libexif (0.6.21-2ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-0452.patch: fixed a incorrect overflow check that could be
      optimized away in libexif/exif-entry.c.
    - CVE-2020-0452

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 06 Nov 2020 12:02:37 -0300

libexif (0.6.21-2ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0093.patch: fix read
      buffer overflow making sure the number of bytes being
      copied from does not exceed the source buffer size in
      libexif/exif-data.c.
    - CVE-2020-0093
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
      overflow check for a size overflow while reading tags in
      libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif/mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.c.
    - CVE-2020-13112
  * SECURITY UPDATE: Possibly crash and potential use-after-free
    - debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
      pointer is not dereferenced later in the case where the number of
      components is 0 in libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif-mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.
    - CVE-2020-13113
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-13114.patch: add a failsafe on the
      maximum number of Canon MakerNote subtags in
      libexif/canon/exif-mnote-data-canon.c.
    - CVE-2020-13114
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0182.patch: fix a buffer read
      overflow in exif_entry_get_value in libexif/exif-entry.c.
    - CVE-2020-0182
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
      in libexif/exif-data.c.
    - CVE-2020-0198

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 09 Jun 2020 09:34:38 -0300

libexif (0.6.21-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20030.patch: improve deep recursion detection
      in exif_data_load_data_content in libexif/exif-data.c.
    - CVE-2018-20030
  * SECURITY UPDATE: Divinding by zero vulnerability
    - debian/patches/CVE-2020-12767.patch: check if d variable is not zeroed
      before use it in libexif/exif-entry.c
    - CVE-2020-12767

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 11 May 2020 13:13:09 -0300

libexif (0.6.21-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2016-6328.patch: fix int overflow while parsing
      MNOTE entry data of the input file in
      libexif/pentax/mnote-pentax-entry.c
    - CVE-2016-6328
  * SECURITY UPDATE: Out-bouns heap read and denial of service
    - debian/patches/CVE-2017-7544.patch: fixes out-of-bounds heap read
      in exif_data_save_data_entry function in libexif/exif-data.c.
    - CVE-2017-7544
  * SECURITY UPDATE: Out of bounds write
    - debian/patches/CVE-2019-9278.patch: avoid the use of unsafe int overflow
      checking constructs and check for the actual sizes to avoid integer
      overflows in libexif/exif-data.c.
    - CVE-2019-9278

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 11 Feb 2020 09:10:54 -0300

libexif (0.6.21-2) unstable; urgency=medium

  * Use autoreconf instead of autotools-dev (Closes: #754399)
  * Bump Standards-Version to 3.9.5
  * Add symbols file for libexif12
  * Enable parallel building

 -- Emmanuel Bouthenot <kolter@debian.org>  Sun, 24 Aug 2014 21:34:56 +0200

libexif (0.6.21-1) unstable; urgency=low

  * New upstream release
  * Refresh and remove deprecated patches
  * Bump Standards-Version to 3.9.4
  * Adjust debhelper dependency version to >= 9

 -- Emmanuel Bouthenot <kolter@debian.org>  Sat, 26 Jan 2013 18:03:12 +0000

libexif (0.6.20-3) unstable; urgency=high

  * Add patches to fix multiples security issues: CVE-2012-2814,
    CVE-2012-2840, CVE-2012-2813, CVE-2012-2812, CVE-2012-2841,
    CVE-2012-2836, CVE-2012-2837 (Closes: #681454).

 -- Emmanuel Bouthenot <kolter@debian.org>  Tue, 17 Jul 2012 19:05:20 +0000

libexif (0.6.20-2) unstable; urgency=low

  [ Kees Cook ]

  * debian/copyright: fix empty lines in multi-line section, add missing
    intended "license" lines, add missing BSD license for pt_BR.po.
  * debian/libexif-dev.install:
    - use multiple lines instead of technically unsupported {}.
    - remove .la file, per release goal; there are no build dep using it.
  * debian/{control,compat,*.install,rules}: build for Multi-Arch support
    (Closes: #650998)

  [ Emmanuel Bouthenot ]

  * Bump Standards-Version to 3.9.2
  * Remove DMUA field (no more needed)
  * Update debian/rules to enable usage of autotools_dev sequence with
    debhelper
  * Switch debhelper compatibility to 9
  * Update Vcs-Git and Vcs-Browser fields

 -- Emmanuel Bouthenot <kolter@debian.org>  Fri, 27 Jan 2012 20:34:17 +0000

libexif (0.6.20-1) unstable; urgency=low

  * New upstream release
  * debian/copyright:
     - updates (huge backlog)
     - switch to DEP5 format
  * Refresh patches and convert them to DEP3 format
  * Switch to dpkg-source 3.0 (quilt) format
  * Update uploader email (me)
  * Bump Standards-Version to 3.9.1
  * Add a patch to support new Canon camera. Thanks to Adrian von Bidder for
    the patch. Rest In Peace Adrian. (Closes: #617764).

 -- Emmanuel Bouthenot <kolter@debian.org>  Wed, 27 Apr 2011 18:17:43 +0000

libexif (0.6.19-1) unstable; urgency=high

  * New upstream release
    - fix CVE-2009-3895: heap buffer overflow during tag format conversion
      (Closes: #557137)

 -- Emmanuel Bouthenot <kolter@openics.org>  Thu, 19 Nov 2009 22:38:27 +0000

libexif (0.6.18-1) unstable; urgency=low

  * New upstream release
  * Clean and minify the build process (using dh7 overrides)
  * Bump Standards-Version to 3.8.3.
  * Add README.source file.
  * Add doc-base file for libexif API documentation.

 -- Emmanuel Bouthenot <kolter@openics.org>  Sat, 24 Oct 2009 09:29:24 +0200

libexif (0.6.17-1) unstable; urgency=low

  * Adopt the package within pkg-phototools:
    - Set the Maintainer to the group
    - Add Frederic Peters and myself as Uploaders.
    - Add Vcs-Browser and Vcs-Git fields accordingly.
  * New upstream release:
    - remove patches merged upsteam:
      + 30_olympus_makernote.dpatch
      + 40_crash_looking_up_invalid_values.dpatch
      + 50_relibtoolize.dpatch
      + CVE-2007-6351.dpatch
      + CVE-2007-6352.dpatch
    - convert existing patches from dpatch to quilt.
    - Fix a bug while reading exif datas in some cases (Closes: #447907)
  * Switch packaging to debhelper 7
  * Update debian/control:
    - Drop duplicate section field for exif12
    - Bump Standards-Version to 3.8.1
    - Replace deprecated ${Source-Version} by ${binary:Version}
    - Enhance libexif-dev long description.
    - Add homepage field.
    - Add DM-Upload-Allowed field.
  * Force remove of files not fully cleaned
  * Remove empty doc files in libexif-dev.
  * Update debian/copyright.

 -- Emmanuel Bouthenot <kolter@openics.org>  Sun, 19 Apr 2009 17:53:15 +0200

libexif (0.6.16-2.1) unstable; urgency=high

  * Non-maintainer upload by security team.
  * This update addresses the following security issues:
    - possible denial of service attack via crafted
      image file leading to an infinite recursion in the
      exif-loader.c (CVE-2007-6351; Closes: #457330).
    - integer overflow in exif-data.c triggered by a crafted
      image file could lead to arbitrary code execution
      (CVE-2007-6352; Closes: #457330).

 -- Nico Golde <nion@debian.org>  Fri, 21 Dec 2007 17:13:58 +0100

libexif (0.6.16-2) unstable; urgency=low

  * debian/libexif12.docs: added README file (closes: #434773)

 -- Frederic Peters <fpeters@debian.org>  Thu, 26 Jul 2007 19:37:47 +0200

libexif (0.6.16-1) unstable; urgency=high

  * New upstream release, with security fix:
    * Integer overflow in the exif_data_load_data_entry (CVE-2006-4168)
      (closes: #430012)

 -- Frederic Peters <fpeters@debian.org>  Thu, 21 Jun 2007 20:42:24 +0200

libexif (0.6.15-1) unstable; urgency=high

  * New upstream release, with security fixes:
    * Integer overflow in the exif_data_load_data_entry (CVE-2007-2645)
      (closes: #424775)
    * Don't dereference NULL (CID 4) (no assigned CVE)
    * Don't parse Makernote when there is not enough data for
      (makernote-irelevant) IFD1 (no assigned CVE)
  * debian/patches/30_olympus_makernote.dpatch: merged upstream
  * debian/patches/40_crash_looking_up_invalid_values.dpatch: merged upstream
  * debian/patches/50_relibtoolize.dpatch: run libtoolize on sources

 -- Frederic Peters <fpeters@debian.org>  Fri, 25 May 2007 10:04:00 +0200

libexif (0.6.13-6) unstable; urgency=low

  * debian/control: added build-depends on dpatch
  * debian/rules: use dpatch
  * debian/patches/10_pkg_config_header_dir.dpatch: patch from 0.6.13-4
  * debian/patches/20_extra_colorspace_check.dpatch: patch from 0.6.13-5
  * debian/patches/30_olympus_makernote.dpatch: added support for Olympus S760
    & S770 makernote (closes: #418945)
  * debian/patches/40_crash_looking_up_invalid_values.dpatch: backport of
    "fixed crashes when looking up invalid values (upstream #1457501)".

 -- Frederic Peters <fpeters@debian.org>  Tue, 08 May 2007 11:47:19 +0200

libexif (0.6.13-5) unstable; urgency=low

  * libexif/exif-entry.c: added extra check against value read for color
    space (closes: #398426)  (this is not from upstream but upstream is
    said to have this fixed as well, couldn't find how)

 -- Frederic Peters <fpeters@debian.org>  Sun, 19 Nov 2006 22:57:21 +0100

libexif (0.6.13-4) unstable; urgency=low

  * libexif/libexif.pc.in: fixed CFLAGS, so include dir is correctly set.
    (closes: #356567)

 -- Frederic Peters <fpeters@debian.org>  Sun, 12 Mar 2006 21:14:27 +0100

libexif (0.6.13-3) unstable; urgency=low

  * debian/watch: added uscan file.

 -- Frederic Peters <fpeters@debian.org>  Mon,  6 Mar 2006 00:06:29 +0100

libexif (0.6.13-2) unstable; urgency=low

  * ship NEWS file in libexif12 package. (closes: #355262)

 -- Frederic Peters <fpeters@debian.org>  Sat,  4 Mar 2006 16:57:03 +0100

libexif (0.6.13-1) unstable; urgency=low

  * New upstream release.
  * debian/control: depends on doxygen and graphviz to build documentation;
    packaged in libexif-dev.

 -- Frederic Peters <fpeters@debian.org>  Sun, 26 Feb 2006 20:09:03 +0100

libexif (0.6.12-2) unstable; urgency=low

  * libexif/exif-data.c: backported fix from CVS (revision 1.68)
    (closes: #318662)

 -- Frederic Peters <fpeters@debian.org>  Sun, 17 Jul 2005 02:49:46 +0200

libexif (0.6.12-1) unstable; urgency=low

  * New upstream release. (closes: #281297)
    * soname bumped to 12
    * buffer size checks in exif-data.c merged upstream.
    * po-domain.path merged upstream.
  * libexif/exif-utils.c: fixed exif_get_sshort declaration mismatch.

 -- Frederic Peters <fpeters@debian.org>  Sat, 16 Jul 2005 10:08:51 +0200

libexif (0.6.9-6) unstable; urgency=low

  * libexif/exif-loader.h: don't include itself. (closes: #299507)

 -- Frederic Peters <fpeters@debian.org>  Mon, 14 Mar 2005 16:56:48 +0100

libexif (0.6.9-5) unstable; urgency=high

  * Urgency high since it fixes a security issue.
  * Patch provided from Ubuntu by Martin Pitt, written by Sylvain Defresne.
  * libexif/exif-data.c: Add buffer size checks in several places before
    trying to access it. (closes: #298464)
  * Reference: https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
  * debian/control: reworded description synopsis.

 -- Frederic Peters <fpeters@debian.org>  Mon,  7 Mar 2005 18:56:31 +0100

libexif (0.6.9-4) unstable; urgency=low

  * debian/copyright: fixed license (LGPL, not GPL) (closes: #281442)

 -- Frederic Peters <fpeters@debian.org>  Tue, 16 Nov 2004 10:40:55 +0100

libexif (0.6.9-3) unstable; urgency=medium

  * src/exif-data.c: fix for crasher bug with EXIF data in some Canon
    pictures.  (closes: #279337)
  * debian/rules: fixed clean target

 -- Frederic Peters <fpeters@debian.org>  Wed,  3 Nov 2004 09:38:13 +0100

libexif (0.6.9-2) unstable; urgency=medium

  * Adopted package.
  * debian/control: bumped Standards-Version to 3.6.1
  * debian/rules: delete po/libexif-$(major).pot in clean target
  * libexif/exif-data.c: fixed segfault on some pictures (urgency medium since
    it broke gimp and others with those files)

 -- Frederic Peters <fpeters@debian.org>  Mon, 11 Oct 2004 09:44:24 +0200

libexif (0.6.9-1) unstable; urgency=low

  * New upstream release.

 -- christophe barbe <christophe@debian.org>  Fri, 28 May 2004 16:15:19 -0400

libexif (0.5.12-1) unstable; urgency=low

  * New upstream release (Closes: #206081).

 -- christophe barbe <christophe@debian.org>  Mon, 18 Aug 2003 21:00:57 -0400

libexif (0.5.10-2) unstable; urgency=low

  * Use soname in po domain to avoid conflict with libexif5 (Closes: #203956).

 -- christophe barbe <christophe@debian.org>  Sun,  3 Aug 2003 10:24:48 -0400

libexif (0.5.10-1) unstable; urgency=low

  * New upstream featuring a new exif-loader.

 -- christophe barbe <christophe@debian.org>  Sun, 27 Jul 2003 16:01:27 -0400

libexif (0.5.9-5) unstable; urgency=low

  * Move DH_COMPAT in debian/compat.
  * Bump Standards-Version up to 3.5.9.
  * In new libdevel section.

 -- christophe barbe <christophe@debian.org>  Thu,  3 Apr 2003 20:42:49 -0500

libexif (0.5.9-4) unstable; urgency=low

  * Apply the libtool patch soon enough.  

 -- christophe barbe <christophe@debian.org>  Mon, 27 Jan 2003 10:26:40 -0500

libexif (0.5.9-3) unstable; urgency=low

  * Libtool update to finally get a working MIPS package (Closes: 177973). 

 -- christophe barbe <christophe@debian.org>  Sun, 26 Jan 2003 16:04:42 -0500

libexif (0.5.9-2) unstable; urgency=low

  * Added autotools-dev code (so the MIPS package should be built).

 -- christophe barbe <christophe@debian.org>  Wed, 22 Jan 2003 09:01:47 -0500

libexif (0.5.9-1) unstable; urgency=low

  * New upstream release. 

 -- christophe barbe <christophe@debian.org>  Mon, 20 Jan 2003 16:48:14 -0500

libexif (0.5.7-1) unstable; urgency=low

  * New upstream release. 

 -- christophe barbe <christophe@debian.org>  Mon,  2 Dec 2002 21:29:45 -0500

libexif (0.5.6-4) unstable; urgency=low

  * Fix override disparity (The 'I can do it' release). 

 -- christophe barbe <christophe@debian.org>  Sat, 16 Nov 2002 16:12:16 -0500

libexif (0.5.6-3) unstable; urgency=low

  * Fix override disparity. 

 -- christophe barbe <christophe@debian.org>  Sat, 16 Nov 2002 16:00:59 -0500

libexif (0.5.6-2) unstable; urgency=low

  * Quick fix to avoid conflict with libexif5 (Closes: #169313, #169336, #169337). 

 -- christophe barbe <christophe@debian.org>  Sat, 16 Nov 2002 15:18:18 -0500

libexif (0.5.6-1) unstable; urgency=low

  * New upstream release (Closes: #168382). 

 -- christophe barbe <christophe@debian.org>  Sun, 10 Nov 2002 22:20:05 -0500

libexif (0.5.3-1) unstable; urgency=low

  * New upstream release.

 -- christophe barbe <christophe@debian.org>  Tue, 18 Jun 2002 21:17:56 -0400

libexif (0.5.0-2) unstable; urgency=low

  * Fix wrong email address in control file.

 -- christophe barbe <christophe@debian.org>  Wed, 24 Apr 2002 14:38:37 -0400

libexif (0.5.0-1) unstable; urgency=low

  * Initial Release.

 -- christophe barbe <christophe.barbe@ufies.org>  Wed, 13 Feb 2002 17:58:36 -0500

