poppler (0.26.5-2+deb8u1) jessie-security; urgency=medium

  * Backport upstream commit b3425dd3261679958cd56c0f71995c15d2124433 to fix
    a crash on invalid files, reported also as CVE-2015-8868; patch
    upstream_Do-not-crash-on-invalid-files.patch. (Closes: #822578)

 -- Pino Toscano <pino@debian.org>  Mon, 25 Apr 2016 19:02:11 +0200

poppler (0.26.5-2) unstable; urgency=medium

  * Backport upstream commit 01723aa17e836e818158dbdc56df642a290be300 to map
    Standard/Expert encoding ligatures to AGLFN names; patch
    upstream_Map-Standard-Expert-encoding-ligatures-to-AGLFN-name.patch.
    (Closes: #740801)
  * Bump Standards-Version to 3.9.6, no changes required.

 -- Pino Toscano <pino@debian.org>  Sun, 19 Oct 2014 18:23:32 +0200

poppler (0.26.5-1) unstable; urgency=medium

  * New upstream release.

 -- Pino Toscano <pino@debian.org>  Sat, 27 Sep 2014 15:57:03 +0200

poppler (0.26.4-1) unstable; urgency=medium

  * New upstream release.
  * Fix linking order in autopkgtest tests.
  * Update copyright.

 -- Pino Toscano <pino@debian.org>  Fri, 22 Aug 2014 23:43:20 +0200

poppler (0.26.3-1) unstable; urgency=medium

  * New upstream release.
  * Bump the libqt4-dev (build-)dependency to 4.7.0, as noted in the upstream
    build system.
  * Update copyright.

 -- Pino Toscano <pino@debian.org>  Sun, 20 Jul 2014 19:16:14 +0200

poppler (0.26.2-3) unstable; urgency=medium

  * Mark libpoppler-dev, libpoppler-private-dev, libpoppler-qt5-dev, and
    libpoppler-cpp-dev as Multi-Arch: same; dependencies of the other -dev's
    are not ready. (Closes: #743817)
  * Switch from autotools-dev to dh-autoreconf: (Closes: #753342)
    - autoreconf in as-needed mode, and thus drop patch ltmain-as-needed.diff
    - remove Makefile.in parts from qt-visibility.diff
  * Provide a simple debian/upstream/metadata file, for DEP 12.
  * Remove Dave Beckett and Ross Burton from Uploaders, since they have done
    no work at all in poppler.
  * Add simple autopkgtest tests for the frontends (cpp, glib, qt4, qt5);
    loosely inspired by the glib one provided by Ubuntu.

  [ Peter Pentchev ]
  * Drop the unused libgtk2.0-dev build dependency. (Closes: #749972)

 -- Pino Toscano <pino@debian.org>  Fri, 18 Jul 2014 19:04:31 +0200

poppler (0.26.2-2) unstable; urgency=medium

  * Upload to unstable. (See #751525)

 -- Pino Toscano <pino@debian.org>  Wed, 02 Jul 2014 21:37:11 +0200

poppler (0.26.2-1) experimental; urgency=medium

  * New upstream release:
    - 'pdftohtml -v' now returns 0 as exit code (Closes: #732427)

 -- Pino Toscano <pino@debian.org>  Fri, 20 Jun 2014 00:53:56 +0200

poppler (0.26.1-1) experimental; urgency=medium

  * New upstream release:
    - fix extraction of text in some files (Closes: #747057)
  * Update copyright.
  * Merge changes from 0.24.5-4:
    - upstream_Fix-extraction-of-text-in-some-files.patch: drop, backported

 -- Pino Toscano <pino@debian.org>  Sat, 24 May 2014 16:03:20 +0200

poppler (0.26.0-1) experimental; urgency=medium

  * New upstream release:
    - pdfseparate supports left-padding PDF page patterns (Closes: #723121)
    - poppler-glib uses the GLib logging features for Poppler's messages
      (Closes: #736425)
  * Rename packages according to the new SONAMEs:
    - libpoppler44 -> libpoppler46
  * Update copyright.
  * Update symbols files.
  * debian/patches:
    - upstream_fix_qt5_moc_detection.diff: drop, backported
    - qt-visibility.diff: remove applied parts

 -- Pino Toscano <pino@debian.org>  Fri, 25 Apr 2014 23:54:13 +0200

poppler (0.24.5-4) unstable; urgency=medium

  * Backport upstream commit 5b2cdef49a8a0a92fd323fbe45841a5098a42ece to fix
    extraction of text in in some documents; patch
    upstream_Fix-extraction-of-text-in-some-files.patch. (Closes: #747057)
  * Enable the autotools_dev dh addon to update config.{guess,sub} before
    configure. (Closes: #734014)

 -- Pino Toscano <pino@debian.org>  Sat, 24 May 2014 15:00:15 +0200

poppler (0.24.5-3) unstable; urgency=medium

  * Upload to unstable.
  * The rebuild closes: #742293.

 -- Pino Toscano <pino@debian.org>  Sat, 05 Apr 2014 16:28:26 +0200

poppler (0.24.5-2) experimental; urgency=medium

  * Backport upstream commits a766c55f68db38feed91cf003a0d5710e2f925a8 and
    e238c1f83fd5f667336bfbb0e9a59569ff638ecc to fix the detection of
    Qt 5's moc; patch upstream_fix_qt5_moc_detection.diff.
  * Rename patch qt4-visibility.diff to qt-visibility.diff, and extend to qt5.
  * Provide poppler-qt5: (Closes: #716685)
    - add the qtbase5-dev build dependency
    - add the libpoppler-qt5-1 and libpoppler-qt5-dev binaries
    - pass --enable-poppler-qt5 to configure
    - add symbols file for libpoppler-qt5-1

 -- Pino Toscano <pino@debian.org>  Sun, 02 Feb 2014 14:18:21 +0100

poppler (0.24.5-1) experimental; urgency=low

  * New upstream release:
    - poppler can handle documents bigger than 2GB. (Closes: #642530)
    - fixes a typo in an error message. (Closes: #708972)
  * Rename packages according to the new SONAMEs:
    - libpoppler37 -> libpoppler44
  * debian/patches:
    - qt4-visibility.diff: refresh
    - upstream_pdfseparate-improve-the-path-building.patch: drop, backported
    - upstream_Allow-only-one-d-in-the-filename.diff: drop, backported
  * Update copyright.
  * Update symbols files.
  * Remove the manual link to pthreads, introduced in 0.18.4-10, as it is no
    more needed now (poppler does it on its own now).

 -- Pino Toscano <pino@debian.org>  Tue, 21 Jan 2014 23:58:32 +0100

poppler (0.22.5-4) unstable; urgency=medium

  * Upload to unstable.

 -- Pino Toscano <pino@debian.org>  Tue, 21 Jan 2014 22:43:36 +0100

poppler (0.22.5-3) experimental; urgency=low

  * Merge changes from 0.18.4-9 and 0.18.4-10:
    - upstream_Allow-only-one-d-in-the-filename.diff: pick it unmodified from
      upstream

 -- Pino Toscano <pino@debian.org>  Wed, 18 Dec 2013 14:40:56 +0100

poppler (0.22.5-2) experimental; urgency=low

  * Merge changes from 0.18.4-7 and 0.18.4-8:
    - CVE-2012-2142.diff: drop, fixed upstream
    - upstream_pdfseparate.1-Syntax-fixes.patch: drop, backported

 -- Pino Toscano <pino@debian.org>  Wed, 21 Aug 2013 14:25:35 +0200

poppler (0.22.5-1) experimental; urgency=low

  * New upstream release:
    - fixes case sensitive search in poppler-glib. (Closes: #299657)
    - poppler passes correct UTF-8 strings to cairo. (Closes: #697766)
  * Rename packages according to the new SONAMEs:
    - libpoppler28 -> libpoppler37
  * debian/patches:
    - qt4-visibility.diff: refresh
    - upstream_fix-GooString-insert.diff: drop, applied upstream
    - upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch: drop,
      backported
    - upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch: drop,
      backported
    - upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch: drop,
      backported
    - upstream_Initialize-refLine-totally.patch: drop, backported
    - upstream_cairo-support-parameterized-Gouraud-shading.patch: drop,
      applied upstream
  * Update copyright.
  * Update symbols files.
  * Update configure arguments:
    - Add: --enable-libpng, --enable-libtiff, --enable-cms=lcms2
      (no actual changes, just enforce their usage)
  * Update recommends and suggests:
    - libpoppler-private-dev: drop the libpng-dev, libtiff-dev suggests.
    - poppler-utils: drop the ghostscript recommend.
  * Split the API documentation from libpoppler-glib-dev to an own
    libpoppler-glib-doc.

 -- Pino Toscano <pino@debian.org>  Wed, 07 Aug 2013 13:21:35 +0200

poppler (0.20.5-3) experimental; urgency=low

  * Merge changes from 0.18.4-6:
    - upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch:
      update from upstream repository
    - upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch:
      update from upstream repository
    - upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch:
      update from upstream repository
    - upstream_Initialize-refLine-totally.patch:
      update from upstream repository

 -- Pino Toscano <pino@debian.org>  Tue, 26 Mar 2013 00:52:48 +0100

poppler (0.20.5-2) experimental; urgency=low

  * Merge changes from 0.18.4-4 and 0.18.4-5:
    - psoutputdev-initialize-vars.diff: drop, obsolete
  * Backport upstream commit ae8fc0cbfc6123189e17b3cf1286e0540f181646 to
    support parameterized Gouraud shading in CairoOutputDev; patch
    upstream_cairo-support-parameterized-Gouraud-shading.patch.
    (Closes: #699467)

 -- Pino Toscano <pino@debian.org>  Thu, 31 Jan 2013 19:41:24 +0100

poppler (0.20.5-1) experimental; urgency=low

  * New upstream release.
  * Update copyright.

 -- Pino Toscano <pino@debian.org>  Wed, 10 Oct 2012 21:02:25 +0200

poppler (0.20.4-1) experimental; urgency=low

  * New upstream release.
  * Rename packages according to the new SONAMEs:
    - libpoppler27 -> libpoppler28
  * Add few optional symbols to the libpoppler-qt4-4 symbols file.
  * Rename docs to libpoppler28.docs to make sure it is used only for
    libpoppler.

 -- Pino Toscano <pino@debian.org>  Sun, 23 Sep 2012 17:03:39 +0200

poppler (0.20.3-2) experimental; urgency=low

  * Adapt the libpoppler-qt4-4 symbols file to the internal symbols exported
    only with GCC 4.7, and to other templinst arm* symbols.

 -- Pino Toscano <pino@debian.org>  Tue, 14 Aug 2012 01:08:12 +0200

poppler (0.20.3-1) experimental; urgency=low

  * New upstream release.
  * Rename packages according to the new SONAMEs:
    - libpoppler26 -> libpoppler27
  * Update copyright.
  * Remove from libpoppler-private-dev the headers we used to install manually
    but which are not installed by the upstream sources:
    - ArthurOutputDev.h
    - CairoFontEngine.h
    - CairoOutputDev.h
    - DCTStream.h
    - JPEG2000Stream.h
    - PageLabelInfo.h
    using them would have meant not compiling with upstream sources anyway.
  * Remove the libopenjpeg-dev suggest from libpoppler-private-dev, since now
    there are no more headers including openjpeg headers.
  * Add a symbols file for libpoppler-qt4-4, based on poppler 0.20.1:
    - add patch qt4-visibility.diff to enable the GCC hidden visibility,
      and avoid exporting private symbols
    - set the current poppler version as version for the remaining private
      symbols
    - stop invoking dh_makeshlibs manually for libpoppler-qt4-4

 -- Pino Toscano <pino@debian.org>  Sat, 11 Aug 2012 12:13:20 +0200

poppler (0.20.2-2) experimental; urgency=low

  * Raise the version of the libpoppler-private-dev breaks/replaces against
    libpoppler-dev to << 0.20.2. (Closes: #681313)

 -- Pino Toscano <pino@debian.org>  Thu, 12 Jul 2012 12:19:17 +0200

poppler (0.20.2-1) experimental; urgency=low

  * New upstream release.
  * Merge changes from 0.18.4-3:
    - upstream_cairo-use-correct-userfont-font-bbox.patch: drop, backported
    - upstream_Change-nnnnnn-to-number.patch: drop, backported
    - upstream_pdfinfo-decode-utf-16-surrogate-pairs.patch: drop, backported
  * Update copyright.

 -- Pino Toscano <pino@debian.org>  Wed, 11 Jul 2012 23:51:35 +0200

poppler (0.20.1-1) experimental; urgency=low

  * New upstream release.
  * Rename packages according to the new SONAMEs:
    - libpoppler19 -> libpoppler26
    - libpoppler-qt4-3 -> libpoppler-qt4-4
  * Bump shlibs for libpoppler-qt4-4.
  * Update copyright.
  * Update build dependencies:
    - Switch liblcms1-dev to liblcms2-dev, supported upstream now.
  * debian/patches:
    - ltmain-as-needed.diff: refresh
  * Add pdfdetach in the description of poppler-utils.
  * Add a symbols file for libpoppler-glib8, based on poppler 0.18;
    the C++ symbols (internal) of it now have the current poppler version
    as version.

 -- Pino Toscano <pino@debian.org>  Mon, 11 Jun 2012 15:14:29 +0200

poppler (0.18.4-10) unstable; urgency=low

  * Manually force the link of everything against pthreads; while I cannot
    reproduce #730112, it seems (see e.g. #728113) that doing so would fix
    the poppler utilities. (Closes: #730112)
    Newer versions of poppler link to pthreads already, so this is a
    workaround for 0.18.x only.

 -- Pino Toscano <pino@debian.org>  Sun, 15 Dec 2013 12:49:01 +0100

poppler (0.18.4-9) unstable; urgency=medium

  * Remove the custom RPATH handing on Hurd, since the issue does not affect
    the build anymore; remove the hurd-only chrpath build dependency.
  * Backport upstream commits b8682d868ddf7f741e93b791588af0932893f95c (patch
    upstream_pdfseparate-improve-the-path-building.patch)
    and 61f79b8447c3ac8ab5a26e79e0c28053ffdccf75 (patch
    upstream_Allow-only-one-d-in-the-filename.diff) to fix two string/format
    issues in pdfseparate, reported as CVE-2013-4473 and CVE-2013-4474.
    (Closes: #723124,  #729064)
  * Bump Standards-Version to 3.9.5, no changes required.

 -- Pino Toscano <pino@debian.org>  Sun, 17 Nov 2013 18:57:18 +0100

poppler (0.18.4-8) unstable; urgency=low

  * Remove the .la files from debian/tmp, to shorten the --list-missing output.
  * Workaround issues of old libtool on Hurd, by removing with chrpath the
    extra RPATH added; add the hurd-only chrpath build dependency for that.
  * Backport upstream commit 8e504bf2543621973fdaddbd29055ce435540146 to fix
    small syntax issues in pdfseparate.1.

 -- Pino Toscano <pino@debian.org>  Tue, 20 Aug 2013 19:12:31 +0200

poppler (0.18.4-7) unstable; urgency=low

  * Filter stuff that might end up in the shell; patch CVE-2012-2142.diff
    by Marek Kasik <mkasik@redhat.com> to fix CVE-2012-2142.
  * Fix Vcs-* headers.
  * Bump Standards-Version to 3.9.4, no changes required.
  * Adjust watch file to allow both gz and xz extensions.
  * Mark poppler-dbg as Multi-Arch: same.

 -- Pino Toscano <pino@debian.org>  Fri, 09 Aug 2013 12:50:40 +0200

poppler (0.18.4-6) unstable; urgency=low

  * Backport upstream commits 0388837f01bc467045164f9ddaff787000a8caaa (patch
    upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch),
    8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492 (adapted patch
    upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch), and
    e14b6e9c13d35c9bd1e0c50906ace8e707816888 (adapted patch
    upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch) to fix
    CVE-2013-1788.
  * Backport upstream commit b1026b5978c385328f2a15a2185c599a563edf91 to fix
    CVE-2013-1790 (patch upstream_Initialize-refLine-totally.patch).
  * With the changes above, this upload closes: #702071.

 -- Pino Toscano <pino@debian.org>  Mon, 25 Mar 2013 21:43:07 +0100

poppler (0.18.4-5) unstable; urgency=low

  * Correctly initialize PSOutputDev::fontFileNameLen and
    PSOutputDev::psFileNames; patch psoutputdev-initialize-vars.diff.
    (Closes: #699421)

 -- Pino Toscano <pino@debian.org>  Thu, 31 Jan 2013 15:20:33 +0100

poppler (0.18.4-4) unstable; urgency=low

  * Backport upstream commits 7ba15d11e56175601104d125d5e4a47619c224bf and
    55940e989701eb9118015e30f4f48eb654fa34c4 to fix GooString::insert;
    patch upstream_fix-GooString-insert.diff. (Closes: #693817)
  * Add a libcairo2-doc build dependency to fix cross-references to cairo
    methods in the poppler-glib apidox.

 -- Pino Toscano <pino@debian.org>  Tue, 27 Nov 2012 16:24:17 +0100

poppler (0.18.4-3) unstable; urgency=low

  * Finally drop the libfontconfig1-dev dependency from libpoppler-dev,
    since now all sources have been fixed.
  * Remove an extra colon from the override_dh_auto_clean declaration.
  * Move the poppler private headers from libpoppler-dev to
    libpoppler-private-dev:
    - Add break/replaces in libpoppler-private-dev.
    - Drop lintian overrides of libpoppler-private-dev.
    - Adjust descriptions of libpoppler-dev and libpoppler-private-dev.
  * Backport upstream commit f1e621adbbb74ec709022b2a31195331651c83fa to fix
    the glyph drawing with cairo >= 1.12; patch
    upstream_cairo-use-correct-userfont-font-bbox.patch. (Closes: #668250)
  * Backport upstream commit fde3bed0f400a50f31f1f6bcee44ac1b2c17ddc6 to make
    pdfinfo decode UTF-16 surrogate pairs; patch
    upstream_pdfinfo-decode-utf-16-surrogate-pairs.patch. (Closes: #525309)
  * Backport upstream commit 4eaafe67de79fb63ebf61f031a97bbc0ed6a8891 to fix
    the man page of pdftoppm regarding the naming of the output files;
    patch upstream_Change-nnnnnn-to-number.patch. (Closes: #495901)

 -- Pino Toscano <pino@debian.org>  Thu, 21 Jun 2012 21:38:32 +0200

poppler (0.18.4-2) unstable; urgency=low

  * Upload to unstable.
  * Enable all the hardening flags.
  * Bump to Standards-Version to 3.9.3, no changes required.
  * Bump debhelper build dependency to >= 9, since compat 9 is used.
  * Set the minimum shlib version of libpoppler19 to the current version.
  * Temporarly put back the libfontconfig1-dev dependency to libpoppler-dev,
    as there is still one source assuming that dependency.

 -- Pino Toscano <pino@debian.org>  Thu, 31 May 2012 15:24:07 +0200

poppler (0.18.4-1) experimental; urgency=low

  * New upstream release.
  * Update copyright.

 -- Pino Toscano <pino@debian.org>  Sat, 18 Feb 2012 20:22:17 +0100

poppler (0.18.3-1) experimental; urgency=low

  * New upstream release: (Closes: #644447)
    - fixes rendering of Porirua City overview map. (Closes: #443547)
    - shows the names of unknown fonts. (Closes: #524323)
  * Rename packages according to the new SONAMEs:
    - libpoppler13 -> libpoppler19
    - libpoppler-glib6 -> libpoppler-glib8
  * Bump shlibs for libpoppler-glib8 and libpoppler-qt4-3.
  * debian/patches:
    - ltmain-as-needed.diff: refresh
  * Update copyright.
  * Update configure arguments:
    - Remove: --disable-poppler-qt, --disable-abiword-output
  * Drop test-poppler-glib from libpoppler-glib-dev, as it does not exist
    anymore.
  * Update build dependencies, dependencies and suggests:
    - Switch liblcms-dev to liblcms1-dev, to make it explicit lcms 1 is used.
    - Add libtiff-dev (for TIFF support).
    - Remove the gnome-pkg-tools B-D, unused.
    - libpoppler-dev: remove libfontconfig1-dev.
    - libpoppler-private-dev: suggest packages containing headers included in
      barely used private poppler core headers: libfreetype6-dev,
      libopenjpeg-dev, libpng-dev, libtiff-dev. (Closes: #646688)
    - libpoppler-glib-dev: remove libgtk2.0-dev.
  * Enable the GObject introspection support (Closes: #617604):
    - Add libgirepository1.0-dev and gobject-introspection build dependencies.
    - Add a new package gir1.2-poppler-0.18, and make libpoppler-glib-dev
      depend on it.
    - Enable the introspection in configure arguments.
  * Improve description of poppler-utils, also including the new tools
    (pdfseparate, pdftocairo, pdfunite).
  * Convert convert to the `dh' sequencer:
    - Drop cdbs build dependency.
    - Bump debhelper build dependency to 7.0.50.
    - Make use of the gir dh addon.
    - Enable parallel build support.
  * Remove ${shlibs:Depends} from poppler-dbg.
  * Install the upstream ChangeLog only in the libpopplerN package.
  * Convert to multi-arch:
    - Bump debhelper build dependency to 8.9.0.
    - Bump compat to 9.
    - Add dpkg build dependency to 1.16.1.
    - libpoppler19, libpoppler-glib8, libpoppler-qt4-3, libpoppler-cpp0:
      mark "Multi-Arch: same", and add Pre-Depends.
    - poppler-utils: mark "Multi-Arch: foreign".
    - Fix (using wildcard) library paths in .install files, taking care of
      installing the gir .typelib file in a non-multi-arch path.
  * Use DEB_LDFLAGS_MAINT_APPEND in rules to properly append custom LDFLAGS.
    (Closes: #651968)
  * Make the build verbose (V=1).

 -- Pino Toscano <pino@debian.org>  Sun, 12 Feb 2012 22:49:35 +0100

poppler (0.16.7-3) unstable; urgency=low

  [ Michael Gilbert ]
  * Bump standards to 3.9.2.
  * Remove automatically generated glib reference files in clean rule (this
    prevents automatic generation of a debian patch on a second build run.

  [ Pino Toscano ]
  * Switch to my @debian.org address, I'm a DD now.
  * Add a libpoppler-private-dev package: it will contain the private
    poppler core headers, but at the moment it is empty to allow sources
    to migrate their (build-)dependencies from libpoppler-dev to it.
  * control: add Vcs-Browser and Vcs-Git headers.
  * control: fix some of the conflict/replaces relations in poppler-utils:
    - xpdf-utils: properly set the version for it, and turn into a
      breaks/replaces (see also #586620)
    - pdftohtml: remove the version, since any newer version would always
      conflict with the one in poppler-utils

 -- Pino Toscano <pino@debian.org>  Fri, 10 Feb 2012 23:59:28 +0100

poppler (0.16.7-2) unstable; urgency=low

  * Upload to unstable.

 -- Pino Toscano <pino@kde.org>  Fri, 01 Jul 2011 22:29:43 +0200

poppler (0.16.7-1) experimental; urgency=low

  * New upstream release.
  * Make sure to really disable the gobject introspection for configure.
  * Few touches to descriptions:
    - Fix typo in libpoppler-cpp0.
    - Correctly capitalize "Xpdf".
  * Update copyright.
  * Enable as-needed linking:
    - Import the ltmain-as-needed.diff (refreshed) patch to allow to pass
      -Wl,--as-needed at the beginning of autotools linking lines
    - set LDFLAGS to "-Wl,--as-needed"
  * Drop abiword support, buggy and dropped in Poppler 0.18:
    (Closes: #521456, #618634)
    - rules: add --disable-abiword-output
    - control: remove the libxml2-dev build-dependency and the pdftoabw
      references in the poppler-utils description
    - drop patch 03_CVE-2009-3938.patch, no more needed now
    - drop pdftoabw.1 manpage
    - libpoppler-dev.install: stop installing ABWOutputDev.h

 -- Pino Toscano <pino@kde.org>  Fri, 01 Jul 2011 00:47:07 +0200

poppler (0.16.3-1) experimental; urgency=low

  [ Pino Toscano ]
  * New upstream release: (Closes: #567817, #585434, #592534, #601179, #611874)
    - fixes thread-unsafe usage of strtok(). (Closes: #533426)
    - pdftohtml correctly rotates images. (Closes: #506785)
    - pdftoppm tests correctly for rotation. (Closes: #614831)
    - fixes text highlighting. (Closes: #463963)
    - fixes image rescaling with cairo. (Closes: #533138)
    - fixes/hides some "Illegal entry in bfrange block in ToUnicode CMap"
      errors. (Closes: #578050)
    - fixes a pdftotext crash. (Closes: #611124)
  * Update patches:
    - 01_revert_abi_change.patch: remove, obsolete
    - 02_autohinting_abi_compatibility.patch: remove, obsolete
    - 03_CVE-2009-3938.patch: add two DEP3 headers (with bug number)
    - 04_security.patch: remove, applied upstream
  * Drop Qt 3 frontend, unused in Debian (and will no more be provided with
    Poppler 0.18). (Closes: #604370, #558951)
  * Rename packages according to the new SONAMEs:
    - libpoppler5 -> libpoppler13
    - libpoppler-glib4 -> libpoppler-glib6
  * Update shlib depends for libpoppler-qt4-3.
  * Add packages for the new CPP frontend (libpoppler-cpp0).
  * Update build-dependencies and dependencies:
    - Bump libglib2.0-dev, libcairo2-dev, gtk-doc-tools, and libqt4-dev
      to the versions required upstream.
    - Remove obsolete B-D: libqt3-mt-dev, libglade2-dev.
    - libpoppler-glib-dev: add libgtk2.0-dev (Closes: #540582), remove
      libpango1.0-dev.
  * Update configure arguments:
    - Add: --enable-xpdf-headers
    - Remove: --enable-a4-paper
  * Update copyright, adding a small clarifying text that the Poppler license
    is GPL v2 only. (Closes: #611259)
  * Bump debhelper compatibility to 7:
    - Update .install files accordingly.
  * libpoppler-dev.install: Avoid installing all the poppler private headers
    (even those that will not work), but rely on what poppler installs
    and manually copy the few "useful".
  * rules: include /usr/share/cdbs/1/rules/utils.mk for list-missing.
  * Add myself to the Uploaders.
  * Add Homepage field in control.
  * Improve descriptions of most of the packages.

  [ Michael Gilbert ]
  * Recommend poppler-data (closes: #584503).
  * Fix a typo (closes: #582527).
  * Update to source format 3.0 (quilt).
    - Drop explicit quilt dependency.
  * Bump standards version to 3.8.4 (no changes required).
  * Add copyright dates to copyright file as stated in README-XPDF.
  * Add manpage for pdftoabw (closes: #505147).

 -- Josselin Mouette <joss@debian.org>  Thu, 03 Mar 2011 22:14:46 +0100

poppler (0.12.4-1.2) unstable; urgency=medium

  * Non-maintainer upload by the Security Team
  * Fix CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 and several crashers
    (Closes:#599165)

 -- Moritz Mühlenhoff <jmm@debian.org>  Sat, 23 Oct 2010 15:59:04 +0200

poppler (0.12.4-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Do not conflict with newer versions of xpdf-utils (closes: #586620).

 -- Michael Gilbert <michael.s.gilbert@gmail.com>  Fri, 06 Aug 2010 18:51:54 -0400

poppler (0.12.4-1) unstable; urgency=low

  * New upstream release.
  * Bump Qt requirements.

 -- Josselin Mouette <joss@debian.org>  Fri, 16 Apr 2010 19:22:34 +0200

poppler (0.12.2-2.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-3938 (Closes: #534680)

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 22 Dec 2009 16:11:27 +0100

poppler (0.12.2-2) unstable; urgency=low

  * Switch to quilt to manage patches.
  * 01_revert_abi_change.patch: revert upstream commit that introduced 
    an ABI change in a stable release. Closes: #558463.
  * 02_autohinting_abi_compatibility.patch: revert part of another 
    upstream commit for a similar reason.

 -- Josselin Mouette <joss@debian.org>  Mon, 30 Nov 2009 16:51:53 +0100

poppler (0.12.2-1) unstable; urgency=low

  * New upstream release.

 -- Josselin Mouette <joss@debian.org>  Sat, 28 Nov 2009 13:24:28 +0100

poppler (0.12.0-2.1) unstable; urgency=low

  * Non-maintainer upload.
  * Include fofi/*.h in /usr/include/poppler/fofi. Closes: #553445.

 -- Matt Kraai <kraai@debian.org>  Tue, 10 Nov 2009 19:51:32 -0800

poppler (0.12.0-2) unstable; urgency=low

  * copyright: add complete list of copyright holders.
  * Upload to unstable. Hold on to your pants.

 -- Josselin Mouette <joss@debian.org>  Sat, 17 Oct 2009 10:48:03 +0200

poppler (0.12.0-1) experimental; urgency=low

  * New upstream release. Closes: #530731.
  * Rename libpoppler4 to libpoppler5.
  * Bump shlibs versions.

 -- Josselin Mouette <joss@debian.org>  Thu, 24 Sep 2009 16:39:17 +0200

poppler (0.10.6-1) unstable; urgency=critical

  * Fix section for the debug package.
  * New upstream release.
    + Fix problems that happen when parsing broken JBIG2 files.
      CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180,
      CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, 
      CVE-2009-1188.
  * Bump libqt4 requirement.
  * 10_jpxstream_int_crash.patch: removed, upstream has merged a 
    different fix quite a while ago.
  * Standards version is 3.8.1.

 -- Josselin Mouette <joss@debian.org>  Wed, 01 Apr 2009 18:30:04 +0200

poppler (0.10.5-1) unstable; urgency=low

  [ Pino Toscano ]
  * New upstream release, no API nor ABI changes.
    + Fixes crash when rendering documents with optional content.
      (Closes: #519494)
  * Remove lintian override for poppler-dbg, which is no more needed with
    lintian >= 2.2.1.

 -- Josselin Mouette <joss@debian.org>  Wed, 01 Apr 2009 15:19:53 +0200

poppler (0.10.4-3) unstable; urgency=low

  * Revert previous upload, now openjpeg was built successfully on 
    alpha.
  * Build-depend on libglib2.0-doc to ensure proper xrefs.

 -- Josselin Mouette <joss@debian.org>  Tue, 10 Mar 2009 12:03:06 +0100

poppler (0.10.4-2) unstable; urgency=low

  * Don’t require openjpeg on alpha, since it doesn’t build there.

 -- Josselin Mouette <joss@debian.org>  Sun, 08 Mar 2009 03:33:50 +0100

poppler (0.10.4-1) unstable; urgency=low

  [ Pino Toscano ]
  * New upstream stable release, with ABI and API changes wrt poppler 0.8.
    - Rename libpoppler3 to libpoppler4, libpoppler-glib3 to libpoppler-glib4;
      libpoppler-qt2 and libpoppler-qt4-3 are not renamed; update control,
      DEB_DH_MAKESHLIBS_ARGS_* in rules, and rename install files.
    - Add shlib version for libpoppler-qt4-3.
    - Drop patches 60_manpages-cfg-flag.patch, 61_manpages-hyphens.patch, and
      62_pdftops-mandatory-arg.patch, merged upstream.
  * Build-dep on libopenjpeg-dev for better JPEG2000 reading.

  [ Josselin Mouette ]
  * Build-depend explicitly on libjpeg-dev, libfreetype6-dev and 
    libxml2-dev.
  * Bump requirement on libqt4-dev.

 -- Josselin Mouette <joss@debian.org>  Fri, 06 Mar 2009 12:54:09 +0100

poppler (0.8.7-1) unstable; urgency=low

  * Bump up Standards-Version to 3.8.0.
  * New patch, 61_manpages-hyphens, fixes escaping of hyphens in man pages;
    FreeDesktop #17225.
  * New patch, 62_pdftops-mandatory-arg, fixes synopsis of pdftops in man page
    to clarify that a PDF file is required in all cases; FreeDesktop #17226;
    closes: #491816.
  * Build-dep on cdbs (>= 0.4.52) and add a lintian override with rationale
    for the following lintian warning:
    W: poppler-dbg: dbg-package-missing-depends poppler
  * Add xrefs and CVE for #489756 in 0.8.5-1 as I didn't merge the 0.8.4-1.1
    NMU.
  * New upstream release; no API change, bug fixes.

 -- Loic Minier <lool@dooz.org>  Wed, 20 Aug 2008 17:36:12 +0200

poppler (0.8.6-1) unstable; urgency=low

  * Fix /usr/share/gtk-doc/html/poppler symlink to point at
    /usr/share/doc/libpoppler-glib-dev/html/poppler instead of
    /usr/share/doc/libpoppler-glib-dev/html; LP: #226677.
  * New upstream stable release; bug fixes, no API change.
  * New patch, 60_manpages-cfg-flag, drop unimplemented -cfg flag from man
    pages; FreeDesktop #17222; closes: #461961.
  * Rename patch 001_jpxstream_int_crash to 10_jpxstream_int_crash as we don't
    have that many patches; also add upstream bug id (FreeDesktop #5667) and
    refresh to apply cleanly.
  * Build-dep on pkg-config >= 0.18 to make sure -lpoppler is only in
    poppler-qt's Libs.private (it already is though); closes: #360595.

 -- Loic Minier <lool@dooz.org>  Fri, 01 Aug 2008 15:04:05 +0200

poppler (0.8.5-1) unstable; urgency=low

  * New upstream release; no API changes, misc fixes.
    - Initializes pageWidgets in Page.cc, otherwise it can be a rubbish
      pointer as Annots is not a valid object; upstream commit
      fd0bf8b05cb155e2f29df31fa01964b12e710b89; CVE-2008-2950;
      closes: #489756.

 -- Loic Minier <lool@dooz.org>  Wed, 30 Jul 2008 14:52:42 +0200

poppler (0.8.4-1) unstable; urgency=low

  * New upstream release; no API change.
    - Fixes crash when reloading PDFs; GNOME #536482; closes: 484160.

 -- Loic Minier <lool@dooz.org>  Mon, 30 Jun 2008 10:44:16 +0200

poppler (0.8.3-1) unstable; urgency=low

  * New upstream release. Closes: #487214.
    + Fix crasher with some PDF files. Closes: #484224.

 -- Josselin Mouette <joss@debian.org>  Wed, 25 Jun 2008 16:40:39 +0200

poppler (0.8.2-2) unstable; urgency=low

  * Upload to unstable.
  * Set myself as Maintainer instead of Uploader, taking over from Ondřej Surý
    but I wish we move to an official team; closes: #481323.

 -- Loic Minier <lool@dooz.org>  Thu, 15 May 2008 12:33:18 +0200

poppler (0.8.2-1) experimental; urgency=low

  * New upstream releases.
    - Drop patch 006_pthreads_ldflags, upstream now calls ACX_PTHREAD() in
      configure.ac which does the right thing.
    - Drop patch 102_embedded-font-fixes, merged upstream.

 -- Loic Minier <lool@dooz.org>  Sun, 11 May 2008 01:02:22 +0200

poppler (0.8.0-1) experimental; urgency=low

  * Bump libcairo2-dev build-dep and dep to >= 1.4; thanks
    Marc 'HE' Brockschmidt.
  * New upstream stable release, with ABI and API changes; closes: #476323.
    - Rename libpoppler2 to libpoppler3, libpoppler-glib2 to libpoppler-glib3,
      and libpoppler-qt4-2 to libpoppler-qt4-3; NB: libpoppler-qt2 not
      renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, rename
      install files.
    - Drop shlib version except for libpoppler-qt2.
    - Update patch 006_pthreads_ldflags for the version-info changes in
      poppler/Makefile.am.
    - Force usage of qt4's moc via a PATH setting; export PATH.
  * Let libpoppler-glib-dev depend on libglib2.0-dev >= 2.6 for consistency
    with build-deps.
  * New patch, 102_embedded-font-fixes; protects the methods of the Object
    class to be more robust and prevent things like CVE-2008-1693; see also
    FreeDesktop/Poppler #11392; taken from the Ubuntu package;
    closes: #476842.
  * Add a poppler-dbg package; closes: #408403.
    - Bump up cdbs build-dep to >= 0.4.51 for -dbg handling fixes.
    - Add poppler-dbg to control.

 -- Loic Minier <lool@dooz.org>  Mon, 17 Mar 2008 21:00:13 +0100

poppler (0.6.4-1) unstable; urgency=medium

  * Add ${shlibs:Depends} to libpoppler-glib-dev, libpoppler-dev,
    libpoppler-qt-dev, libpoppler-qt4-dev.
  * Add ${misc:Depends}.
  * Cleanups.
  * New upstream releases; no API change; bug fixes; closes: #459342.
  * Fix copyright information to use version 2 of the GPL (instead of version 2
    or later); thanks Timo Jyrinki for the patch; closes: #453865.
  * Urgency medium for RC bug fix.
  * List pdftohtml in poppler-utils' description; closes: #464439.
  * Drop libpoppler-qt-dev dependency from libpoppler-qt4-dev; thanks
    Pino Toscano; closes: #459922.
  * Bump up Standards-Version to 3.7.3.

 -- Loic Minier <lool@dooz.org>  Fri, 18 Jan 2008 13:35:06 +0100

poppler (0.6.2-1) unstable; urgency=low

  * New upstream version. (Closes: #447992)
  * Dependency on xpdfrc was removed on 2007-02-25 (Closes: #347789, #440936)
  * Changes since 0.6.1:
    - Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (Closes: #450628)
    - Fix a crash on documents with wrong CCITTFaxStream
    - Fix a crash in the Cairo renderer with invalid embedded fonts
    - Fix a crash with invalid TrueType fonts
    - Check if font is inside the clip area before rendering
      it to a temporary bitmap in the Splash renderer. Fixes crashes on
      incorrect documents
    - Do not use exit(1) on DCTStream errors
    - Detect form fields at any depth level
    - Do not generate appearance stream for radio buttons that are not active

 -- Ondřej Surý <ondrej@debian.org>  Wed, 14 Nov 2007 11:20:07 +0100

poppler (0.6.1-2) unstable; urgency=low

  * Upload to unstable.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 06 Nov 2007 09:07:10 +0100

poppler (0.6.1-1) experimental; urgency=low

  * New upstream version.
  * Changes since 0.6.0:
    - poppler core:
      + Fix printing with different x and y scale
      + Fix crash when Form Fields array contains references to non
        existent objects
      + Fix crash in CairoOutputDev::drawMaskedImage()
      + Fix embedded file description not working on some cases
    - Qt4 frontend:
      + Fix printing issue
      + Avoid double free
      + Fix memory leak when dealing with embedded files
    - glib frontend:
      + Fix build with --disable-cairo-output
      + Do not return unknown field type for signature form fields
    - build system:
      + Support automake-1.10
      + More compatible sh code in qt.m4
    - utils:
      + Fix build on Sun Studio compiler

 -- Ondřej Surý <ondrej@debian.org>  Thu, 25 Oct 2007 11:33:04 +0200

poppler (0.6-1) experimental; urgency=low

  * New upstream release. (Closes: #429700)
    - merged changes from Ubuntu, courtesy of Sebastien Bacher <seb128@canonical.com>
    - Fix security issue MOAB-06-01-2007
    - Fix security issue CVE-2007-3387
    - Fix security issue CVE-2007-5049 (Closes: #443903)
  * debian/watch:
    - update (Closes: #441012)
  * debian/control, debian/libpoppler2.install, debian/libpoppler-glib2.install,
    debian/libpoppler-qt2.install, debian/libpoppler-qt4-2.install,
    debian/rules:
    - updated for soname change
  * debian/libpoppler-glib-dev.install:
    - install new test-poppler-glib
  * debian/patches/002_CVE-2006-0301.patch:
    - dropped, deprecated by the upstream changes
  * debian/patches/003_glib-2.0-configure.patch:
  * debian/patches/004_CVE-2007-0104.patch:
  * debian/patches/005_fix_inverted_text_from_bug_8944.patch:
    - dropped, fixed with the new version
  * debian/patches/006_pthreads_ldflags.patch:
    - updated

 -- Ondřej Surý <ondrej@debian.org>  Thu, 27 Sep 2007 09:03:33 +0200

poppler (0.5.4-6) unstable; urgency=low

  * Conflict with old library names from experimental.  (Closes: #426023)

 -- Ondřej Surý <ondrej@debian.org>  Wed, 30 May 2007 08:42:32 +0200

poppler (0.5.4-5) unstable; urgency=low

  * Add missing poppler/poppler-link-qt3.h header to libpoppler-qt-dev; thanks
    Sune Vuorela; closes: #425486.
  * Let libpoppler-qt4-dev depend on libpoppler-qt-dev since some of its
    headers require poppler-page-transition.h which is clearly from the Qt
    bindings; thanks Sune Vuorela; closes: #425540.
  * Wrap build-deps and deps.
  * Drop useless debian/*.dirs.
  * Misc cleanups.
  * Build-dep on autotools-dev and drop bogus lintian overrides.

 -- Loic Minier <lool@dooz.org>  Thu, 24 May 2007 23:09:23 +0200

poppler (0.5.4-4) unstable; urgency=low

  * The "Augean Stables" release.
  * 0.5.x branch fixes all kind of displaying errors
    Closes: #372169, #235360, #331380, #332426, #336616
    Closes: #402647, #369164, #413953, #343654
  * Add versioned conflict to pdftohtml (Closes: #393169)
  * We dropped .la files some time ago, libjpeg62-dev dependency not
    needed now (Closes: #413112)
  * Crash fixed in 0.5.4 (Closes: #418638)
  * [control.in]: dropped some time ago (Closes: #407818)
  * NMU 0.5.4-5.1 merged as 004_CVE-2007-0104.patch (Closes: #407810)
  * 0.5.x uploaded to unstable (Closes: #352522)
  * qt4 libraries are now part of build (Closes: #414643)
  * No longer depends on poppler-data (Closes: #389753)
  * [debian/patches/006_pthreads_ldflags.patch]:
    + Add -lpthread to poppler/Makefile.am (Closes: #399275)

 -- Ondřej Surý <ondrej@debian.org>  Wed, 16 May 2007 10:45:39 +0200

poppler (0.5.4-3) unstable; urgency=low

  * Upload to unstable.
  * Enable Cairo output again.
  * Enable gtk-doc build.
  * Add lintian override for outdated-autotools-helper-files (we use CDBS).
  * Change shared library packages names according to Library Packaging Guide.
  * Change ${Source-Version} to ${binary:Version} to allow binNMU
  * Drop (= ${Source-Version}) dependency in glib, qt3, qt4 libraries; we are
    adding that from debian/rules
  * Merge changes from Ubuntu:
    + Enable Qt4 library build (but change name to libpoppler-qt4-1).
    + [debian/patches/004_CVE-2007-0104.patch]:
      - Limit recursion depth of the parsing tree to 100 to avoid infinite loop
        with crafted documents.
      - Patch taken from koffice security update (which has a copy of xpdf
        sources).
    + [debian/patches/005_fix_inverted_text_from_bug_8944.patch]:
      - fixes "text is inverted in some PDFs"

 -- Ondřej Surý <ondrej@debian.org>  Wed, 16 May 2007 08:26:47 +0200

poppler (0.5.4-2) experimental; urgency=low

  * [debian/control]: poppler-data is non-free, do not depend on it (Closes: #389753)

 -- Ondřej Surý <ondrej@debian.org>  Mon,  2 Oct 2006 14:41:58 +0200

poppler (0.5.4-1) experimental; urgency=low

  * New upstrem release.
  * [debian/control.in]: remove file and add all pkg-freedesktop people
    to Uploaders: field
  * [debian/control]: Add dependency on poppler-data package.
  * [debian/patches/03_glib-2.0-configure.patch]: fix broken configure.ac

 -- Ondřej Surý <ondrej@debian.org>  Fri, 22 Sep 2006 16:49:17 +0200

poppler (0.5.3-1) experimental; urgency=low

  * New upstream release.
  * debian/lib{poppler,poppler-glib,poppler-qt}-dev.install:
    Stop shipping /usr/lib/*.la in libpoppler*-dev.

 -- Ondřej Surý <ondrej@debian.org>  Wed, 31 May 2006 17:19:34 +0200

poppler (0.5.2-1) experimental; urgency=low

  * New upstream release.
  * Remove patches adopted upstream:
    debian/patches/000_incorrect_define_fix.patch
    debian/patches/000_splash_build_fix.patch

 -- Ondřej Surý <ondrej@debian.org>  Tue, 23 May 2006 20:21:30 +0200

poppler (0.5.1-1) experimental; urgency=low

  * Merge back changes from Ubuntu.
  * Upload to experimental (Closes: 352522)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 18 Apr 2006 15:08:26 +0200

poppler (0.5.1-0ubuntu6) dapper; urgency=low

  * Install poppler-page-transition into libpoppler-qt-dev (not
    libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179

 -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 10 Apr 2006 12:20:46 +0200

poppler (0.5.1-0ubuntu5) dapper; urgency=low

  * debian/patches/000_incorrect_define_fix.patch:
    - patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239)

 -- Sebastien Bacher <seb128@canonical.com>  Thu, 23 Mar 2006 12:33:17 +0100

poppler (0.5.1-0ubuntu4) dapper; urgency=low

  * debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev,
    because we directly include <fontconfig/fontconfig.h> in GlobalParams.h

 -- Adam Conrad <adconrad@ubuntu.com>  Thu, 16 Mar 2006 11:23:00 +1100

poppler (0.5.1-0ubuntu3) dapper; urgency=low

  * debian/control.in: Have poppler-utils Replace: xpdf-reader, since both
    contain pdftoppm.1.gz.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 13 Mar 2006 09:10:12 +0100

poppler (0.5.1-0ubuntu2) dapper; urgency=low

  * debian/control.in:
    - fix the libpoppler1 package description

 -- Sebastien Bacher <seb128@canonical.com>  Thu,  9 Mar 2006 09:43:15 +0000

poppler (0.5.1-0ubuntu1) dapper; urgency=low

  * New upstream version:
    - Support for embedded files.
    - Handle 0-width lines correctly.
    - Avoid external file use when opening fonts.
    - Only use vector fonts returned from fontconfig (#5758).
    - Fix scaled 1x1 pixmaps use for drawing lines (#3387).
    - drawSoftMaskedImage support in cairo backend.
    - Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420.
  * debian/control.in, debian/libpoppler0c2.dirs,
    debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install,
    debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs,
    debian/libpoppler0c2-qt.install, debian/rules:
    - updated for the soname change
  * debian/patches/000_splash_build_fix.patch:
    - fix build when using splash
  * debian/patches/001_fixes_for_fonts_selection.patch:
    - fix with the new version

 -- Sebastien Bacher <seb128@canonical.com>  Mon,  6 Mar 2006 18:42:44 +0000

poppler (0.5.0-0ubuntu5) dapper; urgency=low

  * debian/control.in, debian/rules:
    - build without libcairo

 -- Sebastien Bacher <seb128@canonical.com>  Sun, 26 Feb 2006 20:05:10 +0100

poppler (0.5.0-0ubuntu4) dapper; urgency=low

  * debian/patches/001_fixes_for_fonts_selection.patch:
    - change from the CVS, fix some renderings issues and fonts selection

 -- Sebastien Bacher <seb128@canonical.com>  Tue,  7 Feb 2006 13:38:04 +0100

poppler (0.5.0-0ubuntu3) dapper; urgency=low

  * SECURITY UPDATE: Buffer overflow.
  * Add debian/patches/002_CVE-2006-0301.patch:
    - splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(),
      Splash::xorSpan(): Check coordinates for integer overflow.
  * CVE-2006-0301

 -- Martin Pitt <martin.pitt@ubuntu.com>  Fri,  3 Feb 2006 18:13:30 +0000

poppler (0.5.0-0ubuntu2) dapper; urgency=low

  * debian/rules: Bump shlibs version to 0.5.0.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 20 Jan 2006 16:56:40 +0100

poppler (0.5.0-0ubuntu1) dapper; urgency=low

  * New upstream release 0.5.0, required for new evince 0.5.
  * Merge with Debian.
  * Remove patches adopted upstream:
    - debian/patches/000_add-poppler-utils.patch
    - debian/patches/002-selection-crash-bug.patch
  * debian/libpoppler-dev.install:
    - Install poppler-page-transition.h.
    - Do not install poppler-config.h, it doesn't exist any more.
    - Upstream doesn't install legacy xpdf includes any more, fix path to
      install them into libpoppler-dev.
  * Add debian/patches/001_jpxstream_int_crash.patch:
    - poppler/JPXStream.h: Fix declaration of cbW to be signed.
      JPXStream.cc, readCodeBlockData() negates the value, which results in an
      invalid value on 64 bit platforms if using unsigned types.
    - Thanks to Vladimir Nadvornik for pointing at this.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 19 Jan 2006 23:49:52 +0100

poppler (0.4.4-1) unstable; urgency=high

  * New upstream security release
    - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627
  * Remove debian/patches/003-CVE-2005-3624_5_7.patch:
    - Merged upstream
  * Remove debian/patches/004-fix-CVE-2005-3192.patch:
    - Merged upstream
  * Remove debian/patches/001-relibtoolize.patch
    - Upstream uses recent libtool

 -- Ondřej Surý <ondrej@debian.org>  Thu, 12 Jan 2006 20:40:27 +0100

poppler (0.4.3-3) unstable; urgency=low

  * Fix missing libcairo2-dev dependency (Closes: #346277)

 -- Ondřej Surý <ondrej@debian.org>  Fri,  6 Jan 2006 21:37:10 +0100

poppler (0.4.3-2) unstable; urgency=high

  [ Martin Pitt ]
  * SECURITY UPDATE: Multiple integer/buffer overflows.
  * Add debian/patches/003-CVE-2005-3624_5_7.patch:
    - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
      + Check columns for negative or large values.
      + CVE-2005-3624
    - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
      + Reset numComps to 0 since it's a global variable that is used later.
      + CVE-2005-3627
    - poppler/Stream.cc, DCTStream::readHuffmanTables():
      + Fix out of bounds array access in Huffman tables.
      + CVE-2005-3627
    - poppler/Stream.cc, DCTStream::readMarker():
      + Check for EOF in while loop to prevent endless loops.
      + CVE-2005-3625
    - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(),
      JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
      + Check user supplied width and height against invalid values.
      + Allocate one extra byte to prevent out of bounds access in combine().
  * Add debian/patches/004-fix-CVE-2005-3192.patch:
    - Fix nVals int overflow check in StreamPredictor::StreamPredictor().
    - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.

  [ Ondřej Surý ]
  * Merge changes from Ubuntu (Closes: #346076).
  * Enable Cairo output again.

 -- Ondřej Surý <ondrej@debian.org>  Thu,  5 Jan 2006 14:54:44 +0100

poppler (0.4.3-1) unstable; urgency=high

  * New upstream release.
  * New maintainer (Closes: #344738)
  * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream.
  * Fixed some rendering bugs and disabled Cairo output
    (Closes: #314556, #322964, #328211)
  * Acknowledge NMU (Closes: #342288)
  * Add 001-selection-crash-bug.patch (Closes: #330544)
  * Add poppler-utils (merge patch from Ubuntu)

 -- Ondřej Surý <ondrej@sury.org>  Fri, 30 Dec 2005 11:34:07 +0100

poppler (0.4.2-1.1) unstable; urgency=high

  * SECURITY UPDATE: Multiple integer/buffer overflows.

  * NMU to fix RC security bug (closes: #342288)
  * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu,
    thanks to Martin Pitt:
  * poppler/Stream.cc, DCTStream::readBaselineSOF(),
    DCTStream::readProgressiveSOF(), DCTStream::readScanInfo():
    - Check numComps for invalid values.
    - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
    - CVE-2005-3191
  * poppler/Stream.cc, StreamPredictor::StreamPredictor():
    - Check rowBytes for invalid values.
    - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
    - CVE-2005-3192
   * poppler/JPXStream.cc, JPXStream::readCodestream():
     - Check img.nXTiles * img.nYTiles for integer overflow.
     - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities
     - CVE-2005-3193

 -- Frank Küster <frank@debian.org>  Fri, 23 Dec 2005 16:36:30 +0100

poppler (0.4.2-1) unstable; urgency=low

  * GNOME Team upload.
  * New upstream version.
  * debian/control.in:
    - updated the Build-Depends on libqt (Closes: #326130).
  * debian/rules:
    - updated the shlibs.

 -- Sebastien Bacher <seb128@debian.org>  Wed,  7 Sep 2005 12:41:48 +0200

poppler (0.4.0-1) unstable; urgency=low

  * GNOME Team Upload.
  * Rebuild for the CPP transition.
  * New upstream version (Closes: #311133):
    - fix some crashers (Closes: #315590, #312261, #309410).
    - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785).
  * debian/control.in, debian/rules:
    - build with the current cairo version (Closes: #321368, #318293).
    - update for the renamed the packages.
  * debian/patches/01_CAN-2005-2097.patch:
    - Patch from Ubuntu, thanks Martin Pitt.
    - Check sanity of the TrueType "loca" table. Specially crafted broken
      tables caused disk space exhaustion due to very large generated glyph
      descriptions when attempting to fix the table.
    - Upstream patch scheduled for xpdf 3.01.
    - CAN-2005-2097
  * debian/watch:
    - fixed, patch by Jerome Warnier <jwarnier@beeznest.net> (Closes: #310996).

 -- Sebastien Bacher <seb128@debian.org>  Wed, 17 Aug 2005 21:54:07 +0200

poppler (0.3.1-1) unstable; urgency=low

  * New upstream release
  * Upstream fixed the Qt build bug, so now I can enable Qt
    build. (Closes:#307340) It leads two new binary packages
    libpoppler0-qt and libpoppler-qt-dev.
  * Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the
    upstream removal of xpdfrc config.

 -- Changwoo Ryu <cwryu@debian.org>  Wed,  4 May 2005 00:19:35 +0900

poppler (0.3.0-2) unstable; urgency=high

  * Added shlib version info for libpoppler0-glib.
  * Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev.
    (Closes: #306897)
  * Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885)
  * Corrected descriptions of -glib packages.

 -- Changwoo Ryu <cwryu@debian.org>  Thu, 28 Apr 2005 02:41:25 +0900

poppler (0.3.0-1) unstable; urgency=low

  * New upstream release (Closes: #306573)
  * Added new binary packages libpoppler0-glib and libpoppler-glib-dev,
    which are GLib-based interfaces.  Qt interface build is termporarily
    disabled, because of an upstream FTBFS.

 -- Changwoo Ryu <cwryu@debian.org>  Thu, 28 Apr 2005 02:07:23 +0900

poppler (0.1.2-1) unstable; urgency=low

  * Initial Release (Closes: #299518)

 -- Changwoo Ryu <cwryu@debian.org>  Tue, 15 Mar 2005 02:08:00 +0900
