rlottie (0.1+dfsg-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow patch was incomplete
    - debian/patches/Check-buffer-length.patch: Amend patch to properly
      check buffer bounds in the src/vector/vrle.cpp blit function
      and its variants.
    - CVE-2021-31315
  * SECURITY UPDATE: Stack-based buffer overflow patch was incomplete
    - debian/patches/Freetype-raster.patch: Amend patch to correctly
      check return conditions in the gray_render_cubic function and also
      check the number of ycells in the gray_find_cell function of
      src/vector/freetype/v_ft_raster.cpp.
    - CVE-2021-31321
  * debian/rules: Use compiler flag for level 2 optimization (-O2)
    instead of level 3 (-O3) on ppc64el architectures. Level 3
    optimization can lead to build errors due to memory alignment
    requirements. 

 -- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>  Thu, 19 Dec 2024 12:33:21 -0500

rlottie (0.1+dfsg-2) unstable; urgency=medium

  * Update patches.
    - Sync patches with John Preston's fork.
      + New Freetype-raster.patch for fix CVE-2021-31321. (Closes: #988885)
      + New Fortify-lottie-parser.patch for fix crashes on invalid input.
    - New Extend-mDash-array.patch for fix CVE-2021-31317. (Closes: #988885)
    - New Include-limits-header.patch for fix build with the latest GCC.
      (Closes: #984323)
    - New Zero-corrupt-point.patch for fix crash on inappropriate shape.
      (Closes: #974095)
    - New Avoid-nullptr-in-solidColor.patch fixes null pointer dereferencing.
    - Fix error handling of broken JSON that led to crashes.
  * Skip RAPIDJSON_ASSERT as in Telegram or in upstream rLottie.

 -- Nicholas Guriev <guriev-ns@ya.ru>  Wed, 02 Jun 2021 09:23:26 +0300

rlottie (0.1+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Add upstream metadata.
  * Update debian/watch file for the first release.
  * Apply John Preston's fixes for improve stability.
    - Check-buffer-length.patch
    - Fix-crash-in-malformed-animations.patch
    - Fix-crash-on-invalid-data.patch

 -- Nicholas Guriev <guriev-ns@ya.ru>  Sun, 19 Jul 2020 21:43:03 +0300

rlottie (0~git20200305.a717479+dfsg-1) unstable; urgency=medium

  * Merge the latest upstream commit.
  * Fix some crashes on corrupted input.
  * Activate in-library cache support.
  * Bump Standards Version to 4.5.0, no related changes.

 -- Nicholas Guriev <guriev-ns@ya.ru>  Thu, 05 Mar 2020 22:16:05 +0300

rlottie (0~git20190721.24346d0+dfsg-2) unstable; urgency=medium

  * Copy full text of The FreeType Project License to debian/copyright file.

 -- Nicholas Guriev <guriev-ns@ya.ru>  Sun, 11 Aug 2019 14:19:58 +0300

rlottie (0~git20190721.24346d0+dfsg-1) unstable; urgency=low

  * Initial upload. (Closes: #931832)

 -- Nicholas Guriev <guriev-ns@ya.ru>  Tue, 23 Jul 2019 08:21:50 +0300
