Kan-Ru Chen ]
  * New upstream version 1.17.0+ds1
  * Bump standards-version to 4.5.0
  * Refresh patches

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Thu, 06 Aug 2020 21:48:09 +0900

mupdf (1.16.1+ds1-2) unstable; urgency=medium

  [ Kan-Ru Chen ]
  * Backport fix for upstream bug 701402 allow smart scroll to advance to last page
    (Closes: #953561)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 15 Mar 2020 17:27:43 +0900

mupdf (1.16.1+ds1-1) unstable; urgency=medium

  [ Kan-Ru Chen ]
  * New upstream version 1.16.1+ds1
    Thanks to Bastian Germann (Closes: #944625)
  * Bump debhelper compat to 12
  * Refresh patches
  * Build mupdf without executable stack.
    Thanks to Christopher Wellons (Closes: #944817)

  [ Bastian Germann ]
  * Don't remove non-existing thirdparty/glfw
  * Rebase patch queue
  * Build-depend on liblcms2-dev
  * Add manpages from build, not src
  * Fix lintian: pkg-config-unavailable-for-cross-compilation
  * Fix lintian: debian-watch-uses-insecure-uri
  * Fix lintian: wildcard-matches-nothing-in-dep5-copyright
  * Fix lintian: manpage-without-executable
  * Fix lintian: wildcard-matches-nothing-in-dep5-copyright
  * d/copyright: Match more font files
  * d/copyright: Add missing files
  * Build-Conflict with libssl (no license exception) (Closes: #951705)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 23 Feb 2020 21:54:53 +0900

mupdf (1.15.0+ds1-1) unstable; urgency=medium

  * New upstream version 1.15.0+ds1
  * debian/watch: Use stricter rule that only matches stable releases
  * debian/rules: NO_ICC was renamed to FZ_ENABLE_ICC=0
  * Fix pkg-config linked library (Closes: #930212)
  * mupdf.sh: exec the actual mupdf from the shell script.
    Thanks to Mike <lxc797@gmail.com> for the patch (Closes: #921607)
  * Fix a heap-based buffer overflow in fz_append_display_node
    (CVE-2019-13290) (Closes: #931475)
  * Fix a infinite loop in the function svg_dev_end_tile
    (CVE-2018-19777) (Closes: #915137)
  * Add build dependency libssl-dev

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 07 Jul 2019 22:30:07 +0900

mupdf (1.14.0+ds1-4) unstable; urgency=medium

  [ Salvatore Bonaccorso ]
  * Avoid being smart about keeping only a single reference to the buffer
    (CVE-2018-16647)   
    (Closes: #924351)
  * Fix text used as clip mask in pdfwrite device (CVE-2018-16648)
    (Closes: #924351)
  * Fix typo in pdf write device

  [ Kan-Ru Chen ]
  * Add more options to mupdf wrapper and display usage correctly

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sat, 16 Mar 2019 09:42:00 +0900

mupdf (1.14.0+ds1-3) unstable; urgency=high

  * d/patches: import upstream fixes for various bugs.
    Fixes CVE-2018-18662, CVE-2019-6131, CVE-2019-6130
    (Closes: #912013, #918970, #918971)
  * d/control: Bump Standards-Version to 4.3.0, no changes required
  * Fix FTCBFS
    + Supply a cross LD for wrapping fonts.
    + Supply PKG_CONFIG to all make targets.
    Thanks to Helmut Grohne for the patch (Closes: #913515)
  * Regenerate cmaps from source.
    Thanks to Helmut Grohne for the suggestion
  * d/patches/0007-typographical-and-formatting-fixes-to-the-manual.patch:
    typographical and formatting fixes to the manual.
    Thanks to Bjarni Ingi Gislason for the patch

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sat, 19 Jan 2019 12:01:19 +0900

mupdf (1.14.0+ds1-2) unstable; urgency=medium

  * Fix FTBFS on mips64el
    Disabled objcopy to avoid linking error.
  * Bump Standards-Version to 4.2.1
    Supports noopt and terse in DEB_BUILD_OPTIONS.

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 04 Nov 2018 09:13:26 +0900

mupdf (1.14.0+ds1-1) unstable; urgency=medium

  * New upstream version 1.14.0+ds1
    - Fixes CVE-2018-1000036 (Closes: #900129, upstream bug 699695)
  * d/patches: fresh patches
  * d/rules: adjust to work with updated upstream Makefile
  * d/rules: Set CC_FOR_BUILD (Closes: #903319)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 28 Oct 2018 14:48:12 +0900

mupdf (1.13.0+ds1-3) unstable; urgency=medium

  * debian/patches: import upstream patch for CVE-2018-10289 (Closes: 896545)
  * More FTCBFS patches.
    Thanks to Helmut Grohne for the patches. (Closes: 903319)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Mon, 03 Sep 2018 09:10:50 +0900

mupdf (1.13.0+ds1-2) unstable; urgency=medium

  * Use dh_auto_build/dh_auto_install --parallel.
    Thanks to Helmut Grohne for the patch (Closes: #902968)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 08 Jul 2018 15:17:02 +0900

mupdf (1.13.0+ds1-1) unstable; urgency=medium

  * New upstream version 1.13.0+ds1
    - Fixes CVE-2018-5686 (Closes: #887130)
    - Fixes CVE-2018-6187 (Closes: #888464)
    - Fixes CVE-2018-6192 (Closes: #888487)
  * debian/control: Migrate vcs to salsa.debian.org
  * debian/patches: Refresh patches
  * debian/rules: Build with Debian CFLAGS and enable PIC libmupdf.a
    (Closes: #841403)
  * debian/rules: use Debian flavor build options (Closes: #877067)
  * debian/mupdf.sh: Do not read from a file descriptor
    (Closes: #893115, #893862)
  * debian/mupdf.desktop: Fixes and add ePub and XPS to supported mimetype.
    Thanks to Pino Toscano, Hartmut Buhrmester (Closes: #877082)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Mon, 30 Apr 2018 11:17:25 +0900

mupdf (1.12.0+ds1-1) unstable; urgency=high

  * New upstream version 1.12.0+ds1
    - Fixes CVE-2017-17866 (Closes: #885120)
    - Closes: #877062
  * Exclude thirdparty/{freeglut,lcms2} from upstream source
  * Refresh patches
  * Add freeglut3-dev build-dep
  * d/mupdf.docs: Include droid fonts NOTICE file
  * d/patches: Fix CVE-2018-6544 / CVE-2018-1000051 (Closes: #891245)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Wed, 14 Mar 2018 21:26:44 +0900

mupdf (1.11+ds1-2) unstable; urgency=high

  * Acknowledge NMU. Thanks, Salvatore.
  * Renumber patches
  * Fixes CVE-2017-15587 (Closes: 879055)
  * Sort files in static library to make the build reproducible.
  * Bump Standards-Version to 4.1.1. No changes needed.

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Thu, 26 Oct 2017 22:28:43 +0800

mupdf (1.11+ds1-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Don't use xps font if it could not be loaded (CVE-2017-14685)
    (Closes: #877379)
  * Check name, comment and meta size field signs (CVE-2017-14686)
    (Closes: #877379)
  * Handle non-tags in tag name comparisons (CVE-2017-14687) (Closes: #877379)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 08 Oct 2017 10:37:23 +0200

mupdf (1.11+ds1-1) unstable; urgency=medium

  * New upstream version 1.11+ds1
    (Closes: #702479, #868821, #868822, #868052)
  * Refresh patches
  * debian/copyright: thirdparty/jpeg renamed to thirdparty/libjpeg
  * Bump Standards-Version to 4.1.0. No changes needed.
  * debian/copyright: Update copyright information for font resources
  * debian/mupdf.sh: handle double-dash shell opts (Closes: #851942)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 24 Sep 2017 14:56:00 +0800

mupdf (1.9a+ds1-4) unstable; urgency=high

  * Fix patch for CVE-2017-5991: The original patch was incomplete.
    (Closes: #855383)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sat, 18 Feb 2017 00:43:12 +0800

mupdf (1.9a+ds1-3) unstable; urgency=high

  * CVE-2017-5896: use-after-free in fz_subsample_pixmap()  (Closes: #854734)
  * CVE-2017-5991: NULL pointer dereference in pdf_run_xobject()

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Thu, 16 Feb 2017 23:43:55 +0800

mupdf (1.9a+ds1-2) unstable; urgency=medium

  * Acknowledge NMU.
  * CVE-2016-8674: heap-use-after-free in pdf_to_num (pdf-object.c)
    (Closes: #840957)
  * Set debhelper compact to 9

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Tue, 15 Nov 2016 00:07:55 +0800

mupdf (1.9a+ds1-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2016-6525: heap overflow in pdf_load_mesh_params() (Closes: #833417)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 06 Aug 2016 13:44:07 +0200

mupdf (1.9a+ds1-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2016-6265: Use after free vulnerability in pdf_xref.c
    (Closes: #832031)

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 01 Aug 2016 14:17:20 +0200

mupdf (1.9a+ds1-1) unstable; urgency=medium

  * New upstream release (Closes: #819101)
  * Add glfw and harfbuzz third party libraries to Files-Excluded
  * Building now requires libharfbuzz-dev
  * Drop patches included in upstream release
  * Disable mupdf to read from console. (Closes: #830143)
  * The mudraw command is merged to mutool
  * Update debian/watch to reflect new download page structure
  * Fix typo in debian/control
  * Use --uscan with gbp import-orig by default
  * Support more options in the wrapper (Closes: #819099)
  * Bump Standards-Version to 3.9.8, no changes needed

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Thu, 07 Jul 2016 01:58:00 +0800

mupdf (1.7a-1) unstable; urgency=high

  * New Upstream version 1.7a
  * debian/rules: Fix FTBFS with new libjbig2. (Closes: #796420)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Fri, 18 Sep 2015 23:14:20 +0800

mupdf (1.7-1) unstable; urgency=medium

  * New Upstream version 1.7
    + Added missing section in mutool man page. (Closes: #775427)
    + Set _NET_WM_NAME properly. (Closes: #780019)
    + Support continuously scrolling. (Closes: #611221)
    + "mutool clean" now has correct exit status. (Closes: #781746)
  * Refresh patches
  * Remove generated file in clean target
  * debian/control: Add that MuPDF also reads XPS, OpenXPS and ePub.
  * debian/watch: Use repacksuffix and dversionmangle
  * Move mupdf-x11 out of /usr/bin.
    Thanks to Mathieu Malaterre for the patch (Closes: #752207)
  * debian/patches/0008-Bigger-scaling.patch: Add more scale level.
    Thanks to Thomas Prokosch for the patch (Closes: #769282)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Thu, 07 May 2015 00:03:39 +0800

mupdf (1.6-1) unstable; urgency=medium

  * New upstream release. (Closes: #767391)
  * Refresh patches.
  * debian/copyright: New files source/fitz/{ftoa.c,strtod.c}

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sat, 01 Nov 2014 19:28:58 +0800

mupdf (1.5-1) unstable; urgency=medium

  * New upstream release. (Closes: #761960)
  * Use git-buildpackage to maintain the package repository
  * Unapply patches from source after build
  * Use MUJS to provide JS functionality (Closes: #760480, #745247)
  * Build against openjpeg 2.1 (Closes: #745246, #761955)
  * Fix build with libopenjp2.
  * Fix -Werror=format-security error
  * debian/copyright: Add Files-Excluded header
  * debian/copyright: Update short license name
  * Fix unsafe conversion from float to fz_linecap (Closes: #749902)
  * Enable verbose build log
  * Fix FTBFS with clang.
    Thanks to Alexander (Closes: #755741)
  * Document mudraw -F command line switch in man page (Closes: #750724)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sat, 20 Sep 2014 23:18:10 +0800

mupdf (1.4-2) unstable; urgency=medium

  * Disable JavaScript support on powerpc, s390x and sparc. (Closes: #747131)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Mon, 19 May 2014 00:11:11 +0800

mupdf (1.4-1) unstable; urgency=medium

  [ Quoc-Viet Nguyen ]
  * New upstream release.
  * Fix compiling with libopenjpeg5. (Closes: #743103, #735878)

  [ Kan-Ru Chen (陳侃如) ]
  * Update debian/copyright.
  * Enable JavaScript support with v8. (Closes: #743414)
  * Won't crash when pdf file changes. (Closes: #699686)
  * Add mupdf.sh so it could be used with compressed pdf-files. Thanks
    Jörg-Volker Peetz! (Closes: #734183)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 20 Apr 2014 01:49:29 +0800

mupdf (1.3-2) unstable; urgency=medium

  * Fix CVE-2014-2013: Stack-based Buffer Overflow in
    xps_parse_color(). (Closes: #738857)
  * Add description of key P to mupdf(1). (Closes: #736125)
  * Add description of BROWSER env to mupdf(1). (Closes: #699684)
  * Bump Standards-Version to 3.9.5, no changes needed

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Sun, 09 Mar 2014 23:41:55 +0800

mupdf (1.3-1) unstable; urgency=low

  * New upstream release. (Closes: #719281, #686806, #667971)
  * Remove fix_compiling_1.2.patch
  * Disable JPEG2000 support if compiled with libopenjpeg2
  * Fix header mismatch with libjpeg-dev. (Closes: #717201)

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Mon, 25 Nov 2013 01:38:45 +0800

mupdf (1.2-2) unstable; urgency=low

  * Upload to unstable
  * Fix build with openjpeg 1.3.
  * debian/control: Update mupdf-tools long description.

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Thu, 20 Jun 2013 22:59:39 +0800

mupdf (1.2-1) experimental; urgency=low

  [ Quoc-Viet Nguyen ]
  * New upstream release: 1.2. (Closes: #690983)
    - Changed MuPDF license to AGPL.
    - Increased openjpeg version dependency to 1.5.
    - New binary `mutool' now includes most mupdf tools. (Closes: #656267).
  * Use debian/watch from Bart Martens.

  [ Kan-Ru Chen (陳侃如) ]
  * Add Quoc-Viet Nguyen as co-maintainer. Congratulations!
  * Bump Standards-Version to 3.9.4, no changes needed
  * debian/copyright: Updated.
  * Provides: pdf-viewer. (Closes: #682450)
  * Enable CPPFLAGS hardening flags. Thanks Simon Ruderich (Closes: #665315)
  * debian/rules: Remove generated files at clean target.
  * Fix mudraw.1 formatting.

 -- Kan-Ru Chen (陳侃如) <koster@debian.org>  Thu, 20 Jun 2013 01:43:14 +0800

mupdf (0.9-2) unstable; urgency=low

  * Enable harden flags.
  * debian/copyright: Updated.
  * Bump Standards-Version to 3.9.2, no changes needed
  * debian/patches/bug621894.patch: Fix text copying with
    selection. (Closes: #621894)
  * debian/patches/bug646350.patch: Fix FTBFS with
    -Werror=format-security. (Closes: #646350)

 -- Kan-Ru Chen <koster@debian.org>  Sat, 17 Dec 2011 22:25:35 +0800

mupdf (0.9-1) unstable; urgency=low

  * New upstream release. (Closes: #641169)
  * debian/patches/mupdf_update_manpages.patch: Merged upstream.
  * debian/libmupdf-dev.install: Install more library and headers.

 -- Kan-Ru Chen <koster@debian.org>  Sun, 11 Sep 2011 12:08:18 +0800

mupdf (0.8.15-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/mupdf_fix_build.patch,
    debian/patches/mupdf_install_manpages_default.patch,
    debian/patches/mupdf_move_manpages_to_upstream.patch,
    debian/patches/mupdf_remove_extra_usage.patch: Merged upstream.
  * debian/watch: Upstream now uses google code hosting.

 -- Kan-Ru Chen <koster@debian.org>  Tue, 05 Apr 2011 20:03:33 +0800

mupdf (0.8-1) unstable; urgency=low

  * New upstream release. (Closes: #604746)
  * debian/patches/mupdf_move_manpages_to_upstream.patch,
    debian/patches/mupdf_update_manpages.patch: Sync with upstream.
    Remove debug purpose keybinding from manpage. (Closes: #597337)
  * Add NoDisplay=true to mupdf.desktop as the application is not
    intended for standalone use but a viewer. (Closes: #602293)
  * debian/mupdf.menu: Removed as well.
  * debian/patches/mupdf_remove_extra_usage.patch: New patch, remove
    redundant usage string from output.
  * Add non-standard DEB_BUILD_OPTIONS x-fpic support. (Closes: #617253)

 -- Kan-Ru Chen <koster@debian.org>  Wed, 09 Mar 2011 11:23:12 +0800

mupdf (0.7-2) unstable; urgency=low

  * Fix FTBFS on hurd-i386, kfreebsd-amd64, kfreebsd-i386

 -- Kan-Ru Chen <koster@debian.org>  Wed, 15 Sep 2010 17:15:47 +0800

mupdf (0.7-1) unstable; urgency=low

  * New upstream release
    (Closes: #590263, #590264, #590245)
  * Update manpages to reflect keybinding change
  * Patch build system to accept additional CFLAGS.
  * Add mupdf-tools to Suggests of mupdf. (Closes: #593446)
  * Update watch file
  * Bump Standards-Version to 3.9.1, no changes needed

 -- Kan-Ru Chen <koster@debian.org>  Wed, 15 Sep 2010 02:27:06 +0800

mupdf (0.6-1) unstable; urgency=low

  * Initial release. (Closes: #559906)

 -- Kan-Ru Chen <koster@debian.org>  Thu, 22 Jul 2010 08:23:00 +0800