Change log for librecad package in Debian

librecad (2.2.0.2-1) unstable; urgency=medium

  [ Bastian Germann ]
  * Remove Innocent from Uploaders (Closes: #922906)

  [ Aron Xu ]
  * Team upload.
  * New upstream version 2.2.0.2 (CVE-2023-30259)

 -- Aron Xu <email address hidden>  Wed, 27 Dec 2023 15:30:49 +0800

Available diffs

• diff from 2.2.0-1 to 2.2.0.2-1 (2.1 MiB)

librecad (2.2.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 2.2.0 (Closes: #1026440)
  * Update debian/copyright
  * Drop patches merged upstream
  * Update std-ver to 4.6.1, no changes required

 -- Aron Xu <email address hidden>  Mon, 26 Dec 2022 18:05:35 +0800

Available diffs

• diff from 2.1.3-3 to 2.2.0-1 (9.2 MiB)

librecad (2.1.3-1.2+deb10u1) buster-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2021-21898: A code execution vulnerability exists in the
    dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to an out-of-bounds write.
  * CVE-2021-21899: A code execution vulnerability exists in the
    dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to a heap buffer overflow.
  * CVE-2021-21900: A code execution vulnerability exists in the
    dxfRW::processLType() functionality of LibreCad libdxfrw. A
    specially-crafted .dxf file can lead to a use-after-free
    vulnerability.
  * CVE-2021-45341: Buffer overflow vulnerabilities in CDataMoji of the jwwlib
    component of LibreCAD allows an attacker to achieve Remote Code Execution
    using a crafted JWW document.
  * CVE-2021-45342: Buffer overflow vulnerabilities in CDataList of the jwwlib
    component of LibreCAD allows an attacker to achieve Remote Code Execution
    using a crafted JWW document.
  * CVE-2021-45343: a NULL pointer dereference in the HATCH handling of
    libdxfrw allows an attacker to crash the application using a crafted DXF
    document.

 -- Aron Xu <email address hidden>  Sun, 30 Jan 2022 22:53:52 +0800

librecad (2.1.3-1.3+deb11u1) bullseye-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2021-21898: A code execution vulnerability exists in the
    dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to an out-of-bounds write.
  * CVE-2021-21899: A code execution vulnerability exists in the
    dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to a heap buffer overflow.
  * CVE-2021-21900: A code execution vulnerability exists in the
    dxfRW::processLType() functionality of LibreCad libdxfrw. A
    specially-crafted .dxf file can lead to a use-after-free
    vulnerability.
  * CVE-2021-45341: Buffer overflow vulnerabilities in CDataMoji of the jwwlib
    component of LibreCAD allows an attacker to achieve Remote Code Execution
    using a crafted JWW document.
  * CVE-2021-45342: Buffer overflow vulnerabilities in CDataList of the jwwlib
    component of LibreCAD allows an attacker to achieve Remote Code Execution
    using a crafted JWW document.
  * CVE-2021-45343: a NULL pointer dereference in the HATCH handling of
    libdxfrw allows an attacker to crash the application using a crafted DXF
    document.

 -- Aron Xu <email address hidden>  Mon, 31 Jan 2022 00:32:43 +0800

librecad (2.1.3-3) unstable; urgency=medium

  * Team upload.
  * Add patches for CVE-2021-45341, CVE-2021-45342, CVE-2021-45343

 -- Aron Xu <email address hidden>  Sun, 30 Jan 2022 20:47:48 +0800

Available diffs

• diff from 2.1.3-1.3 to 2.1.3-3 (10.5 KiB)
• diff from 2.1.3-2 to 2.1.3-3 (1.5 KiB)

librecad (2.1.3-2) unstable; urgency=medium

  * Team upload.
  * Apply patches for following CVEs, thanks to Sylvain Beucler <beuc>
  - CVE-2021-21898: A code execution vulnerability exists in the
    dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to an out-of-bounds write.
  - CVE-2021-21899: A code execution vulnerability exists in the
    dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to a heap buffer overflow.
  - CVE-2021-21900: A code execution vulnerability exists in the
    dxfRW::processLType() functionality of LibreCad libdxfrw. A
    specially-crafted .dxf file can lead to a use-after-free
    vulnerability.

 -- Aron Xu <email address hidden>  Tue, 18 Jan 2022 12:05:14 +0000

librecad (2.1.3-1.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Backport upstream fix for FTBFS with Qt 5.15. (Closes: #975160)

 -- Adrian Bunk <email address hidden>  Fri, 29 Jan 2021 01:22:36 +0200

Available diffs

• diff from 2.1.3-1.2build1 (in Ubuntu) to 2.1.3-1.3 (1.1 KiB)

librecad (2.1.2-1+deb9u1) stretch; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2018-19105:
    A vulnerability was found in LibreCAD, a computer-aided design system,
    which could be exploited to crash the application or cause other
    unspecified impact when opening a specially crafted file. (Closes: #928477)

 -- Markus Koschany <email address hidden>  Sun, 19 May 2019 23:17:22 +0200

librecad (2.1.3-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2018-19105:
    A vulnerability was found in LibreCAD, a computer-aided design system,
    which could be exploited to crash the application or cause other
    unspecified impact when opening a specially crafted file. (Closes: #928477)

 -- Markus Koschany <email address hidden>  Thu, 16 May 2019 13:11:05 +0200

Available diffs

• diff from 2.1.3-1.1 to 2.1.3-1.2 (1.5 KiB)

librecad (2.1.3-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Backport upstream fix for FTBFS with Qt 5.11,
    thanks to Reiner Herrmann. (Closes: #906761)

 -- Adrian Bunk <email address hidden>  Mon, 17 Sep 2018 20:23:30 +0300

Available diffs

• diff from 2.1.3-1 to 2.1.3-1.1 (877 bytes)

librecad (2.1.3-1) unstable; urgency=medium

  * New upstream release.
  * Bumped to Standards-Version 4.1.3.
    + Added librecad-data Multi-Arch field on debian/control.
    + Bumped to debhelper and compat level to 11.
    - Removed parallel argument to dh on debian/rules.
  * Write secure URI on debian/watch file.
  * Changed Vcs-Git and Vcs-Browser fields to salsa repository on
    debian/control.
  * Added hardering flags on debian/rules.
  * Added keywords field on desktop file with a patch.
  * Secure URI and updated year on debian/copyright.
  * Updated uploaders.

 -- Innocent De Marchi <email address hidden>  Sat, 24 Mar 2018 17:39:10 +0100

Available diffs

• diff from 2.1.2-1 to 2.1.3-1 (3.6 KiB)

librecad (2.1.2-1) unstable; urgency=medium

  * New upstream release
    - Updated debian/watch, debian/rules get-orig-source, and
      debian/copyright
  * Removed all patches except debian_build.patch (accepted upstream)

 -- Scott Howard <email address hidden>  Sat, 17 Sep 2016 09:53:14 -0400

Available diffs

• diff from 2.0.9-3 to 2.1.2-1 (4.6 MiB)

librecad (2.0.9-3) unstable; urgency=medium

  * boost_gcc6_includes.patch, remove /usr/include if found by
    qmake (Closes: #831189) 
  * DSV 3.9.8 (no changes)

 -- Scott Howard <email address hidden>  Thu, 04 Aug 2016 17:12:32 -0400

Available diffs

• diff from 2.0.9-2 to 2.0.9-3 (1.3 KiB)

librecad (2.0.9-2) unstable; urgency=medium

  * debian/patches/remove_qt4_docs_postprocess.patch
    - Don't ship docs (unmaintained)
    - use qt5's lrelease
  * Remove unmainted docs from
    - debian/librecad-data.links
    - debian/librecad.install

 -- Scott Howard <email address hidden>  Wed, 16 Mar 2016 10:47:25 -0400

Available diffs

• diff from 2.0.8-1 to 2.0.9-2 (2.7 MiB)

librecad (2.0.9-1) unstable; urgency=medium

  * New upstream release (LP: #1540925)
    - add dependencies on qt5 packages, use qtchooser by
      setting QT_SELECT = 5
  * Updated debian/copyright (new file locations)
  * Lintian cleaning:
    - Remove .menu in favor of .desktop
    - DSV 3.9.7 no changes
    - Fix Vcs- links (secure and cannonical)

 -- Scott Howard <email address hidden>  Tue, 15 Mar 2016 12:15:10 -0400

librecad (2.0.8-1) unstable; urgency=medium

  * New upstream release
  * Updated uploaders (Closes: #780790)
  * DSV 3.9.6, no changes

 -- Scott Howard <email address hidden>  Sat, 29 Aug 2015 22:35:57 -0400

Available diffs

• diff from 2.0.4-1build1 (in Ubuntu) to 2.0.8-1 (5.1 MiB)

librecad (2.0.4-1) unstable; urgency=medium


  * New upstream release.

 -- Scott Howard <email address hidden>  Mon, 23 Jun 2014 21:52:19 -0400

Available diffs

• diff from 2.0.3-2 to 2.0.4-1 (138.7 KiB)

librecad (2.0.3-2) unstable; urgency=low


  * debian/rules - don't use c++11 in Precise (Ubuntu 12.04)

 -- Scott Howard <email address hidden>  Wed, 23 Apr 2014 16:01:06 -0400

Available diffs

• diff from 2.0.2+nolibs-1 to 2.0.3-2 (83.3 KiB)

librecad (2.0.3-1) unstable; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Thu, 03 Apr 2014 15:49:37 -0400

librecad (2.0.2+nolibs-1) unstable; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Mon, 27 Jan 2014 11:41:50 -0500

Available diffs

• diff from 2.0.1+nolibs-1 to 2.0.2+nolibs-1 (3.2 KiB)

librecad (2.0.1+nolibs-1) unstable; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Fri, 17 Jan 2014 15:15:24 -0500

Available diffs

• diff from 2.0.0+nolibs-1 to 2.0.1+nolibs-1 (34.1 KiB)

librecad (2.0.0+nolibs-1) unstable; urgency=low


  * New upstream release
  * Debian S-V 3.9.5, no changes

 -- Scott Howard <email address hidden>  Mon, 30 Dec 2013 12:17:45 -0500

Available diffs

• diff from 2.0.0~rc3+nolibs-1 to 2.0.0+nolibs-1 (140.3 KiB)

librecad (2.0.0~rc3+nolibs-1) unstable; urgency=low


  * Merge from experimental to unstable.
  * New upstream release.

 -- Scott Howard <email address hidden>  Mon, 09 Dec 2013 23:29:24 -0500

Available diffs

• diff from 2.0.0~rc2+nolibs-1 to 2.0.0~rc3+nolibs-1 (1.3 MiB)

librecad (1.0.4+nolibs-1) unstable; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Mon, 07 Oct 2013 14:54:46 -0400

librecad (2.0.0~rc2+nolibs-1) experimental; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Fri, 13 Sep 2013 21:52:29 -0400

Available diffs

• diff from 1.0.2+nolibs-1build1 (in Ubuntu) to 2.0.0~rc2+nolibs-1 (16.0 MiB)

librecad (1.0.3+nolibs-1) unstable; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Fri, 13 Sep 2013 10:39:12 -0400

librecad (2.0.0~beta2+nolibs-1) experimental; urgency=low


  * New beta release.

 -- Scott Howard <email address hidden>  Mon, 25 Feb 2013 12:41:01 -0500

librecad (2.0.0~beta1+nolibs-1) experimental; urgency=low


  * Install new docs (LP: #1055937)
  * Drop dependency on libdxflib-dev, no longer needed
  * New beta release

 -- Scott Howard <email address hidden>  Wed, 24 Oct 2012 17:01:07 -0400

librecad (2.0.0~alpha4+nolibs-1) experimental; urgency=low


  * Enabled build hardening through dh_auto_configure
  * New upstream release

 -- Scott Howard <email address hidden>  Mon, 02 Jul 2012 19:17:55 -0400

librecad (2.0.0~alpha3+nolibs-1) experimental; urgency=low


  * New upstream release
  * Refreshed patches
  * Debian compat 9 for build hardening (Wheezy release goal)

 -- Scott Howard <email address hidden>  Mon, 16 Apr 2012 13:09:32 -0400

librecad (1.0.2+nolibs-1) unstable; urgency=low


  * New upstream release.
  * Debian compat bumped to 9 for build hardening (Wheezy Release
    Goal)
  * Refreshed debian/patches/debian-fparser.patch
  * Bumped S-V 3.9.3, no changes

 -- Scott Howard <email address hidden>  Mon, 16 Apr 2012 10:49:10 -0400

Available diffs

• diff from 1.0.1+nolibs-2 to 1.0.2+nolibs-1 (10.2 KiB)

librecad (2.0.0~alpha2+nolibs-1) experimental; urgency=low


  * New upstream release, experimental developmental
  * Removed dependency on libqt4-sql-sqlite since help is no longer
    included

 -- Scott Howard <email address hidden>  Sat, 03 Mar 2012 18:01:31 -0500

librecad (2.0.0~alpha1+nolibs-1) experimental; urgency=low


  * New upstream development release, experimental package.

 -- Scott Howard <email address hidden>  Tue, 21 Feb 2012 10:11:37 -0500

librecad (1.0.1+nolibs-2) unstable; urgency=low


  * Remove BD on librsvg2-bin, add BD on libmagickcore-extra
    used when converting upstream's SVG logo to pixmaps during build

 -- Scott Howard <email address hidden>  Thu, 09 Feb 2012 21:51:06 -0500

Available diffs

• diff from 1.0.0+nolibs-1 (in Ubuntu) to 1.0.1+nolibs-2 (16.6 KiB)

librecad (1.0.1+nolibs-1) unstable; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Sun, 05 Feb 2012 12:55:35 -0500

librecad (1.0.0+nolibs-1) unstable; urgency=low


  * New upstream release.

 -- Scott Howard <email address hidden>  Sat, 17 Dec 2011 20:08:57 -0500

librecad (1.0.0~rc4+nolibs-1) unstable; urgency=low


  * New upstream release.
  * Fix missing fonts in upstream tarball (Closes: #644984, #646030).

 -- Lisandro Damián Nicanor Pérez Meyer <email address hidden>  Mon, 24 Oct 2011 22:06:31 -0300

librecad (1.0.0~rc3+nolibs-1) unstable; urgency=low


  * New upstream release.
    - Fixes rounded values (Closes: #640390).
  * Refresh debian-fparser.patch.
  * Remove resizing_icon_canvas.patch, it has been applied upstream.
  * Change my e-mail address.
  * Make get-orig-source work with changing directory names.
  * Build depend on libfxlib-dev >= 2.2.0.0-6 as it fixes a bug needed by
    this version of LibreCAD.
  * This new upstream release removes the documentation and some fonts that
    seemed not free. So we are not shipping the doc package anymore
    (Closes: #644787).

 -- Lisandro Damián Nicanor Pérez Meyer <email address hidden>  Tue, 11 Oct 2011 00:26:25 -0300

librecad (1.0.0~rc1+nolibs-4) unstable; urgency=low
  * Add libqt4-sql-sqlite as a librecad dependency. This enables users to see    the help. Thanks Ries van Twisk for the tip.  * Change schemas to schematics in librecad's description (Closes: #633676). -- Lisandro Damián Nicanor Pérez Meyer <email address hidden>  Sun, 31 Jul 2011 15:34:50 -0300

Available diffs

• diff from 1.0.0~rc1+nolibs-3 to 1.0.0~rc1+nolibs-4 (757 bytes)

librecad (1.0.0~rc1+nolibs-3) unstable; urgency=low
  [ Scott Howard ]  * debian/librcad-doc.install    - Install qt compiled help files  * debian/patches/debian_fparser.patch    - Use libdxflib's new includedir to fix a FTBFS  [ Lisandro Damián Nicanor Pérez Meyer ]  * Add qt4-dev-tools as B-D. The tools are used to create the online    documentation (*.qch and *.qhc).  * Override dh_compress in order to avoid compressing online help. -- Lisandro Damián Nicanor Pérez Meyer <email address hidden>  Tue, 21 Jun 2011 17:14:25 -0300

librecad (1.0.0~rc1+nolibs-2) unstable; urgency=low
  * Use upstreams new icons, .desktop, manpage, and mime info  * resize_icon_canvas.patch added to use upstream icon in debian -- Scott Howard <email address hidden>  Sat, 18 Jun 2011 12:21:18 -0400

librecad (1.0.0~rc1+nolibs-1) unstable; urgency=low
  [Lisandro Damián Nicanor Pérez Meyer]  * New upstream release.  * Remove patches applied upstream.    - rs_debug.patch    - bug#234340.patch    - qcad-2.0.5.0-latin2.patch  * Refresh debian-fparser.patch.  * Update watch file to look for rc tarballs too.  [Scott Howard]  * Corrected spelling error s/plataform/platform/ in debian/control    (LP: #759700) -- Lisandro Damián Nicanor Pérez Meyer <email address hidden>  Fri, 17 Jun 2011 18:47:13 -0300

librecad (1.0.0~beta5+nolibs-1) unstable; urgency=low
  * Initial release (Closes: #605914) -- Scott Howard <email address hidden>  Sun, 24 Apr 2011 13:00:22 -0400