Add changelog and copyright files from debian libjasper-dev (1.900.1-13) package

2025-01-18 06:03:15 +08:00 · 2012-08-29 02:05:07 +04:00 · 2012-08-29 02:05:07 +04:00 · 6e6cfdd024
commit 6e6cfdd024
parent 70fed019ae
2 changed files with 224 additions and 0 deletions
--- a/3rdparty/libjasper/changelog
+++ b/3rdparty/libjasper/changelog
@ -0,0 +1,162 @@
+jasper (1.900.1-13) unstable; urgency=high
+
+  * Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
+    exploitable via specially crafted input files (Closes: #652649)
+    Thanks to Red Hat and Michael Gilbert
+
+ -- Roland Stigge <stigge@antcom.de>  Wed, 04 Jan 2012 19:14:40 +0100
+
+jasper (1.900.1-12) unstable; urgency=low
+
+  * Added patch to fix filename buffer overflow, thanks to Jonas Smedegard
+    and Alex Cherepanov from ghostscript (Closes: #649833)
+
+ -- Roland Stigge <stigge@antcom.de>  Sun, 27 Nov 2011 19:56:01 +0100
+
+jasper (1.900.1-11) unstable; urgency=low
+
+  * Added Multiarch support, thanks to Colin Watson (Closes: #645118)
+
+ -- Roland Stigge <stigge@antcom.de>  Wed, 02 Nov 2011 17:16:10 +0100
+
+jasper (1.900.1-10) unstable; urgency=low
+
+  * Added debian/watch
+  * debian/patches/01-misc-fixes.patch:
+    - Separated out config.{guess,sub}
+
+ -- Roland Stigge <stigge@antcom.de>  Mon, 15 Aug 2011 19:09:29 +0200
+
+jasper (1.900.1-9) unstable; urgency=low
+
+  * Switch to dpkg-source 3.0 (quilt) format
+  * Using new dh 7 build system
+
+ -- Roland Stigge <stigge@antcom.de>  Tue, 12 Jul 2011 20:21:21 +0200
+
+jasper (1.900.1-8) unstable; urgency=low
+
+  * Removed unneeded .la file (Closes: #633162)
+  * debian/control:
+    - Standards-Version: 3.9.2
+    - use libjpeg8-dev instead of libjpeg62-dev
+
+ -- Roland Stigge <stigge@antcom.de>  Mon, 11 Jul 2011 21:27:24 +0200
+
+jasper (1.900.1-7) unstable; urgency=low
+
+  * Acknowledge NMU
+  * Added patch to fix Debian patch for CVE-2008-3521 (Closes: #506739)
+  * debian/control: Standards-Version: 3.8.4
+
+ -- Roland Stigge <stigge@antcom.de>  Sun, 21 Feb 2010 16:09:45 +0100
+
+jasper (1.900.1-6.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * This is a fix for the GeoJP2 patch introduced in 1.900.1-5 which caused 
+    GDAL faulting. Thanks Even Rouault. (Closes: #553429)
+
+ -- Francesco Paolo Lovergine <frankie@debian.org>  Wed, 28 Oct 2009 09:39:28 +0100
+
+jasper (1.900.1-6) unstable; urgency=low
+
+  * Reverted to jasper 1.900.1-6 because 1.900.1-5.1 messed up (see #528543)
+    but 1.900.1-5 wasn't available anymore. (Closes: #514296, #528543)
+  * Re-applied patch from #275619 as in 1.900.1-5
+  * debian/control: Standards-Version: 3.8.2
+  * Applied patch by Nico Golde (Closes: #501021)
+     - CVE-2008-3522[0]: Buffer overflow.
+     - CVE-2008-3521[1]: unsecure temporary files handling.
+     - CVE-2008-3520[2]: Multiple integer overflows.
+
+ -- Roland Stigge <stigge@antcom.de>  Sat, 20 Jun 2009 15:21:16 +0200
+
+jasper (1.900.1-5.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * add patches/02_security.dpatch to fix various CVEs (Closes: #501021):
+     + CVE-2008-3522[0]: Buffer overflow.
+     + CVE-2008-3521[1]: unsecure temporary files handling.
+     + CVE-2008-3520[2]: Multiple integer overflows.
+
+ -- Pierre Habouzit <madcoder@debian.org>  Sun, 12 Oct 2008 21:40:59 +0200
+
+jasper (1.900.1-5) unstable; urgency=low
+
+  * Added GeoJP2 patch by Sven Geggus <sven.geggus@iitb.fraunhofer.de>
+    (Closes: #275619)
+  * debian/control: Standards-Version: 3.8.0
+
+ -- Roland Stigge <stigge@antcom.de>  Sun, 08 Jun 2008 13:14:24 +0200
+
+jasper (1.900.1-4) unstable; urgency=low
+
+  * src/libjasper/jpc/jpc_dec.c: Extended assert() to accept 4 color
+    components (Closes: #469786)
+  * debian/rules: improve "make distclean", thanks to lintian
+  * debian/control:
+    - Standards-Version: 3.7.3
+    - ${Source-Version} -> ${binary:Version}
+    - Removed self-dependencies of libjasper-dev
+
+ -- Roland Stigge <stigge@antcom.de>  Sun, 09 Mar 2008 11:53:44 +0100
+
+jasper (1.900.1-3) unstable; urgency=low
+
+  * Fixed segfaults on broken images (Closes: #413041)
+
+ -- Roland Stigge <stigge@antcom.de>  Tue, 10 Apr 2007 10:05:10 +0200
+
+jasper (1.900.1-2) experimental; urgency=low
+
+  * Added jas_tmr.h to -dev package (Closes: #414705)
+
+ -- Roland Stigge <stigge@antcom.de>  Tue, 13 Mar 2007 14:23:58 +0100
+
+jasper (1.900.1-1) experimental; urgency=low
+
+  * New upstream release
+  * debian/control:
+    - Standards-Version: 3.7.2
+    - Build-Depends: freeglut3-dev instead of libglut3-dev (Closes: #394496)
+  * Renamed packages to libjasper1, libjasper-dev, libjasper-runtime according
+    to upstream shared library naming change
+
+ -- Roland Stigge <stigge@antcom.de>  Fri, 26 Jan 2007 14:22:18 +0100
+
+jasper (1.701.0-2) unstable; urgency=low
+
+  * Prevent compression of pdf documents in binary packages
+  * Added man pages for the executables (Closes: #250077)
+  * Again renamed binary packages to reflect Policy:
+      - libjasper-1.701-1
+      - libjasper-1.701-dev (Provides, Replaces and Conflicts: libjasper-dev)
+      - libjasper-runtime
+
+ -- Roland Stigge <stigge@antcom.de>  Sun, 20 Jun 2004 13:54:10 +0200
+
+jasper (1.701.0-1) unstable; urgency=low
+
+  * New maintainer (Closes: #217099)
+  * New upstream release (Closes: #217570)
+      - new DFSG-compliant license (Closes: #218999, #245075)
+      - includes newer libtool related files (Closes: #210383)
+  * debian/control:
+      - Standards-Version: 3.6.1
+      - Changed binary package names, fixed interdependencies (Closes: #211592)
+          libjasper-1.700-2 => libjasper1
+          libjasper-1.700-2-dev => libjasper-dev
+          libjasper-progs => libjasper-runtime
+        (new packages conflicting and replacing the old ones)
+      - Added libxi-dev, libxmu-dev, libxt-dev to Build-Depends
+        (Closes: #250481)
+
+ -- Roland Stigge <stigge@antcom.de>  Sat, 19 Jun 2004 23:19:32 +0200
+
+jasper (1.700.2-1) unstable; urgency=low
+
+  * Initial Release.
+
+ -- Christopher L Cheney <ccheney@debian.org>  Fri, 22 Aug 2003 01:30:00 -0500
+
--- a/3rdparty/libjasper/copyright
+++ b/3rdparty/libjasper/copyright
@ -0,0 +1,62 @@
+This package was debianized by Christopher L Cheney <ccheney@debian.org> on
+Fri, 22 Aug 2003 01:33:34 -0500.
+
+The current maintainer is Roland Stigge <stigge@antcom.de>
+
+It was downloaded from http://www.ece.uvic.ca/~mdadams/jasper/
+
+Upstream Author: Michael Adams <mdadams@ece.uvic.ca>
+
+License:
+
+JasPer License Version 2.0
+
+Copyright (c) 1999-2000 Image Power, Inc.
+Copyright (c) 1999-2000 The University of British Columbia
+Copyright (c) 2001-2003 Michael David Adams
+
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person (the
+"User") obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge,
+publish, distribute, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the
+following conditions:
+
+1.  The above copyright notices and this permission notice (which
+includes the disclaimer below) shall be included in all copies or
+substantial portions of the Software.
+
+2.  The name of a copyright holder shall not be used to endorse or
+promote products derived from the Software without specific prior
+written permission.
+
+THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS
+LICENSE.  NO USE OF THE SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER
+THIS DISCLAIMER.  THE SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS
+"AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
+BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.  IN NO
+EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  NO ASSURANCES ARE
+PROVIDED BY THE COPYRIGHT HOLDERS THAT THE SOFTWARE DOES NOT INFRINGE
+THE PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS OF ANY OTHER ENTITY.
+EACH COPYRIGHT HOLDER DISCLAIMS ANY LIABILITY TO THE USER FOR CLAIMS
+BROUGHT BY ANY OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL
+PROPERTY RIGHTS OR OTHERWISE.  AS A CONDITION TO EXERCISING THE RIGHTS
+GRANTED HEREUNDER, EACH USER HEREBY ASSUMES SOLE RESPONSIBILITY TO SECURE
+ANY OTHER INTELLECTUAL PROPERTY RIGHTS NEEDED, IF ANY.  THE SOFTWARE
+IS NOT FAULT-TOLERANT AND IS NOT INTENDED FOR USE IN MISSION-CRITICAL
+SYSTEMS, SUCH AS THOSE USED IN THE OPERATION OF NUCLEAR FACILITIES,
+AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL
+SYSTEMS, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH
+THE FAILURE OF THE SOFTWARE OR SYSTEM COULD LEAD DIRECTLY TO DEATH,
+PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH
+RISK ACTIVITIES").  THE COPYRIGHT HOLDERS SPECIFICALLY DISCLAIM ANY
+EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES.
+