File: changelog

package info (click to toggle)
tiff 4.0.8-2%2Bdeb9u5
links: PTS
area: main
in suites: stretch
size: 14,440 kB
sloc: ansic: 65,354; sh: 4,556; makefile: 833; cpp: 793
file content (1248 lines) | stat: -rw-r--r-- 45,208 bytes
tiff (4.0.8-2+deb9u5) stretch-security; urgency=high

  * Backport security fixes:
    - CVE-2018-12900, heap-based buffer overflow in cpSeparateBufToContigBuf(),
    - CVE-2018-17000, NULL pointer dereference in _TIFFmemcmp(),
    - CVE-2018-17100, int32 overflow in multiply_ms(),
    - CVE-2018-19210, NULL pointer dereference in TIFFWriteDirectorySec(),
    - CVE-2019-14973, _TIFFCheckMalloc() and _TIFFCheckRealloc() mishandle
      Integer Overflow checks,
    - CVE-2019-17546, integer overflow that potentially causes a heap-based
      buffer overflow,
    - CVE-2019-7663, Invalid Address dereference in
      TIFFWriteDirectoryTagTransfer() .
  * Add required _TIFFCastUInt64ToSSize@LIBTIFF_4.0 and
    _TIFFMultiplySSize@LIBTIFF_4.0 symbols to the libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Fri, 17 Apr 2020 16:28:49 +0000

tiff (4.0.8-2+deb9u4) stretch-security; urgency=medium

  * CVE-2018-5784 (Closes: #890441)
  * CVE-2018-7456 (Closes: #891288)
  * CVE-2018-8905 (Closes: #893806)
  * CVE-2018-10963 (Closes: #898348)
  * CVE-2018-17101 (Closes: #909037)
  * CVE-2018-18557 (Closes: #911635)
  * CVE-2017-11613 (Closes: #869823)
  * CVE-2017-17095 (Closes: #883320)
    (deb9u3 is unreleased, broken interim)

 -- Moritz Mühlenhoff <jmm@debian.org>  Thu, 29 Nov 2018 20:45:11 +0100

tiff (4.0.8-2+deb9u2) stretch-security; urgency=high

  * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
    (closes: #868513).
  * Fix CVE-2017-12944: OOM prevention in TIFFReadDirEntryArray()
    (closes: #872607).
  * Fix CVE-2017-13726: reachable assertion abort in TIFFWriteDirectorySec()
    (closes: #873880).
  * Fix CVE-2017-13727: reachable assertion abort in
    TIFFWriteDirectoryTagSubifd() (closes: #873879).
  * Fix CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory()
    (closes: #885985).
  * Fix CVE-2017-9935: heap-based buffer overflow in the t2p_write_pdf()
    function (closes: #866109).

 -- Moritz Mühlenhoff <jmm@debian.org>  Sat, 30 Dec 2017 20:13:06 +0000

tiff (4.0.8-2+deb9u1) stretch-security; urgency=high

  * Backport security fixes:
    - CVE-2017-9936, memory leak in error code path of JBIGDecode()
      (closes: #866113),
    - prevent out of memory in gtTileContig() on corrupted files,
    - CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX()
      (closes: #866611).
  * Add required _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbol to the
    libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 02 Jul 2017 08:36:06 +0000

tiff (4.0.8-2) unstable; urgency=high

  * Backport security fixes:
    - TIFFYCbCrToRGBInit(): stricter clamping to avoid int32 overflow in
      TIFFYCbCrtoRGB(),
    - initYCbCrConversion(): stricter validation for refBlackWhite
      coefficients values - to avoid invalid float->int32 conversion,
    - CVE-2016-10095 and CVE-2017-9147: add _TIFFCheckFieldIsValidForCodec()
      and use it in TIFFReadDirectory() (closes: #850316, #863185).
  * Add required _TIFFCheckFieldIsValidForCodec@LIBTIFF_4.0 symbol to the
    libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Thu, 01 Jun 2017 17:56:08 +0000

tiff (4.0.8-1) unstable; urgency=high

  * New upstream release of merged security fixes.
  * Add required TIFFReadRGBAStripExt@LIBTIFF_4.0 and
    TIFFReadRGBATileExt@LIBTIFF_4.0 symbols to the libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Wed, 24 May 2017 19:49:04 +0000

tiff (4.0.7-7) unstable; urgency=high

  * Backport security fix for CVE-2016-10371 (closes: #862929).
  * Backport security fix for CVE-2015-7554 (closes: #809066, #842043).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 20 May 2017 16:35:43 +0000

tiff (4.0.7-6) unstable; urgency=high

  * Backport security fixes:
    - CVE-2017-7595, divide-by-zero in JPEGSetupEncode (closes: #860003),
    - CVE-2017-7596, CVE-2017-7597, CVE-2017-7598,CVE-2017-7599 CVE-2017-7600,
      CVE-2017-7601 and CVE-2017-7602, multiple UBSAN crashes,
    - CVE-2017-7592, left-shift undefined behavior issue in putagreytile
      (closes: #859998),
    - CVE-2017-7593, unitialized-memory access from tif_rawdata
      (closes: #860000),
    - CVE-2017-7594, leak in OJPEGReadHeaderInfoSecTablesAcTable
      (closes: #860001).
  * Add required _TIFFcalloc@LIBTIFF_4.0 symbol to the libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Fri, 14 Apr 2017 07:21:47 +0000

tiff (4.0.7-5) unstable; urgency=high

  * Fix CVE-2017-5225: heap buffer overflow via a crafted BitsPerSample value
    (closes: #851297).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 15 Jan 2017 16:49:05 +0000

tiff (4.0.7-4) unstable; urgency=high

  * Fix CVE-2016-10094: heap-based overflow in t2p_readwrite_pdf_image_tile().

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 01 Jan 2017 19:03:49 +0000

tiff (4.0.7-3) unstable; urgency=medium

  * Backport upstream fix of TIFFFaxTabEnt structure.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Tue, 13 Dec 2016 19:02:25 +0000

tiff (4.0.7-2) unstable; urgency=high

  * Backport security fixes:
    - fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer
      division by zero,
    - avoid uint32 underflow in cpDecodedStrips that can cause various
      issues, such as buffer overflows in the library,
    - fix heap-based buffer overflow on generation of PixarLog / LUV
      compressed files, with ColorMap, TransferFunction attached and nasty
      plays with bitspersample,
    - fix ChopUpSingleUncompressedStrip() in reading outside of the
      StripByCounts/StripOffsets arrays when using TIFFReadScanline()
      (closes: #846837),
    - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode() to
      avoid a divide by zero, and potential other issues,
    - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the
      output buffer is correctly incremented to avoid write outside bounds,
    - add 3 extra bytes at end of strip buffer in
      readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
      buffer,
    - fix integer division by zero when BitsPerSample is missing
      (closes: #846838),
    - fix null pointer dereference in -r mode when the image has no
      StripByteCount tag,
    - avoid potential division by zero if BitsPerSamples tag is missing,
    - limit the return number of inks to SamplesPerPixel in
      TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) , so that code that parses ink
      names doesn't go past the end of the buffer,
    - avoid another potential division by zero if BitsPerSamples tag is
      missing,
    - fix uint32 underflow/overflow that can cause heap-based buffer overflow,
    - replace assert( (bps % 8) == 0 ) by a non assert check.
  * Remove thumbnail and rgb2ycbcr documentations, these tools no longer
    present.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 04 Dec 2016 12:24:44 +0000

tiff (4.0.7-1) unstable; urgency=high

  * New upstream release.
  * Fixes the following vulnerabilities:
    - CVE-2015-7313, OOM when parsing crafted tiff files (closes: #800124),
    - CVE-2016-3622, denial of service (divide-by-zero error) via
      the fpAcc function in tif_predict.c (closes: #820365),
    - CVE-2016-3945, multiple integer overflows in the tiff2rgba tool,
    - CVE-2016-3990, write buffer overflow in PixarLogEncode,
    - CVE-2016-3991 and CVE-2016-5322, heap-based buffer overflow in the
      loadImage function,
    - CVE-2016-9273, heap-buffer-overflow in cpStrips (closes: #844013),
    - CVE-2016-9297, segfault in _TIFFPrintField() (closes: #844226),
    - CVE-2016-9448, in TIFFFetchNormalTag(), do not dereference NULL pointer
      (regression of CVE-2016-9297),
    - heap buffer overflow via writeBufferToSeparateStrips() in tiffcrop.
  * Remove backported vulnerability fixes, this release contains those.
  * Update libtiff5 symbols.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 19 Nov 2016 18:05:24 +0000

tiff (4.0.6-3) unstable; urgency=high

  * Fix architecture independent only build (closes: #806118).
  * Fix CVE-2015-8668 , CVE-2016-3619 , CVE-2016-3620 (closes: #820363),
    CVE-2016-3621 (closes: #820364) and CVE-2016-5319 with removing bmp2tiff
    (closes: #820364).
  * Fix CVE-2016-3186 and CVE-2016-5102 with removing gif2tiff.
  * Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
    CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
  * Backport upstream fix for CVE-2016-3623 and CVE-2016-3624 .
  * Backport upstream fix for CVE-2016-5652 (closes: #842361).
  * Backport upstream fix for CVE-2016-3658 .
  * Removed vulnerable, unsupported tools (closes: #827484, #842046).
  * Comment out Vcs fields for now.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 31 Oct 2016 15:56:56 +0000

tiff (4.0.6-2) unstable; urgency=high

  * Backport fix for the following vulnerabilities:
    - CVE-2016-5314, PixarLogDecode() heap-based buffer overflow
      (closes: #830700),
    - CVE-2016-5316, PixarLogCleanup() Segmentation fault,
    - CVE-2016-5320, rgb2ycbcr: command excution,
    - CVE-2016-5875, heap-based buffer overflow when using the PixarLog
      compression format,
    - CVE-2016-6223, information leak in libtiff/tif_read.c ,
    - CVE-2016-5321, DumpModeDecode(): Ddos,
    - CVE-2016-5323, tiffcrop _TIFFFax3fillruns(): NULL pointer dereference.
  * Be primary maintainer and keep Ondřej as uploader.
  * Update Standards-Version to 3.9.8 .

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 16 Jul 2016 11:45:21 +0000

tiff (4.0.6-1) unstable; urgency=high

  * New upstream release.
  * Backport upstream fixes for:
    - CVE-2015-8665 an out-of-bound read in TIFFRGBAImage interface,
    - CVE-2015-8683 an out-of-bounds read in CIE Lab image format.
  * Backport fix for potential out-of-bound writes in decode.
  * Backport fix for potential out-of-bound write in NeXTDecode().

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Thu, 31 Dec 2015 16:22:24 +0100

tiff (4.0.5-1) unstable; urgency=medium

  * Update László Böszörményi to Laszlo Boszormenyi (GCS)
  * Add Vcs URLs to debian/control
  * Imported Upstream version 4.0.5
  * Remove all patches - they have been merged upstream
  * Convert the package to pure debhelper and remove some legacy stuff

 -- Ondřej Surý <ondrej@debian.org>  Tue, 01 Sep 2015 13:10:55 +0200

tiff (4.0.3-13) unstable; urgency=medium

  * Thanks Jay for maintaining tiff for so long
  * Add me as a new maintainer, and add László Böszörményi to Uploaders
  * Cleanup debian a bit:
   - Run wrap-and-sortize -a)
   - Update d/copyright to Copyright Format 1.0
   - Remove files related to libtiff4->libtiff5 transition
  * Add C++ symbols file for libtiffxx5

 -- Ondřej Surý <ondrej@debian.org>  Tue, 05 May 2015 08:37:59 +0200

tiff (4.0.3-12.3) unstable; urgency=medium

  * Add another (final) patch for CVE-2014-8128 (Bug #2499). Thanks to
    Petr Gajdos

 -- Moritz Muehlenhoff <jmm@debian.org>  Mon, 23 Mar 2015 18:26:40 +0100

tiff (4.0.3-12.2) unstable; urgency=medium

  * Add another patch for CVE-2014-8128 (Bug #2501)

 -- Moritz Muehlenhoff <jmm@debian.org>  Fri, 13 Mar 2015 23:54:02 +0100

tiff (4.0.3-12.1) unstable; urgency=medium

  * NMU as discussed with Ondrej, the future adopter of tiff
  * Fix multiple security issues, exact details will be recorded in the
    Debian security tracker

 -- Moritz Muehlenhoff <jmm@debian.org>  Sat, 21 Feb 2015 13:06:08 +0100

tiff (4.0.3-12) unstable; urgency=high

  * Fix integer overflow in bmp2tiff. CVE-2014-9330. (Closes: #773987)

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 30 Dec 2014 11:32:04 -0500

tiff (4.0.3-11) unstable; urgency=medium

  * Don't crash on JPEG => non-JPEG conversion (Closes: #741451)
  * Thanks Tomasz Buchert <tomasz.buchert@inria.fr> for preparing the fix!

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 23 Dec 2014 15:51:40 -0500

tiff (4.0.3-10) unstable; urgency=medium

  * Remove libtiff4-dev, completing the tiff transition. Packages that
    still declare build dependencies on libtiff4-dev must now build depend
    on libtiff-dev instead, or if a versioned dependency is required,
    libtiff5-dev with a specific version.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 29 Jun 2014 17:32:18 -0400

tiff (4.0.3-9) unstable; urgency=medium

  * Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat. (Closes:
    #742917)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 21 Jun 2014 18:12:40 -0400

tiff (4.0.3-8) unstable; urgency=medium

  * Remove libtiff5-alt-dev transitional package now that no one is
    build-depending on it anymore.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 01 Mar 2014 09:36:51 -0500

tiff (4.0.3-7) unstable; urgency=medium

  * Use dh-autoreconf to support new architectures in Ubuntu.

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 23 Dec 2013 09:58:47 -0500

tiff (4.0.3-6) unstable; urgency=low

  * Update standards to 3.9.5.  No changes required.
  * libtiff4 -> libtiff5 transition.  libtiff5-dev now provides
    libtiff-dev.  libtiff5-alt-dev and libtiff4-dev are transitional
    packages that depend on libtiff5-dev.  They will both be removed
    before jessie.

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 04 Dec 2013 14:36:36 -0500

tiff (4.0.3-5) unstable; urgency=low

  * Replace shlibs file with symbols file
  * Update standards to 3.9.4

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 15 Sep 2013 08:31:41 -0400

tiff (4.0.3-4) unstable; urgency=low

  * Complete Multi-Arch conversion for dev packages.  (Closes: #689085)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 24 Aug 2013 11:50:20 -0400

tiff (4.0.3-3) unstable; urgency=high

  * Incorporated fixes to security issues CVE-2013-4244.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 24 Aug 2013 11:20:00 -0400

tiff (4.0.3-2) unstable; urgency=high

  * Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
    (Closes: #719303)

 -- Jay Berkenbilt <qjb@debian.org>  Thu, 22 Aug 2013 11:52:58 -0400

tiff (4.0.3-1) unstable; urgency=low

  * Acknowledge/incorporate NMU.  Thanks!
  * New upstream version.  Patches incorporated:
     CVE-2012-3401.patch
     CVE-2012-4447.patch
  * Add build dependency on autotools-dev to help porters.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 23 Jun 2013 10:39:04 -0400

tiff (4.0.2-6+nmu1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
    (closes: #706675).
  * Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
    (closes: #706674).

 -- Michael Gilbert <mgilbert@debian.org>  Mon, 17 Jun 2013 01:27:17 +0000

tiff (4.0.2-6) unstable; urgency=high

  * Fix /usr/share/doc symlink to directory transition.  When upgrading
    from very old versions (pre 3.8.2-8), /usr/share/doc may contain
    symbolic links that should be removed.  (Closes: #687645)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 26 Jan 2013 12:28:19 -0500

tiff (4.0.2-5) unstable; urgency=high

  * Add fix for CVE-2012-4564, a heap-buffer overflow.  Thanks Adrian La
    Duca for doing all the work to prepare this upload.  (Closes: #692345)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 17 Nov 2012 12:40:25 -0500

tiff (4.0.2-4) unstable; urgency=high

  * Previous change was uploaded with the wrong CVE number.  I updated the
    last changelog entry.  The correct CVE number is CVE-2012-4447.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 05 Oct 2012 17:33:44 -0400

tiff (4.0.2-3) unstable; urgency=high

  * Add fix for CVE-2012-4447, a buffer overrun.  (Closes: #688944)

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 05 Oct 2012 17:04:38 -0400

tiff (4.0.2-2) unstable; urgency=high

  * SECURITY UPDATE: possible arbitrary code execution via heap overflow
    in tiff2pdf.  (Closes: #682115)
    - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
      tools/tiff2pdf.c.
    - CVE-2012-3401
    Changes prepared by Marc Deslauriers for Ubuntu.  Thanks!

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 21 Jul 2012 21:27:34 -0400

tiff (4.0.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 24 Jun 2012 13:45:42 -0400

tiff (4.0.1-8) unstable; urgency=low

  * Call glFlush() in tiffgt to fix display problems.  From
    https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/797166.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 16 Jun 2012 21:20:04 -0400

tiff (4.0.1-7) unstable; urgency=low

  * Add new temporary package libtiff5-alt-dev, which provides libtiff5
    development files in a location that doesn't conflict with
    libtiff4-dev.  See README.Debian for details.

 -- Jay Berkenbilt <qjb@debian.org>  Thu, 24 May 2012 15:24:36 -0400

tiff (4.0.1-6) unstable; urgency=low

  * Include pkg-config files

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 13 May 2012 12:53:38 -0400

tiff (4.0.1-5) unstable; urgency=low

  * Fix shlibs again.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 22 Apr 2012 11:41:44 -0400

tiff (4.0.1-4) unstable; urgency=low

  * Use >= instead of > in shlibs file.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 22 Apr 2012 10:57:02 -0400

tiff (4.0.1-3) unstable; urgency=low

  * Support JBIG now that patents have expired. (Closes: #667835)
  * Support LZMA.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 14 Apr 2012 19:03:04 -0400

tiff (4.0.1-2) unstable; urgency=high

  * Incorporated fix to CVE-2012-1173, a problem in the parsing of the
    TileSize entry, which could result in the execution of arbitrary code
    if a malformed image is opened.
  * Updated standards to 3.9.3

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Apr 2012 10:10:48 -0400

tiff (4.0.1-1) unstable; urgency=low

  * New upstream release
  * Point watch file to new download location

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 20 Feb 2012 09:43:54 -0500

tiff (4.0.0-2) experimental; urgency=low

  * Rename libtiff-dev -> libtiff5-dev to avoid premature transition for
    packages that explicitly depend on libtiff-dev.  At some future time,
    libtiff5-dev will provide or be renamed back to libtiff-dev.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 04 Feb 2012 09:41:19 -0500

tiff (4.0.0-1) experimental; urgency=low

  * New upstream release
  * Enable versioned symbols

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 28 Jan 2012 10:56:23 -0500

tiff (4.0.0~beta7-2) experimental; urgency=low

  * Incorporated changes from 3.9.5-2: security hardening and multiarch

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 17 Sep 2011 10:28:53 -0400

tiff (4.0.0~beta7-1) experimental; urgency=low

  * New upstream release including many security fixes and other
    improvements
  * Updated changelog with changes from 3.x series.
  * Updated standards version to 3.9.2.  No changes required.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 16 Apr 2011 13:45:33 -0400

tiff (4.0.0~beta6-3) experimental; urgency=low

  * Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
    putcontig8bitYCbCr11tile", from 3.9.4-4.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Oct 2010 13:31:41 -0400

tiff (4.0.0~beta6-2) experimental; urgency=low

  * Incorporate changes from 3.9.4-{2,3} including updating standards
    version to 3.9.1 along with associated fixes.  (CVE-2010-2233 was
    already fixed in this version.)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 14 Aug 2010 16:36:44 -0400

tiff (4.0.0~beta6-1) experimental; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 18 Jun 2010 21:42:57 -0400

tiff (4.0.0~beta5-2) experimental; urgency=low

  * Depend on libjpeg-dev instead of libjpeg62-dev.
  * Change source format to '3.0 (quilt)'
  * Update standards version to 3.8.4.  No changes required.

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 10 Feb 2010 19:36:43 -0500

tiff (4.0.0~beta5-1) experimental; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Nov 2009 22:58:07 -0500

tiff (4.0.0~beta4-1) experimental; urgency=low

  * New upstream release.  All debian patches incorporated among many
    other fixes and enhancements.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 11:30:09 -0400

tiff (4.0.0~beta3-2) experimental; urgency=low

  * Fixed previously incorrect patch to lzw problem.

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 24 Aug 2009 14:45:10 -0400

tiff (4.0.0~beta3-1) experimental; urgency=low

  * New upstream release.  This version is not binary compatible with the
    3.x series, nor is it entirely source compatible, but most
    applications should port easily.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 21 Aug 2009 13:39:37 -0400

tiff (3.9.5-2) unstable; urgency=low

  * Implemented mulitarch and and PIE build for security hardening by
    integrating the changes from the Ubuntu tiff packages.  Thanks to Marc
    Deslauriers and anyone else who did the actual work.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 17 Sep 2011 10:15:39 -0400

tiff (3.9.5-1) unstable; urgency=low

  * New upstream release.  All security patches are fully incorporated
    into this version, as are many other bug fixes.
  * Updated standards version to 3.9.2.  No changes needed.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 16 Apr 2011 13:15:51 -0400

tiff (3.9.4-9) unstable; urgency=high

  * CVE-2011-1167: correct potential buffer overflow with thunder encoded
    files with wrong bitspersample set.  (Closes: #619614)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Apr 2011 10:59:38 -0400

tiff (3.9.4-8) unstable; urgency=low

  * Enable PIE (position independent executable) build for security
    hardening.  Patch from Ubuntu.  (Closes: #613759)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 19 Mar 2011 10:22:32 -0400

tiff (3.9.4-7) unstable; urgency=high

  * Incorporate revised fix to CVE-2011-0192.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 13 Mar 2011 14:33:38 -0400

tiff (3.9.4-6) unstable; urgency=high

  * Incorporated fix to CVE-2011-0192, "Buffer overflow in Fax4Decode".

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 26 Feb 2011 18:44:23 -0500

tiff (3.9.4-5) unstable; urgency=high

  * Incorporated fix to CVE-2010-3087, a potential denial of service
    exploitable with a specially crafted TIFF file.  (Closes: #600188)

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Oct 2010 16:44:08 -0400

tiff (3.9.4-4) unstable; urgency=high

  * Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
    putcontig8bitYCbCr11tile".  (Closes: #595064)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 02 Oct 2010 13:17:12 -0400

tiff (3.9.4-3) unstable; urgency=low

  * Updated control file to remove obsolete Conflicts/Replaces for ancient
    packages.
  * Empty dependency_libs in all .la files as part of the .la file.  This
    also resolves the problem of having hard-coded paths in the .la file.
    (Closes: #509016)
  * Updated standards version to 3.9.1.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 14 Aug 2010 16:28:49 -0400

tiff (3.9.4-2) unstable; urgency=high

  * Incorporated patch to fix CVE-2010-2233, which fixes a specific
    failure of tif_getimage on 64-bit platforms.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 13 Aug 2010 20:16:29 -0400

tiff (3.9.4-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 18 Jun 2010 21:28:11 -0400

tiff (3.9.2-3) unstable; urgency=low

  * Depend on libjpeg-dev instead of libjpeg62-dev.  (Closes: #569242)
  * Change source format to '3.0 (quilt)'
  * Update standards version to 3.8.4.  No changes required.

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 10 Feb 2010 19:20:20 -0500

tiff (3.9.2-2) unstable; urgency=low

  * Include patch from upstream to fix problems with TIFFReadScanline()
    and ycbcr-encoded JPEG images.  (Closes: #510792)
  * Fix some manual page spelling errors found by lintian.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 10 Jan 2010 10:56:32 -0500

tiff (3.9.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 06 Nov 2009 22:52:06 -0500

tiff (3.9.1-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 15:44:23 -0400

tiff (3.9.0-2) unstable; urgency=low

  * Fix critical bug that could cause corrupt files to be written in some
    cases.  (Closes: #543079)

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 28 Aug 2009 13:38:03 -0400

tiff (3.9.0-1) unstable; urgency=low

  * New upstream release.  All previous security patches have been
    integrated.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 21 Aug 2009 11:40:49 -0400

tiff (3.9.0beta+deb1-1) experimental; urgency=low

  * New upstream release (binary compatible with 3.8.2) -- release based
    on 3.9 branch from upstream CVS; see README.Debian for details.
    (Closes: #537118)
  * Updated standards to 3.8.3; no changes required.
  * Stopped using tarball in tarball packaging.  (Closes: #538565)

 -- Jay Berkenbilt <qjb@debian.org>  Wed, 19 Aug 2009 20:33:10 -0400

tiff (3.8.2-13) unstable; urgency=high

  * Apply patches to fix CVE-2009-2347, which covers two integer overflow
    conditions.
  * LZW patch from last update addressed CVE-2009-2285.  Renamed the patch
    to make this clearer.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 12 Jul 2009 18:03:33 -0400

tiff (3.8.2-12) unstable; urgency=low

  * Apply patch to fix crash in lzw decoder that can be caused by certain
    invalid image files.  (Closes: #534137)
  * No longer ignore errors in preinst
  * Fixed new lintian warnings; updated standards version to 3.8.2.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 28 Jun 2009 13:17:44 -0400

tiff (3.8.2-11) unstable; urgency=high

  * Apply security patches (CVE-2008-2327)
  * Convert patch system to quilt
  * Create README.source
  * Set standards version to 3.8.0

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 13:16:37 -0400

tiff (3.8.2-10+lenny1) testing-security; urgency=high

  * Apply patches from Drew Yao of Apple Product Security to fix
    CVE-2008-2327, a potential buffer underflow in the LZW decoder
    (tif_lzw.c).

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 11:56:01 -0400

tiff (3.8.2-10) unstable; urgency=low

  * Fix segmentation fault on subsequent parts of a file with an invalid
    directory tag.  (Closes: #475489)

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 09 Jun 2008 11:02:53 -0400

tiff (3.8.2-9) unstable; urgency=low

  * Backported tiff2pdf from 4.0.0 beta 2.  This fixes many tiff2pdf bugs,
    though unfortunately none of the ones opened in the debian bug
    database!
  * Added upstream homepage to debian control file.

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 07 Jun 2008 22:52:27 -0400

tiff (3.8.2-8) unstable; urgency=low

  * Accepted tmpfile patch tiff2pdf to fix bug that has been fixed
    upstream since upstream release appears stalled.  Thanks Jesse Long.
    (Closes: #419773)
  * Update standards version to 3.7.3; no changes required.
  * ${Source-Version} -> ${binary:Version} in control
  * Split documentation into separate libtiff-doc package.  (Closes:
    #472189)

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 22 Mar 2008 12:30:38 -0400

tiff (3.8.2-7+etch1) stable-security; urgency=high

  * Apply patches from Drew Yao of Apple Product Security to fix
    CVE-2008-2327, a potential buffer underflow in the LZW decoder
    (tif_lzw.c).

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 17 Aug 2008 11:56:01 -0400

tiff (3.8.2-7) unstable; urgency=high

  * Replace empty directories in /usr/share/doc with links during package
    upgrade.  (Closes: #404631)

 -- Jay Berkenbilt <qjb@debian.org>  Tue,  2 Jan 2007 15:50:50 -0500

tiff (3.8.2-6) unstable; urgency=high

  * Add watch file
  * Tavis Ormandy of the Google Security Team discovered several problems
    in the TIFF library.  The Common Vulnerabilities and Exposures project
    identifies the following issues:
     - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
       tif_dirread.c
     - CVE-2006-3460: A heap overflow vulnerability was discovered in the
       jpeg decoder
     - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
     - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
       overflow
     - CVE-2006-3463: An infinite loop was discovered in
       EstimateStripByteCounts()
     - CVE-2006-3464: Multiple unchecked arithmetic operations were
       uncovered, including a number of the range checking operations
       deisgned to ensure the offsets specified in tiff directories are
       legitimate.
     - A number of codepaths were uncovered where assertions did not hold
       true, resulting in the client application calling abort()
     - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
       support

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 31 Jul 2006 18:14:59 -0400

tiff (3.8.2-5) unstable; urgency=low

  * Fix logic error that caused -q flag to be ignored when doing jpeg
    compression with tiff2pdf.  (Closes: #373102)

 -- Jay Berkenbilt <qjb@debian.org>  Mon, 19 Jun 2006 18:55:38 -0400

tiff (3.8.2-4) unstable; urgency=high

  * SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
    Thanks to Martin Pitt.  (Closes: #371064)
  * Add debian/patches/tiff2pdf-octal-printf.patch:
    - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
      signed char (it printed a signed integer, which overflew the buffer and
      was wrong anyway).
    - CVE-2006-2193

 -- Jay Berkenbilt <qjb@debian.org>  Wed,  7 Jun 2006 17:52:12 -0400

tiff (3.8.2-3) unstable; urgency=high

  * SECURITY UPDATE: Arbitrary command execution with crafted long file
    names.  Thanks to Martin Pitt for forwarding this.
    Add debian/patches/tiffsplit-fname-overflow.patch:
    - tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
      user-specified file name into a statically sized buffer.
    CVE-2006-2656.  (Closes: #369819)
  * Update standards version to 3.7.2.  No changes required.
  * Moved doc-base information to libtiff4 instead of libtiff4-dev.

 -- Jay Berkenbilt <qjb@debian.org>  Thu,  1 Jun 2006 21:24:21 -0400

tiff (3.8.2-2) unstable; urgency=low

  * Fix build dependencies to get OpenGL utility libraries after new Xorg
    packaging.  (Closes: #365722)
  * Updated standards version to 3.7.0; no changes required to package.

 -- Jay Berkenbilt <qjb@debian.org>  Tue,  2 May 2006 10:10:45 -0400

tiff (3.8.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 28 Mar 2006 21:42:33 -0500

tiff (3.8.0-3) unstable; urgency=low

  * Switched build dependency from xlibmesa-gl-dev to libgl1-mesa-dev
    (incorporating Ubunutu patch)
  * Incorporated patch from upstream to fix handling of RGBA tiffs in
    tiff2pdf.  (Closes: #352849)

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 26 Feb 2006 13:21:17 -0500

tiff (3.8.0-2) unstable; urgency=low

  * Applied fixes from upstream to address a memory access violation
    [CVE-2006-0405].  (Closes: #350715, #351223)

 -- Jay Berkenbilt <qjb@debian.org>  Fri,  3 Feb 2006 21:48:39 -0500

tiff (3.8.0-1) unstable; urgency=low

  * New upstream release.  (Closes: #349921)
  * NOTE: The debian version of 3.8.0 includes a patch to correct a binary
    incompatibility in the original 3.8.0 release.  This libtiff package
    is binary compatible with 3.7.4 and will be binary compatible with the
    upcoming 3.8.1 release.

 -- Jay Berkenbilt <qjb@debian.org>  Fri, 27 Jan 2006 21:38:58 -0500

tiff (3.7.4-1) unstable; urgency=low

  * New upstream release
  * Fix typos in manual page (Closes: #327921, #327922, #327923, #327924)

 -- Jay Berkenbilt <qjb@debian.org>  Fri,  7 Oct 2005 10:25:49 -0400

tiff (3.7.3-1) unstable; urgency=low

  * New upstream release
  * g++ 4.0 transition: libtiffxx0 is now libtiffxx0c2.

 -- Jay Berkenbilt <qjb@debian.org>  Sat,  9 Jul 2005 12:00:44 -0400

tiff (3.7.2-3) unstable; urgency=high

  * Fix for exploitable segmentation fault on files with bad BitsPerSample
    values.  (Closes: #309739)
    [libtiff/tif_dirread.c, CAN-2005-1544]
    Thanks to Martin Pitt for the report.

 -- Jay Berkenbilt <qjb@debian.org>  Thu, 19 May 2005 05:41:28 -0400

tiff (3.7.2-2) unstable; urgency=high

  * Fix zero pagesize bug with tiff2ps -a2 and tiff2ps -a3.  Thanks to
    Patrice Fournier for the patch.  (Closes: #303583)
  * Note: uploading with urgency=high since this very small fix impacts
    tools only (not the library), and we don't want to block tiff's many
    reverse dependencies from transitioning to sarge.

 -- Jay Berkenbilt <qjb@debian.org>  Sun, 10 Apr 2005 10:12:37 -0400

tiff (3.7.2-1) unstable; urgency=low

  * New upstream release

 -- Jay Berkenbilt <qjb@debian.org>  Sat, 19 Mar 2005 14:51:06 -0500

tiff (3.7.1-4) unstable; urgency=low

  * Fix from upstream: include a better workaround for tiff files with
    invalid strip byte counts.  (Closes: #183268)

 -- Jay Berkenbilt <qjb@debian.org>  Tue, 22 Feb 2005 19:20:14 -0500

tiff (3.7.1-3) unstable; urgency=low

  * Disable C++ new experimental interfaces for now; will reappear in a
    future version in the separate libtiffxx0 package.

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 29 Jan 2005 13:32:37 -0500

tiff (3.7.1+pre3.7.2-1) experimental; urgency=low

  * New upstream release
  * Separate experimental C++ interface into separate libtiffxx library.

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 29 Jan 2005 13:03:19 -0500

tiff (3.7.1-2) unstable; urgency=low

  * Make -dev package depend upon other -dev packages referenced in the
    .la file created by libtool.  (Closes: #291136)
  * tiff2ps: Allow one of -w and -h without the other.  (Closes: #244247)

 -- Jay Berkenbilt <ejb@ql.org>  Wed, 19 Jan 2005 10:45:00 -0500

tiff (3.7.1-1) unstable; urgency=low

  * New upstream release
  * Correct error in doc-base file (Closes: #285652)

 -- Jay Berkenbilt <ejb@ql.org>  Wed,  5 Jan 2005 16:54:12 -0500

tiff (3.7.0-2) experimental; urgency=low

  * Replace hard-coded libc6-dev dependency with something friendlier to
    porters (libc6-dev | libc-dev).  (Closes: #179727)
  * Fixed upstream: proper netbsdelf*-gnu support in configure.  Actually
    fixed in 3.7.0-1 but left out of changelog.  (Closes: #179728)
  * Include opengl support; adds new libtiff-opengl package. (Closes: #219456)
  * Fixed upstream: fax2ps now allows access to first page. (Closes: #244251)

 -- Jay Berkenbilt <ejb@ql.org>  Sat, 11 Dec 2004 09:51:52 -0500

tiff (3.7.0-1) experimental; urgency=low

  * New upstream release (Closes: #276996)
  * New maintainer (Thanks Joy!)
  * Repackage using cdbs and simple-patchsys to fix some errors and
    simplify patch management
  * Fixed upstream: tiff2pdf ignores -z and -j (Closes: #280682)
  * Fixed upstream: Memory leak in TIFFClientOpen (Closes: #256657)

 -- Jay Berkenbilt <ejb@ql.org>  Fri, 26 Nov 2004 13:50:13 -0500

tiff (3.6.1-5) unstable; urgency=high

  * New maintainer (thanks Joy!)
  * Applied patch by Dmitry V. Levin to fix a segmentation fault
    [tools/tiffdump.c, CAN-2004-1183]
    Thanks to Martin Schulze for forwarding the patch.
  * Fixed section of -dev package (devel -> libdevel)

 -- Jay Berkenbilt <ejb@ql.org>  Wed,  5 Jan 2005 16:27:26 -0500

tiff (3.6.1-4) unstable; urgency=high

  * Fix heap overflow security bug [CAN-2004-1308].  (Closes: #286815)

 -- Jay Berkenbilt <ejb@ql.org>  Wed, 22 Dec 2004 10:20:52 -0500

tiff (3.6.1-3) unstable; urgency=medium

  * Patches from upstream to fix zero-size tile and integer overflow
    problems created by previous security patches, closes: #276783.
  * Added Jay Berkenbilt as co-maintainer. Jay thanks Joy for letting him
    help and eventually take over maintenance of these packages!

 -- Josip Rodin <joy-packages@debian.org>  Mon, 01 Nov 2004 12:28:27 +0100

tiff (3.6.1-2) unstable; urgency=low

  * Included security fixes for:
    + CAN-2004-0803
      - libtiff/tif_luv.c
      - libtiff/tif_next.c
      - libtiff/tif_thunder.c
    + CAN-2004-0804 (but this one is already applied upstream, it seems)
      - libtiff/tif_dirread.c
    + CAN-2004-0886
      - libtiff/tif_aux.c
      - libtiff/tif_compress.c
      - libtiff/tif_dir.c
      - libtiff/tif_dirinfo.c
      - libtiff/tif_dirread.c
      - libtiff/tif_dirwrite.c
      - libtiff/tif_extension.c
      - libtiff/tif_fax3.c
      - libtiff/tiffiop.h
      - libtiff/tif_getimage.c
      - libtiff/tif_luv.c
      - libtiff/tif_pixarlog.c
      - libtiff/tif_strip.c
      - libtiff/tif_tile.c
      - libtiff/tif_write.c
    Thanks to Martin Schulze for forwarding the patches.

 -- Josip Rodin <joy-packages@debian.org>  Thu, 14 Oct 2004 16:13:11 +0200

tiff (3.6.1-1.1) unstable; urgency=medium

  * Non-maintainer upload; thanks to Jay Berkenbilt <ejb@ql.org> for
    preparing the patches
  * Rename shared library and development packages to resolve accidental
    upstream ABI change.  Closes: #236247
  * Include patch from upstream to fix multistrip g3 fax bug.
    Closes: #243405
  * Include LZW support.  Closes: #260242, #248490
  * Fix URL in copyright file.  Closes: #261357
  * Install missing documentation files.  Closes: #261356

 -- Steve Langasek <vorlon@debian.org>  Sun, 25 Jul 2004 10:28:06 -0400

tiff (3.6.1-1) unstable; urgency=low

  * New upstream version, closes: #231977.
  * Slightly fixed up the static lib build rules so that the build process
    does the normal stuff for the dynamic lib and then does the static with
    the same tiffvers.h.

 -- Josip Rodin <joy-packages@debian.org>  Mon, 23 Feb 2004 18:23:34 +0100

tiff (3.5.7-2) unstable; urgency=high

  * Added back the patch that used -src static/libtiff.a in the install
    rule. Wonder how that disappeared... closes: #170914.
  * Fake it's a GNU system in order for the configure script to use our
    toolchain stuff on the NetBSD port, thanks to Joel Baker, closes: #130636.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 10 Dec 2002 17:18:28 +0100

tiff (3.5.7-1) unstable; urgency=low

  * New upstream version, closes: #144940.
  * A whole new set of patches for the breakage in the build system :)

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sun,  6 Oct 2002 22:54:08 +0200

tiff (3.5.5-6) unstable; urgency=low

  * It appears that the general 64-bit detection code, isn't.
    We have to include all of those three conditions, feh.
    This really closes: #106706.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed,  8 Aug 2001 23:09:55 +0200

tiff (3.5.5-5) unstable; urgency=low

  * Changed two Alpha/Mips-isms into general 64-bit detection code,
    patch from John Daily <jdaily@progeny.com>, closes: #106706.
  * Patched man/Makefile.in to generate a manual page file for
    TIFFClientOpen(3t), as a .so link to TIFFOpen(3t), closes: #99577.
  * Used /usr/share/doc in the doc-base file, closes: #74122.
  * Changed libtiff3g-dev's section back to devel, since graphics was,
    according to elmo, "hysterical raisins". :))

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 27 Jul 2001 01:43:04 +0200

tiff (3.5.5-4) unstable; urgency=low

  * Updated config.* files, closes: #94696.
  * Fixed libtiff3g-dev's section, closes: #85533.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed, 20 Jun 2001 18:29:24 +0200

tiff (3.5.5-3) unstable; urgency=low

  * Build shared library on Hurd, too, closes: #72482.
  * Upped Standards-Version to 3.5.0.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sat, 30 Sep 2000 17:42:13 +0200

tiff (3.5.5-2) unstable; urgency=low

  * Make `dynamic shared object' on Linux unconditionally, fixes the problem
    with libc.so.6.1 on alpha, thanks Chris C. Chimelis.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Wed, 13 Sep 2000 21:44:00 +0200

tiff (3.5.5-1) unstable; urgency=low

  * New upstream version.
  * The upstream build system sucks. There, I said it. Back to work now. :)
  * Added a build dependencies on make (>= 3.77) (closes: #67747) and
    debhelper.
  * Standards-Version: 3.2.1:
    + added DEB_BUILD_OPTIONS checks in debian/rules

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 29 Aug 2000 14:06:02 +0200

tiff (3.5.4-5) frozen unstable; urgency=low

  * Fixed 16-bit/32-bit values bug in fax2ps from libtiff-tools, that
    also breaks printing from hylafax, using provided oneliner patch
    from Bernd Herd (accepted upstream), closes: #49232 and probably #62235.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Mon, 27 Mar 2000 17:12:10 +0200

tiff (3.5.4-4) frozen unstable; urgency=low

  * Weird dpkg-shlibdeps from dpkg 1.6.8-pre has done it again, this time
    with libz.so, making the packages depend on zlib1 (instead of zlib1g).
    Closes: #56134, #56137, #56140, #56155.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 25 Jan 2000 18:05:28 +0100

tiff (3.5.4-3) frozen unstable; urgency=low

  * Included libtiff.so file in libtiff3g-dev, dammit :( My eye hurts,
    a lot, but this was easy to fix, thank goodness :) (closes: #55814).
    This bugfix deserves to get into frozen because the bug cripples
    libtiff3g-dev, a lot.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 21 Jan 2000 19:02:22 +0100

tiff (3.5.4-2) unstable; urgency=low

  * Fixed upstream build system to use ${DESTDIR}, and with that working,
    created install: rule in debian/rules and used it.
  * Fixed the way rules file gets the version from upstream sources,
    and fixed dist/tiff.alpha, it didn't work.
  * Removed README file from libtiff3g binary package, useless.
  * Fixed configure script not to emit the wrong warning about
    zlib/jpeg dirs not specified (they're in /usr/include, stupid :).

 -- Josip Rodin <jrodin@jagor.srce.hr>  Thu, 30 Dec 1999 01:17:32 +0100

tiff (3.5.4-1) unstable; urgency=low

  * New upstream version, closes: #50338.
  * Disabled libc5 build, it wouldn't compile. :(

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri,  3 Dec 1999 20:49:25 +0100

tiff (3.5.2-4) unstable; urgency=low

  * Castrated the rules file, to make it actually work on !(i386 m68k).
    Closes: #49316.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Sat,  6 Nov 1999 13:22:54 +0100

tiff (3.5.2-3) unstable; urgency=low

  * Removed sparc from the libtiff3 arches list, as BenC advised.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Fri, 29 Oct 1999 23:29:23 +0200

tiff (3.5.2-2) unstable; urgency=low

  * Changed Architecture: line for libtiff3 from "any" to "i386 m68k sparc"
    as it is actually only built on those. Changed description a little bit.
  * Minor fixes to the rules file.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Thu, 28 Oct 1999 14:00:02 +0200

tiff (3.5.2-1) unstable; urgency=low

  * New upstream version.
  * Renamed source package to just "tiff", like upstream tarball name.
  * New maintainer (thanks Guy!). Renewed packaging, with debhelper,
    using Joey's nifty multi2 example, with several adjustments.
  * Ditched libtiff3-altdev, nobody's using that and nobody should be
    using that. Packaging for it still exists, it's just commented out.
  * Uses doc-base for -dev docs now. Uncompressed HTML docs, 100kb space
    saved is pointless when you can't use any links between documents.

 -- Josip Rodin <jrodin@jagor.srce.hr>  Tue, 26 Oct 1999 16:20:46 +0200

libtiff3 (3.4beta037-8) unstable; urgency=low

  * Argh, same bug in the prerm, closes: #36990, #36850, #36855,
    #36866, #36988.

 -- Guy Maor <maor@debian.org>  Sat,  1 May 1999 10:12:23 -0700

libtiff3 (3.4beta037-7) unstable; urgency=low

  * Don't error when dhelp is not installed, closes: #36879, #36922.

 -- Guy Maor <maor@debian.org>  Thu, 29 Apr 1999 19:17:55 -0700

libtiff3 (3.4beta037-6) unstable; urgency=low

  * Only build libc5 packages on appropriate archs, closes: #27083, #32007.
  * Apply NMU patch, closes: #26413, #26887.
  * Add dhelp support, closes: #35154.
  * Recompile removes invalid dependency, closes: #30961.

 -- Guy Maor <maor@debian.org>  Sat, 24 Apr 1999 15:17:51 -0700

libtiff3 (3.4beta037-5.1) frozen unstable; urgency=low

  * NMU to not use install -s to strip static .a libraries. Fixes: #26413
  * Build with recent libjpeg. Fixes: #26887
  * Add Section: and Priority: headers to debian/control.

 -- Ben Gertzfield <che@debian.org>  Mon, 26 Oct 1998 22:44:33 -0800

libtiff3 (3.4beta037-5) unstable; urgency=low

  * Explicit link with -lm (and don't need -lc now), fixes: #19167, #22180.

 -- Guy Maor <maor@ece.utexas.edu>  Tue, 11 Aug 1998 22:27:56 -0700

libtiff3 (3.4beta037-4) unstable; urgency=low

  * libtiff3-tools conflicts & replaces with libtiff3-gif (13521,15107).

 -- Guy Maor <maor@ece.utexas.edu>  Sun, 11 Jan 1998 13:09:28 -0800

libtiff3 (3.4beta037-3) unstable; urgency=low

  * New libjpegg contains shlibs file, so don't need shlibs.local.
  * Compile with -D_REENTRANT.
  * Add shlibs for libtiff3g (13423).

 -- Guy Maor <maor@ece.utexas.edu>  Sat, 27 Sep 1997 13:17:45 -0500

libtiff3 (3.4beta037-2) unstable; urgency=low

  * Add libjpegg6a to shlibs.local to correct for broken dependency.

 -- Guy Maor <maor@ece.utexas.edu>  Fri, 26 Sep 1997 11:23:55 -0500

libtiff3 (3.4beta037-1) unstable; urgency=low

  * New upstream version, libc6 compile, policy 2.3.0.0 (5136, 7470, 7627, 8166
    8312, 9479, 9492, 9531, 11700, 11702).
  * Fix check for shared lib support (10805).

 -- Guy Maor <maor@ece.utexas.edu>  Tue, 23 Sep 1997 16:55:56 -0500