File: changelog

package info (click to toggle)
tiff 4.0.8-2+deb9u4
  • links: PTS
  • area: main
  • in suites: stretch
  • size: 13,776 kB
  • sloc: ansic: 65,317; sh: 4,556; makefile: 833; cpp: 793
file content (1230 lines) | stat: -rw-r--r-- 44,348 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
tiff (4.0.8-2+deb9u4) stretch-security; urgency=medium

  * CVE-2018-5784 (Closes: #890441)
  * CVE-2018-7456 (Closes: #891288)
  * CVE-2018-8905 (Closes: #893806)
  * CVE-2018-10963 (Closes: #898348)
  * CVE-2018-17101 (Closes: #909037)
  * CVE-2018-18557 (Closes: #911635)
  * CVE-2017-11613 (Closes: #869823)
  * CVE-2017-17095 (Closes: #883320)
    (deb9u3 is unreleased, broken interim)

 -- Moritz Mühlenhoff <jmm@debian.org>  Thu, 29 Nov 2018 20:45:11 +0100

tiff (4.0.8-2+deb9u2) stretch-security; urgency=high

  * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
    (closes: #868513).
  * Fix CVE-2017-12944: OOM prevention in TIFFReadDirEntryArray()
    (closes: #872607).
  * Fix CVE-2017-13726: reachable assertion abort in TIFFWriteDirectorySec()
    (closes: #873880).
  * Fix CVE-2017-13727: reachable assertion abort in
    TIFFWriteDirectoryTagSubifd() (closes: #873879).
  * Fix CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory()
    (closes: #885985).
  * Fix CVE-2017-9935: heap-based buffer overflow in the t2p_write_pdf()
    function (closes: #866109).

 -- Moritz Mühlenhoff <jmm@debian.org>  Sat, 30 Dec 2017 20:13:06 +0000

tiff (4.0.8-2+deb9u1) stretch-security; urgency=high

  * Backport security fixes:
    - CVE-2017-9936, memory leak in error code path of JBIGDecode()
      (closes: #866113),
    - prevent out of memory in gtTileContig() on corrupted files,
    - CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX()
      (closes: #866611).
  * Add required _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbol to the
    libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 02 Jul 2017 08:36:06 +0000

tiff (4.0.8-2) unstable; urgency=high

  * Backport security fixes:
    - TIFFYCbCrToRGBInit(): stricter clamping to avoid int32 overflow in
      TIFFYCbCrtoRGB(),
    - initYCbCrConversion(): stricter validation for refBlackWhite
      coefficients values - to avoid invalid float->int32 conversion,
    - CVE-2016-10095 and CVE-2017-9147: add _TIFFCheckFieldIsValidForCodec()
      and use it in TIFFReadDirectory() (closes: #850316, #863185).
  * Add required _TIFFCheckFieldIsValidForCodec@LIBTIFF_4.0 symbol to the
    libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Thu, 01 Jun 2017 17:56:08 +0000

tiff (4.0.8-1) unstable; urgency=high

  * New upstream release of merged security fixes.
  * Add required TIFFReadRGBAStripExt@LIBTIFF_4.0 and
    TIFFReadRGBATileExt@LIBTIFF_4.0 symbols to the libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Wed, 24 May 2017 19:49:04 +0000

tiff (4.0.7-7) unstable; urgency=high

  * Backport security fix for CVE-2016-10371 (closes: #862929).
  * Backport security fix for CVE-2015-7554 (closes: #809066, #842043).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 20 May 2017 16:35:43 +0000

tiff (4.0.7-6) unstable; urgency=high

  * Backport security fixes:
    - CVE-2017-7595, divide-by-zero in JPEGSetupEncode (closes: #860003),
    - CVE-2017-7596, CVE-2017-7597, CVE-2017-7598,CVE-2017-7599 CVE-2017-7600,
      CVE-2017-7601 and CVE-2017-7602, multiple UBSAN crashes,
    - CVE-2017-7592, left-shift undefined behavior issue in putagreytile
      (closes: #859998),
    - CVE-2017-7593, unitialized-memory access from tif_rawdata
      (closes: #860000),
    - CVE-2017-7594, leak in OJPEGReadHeaderInfoSecTablesAcTable
      (closes: #860001).
  * Add required _TIFFcalloc@LIBTIFF_4.0 symbol to the libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Fri, 14 Apr 2017 07:21:47 +0000

tiff (4.0.7-5) unstable; urgency=high

  * Fix CVE-2017-5225: heap buffer overflow via a crafted BitsPerSample value
    (closes: #851297).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 15 Jan 2017 16:49:05 +0000

tiff (4.0.7-4) unstable; urgency=high

  * Fix CVE-2016-10094: heap-based overflow in t2p_readwrite_pdf_image_tile().

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 01 Jan 2017 19:03:49 +0000

tiff (4.0.7-3) unstable; urgency=medium

  * Backport upstream fix of TIFFFaxTabEnt structure.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Tue, 13 Dec 2016 19:02:25 +0000

tiff (4.0.7-2) unstable; urgency=high

  * Backport security fixes:
    - fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer
      division by zero,
    - avoid uint32 underflow in cpDecodedStrips that can cause various
      issues, such as buffer overflows in the library,
    - fix heap-based buffer overflow on generation of PixarLog / LUV
      compressed files, with ColorMap, TransferFunction attached and nasty
      plays with bitspersample,
    - fix ChopUpSingleUncompressedStrip() in reading outside of the
      StripByCounts/StripOffsets arrays when using TIFFReadScanline()
      (closes: #846837),
    - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode() to
      avoid a divide by zero, and potential other issues,
    - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the
      output buffer is correctly incremented to avoid write outside bounds,
    - add 3 extra bytes at end of strip buffer in
      readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
      buffer,
    - fix integer division by zero when BitsPerSample is missing
      (closes: #846838),
    - fix null pointer dereference in -r mode when the image has no
      StripByteCount tag,
    - avoid potential division by zero if BitsPerSamples tag is missing,
    - limit the return number of inks to SamplesPerPixel in
      TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) , so that code that parses ink
      names doesn't go past the end of the buffer,
    - avoid another potential division by zero if BitsPerSamples tag is
      missing,
    - fix uint32 underflow/overflow that can cause heap-based buffer overflow,
    - replace assert( (bps % 8) == 0 ) by a non assert check.
  * Remove thumbnail and rgb2ycbcr documentations, these tools no longer
    present.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 04 Dec 2016 12:24:44 +0000

tiff (4.0.7-1) unstable; urgency=high

  * New upstream release.
  * Fixes the following vulnerabilities:
    - CVE-2015-7313, OOM when parsing crafted tiff files (closes: #800124),
    - CVE-2016-3622, denial of service (divide-by-zero error) via
      the fpAcc function in tif_predict.c (closes: #820365),
    - CVE-2016-3945, multiple integer overflows in the tiff2rgba tool,
    - CVE-2016-3990, write buffer overflow in PixarLogEncode,
    - CVE-2016-3991 and CVE-2016-5322, heap-based buffer overflow in the
      loadImage function,
    - CVE-2016-9273, heap-buffer-overflow in cpStrips (closes: #844013),
    - CVE-2016-9297, segfault in _TIFFPrintField() (closes: #844226),
    - CVE-2016-9448, in TIFFFetchNormalTag(), do not dereference NULL pointer
      (regression of CVE-2016-9297),
    - heap buffer overflow via writeBufferToSeparateStrips() in tiffcrop.
  * Remove backported vulnerability fixes, this release contains those.
  * Update libtiff5 symbols.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 19 Nov 2016 18:05:24 +0000

tiff (4.0.6-3) unstable; urgency=high

  * Fix architecture independent only build (closes: #806118).
  * Fix CVE-2015-8668 , CVE-2016-3619 , CVE-2016-3620 (closes: #820363),
    CVE-2016-3621 (closes: #820364) and CVE-2016-5319 with removing bmp2tiff
    (closes: #820364).
  * Fix CVE-2016-3186 and CVE-2016-5102 with removing gif2tiff.
  * Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
    CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
  * Backport upstream fix for CVE-2016-3623 and CVE-2016-3624 .
  * Backport upstream fix for CVE-2016-5652 (closes: #842361).
  * Backport upstream fix for CVE-2016-3658 .
  * Removed vulnerable, unsupported tools (closes: #827484, #842046).
  * Comment out Vcs fields for now.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 31 Oct 2016 15:56:56 +0000

tiff (4.0.6-2) unstable; urgency=high

  * Backport fix for the following vulnerabilities:
    - CVE-2016-5314, PixarLogDecode() heap-based buffer overflow
      (closes: #830700),
    - CVE-2016-5316, PixarLogCleanup() Segmentation fault,
    - CVE-2016-5320, rgb2ycbcr: command excution,
    - CVE-2016-5875, heap-based buffer overflow when using the PixarLog
      compression format,
    - CVE-2016-6223, information leak in libtiff/tif_read.c ,
    - CVE-2016-5321, DumpModeDecode(): Ddos,
    - CVE-2016-5323, tiffcrop _TIFFFax3fillruns(): NULL pointer dereference.
  * Be primary maintainer and keep Ondřej as uploader.
  * Update Standards-Version to 3.9.8 .

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 16 Jul 2016 11:45:21 +0000

tiff (4.0.6-1) unstable; urgency=high

  * New upstream release.
  * Backport upstream fixes for:
    - CVE-2015-8665 an out-of-bound read in TIFFRGBAImage interface,
    - CVE-2015-8683 an out-of-bounds read in CIE Lab image format.
  * Backport fix for potential out-of-bound writes in decode.
  * Backport fix for potential out-of-bound write in NeXTDecode().

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Thu, 31 Dec 2015 16:22:24 +0100

tiff (4.0.5-1) unstable; urgency=medium

  * Update László Böszörményi to Laszlo Boszormenyi (GCS)
  * Add Vcs URLs to debian/control
  * Imported Upstream version 4.0.5
  * Remove all patches - they have been merged upstream
  * Convert the package to pure debhelper and remove some legacy stuff

 -- Ondřej Surý <ondrej@debian.org>  Tue, 01 Sep 2015 13:10:55 +0200

tiff (4.0.3-13) unstable; urgency=medium

  * Thanks Jay for maintaining tiff for so long
  * Add me as a new maintainer, and add László Böszörményi to Uploaders
  * Cleanup debian a bit:
   - Run wrap-and-sortize -a)
   - Update d/copyright to Copyright Format 1.0
   - Remove files related to libtiff4->libtiff5 transition
  * Add C++ symbols file for libtiffxx5

 -- Ondřej Surý <ondrej@debian.org>  Tue, 05 May 2015 08:37:59 +0200

tiff (4.0.3-12.3) unstable; urgency=medium

  * Add another (final) patch for CVE-2014-8128 (Bug #2499). Thanks to
    Petr Gajdos

 -- Moritz Muehlenhoff <jmm@debian.org>  Mon, 23 Mar 2015 18:26:40 +0100

tiff (4.0.3-12.2) unstable; urgency=medium

  * Add another patch for CVE-2014-8128 (Bug #2501)

 -- Moritz Muehlenhoff <jmm@debian.org>  Fri, 13 Mar 2015 23:54:02 +0100

tiff (4.0.3-12.1) unstable; urgency=medium

  * NMU as discussed with Ondrej, the future adopter of tiff
  * Fix multiple security issues, exact details will be recorded in the
    Debian security tracker

 -- Moritz Muehlenhoff <jmm@debian.org>  Sat, 21 Feb 2015 13:06:08 +0100

tiff (4.0.3-12) unstable; urgency=high

  * Fix integer overflow in bmp2tiff. CVE-2014-9330. (Closes: #773987)

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 30 Dec 2014 11:32:04 -0500

tiff (4.0.3-11) unstable; urgency=medium

  * Don't crash on JPEG => non-JPEG conversion (Closes: #741451)
  * Thanks Tomasz Buchert <tomasz.buchert@inria.fr> for preparing the fix!

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 23 Dec 2014 15:51:40 -0500

tiff (4.0.3-10) unstable; urgency=medium

  * Remove libtiff4-dev, completing the tiff transition. Packages that
    still declare build dependencies on libtiff4-dev must now build depend
    on libtiff-dev instead, or if a versioned dependency is required,
    libtiff5-dev with a specific version.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 29 Jun 2014 17:32:18 -0400

tiff (4.0.3-9) unstable; urgency=medium

  * Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat. (Closes:
    #742917)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 21 Jun 2014 18:12:40 -0400

tiff (4.0.3-8) unstable; urgency=medium

  * Remove libtiff5-alt-dev transitional package now that no one is
    build-depending on it anymore.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 01 Mar 2014 09:36:51 -0500

tiff (4.0.3-7) unstable; urgency=medium

  * Use dh-autoreconf to support new architectures in Ubuntu.

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 23 Dec 2013 09:58:47 -0500

tiff (4.0.3-6) unstable; urgency=low

  * Update standards to 3.9.5.  No changes required.
  * libtiff4 -> libtiff5 transition.  libtiff5-dev now provides
    libtiff-dev.  libtiff5-alt-dev and libtiff4-dev are transitional
    packages that depend on libtiff5-dev.  They will both be removed
    before jessie.

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 04 Dec 2013 14:36:36 -0500

tiff (4.0.3-5) unstable; urgency=low

  * Replace shlibs file with symbols file
  * Update standards to 3.9.4

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 15 Sep 2013 08:31:41 -0400

tiff (4.0.3-4) unstable; urgency=low

  * Complete Multi-Arch conversion for dev packages.  (Closes: #689085)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 24 Aug 2013 11:50:20 -0400

tiff (4.0.3-3) unstable; urgency=high

  * Incorporated fixes to security issues CVE-2013-4244.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 24 Aug 2013 11:20:00 -0400

tiff (4.0.3-2) unstable; urgency=high

  * Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
    (Closes: #719303)

 -- Jay Berkenbilt <qjb@debian.org>  Thu, 22 Aug 2013 11:52:58 -0400

tiff (4.0.3-1) unstable; urgency=low

  * Acknowledge/incorporate NMU.  Thanks!
  * New upstream version.  Patches incorporated:
     CVE-2012-3401.patch
     CVE-2012-4447.patch
  * Add build dependency on autotools-dev to help porters.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 23 Jun 2013 10:39:04 -0400

tiff (4.0.2-6+nmu1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
    (closes: #706675).
  * Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
    (closes: #706674).

 -- Michael Gilbert <mgilbert@debian.org>  Mon, 17 Jun 2013 01:27:17 +0000

tiff (4.0.2-6) unstable; urgency=high

  * Fix /usr/share/doc symlink to directory transition.  When upgrading
    from very old versions (pre 3.8.2-8), /usr/share/doc may contain
    symbolic links that should be removed.  (Closes: #687645)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 26 Jan 2013 12:28:19 -0500

tiff (4.0.2-5) unstable; urgency=high

  * Add fix for CVE-2012-4564, a heap-buffer overflow.  Thanks Adrian La
    Duca for doing all the work to prepare this upload.  (Closes: #692345)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 17 Nov 2012 12:40:25 -0500

tiff (4.0.2-4) unstable; urgency=high

  * Previous change was uploaded with the wrong CVE number.  I updated the
    last changelog entry.  The correct CVE number is CVE-2012-4447.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 05 Oct 2012 17:33:44 -0400

tiff (4.0.2-3) unstable; urgency=high

  * Add fix for CVE-2012-4447, a buffer overrun.  (Closes: #688944)

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 05 Oct 2012 17:04:38 -0400

tiff (4.0.2-2) unstable; urgency=high

  * SECURITY UPDATE: possible arbitrary code execution via heap overflow
    in tiff2pdf.  (Closes: #682115)
    - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
      tools/tiff2pdf.c.
    - CVE-2012-3401
    Changes prepared by Marc Deslauriers for Ubuntu.  Thanks!

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 21 Jul 2012 21:27:34 -0400

tiff (4.0.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 24 Jun 2012 13:45:42 -0400

tiff (4.0.1-8) unstable; urgency=low

  * Call glFlush() in tiffgt to fix display problems.  From
    https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/797166.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 16 Jun 2012 21:20:04 -0400

tiff (4.0.1-7) unstable; urgency=low

  * Add new temporary package libtiff5-alt-dev, which provides libtiff5
    development files in a location that doesn't conflict with
    libtiff4-dev.  See README.Debian for details.

 -- Jay Berkenbilt <qjb@debian.org>  Thu, 24 May 2012 15:24:36 -0400

tiff (4.0.1-6) unstable; urgency=low

  * Include pkg-config files

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 13 May 2012 12:53:38 -0400

tiff (4.0.1-5) unstable; urgency=low

  * Fix shlibs again.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 22 Apr 2012 11:41:44 -0400

tiff (4.0.1-4) unstable; urgency=low

  * Use >= instead of > in shlibs file.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 22 Apr 2012 10:57:02 -0400

tiff (4.0.1-3) unstable; urgency=low

  * Support JBIG now that patents have expired. (Closes: #667835)
  * Support LZMA.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 14 Apr 2012 19:03:04 -0400

tiff (4.0.1-2) unstable; urgency=high

  * Incorporated fix to CVE-2012-1173, a problem in the parsing of the
    TileSize entry, which could result in the execution of arbitrary code
    if a malformed image is opened.
  * Updated standards to 3.9.3

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Apr 2012 10:10:48 -0400

tiff (4.0.1-1) unstable; urgency=low

  * New upstream release
  * Point watch file to new download location

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 20 Feb 2012 09:43:54 -0500

tiff (4.0.0-2) experimental; urgency=low

  * Rename libtiff-dev -> libtiff5-dev to avoid premature transition for
    packages that explicitly depend on libtiff-dev.  At some future time,
    libtiff5-dev will provide or be renamed back to libtiff-dev.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 04 Feb 2012 09:41:19 -0500

tiff (4.0.0-1) experimental; urgency=low

  * New upstream release
  * Enable versioned symbols

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 28 Jan 2012 10:56:23 -0500

tiff (4.0.0~beta7-2) experimental; urgency=low

  * Incorporated changes from 3.9.5-2: security hardening and multiarch

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 17 Sep 2011 10:28:53 -0400

tiff (4.0.0~beta7-1) experimental; urgency=low

  * New upstream release including many security fixes and other
    improvements
  * Updated changelog with changes from 3.x series.
  * Updated standards version to 3.9.2.  No changes required.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 16 Apr 2011 13:45:33 -0400

tiff (4.0.0~beta6-3) experimental; urgency=low

  * Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
    putcontig8bitYCbCr11tile", from 3.9.4-4.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Oct 2010 13:31:41 -0400

tiff (4.0.0~beta6-2) experimental; urgency=low

  * Incorporate changes from 3.9.4-{2,3} including updating standards
    version to 3.9.1 along with associated fixes.  (CVE-2010-2233 was
    already fixed in this version.)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 14 Aug 2010 16:36:44 -0400

tiff (4.0.0~beta6-1) experimental; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 18 Jun 2010 21:42:57 -0400

tiff (4.0.0~beta5-2) experimental; urgency=low

  * Depend on libjpeg-dev instead of libjpeg62-dev.
  * Change source format to '3.0 (quilt)'
  * Update standards version to 3.8.4.  No changes required.

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 10 Feb 2010 19:36:43 -0500

tiff (4.0.0~beta5-1) experimental; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Nov 2009 22:58:07 -0500

tiff (4.0.0~beta4-1) experimental; urgency=low

  * New upstream release.  All debian patches incorporated among many
    other fixes and enhancements.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 11:30:09 -0400

tiff (4.0.0~beta3-2) experimental; urgency=low

  * Fixed previously incorrect patch to lzw problem.

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 24 Aug 2009 14:45:10 -0400

tiff (4.0.0~beta3-1) experimental; urgency=low

  * New upstream release.  This version is not binary compatible with the
    3.x series, nor is it entirely source compatible, but most
    applications should port easily.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 21 Aug 2009 13:39:37 -0400

tiff (3.9.5-2) unstable; urgency=low

  * Implemented mulitarch and and PIE build for security hardening by
    integrating the changes from the Ubuntu tiff packages.  Thanks to Marc
    Deslauriers and anyone else who did the actual work.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 17 Sep 2011 10:15:39 -0400

tiff (3.9.5-1) unstable; urgency=low

  * New upstream release.  All security patches are fully incorporated
    into this version, as are many other bug fixes.
  * Updated standards version to 3.9.2.  No changes needed.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 16 Apr 2011 13:15:51 -0400

tiff (3.9.4-9) unstable; urgency=high

  * CVE-2011-1167: correct potential buffer overflow with thunder encoded
    files with wrong bitspersample set.  (Closes: #619614)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Apr 2011 10:59:38 -0400

tiff (3.9.4-8) unstable; urgency=low

  * Enable PIE (position independent executable) build for security
    hardening.  Patch from Ubuntu.  (Closes: #613759)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 19 Mar 2011 10:22:32 -0400

tiff (3.9.4-7) unstable; urgency=high

  * Incorporate revised fix to CVE-2011-0192.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 13 Mar 2011 14:33:38 -0400

tiff (3.9.4-6) unstable; urgency=high

  * Incorporated fix to CVE-2011-0192, "Buffer overflow in Fax4Decode".

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 26 Feb 2011 18:44:23 -0500

tiff (3.9.4-5) unstable; urgency=high

  * Incorporated fix to CVE-2010-3087, a potential denial of service
    exploitable with a specially crafted TIFF file.  (Closes: #600188)

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Oct 2010 16:44:08 -0400

tiff (3.9.4-4) unstable; urgency=high

  * Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
    putcontig8bitYCbCr11tile".  (Closes: #595064)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Oct 2010 13:17:12 -0400

tiff (3.9.4-3) unstable; urgency=low

  * Updated control file to remove obsolete Conflicts/Replaces for ancient
    packages.
  * Empty dependency_libs in all .la files as part of the .la file.  This
    also resolves the problem of having hard-coded paths in the .la file.
    (Closes: #509016)
  * Updated standards version to 3.9.1.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 14 Aug 2010 16:28:49 -0400

tiff (3.9.4-2) unstable; urgency=high

  * Incorporated patch to fix CVE-2010-2233, which fixes a specific
    failure of tif_getimage on 64-bit platforms.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 13 Aug 2010 20:16:29 -0400

tiff (3.9.4-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 18 Jun 2010 21:28:11 -0400

tiff (3.9.2-3) unstable; urgency=low

  * Depend on libjpeg-dev instead of libjpeg62-dev.  (Closes: #569242)
  * Change source format to '3.0 (quilt)'
  * Update standards version to 3.8.4.  No changes required.

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 10 Feb 2010 19:20:20 -0500

tiff (3.9.2-2) unstable; urgency=low

  * Include patch from upstream to fix problems with TIFFReadScanline()
    and ycbcr-encoded JPEG images.  (Closes: #510792)
  * Fix some manual page spelling errors found by lintian.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 10 Jan 2010 10:56:32 -0500

tiff (3.9.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Nov 2009 22:52:06 -0500

tiff (3.9.1-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 15:44:23 -0400

tiff (3.9.0-2) unstable; urgency=low

  * Fix critical bug that could cause corrupt files to be written in some
    cases.  (Closes: #543079)

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 13:38:03 -0400

tiff (3.9.0-1) unstable; urgency=low

  * New upstream release.  All previous security patches have been
    integrated.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 21 Aug 2009 11:40:49 -0400

tiff (3.9.0beta+deb1-1) experimental; urgency=low

  * New upstream release (binary compatible with 3.8.2) -- release based
    on 3.9 branch from upstream CVS; see README.Debian for details.
    (Closes: #537118)
  * Updated standards to 3.8.3; no changes required.
  * Stopped using tarball in tarball packaging.  (Closes: #538565)

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 19 Aug 2009 20:33:10 -0400

tiff (3.8.2-13) unstable; urgency=high

  * Apply patches to fix CVE-2009-2347, which covers two integer overflow
    conditions.
  * LZW patch from last update addressed CVE-2009-2285.  Renamed the patch
    to make this clearer.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 12 Jul 2009 18:03:33 -0400

tiff (3.8.2-12) unstable; urgency=low

  * Apply patch to fix crash in lzw decoder that can be caused by certain
    invalid image files.  (Closes: #534137)
  * No longer ignore errors in preinst
  * Fixed new lintian warnings; updated standards version to 3.8.2.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 28 Jun 2009 13:17:44 -0400

tiff (3.8.2-11) unstable; urgency=high

  * Apply security patches (CVE-2008-2327)
  * Convert patch system to quilt
  * Create README.source
  * Set standards version to 3.8.0

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 13:16:37 -0400

tiff (3.8.2-10+lenny1) testing-security; urgency=high

  * Apply patches from Drew Yao of Apple Product Security to fix
    CVE-2008-2327, a potential buffer underflow in the LZW decoder
    (tif_lzw.c).

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 11:56:01 -0400

tiff (3.8.2-10) unstable; urgency=low

  * Fix segmentation fault on subsequent parts of a file with an invalid
    directory tag.  (Closes: #475489)

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 09 Jun 2008 11:02:53 -0400

tiff (3.8.2-9) unstable; urgency=low

  * Backported tiff2pdf from 4.0.0 beta 2.  This fixes many tiff2pdf bugs,
    though unfortunately none of the ones opened in the debian bug
    database!
  * Added upstream homepage to debian control file.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 07 Jun 2008 22:52:27 -0400

tiff (3.8.2-8) unstable; urgency=low

  * Accepted tmpfile patch tiff2pdf to fix bug that has been fixed
    upstream since upstream release appears stalled.  Thanks Jesse Long.
    (Closes: #419773)
  * Update standards version to 3.7.3; no changes required.
  * ${Source-Version} -> ${binary:Version} in control
  * Split documentation into separate libtiff-doc package.  (Closes:
    #472189)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 22 Mar 2008 12:30:38 -0400

tiff (3.8.2-7+etch1) stable-security; urgency=high

  * Apply patches from Drew Yao of Apple Product Security to fix
    CVE-2008-2327, a potential buffer underflow in the LZW decoder
    (tif_lzw.c).

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 11:56:01 -0400

tiff (3.8.2-7) unstable; urgency=high

  * Replace empty directories in /usr/share/doc with links during package
    upgrade.  (Closes: #404631)

 -- Jay Berkenbilt <qjb@debian.org>  Tue,  2 Jan 2007 15:50:50 -0500

tiff (3.8.2-6) unstable; urgency=high

  * Add watch file
  * Tavis Ormandy of the Google Security Team discovered several problems
    in the TIFF library.  The Common Vulnerabilities and Exposures project
    identifies the following issues:
     - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
       tif_dirread.c
     - CVE-2006-3460: A heap overflow vulnerability was discovered in the
       jpeg decoder
     - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
     - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
       overflow
     - CVE-2006-3463: An infinite loop was discovered in
       EstimateStripByteCounts()
     - CVE-2006-3464: Multiple unchecked arithmetic operations were
       uncovered, including a number of the range checking operations
       deisgned to ensure the offsets specified in tiff directories are
       legitimate.
     - A number of codepaths were uncovered where assertions did not hold
       true, resulting in the client application calling abort()
     - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
       support

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 31 Jul 2006 18:14:59 -0400

tiff (3.8.2-5) unstable; urgency=low

  * Fix logic error that caused -q flag to be ignored when doing jpeg
    compression with tiff2pdf.  (Closes: #373102)

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 19 Jun 2006 18:55:38 -0400

tiff (3.8.2-4) unstable; urgency=high

  * SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
    Thanks to Martin Pitt.  (Closes: #371064)
  * Add debian/patches/tiff2pdf-octal-printf.patch:
    - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
      signed char (it printed a signed integer, which overflew the buffer and
      was wrong anyway).
    - CVE-2006-2193

 -- Jay Berkenbilt <qjb@debian.org>  Wed,  7 Jun 2006 17:52:12 -0400

tiff (3.8.2-3) unstable; urgency=high

  * SECURITY UPDATE: Arbitrary command execution with crafted long file
    names.  Thanks to Martin Pitt for forwarding this.
    Add debian/patches/tiffsplit-fname-overflow.patch:
    - tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
      user-specified file name into a statically sized buffer.
    CVE-2006-2656.  (Closes: #369819)
  * Update standards version to 3.7.2.  No changes required.
  * Moved doc-base information to libtiff4 instead of libtiff4-dev.

 -- Jay Berkenbilt <qjb@debian.org>  Thu,  1 Jun 2006 21:24:21 -0400

tiff (3.8.2-2) unstable; urgency=low

  * Fix build dependencies to get OpenGL utility libraries after new Xorg
    packaging.  (Closes: #365722)
  * Updated standards version to 3.7.0; no changes required to package.

 -- Jay Berkenbilt <qjb@debian.org>  Tue,  2 May 2006 10:10:45 -0400

tiff (3.8.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 28 Mar 2006 21:42:33 -0500

tiff (3.8.0-3) unstable; urgency=low

  * Switched build dependency from xlibmesa-gl-dev to libgl1-mesa-dev
    (incorporating Ubunutu patch)
  * Incorporated patch from upstream to fix handling of RGBA tiffs in
    tiff2pdf.  (Closes: #352849)

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 26 Feb 2006 13:21:17 -0500

tiff (3.8.0-2) unstable; urgency=low

  * Applied fixes from upstream to address a memory access violation
    [CVE-2006-0405].  (Closes: #350715, #351223)

 -- Jay Berkenbilt <qjb@debian.org>  Fri,  3 Feb 2006 21:48:39 -0500

tiff (3.8.0-1) unstable; urgency=low

  * New upstream release.  (Closes: #349921)
  * NOTE: The debian version of 3.8.0 includes a patch to correct a binary
    incompatibility in the original 3.8.0 release.  This libtiff package
    is binary compatible with 3.7.4 and will be binary compatible with the
    upcoming 3.8.1 release.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 27 Jan 2006 21:38:58 -0500

tiff (3.7.4-1) unstable; urgency=low

  * New upstream release
  * Fix typos in manual page (Closes: #327921, #327922, #327923, #327924)

 -- Jay Berkenbilt <qjb@debian.org>  Fri,  7 Oct 2005 10:25:49 -0400

tiff (3.7.3-1) unstable; urgency=low

  * New upstream release
  * g++ 4.0 transition: libtiffxx0 is now libtiffxx0c2.

 -- Jay Berkenbilt <qjb@debian.org>  Sat,  9 Jul 2005 12:00:44 -0400

tiff (3.7.2-3) unstable; urgency=high

  * Fix for exploitable segmentation fault on files with bad BitsPerSample
    values.  (Closes: #309739)
    [libtiff/tif_dirread.c, CAN-2005-1544]
    Thanks to Martin Pitt for the report.

 -- Jay Berkenbilt <qjb@debian.org>  Thu, 19 May 2005 05:41:28 -0400

tiff (3.7.2-2) unstable; urgency=high

  * Fix zero pagesize bug with tiff2ps -a2 and tiff2ps -a3.  Thanks to
    Patrice Fournier for the patch.  (Closes: #303583)
  * Note: uploading with urgency=high since this very small fix impacts
    tools only (not the library), and we don't want to block tiff's many
    reverse dependencies from transitioning to sarge.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 10 Apr 2005 10:12:37 -0400

tiff (3.7.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 19 Mar 2005 14:51:06 -0500

tiff (3.7.1-4) unstable; urgency=low

  * Fix from upstream: include a better workaround for tiff files with
    invalid strip byte counts.  (Closes: #183268)

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 22 Feb 2005 19:20:14 -0500

tiff (3.7.1-3) unstable; urgency=low

  * Disable C++ new experimental interfaces for now; will reappear in a
    future version in the separate libtiffxx0 package.

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 29 Jan 2005 13:32:37 -0500

tiff (3.7.1+pre3.7.2-1) experimental; urgency=low

  * New upstream release
  * Separate experimental C++ interface into separate libtiffxx library.

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 29 Jan 2005 13:03:19 -0500

tiff (3.7.1-2) unstable; urgency=low

  * Make -dev package depend upon other -dev packages referenced in the
    .la file created by libtool.  (Closes: #291136)
  * tiff2ps: Allow one of -w and -h without the other.  (Closes: #244247)

 -- Jay Berkenbilt <ejb@ql.org>  Wed, 19 Jan 2005 10:45:00 -0500

tiff (3.7.1-1) unstable; urgency=low

  * New upstream release
  * Correct error in doc-base file (Closes: #285652)

 -- Jay Berkenbilt <ejb@ql.org>  Wed,  5 Jan 2005 16:54:12 -0500

tiff (3.7.0-2) experimental; urgency=low

  * Replace hard-coded libc6-dev dependency with something friendlier to
    porters (libc6-dev | libc-dev).  (Closes: #179727)
  * Fixed upstream: proper netbsdelf*-gnu support in configure.  Actually
    fixed in 3.7.0-1 but left out of changelog.  (Closes: #179728)
  * Include opengl support; adds new libtiff-opengl package. (Closes: #219456)
  * Fixed upstream: fax2ps now allows access to first page. (Closes: #244251)

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 11 Dec 2004 09:51:52 -0500

tiff (3.7.0-1) experimental; urgency=low

  * New upstream release (Closes: #276996)
  * New maintainer (Thanks Joy!)
  * Repackage using cdbs and simple-patchsys to fix some errors and
    simplify patch management
  * Fixed upstream: tiff2pdf ignores -z and -j (Closes: #280682)
  * Fixed upstream: Memory leak in TIFFClientOpen (Closes: #256657)

 -- Jay Berkenbilt <ejb@ql.org>  Fri, 26 Nov 2004 13:50:13 -0500

tiff (3.6.1-5) unstable; urgency=high

  * New maintainer (thanks Joy!)
  * Applied patch by Dmitry V. Levin to fix a segmentation fault
    [tools/tiffdump.c, CAN-2004-1183]
    Thanks to Martin Schulze for forwarding the patch.
  * Fixed section of -dev package (devel -> libdevel)

 -- Jay Berkenbilt <ejb@ql.org>  Wed,  5 Jan 2005 16:27:26 -0500

tiff (3.6.1-4) unstable; urgency=high

  * Fix heap overflow security bug [CAN-2004-1308].  (Closes: #286815)

 -- Jay Berkenbilt <ejb@ql.org>  Wed, 22 Dec 2004 10:20:52 -0500

tiff (3.6.1-3) unstable; urgency=medium

  * Patches from upstream to fix zero-size tile and integer overflow
    problems created by previous security patches, closes: #276783.
  * Added Jay Berkenbilt as co-maintainer. Jay thanks Joy for letting him
    help and eventually take over maintenance of these packages!

 -- Josip Rodin <joy-packages@debian.org>  Mon, 01 Nov 2004 12:28:27 +0100

tiff (3.6.1-2) unstable; urgency=low

  * Included security fixes for:
    + CAN-2004-0803
      - libtiff/tif_luv.c
      - libtiff/tif_next.c
      - libtiff/tif_thunder.c
    + CAN-2004-0804 (but this one is already applied upstream, it seems)
      - libtiff/tif_dirread.c
    + CAN-2004-0886
      - libtiff/tif_aux.c
      - libtiff/tif_compress.c
      - libtiff/tif_dir.c
      - libtiff/tif_dirinfo.c
      - libtiff/tif_dirread.c
      - libtiff/tif_dirwrite.c
      - libtiff/tif_extension.c
      - libtiff/tif_fax3.c
      - libtiff/tiffiop.h
      - libtiff/tif_getimage.c
      - libtiff/tif_luv.c
      - libtiff/tif_pixarlog.c
      - libtiff/tif_strip.c
      - libtiff/tif_tile.c
      - libtiff/tif_write.c
    Thanks to Martin Schulze for forwarding the patches.

 -- Josip Rodin <joy-packages@debian.org>  Thu, 14 Oct 2004 16:13:11 +0200

tiff (3.6.1-1.1) unstable; urgency=medium

  * Non-maintainer upload; thanks to Jay Berkenbilt <ejb@ql.org> for
    preparing the patches
  * Rename shared library and development packages to resolve accidental
    upstream ABI change.  Closes: #236247
  * Include patch from upstream to fix multistrip g3 fax bug.
    Closes: #243405
  * Include LZW support.  Closes: #260242, #248490
  * Fix URL in copyright file.  Closes: #261357
  * Install missing documentation files.  Closes: #261356

 -- Steve Langasek <vorlon@debian.org>  Sun, 25 Jul 2004 10:28:06 -0400

tiff (3.6.1-1) unstable; urgency=low

  * New upstream version, closes: #231977.
  * Slightly fixed up the static lib build rules so that the build process
    does the normal stuff for the dynamic lib and then does the static with
    the same tiffvers.h.

 -- Josip Rodin <joy-packages@debian.org>  Mon, 23 Feb 2004 18:23:34 +0100

tiff (3.5.7-2) unstable; urgency=high

  * Added back the patch that used -src static/libtiff.a in the install
    rule. Wonder how that disappeared... closes: #170914.
  * Fake it's a GNU system in order for the configure script to use our
    toolchain stuff on the NetBSD port, thanks to Joel Baker, closes: #130636.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 10 Dec 2002 17:18:28 +0100

tiff (3.5.7-1) unstable; urgency=low

  * New upstream version, closes: #144940.
  * A whole new set of patches for the breakage in the build system :)

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sun,  6 Oct 2002 22:54:08 +0200

tiff (3.5.5-6) unstable; urgency=low

  * It appears that the general 64-bit detection code, isn't.
    We have to include all of those three conditions, feh.
    This really closes: #106706.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed,  8 Aug 2001 23:09:55 +0200

tiff (3.5.5-5) unstable; urgency=low

  * Changed two Alpha/Mips-isms into general 64-bit detection code,
    patch from John Daily <jdaily@progeny.com>, closes: #106706.
  * Patched man/Makefile.in to generate a manual page file for
    TIFFClientOpen(3t), as a .so link to TIFFOpen(3t), closes: #99577.
  * Used /usr/share/doc in the doc-base file, closes: #74122.
  * Changed libtiff3g-dev's section back to devel, since graphics was,
    according to elmo, "hysterical raisins". :))

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 27 Jul 2001 01:43:04 +0200

tiff (3.5.5-4) unstable; urgency=low

  * Updated config.* files, closes: #94696.
  * Fixed libtiff3g-dev's section, closes: #85533.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed, 20 Jun 2001 18:29:24 +0200

tiff (3.5.5-3) unstable; urgency=low

  * Build shared library on Hurd, too, closes: #72482.
  * Upped Standards-Version to 3.5.0.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sat, 30 Sep 2000 17:42:13 +0200

tiff (3.5.5-2) unstable; urgency=low

  * Make `dynamic shared object' on Linux unconditionally, fixes the problem
    with libc.so.6.1 on alpha, thanks Chris C. Chimelis.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed, 13 Sep 2000 21:44:00 +0200

tiff (3.5.5-1) unstable; urgency=low

  * New upstream version.
  * The upstream build system sucks. There, I said it. Back to work now. :)
  * Added a build dependencies on make (>= 3.77) (closes: #67747) and
    debhelper.
  * Standards-Version: 3.2.1:
    + added DEB_BUILD_OPTIONS checks in debian/rules

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 29 Aug 2000 14:06:02 +0200

tiff (3.5.4-5) frozen unstable; urgency=low

  * Fixed 16-bit/32-bit values bug in fax2ps from libtiff-tools, that
    also breaks printing from hylafax, using provided oneliner patch
    from Bernd Herd (accepted upstream), closes: #49232 and probably #62235.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Mon, 27 Mar 2000 17:12:10 +0200

tiff (3.5.4-4) frozen unstable; urgency=low

  * Weird dpkg-shlibdeps from dpkg 1.6.8-pre has done it again, this time
    with libz.so, making the packages depend on zlib1 (instead of zlib1g).
    Closes: #56134, #56137, #56140, #56155.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 25 Jan 2000 18:05:28 +0100

tiff (3.5.4-3) frozen unstable; urgency=low

  * Included libtiff.so file in libtiff3g-dev, dammit :( My eye hurts,
    a lot, but this was easy to fix, thank goodness :) (closes: #55814).
    This bugfix deserves to get into frozen because the bug cripples
    libtiff3g-dev, a lot.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 21 Jan 2000 19:02:22 +0100

tiff (3.5.4-2) unstable; urgency=low

  * Fixed upstream build system to use ${DESTDIR}, and with that working,
    created install: rule in debian/rules and used it.
  * Fixed the way rules file gets the version from upstream sources,
    and fixed dist/tiff.alpha, it didn't work.
  * Removed README file from libtiff3g binary package, useless.
  * Fixed configure script not to emit the wrong warning about
    zlib/jpeg dirs not specified (they're in /usr/include, stupid :).

 -- Josip Rodin <jrodin@jagor.srce.hr>  Thu, 30 Dec 1999 01:17:32 +0100

tiff (3.5.4-1) unstable; urgency=low

  * New upstream version, closes: #50338.
  * Disabled libc5 build, it wouldn't compile. :(

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri,  3 Dec 1999 20:49:25 +0100

tiff (3.5.2-4) unstable; urgency=low

  * Castrated the rules file, to make it actually work on !(i386 m68k).
    Closes: #49316.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sat,  6 Nov 1999 13:22:54 +0100

tiff (3.5.2-3) unstable; urgency=low

  * Removed sparc from the libtiff3 arches list, as BenC advised.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 29 Oct 1999 23:29:23 +0200

tiff (3.5.2-2) unstable; urgency=low

  * Changed Architecture: line for libtiff3 from "any" to "i386 m68k sparc"
    as it is actually only built on those. Changed description a little bit.
  * Minor fixes to the rules file.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Thu, 28 Oct 1999 14:00:02 +0200

tiff (3.5.2-1) unstable; urgency=low

  * New upstream version.
  * Renamed source package to just "tiff", like upstream tarball name.
  * New maintainer (thanks Guy!). Renewed packaging, with debhelper,
    using Joey's nifty multi2 example, with several adjustments.
  * Ditched libtiff3-altdev, nobody's using that and nobody should be
    using that. Packaging for it still exists, it's just commented out.
  * Uses doc-base for -dev docs now. Uncompressed HTML docs, 100kb space
    saved is pointless when you can't use any links between documents.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 26 Oct 1999 16:20:46 +0200

libtiff3 (3.4beta037-8) unstable; urgency=low

  * Argh, same bug in the prerm, closes: #36990, #36850, #36855,
    #36866, #36988.

 -- Guy Maor <maor@debian.org>  Sat,  1 May 1999 10:12:23 -0700

libtiff3 (3.4beta037-7) unstable; urgency=low

  * Don't error when dhelp is not installed, closes: #36879, #36922.

 -- Guy Maor <maor@debian.org>  Thu, 29 Apr 1999 19:17:55 -0700

libtiff3 (3.4beta037-6) unstable; urgency=low

  * Only build libc5 packages on appropriate archs, closes: #27083, #32007.
  * Apply NMU patch, closes: #26413, #26887.
  * Add dhelp support, closes: #35154.
  * Recompile removes invalid dependency, closes: #30961.

 -- Guy Maor <maor@debian.org>  Sat, 24 Apr 1999 15:17:51 -0700

libtiff3 (3.4beta037-5.1) frozen unstable; urgency=low

  * NMU to not use install -s to strip static .a libraries. Fixes: #26413
  * Build with recent libjpeg. Fixes: #26887
  * Add Section: and Priority: headers to debian/control.

 -- Ben Gertzfield <che@debian.org>  Mon, 26 Oct 1998 22:44:33 -0800

libtiff3 (3.4beta037-5) unstable; urgency=low

  * Explicit link with -lm (and don't need -lc now), fixes: #19167, #22180.

 -- Guy Maor <maor@ece.utexas.edu>  Tue, 11 Aug 1998 22:27:56 -0700

libtiff3 (3.4beta037-4) unstable; urgency=low

  * libtiff3-tools conflicts & replaces with libtiff3-gif (13521,15107).

 -- Guy Maor <maor@ece.utexas.edu>  Sun, 11 Jan 1998 13:09:28 -0800

libtiff3 (3.4beta037-3) unstable; urgency=low

  * New libjpegg contains shlibs file, so don't need shlibs.local.
  * Compile with -D_REENTRANT.
  * Add shlibs for libtiff3g (13423).

 -- Guy Maor <maor@ece.utexas.edu>  Sat, 27 Sep 1997 13:17:45 -0500

libtiff3 (3.4beta037-2) unstable; urgency=low

  * Add libjpegg6a to shlibs.local to correct for broken dependency.

 -- Guy Maor <maor@ece.utexas.edu>  Fri, 26 Sep 1997 11:23:55 -0500

libtiff3 (3.4beta037-1) unstable; urgency=low

  * New upstream version, libc6 compile, policy 2.3.0.0 (5136, 7470, 7627, 8166
    8312, 9479, 9492, 9531, 11700, 11702).
  * Fix check for shared lib support (10805).

 -- Guy Maor <maor@ece.utexas.edu>  Tue, 23 Sep 1997 16:55:56 -0500