libraw (0.18.8-1ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: missing thumbnail size range checks
    - debian/patches/CVE-2020-15503.patch: add checks to
      libraw/libraw_const.h, src/libraw_cxx.cpp.
    - CVE-2020-15503
  * SECURITY UPDATE: out-of-bounds write via X3F file
    - debian/patches/CVE-2020-35530.patch: check huffman tree size in
      internal/libraw_x3f.cpp.
    - CVE-2020-35530
  * SECURITY UPDATE: out-of-bounds read in get_huffman_diff()
    - debian/patches/CVE-2020-35531.patch: check for data offset limit in
      internal/libraw_x3f.cpp.
    - CVE-2020-35531
  * SECURITY UPDATE: out-of-bounds read via a large row_stride field
    - debian/patches/CVE-2020-35532.patch: check for data offset limit in
      internal/libraw_x3f.cpp.
    - CVE-2020-35532
  * SECURITY UPDATE: out-of-bounds read in adobe_copy_pixel()
    - debian/patches/CVE-2020-35533.patch: more room for ljpeg row in
      dcraw/dcraw.c.
    - CVE-2020-35533

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 04 Nov 2022 14:02:18 -0400

libraw (0.18.8-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: infinite loop issues
    - debian/patches/CVE-2018-581x.patch: add more checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2018-5817
    - CVE-2018-5818
    - CVE-2018-5819
  * SECURITY UPDATE: stack overflow in parse_makernote
    - debian/patches/CVE-2018-20337.patch: properly calculate length in
      dcraw/dcraw.c, internal/dcraw_common.cpp.
    - CVE-2018-20337
  * SECURITY UPDATE: NULL deref in LibRaw::raw2image
    - debian/patches/CVE-2018-20363.patch: add check in src/libraw_cxx.cpp.
    - CVE-2018-20363
  * SECURITY UPDATE: NULL deref in LibRaw::copy_bayer
    - debian/patches/CVE-2018-20364.patch: add check in src/libraw_cxx.cpp.
    - CVE-2018-20364
  * SECURITY UPDATE: heap overflow in LibRaw::raw2image()
    - debian/patches/CVE-2018-20365.patch: zero filters in dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2018-20365

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 17 May 2019 13:54:32 -0400

libraw (0.18.8-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple memory management issues
    - debian/patches/CVE-2018-5807_5810_5811_5812.patch: out-of-bounds
      reads, heap-based buffer overflow and NULL pointer dereference in
      internal/dcraw_common.cpp
    - CVE-2018-5807
    - CVE-2018-5810
    - CVE-2018-5811
    - CVE-2018-5812
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c
      and internal/dcraw_common.cpp
    - CVE-2018-5813
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-5815.patch: integer overflow in
      internal/dcraw_common.cpp
    - CVE-2018-5815
  * SECURITY UPDATE: Divide by zero
    - debian/patches/CVE-2018-5816.patch: divide by zero in
      internal/dcraw_common.cpp
    - CVE-2018-5816

 -- Alex Murray <alex.murray@canonical.com>  Tue, 04 Dec 2018 15:38:46 +1030

libraw (0.18.8-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2018-10528.patch: parser possible
      buffer overrun in  src/libraw_cxx.cpp.
    - CVE-2018-10528
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2018-10529.patch: X3F property table list fix
      in src/libraw_cxx.cpp, internal/libraw_x3f.cpp.
    - CVE-2018-10529

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 07 May 2018 11:31:13 -0300

libraw (0.18.8-1) unstable; urgency=medium

  * New upstream release
    - debian/libraw16.symbols: symbols updated

 -- Matteo F. Vescovi <mfv@debian.org>  Sun, 04 Mar 2018 15:29:17 +0100

libraw (0.18.7-2) unstable; urgency=medium

  [ Jason Duerstock ]
  * debian/libraw16.symbols: symbols refreshed to add ia64 architecture
    (Closes: #888061)

 -- Matteo F. Vescovi <mfv@debian.org>  Wed, 24 Jan 2018 14:44:01 +0100

libraw (0.18.7-1) unstable; urgency=medium

  * New upstream release
  * debian/copyright: copyright-format moved to https://

 -- Matteo F. Vescovi <mfv@debian.org>  Mon, 22 Jan 2018 23:02:49 +0100

libraw (0.18.6-1) unstable; urgency=medium

  * New upstream release
  * debian/compat: 10 -> 11
  * debian/control: debhelper versioning 10 -> 11
  * debian/control: S-V bump 4.1.1 -> 4.1.3 (no changes needed)
  * debian/libraw16.symbols: update MISSING symbols
  * debian/libraw-doc.doc-base: fix installation path

 -- Matteo F. Vescovi <mfv@debian.org>  Sun, 07 Jan 2018 14:04:54 +0100

libraw (0.18.5-1) unstable; urgency=medium

  * New upstream release (Closes: #874729)
  * debian/: autotools-dev usage dropped
  * debian/control: S-V bump 4.0.0 -> 4.1.1 (no changes needed)

 -- Matteo F. Vescovi <mfv@debian.org>  Fri, 06 Oct 2017 21:51:38 +0200

libraw (0.18.2-2) unstable; urgency=medium

  * Upload to unstable
  * debian/control: S-V bump 3.9.8 => 4.0.0 (no changes needed)

 -- Matteo F. Vescovi <mfv@debian.org>  Thu, 22 Jun 2017 17:32:33 +0200

libraw (0.18.2-1) experimental; urgency=medium

  * New upstream release
    - debian/libraw16.symbols: MISSING symbols updated

 -- Matteo F. Vescovi <mfv@debian.org>  Sat, 25 Mar 2017 13:45:42 +0100

libraw (0.18.1-1) experimental; urgency=medium

  * New upstream release

 -- Matteo F. Vescovi <mfv@debian.org>  Fri, 03 Mar 2017 14:57:36 +0100

libraw (0.18.0-1) experimental; urgency=medium

  * New upstream release
    - debian/: SONAME bump libraw15 => libraw16
    - debian/libraw16.symbols: symbols updated
    - debian/copyright: licenses updated
    - debian/patches/: patchset dropped (applied upstream)
  * debian/: bump compatibility 9 -> 10

 -- Matteo F. Vescovi <mfv@debian.org>  Mon, 02 Jan 2017 13:52:44 +0100

libraw (0.17.2-6) unstable; urgency=medium

  * debian/patches/: patchset updated (again)
    - 0001-Fix_gcc6_narrowing_error.patch replaced with
      0001-Fix_gcc6_narrowing_conversion.patch since it
      was causing FTBFS on most little-endian architectures
      Thanks to Alex Tutubalin (upstream) for the quick fix.

 -- Matteo F. Vescovi <mfv@debian.org>  Thu, 25 Aug 2016 22:29:57 +0200

libraw (0.17.2-5) unstable; urgency=medium

  * debian/patches/: patchset updated
    - 0001-Fix_dcraw_narrowing_for_gcc6.patch dropped
      (wrong approach to fix the issue)
    - 0001-Fix_gcc6_narrowing_error.patch added (Closes: #835350)

 -- Matteo F. Vescovi <mfv@debian.org>  Wed, 24 Aug 2016 22:26:35 +0200

libraw (0.17.2-4) unstable; urgency=medium

  * debian/patches/: patchset updated (Closes: #811744)
    - 0001-Fix_dcraw_narrowing_for_gcc6.patch refreshed
      Thanks to Alex Tutubalin (upstream dev) for the advice.

 -- Matteo F. Vescovi <mfv@debian.org>  Wed, 27 Jul 2016 23:33:34 +0200

libraw (0.17.2-3) unstable; urgency=medium

  * debian/patches/: patchset initiated (Closes: #811744)
    - 0001-Fix_dcraw_narrowing_for_gcc6.patch added

 -- Matteo F. Vescovi <mfv@debian.org>  Thu, 30 Jun 2016 22:12:11 +0200

libraw (0.17.2-2) unstable; urgency=medium

  * debian/control: libjasper-dev b-dep dropped (Closes: #818204)

 -- Matteo F. Vescovi <mfv@debian.org>  Sun, 26 Jun 2016 14:22:59 +0200

libraw (0.17.2-1) unstable; urgency=medium

  * New upstream release
  * debian/control: Maintainer field updated.
    Sadly, the Shotwell Team has dissolved.
    Now the LibRaw is under PhotoTools Maintainers umbrella.
  * debian/control: S-V bump 3.9.6 -> 3.9.8 (no changes needed)
  * debian/control: Vcs-* fields updated for https:// usage
  * debian/libraw15.symbols: symbols updated

 -- Matteo F. Vescovi <mfv@debian.org>  Wed, 25 May 2016 22:02:07 +0200

libraw (0.17.1-1) unstable; urgency=high

  * New upstream release (Closes: #806809)
    - Fix CVE-2015-8366 and CVE-2015-8367

 -- Matteo F. Vescovi <mfv@debian.org>  Thu, 03 Dec 2015 21:19:12 +0100

libraw (0.17.0-1) unstable; urgency=medium

  * New upstream release
    - debian/: SONAME bump libraw10 => libraw15
    - debian/rules: bump dh_makeshlibs to libraw15
    - debian/libraw15.symbols: symbols refreshed
  * debian/copyright: file updated

 -- Matteo F. Vescovi <mfv@debian.org>  Fri, 16 Oct 2015 10:03:52 +0200

libraw (0.16.2-1) unstable; urgency=high

  * New upstream release
    - Fix CVE-2015-3885
  * debian/control:
    - XS-Testsuite field dropped
    - Uploader e-mail address updated

 -- Matteo F. Vescovi <mfv@debian.org>  Tue, 26 May 2015 09:06:05 +0200

libraw (0.16.0-9) unstable; urgency=medium

  * debian/control: strictly build-depends on libjpeg-dev.
    Thanks to Ondřej Surý (ondrej) for the patch. (Closes: #763482)
  * debian/control: S-V bump 3.9.5 => 3.9.6 (no changes needed)

 -- Matteo F. Vescovi <mfvescovi@gmail.com>  Tue, 30 Sep 2014 17:47:16 +0200

libraw (0.16.0-8) unstable; urgency=medium

  * debian/watch: search path updated (Closes: #759650)

 -- Matteo F. Vescovi <mfvescovi@gmail.com>  Fri, 29 Aug 2014 10:29:55 +0200

libraw (0.16.0-7) unstable; urgency=medium

  * debian/libraw10.symbols: updated for mips64/mips64el.
    Thanks to YunQiang Su for the patch. (Closes: #758530)

 -- Matteo F. Vescovi <mfvescovi@gmail.com>  Thu, 28 Aug 2014 16:06:06 +0200

libraw (0.16.0-6) unstable; urgency=medium

  * debian/control: new uploader (Closes: #755414)
  * debian/control: VCS fields added
  * debian/libraw10.symbols: mips64/mips64el archs added.
    Thanks to YunQiang Su for the patch. (Closes: #754360)

 -- Matteo F. Vescovi <mfvescovi@gmail.com>  Mon, 21 Jul 2014 15:10:41 +0200

libraw (0.16.0-5) unstable; urgency=medium

  [ Martin Pitt ]
  * Fix autopkgtest: Add missing libraw-dev test dep, drop unnecessary
    @builddeps@, and add missing "set -e" so that the test actually fails
    properly. Also fix linking order to also work with binutils-gold.
    These fixes closes: #750985.

 -- Luca Falavigna <dktrkranz@debian.org>  Tue, 10 Jun 2014 11:13:04 +0200

libraw (0.16.0-4) unstable; urgency=medium

  * debian/libraw10.symbols:
    - Update symbols to build against gcc-4.9 (Closes: #746875).
  * debian/tests/testbuild:
    - Provide a simple test to check whether the package is fucntional,
      as per DEP8 (autopkgtests).

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 07 Jun 2014 18:43:23 +0200

libraw (0.16.0-3) unstable; urgency=medium

  [ Adam Conrad ]
  * debian/libraw10.symbols:
    - Update symbols for arm64 and ppc64el (Closes: #745883).

 -- Luca Falavigna <dktrkranz@debian.org>  Thu, 01 May 2014 09:58:02 +0200

libraw (0.16.0-2) unstable; urgency=medium

  * debian/libraw10.symbol:
    - Handle 32-bit symbol differences (Closes: #740106).

 -- Luca Falavigna <dktrkranz@debian.org>  Thu, 27 Feb 2014 16:34:23 +0100

libraw (0.16.0-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - Re-add myself as Uploader.
    - Bump Standards-Version to 3.9.5.
  * debian/copyright:
    - Update license information.
  * debian/libraw10.symbol:
    - Renamed from libraw9.symbols.amd64 to match new binary, refreshed
      with the new symbols (Closes: #738424).
 -- Luca Falavigna <dktrkranz@debian.org>  Mon, 24 Feb 2014 18:53:46 +0100

libraw (0.15.4-1) unstable; urgency=low

  * Team upload.
  * New upstream release.
    - Fix for CVE-2013-1438 (Closes: #721231).
    - Fix for CVE-2013-1439 (Closes: #721338).
    - Fix segmentaition fault when unprocessed_raw is passed -s option
      wihout any parameter (Closes: #716423).
  * debian/patches/4channels_parameter.patch:
    - Dropped, applied upstream.
  * debian/patches/typo.patch:
    - Dropped, applied upstream.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 05 Oct 2013 17:53:47 +0200

libraw (0.15.3-1) unstable; urgency=low

  * Team upload to unstable.
  * New upstream release (Closes: #710353).
    - Fix error handling for broken full-color images - CVE-2013-2126.
    - Fix wrong data_maximum calcluation - CVE-2013-2127.
  * debian/patches/4channels_parameter.patch:
    - Fix segmentaition fault when 4channel is passed -s option without
       any parameter (Closes: #715577).

 -- Luca Falavigna <dktrkranz@debian.org>  Wed, 10 Jul 2013 21:20:09 +0200

libraw (0.15.1-1) experimental; urgency=low

  * Team upload.
  * New upstream release.
  * debian/patches/typo.patch:
    - Fix typo in help output.
  * debian/control:
    - Build-depend on dh-autoreconf.
    - Build-depend on libjpeg8-dev | libjpeg-dev.
    - Replace libraw5 with libraw9, SONAME changed.
    - libraw-dev depends on libraw9 accordingly.
  * debian/copyright:
    - Update copyright years.
  * debian/libraw9.install:
    - Renamed from libraw5.install to match new binary.
  * debian/libraw9.symbols.amd64:
    - Renamed from libraw5.symbols.amd64 to match new binary.
  * debian/rules:
    - Build with autoreconf support.
    - Build with DNG support (Closes: #699356).
    - Pass "-Wl,-z,defs -Wl,--as-needed" to LDFLAGS.
    - Update dh_makeshlibs call to match new binary.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 25 May 2013 02:50:14 +0200

libraw (0.14.7-2) unstable; urgency=low

  * Team upload.
  * Upload to unstable.
  * debian/control:
    - Remove deprecated DM-Upload-Allowed field.
    - Bump Standards-Version to 3.9.4.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 12 May 2013 20:47:35 +0200

libraw (0.14.7-1) experimental; urgency=low

  * Team upload.
  * New upstream release (Closes: #682982).
  * debian/control:
    - Add DM-Upload-Allowed field.
  * debian/watch:
    - Use new redirector librawredir.debian.net.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 25 Aug 2012 13:35:59 +0200

libraw (0.14.6-2) unstable; urgency=low

  * Team upload.
  * debian/control:
    - Add liblcms2-dev to libraw-dev Depends field.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 27 May 2012 12:16:53 +0200

libraw (0.14.6-1) unstable; urgency=low

  * Team upload to unstable.
  * New upstream release.
  * Multi-arch support.
  * debian/compat:
    - Bump compatibility level to 9.
  * debian/control:
    - Bump Standards-Version to 3.9.3.
  * debian/copyright:
    - Update copyright years.
    - Format now points to copyright-format site.
  * debian/libraw5.symbols.amd64:
    - Refresh symbols file.
  * debian/rules:
    - Bump minimum version in dh_makeshlibs to 0.14.6.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 06 May 2012 17:59:10 +0200

libraw (0.14.0-1) experimental; urgency=low

  * Team upload.
  * New upstream release.
  * debian/control:
    - Replace libraw2 with libraw5, SONAME changed.
    - libraw-dev depends on libraw5 accordingly.
    - Build-depend on pkg-config, libjasper-dev and liblcms2-dev.
  * debian/libraw5.install:
    - Renamed from libraw2.install to match new binary.
  * debian/libraw5.symbols.amd64:
    - Renamed from libraw2.symbols.amd64 to match new binary.
  * debian/rules:
    - Update dh_makeshlibs call to match new binary.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 24 Sep 2011 15:32:39 +0200

libraw (0.13.8-1) unstable; urgency=low

  * Team upload.
  * New upstream release.
  * debian/control:
    - Add Debian Shotwell Maintainers to Maintainers.
    - Move Devid to Uploaders.
    - Add autotools-dev to Build-Depends.
    - Add libraw2 package, who provides the shared library.
    - Add libraw2-bin package, who provides some tools to
      manipulate RAW files.
    - Bump Standards-Version to 3.9.2, no changes required.
  * debian/copyright:
    - Update copyright information.
  * debian/rules:
    - Build with autotools_dev to regenerate config.{sub,guess}.
    - Manually set prefix to install shared library correctly.
  * debian/watch:
    - Upstream disabled listing support, watch file is no-op now.

 -- Luca Falavigna <dktrkranz@debian.org>  Mon, 22 Aug 2011 20:45:22 +0200

libraw (0.13.1-2) unstable; urgency=low

  * Set myself as maintainer (Closes: #613870).
  * debian/control: add Timo Witte to Uploaders field.
  * debian/install: install *.pc files in /usr/lib/pkgconfig (Closes: #613777).

 -- Devid Antonio Filoni <d.filoni@ubuntu.com>  Fri, 04 Mar 2011 20:48:20 +0100

libraw (0.13.1-1) unstable; urgency=low

  * New upstream release (Closes: #607139).
  * debian/control:
    - Bump Standards-Version to 3.9.1, no changes required.
  * debian/copyright:
    - Update copyright years.

 -- Luca Falavigna <dktrkranz@debian.org>  Tue, 08 Feb 2011 22:53:51 +0100

libraw (0.9.1-1) unstable; urgency=low

  * Initial release (Closes: #578830).

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 12 Jun 2010 10:09:37 +0200
