freeimage (3.17.0+ds1-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/Fix-CVE-2016-5684.patch: Fix out-of-bounds write
      vulnerability in the XMP image handling functionality
    - CVE-2016-5684

 -- Mike Salvatore <mike.salvatore@canonical.com>  Thu, 28 Mar 2019 11:48:11 -0400

freeimage (3.17.0+ds1-2) unstable; urgency=medium

  * Improve build reproducibility by applying suggested s/sort/LC_ALL=C sort/
    to Disable-vendored-dependencies.patch.
  * Merge libpng16.patch with Fix-compatibility-with-system-libpng.patch.
  * Use secure Vcs-Git URI.
  * Bump standards version to 3.9.7, no changes required.

 -- Ghislain Antony Vaillant <ghisvail@gmail.com>  Fri, 04 Mar 2016 09:59:58 +0000

freeimage (3.17.0+ds1-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * FTBFS with libpng1.6: New patch libpng16.patch (Closes: #742560)

 -- Tobias Frost <tobi@debian.org>  Fri, 22 Jan 2016 06:33:47 +0100

freeimage (3.17.0+ds1-1) unstable; urgency=medium

  * Move from experimental to unstable.

 -- Anton Gladky <gladk@debian.org>  Mon, 18 Jan 2016 08:33:15 +0100

freeimage (3.17.0+ds1-1~exp2) experimental; urgency=medium

  * Add missing breaks / replaces relationship for libfreeimageplus-dev.
    Thanks to Andreas Beckmann (Closes: #810570)
  * Add missing depends on libfreeimage-dev for libfreeimageplus-dev.
  * autopkgtest: use respective -dev packages for fi and fip tests.
  * Add patch fixing the encoding of the FreeImage public header.
    Thanks to Christophe Trophime (Closes: #798003)

 -- Ghislain Antony Vaillant <ghisvail@gmail.com>  Sun, 10 Jan 2016 16:09:02 +0000

freeimage (3.17.0+ds1-1~exp1) experimental; urgency=medium

  [ Ghislain Antony Vaillant ]
  * New upstream release.
  * Use repacked upstream source tarball:
    - d/copyright: exclude vendored libraries.
    - d/watch: use more flexible regexes.
    - Remove *get-orig script, no longer used.
    - Remove *lintian-overrides, no longer used.
  * d/copyright: update licensing information.
  * Add gbp.conf file.
  * d/control: refresh list of build dependencies.
  * Add new binary packages for FreeImagePlus.
    Packages: libfreeimageplus{3,3-dbg,-dev,-doc}
  * d/rules:
    - Add multi-arch support.
    - Use modern hardening settings.
    - Run FreeImage and FreeImagePlus testsuites.
    - Call upstream dos2unix target.
  * Add autopkgtest support.
  * Refresh patch queue:
    - Drop disable_embedded_libraries.patch, replaced by new set of patches
      derived from Fedora's.
      Files: Disable-vendored-dependencies.patch,
             Use-system-dependencies.patch
    - Drop patch for CVE-2015-3885, FreeImage now uses the system libraw.
    - Disable tests for any functionality requiring the vendored libraries.
      File: Disable-testing-of-JPEG-transform.patch
    - Temporary disable failing JXR MemIO test.
      File: Disable-testing-of-JXR-MemIO.patch
    - Improve compatibility with system libraries.
      Files: Fix-macro-redefinition-of-64-bit-integer-types.patch,
             Fix-compatibility-with-system-libpng.patch
    - Various bug fixes caught whilst testing.
      Files: Fix-unsafe-usage-of-printf-in-testsuite.patch,
             Fix-missing-cstdio-include-in-testsuite.patch,
             Fix-endianness-detection.patch
    - Disable HTML timestamps in Doxygen documentation.
      File: Disable-usage-of-HTML-timestamps-in-doxygen.patch
    - Rename patch fixing CVE-2015-0852.
      File: Fix-CVE-2015-0852.patch

  [ Anton Gladky ]
  * Fix typo in d/control.
  * Use packaged jquery.js instead of embedded.
  * Fix build in indep-only mode.

 -- Ghislain Antony Vaillant <ghisvail@gmail.com>  Wed, 11 Nov 2015 13:40:17 +0000

freeimage (3.15.4-6) unstable; urgency=medium

  * [2ae274b] Move package under the Debian science team. (Closes: #604614)
  * [d526203] Apply cme fix dpkg-control.
  * [d526a52] Use compat level 9.
  * [c8cc95b] Simplify d/rules, .install.
  * [2682cec] Fix integer overflow in the ljpeg_start function CVE-2015-3885.
              (Closes: #786790)
  * [64a044f] Ignore quilt dir

 -- Anton Gladky <gladk@debian.org>  Thu, 29 Oct 2015 23:17:04 +0100

freeimage (3.15.4-5) unstable; urgency=medium

  [ W. Martin Borgert ]
  * QA upload.
  * [e807e1c] Fix integer overflow. (Closes: #797165)

 -- W. Martin Borgert <debacle@debian.org>  Tue, 15 Sep 2015 22:50:49 +0200

freeimage (3.15.4-4.1) unstable; urgency=medium

  * Non-maintainer upload
  * Remove libjpeg8-dev from Build-Depends
  * Add compatibility transupp.c from src:libjpeg-turbo and use that
    to compile against libjpeg62 (Closes: #763255)
  * Make d/copyright machine readable and add jpeg/* and Source/LibJPEG/*
    license

 -- Ondřej Surý <ondrej@debian.org>  Mon, 06 Oct 2014 11:29:52 +0200

freeimage (3.15.4-4) unstable; urgency=medium

  * QA upload.
  * Build-depend on libjpeg8-dev.
    Patch by Dejan Latinovic <Dejan.Latinovic@imgtec.com>.
    Closes: #763255.
  * Improve big endian detection.
    Add fix-big-endian-detection.patch.
    Patch by Dejan Latinovic <Dejan.Latinovic@imgtec.com>.
    Closes:  #763730.
  * Refresh patches

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 02 Oct 2014 10:18:47 +0100

# For older changelog entries, run 'apt-get changelog libfreeimage3'